diff --git a/ACKNOWLEDGEMENTS b/ACKNOWLEDGEMENTS old mode 100755 new mode 100644 diff --git a/AUTHORS b/AUTHORS old mode 100755 new mode 100644 index ac93b2e7b975c25e0b87228ead8cefc64fc638b4..dac46f8b7e08c02e40cbcebdf788edfedb29de5c --- a/AUTHORS +++ b/AUTHORS @@ -13,6 +13,8 @@ Ben Kaduk Bernd Edlinger Bodo Möller David Benjamin +David von Oheimb +Dmitry Belyavskiy (Дмитрий Белявский) Emilia Käsper Eric Young Geoff Thorpe @@ -22,14 +24,19 @@ Lutz Jänicke Mark J. Cox Matt Caswell Matthias St. Pierre +Nicola Tuveri Nils Larsch +Patrick Steuer Paul Dale Paul C. Sutton +Paul Yang Ralf S. Engelschall Rich Salz Richard Levitte +Shane Lontis Stephen Henson Steve Marquess Tim Hudson +Tomáš Mráz Ulf Möller Viktor Dukhovni diff --git a/BUILD.gn b/BUILD.gn index 650c457ecce27cd662614ab5a58400a1ab442f73..554b248ab7e5d0f865af5c4cffd94c7ccff3ba9e 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -4,7 +4,6 @@ import("//build/ohos.gni") # Only use this to set/unset some cflags, use "platform" variable in gn template to add # source code for Windows. -use_mingw_win = "${current_os}_${current_cpu}" == "mingw_x86_64" config("crypto_config") { include_dirs = [ @@ -37,7 +36,7 @@ config("crypto_config") { "-DOPENSSL_NO_RIPEMD", "-DOPENSSL_NO_RMD160", ] - if (target_cpu == "arm" && !use_mingw_win && host_os != "mac") { + if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) { cflags += [ "-DOPENSSL_CPUID_OBJ", "-DOPENSSL_BN_ASM_MONT", @@ -52,7 +51,8 @@ config("crypto_config") { "-DECP_NISTZ256_ASM", "-DPOLY1305_ASM", ] - } else if (target_cpu == "arm64" && !use_mingw_win && host_os != "mac") { + } else if (current_cpu == "arm64" && + !(current_os == "linux" || host_os == "mac")) { cflags += [ "-DOPENSSL_CPUID_OBJ", "-DOPENSSL_BN_ASM_MONT", @@ -64,7 +64,7 @@ config("crypto_config") { "-DECP_NISTZ256_ASM", "-DPOLY1305_ASM", ] - } else if (use_mingw_win) { + } else if (is_mingw) { cflags -= [ "-fPIC", "-DOPENSSL_NO_BF", @@ -89,8 +89,7 @@ config("crypto_config") { "-Wno-sign-compare", "-Wno-incompatible-pointer-types", ] - defines = [ "WINDOWS_PLATFORM" ] - } else if (host_os == "mac") { + } else if (current_os == "linux" || host_os == "mac") { cflags -= [ "-DOPENSSL_NO_BF", "-DOPENSSL_NO_CAMELLIA", @@ -99,6 +98,9 @@ config("crypto_config") { "-DOPENSSL_NO_RC2", "-DOPENSSL_NO_RMD160", ] + if (current_os == "linux") { + cflags += [ "-m64" ] + } cflags += [ "-DL_ENDIAN", "-D_REENTRAN", @@ -106,7 +108,6 @@ config("crypto_config") { "-MF", "-c", ] - defines = [ "MAC_PLATFORM" ] } else { cflags += [ "-DOPENSSL_NO_ASM" ] } @@ -115,8 +116,15 @@ config("crypto_config") { config("crypto_config_public") { include_dirs = [ "./include" ] - if (target_cpu == "arm") { - cflags = [ "-DCPU_ARM32" ] + if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) { + cflags = [ "-DOPENSSL_ARM_PLATFORM" ] + } else if (current_cpu == "arm64" && + !(current_os == "linux" || host_os == "mac")) { + cflags = [ "-DOPENSSL_ARM64_PLATFORM" ] + } else if (is_mingw) { + cflags = [ "-DWINDOWS_PLATFORM" ] + } else if (current_os == "linux" || host_os == "mac") { + cflags = [ "-DMAC_PLATFORM" ] } } @@ -723,7 +731,7 @@ ohos_source_set("crypto_source") { "crypto/x509v3/v3err.c", ] - if (target_cpu == "arm" && !use_mingw_win && host_os != "mac") { + if (current_cpu == "arm" && !(current_os == "linux" || host_os == "mac")) { sources += [ "crypto/aes/asm/arm32/aes-armv4.S", "crypto/aes/asm/arm32/aesv8-armx.S", @@ -743,7 +751,8 @@ ohos_source_set("crypto_source") { "crypto/sha/sha256-armv4.S", "crypto/sha/sha512-armv4.S", ] - } else if (target_cpu == "arm64" && !use_mingw_win && host_os != "mac") { + } else if (current_cpu == "arm64" && + !(current_os == "linux" || host_os == "mac")) { sources += [ "crypto/aes/aes_core.c", "crypto/aes/asm/arm64/aesv8-armx.S", @@ -761,7 +770,7 @@ ohos_source_set("crypto_source") { "crypto/sha/sha256-armv8.S", "crypto/sha/sha512-armv8.S", ] - } else if (use_mingw_win || host_os == "mac") { + } else if (is_mingw || (current_os == "linux" || host_os == "mac")) { sources += [ "crypto/aes/aes_core.c", "crypto/bf/bf_cfb64.c", @@ -802,7 +811,7 @@ ohos_source_set("crypto_source") { "crypto/ripemd/rmd_one.c", "crypto/sha/keccak1600.c", ] - if (use_mingw_win) { + if (is_mingw) { sources -= [ "crypto/idea/i_cbc.c", "crypto/idea/i_cfb64.c", @@ -822,10 +831,9 @@ ohos_source_set("crypto_source") { ] } - configs = [ - ":crypto_config", - ":crypto_config_public", - ] + configs = [ ":crypto_config" ] + + public_configs = [ ":crypto_config_public" ] remove_configs = [ "//build/config/coverage:default_coverage" ] } @@ -868,7 +876,11 @@ config("ssl_config") { "-DOPENSSL_NO_SSL3_METHOD", ] - if (use_mingw_win) { + if (current_cpu == "arm" && host_os != "mac") { + cflags += [ "-DOPENSSL_ARM_PLATFORM" ] + } else if (current_cpu == "arm64" && host_os != "mac") { + cflags += [ "-DOPENSSL_ARM64_PLATFORM" ] + } else if (is_mingw) { cflags -= [ "-fPIC" ] cflags += [ "-m64", @@ -947,6 +959,7 @@ ohos_source_set("ssl_source") { "ssl/tls_srp.c", ] - configs = [ ":ssl_config" ] + public_configs = [ ":ssl_config" ] + remove_configs = [ "//build/config/coverage:default_coverage" ] } diff --git a/CHANGES b/CHANGES old mode 100755 new mode 100644 index f4230aaac0318575d081933cef0ab899b1527ec1..7d0129e687652969f7f934c3c4c099d267463dae --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,171 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1j and 1.1.1k [25 Mar 2021] + + *) Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks + of the certificates present in a certificate chain. It is not set by + default. + + Starting from OpenSSL version 1.1.1h a check to disallow certificates in + the chain that have explicitly encoded elliptic curve parameters was added + as an additional strict check. + + An error in the implementation of this check meant that the result of a + previous check to confirm that certificates in the chain are valid CA + certificates was overwritten. This effectively bypasses the check + that non-CA certificates must not be able to issue other certificates. + + If a "purpose" has been configured then there is a subsequent opportunity + for checks that the certificate is a valid CA. All of the named "purpose" + values implemented in libcrypto perform this check. Therefore, where + a purpose is set the certificate chain will still be rejected even when the + strict flag has been used. A purpose is set by default in libssl client and + server certificate verification routines, but it can be overridden or + removed by an application. + + In order to be affected, an application must explicitly set the + X509_V_FLAG_X509_STRICT verification flag and either not set a purpose + for the certificate verification or, in the case of TLS client or server + applications, override the default purpose. + (CVE-2021-3450) + [Tomáš Mráz] + + *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously + crafted renegotiation ClientHello message from a client. If a TLSv1.2 + renegotiation ClientHello omits the signature_algorithms extension (where + it was present in the initial ClientHello), but includes a + signature_algorithms_cert extension then a NULL pointer dereference will + result, leading to a crash and a denial of service attack. + + A server is only vulnerable if it has TLSv1.2 and renegotiation enabled + (which is the default configuration). OpenSSL TLS clients are not impacted + by this issue. + (CVE-2021-3449) + [Peter Kästle and Samuel Sapalski] + + Changes between 1.1.1i and 1.1.1j [16 Feb 2021] + + *) Fixed the X509_issuer_and_serial_hash() function. It attempts to + create a unique hash value based on the issuer and serial number data + contained within an X509 certificate. However it was failing to correctly + handle any errors that may occur while parsing the issuer field (which might + occur if the issuer field is maliciously constructed). This may subsequently + result in a NULL pointer deref and a crash leading to a potential denial of + service attack. + (CVE-2021-23841) + [Matt Caswell] + + *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks. This is considered a + bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is + CVE-2021-23839. + [Matt Caswell] + + *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate + functions. Previously they could overflow the output length argument in some + cases where the input length is close to the maximum permissable length for + an integer on the platform. In such cases the return value from the function + call would be 1 (indicating success), but the output length value would be + negative. This could cause applications to behave incorrectly or crash. + (CVE-2021-23840) + [Matt Caswell] + + *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous + implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This + could be exploited in a side channel attack to recover the password. Since + the attack is local host only this is outside of the current OpenSSL + threat model and therefore no CVE is assigned. + + Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this + issue. + [Matt Caswell] + + Changes between 1.1.1h and 1.1.1i [8 Dec 2020] + + *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function + This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME. + If an attacker can control both items being compared then this could lead + to a possible denial of service attack. OpenSSL itself uses the + GENERAL_NAME_cmp function for two purposes: + 1) Comparing CRL distribution point names between an available CRL and a + CRL distribution point embedded in an X509 certificate + 2) When verifying that a timestamp response token signer matches the + timestamp authority name (exposed via the API functions + TS_RESP_verify_response and TS_RESP_verify_token) + (CVE-2020-1971) + [Matt Caswell] + + *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target. + [Stuart Carnie] + + *) The security callback, which can be customised by application code, supports + the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY + in the "other" parameter. In most places this is what is passed. All these + places occur server side. However there was one client side call of this + security operation and it passed a DH object instead. This is incorrect + according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all + of the other locations. Therefore this client side call has been changed to + pass an EVP_PKEY instead. + [Matt Caswell] + + *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected + when validating a certificate path. This check is restored in 1.1.1i. + [David von Oheimb] + + Changes between 1.1.1g and 1.1.1h [22 Sep 2020] + + *) Certificates with explicit curve parameters are now disallowed in + verification chains if the X509_V_FLAG_X509_STRICT flag is used. + [Tomas Mraz] + + *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently + ignore TLS protocol version bounds when configuring DTLS-based contexts, and + conversely, silently ignore DTLS protocol version bounds when configuring + TLS-based contexts. The commands can be repeated to set bounds of both + types. The same applies with the corresponding "min_protocol" and + "max_protocol" command-line switches, in case some application uses both TLS + and DTLS. + + SSL_CTX instances that are created for a fixed protocol version (e.g. + TLSv1_server_method()) also silently ignore version bounds. Previously + attempts to apply bounds to these protocol versions would result in an + error. Now only the "version-flexible" SSL_CTX instances are subject to + limits in configuration files in command-line options. + [Viktor Dukhovni] + + *) Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + [Tomas Mraz] + + *) Accidentally, an expired trusted (root) certificate is not anymore rejected + when validating a certificate path. + [David von Oheimb] + + *) The Oracle Developer Studio compiler will start reporting deprecated APIs + + Changes between 1.1.1f and 1.1.1g [21 Apr 2020] + + *) Fixed segmentation fault in SSL_check_chain() + Server or client applications that call the SSL_check_chain() function + during or after a TLS 1.3 handshake may crash due to a NULL pointer + dereference as a result of incorrect handling of the + "signature_algorithms_cert" TLS extension. The crash occurs if an invalid + or unrecognised signature algorithm is received from the peer. This could + be exploited by a malicious peer in a Denial of Service attack. + (CVE-2020-1967) + [Benjamin Kaduk] + + *) Added AES consttime code for no-asm configurations + an optional constant time support for AES was added + when building openssl for no-asm. + Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME + Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME + At this time this feature is by default disabled. + It will be enabled by default in 3.0. + [Bernd Edlinger] + Changes between 1.1.1e and 1.1.1f [31 Mar 2020] *) Revert the change of EOF detection while reading in libssl to avoid diff --git a/CONTRIBUTING b/CONTRIBUTING old mode 100755 new mode 100644 index 57be75ce2b8a24a1ccf1a54d5163fcc54423d1e4..83c0dde1281944f35c6fe92d0b067534c5cc5c1b --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -41,8 +41,8 @@ guidelines: https://www.openssl.org/policies/codingstyle.html) and compile without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds - via Travis and AppVeyor are required, and they are started automatically + platforms: try to ensure you only use portable features. Clean builds via + GitHub Actions and AppVeyor are required, and they are started automatically whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf old mode 100755 new mode 100644 diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf old mode 100755 new mode 100644 index df1cc00529783638a6246b2a50db4639d2692cfe..8dc3e858dfa8f23ce8b3cff745a2d7e60d20e189 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -663,6 +663,7 @@ my %targets = ( "linux-ppc" => { inherit_from => [ "linux-generic32", asm("ppc32_asm") ], perlasm_scheme => "linux32", + lib_cppflags => add("-DB_ENDIAN"), }, "linux-ppc64" => { inherit_from => [ "linux-generic64", asm("ppc64_asm") ], @@ -741,7 +742,7 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips64_asm") ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + bn_ops => "RC4_CHAR", perlasm_scheme => "n32", multilib => "32", }, @@ -1125,7 +1126,7 @@ my %targets = ( CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => add(threads("-pthread")), - ex_libs => threads("-pthread"), + ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", shared_ldflag => add_before("-shared -static-libgcc"), @@ -1138,7 +1139,7 @@ my %targets = ( CFLAGS => picker(debug => "-O0 -g", release => "-O"), cflags => combine("-maix64", threads("-pthread")), - ex_libs => threads("-pthread"), + ex_libs => add(threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", shared_ldflag => add_before("-shared -static-libgcc"), @@ -1154,7 +1155,7 @@ my %targets = ( cflags => combine("-q32 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - ex_libs => threads("-lpthreads"), + ex_libs => add(threads("-lpthreads")), bn_ops => "BN_LLONG RC4_CHAR", perlasm_scheme => "aix32", shared_cflag => "-qpic", @@ -1169,7 +1170,7 @@ my %targets = ( cflags => combine("-q64 -qmaxmem=16384 -qro -qroconst", threads("-qthreaded")), cppflags => threads("-D_THREAD_SAFE"), - ex_libs => threads("-lpthreads"), + ex_libs => add(threads("-lpthreads")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", perlasm_scheme => "aix64", dso_scheme => "dlfcn", @@ -1365,9 +1366,9 @@ my %targets = ( } push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' if (defined(env('PORTSDK_LIBPATH'))); - push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' - if (env('TARGETCPU') eq "X86"); - return @ex_libs; + push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib' + if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/); + return join(" ", @ex_libs); }), }, @@ -1557,6 +1558,14 @@ my %targets = ( bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "macosx", }, + "darwin64-arm64-cc" => { + inherit_from => [ "darwin-common", asm("aarch64_asm") ], + CFLAGS => add("-Wall"), + cflags => add("-arch arm64"), + lib_cppflags => add("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "ios64", + }, ##### GNU Hurd "hurd-x86" => { diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf old mode 100755 new mode 100644 diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf old mode 100755 new mode 100644 diff --git a/Configurations/50-djgpp.conf b/Configurations/50-djgpp.conf old mode 100755 new mode 100644 diff --git a/Configurations/50-haiku.conf b/Configurations/50-haiku.conf old mode 100755 new mode 100644 diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf old mode 100755 new mode 100644 diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf old mode 100755 new mode 100644 diff --git a/Configurations/INTERNALS.Configure b/Configurations/INTERNALS.Configure old mode 100755 new mode 100644 diff --git a/Configurations/README b/Configurations/README old mode 100755 new mode 100644 diff --git a/Configurations/README.design b/Configurations/README.design old mode 100755 new mode 100644 diff --git a/Configurations/common.tmpl b/Configurations/common.tmpl old mode 100755 new mode 100644 diff --git a/Configurations/common0.tmpl b/Configurations/common0.tmpl old mode 100755 new mode 100644 diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl old mode 100755 new mode 100644 index 399f34b3eea0a8acc6e28f3d2a42183e8320b93a..04c93222cce4850c3555eedb8347af6a8193df36 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -377,8 +377,13 @@ NODEBUG=@ $(NODEBUG) ! $(NODEBUG) ! Installation logical names $(NODEBUG) ! - $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" - $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" + $(NODEBUG) ! This also creates a few DCL variables that are used for + $(NODEBUG) ! the "install_msg" target. + $(NODEBUG) ! + $(NODEBUG) installroot = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + $(NODEBUG) installtop = installroot + ".]" + $(NODEBUG) dataroot = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + $(NODEBUG) datatop = dataroot + ".]" $(NODEBUG) DEFINE ossl_installroot 'installtop' $(NODEBUG) DEFINE ossl_dataroot 'datatop' $(NODEBUG) ! @@ -455,30 +460,19 @@ list-tests : @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" @ ! {- output_on() if !$disabled{tests}; "" -} -install : install_sw install_ssldirs install_docs +install : install_sw install_ssldirs install_docs install_msg + @ ! + +install_msg : @ WRITE SYS$OUTPUT "" @ WRITE SYS$OUTPUT "######################################################################" @ WRITE SYS$OUTPUT "" @ IF "$(DESTDIR)" .EQS. "" THEN - - PIPE ( WRITE SYS$OUTPUT "Installation complete" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - - WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - - WRITE SYS$OUTPUT "" ) + @{- sourcefile("VMS", "msg_install.com") -} "$(SYSTARTUP)" "{- $osslver -}" @ IF "$(DESTDIR)" .NES. "" THEN - - PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; - - WRITE SYS$OUTPUT staging_instdir ; - - WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; - - WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; - - WRITE SYS$OUTPUT staging_datadir ; - - WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; - - WRITE SYS$OUTPUT "" ; - - WRITE SYS$OUTPUT "When in its final destination," ; - - WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - - WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - - WRITE SYS$OUTPUT "" ) + @{- sourcefile("VMS", "msg_staging.com") -} - + "''installroot']" "''dataroot']" "$(INSTALLTOP)" "$(OPENSSLDIR)" - + "$(SYSTARTUP)" "{- $osslver -}" check_install : spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl old mode 100755 new mode 100644 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl old mode 100755 new mode 100644 index 3a24d551359bd0fd0ab75c5d6e32946c09e9c2de..41648c952667f3452f543ee15888510eed173735 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -917,8 +917,8 @@ errors: done ) ordinals: - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update ) + $(PERL) $(SRCDIR)/util/mkdef.pl crypto update + $(PERL) $(SRCDIR)/util/mkdef.pl ssl update test_ordinals: ( cd test; \ diff --git a/Configurations/unix-checker.pm b/Configurations/unix-checker.pm old mode 100755 new mode 100644 diff --git a/Configurations/windows-checker.pm b/Configurations/windows-checker.pm old mode 100755 new mode 100644 diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl old mode 100755 new mode 100644 index 8ef70b8699f8813ba8d92358272e8b63aa946955..9351149fe8e1b8e321eaa514b97a116f972da506 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -211,8 +211,8 @@ CNF_CPPFLAGS={- our $cppfags2 = join(' ', $target{cppflags} || (), (map { '-D'.quotify1($_) } @{$target{defines}}, @{$config{defines}}), - (map { '-I'.quotify1($_) } @{$target{includes}}, - @{$config{includes}}), + (map { '-I'.'"'.$_.'"' } @{$target{includes}}, + @{$config{includes}}), @{$config{cppflags}}) -} CNF_CFLAGS={- join(' ', $target{cflags} || (), @{$config{cflags}}) -} diff --git a/Configure b/Configure index 2e9efaa5f3da8f2ff1bde4c58e4f3b43d9596cdb..b286dd0678bbb5f5a7a94adfda7469849db528fc 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -217,12 +217,22 @@ sub resolve_config; # Unified build supports separate build dir my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax + +# File::Spec::Unix doesn't detect case insensitivity, so we make sure to +# check if the source and build directory are really the same, and make +# them so. This avoids all kinds of confusion later on. +# We must check @File::Spec::ISA rather than using File::Spec->isa() to +# know if File::Spec ended up loading File::Spec::Unix. +$srcdir = $blddir + if (grep(/::Unix$/, @File::Spec::ISA) + && samedir($srcdir, $blddir)); + my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; -$config{sourcedir} = abs2rel($srcdir); -$config{builddir} = abs2rel($blddir); +$config{sourcedir} = abs2rel($srcdir, $blddir); +$config{builddir} = abs2rel($blddir, $blddir); # Collect reconfiguration information if needed my @argvcopy=@ARGV; @@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) { print "Using os-specific seed configuration\n"; push @seed_sources, 'os'; } +if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { + delete $disabled{'egd'}; +} if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; @@ -1188,6 +1201,10 @@ foreach (keys %useradd) { # At this point, we can forget everything about %user and %useradd, # because it's now all been merged into the corresponding $config entry +if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { + disable('static', 'pic', 'threads'); +} + # Allow overriding the build file name $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; @@ -1508,10 +1525,6 @@ if ($strict_warnings) } } -if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { - disable('static', 'pic', 'threads'); -} - $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings' ? @strict_warnings_collection : ( $_ ) } @@ -2598,19 +2611,22 @@ _____ } print "\nEnabled features:\n\n"; foreach my $what (@disablables) { - print " $what\n" unless $disabled{$what}; + print " $what\n" + unless grep { $_ =~ /^${what}$/ } keys %disabled; } print "\nDisabled features:\n\n"; foreach my $what (@disablables) { - if ($disabled{$what}) { - print " $what", ' ' x ($longest - length($what) + 1), - "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1); - print $disabled_info{$what}->{macro} - if $disabled_info{$what}->{macro}; + my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled; + my $what3 = $what2[0]; + if ($what3) { + print " $what3", ' ' x ($longest - length($what3) + 1), + "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1); + print $disabled_info{$what3}->{macro} + if $disabled_info{$what3}->{macro}; print ' (skip ', - join(', ', @{$disabled_info{$what}->{skipped}}), + join(', ', @{$disabled_info{$what3}->{skipped}}), ')' - if $disabled_info{$what}->{skipped}; + if $disabled_info{$what3}->{skipped}; print "\n"; } } @@ -3424,6 +3440,27 @@ sub absolutedir { return realpath($dir); } +# Check if all paths are one and the same, using stat. They must both exist +# We need this for the cases when File::Spec doesn't detect case insensitivity +# (File::Spec::Unix assumes case sensitivity) +sub samedir { + die "samedir expects two arguments\n" unless scalar @_ == 2; + + my @stat0 = stat($_[0]); # First argument + my @stat1 = stat($_[1]); # Second argument + + die "Couldn't stat $_[0]" unless @stat0; + die "Couldn't stat $_[1]" unless @stat1; + + # Compare device number + return 0 unless ($stat0[0] == $stat1[0]); + # Compare "inode". The perl manual recommends comparing as + # string rather than as number. + return 0 unless ($stat0[1] eq $stat1[1]); + + return 1; # All the same +} + sub quotify { my %processors = ( perl => sub { my $x = shift; diff --git a/FAQ b/FAQ old mode 100755 new mode 100644 diff --git a/INSTALL b/INSTALL old mode 100755 new mode 100644 index 328ad2baf480b4747ba66a72a65c66b85ad31b40..f3ac727183f0d01bc2615024855e008a583a95eb --- a/INSTALL +++ b/INSTALL @@ -106,8 +106,7 @@ This will build and install OpenSSL in the default location, which is: Unix: normal installation directories under /usr/local - OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the - OpenSSL version number with underscores instead of periods. + OpenVMS: SYS$COMMON:[OPENSSL] Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL The installation directory should be appropriately protected to ensure @@ -116,7 +115,9 @@ your Operating System it is recommended that you do not overwrite the system version and instead install to somewhere else. - If you want to install it anywhere else, run config like this: + If you want to install it anywhere else, run config like this (the options + --prefix and --openssldir are explained further down, and the values shown + here are mere examples): On Unix: @@ -198,7 +199,7 @@ Unix: /usr/local Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL - OpenVMS: SYS$COMMON:[OPENSSL-'version'] + OpenVMS: SYS$COMMON:[OPENSSL] --release Build OpenSSL without debugging symbols. This is the default. @@ -535,9 +536,9 @@ conjunction with the "-DPEDANTIC" option (or the --strict-warnings option). - no-ui - Don't build with the "UI" capability (i.e. the set of - features enabling text based prompts). + no-ui-console + Don't build with the "UI" console method (i.e. the "UI" + method that enables text based console prompts). enable-unit-test Enable additional unit test APIs. This should not typically @@ -961,9 +962,9 @@ share/doc/openssl/html/man7 Contains the HTML rendition of the man-pages. - OpenVMS ('arch' is replaced with the architecture name, "Alpha" - or "ia64", 'sover' is replaced with the shared library version - (0101 for 1.1), and 'pz' is replaced with the pointer size + OpenVMS ('arch' is replaced with the architecture name, "ALPHA" + or "IA64", 'sover' is replaced with the shared library version + (0101 for 1.1.x), and 'pz' is replaced with the pointer size OpenSSL was built with): [.EXE.'arch'] Contains the openssl binary. diff --git a/LICENSE b/LICENSE old mode 100755 new mode 100644 diff --git a/NEWS b/NEWS old mode 100755 new mode 100644 index 85470793b20996a161ed02ee354d19e46cc4b7b7..05991a0c214a96a7f7b45c8423a60d5fd9d3b246 --- a/NEWS +++ b/NEWS @@ -5,6 +5,40 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] + + o Fixed a problem with verifying a certificate chain when using the + X509_V_FLAG_X509_STRICT flag (CVE-2021-3450) + o Fixed an issue where an OpenSSL TLS server may crash if sent a + maliciously crafted renegotiation ClientHello message from a client + (CVE-2021-3449) + + Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] + + o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() + function (CVE-2021-23841) + o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks + o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions (CVE-2021-23840) + o Fixed SRP_Calc_client_key so that it runs in constant time + + Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] + + o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) + + Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020] + + o Disallow explicit curve parameters in verifications chains when + X509_V_FLAG_X509_STRICT is used + o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS + contexts + o Oracle Developer Studio will start reporting deprecation warnings + + Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] + + o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967) + Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020] o Revert the unexpected EOF reporting via SSL_ERROR_SSL diff --git a/NOTES.ANDROID b/NOTES.ANDROID old mode 100755 new mode 100644 index f19ec71b8368a1c834c454da3602c05fc2bb8b91..293ad4327c0830a3fd23e64d1dc4ef3894d3b32a --- a/NOTES.ANDROID +++ b/NOTES.ANDROID @@ -6,8 +6,8 @@ ------------------- Beside basic tools like perl and make you'll need to download the Android - NDK. It's available for Linux, Mac OS X and Windows, but only Linux - version was actually tested. There is no reason to believe that Mac OS X + NDK. It's available for Linux, macOS and Windows, but only Linux + version was actually tested. There is no reason to believe that macOS wouldn't work. And as for Windows, it's unclear which "shell" would be suitable, MSYS2 might have best chances. NDK version should play lesser role, the goal is to support a range of most recent versions. diff --git a/NOTES.DJGPP b/NOTES.DJGPP old mode 100755 new mode 100644 diff --git a/NOTES.PERL b/NOTES.PERL old mode 100755 new mode 100644 index 42c6127724b4835f861c3ce9fb265c414682a3ac..201b14386729dad2422ce3e3d63732f32b3ce6d1 --- a/NOTES.PERL +++ b/NOTES.PERL @@ -109,7 +109,7 @@ $ cpan -f -i Text::Template - Note: on VMS, you must quote any argument that contains upper case + Note: on VMS, you must quote any argument that contains uppercase characters, so the lines above would be: $ cpan -i "Text::Template" diff --git a/NOTES.UNIX b/NOTES.UNIX old mode 100755 new mode 100644 diff --git a/NOTES.VMS b/NOTES.VMS old mode 100755 new mode 100644 index d6a336ff7c0585a1fa0d4633b85fddb3dcab34bb..bb226da310c5153a82223d26428bf14019aba9ee --- a/NOTES.VMS +++ b/NOTES.VMS @@ -18,7 +18,7 @@ An ANSI C compiled is needed among other things. This means that VAX C is not and will not be supported. - We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require + We have only tested with DEC C (aka HP VMS C / VSI C) and require version 7.1 or later. Compiling with a different ANSI C compiler may require some work. @@ -90,9 +90,9 @@ Unix mount point. The easiest way to check if everything got through as it should is to - check for one of the following files: + check that this file exists: - [.crypto]opensslconf^.h.in + [.include.openssl]opensslconf^.h.in The best way to get a correct distribution is to download the gzipped tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress @@ -105,3 +105,11 @@ Should you need it, you can find UnZip for VMS here: http://www.info-zip.org/UnZip.html + + + How the value of 'arch' is determined + ------------------------------------- + + 'arch' is mentioned in INSTALL. It's value is determined like this: + + arch = f$edit( f$getsyi( "arch_name"), "upcase") diff --git a/NOTES.WIN b/NOTES.WIN old mode 100755 new mode 100644 index b1cb542d09085e6ed565d27aa95dd9d7fa708428..66a6a45372e1cc0b39ec16018acc73bbeb171663 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -12,11 +12,11 @@ and require --cross-compile-prefix option. While on MSYS[2] it's solved rather by placing gcc that produces "MinGW binary" code 1st on $PATH. This is customarily source of confusion. "Hosted" applications "live" in - emulated file system name space with POSIX-y root, mount points, /dev + emulated filesystem name space with POSIX-y root, mount points, /dev and even /proc. Confusion is intensified by the fact that MSYS2 shell (or rather emulated execve(2) call) examines the binary it's about to start, and if it's found *not* to be linked with MSYS2 POSIX-y thing, - command line arguments that look like file names get translated from + command line arguments that look like filenames get translated from emulated name space to "native". For example '/c/some/where' becomes 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that there is no difference between MSYS2 shell and "MinGW binary", but @@ -26,7 +26,7 @@ it's referred to in quotes here, as "MinGW binary", it's just as "native" as it can get.) - Visual C++ builds, a.k.a. VC-* + Visual C++ builds, aka VC-* ============================== Requirement details @@ -47,7 +47,7 @@ the other hand oldest one is known not to work. Everything between falls into best-effort category. - - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us, + - Netwide Assembler, aka NASM, available from https://www.nasm.us, is required. Note that NASM is the only supported assembler. Even though Microsoft provided assembler is NOT supported, contemporary 64-bit version is exercised through continuous integration of @@ -62,8 +62,8 @@ For VC-WIN32, the following defaults are use: - PREFIX: %ProgramFiles(86)%\OpenSSL - OPENSSLDIR: %CommonProgramFiles(86)%\SSL + PREFIX: %ProgramFiles(x86)%\OpenSSL + OPENSSLDIR: %CommonProgramFiles(x86)%\SSL For VC-WIN64, the following defaults are use: @@ -132,7 +132,7 @@ If you link with static OpenSSL libraries then you're expected to additionally link your application with WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing - non-interactive service applications might feel concerned about + noninteractive service applications might feel concerned about linking with GDI32.LIB and USER32.LIB, as they are justly associated with interactive desktop, which is not available to service processes. The toolkit is designed to detect in which context it's diff --git a/README b/README old mode 100755 new mode 100644 index d7d44aa3a01b13c302a942004b16822f97363164..b92a8bd3a4b599ba4481ba24383a5185cbf63f4d --- a/README +++ b/README @@ -1,7 +1,7 @@ - OpenSSL 1.1.1f 31 Mar 2020 + OpenSSL 1.1.1k 25 Mar 2021 - Copyright (c) 1998-2020 The OpenSSL Project + Copyright (c) 1998-2021 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/README.ENGINE b/README.ENGINE old mode 100755 new mode 100644 diff --git a/README.FIPS b/README.FIPS old mode 100755 new mode 100644 diff --git a/README.OpenSource b/README.OpenSource old mode 100755 new mode 100644 index a9ea3980d54ed6b2294b125b888342c812ca06b8..306e780f532abd6e16ab814d75d47050bdd36dd7 --- a/README.OpenSource +++ b/README.OpenSource @@ -3,9 +3,9 @@ "Name": "OpenSSL", "License": "OpenSSL License and Original SSLeay License", "License File": "LICENSE", - "Version Number": "1.1.1f", + "Version Number": "1.1.1k", "Owner": "huangjun42@huawei.com", - "Upstream URL": "https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1f", + "Upstream URL": "https://www.openssl.org/source/openssl-1.1.1k.tar.gz", "Description": "implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library" } ] \ No newline at end of file diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl old mode 100755 new mode 100644 diff --git a/VMS/engine.opt b/VMS/engine.opt old mode 100755 new mode 100644 diff --git a/VMS/msg_install.com b/VMS/msg_install.com new file mode 100644 index 0000000000000000000000000000000000000000..d1eec7c982d1809409724e19d1d0abb6f1ed8786 --- /dev/null +++ b/VMS/msg_install.com @@ -0,0 +1,19 @@ +$ ! Used by the main descrip.mms to print the installation complete +$ ! message. +$ ! Arguments: +$ ! P1 startup / setup / shutdown scripts directory +$ ! P2 distinguishing version number ("major version") +$ +$ systartup = p1 +$ osslver = p2 +$ +$ WRITE SYS$OUTPUT "Installation complete" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "The following commands need to be executed to enable you to use OpenSSL:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:" +$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "- to define the OpenSSL command" +$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'" +$ WRITE SYS$OUTPUT "" diff --git a/VMS/msg_staging.com b/VMS/msg_staging.com new file mode 100644 index 0000000000000000000000000000000000000000..11cd80870d79fa2b415696f4b5141372dca9ca16 --- /dev/null +++ b/VMS/msg_staging.com @@ -0,0 +1,37 @@ +$ ! Used by the main descrip.mms to print the statging installation +$ ! complete +$ ! message. +$ ! Arguments: +$ ! P1 staging software installation directory +$ ! P2 staging data installation directory +$ ! P3 final software installation directory +$ ! P4 final data installation directory +$ ! P5 startup / setup / shutdown scripts directory +$ ! P6 distinguishing version number ("major version") +$ +$ staging_instdir = p1 +$ staging_datadir = p2 +$ final_instdir = p3 +$ final_datadir = p4 +$ systartup = p5 +$ osslver = p6 +$ +$ WRITE SYS$OUTPUT "Staging installation complete" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the following directory" +$ WRITE SYS$OUTPUT "trees end up being copied:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "- from ", staging_instdir +$ WRITE SYS$OUTPUT " to ", final_instdir +$ WRITE SYS$OUTPUT "- from ", staging_datadir +$ WRITE SYS$OUTPUT " to ", final_datadir +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "When in its final destination, the following commands need to be executed" +$ WRITE SYS$OUTPUT "to use OpenSSL:" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "- to set up OpenSSL logical names:" +$ WRITE SYS$OUTPUT " @''systartup'openssl_startup''osslver'" +$ WRITE SYS$OUTPUT "" +$ WRITE SYS$OUTPUT "- to define the OpenSSL command" +$ WRITE SYS$OUTPUT " @''systartup'openssl_utils''osslver'" +$ WRITE SYS$OUTPUT "" diff --git a/VMS/openssl_ivp.com.in b/VMS/openssl_ivp.com.in old mode 100755 new mode 100644 diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in old mode 100755 new mode 100644 diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in old mode 100755 new mode 100644 diff --git a/VMS/openssl_utils.com.in b/VMS/openssl_utils.com.in old mode 100755 new mode 100644 diff --git a/VMS/test-includes.com b/VMS/test-includes.com old mode 100755 new mode 100644 diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl old mode 100755 new mode 100644 diff --git a/apps/CA.pl.in b/apps/CA.pl.in old mode 100755 new mode 100644 diff --git a/apps/app_rand.c b/apps/app_rand.c old mode 100755 new mode 100644 diff --git a/apps/apps.c b/apps/apps.c old mode 100755 new mode 100644 diff --git a/apps/apps.h b/apps/apps.h old mode 100755 new mode 100644 diff --git a/apps/asn1pars.c b/apps/asn1pars.c old mode 100755 new mode 100644 diff --git a/apps/bf_prefix.c b/apps/bf_prefix.c old mode 100755 new mode 100644 diff --git a/apps/build.info b/apps/build.info old mode 100755 new mode 100644 index 751d8da82818152995991e4ce50a649927294e37..01537361820e1d66b739e9c75ea391dfb9799092 --- a/apps/build.info +++ b/apps/build.info @@ -1,16 +1,17 @@ {- our @apps_openssl_src = qw(openssl.c - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c - genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c - pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c + enc.c errstr.c + genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c + pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c - srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + verify.c version.c x509.c rehash.c storeutl.c); our @apps_lib_src = ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), split(/\s+/, $target{apps_aux_src}) ); our @apps_init_src = split(/\s+/, $target{apps_init_src}); "" -} + IF[{- !$disabled{apps} -}] LIBS_NO_INST=libapps.a SOURCE[libapps.a]={- join(" ", @apps_lib_src) -} @@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}] SOURCE[openssl]={- join(" ", @apps_openssl_src) -} INCLUDE[openssl]=.. ../include DEPEND[openssl]=libapps.a ../libssl - -IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] - GENERATE[openssl.rc]=../util/mkrc.pl openssl - SOURCE[openssl]=openssl.rc -ENDIF + IF[{- !$disabled{'des'} -}] + SOURCE[openssl]=pkcs12.c + DEPEND[pkcs12.o]=progs.h + ENDIF + IF[{- !$disabled{'ec'} -}] + SOURCE[openssl]=ec.c ecparam.c + DEPEND[ec.o]=progs.h + DEPEND[ecparam.o]=progs.h + ENDIF + IF[{- !$disabled{'ocsp'} -}] + SOURCE[openssl]=ocsp.c + DEPEND[ocsp.o]=progs.h + ENDIF + IF[{- !$disabled{'srp'} -}] + SOURCE[openssl]=srp.c + DEPEND[srp.o]=progs.h + ENDIF + IF[{- !$disabled{'ts'} -}] + SOURCE[openssl]=ts.c + DEPEND[ts.o]=progs.h + ENDIF + IF[{- !$disabled{'dh'} -}] + SOURCE[openssl]=dhparam.c + DEPEND[dhparam.o]=progs.h + ENDIF + IF[{- !$disabled{'dsa'} -}] + SOURCE[openssl]=dsa.c dsaparam.c gendsa.c + DEPEND[dsa.o]=progs.h + DEPEND[dsaparam.o]=progs.h + DEPEND[gendsa.o]=progs.h + ENDIF + IF[{- !$disabled{'engine'} -}] + SOURCE[openssl]=engine.c + DEPEND[engine.o]=progs.h + ENDIF + IF[{- !$disabled{'rsa'} -}] + SOURCE[openssl]=rsa.c rsautl.c genrsa.c + DEPEND[rsa.o]=progs.h + DEPEND[rsautl.o]=progs.h + DEPEND[genrsa.o]=progs.h + ENDIF + IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}] + GENERATE[openssl.rc]=../util/mkrc.pl openssl + SOURCE[openssl]=openssl.rc + ENDIF {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } @apps_openssl_src) -} diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl old mode 100755 new mode 100644 diff --git a/apps/ca-key.pem b/apps/ca-key.pem old mode 100755 new mode 100644 diff --git a/apps/ca-req.pem b/apps/ca-req.pem old mode 100755 new mode 100644 diff --git a/apps/ca.c b/apps/ca.c index a4a77126f2f2280e3480434fda37187dd22d4124..390ac37493c84e3df59e16b755d125ab3c146ec4 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1862,8 +1862,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; row[DB_file] = OPENSSL_strdup("unknown"); - if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + if ((row[DB_type] == NULL) || (row[DB_file] == NULL) + || (row[DB_name] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } @@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db) static int do_updatedb(CA_DB *db) { - ASN1_UTCTIME *a_tm = NULL; + ASN1_TIME *a_tm = NULL; int i, cnt = 0; - int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ - char **rrow, *a_tm_s; + char **rrow; - a_tm = ASN1_UTCTIME_new(); + a_tm = ASN1_TIME_new(); if (a_tm == NULL) return -1; - /* get actual time and make a string */ + /* get actual time */ if (X509_gmtime_adj(a_tm, 0) == NULL) { - ASN1_UTCTIME_free(a_tm); + ASN1_TIME_free(a_tm); return -1; } - a_tm_s = app_malloc(a_tm->length + 1, "time string"); - - memcpy(a_tm_s, a_tm->data, a_tm->length); - a_tm_s[a_tm->length] = '\0'; - - if (strncmp(a_tm_s, "49", 2) <= 0) - a_y2k = 1; - else - a_y2k = 0; for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); if (rrow[DB_type][0] == DB_TYPE_VAL) { /* ignore entries that are not valid */ - if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) - db_y2k = 1; - else - db_y2k = 0; + ASN1_TIME *exp_date = NULL; - if (db_y2k == a_y2k) { - /* all on the same y2k side */ - if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) { - rrow[DB_type][0] = DB_TYPE_EXP; - rrow[DB_type][1] = '\0'; - cnt++; + exp_date = ASN1_TIME_new(); + if (exp_date == NULL) { + ASN1_TIME_free(a_tm); + return -1; + } - BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); - } - } else if (db_y2k < a_y2k) { + if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) { + ASN1_TIME_free(a_tm); + ASN1_TIME_free(exp_date); + return -1; + } + + if (ASN1_TIME_compare(exp_date, a_tm) <= 0) { rrow[DB_type][0] = DB_TYPE_EXP; rrow[DB_type][1] = '\0'; cnt++; BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); } - + ASN1_TIME_free(exp_date); } } - ASN1_UTCTIME_free(a_tm); - OPENSSL_free(a_tm_s); + ASN1_TIME_free(a_tm); return cnt; } diff --git a/apps/cert.pem b/apps/cert.pem old mode 100755 new mode 100644 diff --git a/apps/ciphers.c b/apps/ciphers.c old mode 100755 new mode 100644 diff --git a/apps/client.pem b/apps/client.pem old mode 100755 new mode 100644 diff --git a/apps/cms.c b/apps/cms.c old mode 100755 new mode 100644 index 15edd67dbefd5ac39608fa6fc35b409484604cc1..71554037d0b7dc19453084e4e5d9e83685906bdb --- a/apps/cms.c +++ b/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -545,9 +545,11 @@ int cms_main(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = app_malloc(sizeof(*nparam), "key param buffer"); - nparam->idx = keyidx; - if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) + if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { + OPENSSL_free(nparam); goto end; + } + nparam->idx = keyidx; nparam->next = NULL; if (key_first == NULL) key_first = nparam; diff --git a/apps/crl.c b/apps/crl.c old mode 100755 new mode 100644 diff --git a/apps/crl2p7.c b/apps/crl2p7.c old mode 100755 new mode 100644 diff --git a/apps/ct_log_list.cnf b/apps/ct_log_list.cnf old mode 100755 new mode 100644 diff --git a/apps/demoSRP/srp_verifier.txt b/apps/demoSRP/srp_verifier.txt old mode 100755 new mode 100644 diff --git a/apps/demoSRP/srp_verifier.txt.attr b/apps/demoSRP/srp_verifier.txt.attr old mode 100755 new mode 100644 diff --git a/apps/dgst.c b/apps/dgst.c old mode 100755 new mode 100644 diff --git a/apps/dh1024.pem b/apps/dh1024.pem old mode 100755 new mode 100644 diff --git a/apps/dh2048.pem b/apps/dh2048.pem old mode 100755 new mode 100644 diff --git a/apps/dh4096.pem b/apps/dh4096.pem old mode 100755 new mode 100644 diff --git a/apps/dhparam.c b/apps/dhparam.c old mode 100755 new mode 100644 index 13f76754d27cbe027558b9170f29032fd65f7529..98c73214b53e267cfce657a30818cb1f9f09e1f4 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,28 +8,24 @@ */ #include -#ifdef OPENSSL_NO_DH -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include - -# ifndef OPENSSL_NO_DSA -# include -# endif - -# define DEFBITS 2048 +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DSA +# include +#endif + +#define DEFBITS 2048 static int dh_cb(int p, int n, BN_GENCB *cb); @@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv) if (g && !num) num = DEFBITS; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam && g) { BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); goto end; } -# endif +#endif out = bio_open_default(outfile, 'w', outformat); if (out == NULL) @@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv) BN_GENCB_set(cb, dh_cb, bio_err); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa = DSA_new(); @@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { dh = DH_new(); BIO_printf(bio_err, @@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv) if (in == NULL) goto end; -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (dsaparam) { DSA *dsa; @@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv) goto end; } } else -# endif +#endif { if (informat == FORMAT_ASN1) { /* @@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/apps/dsa-ca.pem b/apps/dsa-ca.pem old mode 100755 new mode 100644 diff --git a/apps/dsa-pca.pem b/apps/dsa-pca.pem old mode 100755 new mode 100644 diff --git a/apps/dsa.c b/apps/dsa.c old mode 100755 new mode 100644 index 6022e64cd4cebecbb710f4dbaa85e0e6a235ddca..c7884df166b70f0550f9905ba1bb1cd809858a46 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv) OPTION_CHOICE o; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0; int i, modulus = 0, pubin = 0, pubout = 0, ret = 1; -# ifndef OPENSSL_NO_RC4 +#ifndef OPENSSL_NO_RC4 int pvk_encr = 2; -# endif +#endif int private = 0; prog = opt_init(argc, argv, dsa_options); @@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv) i = PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout); } -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); @@ -229,13 +225,13 @@ int dsa_main(int argc, char **argv) goto end; } assert(private); -# ifdef OPENSSL_NO_RC4 +# ifdef OPENSSL_NO_RC4 BIO_printf(bio_err, "PVK format not supported\n"); EVP_PKEY_free(pk); goto end; -# else +# else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif +# endif } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); } else { @@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv) i = i2b_PrivateKey_bio(out, pk); } EVP_PKEY_free(pk); -# endif +#endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/apps/dsa1024.pem b/apps/dsa1024.pem old mode 100755 new mode 100644 diff --git a/apps/dsa512.pem b/apps/dsa512.pem old mode 100755 new mode 100644 diff --git a/apps/dsap.pem b/apps/dsap.pem old mode 100755 new mode 100644 diff --git a/apps/dsaparam.c b/apps/dsaparam.c old mode 100755 new mode 100644 index b227b76a372362d1b7ebce98d5ed2c888a939923..75589ac6bc4eaaddeeb28d2db176ec251a352101 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,22 +8,18 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include static int dsa_cb(int p, int n, BN_GENCB *cb); @@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = { {"noout", OPT_NOOUT, '-', "No output"}, {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/apps/ec.c b/apps/ec.c old mode 100755 new mode 100644 index 03abb00683373b8ea0565af9412d1ed332508e40..0c8ed750cc1788b2be90f7baabcd18a7fe140d0e --- a/apps/ec.c +++ b/apps/ec.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,19 +8,15 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include static OPT_PAIR conv_forms[] = { {"compressed", POINT_CONVERSION_COMPRESSED}, @@ -62,9 +58,9 @@ const OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -280,4 +276,3 @@ int ec_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/apps/ecparam.c b/apps/ecparam.c old mode 100755 new mode 100644 index 917f1a86b2e36c238afe631bc24f8b681037a902..58fbeb95c9ce313d844ec4ebafff11ac4883318c --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -9,22 +9,18 @@ */ #include -#ifdef OPENSSL_NO_EC -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = { "Specifies the way the ec parameters are encoded"}, {"genkey", OPT_GENKEY, '-', "Generate ec key"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv) BIO_free_all(out); return ret; } - -#endif diff --git a/apps/enc.c b/apps/enc.c old mode 100755 new mode 100644 diff --git a/apps/engine.c b/apps/engine.c old mode 100755 new mode 100644 index 83f9588a0ab19fca3c45269e8f5e9af766ea20a1..746cace354b2e0abdf5ae807fff562ed3adf387d --- a/apps/engine.c +++ b/apps/engine.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,19 +8,15 @@ */ #include -#ifdef OPENSSL_NO_ENGINE -NON_EMPTY_TRANSLATION_UNIT -#else - -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -486,4 +482,3 @@ int engine_main(int argc, char **argv) BIO_free_all(out); return ret; } -#endif diff --git a/apps/errstr.c b/apps/errstr.c old mode 100755 new mode 100644 diff --git a/apps/gendsa.c b/apps/gendsa.c old mode 100755 new mode 100644 index 401375420bffada2387947cd1f6025a9854996e1..ec57c92a949274c0ff67a6ab992b54a4c6932ab5 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,22 +8,18 @@ */ #include -#ifdef OPENSSL_NO_DSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, OPT_R_OPTIONS, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/apps/genpkey.c b/apps/genpkey.c old mode 100755 new mode 100644 index 39fa73c91cf4ddc418260b7dd3b0392365666d24..3fe87e853c57004cb1620d09e78326497d6f2372 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv) goto end; } + ret = 0; + if (rv <= 0) { BIO_puts(bio_err, "Error writing key\n"); ERR_print_errors(bio_err); + ret = 1; } if (text) { @@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv) if (rv <= 0) { BIO_puts(bio_err, "Error printing key\n"); ERR_print_errors(bio_err); + ret = 1; } } - ret = 0; - end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(ctx); diff --git a/apps/genrsa.c b/apps/genrsa.c old mode 100755 new mode 100644 index c17cd147154eea5c78915b0bb1ee8552d1026abd..e34a2f7ab9e88340014b1ebd9aac269836c85c8b --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,27 +8,23 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include -# include - -# define DEFBITS 2048 -# define DEFPRIMES 2 +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#define DEFBITS 2048 +#define DEFPRIMES 2 static int genrsa_cb(int p, int n, BN_GENCB *cb); @@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = { OPT_R_OPTIONS, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, {NULL} }; @@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb) (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; } -#endif diff --git a/apps/nseq.c b/apps/nseq.c old mode 100755 new mode 100644 diff --git a/apps/ocsp.c b/apps/ocsp.c old mode 100755 new mode 100644 index b85a4d82c1bd1407a86edb38c32a9513c4c99126..27ec94fa6b8d48556862a9a4c390444c134599c9 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,65 +9,62 @@ #include -#ifdef OPENSSL_NO_OCSP -NON_EMPTY_TRANSLATION_UNIT -#else -# ifdef OPENSSL_SYS_VMS -# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined +#ifdef OPENSSL_SYS_VMS +# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ -# endif +#endif -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include /* Needs to be included before the openssl headers */ -# include "apps.h" -# include "progs.h" -# include "internal/sockets.h" -# include -# include -# include -# include -# include -# include -# include -# include +#include "apps.h" +#include "progs.h" +#include "internal/sockets.h" +#include +#include +#include +#include +#include +#include +#include +#include #ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif +#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) +# define HAVE_FORK 0 +#else +# define HAVE_FORK 1 +#endif #endif #if HAVE_FORK -# undef NO_FORK +#undef NO_FORK #else -# define NO_FORK +#define NO_FORK #endif -# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ +#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ && !defined(OPENSSL_NO_POSIX_IO) -# define OCSP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_INFO 0 -# define LOG_WARNING 1 -# define LOG_ERR 2 -# endif +# define OCSP_DAEMON +# include +# include +# include +# include +# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ +#else +# undef LOG_INFO +# undef LOG_WARNING +# undef LOG_ERR +# define LOG_INFO 0 +# define LOG_WARNING 1 +# define LOG_ERR 2 +#endif -# if defined(OPENSSL_SYS_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) /* not supported */ int setpgid(pid_t pid, pid_t pgid) { @@ -80,9 +77,9 @@ pid_t fork(void) errno = ENOSYS; return (pid_t) -1; } -# endif +#endif /* Maximum leeway in validity period: default 5 minutes */ -# define MAX_VALIDITY_PERIOD (5 * 60) +#define MAX_VALIDITY_PERIOD (5 * 60) static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, @@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, ...); static char *prog; static int multi = 0; -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static int acfd = (int) INVALID_SOCKET; static int index_changed(CA_DB *); static void spawn_loop(void); static int print_syslog(const char *str, size_t len, void *levPtr); static void socket_timeout(int signum); -# endif +#endif -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); -# endif +#endif typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = { "Don't include any certificates in response"}, {"resp_key_id", OPT_RESP_KEY_ID, '-', "Identify response by signing certificate key ID"}, -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, -# endif +#endif {"no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request"}, {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', @@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv) trailing_md = 1; break; case OPT_MULTI: -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON multi = atoi(opt_arg()); -# endif +#endif break; } } @@ -593,7 +590,7 @@ int ocsp_main(int argc, char **argv) } } -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi && acbio != NULL) spawn_loop(); if (acbio != NULL && req_timeout > 0) @@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv) redo_accept: if (acbio != NULL) { -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (index_changed(rdb)) { CA_DB *newrdb = load_index(ridx_filename, NULL); @@ -619,7 +616,7 @@ redo_accept: ridx_filename); } } -# endif +#endif req = NULL; if (!do_responder(&req, &cbio, acbio, req_timeout)) @@ -688,16 +685,16 @@ redo_accept: if (cbio != NULL) send_ocsp_response(cbio, resp); } else if (host != NULL) { -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK resp = process_responder(req, host, path, port, use_ssl, headers, req_timeout); if (resp == NULL) goto end; -# else +#else BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); goto end; -# endif +#endif } else if (respin != NULL) { derbio = bio_open_default(respin, 'r', FORMAT_ASN1); if (derbio == NULL) @@ -840,7 +837,7 @@ log_message(int level, const char *fmt, ...) va_list ap; va_start(ap, fmt); -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON if (multi) { char buf[1024]; if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { @@ -849,7 +846,7 @@ log_message(int level, const char *fmt, ...) if (level >= LOG_ERR) ERR_print_errors_cb(print_syslog, &level); } -# endif +#endif if (!multi) { BIO_printf(bio_err, "%s: ", prog); BIO_vprintf(bio_err, fmt, ap); @@ -858,7 +855,7 @@ log_message(int level, const char *fmt, ...) va_end(ap); } -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static int print_syslog(const char *str, size_t len, void *levPtr) { @@ -1011,7 +1008,7 @@ static void spawn_loop(void) syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } -# endif +#endif static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer, @@ -1291,11 +1288,11 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) static BIO *init_responder(const char *port) { -# ifdef OPENSSL_NO_SOCK +#ifdef OPENSSL_NO_SOCK BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); return NULL; -# else +#else BIO *acbio = NULL, *bufbio = NULL; bufbio = BIO_new(BIO_f_buffer()); @@ -1322,10 +1319,10 @@ static BIO *init_responder(const char *port) BIO_free_all(acbio); BIO_free(bufbio); return NULL; -# endif +#endif } -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK /* * Decode %xx URL-decoding in-place. Ignores mal-formed sequences. */ @@ -1349,22 +1346,22 @@ static int urldecode(char *p) *out = '\0'; return (int)(out - save); } -# endif +#endif -# ifdef OCSP_DAEMON +#ifdef OCSP_DAEMON static void socket_timeout(int signum) { if (acfd != (int)INVALID_SOCKET) (void)shutdown(acfd, SHUT_RD); } -# endif +#endif static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout) { -# ifdef OPENSSL_NO_SOCK +#ifdef OPENSSL_NO_SOCK return 0; -# else +#else int len; OCSP_REQUEST *req = NULL; char inbuf[2048], reqbuf[2048]; @@ -1382,12 +1379,12 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; client = BIO_get_peer_name(cbio); -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON if (timeout > 0) { (void) BIO_get_fd(cbio, &acfd); alarm(timeout); } -# endif +# endif /* Read the request line. */ len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); @@ -1450,11 +1447,11 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, break; } -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON /* Clear alarm before we close the client socket */ alarm(0); timeout = 0; -# endif +# endif /* Try to read OCSP request */ if (getbio != NULL) { @@ -1470,13 +1467,13 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *preq = req; out: -# ifdef OCSP_DAEMON +# ifdef OCSP_DAEMON if (timeout > 0) alarm(0); acfd = (int)INVALID_SOCKET; -# endif - return 1; # endif + return 1; +#endif } static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) @@ -1492,7 +1489,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } -# ifndef OPENSSL_NO_SOCK +#ifndef OPENSSL_NO_SOCK static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, const char *path, const STACK_OF(CONF_VALUE) *headers, @@ -1623,6 +1620,4 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, SSL_CTX_free(ctx); return resp; } -# endif - #endif diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf old mode 100755 new mode 100644 diff --git a/apps/openssl.c b/apps/openssl.c old mode 100755 new mode 100644 diff --git a/apps/openssl.cnf b/apps/openssl.cnf old mode 100755 new mode 100644 diff --git a/apps/opt.c b/apps/opt.c old mode 100755 new mode 100644 diff --git a/apps/passwd.c b/apps/passwd.c old mode 100755 new mode 100644 diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl old mode 100755 new mode 100644 diff --git a/apps/pca-key.pem b/apps/pca-key.pem old mode 100755 new mode 100644 diff --git a/apps/pca-req.pem b/apps/pca-req.pem old mode 100755 new mode 100644 diff --git a/apps/pkcs12.c b/apps/pkcs12.c old mode 100755 new mode 100644 index 3603b60c19b3ab171ed3fcfc4d7b790cef01c26e..8c5d963b8c654a4fe9a8884de9069871893b65df --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,25 +8,21 @@ */ #include -#if defined(OPENSSL_NO_DES) -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include - -# define NOKEYS 0x1 -# define NOCERTS 0x2 -# define INFO 0x4 -# define CLCERTS 0x8 -# define CACERTS 0x10 +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include + +#define NOKEYS 0x1 +#define NOCERTS 0x2 +#define INFO 0x4 +#define CLCERTS 0x8 +#define CACERTS 0x10 #define PASSWD_BUF_SIZE 2048 @@ -74,15 +70,15 @@ const OPTIONS pkcs12_options[] = { {"chain", OPT_CHAIN, '-', "Add certificate chain"}, {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (default RC2-40)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default RC2-40)"}, -# else +#else {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, -# endif +#endif {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, {"maciter", OPT_MACITER, '-', "Use MAC iteration"}, @@ -113,9 +109,9 @@ const OPTIONS pkcs12_options[] = { {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -126,11 +122,11 @@ int pkcs12_main(int argc, char **argv) char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -# else +#else int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -# endif +#endif int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1, macver = 1, add_lmk = 0, private = 0; int noprompt = 0; @@ -976,5 +972,3 @@ static int set_pbe(int *ppbe, const char *str) } return 1; } - -#endif diff --git a/apps/pkcs7.c b/apps/pkcs7.c old mode 100755 new mode 100644 diff --git a/apps/pkcs8.c b/apps/pkcs8.c old mode 100755 new mode 100644 diff --git a/apps/pkey.c b/apps/pkey.c old mode 100755 new mode 100644 diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c old mode 100755 new mode 100644 diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c old mode 100755 new mode 100644 diff --git a/apps/prime.c b/apps/prime.c old mode 100755 new mode 100644 diff --git a/apps/privkey.pem b/apps/privkey.pem old mode 100755 new mode 100644 diff --git a/apps/progs.pl b/apps/progs.pl old mode 100755 new mode 100644 diff --git a/apps/rand.c b/apps/rand.c old mode 100755 new mode 100644 diff --git a/apps/rehash.c b/apps/rehash.c old mode 100755 new mode 100644 diff --git a/apps/req.c b/apps/req.c old mode 100755 new mode 100644 diff --git a/apps/req.pem b/apps/req.pem old mode 100755 new mode 100644 diff --git a/apps/rsa.c b/apps/rsa.c old mode 100755 new mode 100644 index fdd02dce32419a764ac7e7b7fc9eaa4fd4b80409..aeda917cc7686e8e0f157645eeed23681ab0eb94 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,23 +8,19 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include +#include typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -53,14 +49,14 @@ const OPTIONS rsa_options[] = { {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -75,9 +71,9 @@ int rsa_main(int argc, char **argv) int i, private = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0; int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1; -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) int pvk_encr = 2; -# endif +#endif OPTION_CHOICE o; prog = opt_init(argc, argv, rsa_options); @@ -130,9 +126,9 @@ int rsa_main(int argc, char **argv) case OPT_PVK_STRONG: /* pvk_encr:= 2 */ case OPT_PVK_WEAK: /* pvk_encr:= 1 */ case OPT_PVK_NONE: /* pvk_encr:= 0 */ -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4) pvk_encr = (o - OPT_PVK_NONE); -# endif +#endif break; case OPT_NOOUT: noout = 1; @@ -265,7 +261,7 @@ int rsa_main(int argc, char **argv) i = PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, NULL, passout); } -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); @@ -280,13 +276,13 @@ int rsa_main(int argc, char **argv) goto end; } assert(private); -# ifdef OPENSSL_NO_RC4 +# ifdef OPENSSL_NO_RC4 BIO_printf(bio_err, "PVK format not supported\n"); EVP_PKEY_free(pk); goto end; -# else +# else i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); -# endif +# endif } else if (pubin || pubout) { i = i2b_PublicKey_bio(out, pk); } else { @@ -294,7 +290,7 @@ int rsa_main(int argc, char **argv) i = i2b_PrivateKey_bio(out, pk); } EVP_PKEY_free(pk); -# endif +#endif } else { BIO_printf(bio_err, "bad output format specified for outfile\n"); goto end; @@ -313,4 +309,3 @@ int rsa_main(int argc, char **argv) OPENSSL_free(passout); return ret; } -#endif diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem old mode 100755 new mode 100644 index 946a6e5433cefe8a98015c750f970aac9b08176c..83d962f40f0f7924a31e55ffcd2ee643d3ef4a91 --- a/apps/rsa8192.pem +++ b/apps/rsa8192.pem @@ -1,5 +1,4 @@ -----BEGIN RSA PRIVATE KEY----- - MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY @@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN -22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU +2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 @@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= -----END RSA PRIVATE KEY----- - diff --git a/apps/rsautl.c b/apps/rsautl.c old mode 100755 new mode 100644 index 5da8504d3c061fe8bceb693fff2c8154725b30a9..0c0fa8eba30ade0ce7eb119f11ad5ef2ecc958f1 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,25 +8,21 @@ */ #include -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include +#define RSA_SIGN 1 +#define RSA_VERIFY 2 +#define RSA_ENCRYPT 3 +#define RSA_DECRYPT 4 -# define RSA_SIGN 1 -# define RSA_VERIFY 2 -# define RSA_ENCRYPT 3 -# define RSA_DECRYPT 4 - -# define KEY_PRIVKEY 1 -# define KEY_PUBKEY 2 -# define KEY_CERT 3 +#define KEY_PRIVKEY 1 +#define KEY_PUBKEY 2 +#define KEY_CERT 3 typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, @@ -60,9 +56,9 @@ const OPTIONS rsautl_options[] = { {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -279,4 +275,3 @@ int rsautl_main(int argc, char **argv) OPENSSL_free(passin); return ret; } -#endif diff --git a/apps/s1024key.pem b/apps/s1024key.pem old mode 100755 new mode 100644 diff --git a/apps/s1024req.pem b/apps/s1024req.pem old mode 100755 new mode 100644 diff --git a/apps/s512-key.pem b/apps/s512-key.pem old mode 100755 new mode 100644 diff --git a/apps/s512-req.pem b/apps/s512-req.pem old mode 100755 new mode 100644 diff --git a/apps/s_apps.h b/apps/s_apps.h old mode 100755 new mode 100644 diff --git a/apps/s_cb.c b/apps/s_cb.c old mode 100755 new mode 100644 index 6406ddfb9e1b20c4a817e6b315054166cd1180f7..dee1b2e5b4f65e06664f31954648d21c22a2a64a --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -934,7 +934,8 @@ static int set_cert_cb(SSL *ssl, void *arg) if (!SSL_build_cert_chain(ssl, 0)) return 0; } else if (exc->chain != NULL) { - SSL_set1_chain(ssl, exc->chain); + if (!SSL_set1_chain(ssl, exc->chain)) + return 0; } } exc = exc->prev; diff --git a/apps/s_client.c b/apps/s_client.c old mode 100755 new mode 100644 index 26a6789d811afe4a18414927dd930c1812adec6d..83b3fc9c7f13d864821233a9d47d19e836221478 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv) case OPT_SSL3: min_version = SSL3_VERSION; max_version = SSL3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1_1: min_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; + socket_type = SOCK_STREAM; +#ifndef OPENSSL_NO_DTLS + isdtls = 0; +#endif break; case OPT_DTLS: #ifndef OPENSSL_NO_DTLS diff --git a/apps/s_server.c b/apps/s_server.c old mode 100755 new mode 100644 diff --git a/apps/s_socket.c b/apps/s_socket.c old mode 100755 new mode 100644 diff --git a/apps/s_time.c b/apps/s_time.c old mode 100755 new mode 100644 index 82d40a5a513246acf7e47642a4864bc6e489bed9..1235e545c20a51bd4ed47a8a0510bca1da268fe1 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,6 +62,7 @@ const OPTIONS s_time_options[] = { {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, + {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, {"no-CAfile", OPT_NOCAFILE, '-', "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', @@ -262,7 +263,8 @@ int s_time_main(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxtime, + nConn > 0 ? bytes_read / nConn : 0l); /* * Now loop and time connections using the same session id over and over diff --git a/apps/server.pem b/apps/server.pem old mode 100755 new mode 100644 diff --git a/apps/server.srl b/apps/server.srl old mode 100755 new mode 100644 diff --git a/apps/server2.pem b/apps/server2.pem old mode 100755 new mode 100644 diff --git a/apps/sess_id.c b/apps/sess_id.c old mode 100755 new mode 100644 diff --git a/apps/smime.c b/apps/smime.c old mode 100755 new mode 100644 diff --git a/apps/speed.c b/apps/speed.c old mode 100755 new mode 100644 diff --git a/apps/spkac.c b/apps/spkac.c old mode 100755 new mode 100644 diff --git a/apps/srp.c b/apps/srp.c old mode 100755 new mode 100644 index 689574a4854c846866805d174369a96e8c499d7e..6c58173879739f2744e9c01042b5a9b123fe4a04 --- a/apps/srp.c +++ b/apps/srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,28 +12,24 @@ */ #include -#ifdef OPENSSL_NO_SRP -NON_EMPTY_TRANSLATION_UNIT -#else +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "apps.h" +#include "progs.h" -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include "apps.h" -# include "progs.h" +#define BASE_SECTION "srp" +#define CONFIG_FILE "openssl.cnf" -# define BASE_SECTION "srp" -# define CONFIG_FILE "openssl.cnf" - -# define ENV_DATABASE "srpvfile" -# define ENV_DEFAULT_SRP "default_srp" +#define ENV_DATABASE "srpvfile" +#define ENV_DEFAULT_SRP "default_srp" static int get_index(CA_DB *db, char *id, char type) { @@ -212,9 +208,9 @@ const OPTIONS srp_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, OPT_R_OPTIONS, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {NULL} }; @@ -610,4 +606,3 @@ int srp_main(int argc, char **argv) release_engine(e); return ret; } -#endif diff --git a/apps/storeutl.c b/apps/storeutl.c old mode 100755 new mode 100644 diff --git a/apps/testCA.pem b/apps/testCA.pem old mode 100755 new mode 100644 diff --git a/apps/testdsa.h b/apps/testdsa.h old mode 100755 new mode 100644 diff --git a/apps/testrsa.h b/apps/testrsa.h old mode 100755 new mode 100644 diff --git a/apps/timeouts.h b/apps/timeouts.h old mode 100755 new mode 100644 diff --git a/apps/ts.c b/apps/ts.c old mode 100755 new mode 100644 index 44a8f75d4a370b94dcd06a8c43d3cfdeeee41fef..66a0c810e0c30105bc76d98c694f5a579bf9a114 --- a/apps/ts.c +++ b/apps/ts.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,29 +8,26 @@ */ #include -#ifdef OPENSSL_NO_TS -NON_EMPTY_TRANSLATION_UNIT -#else -# include -# include -# include -# include "apps.h" -# include "progs.h" -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include "apps.h" +#include "progs.h" +#include +#include +#include +#include +#include +#include /* Request nonce length, in bits (must be a multiple of 8). */ -# define NONCE_LENGTH 64 +#define NONCE_LENGTH 64 /* Name of config entry that defines the OID file. */ -# define ENV_OID_FILE "oid_file" +#define ENV_OID_FILE "oid_file" /* Is |EXACTLY_ONE| of three pointers set? */ -# define EXACTLY_ONE(a, b, c) \ +#define EXACTLY_ONE(a, b, c) \ (( a && !b && !c) || \ ( b && !a && !c) || \ ( c && !a && !b)) @@ -114,9 +111,9 @@ const OPTIONS ts_options[] = { {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"}, {"", OPT_MD, '-', "Any supported digest"}, -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif +#endif {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"}, OPT_V_OPTIONS, {OPT_HELP_STR, 1, '-', "\n"}, @@ -137,11 +134,11 @@ static char* opt_helplist[] = { " [-signer tsa_cert.pem] [-inkey private_key.pem]", " [-chain certs_file.pem] [-tspolicy oid]", " [-in file] [-token_in] [-out file] [-token_out]", -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE " [-text] [-engine id]", -# else +#else " [-text]", -# endif +#endif " or", "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem", " [-data file] [-digest hexstring]", @@ -682,10 +679,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng goto end; if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end; -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end; -# endif +#endif if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end; if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) @@ -984,4 +981,3 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx) { return ok; } -#endif /* ndef OPENSSL_NO_TS */ diff --git a/apps/tsget.in b/apps/tsget.in old mode 100755 new mode 100644 diff --git a/apps/verify.c b/apps/verify.c old mode 100755 new mode 100644 diff --git a/apps/version.c b/apps/version.c old mode 100755 new mode 100644 diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c old mode 100755 new mode 100644 diff --git a/apps/vms_term_sock.c b/apps/vms_term_sock.c old mode 100755 new mode 100644 diff --git a/apps/vms_term_sock.h b/apps/vms_term_sock.h old mode 100755 new mode 100644 diff --git a/apps/win32_init.c b/apps/win32_init.c old mode 100755 new mode 100644 diff --git a/apps/x509.c b/apps/x509.c old mode 100755 new mode 100644 index 5bb110fe4a0a3a83e790724cb77003ca36fc3b80..1043eba0c8a03da5f8f921c0e9d99f7b84c07a9f --- a/apps/x509.c +++ b/apps/x509.c @@ -140,9 +140,9 @@ const OPTIONS x509_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, diff --git a/appveyor.yml b/appveyor.yml old mode 100755 new mode 100644 index 242d6a9ffe6fd0449b493512590b6470fd6e1204..6210391f204a37333a5a1d4cc77f99dbb9b5db08 --- a/appveyor.yml +++ b/appveyor.yml @@ -46,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } diff --git a/build.info b/build.info old mode 100755 new mode 100644 diff --git a/config b/config index f28828d4826eebba5c1b918c92500cb7dfaf3bab..26225ca2a9e529882928bb66f488a8fde9ecca71 100755 --- a/config +++ b/config @@ -253,11 +253,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in Power*) echo "ppc-apple-darwin${VERSION}" ;; - x86_64) - echo "x86_64-apple-darwin${VERSION}" - ;; *) - echo "i686-apple-darwin${VERSION}" + echo "${MACHINE}-apple-darwin${VERSION}" ;; esac exit 0 @@ -497,6 +494,9 @@ case "$GUESSOS" in else OUT="darwin64-x86_64-cc" fi ;; + $MACHINE-apple-darwin*) + OUT="darwin64-$MACHINE-cc" + ;; armv6+7-*-iphoneos) __CNF_CFLAGS="$__CNF_CFLAGS -arch armv6 -arch armv7" __CNF_CXXFLAGS="$__CNF_CXXFLAGS -arch armv6 -arch armv7" diff --git a/config.com b/config.com old mode 100755 new mode 100644 diff --git a/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c old mode 100755 new mode 100644 diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c old mode 100755 new mode 100644 diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c old mode 100755 new mode 100644 diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c old mode 100755 new mode 100644 diff --git a/crypto/LPdir_win32.c b/crypto/LPdir_win32.c old mode 100755 new mode 100644 diff --git a/crypto/LPdir_wince.c b/crypto/LPdir_wince.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c old mode 100755 new mode 100644 index e3e688f528a5d536f193f9d8b779bc7b039b5c92..ad00c729e70025ff87c38d50a8381ac350a3a4b8 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,637 @@ #include #include "aes_local.h" -#ifndef AES_ASM +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) +typedef union { + unsigned char b[8]; + u32 w[2]; + u64 d; +} uni; + +/* + * Compute w := (w * x) mod (x^8 + x^4 + x^3 + x^1 + 1) + * Therefore the name "xtime". + */ +static void XtimeWord(u32 *w) +{ + u32 a, b; + + a = *w; + b = a & 0x80808080u; + a ^= b; + b -= b >> 7; + b &= 0x1B1B1B1Bu; + b ^= a << 1; + *w = b; +} + +static void XtimeLong(u64 *w) +{ + u64 a, b; + + a = *w; + b = a & 0x8080808080808080uLL; + a ^= b; + b -= b >> 7; + b &= 0x1B1B1B1B1B1B1B1BuLL; + b ^= a << 1; + *w = b; +} + +/* + * This computes w := S * w ^ -1 + c, where c = {01100011}. + * Instead of using GF(2^8) mod (x^8+x^4+x^3+x+1} we do the inversion + * in GF(GF(GF(2^2)^2)^2) mod (X^2+X+8) + * and GF(GF(2^2)^2) mod (X^2+X+2) + * and GF(2^2) mod (X^2+X+1) + * The first part of the algorithm below transfers the coordinates + * {0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80} => + * {1,Y,Y^2,Y^3,Y^4,Y^5,Y^6,Y^7} with Y=0x41: + * {0x01,0x41,0x66,0x6c,0x56,0x9a,0x58,0xc4} + * The last part undoes the coordinate transfer and the final affine + * transformation S: + * b[i] = b[i] + b[(i+4)%8] + b[(i+5)%8] + b[(i+6)%8] + b[(i+7)%8] + c[i] + * in one step. + * The multiplication in GF(2^2^2^2) is done in ordinary coords: + * A = (a0*1 + a1*x^4) + * B = (b0*1 + b1*x^4) + * AB = ((a0*b0 + 8*a1*b1)*1 + (a1*b0 + (a0+a1)*b1)*x^4) + * When A = (a0,a1) is given we want to solve AB = 1: + * (a) 1 = a0*b0 + 8*a1*b1 + * (b) 0 = a1*b0 + (a0+a1)*b1 + * => multiply (a) by a1 and (b) by a0 + * (c) a1 = a1*a0*b0 + (8*a1*a1)*b1 + * (d) 0 = a1*a0*b0 + (a0*a0+a1*a0)*b1 + * => add (c) + (d) + * (e) a1 = (a0*a0 + a1*a0 + 8*a1*a1)*b1 + * => therefore + * b1 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * a1 + * => and adding (a1*b0) to (b) we get + * (f) a1*b0 = (a0+a1)*b1 + * => therefore + * b0 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * (a0+a1) + * Note this formula also works for the case + * (a0+a1)*a0 + 8*a1*a1 = 0 + * if the inverse element for 0^-1 is mapped to 0. + * Repeat the same for GF(2^2^2) and GF(2^2). + * We get the following algorithm: + * inv8(a0,a1): + * x0 = a0^a1 + * [y0,y1] = mul4([x0,a1],[a0,a1]); (*) + * y1 = mul4(8,y1); + * t = inv4(y0^y1); + * [b0,b1] = mul4([x0,a1],[t,t]); (*) + * return [b0,b1]; + * The non-linear multiplies (*) can be done in parallel at no extra cost. + */ +static void SubWord(u32 *w) +{ + u32 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); + x &= 0xDDDDDDDDu; + x ^= y & 0x57575757u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x1C1C1C1Cu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x4A4A4A4Au; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x42424242u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x64646464u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0xE0E0E0E0u; + a1 = x; + a1 ^= (x & 0xF0F0F0F0u) >> 4; + a2 = ((x & 0xCCCCCCCCu) >> 2) | ((x & 0x33333333u) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAu) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAu; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAu) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAu; + a5 = (a3 & 0xCCCCCCCCu) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; + a4 = a5 & 0x22222222u; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x22222222u; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0u; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0u; + a4 = a5 & 0xC0C0C0C0u; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0u; + a5 = a6 & 0x20202020u; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x20202020u; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0Fu; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0Cu) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au; + a5 = a4 & 0x08080808u; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x08080808u; + a4 ^= a5 >> 2; + a4 &= 0x03030303u; + a4 ^= (a4 & 0x02020202u) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0Au) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0Au; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCu) >> 2) | ((a1 & 0x33333333u) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAu) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAu; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAu) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAu; + a5 = (x & 0xCCCCCCCCu) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; + a4 = a5 & 0x22222222u; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x22222222u; + x ^= a4; + y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); + x &= 0x39393939u; + x ^= y & 0x3F3F3F3Fu; + y = ((y & 0xFCFCFCFCu) >> 2) | ((y & 0x03030303u) << 6); + x ^= y & 0x97979797u; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x9B9B9B9Bu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x3C3C3C3Cu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0xDDDDDDDDu; + y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); + x ^= y & 0x72727272u; + x ^= 0x63636363u; + *w = x; +} + +static void SubLong(u64 *w) +{ + u64 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xDDDDDDDDDDDDDDDDuLL; + x ^= y & 0x5757575757575757uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1C1C1C1C1C1C1C1CuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x4A4A4A4A4A4A4A4AuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x4242424242424242uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x6464646464646464uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xE0E0E0E0E0E0E0E0uLL; + a1 = x; + a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4; + a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL; + a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL; + a5 = a6 & 0x2020202020202020uLL; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x2020202020202020uLL; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0F0F0F0F0FuLL; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL; + a5 = a4 & 0x0808080808080808uLL; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x0808080808080808uLL; + a4 ^= a5 >> 2; + a4 &= 0x0303030303030303uLL; + a4 ^= (a4 & 0x0202020202020202uLL) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + x ^= a4; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0x3939393939393939uLL; + x ^= y & 0x3F3F3F3F3F3F3F3FuLL; + y = ((y & 0xFCFCFCFCFCFCFCFCuLL) >> 2) | ((y & 0x0303030303030303uLL) << 6); + x ^= y & 0x9797979797979797uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x9B9B9B9B9B9B9B9BuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x3C3C3C3C3C3C3C3CuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xDDDDDDDDDDDDDDDDuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7272727272727272uLL; + x ^= 0x6363636363636363uLL; + *w = x; +} + +/* + * This computes w := (S^-1 * (w + c))^-1 + */ +static void InvSubLong(u64 *w) +{ + u64 x, y, a1, a2, a3, a4, a5, a6; + + x = *w; + x ^= 0x6363636363636363uLL; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xFDFDFDFDFDFDFDFDuLL; + x ^= y & 0x5E5E5E5E5E5E5E5EuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xF3F3F3F3F3F3F3F3uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xF5F5F5F5F5F5F5F5uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7878787878787878uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7777777777777777uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1515151515151515uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xA5A5A5A5A5A5A5A5uLL; + a1 = x; + a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4; + a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2); + a3 = x & a1; + a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a1; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + a3 ^= a4; + a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL; + a5 |= a5 >> 1; + a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL; + a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL; + a6 = a4 >> 2; + a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL; + a5 = a6 & 0x2020202020202020uLL; + a5 |= a5 >> 1; + a5 ^= (a6 << 1) & 0x2020202020202020uLL; + a4 |= a5; + a3 ^= a4 >> 4; + a3 &= 0x0F0F0F0F0F0F0F0FuLL; + a2 = a3; + a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2; + a4 = a3 & a2; + a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL; + a5 = a4 & 0x0808080808080808uLL; + a5 |= a5 >> 1; + a5 ^= (a4 << 1) & 0x0808080808080808uLL; + a4 ^= a5 >> 2; + a4 &= 0x0303030303030303uLL; + a4 ^= (a4 & 0x0202020202020202uLL) >> 1; + a4 |= a4 << 2; + a3 = a2 & a4; + a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1; + a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL; + a3 |= a3 << 4; + a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2); + x = a1 & a3; + x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL; + a4 = a2 & a3; + a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1; + a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL; + a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2; + x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL; + a4 = a5 & 0x2222222222222222uLL; + a4 |= a4 >> 1; + a4 ^= (a5 << 1) & 0x2222222222222222uLL; + x ^= a4; + y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7); + x &= 0xB5B5B5B5B5B5B5B5uLL; + x ^= y & 0x4040404040404040uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x8080808080808080uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x1616161616161616uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xEBEBEBEBEBEBEBEBuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x9797979797979797uLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0xFBFBFBFBFBFBFBFBuLL; + y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7); + x ^= y & 0x7D7D7D7D7D7D7D7DuLL; + *w = x; +} + +static void ShiftRows(u64 *state) +{ + unsigned char s[4]; + unsigned char *s0; + int r; + + s0 = (unsigned char *)state; + for (r = 0; r < 4; r++) { + s[0] = s0[0*4 + r]; + s[1] = s0[1*4 + r]; + s[2] = s0[2*4 + r]; + s[3] = s0[3*4 + r]; + s0[0*4 + r] = s[(r+0) % 4]; + s0[1*4 + r] = s[(r+1) % 4]; + s0[2*4 + r] = s[(r+2) % 4]; + s0[3*4 + r] = s[(r+3) % 4]; + } +} + +static void InvShiftRows(u64 *state) +{ + unsigned char s[4]; + unsigned char *s0; + int r; + + s0 = (unsigned char *)state; + for (r = 0; r < 4; r++) { + s[0] = s0[0*4 + r]; + s[1] = s0[1*4 + r]; + s[2] = s0[2*4 + r]; + s[3] = s0[3*4 + r]; + s0[0*4 + r] = s[(4-r) % 4]; + s0[1*4 + r] = s[(5-r) % 4]; + s0[2*4 + r] = s[(6-r) % 4]; + s0[3*4 + r] = s[(7-r) % 4]; + } +} + +static void MixColumns(u64 *state) +{ + uni s1; + uni s; + int c; + + for (c = 0; c < 2; c++) { + s1.d = state[c]; + s.d = s1.d; + s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + XtimeLong(&s1.d); + s.d ^= s1.d; + s.b[0] ^= s1.b[1]; + s.b[1] ^= s1.b[2]; + s.b[2] ^= s1.b[3]; + s.b[3] ^= s1.b[0]; + s.b[4] ^= s1.b[5]; + s.b[5] ^= s1.b[6]; + s.b[6] ^= s1.b[7]; + s.b[7] ^= s1.b[4]; + state[c] = s.d; + } +} + +static void InvMixColumns(u64 *state) +{ + uni s1; + uni s; + int c; + + for (c = 0; c < 2; c++) { + s1.d = state[c]; + s.d = s1.d; + s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + XtimeLong(&s1.d); + s.d ^= s1.d; + s.b[0] ^= s1.b[1]; + s.b[1] ^= s1.b[2]; + s.b[2] ^= s1.b[3]; + s.b[3] ^= s1.b[0]; + s.b[4] ^= s1.b[5]; + s.b[5] ^= s1.b[6]; + s.b[6] ^= s1.b[7]; + s.b[7] ^= s1.b[4]; + XtimeLong(&s1.d); + s1.d ^= ((s1.d & 0xFFFF0000FFFF0000uLL) >> 16) + | ((s1.d & 0x0000FFFF0000FFFFuLL) << 16); + s.d ^= s1.d; + XtimeLong(&s1.d); + s1.d ^= ((s1.d & 0xFF00FF00FF00FF00uLL) >> 8) + | ((s1.d & 0x00FF00FF00FF00FFuLL) << 8); + s.d ^= s1.d; + state[c] = s.d; + } +} + +static void AddRoundKey(u64 *state, const u64 *w) +{ + state[0] ^= w[0]; + state[1] ^= w[1]; +} + +static void Cipher(const unsigned char *in, unsigned char *out, + const u64 *w, int nr) +{ + u64 state[2]; + int i; + + memcpy(state, in, 16); + + AddRoundKey(state, w); + + for (i = 1; i < nr; i++) { + SubLong(&state[0]); + SubLong(&state[1]); + ShiftRows(state); + MixColumns(state); + AddRoundKey(state, w + i*2); + } + + SubLong(&state[0]); + SubLong(&state[1]); + ShiftRows(state); + AddRoundKey(state, w + nr*2); + + memcpy(out, state, 16); +} + +static void InvCipher(const unsigned char *in, unsigned char *out, + const u64 *w, int nr) + +{ + u64 state[2]; + int i; + + memcpy(state, in, 16); + + AddRoundKey(state, w + nr*2); + + for (i = nr - 1; i > 0; i--) { + InvShiftRows(state); + InvSubLong(&state[0]); + InvSubLong(&state[1]); + AddRoundKey(state, w + i*2); + InvMixColumns(state); + } + + InvShiftRows(state); + InvSubLong(&state[0]); + InvSubLong(&state[1]); + AddRoundKey(state, w); + + memcpy(out, state, 16); +} + +static void RotWord(u32 *x) +{ + unsigned char *w0; + unsigned char tmp; + + w0 = (unsigned char *)x; + tmp = w0[0]; + w0[0] = w0[1]; + w0[1] = w0[2]; + w0[2] = w0[3]; + w0[3] = tmp; +} + +static void KeyExpansion(const unsigned char *key, u64 *w, + int nr, int nk) +{ + u32 rcon; + uni prev; + u32 temp; + int i, n; + + memcpy(w, key, nk*4); + memcpy(&rcon, "\1\0\0\0", 4); + n = nk/2; + prev.d = w[n-1]; + for (i = n; i < (nr+1)*2; i++) { + temp = prev.w[1]; + if (i % n == 0) { + RotWord(&temp); + SubWord(&temp); + temp ^= rcon; + XtimeWord(&rcon); + } else if (nk > 6 && i % n == 2) { + SubWord(&temp); + } + prev.d = w[i-n]; + prev.w[0] ^= temp; + prev.w[1] ^= prev.w[0]; + w[i] = prev.d; + } +} + +/** + * Expand the cipher key into the encryption key schedule. + */ +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) +{ + u64 *rk; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = (u64*)key->rd_key; + + if (bits == 128) + key->rounds = 10; + else if (bits == 192) + key->rounds = 12; + else + key->rounds = 14; + + KeyExpansion(userKey, rk, key->rounds, bits/32); + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) +{ + return AES_set_encrypt_key(userKey, bits, key); +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) +{ + const u64 *rk; + + assert(in && out && key); + rk = (u64*)key->rd_key; + + Cipher(in, out, rk, key->rounds); +} + +/* + * Decrypt a single block + * in and out can overlap + */ +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key) +{ + const u64 *rk; + + assert(in && out && key); + rk = (u64*)key->rd_key; + + InvCipher(in, out, rk, key->rounds); +} +#elif !defined(AES_ASM) /*- Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c old mode 100755 new mode 100644 index dce4ef11be4f727048d7f23ebb34335d9340145f..804b3a723d1fbc20b04b7513def0b058a3ccb004 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,11 +12,6 @@ #include #include "aes_local.h" -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -} aes_block_t; - /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) # define UNALIGNED_MEMOPS_ARE_FAST 1 @@ -24,6 +19,15 @@ typedef struct { # define UNALIGNED_MEMOPS_ARE_FAST 0 #endif +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST +} aes_block_t __attribute((__aligned__(1))); +#else +} aes_block_t; +#endif + #if UNALIGNED_MEMOPS_ARE_FAST # define load_block(d, s) (d) = *(const aes_block_t *)(s) # define store_block(d, s) *(aes_block_t *)(d) = (s) diff --git a/crypto/aes/aes_local.h b/crypto/aes/aes_local.h old mode 100755 new mode 100644 index cc8456861d928e684e07abea7f7ef6fa98b3b103..a9c0059e52ccbcdfd3ae63d50729bd8ddce2ad2c --- a/crypto/aes/aes_local.h +++ b/crypto/aes/aes_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,7 @@ # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } # endif +typedef unsigned long long u64; # ifdef AES_LONG typedef unsigned long u32; # else diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c old mode 100755 new mode 100644 diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl old mode 100755 new mode 100644 index be2434f12041504c557b50235cf726417158f220..a80cfdc13948059c2ce3a1c174c004327518aad2 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/crypto/aes/asm/aesni-mb-x86_64.pl @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl old mode 100755 new mode 100644 index 42fe5d469ea6c830ac2cc389d0b3bf96d16003ac..04fd13be5e09f31cc17c1cc15d42b9e4b458df90 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl old mode 100755 new mode 100644 index f1b144eccbdd1d23d73c9287754caa79845f7d3a..ff9b18507da0f217f9baec8ee547f69a033e0894 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index d6068dbf03f8176a246f7d8d7ab7e01641f43d75..2b0e982996d18edcabaef37168e5ef99ee69c5e2 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -183,7 +183,12 @@ $code.=<<___; .Loop192: vtbl.8 $key,{$in1},$mask vext.8 $tmp,$zero,$in0,#12 +#ifdef __ARMEB__ + vst1.32 {$in1},[$out],#16 + sub $out,$out,#8 +#else vst1.32 {$in1},[$out],#8 +#endif aese $key,$zero subs $bits,$bits,#1 @@ -715,8 +720,11 @@ $code.=<<___; ldr $rounds,[$key,#240] ldr $ctr, [$ivp, #12] +#ifdef __ARMEB__ + vld1.8 {$dat0},[$ivp] +#else vld1.32 {$dat0},[$ivp] - +#endif vld1.32 {q8-q9},[$key] // load key schedule... sub $rounds,$rounds,#4 mov $step,#16 @@ -732,17 +740,17 @@ $code.=<<___; #ifndef __ARMEB__ rev $ctr, $ctr #endif - vorr $dat1,$dat0,$dat0 add $tctr1, $ctr, #1 - vorr $dat2,$dat0,$dat0 - add $ctr, $ctr, #2 vorr $ivec,$dat0,$dat0 rev $tctr1, $tctr1 - vmov.32 ${dat1}[3],$tctr1 + vmov.32 ${ivec}[3],$tctr1 + add $ctr, $ctr, #2 + vorr $dat1,$ivec,$ivec b.ls .Lctr32_tail rev $tctr2, $ctr + vmov.32 ${ivec}[3],$tctr2 sub $len,$len,#3 // bias - vmov.32 ${dat2}[3],$tctr2 + vorr $dat2,$ivec,$ivec b .Loop3x_ctr32 .align 4 @@ -769,11 +777,11 @@ $code.=<<___; aese $dat1,q8 aesmc $tmp1,$dat1 vld1.8 {$in0},[$inp],#16 - vorr $dat0,$ivec,$ivec + add $tctr0,$ctr,#1 aese $dat2,q8 aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 - vorr $dat1,$ivec,$ivec + rev $tctr0,$tctr0 aese $tmp0,q9 aesmc $tmp0,$tmp0 aese $tmp1,q9 @@ -782,8 +790,6 @@ $code.=<<___; mov $key_,$key aese $dat2,q9 aesmc $tmp2,$dat2 - vorr $dat2,$ivec,$ivec - add $tctr0,$ctr,#1 aese $tmp0,q12 aesmc $tmp0,$tmp0 aese $tmp1,q12 @@ -799,20 +805,22 @@ $code.=<<___; aese $tmp1,q13 aesmc $tmp1,$tmp1 veor $in2,$in2,$rndlast - rev $tctr0,$tctr0 + vmov.32 ${ivec}[3], $tctr0 aese $tmp2,q13 aesmc $tmp2,$tmp2 - vmov.32 ${dat0}[3], $tctr0 + vorr $dat0,$ivec,$ivec rev $tctr1,$tctr1 aese $tmp0,q14 aesmc $tmp0,$tmp0 + vmov.32 ${ivec}[3], $tctr1 + rev $tctr2,$ctr aese $tmp1,q14 aesmc $tmp1,$tmp1 - vmov.32 ${dat1}[3], $tctr1 - rev $tctr2,$ctr + vorr $dat1,$ivec,$ivec + vmov.32 ${ivec}[3], $tctr2 aese $tmp2,q14 aesmc $tmp2,$tmp2 - vmov.32 ${dat2}[3], $tctr2 + vorr $dat2,$ivec,$ivec subs $len,$len,#3 aese $tmp0,q15 aese $tmp1,q15 diff --git a/crypto/aes/asm/arm32/aes-armv4.S b/crypto/aes/asm/arm32/aes-armv4.S old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/arm32/aesv8-armx.S b/crypto/aes/asm/arm32/aesv8-armx.S old mode 100755 new mode 100644 index 669a38f6c87d52f688101dedac552d5ffbb79104..2a37eee5e1febafbbe05655920a4fd307f12ea78 --- a/crypto/aes/asm/arm32/aesv8-armx.S +++ b/crypto/aes/asm/arm32/aesv8-armx.S @@ -1,44 +1,3 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// This module implements support for ARMv8 AES instructions. The -// module is endian-agnostic in sense that it supports both big- and -// little-endian cases. As does it support both 32- and 64-bit modes -// of operation. Latter is achieved by limiting amount of utilized -// registers to 16, which implies additional NEON load and integer -// instructions. This has no effect on mighty Apple A7, where results -// are literally equal to the theoretical estimates based on AES -// instruction latencies and issue rates. On Cortex-A53, an in-order -// execution core, this costs up to 10-15%, which is partially -// compensated by implementing dedicated code path for 128-bit -// CBC encrypt case. On Cortex-A57 parallelizable mode performance -// seems to be limited by sheer amount of NEON instructions... -// -// Performance in cycles per byte processed with 128-bit key: -// -// CBC enc CBC dec CTR -// Apple A7 2.39 1.20 1.20 -// Cortex-A53 1.32 1.29 1.46 -// Cortex-A57(*) 1.95 0.85 0.93 -// Denver 1.96 0.86 0.80 -// Mongoose 1.33 1.20 1.20 -// Kryo 1.26 0.94 1.00 -// -// (*) original 3.64/1.34/1.32 results were for r0p0 revision -// and are still same even for updated module; - #include "arm_arch.h" #if __ARM_MAX_ARCH__>=7 @@ -149,7 +108,12 @@ aes_v8_set_encrypt_key: vtbl.8 d20,{q8},d4 vtbl.8 d21,{q8},d5 vext.8 q9,q0,q3,#12 +#ifdef __ARMEB__ + vst1.32 {q8},[r2]! + sub r2,r2,#8 +#else vst1.32 {d16},[r2]! +#endif .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 subs r1,r1,#1 @@ -621,8 +585,11 @@ aes_v8_ctr32_encrypt_blocks: ldr r5,[r3,#240] ldr r8, [r4, #12] +#ifdef __ARMEB__ + vld1.8 {q0},[r4] +#else vld1.32 {q0},[r4] - +#endif vld1.32 {q8,q9},[r3] @ load key schedule... sub r5,r5,#4 mov r12,#16 @@ -638,17 +605,17 @@ aes_v8_ctr32_encrypt_blocks: #ifndef __ARMEB__ rev r8, r8 #endif - vorr q1,q0,q0 add r10, r8, #1 - vorr q10,q0,q0 - add r8, r8, #2 vorr q6,q0,q0 rev r10, r10 - vmov.32 d3[1],r10 + vmov.32 d13[1],r10 + add r8, r8, #2 + vorr q1,q6,q6 bls .Lctr32_tail rev r12, r8 + vmov.32 d13[1],r12 sub r2,r2,#3 @ bias - vmov.32 d21[1],r12 + vorr q10,q6,q6 b .Loop3x_ctr32 .align 4 @@ -675,11 +642,11 @@ aes_v8_ctr32_encrypt_blocks: .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 .byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1 vld1.8 {q2},[r0]! - vorr q0,q6,q6 + add r9,r8,#1 .byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 vld1.8 {q3},[r0]! - vorr q1,q6,q6 + rev r9,r9 .byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 .byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9 @@ -688,8 +655,6 @@ aes_v8_ctr32_encrypt_blocks: mov r7,r3 .byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 .byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10 - vorr q10,q6,q6 - add r9,r8,#1 .byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 .byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12 @@ -705,20 +670,22 @@ aes_v8_ctr32_encrypt_blocks: .byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 veor q11,q11,q7 - rev r9,r9 + vmov.32 d13[1], r9 .byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13 .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vmov.32 d1[1], r9 + vorr q0,q6,q6 rev r10,r10 .byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 + vmov.32 d13[1], r10 + rev r12,r8 .byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - vmov.32 d3[1], r10 - rev r12,r8 + vorr q1,q6,q6 + vmov.32 d13[1], r12 .byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14 .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vmov.32 d21[1], r12 + vorr q10,q6,q6 subs r2,r2,#3 .byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15 .byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15 diff --git a/crypto/aes/asm/arm32/bsaes-armv7.S b/crypto/aes/asm/arm32/bsaes-armv7.S old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/arm64/aesv8-armx.S b/crypto/aes/asm/arm64/aesv8-armx.S old mode 100755 new mode 100644 index 1a77453d31c94955dbe66f126e54f46c647cc07a..433b8020afe5effb509ab2b3225ce5dc5078a1a9 --- a/crypto/aes/asm/arm64/aesv8-armx.S +++ b/crypto/aes/asm/arm64/aesv8-armx.S @@ -1,44 +1,3 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// This module implements support for ARMv8 AES instructions. The -// module is endian-agnostic in sense that it supports both big- and -// little-endian cases. As does it support both 32- and 64-bit modes -// of operation. Latter is achieved by limiting amount of utilized -// registers to 16, which implies additional NEON load and integer -// instructions. This has no effect on mighty Apple A7, where results -// are literally equal to the theoretical estimates based on AES -// instruction latencies and issue rates. On Cortex-A53, an in-order -// execution core, this costs up to 10-15%, which is partially -// compensated by implementing dedicated code path for 128-bit -// CBC encrypt case. On Cortex-A57 parallelizable mode performance -// seems to be limited by sheer amount of NEON instructions... -// -// Performance in cycles per byte processed with 128-bit key: -// -// CBC enc CBC dec CTR -// Apple A7 2.39 1.20 1.20 -// Cortex-A53 1.32 1.29 1.46 -// Cortex-A57(*) 1.95 0.85 0.93 -// Denver 1.96 0.86 0.80 -// Mongoose 1.33 1.20 1.20 -// Kryo 1.26 0.94 1.00 -// -// (*) original 3.64/1.34/1.32 results were for r0p0 revision -// and are still same even for updated module; - #include "arm_arch.h" #if __ARM_MAX_ARCH__>=7 @@ -144,7 +103,12 @@ aes_v8_set_encrypt_key: .Loop192: tbl v6.16b,{v4.16b},v2.16b ext v5.16b,v0.16b,v3.16b,#12 +#ifdef __ARMEB__ + st1 {v4.4s},[x2],#16 + sub x2,x2,#8 +#else st1 {v4.8b},[x2],#8 +#endif aese v6.16b,v0.16b subs w1,w1,#1 @@ -615,8 +579,11 @@ aes_v8_ctr32_encrypt_blocks: ldr w5,[x3,#240] ldr w8, [x4, #12] +#ifdef __ARMEB__ + ld1 {v0.16b},[x4] +#else ld1 {v0.4s},[x4] - +#endif ld1 {v16.4s,v17.4s},[x3] // load key schedule... sub w5,w5,#4 mov x12,#16 @@ -632,17 +599,17 @@ aes_v8_ctr32_encrypt_blocks: #ifndef __ARMEB__ rev w8, w8 #endif - orr v1.16b,v0.16b,v0.16b add w10, w8, #1 - orr v18.16b,v0.16b,v0.16b - add w8, w8, #2 orr v6.16b,v0.16b,v0.16b rev w10, w10 - mov v1.s[3],w10 + mov v6.s[3],w10 + add w8, w8, #2 + orr v1.16b,v6.16b,v6.16b b.ls .Lctr32_tail rev w12, w8 + mov v6.s[3],w12 sub x2,x2,#3 // bias - mov v18.s[3],w12 + orr v18.16b,v6.16b,v6.16b b .Loop3x_ctr32 .align 4 @@ -669,11 +636,11 @@ aes_v8_ctr32_encrypt_blocks: aese v1.16b,v16.16b aesmc v5.16b,v1.16b ld1 {v2.16b},[x0],#16 - orr v0.16b,v6.16b,v6.16b + add w9,w8,#1 aese v18.16b,v16.16b aesmc v18.16b,v18.16b ld1 {v3.16b},[x0],#16 - orr v1.16b,v6.16b,v6.16b + rev w9,w9 aese v4.16b,v17.16b aesmc v4.16b,v4.16b aese v5.16b,v17.16b @@ -682,8 +649,6 @@ aes_v8_ctr32_encrypt_blocks: mov x7,x3 aese v18.16b,v17.16b aesmc v17.16b,v18.16b - orr v18.16b,v6.16b,v6.16b - add w9,w8,#1 aese v4.16b,v20.16b aesmc v4.16b,v4.16b aese v5.16b,v20.16b @@ -699,20 +664,22 @@ aes_v8_ctr32_encrypt_blocks: aese v5.16b,v21.16b aesmc v5.16b,v5.16b eor v19.16b,v19.16b,v7.16b - rev w9,w9 + mov v6.s[3], w9 aese v17.16b,v21.16b aesmc v17.16b,v17.16b - mov v0.s[3], w9 + orr v0.16b,v6.16b,v6.16b rev w10,w10 aese v4.16b,v22.16b aesmc v4.16b,v4.16b + mov v6.s[3], w10 + rev w12,w8 aese v5.16b,v22.16b aesmc v5.16b,v5.16b - mov v1.s[3], w10 - rev w12,w8 + orr v1.16b,v6.16b,v6.16b + mov v6.s[3], w12 aese v17.16b,v22.16b aesmc v17.16b,v17.16b - mov v18.s[3], w12 + orr v18.16b,v6.16b,v6.16b subs x2,x2,#3 aese v4.16b,v23.16b aese v5.16b,v23.16b diff --git a/crypto/aes/asm/arm64/vpaes-armv8.S b/crypto/aes/asm/arm64/vpaes-armv8.S old mode 100755 new mode 100644 index f2705197fe29988138fb8f62af5c8cacc2c20ca2..5d1752c33b046346e9c2032db811fb00c00724f0 --- a/crypto/aes/asm/arm64/vpaes-armv8.S +++ b/crypto/aes/asm/arm64/vpaes-armv8.S @@ -1,41 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -//===================================================================== -// Constant-time SSSE3 AES core implementation. -// version 0.1 -// -// By Mike Hamburg (Stanford University), 2009 -// Public domain. -// -// For details see http://shiftleft.org/papers/vector_aes/ and -// http://crypto.stanford.edu/vpaes/. -// -//===================================================================== -// ARMv8 NEON adaptation by -// -// Reason for undertaken effort is that there is at least one popular -// SoC based on Cortex-A53 that doesn't have crypto extensions. -// -// CBC enc ECB enc/dec(*) [bit-sliced enc/dec] -// Cortex-A53 21.5 18.1/20.6 [17.5/19.8 ] -// Cortex-A57 36.0(**) 20.4/24.9(**) [14.4/16.6 ] -// X-Gene 45.9(**) 45.8/57.7(**) [33.1/37.6(**) ] -// Denver(***) 16.6(**) 15.1/17.8(**) [8.80/9.93 ] -// Apple A7(***) 22.7(**) 10.9/14.3 [8.45/10.0 ] -// Mongoose(***) 26.3(**) 21.0/25.0(**) [13.3/16.8 ] -// -// (*) ECB denotes approximate result for parallelizable modes -// such as CBC decrypt, CTR, etc.; -// (**) these results are worse than scalar compiler-generated -// code, but it's constant-time and therefore preferred; -// (***) presented for reference/comparison purposes; - .text .type _vpaes_consts,%object diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/build.info b/crypto/aes/build.info old mode 100755 new mode 100644 diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c old mode 100755 new mode 100644 diff --git a/crypto/aria/build.info b/crypto/aria/build.info old mode 100755 new mode 100644 diff --git a/crypto/arm64cpuid.S b/crypto/arm64cpuid.S old mode 100755 new mode 100644 index 6e2e27c95a35bb4c78abcf479c4507ada27d826e..fdf9f469d74d73f750a47b931a26393dccce51b9 --- a/crypto/arm64cpuid.S +++ b/crypto/arm64cpuid.S @@ -1,10 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - #include "arm_arch.h" .text diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h old mode 100755 new mode 100644 diff --git a/crypto/armcap.c b/crypto/armcap.c old mode 100755 new mode 100644 index 58e54f0da2e17ff83ca8281ca3e83964018a1430..8bf96f10214fc3c52ceadbaae2ad5f7eacecdca8 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # define OSSL_IMPLEMENT_GETAUXVAL # endif # endif +# if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +# endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S old mode 100755 new mode 100644 index 52fcd85ae3016ddc090d42bb54201dcb76919f80..eae2d6ad259ee92146bef4e830f93d2e9ffbabcc --- a/crypto/armv4cpuid.S +++ b/crypto/armv4cpuid.S @@ -1,10 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - #include "arm_arch.h" .text diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c old mode 100755 new mode 100644 index 613f9ae71333a5b0248bbf444232ca6a43c62e35..cc0a59ca4c8b21d38042270b40bbc7ff7e8595ae --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ static const ERR_STRING_DATA ASN1_str_functs[] = { "asn1_item_embed_d2i"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), "asn1_item_embed_new"}, + {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), "asn1_item_flags_i2d"}, {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, @@ -160,6 +161,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { "asn1 sig parse error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn1_item_list.c b/crypto/asn1/asn1_item_list.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c old mode 100755 new mode 100644 index a7d32ae5e2c3cf480b1c23360a83798d491847fb..366afc5f6c6b526dcdcd771eeca7012836ad8366 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -268,18 +268,29 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) return ret; } -int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) { unsigned char *c; const char *data = _data; + size_t len; - if (len < 0) { + if (len_in < 0) { if (data == NULL) return 0; - else - len = strlen(data); + len = strlen(data); + } else { + len = (size_t)len_in; + } + /* + * Verify that the length fits within an integer for assignment to + * str->length below. The additional 1 is subtracted to allow for the + * '\0' terminator even though this isn't strictly necessary. + */ + if (len > INT_MAX - 1) { + ASN1err(0, ASN1_R_TOO_LARGE); + return 0; } - if ((str->length <= len) || (str->data == NULL)) { + if ((size_t)str->length <= len || str->data == NULL) { c = str->data; str->data = OPENSSL_realloc(c, len + 1); if (str->data == NULL) { diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c old mode 100755 new mode 100644 index 3f10c7cb94c56d01c3741c1b21e8a62775189f40..a32fa47f2206bff2013efe23bd9b52c424af6795 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, } if (BIO_puts(bp, "]") <= 0) goto end; + dump_cont = 0; } if (!nl) { diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c old mode 100755 new mode 100644 index 6222c99074de8d5394ed2c1bdd6732548ff98b12..d7d7d80eea912aabb74aa5f2b95443b138a3ea53 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info old mode 100755 new mode 100644 diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h old mode 100755 new mode 100644 index cac354c6bf33b3b7aaad33ff2d71ae08855bf007..e234c9e615d0676d150f43cf1d9b315a48a6e3de --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl old mode 100755 new mode 100644 diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c old mode 100755 new mode 100644 index 6ec0107380493dcca4abb31285254e700805797c..7b127d2092fa2c809e23997a47b02bd2fdb30f29 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, goto err; EVP_PKEY_free(ret); ret = tmp; + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + goto err; } else { ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h old mode 100755 new mode 100644 diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c old mode 100755 new mode 100644 index 2332b204edc1ca65759cc2832c283cb13d776f3c..82577b1edefee09031075cd0fe7ba2cc64a190da --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -182,6 +182,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, tag, aclass, opt, ctx); case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, @@ -199,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; } + /* Check tag matches bit map */ if (!(ASN1_tag2bit(otag) & it->utype)) { /* If OPTIONAL, assume this is OK */ @@ -215,6 +225,15 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; if (*pval) { diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c old mode 100755 new mode 100644 index d600c7a538041ecf58d2b47f73fa25a418d4c401..bcc96337bca48c22f01c7f914d92e74b80465d52 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -103,9 +103,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/tbl_standard.h b/crypto/asn1/tbl_standard.h old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c old mode 100755 new mode 100644 index 4c4a718850eed5b58e77996b007b0ed613266a5e..c9a8f1e9d1d498030c5d75bf38305f2b7c99731c --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,3 +92,35 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) return 0; return ASN1_TYPE_cmp(a->parameter, b->parameter); } + +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) +{ + if (src == NULL || dest == NULL) + return 0; + + if (dest->algorithm) + ASN1_OBJECT_free(dest->algorithm); + dest->algorithm = NULL; + + if (dest->parameter) + ASN1_TYPE_free(dest->parameter); + dest->parameter = NULL; + + if (src->algorithm) + if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) + return 0; + + if (src->parameter) { + dest->parameter = ASN1_TYPE_new(); + if (dest->parameter == NULL) + return 0; + + /* Assuming this is also correct for a BOOL. + * set does copy as a side effect. + */ + if (ASN1_TYPE_set1(dest->parameter, + src->parameter->type, src->parameter->value.ptr) == 0) + return 0; + } + return 1; +} diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c old mode 100755 new mode 100644 diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_null.h b/crypto/async/arch/async_null.h old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c old mode 100755 new mode 100644 diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h old mode 100755 new mode 100644 diff --git a/crypto/async/async.c b/crypto/async/async.c old mode 100755 new mode 100644 diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c old mode 100755 new mode 100644 diff --git a/crypto/async/async_local.h b/crypto/async/async_local.h old mode 100755 new mode 100644 diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c old mode 100755 new mode 100644 diff --git a/crypto/async/build.info b/crypto/async/build.info old mode 100755 new mode 100644 diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_local.h b/crypto/bf/bf_local.h old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h old mode 100755 new mode 100644 diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c old mode 100755 new mode 100644 diff --git a/crypto/bf/build.info b/crypto/bf/build.info old mode 100755 new mode 100644 diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c old mode 100755 new mode 100644 index d11268b6dc594aba555d80f41ccca810e3ffac40..b023bbda406b0fd9982159047128352b1259939e --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,10 @@ * https://www.openssl.org/source/license.html */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + #include #include diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c old mode 100755 new mode 100644 diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c old mode 100755 new mode 100644 index 8ef90ac1d4f8bda2c764adc00af1e48694f9bafe..41b7f5e2f61d1edec04e2f61dae1d9f4a83dfbba --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -635,7 +635,11 @@ fmtfp(char **sbuffer, fvalue = tmpvalue; } ufvalue = abs_val(fvalue); - if (ufvalue > ULONG_MAX) { + /* + * By subtracting 65535 (2^16-1) we cancel the low order 15 bits + * of ULONG_MAX to avoid using imprecise floating point values. + */ + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c old mode 100755 new mode 100644 diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h old mode 100755 new mode 100644 diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c old mode 100755 new mode 100644 index b38e47a592f44f19ac89374070aa5687a1dbc363..4461eae2333de5c906635ef9bb673c8656a32414 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -222,10 +222,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) break; case ACPT_S_CREATE_SOCKET: - ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); - if (ret == (int)INVALID_SOCKET) { + s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), + BIO_ADDRINFO_socktype(c->addr_iter), + BIO_ADDRINFO_protocol(c->addr_iter), 0); + if (s == (int)INVALID_SOCKET) { SYSerr(SYS_F_SOCKET, get_last_socket_error()); ERR_add_error_data(4, "hostname=", c->param_addr, @@ -233,9 +233,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); goto exit_loop; } - c->accept_sock = ret; - b->num = ret; + c->accept_sock = s; + b->num = s; c->state = ACPT_S_LISTEN; + s = -1; break; case ACPT_S_LISTEN: @@ -433,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = BUF_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c old mode 100755 new mode 100644 index dd43a406018ca82f9a367b6281c4545f587e7344..807a82b23ba2e579d8d307b8ee66594f3c227d56 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname, @@ -407,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -421,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = BUF_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c old mode 100755 new mode 100644 diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c old mode 100755 new mode 100644 diff --git a/crypto/bio/build.info b/crypto/bio/build.info old mode 100755 new mode 100644 diff --git a/crypto/blake2/blake2_impl.h b/crypto/blake2/blake2_impl.h old mode 100755 new mode 100644 diff --git a/crypto/blake2/blake2_local.h b/crypto/blake2/blake2_local.h old mode 100755 new mode 100644 diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c old mode 100755 new mode 100644 diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c old mode 100755 new mode 100644 diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info old mode 100755 new mode 100644 diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c old mode 100755 new mode 100644 diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c old mode 100755 new mode 100644 diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod old mode 100755 new mode 100644 diff --git a/crypto/bn/armv4-gf2m.S b/crypto/bn/armv4-gf2m.S old mode 100755 new mode 100644 index 6d72c801bf4d04c9807c2c12a45036971e39a546..ec7a995b3c21b3e51e25515da32c66876b4c2d61 --- a/crypto/bn/armv4-gf2m.S +++ b/crypto/bn/armv4-gf2m.S @@ -1,43 +1,3 @@ -// Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// May 2011 -// -// The module implements bn_GF2m_mul_2x2 polynomial multiplication -// used in bn_gf2m.c. It's kind of low-hanging mechanical port from -// C for the time being... Except that it has two code paths: pure -// integer code suitable for any ARMv4 and later CPU and NEON code -// suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs -// in ~45 cycles on dual-issue core such as Cortex A8, which is ~50% -// faster than compiler-generated code. For ECDH and ECDSA verify (but -// not for ECDSA sign) it means 25%-45% improvement depending on key -// length, more for longer keys. Even though NEON 1x1 multiplication -// runs in even less cycles, ~30, improvement is measurable only on -// longer keys. One has to optimize code elsewhere to get NEON glow... -// -// April 2014 -// -// Double bn_GF2m_mul_2x2 performance by using algorithm from paper -// referred below, which improves ECDH and ECDSA verify benchmarks -// by 18-40%. -// -// Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software -// Polynomial Multiplication on ARM Processors using the NEON Engine. -// -// http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf - #include "arm_arch.h" .text diff --git a/crypto/bn/armv4-mont.S b/crypto/bn/armv4-mont.S old mode 100755 new mode 100644 index 62518d5ebe0b8103992f28f148d485a5660cee04..1e9056447bd6162ebb17205377deab0a0e095b0d --- a/crypto/bn/armv4-mont.S +++ b/crypto/bn/armv4-mont.S @@ -1,58 +1,3 @@ -// Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== - -// January 2007. - -// Montgomery multiplication for ARMv4. -// -// Performance improvement naturally varies among CPU implementations -// and compilers. The code was observed to provide +65-35% improvement -// [depending on key length, less for longer keys] on ARM920T, and -// +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code -// base and compiler generated code with in-lined umull and even umlal -// instructions. The latter means that this code didn't really have an -// "advantage" of utilizing some "secret" instruction. -// -// The code is interoperable with Thumb ISA and is rather compact, less -// than 1/2KB. Windows CE port would be trivial, as it's exclusively -// about decorations, ABI and instruction syntax are identical. - -// November 2013 -// -// Add NEON code path, which handles lengths divisible by 8. RSA/DSA -// performance improvement on Cortex-A8 is ~45-100% depending on key -// length, more for longer keys. On Cortex-A15 the span is ~10-105%. -// On Snapdragon S4 improvement was measured to vary from ~70% to -// incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is -// rather because original integer-only code seems to perform -// suboptimally on S4. Situation on Cortex-A9 is unfortunately -// different. It's being looked into, but the trouble is that -// performance for vectors longer than 256 bits is actually couple -// of percent worse than for integer-only code. The code is chosen -// for execution on all NEON-capable processors, because gain on -// others outweighs the marginal loss on Cortex-A9. - -// September 2015 -// -// Align Cortex-A9 performance with November 2013 improvements, i.e. -// NEON code is now ~20-105% faster than integer-only one on this -// processor. But this optimization further improved performance even -// on other processors: NEON code path is ~45-180% faster than original -// integer-only on Cortex-A8, ~10-210% on Cortex-A15, ~70-450% on -// Snapdragon S4. - #include "arm_arch.h" .text diff --git a/crypto/bn/armv8-mont.S b/crypto/bn/armv8-mont.S old mode 100755 new mode 100644 index 5fd11d25ca61808ba4c201666d3007a6b327b4e7..d573c00657e6bee2e5d0ba9cfdd85cf2d6a79665 --- a/crypto/bn/armv8-mont.S +++ b/crypto/bn/armv8-mont.S @@ -1,44 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== - -// March 2015 -// -// "Teaser" Montgomery multiplication module for ARMv8. Needs more -// work. While it does improve RSA sign performance by 20-30% (less for -// longer keys) on most processors, for some reason RSA2048 is not -// faster and RSA4096 goes 15-20% slower on Cortex-A57. Multiplication -// instruction issue rate is limited on processor in question, meaning -// that dedicated squaring procedure is a must. Well, actually all -// contemporary AArch64 processors seem to have limited multiplication -// issue rate, i.e. they can't issue multiplication every cycle, which -// explains moderate improvement coefficients in comparison to -// compiler-generated code. Recall that compiler is instructed to use -// umulh and therefore uses same amount of multiplication instructions -// to do the job. Assembly's edge is to minimize number of "collateral" -// instructions and of course instruction scheduling. -// -// April 2015 -// -// Squaring procedure that handles lengths divisible by 8 improves -// RSA/DSA performance by 25-40-60% depending on processor and key -// length. Overall improvement coefficients are always positive in -// comparison to compiler-generated code. On Cortex-A57 improvement -// is still modest on longest key lengths, while others exhibit e.g. -// 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster -// on Cortex-A57 and ~60-100% faster on others. - .text .globl bn_mul_mont diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/bn-c64xplus.asm b/crypto/bn/asm/bn-c64xplus.asm old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 9b54f9d9ed3ce5a495823a8012188439e33471a5..0be771febc16e31c0773594b770c71d58f877577 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl index 8172dace74ee7012d79a11f6470ceb2e890e09e3..cf08ce9b835600ce4d306347644509c4825c9057 100755 --- a/crypto/bn/asm/rsaz-x86_64.pl +++ b/crypto/bn/asm/rsaz-x86_64.pl @@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index e00cac448b89464e9d20b97bf1941841669b369e..f14d4e63b9752cf3e357736911549d71381979a7 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 887770b30db1329a908463d8d29bc66d2d6ae7b5..8c37d132e476707ee7bd18d1d77fb9681d591dea 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c old mode 100755 new mode 100644 index ef81acb77ba6b6475597ec26d72063284d41344c..0941f7b97f3f7c0a86546227c8a6c06b8f0b5a09 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,22 +10,189 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) + goto err; + + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } + } + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; + } + } else { + *pnoinv = 1; + /* caller sets the BN_R_NO_INVERSE error */ + goto err; + } + + ret = R; + *pnoinv = 0; + + err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return ret; } +/* + * This is an internal function, we assume all callers pass valid arguments: + * all pointers passed here are assumed non-NULL. + */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv) @@ -36,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, /* This is invalid input so we don't worry about constant time here */ if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - if (pnoinv != NULL) - *pnoinv = 1; + *pnoinv = 1; return NULL; } - if (pnoinv != NULL) - *pnoinv = 0; + *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); + return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); } bn_check_top(a); @@ -332,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + *pnoinv = 1; goto err; } ret = R; @@ -345,175 +509,27 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, return ret; } -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + BN_CTX *new_ctx = NULL; + BIGNUM *rv; + int noinv = 0; - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE); + return NULL; } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; } - /* Now Y*a == A (mod |n|). */ - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + BN_CTX_free(new_ctx); + return rv; } /*- diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c old mode 100755 new mode 100644 index 86d4956c8a8cf297afd368dd5cc3d8d945e82759..eb4a31849bef11837d273d7b7208b0e72d8caa3b --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void) return &const_one; } +/* + * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() + * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html + */ +#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ + && _MSC_VER>=1400 && _MSC_VER<1501 +# define MS_BROKEN_BN_num_bits_word +# pragma optimize("", off) +#endif int BN_num_bits_word(BN_ULONG l) { BN_ULONG x, mask; @@ -131,6 +140,9 @@ int BN_num_bits_word(BN_ULONG l) return bits; } +#ifdef MS_BROKEN_BN_num_bits_word +# pragma optimize("", on) +#endif /* * This function still leaks `a->dmax`: it's caller's responsibility to @@ -322,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a) BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) { + int bn_words; + bn_check_top(b); + bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top; + if (a == b) return a; - if (bn_wexpand(a, b->top) == NULL) + if (bn_wexpand(a, bn_words) == NULL) return NULL; if (b->top > 0) - memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); + memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words); a->neg = b->neg; a->top = b->top; diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c old mode 100755 new mode 100644 index bdbe822415c7914c2f87e1150242b7310096ac15..0902da5d076e605052bc9c1aaaabe1b4f21eba3e --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) int neg = 0; BIGNUM *a = NULL; - if (n < 4) { + if (n < 4 || (d[0] & 0x80) != 0) { BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); return NULL; } diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h old mode 100755 new mode 100644 index ba48244534b009fe6fff39d7bb93f702e4e96e44..1a25c285773a72275cded68794b4a63af7c44eb8 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c old mode 100755 new mode 100644 diff --git a/crypto/bn/build.info b/crypto/bn/build.info old mode 100755 new mode 100644 diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c old mode 100755 new mode 100644 diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h old mode 100755 new mode 100644 diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c old mode 100755 new mode 100644 diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c old mode 100755 new mode 100644 diff --git a/crypto/buffer/build.info b/crypto/buffer/build.info old mode 100755 new mode 100644 diff --git a/crypto/build.info b/crypto/build.info old mode 100755 new mode 100644 diff --git a/crypto/buildinf.h b/crypto/buildinf.h old mode 100644 new mode 100755 index 0965d5bbb82e06fa4033386679aa7f9a10270111..bf867c768c4011c3ad3805ded8fd572cb44ff052 --- a/crypto/buildinf.h +++ b/crypto/buildinf.h @@ -10,10 +10,9 @@ * https://www.openssl.org/source/license.html */ -#if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) - +#ifdef OPENSSL_ARM64_PLATFORM #define PLATFORM "platform: android-arm64" -#define DATE "built on: Thu Jun 11 07:45:56 2020 UTC" +#define DATE "built on: Tue Aug 3 08:25:48 2021 UTC" /* * Generate compiler_flags as an array of individual characters. This is a @@ -25,29 +24,66 @@ static const char compiler_flags[] = { '4','-','l','i','n','u','x','-','a','n','d','r','o','i','d','-', 'c','l','a','n','g',' ','-','f','P','I','C',' ','-','p','t','h', 'r','e','a','d',' ',' ','-','-','s','y','s','r','o','o','t','=', - '/','h','o','m','e','/','h','j','a','d','m','i','n','/','m','y', - '-','a','n','d','r','o','i','d','6','4','-','t','o','o','l','c', - 'h','a','i','n','/','s','y','s','r','o','o','t',' ','-','W','a', - ',','-','-','n','o','e','x','e','c','s','t','a','c','k',' ','-', - 'Q','u','n','u','s','e','d','-','a','r','g','u','m','e','n','t', - 's',' ','-','W','a','l','l',' ','-','O','3',' ','-','D','O','P', - 'E','N','S','S','L','_','U','S','E','_','N','O','D','E','L','E', - 'T','E',' ','-','D','O','P','E','N','S','S','L','_','P','I','C', - ' ','-','D','O','P','E','N','S','S','L','_','C','P','U','I','D', - '_','O','B','J',' ','-','D','O','P','E','N','S','S','L','_','B', - 'N','_','A','S','M','_','M','O','N','T',' ','-','D','S','H','A', - '1','_','A','S','M',' ','-','D','S','H','A','2','5','6','_','A', - 'S','M',' ','-','D','S','H','A','5','1','2','_','A','S','M',' ', - '-','D','K','E','C','C','A','K','1','6','0','0','_','A','S','M', - ' ','-','D','V','P','A','E','S','_','A','S','M',' ','-','D','E', - 'C','P','_','N','I','S','T','Z','2','5','6','_','A','S','M',' ', - '-','D','P','O','L','Y','1','3','0','5','_','A','S','M',' ','-', - 'D','N','D','E','B','U','G','\0' + '/','h','o','m','e','/','h','u','a','n','g','j','u','n','/','o', + 'p','e','n','s','s','l','/','m','y','-','a','n','d','r','o','i', + 'd','6','4','-','t','o','o','l','c','h','a','i','n','/','s','y', + 's','r','o','o','t',' ','-','W','a',',','-','-','n','o','e','x', + 'e','c','s','t','a','c','k',' ','-','Q','u','n','u','s','e','d', + '-','a','r','g','u','m','e','n','t','s',' ','-','W','a','l','l', + ' ','-','O','3',' ','-','D','O','P','E','N','S','S','L','_','U', + 'S','E','_','N','O','D','E','L','E','T','E',' ','-','D','O','P', + 'E','N','S','S','L','_','P','I','C',' ','-','D','O','P','E','N', + 'S','S','L','_','C','P','U','I','D','_','O','B','J',' ','-','D', + 'O','P','E','N','S','S','L','_','B','N','_','A','S','M','_','M', + 'O','N','T',' ','-','D','S','H','A','1','_','A','S','M',' ','-', + 'D','S','H','A','2','5','6','_','A','S','M',' ','-','D','S','H', + 'A','5','1','2','_','A','S','M',' ','-','D','K','E','C','C','A', + 'K','1','6','0','0','_','A','S','M',' ','-','D','V','P','A','E', + 'S','_','A','S','M',' ','-','D','E','C','P','_','N','I','S','T', + 'Z','2','5','6','_','A','S','M',' ','-','D','P','O','L','Y','1', + '3','0','5','_','A','S','M',' ','-','D','N','D','E','B','U','G','\0' }; +#endif // OPENSSL_ARM64_PLATFORM -// defines for windows -#elif defined(WINDOWS_PLATFORM) +#ifdef OPENSSL_ARM_PLATFORM +#define PLATFORM "platform: android-arm" +#define DATE "built on: Tue Aug 3 02:10:27 2021 UTC" +/* + * Generate compiler_flags as an array of individual characters. This is a + * workaround for the situation where CFLAGS gets too long for a C90 string + * literal + */ +static const char compiler_flags[] = { + 'c','o','m','p','i','l','e','r',':',' ','a','r','m','-','l','i', + 'n','u','x','-','a','n','d','r','o','i','d','e','a','b','i','-', + 'c','l','a','n','g',' ','-','f','P','I','C',' ','-','p','t','h', + 'r','e','a','d',' ',' ','-','-','s','y','s','r','o','o','t','=', + '/','h','o','m','e','/','h','u','a','n','g','j','u','n','/','o', + 'p','e','n','s','s','l','/','m','y','-','a','n','d','r','o','i', + 'd','-','t','o','o','l','c','h','a','i','n','/','s','y','s','r', + 'o','o','t',' ','-','W','a',',','-','-','n','o','e','x','e','c', + 's','t','a','c','k',' ','-','Q','u','n','u','s','e','d','-','a', + 'r','g','u','m','e','n','t','s',' ','-','W','a','l','l',' ','-', + 'O','3',' ','-','D','O','P','E','N','S','S','L','_','U','S','E', + '_','N','O','D','E','L','E','T','E',' ','-','D','O','P','E','N', + 'S','S','L','_','P','I','C',' ','-','D','O','P','E','N','S','S', + 'L','_','C','P','U','I','D','_','O','B','J',' ','-','D','O','P', + 'E','N','S','S','L','_','B','N','_','A','S','M','_','M','O','N', + 'T',' ','-','D','O','P','E','N','S','S','L','_','B','N','_','A', + 'S','M','_','G','F','2','m',' ','-','D','S','H','A','1','_','A', + 'S','M',' ','-','D','S','H','A','2','5','6','_','A','S','M',' ', + '-','D','S','H','A','5','1','2','_','A','S','M',' ','-','D','K', + 'E','C','C','A','K','1','6','0','0','_','A','S','M',' ','-','D', + 'A','E','S','_','A','S','M',' ','-','D','B','S','A','E','S','_', + 'A','S','M',' ','-','D','G','H','A','S','H','_','A','S','M',' ', + '-','D','E','C','P','_','N','I','S','T','Z','2','5','6','_','A', + 'S','M',' ','-','D','P','O','L','Y','1','3','0','5','_','A','S', + 'M',' ','-','D','N','D','E','B','U','G','\0' +}; +#endif // OPENSSL_ARM_PLATFORM + +#ifdef WINDOWS_PLATFORM #define PLATFORM "platform: mingw64" #define DATE "built on: Mon Nov 9 09:38:38 2020 UTC" @@ -65,10 +101,9 @@ static const char compiler_flags[] = { '3','2','_','L','E','A','N','_','A','N','D','_','M','E','A','N', ' ','-','D','_','M','T',' ','-','D','N','D','E','B','U','G','\0' }; +#endif // WINDOWS_PLATFORM -// defines for mac -#elif defined(MAC_PLATFORM) - +#ifdef MAC_PLATFORM #define PLATFORM "platform: darwin64-x86_64-cc" #define DATE "built on: Fri Nov 27 07:15:02 2020 UTC" @@ -85,5 +120,4 @@ static const char compiler_flags[] = { 'I','C',' ','-','D','_','R','E','E','N','T','R','A','N','T',' ', '-','D','N','D','E','B','U','G','\0' }; - -#endif +#endif // MAC_PLATFORM \ No newline at end of file diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/build.info b/crypto/camellia/build.info old mode 100755 new mode 100644 diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_local.h b/crypto/camellia/cmll_local.h old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c old mode 100755 new mode 100644 diff --git a/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c old mode 100755 new mode 100644 diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl old mode 100755 new mode 100644 diff --git a/crypto/cast/build.info b/crypto/cast/build.info old mode 100755 new mode 100644 diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c old mode 100755 new mode 100644 diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c old mode 100755 new mode 100644 diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c old mode 100755 new mode 100644 diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c old mode 100755 new mode 100644 diff --git a/crypto/cast/cast_local.h b/crypto/cast/cast_local.h old mode 100755 new mode 100644 diff --git a/crypto/cast/cast_s.h b/crypto/cast/cast_s.h old mode 100755 new mode 100644 diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index 22655747295e24b2d0111d82f0fae63171881160..84c98014803bce351794063d9463aa7597f476f0 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -125,6 +125,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .align 5 .Lsigma: diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index a1f5694b691e68db0b11dcde7275883c7a849f79..492fda5f114cfe40ab022869a1937f1ff0c619b2 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index 647d2537ceaebf7476b66bb95c6f48d28e020024..227ee59ff2ba5a6109ce0b5e26f18266370e9c68 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -85,7 +85,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info old mode 100755 new mode 100644 diff --git a/crypto/chacha/chacha-armv4.S b/crypto/chacha/chacha-armv4.S old mode 100755 new mode 100644 index 3cda80615e5b01de2e01bde15beadb134845fcd9..e670a63d04aafc8d775984cedb345960cdf0374f --- a/crypto/chacha/chacha-armv4.S +++ b/crypto/chacha/chacha-armv4.S @@ -1,38 +1,3 @@ -// Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// December 2014 -// -// ChaCha20 for ARMv4. -// -// Performance in cycles per byte out of large buffer. -// -// IALU/gcc-4.4 1xNEON 3xNEON+1xIALU -// -// Cortex-A5 19.3(*)/+95% 21.8 14.1 -// Cortex-A8 10.5(*)/+160% 13.9 6.35 -// Cortex-A9 12.9(**)/+110% 14.3 6.50 -// Cortex-A15 11.0/+40% 16.0 5.00 -// Snapdragon S4 11.5/+125% 13.6 4.90 -// -// (*) most "favourable" result for aligned data on little-endian -// processor, result for misaligned data is 10-15% lower; -// (**) this result is a trade-off: it can be improved by 20%, -// but then Snapdragon S4 and Cortex-A8 results get -// 20-25% worse; - #include "arm_arch.h" .text diff --git a/crypto/chacha/chacha-armv8.S b/crypto/chacha/chacha-armv8.S old mode 100755 new mode 100644 index ac9226ccc682ca99c53cc4eddbefcf28d3183b8b..f4676cbf6811885a99dcb020825b25b76ce341b9 --- a/crypto/chacha/chacha-armv8.S +++ b/crypto/chacha/chacha-armv8.S @@ -1,44 +1,9 @@ -// Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// June 2015 -// -// ChaCha20 for ARMv8. -// -// Performance in cycles per byte out of large buffer. -// -// IALU/gcc-4.9 3xNEON+1xIALU 6xNEON+2xIALU -// -// Apple A7 5.50/+49% 3.33 1.70 -// Cortex-A53 8.40/+80% 4.72 4.72(*) -// Cortex-A57 8.06/+43% 4.90 4.43(**) -// Denver 4.50/+82% 2.63 2.67(*) -// X-Gene 9.50/+46% 8.82 8.89(*) -// Mongoose 8.00/+44% 3.64 3.25 -// Kryo 8.17/+50% 4.83 4.65 -// -// (*) it's expected that doubling interleave factor doesn't help -// all processors, only those with higher NEON latency and -// higher instruction issue rate; -// (**) expected improvement was actually higher; - #include "arm_arch.h" .text +.hidden OPENSSL_armcap_P .align 5 .Lsigma: diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c old mode 100755 new mode 100644 diff --git a/crypto/cmac/build.info b/crypto/cmac/build.info old mode 100755 new mode 100644 diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c old mode 100755 new mode 100644 index 6989c32d06609c90627b3cc32bcafb283e19a82d..1fac531016878e54ee508fe55cc5ea3390240d38 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,11 +116,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) @@ -128,7 +135,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -166,12 +173,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; diff --git a/crypto/cms/build.info b/crypto/cms/build.info old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c old mode 100755 new mode 100644 index 57afba436115045a90d6d6b10c47635a8d0a833b..be4c2c703f1a853effbc59c0da14bcc3d18a6f70 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) default: CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); - return NULL; + goto err; } if (cmsbio) return BIO_push(cmsbio, cont); +err: if (!icont) BIO_free(cont); return NULL; diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c old mode 100755 new mode 100644 diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c old mode 100755 new mode 100644 index 29ba4c1b13342819e48fd8c8e2f5857560217500..3f2a782565a8a1d15f188d81dab9a54773143292 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { + ASN1_INTEGER_free(key); return 0; + } } alg = X509_ALGOR_new(); if (alg == NULL) { diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c old mode 100755 new mode 100644 index 652e97b2e877fd3cd132473ca042750c47b8cccf..6e7dbc4da1fae39c4cf472f88ab6842e4fb528be --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, char *ptr; long len; len = BIO_get_mem_data(dcont, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); goto err2; diff --git a/crypto/comp/build.info b/crypto/comp/build.info old mode 100755 new mode 100644 diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c old mode 100755 new mode 100644 diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c old mode 100755 new mode 100644 diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c old mode 100755 new mode 100644 diff --git a/crypto/comp/comp_local.h b/crypto/comp/comp_local.h old mode 100755 new mode 100644 diff --git a/crypto/conf/build.info b/crypto/conf/build.info old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c old mode 100755 new mode 100644 index ca76fa3679b8ab3597d009091d8a1029d975ef42..31c02cc49e22b312bb6bd21dc404ae5306ad8015 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BUF_MEM *buff = NULL; char *s, *p, *end; int again; + int first_call = 1; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; @@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); + if (first_call) { + /* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ + const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + + if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { + memmove(p, p + 3, i - 3); + p[i - 3] = 0; + i -= 3; + ii -= 3; + } + first_call = 0; + } if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; @@ -376,11 +390,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) if (biosk == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } } if (!sk_BIO_push(biosk, in)) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + BIO_free(next); goto err; } /* continue with reading from the included BIO */ diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h old mode 100755 new mode 100644 index 2ced300e40d6678e814387c579b0e450bb2df8be..1e4a03e10bbd6b37ec5e465344435d2deba9efdd --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c old mode 100755 new mode 100644 diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl old mode 100755 new mode 100644 diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c old mode 100755 new mode 100644 diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c old mode 100755 new mode 100644 diff --git a/crypto/ct/build.info b/crypto/ct/build.info old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c old mode 100755 new mode 100644 diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c old mode 100755 new mode 100644 diff --git a/crypto/ctype.c b/crypto/ctype.c old mode 100755 new mode 100644 diff --git a/crypto/cversion.c b/crypto/cversion.c old mode 100755 new mode 100644 diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl old mode 100755 new mode 100644 diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl old mode 100755 new mode 100644 diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 old mode 100755 new mode 100644 diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl old mode 100755 new mode 100644 diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/des/build.info b/crypto/des/build.info old mode 100755 new mode 100644 diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c old mode 100755 new mode 100644 diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c old mode 100755 new mode 100644 diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/des_local.h b/crypto/des/des_local.h old mode 100755 new mode 100644 diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c old mode 100755 new mode 100644 diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c old mode 100755 new mode 100644 diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c old mode 100755 new mode 100644 diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c old mode 100755 new mode 100644 diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c old mode 100755 new mode 100644 diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c old mode 100755 new mode 100644 diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c old mode 100755 new mode 100644 diff --git a/crypto/des/spr.h b/crypto/des/spr.h old mode 100755 new mode 100644 diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c old mode 100755 new mode 100644 diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c old mode 100755 new mode 100644 diff --git a/crypto/dh/build.info b/crypto/dh/build.info old mode 100755 new mode 100644 diff --git a/crypto/dh/dh1024.pem b/crypto/dh/dh1024.pem old mode 100755 new mode 100644 diff --git a/crypto/dh/dh192.pem b/crypto/dh/dh192.pem old mode 100755 new mode 100644 diff --git a/crypto/dh/dh2048.pem b/crypto/dh/dh2048.pem old mode 100755 new mode 100644 diff --git a/crypto/dh/dh4096.pem b/crypto/dh/dh4096.pem old mode 100755 new mode 100644 diff --git a/crypto/dh/dh512.pem b/crypto/dh/dh512.pem old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c old mode 100755 new mode 100644 index daffdf74dd37b6fa4c3ad4c1669cd1c8fcc01963..117f2fa883ffa6454fe27576765aeb4318923755 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; + + /* count leading zero bytes, yet still touch all bytes */ + for (i = 0; i < ret; i++) { + mask &= !key[i]; + npad += mask; + } + + /* unpad key */ + ret -= npad; + /* key-dependent memory access, potentially leaking npad / ret */ + memmove(key, key + npad, ret); + /* key-dependent memory access, potentially leaking npad / ret */ + memset(key + ret, 0, npad); + + return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + + /* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; + /* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c old mode 100755 new mode 100644 diff --git a/crypto/dllmain.c b/crypto/dllmain.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/build.info b/crypto/dsa/build.info old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c old mode 100755 new mode 100644 diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c old mode 100755 new mode 100644 diff --git a/crypto/dso/build.info b/crypto/dso/build.info old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_local.h b/crypto/dso/dso_local.h old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c old mode 100755 new mode 100644 diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c old mode 100755 new mode 100644 index 37892170c0f225ab8709c30d5825da7f8b2c58d8..af1e559d7695d2623c11e76da12f35337e4849e9 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -565,8 +565,8 @@ static int win32_pathbyaddr(void *addr, char *path, int sz) /* Enumerate the modules to find one which includes me. */ do { - if ((uintptr_t) addr >= (uintptr_t) me32.modBaseAddr && - (uintptr_t) addr < (uintptr_t) (me32.modBaseAddr + me32.modBaseSize)) { + if ((size_t) addr >= (size_t) me32.modBaseAddr && + (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { (*close_snap) (hModuleSnap); FreeLibrary(dll); # ifdef _WIN32_WCE diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c old mode 100755 new mode 100644 diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index ea538c0698d5457350964b836c7cceb83f293833..fa833ce6aaf37fee422e309b53e8fceeb486bed1 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1517,9 +1517,9 @@ ecp_nistz256_point_add: ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) mvn $t0,$t0 @ -1/0 -> 0/-1 mvn $t1,$t1 @ -1/0 -> 0/-1 - orr $a0,$t0 - orr $a0,$t1 - orrs $a0,$t2 @ set flags + orr $a0,$a0,$t0 + orr $a0,$a0,$t1 + orrs $a0,$a0,$t2 @ set flags @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) bne .Ladd_proceed diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl old mode 100755 new mode 100644 diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl deleted file mode 100755 index 5071d09ac2ecc0dab64e59162ddc9dad66c5a43f..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ /dev/null @@ -1,2080 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -if ($avx>=2) {{ -$digit_size = "\$29"; -$n_digits = "\$9"; - -$code.=<<___; -.text - -.align 64 -.LAVX2_AND_MASK: -.LAVX2_POLY: -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000 -.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000 -.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff - -.LAVX2_POLY_x2: -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE -.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE -.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC - -.LAVX2_POLY_x8: -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8 -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC -.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC -.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8 - -.LONE: -.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff -.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL -# Montgomery form (*2^256) to our format (*2^261) - -.LTO_MONT_AVX2: -.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003 - -.LFROM_MONT_AVX2: -.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff -.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -.LIntOne: -.long 1,1,1,1,1,1,1,1 -___ - -{ -# This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearranges the data for AVX2 execution, while -# converting it to 2^29 radix redundant form - -my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, - $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_transpose_convert -.type ecp_nistz256_avx2_transpose_convert,\@function,2 -.align 64 -ecp_nistz256_avx2_transpose_convert: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - # Load the data - vmovdqa 32*0(%rsi), $X0 - lea 112(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $Y0 - lea .LAVX2_AND_MASK(%rip), %rdx - vmovdqa 32*2(%rsi), $X1 - vmovdqa 32*3(%rsi), $Y1 - vmovdqa 32*4-112(%rax), $X2 - vmovdqa 32*5-112(%rax), $Y2 - vmovdqa 32*6-112(%rax), $X3 - vmovdqa 32*7-112(%rax), $Y3 - - # Transpose X and Y independently - vpunpcklqdq $X1, $X0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $X3, $X2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $X1, $X0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $X3, $X2, $T3 # T3 = [D3 C3 D1 C1] - - vpunpcklqdq $Y1, $Y0, $T4 - vpunpcklqdq $Y3, $Y2, $T5 - vpunpckhqdq $Y1, $Y0, $T6 - vpunpckhqdq $Y3, $Y2, $T7 - - vperm2i128 \$0x20, $T1, $T0, $X0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $X1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $X2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $X3 # X3 = [D3 C3 B3 A3] - - vperm2i128 \$0x20, $T5, $T4, $Y0 - vperm2i128 \$0x20, $T7, $T6, $Y1 - vperm2i128 \$0x31, $T5, $T4, $Y2 - vperm2i128 \$0x31, $T7, $T6, $Y3 - vmovdqa (%rdx), $T7 - - vpand (%rdx), $X0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $X0, $X0 - vpand $T7, $X0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $X0, $X0 - vpsllq \$6, $X1, $T2 - vpxor $X0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $X1, $X1 - vpand $T7, $X1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $X1, $X1 - vpsllq \$12, $X2, $T4 - vpxor $X1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $X2, $X2 - vpand $T7, $X2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $X2, $X2 - vpsllq \$18, $X3, $T6 - vpxor $X2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $X3, $X3 - vmovdqa $T0, 32*0(%rdi) - lea 112(%rdi), %rax # size optimization - vpand $T7, $X3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $X3, $X3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*1(%rdi) - vmovdqa $T2, 32*2(%rdi) - vmovdqa $T3, 32*3(%rdi) - vmovdqa $T4, 32*4-112(%rax) - vmovdqa $T5, 32*5-112(%rax) - vmovdqa $T6, 32*6-112(%rax) - vmovdqa $T0, 32*7-112(%rax) - vmovdqa $X3, 32*8-112(%rax) - lea 448(%rdi), %rax # size optimization - - vpand $T7, $Y0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $Y0, $Y0 - vpand $T7, $Y0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $Y0, $Y0 - vpsllq \$6, $Y1, $T2 - vpxor $Y0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $Y1, $Y1 - vpand $T7, $Y1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $Y1, $Y1 - vpsllq \$12, $Y2, $T4 - vpxor $Y1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $Y2, $Y2 - vpand $T7, $Y2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $Y2, $Y2 - vpsllq \$18, $Y3, $T6 - vpxor $Y2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $Y3, $Y3 - vmovdqa $T0, 32*9-448(%rax) - vpand $T7, $Y3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $Y3, $Y3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*10-448(%rax) - vmovdqa $T2, 32*11-448(%rax) - vmovdqa $T3, 32*12-448(%rax) - vmovdqa $T4, 32*13-448(%rax) - vmovdqa $T5, 32*14-448(%rax) - vmovdqa $T6, 32*15-448(%rax) - vmovdqa $T0, 32*16-448(%rax) - vmovdqa $Y3, 32*17-448(%rax) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert -___ -} -{ -################################################################################ -# This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearranges the data - -my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); -my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); - -$code.=<<___; - -.globl ecp_nistz256_avx2_convert_transpose_back -.type ecp_nistz256_avx2_convert_transpose_back,\@function,2 -.align 32 -ecp_nistz256_avx2_convert_transpose_back: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - mov \$3, %ecx - -.Lconv_loop: - vmovdqa 32*0(%rsi), $D0 - lea 160(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $D1 - vmovdqa 32*2(%rsi), $D2 - vmovdqa 32*3(%rsi), $D3 - vmovdqa 32*4-160(%rax), $D4 - vmovdqa 32*5-160(%rax), $D5 - vmovdqa 32*6-160(%rax), $D6 - vmovdqa 32*7-160(%rax), $D7 - vmovdqa 32*8-160(%rax), $D8 - - vpsllq \$29, $D1, $D1 - vpsllq \$58, $D2, $T0 - vpaddq $D1, $D0, $D0 - vpaddq $T0, $D0, $D0 # out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2); - - vpsrlq \$6, $D2, $D2 - vpsllq \$23, $D3, $D3 - vpsllq \$52, $D4, $T1 - vpaddq $D2, $D3, $D3 - vpaddq $D3, $T1, $D1 # out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64); - - vpsrlq \$12, $D4, $D4 - vpsllq \$17, $D5, $D5 - vpsllq \$46, $D6, $T2 - vpaddq $D4, $D5, $D5 - vpaddq $D5, $T2, $D2 # out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64); - - vpsrlq \$18, $D6, $D6 - vpsllq \$11, $D7, $D7 - vpsllq \$40, $D8, $T3 - vpaddq $D6, $D7, $D7 - vpaddq $D7, $T3, $D3 # out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64); - - vpunpcklqdq $D1, $D0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $D3, $D2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $D1, $D0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $D3, $D2, $T3 # T3 = [D3 C3 D1 C1] - - vperm2i128 \$0x20, $T1, $T0, $D0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $D1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $D2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $D3 # X3 = [D3 C3 B3 A3] - - vmovdqa $D0, 32*0(%rdi) - vmovdqa $D1, 32*3(%rdi) - vmovdqa $D2, 32*6(%rdi) - vmovdqa $D3, 32*9(%rdi) - - lea 32*9(%rsi), %rsi - lea 32*1(%rdi), %rdi - - dec %ecx - jnz .Lconv_loop - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back -___ -} -{ -my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx"); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8)); -my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13)); - -sub NORMALIZE { -my $ret=<<___; - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 -___ - $ret; -} - -sub STORE { -my $ret=<<___; - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vmovdqa $ACC1, 32*1(%rdi) - vmovdqa $ACC2, 32*2(%rdi) - vmovdqa $ACC3, 32*3(%rdi) - vmovdqa $ACC4, 32*4-160(%rax) - vmovdqa $ACC5, 32*5-160(%rax) - vmovdqa $ACC6, 32*6-160(%rax) - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) -___ - $ret; -} - -$code.=<<___; -.type avx2_normalize,\@abi-omnipotent -.align 32 -avx2_normalize: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - - ret -.size avx2_normalize,.-avx2_normalize - -.type avx2_normalize_n_store,\@abi-omnipotent -.align 32 -avx2_normalize_n_store: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vmovdqa $ACC1, 32*1(%rdi) - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vmovdqa $ACC2, 32*2(%rdi) - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vmovdqa $ACC3, 32*3(%rdi) - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vmovdqa $ACC4, 32*4-160(%rax) - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vmovdqa $ACC5, 32*5-160(%rax) - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vmovdqa $ACC6, 32*6-160(%rax) - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) - - ret -.size avx2_normalize_n_store,.-avx2_normalize_n_store - -################################################################################ -# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_mul_x4,\@abi-omnipotent -.align 32 -avx2_mul_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - mov $n_digits, $itr - lea -512($a_ptr), $a_ptr # strategic bias to control u-op density - jmp .Lavx2_mul_x4_loop - -.align 32 -.Lavx2_mul_x4_loop: - vmovdqa 32*0($b_ptr), $B - lea 32*1($b_ptr), $b_ptr - - vpmuludq 32*0+512($a_ptr), $B, $T0 - vpmuludq 32*1+512($a_ptr), $B, $OVERFLOW # borrow $OVERFLOW - vpaddq $T0, $ACC0, $ACC0 - vpmuludq 32*2+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*3+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*4+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*5+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*6+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*7+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - # Skip some multiplications, optimizing for the constant poly - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*8+512($a_ptr), $B, $ACC8 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - .byte 0x67 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - .byte 0x67 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $OVERFLOW - vpaddq $T0, $ACC7, $ACC6 - vpaddq $OVERFLOW, $ACC8, $ACC7 - - dec $itr - jnz .Lavx2_mul_x4_loop - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_x4,.-avx2_mul_x4 - -# Function optimized for the constant 1 -################################################################################ -# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by1_x4,\@abi-omnipotent -.align 32 -avx2_mul_by1_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - vpxor $ACC8, $ACC8, $ACC8 - - vmovdqa 32*3+.LONE(%rip), %ymm14 - vmovdqa 32*7+.LONE(%rip), %ymm15 - - mov $n_digits, $itr - jmp .Lavx2_mul_by1_x4_loop - -.align 32 -.Lavx2_mul_by1_x4_loop: - vmovdqa 32*0($a_ptr), $B - .byte 0x48,0x8d,0xb6,0x20,0,0,0 # lea 32*1($a_ptr), $a_ptr - - vpsllq \$5, $B, $OVERFLOW - vpmuludq %ymm14, $B, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC3 - .byte 0x67 - vpmuludq $AND_MASK, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $T0, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - vpsllq \$23, $B, $T0 - - .byte 0x67,0x67 - vpmuludq %ymm15, $B, $OVERFLOW - vpsubq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - .byte 0x67,0x67 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - vmovdqa $ACC5, $ACC4 - vpmuludq 32*7(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpaddq $T0, $ACC7, $ACC6 - vpmuludq 32*8(%rax), $Y, $ACC7 - - dec $itr - jnz .Lavx2_mul_by1_x4_loop - - ret -.size avx2_mul_by1_x4,.-avx2_mul_by1_x4 - -################################################################################ -# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sqr_x4,\@abi-omnipotent -.align 32 -avx2_sqr_x4: - lea .LAVX2_POLY(%rip), %rax - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - vmovdqa 32*0($a_ptr), $B - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4($a_ptr), $ACC4 - vmovdqa 32*5($a_ptr), $ACC5 - vmovdqa 32*6($a_ptr), $ACC6 - vmovdqa 32*7($a_ptr), $ACC7 - vpaddq $ACC1, $ACC1, $ACC1 # 2*$ACC0..7 - vmovdqa 32*8($a_ptr), $ACC8 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0(%rcx) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1(%rcx) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2(%rcx) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3(%rcx) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4(%rcx) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5(%rcx) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6(%rcx) - vmovdqa $ACC8, 32*7(%rcx) - - #itr 1 - vpmuludq $B, $B, $ACC0 - vpmuludq $B, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq $B, $ACC2, $ACC2 - vpmuludq $B, $ACC3, $ACC3 - vpmuludq $B, $ACC4, $ACC4 - vpmuludq $B, $ACC5, $ACC5 - vpmuludq $B, $ACC6, $ACC6 - vpmuludq $AND_MASK, $Y, $T0 - vpmuludq $B, $ACC7, $ACC7 - vpmuludq $B, $ACC8, $ACC8 - vmovdqa 32*1($a_ptr), $B - - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 2 - vpmuludq $B, $B, $OVERFLOW - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*1(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*2($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 3 - vpmuludq $B, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*3($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 4 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*4($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 5 - vpmuludq $B, $B, $T0 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*5($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3+.LAVX2_POLY(%rip), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 6 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*6($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 7 - vpmuludq $B, $B, $T0 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*7($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 8 - vpmuludq $B, $B, $OVERFLOW - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*8($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 9 - vpmuludq $B, $B, $ACC8 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_sqr_x4,.-avx2_sqr_x4 - -################################################################################ -# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sub_x4,\@abi-omnipotent -.align 32 -avx2_sub_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), $a_ptr - lea .LAVX2_POLY_x8+128(%rip), %rax - lea 128($b_ptr), $b_ptr - vmovdqa 32*1-160($a_ptr), $ACC1 - vmovdqa 32*2-160($a_ptr), $ACC2 - vmovdqa 32*3-160($a_ptr), $ACC3 - vmovdqa 32*4-160($a_ptr), $ACC4 - vmovdqa 32*5-160($a_ptr), $ACC5 - vmovdqa 32*6-160($a_ptr), $ACC6 - vmovdqa 32*7-160($a_ptr), $ACC7 - vmovdqa 32*8-160($a_ptr), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128($b_ptr), $ACC0, $ACC0 - vpsubq 32*1-128($b_ptr), $ACC1, $ACC1 - vpsubq 32*2-128($b_ptr), $ACC2, $ACC2 - vpsubq 32*3-128($b_ptr), $ACC3, $ACC3 - vpsubq 32*4-128($b_ptr), $ACC4, $ACC4 - vpsubq 32*5-128($b_ptr), $ACC5, $ACC5 - vpsubq 32*6-128($b_ptr), $ACC6, $ACC6 - vpsubq 32*7-128($b_ptr), $ACC7, $ACC7 - vpsubq 32*8-128($b_ptr), $ACC8, $ACC8 - - ret -.size avx2_sub_x4,.-avx2_sub_x4 - -.type avx2_select_n_store,\@abi-omnipotent -.align 32 -avx2_select_n_store: - vmovdqa `8+32*9*8`(%rsp), $Y - vpor `8+32*9*8+32`(%rsp), $Y, $Y - - vpandn $ACC0, $Y, $ACC0 - vpandn $ACC1, $Y, $ACC1 - vpandn $ACC2, $Y, $ACC2 - vpandn $ACC3, $Y, $ACC3 - vpandn $ACC4, $Y, $ACC4 - vpandn $ACC5, $Y, $ACC5 - vpandn $ACC6, $Y, $ACC6 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpandn $ACC7, $Y, $ACC7 - vpandn `8+32*9*8`(%rsp), $B, $B - vpandn $ACC8, $Y, $ACC8 - - vpand 32*0(%rsi), $B, $T0 - lea 160(%rsi), %rax - vpand 32*1(%rsi), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2(%rsi), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3(%rsi), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $T0 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpxor $Y, $ACC7, $ACC7 - - vpand 32*0(%rdx), $B, $Y - lea 160(%rdx), %rax - vpxor $T0, $ACC8, $ACC8 - vpand 32*1(%rdx), $B, $T0 - vpxor $Y, $ACC0, $ACC0 - vpand 32*2(%rdx), $B, $Y - vpxor $T0, $ACC1, $ACC1 - vpand 32*3(%rdx), $B, $T0 - vpxor $Y, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $Y - vpxor $T0, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $T0 - vpxor $Y, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $Y - vpxor $T0, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $T0 - vpxor $Y, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $Y - vpxor $T0, $ACC7, $ACC7 - vpxor $Y, $ACC8, $ACC8 - `&STORE` - - ret -.size avx2_select_n_store,.-avx2_select_n_store -___ -$code.=<<___ if (0); # inlined -################################################################################ -# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by2_x4,\@abi-omnipotent -.align 32 -avx2_mul_by2_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), %rax - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4-160(%rax), $ACC4 - vmovdqa 32*5-160(%rax), $ACC5 - vmovdqa 32*6-160(%rax), $ACC6 - vmovdqa 32*7-160(%rax), $ACC7 - vmovdqa 32*8-160(%rax), $ACC8 - - vpaddq $ACC0, $ACC0, $ACC0 - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_by2_x4,.-avx2_mul_by2_x4 -___ -my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx"); -my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affine_x4 -.type ecp_nistz256_avx2_point_add_affine_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affine_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y -# A + 32*18 = A.Z - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # Z1^2 = Z1*Z1 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # U2 = X2*Z1^2 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # S2 = Z1*Z1^2 = Z1^3 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S2*Y2 = Y2*Z1^3 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # H = U2 - U1 = U2 - X1 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = S2 - Y1 - lea `32*9*1`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($a_ptr), %rdx - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_x4 - call avx2_normalize - - lea .LONE(%rip), %rsi - lea `32*9*2`($a_ptr), %rdx - call avx2_select_n_store - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4 - -################################################################################ -# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affines_x4 -.type ecp_nistz256_avx2_point_add_affines_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affines_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # H = U2 - U1 = X2 - X1 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = Y2 - Y1 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 = H - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize - - vmovdqa `32*9*8`(%rsp), $B - vpor `32*9*8+32`(%rsp), $B, $B - - vpandn $ACC0, $B, $ACC0 - lea .LONE+128(%rip), %rax - vpandn $ACC1, $B, $ACC1 - vpandn $ACC2, $B, $ACC2 - vpandn $ACC3, $B, $ACC3 - vpandn $ACC4, $B, $ACC4 - vpandn $ACC5, $B, $ACC5 - vpandn $ACC6, $B, $ACC6 - vpandn $ACC7, $B, $ACC7 - - vpand 32*0-128(%rax), $B, $T0 - vpandn $ACC8, $B, $ACC8 - vpand 32*1-128(%rax), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2-128(%rax), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3-128(%rax), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-128(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-128(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-128(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-128(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-128(%rax), $B, $T0 - vpxor $Y, $ACC7, $ACC7 - vpxor $T0, $ACC8, $ACC8 - `&STORE` - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # H = H*R - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S1 * H^3 - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4 - -################################################################################ -# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_to_mont -.type ecp_nistz256_avx2_to_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_to_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LTO_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont - -################################################################################ -# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_from_mont -.type ecp_nistz256_avx2_from_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_from_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LFROM_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont - -################################################################################ -# void ecp_nistz256_avx2_set1(void* RESULTx4); -.globl ecp_nistz256_avx2_set1 -.type ecp_nistz256_avx2_set1,\@function,1 -.align 32 -ecp_nistz256_avx2_set1: - lea .LONE+128(%rip), %rax - lea 128(%rdi), %rdi - vzeroupper - vmovdqa 32*0-128(%rax), %ymm0 - vmovdqa 32*1-128(%rax), %ymm1 - vmovdqa 32*2-128(%rax), %ymm2 - vmovdqa 32*3-128(%rax), %ymm3 - vmovdqa 32*4-128(%rax), %ymm4 - vmovdqa 32*5-128(%rax), %ymm5 - vmovdqa %ymm0, 32*0-128(%rdi) - vmovdqa 32*6-128(%rax), %ymm0 - vmovdqa %ymm1, 32*1-128(%rdi) - vmovdqa 32*7-128(%rax), %ymm1 - vmovdqa %ymm2, 32*2-128(%rdi) - vmovdqa 32*8-128(%rax), %ymm2 - vmovdqa %ymm3, 32*3-128(%rdi) - vmovdqa %ymm4, 32*4-128(%rdi) - vmovdqa %ymm5, 32*5-128(%rdi) - vmovdqa %ymm0, 32*6-128(%rdi) - vmovdqa %ymm1, 32*7-128(%rdi) - vmovdqa %ymm2, 32*8-128(%rdi) - - vzeroupper - ret -.size ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1 -___ -} -{ -################################################################################ -# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in, -# int index0, int index1, int index2, int index3); -################################################################################ - -my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d"); -my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3)); -my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11)); -my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@function,6 -.align 32 -ecp_nistz256_avx2_multi_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea .LIntOne(%rip), %rax - - vmovd $index0, %xmm0 - vmovd $index1, %xmm1 - vmovd $index2, %xmm2 - vmovd $index3, %xmm3 - - vpxor $R0a, $R0a, $R0a - vpxor $R0b, $R0b, $R0b - vpxor $R1a, $R1a, $R1a - vpxor $R1b, $R1b, $R1b - vpxor $R2a, $R2a, $R2a - vpxor $R2b, $R2b, $R2b - vpxor $R3a, $R3a, $R3a - vpxor $R3b, $R3b, $R3b - vmovdqa (%rax), $M0 - - vpermd $INDEX0, $R0a, $INDEX0 - vpermd $INDEX1, $R0a, $INDEX1 - vpermd $INDEX2, $R0a, $INDEX2 - vpermd $INDEX3, $R0a, $INDEX3 - - mov \$64, %ecx - lea 112($val), $val # size optimization - jmp .Lmulti_select_loop_avx2 - -# INDEX=0, corresponds to the point at infty (0,0) -.align 32 -.Lmulti_select_loop_avx2: - vpcmpeqd $INDEX0, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*0`($in_t), $T0 - vmovdqa `32*1+32*64*2*0`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R0a, $R0a - vpxor $T1, $R0b, $R0b - - vpcmpeqd $INDEX1, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*1`($in_t), $T0 - vmovdqa `32*1+32*64*2*1`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R1a, $R1a - vpxor $T1, $R1b, $R1b - - vpcmpeqd $INDEX2, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*2`($in_t), $T0 - vmovdqa `32*1+32*64*2*2`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R2a, $R2a - vpxor $T1, $R2b, $R2b - - vpcmpeqd $INDEX3, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*3`($in_t), $T0 - vmovdqa `32*1+32*64*2*3`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R3a, $R3a - vpxor $T1, $R3b, $R3b - - vpaddd (%rax), $M0, $M0 # increment - lea 32*2($in_t), $in_t - - dec %ecx - jnz .Lmulti_select_loop_avx2 - - vmovdqu $R0a, 32*0-112($val) - vmovdqu $R0b, 32*1-112($val) - vmovdqu $R1a, 32*2-112($val) - vmovdqu $R1b, 32*3-112($val) - vmovdqu $R2a, 32*4-112($val) - vmovdqu $R2b, 32*5-112($val) - vmovdqu $R3a, 32*6-112($val) - vmovdqu $R3b, 32*7-112($val) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.extern OPENSSL_ia32cap_P -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -.align 32 -ecp_nistz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax - shr \$5,%eax - and \$1,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -} -}} else {{ # assembler is too old -$code.=<<___; -.text - -.globl ecp_nistz256_avx2_transpose_convert -.globl ecp_nistz256_avx2_convert_transpose_back -.globl ecp_nistz256_avx2_point_add_affine_x4 -.globl ecp_nistz256_avx2_point_add_affines_x4 -.globl ecp_nistz256_avx2_to_mont -.globl ecp_nistz256_avx2_from_mont -.globl ecp_nistz256_avx2_set1 -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent -ecp_nistz256_avx2_transpose_convert: -ecp_nistz256_avx2_convert_transpose_back: -ecp_nistz256_avx2_point_add_affine_x4: -ecp_nistz256_avx2_point_add_affines_x4: -ecp_nistz256_avx2_to_mont: -ecp_nistz256_avx2_from_mont: -ecp_nistz256_avx2_set1: -ecp_nistz256_avx2_multi_gather_w7: - .byte 0x0f,0x0b # ud2 - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -ecp_nistz_avx2_eligible: - xor %eax,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index de9b194510bf0649a8c4cd45ba40a836bb27fba3..b50ee70191b234e70f317896370162ef845aab18 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -72,7 +72,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index 3d9d1dc1ad0c5e40fda63a29d5b39019dd110e2b..62599dacaccd2ca6ad7c489fc4ceb559262523a2 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -90,7 +90,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } diff --git a/crypto/ec/build.info b/crypto/ec/build.info old mode 100755 new mode 100644 diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/arch_32/arch_intrinsics.h b/crypto/ec/curve448/arch_32/arch_intrinsics.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/arch_32/f_impl.c b/crypto/ec/curve448/arch_32/f_impl.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/arch_32/f_impl.h b/crypto/ec/curve448/arch_32/f_impl.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/curve448_tables.c b/crypto/ec/curve448/curve448_tables.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/f_generic.c b/crypto/ec/curve448/f_generic.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c old mode 100755 new mode 100644 diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h old mode 100755 new mode 100644 diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c old mode 100755 new mode 100644 index 2210383739218e17c8a12dca07fc5048ce3db632..5098bd7a66025a3960742c68e9780f150e5ed68c --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); #endif -static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) +static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) { const EC_GROUP *group; int nid; @@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) && (nid = EC_GROUP_get_curve_name(group))) /* we have a 'named curve' => just set the OID */ { - *ppval = OBJ_nid2obj(nid); + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } + *ppval = asn1obj; *pptype = V_ASN1_OBJECT; } else { /* explicit parameters */ @@ -43,7 +50,17 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) pstr = ASN1_STRING_new(); if (pstr == NULL) return 0; - pstr->length = i2d_ECParameters(ec_key, &pstr->data); + + /* + * The cast in the following line is intentional as the + * `i2d_ECParameters` signature can't be constified (see discussion at + * https://github.com/openssl/openssl/pull/9347 where related and + * required constification backports were rejected). + * + * This cast should be safe anyway, because we can expect + * `i2d_ECParameters()` to treat the first argument as if it was const. + */ + pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data); if (pstr->length <= 0) { ASN1_STRING_free(pstr); ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); @@ -57,7 +74,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - EC_KEY *ec_key = pkey->pkey.ec; + const EC_KEY *ec_key = pkey->pkey.ec; void *pval = NULL; int ptype; unsigned char *penc = NULL, *p; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c old mode 100755 new mode 100644 index 336afc989d30160d1cdadb8ccdf4cc7daace2db5..7b7c75ce84435ae5b9e03da66b33a5819ccf786e --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -137,6 +137,12 @@ struct ec_parameters_st { ASN1_INTEGER *cofactor; } /* ECPARAMETERS */ ; +typedef enum { + ECPKPARAMETERS_TYPE_NAMED = 0, + ECPKPARAMETERS_TYPE_EXPLICIT, + ECPKPARAMETERS_TYPE_IMPLICIT +} ecpk_parameters_type_t; + struct ecpk_parameters_st { int type; union { @@ -535,9 +541,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, return NULL; } } else { - if (ret->type == 0) + if (ret->type == ECPKPARAMETERS_TYPE_NAMED) ASN1_OBJECT_free(ret->value.named_curve); - else if (ret->type == 1 && ret->value.parameters) + else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT + && ret->value.parameters != NULL) ECPARAMETERS_free(ret->value.parameters); } @@ -547,15 +554,22 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, */ tmp = EC_GROUP_get_curve_name(group); if (tmp) { - ret->type = 0; - if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { + ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID); ok = 0; + } else { + ret->type = ECPKPARAMETERS_TYPE_NAMED; + ret->value.named_curve = asn1obj; + } } else /* we don't know the nid => ERROR */ ok = 0; } else { /* use the ECPARAMETERS structure */ - ret->type = 1; + ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; if ((ret->value.parameters = EC_GROUP_get_ecparameters(group, NULL)) == NULL) ok = 0; @@ -894,7 +908,8 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } - if (params->type == 0) { /* the curve is given by an OID */ + if (params->type == ECPKPARAMETERS_TYPE_NAMED) { + /* the curve is given by an OID */ tmp = OBJ_obj2nid(params->value.named_curve); if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, @@ -902,15 +917,16 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); - } else if (params->type == 1) { /* the parameters are given by a - * ECPARAMETERS structure */ + } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) { + /* the parameters are given by an ECPARAMETERS structure */ ret = EC_GROUP_new_from_ecparameters(params->value.parameters); if (!ret) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); return NULL; } EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); - } else if (params->type == 2) { /* implicitlyCA */ + } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) { + /* implicit parameters inherited from CA - unsupported */ return NULL; } else { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR); @@ -940,6 +956,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) return NULL; } + if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) + group->decoded_from_explicit_params = 1; + if (a) { EC_GROUP_free(*a); *a = group; @@ -991,6 +1010,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->parameters) { EC_GROUP_free(ret->group); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); + if (ret->group != NULL + && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT) + ret->group->decoded_from_explicit_params = 1; } if (ret->group == NULL) { @@ -1297,5 +1319,7 @@ int ECDSA_size(const EC_KEY *r) i = i2d_ASN1_INTEGER(&bs, NULL); i += i; /* r and s */ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + if (ret < 0) + return 0; return ret; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c old mode 100755 new mode 100644 index ce3493823218f37c4a73380e2a3b0396e3b9075c..bfe74226503eb3d05e1fbbbdfa5b0f16011e2a2d --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c old mode 100755 new mode 100644 index 08aaac5d8a6f5ce8ed4971484a05b3f0deb851f3..23efbd015ca4756cc57d807f82207d5376f04c44 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -14,6 +14,7 @@ #include "internal/refcount.h" #include #include +#include "crypto/bn.h" EC_KEY *EC_KEY_new(void) { @@ -416,17 +417,86 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { + int fixed_top; + const BIGNUM *order = NULL; + BIGNUM *tmp_key = NULL; + if (key->group == NULL || key->group->meth == NULL) return 0; + + /* + * Not only should key->group be set, but it should also be in a valid + * fully initialized state. + * + * Specifically, to operate in constant time, we need that the group order + * is set, as we use its length as the fixed public size of any scalar used + * as an EC private key. + */ + order = EC_GROUP_get0_order(key->group); + if (order == NULL || BN_is_zero(order)) + return 0; /* This should never happen */ + if (key->group->meth->set_private != NULL && key->group->meth->set_private(key, priv_key) == 0) return 0; if (key->meth->set_private != NULL && key->meth->set_private(key, priv_key) == 0) return 0; + + /* + * We should never leak the bit length of the secret scalar in the key, + * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` + * holding the secret scalar. + * + * This is important also because `BN_dup()` (and `BN_copy()`) do not + * propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and + * this brings an extra risk of inadvertently losing the flag, even when + * the caller specifically set it. + * + * The propagation has been turned on and off a few times in the past + * years because in some conditions has shown unintended consequences in + * some code paths, so at the moment we can't fix this in the BN layer. + * + * In `EC_KEY_set_private_key()` we can work around the propagation by + * manually setting the flag after `BN_dup()` as we know for sure that + * inside the EC module the `BN_FLG_CONSTTIME` is always treated + * correctly and should not generate unintended consequences. + * + * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have + * to preallocate the BIGNUM internal buffer to a fixed public size big + * enough that operations performed during the processing never trigger + * a realloc which would leak the size of the scalar through memory + * accesses. + * + * Fixed Length + * ------------ + * + * The order of the large prime subgroup of the curve is our choice for + * a fixed public size, as that is generally the upper bound for + * generating a private key in EC cryptosystems and should fit all valid + * secret scalars. + * + * For preallocating the BIGNUM storage we look at the number of "words" + * required for the internal representation of the order, and we + * preallocate 2 extra "words" in case any of the subsequent processing + * might temporarily overflow the order length. + */ + tmp_key = BN_dup(priv_key); + if (tmp_key == NULL) + return 0; + + BN_set_flags(tmp_key, BN_FLG_CONSTTIME); + + fixed_top = bn_get_top(order) + 2; + if (bn_wexpand(tmp_key, fixed_top) == NULL) { + BN_clear_free(tmp_key); + return 0; + } + BN_clear_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; + key->priv_key = tmp_key; + + return 1; } const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) @@ -494,6 +564,13 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags) key->flags &= ~flags; } +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key) +{ + if (key == NULL || key->group == NULL) + return -1; + return key->group->decoded_from_explicit_params; +} + size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, unsigned char **pbuf, BN_CTX *ctx) { diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c old mode 100755 new mode 100644 index 3554ada82797b987cf57986b935a06e2ae8e0ad4..08db89fceeb5c05628f983f75a6708a78ce1c1db --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -211,6 +211,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; + dest->decoded_from_explicit_params = src->decoded_from_explicit_params; if (src->seed) { OPENSSL_free(dest->seed); @@ -1007,14 +1008,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t i = 0; BN_CTX *new_ctx = NULL; - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + + if (scalar == NULL && num == 0) + return EC_POINT_set_to_infinity(group, r); + for (i = 0; i < num; i++) { if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h old mode 100755 new mode 100644 index e656fbd5e7755d7353c5f1310f70e4fcc0589b01..64725a9c92f41faaf115cbf22492ad7827c2449d --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -209,6 +209,8 @@ struct ec_group_st { BIGNUM *order, *cofactor; int curve_name; /* optional NID for named curve */ int asn1_flag; /* flag to control the asn1 encoding */ + int decoded_from_explicit_params; /* set if decoded from explicit + * curve parameters encoding */ point_conversion_form_t asn1_form; unsigned char *seed; /* optional seed for parameters (appears in * ASN1) */ diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c old mode 100755 new mode 100644 index 7980a6728288d87791e221d72dcb0911faa3a579..9a1e3974ed9e298649ff2cc53abd4b582e24c057 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -260,17 +260,10 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, goto err; } - /*- - * Apply coordinate blinding for EC_POINT. - * - * The underlying EC_METHOD can optionally implement this function: - * ec_point_blind_coordinates() returns 0 in case of errors or 1 on - * success or if coordinate blinding is not implemented for this - * group. - */ - if (!ec_point_blind_coordinates(group, p, ctx)) { - ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE); - goto err; + /* ensure input point is in affine coords for ladder step efficiency */ + if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); + goto err; } /* Initialize the Montgomery ladder */ @@ -747,6 +740,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (r_is_at_infinity) { if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; + + /*- + * Apply coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * ec_point_blind_coordinates() returns 0 in case of errors or 1 on + * success or if coordinate blinding is not implemented for this + * group. + */ + if (!ec_point_blind_coordinates(group, r, ctx)) { + ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE); + goto err; + } + r_is_at_infinity = 0; } else { if (!EC_POINT_add diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c old mode 100755 new mode 100644 diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c old mode 100755 new mode 100644 index 9a9ced8f13434a3d69d8f0596df51d6b21fbfd8d..6f7d66c8bea466c8bed82c27011bb3864a039a95 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -72,6 +72,7 @@ typedef uint64_t u64; */ typedef uint64_t limb; +typedef uint64_t limb_aX __attribute((__aligned__(1))); typedef uint128_t widelimb; typedef limb felem[4]; @@ -307,10 +308,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) */ static void bin28_to_felem(felem out, const u8 in[28]) { - out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in+20))) >> 8; + out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; + out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const limb_aX *)(in + 20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c old mode 100755 new mode 100644 index 75eeba853679c56bcd8d856847e7333564ff24ff..08b32787293b8c1e8c13a44a2b2aac50b0e00bc3 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -128,6 +128,7 @@ static const felem_bytearray nistp521_curve_params[5] = { # define NLIMBS 9 typedef uint64_t limb; +typedef limb limb_aX __attribute((__aligned__(1))); typedef limb felem[NLIMBS]; typedef uint128_t largefelem[NLIMBS]; @@ -141,14 +142,14 @@ static const limb bottom58bits = 0x3ffffffffffffff; static void bin66_to_felem(felem out, const u8 in[66]) { out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb *) & in[29])) & bottom58bits; - out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb *) & in[58])) & bottom57bits; + out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb_aX *) & in[29])) & bottom58bits; + out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb_aX *) & in[58])) & bottom57bits; } /* @@ -159,14 +160,14 @@ static void felem_to_bin66(u8 out[66], const felem in) { memset(out, 0, 66); (*((limb *) & out[0])) = in[0]; - (*((limb *) & out[7])) |= in[1] << 2; - (*((limb *) & out[14])) |= in[2] << 4; - (*((limb *) & out[21])) |= in[3] << 6; - (*((limb *) & out[29])) = in[4]; - (*((limb *) & out[36])) |= in[5] << 2; - (*((limb *) & out[43])) |= in[6] << 4; - (*((limb *) & out[50])) |= in[7] << 6; - (*((limb *) & out[58])) = in[8]; + (*((limb_aX *) & out[7])) |= in[1] << 2; + (*((limb_aX *) & out[14])) |= in[2] << 4; + (*((limb_aX *) & out[21])) |= in[3] << 6; + (*((limb_aX *) & out[29])) = in[4]; + (*((limb_aX *) & out[36])) |= in[5] << 2; + (*((limb_aX *) & out[43])) |= in[6] << 4; + (*((limb_aX *) & out[50])) |= in[7] << 6; + (*((limb_aX *) & out[58])) = in[8]; } /* BN_to_felem converts an OpenSSL BIGNUM into an felem */ diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_nistz256-armv4.S b/crypto/ec/ecp_nistz256-armv4.S old mode 100755 new mode 100644 index 17c97bad8aaaf00743a9ae6315d93bb225f148bf..1ebcd32f3922804623b869224175e355fbf6be90 --- a/crypto/ec/ecp_nistz256-armv4.S +++ b/crypto/ec/ecp_nistz256-armv4.S @@ -1,37 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// ECP_NISTZ256 module for ARMv4. -// -// October 2014. -// -// Original ECP_NISTZ256 submission targeting x86_64 is detailed in -// http://eprint.iacr.org/2013/816. In the process of adaptation -// original .c module was made 32-bit savvy in order to make this -// implementation possible. -// -// with/without -DECP_NISTZ256_ASM -// Cortex-A8 +53-170% -// Cortex-A9 +76-205% -// Cortex-A15 +100-316% -// Snapdragon S4 +66-187% -// -// Ranges denote minimum and maximum improvement coefficients depending -// on benchmark. Lower coefficients are for ECDSA sign, server-side -// operation. Keep in mind that +200% means 3x improvement. - #include "arm_arch.h" .text @@ -3883,9 +3849,9 @@ ecp_nistz256_point_add: ldr r14,[sp,#32*18+12] @ ~is_equal(S1,S2) mvn r10,r10 @ -1/0 -> 0/-1 mvn r12,r12 @ -1/0 -> 0/-1 - orr r11,r10 - orr r11,r12 - orrs r11,r14 @ set flags + orr r11,r11,r10 + orr r11,r11,r12 + orrs r11,r11,r14 @ set flags @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) bne .Ladd_proceed diff --git a/crypto/ec/ecp_nistz256-armv8.S b/crypto/ec/ecp_nistz256-armv8.S old mode 100755 new mode 100644 index 307558ae82ecbe8aaf24cd64052e98cd0e8e3dbf..7caa5816083f629c8e676aa0cd2e3dfacf2825eb --- a/crypto/ec/ecp_nistz256-armv8.S +++ b/crypto/ec/ecp_nistz256-armv8.S @@ -1,35 +1,3 @@ -// Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// ECP_NISTZ256 module for ARMv8. -// -// February 2015. -// -// Original ECP_NISTZ256 submission targeting x86_64 is detailed in -// http://eprint.iacr.org/2013/816. -// -// with/without -DECP_NISTZ256_ASM -// Apple A7 +190-360% -// Cortex-A53 +190-400% -// Cortex-A57 +190-350% -// Denver +230-400% -// -// Ranges denote minimum and maximum improvement coefficients depending -// on benchmark. Lower coefficients are for ECDSA sign, server-side -// operation. Keep in mind that +400% means 5x improvement. - #include "arm_arch.h" .text diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c old mode 100755 new mode 100644 index ba9268138862303ea3115500855d787ac68d79c6..5005249b05eaffa6a2e51211d84e65c805acef04 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -929,207 +929,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return ret; } -/* - * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great - * code processing 4 points in parallel, corresponding serial operation - * is several times slower, because it uses 29x29=58-bit multiplication - * as opposite to 64x64=128-bit in integer-only scalar case. As result - * it doesn't provide *significant* performance improvement. Note that - * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, - * you'd need to compile even asm/ecp_nistz256-avx.pl module. - */ -#if defined(ECP_NISTZ256_AVX2) -# if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) || \ - !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ -# undef ECP_NISTZ256_AVX2 -# else -/* Constant time access, loading four values, from four consecutive tables */ -void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, - int index0, int index1, int index2, - int index3); -void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); -void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); -void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_set1(void *RESULTx4); -int ecp_nistz_avx2_eligible(void); - -static void booth_recode_w7(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} - -/* - * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the - * precomputed table. It does 4 affine point additions in parallel, - * significantly speeding up point multiplication for a fixed value. - */ -static void ecp_nistz256_avx2_mul_g(P256_POINT *r, - unsigned char p_str[33], - const P256_POINT_AFFINE(*preComputedTable)[64]) -{ - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - /* Using 4 windows at a time */ - unsigned char sign0, digit0; - unsigned char sign1, digit1; - unsigned char sign2, digit2; - unsigned char sign3, digit3; - unsigned int idx = 0; - BN_ULONG tmp[P256_LIMBS]; - int i; - - ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 }; - ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 }; - ALIGN32 P256_POINT_AFFINE point_arr[4]; - ALIGN32 P256_POINT res_point_arr[4]; - - /* Initial four windows */ - wvalue = *((u16 *) & p_str[0]); - wvalue = (wvalue << 1) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(aX4, point_arr); - ecp_nistz256_avx2_to_mont(aX4, aX4); - ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); - ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - /* Optimized when both inputs are affine */ - ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); - - for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, - preComputedTable[4 * i], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - - ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4); - } - - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]); - - ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); - /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - booth_recode_w7(&sign0, &digit0, wvalue); - ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, - preComputedTable[36], digit0); - ecp_nistz256_neg(tmp, r->Y); - copy_conditional(r->Y, tmp, sign0); - memcpy(r->Z, ONE, sizeof(ONE)); - /* Sum the four windows */ - ecp_nistz256_point_add(r, r, &res_point_arr[0]); - ecp_nistz256_point_add(r, r, &res_point_arr[1]); - ecp_nistz256_point_add(r, r, &res_point_arr[2]); - ecp_nistz256_point_add(r, r, &res_point_arr[3]); -} -# endif -#endif - __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) @@ -1219,6 +1018,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, } if (preComputedTable) { + BN_ULONG infty; + if ((BN_num_bits(scalar) > 256) || BN_is_negative(scalar)) { if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) @@ -1250,67 +1051,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, for (; i < 33; i++) p_str[i] = 0; -#if defined(ECP_NISTZ256_AVX2) - if (ecp_nistz_avx2_eligible()) { - ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); - } else -#endif - { - BN_ULONG infty; + /* First window */ + wvalue = (p_str[0] << 1) & mask; + idx += window_size; - /* First window */ - wvalue = (p_str[0] << 1) & mask; - idx += window_size; + wvalue = _booth_recode_w7(wvalue); - wvalue = _booth_recode_w7(wvalue); + ecp_nistz256_gather_w7(&p.a, preComputedTable[0], + wvalue >> 1); - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); - - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian ias (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } - wvalue = _booth_recode_w7(wvalue); + for (i = 1; i < 37; i++) { + unsigned int off = (idx - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); + wvalue = _booth_recode_w7(wvalue); - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + ecp_nistz256_gather_w7(&t.a, + preComputedTable[i], wvalue >> 1); - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } else { p_is_infinity = 1; diff --git a/crypto/ec/ecp_nistz256_table.c b/crypto/ec/ecp_nistz256_table.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c old mode 100755 new mode 100644 diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c old mode 100755 new mode 100644 index b354bfe9ce9ee4747eb19eef3a83f7c48d953500..b3110ec89dbe21b7fb5de2361267bf596f573562 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1372,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, * Computes the multiplicative inverse of a in GF(p), storing the result in r. * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. * Since we don't have a Mont structure here, SCA hardening is with blinding. + * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.) */ int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) @@ -1431,112 +1432,133 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, temp = BN_CTX_get(ctx); if (temp == NULL) { ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE); - goto err; + goto end; } - /* make sure lambda is not zero */ + /*- + * Make sure lambda is not zero. + * If the RNG fails, we cannot blind but nevertheless want + * code to continue smoothly and not clobber the error stack. + */ do { - if (!BN_priv_rand_range(lambda, group->field)) { - ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB); - goto err; + ERR_set_mark(); + ret = BN_priv_rand_range(lambda, group->field); + ERR_pop_to_mark(); + if (ret == 0) { + ret = 1; + goto end; } } while (BN_is_zero(lambda)); /* if field_encode defined convert between representations */ - if (group->meth->field_encode != NULL - && !group->meth->field_encode(group, lambda, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)) - goto err; - if (!group->meth->field_sqr(group, temp, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->X, p->X, temp, ctx)) - goto err; - if (!group->meth->field_mul(group, temp, temp, lambda, ctx)) - goto err; - if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) - goto err; - p->Z_is_one = 0; + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, lambda, lambda, ctx)) + || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx) + || !group->meth->field_sqr(group, temp, lambda, ctx) + || !group->meth->field_mul(group, p->X, p->X, temp, ctx) + || !group->meth->field_mul(group, temp, temp, lambda, ctx) + || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) + goto end; + p->Z_is_one = 0; ret = 1; - err: + end: BN_CTX_end(ctx); return ret; } /*- - * Set s := p, r := 2p. + * Input: + * - p: affine coordinates + * + * Output: + * - s := p, r := 2p: blinded projective (homogeneous) coordinates * * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve - * multiplication resistant against side channel attacks" appendix, as described - * at + * multiplication resistant against side channel attacks" appendix, described at * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 + * simplified for Z1=1. * - * The input point p will be in randomized Jacobian projective coords: - * x = X/Z**2, y=Y/Z**3 - * - * The output points p, s, and r are converted to standard (homogeneous) - * projective coords: - * x = X/Z, y=Y/Z + * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z) + * for any non-zero \lambda that holds for projective (homogeneous) coords. */ int ec_GFp_simple_ladder_pre(const EC_GROUP *group, EC_POINT *r, EC_POINT *s, EC_POINT *p, BN_CTX *ctx) { - BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL; - t1 = r->Z; - t2 = r->Y; + t1 = s->Z; + t2 = r->Z; t3 = s->X; t4 = r->X; t5 = s->Y; - t6 = s->Z; - - /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */ - if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx) - || !group->meth->field_sqr(group, t1, p->Z, ctx) - || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx) - /* r := 2p */ - || !group->meth->field_sqr(group, t2, p->X, ctx) - || !group->meth->field_sqr(group, t3, p->Z, ctx) - || !group->meth->field_mul(group, t4, t3, group->a, ctx) - || !BN_mod_sub_quick(t5, t2, t4, group->field) - || !BN_mod_add_quick(t2, t2, t4, group->field) - || !group->meth->field_sqr(group, t5, t5, ctx) - || !group->meth->field_mul(group, t6, t3, group->b, ctx) - || !group->meth->field_mul(group, t1, p->X, p->Z, ctx) - || !group->meth->field_mul(group, t4, t1, t6, ctx) - || !BN_mod_lshift_quick(t4, t4, 3, group->field) + + if (!p->Z_is_one /* r := 2p */ + || !group->meth->field_sqr(group, t3, p->X, ctx) + || !BN_mod_sub_quick(t4, t3, group->a, group->field) + || !group->meth->field_sqr(group, t4, t4, ctx) + || !group->meth->field_mul(group, t5, p->X, group->b, ctx) + || !BN_mod_lshift_quick(t5, t5, 3, group->field) /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t5, t4, group->field) - || !group->meth->field_mul(group, t1, t1, t2, ctx) - || !group->meth->field_mul(group, t2, t3, t6, ctx) - || !BN_mod_add_quick(t1, t1, t2, group->field) + || !BN_mod_sub_quick(r->X, t4, t5, group->field) + || !BN_mod_add_quick(t1, t3, group->a, group->field) + || !group->meth->field_mul(group, t2, p->X, t1, ctx) + || !BN_mod_add_quick(t2, group->b, t2, group->field) /* r->Z coord output */ - || !BN_mod_lshift_quick(r->Z, t1, 2, group->field) - || !EC_POINT_copy(s, p)) + || !BN_mod_lshift_quick(r->Z, t2, 2, group->field)) + return 0; + + /* make sure lambda (r->Y here for storage) is not zero */ + do { + if (!BN_priv_rand_range(r->Y, group->field)) + return 0; + } while (BN_is_zero(r->Y)); + + /* make sure lambda (s->Z here for storage) is not zero */ + do { + if (!BN_priv_rand_range(s->Z, group->field)) + return 0; + } while (BN_is_zero(s->Z)); + + /* if field_encode defined convert between representations */ + if (group->meth->field_encode != NULL + && (!group->meth->field_encode(group, r->Y, r->Y, ctx) + || !group->meth->field_encode(group, s->Z, s->Z, ctx))) + return 0; + + /* blind r and s independently */ + if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) + || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx) + || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */ return 0; r->Z_is_one = 0; s->Z_is_one = 0; - p->Z_is_one = 0; return 1; } /*- - * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi + * Input: + * - s, r: projective (homogeneous) coordinates + * - p: affine coordinates + * + * Output: + * - s := r + s, r := 2r: projective (homogeneous) coordinates + * + * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi * "A fast parallel elliptic curve multiplication resistant against side channel * attacks", as described at - * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4 + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4 */ int ec_GFp_simple_ladder_step(const EC_GROUP *group, EC_POINT *r, EC_POINT *s, EC_POINT *p, BN_CTX *ctx) { int ret = 0; - BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; BN_CTX_start(ctx); t0 = BN_CTX_get(ctx); @@ -1546,50 +1568,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group, t4 = BN_CTX_get(ctx); t5 = BN_CTX_get(ctx); t6 = BN_CTX_get(ctx); - t7 = BN_CTX_get(ctx); - if (t7 == NULL - || !group->meth->field_mul(group, t0, r->X, s->X, ctx) - || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t2, r->X, s->Z, ctx) + if (t6 == NULL + || !group->meth->field_mul(group, t6, r->X, s->X, ctx) + || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t4, r->X, s->Z, ctx) || !group->meth->field_mul(group, t3, r->Z, s->X, ctx) - || !group->meth->field_mul(group, t4, group->a, t1, ctx) - || !BN_mod_add_quick(t0, t0, t4, group->field) - || !BN_mod_add_quick(t4, t3, t2, group->field) - || !group->meth->field_mul(group, t0, t4, t0, ctx) - || !group->meth->field_sqr(group, t1, t1, ctx) - || !BN_mod_lshift_quick(t7, group->b, 2, group->field) - || !group->meth->field_mul(group, t1, t7, t1, ctx) - || !BN_mod_lshift1_quick(t0, t0, group->field) - || !BN_mod_add_quick(t0, t1, t0, group->field) - || !BN_mod_sub_quick(t1, t2, t3, group->field) - || !group->meth->field_sqr(group, t1, t1, ctx) - || !group->meth->field_mul(group, t3, t1, p->X, ctx) - || !group->meth->field_mul(group, t0, p->Z, t0, ctx) - /* s->X coord output */ - || !BN_mod_sub_quick(s->X, t0, t3, group->field) - /* s->Z coord output */ - || !group->meth->field_mul(group, s->Z, p->Z, t1, ctx) - || !group->meth->field_sqr(group, t3, r->X, ctx) - || !group->meth->field_sqr(group, t2, r->Z, ctx) - || !group->meth->field_mul(group, t4, t2, group->a, ctx) - || !BN_mod_add_quick(t5, r->X, r->Z, group->field) - || !group->meth->field_sqr(group, t5, t5, ctx) - || !BN_mod_sub_quick(t5, t5, t3, group->field) - || !BN_mod_sub_quick(t5, t5, t2, group->field) - || !BN_mod_sub_quick(t6, t3, t4, group->field) - || !group->meth->field_sqr(group, t6, t6, ctx) - || !group->meth->field_mul(group, t0, t2, t5, ctx) - || !group->meth->field_mul(group, t0, t7, t0, ctx) - /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t6, t0, group->field) + || !group->meth->field_mul(group, t5, group->a, t0, ctx) + || !BN_mod_add_quick(t5, t6, t5, group->field) || !BN_mod_add_quick(t6, t3, t4, group->field) - || !group->meth->field_sqr(group, t3, t2, ctx) - || !group->meth->field_mul(group, t7, t3, t7, ctx) - || !group->meth->field_mul(group, t5, t5, t6, ctx) + || !group->meth->field_mul(group, t5, t6, t5, ctx) + || !group->meth->field_sqr(group, t0, t0, ctx) + || !BN_mod_lshift_quick(t2, group->b, 2, group->field) + || !group->meth->field_mul(group, t0, t2, t0, ctx) || !BN_mod_lshift1_quick(t5, t5, group->field) + || !BN_mod_sub_quick(t3, t4, t3, group->field) + /* s->Z coord output */ + || !group->meth->field_sqr(group, s->Z, t3, ctx) + || !group->meth->field_mul(group, t4, s->Z, p->X, ctx) + || !BN_mod_add_quick(t0, t0, t5, group->field) + /* s->X coord output */ + || !BN_mod_sub_quick(s->X, t0, t4, group->field) + || !group->meth->field_sqr(group, t4, r->X, ctx) + || !group->meth->field_sqr(group, t5, r->Z, ctx) + || !group->meth->field_mul(group, t6, t5, group->a, ctx) + || !BN_mod_add_quick(t1, r->X, r->Z, group->field) + || !group->meth->field_sqr(group, t1, t1, ctx) + || !BN_mod_sub_quick(t1, t1, t4, group->field) + || !BN_mod_sub_quick(t1, t1, t5, group->field) + || !BN_mod_sub_quick(t3, t4, t6, group->field) + || !group->meth->field_sqr(group, t3, t3, ctx) + || !group->meth->field_mul(group, t0, t5, t1, ctx) + || !group->meth->field_mul(group, t0, t2, t0, ctx) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t3, t0, group->field) + || !BN_mod_add_quick(t3, t4, t6, group->field) + || !group->meth->field_sqr(group, t4, t5, ctx) + || !group->meth->field_mul(group, t4, t4, t2, ctx) + || !group->meth->field_mul(group, t1, t1, t3, ctx) + || !BN_mod_lshift1_quick(t1, t1, group->field) /* r->Z coord output */ - || !BN_mod_add_quick(r->Z, t7, t5, group->field)) + || !BN_mod_add_quick(r->Z, t4, t1, group->field)) goto err; ret = 1; @@ -1600,17 +1619,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group, } /*- + * Input: + * - s, r: projective (homogeneous) coordinates + * - p: affine coordinates + * + * Output: + * - r := (x,y): affine coordinates + * * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass - * Elliptic Curves and Side-Channel Attacks", modified to work in projective - * coordinates and return r in Jacobian projective coordinates. + * Elliptic Curves and Side-Channel Attacks", modified to work in mixed + * projective coords, i.e. p is affine and (r,s) in projective (homogeneous) + * coords, and return r in affine coordinates. * - * X4 = two*Y1*X2*Z3*Z2*Z1; - * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1); - * Z4 = two*Y1*Z3*SQR(Z2)*Z1; + * X4 = two*Y1*X2*Z3*Z2; + * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2); + * Z4 = two*Y1*Z3*SQR(Z2); * * Z4 != 0 because: - * - Z1==0 implies p is at infinity, which would have caused an early exit in - * the caller; * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch); * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch); * - Y1==0 implies p has order 2, so either r or s are infinity and handled by @@ -1627,11 +1652,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); if (BN_is_zero(s->Z)) { - /* (X,Y,Z) -> (XZ,YZ**2,Z) */ - if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx) - || !group->meth->field_sqr(group, r->Z, p->Z, ctx) - || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx) - || !BN_copy(r->Z, p->Z) + if (!EC_POINT_copy(r, p) || !EC_POINT_invert(group, r, ctx)) return 0; return 1; @@ -1647,38 +1668,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group, t6 = BN_CTX_get(ctx); if (t6 == NULL - || !BN_mod_lshift1_quick(t0, p->Y, group->field) - || !group->meth->field_mul(group, t1, r->X, p->Z, ctx) - || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t2, t1, t2, ctx) - || !group->meth->field_mul(group, t3, t2, t0, ctx) - || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx) - || !group->meth->field_sqr(group, t4, t2, ctx) - || !BN_mod_lshift1_quick(t5, group->b, group->field) - || !group->meth->field_mul(group, t4, t4, t5, ctx) - || !group->meth->field_mul(group, t6, t2, group->a, ctx) - || !group->meth->field_mul(group, t5, r->X, p->X, ctx) - || !BN_mod_add_quick(t5, t6, t5, group->field) - || !group->meth->field_mul(group, t6, r->Z, p->X, ctx) - || !BN_mod_add_quick(t2, t6, t1, group->field) - || !group->meth->field_mul(group, t5, t5, t2, ctx) - || !BN_mod_sub_quick(t6, t6, t1, group->field) - || !group->meth->field_sqr(group, t6, t6, ctx) - || !group->meth->field_mul(group, t6, t6, s->X, ctx) - || !BN_mod_add_quick(t4, t5, t4, group->field) - || !group->meth->field_mul(group, t4, t4, s->Z, ctx) - || !BN_mod_sub_quick(t4, t4, t6, group->field) - || !group->meth->field_sqr(group, t5, r->Z, ctx) - || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx) - || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx) - || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx) - /* t3 := X, t4 := Y */ - /* (X,Y,Z) -> (XZ,YZ**2,Z) */ - || !group->meth->field_mul(group, r->X, t3, r->Z, ctx) + || !BN_mod_lshift1_quick(t4, p->Y, group->field) + || !group->meth->field_mul(group, t6, r->X, t4, ctx) + || !group->meth->field_mul(group, t6, s->Z, t6, ctx) + || !group->meth->field_mul(group, t5, r->Z, t6, ctx) + || !BN_mod_lshift1_quick(t1, group->b, group->field) + || !group->meth->field_mul(group, t1, s->Z, t1, ctx) || !group->meth->field_sqr(group, t3, r->Z, ctx) - || !group->meth->field_mul(group, r->Y, t4, t3, ctx)) + || !group->meth->field_mul(group, t2, t3, t1, ctx) + || !group->meth->field_mul(group, t6, r->Z, group->a, ctx) + || !group->meth->field_mul(group, t1, p->X, r->X, ctx) + || !BN_mod_add_quick(t1, t1, t6, group->field) + || !group->meth->field_mul(group, t1, s->Z, t1, ctx) + || !group->meth->field_mul(group, t0, p->X, r->Z, ctx) + || !BN_mod_add_quick(t6, r->X, t0, group->field) + || !group->meth->field_mul(group, t6, t6, t1, ctx) + || !BN_mod_add_quick(t6, t6, t2, group->field) + || !BN_mod_sub_quick(t0, t0, r->X, group->field) + || !group->meth->field_sqr(group, t0, t0, ctx) + || !group->meth->field_mul(group, t0, t0, s->X, ctx) + || !BN_mod_sub_quick(t0, t6, t0, group->field) + || !group->meth->field_mul(group, t1, s->Z, t4, ctx) + || !group->meth->field_mul(group, t1, t3, t1, ctx) + || (group->meth->field_decode != NULL + && !group->meth->field_decode(group, t1, t1, ctx)) + || !group->meth->field_inv(group, t1, t1, ctx) + || (group->meth->field_encode != NULL + && !group->meth->field_encode(group, t1, t1, ctx)) + || !group->meth->field_mul(group, r->X, t5, t1, ctx) + || !group->meth->field_mul(group, r->Y, t0, t1, ctx)) goto err; + if (group->meth->field_set_to_one != NULL) { + if (!group->meth->field_set_to_one(group, r->Z, ctx)) + goto err; + } else { + if (!BN_one(r->Z)) + goto err; + } + + r->Z_is_one = 1; ret = 1; err: diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c old mode 100755 new mode 100644 diff --git a/crypto/engine/README b/crypto/engine/README old mode 100755 new mode 100644 diff --git a/crypto/engine/build.info b/crypto/engine/build.info old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c old mode 100755 new mode 100644 index 49e9ce1af33b095418af7db019f297cdc0c8f885..84a3b7dbec757a2e5d126bc4fab3cb24e748f457 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e) void engine_load_devcrypto_int() { ENGINE *e = NULL; + int fd; - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { #ifndef ENGINE_DEVCRYPTO_DEBUG if (errno != ENOENT) #endif @@ -767,6 +768,18 @@ void engine_load_devcrypto_int() return; } +#ifdef CRIOGET + if (ioctl(fd, CRIOGET, &cfd) < 0) { + fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); + close(fd); + cfd = -1; + return; + } + close(fd); +#else + cfd = fd; +#endif + if ((e = ENGINE_new()) == NULL || !ENGINE_set_destroy_function(e, devcrypto_unload)) { ENGINE_free(e); diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c old mode 100755 new mode 100644 index b851ff69575684552625f7a66003567d7b3fec06..5bd584c5999a29c0527f975f978251447da3c4c6 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -171,6 +171,7 @@ void engine_cleanup_int(void) cleanup_stack = NULL; } CRYPTO_THREAD_lock_free(global_engine_lock); + global_engine_lock = NULL; } /* Now the "ex_data" support */ diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c old mode 100755 new mode 100644 diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c old mode 100755 new mode 100644 diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c old mode 100755 new mode 100644 diff --git a/crypto/err/README b/crypto/err/README old mode 100755 new mode 100644 diff --git a/crypto/err/build.info b/crypto/err/build.info old mode 100755 new mode 100644 diff --git a/crypto/err/err.c b/crypto/err/err.c old mode 100755 new mode 100644 diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c old mode 100755 new mode 100644 diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c old mode 100755 new mode 100644 diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec old mode 100755 new mode 100644 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt old mode 100755 new mode 100644 index dd7b455f844f52aa3db29e4bf7178b34f68be2ae..7e1776375df79c369b8da978260929f48f4a26a8 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -36,6 +36,7 @@ ASN1_F_ASN1_ITEM_D2I_FP:206:ASN1_item_d2i_fp ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new +ASN1_F_ASN1_ITEM_EX_I2D:144:ASN1_item_ex_i2d ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp @@ -934,6 +935,8 @@ PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal PEM_F_PEM_WRITE:113:PEM_write PEM_F_PEM_WRITE_BIO:114:PEM_write_bio +PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL:147:\ + PEM_write_bio_PrivateKey_traditional PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio @@ -1742,6 +1745,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode +X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key @@ -1768,6 +1772,7 @@ ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error ASN1_R_AUX_ERROR:100:aux error ASN1_R_BAD_OBJECT_HEADER:102:bad object header +ASN1_R_BAD_TEMPLATE:230:bad template ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length ASN1_R_BN_LIB:105:bn lib ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length @@ -2164,6 +2169,7 @@ EC_R_KEYS_NOT_SET:140:keys not set EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure +EC_R_MISSING_OID:167:missing OID EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values @@ -2399,6 +2405,7 @@ PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components +PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data PKCS12_R_DECODE_ERROR:101:decode error diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c old mode 100755 new mode 100644 diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c old mode 100755 new mode 100644 diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c old mode 100755 new mode 100644 diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c old mode 100755 new mode 100644 index a77cfb1552dea45e7d14040d2b5d34a489cf4676..9610f3c1efeb8a74b0a3a6dd59ea896d3091177c --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -203,7 +203,7 @@ static int ok_read(BIO *b, char *out, int outl) /* * copy start of the next block into proper place */ - if (ctx->buf_len_save - ctx->buf_off_save > 0) { + if (ctx->buf_len_save > ctx->buf_off_save) { ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), ctx->buf_len); diff --git a/crypto/evp/build.info b/crypto/evp/build.info old mode 100755 new mode 100644 diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c old mode 100755 new mode 100644 diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c old mode 100755 new mode 100644 diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c old mode 100755 new mode 100644 diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c old mode 100755 new mode 100644 diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c old mode 100755 new mode 100644 diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c old mode 100755 new mode 100644 index 9307ff0464249754ef331ba78ac741e78acbb19a..85926434c300758e96cf1955c0a9544ca5b1520f --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { + while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; } diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c old mode 100755 new mode 100644 index 0843caf4f0a4f37a9789756644bbb0e34cdc624e..e3c165d48e082dc4c46f72fd1296de0494720040 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c old mode 100755 new mode 100644 diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c old mode 100755 new mode 100644 diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c old mode 100755 new mode 100644 diff --git a/crypto/evp/names.c b/crypto/evp/names.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c old mode 100755 new mode 100644 diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c old mode 100755 new mode 100644 diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c old mode 100755 new mode 100644 diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c old mode 100755 new mode 100644 diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c old mode 100755 new mode 100644 diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c old mode 100755 new mode 100644 diff --git a/crypto/ex_data.c b/crypto/ex_data.c old mode 100755 new mode 100644 diff --git a/crypto/getenv.c b/crypto/getenv.c old mode 100755 new mode 100644 diff --git a/crypto/hmac/build.info b/crypto/hmac/build.info old mode 100755 new mode 100644 diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c old mode 100755 new mode 100644 diff --git a/crypto/hmac/hmac_local.h b/crypto/hmac/hmac_local.h old mode 100755 new mode 100644 diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S old mode 100755 new mode 100644 diff --git a/crypto/idea/build.info b/crypto/idea/build.info old mode 100755 new mode 100644 diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c old mode 100755 new mode 100644 diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c old mode 100755 new mode 100644 diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c old mode 100755 new mode 100644 diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c old mode 100755 new mode 100644 diff --git a/crypto/idea/idea_local.h b/crypto/idea/idea_local.h old mode 100755 new mode 100644 diff --git a/crypto/init.c b/crypto/init.c old mode 100755 new mode 100644 diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info old mode 100755 new mode 100644 diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c old mode 100755 new mode 100644 diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c old mode 100755 new mode 100644 diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c old mode 100755 new mode 100644 diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c old mode 100755 new mode 100644 diff --git a/crypto/lhash/build.info b/crypto/lhash/build.info old mode 100755 new mode 100644 diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c old mode 100755 new mode 100644 diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c old mode 100755 new mode 100644 diff --git a/crypto/lhash/lhash_local.h b/crypto/lhash/lhash_local.h old mode 100755 new mode 100644 diff --git a/crypto/md2/build.info b/crypto/md2/build.info old mode 100755 new mode 100644 diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c old mode 100755 new mode 100644 diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c old mode 100755 new mode 100644 diff --git a/crypto/md4/build.info b/crypto/md4/build.info old mode 100755 new mode 100644 diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c old mode 100755 new mode 100644 diff --git a/crypto/md4/md4_local.h b/crypto/md4/md4_local.h old mode 100755 new mode 100644 diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c old mode 100755 new mode 100644 diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl old mode 100755 new mode 100644 diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/md5/build.info b/crypto/md5/build.info old mode 100755 new mode 100644 diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c old mode 100755 new mode 100644 diff --git a/crypto/md5/md5_local.h b/crypto/md5/md5_local.h old mode 100755 new mode 100644 diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c old mode 100755 new mode 100644 diff --git a/crypto/mdc2/build.info b/crypto/mdc2/build.info old mode 100755 new mode 100644 diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c old mode 100755 new mode 100644 diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c old mode 100755 new mode 100644 diff --git a/crypto/mem.c b/crypto/mem.c old mode 100755 new mode 100644 diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c old mode 100755 new mode 100644 diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c old mode 100755 new mode 100644 diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c old mode 100755 new mode 100644 index 9e0f6702f4069d7cdce6098e42877da8b3f417ef..222c786cbaeff0e798a57a42fc429cc70bed913f --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -34,6 +34,12 @@ # include # endif # endif +# if defined(__FreeBSD__) +# define MADV_DONTDUMP MADV_NOCORE +# endif +# if !defined(MAP_CONCEAL) +# define MAP_CONCEAL 0 +# endif # include # include # include @@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize) if (1) { #ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); + PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); } else { #endif int fd; @@ -502,7 +508,7 @@ static void sh_done(void) OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); OPENSSL_free(sh.bitmalloc); - if (sh.map_result != NULL && sh.map_size) + if (sh.map_result != MAP_FAILED && sh.map_size) munmap(sh.map_result, sh.map_size); memset(&sh, 0, sizeof(sh)); } diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl old mode 100755 new mode 100644 index 959efedb0de71e43ec0bb5753d9ef746fff7adde..60f03e4fe25b913d8b69da6875018f02a5239b60 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/modes/asm/arm32/ghash-armv4.S b/crypto/modes/asm/arm32/ghash-armv4.S old mode 100755 new mode 100644 index b0883a53e70ab155442c2c1df1109021dc6e260f..06ac6e85a896e9f1f704841292fca065d45e8ec9 --- a/crypto/modes/asm/arm32/ghash-armv4.S +++ b/crypto/modes/asm/arm32/ghash-armv4.S @@ -1,82 +1,3 @@ -// Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// April 2010 -// -// The module implements "4-bit" GCM GHASH function and underlying -// single multiplication operation in GF(2^128). "4-bit" means that it -// uses 256 bytes per-key table [+32 bytes shared table]. There is no -// experimental performance data available yet. The only approximation -// that can be made at this point is based on code size. Inner loop is -// 32 instructions long and on single-issue core should execute in <40 -// cycles. Having verified that gcc 3.4 didn't unroll corresponding -// loop, this assembler loop body was found to be ~3x smaller than -// compiler-generated one... -// -// July 2010 -// -// Rescheduling for dual-issue pipeline resulted in 8.5% improvement on -// Cortex A8 core and ~25 cycles per processed byte (which was observed -// to be ~3 times faster than gcc-generated code:-) -// -// February 2011 -// -// Profiler-assisted and platform-specific optimization resulted in 7% -// improvement on Cortex A8 core and ~23.5 cycles per byte. -// -// March 2011 -// -// Add NEON implementation featuring polynomial multiplication, i.e. no -// lookup tables involved. On Cortex A8 it was measured to process one -// byte in 15 cycles or 55% faster than integer-only code. -// -// April 2014 -// -// Switch to multiplication algorithm suggested in paper referred -// below and combine it with reduction algorithm from x86 module. -// Performance improvement over previous version varies from 65% on -// Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8 -// processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, -// Snapdragon S4 - in 9.33. -// -// Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software -// Polynomial Multiplication on ARM Processors using the NEON Engine. -// -// http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf - -// ==================================================================== -// Note about "528B" variant. In ARM case it makes lesser sense to -// implement it for following reasons: -// -// - performance improvement won't be anywhere near 50%, because 128- -// bit shift operation is neatly fused with 128-bit xor here, and -// "538B" variant would eliminate only 4-5 instructions out of 32 -// in the inner loop (meaning that estimated improvement is ~15%); -// - ARM-based systems are often embedded ones and extra memory -// consumption might be unappreciated (for so little improvement); -// -// Byte order [in]dependence. ========================================= -// -// Caller is expected to maintain specific *dword* order in Htable, -// namely with *least* significant dword of 128-bit value at *lower* -// address. This differs completely from C code and has everything to -// do with ldm instruction and order in which dwords are "consumed" by -// algorithm. *Byte* order within these dwords in turn is whatever -// *native* byte order on current platform. See gcm128.c for working -// example... - #include "arm_arch.h" .text diff --git a/crypto/modes/asm/arm32/ghashv8-armx.S b/crypto/modes/asm/arm32/ghashv8-armx.S old mode 100755 new mode 100644 index af6c20dbf4fe1a65ba63c1b8e4725376d336998e..f0cd8099f32d16db1a3ca5bb03738fc27ca38c46 --- a/crypto/modes/asm/arm32/ghashv8-armx.S +++ b/crypto/modes/asm/arm32/ghashv8-armx.S @@ -1,49 +1,3 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication. -// -// June 2014 -// -// Initial version was developed in tight cooperation with Ard -// Biesheuvel of Linaro from bits-n-pieces from other assembly modules. -// Just like aesv8-armx.pl this module supports both AArch32 and -// AArch64 execution modes. -// -// July 2014 -// -// Implement 2x aggregated reduction [see ghash-x86.pl for background -// information]. -// -// November 2017 -// -// AArch64 register bank to "accommodate" 4x aggregated reduction and -// improve performance by 20-70% depending on processor. -// -// Current performance in cycles per processed byte: -// -// 64-bit PMULL 32-bit PMULL 32-bit NEON(*) -// Apple A7 0.58 0.92 5.62 -// Cortex-A53 0.85 1.01 8.39 -// Cortex-A57 0.73 1.17 7.61 -// Denver 0.51 0.65 6.02 -// Mongoose 0.65 1.10 8.06 -// Kryo 0.76 1.16 8.00 -// -// (*) presented for reference/comparison purposes; - #include "arm_arch.h" #if __ARM_MAX_ARCH__>=7 diff --git a/crypto/modes/asm/arm64/ghashv8-armx.S b/crypto/modes/asm/arm64/ghashv8-armx.S old mode 100755 new mode 100644 index 565dd823d5225329a98b8180d372f8040079077e..17ba12c5072edb798fb9dbe98e55e22aa94dc025 --- a/crypto/modes/asm/arm64/ghashv8-armx.S +++ b/crypto/modes/asm/arm64/ghashv8-armx.S @@ -1,49 +1,3 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication. -// -// June 2014 -// -// Initial version was developed in tight cooperation with Ard -// Biesheuvel of Linaro from bits-n-pieces from other assembly modules. -// Just like aesv8-armx.pl this module supports both AArch32 and -// AArch64 execution modes. -// -// July 2014 -// -// Implement 2x aggregated reduction [see ghash-x86.pl for background -// information]. -// -// November 2017 -// -// AArch64 register bank to "accommodate" 4x aggregated reduction and -// improve performance by 20-70% depending on processor. -// -// Current performance in cycles per processed byte: -// -// 64-bit PMULL 32-bit PMULL 32-bit NEON(*) -// Apple A7 0.58 0.92 5.62 -// Cortex-A53 0.85 1.01 8.39 -// Cortex-A57 0.73 1.17 7.61 -// Denver 0.51 0.65 6.02 -// Mongoose 0.65 1.10 8.06 -// Kryo 0.76 1.16 8.00 -// -// (*) presented for reference/comparison purposes; - #include "arm_arch.h" #if __ARM_MAX_ARCH__>=7 diff --git a/crypto/modes/asm/ghash-alpha.pl b/crypto/modes/asm/ghash-alpha.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl old mode 100755 new mode 100644 index 0a0bfd575ceeb514116a9cb2bee14c86007ae6ff..9bdba41d1de5572903492b9a048f0dd2a57e644e --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -116,7 +116,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/build.info b/crypto/modes/build.info old mode 100755 new mode 100644 diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c old mode 100755 new mode 100644 index fc7e0b60510b03346f4a9ad08ff5b28e7078b798..15a14be70872deadfd275685b214820a33ad24a0 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,12 @@ # define STRICT_ALIGNMENT 0 #endif +#if defined(__GNUC__) && !STRICT_ALIGNMENT +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], block128_f block) @@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, } else { while (len >= 16) { for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(iv + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); (*block) (out, out, key); iv = out; len -= 16; @@ -63,7 +69,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, in += 16; out += 16; } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, @@ -96,7 +103,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *iv_t = (size_t_aX *)iv; (*block) (in, out, key); for (n = 0; n < 16 / sizeof(size_t); n++) @@ -107,7 +115,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } else { if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { @@ -125,8 +134,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, } } else if (16 % sizeof(size_t) == 0) { /* always true */ while (len >= 16) { - size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; - const size_t *in_t = (const size_t *)in; + size_t c; + size_t_aX *out_t = (size_t_aX *)out; + size_t_aX *ivec_t = (size_t_aX *)ivec; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (in, tmp.c, key); for (n = 0; n < 16 / sizeof(size_t); n++) { diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c old mode 100755 new mode 100644 index 424722811c16cc58e0aea38f77f2480213104642..655b10350201e4bf70859402cf94d195f71114e3 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,14 @@ #include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + /* * First you setup M and L parameters and pass the key schedule. This is * called once per session setup... @@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[1] ^= temp.u[1]; #else - ctx->cmac.u[0] ^= ((u64 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64 *)inp)[1]; + ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; + ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->nonce.c, scratch.c, key); @@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, temp.u[1] ^= scratch.u[1]; memcpy(out, temp.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; - ((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; #endif inp += 16; out += 16; @@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); memcpy(out, scratch.c, 16); #else - ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); + ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] + = scratch.u[0] ^ ((u64_a1 *)inp)[0]); + ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] + = scratch.u[1] ^ ((u64_a1 *)inp)[1]); #endif (*block) (ctx->cmac.c, ctx->cmac.c, key); diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c old mode 100755 new mode 100644 index b6bec414a966f66f8d8e2c49820c9256514c018c..b2530007b6e41fba8d5e7764d080f6780755ace4 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit cfb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - *(size_t *)(out + n) = - *(size_t *)(ivec + n) ^= *(size_t *)(in + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(ivec + n) + ^= *(size_t_aX *)(in + n); } len -= 16; out += 16; @@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t *)(in + n); - *(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; - *(size_t *)(ivec + n) = t; + size_t t = *(size_t_aX *)(in + n); + *(size_t_aX *)(out + n) + = *(size_t_aX *)(ivec + n) ^ t; + *(size_t_aX *)(ivec + n) = t; } len -= 16; out += 16; diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c old mode 100755 new mode 100644 index ae35116e952411f3dcb01a23309155913bee909a..1ed7decedfd33ea499566d40b5b7eec95ee90488 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * NOTE: the IV/counter CTR mode is big-endian. The code itself is * endian-neutral. @@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, (*block) (ivec, ecount_buf, key); ctr128_inc_aligned(ivec); for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ecount_buf + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c old mode 100755 new mode 100644 diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c old mode 100755 new mode 100644 index 48775e6d05ffbf2ed10b01a572b4d471b2747549..8304efff48be038cc297046232cd327910786a1f --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) /* redefine, because alignment is ensured */ # undef GETU32 @@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = GHASH_CHUNK; while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, size_t j = i; while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, GHASH(ctx, in, GHASH_CHUNK); while (j) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; + size_t_aX *out_t = (size_t_aX *)out; + const size_t_aX *in_t = (const size_t_aX *)in; (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; @@ -1379,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) { - size_t c = in[i]; - out[i] = c ^ ctx->EKi.t[i]; + size_t c = in_t[i]; + out_t[i] = c ^ ctx->EKi.t[i]; ctx->Xi.t[i] ^= c; } GCM_MUL(ctx); diff --git a/crypto/modes/modes_local.h b/crypto/modes/modes_local.h old mode 100755 new mode 100644 index f2ae01d11afd2a325669eded06c3af2d8bc1bfce..888141681e69f95bc5637f1eb54cbe9bf3380d49 --- a/crypto/modes/modes_local.h +++ b/crypto/modes/modes_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,14 @@ typedef unsigned char u8; # endif #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u32 u32_a1 __attribute((__aligned__(1))); +# else +typedef u32 u32_a1; +# endif +#endif + #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__x86_64) || defined(__x86_64__) @@ -55,12 +63,15 @@ typedef unsigned char u8; asm ("bswapl %0" \ : "+r"(ret_)); ret_; }) # elif defined(__aarch64__) -# define BSWAP8(x) ({ u64 ret_; \ +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +# define BSWAP8(x) ({ u64 ret_; \ asm ("rev %0,%1" \ : "=r"(ret_) : "r"(x)); ret_; }) -# define BSWAP4(x) ({ u32 ret_; \ +# define BSWAP4(x) ({ u32 ret_; \ asm ("rev %w0,%w1" \ : "=r"(ret_) : "r"(x)); ret_; }) +# endif # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) # define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \ asm ("rev %0,%0; rev %1,%1" \ @@ -86,8 +97,8 @@ _asm mov eax, val _asm bswap eax} # endif #endif #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +# define GETU32(p) BSWAP4(*(const u32_a1 *)(p)) +# define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v) #else # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c old mode 100755 new mode 100644 diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c old mode 100755 new mode 100644 index 44bdf888db1a18c88f5b818484cc7091553fba83..a3469712b2de31621ada4f54dc98285815a44943 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,12 @@ #include "modes_local.h" #include +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef size_t size_t_aX __attribute((__aligned__(1))); +#else +typedef size_t size_t_aX; +#endif + /* * The input and output encrypted as though 128bit ofb mode is being used. * The extra state information to record how much of the 128bit block we have @@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, while (len >= 16) { (*block) (ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) - *(size_t *)(out + n) = - *(size_t *)(in + n) ^ *(size_t *)(ivec + n); + *(size_t_aX *)(out + n) = + *(size_t_aX *)(in + n) + ^ *(size_t_aX *)(ivec + n); len -= 16; out += 16; in += 16; diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c old mode 100755 new mode 100644 diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c old mode 100755 new mode 100644 index b5bda5e6402d966ac55cddc98012f51c1ae72cb7..fe1626c62e104a004bed3ef843877993b35b83d7 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,14 @@ #include "modes_local.h" #include +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, @@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak.u[0]; scratch.u[1] ^= tweak.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); #if defined(STRICT_ALIGNMENT) @@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; #endif inp += 16; out += 16; @@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[0] ^= tweak1.u[0]; scratch.u[1] ^= tweak1.u[1]; #else - scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; + scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; + scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; #endif (*ctx->block1) (scratch.c, scratch.c, ctx->key1); scratch.u[0] ^= tweak1.u[0]; @@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, scratch.u[1] ^= tweak.u[1]; memcpy(out, scratch.c, 16); #else - ((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; + ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; + ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; #endif } diff --git a/crypto/o_dir.c b/crypto/o_dir.c old mode 100755 new mode 100644 diff --git a/crypto/o_fips.c b/crypto/o_fips.c old mode 100755 new mode 100644 diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c old mode 100755 new mode 100644 diff --git a/crypto/o_init.c b/crypto/o_init.c old mode 100755 new mode 100644 diff --git a/crypto/o_str.c b/crypto/o_str.c old mode 100755 new mode 100644 index 1eee816152e1c411ec309a2b5a2bf3f34ac33d2f..55312a2dfdc8f1ba87b2d9ef8182adad6cbbcce0 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -220,7 +220,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) int openssl_strerror_r(int errnum, char *buf, size_t buflen) { -#if defined(_MSC_VER) && _MSC_VER>=1400 +#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) return !strerror_s(buf, buflen, errnum); #elif defined(_GNU_SOURCE) && !defined(__MUSL__) char *err; diff --git a/crypto/o_time.c b/crypto/o_time.c old mode 100755 new mode 100644 index 6d764f55e2e8b4548d75ea021665b2a35d7626a7..3fa70c45af83325981cc024eea768aa73162b300 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) if (gmtime_s(result, timer)) return NULL; ts = result; @@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, static int julian_adj(const struct tm *tm, int off_day, long offset_sec, long *pday, int *psec) { - int offset_hms, offset_day; - long time_jd; + int offset_hms; + long offset_day, time_jd; int time_year, time_month, time_day; /* split offset into days and day seconds */ offset_day = offset_sec / SECS_PER_DAY; diff --git a/crypto/objects/README b/crypto/objects/README old mode 100755 new mode 100644 diff --git a/crypto/objects/build.info b/crypto/objects/build.info old mode 100755 new mode 100644 diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h old mode 100755 new mode 100644 index d1b1bc7faf914e82a859b15e410f9f3498ee8b45..24b49a2df2586b276e3d08e4abb91fa18e8293ac --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_local.h b/crypto/objects/obj_local.h old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h old mode 100755 new mode 100644 index 1ca04bbff19fac24dfe916ff83dd59263069ed79..5c3561ab7d7e3a90a0d8b0b546b985c75adc9b42 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt old mode 100755 new mode 100644 diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl old mode 100755 new mode 100644 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt old mode 100755 new mode 100644 diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl old mode 100755 new mode 100644 diff --git a/crypto/ocsp/build.info b/crypto/ocsp/build.info old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c old mode 100755 new mode 100644 diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl old mode 100755 new mode 100644 diff --git a/crypto/pem/build.info b/crypto/pem/build.info old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c old mode 100755 new mode 100644 index f642030aa539fff18587d467a51c1d3e2467cb0d..0f3cb02407e69c0bbea2f904dfd939a5b3af4b77 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,6 +60,8 @@ static const ERR_STRING_DATA PEM_str_functs[] = { {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, + {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0), + "PEM_write_bio_PrivateKey_traditional"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), "PEM_write_PrivateKey"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, @@ -109,6 +111,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = { "unsupported encryption"}, {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"}, + {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, {0, NULL} }; diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c old mode 100755 new mode 100644 index 64baf7108ea4f90aa9211f62a0da58316b505739..a26322119aa7c968fbf61ab16e7486f72129d512 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, } } - if ((dsize = i2d(x, NULL)) < 0) { + if ((dsize = i2d(x, NULL)) <= 0) { PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); dsize = 0; goto err; @@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0; + int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -809,10 +809,18 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); goto err; } + /* + * Check if line has been read completely or if only part of the line + * has been read. Keep the previous value to ignore newlines that + * appear due to reading a line up until the char before the newline. + */ + prev_partial_line_read = partial_line_read; + partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n'; + if (got_header == MAYBE_HEADER) { if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; @@ -823,13 +831,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, /* Check for end of header. */ if (linebuf[0] == '\n') { - if (got_header == POST_HEADER) { - /* Another blank line is an error. */ - PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); - goto err; + /* + * If previous line has been read only partially this newline is a + * regular newline at the end of a line and not an empty line. + */ + if (!prev_partial_line_read) { + if (got_header == POST_HEADER) { + /* Another blank line is an error. */ + PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); + goto err; + } + got_header = POST_HEADER; + tmp = *data; } - got_header = POST_HEADER; - tmp = *data; continue; } diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c old mode 100755 new mode 100644 index e58cdf4a3e0bff47e41d50d6a513c09fd2847bc4..4a94927244876257caa57dfe0f47ee38c65ac194 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -108,6 +108,12 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, pem_password_cb *cb, void *u) { char pem_str[80]; + + if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { + PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, + PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return 0; + } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, pem_str, bp, x, enc, kstr, klen, cb, u); diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c old mode 100755 new mode 100644 diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c old mode 100755 new mode 100644 index 1fc19c17f913e0c4681893b1c7b2db19c07238fc..a933b7c1813c39fca445b0560ab377369e615d25 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,10 +29,10 @@ static unsigned int read_ledword(const unsigned char **in) { const unsigned char *p = *in; unsigned int ret; - ret = *p++; - ret |= (*p++ << 8); - ret |= (*p++ << 16); - ret |= (*p++ << 24); + ret = (unsigned int)*p++; + ret |= (unsigned int)*p++ << 8; + ret |= (unsigned int)*p++ << 16; + ret |= (unsigned int)*p++ << 24; *in = p; return ret; } @@ -875,9 +875,9 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, wrlen = BIO_write(out, tmp, outlen); OPENSSL_free(tmp); if (wrlen == outlen) { - PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return outlen; } + PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); return -1; } diff --git a/crypto/perlasm/README b/crypto/perlasm/README old mode 100755 new mode 100644 diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/build.info b/crypto/pkcs12/build.info old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_local.h b/crypto/pkcs12/p12_local.h old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/build.info b/crypto/pkcs7/build.info old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c old mode 100755 new mode 100644 diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c old mode 100755 new mode 100644 index 44187230ef043b5bcd33d6c21240fa1088ac827a..a95db62178ed7ad91e52abf40b9b031e3b534c45 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -301,7 +301,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, char *ptr; long len; len = BIO_get_mem_data(indata, &ptr); - tmpin = BIO_new_mem_buf(ptr, len); + tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len); if (tmpin == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c old mode 100755 new mode 100644 diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index f77e1170f66b72be630294da3871f5651f1cc3e7..70f46cd140aa0e6c26a31455202864a7012dd512 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -133,10 +133,10 @@ poly1305_init: # ifdef __thumb2__ itete eq # endif - addeq r12,r11,#(poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) + addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) + addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) + addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) + addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) # endif # ifdef __thumb2__ orr r12,r12,#1 @ thumb-ify address @@ -352,6 +352,7 @@ $code.=<<___; .type poly1305_emit,%function .align 5 poly1305_emit: +.Lpoly1305_emit: stmdb sp!,{r4-r11} .Lpoly1305_emit_enter: @@ -671,6 +672,7 @@ poly1305_init_neon: .type poly1305_blocks_neon,%function .align 5 poly1305_blocks_neon: +.Lpoly1305_blocks_neon: ldr ip,[$ctx,#36] @ is_base2_26 ands $len,$len,#-16 beq .Lno_data_neon @@ -1157,6 +1159,7 @@ poly1305_blocks_neon: .type poly1305_emit_neon,%function .align 5 poly1305_emit_neon: +.Lpoly1305_emit_neon: ldr ip,[$ctx,#36] @ is_base2_26 stmdb sp!,{r4-r11} diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 9bfee2759579b0fc649d43bdc0da76de728c68a8..2a42b64a929c0e86234a9a226660519bf96891f2 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -57,10 +57,14 @@ $code.=<<___; // forward "declarations" are required for Apple .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P +.globl poly1305_init +.hidden poly1305_init .globl poly1305_blocks +.hidden poly1305_blocks .globl poly1305_emit +.hidden poly1305_emit -.globl poly1305_init .type poly1305_init,%function .align 5 poly1305_init: @@ -860,8 +864,8 @@ poly1305_blocks_neon: st1 {$ACC4}[0],[$ctx] .Lno_data_neon: - .inst 0xd50323bf // autiasp ldr x29,[sp],#80 + .inst 0xd50323bf // autiasp ret .size poly1305_blocks_neon,.-poly1305_blocks_neon diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index 4aaf63a0a1dd4cfc148b713d2dee20f96f9a24bd..2ae16a230b661be6ac05ac1a961b4b00c2f23c4a 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -71,7 +71,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index c014be1ca9fae228607f9f18d836b46e8260763c..5f834d8faf2ae82f84568cc069050f58fee35be0 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305-armv4.S b/crypto/poly1305/poly1305-armv4.S old mode 100755 new mode 100644 index c35904b2925426298c5c6885f48a82ac7e991d52..f146cc6f5e527310367374edc6b2cd59800fa536 --- a/crypto/poly1305/poly1305-armv4.S +++ b/crypto/poly1305/poly1305-armv4.S @@ -1,32 +1,3 @@ -// Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// IALU(*)/gcc-4.4 NEON -// -// ARM11xx(ARMv6) 7.78/+100% - -// Cortex-A5 6.35/+130% 3.00 -// Cortex-A8 6.25/+115% 2.36 -// Cortex-A9 5.10/+95% 2.55 -// Cortex-A15 3.85/+85% 1.25(**) -// Snapdragon S4 5.70/+100% 1.48(**) -// -// (*) this is for -march=armv6, i.e. with bunch of ldrb loading data; -// (**) these are trade-off results, they can be improved by ~8% but at -// the cost of 15/12% regression on Cortex-A5/A7, it's even possible -// to improve Cortex-A9 result, but then A5/A7 loose more than 20%; - #include "arm_arch.h" .text @@ -114,10 +85,10 @@ poly1305_init: # ifdef __thumb2__ itete eq # endif - addeq r12,r11,#(poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) + addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) + addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) + addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) + addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) # endif # ifdef __thumb2__ orr r12,r12,#1 @ thumb-ify address @@ -319,6 +290,7 @@ poly1305_blocks: .type poly1305_emit,%function .align 5 poly1305_emit: +.Lpoly1305_emit: stmdb sp!,{r4-r11} .Lpoly1305_emit_enter: @@ -629,6 +601,7 @@ poly1305_init_neon: .type poly1305_blocks_neon,%function .align 5 poly1305_blocks_neon: +.Lpoly1305_blocks_neon: ldr ip,[r0,#36] @ is_base2_26 ands r2,r2,#-16 beq .Lno_data_neon @@ -1115,6 +1088,7 @@ poly1305_blocks_neon: .type poly1305_emit_neon,%function .align 5 poly1305_emit_neon: +.Lpoly1305_emit_neon: ldr ip,[r0,#36] @ is_base2_26 stmdb sp!,{r4-r11} diff --git a/crypto/poly1305/poly1305-armv8.S b/crypto/poly1305/poly1305-armv8.S old mode 100755 new mode 100644 index 2665c1a9e2b8ba4551a62abb4827fddda082e698..62271b488a9e158ed6a607f02c2fb746da571854 --- a/crypto/poly1305/poly1305-armv8.S +++ b/crypto/poly1305/poly1305-armv8.S @@ -1,48 +1,17 @@ -// Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// This module implements Poly1305 hash for ARMv8. -// -// June 2015 -// -// Numbers are cycles per processed byte with poly1305_blocks alone. -// -// IALU/gcc-4.9 NEON -// -// Apple A7 1.86/+5% 0.72 -// Cortex-A53 2.69/+58% 1.47 -// Cortex-A57 2.70/+7% 1.14 -// Denver 1.64/+50% 1.18(*) -// X-Gene 2.13/+68% 2.27 -// Mongoose 1.77/+75% 1.12 -// Kryo 2.70/+55% 1.13 -// -// (*) estimate based on resources availability is less than 1.0, -// i.e. measured result is worse than expected, presumably binary -// translator is not almighty; - #include "arm_arch.h" .text // forward "declarations" are required for Apple +.hidden OPENSSL_armcap_P +.globl poly1305_init +.hidden poly1305_init .globl poly1305_blocks +.hidden poly1305_blocks .globl poly1305_emit +.hidden poly1305_emit -.globl poly1305_init .type poly1305_init,%function .align 5 poly1305_init: @@ -830,8 +799,8 @@ poly1305_blocks_neon: st1 {v23.s}[0],[x0] .Lno_data_neon: -.inst 0xd50323bf // autiasp ldr x29,[sp],#80 +.inst 0xd50323bf // autiasp ret .size poly1305_blocks_neon,.-poly1305_blocks_neon diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305_base2_44.c b/crypto/poly1305/poly1305_base2_44.c old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305_local.h b/crypto/poly1305/poly1305_local.h old mode 100755 new mode 100644 diff --git a/crypto/poly1305/poly1305_pmeth.c b/crypto/poly1305/poly1305_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h old mode 100755 new mode 100644 diff --git a/crypto/ppccap.c b/crypto/ppccap.c old mode 100755 new mode 100644 index b12cd949ccfe1b70b1cd1ccbb763a262cc3c176e..e51156468ae58489266305c99b6ccfc0e7e3dd9c --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) # endif #endif +#if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +#endif + /* I wish was universally available */ #define HWCAP 16 /* AT_HWCAP */ #define HWCAP_PPC64 (1U << 30) diff --git a/crypto/rand/build.info b/crypto/rand/build.info old mode 100755 new mode 100644 index df9bac67f04ccba3e181f71c1cd0bc639ff70587..a4e7900bdbffc0ddd8841ec329771dfde28fadac --- a/crypto/rand/build.info +++ b/crypto/rand/build.info @@ -2,3 +2,5 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]=\ randfile.c rand_lib.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c + +INCLUDE[drbg_ctr.o]=../modes diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c old mode 100755 new mode 100644 index 93b82f34ceda1290f5ff6d073c6df56501e6d7d2..a757d0a258ab9dca4c8a2d4ca582818b64bf8696 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,28 +12,25 @@ #include #include #include -#include "internal/thread_once.h" +#include "modes_local.h" #include "internal/thread_once.h" #include "rand_local.h" + /* * Implementation of NIST SP 800-90A CTR DRBG. */ static void inc_128(RAND_DRBG_CTR *ctr) { - int i; - unsigned char c; - unsigned char *p = &ctr->V[15]; - - for (i = 0; i < 16; i++, p--) { - c = *p; - c++; - *p = c; - if (c != 0) { - /* If we didn't wrap around, we're done. */ - break; - } - } + unsigned char *p = &ctr->V[0]; + u32 n = 16, c = 1; + + do { + --n; + c += p[n]; + p[n] = (u8)c; + c >>= 8; + } while (n); } static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) @@ -66,15 +63,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen) * Process a complete block using BCC algorithm of SP 800-90A 10.3.3 */ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, - const unsigned char *in) + const unsigned char *in, int len) { int i, outlen = AES_BLOCK_SIZE; - for (i = 0; i < 16; i++) + for (i = 0; i < len; i++) out[i] ^= in[i]; - if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len) + || outlen != len) return 0; return 1; } @@ -85,12 +82,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, */ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) { - if (!ctr_BCC_block(ctr, ctr->KX, in) - || !ctr_BCC_block(ctr, ctr->KX + 16, in)) - return 0; - if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) - return 0; - return 1; + unsigned char in_tmp[48]; + unsigned char num_of_blk = 2; + + memcpy(in_tmp, in, 16); + memcpy(in_tmp + 16, in, 16); + if (ctr->keylen != 16) { + memcpy(in_tmp + 32, in, 16); + num_of_blk = 3; + } + return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk); } /* @@ -99,19 +100,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) */ __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) { + unsigned char bltmp[48] = {0}; + unsigned char num_of_blk; + memset(ctr->KX, 0, 48); - memset(ctr->bltmp, 0, 16); - if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) - return 0; - ctr->bltmp[3] = 1; - if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp)) - return 0; - if (ctr->keylen != 16) { - ctr->bltmp[3] = 2; - if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp)) - return 0; - } - return 1; + num_of_blk = ctr->keylen == 16 ? 2 : 3; + bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1; + bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2; + return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE); } /* @@ -200,20 +196,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr, || !ctr_BCC_final(ctr)) return 0; /* Set up key K */ - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1)) return 0; /* X follows key K */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; if (ctr->keylen != 16) - if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, - AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen, + ctr->KX + 16, AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE) return 0; return 1; @@ -232,31 +228,25 @@ __owur static int ctr_update(RAND_DRBG *drbg, { RAND_DRBG_CTR *ctr = &drbg->data.ctr; int outlen = AES_BLOCK_SIZE; + unsigned char V_tmp[48], out[48]; + unsigned char len; /* correct key is already set up. */ + memcpy(V_tmp, ctr->V, 16); inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; - - /* If keylen longer than 128 bits need extra encrypt */ - if (ctr->keylen != 16) { + memcpy(V_tmp + 16, ctr->V, 16); + if (ctr->keylen == 16) { + len = 32; + } else { inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, - AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) - return 0; + memcpy(V_tmp + 32, ctr->V, 16); + len = 48; } - inc_128(ctr); - if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) - || outlen != AES_BLOCK_SIZE) + if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len) + || outlen != len) return 0; - - /* If 192 bit key part of V is on end of K */ - if (ctr->keylen == 24) { - memcpy(ctr->V + 8, ctr->V, 8); - memcpy(ctr->V, ctr->K + 24, 8); - } + memcpy(ctr->K, out, ctr->keylen); + memcpy(ctr->V, out + ctr->keylen, 16); if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { /* If no input reuse existing derived value */ @@ -271,7 +261,8 @@ __owur static int ctr_update(RAND_DRBG *drbg, ctr_XOR(ctr, in2, in2len); } - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1)) return 0; return 1; } @@ -288,8 +279,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg, memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->V, 0, sizeof(ctr->V)); - if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) return 0; return 1; @@ -299,20 +292,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg, const unsigned char *entropy, size_t entropylen, const unsigned char *adin, size_t adinlen) { + RAND_DRBG_CTR *ctr = &drbg->data.ctr; + if (entropy == NULL) return 0; + + inc_128(ctr); if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) return 0; return 1; } +static void ctr96_inc(unsigned char *counter) +{ + u32 n = 12, c = 1; + + do { + --n; + c += counter[n]; + counter[n] = (u8)c; + c >>= 8; + } while (n); +} + __owur static int drbg_ctr_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adinlen) { RAND_DRBG_CTR *ctr = &drbg->data.ctr; + unsigned int ctr32, blocks; + int outl, buflen; if (adin != NULL && adinlen != 0) { + inc_128(ctr); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; /* This means we reuse derived value */ @@ -324,28 +337,53 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, adinlen = 0; } - for ( ; ; ) { - int outl = AES_BLOCK_SIZE; + inc_128(ctr); + if (outlen == 0) { inc_128(ctr); - if (outlen < 16) { - /* Use K as temp space as it will be updated */ - if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V, - AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) - return 0; - memcpy(out, ctr->K, outlen); - break; - } - if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE) - || outl != AES_BLOCK_SIZE) + + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; - out += 16; - outlen -= 16; - if (outlen == 0) - break; + return 1; } + memset(out, 0, outlen); + + do { + if (!EVP_CipherInit_ex(ctr->ctx_ctr, + NULL, NULL, NULL, ctr->V, -1)) + return 0; + + /*- + * outlen has type size_t while EVP_CipherUpdate takes an + * int argument and thus cannot be guaranteed to process more + * than 2^31-1 bytes at a time. We process such huge generate + * requests in 2^30 byte chunks, which is the greatest multiple + * of AES block size lower than or equal to 2^31-1. + */ + buflen = outlen > (1U << 30) ? (1U << 30) : outlen; + blocks = (buflen + 15) / 16; + + ctr32 = GETU32(ctr->V + 12) + blocks; + if (ctr32 < blocks) { + /* 32-bit counter overflow into V. */ + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } + ctr96_inc(ctr->V); + } + PUTU32(ctr->V + 12, ctr32); + + if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen) + || outl != buflen) + return 0; + + out += buflen; + outlen -= buflen; + } while (outlen); + if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) return 0; return 1; @@ -353,7 +391,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) { - EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb); + EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); return 1; @@ -377,25 +416,36 @@ int drbg_ctr_init(RAND_DRBG *drbg) return 0; case NID_aes_128_ctr: keylen = 16; - ctr->cipher = EVP_aes_128_ecb(); + ctr->cipher_ecb = EVP_aes_128_ecb(); + ctr->cipher_ctr = EVP_aes_128_ctr(); break; case NID_aes_192_ctr: keylen = 24; - ctr->cipher = EVP_aes_192_ecb(); + ctr->cipher_ecb = EVP_aes_192_ecb(); + ctr->cipher_ctr = EVP_aes_192_ctr(); break; case NID_aes_256_ctr: keylen = 32; - ctr->cipher = EVP_aes_256_ecb(); + ctr->cipher_ecb = EVP_aes_256_ecb(); + ctr->cipher_ctr = EVP_aes_256_ctr(); break; } drbg->meth = &drbg_ctr_meth; ctr->keylen = keylen; - if (ctr->ctx == NULL) - ctr->ctx = EVP_CIPHER_CTX_new(); - if (ctr->ctx == NULL) + if (ctr->ctx_ecb == NULL) + ctr->ctx_ecb = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ctr == NULL) + ctr->ctx_ctr = EVP_CIPHER_CTX_new(); + if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL + || !EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) return 0; + + drbg->meth = &drbg_ctr_meth; drbg->strength = keylen * 8; drbg->seedlen = keylen + 16; @@ -413,7 +463,8 @@ int drbg_ctr_init(RAND_DRBG *drbg) if (ctr->ctx_df == NULL) return 0; /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) return 0; drbg->min_entropylen = ctr->keylen; diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c old mode 100755 new mode 100644 index faf0590c6c281e39e63bdc43210329ad26db2516..8c7c28c9703a4d68207d005282f00bbb161ca85a --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -327,13 +327,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, max_entropylen += drbg->max_noncelen; } - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, min_entropylen, max_entropylen, 0); @@ -359,9 +352,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, } drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -428,14 +427,6 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, } drbg->state = DRBG_ERROR; - - drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter); - if (drbg->reseed_next_counter) { - drbg->reseed_next_counter++; - if(!drbg->reseed_next_counter) - drbg->reseed_next_counter = 1; - } - if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, drbg->min_entropylen, @@ -451,9 +442,15 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, goto end; drbg->state = DRBG_READY; - drbg->reseed_gen_counter = 1; + drbg->generate_counter = 1; drbg->reseed_time = time(NULL); - tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); + if (drbg->enable_reseed_propagation) { + if (drbg->parent == NULL) + tsan_counter(&drbg->reseed_counter); + else + tsan_store(&drbg->reseed_counter, + tsan_load(&drbg->parent->reseed_counter)); + } end: if (entropy != NULL && drbg->cleanup_entropy != NULL) @@ -554,7 +551,9 @@ int rand_drbg_restart(RAND_DRBG *drbg, drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ - RAND_DRBG_reseed(drbg, NULL, 0, 0); + if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) { + RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR); + } } } @@ -612,7 +611,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter >= drbg->reseed_interval) + if (drbg->generate_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { @@ -621,11 +620,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, || now - drbg->reseed_time >= drbg->reseed_time_interval) reseed_required = 1; } - if (drbg->parent != NULL) { - unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); - if (reseed_counter > 0 - && tsan_load(&drbg->parent->reseed_prop_counter) - != reseed_counter) + if (drbg->enable_reseed_propagation && drbg->parent != NULL) { + if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter)) reseed_required = 1; } @@ -644,7 +640,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - drbg->reseed_gen_counter++; + drbg->generate_counter++; return 1; } @@ -706,8 +702,7 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_cleanup_nonce_fn cleanup_nonce) { - if (drbg->state != DRBG_UNINITIALISED - || drbg->parent != NULL) + if (drbg->state != DRBG_UNINITIALISED) return 0; drbg->get_entropy = get_entropy; drbg->cleanup_entropy = cleanup_entropy; @@ -883,8 +878,9 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent) if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) goto err; - /* enable seed propagation */ - tsan_store(&drbg->reseed_prop_counter, 1); + /* enable reseed propagation */ + drbg->enable_reseed_propagation = 1; + drbg->reseed_counter = 1; /* * Ignore instantiation error to support just-in-time instantiation. diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c old mode 100755 new mode 100644 diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c old mode 100755 new mode 100644 diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c old mode 100755 new mode 100644 index ab4e9b5486cb3864580f82036a06d829989a2788..5c72fad8ca263bdb0d5c8cd49d1afb76ceea9f22 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,8 +174,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, prediction_resistance, (unsigned char *)&drbg, sizeof(drbg)) != 0) bytes = bytes_needed; - drbg->reseed_next_counter - = tsan_load(&drbg->parent->reseed_prop_counter); rand_drbg_unlock(drbg->parent); rand_pool_add_end(pool, bytes, 8 * bytes); @@ -434,9 +432,13 @@ err: RAND_POOL *rand_pool_new(int entropy_requested, int secure, size_t min_len, size_t max_len) { - RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + RAND_POOL *pool; size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); + if (!RUN_ONCE(&rand_init, do_rand_init)) + return NULL; + + pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h old mode 100755 new mode 100644 index 1bc9bf7d266dd416ca76f342ae3350fad4be1df3..a5de5252dcdcc47f292894a68d5cba41f757aa33 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -138,9 +138,11 @@ typedef struct rand_drbg_method_st { * The state of a DRBG AES-CTR. */ typedef struct rand_drbg_ctr_st { - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx_ecb; + EVP_CIPHER_CTX *ctx_ctr; EVP_CIPHER_CTX *ctx_df; - const EVP_CIPHER *cipher; + const EVP_CIPHER *cipher_ecb; + const EVP_CIPHER *cipher_ctr; size_t keylen; unsigned char K[32]; unsigned char V[16]; @@ -233,7 +235,7 @@ struct rand_drbg_st { size_t max_perslen, max_adinlen; /* Counts the number of generate requests since the last reseed. */ - unsigned int reseed_gen_counter; + unsigned int generate_counter; /* * Maximum number of generate requests until a reseed is required. * This value is ignored if it is zero. @@ -246,9 +248,15 @@ struct rand_drbg_st { * This value is ignored if it is zero. */ time_t reseed_time_interval; + + /* + * Enables reseed propagation (see following comment) + */ + unsigned int enable_reseed_propagation; + /* * Counts the number of reseeds since instantiation. - * This value is ignored if it is zero. + * This value is ignored if enable_reseed_propagation is zero. * * This counter is used only for seed propagation from the DRBG * to its two children, the and DRBG. This feature is @@ -256,8 +264,7 @@ struct rand_drbg_st { * is added by RAND_add() or RAND_seed() will have an immediate effect on * the output of RAND_bytes() resp. RAND_priv_bytes(). */ - TSAN_QUALIFIER unsigned int reseed_prop_counter; - unsigned int reseed_next_counter; + TSAN_QUALIFIER unsigned int reseed_counter; size_t seedlen; DRBG_STATUS state; diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c old mode 100755 new mode 100644 index fe457cab4a3b1a0c45ed91ecb732e0920771dfe0..ec6be791b37f445620a7dcd1077b9c3059c9b7e7 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -26,12 +26,12 @@ # include # endif #endif -#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI) # include # include # include #endif -#if defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__OpenBSD__) # include #endif @@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen) * when the sysctl returns long and we want to request something not a * multiple of longs, which should never be the case. */ +#if defined(__FreeBSD__) if (!ossl_assert(buflen % sizeof(long) == 0)) { errno = EINVAL; return -1; } +#endif /* * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only @@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen) mib[1] = KERN_ARND; do { - len = buflen; + len = buflen > 256 ? 256 : buflen; if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) return done > 0 ? done : -1; done += len; @@ -363,12 +365,19 @@ static ssize_t syscall_random(void *buf, size_t buflen) * - OpenBSD since 5.6 * - Linux since 3.17 with glibc 2.25 * - FreeBSD since 12.0 (1200061) + * + * Note: Sometimes getentropy() can be provided but not implemented + * internally. So we need to check errno for ENOSYS */ # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - if (getentropy != NULL) - return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1; + if (getentropy != NULL) { + if (getentropy(buf, buflen) == 0) + return (ssize_t)buflen; + if (errno != ENOSYS) + return -1; + } # else union { void *p; @@ -409,7 +418,8 @@ static struct random_device { } random_devices[OSSL_NELEM(random_device_paths)]; static int keep_random_devices_open = 1; -# if defined(__linux) && defined(DEVRANDOM_WAIT) +# if defined(__linux) && defined(DEVRANDOM_WAIT) \ + && defined(OPENSSL_RAND_SEED_GETRANDOM) static void *shm_addr; static void cleanup_shm(void) @@ -487,7 +497,7 @@ static int wait_random_seeded(void) } return seeded; } -# else /* defined __linux */ +# else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */ static int wait_random_seeded(void) { return 1; diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c old mode 100755 new mode 100644 diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c old mode 100755 new mode 100644 diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c old mode 100755 new mode 100644 index ba121eefbf09ddd05066b9e8c071e86bab7137e3..229ce864a3123bfd54124700d0ae20c4b286942a --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ #ifndef OPENSSL_NO_POSIX_IO # include # include -# ifdef _WIN32 +# if defined(_WIN32) && !defined(_WIN32_WCE) # include # include # define stat _stat diff --git a/crypto/rc2/build.info b/crypto/rc2/build.info old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2_local.h b/crypto/rc2/rc2_local.h old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c old mode 100755 new mode 100644 diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/build.info b/crypto/rc4/build.info old mode 100755 new mode 100644 diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c old mode 100755 new mode 100644 diff --git a/crypto/rc4/rc4_local.h b/crypto/rc4/rc4_local.h old mode 100755 new mode 100644 diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c old mode 100755 new mode 100644 diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl old mode 100755 new mode 100644 diff --git a/crypto/rc5/build.info b/crypto/rc5/build.info old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5_local.h b/crypto/rc5/rc5_local.h old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c old mode 100755 new mode 100644 diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c old mode 100755 new mode 100644 diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl old mode 100755 new mode 100644 diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info old mode 100755 new mode 100644 diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c old mode 100755 new mode 100644 diff --git a/crypto/ripemd/rmd_local.h b/crypto/ripemd/rmd_local.h old mode 100755 new mode 100644 diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c old mode 100755 new mode 100644 diff --git a/crypto/ripemd/rmdconst.h b/crypto/ripemd/rmdconst.h old mode 100755 new mode 100644 diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c old mode 100755 new mode 100644 index 6692a51ed8fe470d64f8b9e0b04be7cf195b10e2..fb045544a832fbafed31132daaa06fae82724f26 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,6 +118,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { + /* + * Don't check the public/private key, this is mostly for smart + * cards. + */ + if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) + || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { + return 1; + } + if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) return 0; diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c old mode 100755 new mode 100644 index 1f155be175da7c1e5bde8f8ecb063a027cbe5cc5..e1c755ae460ba7e5948e0f9fe23ad1c1e2247aaf --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, /* * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding - * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also + * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also * preserves error code reporting for backward compatibility. */ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, @@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSA_R_NULL_BEFORE_BLOCK_MISSING); mask = ~good; - good &= constant_time_ge(threes_in_row, 8); + /* + * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note + * that RFC5246 incorrectly states this the other way around, i.e. reject + * if it is not preceded by 8 consecutive 0x03 bytes. However this is + * corrected in subsequent errata for that RFC. + */ + good &= constant_time_lt(threes_in_row, 8); err = constant_time_select_int(mask | good, err, RSA_R_SSLV3_ROLLBACK_ATTACK); mask = ~good; diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c old mode 100755 new mode 100644 diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h old mode 100755 new mode 100644 diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c old mode 100755 new mode 100644 diff --git a/crypto/seed/build.info b/crypto/seed/build.info old mode 100755 new mode 100644 diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c old mode 100755 new mode 100644 diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c old mode 100755 new mode 100644 diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c old mode 100755 new mode 100644 diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c old mode 100755 new mode 100644 diff --git a/crypto/seed/seed_local.h b/crypto/seed/seed_local.h old mode 100755 new mode 100644 diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl old mode 100755 new mode 100644 index f7b85e6c6d7ef20a5a2d418c7e7308480e0ccbeb..b72869b86d4af0b4b371c45954d4b87c2852d550 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/crypto/sha/asm/sha1-alpha.pl b/crypto/sha/asm/sha1-alpha.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl old mode 100755 new mode 100644 index aa44feb9c7c53b8b51be89c385c998f0add3c7ca..557cabc018e05f584a52c7b16cfa0854d8a217b9 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl @@ -176,6 +176,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -329,7 +330,6 @@ $code.=<<___; #endif .asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " .align 2 -.comm OPENSSL_armcap_P,4,4 ___ }}} diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl old mode 100755 new mode 100644 index a78266d62fc3d6bb22a231f6a4cd3ebd4ca5c10a..47c588715163150ba2dfafbe01984b279574ea32 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/crypto/sha/asm/sha1-mb-x86_64.pl @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl index 0680d6d0a2b2a30623d3dadc534aebb0068a4413..89146d137b9b2cebb69a5acfeede8a6f183d2522 100755 --- a/crypto/sha/asm/sha1-x86_64.pl +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -119,7 +119,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl old mode 100755 new mode 100644 index 6989d59bd735e71514a6e55a64e8cd93b8f8c5b8..7523dbc165fa6dfa6d65c794de00bf5dd02c3e4b --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl old mode 100755 new mode 100644 index 81ac814effc46742b18525253d0113957711cb76..c8cc6efac95c5a152cf80d110d030f718fd8ea02 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/crypto/sha/asm/sha256-mb-x86_64.pl @@ -67,7 +67,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl old mode 100755 new mode 100644 index 07dcba42dcf4c3184d21bb43f90d936bdca8357f..3188c905ea2de21d87ba491500f87e2f66c36a51 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl @@ -193,6 +193,7 @@ $code.=<<___; .text .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -840,12 +841,6 @@ $code.=<<___; ___ } -$code.=<<___; -#ifndef __KERNEL__ -.comm OPENSSL_armcap_P,4,4 -#endif -___ - { my %opcode = ( "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl index 64ae641c14075cde5b6cf4888a45ef5600c5e7f2..ad37850e6130138328f95691ac71e26ef49becae 100755 --- a/crypto/sha/asm/sha512-x86_64.pl +++ b/crypto/sha/asm/sha512-x86_64.pl @@ -135,7 +135,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/crypto/sha/build.info b/crypto/sha/build.info old mode 100755 new mode 100644 diff --git a/crypto/sha/keccak1600-armv4.S b/crypto/sha/keccak1600-armv4.S old mode 100755 new mode 100644 index b511aa7fa6e12a2536eeb729e4807df8fcc782ee..3f78853b351e605f5636b2e9c8976369b7ea1643 --- a/crypto/sha/keccak1600-armv4.S +++ b/crypto/sha/keccak1600-armv4.S @@ -1,74 +1,3 @@ -// Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// Keccak-1600 for ARMv4. -// -// June 2017. -// -// Non-NEON code is KECCAK_1X variant (see sha/keccak1600.c) with bit -// interleaving. How does it compare to Keccak Code Package? It's as -// fast, but several times smaller, and is endian- and ISA-neutral. ISA -// neutrality means that minimum ISA requirement is ARMv4, yet it can -// be assembled even as Thumb-2. NEON code path is KECCAK_1X_ALT with -// register layout taken from Keccak Code Package. It's also as fast, -// in fact faster by 10-15% on some processors, and endian-neutral. -// -// August 2017. -// -// Switch to KECCAK_2X variant for non-NEON code and merge almost 1/2 -// of rotate instructions with logical ones. This resulted in ~10% -// improvement on most processors. Switch to KECCAK_2X effectively -// minimizes re-loads from temporary storage, and merged rotates just -// eliminate corresponding instructions. As for latter. When examining -// code you'll notice commented ror instructions. These are eliminated -// ones, and you should trace destination register below to see what's -// going on. Just in case, why not all rotates are eliminated. Trouble -// is that you have operations that require both inputs to be rotated, -// e.g. 'eor a,b>>>x,c>>>y'. This conundrum is resolved by using -// 'eor a,b,c>>>(x-y)' and then merge-rotating 'a' in next operation -// that takes 'a' as input. And thing is that this next operation can -// be in next round. It's totally possible to "carry" rotate "factors" -// to the next round, but it makes code more complex. And the last word -// is the keyword, i.e. "almost 1/2" is kind of complexity cap [for the -// time being]... -// -// Reduce per-round instruction count in Thumb-2 case by 16%. This is -// achieved by folding ldr/str pairs to their double-word counterparts. -// Theoretically this should have improved performance on single-issue -// cores, such as Cortex-A5/A7, by 19%. Reality is a bit different, as -// usual... -// -//======================================================================== -// Numbers are cycles per processed byte. Non-NEON results account even -// for input bit interleaving. -// -// r=1088(*) Thumb-2(**) NEON -// -// ARM11xx 82/+150% -// Cortex-A5 88/+160%, 86, 36 -// Cortex-A7 78/+160%, 68, 34 -// Cortex-A8 51/+230%, 57, 30 -// Cortex-A9 53/+210%, 51, 26 -// Cortex-A15 42/+160%, 38, 18 -// Snapdragon S4 43/+210%, 38, 24 -// -// (*) Corresponds to SHA3-256. Percentage after slash is improvement -// over compiler-generated KECCAK_2X reference code. -// (**) Thumb-2 results for Cortex-A5/A7 are likely to apply even to -// Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable -// processors are presented mostly for reference purposes. - #include "arm_arch.h" .text diff --git a/crypto/sha/keccak1600-armv8.S b/crypto/sha/keccak1600-armv8.S old mode 100755 new mode 100644 index ea898cad91a880ee28bb58d223c13dfe9b3afeeb..d8bdc71aee3737e14b4bc587a6eae6a50d9db0b2 --- a/crypto/sha/keccak1600-armv8.S +++ b/crypto/sha/keccak1600-armv8.S @@ -1,62 +1,3 @@ -// Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// Keccak-1600 for ARMv8. -// -// June 2017. -// -// This is straightforward KECCAK_1X_ALT implementation. It makes no -// sense to attempt SIMD/NEON implementation for following reason. -// 64-bit lanes of vector registers can't be addressed as easily as in -// 32-bit mode. This means that 64-bit NEON is bound to be slower than -// 32-bit NEON, and this implementation is faster than 32-bit NEON on -// same processor. Even though it takes more scalar xor's and andn's, -// it gets compensated by availability of rotate. Not to forget that -// most processors achieve higher issue rate with scalar instructions. -// -// February 2018. -// -// Add hardware-assisted ARMv8.2 implementation. It's KECCAK_1X_ALT -// variant with register permutation/rotation twist that allows to -// eliminate copies to temporary registers. If you look closely you'll -// notice that it uses only one lane of vector registers. The new -// instructions effectively facilitate parallel hashing, which we don't -// support [yet?]. But lowest-level core procedure is prepared for it. -// The inner round is 67 [vector] instructions, so it's not actually -// obvious that it will provide performance improvement [in serial -// hash] as long as vector instructions issue rate is limited to 1 per -// cycle... -// -//============================================================================== -// Numbers are cycles per processed byte. -// -// r=1088(*) -// -// Cortex-A53 13 -// Cortex-A57 12 -// X-Gene 14 -// Mongoose 10 -// Kryo 12 -// Denver 7.8 -// Apple A7 7.2 -// -// (*) Corresponds to SHA3-256. No improvement coefficients are listed -// because they vary too much from compiler to compiler. Newer -// compiler does much better and improvement varies from 5% on -// Cortex-A57 to 25% on Cortex-A53. While in comparison to older -// compiler this code is at least 2x faster... - .text .align 8 // strategic alignment and padding that allows to use diff --git a/crypto/sha/keccak1600.c b/crypto/sha/keccak1600.c old mode 100755 new mode 100644 diff --git a/crypto/sha/sha1-armv4-large.S b/crypto/sha/sha1-armv4-large.S old mode 100755 new mode 100644 index e607eb1e0361a9301e94cc5d9aa817899c66a40b..72070a09c60117e093b6107beacd81d90d28bc51 --- a/crypto/sha/sha1-armv4-large.S +++ b/crypto/sha/sha1-armv4-large.S @@ -1,79 +1,3 @@ -// Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - - -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== - -// sha1_block procedure for ARMv4. -// -// January 2007. - -// Size/performance trade-off -// ==================================================================== -// impl size in bytes comp cycles[*] measured performance -// ==================================================================== -// thumb 304 3212 4420 -// armv4-small 392/+29% 1958/+64% 2250/+96% -// armv4-compact 740/+89% 1552/+26% 1840/+22% -// armv4-large 1420/+92% 1307/+19% 1370/+34%[***] -// full unroll ~5100/+260% ~1260/+4% ~1300/+5% -// ==================================================================== -// thumb = same as 'small' but in Thumb instructions[**] and -// with recurring code in two private functions; -// small = detached Xload/update, loops are folded; -// compact = detached Xload/update, 5x unroll; -// large = interleaved Xload/update, 5x unroll; -// full unroll = interleaved Xload/update, full unroll, estimated[!]; -// -// [*] Manually counted instructions in "grand" loop body. Measured -// performance is affected by prologue and epilogue overhead, -// i-cache availability, branch penalties, etc. -// [**] While each Thumb instruction is twice smaller, they are not as -// diverse as ARM ones: e.g., there are only two arithmetic -// instructions with 3 arguments, no [fixed] rotate, addressing -// modes are limited. As result it takes more instructions to do -// the same job in Thumb, therefore the code is never twice as -// small and always slower. -// [***] which is also ~35% better than compiler generated code. Dual- -// issue Cortex A8 core was measured to process input block in -// ~990 cycles. - -// August 2010. -// -// Rescheduling for dual-issue pipeline resulted in 13% improvement on -// Cortex A8 core and in absolute terms ~870 cycles per input block -// [or 13.6 cycles per byte]. - -// February 2011. -// -// Profiler-assisted and platform-specific optimization resulted in 10% -// improvement on Cortex A8 core and 12.2 cycles per byte. - -// September 2013. -// -// Add NEON implementation (see sha1-586.pl for background info). On -// Cortex A8 it was measured to process one byte in 6.7 cycles or >80% -// faster than integer-only code. Because [fully unrolled] NEON code -// is ~2.5x larger and there are some redundant instructions executed -// when processing last block, improvement is not as big for smallest -// blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per -// byte, which is also >80% faster than integer-only code. Cortex-A15 -// is even faster spending 5.6 cycles per byte outperforming integer- -// only code by factor of 2. - -// May 2014. -// -// Add ARMv8 code path performing at 2.35 cpb on Apple A7. - #include "arm_arch.h" .text diff --git a/crypto/sha/sha1-armv8.S b/crypto/sha/sha1-armv8.S old mode 100755 new mode 100644 index d53f475ad5afe50c508190cc21e7b6c592bb34b4..d64f46a8f6967e4c2de01a96ba36ed68ed5ae7db --- a/crypto/sha/sha1-armv8.S +++ b/crypto/sha/sha1-armv8.S @@ -1,41 +1,9 @@ -// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the OpenSSL license (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. The module is, however, dual licensed under OpenSSL and -// CRYPTOGAMS licenses depending on where you obtain it. For further -// details see http://www.openssl.org/~appro/cryptogams/. -// ==================================================================== -// -// SHA1 for ARMv8. -// -// Performance in cycles per processed byte and improvement coefficient -// over code generated with "default" compiler: -// -// hardware-assisted software(*) -// Apple A7 2.31 4.13 (+14%) -// Cortex-A53 2.24 8.03 (+97%) -// Cortex-A57 2.35 7.88 (+74%) -// Denver 2.13 3.97 (+0%)(**) -// X-Gene 8.80 (+200%) -// Mongoose 2.05 6.50 (+160%) -// Kryo 1.88 8.00 (+90%) -// -// (*) Software results are presented mostly for reference purposes. -// (**) Keep in mind that Denver relies on binary translation, which -// optimizes compiler output at run-time. - #include "arm_arch.h" .text +.hidden OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 @@ -1251,4 +1219,3 @@ sha1_block_armv8: .byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 -.comm OPENSSL_armcap_P,4,4 diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c old mode 100755 new mode 100644 diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c old mode 100755 new mode 100644 diff --git a/crypto/sha/sha256-armv4.S b/crypto/sha/sha256-armv4.S old mode 100755 new mode 100644 diff --git a/crypto/sha/sha256-armv8.S b/crypto/sha/sha256-armv8.S old mode 100755 new mode 100644 index a8843c87d1926532d905a19d2b84fbf8696b600e..52ca2ef1e0cd93519c40251e7f3b8d3483894c94 --- a/crypto/sha/sha256-armv8.S +++ b/crypto/sha/sha256-armv8.S @@ -59,6 +59,7 @@ .text +.hidden OPENSSL_armcap_P .globl sha256_block_data_order .type sha256_block_data_order,%function .align 6 @@ -2060,6 +2061,3 @@ sha256_block_neon: add sp,sp,#16*4+16 ret .size sha256_block_neon,.-sha256_block_neon -#ifndef __KERNEL__ -.comm OPENSSL_armcap_P,4,4 -#endif diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c old mode 100755 new mode 100644 diff --git a/crypto/sha/sha512-armv4.S b/crypto/sha/sha512-armv4.S old mode 100755 new mode 100644 diff --git a/crypto/sha/sha512-armv8.S b/crypto/sha/sha512-armv8.S old mode 100755 new mode 100644 index 9ad03da17fb123aa441433c605ed0d7cdf3558e8..31e4550fafea8995a59985b8d0fb956ebb8d16cc --- a/crypto/sha/sha512-armv8.S +++ b/crypto/sha/sha512-armv8.S @@ -59,6 +59,7 @@ .text +.hidden OPENSSL_armcap_P .globl sha512_block_data_order .type sha512_block_data_order,%function .align 6 @@ -1615,6 +1616,3 @@ sha512_block_armv8: ret .size sha512_block_armv8,.-sha512_block_armv8 #endif -#ifndef __KERNEL__ -.hidden OPENSSL_armcap_P -#endif diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c old mode 100755 new mode 100644 diff --git a/crypto/sha/sha_local.h b/crypto/sha/sha_local.h old mode 100755 new mode 100644 diff --git a/crypto/siphash/build.info b/crypto/siphash/build.info old mode 100755 new mode 100644 diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c old mode 100755 new mode 100644 diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c old mode 100755 new mode 100644 diff --git a/crypto/siphash/siphash_local.h b/crypto/siphash/siphash_local.h old mode 100755 new mode 100644 diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info old mode 100755 new mode 100644 diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c old mode 100755 new mode 100644 diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c old mode 100755 new mode 100644 diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c old mode 100755 new mode 100644 diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c old mode 100755 new mode 100644 diff --git a/crypto/sm3/build.info b/crypto/sm3/build.info old mode 100755 new mode 100644 diff --git a/crypto/sm3/m_sm3.c b/crypto/sm3/m_sm3.c old mode 100755 new mode 100644 diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c old mode 100755 new mode 100644 diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h old mode 100755 new mode 100644 diff --git a/crypto/sm4/build.info b/crypto/sm4/build.info old mode 100755 new mode 100644 diff --git a/crypto/sm4/sm4.c b/crypto/sm4/sm4.c old mode 100755 new mode 100644 diff --git a/crypto/sparc_arch.h b/crypto/sparc_arch.h old mode 100755 new mode 100644 diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S old mode 100755 new mode 100644 diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c old mode 100755 new mode 100644 diff --git a/crypto/srp/build.info b/crypto/srp/build.info old mode 100755 new mode 100644 diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c old mode 100755 new mode 100644 index 4f417de0c98970ac6f0a750e1472c12a2c7b8ae7..ce3504825c53f2efe0992386ab559868c7008baf --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; + BIGNUM *xtmp = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL @@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL) + (tmp3 = BN_new()) == NULL || + (xtmp = BN_new()) == NULL) goto err; - if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) + BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx)) goto err; if ((k = srp_Calc_k(N, g)) == NULL) goto err; @@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mul(tmp3, u, x, bn_ctx)) + if (!BN_mul(tmp3, u, xtmp, bn_ctx)) goto err; if (!BN_add(tmp2, a, tmp3)) goto err; @@ -208,6 +212,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, err: BN_CTX_free(bn_ctx); + BN_free(xtmp); BN_clear_free(tmp); BN_clear_free(tmp2); BN_clear_free(tmp3); diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c old mode 100755 new mode 100644 diff --git a/crypto/stack/build.info b/crypto/stack/build.info old mode 100755 new mode 100644 diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c old mode 100755 new mode 100644 diff --git a/crypto/store/build.info b/crypto/store/build.info old mode 100755 new mode 100644 diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c old mode 100755 new mode 100644 index 8f1d20e74aa4f429b73aa5fc3d70ca7981ebea49..9c9e3bd085068c0b2fd3da08ede2e16ac08c4a9b --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, } } else { int i; +#ifndef OPENSSL_NO_ENGINE + ENGINE *curengine = ENGINE_get_first(); + + while (curengine != NULL) { + ENGINE_PKEY_ASN1_METHS_PTR asn1meths = + ENGINE_get_pkey_asn1_meths(curengine); + + if (asn1meths != NULL) { + const int *nids = NULL; + int nids_n = asn1meths(curengine, NULL, &nids, 0); + + for (i = 0; i < nids_n; i++) { + EVP_PKEY_ASN1_METHOD *ameth2 = NULL; + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + if (!asn1meths(curengine, &ameth2, NULL, nids[i])) + continue; + if (ameth2 == NULL + || ameth2->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL, + &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + } + curengine = ENGINE_get_next(curengine); + } +#endif for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { EVP_PKEY *tmp_pkey = NULL; diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c old mode 100755 new mode 100644 diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c old mode 100755 new mode 100644 diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c old mode 100755 new mode 100644 index fb8184d2d9b540cf40d745c563c5636f6153a643..fb71f84725b1273291b090234865b70c6a1e8f02 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,7 +218,11 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) int OSSL_STORE_close(OSSL_STORE_CTX *ctx) { - int loader_ret = ctx->loader->close(ctx->loader_ctx); + int loader_ret; + + if (ctx == NULL) + return 1; + loader_ret = ctx->loader->close(ctx->loader_ctx); OPENSSL_free(ctx); return loader_ret; diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h old mode 100755 new mode 100644 diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c old mode 100755 new mode 100644 diff --git a/crypto/store/store_strings.c b/crypto/store/store_strings.c old mode 100755 new mode 100644 diff --git a/crypto/threads_none.c b/crypto/threads_none.c old mode 100755 new mode 100644 diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c old mode 100755 new mode 100644 diff --git a/crypto/threads_win.c b/crypto/threads_win.c old mode 100755 new mode 100644 index ba25d2719aadb388db938062c60ff3f08e7d8b03..83dccb84fb6848ced9ed1c1133f01b828dd12c0a --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -155,7 +155,7 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { - *ret = InterlockedExchangeAdd(val, amount) + amount; + *ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount; return 1; } diff --git a/crypto/ts/build.info b/crypto/ts/build.info old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_local.h b/crypto/ts/ts_local.h old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c old mode 100755 new mode 100644 index 041a187da68c6a173451578b0228928b79f9ba3b..342582f024b2a79479fa3a5e6e40e2d1d6c0b004 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; + return serial; err: TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); + ASN1_INTEGER_free(serial); return NULL; } diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c old mode 100755 new mode 100644 diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c old mode 100755 new mode 100644 diff --git a/crypto/txt_db/build.info b/crypto/txt_db/build.info old mode 100755 new mode 100644 diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c old mode 100755 new mode 100644 diff --git a/crypto/ui/build.info b/crypto/ui/build.info old mode 100755 new mode 100644 diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c old mode 100755 new mode 100644 diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c old mode 100755 new mode 100644 diff --git a/crypto/ui/ui_local.h b/crypto/ui/ui_local.h old mode 100755 new mode 100644 diff --git a/crypto/ui/ui_null.c b/crypto/ui/ui_null.c old mode 100755 new mode 100644 diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c old mode 100755 new mode 100644 index 168de4630dcc01388451cba22f27adbeb2ce5fed..9526c16536cbefb2dd6089d88f82b3a47c2d70ae --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -439,6 +439,16 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef EPERM + /* + * Linux can return EPERM (Operation not permitted), + * e.g. if a daemon executes openssl via fork()+execve() + * This should be ok + */ + if (errno == EPERM) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c old mode 100755 new mode 100644 diff --git a/crypto/uid.c b/crypto/uid.c old mode 100755 new mode 100644 diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c old mode 100755 new mode 100644 index c21c04dbc1bbfb124dd83edfa60010d5083bed4f..39ad009c01bfb9afb59ce91a6f82a27cc702bdb3 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,20 @@ typedef unsigned long long u64; # undef STRICT_ALIGNMENT #endif +#ifndef STRICT_ALIGNMENT +# ifdef __GNUC__ +typedef u64 u64_a1 __attribute((__aligned__(1))); +# else +typedef u64 u64_a1; +# endif +#endif + +#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) +typedef u64 u64_aX __attribute((__aligned__(1))); +#else +typedef u64 u64_aX; +#endif + #undef SMALL_REGISTER_BANK #if defined(__i386) || defined(__i386__) || defined(_M_IX86) # define SMALL_REGISTER_BANK @@ -191,13 +205,13 @@ typedef unsigned long long u64; # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ c0,c1,c2,c3,c4,c5,c6,c7 # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) #endif static const @@ -531,7 +545,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; @@ -769,7 +783,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) } else # endif { - const u64 *pa = (const u64 *)p; + const u64_aX *pa = (const u64_aX *)p; H->q[0] ^= S.q[0] ^ pa[0]; H->q[1] ^= S.q[1] ^ pa[1]; H->q[2] ^= S.q[2] ^ pa[2]; diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/wp_local.h b/crypto/whrlpool/wp_local.h old mode 100755 new mode 100644 diff --git a/crypto/x509/build.info b/crypto/x509/build.info old mode 100755 new mode 100644 diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c old mode 100755 new mode 100644 diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c old mode 100755 new mode 100644 diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c old mode 100755 new mode 100644 diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c old mode 100755 new mode 100644 diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c old mode 100755 new mode 100644 index 651aa78083093e4817ee29f028c548f7db751f71..cc9f9d19099dac9386a6d6714f425a81a4a22535 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -149,7 +149,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) return ret; } -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type) { int i; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c old mode 100755 new mode 100644 index 99920e2997a911b1cb0d152fc420c5d4e545da40..1d8d2d7b28e9ff766bb6c7fb4ca520f2de2297b4 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -135,17 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { - int rv; + int rv = 0; - /* ensure hash is valid */ - if (X509_check_purpose((X509 *)a, -1, 0) != 1) - return -2; - if (X509_check_purpose((X509 *)b, -1, 0) != 1) - return -2; + if (a == b) /* for efficiency */ + return 0; + + /* try to make sure hash is valid */ + (void)X509_check_purpose((X509 *)a, -1, 0); + (void)X509_check_purpose((X509 *)b, -1, 0); - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv) + if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 + && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv != 0) return rv; + /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (a->cert_info.enc.len < b->cert_info.enc.len) diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c old mode 100755 new mode 100644 index c110d908090e6363bf566fda3f9dcdbffe178e14..bdd1e67cd3fd3ab2d615447ea4fe85a0f19e9963 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = { {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), "x509_pubkey_decode"}, + {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h old mode 100755 new mode 100644 index c517a7745637175a184e27f90bb65283b27c03a4..10807e1def04530ca2eecb03b69a70fcf2184df5 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig); +int x509_likely_issued(X509 *issuer, X509 *subject); +int x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c old mode 100755 new mode 100644 index 7ba0f26495f97669b3392285b6f1fc61c45b63ae..dd674926ddb5faef0ab7a669e81d5ed2aadc9686 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, *palg = &req->sig_alg; } +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) +{ + if (req->signature) + ASN1_BIT_STRING_free(req->signature); + req->signature = psig; +} + +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg) +{ + return X509_ALGOR_copy(&req->sig_alg, palg); +} + int X509_REQ_get_signature_nid(const X509_REQ *req) { return OBJ_obj2nid(req->sig_alg.algorithm); diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c old mode 100755 new mode 100644 index 4755b39eb4eb6130481ea933a1a5cdd8719e54cb..02bde640d8e8d127202e7663a708e37135df9336 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n) return "OCSP verification failed"; case X509_V_ERR_OCSP_CERT_UNKNOWN: return "OCSP unknown cert"; + case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS: + return "Certificate public key has explicit ECC parameters"; default: /* Printing an error number into a static buffer is not thread-safe */ diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c old mode 100755 new mode 100644 index f28f2d2610f6db48ca7165aec1526a935446f24f..20a36e763c5dbaaa89deacc664e410eac40f0f4c --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); +static int check_curve(X509 *cert); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); @@ -104,7 +105,12 @@ static int null_callback(int ok, X509_STORE_CTX *e) return ok; } -/* Return 1 is a certificate is self signed */ +/* + * Return 1 if given cert is considered self-signed, 0 if not or on error. + * This does not verify self-signedness but relies on x509v3_cache_extensions() + * matching issuer and subject names (i.e., the cert being self-issued) and any + * present authority key identifier matching the subject key identifier, etc. + */ static int cert_self_signed(X509 *x) { if (X509_check_purpose(x, -1, 0) != 1) @@ -131,10 +137,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) xtmp = sk_X509_value(certs, i); if (!X509_cmp(xtmp, x)) break; + xtmp = NULL; } - if (i < sk_X509_num(certs)) - X509_up_ref(xtmp); - else + if (xtmp != NULL && !X509_up_ref(xtmp)) xtmp = NULL; sk_X509_pop_free(certs, X509_free); return xtmp; @@ -267,17 +272,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return -1; } + if (!X509_up_ref(ctx->cert)) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return -1; + } + /* * first we make sure the chain we are going to build is present and that * the first entry is in place */ - if (((ctx->chain = sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain, ctx->cert))) { + if ((ctx->chain = sk_X509_new_null()) == NULL + || !sk_X509_push(ctx->chain, ctx->cert)) { + X509_free(ctx->cert); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return -1; } - X509_up_ref(ctx->cert); + ctx->num_untrusted = 1; /* If the peer's public key is too weak, we can stop early. */ @@ -300,8 +312,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx) return ret; } +static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) +{ + int i, n = sk_X509_num(sk); + + for (i = 0; i < n; i++) + if (X509_cmp(sk_X509_value(sk, i), cert) == 0) + return 1; + return 0; +} + /* - * Given a STACK_OF(X509) find the issuer of cert (if any) + * Find in given STACK_OF(X509) sk an issuer cert of given cert x. + * The issuer must not yet be in ctx->chain, where the exceptional case + * that x is self-issued and ctx->chain has just one element is allowed. + * Prefer the first one that is not expired, else take the last expired one. */ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { @@ -310,7 +335,9 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) { + if (ctx->check_issued(ctx, x, issuer) + && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) + || !sk_X509_contains(ctx->chain, issuer))) { rv = issuer; if (x509_check_cert_time(ctx, rv, -1)) break; @@ -319,42 +346,25 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) return rv; } -/* Given a possible certificate and issuer check them */ - +/* Check that the given certificate 'x' is issued by the certificate 'issuer' */ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { - int ret; - if (x == issuer) - return cert_self_signed(x); - ret = X509_check_issued(issuer, x); - if (ret == X509_V_OK) { - int i; - X509 *ch; - /* Special case: single self signed certificate */ - if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) - return 1; - for (i = 0; i < sk_X509_num(ctx->chain); i++) { - ch = sk_X509_value(ctx->chain, i); - if (ch == issuer || !X509_cmp(ch, issuer)) { - ret = X509_V_ERR_PATH_LOOP; - break; - } - } - } - - return (ret == X509_V_OK); + return x509_likely_issued(issuer, x) == X509_V_OK; } /* Alternative lookup method: look from a STACK stored in other_ctx */ - static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) { - X509_up_ref(*issuer); - return 1; - } else - return 0; + + if (*issuer == NULL || !X509_up_ref(*issuer)) + goto err; + + return 1; + + err: + *issuer = NULL; + return 0; } static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) @@ -366,15 +376,21 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { x = sk_X509_value(ctx->other_ctx, i); if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { + if (!X509_up_ref(x)) { + sk_X509_pop_free(sk, X509_free); + X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR); + ctx->error = X509_V_ERR_UNSPECIFIED; + return NULL; + } if (sk == NULL) sk = sk_X509_new_null(); - if (sk == NULL || sk_X509_push(sk, x) == 0) { + if (sk == NULL || !sk_X509_push(sk, x)) { + X509_free(x); sk_X509_pop_free(sk, X509_free); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); ctx->error = X509_V_ERR_OUT_OF_MEM; return NULL; } - X509_up_ref(x); } } return sk; @@ -508,6 +524,24 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; } + if (ret > 0 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + /* Check for presence of explicit elliptic curve parameters */ + ret = check_curve(x); + if (ret < 0) { + ctx->error = X509_V_ERR_UNSPECIFIED; + ret = 0; + } else if (ret == 0) { + ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; + } + } + if (ret > 0 + && (x->ex_flags & EXFLAG_CA) == 0 + && x->ex_pathlen != -1 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + ret = 0; + } if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK)) return 0; /* check_purpose() makes the callback as needed */ @@ -1693,6 +1727,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) return 1; } +/* verify the issuer signatures and cert times of ctx->chain */ static int internal_verify(X509_STORE_CTX *ctx) { int n = sk_X509_num(ctx->chain) - 1; @@ -1707,19 +1742,25 @@ static int internal_verify(X509_STORE_CTX *ctx) if (ctx->bare_ta_signed) { xs = xi; xi = NULL; - goto check_cert; + goto check_cert_time; } if (ctx->check_issued(ctx, xi, xi)) - xs = xi; + xs = xi; /* the typical case: last cert in the chain is self-issued */ else { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { xs = xi; - goto check_cert; + goto check_cert_time; } - if (n <= 0) - return verify_cb_cert(ctx, xi, 0, - X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); + if (n <= 0) { + if (!verify_cb_cert(ctx, xi, 0, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) + return 0; + + xs = xi; + goto check_cert_time; + } + n--; ctx->error_depth = n; xs = sk_X509_value(ctx->chain, n); @@ -1730,27 +1771,55 @@ static int internal_verify(X509_STORE_CTX *ctx) * is allowed to reset errors (at its own peril). */ while (n >= 0) { - EVP_PKEY *pkey; - /* - * Skip signature check for self signed certificates unless explicitly - * asked for. It doesn't add any security and just wastes time. If - * the issuer's public key is unusable, report the issuer certificate - * and its depth (rather than the depth of the subject). + * For each iteration of this loop: + * n is the subject depth + * xs is the subject cert, for which the signature is to be checked + * xi is the supposed issuer cert containing the public key to use + * Initially xs == xi if the last cert in the chain is self-issued. + * + * Skip signature check for self-signed certificates unless explicitly + * asked for because it does not add any security and just wastes time. */ - if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { + if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE) + && (xi->ex_flags & EXFLAG_SS) != 0)) { + EVP_PKEY *pkey; + /* + * If the issuer's public key is not available or its key usage + * does not support issuing the subject cert, report the issuer + * cert and its depth (rather than n, the depth of the subject). + */ + int issuer_depth = n + (xs == xi ? 0 : 1); + /* + * According to https://tools.ietf.org/html/rfc5280#section-6.1.4 + * step (n) we must check any given key usage extension in a CA cert + * when preparing the verification of a certificate issued by it. + * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + * we must not verify a certifiate signature if the key usage of the + * CA certificate that issued the certificate prohibits signing. + * In case the 'issuing' certificate is the last in the chain and is + * not a CA certificate but a 'self-issued' end-entity cert (i.e., + * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply + * (see https://tools.ietf.org/html/rfc6818#section-2) and thus + * we are free to ignore any key usage restrictions on such certs. + */ + int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0 + ? X509_V_OK : x509_signing_allowed(xi, xs); + + if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret)) + return 0; if ((pkey = X509_get0_pubkey(xi)) == NULL) { - if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, - X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; + if (!verify_cb_cert(ctx, xi, issuer_depth, ret)) return 0; } else if (X509_verify(xs, pkey) <= 0) { - if (!verify_cb_cert(ctx, xs, n, - X509_V_ERR_CERT_SIGNATURE_FAILURE)) + ret = X509_V_ERR_CERT_SIGNATURE_FAILURE; + if (!verify_cb_cert(ctx, xs, n, ret)) return 0; } } - check_cert: + check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */ /* Calls verify callback as needed */ if (!x509_check_cert_time(ctx, xs, n)) return 0; @@ -3152,7 +3221,16 @@ static int build_chain(X509_STORE_CTX *ctx) /* Drop this issuer from future consideration */ (void) sk_X509_delete_ptr(sktmp, xtmp); + if (!X509_up_ref(xtmp)) { + X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR); + trust = X509_TRUST_REJECTED; + ctx->error = X509_V_ERR_UNSPECIFIED; + search = 0; + continue; + } + if (!sk_X509_push(ctx->chain, xtmp)) { + X509_free(xtmp); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); trust = X509_TRUST_REJECTED; ctx->error = X509_V_ERR_OUT_OF_MEM; @@ -3160,7 +3238,7 @@ static int build_chain(X509_STORE_CTX *ctx) continue; } - X509_up_ref(x = xtmp); + x = xtmp; ++ctx->num_untrusted; ss = cert_self_signed(xtmp); @@ -3251,6 +3329,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; } +/* + * Check whether the public key of ``cert`` does not use explicit params + * for an elliptic curve. + * + * Returns 1 on success, 0 if check fails, -1 for other errors. + */ +static int check_curve(X509 *cert) +{ +#ifndef OPENSSL_NO_EC + EVP_PKEY *pkey = X509_get0_pubkey(cert); + + /* Unsupported or malformed key */ + if (pkey == NULL) + return -1; + + if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { + int ret; + + ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); + return ret < 0 ? ret : !ret; + } +#endif + + return 1; +} + /* * Check whether the signature digest algorithm of ``cert`` meets the security * level of ``ctx``. Should not be checked for trust anchors (whether diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c old mode 100755 new mode 100644 index aa5ccba448997db7aff7075df48ed6d453f839e0..a4e9cdaee837ac0fbc9892a11a46404007e4ee96 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -363,7 +363,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 - && (data->ex_flags & EXFLAG_INVALID) == 0) { + && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) *len = sizeof(data->sha1_hash); diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c old mode 100755 new mode 100644 index 813c5b01c3aeb6d270444d92a1c337aca09bc513..7342c4f6bcb53722c830574e164276fe22266402 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) { X509_ATTRIBUTE *ret = NULL; ASN1_TYPE *val = NULL; + ASN1_OBJECT *oid; + if ((oid = OBJ_nid2obj(nid)) == NULL) + return NULL; if ((ret = X509_ATTRIBUTE_new()) == NULL) return NULL; - ret->object = OBJ_nid2obj(nid); + ret->object = oid; if ((val = ASN1_TYPE_new()) == NULL) goto err; if (!sk_ASN1_TYPE_push(ret->set, val)) diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c old mode 100755 new mode 100644 index 4f694b93fb0038043ee4793a3fff014ff337daeb..9be7e9286571dec207e8e82eba162b713dea2266 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret = X509_PUBKEY_get0(key); - if (ret != NULL) - EVP_PKEY_up_ref(ret); + + if (ret != NULL && !EVP_PKEY_up_ref(ret)) { + X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR); + ret = NULL; + } return ret; } diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c old mode 100755 new mode 100644 diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/build.info b/crypto/x509v3/build.info old mode 100755 new mode 100644 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c old mode 100755 new mode 100644 index 073505951322018e3fb629d083e65bc39194a45c..8c7bc69576a4c13efa74946ede7df60993ca5339 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(id); return NULL; } ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/standard_exts.h b/crypto/x509v3/standard_exts.h old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_admis.c b/crypto/x509v3/v3_admis.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c old mode 100755 new mode 100644 index 7ac2911b91af01f366d46380eecbe9d7847cc3b2..4dce0041012e44b755df4cb141cf85f348f35b85 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) num = sk_GENERAL_NAME_num(ialt); if (!sk_GENERAL_NAME_reserve(gens, num)) { X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); + sk_GENERAL_NAME_free(ialt); goto err; } diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c old mode 100755 new mode 100644 index 23778e25066841e99f15c3faecc542b0a6e1f8eb..87a5eff47cd99a61d7a5e00ad1c5a1c35626dba5 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,8 +22,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c old mode 100755 new mode 100644 index 2bc8253d2dab3a69f8f8b59461a0909dfc651296..a1aeb4e4c60b36a5d654ed771ab1a70797d75dc7 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include #include #include "crypto/x509.h" +#include "../x509/x509_local.h" /* for x509_signing_allowed() */ #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); @@ -344,6 +345,24 @@ static int setup_crldp(X509 *x) return 1; } +/* Check that issuer public key algorithm matches subject signature algorithm */ +static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) +{ + int pkey_sig_nid, subj_sig_nid; + + if (pkey == NULL) + return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), + NULL, &pkey_sig_nid) == 0) + pkey_sig_nid = EVP_PKEY_base_id(pkey); + if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), + NULL, &subj_sig_nid) == 0) + return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; + if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) + return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; + return X509_V_OK; +} + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -375,7 +394,8 @@ static void x509v3_cache_extensions(X509 *x) } if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= EXFLAG_INVALID; + x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); + /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -384,12 +404,16 @@ static void x509v3_cache_extensions(X509 *x) if (bs->ca) x->ex_flags |= EXFLAG_CA; if (bs->pathlen) { - if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) - || !bs->ca) { + if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { x->ex_flags |= EXFLAG_INVALID; x->ex_pathlen = 0; - } else + } else { x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + if (!bs->ca && x->ex_pathlen != 0) { + x->ex_flags |= EXFLAG_INVALID; + x->ex_pathlen = 0; + } + } } else x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); @@ -492,11 +516,11 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; /* Does subject name match issuer ? */ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { - x->ex_flags |= EXFLAG_SI; - /* If SKID matches AKID also indicate self signed */ - if (X509_check_akid(x, x->akid) == X509_V_OK && - !ku_reject(x, KU_KEY_CERT_SIGN)) - x->ex_flags |= EXFLAG_SS; + x->ex_flags |= EXFLAG_SI; /* cert is self-issued */ + if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ + /* .. and the signature alg matches the PUBKEY alg: */ + && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) + x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ } x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); if (x->altname == NULL && i != -1) @@ -545,9 +569,11 @@ static void x509v3_cache_extensions(X509 *x) * return codes: * 0 not a CA * 1 is a CA - * 2 basicConstraints absent so "maybe" a CA + * 2 Only possible in older versions of openSSL when basicConstraints are absent + * new versions will not return this value. May be a CA * 3 basicConstraints absent but self signed V1. * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. + * 5 Netscape specific CA Flags present */ static int check_ca(const X509 *x) @@ -786,6 +812,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) return 1; } +/*- + * Check if certificate I is allowed to issue certificate I + * according to the B field of I if present + * depending on any proxyCertInfo extension of I. + * Returns 0 for OK, or positive for reason for rejection + * where reason codes match those for X509_verify_cert(). + */ +int x509_signing_allowed(const X509 *issuer, const X509 *subject) +{ + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + /*- * Various checks to see if one certificate issued the second. * This can be used to prune a set of possible issuer certificates @@ -794,12 +837,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * These are: * 1. Check issuer_name(subject) == subject_name(issuer) * 2. If akid(subject) exists check it matches issuer - * 3. If key_usage(issuer) exists check it supports certificate signing + * 3. Check that issuer public key algorithm matches subject signature algorithm + * 4. If key_usage(issuer) exists check it supports certificate signing * returns 0 for OK, positive for reason for mismatch, reasons match * codes for X509_verify_cert() */ int X509_check_issued(X509 *issuer, X509 *subject) +{ + int ret; + + if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK) + return ret; + return x509_signing_allowed(issuer, subject); +} + +/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ +int x509_likely_issued(X509 *issuer, X509 *subject) { if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) @@ -818,12 +872,8 @@ int X509_check_issued(X509 *issuer, X509 *subject) return ret; } - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; + /* check if the subject signature alg matches the issuer's PUBKEY alg */ + return check_sig_alg_match(X509_get0_pubkey(issuer), subject); } int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c old mode 100755 new mode 100644 diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c old mode 100755 new mode 100644 diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl old mode 100755 new mode 100644 diff --git a/demos/README b/demos/README old mode 100755 new mode 100644 diff --git a/demos/bio/Makefile b/demos/bio/Makefile old mode 100755 new mode 100644 diff --git a/demos/bio/README b/demos/bio/README old mode 100755 new mode 100644 diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf old mode 100755 new mode 100644 diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c old mode 100755 new mode 100644 diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c old mode 100755 new mode 100644 diff --git a/demos/bio/cmod.cnf b/demos/bio/cmod.cnf old mode 100755 new mode 100644 diff --git a/demos/bio/connect.cnf b/demos/bio/connect.cnf old mode 100755 new mode 100644 diff --git a/demos/bio/descrip.mms b/demos/bio/descrip.mms old mode 100755 new mode 100644 diff --git a/demos/bio/intca.pem b/demos/bio/intca.pem old mode 100755 new mode 100644 diff --git a/demos/bio/root.pem b/demos/bio/root.pem old mode 100755 new mode 100644 diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c old mode 100755 new mode 100644 diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c old mode 100755 new mode 100644 diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c old mode 100755 new mode 100644 diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c old mode 100755 new mode 100644 diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c old mode 100755 new mode 100644 diff --git a/demos/bio/server-ec.pem b/demos/bio/server-ec.pem old mode 100755 new mode 100644 diff --git a/demos/bio/server.pem b/demos/bio/server.pem old mode 100755 new mode 100644 diff --git a/demos/bio/shared.opt b/demos/bio/shared.opt old mode 100755 new mode 100644 diff --git a/demos/bio/static.opt b/demos/bio/static.opt old mode 100755 new mode 100644 diff --git a/demos/certs/README b/demos/certs/README old mode 100755 new mode 100644 diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf old mode 100755 new mode 100644 diff --git a/demos/certs/apps/ckey.pem b/demos/certs/apps/ckey.pem old mode 100755 new mode 100644 diff --git a/demos/certs/apps/intkey.pem b/demos/certs/apps/intkey.pem old mode 100755 new mode 100644 diff --git a/demos/certs/apps/mkacerts.sh b/demos/certs/apps/mkacerts.sh old mode 100755 new mode 100644 diff --git a/demos/certs/apps/mkxcerts.sh b/demos/certs/apps/mkxcerts.sh old mode 100755 new mode 100644 diff --git a/demos/certs/apps/rootkey.pem b/demos/certs/apps/rootkey.pem old mode 100755 new mode 100644 diff --git a/demos/certs/apps/skey.pem b/demos/certs/apps/skey.pem old mode 100755 new mode 100644 diff --git a/demos/certs/apps/skey2.pem b/demos/certs/apps/skey2.pem old mode 100755 new mode 100644 diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf old mode 100755 new mode 100644 diff --git a/demos/certs/mkcerts.sh b/demos/certs/mkcerts.sh old mode 100755 new mode 100644 diff --git a/demos/certs/ocspquery.sh b/demos/certs/ocspquery.sh old mode 100755 new mode 100644 diff --git a/demos/certs/ocsprun.sh b/demos/certs/ocsprun.sh old mode 100755 new mode 100644 diff --git a/demos/cms/cacert.pem b/demos/cms/cacert.pem old mode 100755 new mode 100644 diff --git a/demos/cms/cakey.pem b/demos/cms/cakey.pem old mode 100755 new mode 100644 diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c old mode 100755 new mode 100644 diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c old mode 100755 new mode 100644 diff --git a/demos/cms/comp.txt b/demos/cms/comp.txt old mode 100755 new mode 100644 diff --git a/demos/cms/encr.txt b/demos/cms/encr.txt old mode 100755 new mode 100644 diff --git a/demos/cms/sign.txt b/demos/cms/sign.txt old mode 100755 new mode 100644 diff --git a/demos/cms/signer.pem b/demos/cms/signer.pem old mode 100755 new mode 100644 diff --git a/demos/cms/signer2.pem b/demos/cms/signer2.pem old mode 100755 new mode 100644 diff --git a/demos/engines/e_chil.txt b/demos/engines/e_chil.txt old mode 100755 new mode 100644 diff --git a/demos/evp/Makefile b/demos/evp/Makefile old mode 100755 new mode 100644 diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c old mode 100755 new mode 100644 diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c old mode 100755 new mode 100644 diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c old mode 100755 new mode 100644 diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c old mode 100755 new mode 100644 diff --git a/demos/smime/cacert.pem b/demos/smime/cacert.pem old mode 100755 new mode 100644 diff --git a/demos/smime/cakey.pem b/demos/smime/cakey.pem old mode 100755 new mode 100644 diff --git a/demos/smime/encr.txt b/demos/smime/encr.txt old mode 100755 new mode 100644 diff --git a/demos/smime/sign.txt b/demos/smime/sign.txt old mode 100755 new mode 100644 diff --git a/demos/smime/signer.pem b/demos/smime/signer.pem old mode 100755 new mode 100644 diff --git a/demos/smime/signer2.pem b/demos/smime/signer2.pem old mode 100755 new mode 100644 diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c old mode 100755 new mode 100644 diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c old mode 100755 new mode 100644 diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c old mode 100755 new mode 100644 diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c old mode 100755 new mode 100644 diff --git a/demos/smime/smver.c b/demos/smime/smver.c old mode 100755 new mode 100644 diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt old mode 100755 new mode 100644 diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt old mode 100755 new mode 100644 diff --git a/doc/README b/doc/README old mode 100755 new mode 100644 diff --git a/doc/dir-locals.example.el b/doc/dir-locals.example.el old mode 100755 new mode 100644 diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt old mode 100755 new mode 100644 diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod old mode 100755 new mode 100644 index 6949ec6228ac3f55fd5b5e507ff5ea4b60cce1f0..4e8958e554dd464fc67508662f83fe97488a4629 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -91,7 +91,7 @@ to standard output. Leverages B command. =item B<-signCA> -This option is the same as the B<-signreq> option except it uses the +This option is the same as the B<-sign> option except it uses the configuration file section B and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from a root CA. Extra params are passed on to B command. @@ -143,7 +143,7 @@ the request and finally create a PKCS#12 file containing it. CA.pl -newca CA.pl -newreq - CA.pl -signreq + CA.pl -sign CA.pl -pkcs12 "My Test Certificate" =head1 DSA CERTIFICATES @@ -164,7 +164,7 @@ Create the CA directories and files: CA.pl -newca -enter cacert.pem when prompted for the CA file name. +enter cacert.pem when prompted for the CA filename. Create a DSA certificate request and private key (a different set of parameters can optionally be created first): @@ -173,7 +173,7 @@ can optionally be created first): Sign the request: - CA.pl -signreq + CA.pl -sign =head1 NOTES @@ -204,7 +204,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/asn1parse.pod b/doc/man1/asn1parse.pod old mode 100755 new mode 100644 diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod old mode 100755 new mode 100644 index 27bb31493a7ffed811d667037640293dc6d31253..4380d869eaa723c8596861ad18ce046a8b9e8d35 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -163,7 +163,7 @@ self-signed certificate. =item B<-passin arg> The key password source. For more information about the format of B -see the B section in L. +see L. =item B<-notext> @@ -219,7 +219,7 @@ DNs match the order of the request. This is not needed for Xenroll. =item B<-noemailDN> The DN of a certificate can contain the EMAIL field if present in the -request DN, however it is good policy just having the e-mail set into +request DN, however, it is good policy just having the e-mail set into the altName extension of the certificate. When this option is set the EMAIL field is removed from the certificate' subject and set only in the, eventually present, extensions. The B keyword can be @@ -759,7 +759,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod old mode 100755 new mode 100644 diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod old mode 100755 new mode 100644 index 72cd9b5d4e9e22a74673b9dc9fba21793cc7bd3d..2caf3ef4d156e6cc372e486e428b5f362e03b1bd --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -465,7 +465,7 @@ or to modify default parameters for ECDH. =item B<-passin arg> The private key password source. For more information about the format of B -see the B section in L. +see L. =item B<-rand file...> @@ -735,7 +735,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b. =head1 COPYRIGHT -Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/crl.pod b/doc/man1/crl.pod old mode 100755 new mode 100644 diff --git a/doc/man1/crl2pkcs7.pod b/doc/man1/crl2pkcs7.pod old mode 100755 new mode 100644 index f58a442b5bc9e763d64b4b641d646698fedccc3d..3fcb737b70704803930a89d68940f93e845cf63d --- a/doc/man1/crl2pkcs7.pod +++ b/doc/man1/crl2pkcs7.pod @@ -56,7 +56,7 @@ output by default. Specifies a filename containing one or more certificates in B format. All certificates in the file will be added to the PKCS#7 structure. This -option can be used more than once to read certificates form multiple +option can be used more than once to read certificates from multiple files. =item B<-nocrl> @@ -96,7 +96,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod old mode 100755 new mode 100644 index ea2c4e3e1598b3b009db5e6d79db13501bea0dae..8d48c9aed6d6507056a6e2ddf7d958f5194d3334 --- a/doc/man1/dgst.pod +++ b/doc/man1/dgst.pod @@ -94,8 +94,7 @@ Filename to output to, or standard output by default. =item B<-sign filename> Digitally sign the digest using the private key in "filename". Note this option -does not support Ed25519 or Ed448 private keys. Use the B command -instead for this. +does not support Ed25519 or Ed448 private keys. =item B<-keyform arg> @@ -110,7 +109,7 @@ Names and values of these options are algorithm-specific. =item B<-passin arg> The private key password source. For more information about the format of B -see the B section in L. +see L. =item B<-verify filename> @@ -242,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/dhparam.pod b/doc/man1/dhparam.pod old mode 100755 new mode 100644 diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod old mode 100755 new mode 100644 index fb6cbf122aec7af577755d143c7660460edab095..752c22063e9c28401b025232ffdf1b2b3e0bd0a1 --- a/doc/man1/dsa.pod +++ b/doc/man1/dsa.pod @@ -75,7 +75,7 @@ prompted for. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -87,7 +87,7 @@ filename. =item B<-passout arg> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> @@ -172,7 +172,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/dsaparam.pod b/doc/man1/dsaparam.pod old mode 100755 new mode 100644 diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod old mode 100755 new mode 100644 index 4d368e20ae1960a9e3ed5168571375c5d30f6ff3..41ffc6cb63798cafaa2266c2a1c37a3e9355e044 --- a/doc/man1/ec.pod +++ b/doc/man1/ec.pod @@ -68,7 +68,7 @@ prompted for. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -80,7 +80,7 @@ filename. =item B<-passout arg> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-des|-des3|-idea> @@ -193,7 +193,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/ecparam.pod b/doc/man1/ecparam.pod old mode 100755 new mode 100644 diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod old mode 100755 new mode 100644 index 6f20ac1fc7d5691287e155a10e3603f0923aa696..3c7b6c42ea2ca567a5242069c3cdda4b43dbda53 --- a/doc/man1/enc.pod +++ b/doc/man1/enc.pod @@ -76,7 +76,7 @@ The output filename, standard output by default. =item B<-pass arg> The password source. For more information about the format of B -see the B section in L. +see L. =item B<-e> @@ -240,7 +240,7 @@ a strong block cipher, such as AES, in CBC mode. All the block ciphers normally use PKCS#5 padding, also known as standard block padding. This allows a rudimentary integrity or password check to -be performed. However since the chance of random data passing the test +be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. If padding is disabled then the input data must be a multiple of the cipher @@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/engine.pod b/doc/man1/engine.pod old mode 100755 new mode 100644 diff --git a/doc/man1/errstr.pod b/doc/man1/errstr.pod old mode 100755 new mode 100644 diff --git a/doc/man1/gendsa.pod b/doc/man1/gendsa.pod old mode 100755 new mode 100644 diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod old mode 100755 new mode 100644 index 1ba54d48661931b160daeda36284427db9dc35da..6a681ef3d219ac3038aa1fb8c7c778fb3ef2fafd --- a/doc/man1/genpkey.pod +++ b/doc/man1/genpkey.pod @@ -44,7 +44,7 @@ This specifies the output format DER or PEM. The default format is PEM. =item B<-pass arg> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-I> @@ -325,7 +325,7 @@ The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod old mode 100755 new mode 100644 index a9c994ffb18a39d6581385a4bb2f7b21702ec835..8bd3799ea92604cc299671d4ea3ded3ddf68a04c --- a/doc/man1/genrsa.pod +++ b/doc/man1/genrsa.pod @@ -51,7 +51,7 @@ standard output is used. =item B<-passout arg> The output file password source. For more information about the format -of B see the B section in L. +of B see L. =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> @@ -118,7 +118,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/list.pod b/doc/man1/list.pod old mode 100755 new mode 100644 diff --git a/doc/man1/nseq.pod b/doc/man1/nseq.pod old mode 100755 new mode 100644 diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod old mode 100755 new mode 100644 index 736055b1b669132d851f1427a0e3ce6acfbdd6bb..1f724b42bde4c115664ed38ea284fb136659537c --- a/doc/man1/ocsp.pod +++ b/doc/man1/ocsp.pod @@ -176,7 +176,7 @@ Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. =item B<-host hostname:port>, B<-path pathname> If the B option is present then the OCSP request is sent to the host -B on port B. B specifies the HTTP path name to use +B on port B. B specifies the HTTP pathname to use or "/" by default. This is equivalent to specifying B<-url> with scheme http:// and the given hostname, port, and pathname. @@ -490,7 +490,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod old mode 100755 new mode 100644 diff --git a/doc/man1/passwd.pod b/doc/man1/passwd.pod old mode 100755 new mode 100644 diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod old mode 100755 new mode 100644 index da887a469978c2a398c287112ddf4ace100e52c4..ac0397a945a990706223184453624627b9264091 --- a/doc/man1/pkcs12.pod +++ b/doc/man1/pkcs12.pod @@ -78,14 +78,12 @@ default. They are all written in PEM format. =item B<-passin arg> The PKCS#12 file (i.e. input file) password source. For more information about -the format of B see the B section in -L. +the format of B see L. =item B<-passout arg> Pass phrase source to encrypt any outputted private keys with. For more -information about the format of B see the B section -in L. +information about the format of B see L. =item B<-password arg> @@ -206,14 +204,12 @@ displays them. =item B<-pass arg>, B<-passout arg> The PKCS#12 file (i.e. output file) password source. For more information about -the format of B see the B section in -L. +the format of B see L. =item B<-passin password> Pass phrase source to decrypt any input private keys with. For more information -about the format of B see the B section in -L. +about the format of B see L. =item B<-chain> @@ -245,7 +241,7 @@ This option is only interpreted by MSIE and similar MS software. Normally encryption purposes but arbitrary length keys for signing. The B<-keysig> option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and SSL client -authentication, however due to a bug only MSIE 5.0 and later support +authentication, however, due to a bug only MSIE 5.0 and later support the use of signing only keys for SSL client authentication. =item B<-macalg digest> @@ -383,7 +379,7 @@ L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkcs7.pod b/doc/man1/pkcs7.pod old mode 100755 new mode 100644 diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod old mode 100755 new mode 100644 index b079885d2fc78bd0e0001c404013a45aaafb6687..dba75fc8d41ddef04a43ea7c3afb3d05036f5d66 --- a/doc/man1/pkcs8.pod +++ b/doc/man1/pkcs8.pod @@ -75,7 +75,7 @@ prompted for. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -87,7 +87,7 @@ filename. =item B<-passout arg> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-iter count> @@ -285,7 +285,7 @@ one million iterations of the password: Test vectors from this PKCS#5 v2.0 implementation were posted to the pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +keys produced and therefore, it can be assumed that the PKCS#5 v2.0 implementation is reasonably accurate at least as far as these algorithms are concerned. @@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkey.pod b/doc/man1/pkey.pod old mode 100755 new mode 100644 index 9569fe0e412d2e909033109e424ba522abd44f7f..1c29092793fd1f8bcc90eb522e1dfbd6ddc19111 --- a/doc/man1/pkey.pod +++ b/doc/man1/pkey.pod @@ -57,7 +57,7 @@ prompted for. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -69,7 +69,7 @@ filename. =item B<-passout password> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-traditional> @@ -158,7 +158,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/pkeyparam.pod b/doc/man1/pkeyparam.pod old mode 100755 new mode 100644 diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod old mode 100755 new mode 100644 index dffc449a4e0ed454b7d7a806da14426d6f63c373..3b350efadd4fb460b2df64a56c68716bff72b769 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -38,7 +38,7 @@ B B =head1 DESCRIPTION -The B command can be used to perform low level public key operations +The B command can be used to perform low-level public key operations using any supported algorithm. =head1 OPTIONS @@ -74,7 +74,7 @@ The key format PEM, DER or ENGINE. Default is PEM. =item B<-passin arg> The input key password source. For more information about the format of B -see the B section in L. +see L. =item B<-peerkey file> @@ -327,7 +327,7 @@ L, L =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/prime.pod b/doc/man1/prime.pod old mode 100755 new mode 100644 diff --git a/doc/man1/rand.pod b/doc/man1/rand.pod old mode 100755 new mode 100644 diff --git a/doc/man1/rehash.pod b/doc/man1/rehash.pod old mode 100755 new mode 100644 diff --git a/doc/man1/req.pod b/doc/man1/req.pod old mode 100755 new mode 100644 index 730c59079d6797c64b4002e6f3093051b61aea15..539b843803edea21ceae0bf22edc7c564e6a42d9 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -91,7 +91,7 @@ Names and values of these options are algorithm-specific. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -101,7 +101,7 @@ default. =item B<-passout arg> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-text> @@ -695,7 +695,7 @@ L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod old mode 100755 new mode 100644 index 37f64616c00fe1576bba65d5d71fa2c1969c6f3b..fddd828b9fc467b9f274ca53cdf868b9fc0f85d3 --- a/doc/man1/rsa.pod +++ b/doc/man1/rsa.pod @@ -75,7 +75,7 @@ prompted for. =item B<-passin arg> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-out filename> @@ -87,7 +87,7 @@ filename. =item B<-passout password> The output file password source. For more information about the format of B -see the B section in L. +see L. =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> @@ -195,7 +195,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/rsautl.pod b/doc/man1/rsautl.pod old mode 100755 new mode 100644 diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod old mode 100755 new mode 100644 index 68a152a272bd4ffb47e6056eb2d36dc95148abab..743b2db2ba434d49da1c5aa16f0130e12455f1c0 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -258,7 +258,7 @@ Extra certificate and private key format respectively. =item B<-pass arg> the private key password source. For more information about the format of B -see the B section in L. +see L. =item B<-verify depth> @@ -427,11 +427,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output. =item B<-nbio_test> -Tests non-blocking I/O +Tests nonblocking I/O =item B<-nbio> -Turns on non-blocking I/O +Turns on nonblocking I/O =item B<-crlf> @@ -781,14 +781,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B the CA list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the @@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod old mode 100755 new mode 100644 index 7fa382a8ae33299d5817aa9e0c4ec8a265810560..9fdac491903821d223fb2e30d1e34058f6e75187 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -297,7 +297,7 @@ The private format to use: DER or PEM. PEM is the default. =item B<-pass val> The private key password source. For more information about the format of B -see the B section in L. +see L. =item B<-dcert infile>, B<-dkey infile> @@ -432,9 +432,9 @@ used in conjunction with B<-early_data>. =item B<-id_prefix val> Generate SSL/TLS session IDs prefixed by B. This is mostly useful -for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple servers, when each of which might be generating a unique range of session -IDs (eg. with a certain prefix). +IDs (e.g. with a certain prefix). =item B<-rand file...> @@ -845,7 +845,7 @@ The =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod old mode 100755 new mode 100644 index ac32f36bc789850bf8d9625f144cdf862ab88178..1085bfbbb44bd197196b63192a2258c8d0cad8d3 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -14,7 +14,7 @@ B B [B<-cert filename>] [B<-key filename>] [B<-CApath directory>] -[B<-cafile filename>] +[B<-CAfile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-reuse>] @@ -177,14 +177,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using L the CA list can be -viewed and checked. However some servers only request client authentication +viewed and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option of L and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. =head1 BUGS @@ -202,7 +202,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/sess_id.pod b/doc/man1/sess_id.pod old mode 100755 new mode 100644 index 6c54ed988bbec329d2f2459b8314d4900ba4e6fa..543b5b7de7ff92f6ef06c3e7c981dbf33b9a64c2 --- a/doc/man1/sess_id.pod +++ b/doc/man1/sess_id.pod @@ -142,7 +142,7 @@ The PEM encoded session format uses the header and footer lines: Since the SSL session output contains the master key it is possible to read the contents of an encrypted session using this -information. Therefore appropriate security precautions should be taken if +information. Therefore, appropriate security precautions should be taken if the information is being output by a "real" application. This is however strongly discouraged and should only be used for debugging purposes. diff --git a/doc/man1/smime.pod b/doc/man1/smime.pod old mode 100755 new mode 100644 index 7f224fdc5e9dc32bfa81fba8abd7b5b015c5a661..bf40d04cae4bb7bcb955c3e9a34414312a6c08f5 --- a/doc/man1/smime.pod +++ b/doc/man1/smime.pod @@ -295,7 +295,7 @@ specified, the argument is given to the engine as a key identifier. =item B<-passin arg> The private key password source. For more information about the format of B -see the B section in L. +see L. =item B<-rand file...> @@ -514,7 +514,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/speed.pod b/doc/man1/speed.pod old mode 100755 new mode 100644 diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod old mode 100755 new mode 100644 index 655f1358074a1b6db2e479cb289d8f3b11048c9f..87e1b4bbcaa84bfa16c04862a5188007447de58a --- a/doc/man1/spkac.pod +++ b/doc/man1/spkac.pod @@ -60,7 +60,7 @@ The default is PEM. =item B<-passin password> The input file password source. For more information about the format of B -see the B section in L. +see L. =item B<-challenge string> @@ -145,7 +145,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/srp.pod b/doc/man1/srp.pod old mode 100755 new mode 100644 diff --git a/doc/man1/storeutl.pod b/doc/man1/storeutl.pod old mode 100755 new mode 100644 index a8d82bfb612b2a684fde6e8260612b868591e011..3d2cb60bdc134e01c34541a98a0bc8459e803113 --- a/doc/man1/storeutl.pod +++ b/doc/man1/storeutl.pod @@ -51,7 +51,7 @@ this option prevents output of the PEM data. =item B<-passin arg> the key password source. For more information about the format of B -see the B section in L. +see L. =item B<-text> @@ -123,7 +123,7 @@ The B B app was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod old mode 100755 new mode 100644 index ec57ec7ebbd4baed908a86222b2ee675bb8837e8..9e1ffd5d083d943096cea6bce0477faa1be81b9d --- a/doc/man1/ts.pod +++ b/doc/man1/ts.pod @@ -101,23 +101,23 @@ the hash to the TSA. =item 2. The TSA attaches the current date and time to the received hash value, -signs them and sends the time stamp token back to the client. By +signs them and sends the timestamp token back to the client. By creating this token the TSA certifies the existence of the original data file at the time of response generation. =item 3. -The TSA client receives the time stamp token and verifies the +The TSA client receives the timestamp token and verifies the signature on it. It also checks if the token contains the same hash value that it had sent to the TSA. =back -There is one DER encoded protocol data unit defined for transporting a time -stamp request to the TSA and one for sending the time stamp response +There is one DER encoded protocol data unit defined for transporting +a timestamp request to the TSA and one for sending the timestamp response back to the client. The B command has three main functions: -creating a time stamp request based on a data file, -creating a time stamp response based on a request, verifying if a +creating a timestamp request based on a data file, +creating a timestamp response based on a request, verifying if a response corresponds to a particular request or a data file. There is no support for sending the requests/responses automatically @@ -128,7 +128,7 @@ requests either by ftp or e-mail. =head2 Time Stamp Request generation -The B<-query> switch can be used for creating and printing a time stamp +The B<-query> switch can be used for creating and printing a timestamp request with the following options: =over 4 @@ -154,7 +154,7 @@ see L. =item B<-data> file_to_hash -The data file for which the time stamp request needs to be +The data file for which the timestamp request needs to be created. stdin is the default if neither the B<-data> nor the B<-digest> parameter is specified. (Optional) @@ -175,7 +175,7 @@ The default is SHA-1. (Optional) =item B<-tspolicy> object_id The policy that the client expects the TSA to use for creating the -time stamp token. Either the dotted OID notation or OID names defined +timestamp token. Either the dotted OID notation or OID names defined in the config file can be used. If no policy is requested the TSA will use its own default policy. (Optional) @@ -193,7 +193,7 @@ response. (Optional) =item B<-in> request.tsq -This option specifies a previously created time stamp request in DER +This option specifies a previously created timestamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional) @@ -212,13 +212,13 @@ instead of DER. (Optional) =head2 Time Stamp Response generation -A time stamp response (TimeStampResp) consists of a response status -and the time stamp token itself (ContentInfo), if the token generation was -successful. The B<-reply> command is for creating a time stamp -response or time stamp token based on a request and printing the +A timestamp response (TimeStampResp) consists of a response status +and the timestamp token itself (ContentInfo), if the token generation was +successful. The B<-reply> command is for creating a timestamp +response or timestamp token based on a request and printing the response/token in human-readable format. If B<-token_out> is not -specified the output is always a time stamp response (TimeStampResp), -otherwise it is a time stamp token (ContentInfo). +specified the output is always a timestamp response (TimeStampResp), +otherwise it is a timestamp token (ContentInfo). =over 4 @@ -237,12 +237,12 @@ used, see B for details. (Optional) =item B<-queryfile> request.tsq -The name of the file containing a DER encoded time stamp request. (Optional) +The name of the file containing a DER encoded timestamp request. (Optional) =item B<-passin> password_src Specifies the password source for the private key of the TSA. See -B in L. (Optional) +L. (Optional) =item B<-signer> tsa_cert.pem @@ -282,19 +282,19 @@ B config file option. (Optional) =item B<-in> response.tsr -Specifies a previously created time stamp response or time stamp token +Specifies a previously created timestamp response or timestamp token (if B<-token_in> is also specified) in DER format that will be written to the output file. This option does not require a request, it is useful e.g. when you need to examine the content of a response or -token or you want to extract the time stamp token from a response. If -the input is a token and the output is a time stamp response a default +token or you want to extract the timestamp token from a response. If +the input is a token and the output is a timestamp response a default 'granted' status info is added to the token. (Optional) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-out> response.tsr @@ -304,7 +304,7 @@ stdout. (Optional) =item B<-token_out> -The output is a time stamp token (ContentInfo) instead of time stamp +The output is a timestamp token (ContentInfo) instead of timestamp response (TimeStampResp). (Optional) =item B<-text> @@ -323,8 +323,8 @@ for all available algorithms. Default is builtin. (Optional) =head2 Time Stamp Response verification -The B<-verify> command is for verifying if a time stamp response or time -stamp token is valid and matches a particular time stamp request or +The B<-verify> command is for verifying if a timestamp response or +timestamp token is valid and matches a particular timestamp request or data file. The B<-verify> command does not use the configuration file. =over 4 @@ -345,18 +345,18 @@ specified with this one. (Optional) =item B<-queryfile> request.tsq -The original time stamp request in DER format. The B<-data> and B<-digest> +The original timestamp request in DER format. The B<-data> and B<-digest> options must not be specified with this one. (Optional) =item B<-in> response.tsr -The time stamp response that needs to be verified in DER format. (Mandatory) +The timestamp response that needs to be verified in DER format. (Mandatory) =item B<-token_in> This flag can be used together with the B<-in> option and indicates -that the input is a DER encoded time stamp token (ContentInfo) instead -of a time stamp response (TimeStampResp). (Optional) +that the input is a DER encoded timestamp token (ContentInfo) instead +of a timestamp response (TimeStampResp). (Optional) =item B<-CApath> trusted_cert_path @@ -430,7 +430,7 @@ See L for description. (Optional) =item B The name of the file containing the hexadecimal serial number of the -last time stamp response created. This number is incremented by 1 for +last timestamp response created. This number is incremented by 1 for each response. If the file does not exist at the time of response generation a new file is created with serial number 1. (Mandatory) @@ -487,7 +487,7 @@ the components is missing zero is assumed for that field. (Optional) =item B Specifies the maximum number of digits, which represent the fraction of -seconds, that need to be included in the time field. The trailing zeroes +seconds, that need to be included in the time field. The trailing zeros must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. The maximum value is 6, default is 0. @@ -530,13 +530,13 @@ openssl/apps/openssl.cnf will do. =head2 Time Stamp Request -To create a time stamp request for design1.txt with SHA-1 +To create a timestamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response: openssl ts -query -data design1.txt -no_nonce \ -out design1.tsq -To create a similar time stamp request with specifying the message imprint +To create a similar timestamp request with specifying the message imprint explicitly: openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ @@ -546,7 +546,7 @@ To print the content of the previous request in human readable format: openssl ts -query -in design1.tsq -text -To create a time stamp request which includes the MD-5 digest +To create a timestamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file): @@ -568,7 +568,7 @@ below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA. -To create a time stamp response for a request: +To create a timestamp response for a request: openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \ -signer tsacert.pem -out design1.tsr @@ -577,44 +577,44 @@ If you want to use the settings in the config file you could just write: openssl ts -reply -queryfile design1.tsq -out design1.tsr -To print a time stamp reply to stdout in human readable format: +To print a timestamp reply to stdout in human readable format: openssl ts -reply -in design1.tsr -text -To create a time stamp token instead of time stamp response: +To create a timestamp token instead of timestamp response: openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out -To print a time stamp token to stdout in human readable format: +To print a timestamp token to stdout in human readable format: openssl ts -reply -in design1_token.der -token_in -text -token_out -To extract the time stamp token from a response: +To extract the timestamp token from a response: openssl ts -reply -in design1.tsr -out design1_token.der -token_out -To add 'granted' status info to a time stamp token thereby creating a +To add 'granted' status info to a timestamp token thereby creating a valid response: openssl ts -reply -in design1_token.der -token_in -out design1.tsr =head2 Time Stamp Verification -To verify a time stamp reply against a request: +To verify a timestamp reply against a request: openssl ts -verify -queryfile design1.tsq -in design1.tsr \ -CAfile cacert.pem -untrusted tsacert.pem -To verify a time stamp reply that includes the certificate chain: +To verify a timestamp reply that includes the certificate chain: openssl ts -verify -queryfile design2.tsq -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against the original data file: +To verify a timestamp token against the original data file: openssl ts -verify -data design2.txt -in design2.tsr \ -CAfile cacert.pem -To verify a time stamp token against a message imprint: +To verify a timestamp token against a message imprint: openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ -in design2.tsr -CAfile cacert.pem @@ -628,7 +628,7 @@ You could also look at the 'test' directory for more examples. =item * -No support for time stamps over SMTP, though it is quite easy +No support for timestamps over SMTP, though it is quite easy to implement an automatic e-mail based TSA with L and L. HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by @@ -638,7 +638,7 @@ L. Pure TCP/IP protocol is not supported. The file containing the last serial number of the TSA is not locked when being read or written. This is a problem if more than one -instance of L is trying to create a time stamp +instance of L is trying to create a timestamp response at the same time. This is not an issue when using the apache server module, it does proper locking. @@ -665,7 +665,7 @@ L =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/tsget.pod b/doc/man1/tsget.pod old mode 100755 new mode 100644 index 43bf2c7e35ac549bd8a00e969a0fbf7d9a85e811..8fe417f2a06f898da39c3bad4333e95e958b10bf --- a/doc/man1/tsget.pod +++ b/doc/man1/tsget.pod @@ -24,15 +24,15 @@ B<-h> server_url =head1 DESCRIPTION -The B command can be used for sending a time stamp request, as -specified in B, to a time stamp server over HTTP or HTTPS and storing -the time stamp response in a file. This tool cannot be used for creating the +The B command can be used for sending a timestamp request, as +specified in B, to a timestamp server over HTTP or HTTPS and storing +the timestamp response in a file. This tool cannot be used for creating the requests and verifying responses, you can use the OpenSSL B command to do that. B can send several requests to the server without closing the TCP connection if more than one requests are specified on the command line. -The tool sends the following HTTP request for each time stamp request: +The tool sends the following HTTP request for each timestamp request: POST url HTTP/1.1 User-Agent: OpenTSA tsget.pl/ @@ -53,7 +53,7 @@ written to a file without any interpretation. =item B<-h> server_url -The URL of the HTTP/HTTPS server listening for time stamp requests. +The URL of the HTTP/HTTPS server listening for timestamp requests. =item B<-e> extension @@ -64,8 +64,8 @@ the input files. Default extension is '.tsr'. (Optional) =item B<-o> output This option can be specified only when just one request is sent to the -server. The time stamp response will be written to the given output file. '-' -means standard output. In case of multiple time stamp requests or the absence +server. The timestamp response will be written to the given output file. '-' +means standard output. In case of multiple timestamp requests or the absence of this argument the names of the output files will be derived from the names of the input files and the default or specified extension argument. (Optional) @@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional) =item [request]... -List of files containing B DER-encoded time stamp requests. If no +List of files containing B DER-encoded timestamp requests. If no requests are specified only one request will be sent to the server and it will be read from the standard input. (Optional) @@ -139,35 +139,35 @@ arguments. =head1 EXAMPLES The examples below presume that B and B contain valid -time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests +timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests and at port 8443 for HTTPS requests, the TSA service is available at the /tsa absolute path. -Get a time stamp response for file1.tsq over HTTP, output is written to +Get a timestamp response for file1.tsq over HTTP, output is written to file1.tsr: tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq -Get a time stamp response for file1.tsq and file2.tsq over HTTP showing +Get a timestamp response for file1.tsq and file2.tsq over HTTP showing progress, output is written to file1.reply and file2.reply respectively: tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \ file1.tsq file2.tsq -Create a time stamp request, write it to file3.tsq, send it to the server and +Create a timestamp request, write it to file3.tsq, send it to the server and write the response to file3.tsr: openssl ts -query -data file3.txt -cert | tee file3.tsq \ | tsget -h http://tsa.opentsa.org:8080/tsa \ -o file3.tsr -Get a time stamp response for file1.tsq over HTTPS without client +Get a timestamp response for file1.tsq over HTTPS without client authentication: tsget -h https://tsa.opentsa.org:8443/tsa \ -C cacerts.pem file1.tsq -Get a time stamp response for file1.tsq over HTTPS with certificate-based +Get a timestamp response for file1.tsq over HTTPS with certificate-based client authentication (it will ask for the passphrase if client_key.pem is protected): @@ -192,7 +192,7 @@ B =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod old mode 100755 new mode 100644 index 63ba850b915dbd9d58d79acdca8ba9ec7ca751f2..da2b7024821d1980bec3dd8954423820457b61e1 --- a/doc/man1/verify.pod +++ b/doc/man1/verify.pod @@ -98,8 +98,11 @@ current system time. B is the number of seconds since =item B<-check_ss_sig> -Verify the signature on the self-signed root CA. This is disabled by default -because it doesn't add any security. +Verify the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +This verification is disabled by default because it doesn't add any security. =item B<-CRLfile file> @@ -333,7 +336,7 @@ in PEM format. =head1 VERIFY OPERATION The B program uses the same functions as the internal SSL and S/MIME -verification, therefore this description applies to these verify operations +verification, therefore, this description applies to these verify operations too. There is one crucial difference between the verify operations performed @@ -379,10 +382,14 @@ should be trusted for the supplied purpose. For compatibility with previous versions of OpenSSL, a certificate with no trust settings is considered to be valid for all purposes. -The final operation is to check the validity of the certificate chain. The validity -period is checked against the current system time and the notBefore and notAfter -dates in the certificate. The certificate signatures are also checked at this -point. +The final operation is to check the validity of the certificate chain. +For each element in the chain, including the root CA certificate, +the validity period as specified by the C and C fields +is checked against the current system time. +The B<-attime> flag may be used to use a reference time other than "now." +The certificate signature is checked as well +(except for the signature of the typically self-signed root CA certificate, +which is verified only if the B<-check_ss_sig> option is given). If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid. @@ -769,7 +776,7 @@ is silently ignored. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/version.pod b/doc/man1/version.pod old mode 100755 new mode 100644 diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod old mode 100755 new mode 100644 index 65cec9dbda6760561b48b34ce92aba05b25b935e..3c9b2f2263e35ab0e6b725bc0a51baa5ff5f258b --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -255,7 +255,7 @@ Prints out the start and expiry dates of a certificate. =item B<-checkend arg> Checks if the certificate expires within the next B seconds and exits -non-zero if yes it will expire or zero if not. +nonzero if yes it will expire or zero if not. =item B<-fingerprint> @@ -376,7 +376,7 @@ Names and values of these options are algorithm-specific. =item B<-passin arg> The key password source. For more information about the format of B -see the B section in L. +see L. =item B<-clrext> @@ -932,7 +932,7 @@ the old form must have their links rebuilt using B or similar. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod old mode 100755 new mode 100644 index ac6a5799df9d1eb67453cde751c46832c30caf6c..faf34eb186375e1ef253493288c48df02fb853bc --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -81,7 +81,7 @@ instead. In general an B or B type can contain an integer of almost arbitrary size and so cannot always be represented by a C -B type. However in many cases (for example version numbers) they +B type. However, in many cases (for example version numbers) they represent small integers which can be more easily manipulated if converted to an appropriate C integer type. @@ -123,7 +123,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_ITEM_lookup.pod b/doc/man3/ASN1_ITEM_lookup.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_OBJECT_new.pod b/doc/man3/ASN1_OBJECT_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_STRING_TABLE_add.pod b/doc/man3/ASN1_STRING_TABLE_add.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod old mode 100755 new mode 100644 index 85d356540bc3ea1ff06ee72442d88557f8128da8..ab109c2ede78dc167d69fdacc379fa0c4cb7dbd1 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example for an IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in UTF8 format. +character in big endian format, and for a UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). @@ -103,7 +103,7 @@ L =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_STRING_new.pod b/doc/man3/ASN1_STRING_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_STRING_print_ex.pod b/doc/man3/ASN1_STRING_print_ex.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod old mode 100755 new mode 100644 index 5ed817517dc6ec352261a948845db193fd038845..584ae232acf6938e20878a971a569911f24c934a --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -117,7 +117,7 @@ one or both (depending on the time difference) of B<*pday> and B<*psec> will be positive. If B represents a time earlier than B then one or both of B<*pday> and B<*psec> will be negative. If B and B represent the same time then B<*pday> and B<*psec> will both be zero. -If both B<*pday> and B<*psec> are non-zero they will always have the same +If both B<*pday> and B<*psec> are nonzero they will always have the same sign. The value of B<*psec> will always be less than the number of seconds in a day. If B or B is NULL the current time is used. @@ -167,7 +167,7 @@ format. =head1 BUGS ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() -do not print out the time zone: it either prints out "GMT" or nothing. But all +do not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. Use the ASN1_TIME_normalize() function to normalize the time value before @@ -248,7 +248,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_TYPE_get.pod b/doc/man3/ASN1_TYPE_get.pod old mode 100755 new mode 100644 index fb797220a47f07030160c918185cea82f74deb63..f14850b39f591e6ea247d195af728a79596ba83f --- a/doc/man3/ASN1_TYPE_get.pod +++ b/doc/man3/ASN1_TYPE_get.pod @@ -33,7 +33,7 @@ up after the call. ASN1_TYPE_set1() sets the value of B to B a copy of B. ASN1_TYPE_cmp() compares ASN.1 types B and B and returns 0 if -they are identical and non-zero otherwise. +they are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in B using the ASN.1 structure B. If successful it returns a pointer @@ -62,12 +62,12 @@ length octets). ASN1_TYPE_cmp() may not return zero if two types are equivalent but have different encodings. For example the single content octet of the boolean TRUE -value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will +value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will only return zero if the values are the same. If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the -return value is non-zero. Technically if both parameters are NULL the two -types could be absent OPTIONAL fields and so should match, however passing +return value is nonzero. Technically if both parameters are NULL the two +types could be absent OPTIONAL fields and so should match, however, passing NULL values could also indicate a programming error (for example an unparsable type which returns NULL) for types which do B match. So applications should handle the case of two absent values separately. @@ -80,7 +80,7 @@ ASN1_TYPE_set() does not return a value. ASN1_TYPE_set1() returns 1 for success and 0 for failure. -ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise. +ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise. ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or NULL on failure. diff --git a/doc/man3/ASN1_generate_nconf.pod b/doc/man3/ASN1_generate_nconf.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ASYNC_WAIT_CTX_new.pod b/doc/man3/ASYNC_WAIT_CTX_new.pod old mode 100755 new mode 100644 index e4d809c08fd163c771bafc7309f8410c2d0c86fc..0e8c1d8010a25ac60f8dd85be0aa75bc62be6d47 --- a/doc/man3/ASYNC_WAIT_CTX_new.pod +++ b/doc/man3/ASYNC_WAIT_CTX_new.pod @@ -50,7 +50,7 @@ job in B<*fd>. The number of file descriptors returned will be stored in B<*numfds>. It is the caller's responsibility to ensure that sufficient memory has been allocated in B<*fd> to receive all the file descriptors. Calling ASYNC_WAIT_CTX_get_all_fds() with a NULL B value will return no file -descriptors but will still populate B<*numfds>. Therefore application code is +descriptors but will still populate B<*numfds>. Therefore, application code is typically expected to call this function twice: once to get the number of fds, and then again when sufficient memory has been allocated. If only one asynchronous engine is being used then normally this call will only ever return @@ -117,7 +117,7 @@ success or 0 on error. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -134,7 +134,7 @@ were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASYNC_start_job.pod b/doc/man3/ASYNC_start_job.pod old mode 100755 new mode 100644 index b06db76708a29a7fce92ba4e8a4596a0cbc15a81..810b9678731fe62a4f182a6b4af5f6f5cd63446d --- a/doc/man3/ASYNC_start_job.pod +++ b/doc/man3/ASYNC_start_job.pod @@ -166,7 +166,7 @@ otherwise. On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -321,7 +321,7 @@ added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BF_encrypt.pod b/doc/man3/BF_encrypt.pod old mode 100755 new mode 100644 index b20f634da6f515279659ead0294cf0cff5ec2f8c..02e04b7f34cb16e1276a3c99fcca6738c3750a18 --- a/doc/man3/BF_encrypt.pod +++ b/doc/man3/BF_encrypt.pod @@ -60,7 +60,7 @@ recipient needs to know what it was initialized with, or it won't be able to decrypt. Some programs and protocols simplify this, like SSH, where B is simply initialized to zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while -BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable +BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable number of bytes (the amount does not have to be an exact multiple of 8). The purpose of the latter two is to simulate stream ciphers, and therefore, they need the parameter B, which is a pointer to an integer where the current @@ -109,7 +109,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDR.pod b/doc/man3/BIO_ADDR.pod old mode 100755 new mode 100644 index 4b169e8a89c40d82dbc078ba7ef2c3ea0999f808..e9652ed550e2daa13d9252b6afef1f67319e35f0 --- a/doc/man3/BIO_ADDR.pod +++ b/doc/man3/BIO_ADDR.pod @@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B created with BIO_ADDR_new(). BIO_ADDR_clear() clears any data held within the provided B and sets it back to an uninitialised state. -BIO_ADDR_rawmake() takes a protocol B, an byte array of +BIO_ADDR_rawmake() takes a protocol B, a byte array of size B with an address in network byte order pointed at by B and a port number in network byte order in B (except for the B protocol family, where B is meaningless and @@ -115,7 +115,7 @@ L, L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ADDRINFO.pod b/doc/man3/BIO_ADDRINFO.pod old mode 100755 new mode 100644 index 8ca6454abbcb2a15ef00a10d537803e362404ea6..37609666fdbf290bb59326359f9452831f2ba95b --- a/doc/man3/BIO_ADDRINFO.pod +++ b/doc/man3/BIO_ADDRINFO.pod @@ -94,7 +94,7 @@ information they should return isn't available. The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() function. On Linux it is known that specifying 0 for the protocol will not -return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP +return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP address is required then the B parameter to BIO_lookup_ex() should be explicitly set to IPPROTO_SCTP. The same may be true on other platforms. @@ -104,7 +104,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_connect.pod b/doc/man3/BIO_connect.pod old mode 100755 new mode 100644 index 853315aa46a4cf168741dfda28a6a077269ad021..0ebf17cacf4766430ceb81dd3605ce25e263659d --- a/doc/man3/BIO_connect.pod +++ b/doc/man3/BIO_connect.pod @@ -55,7 +55,7 @@ Enables regular sending of keep-alive messages. =item BIO_SOCK_NONBLOCK -Sets the socket to non-blocking mode. +Sets the socket to nonblocking mode. =item BIO_SOCK_NODELAY @@ -107,7 +107,7 @@ Use the functions described above instead. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod old mode 100755 new mode 100644 index 60cd10883b54316778cb7c3e266eaf9561aade8e..2e438c3ce9528f1036389a82e5189d34d079c4da --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -109,7 +109,7 @@ Filter BIOs if they do not internally handle a particular BIO_ctrl() operation usually pass the operation to the next BIO in the chain. This often means there is no need to locate the required BIO for a particular operation, it can be called on a chain and it will -be automatically passed to the relevant BIO. However this can cause +be automatically passed to the relevant BIO. However, this can cause unexpected results: for example no current filter BIOs implement BIO_seek(), but this may still succeed if the chain ends in a FILE or file descriptor BIO. @@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_f_buffer.pod b/doc/man3/BIO_f_buffer.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_f_cipher.pod b/doc/man3/BIO_f_cipher.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_f_null.pod b/doc/man3/BIO_f_null.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_find_type.pod b/doc/man3/BIO_find_type.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_get_data.pod b/doc/man3/BIO_get_data.pod old mode 100755 new mode 100644 index c3137c4c55882a0021c5071dac50c16c242a0f7b..da1651c7576f425a8f7689fe11ced667c7a78fd6 --- a/doc/man3/BIO_get_data.pod +++ b/doc/man3/BIO_get_data.pod @@ -25,7 +25,7 @@ the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). This can be used by custom BIOs for storing implementation specific information. The BIO_set_init() function sets the value of the BIO's "init" flag to indicate -whether initialisation has been completed for this BIO or not. A non-zero value +whether initialisation has been completed for this BIO or not. A nonzero value indicates that initialisation is complete, whilst zero indicates that it is not. Often initialisation will complete during initial construction of the BIO. For some BIOs however, initialisation may not complete until after additional steps @@ -55,7 +55,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_meth_new.pod b/doc/man3/BIO_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_new.pod b/doc/man3/BIO_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_new_CMS.pod b/doc/man3/BIO_new_CMS.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_parse_hostserv.pod b/doc/man3/BIO_parse_hostserv.pod old mode 100755 new mode 100644 index 73cb6100d74eea216e7ee79002abe97b097c7552..35c14d1bc1c9f4991682a9db612110300a26f737 --- a/doc/man3/BIO_parse_hostserv.pod +++ b/doc/man3/BIO_parse_hostserv.pod @@ -19,10 +19,10 @@ BIO_parse_hostserv =head1 DESCRIPTION BIO_parse_hostserv() will parse the information given in B, -create strings with the host name and service name and give those +create strings with the hostname and service name and give those back via B and B. Those will need to be freed after they are used. B helps determine if B shall -be interpreted primarily as a host name or a service name in ambiguous +be interpreted primarily as a hostname or a service name in ambiguous cases. The syntax the BIO_parse_hostserv() recognises is: @@ -68,7 +68,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_printf.pod b/doc/man3/BIO_printf.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod old mode 100755 new mode 100644 index 270ab533e543e6d12844ea0190f50ceaab926c47..d0ebf32caace4b68857b62750c497a607a48b10d --- a/doc/man3/BIO_read.pod +++ b/doc/man3/BIO_read.pod @@ -55,7 +55,7 @@ NUL is not included in the length returned by BIO_gets(). =head1 NOTES A 0 or -1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type +particular when the source/sink is nonblocking or of a certain type it may merely be an indication that no data is currently available and that the application should retry the operation later. @@ -87,7 +87,7 @@ keep the '\n' at the end of the line in the buffer. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_accept.pod b/doc/man3/BIO_s_accept.pod old mode 100755 new mode 100644 index 37b6f4d839129674b63998372201e3266502e7a2..312c881bbc49b626d5f40ae8842d0f1e7e92910f --- a/doc/man3/BIO_s_accept.pod +++ b/doc/man3/BIO_s_accept.pod @@ -143,7 +143,7 @@ however because the accept BIO will still accept additional incoming connections. This can be resolved by using BIO_pop() (see above) and freeing up the accept BIO after the initial connection. -If the underlying accept socket is non-blocking and BIO_do_accept() is +If the underlying accept socket is nonblocking and BIO_do_accept() is called to await an incoming connection it is possible for BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens then it is an indication that an accept attempt would block: the application @@ -224,7 +224,7 @@ down each and finally closes both down. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_bio.pod b/doc/man3/BIO_s_bio.pod old mode 100755 new mode 100644 index f78fe13489c672f28995acb5d65bb7c360d73d09..4837d19440bbd6d0c9964580d239c018826beec1 --- a/doc/man3/BIO_s_bio.pod +++ b/doc/man3/BIO_s_bio.pod @@ -144,7 +144,7 @@ without having to go through the SSL-interface. ... BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); SSL_set_bio(ssl, internal_bio, internal_bio); - SSL_operations(); /* e.g SSL_read and SSL_write */ + SSL_operations(); /* e.g. SSL_read and SSL_write */ ... application | TLS-engine @@ -167,7 +167,7 @@ without having to go through the SSL-interface. ... As the BIO pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write +connection, it behaves nonblocking and will return as soon as the write buffer is full or the read buffer is drained. Then the application has to flush the write buffer and/or fill the read buffer. @@ -191,7 +191,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod old mode 100755 new mode 100644 index 4f145297c5876b4006821be2c4cf6628a269e731..1223fad831cb6ee72901c280d2a44bf794577de3 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -106,7 +106,7 @@ If blocking I/O is set then a non positive return value from any I/O call is caused by an error condition, although a zero return will normally mean that the connection was closed. -If the port name is supplied as part of the host name then this will +If the port name is supplied as part of the hostname then this will override any value set with BIO_set_conn_port(). This may be undesirable if the application does not wish to allow connection to arbitrary ports. This can be avoided by checking for the presence of the ':' @@ -203,7 +203,7 @@ Use BIO_set_conn_address() and BIO_get_conn_address() instead. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_fd.pod b/doc/man3/BIO_s_fd.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_s_file.pod b/doc/man3/BIO_s_file.pod old mode 100755 new mode 100644 index 2ed0bb3c0f353d8d447981510a6a9484fbf580d6..f1a75f7c627ac1d363ffddb596708b99d912a380 --- a/doc/man3/BIO_s_file.pod +++ b/doc/man3/BIO_s_file.pod @@ -78,7 +78,7 @@ in stdio behaviour will be mirrored by the corresponding BIO. On Windows BIO_new_files reserves for the filename argument to be UTF-8 encoded. In other words if you have to make it work in multi- -lingual environment, encode file names in UTF-8. +lingual environment, encode filenames in UTF-8. =head1 RETURN VALUES @@ -158,7 +158,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_s_null.pod b/doc/man3/BIO_s_null.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_s_socket.pod b/doc/man3/BIO_s_socket.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod old mode 100755 new mode 100644 index 291456baa42a2a30a26a428c24ba7d27020510be..f7ee104c28556de30afd0a77f69675ae697a150e --- a/doc/man3/BIO_set_callback.pod +++ b/doc/man3/BIO_set_callback.pod @@ -31,7 +31,7 @@ BIO_callback_fn_ex, BIO_callback_fn =head1 DESCRIPTION BIO_set_callback_ex() and BIO_get_callback_ex() set and retrieve the BIO -callback. The callback is called during most high level BIO operations. It can +callback. The callback is called during most high-level BIO operations. It can be used for debugging purposes to trace operations on a BIO or to modify its operation. @@ -230,7 +230,7 @@ in crypto/bio/bio_cb.c =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_should_retry.pod b/doc/man3/BIO_should_retry.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_BLINDING_new.pod b/doc/man3/BN_BLINDING_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_CTX_new.pod b/doc/man3/BN_CTX_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_CTX_start.pod b/doc/man3/BN_CTX_start.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod old mode 100755 new mode 100644 index 0f0e49556d72a214dad905c8c992f19c77bfa00f..dccd4790ede7f3514a1e55c02192216599e32273 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -68,16 +68,16 @@ For division by powers of 2, use BN_rshift(3). BN_mod() corresponds to BN_div() with I set to B. -BN_nnmod() reduces I modulo I and places the non-negative +BN_nnmod() reduces I modulo I and places the nonnegative remainder in I. -BN_mod_add() adds I to I modulo I and places the non-negative +BN_mod_add() adds I to I modulo I and places the nonnegative result in I. BN_mod_sub() subtracts I from I modulo I and places the -non-negative result in I. +nonnegative result in I. -BN_mod_mul() multiplies I by I and finds the non-negative +BN_mod_mul() multiplies I by I and finds the nonnegative remainder respective to modulus I (C). I may be the same B as I or I. For more efficient algorithms for repeated computations using the same modulus, see @@ -119,7 +119,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_add_word.pod b/doc/man3/BN_add_word.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_bn2bin.pod b/doc/man3/BN_bn2bin.pod old mode 100755 new mode 100644 index b3cbc8cb665cb2def3872883005a7a7d91e55f38..67595e05b85ad176df1752ab3e4d887d145c846a --- a/doc/man3/BN_bn2bin.pod +++ b/doc/man3/BN_bn2bin.pod @@ -37,7 +37,7 @@ memory. BN_bn2binpad() also converts the absolute value of B into big-endian form and stores it at B. B indicates the length of the output buffer -B. The result is padded with zeroes if necessary. If B is less than +B. The result is padded with zeros if necessary. If B is less than BN_num_bytes(B) an error is returned. BN_bin2bn() converts the positive integer in big-endian form of length @@ -106,7 +106,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_cmp.pod b/doc/man3/BN_cmp.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_copy.pod b/doc/man3/BN_copy.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod old mode 100755 new mode 100644 index f1e63f3b3c4aa9980542edaafbade47bdf9c2d7a..25674d0348f78899605e2b54f2cf280b953bd976 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -127,7 +127,7 @@ For instance, to reach the 128 bit security level, B should be set to If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a -pre-allocated B (to save the overhead of allocating and +preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. BN_GENCB_call() calls the callback function held in the B structure diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_mod_mul_montgomery.pod b/doc/man3/BN_mod_mul_montgomery.pod old mode 100755 new mode 100644 index 7f47e94c2b72aa3e060f0193bbd7629e6f75fb8a..911945fd9dbafcfd8c00524ef831624f8a633eba --- a/doc/man3/BN_mod_mul_montgomery.pod +++ b/doc/man3/BN_mod_mul_montgomery.pod @@ -49,7 +49,7 @@ the result in I. BN_from_montgomery() performs the Montgomery reduction I = I*R^-1. BN_to_montgomery() computes Mont(I,R^2), i.e. I*R. -Note that I must be non-negative and smaller than the modulus. +Note that I must be nonnegative and smaller than the modulus. For all functions, I is a previously allocated B used for temporary variables. @@ -80,7 +80,7 @@ BN_MONT_CTX_init() was removed in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_mod_mul_reciprocal.pod b/doc/man3/BN_mod_mul_reciprocal.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_new.pod b/doc/man3/BN_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_num_bytes.pod b/doc/man3/BN_num_bytes.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_security_bits.pod b/doc/man3/BN_security_bits.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_set_bit.pod b/doc/man3/BN_set_bit.pod old mode 100755 new mode 100644 index af02983c8fb141494ccd629717f7ed31158fd5d6..6e0a11a24b89f466b1768c8595560167e0b33ddc --- a/doc/man3/BN_set_bit.pod +++ b/doc/man3/BN_set_bit.pod @@ -33,15 +33,15 @@ error occurs if B is shorter than B bits. BN_is_bit_set() tests if bit B in B is set. BN_mask_bits() truncates B to an B bit number -(CEn)>). An error occurs if B already is +(CEn)>). An error occurs if B already is shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). Note that B must be non-negative. BN_lshift1() shifts +B (C). Note that B must be nonnegative. BN_lshift1() shifts B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). Note that B must be non-negative. BN_rshift1() shifts +B (C). Note that B must be nonnegative. BN_rshift1() shifts B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. @@ -59,7 +59,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_swap.pod b/doc/man3/BN_swap.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BN_zero.pod b/doc/man3/BN_zero.pod old mode 100755 new mode 100644 diff --git a/doc/man3/BUF_MEM_new.pod b/doc/man3/BUF_MEM_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_add0_cert.pod b/doc/man3/CMS_add0_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_add1_recipient_cert.pod b/doc/man3/CMS_add1_recipient_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_compress.pod b/doc/man3/CMS_compress.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_decrypt.pod b/doc/man3/CMS_decrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_final.pod b/doc/man3/CMS_final.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_get0_RecipientInfos.pod b/doc/man3/CMS_get0_RecipientInfos.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_get0_SignerInfos.pod b/doc/man3/CMS_get0_SignerInfos.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_get0_type.pod b/doc/man3/CMS_get0_type.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_sign.pod b/doc/man3/CMS_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_sign_receipt.pod b/doc/man3/CMS_sign_receipt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_uncompress.pod b/doc/man3/CMS_uncompress.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod old mode 100755 new mode 100644 index be688681cbc62195cf9ddea2220c068c091289b4..c7dbb6b6c275b75178efb01cec6632949bfedfce --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -24,7 +24,7 @@ present in B. The content is written to B if it is not NULL. B is an optional set of flags, which can be used to modify the verify operation. -CMS_get0_signers() retrieves the signing certificate(s) from B, it must +CMS_get0_signers() retrieves the signing certificate(s) from B, it may only be called after a successful CMS_verify() operation. =head1 VERIFY PROCESS @@ -94,7 +94,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). @@ -122,7 +122,7 @@ L, L =head1 COPYRIGHT -Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_verify_receipt.pod b/doc/man3/CMS_verify_receipt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CONF_modules_free.pod b/doc/man3/CONF_modules_free.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod old mode 100755 new mode 100644 index b919e2e478164b4868a5efb01d66cf14895540b8..946147e5d24ed01d29faab5c1ef443679d1baca8 --- a/doc/man3/CRYPTO_THREAD_run_once.pod +++ b/doc/man3/CRYPTO_THREAD_run_once.pod @@ -93,7 +93,7 @@ On Windows platforms the CRYPTO_THREAD_* types and functions in the openssl/crypto.h header are dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an +one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to crypto.h where use of CRYPTO_THREAD_* types and functions is required. @@ -161,7 +161,7 @@ L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CRYPTO_get_ex_new_index.pod b/doc/man3/CRYPTO_get_ex_new_index.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CRYPTO_memcmp.pod b/doc/man3/CRYPTO_memcmp.pod old mode 100755 new mode 100644 index 9182d00796c9f0a7a48369d0ae3f2d6cb6ff6805..20578c557b9ebcca7a972c1106a9e30c38fdc2cf --- a/doc/man3/CRYPTO_memcmp.pod +++ b/doc/man3/CRYPTO_memcmp.pod @@ -19,17 +19,17 @@ contents of the memory regions pointed to by B and B. =head1 RETURN VALUES -CRYPTO_memcmp() returns 0 if the memory regions are equal and non-zero +CRYPTO_memcmp() returns 0 if the memory regions are equal and nonzero otherwise. =head1 NOTES Unlike memcmp(2), this function cannot be used to order the two memory regions -as the return value when they differ is undefined, other than being non-zero. +as the return value when they differ is undefined, other than being nonzero. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CTLOG_STORE_get0_log_by_id.pod b/doc/man3/CTLOG_STORE_get0_log_by_id.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CTLOG_STORE_new.pod b/doc/man3/CTLOG_STORE_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CTLOG_new.pod b/doc/man3/CTLOG_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DES_random_key.pod b/doc/man3/DES_random_key.pod old mode 100755 new mode 100644 index 04df6ec0dfde3d2173e56b7fc3af6c80ff48e17f..a52099053ec8e98dff8a6f06a856060a528becdf --- a/doc/man3/DES_random_key.pod +++ b/doc/man3/DES_random_key.pod @@ -120,7 +120,7 @@ is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated. DES_set_key() works like -DES_set_key_checked() if the I flag is non-zero, +DES_set_key_checked() if the I flag is nonzero, otherwise like DES_set_key_unchecked(). These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. @@ -137,7 +137,7 @@ DES_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte I in I (ECB) mode. It always transforms the input data, pointed to by I, into the output data, pointed to by the I argument. -If the I argument is non-zero (DES_ENCRYPT), the I +If the I argument is nonzero (DES_ENCRYPT), the I (cleartext) is encrypted in to the I (ciphertext) using the key_schedule specified by the I argument, previously set via I. If I is zero (DES_DECRYPT), the I (now @@ -156,7 +156,7 @@ The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES encryption by using I for the final encryption. DES_ncbc_encrypt() encrypts/decrypts using the I -(CBC) mode of DES. If the I argument is non-zero, the +(CBC) mode of DES. If the I argument is nonzero, the routine cipher-block-chain encrypts the cleartext data pointed to by the I argument into the ciphertext pointed to by the I argument, using the key schedule provided by the I argument, @@ -313,7 +313,7 @@ on some platforms. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod old mode 100755 new mode 100644 index 297e7fbf47b56960a1f18c3759f34b6be5f3702d..72726661a1d70ff1a9bbede52b06718d5421dda7 --- a/doc/man3/DH_generate_key.pod +++ b/doc/man3/DH_generate_key.pod @@ -2,7 +2,8 @@ =head1 NAME -DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange +DH_generate_key, DH_compute_key, DH_compute_key_padded - perform +Diffie-Hellman key exchange =head1 SYNOPSIS @@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange int DH_generate_key(DH *dh); - int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); + + int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); =head1 DESCRIPTION DH_generate_key() performs the first step of a Diffie-Hellman key exchange by generating private and public DH values. By calling -DH_compute_key(), these are combined with the other party's public -value to compute the shared key. +DH_compute_key() or DH_compute_key_padded(), these are combined with +the other party's public value to compute the shared key. DH_generate_key() expects B to contain the shared parameters Bp> and Bg>. It generates a random private DH value @@ -28,6 +31,14 @@ published. DH_compute_key() computes the shared secret from the private DH value in B and the other party's public value in B and stores it in B. B must point to B bytes of memory. +The padding style is RFC 5246 (8.1.2) that strips leading zero bytes. +It is not constant time due to the leading zero bytes being stripped. +The return value should be considered public. + +DH_compute_key_padded() is similar but stores a fixed number of bytes. +The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes. +It is constant time due to the leading zero bytes being retained. +The return value should be considered public. =head1 RETURN VALUES @@ -36,15 +47,21 @@ DH_generate_key() returns 1 on success, 0 otherwise. DH_compute_key() returns the size of the shared secret on success, -1 on error. +DH_compute_key_padded() returns B on success, -1 on error. + The error codes can be obtained by L. =head1 SEE ALSO L, L, L, L +=head1 HISTORY + +DH_compute_key_padded() was added in OpenSSL 1.0.2. + =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod old mode 100755 new mode 100644 index e878fa005149627e26432ccba08e0df80ab06c69..6b5e843e4832a8c0428da3212429f96e01a7b83a --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -81,7 +81,7 @@ DH_get0_engine() returns a handle to the ENGINE that has been set for this DH object, or NULL if no such ENGINE has been set. The DH_get_length() and DH_set_length() functions get and set the optional -length parameter associated with this DH object. If the length is non-zero then +length parameter associated with this DH object. If the length is nonzero then it is used, otherwise it is ignored. The B parameter indicates the length of the secret exponent (private key) in bits. @@ -118,7 +118,7 @@ The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_get_1024_160.pod b/doc/man3/DH_get_1024_160.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DH_meth_new.pod b/doc/man3/DH_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DH_new.pod b/doc/man3/DH_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DH_set_method.pod b/doc/man3/DH_set_method.pod old mode 100755 new mode 100644 index ea45961f1500149b70b0f86f42ac2fedde3910ae..b36011d627f3babc9e40b5d7c034c75e5411d064 --- a/doc/man3/DH_set_method.pod +++ b/doc/man3/DH_set_method.pod @@ -45,7 +45,7 @@ DH_set_method() selects B to perform all operations using the key B. This will replace the DH_METHOD used by the DH key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DH keys that only work with certain DH_METHOD -implementations (eg. from an ENGINE module that supports embedded +implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results. @@ -64,7 +64,7 @@ Bs. DH_set_default_method() returns no value. -DH_set_method() returns non-zero if the provided B was successfully set as +DH_set_method() returns nonzero if the provided B was successfully set as the method for B (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). @@ -78,7 +78,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_SIG_new.pod b/doc/man3/DSA_SIG_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_do_sign.pod b/doc/man3/DSA_do_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_dup_DH.pod b/doc/man3/DSA_dup_DH.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_generate_key.pod b/doc/man3/DSA_generate_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_get0_pqg.pod b/doc/man3/DSA_get0_pqg.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_meth_new.pod b/doc/man3/DSA_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_new.pod b/doc/man3/DSA_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_set_method.pod b/doc/man3/DSA_set_method.pod old mode 100755 new mode 100644 index f10307e66d66ccb13fbdb0b59b3b508c47df0753..f6eb260c316c631a2e320081567215b9f9a1b2bb --- a/doc/man3/DSA_set_method.pod +++ b/doc/man3/DSA_set_method.pod @@ -46,7 +46,7 @@ DSA_set_method() selects B to perform all operations using the key B. This will replace the DSA_METHOD used by the DSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have DSA keys that only -work with certain DSA_METHOD implementations (eg. from an ENGINE module +work with certain DSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DSA_METHOD for the key can have unexpected results. See L for information on constructing custom DSA_METHOD @@ -64,7 +64,7 @@ Bs. DSA_set_default_method() returns no value. -DSA_set_method() returns non-zero if the provided B was successfully set as +DSA_set_method() returns nonzero if the provided B was successfully set as the method for B (including unloading the ENGINE handle if the previous method was supplied by an ENGINE). @@ -78,7 +78,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_sign.pod b/doc/man3/DSA_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DTLS_get_data_mtu.pod b/doc/man3/DTLS_get_data_mtu.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DTLS_set_timer_cb.pod b/doc/man3/DTLS_set_timer_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod old mode 100755 new mode 100644 index 98511a475f9fda35f56b30b6c330749ebd560896..272a8c2ee09998aa374b3eb700626c0104c67fd3 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -35,7 +35,7 @@ message then the amplification attack has succeeded. If DTLS is used over UDP (or any datagram based protocol that does not validate the source IP) then it is susceptible to this type of attack. TLSv1.3 is designed to operate over a stream-based transport protocol (such as TCP). -If TCP is being used then there is no need to use SSL_stateless(). However some +If TCP is being used then there is no need to use SSL_stateless(). However, some stream-based transport protocols (e.g. QUIC) may not validate the source address. In this case a TLSv1.3 application would be susceptible to this attack. @@ -98,7 +98,7 @@ will be set up ready to continue the handshake. the B value will also be filled in. A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking IO, or some invalid message having been +example) be because of nonblocking IO, or some invalid message having been received from a peer. Errors may be placed on the OpenSSL error queue with further information if appropriate. Typically user code is expected to retry the call to DTLSv1_listen() in the event of a non-fatal error. @@ -126,7 +126,7 @@ The type of "peer" also changed in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ECDSA_SIG_new.pod b/doc/man3/ECDSA_SIG_new.pod old mode 100755 new mode 100644 index 6a7d107079d5131e34b7654a576bf58fb2a94dc6..010c163c414a599106156c0e6f5ef4bf960d108a --- a/doc/man3/ECDSA_SIG_new.pod +++ b/doc/man3/ECDSA_SIG_new.pod @@ -5,7 +5,7 @@ ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, -ECDSA_do_sign_ex - low level elliptic curve digital signature algorithm (ECDSA) +ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA) functions =head1 SYNOPSIS @@ -40,7 +40,7 @@ functions =head1 DESCRIPTION -Note: these functions provide a low level interface to ECDSA. Most +Note: these functions provide a low-level interface to ECDSA. Most applications should use the higher level B interface such as L or L instead. @@ -199,7 +199,7 @@ L =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ECPKParameters_print.pod b/doc/man3/ECPKParameters_print.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EC_GFp_simple_method.pod b/doc/man3/EC_GFp_simple_method.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod old mode 100755 new mode 100644 index c80b191785c4dc1859ce0b1a59c173924459f41b..b1141a0777392c766ff3e2ad545860f6068e4b30 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -84,7 +84,7 @@ specific PK B. EC_GROUP_set_curve() sets the curve parameters B

is the prime for the field. For a curve over F2^m B

represents the irreducible polynomial - each bit represents a term in the polynomial. -Therefore there will either be three or five bits set dependent on whether the +Therefore, there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. In either case, B and B represents the coefficients a and b from the relevant equation introduced above. @@ -152,7 +152,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_KEY_get_enc_flags.pod b/doc/man3/EC_KEY_get_enc_flags.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod old mode 100755 new mode 100644 index 9d32d78a399e26eaeebf24cb10129845400d1d16..6507dc95cdffb851598665c03bac2524275c8bac --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -9,7 +9,8 @@ EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, -EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, +EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, +EC_KEY_decoded_from_explicit_params, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf - Functions for creating, destroying and manipulating @@ -38,6 +39,7 @@ EC_KEY objects point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); int EC_KEY_generate_key(EC_KEY *key); int EC_KEY_check_key(const EC_KEY *key); @@ -118,11 +120,15 @@ EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L for further information on the asn1_flag. +EC_KEY_decoded_from_explicit_params() returns 1 if the group of the I was +decoded from data with explicitly encoded group parameters, -1 if the I +is NULL or the group parameters are missing, and 0 otherwise. + EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions -EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key EC_POINT in B. EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key @@ -178,7 +184,7 @@ L =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod old mode 100755 new mode 100644 index 8cadaa75f145d7501d957c3f51ab4d3d8f6c9ef2..5d2c3f2e9b229f54a35920e24e7848ee66633069 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -148,7 +148,7 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set +there will only ever be two possible values for y. Therefore, a point can be set using the EC_POINT_set_compressed_coordinates() function where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. @@ -243,7 +243,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod old mode 100755 new mode 100644 index a2fc299482fc06f2a53edeb83a6ee884f253d614..369900c248c5bb431e8874628fdf11fc5e2f4850 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -181,7 +181,7 @@ implementation includes the following abstractions; =head2 Reference counting and handles Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be -treated as handles - ie. not only as pointers, but also as references to +treated as handles - i.e. not only as pointers, but also as references to the underlying ENGINE object. Ie. one should obtain a new reference when making copies of an ENGINE pointer if the copies will be used (and released) independently. @@ -252,15 +252,15 @@ operational ENGINE for a given cryptographic purpose. To obtain a functional reference from an existing structural reference, call the ENGINE_init() function. This returns zero if the ENGINE was not -already operational and couldn't be successfully initialised (eg. lack of +already operational and couldn't be successfully initialised (e.g. lack of system drivers, no special hardware attached, etc), otherwise it will -return non-zero to indicate that the ENGINE is now operational and will +return nonzero to indicate that the ENGINE is now operational and will have allocated a new B reference to the ENGINE. All functional references are released by calling ENGINE_finish() (which removes the implicit structural reference as well). The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by ENGINE_get_default_RSA(), +default implementation for a given task, e.g. by ENGINE_get_default_RSA(), ENGINE_get_default_cipher_engine(), etc. These are discussed in the next section, though they are not usually required by application programmers as they are used automatically when creating and using the relevant @@ -278,7 +278,7 @@ In the case of other abstractions like RSA, DSA, etc, there is only one "algorithm" so all implementations implicitly register using the same 'nid' index. -When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg. +When a default ENGINE is requested for a given abstraction/algorithm/mode, (e.g. when calling RSA_new_method(NULL)), a "get_default" call will be made to the ENGINE subsystem to process the corresponding state table and return a functional reference to an initialised ENGINE whose implementation should be @@ -328,7 +328,7 @@ is something for the application to control. Some applications will want to allow the user to specify exactly which ENGINE they want used if any is to be used at all. Others may prefer to load all support and have OpenSSL automatically use at run-time any ENGINE that is able to -successfully initialise - ie. to assume that this corresponds to +successfully initialise - i.e. to assume that this corresponds to acceleration hardware attached to the machine or some such thing. There are probably numerous other ways in which applications may prefer to handle things, so we will simply illustrate the consequences as they apply to a @@ -417,7 +417,7 @@ so that it can be initialised for use. This could include the path to any driver or config files it needs to load, required network addresses, smart-card identifiers, passwords to initialise protected devices, logging information, etc etc. This class of commands typically needs to be -passed to an ENGINE B attempting to initialise it, ie. before +passed to an ENGINE B attempting to initialise it, i.e. before calling ENGINE_init(). The other class of commands consist of settings or operations that tweak certain behaviour or cause certain operations to take place, and these commands may work either before or after ENGINE_init(), or @@ -477,7 +477,7 @@ boolean success or failure. } Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can -relax the semantics of the function - if set non-zero it will only return +relax the semantics of the function - if set nonzero it will only return failure if the ENGINE supported the given command name but failed while executing it, if the ENGINE doesn't support the command name it will simply return success without doing anything. In this case we assume the user is @@ -490,7 +490,7 @@ It is possible to discover at run-time the names, numerical-ids, descriptions and input parameters of the control commands supported by an ENGINE using a structural reference. Note that some control commands are defined by OpenSSL itself and it will intercept and handle these control commands on behalf of the -ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command. +ENGINE, i.e. the ENGINE's ctrl() handler is not used for the control command. openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands implemented by ENGINEs should be numbered from. Any command value lower than this symbol is considered a "generic" command is handled directly by the @@ -556,7 +556,7 @@ by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the discovery mechanisms simply to allow applications to determine if an ENGINE -supports certain specific commands it might want to use (eg. application "foo" +supports certain specific commands it might want to use (e.g. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). @@ -657,7 +657,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_GET_LIB.pod b/doc/man3/ERR_GET_LIB.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_clear_error.pod b/doc/man3/ERR_clear_error.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_error_string.pod b/doc/man3/ERR_error_string.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod old mode 100755 new mode 100644 index a76df03882d8e56ee9c12e7d79839c160afdfc05..fc155ad0819990a7a015634b93e960be81d12b2d --- a/doc/man3/ERR_get_error.pod +++ b/doc/man3/ERR_get_error.pod @@ -45,7 +45,7 @@ messages. ERR_get_error_line(), ERR_peek_error_line() and ERR_peek_last_error_line() are the same as the above, but they -additionally store the file name and line number where +additionally store the filename and line number where the error occurred in *B and *B, unless these are B. ERR_get_error_line_data(), ERR_peek_error_line_data() and @@ -69,7 +69,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_load_crypto_strings.pod b/doc/man3/ERR_load_crypto_strings.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_load_strings.pod b/doc/man3/ERR_load_strings.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_print_errors.pod b/doc/man3/ERR_print_errors.pod old mode 100755 new mode 100644 index f7e612f6188693fb83886c0ff30a183a8400a3e7..78a4b6a8d91066c96d40b4fd70fcff77c04c2a10 --- a/doc/man3/ERR_print_errors.pod +++ b/doc/man3/ERR_print_errors.pod @@ -29,7 +29,7 @@ B as the callback parameters. The error strings will have the following format: - [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] + [pid]:error:[error code]:[library name]:[function name]:[reason string]:[filename]:[line]:[optional text message] I is an 8 digit hexadecimal number. I, I and I are ASCII text, as is I =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_put_error.pod b/doc/man3/ERR_put_error.pod old mode 100755 new mode 100644 index 4fba618db4f25d0e8154c63419ed99fb3c998405..ee6a61ffe2c25a00cb1d0fd5eb0647f0e98f0103 --- a/doc/man3/ERR_put_error.pod +++ b/doc/man3/ERR_put_error.pod @@ -39,14 +39,14 @@ descriptions. For example, the function ssl3_read_bytes() reports a SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); -Function and reason codes should consist of upper case characters, +Function and reason codes should consist of uppercase characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses the capitalized form such as "SSL3_READ_BYTES" in the above example. The trailing section of a reason code (after the "_R_") is translated -into lower case and underscores changed to spaces. +into lowercase and underscores changed to spaces. Although a library will normally report errors using its own specific XXXerr macro, another library's macro can be used. This is normally @@ -65,7 +65,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ERR_remove_state.pod b/doc/man3/ERR_remove_state.pod old mode 100755 new mode 100644 diff --git a/doc/man3/ERR_set_mark.pod b/doc/man3/ERR_set_mark.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_BytesToKey.pod b/doc/man3/EVP_BytesToKey.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_CIPHER_CTX_get_cipher_data.pod b/doc/man3/EVP_CIPHER_CTX_get_cipher_data.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod old mode 100755 new mode 100644 index 434e22030fdd3e9112a50a4f771ad1f519e811a5..a0ed943a3f604a6ff84cf127ea1d264ca55867df --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -68,7 +68,7 @@ EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines =head1 DESCRIPTION -The EVP digest routines are a high level interface to message digests, +The EVP digest routines are a high-level interface to message digests, and should be used instead of the cipher-specific functions. =over 4 @@ -338,7 +338,7 @@ This function has no return value. =head1 NOTES The B interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. New applications should use the SHA-2 (such as L) or the SHA-3 @@ -443,7 +443,7 @@ The EVP_MD_CTX_set_pkey_ctx() function was added in 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod old mode 100755 new mode 100644 index 912880a5e1c5c89ec95df25016f85d5f492ad4e8..4efc8a49749150a1d1be8e4a21255000b1e28d04 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -20,7 +20,7 @@ EVP_DigestSign - EVP signing functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with @@ -110,7 +110,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestSign() is a one shot operation which signs a single block of data diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod old mode 100755 new mode 100644 index 0806cd5d58c4d9f37195ff4c56bb2a9459bd9a0c..e7d8c83184458005705f9a4658f93b45ef718ca3 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -19,7 +19,7 @@ EVP_DigestVerify - EVP signature verification functions =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital signatures. +The EVP signature routines are a high-level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created @@ -62,7 +62,7 @@ The error codes can be obtained from L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. EVP_DigestVerify() is a one shot operation which verifies a single block of @@ -104,7 +104,7 @@ were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncodeInit.pod b/doc/man3/EVP_EncodeInit.pod old mode 100755 new mode 100644 index 8055b100b252246cd47c40ddb30e23c3cb8e9dd1..e8b65d3818907926d7535a8ffbba86ed102b1e7c --- a/doc/man3/EVP_EncodeInit.pod +++ b/doc/man3/EVP_EncodeInit.pod @@ -29,7 +29,7 @@ EVP_DecodeBlock - EVP base 64 encode/decode routines =head1 DESCRIPTION -The EVP encode routines provide a high level interface to base 64 encoding and +The EVP encode routines provide a high-level interface to base 64 encoding and decoding. Base 64 encoding converts binary data into a printable form that uses the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3 bytes of binary data provided 4 bytes of base 64 encoded data will be produced @@ -83,8 +83,8 @@ EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to be encoded or decoded that are pending in the B object. EVP_EncodeBlock() encodes a full block of input data in B and of length -B and stores it in B. For every 3 bytes of input provided 4 bytes of -output data will be produced. If B is not divisible by 3 then the block is +B and stores it in B. For every 3 bytes of input provided 4 bytes of +output data will be produced. If B is not divisible by 3 then the block is encoded as a final block of data and the output is padded such that it is always divisible by 4. Additionally a NUL terminator character will be added. For example if 16 bytes of input data is provided then 24 bytes of encoded data is @@ -151,7 +151,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod old mode 100755 new mode 100644 index aaf9975c4c26710e2a3f4793592cfaeb3c4928fc..0d8a780bb794a041716e1d33e1157b0043803622 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -120,7 +120,7 @@ EVP_enc_null =head1 DESCRIPTION -The EVP cipher routines are a high level interface to certain +The EVP cipher routines are a high-level interface to certain symmetric ciphers. EVP_CIPHER_CTX_new() creates a cipher context. @@ -146,10 +146,15 @@ appropriate. EVP_EncryptUpdate() encrypts B bytes from the buffer B and writes the encrypted version to B. This function can be called multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B should contain sufficient -room. The actual number of bytes written is placed in B. It also +of data written depends on the block alignment of the encrypted data. +For most ciphers and modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size - 1) bytes. +For wrap cipher modes, the amount of data written can be anything +from zero bytes to (inl + cipher_block_size) bytes. +For stream ciphers, the amount of data written can be anything from zero +bytes to inl bytes. +Thus, B should contain sufficient room for the operation being performed. +The actual number of bytes written is placed in B. It also checks if B and B are partially overlapping, and if they are 0 is returned to indicate failure. @@ -422,8 +427,8 @@ Sets the CCM B value. If not set a default is used (8 for AES). =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the CCM nonce (IV) length. This call can only be made before specifying an -nonce value. The nonce length is given by B<15 - L> so it is 7 by default for +Sets the CCM nonce (IV) length. This call can only be made before specifying +a nonce value. The nonce length is given by B<15 - L> so it is 7 by default for AES. =back @@ -463,10 +468,10 @@ This call is only valid when decrypting data. =head1 NOTES Where possible the B interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the cipher used and much more flexible. Additionally, the B interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the +acceleration such as AES-NI (the low-level interfaces do not provide the guarantee). PKCS padding works by adding B padding bytes of value B to make the total @@ -591,7 +596,7 @@ with a 128-bit key: /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, do_encrypt); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); @@ -654,7 +659,7 @@ EVP_CIPHER_CTX_reset(). =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_OpenInit.pod b/doc/man3/EVP_OpenInit.pod old mode 100755 new mode 100644 index 61b4307bca31d4a888274549686bd2d4dce7fd02..37223c8abf4c4b1f84afac3b78c7eefc89658a41 --- a/doc/man3/EVP_OpenInit.pod +++ b/doc/man3/EVP_OpenInit.pod @@ -16,7 +16,7 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope decryption. They decrypt a public key encrypted symmetric key and then decrypt data using it. @@ -59,7 +59,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod old mode 100755 new mode 100644 index 16d8462a4263741e0f6e76879643621e7639e6e1..e4753168abf72c7ff8f4746caf30e745dd8f8060 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -290,7 +290,7 @@ parameter generation. Use 0 for PKCS#3 DH and 1 for X9.42 DH. The default is 0. The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B is -1 the shared secret is padded with zeroes up to the size of the DH prime B

. +1 the shared secret is padded with zeros up to the size of the DH prime B

. If B is zero (the default) then no padding is performed. EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to @@ -459,7 +459,7 @@ macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod old mode 100755 new mode 100644 index f01fc97522979651a69bd3d52d36859cfa5b8474..8c3c796f6fdd53a0dd2d3efc2072d986f3538286 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -31,7 +31,7 @@ If B is NULL, nothing is done. =head1 NOTES The B structure is an opaque public key algorithm context used -by the OpenSSL high level public key API. Contexts B be shared between +by the OpenSSL high-level public key API. Contexts B be shared between threads: that is it is not permissible to use the same context simultaneously in two threads. @@ -52,7 +52,7 @@ These functions were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod b/doc/man3/EVP_PKEY_CTX_set1_pbe_pass.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod b/doc/man3/EVP_PKEY_CTX_set_scrypt_N.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod b/doc/man3/EVP_PKEY_CTX_set_tls1_prf_md.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_asn1_get_count.pod b/doc/man3/EVP_PKEY_asn1_get_count.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_cmp.pod b/doc/man3/EVP_PKEY_cmp.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_decrypt.pod b/doc/man3/EVP_PKEY_decrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_encrypt.pod b/doc/man3/EVP_PKEY_encrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_get_default_digest_nid.pod b/doc/man3/EVP_PKEY_get_default_digest_nid.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod old mode 100755 new mode 100644 index 83cebe7ce2f40752ac597a8c26110121673b143f..82df153630353262005e7ef9edfc25ce647e02d9 --- a/doc/man3/EVP_PKEY_keygen.pod +++ b/doc/man3/EVP_PKEY_keygen.pod @@ -51,7 +51,7 @@ generation callback. The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with the generation operation. If B is -1 the total number of parameters available is returned. Any non negative value returns the value of -that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for +that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for B should only be called within the generation callback. If the callback returns 0 then the key generation operation is aborted and an @@ -196,7 +196,7 @@ in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_meth_get_count.pod b/doc/man3/EVP_PKEY_meth_get_count.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod old mode 100755 new mode 100644 index 667269cc624e5551b2d1d8a12ccda0889ec9571c..faf5a117e5ae35ce3ed7b93411badcd367479ae5 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -66,7 +66,8 @@ B, B, B or B. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a CMAC in the B argument. +creation of a CMAC in the B argument. The cipher should be a standard +encryption only cipher. For example AEAD and XTS ciphers should not be used. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. diff --git a/doc/man3/EVP_PKEY_print_private.pod b/doc/man3/EVP_PKEY_print_private.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_sign.pod b/doc/man3/EVP_PKEY_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_verify.pod b/doc/man3/EVP_PKEY_verify.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_PKEY_verify_recover.pod b/doc/man3/EVP_PKEY_verify_recover.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod old mode 100755 new mode 100644 index 2c2c89a71b51ee75fbb8f04e811572dafce8b230..4bee44922d53d752a4ef3cc1227cea8c148bc82c --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -17,7 +17,7 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION -The EVP envelope routines are a high level interface to envelope +The EVP envelope routines are a high-level interface to envelope encryption. They generate a random key and IV (if required) then "envelope" it by using public key encryption. Data can then be encrypted using this key. @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod old mode 100755 new mode 100644 index 22ce747d333f7b3f86c52c84f1559455a19e90d3..299c5cf312ee45a48c180a46ec4d76392ba7242a --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -17,7 +17,7 @@ EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal =head1 DESCRIPTION -The EVP signature routines are a high level interface to digital +The EVP signature routines are a high-level interface to digital signatures. EVP_SignInit_ex() sets up signing context I to use digest @@ -48,7 +48,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. When signing with DSA private keys the random number generator must be seeded. diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod old mode 100755 new mode 100644 index 647c99bceb5aaae63a427ecf2977c89f39d1b1ab..3c6b2daeca78cc3ee9725414accf4198eb73ad3f --- a/doc/man3/EVP_VerifyInit.pod +++ b/doc/man3/EVP_VerifyInit.pod @@ -19,7 +19,7 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal =head1 DESCRIPTION -The EVP signature verification routines are a high level interface to digital +The EVP signature verification routines are a high-level interface to digital signatures. EVP_VerifyInit_ex() sets up verification context B to use digest @@ -49,7 +49,7 @@ The error codes can be obtained by L. =head1 NOTES The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes +preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. @@ -85,7 +85,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aes.pod b/doc/man3/EVP_aes.pod old mode 100755 new mode 100644 index 4192a9ec369f90a4fcd33b445285dfa5ab33e62b..6377fc9a21b0ab1e8c66f5101c9e279ad849f85b --- a/doc/man3/EVP_aes.pod +++ b/doc/man3/EVP_aes.pod @@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B) takes input of a 256-bit key to achieve AES 128-bit security, and XTS-AES-256 (B) takes input of a 512-bit key to achieve AES 256-bit security. +The XTS implementation in OpenSSL does not support streaming. That is there must +only be one L call per L call (and +similarly with the "Decrypt" functions). + +The I parameter to L or L is +the XTS "tweak" value. + =back =head1 RETURN VALUES @@ -176,7 +183,7 @@ L =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_aria.pod b/doc/man3/EVP_aria.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_bf_cbc.pod b/doc/man3/EVP_bf_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_blake2b512.pod b/doc/man3/EVP_blake2b512.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_camellia.pod b/doc/man3/EVP_camellia.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_cast5_cbc.pod b/doc/man3/EVP_cast5_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_des.pod b/doc/man3/EVP_des.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_desx_cbc.pod b/doc/man3/EVP_desx_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_idea_cbc.pod b/doc/man3/EVP_idea_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_md2.pod b/doc/man3/EVP_md2.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_md4.pod b/doc/man3/EVP_md4.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_mdc2.pod b/doc/man3/EVP_mdc2.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_rc2_cbc.pod b/doc/man3/EVP_rc2_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_rc4.pod b/doc/man3/EVP_rc4.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_ripemd160.pod b/doc/man3/EVP_ripemd160.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_seed_cbc.pod b/doc/man3/EVP_seed_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_sha1.pod b/doc/man3/EVP_sha1.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_sha224.pod b/doc/man3/EVP_sha224.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_sha3_224.pod b/doc/man3/EVP_sha3_224.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_sm3.pod b/doc/man3/EVP_sm3.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_sm4_cbc.pod b/doc/man3/EVP_sm4_cbc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/EVP_whirlpool.pod b/doc/man3/EVP_whirlpool.pod old mode 100755 new mode 100644 diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod old mode 100755 new mode 100644 index 30c0e6bac39211255cb1ac2e6b0e8ec44038409f..27022686f7aa434746491d1c25833a0e757ecbb2 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -21,7 +21,7 @@ HMAC_size #include unsigned char *HMAC(const EVP_MD *evp_md, const void *key, - int key_len, const unsigned char *d, int n, + int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); HMAC_CTX *HMAC_CTX_new(void); @@ -29,7 +29,7 @@ HMAC_size int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, ENGINE *impl); - int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); + int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); void HMAC_CTX_free(HMAC_CTX *ctx); @@ -69,7 +69,7 @@ EVP_shake256(). HMAC_CTX_new() creates a new HMAC_CTX in heap memory. -HMAC_CTX_reset() zeroes an existing B and associated +HMAC_CTX_reset() zeros an existing B and associated resources, making it suitable for new computations as if it was newly created with HMAC_CTX_new(). @@ -149,7 +149,7 @@ OpenSSL before version 1.0.0. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/MD5.pod b/doc/man3/MD5.pod old mode 100755 new mode 100644 diff --git a/doc/man3/MDC2_Init.pod b/doc/man3/MDC2_Init.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OCSP_REQUEST_new.pod b/doc/man3/OCSP_REQUEST_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OCSP_cert_to_id.pod b/doc/man3/OCSP_cert_to_id.pod old mode 100755 new mode 100644 index c8d39c1913589688b5f355104612a61476f22032..49393f7329a0531562532c7fedbbb251f1cea227 --- a/doc/man3/OCSP_cert_to_id.pod +++ b/doc/man3/OCSP_cert_to_id.pod @@ -52,7 +52,7 @@ corresponding parameter can be set to B. OCSP_cert_to_id() and OCSP_cert_id_new() return either a pointer to a valid B structure or B if an error occurred. -OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and non-zero +OCSP_id_cmp() and OCSP_id_issuer_cmp() returns zero for a match and nonzero otherwise. OCSP_CERTID_free() does not return a value. @@ -79,7 +79,7 @@ L =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_request_add1_nonce.pod b/doc/man3/OCSP_request_add1_nonce.pod old mode 100755 new mode 100644 index 81bf645108f3d118f2913fd424ce27a561fc506f..777d876d04af6e002c9c754e74b0ab5616d32cdc --- a/doc/man3/OCSP_request_add1_nonce.pod +++ b/doc/man3/OCSP_request_add1_nonce.pod @@ -57,7 +57,7 @@ performance reasons. As a result they do not support nonces. The return values of OCSP_check_nonce() can be checked to cover each case. A positive return value effectively indicates success: nonces are both present -and match, both absent or present in the response only. A non-zero return +and match, both absent or present in the response only. A nonzero return additionally covers the case where the nonce is present in the request only: this will happen if the responder doesn't support nonces. A zero return value indicates present and mismatched nonces: this should be treated as an error diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod old mode 100755 new mode 100644 index 35f7d35e99764cc4b0a1ee1b184cd05baedcadd4..72dcc426c649f12dac228e83754a0661ae723904 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -112,7 +112,7 @@ no freeing of the results is necessary. OCSP_check_validity() checks the validity of B and B values which will be typically obtained from OCSP_resp_find_status() or -OCSP_single_get0_status(). If B is non-zero it indicates how many seconds +OCSP_single_get0_status(). If B is nonzero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. @@ -167,7 +167,7 @@ can then take appropriate action based on the status of the certificate. An OCSP response for a certificate contains B and B fields. Normally the current time should be between these two values. To -account for clock skew the B field can be set to non-zero in +account for clock skew the B field can be set to nonzero in OCSP_check_validity(). Some responders do not set the B field, this would otherwise mean an ancient response would be considered valid: the B parameter to OCSP_check_validity() can be used to limit the permitted @@ -189,7 +189,7 @@ L =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_response_status.pod b/doc/man3/OCSP_response_status.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod old mode 100755 new mode 100644 index a129a16bf23c164b6476d880644d07d4a8c0b5d6..65bdde88a2e1f9ff5577728c76fc45fa9e4444c2 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -2,9 +2,15 @@ =head1 NAME -OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, -OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, -OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions +OCSP_sendreq_new, +OCSP_sendreq_nbio, +OCSP_REQ_CTX_free, +OCSP_set_max_response_length, +OCSP_REQ_CTX_add1_header, +OCSP_REQ_CTX_set1_req, +OCSP_sendreq_bio, +OCSP_REQ_CTX_i2d +- OCSP responder query functions =head1 SYNOPSIS @@ -26,6 +32,9 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); + int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type, + const ASN1_ITEM *it, ASN1_VALUE *req); + =head1 DESCRIPTION The function OCSP_sendreq_new() returns an B structure using the @@ -34,7 +43,7 @@ response header maximum line length of B. If B is zero a default value of 4k is used. The OCSP request B may be set to B and provided later if required. -OCSP_sendreq_nbio() performs non-blocking I/O on the OCSP request context +OCSP_sendreq_nbio() performs nonblocking I/O on the OCSP request context B. When the operation is complete it returns the response in B<*presp>. OCSP_REQ_CTX_free() frees up the OCSP context B. @@ -51,6 +60,15 @@ additional headers are set. OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This function should be called after any calls to OCSP_REQ_CTX_add1_header(). +OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following: + + OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request", + ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req) + +OCSP_REQ_CTX_i2d() sets the request context B to have the request +B, which has the ASN.1 type B. +The B, if not NULL, will be included in the HTTP request. +The function should be called after all other headers have already been added. OCSP_sendreq_bio() performs an OCSP request using the responder B, the URL path B, and the OCSP request B with a response header maximum line @@ -64,8 +82,8 @@ an error occurred. OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully, B<-1> if the operation should be retried and B<0> if an error occurred. -OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success -and B<0> for failure. +OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_REQ_CTX_i2d() +return B<1> for success and B<0> for failure. OCSP_sendreq_bio() returns the B structure sent by the responder or B if an error occurred. @@ -96,7 +114,7 @@ corresponding BIO can be examined to determine which operation (read or write) should be retried and appropriate action taken (for example a select() call on the underlying socket). -OCSP_sendreq_bio() does not support retries and so cannot handle non-blocking +OCSP_sendreq_bio() does not support retries and so cannot handle nonblocking I/O efficiently. It is retained for compatibility and its use in new applications is not recommended. diff --git a/doc/man3/OPENSSL_Applink.pod b/doc/man3/OPENSSL_Applink.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod old mode 100755 new mode 100644 index a312ef7342f4b1ee66dbac8d2d19fe3cdbe9f1ef..ae0a4bbf978b782208ce170ac6f32518b50c6751 --- a/doc/man3/OPENSSL_LH_COMPFUNC.pod +++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod @@ -51,7 +51,7 @@ an unsigned long hash value for its key field. The hash value is normally truncated to a power of 2, so make sure that your hash function returns well mixed low order bits. The B callback takes two arguments (pointers to two hash table entries), and returns -0 if their keys are equal, non-zero otherwise. +0 if their keys are equal, nonzero otherwise. If your hash table will contain items of some particular type and the B and @@ -196,7 +196,7 @@ all such parameters as constant. As an example, a hash table may be maintained by code that, for reasons of encapsulation, has only "const" access to the data being -indexed in the hash table (ie. it is returned as "const" from +indexed in the hash table (i.e. it is returned as "const" from elsewhere in their code) - in this case the LHASH prototypes are appropriate as-is. Conversely, if the caller is responsible for the life-time of the data in question, then they may well wish to make @@ -229,7 +229,7 @@ type checking. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_LH_stats.pod b/doc/man3/OPENSSL_LH_stats.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_VERSION_NUMBER.pod b/doc/man3/OPENSSL_VERSION_NUMBER.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod old mode 100755 new mode 100644 index 6294ee1d1be1c95f73ee59c1b726b8cd40001472..528eef0cf927ca79a5e3c970a808dce9ecfd9f85 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -41,7 +41,7 @@ initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so +However, very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an application calls OPENSSL_config() it doesn't need to know or care about @@ -75,7 +75,7 @@ deprecated in OpenSSL 1.1.0 by OPENSSL_init_crypto(). =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_fork_prepare.pod b/doc/man3/OPENSSL_fork_prepare.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod old mode 100755 new mode 100644 index 08a181168f79cc4db6916caadccd4fa50868f7e6..73c96d70e698eef3c3fff168f55abfbfc6b38c64 --- a/doc/man3/OPENSSL_ia32cap.pod +++ b/doc/man3/OPENSSL_ia32cap.pod @@ -102,7 +102,7 @@ and RORX; =item bit #64+19 denoting availability of ADCX and ADOX instructions; =item bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, -a.k.a. AVX512IFMA extension; +aka AVX512IFMA extension; =item bit #64+29 denoting availability of SHA extension; @@ -157,7 +157,7 @@ Not available. =head1 COPYRIGHT -Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_crypto.pod b/doc/man3/OPENSSL_init_crypto.pod old mode 100755 new mode 100644 index c7823e32d6df8d9a893c4ed94cefa7a46007a461..3447f5f1138fb667012c2a442dd7f600b99b0318 --- a/doc/man3/OPENSSL_init_crypto.pod +++ b/doc/man3/OPENSSL_init_crypto.pod @@ -39,13 +39,13 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_crypto() can be used for this purpose for libcrypto (see also L for the libssl equivalent). Numerous internal OpenSSL functions call OPENSSL_init_crypto(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_crypto() MUST be called by application code prior to any other OpenSSL function calls. @@ -216,10 +216,10 @@ The filename, application name, and flags can be customized by providing a non-null B object. The object can be allocated via B. The B function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. +nondefault filename, which is copied and need not refer to persistent storage. Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +nondefault application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify nondefault flags. If the B flag is not included, any errors in the configuration file will cause an error return from B or indirectly L. @@ -264,7 +264,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_init_ssl.pod b/doc/man3/OPENSSL_init_ssl.pod old mode 100755 new mode 100644 index b963e5e7a926c4382bd202d864ff625f63c42158..cf4f0891140967f5d777aaf6712349bcec4f9f5a --- a/doc/man3/OPENSSL_init_ssl.pod +++ b/doc/man3/OPENSSL_init_ssl.pod @@ -23,14 +23,14 @@ needs so no explicit initialisation is required. Similarly it will also automatically deinitialise as required. However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The +needed, for example when some nondefault initialisation is required. The function OPENSSL_init_ssl() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the L function. Numerous internal OpenSSL functions call OPENSSL_init_ssl(). -Therefore, in order to perform non-default initialisation, +Therefore, in order to perform nondefault initialisation, OPENSSL_init_ssl() MUST be called by application code prior to any other OpenSSL function calls. @@ -74,7 +74,7 @@ The OPENSSL_init_ssl() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_instrument_bus.pod b/doc/man3/OPENSSL_instrument_bus.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_load_builtin_modules.pod b/doc/man3/OPENSSL_load_builtin_modules.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod old mode 100755 new mode 100644 index c60e038309a1dbcef932ddabe02c8a9a8805e60b..9834a8f13147db8cf89c6dc354c5c1fdfda13a07 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -104,7 +104,7 @@ before ultimately calling OPENSSL_free(). OPENSSL_cleanse() fills B of size B with a string of 0's. Use OPENSSL_cleanse() with care if the memory is a mapping of a file. -If the storage controller uses write compression, then its possible +If the storage controller uses write compression, then it's possible that sensitive tail bytes will survive zeroization because the block of zeros will be compressed. If the storage controller uses wear leveling, then the old sensitive data will not be overwritten; rather, a block of diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OSSL_STORE_SEARCH.pod b/doc/man3/OSSL_STORE_SEARCH.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod old mode 100755 new mode 100644 diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod old mode 100755 new mode 100644 index 1e8ebf7ce1ce91ae88b28a3b3f644fc233f05e95..71fdd6932f82708f81b0a3270750b6e8c4a12333 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -46,21 +46,22 @@ OSSL_STORE_close() to work together. =head2 Functions -OSSL_STORE_open() takes a uri or path B, password UI method -B with associated data B, and post processing -callback B with associated data B, +OSSL_STORE_open() takes a uri or path I, password UI method +I with associated data I, and post processing +callback I with associated data I, opens a channel to the data located at that URI and returns a B with all necessary internal information. -The given B and B will be reused by all -functions that use B when interaction is needed. -The given B and B will be reused by +The given I and I will be reused by all +functions that use B when interaction is needed, +for instance to provide a password. +The given I and I will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. -The B function drops values by returning B, which +The I function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading -the next object, until B returns something other than -B, or the end of data is reached as indicated by OSSL_STORE_eof(). +the next object, until I returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof(). -OSSL_STORE_ctrl() takes a B, and command number B and +OSSL_STORE_ctrl() takes a B, and command number I and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -94,6 +95,7 @@ OSSL_STORE_eof() shows that the end of data has been reached. OSSL_STORE_close() takes a B, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the B, as well as the B itself. +If I is NULL it does nothing. =head1 SUPPORTED SCHEMES @@ -123,12 +125,12 @@ See L for further information. =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B on success, or -B on failure. +NULL on failure. OSSL_STORE_load() returns a pointer to a B on success, or -B on error or when end of data is reached. +NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a -returned B. +returned NULL. OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0. @@ -149,9 +151,12 @@ OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1. +Handling of NULL I argument for OSSL_STORE_close() +was introduced in OpenSSL 1.1.1h. + =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OpenSSL_add_all_algorithms.pod b/doc/man3/OpenSSL_add_all_algorithms.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_read.pod b/doc/man3/PEM_read.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_read_CMS.pod b/doc/man3/PEM_read_CMS.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod old mode 100755 new mode 100644 index a8306500fb3c50358125c1a556a85b04254edb89..233df7fca2170454da0bad55b917a147fc649cf1 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -206,7 +206,7 @@ RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey structure. The B functions also process an RSA public key using -an RSA structure. However the public key is encoded using a +an RSA structure. However, the public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not RSA. @@ -387,7 +387,7 @@ The pseudo code to derive the key would look similar to: =head1 BUGS The PEM read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: +an existing structure. Therefore, the following: PEM_read_bio_X509(bp, &x, 0, NULL); @@ -483,7 +483,7 @@ as they will be formally deprecated in a future releases. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PEM_read_bio_ex.pod b/doc/man3/PEM_read_bio_ex.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_write_bio_CMS_stream.pod b/doc/man3/PEM_write_bio_CMS_stream.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PEM_write_bio_PKCS7_stream.pod b/doc/man3/PEM_write_bio_PKCS7_stream.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS12_newpass.pod b/doc/man3/PKCS12_newpass.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS7_decrypt.pod b/doc/man3/PKCS7_decrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS7_encrypt.pod b/doc/man3/PKCS7_encrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS7_sign_add_signer.pod b/doc/man3/PKCS7_sign_add_signer.pod old mode 100755 new mode 100644 diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod old mode 100755 new mode 100644 index ebcdde0795fbcb96f06aa578cda29e50f38af653..9e238c565952eba60627d7e3aa89c08c0e5da254 --- a/doc/man3/PKCS7_verify.pod +++ b/doc/man3/PKCS7_verify.pod @@ -91,7 +91,7 @@ useful if one merely wishes to write the content to B and its validity is not considered important. Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the +than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). @@ -119,7 +119,7 @@ L, L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_generate.pod b/doc/man3/RAND_DRBG_generate.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_DRBG_get0_master.pod b/doc/man3/RAND_DRBG_get0_master.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_DRBG_new.pod b/doc/man3/RAND_DRBG_new.pod old mode 100755 new mode 100644 index 5da91be9dfabb79085db27de54de20965b3811b1..ca52e2f3ddfc45a47aa08e6a720a8f00eb81cb66 --- a/doc/man3/RAND_DRBG_new.pod +++ b/doc/man3/RAND_DRBG_new.pod @@ -56,7 +56,7 @@ its type and to instantiate it. The optional B argument specifies a set of bit flags which can be joined using the | operator. Currently, the only flag is -RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of a the derivation function +RAND_DRBG_FLAG_CTR_NO_DF, which disables the use of the derivation function ctr_df. For an explanation, see [NIST SP 800-90A Rev. 1]. If a B instance is specified then this will be used instead of @@ -117,7 +117,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_reseed.pod b/doc/man3/RAND_DRBG_reseed.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_DRBG_set_callbacks.pod b/doc/man3/RAND_DRBG_set_callbacks.pod old mode 100755 new mode 100644 index 55e9a8b7af779b4b41e61e5fca76fd25f0597a24..4d04645694ce97e92345ea696291fa320897291e --- a/doc/man3/RAND_DRBG_set_callbacks.pod +++ b/doc/man3/RAND_DRBG_set_callbacks.pod @@ -77,7 +77,7 @@ does not satisfy the conditions requested by [NIST SP 800-90C], then it must also indicate an error by returning a buffer length of 0. See NOTES section for more details. -The B() callback is called from the B to to clear and +The B() callback is called from the B to clear and free the buffer allocated previously by get_entropy(). The values B and B are the random buffer's address and length, as returned by the get_entropy() callback. @@ -136,7 +136,7 @@ The RAND_DRBG functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_DRBG_set_ex_data.pod b/doc/man3/RAND_DRBG_set_ex_data.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod old mode 100755 new mode 100644 index 4ba6ff977dd1307ad2fc855a1537020c1462ccaa..e4454d44124e41817e8c4c3c61409a0e2da50375 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -62,7 +62,7 @@ usage by the random seed sources. Some seed sources maintain open file descriptors by default, which allows such sources to operate in a chroot(2) jail without the associated device nodes being available. When the B argument is zero, this call disables the retention of file -descriptors. Conversely, a non-zero argument enables the retention of +descriptors. Conversely, a nonzero argument enables the retention of file descriptors. This function is usually called during initialization and it takes effect immediately. @@ -94,7 +94,7 @@ not be used. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_cleanup.pod b/doc/man3/RAND_cleanup.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_egd.pod b/doc/man3/RAND_egd.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RAND_load_file.pod b/doc/man3/RAND_load_file.pod old mode 100755 new mode 100644 index 24f8fdcf4fe8d6b3d0029b5208cec5c5c540aa7a..6ddd2c89b0d6ed16d420fbff19d3de6f9a63a0ae --- a/doc/man3/RAND_load_file.pod +++ b/doc/man3/RAND_load_file.pod @@ -17,7 +17,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file =head1 DESCRIPTION RAND_load_file() reads a number of bytes from file B and -adds them to the PRNG. If B is non-negative, +adds them to the PRNG. If B is nonnegative, up to B are read; if B is -1, the complete file is read. Do not load the same file multiple times unless its contents have @@ -37,7 +37,7 @@ file. B points to a buffer of size B in which to store the filename. On all systems, if the environment variable B is set, its -value will be used as the seed file name. +value will be used as the seed filename. Otherwise, the file is called C<.rnd>, found in platform dependent locations: =over 4 @@ -57,7 +57,7 @@ Otherwise, the file is called C<.rnd>, found in platform dependent locations: =back If C<$HOME> (on non-Windows and non-VMS system) is not set either, or -B is too small for the path name, an error occurs. +B is too small for the pathname, an error occurs. =head1 RETURN VALUES @@ -77,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod old mode 100755 new mode 100644 index b120e712e6f3d73451867d853ab916108cf18855..1e9360d220dce48d4385f6abadbf6ca0283d10a5 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -33,10 +33,10 @@ RAND_get_rand_method() returns a pointer to the current B. =head1 THE RAND_METHOD STRUCTURE typedef struct rand_meth_st { - void (*seed)(const void *buf, int num); + int (*seed)(const void *buf, int num); int (*bytes)(unsigned char *buf, int num); void (*cleanup)(void); - void (*add)(const void *buf, int num, int randomness); + int (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); int (*status)(void); } RAND_METHOD; @@ -60,7 +60,7 @@ L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RC4_set_key.pod b/doc/man3/RC4_set_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RIPEMD160_Init.pod b/doc/man3/RIPEMD160_Init.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_blinding_on.pod b/doc/man3/RSA_blinding_on.pod old mode 100755 new mode 100644 index 5db127f16e3cc9bc0e50f0978c32b928f7cca50c..85f4453b5cc8e2a61fcede87323f36704898fc21 --- a/doc/man3/RSA_blinding_on.pod +++ b/doc/man3/RSA_blinding_on.pod @@ -19,7 +19,7 @@ measure the time of RSA decryption or signature operations, blinding must be used to protect the RSA operation from that attack. RSA_blinding_on() turns blinding on for key B and generates a -random blinding factor. B is B or a pre-allocated and +random blinding factor. B is B or a preallocated and initialized B. RSA_blinding_off() turns blinding off and frees the memory used for @@ -33,7 +33,7 @@ RSA_blinding_off() returns no value. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_check_key.pod b/doc/man3/RSA_check_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_meth_new.pod b/doc/man3/RSA_meth_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_new.pod b/doc/man3/RSA_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_padding_add_PKCS1_type_1.pod b/doc/man3/RSA_padding_add_PKCS1_type_1.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_print.pod b/doc/man3/RSA_print.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_private_encrypt.pod b/doc/man3/RSA_private_encrypt.pod old mode 100755 new mode 100644 index 060a9000f8b4c284886119b3c2cd9ccc6fda1b45..6629fff3c95bb0b8163f310107f4369eac7dfeb6 --- a/doc/man3/RSA_private_encrypt.pod +++ b/doc/man3/RSA_private_encrypt.pod @@ -2,7 +2,7 @@ =head1 NAME -RSA_private_encrypt, RSA_public_decrypt - low level signature operations +RSA_private_encrypt, RSA_public_decrypt - low-level signature operations =head1 SYNOPSIS @@ -16,7 +16,7 @@ RSA_private_encrypt, RSA_public_decrypt - low level signature operations =head1 DESCRIPTION -These functions handle RSA signatures at a low level. +These functions handle RSA signatures at a low-level. RSA_private_encrypt() signs the B bytes at B (usually a message digest with an algorithm identifier) using the private key @@ -64,7 +64,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_public_encrypt.pod b/doc/man3/RSA_public_encrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod old mode 100755 new mode 100644 index 4bb63962cfe1ac56e8bf971e033781f7640c6bbc..449b841ed2ad5e18ea37eec4b7a6838532458ccc --- a/doc/man3/RSA_set_method.pod +++ b/doc/man3/RSA_set_method.pod @@ -51,7 +51,7 @@ RSA_set_method() selects B to perform all operations using the key B. This will replace the RSA_METHOD used by the RSA key and if the previous method was supplied by an ENGINE, the handle to that ENGINE will be released during the change. It is possible to have RSA keys that only -work with certain RSA_METHOD implementations (eg. from an ENGINE module +work with certain RSA_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the RSA_METHOD for the key can have unexpected results. @@ -176,7 +176,7 @@ was replaced to always return NULL in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RSA_sign.pod b/doc/man3/RSA_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod b/doc/man3/RSA_sign_ASN1_OCTET_STRING.pod old mode 100755 new mode 100644 diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SCT_new.pod b/doc/man3/SCT_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SCT_print.pod b/doc/man3/SCT_print.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SHA256_Init.pod b/doc/man3/SHA256_Init.pod old mode 100755 new mode 100644 index 6a8f2fa0db0eb2422bd223607b15245476edcac5..f50839db63854472271075352724cdc27eb1fd31 --- a/doc/man3/SHA256_Init.pod +++ b/doc/man3/SHA256_Init.pod @@ -75,9 +75,6 @@ SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if B is NULL. -The predecessor of SHA-1, SHA, is also implemented, but it should be -used only when backward compatibility is required. - =head1 RETURN VALUES SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash @@ -98,7 +95,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SMIME_read_CMS.pod b/doc/man3/SMIME_read_CMS.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SMIME_read_PKCS7.pod b/doc/man3/SMIME_read_PKCS7.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SMIME_write_CMS.pod b/doc/man3/SMIME_write_CMS.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SMIME_write_PKCS7.pod b/doc/man3/SMIME_write_PKCS7.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CONF_CTX_new.pod b/doc/man3/SSL_CONF_CTX_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CONF_CTX_set1_prefix.pod b/doc/man3/SSL_CONF_CTX_set1_prefix.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CONF_CTX_set_flags.pod b/doc/man3/SSL_CONF_CTX_set_flags.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod old mode 100755 new mode 100644 index 7f2449e379b932e3ce14156215c59fae6c7cbb09..900c4f3a56480039e7ef05571bd7d39b0ac5be7d --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -79,7 +79,7 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +applicable (e.g. B) or an OpenSSL OID name (e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -95,7 +95,7 @@ servers The B argument is a curve name or the special value B which picks an appropriate curve based on client and server preferences. The curve can be either the B name (e.g. B) or an OpenSSL OID name -(e.g B). Curve names are case sensitive. +(e.g. B). Curve names are case sensitive. =item B<-cipher> @@ -147,13 +147,16 @@ B. =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. -Currently supported protocol values are B, B, -B, B, B for TLS and B, B for DTLS, -and B for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. +Currently supported protocol values are B, B, B, +B, B for TLS; B, B for DTLS, and B +for no limit. +If either the lower or upper bound is not specified then only the other bound +applies, if specified. +If your application supports both TLS and DTLS you can specify any of these +options twice, once with a bound for TLS and again with an appropriate bound +for DTLS. +To restrict the supported protocol versions use these commands rather than the +deprecated alternative commands below. =item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> @@ -356,7 +359,7 @@ B. The B argument is a colon separated list of groups. The group can be either the B name (e.g. B), some other commonly used name where -applicable (e.g. B) or an OpenSSL OID name (e.g B). Group +applicable (e.g. B) or an OpenSSL OID name (e.g. B). Group names are case sensitive. The list should be in order of preference with the most preferred group first. @@ -370,7 +373,11 @@ This sets the minimum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -378,7 +385,11 @@ This sets the maximum supported SSL, TLS or DTLS version. Currently supported protocol values are B, B, B, B, B, B and B. -The value B will disable the limit. +The SSL and TLS bounds apply only to TLS-based contexts, while the DTLS bounds +apply only to DTLS-based contexts. +The command can be repeated with one instance setting a TLS bound, and the +other setting a DTLS bound. +The value B applies to both types of contexts and disables the limits. =item B @@ -537,7 +548,7 @@ The value is a string without any specific structure. =item B -The value is a file name. +The value is a filename. =item B @@ -683,7 +694,7 @@ B and B were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd_argv.pod b/doc/man3/SSL_CONF_cmd_argv.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_add_extra_chain_cert.pod b/doc/man3/SSL_CTX_add_extra_chain_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_add_session.pod b/doc/man3/SSL_CTX_add_session.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_config.pod b/doc/man3/SSL_CTX_config.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_ctrl.pod b/doc/man3/SSL_CTX_ctrl.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod old mode 100755 new mode 100644 index 7168bd64fda8c87757c5c9fafa61590eafbded28..6f9514ae77da183fca48390aa4679d64909cc3a9 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -122,7 +122,7 @@ SSL_get0_dane_tlsa() can be used to retrieve the fields of the TLSA record that matched the peer certificate chain. The return value indicates the match depth or failure to match just as with SSL_get0_dane_authority(). -When the return value is non-negative, the storage pointed to by the B, +When the return value is nonnegative, the storage pointed to by the B, B, B and B parameters is updated to the corresponding TLSA record fields. The B field is in binary wire form, and is therefore not NUL-terminated, @@ -136,7 +136,7 @@ SSL_CTX_dane_set_flags() and SSL_dane_set_flags() can be used to enable optional DANE verification features. SSL_CTX_dane_clear_flags() and SSL_dane_clear_flags() can be used to disable the same features. -The B argument is a bitmask of the features to enable or disable. +The B argument is a bit mask of the features to enable or disable. The B set for an B context are copied to each B handle associated with that context at the time the handle is created. Subsequent changes in the context's B have no effect on the B set @@ -173,7 +173,7 @@ certificate or a public key that fails to parse. The functions SSL_get0_dane_authority() and SSL_get0_dane_tlsa() return a negative value when DANE authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the TLSA record matched a +nonnegative value indicates the chain depth at which the TLSA record matched a chain certificate, or the depth of the top-most certificate, when the TLSA record is a full public key that is its signer. @@ -372,7 +372,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_flush_sessions.pod b/doc/man3/SSL_CTX_flush_sessions.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_free.pod b/doc/man3/SSL_CTX_free.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_get0_param.pod b/doc/man3/SSL_CTX_get0_param.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_get_verify_mode.pod b/doc/man3/SSL_CTX_get_verify_mode.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_has_client_custom_ext.pod b/doc/man3/SSL_CTX_has_client_custom_ext.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_sess_number.pod b/doc/man3/SSL_CTX_sess_number.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_sess_set_cache_size.pod b/doc/man3/SSL_CTX_sess_set_cache_size.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_sessions.pod b/doc/man3/SSL_CTX_sessions.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set0_CA_list.pod b/doc/man3/SSL_CTX_set0_CA_list.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/doc/man3/SSL_CTX_set1_verify_cert_store.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod old mode 100755 new mode 100644 index 56c86097b602ee6024126b12eb15c06648e0ebcd..e90caecda42512655f1c35dd238ff22782015cd0 --- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod +++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod @@ -114,7 +114,7 @@ provided by the callback. =head1 NOTES The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8-bit length-prefixed, byte strings. The length-prefix byte is not +nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not included in the length. Each string is limited to 255 bytes. A byte-string length of 0 is invalid. A truncated byte-string is invalid. The length of the vector is not in the vector itself, but in a separate variable. @@ -187,7 +187,7 @@ L =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_cert_cb.pod b/doc/man3/SSL_CTX_set_cert_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_cert_store.pod b/doc/man3/SSL_CTX_set_cert_store.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_cert_verify_callback.pod b/doc/man3/SSL_CTX_set_cert_verify_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_cipher_list.pod b/doc/man3/SSL_CTX_set_cipher_list.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_client_cert_cb.pod b/doc/man3/SSL_CTX_set_client_cert_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_ct_validation_callback.pod b/doc/man3/SSL_CTX_set_ct_validation_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_ctlog_list_file.pod b/doc/man3/SSL_CTX_set_ctlog_list_file.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_default_passwd_cb.pod b/doc/man3/SSL_CTX_set_default_passwd_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_ex_data.pod b/doc/man3/SSL_CTX_set_ex_data.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_generate_session_id.pod b/doc/man3/SSL_CTX_set_generate_session_id.pod old mode 100755 new mode 100644 index 1735c6271b5a597e85eb58b029014e898aefcfff..2ad3bf0fbf9dfc5b43d267c43ce1d981c571f0a2 --- a/doc/man3/SSL_CTX_set_generate_session_id.pod +++ b/doc/man3/SSL_CTX_set_generate_session_id.pod @@ -108,8 +108,8 @@ server id given, and will fill the rest with pseudo random bytes: /* * Prefix the session_id with the required prefix. NB: If our * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will + * anyway, e.g. the server could only possibly create 1 session + * ID (i.e. the prefix!) so all future session negotiations will * fail due to conflicts. */ memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? @@ -128,7 +128,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod old mode 100755 new mode 100644 index 01b03f9a59ae323dd5a9cdaef48e6cde2dc9b5e5..cc032f870934a255b7d33b86cf4bcb4efa095724 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -50,7 +50,7 @@ the callback function was called. If B is 0, an error condition occurred. If an alert is handled, SSL_CB_ALERT is set and B specifies the alert information. -B is a bitmask made up of the following bits: +B is a bit mask made up of the following bits: =over 4 @@ -64,7 +64,7 @@ per state in some situations. Callback has been called to indicate exit of a handshake function. This will happen after the end of a handshake, but may happen at other times too such as -on error or when IO might otherwise block and non-blocking is being used. +on error or when IO might otherwise block and nonblocking is being used. =item SSL_CB_READ @@ -156,7 +156,7 @@ L =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_keylog_callback.pod b/doc/man3/SSL_CTX_set_keylog_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_max_cert_list.pod b/doc/man3/SSL_CTX_set_max_cert_list.pod old mode 100755 new mode 100644 index 01936c58470cac7e239ff5138916781757f5c006..3996c97682bc5542ca1f1878318b65645ca36c9d --- a/doc/man3/SSL_CTX_set_max_cert_list.pod +++ b/doc/man3/SSL_CTX_set_max_cert_list.pod @@ -39,7 +39,7 @@ received from a faulty or malicious peer, a maximum size for the certificate chain is set. The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit DOS platform). This should be sufficient for usual certificate +on the 16-bit DOS platform). This should be sufficient for usual certificate chains (OpenSSL's default maximum chain length is 10, see L, and certificates without special extensions have a typical size of 1-2kB). @@ -72,7 +72,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod old mode 100755 new mode 100644 index 387d1ec1ef048645df30c375873aa5db9239a88c..85e3353e0e2c5448783e27fe1d029d1b0d58e2ab --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -18,13 +18,13 @@ SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_ =head1 DESCRIPTION -SSL_CTX_set_mode() adds the mode set via bitmask in B to B. +SSL_CTX_set_mode() adds the mode set via bit mask in B to B. Options already set before are not cleared. -SSL_CTX_clear_mode() removes the mode set via bitmask in B from B. +SSL_CTX_clear_mode() removes the mode set via bit mask in B from B. -SSL_set_mode() adds the mode set via bitmask in B to B. +SSL_set_mode() adds the mode set via bit mask in B to B. Options already set before are not cleared. -SSL_clear_mode() removes the mode set via bitmask in B from B. +SSL_clear_mode() removes the mode set via bit mask in B from B. SSL_CTX_get_mode() returns the mode set for B. @@ -50,8 +50,8 @@ the behaviour of write(). Make it possible to retry SSL_write_ex() or SSL_write() with changed buffer location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking SSL_write() behaves like -non-blocking write(). +avoid the misconception that nonblocking SSL_write() behaves like +nonblocking write(). =item SSL_MODE_AUTO_RETRY @@ -64,9 +64,9 @@ If such a non-application data record was processed, the flag B causes it to try to process the next record instead of returning. -In a non-blocking environment applications must be prepared to handle +In a nonblocking environment applications must be prepared to handle incomplete read/write operations. -Setting B for a non-blocking B will process +Setting B for a nonblocking B will process non-application data records until either no more data is available or an application data record has been processed. @@ -121,10 +121,10 @@ default since 1.1.1. =head1 RETURN VALUES -SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask +SSL_CTX_set_mode() and SSL_set_mode() return the new mode bit mask after adding B. -SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. +SSL_CTX_get_mode() and SSL_get_mode() return the current bit mask. =head1 SEE ALSO @@ -137,7 +137,7 @@ SSL_MODE_ASYNC was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_msg_callback.pod b/doc/man3/SSL_CTX_set_msg_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_num_tickets.pod b/doc/man3/SSL_CTX_set_num_tickets.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod old mode 100755 new mode 100644 index 2d840b62cb24a40a77d0bd65db26269116e757ad..969e0366c45a43704a2c13b84f0d35e273d7995a --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -23,16 +23,16 @@ SSL_get_secure_renegotiation_support - manipulate SSL options =head1 DESCRIPTION -SSL_CTX_set_options() adds the options set via bitmask in B to B. +SSL_CTX_set_options() adds the options set via bit mask in B to B. Options already set before are not cleared! -SSL_set_options() adds the options set via bitmask in B to B. +SSL_set_options() adds the options set via bit mask in B to B. Options already set before are not cleared! -SSL_CTX_clear_options() clears the options set via bitmask in B +SSL_CTX_clear_options() clears the options set via bit mask in B to B. -SSL_clear_options() clears the options set via bitmask in B to B. +SSL_clear_options() clears the options set via bit mask in B to B. SSL_CTX_get_options() returns the options set for B. @@ -45,7 +45,7 @@ Note, this is implemented via a macro. =head1 NOTES The behaviour of the SSL library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise B +The options are coded as bit masks and can be combined by a bitwise B operation (|). SSL_CTX_set_options() and SSL_set_options() affect the (external) @@ -161,7 +161,7 @@ the session. In this way the server can operate statelessly - no session information needs to be cached locally. The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +ids. However, OpenSSL allows two modes of ticket operation in TLSv1.3: stateful and stateless. Stateless tickets work the same way as in TLSv1.2 and below. Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. The session information is cached on the server and the session id is wrapped up @@ -340,13 +340,13 @@ and renegotiation between OpenSSL and unpatched clients or servers. =head1 RETURN VALUES -SSL_CTX_set_options() and SSL_set_options() return the new options bitmask +SSL_CTX_set_options() and SSL_set_options() return the new options bit mask after adding B. -SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask +SSL_CTX_clear_options() and SSL_clear_options() return the new options bit mask after clearing B. -SSL_CTX_get_options() and SSL_get_options() return the current bitmask. +SSL_CTX_get_options() and SSL_get_options() return the current bit mask. SSL_get_secure_renegotiation_support() returns 1 is the peer supports secure renegotiation and 0 if it does not. @@ -368,7 +368,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod old mode 100755 new mode 100644 index eb4e4f5fa424a79b304815cc266b46edab9eff89..0273ccb97a831d533f8910856382468889995c59 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the B value will always be NULL and the handshake digest will default to SHA-256 for any returned -PSK. +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the +B callback, and are not possible with the +B callback. =head1 NOTES @@ -133,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L will return true. There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can @@ -166,7 +168,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_quiet_shutdown.pod b/doc/man3/SSL_CTX_set_quiet_shutdown.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_read_ahead.pod b/doc/man3/SSL_CTX_set_read_ahead.pod old mode 100755 new mode 100644 index ff037d938dcd0e01a46ed85cc6ee408cc856bc8a..6d1e8bd5e8e92a5250af0a52487cb1931536ae99 --- a/doc/man3/SSL_CTX_set_read_ahead.pod +++ b/doc/man3/SSL_CTX_set_read_ahead.pod @@ -21,7 +21,7 @@ SSL_CTX_get_default_read_ahead =head1 DESCRIPTION SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if +many input bytes as possible (for nonblocking reads) or not. For example if B bytes are currently required by OpenSSL, but B bytes are available from the underlying BIO (where B > B), then OpenSSL will read all B bytes into its buffer (providing that the buffer is large enough) if reading ahead is @@ -64,7 +64,7 @@ L, L =head1 COPYRIGHT -Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod old mode 100755 new mode 100644 index 0cb6c1f52a223136d5905111d00bb4715dd3f9c8..f85959e7c045216e684bc0f40de03040384ee216 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -114,12 +114,6 @@ I =head1 NOTES -B at this time setting the security level higher than 1 for -general internet use is likely to cause B interoperability -issues and is not recommended. This is because the B algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. - The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. @@ -180,7 +174,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_cache_mode.pod b/doc/man3/SSL_CTX_set_session_cache_mode.pod old mode 100755 new mode 100644 index 18c9783fe0b27976e25bd7f2a1cd930dc2da5dda..38603f250dabbba66a926c0328f0a0460452b33a --- a/doc/man3/SSL_CTX_set_session_cache_mode.pod +++ b/doc/man3/SSL_CTX_set_session_cache_mode.pod @@ -96,7 +96,7 @@ session caching (callback) that is configured for the SSL_CTX. This flag will prevent sessions being stored in the internal cache (though the application can add them manually using L). Note: in any SSL/TLS servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would +session lookups in the external cache (i.e. for session-resume requests) would normally be copied into the local cache before processing continues - this flag prevents these additions to the internal cache as well. @@ -131,7 +131,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_id_context.pod b/doc/man3/SSL_CTX_set_session_id_context.pod old mode 100755 new mode 100644 index 4036d3c7b323f153dfa4581ec3fe280eba1d589d..ccd37ba681d3fab705d7d3c785a353b3cd69f06f --- a/doc/man3/SSL_CTX_set_session_id_context.pod +++ b/doc/man3/SSL_CTX_set_session_id_context.pod @@ -26,7 +26,7 @@ B within which a session can be reused for the B object. Sessions are generated within a certain context. When exporting/importing sessions with B/B it would be possible, to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application +application), which might lead to malfunctions. Therefore, each application must set its own session id context B which is used to distinguish the contexts and is stored in exported sessions. The B can be any kind of binary data with a given length, it is therefore possible @@ -82,7 +82,7 @@ L =head1 COPYRIGHT -Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod old mode 100755 new mode 100644 index f3dfb62c231c61bfd9ab1b6e02bad65bc0dde57f..aa520f4a62619e57debdee9bc9b5f6f87301f830 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -107,7 +107,7 @@ The return value can be any of these values: The handshake should be aborted, either because of an error or because of some policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean +handshake. Therefore, just because one ticket is unacceptable it does not mean that all of them are. For this reason this option should be used with caution. =item SSL_TICKET_RETURN_IGNORE @@ -177,12 +177,12 @@ L =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_split_send_fragment.pod b/doc/man3/SSL_CTX_set_split_send_fragment.pod old mode 100755 new mode 100644 index d63ca4157e0989c15b7026240fe36415b38a0129..d8fd3f5390c8cd0c57b0a124d3e09866f5e67259 --- a/doc/man3/SSL_CTX_set_split_send_fragment.pod +++ b/doc/man3/SSL_CTX_set_split_send_fragment.pod @@ -41,7 +41,7 @@ capability is known as "pipelining" within OpenSSL. In order to benefit from the pipelining capability. You need to have an engine that provides ciphers that support this. The OpenSSL "dasync" engine provides -AES128-SHA based ciphers that have this capability. However these are for +AES128-SHA based ciphers that have this capability. However, these are for development and test purposes only. SSL_CTX_set_max_send_fragment() and SSL_set_max_send_fragment() set the @@ -178,7 +178,7 @@ and SSL_SESSION_get_max_fragment_length() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_ssl_version.pod b/doc/man3/SSL_CTX_set_ssl_version.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod old mode 100755 new mode 100644 index e971035734e1729d094c71e043b3f8a2941df53b..0c21cfdb6bc7ed2ffb704e19a1e8234515f3f0cf --- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -51,7 +51,7 @@ value is initialised to SSL_AD_UNRECOGNIZED_NAME. =item SSL_TLSEXT_ERR_ALERT_WARNING If this value is returned then the servername is not accepted by the server. -However the handshake will continue and send a warning alert instead. The value +However, the handshake will continue and send a warning alert instead. The value of the alert should be stored in the location pointed to by the B parameter as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has been negotiated then this return value is @@ -88,7 +88,7 @@ Otherwise it returns NULL. =item On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred -If the session from the orignal handshake had a servername accepted by the +If the session from the original handshake had a servername accepted by the server then it will return that servername. Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL @@ -157,12 +157,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e. Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but -set a different explict servername in the second handshake then when called by +set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake. Also prior to 1.1.1e, if the client sent a servername in the first handshake but -the server did not accept it, and then a second handshake occured where TLSv1.2 +the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL. diff --git a/doc/man3/SSL_CTX_set_tlsext_status_cb.pod b/doc/man3/SSL_CTX_set_tlsext_status_cb.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod old mode 100755 new mode 100644 index 43bddc51e8cf16a23d6e4cdfeabced6dee712722..b2637efc1a7277af82f437146284a8585f68d41d --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -136,6 +136,8 @@ Reference Implementation: unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) { + your_type_t *key; /* something that you need to implement */ + if (enc) { /* create new session */ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) return -1; /* insufficient random */ @@ -154,21 +156,22 @@ Reference Implementation: } memcpy(key_name, key->name, 16); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); return 1; } else { /* retrieve session */ - key = findkey(name); + time_t t = time(NULL); + key = findkey(key_name); /* something that you need to implement */ - if (key == NULL || key->expire < now()) + if (key == NULL || key->expire < t) return 0; - HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 32, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv); - if (key->expire < now() - RENEW_TIME) { + if (key->expire < t - RENEW_TIME) { /* RENEW_TIME: implement */ /* * return 2 - This session will get a new ticket even though the * current one is still valid. @@ -190,7 +193,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod old mode 100755 new mode 100644 index 0957ade5e106db1d6777c7931f819126e8e9e89b..b39fc09169ac6c5571e0b5af0656044798f18c6d --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest -will default to SHA-256 for any returned PSK. +will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the B +callback, and are not possible with the B callback. =head1 NOTES @@ -126,7 +128,7 @@ failure. In the event of failure the connection setup fails. =head1 NOTES There are no known security issues with sharing the same PSK between TLSv1.2 (or -below) and TLSv1.3. However the RFC has this note of caution: +below) and TLSv1.3. However, the RFC has this note of caution: "While there is no known way in which the same PSK might produce related output in both versions, only limited analysis has been done. Implementations can @@ -145,7 +147,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_use_serverinfo.pod b/doc/man3/SSL_CTX_use_serverinfo.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_free.pod b/doc/man3/SSL_SESSION_free.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get0_cipher.pod b/doc/man3/SSL_SESSION_get0_cipher.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get0_id_context.pod b/doc/man3/SSL_SESSION_get0_id_context.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get0_peer.pod b/doc/man3/SSL_SESSION_get0_peer.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get_compress_id.pod b/doc/man3/SSL_SESSION_get_compress_id.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get_ex_data.pod b/doc/man3/SSL_SESSION_get_ex_data.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get_protocol_version.pod b/doc/man3/SSL_SESSION_get_protocol_version.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_get_time.pod b/doc/man3/SSL_SESSION_get_time.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_has_ticket.pod b/doc/man3/SSL_SESSION_has_ticket.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_is_resumable.pod b/doc/man3/SSL_SESSION_is_resumable.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_print.pod b/doc/man3/SSL_SESSION_print.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_SESSION_set1_id.pod b/doc/man3/SSL_SESSION_set1_id.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_accept.pod b/doc/man3/SSL_accept.pod old mode 100755 new mode 100644 index b1595f7acf34748c892f1f369e10d56cc5d4c7d5..81c9dbea574881aca64f4c52f85616699c795c10 --- a/doc/man3/SSL_accept.pod +++ b/doc/man3/SSL_accept.pod @@ -23,14 +23,14 @@ The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_accept() will also return +If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_accept() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_accept(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -57,7 +57,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_alert_type_string.pod b/doc/man3/SSL_alert_type_string.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_alloc_buffers.pod b/doc/man3/SSL_alloc_buffers.pod old mode 100755 new mode 100644 index 94bd05840c84d3a1f82b0861ca374d7fee2d0324..ac3bd814c67cddc67ccdd9a6770ac82d20ba04e9 --- a/doc/man3/SSL_alloc_buffers.pod +++ b/doc/man3/SSL_alloc_buffers.pod @@ -22,7 +22,7 @@ control when buffers are freed and allocated. After freeing the buffers, the buffers are automatically reallocated upon a new read or write. The SSL_alloc_buffers() does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to +can be used to make sure the buffers are preallocated. This can be used to avoid allocation during data processing or with CRYPTO_set_mem_functions() to control where and how buffers are allocated. @@ -57,7 +57,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_check_chain.pod b/doc/man3/SSL_check_chain.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_clear.pod b/doc/man3/SSL_clear.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod old mode 100755 new mode 100644 index f7d9e57db6224d97035e59b422657cdac3c6439b..0e6b6253586cc7cb3585b3db1bcd79b51165f1cd --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -23,14 +23,14 @@ The behaviour of SSL_connect() depends on the underlying BIO. If the underlying BIO is B, SSL_connect() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_connect() will also return +If the underlying BIO is B, SSL_connect() will also return when the underlying BIO could not satisfy the needs of SSL_connect() to continue the handshake, indicating the problem by the return value -1. In this case a call to SSL_get_error() with the return value of SSL_connect() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -72,7 +72,7 @@ established. The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_do_handshake.pod b/doc/man3/SSL_do_handshake.pod old mode 100755 new mode 100644 index 8852f9d3e3dcea292b39525014ebfd90b9235886..fa133d76a8edf0890d78e1acea1794c6446996a5 --- a/doc/man3/SSL_do_handshake.pod +++ b/doc/man3/SSL_do_handshake.pod @@ -25,13 +25,13 @@ The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B, SSL_do_handshake() will only return once the handshake has been finished or an error occurred. -If the underlying BIO is B, SSL_do_handshake() will also return +If the underlying BIO is B, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_do_handshake() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_do_handshake(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -58,7 +58,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was not clean. It can also occur if action is needed to continue the operation -for non-blocking BIOs. Call SSL_get_error() with the return value B +for nonblocking BIOs. Call SSL_get_error() with the return value B to find out the reason. =back diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_extension_supported.pod b/doc/man3/SSL_extension_supported.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_free.pod b/doc/man3/SSL_free.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get0_peer_scts.pod b/doc/man3/SSL_get0_peer_scts.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_SSL_CTX.pod b/doc/man3/SSL_get_SSL_CTX.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_all_async_fds.pod b/doc/man3/SSL_get_all_async_fds.pod old mode 100755 new mode 100644 index 5b17f091e35337a49953eb552fab84d1880677da..6fa6ed4a62efd1cd58d21b4bf8ecf1eccaf5bde9 --- a/doc/man3/SSL_get_all_async_fds.pod +++ b/doc/man3/SSL_get_all_async_fds.pod @@ -32,7 +32,7 @@ appearing as "read ready" on the file descriptor (no actual data should be read from the file descriptor). This function should only be called if the SSL object is currently waiting for asynchronous work to complete (i.e. SSL_ERROR_WANT_ASYNC has been received - see L). Typically the -list will only contain one file descriptor. However if multiple asynchronous +list will only contain one file descriptor. However, if multiple asynchronous capable engines are in use then more than one is possible. The number of file descriptors returned is stored in B<*numfds> and the file descriptors themselves are in B<*fds>. The B parameter may be NULL in which case no file @@ -63,7 +63,7 @@ SSL_get_all_async_fds() and SSL_get_changed_async_fds() return 1 on success or On Windows platforms the openssl/async.h header is dependent on some of the types customarily made available by including windows.h. The application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore +is included, commonly as one of the first included headers. Therefore, it is defined as an application developer's responsibility to include windows.h prior to async.h. @@ -78,7 +78,7 @@ and SSL_get_changed_async_fds() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_client_random.pod b/doc/man3/SSL_get_client_random.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_current_cipher.pod b/doc/man3/SSL_get_current_cipher.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_default_timeout.pod b/doc/man3/SSL_get_default_timeout.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod old mode 100755 new mode 100644 index 5221ccfe18049a36913aa1e7d8a8483528009ff3..e6a1e8b63def91f6d1597b88f895e14dcd3ba5e5 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -49,7 +49,7 @@ indicate that the underlying transport has been closed. The operation did not complete and can be retried later. B is returned when the last operation was a read -operation from a non-blocking B. +operation from a nonblocking B. It means that not enough data was available at this time to complete the operation. If at a later time the underlying B has data available for reading the same @@ -61,8 +61,8 @@ for a blocking B. See L for more information. B is returned when the last operation was a write -to a non-blocking B and it was unable to sent all data to the B. -When the B is writeable again, the same function can be called again. +to a nonblocking B and it was unable to sent all data to the B. +When the B is writable again, the same function can be called again. Note that the retry may again lead to an B or B condition. @@ -72,7 +72,7 @@ protocol level. It is safe to call SSL_read() or SSL_read_ex() when more data is available even when the call that set this error was an SSL_write() or SSL_write_ex(). -However if the call was an SSL_write() or SSL_write_ex(), it should be called +However, if the call was an SSL_write() or SSL_write_ex(), it should be called again to continue sending the application data. For socket Bs (e.g. when SSL_set_fd() was used), select() or diff --git a/doc/man3/SSL_get_extms_support.pod b/doc/man3/SSL_get_extms_support.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_fd.pod b/doc/man3/SSL_get_fd.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_peer_cert_chain.pod b/doc/man3/SSL_get_peer_cert_chain.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_peer_certificate.pod b/doc/man3/SSL_get_peer_certificate.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_peer_signature_nid.pod b/doc/man3/SSL_get_peer_signature_nid.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_peer_tmp_key.pod b/doc/man3/SSL_get_peer_tmp_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_psk_identity.pod b/doc/man3/SSL_get_psk_identity.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_rbio.pod b/doc/man3/SSL_get_rbio.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_shared_sigalgs.pod b/doc/man3/SSL_get_shared_sigalgs.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_verify_result.pod b/doc/man3/SSL_get_verify_result.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_in_init.pod b/doc/man3/SSL_in_init.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_key_update.pod b/doc/man3/SSL_key_update.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_library_init.pod b/doc/man3/SSL_library_init.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod old mode 100755 new mode 100644 index 222e9d5886d3ccf9ea054f5d092b2d6819311376..b8680526b8db5d7dcbc92d89e2661db03cbd7afe --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -26,10 +26,75 @@ structure are freed. SSL_up_ref() increments the reference count for an existing B structure. -SSL_dup() duplicates an existing B structure into a new allocated one. All -settings are inherited from the original B structure. Dynamic data (i.e. -existing connection details) are not copied, the new B is set into an -initial accept (server) or connect (client) state. +The function SSL_dup() creates and returns a new B structure from the same +B that was used to create I. It additionally duplicates a subset of +the settings in I into the new B object. + +For SSL_dup() to work, the connection MUST be in its initial state and +MUST NOT have yet started the SSL handshake. For connections that are not in +their initial state SSL_dup() just increments an internal +reference count and returns the I handle. It may be possible to +use L to recycle an SSL handle that is not in its initial +state for re-use, but this is best avoided. Instead, save and restore +the session, if desired, and construct a fresh handle for each connection. + +The subset of settings in I that are duplicated are: + +=over 4 + +=item any session data if configured (including the session_id_context) + +=item any tmp_dh settings set via L, +L, or L + +=item any configured certificates, private keys or certificate chains + +=item any configured signature algorithms, or client signature algorithms + +=item any DANE settings + +=item any Options set via L + +=item any Mode set via L + +=item any minimum or maximum protocol settings set via +L or L (Note: Only +from OpenSSL 1.1.1h and above) + +=item any Verify mode, callback or depth set via L or +L or any configured X509 verification parameters + +=item any msg callback or info callback set via L or +L + +=item any default password callback set via L + +=item any session id generation callback set via L + +=item any configured Cipher List + +=item initial accept (server) or connect (client) state + +=item the max cert list value set via L + +=item the read_ahead value set via L + +=item application specific data set via L + +=item any CA list or client CA list set via L, +SSL_set0_client_CA_list() or similar functions + +=item any security level settings or callbacks + +=item any configured serverinfo data + +=item any configured PSK identity hint + +=item any configured custom extensions + +=item any client certificate types configured via SSL_set1_client_certificate_types + +=back =head1 RETURN VALUES @@ -59,7 +124,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_pending.pod b/doc/man3/SSL_pending.pod old mode 100755 new mode 100644 index c077a318c20e804f273705a482623b44652a2f1f..eb42b554895eb3546a517bb105eb8d9982b7c8f3 --- a/doc/man3/SSL_pending.pod +++ b/doc/man3/SSL_pending.pod @@ -27,7 +27,7 @@ record) may have been read containing more TLS/SSL records. This also applies to DTLS and pipelining (see L). These additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() -will ignore them. Therefore it is possible for no more bytes to be readable from +will ignore them. Therefore, it is possible for no more bytes to be readable from the underlying BIO (because OpenSSL has already read them) and for SSL_pending() to return 0, even though readable application data bytes are available (because the data is in unprocessed buffered records). @@ -59,7 +59,7 @@ The SSL_has_pending() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod old mode 100755 new mode 100644 index 4da7ad1ae1f4113b42990e0dbfcdf982e707f5ee..29ccd9947c32a3270222c511d288ce53e3df89bd --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -45,7 +45,7 @@ invocation of a read function. The read functions work based on the SSL/TLS records. The data are received in records (with a maximum record size of 16kB). Only when a record has been completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be +Therefore, data that was not retrieved at the last read call can still be buffered inside the SSL layer and will be retrieved on the next read call. If B is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the @@ -72,7 +72,7 @@ not set. Note that if B is set and only non-application data is available the call will hang. -If the underlying BIO is B, a read function will also return when +If the underlying BIO is B, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the @@ -83,7 +83,7 @@ a read function can also cause write operations. The calling process then must repeat the call after taking appropriate action to satisfy the needs of the read function. The action depends on the underlying BIO. -When using a non-blocking socket, nothing is to be done, but select() can be +When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -142,7 +142,7 @@ The SSL_read_ex() and SSL_peek_ex() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod old mode 100755 new mode 100644 index c51fe1359dc3cfd5fcd64e4b07301e5bce956478..178bad731f1f973597b26e476a68d76d847d054f --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -58,10 +58,11 @@ SSL_set_allow_early_data_cb These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band PSK, and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also @@ -202,7 +203,7 @@ early data settings for the SSL_CTX and SSL objects respectively. Generally a server application will either use both of SSL_read_early_data() and SSL_CTX_set_max_early_data() (or SSL_set_max_early_data()), or neither of them, since there is no practical benefit from using only one of them. If the maximum -early data setting for a server is non-zero then replay protection is +early data setting for a server is nonzero then replay protection is automatically enabled (see L below). If the server rejects the early data sent by a client then it will skip over @@ -220,7 +221,7 @@ max_early_data for the session and the recv_max_early_data setting for the server. If a client sends more data than this then the connection will abort. The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured +required. However, clients may have tickets containing the previously configured max_early_data value. The recv_max_early_data should always be equal to or higher than any recently configured max_early_data value in order to avoid aborted connections. The recv_max_early_data should never be set to less than @@ -285,7 +286,7 @@ retry with a lower maximum protocol version. When early data is in use the TLS protocol provides no security guarantees that the same early data was not replayed across multiple connections. As a mitigation for this issue OpenSSL automatically enables replay protection if the -server is configured with a non-zero max early data value. With replay +server is configured with a nonzero max early data value. With replay protection enabled sessions are forced to be single use only. If a client attempts to reuse a session ticket more than once, then the second and subsequent attempts will fall back to a full handshake (and any early data that @@ -316,7 +317,7 @@ cache. Applications should be designed with this in mind in order to minimise the possibility of replay attacks. The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution +(e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore, extreme caution should be applied when combining external PSKs with early data. Some applications may mitigate the replay risks in other ways. For those @@ -364,7 +365,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_rstate_string.pod b/doc/man3/SSL_rstate_string.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_session_reused.pod b/doc/man3/SSL_session_reused.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_set1_host.pod b/doc/man3/SSL_set1_host.pod old mode 100755 new mode 100644 index 4ae9f6e7f3d19806f2da652014fb30d4dcd87e5a..5754d480c84aa6cebce2d481c0f8073376754262 --- a/doc/man3/SSL_set1_host.pod +++ b/doc/man3/SSL_set1_host.pod @@ -19,9 +19,9 @@ SSL server verification parameters These functions configure server hostname checks in the SSL client. SSL_set1_host() sets the expected DNS hostname to B clearing -any previously specified host name or names. If B is NULL, +any previously specified hostname or names. If B is NULL, or the empty string the list of hostnames is cleared, and name -checks are not performed on the peer certificate. When a non-empty +checks are not performed on the peer certificate. When a nonempty B is specified, certificate verification automatically checks the peer hostname via L with B as specified via SSL_set_hostflags(). Clients that enable DANE TLSA authentication @@ -108,7 +108,7 @@ These functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod old mode 100755 new mode 100644 index 1fa0d34926008dff87082d6613d9a4df2ee0c37b..b824b5ae20ac3678fd8312c797f1eecb7b68fff0 --- a/doc/man3/SSL_set_bio.pod +++ b/doc/man3/SSL_set_bio.pod @@ -16,7 +16,7 @@ SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio - connect the SSL object with a BIO SSL_set0_rbio() connects the BIO B for the read operations of the B object. The SSL engine inherits the behaviour of B. If the BIO is -non-blocking then the B object will also have non-blocking behaviour. This +nonblocking then the B object will also have nonblocking behaviour. This function transfers ownership of B to B. It will be automatically freed using L when the B is freed. On calling this function, any existing B that was previously set will also be freed via a @@ -26,7 +26,7 @@ the same value as previously). SSL_set0_wbio() works in the same as SSL_set0_rbio() except that it connects the BIO B for the write operations of the B object. Note that if the rbio and wbio are the same then SSL_set0_rbio() and SSL_set0_wbio() each take -ownership of one reference. Therefore it may be necessary to increment the +ownership of one reference. Therefore, it may be necessary to increment the number of references available using L before calling the set0 functions. @@ -104,7 +104,7 @@ SSL_set0_rbio() and SSL_set0_wbio() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_connect_state.pod b/doc/man3/SSL_set_connect_state.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_set_fd.pod b/doc/man3/SSL_set_fd.pod old mode 100755 new mode 100644 index d5ec951e0bb84ffddabf17655505ae0c67e45e28..6780d515f91fe054ec19323015764ffde2f5f73c --- a/doc/man3/SSL_set_fd.pod +++ b/doc/man3/SSL_set_fd.pod @@ -20,8 +20,8 @@ socket file descriptor of a network connection. When performing the operation, a B is automatically created to interface between the B and B. The BIO and hence the SSL engine -inherit the behaviour of B. If B is non-blocking, the B will -also have non-blocking behaviour. +inherit the behaviour of B. If B is nonblocking, the B will +also have nonblocking behaviour. If there was already a BIO connected to B, BIO_free() will be called (for both the reading and writing side, if different). @@ -53,7 +53,7 @@ L, L , L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_session.pod b/doc/man3/SSL_set_session.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_set_shutdown.pod b/doc/man3/SSL_set_shutdown.pod old mode 100755 new mode 100644 index b1cf58920be4dcb44c0f130d0ba19b55a515e63a..1d08f6c2cf0f9b9c1afcf3704edafc3a1e4dc185 --- a/doc/man3/SSL_set_shutdown.pod +++ b/doc/man3/SSL_set_shutdown.pod @@ -20,7 +20,7 @@ SSL_get_shutdown() returns the shutdown mode of B. =head1 NOTES -The shutdown state of an ssl connection is a bitmask of: +The shutdown state of an ssl connection is a bit mask of: =over 4 @@ -71,7 +71,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_set_verify_result.pod b/doc/man3/SSL_set_verify_result.pod old mode 100755 new mode 100644 diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod old mode 100755 new mode 100644 index 732e5ada04ae349fe76a4f42a6bcd35fd48e9304..a77721c85269ebed3fd9d51266563f820dc42800 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -95,13 +95,13 @@ The behaviour of SSL_shutdown() additionally depends on the underlying BIO. If the underlying BIO is B, SSL_shutdown() will only return once the handshake step has been finished or an error occurred. -If the underlying BIO is B, SSL_shutdown() will also return +If the underlying BIO is B, SSL_shutdown() will also return when the underlying BIO could not satisfy the needs of SSL_shutdown() to continue the handshake. In this case a call to SSL_get_error() with the return value of SSL_shutdown() will yield B or B. The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_shutdown(). -The action depends on the underlying BIO. When using a non-blocking socket, +The action depends on the underlying BIO. When using a nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -116,6 +116,16 @@ state but not actually send the close_notify alert messages, see L. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. + +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. =head1 RETURN VALUES @@ -128,8 +138,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. -The output of L may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +Unlike most other function, returning 0 does not indicate an error. +L should not get called, it may misleadingly +indicate an error even though no error occurred. =item Z<>1 @@ -140,7 +152,7 @@ and the peer's close_notify alert was received. The shutdown was not successful. Call L with the return value B to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking +It can occur if an action is needed to continue the operation for nonblocking BIOs. It can also occur when not all data was read using SSL_read(). @@ -157,7 +169,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_state_string.pod b/doc/man3/SSL_state_string.pod old mode 100755 new mode 100644 index 505945a9425240cd246b2eda8218d06d083d294f..54dfdd6c231fbc39ee92e1f725d1f21704fde208 --- a/doc/man3/SSL_state_string.pod +++ b/doc/man3/SSL_state_string.pod @@ -26,11 +26,11 @@ maintained. Querying the state information is not very informative before or when a connection has been established. It however can be of significant interest during the handshake. -When using non-blocking sockets, the function call performing the handshake +When using nonblocking sockets, the function call performing the handshake may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition, so that SSL_state_string[_long]() may be called. -For both blocking or non-blocking sockets, the details state information +For both blocking or nonblocking sockets, the details state information can be used within the info_callback function set with the SSL_set_info_callback() call. @@ -44,7 +44,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_want.pod b/doc/man3/SSL_want.pod old mode 100755 new mode 100644 index 6840ccbfb626f26bde6bedb7d7339beb79a2f271..4827e7eeac7f0dc56288063127942c17c521b719 --- a/doc/man3/SSL_want.pod +++ b/doc/man3/SSL_want.pod @@ -33,7 +33,7 @@ return values are similar to that of L. Unlike L, which also evaluates the error queue, the results are obtained by examining an internal state flag only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated +nonblocking I/O. Error conditions are not handled and must be treated using L. The result returned by SSL_want() should always be consistent with @@ -106,7 +106,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod old mode 100755 new mode 100644 index a76ffbb8fd1540bf19a4a38e971ddecfcd9a400a..5e3ce1e7e4dd0ee1dc2b3152853ae365bba99569 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -36,7 +36,7 @@ before the first call to a write function. If the underlying BIO is B, the write functions will only return, once the write operation has been finished or an error occurred. -If the underlying BIO is B the write functions will also return +If the underlying BIO is B the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue the operation. In this case a call to L with the return value of the write function will yield B @@ -44,7 +44,7 @@ or B. As at any time a re-negotiation is possible, a call to a write function can also cause read operations! The calling process then must repeat the call after taking appropriate action to satisfy the needs of the write function. The action depends on the underlying BIO. When using a -non-blocking socket, nothing is to be done, but select() can be used to check +nonblocking socket, nothing is to be done, but select() can be used to check for the required condition. When using a buffering BIO, like a BIO pair, data must be written into or retrieved out of the BIO before being able to continue. @@ -118,7 +118,7 @@ The SSL_write_ex() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/UI_STRING.pod b/doc/man3/UI_STRING.pod old mode 100755 new mode 100644 diff --git a/doc/man3/UI_UTIL_read_pw.pod b/doc/man3/UI_UTIL_read_pw.pod old mode 100755 new mode 100644 index a59cc4f3862aba401ce8165bde7fcdd47629355a..a6528a0300aaa6011a302d3031187a53e6b49484 --- a/doc/man3/UI_UTIL_read_pw.pod +++ b/doc/man3/UI_UTIL_read_pw.pod @@ -21,7 +21,7 @@ UI_UTIL_read_pw_string() asks for a passphrase, using B as a prompt, and stores it in B. The maximum allowed size is given with B, including the terminating NUL byte. -If B is non-zero, the password will be verified as well. +If B is nonzero, the password will be verified as well. UI_UTIL_read_pw() does the same as UI_UTIL_read_pw_string(), the difference is that you can give it an external buffer B for the @@ -62,7 +62,7 @@ L =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/UI_create_method.pod b/doc/man3/UI_create_method.pod old mode 100755 new mode 100644 index a01e1012dcf9b8e9c54120acb1266d11dc395b86..c9295ff52649a9b9f01b2a6efd1b93c6bb1a4702 --- a/doc/man3/UI_create_method.pod +++ b/doc/man3/UI_create_method.pod @@ -51,7 +51,7 @@ interface method creation and destruction =head1 DESCRIPTION -A method contains a few functions that implement the low level of the +A method contains a few functions that implement the low-level of the User Interface. These functions are: @@ -210,7 +210,7 @@ and UI_method_get_data_destructor() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/UI_new.pod b/doc/man3/UI_new.pod old mode 100755 new mode 100644 index 3042b13f1f1a105b6051536e0f20256c9a2ae825..f40b65df40e929ebb1ca5f356bd4817b5bf4c0f2 --- a/doc/man3/UI_new.pod +++ b/doc/man3/UI_new.pod @@ -152,7 +152,7 @@ UI_construct_prompt() is a helper function that can be used to create a prompt from two pieces of information: an description and a name. The default constructor (if there is none provided by the method used) creates a string "Enter I for I:". With the -description "pass phrase" and the file name "foo.key", that becomes +description "pass phrase" and the filename "foo.key", that becomes "Enter pass phrase for foo.key:". Other methods may create whatever string and may include encodings that will be processed by the other method functions. @@ -243,7 +243,7 @@ The UI_dup_user_data() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod old mode 100755 new mode 100644 index ac560b21e97821984fb902a4be74f108f292be75..159948b17029a657db378fdf565d72f68f83af19 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -78,7 +78,7 @@ of a certificate a CRL or a CRL entry respectively. =head1 NOTES In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the B parameter is usually B. +occurrences is an error. Therefore, the B parameter is usually B. The B parameter may be one of the following values. @@ -231,7 +231,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_ALGOR_dup.pod b/doc/man3/X509_ALGOR_dup.pod old mode 100755 new mode 100644 index 4aeaa591ebec38d71f3933c8c24f68ac89a9b869..de2faf8547afc3c3c49fe62137089fcd3df42165 --- a/doc/man3/X509_ALGOR_dup.pod +++ b/doc/man3/X509_ALGOR_dup.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp, X509_ALGOR_copy - AlgorithmIdentifier functions =head1 SYNOPSIS @@ -14,6 +14,7 @@ X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_ const void **ppval, const X509_ALGOR *alg); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); =head1 DESCRIPTION @@ -34,23 +35,30 @@ X509_ALGOR_set_md() sets the B B to appropriate values for the message digest B. X509_ALGOR_cmp() compares B and B and returns 0 if they have identical -encodings and non-zero otherwise. +encodings and nonzero otherwise. + +X509_ALGOR_copy() copies the source values into the dest structs; making +a duplicate of each (and free any thing pointed to from within *dest). =head1 RETURN VALUES X509_ALGOR_dup() returns a valid B structure or NULL if an error occurred. -X509_ALGOR_set0() returns 1 on success or 0 on error. +X509_ALGOR_set0() and X509_ALGOR_copy() return 1 on success or 0 on error. X509_ALGOR_get0() and X509_ALGOR_set_md() return no values. X509_ALGOR_cmp() returns 0 if the two parameters have identical encodings and -non-zero otherwise. +nonzero otherwise. + +=head1 HISTORY + +The X509_ALGOR_copy() was added in 1.1.1e. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_CRL_get0_by_serial.pod b/doc/man3/X509_CRL_get0_by_serial.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_EXTENSION_set_object.pod b/doc/man3/X509_EXTENSION_set_object.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod old mode 100755 new mode 100644 index dd41f78b1240836720643ee5ac192a040df76544..365d0dea1c76c010da766e7a00e8a452a7a3538b --- a/doc/man3/X509_LOOKUP_hash_dir.pod +++ b/doc/man3/X509_LOOKUP_hash_dir.pod @@ -80,7 +80,7 @@ upon each lookup, so that newer CRLs are as soon as they appear in the directory. The directory should contain one certificate or CRL per file in PEM format, -with a file name of the form I.I for a certificate, or +with a filename of the form I.I for a certificate, or I.BI for a CRL. The I is the value returned by the L function applied to the subject name for certificates or issuer name for CRLs. @@ -129,7 +129,7 @@ L, =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod old mode 100755 new mode 100644 index a4e7466395dd09e6132eb82d7a8b87e4ef8daf06..ad581d4b421e93b8c7799d3c1073236fab8a320d --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -151,7 +151,7 @@ Implementations must add objects they find to the B object using X509_STORE_add_cert() or X509_STORE_add_crl(). This increments its reference count. However, the X509_STORE_CTX_get_by_subject() function also increases the reference count which leads to one too -many references being held. Therefore applications should +many references being held. Therefore, applications should additionally call X509_free() or X509_CRL_free() to decrement the reference count again. diff --git a/doc/man3/X509_NAME_ENTRY_get_object.pod b/doc/man3/X509_NAME_ENTRY_get_object.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_NAME_add_entry_by_txt.pod b/doc/man3/X509_NAME_add_entry_by_txt.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_NAME_get0_der.pod b/doc/man3/X509_NAME_get0_der.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_SIG_get0.pod b/doc/man3/X509_SIG_get0.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod old mode 100755 new mode 100644 index bdbf86ae9695b6b8526616a38dc12c3288f6cb7c..74a28c07aa53fab30336715a8b0b012182b2aa40 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -38,7 +38,7 @@ it might be used in a verification callback to set an error based on additional checks. X509_STORE_CTX_get_error_depth() returns the B of the error. This is a -non-negative integer representing where in the certificate chain the error +nonnegative integer representing where in the certificate chain the error occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. @@ -79,7 +79,7 @@ verification error B. X509_STORE_CTX_get_error() returns B or an error code. -X509_STORE_CTX_get_error_depth() returns a non-negative error depth. +X509_STORE_CTX_get_error_depth() returns a nonnegative error depth. X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or B if no certificate is relevant to the error. @@ -328,7 +328,7 @@ L. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod old mode 100755 new mode 100644 index c5042858be853efcac521dd5f5655d6d1f236de7..aba7fff781e5723cc942391c74e2a7d596785e0e --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -52,7 +52,7 @@ by X509_verify_cert(). X509_STORE_CTX_new() returns a newly initialised B structure. X509_STORE_CTX_cleanup() internally cleans up an B structure. -The context can then be reused with an new call to X509_STORE_CTX_init(). +The context can then be reused with a new call to X509_STORE_CTX_init(). X509_STORE_CTX_free() completely frees up B. After this call B is no longer valid. @@ -80,7 +80,7 @@ X509_STORE_CTX_set0_verified_chain() sets the validated chain used by B to be B. Ownership of the chain is transferred to B and should not be free'd by the caller. -X509_STORE_CTX_get0_chain() returns a the internal pointer used by the +X509_STORE_CTX_get0_chain() returns the internal pointer used by the B that contains the validated chain. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate @@ -133,7 +133,7 @@ should be made or reference counts increased instead. =head1 RETURN VALUES -X509_STORE_CTX_new() returns an newly allocates context or B is an +X509_STORE_CTX_new() returns a newly allocated context or B if an error occurred. X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred. @@ -164,7 +164,7 @@ The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod old mode 100755 new mode 100644 index 7cd661f215c10797475e3bd206f978d119eddd04..81fe0b25a9b253769e121bf125286075ba6e65ea --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -48,7 +48,7 @@ The verification callback can be used to customise the operation of certificate verification, either by overriding error conditions or logging errors for debugging purposes. -However a verification callback is B essential and the default operation +However, a verification callback is B essential and the default operation is often sufficient. The B parameter to the callback indicates the value the callback should @@ -202,7 +202,7 @@ and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_STORE_get0_param.pod b/doc/man3/X509_STORE_get0_param.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_STORE_new.pod b/doc/man3/X509_STORE_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod old mode 100755 new mode 100644 index d16881edd83ddb33a371de5f1a7f34f3cd3ac506..6d7098250d184842ea34b2ad4131a8460cafe411 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -137,7 +137,7 @@ I X509_STORE_set_check_issued() sets the function to check that a given -certificate B is issued with the issuer certificate B. +certificate B is issued by the issuer certificate B. This function must return 0 on failure (among others if B hasn't been issued with B) and 1 on success. I clearing any previously specified host name or names. If +B clearing any previously specified hostname or names. If B is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B is NUL-terminated, B may be zero, otherwise B @@ -264,12 +264,15 @@ they are enabled. If B is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. -B enables checking of the root CA self signed -certificate signature. By default this check is disabled because it doesn't +B requests checking the signature of +the last certificate in a chain if the certificate is supposedly self-signed. +This is prohibited and will result in an error if it is a non-conforming CA +certificate with key usage restrictions not including the keyCertSign bit. +By default this check is disabled because it doesn't add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root CA -signature is that disabled or unsupported message digests on the root CA -are not treated as fatal errors. +check the signature anyway. A side effect of not checking the self-signature +of such a certificate is that disabled or unsupported message digests used for +the signature are not treated as fatal errors. When B is set, construction of the certificate chain in L will search the trust store for issuer certificates @@ -376,7 +379,7 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. =head1 COPYRIGHT -Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_ca.pod b/doc/man3/X509_check_ca.pod old mode 100755 new mode 100644 index 38f0811dd0f54cbcf4ea6be724cff812901189ee..b70ecb787a689f5c7904ce6e4a6336f2005786f2 --- a/doc/man3/X509_check_ca.pod +++ b/doc/man3/X509_check_ca.pod @@ -24,7 +24,7 @@ B extension with bit B set, but without B, and 5 if it has outdated Netscape Certificate Type extension telling that it is CA certificate. -Actually, any non-zero value means that this certificate could have been +Actually, any nonzero value means that this certificate could have been used to sign other certificates. =head1 SEE ALSO @@ -35,7 +35,7 @@ L =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_host.pod b/doc/man3/X509_check_host.pod old mode 100755 new mode 100644 index dba6a6976e071bb3b33772c7d6d56c19e688e65e..b8bdd4c83156077e0d0276695ff206a7d65dbb8d --- a/doc/man3/X509_check_host.pod +++ b/doc/man3/X509_check_host.pod @@ -19,13 +19,13 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert =head1 DESCRIPTION The certificate matching functions are used to check whether a -certificate matches a given host name, email address, or IP address. +certificate matches a given hostname, email address, or IP address. The validity of the certificate and its trust level has to be checked by other means. X509_check_host() checks if the certificate Subject Alternative -Name (SAN) or Subject CommonName (CN) matches the specified host -name, which must be encoded in the preferred name syntax described +Name (SAN) or Subject CommonName (CN) matches the specified hostname, +which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the left-most label; but they may match part of that label with an explicit prefix or suffix. For example, @@ -37,7 +37,7 @@ Per section 6.4.2 of RFC 6125, B values representing international domain names must be given in A-label form. The B argument must be the number of characters in the name string or zero in which case the length is calculated with strlen(B). When B starts -with a dot (e.g ".example.com"), it will be matched by a certificate +with a dot (e.g. ".example.com"), it will be matched by a certificate valid for any sub-domain of B, (see also B below). @@ -150,7 +150,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_issued.pod b/doc/man3/X509_check_issued.pod old mode 100755 new mode 100644 index f9a541ef71def75503c86468c9a8063c02ea8622..55f75ac84bb477b30e7b4fc40add93b257400614 --- a/doc/man3/X509_check_issued.pod +++ b/doc/man3/X509_check_issued.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_check_issued - checks if certificate is issued by another +X509_check_issued - checks if certificate is apparently issued by another certificate =head1 SYNOPSIS @@ -14,13 +14,14 @@ certificate =head1 DESCRIPTION -This function checks if certificate I was issued using CA -certificate I. This function takes into account not only -matching of issuer field of I with subject field of I, -but also compares B extension of I with -B of I if B -present in the I certificate and checks B field of -I. +X509_check_issued() checks if certificate I was apparently issued +using (CA) certificate I. This function takes into account not only +matching of the issuer field of I with the subject field of I, +but also compares all sub-fields of the B extension of +I, as far as present, with the respective B, +serial number, and issuer fields of I, as far as present. It also checks +if the B field (if present) of I allows certificate signing. +It does not check the certificate signature. =head1 RETURN VALUES @@ -35,7 +36,7 @@ L =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_check_private_key.pod b/doc/man3/X509_check_private_key.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_check_purpose.pod b/doc/man3/X509_check_purpose.pod new file mode 100644 index 0000000000000000000000000000000000000000..6af9e79815e4d4f34781aba07c6080486103d940 --- /dev/null +++ b/doc/man3/X509_check_purpose.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +X509_check_purpose - Check the purpose of a certificate + +=head1 SYNOPSIS + + #include + + int X509_check_purpose(X509 *x, int id, int ca) + +=head1 DESCRIPTION + +This function checks if certificate I was created with the purpose +represented by I. If I is nonzero, then certificate I is +checked to determine if it's a possible CA with various levels of certainty +possibly returned. + +Below are the potential ID's that can be checked: + + # define X509_PURPOSE_SSL_CLIENT 1 + # define X509_PURPOSE_SSL_SERVER 2 + # define X509_PURPOSE_NS_SSL_SERVER 3 + # define X509_PURPOSE_SMIME_SIGN 4 + # define X509_PURPOSE_SMIME_ENCRYPT 5 + # define X509_PURPOSE_CRL_SIGN 6 + # define X509_PURPOSE_ANY 7 + # define X509_PURPOSE_OCSP_HELPER 8 + # define X509_PURPOSE_TIMESTAMP_SIGN 9 + +=head1 RETURN VALUES + +For non-CA checks + +=over 4 + +=item -1 an error condition has occurred + +=item E<32>1 if the certificate was created to perform the purpose represented by I + +=item E<32>0 if the certificate was not created to perform the purpose represented by I + +=back + +For CA checks the below integers could be returned with the following meanings: + +=over 4 + +=item -1 an error condition has occurred + +=item E<32>0 not a CA or does not have the purpose represented by I + +=item E<32>1 is a CA. + +=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent. + New versions will not return this value. May be a CA + +=item E<32>3 basicConstraints absent but self signed V1. + +=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted. + +=item E<32>5 legacy Netscape specific CA Flags present + +=back + +=head1 COPYRIGHT + +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Licensed under the Apache License 2.0 (the "License"). You may not use this +file except in compliance with the License. You can obtain a copy in the file +LICENSE in the source distribution or at L. + +=cut diff --git a/doc/man3/X509_cmp.pod b/doc/man3/X509_cmp.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get0_notBefore.pod b/doc/man3/X509_get0_notBefore.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get0_signature.pod b/doc/man3/X509_get0_signature.pod old mode 100755 new mode 100644 index 4133bc37a9afdd2b4d10b17d35389864864dba7c..99565e2a1d8000b9df53700014a1fcdc8ec2b0a8 --- a/doc/man3/X509_get0_signature.pod +++ b/doc/man3/X509_get0_signature.pod @@ -2,10 +2,10 @@ =head1 NAME -X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, -X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, -X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, -X509_SIG_INFO_set - signature information +X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, +X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, +X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, +X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information =head1 SYNOPSIS @@ -14,6 +14,8 @@ X509_SIG_INFO_set - signature information void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); + void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); + int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_get_signature_nid(const X509 *x); const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); @@ -41,6 +43,9 @@ X509_get0_signature() sets B<*psig> to the signature of B and B<*palg> to the signature algorithm of B. The values returned are internal pointers which B be freed up after the call. +X509_set0_signature() and X509_REQ_set1_signature_algo() are the +equivalent setters for the two values of X509_get0_signature(). + X509_get0_tbs_sigalg() returns the signature algorithm in the signed portion of B. @@ -88,6 +93,10 @@ X509_get_signature_info() returns 1 if the signature information returned is valid or 0 if the information is not available (e.g. unknown algorithms or malformed parameters). +X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an +error (e.g. null ALGO pointer). X509_REQ_set0_signature does +not return an error value. + =head1 SEE ALSO L, @@ -118,9 +127,12 @@ X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added in OpenSSL 1.1.0. +The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() +were added in OpenSSL 1.1.1e. + =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_get0_uids.pod b/doc/man3/X509_get0_uids.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod old mode 100755 new mode 100644 index 43c9c952c6b7705c57432a7498cd821dbbf1e192..d958b22a489b5d1cfec916113976037d3f18d978 --- a/doc/man3/X509_get_extension_flags.pod +++ b/doc/man3/X509_get_extension_flags.pod @@ -78,12 +78,17 @@ The certificate contains an unhandled critical extension. =item B -Some certificate extension values are invalid or inconsistent. The -certificate should be rejected. +Some certificate extension values are invalid or inconsistent. +The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself. +=item B + +Failed to compute the internal SHA1 hash value of the certificate. +This may be due to malloc failure or because no SHA1 implementation was found. + =item B The NID_certificate_policies certificate extension is invalid or @@ -194,7 +199,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_get_pubkey.pod b/doc/man3/X509_get_pubkey.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get_serialNumber.pod b/doc/man3/X509_get_serialNumber.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get_subject_name.pod b/doc/man3/X509_get_subject_name.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_get_version.pod b/doc/man3/X509_get_version.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509_verify_cert.pod b/doc/man3/X509_verify_cert.pod old mode 100755 new mode 100644 diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod old mode 100755 new mode 100644 index c81d46365099f64290eb065fb5637ef8f02db0cc..67a7df58823db1976b18d697d6c5fcedb0990238 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -71,7 +71,7 @@ the extension is found its index is returned otherwise B<-1> is returned. X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it looks for an extension of criticality B. A zero value for B -looks for a non-critical extension a non-zero value looks for a critical +looks for a non-critical extension a nonzero value looks for a critical extension. X509v3_delete_ext() deletes the extension with index B from B. The @@ -132,7 +132,7 @@ L =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_DHparams.pod b/doc/man3/d2i_DHparams.pod old mode 100755 new mode 100644 index d4e34fe877feb12046316eed56d3de2b22903de4..5be0c2986e53a75403e79ae1b475f4c1b7f00dbf --- a/doc/man3/d2i_DHparams.pod +++ b/doc/man3/d2i_DHparams.pod @@ -8,7 +8,7 @@ d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions #include - DH *d2i_DHparams(DH **a, unsigned char **pp, long length); + DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); int i2d_DHparams(DH *a, unsigned char **pp); =head1 DESCRIPTION @@ -32,7 +32,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod old mode 100755 new mode 100644 diff --git a/doc/man3/d2i_PrivateKey.pod b/doc/man3/d2i_PrivateKey.pod old mode 100755 new mode 100644 diff --git a/doc/man3/d2i_SSL_SESSION.pod b/doc/man3/d2i_SSL_SESSION.pod old mode 100755 new mode 100644 diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod old mode 100755 new mode 100644 index a8319bd4715b60ac720501d26d60d1790948ef52..e42049d2baec563a7e932ea46fb648f6f31ff40b --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -365,7 +365,7 @@ i2d_X509_VAL, =for comment generic - TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); + TYPE *d2i_TYPE(TYPE **a, const unsigned char **ppin, long length); TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); @@ -436,8 +436,8 @@ The actual TYPE structure passed to i2d_TYPE() must be a valid populated B structure -- it B simply be fed with an empty structure such as that returned by TYPE_new(). -The encoded data is in binary form and may contain embedded zeroes. -Therefore any FILE pointers or BIOs should be opened in binary mode. +The encoded data is in binary form and may contain embedded zeros. +Therefore, any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will B return the correct length of the encoded structure. @@ -529,7 +529,8 @@ Allocate and encode the DER encoding of an X509 structure: Attempt to decode a buffer: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ @@ -541,7 +542,8 @@ Attempt to decode a buffer: Alternative technique: X509 *x; - unsigned char *buf, *p; + unsigned char *buf; + const unsigned char *p; int len; /* Set up buf and len to point to the input buffer. */ diff --git a/doc/man3/i2d_CMS_bio_stream.pod b/doc/man3/i2d_CMS_bio_stream.pod old mode 100755 new mode 100644 diff --git a/doc/man3/i2d_PKCS7_bio_stream.pod b/doc/man3/i2d_PKCS7_bio_stream.pod old mode 100755 new mode 100644 diff --git a/doc/man3/i2d_re_X509_tbs.pod b/doc/man3/i2d_re_X509_tbs.pod old mode 100755 new mode 100644 diff --git a/doc/man3/o2i_SCT_LIST.pod b/doc/man3/o2i_SCT_LIST.pod old mode 100755 new mode 100644 diff --git a/doc/man5/config.pod b/doc/man5/config.pod old mode 100755 new mode 100644 index 7b50b099198cdf7874ffae0265e136c776c99579..3cc2d73a526dfd3673725bfbd932b69ee1e2fd13 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -262,13 +262,11 @@ Example of a configuration with the system default: ssl_conf = ssl_sect [ssl_sect] - system_default = system_default_sect [system_default_sect] - MinProtocol = TLSv1.2 - + MinProtocol = DTLSv1.2 =head1 NOTES @@ -355,8 +353,8 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. -Simple OpenSSL library configuration to make TLS 1.3 the system-default -minimum TLS version: +Simple OpenSSL library configuration to make TLS 1.2 and DTLS 1.2 the +system-default minimum TLS and DTLS versions, respectively: # Toplevel section for openssl (including libssl) openssl_conf = default_conf_section @@ -369,7 +367,12 @@ minimum TLS version: system_default = system_default_section [system_default_section] - MinProtocol = TLSv1.3 + MinProtocol = TLSv1.2 + MinProtocol = DTLSv1.2 + +The minimum TLS protocol is applied to B objects that are TLS-based, +and the minimum DTLS protocol to those are DTLS-based. +The same applies also to maximum versions set with B. More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: @@ -432,7 +435,7 @@ the value. The escaping isn't quite right: if you want to use sequences like B<\n> you can't use any quote escaping on the same line. -Files are loaded in a single pass. This means that an variable expansion +Files are loaded in a single pass. This means that a variable expansion will only work if the variables referenced are defined earlier in the file. diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod old mode 100755 new mode 100644 index 803b12b3edebbeeeed45aa46cd2864982670410f..5c0caa5b2bf691248d09b0ca8d0c7bc62f9762f9 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -60,8 +60,8 @@ The following sections describe each supported extension in detail. This is a multi valued extension which indicates whether a certificate is a CA certificate. The first (mandatory) name is B followed by B or -B. If B is B then an optional B name followed by an -non-negative value can be included. +B. If B is B then an optional B name followed by a +nonnegative value can be included. For example: @@ -534,7 +534,7 @@ L =head1 COPYRIGHT -Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/Ed25519.pod b/doc/man7/Ed25519.pod old mode 100755 new mode 100644 diff --git a/doc/man7/RAND.pod b/doc/man7/RAND.pod old mode 100755 new mode 100644 diff --git a/doc/man7/RAND_DRBG.pod b/doc/man7/RAND_DRBG.pod old mode 100755 new mode 100644 diff --git a/doc/man7/RSA-PSS.pod b/doc/man7/RSA-PSS.pod old mode 100755 new mode 100644 diff --git a/doc/man7/SM2.pod b/doc/man7/SM2.pod old mode 100755 new mode 100644 index c8fceffa1cfcdf451c77584302fd28b0ef335262..43786749b1eb739b18690875eed4d309e4d55668 --- a/doc/man7/SM2.pod +++ b/doc/man7/SM2.pod @@ -33,7 +33,7 @@ Then an ID should be set by calling: EVP_PKEY_CTX_set1_id(pctx, id, id_len); When calling the EVP_DigestSignInit() or EVP_DigestVerifyInit() functions, a -pre-allocated B should be assigned to the B. This is +preallocated B should be assigned to the B. This is done by calling: EVP_MD_CTX_set_pkey_ctx(mctx, pctx); @@ -69,7 +69,7 @@ L =head1 COPYRIGHT -Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/X25519.pod b/doc/man7/X25519.pod old mode 100755 new mode 100644 diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod old mode 100755 new mode 100644 diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod old mode 100755 new mode 100644 diff --git a/doc/man7/ct.pod b/doc/man7/ct.pod old mode 100755 new mode 100644 diff --git a/doc/man7/des_modes.pod b/doc/man7/des_modes.pod old mode 100755 new mode 100644 diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod old mode 100755 new mode 100644 index e493dacd23135e198370bbac2623514a611af85a..fd8d6c7fe38d0608ddc46c87b9b125944bad3bc2 --- a/doc/man7/evp.pod +++ b/doc/man7/evp.pod @@ -25,7 +25,7 @@ functions. Symmetric encryption is available with the LI|EVP_EncryptInit(3)> functions. The LI|EVP_DigestInit(3)> functions provide message digests. -The BI functions provide a high level interface to +The BI functions provide a high-level interface to asymmetric algorithms. To create a new EVP_PKEY see L. EVP_PKEYs can be associated with a private key of a particular algorithm by using the functions @@ -43,7 +43,7 @@ The EVP_PKEY functions support the full range of asymmetric algorithm operations =item For signing and verifying see L, L and L. However, note that -these functions do not perform a digest of the data to be signed. Therefore +these functions do not perform a digest of the data to be signed. Therefore, normally you would use the L functions for this purpose. @@ -72,12 +72,12 @@ as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software implementations. For more information, consult the engine(3) man page. -Although low level algorithm specific functions exist for many algorithms +Although low-level algorithm specific functions exist for many algorithms their use is discouraged. They cannot be used with an ENGINE and ENGINE -versions of new algorithms cannot be accessed using the low level functions. +versions of new algorithms cannot be accessed using the low-level functions. Also makes code harder to adapt to new algorithms and some options are not -cleanly supported at the low level and some operations are more efficient -using the high level interface. +cleanly supported at the low-level and some operations are more efficient +using the high-level interface. =head1 SEE ALSO @@ -104,7 +104,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/ossl_store-file.pod b/doc/man7/ossl_store-file.pod old mode 100755 new mode 100644 diff --git a/doc/man7/ossl_store.pod b/doc/man7/ossl_store.pod old mode 100755 new mode 100644 index 6e75abd314b70380e7031cd7d0489aeb6a51368a..b70619685103ec39d8da373d00e9542a1efbcc01 --- a/doc/man7/ossl_store.pod +++ b/doc/man7/ossl_store.pod @@ -15,7 +15,7 @@ ossl_store - Store retrieval functions =head2 General A STORE is a layer of functionality to retrieve a number of supported -objects from a repository of any kind, addressable as a file name or +objects from a repository of any kind, addressable as a filename or as a URI. The functionality supports the pattern "open a channel to the @@ -77,7 +77,7 @@ L =head1 COPYRIGHT -Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod old mode 100755 new mode 100644 diff --git a/doc/man7/scrypt.pod b/doc/man7/scrypt.pod old mode 100755 new mode 100644 diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod old mode 100755 new mode 100644 diff --git a/doc/man7/x509.pod b/doc/man7/x509.pod old mode 100755 new mode 100644 diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el old mode 100755 new mode 100644 diff --git a/e_os.h b/e_os.h old mode 100755 new mode 100644 index 34223a0bcdb60206c1647e006b19f649dcbec098..9af7f3758d94d2718c8f3a98a95a39440440d879 --- a/e_os.h +++ b/e_os.h @@ -308,7 +308,7 @@ extern FILE *_imp___iob; # if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp -# if (_MSC_VER >= 1310) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) # define open _open # define fdopen _fdopen # define close _close diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl old mode 100755 new mode 100644 diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl old mode 100755 new mode 100644 diff --git a/engines/build.info b/engines/build.info old mode 100755 new mode 100644 diff --git a/engines/e_afalg.c b/engines/e_afalg.c old mode 100755 new mode 100644 diff --git a/engines/e_afalg.ec b/engines/e_afalg.ec old mode 100755 new mode 100644 diff --git a/engines/e_afalg.h b/engines/e_afalg.h old mode 100755 new mode 100644 diff --git a/engines/e_afalg.txt b/engines/e_afalg.txt old mode 100755 new mode 100644 diff --git a/engines/e_afalg_err.c b/engines/e_afalg_err.c old mode 100755 new mode 100644 diff --git a/engines/e_afalg_err.h b/engines/e_afalg_err.h old mode 100755 new mode 100644 diff --git a/engines/e_capi.c b/engines/e_capi.c old mode 100755 new mode 100644 diff --git a/engines/e_capi.ec b/engines/e_capi.ec old mode 100755 new mode 100644 diff --git a/engines/e_capi.txt b/engines/e_capi.txt old mode 100755 new mode 100644 diff --git a/engines/e_capi_err.c b/engines/e_capi_err.c old mode 100755 new mode 100644 diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h old mode 100755 new mode 100644 diff --git a/engines/e_dasync.c b/engines/e_dasync.c old mode 100755 new mode 100644 diff --git a/engines/e_dasync.ec b/engines/e_dasync.ec old mode 100755 new mode 100644 diff --git a/engines/e_dasync.txt b/engines/e_dasync.txt old mode 100755 new mode 100644 diff --git a/engines/e_dasync_err.c b/engines/e_dasync_err.c old mode 100755 new mode 100644 diff --git a/engines/e_dasync_err.h b/engines/e_dasync_err.h old mode 100755 new mode 100644 diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c old mode 100755 new mode 100644 diff --git a/engines/e_ossltest.ec b/engines/e_ossltest.ec old mode 100755 new mode 100644 diff --git a/engines/e_ossltest.txt b/engines/e_ossltest.txt old mode 100755 new mode 100644 diff --git a/engines/e_ossltest_err.c b/engines/e_ossltest_err.c old mode 100755 new mode 100644 diff --git a/engines/e_ossltest_err.h b/engines/e_ossltest_err.h old mode 100755 new mode 100644 diff --git a/engines/e_padlock.c b/engines/e_padlock.c old mode 100755 new mode 100644 diff --git a/external/perl/Downloaded.txt b/external/perl/Downloaded.txt old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/Artistic b/external/perl/Text-Template-1.46/Artistic old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/COPYING b/external/perl/Text-Template-1.46/COPYING old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/INSTALL b/external/perl/Text-Template-1.46/INSTALL old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/MANIFEST b/external/perl/Text-Template-1.46/MANIFEST old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/META.json b/external/perl/Text-Template-1.46/META.json old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/META.yml b/external/perl/Text-Template-1.46/META.yml old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/Makefile.PL b/external/perl/Text-Template-1.46/Makefile.PL old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/README b/external/perl/Text-Template-1.46/README old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/lib/Text/Template.pm b/external/perl/Text-Template-1.46/lib/Text/Template.pm old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm b/external/perl/Text-Template-1.46/lib/Text/Template/Preprocess.pm old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/00-version.t b/external/perl/Text-Template-1.46/t/00-version.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/01-basic.t b/external/perl/Text-Template-1.46/t/01-basic.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/02-hash.t b/external/perl/Text-Template-1.46/t/02-hash.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/03-out.t b/external/perl/Text-Template-1.46/t/03-out.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/04-safe.t b/external/perl/Text-Template-1.46/t/04-safe.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/05-safe2.t b/external/perl/Text-Template-1.46/t/05-safe2.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/06-ofh.t b/external/perl/Text-Template-1.46/t/06-ofh.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/07-safe3.t b/external/perl/Text-Template-1.46/t/07-safe3.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/08-exported.t b/external/perl/Text-Template-1.46/t/08-exported.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/09-error.t b/external/perl/Text-Template-1.46/t/09-error.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/10-delimiters.t b/external/perl/Text-Template-1.46/t/10-delimiters.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/11-prepend.t b/external/perl/Text-Template-1.46/t/11-prepend.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/12-preprocess.t b/external/perl/Text-Template-1.46/t/12-preprocess.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/13-taint.t b/external/perl/Text-Template-1.46/t/13-taint.t old mode 100755 new mode 100644 diff --git a/external/perl/Text-Template-1.46/t/14-broken.t b/external/perl/Text-Template-1.46/t/14-broken.t old mode 100755 new mode 100644 diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm old mode 100755 new mode 100644 diff --git a/fuzz/README.md b/fuzz/README.md old mode 100755 new mode 100644 diff --git a/fuzz/asn1.c b/fuzz/asn1.c old mode 100755 new mode 100644 index fd2271bf5212e3c4a023d3ac828ab2631b585797..9fa5f20b54b711d035ea5c742048c447aa4c103e --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c old mode 100755 new mode 100644 diff --git a/fuzz/bignum.c b/fuzz/bignum.c old mode 100755 new mode 100644 diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c old mode 100755 new mode 100644 diff --git a/fuzz/build.info b/fuzz/build.info old mode 100755 new mode 100644 diff --git a/fuzz/client.c b/fuzz/client.c old mode 100755 new mode 100644 diff --git a/fuzz/cms.c b/fuzz/cms.c old mode 100755 new mode 100644 diff --git a/fuzz/conf.c b/fuzz/conf.c old mode 100755 new mode 100644 diff --git a/fuzz/crl.c b/fuzz/crl.c old mode 100755 new mode 100644 diff --git a/fuzz/ct.c b/fuzz/ct.c old mode 100755 new mode 100644 diff --git a/fuzz/driver.c b/fuzz/driver.c old mode 100755 new mode 100644 diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h old mode 100755 new mode 100644 diff --git a/fuzz/oids.txt b/fuzz/oids.txt old mode 100755 new mode 100644 diff --git a/fuzz/rand.inc b/fuzz/rand.inc old mode 100755 new mode 100644 diff --git a/fuzz/server.c b/fuzz/server.c old mode 100755 new mode 100644 diff --git a/fuzz/test-corpus.c b/fuzz/test-corpus.c old mode 100755 new mode 100644 diff --git a/fuzz/x509.c b/fuzz/x509.c old mode 100755 new mode 100644 index 926287da48617665eb947d25711841cfbb06cf02..ceaec0797b438ab25dbf9e52d2e3f075d41bc808 --- a/fuzz/x509.c +++ b/fuzz/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -37,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_print(bio, x509); BIO_free(bio); + X509_issuer_and_serial_hash(x509); + i2d_X509(x509, &der); OPENSSL_free(der); diff --git a/include/crypto/__DECC_INCLUDE_EPILOGUE.H b/include/crypto/__DECC_INCLUDE_EPILOGUE.H old mode 100755 new mode 100644 diff --git a/include/crypto/__DECC_INCLUDE_PROLOGUE.H b/include/crypto/__DECC_INCLUDE_PROLOGUE.H old mode 100755 new mode 100644 diff --git a/include/crypto/aria.h b/include/crypto/aria.h old mode 100755 new mode 100644 diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h old mode 100755 new mode 100644 diff --git a/include/crypto/async.h b/include/crypto/async.h old mode 100755 new mode 100644 diff --git a/include/crypto/bn.h b/include/crypto/bn.h old mode 100755 new mode 100644 diff --git a/include/crypto/bn_conf.h b/include/crypto/bn_conf.h index 9ced8fb45a395bf0edca5d82fc3f892c8b9787fd..8bde99218dda646d8e7b825fa1bafd7e742e319d 100644 --- a/include/crypto/bn_conf.h +++ b/include/crypto/bn_conf.h @@ -9,8 +9,7 @@ * https://www.openssl.org/source/license.html */ -#if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) - +#ifdef OPENSSL_ARM64_PLATFORM #ifndef OSSL_CRYPTO_BN_CONF_H # define OSSL_CRYPTO_BN_CONF_H @@ -23,20 +22,34 @@ /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -#if defined(CPU_ARM32) -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#else #define SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT #undef THIRTY_TWO_BIT + #endif -#endif +#endif // OPENSSL_ARM64_PLATFORM + +#ifdef OPENSSL_ARM_PLATFORM +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H + +/* + * The contents of this file are not used in the UEFI build, as + * both 32-bit and 64-bit builds are supported from a single run + * of the Configure script. + */ -// defines for windows -#elif defined(WINDOWS_PLATFORM) +/* Should we define BN_DIV2W here? */ +/* Only one for the following should be defined */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT + +#endif +#endif // OPENSSL_ARM_PLATFORM + +#ifdef WINDOWS_PLATFORM #ifndef OSSL_CRYPTO_BN_CONF_H # define OSSL_CRYPTO_BN_CONF_H @@ -54,10 +67,9 @@ #undef THIRTY_TWO_BIT #endif +#endif // WINDOWS_PLATFORM -// defines for mac -#elif defined(MAC_PLATFORM) - +#ifdef MAC_PLATFORM #ifndef OSSL_CRYPTO_BN_CONF_H # define OSSL_CRYPTO_BN_CONF_H @@ -75,5 +87,4 @@ #undef THIRTY_TWO_BIT #endif - -#endif +#endif // MAC_PLATFORM \ No newline at end of file diff --git a/include/crypto/bn_conf.h.in b/include/crypto/bn_conf.h.in old mode 100755 new mode 100644 diff --git a/include/crypto/bn_dh.h b/include/crypto/bn_dh.h old mode 100755 new mode 100644 diff --git a/include/crypto/bn_srp.h b/include/crypto/bn_srp.h old mode 100755 new mode 100644 diff --git a/include/crypto/chacha.h b/include/crypto/chacha.h old mode 100755 new mode 100644 diff --git a/include/crypto/cryptlib.h b/include/crypto/cryptlib.h old mode 100755 new mode 100644 diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h old mode 100755 new mode 100644 diff --git a/include/crypto/dso_conf.h b/include/crypto/dso_conf.h index 01ec0a7f13d364f3c61beaeb5b63d380ad48c1e8..d6057d9c3c330dbc57ebaa5f0b4e339552b5f254 100644 --- a/include/crypto/dso_conf.h +++ b/include/crypto/dso_conf.h @@ -9,32 +9,37 @@ * https://www.openssl.org/source/license.html */ -#if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) - +#ifdef OPENSSL_ARM64_PLATFORM #ifndef OSSL_CRYPTO_DSO_CONF_H # define OSSL_CRYPTO_DSO_CONF_H # define DSO_DLFCN # define HAVE_DLFCN_H # define DSO_EXTENSION ".so" #endif +#endif // OPENSSL_ARM64_PLATFORM -// defines for windows -#elif defined(WINDOWS_PLATFORM) +#ifdef OPENSSL_ARM_PLATFORM +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H +# define DSO_DLFCN +# define HAVE_DLFCN_H +# define DSO_EXTENSION ".so" +#endif +#endif // OPENSSL_ARM_PLATFORM +#ifdef WINDOWS_PLATFORM #ifndef OSSL_CRYPTO_DSO_CONF_H # define OSSL_CRYPTO_DSO_CONF_H # define DSO_WIN32 # define DSO_EXTENSION ".dll" #endif +#endif // WINDOWS_PLATFORM -// defines for mac -#elif defined(MAC_PLATFORM) - +#ifdef MAC_PLATFORM #ifndef OSSL_CRYPTO_DSO_CONF_H # define OSSL_CRYPTO_DSO_CONF_H # define DSO_DLFCN # define HAVE_DLFCN_H # define DSO_EXTENSION ".dylib" #endif - -#endif +#endif // MAC_PLATFORM \ No newline at end of file diff --git a/include/crypto/dso_conf.h.in b/include/crypto/dso_conf.h.in old mode 100755 new mode 100644 diff --git a/include/crypto/ec.h b/include/crypto/ec.h old mode 100755 new mode 100644 diff --git a/include/crypto/engine.h b/include/crypto/engine.h old mode 100755 new mode 100644 diff --git a/include/crypto/err.h b/include/crypto/err.h old mode 100755 new mode 100644 diff --git a/include/crypto/evp.h b/include/crypto/evp.h old mode 100755 new mode 100644 diff --git a/include/crypto/lhash.h b/include/crypto/lhash.h old mode 100755 new mode 100644 diff --git a/include/crypto/md32_common.h b/include/crypto/md32_common.h old mode 100755 new mode 100644 diff --git a/include/crypto/objects.h b/include/crypto/objects.h old mode 100755 new mode 100644 diff --git a/include/crypto/poly1305.h b/include/crypto/poly1305.h old mode 100755 new mode 100644 diff --git a/include/crypto/rand.h b/include/crypto/rand.h old mode 100755 new mode 100644 diff --git a/include/crypto/sha.h b/include/crypto/sha.h old mode 100755 new mode 100644 diff --git a/include/crypto/siphash.h b/include/crypto/siphash.h old mode 100755 new mode 100644 diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h old mode 100755 new mode 100644 diff --git a/include/crypto/sm2err.h b/include/crypto/sm2err.h old mode 100755 new mode 100644 diff --git a/include/crypto/sm3.h b/include/crypto/sm3.h old mode 100755 new mode 100644 diff --git a/include/crypto/sm4.h b/include/crypto/sm4.h old mode 100755 new mode 100644 diff --git a/include/crypto/store.h b/include/crypto/store.h old mode 100755 new mode 100644 diff --git a/include/crypto/x509.h b/include/crypto/x509.h old mode 100755 new mode 100644 diff --git a/include/internal/__DECC_INCLUDE_EPILOGUE.H b/include/internal/__DECC_INCLUDE_EPILOGUE.H old mode 100755 new mode 100644 diff --git a/include/internal/__DECC_INCLUDE_PROLOGUE.H b/include/internal/__DECC_INCLUDE_PROLOGUE.H old mode 100755 new mode 100644 diff --git a/include/internal/bio.h b/include/internal/bio.h old mode 100755 new mode 100644 diff --git a/include/internal/comp.h b/include/internal/comp.h old mode 100755 new mode 100644 diff --git a/include/internal/conf.h b/include/internal/conf.h old mode 100755 new mode 100644 diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h old mode 100755 new mode 100644 diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h old mode 100755 new mode 100644 diff --git a/include/internal/dane.h b/include/internal/dane.h old mode 100755 new mode 100644 diff --git a/include/internal/dso.h b/include/internal/dso.h old mode 100755 new mode 100644 diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h old mode 100755 new mode 100644 diff --git a/include/internal/err.h b/include/internal/err.h old mode 100755 new mode 100644 diff --git a/include/internal/nelem.h b/include/internal/nelem.h old mode 100755 new mode 100644 diff --git a/include/internal/numbers.h b/include/internal/numbers.h old mode 100755 new mode 100644 diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h old mode 100755 new mode 100644 diff --git a/include/internal/o_str.h b/include/internal/o_str.h old mode 100755 new mode 100644 diff --git a/include/internal/refcount.h b/include/internal/refcount.h old mode 100755 new mode 100644 diff --git a/include/internal/sockets.h b/include/internal/sockets.h old mode 100755 new mode 100644 diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h old mode 100755 new mode 100644 diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h old mode 100755 new mode 100644 diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h old mode 100755 new mode 100644 diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/include/openssl/__DECC_INCLUDE_EPILOGUE.H old mode 100755 new mode 100644 diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/include/openssl/__DECC_INCLUDE_PROLOGUE.H old mode 100755 new mode 100644 diff --git a/include/openssl/aes.h b/include/openssl/aes.h old mode 100755 new mode 100644 diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h old mode 100755 new mode 100644 diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h old mode 100755 new mode 100644 diff --git a/include/openssl/asn1err.h b/include/openssl/asn1err.h old mode 100755 new mode 100644 index faed5a55180d6345bbb496ab6cc89d87350c6d80..e1ad1fefeca7a9bc1e78bcb5cfb744a4f7b148d9 --- a/include/openssl/asn1err.h +++ b/include/openssl/asn1err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,7 @@ #ifndef HEADER_ASN1ERR_H # define HEADER_ASN1ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include # ifdef __cplusplus extern "C" @@ -53,6 +51,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_ITEM_DUP 191 # define ASN1_F_ASN1_ITEM_EMBED_D2I 120 # define ASN1_F_ASN1_ITEM_EMBED_NEW 121 +# define ASN1_F_ASN1_ITEM_EX_I2D 144 # define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 # define ASN1_F_ASN1_ITEM_I2D_BIO 192 # define ASN1_F_ASN1_ITEM_I2D_FP 193 @@ -145,6 +144,7 @@ int ERR_load_ASN1_strings(void); # define ASN1_R_ASN1_SIG_PARSE_ERROR 204 # define ASN1_R_AUX_ERROR 100 # define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 # define ASN1_R_BN_LIB 105 # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h old mode 100755 new mode 100644 diff --git a/include/openssl/async.h b/include/openssl/async.h old mode 100755 new mode 100644 diff --git a/include/openssl/asyncerr.h b/include/openssl/asyncerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/bio.h b/include/openssl/bio.h old mode 100755 new mode 100644 diff --git a/include/openssl/bioerr.h b/include/openssl/bioerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h old mode 100755 new mode 100644 diff --git a/include/openssl/bn.h b/include/openssl/bn.h old mode 100755 new mode 100644 index 8af05d00e59a90cb7c764eeda0b8a269504dd5a1..d87766049a42d43a227a859c88962fa1e073decd --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -56,7 +56,7 @@ extern "C" { * avoid leaking exponent information through timing, * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. + * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h old mode 100755 new mode 100644 diff --git a/include/openssl/buffererr.h b/include/openssl/buffererr.h old mode 100755 new mode 100644 diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h old mode 100755 new mode 100644 diff --git a/include/openssl/cast.h b/include/openssl/cast.h old mode 100755 new mode 100644 diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h old mode 100755 new mode 100644 diff --git a/include/openssl/cms.h b/include/openssl/cms.h old mode 100755 new mode 100644 diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h old mode 100755 new mode 100644 diff --git a/include/openssl/comp.h b/include/openssl/comp.h old mode 100755 new mode 100644 diff --git a/include/openssl/comperr.h b/include/openssl/comperr.h old mode 100755 new mode 100644 diff --git a/include/openssl/conf.h b/include/openssl/conf.h old mode 100755 new mode 100644 diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h old mode 100755 new mode 100644 diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h old mode 100755 new mode 100644 diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h old mode 100755 new mode 100644 diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/ct.h b/include/openssl/ct.h old mode 100755 new mode 100644 diff --git a/include/openssl/cterr.h b/include/openssl/cterr.h old mode 100755 new mode 100644 diff --git a/include/openssl/des.h b/include/openssl/des.h old mode 100755 new mode 100644 diff --git a/include/openssl/dh.h b/include/openssl/dh.h old mode 100755 new mode 100644 diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h old mode 100755 new mode 100644 diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h old mode 100755 new mode 100644 diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h old mode 100755 new mode 100644 diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h old mode 100755 new mode 100644 index 97a776cdacc76817fb045b8e870208f89c922467..cf308eee2cd252d157c30929af0fd11378752588 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -241,7 +241,7 @@ typedef UINT64 uint64_t; defined(__osf__) || defined(__sgi) || defined(__hpux) || \ defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) # include -# elif defined(_MSC_VER) && _MSC_VER<=1500 +# elif defined(_MSC_VER) && _MSC_VER<1600 /* * minimally required typdefs for systems not supporting inttypes.h or * stdint.h: currently just older VC++ diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h old mode 100755 new mode 100644 diff --git a/include/openssl/ec.h b/include/openssl/ec.h old mode 100755 new mode 100644 index 5af9ebdc7fce6214a1008a9ff84eae3d16ab4281..44cc139966ef1e7e0016a257de28efdefce6cb65 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -829,6 +829,8 @@ void EC_KEY_set_flags(EC_KEY *key, int flags); void EC_KEY_clear_flags(EC_KEY *key, int flags); +int EC_KEY_decoded_from_explicit_params(const EC_KEY *key); + /** Creates a new EC_KEY object using a named curve as underlying * EC_GROUP object. * \param nid NID of the named curve. diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h old mode 100755 new mode 100644 diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h old mode 100755 new mode 100644 diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h old mode 100755 new mode 100644 index f7b91834564e2fd700b506af860622af95ec5569..51738113dc7d0ae249fff59c4dd10ccc2c1d2103 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,6 +243,7 @@ int ERR_load_EC_strings(void); # define EC_R_LADDER_POST_FAILURE 136 # define EC_R_LADDER_PRE_FAILURE 153 # define EC_R_LADDER_STEP_FAILURE 162 +# define EC_R_MISSING_OID 167 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 diff --git a/include/openssl/engine.h b/include/openssl/engine.h old mode 100755 new mode 100644 diff --git a/include/openssl/engineerr.h b/include/openssl/engineerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/err.h b/include/openssl/err.h old mode 100755 new mode 100644 diff --git a/include/openssl/evp.h b/include/openssl/evp.h old mode 100755 new mode 100644 diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h old mode 100755 new mode 100644 diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h old mode 100755 new mode 100644 diff --git a/include/openssl/idea.h b/include/openssl/idea.h old mode 100755 new mode 100644 diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h old mode 100755 new mode 100644 diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h old mode 100755 new mode 100644 diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h old mode 100755 new mode 100644 diff --git a/include/openssl/md2.h b/include/openssl/md2.h old mode 100755 new mode 100644 diff --git a/include/openssl/md4.h b/include/openssl/md4.h old mode 100755 new mode 100644 diff --git a/include/openssl/md5.h b/include/openssl/md5.h old mode 100755 new mode 100644 diff --git a/include/openssl/mdc2.h b/include/openssl/mdc2.h old mode 100755 new mode 100644 diff --git a/include/openssl/modes.h b/include/openssl/modes.h old mode 100755 new mode 100644 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h old mode 100755 new mode 100644 index 483fc0509e1987da5d6b4d31d47da14228031a3f..eb812ed18dcc4c87b992eb99b564af74d2da1722 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/include/openssl/objects.h b/include/openssl/objects.h old mode 100755 new mode 100644 diff --git a/include/openssl/objectserr.h b/include/openssl/objectserr.h old mode 100755 new mode 100644 diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h old mode 100755 new mode 100644 diff --git a/include/openssl/ocsperr.h b/include/openssl/ocsperr.h old mode 100755 new mode 100644 diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h index 578ad23a1b698888625f8697b80b5bd981404e09..1746043f02f51d44295df18b0e37f4393fd41da5 100644 --- a/include/openssl/opensslconf.h +++ b/include/openssl/opensslconf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/opensslconf.h.in * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,7 @@ * https://www.openssl.org/source/license.html */ -#if !defined(WINDOWS_PLATFORM) && !defined(MAC_PLATFORM) - +#ifdef OPENSSL_ARM64_PLATFORM #include #ifdef __cplusplus @@ -137,6 +136,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif @@ -201,30 +205,230 @@ extern "C" { * The following are cipher-specific, but are part of the public API. */ #if !defined(OPENSSL_SYS_UEFI) -#if defined(CPU_ARM32) -# define BN_LLONG -/* Only one for the following should be defined */ -# undef SIXTY_FOUR_BIT_LONG -# undef SIXTY_FOUR_BIT -# define THIRTY_TWO_BIT -#else # undef BN_LLONG /* Only one for the following should be defined */ # define SIXTY_FOUR_BIT_LONG # undef SIXTY_FOUR_BIT # undef THIRTY_TWO_BIT #endif -#endif #define RC4_INT unsigned char #ifdef __cplusplus } #endif +#endif // OPENSSL_ARM64_PLATFORM + +#ifdef OPENSSL_ARM_PLATFORM +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_ALGORITHM_DEFINES +# error OPENSSL_ALGORITHM_DEFINES no longer supported +#endif -// defines for windows -#elif defined(WINDOWS_PLATFORM) +/* + * OpenSSL was configured with the following options: + */ +#ifndef OPENSSL_NO_BF +# define OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAST +# define OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CT +# define OPENSSL_NO_CT +#endif +#ifndef OPENSSL_NO_MD2 +# define OPENSSL_NO_MD2 +#endif +#ifndef OPENSSL_NO_RC2 +# define OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RMD160 +# define OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_RAND_SEED_OS +# define OPENSSL_RAND_SEED_OS +#endif +#ifndef OPENSSL_NO_AFALGENG +# define OPENSSL_NO_AFALGENG +#endif +#ifndef OPENSSL_NO_ASAN +# define OPENSSL_NO_ASAN +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG +# define OPENSSL_NO_CRYPTO_MDEBUG +#endif +#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +#endif +#ifndef OPENSSL_NO_DEVCRYPTOENG +# define OPENSSL_NO_DEVCRYPTOENG +#endif +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +# define OPENSSL_NO_EC_NISTP_64_GCC_128 +#endif +#ifndef OPENSSL_NO_EGD +# define OPENSSL_NO_EGD +#endif +#ifndef OPENSSL_NO_EXTERNAL_TESTS +# define OPENSSL_NO_EXTERNAL_TESTS +#endif +#ifndef OPENSSL_NO_FUZZ_AFL +# define OPENSSL_NO_FUZZ_AFL +#endif +#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +# define OPENSSL_NO_FUZZ_LIBFUZZER +#endif +#ifndef OPENSSL_NO_HEARTBEATS +# define OPENSSL_NO_HEARTBEATS +#endif +#ifndef OPENSSL_NO_MSAN +# define OPENSSL_NO_MSAN +#endif +#ifndef OPENSSL_NO_SCTP +# define OPENSSL_NO_SCTP +#endif +#ifndef OPENSSL_NO_SSL_TRACE +# define OPENSSL_NO_SSL_TRACE +#endif +#ifndef OPENSSL_NO_SSL3 +# define OPENSSL_NO_SSL3 +#endif +#ifndef OPENSSL_NO_SSL3_METHOD +# define OPENSSL_NO_SSL3_METHOD +#endif +#ifndef OPENSSL_NO_UBSAN +# define OPENSSL_NO_UBSAN +#endif +#ifndef OPENSSL_NO_UNIT_TEST +# define OPENSSL_NO_UNIT_TEST +#endif +#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +# define OPENSSL_NO_WEAK_SSL_CIPHERS +#endif +#ifndef OPENSSL_NO_STATIC_ENGINE +# define OPENSSL_NO_STATIC_ENGINE +#endif + + +/* + * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers + * don't like that. This will hopefully silence them. + */ +#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; + +/* + * Applications should use -DOPENSSL_API_COMPAT= to suppress the + * declarations of functions deprecated in or before . Otherwise, they + * still won't see them if the library has been built to disable deprecated + * functions. + */ +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +#endif + +#ifndef OPENSSL_FILE +# ifdef OPENSSL_NO_FILENAMES +# define OPENSSL_FILE "" +# define OPENSSL_LINE 0 +# else +# define OPENSSL_FILE __FILE__ +# define OPENSSL_LINE __LINE__ +# endif +#endif + +#ifndef OPENSSL_MIN_API +# define OPENSSL_MIN_API 0 +#endif + +#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +# undef OPENSSL_API_COMPAT +# define OPENSSL_API_COMPAT OPENSSL_MIN_API +#endif + +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_2_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10100000L +# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_1_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x10000000L +# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_1_0_0(f) +#endif + +#if OPENSSL_API_COMPAT < 0x00908000L +# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +#else +# define DEPRECATEDIN_0_9_8(f) +#endif + +/* Generate 80386 code? */ +#undef I386_ONLY + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +/* + * The following are cipher-specific, but are part of the public API. + */ +#if !defined(OPENSSL_SYS_UEFI) +# define BN_LLONG +/* Only one for the following should be defined */ +# undef SIXTY_FOUR_BIT_LONG +# undef SIXTY_FOUR_BIT +# define THIRTY_TWO_BIT +#endif + +#define RC4_INT unsigned char + +#ifdef __cplusplus +} +#endif +#endif // OPENSSL_ARM_PLATFORM + +#ifdef WINDOWS_PLATFORM #include #ifdef __cplusplus @@ -420,10 +624,9 @@ extern "C" { #ifdef __cplusplus } #endif +#endif // WINDOWS_PLATFORM -// defines for mac -#elif defined(MAC_PLATFORM) - +#ifdef MAC_PLATFORM #include #ifdef __cplusplus @@ -537,6 +740,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif @@ -613,5 +821,4 @@ extern "C" { #ifdef __cplusplus } #endif - -#endif +#endif // MAC_PLATFORM \ No newline at end of file diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in old mode 100755 new mode 100644 index bc98cad51a64c23de1d81d932c2839dbe491072e..06270922c2aca6d586763502adc3a5ea599706d2 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,6 +77,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h old mode 100755 new mode 100644 index 8c697f5f7acc85a04abb77786d1fe5d5c79d0435..0cd6b2f9485859bfa827bef43a747d8240380ef0 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010106fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f 31 Mar 2020" +# define OPENSSL_VERSION_NUMBER 0x101010bfL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h old mode 100755 new mode 100644 diff --git a/include/openssl/pem.h b/include/openssl/pem.h old mode 100755 new mode 100644 diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h old mode 100755 new mode 100644 diff --git a/include/openssl/pemerr.h b/include/openssl/pemerr.h old mode 100755 new mode 100644 index 0c45918f3c1d28702646de3a5a854e42ff7ea3d6..4f7e3574b34a8903a7b8b473c5f0e2f1bdc02407 --- a/include/openssl/pemerr.h +++ b/include/openssl/pemerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,7 @@ int ERR_load_PEM_strings(void); # define PEM_F_PEM_SIGNFINAL 112 # define PEM_F_PEM_WRITE 113 # define PEM_F_PEM_WRITE_BIO 114 +# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL 147 # define PEM_F_PEM_WRITE_PRIVATEKEY 139 # define PEM_F_PEM_X509_INFO_READ 115 # define PEM_F_PEM_X509_INFO_READ_BIO 116 @@ -99,5 +100,6 @@ int ERR_load_PEM_strings(void); # define PEM_R_UNSUPPORTED_CIPHER 113 # define PEM_R_UNSUPPORTED_ENCRYPTION 114 # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE 110 #endif diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h old mode 100755 new mode 100644 diff --git a/include/openssl/pkcs12err.h b/include/openssl/pkcs12err.h old mode 100755 new mode 100644 diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h old mode 100755 new mode 100644 diff --git a/include/openssl/pkcs7err.h b/include/openssl/pkcs7err.h old mode 100755 new mode 100644 diff --git a/include/openssl/rand.h b/include/openssl/rand.h old mode 100755 new mode 100644 diff --git a/include/openssl/rand_drbg.h b/include/openssl/rand_drbg.h old mode 100755 new mode 100644 diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h old mode 100755 new mode 100644 diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h old mode 100755 new mode 100644 diff --git a/include/openssl/rc5.h b/include/openssl/rc5.h old mode 100755 new mode 100644 diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h old mode 100755 new mode 100644 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h old mode 100755 new mode 100644 diff --git a/include/openssl/rsaerr.h b/include/openssl/rsaerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h old mode 100755 new mode 100644 diff --git a/include/openssl/seed.h b/include/openssl/seed.h old mode 100755 new mode 100644 diff --git a/include/openssl/sha.h b/include/openssl/sha.h old mode 100755 new mode 100644 diff --git a/include/openssl/srp.h b/include/openssl/srp.h old mode 100755 new mode 100644 diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h old mode 100755 new mode 100644 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h old mode 100755 new mode 100644 index 6724ccf2d25211caeb68c1bb04e506cadc0bc5d8..fd0c5a99967ff63dbb3010230e263634307046a2 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1393,7 +1393,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ - SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist)) # define SSL_CTX_set1_groups_list(ctx, s) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) # define SSL_set1_groups(s, glist, glistlen) \ diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h old mode 100755 new mode 100644 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h old mode 100755 new mode 100644 index 8d01fcc487651f535db5f5da5d6c8c4e4f0e3580..07effba287d371aa5fd8c293aa4bc8f2da82eab6 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -292,6 +292,9 @@ extern "C" { # define TLS1_FLAGS_STATELESS 0x0800 +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/stack.h b/include/openssl/stack.h old mode 100755 new mode 100644 diff --git a/include/openssl/store.h b/include/openssl/store.h old mode 100755 new mode 100644 diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h old mode 100755 new mode 100644 diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h old mode 100755 new mode 100644 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h old mode 100755 new mode 100644 diff --git a/include/openssl/ts.h b/include/openssl/ts.h old mode 100755 new mode 100644 diff --git a/include/openssl/tserr.h b/include/openssl/tserr.h old mode 100755 new mode 100644 diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h old mode 100755 new mode 100644 diff --git a/include/openssl/ui.h b/include/openssl/ui.h old mode 100755 new mode 100644 diff --git a/include/openssl/uierr.h b/include/openssl/uierr.h old mode 100755 new mode 100644 diff --git a/include/openssl/whrlpool.h b/include/openssl/whrlpool.h old mode 100755 new mode 100644 diff --git a/include/openssl/x509.h b/include/openssl/x509.h old mode 100755 new mode 100644 index 39ca0ba575615a147ced9edf4ad5a777f7d76fb3..3ff86ec7b54d70ed09f25ce5953adff101c93652 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -478,6 +478,7 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); @@ -679,6 +680,8 @@ X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); +int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); int X509_REQ_get_signature_nid(const X509_REQ *req); int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); @@ -930,7 +933,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) int type, const unsigned char *bytes, int len); -void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h old mode 100755 new mode 100644 index adb8bce7cb4374fb4edcc871c8c3108a75c99f05..25c79f1be2f01ac615d6703ae673277fc5de5de5 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -184,6 +184,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */ # define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */ # define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */ +# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 76 +# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 77 +# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 78 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 79 /* Certificate verify flags */ diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h old mode 100755 new mode 100644 index 0273853172d985217435eed92fe9fc7f8bf6139e..cd08673f8f69b5f25021a35f44dda2211e0ffc14 --- a/include/openssl/x509err.h +++ b/include/openssl/x509err.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,9 +11,7 @@ #ifndef HEADER_X509ERR_H # define HEADER_X509ERR_H -# ifndef HEADER_SYMHACKS_H -# include -# endif +# include # ifdef __cplusplus extern "C" @@ -65,6 +63,7 @@ int ERR_load_X509_strings(void); # define X509_F_X509_OBJECT_NEW 150 # define X509_F_X509_PRINT_EX_FP 118 # define X509_F_X509_PUBKEY_DECODE 148 +# define X509_F_X509_PUBKEY_GET 161 # define X509_F_X509_PUBKEY_GET0 119 # define X509_F_X509_PUBKEY_SET 120 # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h old mode 100755 new mode 100644 index 6c6eca38a582af2d934ec3d1ce65e8389fddbad3..90fa3592ce58f7bdf6e1757519a6ec223f380e76 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -364,8 +364,9 @@ struct ISSUING_DIST_POINT_st { # define EXFLAG_INVALID_POLICY 0x800 # define EXFLAG_FRESHEST 0x1000 -/* Self signed */ -# define EXFLAG_SS 0x2000 +# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */ + +# define EXFLAG_NO_FINGERPRINT 0x100000 # define KU_DIGITAL_SIGNATURE 0x0080 # define KU_NON_REPUDIATION 0x0040 diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h old mode 100755 new mode 100644 diff --git a/ms/applink.c b/ms/applink.c old mode 100755 new mode 100644 diff --git a/ms/uplink.c b/ms/uplink.c old mode 100755 new mode 100644 diff --git a/ms/uplink.h b/ms/uplink.h old mode 100755 new mode 100644 diff --git a/os-dep/haiku.h b/os-dep/haiku.h old mode 100755 new mode 100644 diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c old mode 100755 new mode 100644 index ab9e6668cd57f993182bd54872b47b608cfbdf63..53129bfb88111ced229669d8f7f6f10e1105a7b6 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) ssl_free(b); if (!ssl_new(b)) return 0; + bs = BIO_get_data(b); } BIO_set_shutdown(b, num); ssl = (SSL *)ptr; diff --git a/ssl/build.info b/ssl/build.info old mode 100755 new mode 100644 diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c old mode 100755 new mode 100644 index 2a15ee8ad9654fa041e659ddd31fbf383db25933..afbf015216a39fb1fcbbf8d387bb2365b9d1e8c7 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,10 +142,11 @@ void dtls1_free(SSL *s) ssl3_free(s); - dtls1_clear_queues(s); - - pqueue_free(s->d1->buffered_messages); - pqueue_free(s->d1->sent_messages); + if (s->d1 != NULL) { + dtls1_clear_queues(s); + pqueue_free(s->d1->buffered_messages); + pqueue_free(s->d1->sent_messages); + } OPENSSL_free(s->d1); s->d1 = NULL; diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c old mode 100755 new mode 100644 diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c old mode 100755 new mode 100644 diff --git a/ssl/methods.c b/ssl/methods.c old mode 100755 new mode 100644 diff --git a/ssl/packet.c b/ssl/packet.c old mode 100755 new mode 100644 diff --git a/ssl/packet_local.h b/ssl/packet_local.h old mode 100755 new mode 100644 diff --git a/ssl/pqueue.c b/ssl/pqueue.c old mode 100755 new mode 100644 diff --git a/ssl/record/README b/ssl/record/README old mode 100755 new mode 100644 diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c old mode 100755 new mode 100644 diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c old mode 100755 new mode 100644 index 73ca8a6ee4b97349ebd631ce1169fda74e45783c..78d29594c66609faa6146997fc1c141153b3d429 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl) { + if (rl->d == NULL) + return; + DTLS_RECORD_LAYER_clear(rl); pqueue_free(rl->d->unprocessed_rcds.q); pqueue_free(rl->d->processed_rcds.q); @@ -808,8 +811,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, wb = &s->rlayer.wbuf[0]; /* - * first check if there is a SSL3_BUFFER still being written out. This - * will happen with non blocking IO + * DTLS writes whole datagrams, so there can't be anything left in + * the buffer. */ if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE, diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c old mode 100755 new mode 100644 diff --git a/ssl/record/record.h b/ssl/record/record.h old mode 100755 new mode 100644 diff --git a/ssl/record/record_local.h b/ssl/record/record_local.h old mode 100755 new mode 100644 diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c old mode 100755 new mode 100644 index 605f8f9b75be8f7ea1ac298c4202e8bf590173f1..9b2a6964c68912eff1b578ca300ff25ec0cef16d --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + align = SSL3_ALIGN_PAYLOAD - 1; #endif len = ssl_get_max_send_fragment(s) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c old mode 100755 new mode 100644 diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c old mode 100755 new mode 100644 diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c old mode 100755 new mode 100644 diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c old mode 100755 new mode 100644 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c old mode 100755 new mode 100644 index a987604bcd0e672ae9e3fee27950a5497f701fe7..b256a4b93503e0fb34cd8c1b9518de749f3fed09 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -4072,9 +4072,10 @@ const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id) const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) { - SSL_CIPHER *c = NULL, *tbl; - SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers}; - size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS}; + SSL_CIPHER *tbl; + SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs}; + size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS, + SSL3_NUM_SCSVS}; /* this is not efficient, necessary to optimize this? */ for (j = 0; j < OSSL_NELEM(alltabs); j++) { @@ -4082,21 +4083,11 @@ const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname) if (tbl->stdname == NULL) continue; if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; + return tbl; } } } - if (c == NULL) { - tbl = ssl3_scsvs; - for (i = 0; i < SSL3_NUM_SCSVS; i++, tbl++) { - if (strcmp(stdname, tbl->stdname) == 0) { - c = tbl; - break; - } - } - } - return c; + return NULL; } /* @@ -4638,6 +4629,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; if (!s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, pskpms, pskpmslen, &s->session->master_key_length)) { @@ -4667,8 +4659,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, else OPENSSL_cleanse(pms, pmslen); } - if (s->server == 0) + if (s->server == 0) { s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; + } return ret; } diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_cert_table.h b/ssl/ssl_cert_table.h old mode 100755 new mode 100644 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c old mode 100755 new mode 100644 index 8ef29bb3453535e5338f305d6724d1aea09c9430..0a3fef7c8c14b1695d92507a44f3bc559fd010f2 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,6 +305,13 @@ static int protocol_from_string(const char *value) const char *name; int version; }; + /* + * Note: To avoid breaking previously valid configurations, we must retain + * legacy entries in this table even if the underlying protocol is no + * longer supported. This also means that the constants SSL3_VERSION, ... + * need to be retained indefinitely. This table can only grow, never + * shrink. + */ static const struct protocol_versions versions[] = { {"None", 0}, {"SSLv3", SSL3_VERSION}, diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c old mode 100755 new mode 100644 index 7c7e59789ccdc96c3b507208090dfb8c72a293f4..58f8f3c14cfa0195b478c125cbc005e4184cd695 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -779,8 +779,10 @@ SSL *SSL_new(SSL_CTX *ctx) s->ext.ecpointformats = OPENSSL_memdup(ctx->ext.ecpointformats, ctx->ext.ecpointformats_len); - if (!s->ext.ecpointformats) + if (!s->ext.ecpointformats) { + s->ext.ecpointformats_len = 0; goto err; + } s->ext.ecpointformats_len = ctx->ext.ecpointformats_len; } @@ -789,8 +791,10 @@ SSL *SSL_new(SSL_CTX *ctx) OPENSSL_memdup(ctx->ext.supportedgroups, ctx->ext.supportedgroups_len * sizeof(*ctx->ext.supportedgroups)); - if (!s->ext.supportedgroups) + if (!s->ext.supportedgroups) { + s->ext.supportedgroups_len = 0; goto err; + } s->ext.supportedgroups_len = ctx->ext.supportedgroups_len; } #endif @@ -800,8 +804,10 @@ SSL *SSL_new(SSL_CTX *ctx) if (s->ctx->ext.alpn) { s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len); - if (s->ext.alpn == NULL) + if (s->ext.alpn == NULL) { + s->ext.alpn_len = 0; goto err; + } memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len); s->ext.alpn_len = s->ctx->ext.alpn_len; } @@ -1200,6 +1206,8 @@ void SSL_free(SSL *s) OPENSSL_free(s->ext.ocsp.resp); OPENSSL_free(s->ext.alpn); OPENSSL_free(s->ext.tls13_cookie); + if (s->clienthello != NULL) + OPENSSL_free(s->clienthello->pre_proc_exts); OPENSSL_free(s->clienthello); OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); @@ -2676,7 +2684,7 @@ const char *SSL_get_servername(const SSL *s, const int type) * - Otherwise it returns NULL * * During/after the handshake (TLSv1.2 or below resumption occurred): - * - If the session from the orignal handshake had a servername accepted + * - If the session from the original handshake had a servername accepted * by the server then it will return that servername. * - Otherwise it returns the servername set via * SSL_set_tlsext_host_name() (or NULL if it was not called). @@ -2832,6 +2840,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, OPENSSL_free(ctx->ext.alpn); ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); if (ctx->ext.alpn == NULL) { + ctx->ext.alpn_len = 0; SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } @@ -2851,6 +2860,7 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, OPENSSL_free(ssl->ext.alpn); ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); if (ssl->ext.alpn == NULL) { + ssl->ext.alpn_len = 0; SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); return 1; } @@ -2895,7 +2905,8 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const unsigned char *context, size_t contextlen, int use_context) { - if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) + if (s->session == NULL + || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER)) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, @@ -3824,6 +3835,8 @@ SSL *SSL_dup(SSL *s) goto err; ret->version = s->version; ret->options = s->options; + ret->min_proto_version = s->min_proto_version; + ret->max_proto_version = s->max_proto_version; ret->mode = s->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); @@ -3839,21 +3852,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server) diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h old mode 100755 new mode 100644 index 8ddbde77296514d4b33d7a337bafe36f3dcd7079..8c3542a5422f9ff732b3c5fccc7940ab72cdf30f --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -537,7 +537,6 @@ struct ssl_session_st { int not_resumable; /* This is the cert and type for the other end. */ X509 *peer; - int peer_type; /* Certificate chain peer sent. */ STACK_OF(X509) *peer_chain; /* diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c old mode 100755 new mode 100644 index b9693527b3d2c7d07afae132a7a1d146472b7ce7..6457c0c0efa3731730419bee5a307b73e62f6c29 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -148,15 +148,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) EVP_PKEY_copy_parameters(pktmp, pkey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif if (!X509_check_private_key(c->pkeys[i].x509, pkey)) { X509_free(c->pkeys[i].x509); c->pkeys[i].x509 = NULL; @@ -342,16 +333,6 @@ static int ssl_set_cert(CERT *c, X509 *x) EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey); ERR_clear_error(); -#ifndef OPENSSL_NO_RSA - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (EVP_PKEY_id(c->pkeys[i].privatekey) == EVP_PKEY_RSA - && RSA_flags(EVP_PKEY_get0_RSA(c->pkeys[i].privatekey)) & - RSA_METHOD_FLAG_NO_CHECK) ; - else -#endif /* OPENSSL_NO_RSA */ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) { /* * don't fail for a cert/key mismatch, just free current private @@ -1082,13 +1063,6 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr EVP_PKEY_copy_parameters(pubkey, privatekey); } /* else both have parameters */ - /* Copied from ssl_set_cert/pkey */ -#ifndef OPENSSL_NO_RSA - if ((EVP_PKEY_id(privatekey) == EVP_PKEY_RSA) && - ((RSA_flags(EVP_PKEY_get0_RSA(privatekey)) & RSA_METHOD_FLAG_NO_CHECK))) - /* no-op */ ; - else -#endif /* check that key <-> cert match */ if (EVP_PKEY_cmp(pubkey, privatekey) != 1) { SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c old mode 100755 new mode 100644 index 40c157bb42f8399c70bf1c44b75904fad61cde04..cda6b7cc5bcfb69efc5a0ac9972fced5313937a4 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -107,7 +107,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) { SSL_SESSION *dest; - dest = OPENSSL_malloc(sizeof(*src)); + dest = OPENSSL_malloc(sizeof(*dest)); if (dest == NULL) { goto err; } diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c old mode 100755 new mode 100644 diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c old mode 100755 new mode 100644 diff --git a/ssl/statem/README b/ssl/statem/README old mode 100755 new mode 100644 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c old mode 100755 new mode 100644 index 4c6e8d707e4680362259c8975a013a60d1d81204..e1a3b1db67a102b6d93c2bf23dad68ef97641bbb --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -336,6 +336,8 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_stoc_key_share, tls_construct_ctos_key_share, final_key_share }, +#else + INVALID_EXTENSION, #endif { /* Must be after key_share */ @@ -966,7 +968,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * context, to avoid the confusing situation of having sess_accept_good * exceed sess_accept (zero) for the new context. */ - if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) { + if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx + && s->hello_retry_request == SSL_HRR_NONE) { tsan_counter(&s->ctx->stats.sess_accept); tsan_decr(&s->session_ctx->stats.sess_accept); } @@ -1146,6 +1149,7 @@ static int init_sig_algs_cert(SSL *s, unsigned int context) /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_cert_sigalgs); s->s3->tmp.peer_cert_sigalgs = NULL; + s->s3->tmp.peer_cert_sigalgslen = 0; return 1; } @@ -1169,14 +1173,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (!s->server) + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c old mode 100755 new mode 100644 index bcce0f1d9534b054506e264452f2ee759c2c5355..ce8a75794c3ad9cdd4bb7b2ec1acb53ce82b3df0 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -816,6 +816,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, OPENSSL_free(s->psksession_id); s->psksession_id = OPENSSL_memdup(id, idlen); if (s->psksession_id == NULL) { + s->psksession_id_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1375,6 +1376,7 @@ int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, OPENSSL_free(s->ext.peer_ecpointformats); s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len); if (s->ext.peer_ecpointformats == NULL) { + s->ext.peer_ecpointformats_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR); return 0; @@ -1492,8 +1494,13 @@ int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->ext.scts_len = (uint16_t)size; if (size > 0) { s->ext.scts = OPENSSL_malloc(size); - if (s->ext.scts == NULL - || !PACKET_copy_bytes(pkt, s->ext.scts, size)) { + if (s->ext.scts == NULL) { + s->ext.scts_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, + ERR_R_MALLOC_FAILURE); + return 0; + } + if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT, ERR_R_INTERNAL_ERROR); return 0; @@ -1592,6 +1599,7 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->ext.npn); s->ext.npn = OPENSSL_malloc(selected_len); if (s->ext.npn == NULL) { + s->ext.npn_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1632,6 +1640,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (s->s3->alpn_selected == NULL) { + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -1663,6 +1672,7 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ERR_R_INTERNAL_ERROR); return 0; diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c old mode 100755 new mode 100644 diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c old mode 100755 new mode 100644 index 3b07c6b940f4bee8ba9f1bfa107479e4d0042327..3c7395c0eb263cd7ee92f75d424810ffc82af8cd --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1151,7 +1151,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, if (sesstmp == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } SSL_SESSION_free(sess); sess = sesstmp; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c old mode 100755 new mode 100644 diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h old mode 100755 new mode 100644 diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c old mode 100755 new mode 100644 index 64e392cfbfc77219552ada4166481595474a30cd..de58f1a4b7e9fc0f8c11612aa16f40cb3f429eb6 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1960,7 +1960,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) goto err; } } - s->session->peer_type = certidx; X509_free(s->session->peer); X509_up_ref(x); @@ -2145,17 +2144,19 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) } bnpub_key = NULL; - if (!ssl_security(s, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, - SSL_R_DH_KEY_TOO_SMALL); - goto err; - } - if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE, ERR_R_EVP_LIB); goto err; } + dh = NULL; + + if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp), + 0, peer_tmp)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE, + SSL_R_DH_KEY_TOO_SMALL); + goto err; + } s->s3->peer_tmp = peer_tmp; @@ -2461,6 +2462,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt) s->s3->tmp.ctype_len = 0; OPENSSL_free(s->pha_context); s->pha_context = NULL; + s->pha_context_len = 0; if (!PACKET_get_length_prefixed_1(pkt, &reqctx) || !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) { @@ -2770,16 +2772,17 @@ int tls_process_cert_status_body(SSL *s, PACKET *pkt) } s->ext.ocsp.resp = OPENSSL_malloc(resplen); if (s->ext.ocsp.resp == NULL) { + s->ext.ocsp.resp_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, ERR_R_MALLOC_FAILURE); return 0; } + s->ext.ocsp.resp_len = resplen; if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, SSL_R_LENGTH_MISMATCH); return 0; } - s->ext.ocsp.resp_len = resplen; return 1; } @@ -2904,6 +2907,7 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt) if (psklen > PSK_MAX_PSK_LEN) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR); + psklen = PSK_MAX_PSK_LEN; /* Avoid overrunning the array on cleanse */ goto err; } else if (psklen == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, @@ -3349,9 +3353,11 @@ int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt) err: OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; #endif return 0; } @@ -3426,6 +3432,7 @@ int tls_client_key_exchange_post_work(SSL *s) err: OPENSSL_clear_free(pms, pmslen); s->s3->tmp.pms = NULL; + s->s3->tmp.pmslen = 0; return 0; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c old mode 100755 new mode 100644 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c old mode 100755 new mode 100644 index 43d6fd5de941bb00c654724e70954573454537e4..c3b6f8f4569a62ebd6150b3aedffce6f685cdcc5 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1341,6 +1341,7 @@ int tls_get_message_body(SSL *s, size_t *len) static const X509ERR2ALERT x509table[] = { {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE}, {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE}, + {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE}, {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA}, {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED}, @@ -1503,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) /* * Only called by servers. Returns 1 if the server has a TLSv1.3 capable - * certificate type, or has PSK or a certificate callback configured. Otherwise - * returns 0. + * certificate type, or has PSK or a certificate callback configured, or has + * a servername callback configured. Otherwise returns 0. */ static int is_tls13_capable(const SSL *s) { @@ -1514,6 +1515,17 @@ static int is_tls13_capable(const SSL *s) EC_KEY *eckey; #endif + if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) + return 0; + + /* + * A servername callback can change the available certs, so if a servername + * cb is set then we just assume TLSv1.3 will be ok + */ + if (s->ctx->ext.servername_cb != NULL + || s->session_ctx->ext.servername_cb != NULL) + return 1; + #ifndef OPENSSL_NO_PSK if (s->psk_server_callback != NULL) return 1; @@ -1656,11 +1668,22 @@ int ssl_check_version_downgrade(SSL *s) */ int ssl_set_version_bound(int method_version, int version, int *bound) { + int valid_tls; + int valid_dtls; + if (version == 0) { *bound = version; return 1; } + valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION; + valid_dtls = + DTLS_VERSION_LE(version, DTLS_MAX_VERSION) && + DTLS_VERSION_GE(version, DTLS1_BAD_VER); + + if (!valid_tls && !valid_dtls) + return 0; + /*- * Restrict TLS methods to TLS protocol versions. * Restrict DTLS methods to DTLS protocol versions. @@ -1671,31 +1694,24 @@ int ssl_set_version_bound(int method_version, int version, int *bound) * configurations. If the MIN (supported) version ever rises, the user's * "floor" remains valid even if no longer available. We don't expect the * MAX ceiling to ever get lower, so making that variable makes sense. + * + * We ignore attempts to set bounds on version-inflexible methods, + * returning success. */ switch (method_version) { default: - /* - * XXX For fixed version methods, should we always fail and not set any - * bounds, always succeed and not set any bounds, or set the bounds and - * arrange to fail later if they are not met? At present fixed-version - * methods are not subject to controls that disable individual protocol - * versions. - */ - return 0; + break; case TLS_ANY_VERSION: - if (version < SSL3_VERSION || version > TLS_MAX_VERSION) - return 0; + if (valid_tls) + *bound = version; break; case DTLS_ANY_VERSION: - if (DTLS_VERSION_GT(version, DTLS_MAX_VERSION) || - DTLS_VERSION_LT(version, DTLS1_BAD_VER)) - return 0; + if (valid_dtls) + *bound = version; break; } - - *bound = version; return 1; } diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h old mode 100755 new mode 100644 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c old mode 100755 new mode 100644 index 14cb27e6db010669079e29eda28f548c205f2207..fec12f613004e975ef2ff102a89d1244cf7e52bb --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2178,6 +2178,7 @@ int tls_handle_alpn(SSL *s) OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len); if (s->s3->alpn_selected == NULL) { + s->s3->alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN, ERR_R_INTERNAL_ERROR); return 0; @@ -2577,7 +2578,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) s->s3->tmp.pkey = ssl_generate_pkey(pkdhp); if (s->s3->tmp.pkey == NULL) { - /* SSLfatal() already called */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR); goto err; } @@ -2853,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt) if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) { OPENSSL_free(s->pha_context); s->pha_context_len = 32; - if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL - || RAND_bytes(s->pha_context, s->pha_context_len) <= 0 - || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) { + if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) { + s->pha_context_len = 0; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + ERR_R_INTERNAL_ERROR); + return 0; + } + if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0 + || !WPACKET_sub_memcpy_u8(pkt, s->pha_context, + s->pha_context_len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR); @@ -2969,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt) OPENSSL_cleanse(psk, psklen); if (s->s3->tmp.psk == NULL) { + s->s3->tmp.psklen = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE); return 0; @@ -3508,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) #ifndef OPENSSL_NO_PSK OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen); s->s3->tmp.psk = NULL; + s->s3->tmp.psklen = 0; #endif return MSG_PROCESS_ERROR; } @@ -4117,6 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) s->session->ext.alpn_selected = OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { + s->session->ext.alpn_selected_len = 0; SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c old mode 100755 new mode 100644 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c old mode 100755 new mode 100644 index 76b4baa38893f883ffeda8ff12afcd93e166c9b3..48d46f8a48bdc6a393a0aab5876162efb3e896d2 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2439,46 +2439,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { + DH *dhp = NULL; + BIGNUM *p = NULL, *g = NULL; int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) - dh_secbits = 128; - else - dh_secbits = 80; - } else { - if (s->s3->tmp.cert == NULL) - return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + if (s->cert->dh_tmp_auto != 2) { + if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3->tmp.new_cipher->strength_bits == 256) + dh_secbits = 128; + else + dh_secbits = 80; + } else { + if (s->s3->tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + } } - if (dh_secbits >= 128) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) - return NULL; - g = BN_new(); - if (g == NULL || !BN_set_word(g, 2)) { - DH_free(dhp); - BN_free(g); - return NULL; - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); - else - p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); - BN_free(g); - return NULL; - } - return dhp; + dhp = DH_new(); + if (dhp == NULL) + return NULL; + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } + if (dh_secbits >= 192) + p = BN_get_rfc3526_prime_8192(NULL); + else if (dh_secbits >= 152) + p = BN_get_rfc3526_prime_4096(NULL); + else if (dh_secbits >= 128) + p = BN_get_rfc3526_prime_3072(NULL); + else if (dh_secbits >= 112) + p = BN_get_rfc3526_prime_2048(NULL); + else + p = BN_get_rfc2409_prime_1024(NULL); + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + DH_free(dhp); + BN_free(p); + BN_free(g); + return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); + return dhp; } #endif diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c old mode 100755 new mode 100644 index 5c84339314cdf928370044f103699846862767f1..e2c397b7565758c8f0d284db05d2d2ebdf943a1f --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -656,7 +656,10 @@ static int ssl_print_random(BIO *bio, int indent, if (*pmsglen < 32) return 0; - tm = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + tm = ((unsigned int)p[0] << 24) + | ((unsigned int)p[1] << 16) + | ((unsigned int)p[2] << 8) + | (unsigned int)p[3]; p += 4; BIO_indent(bio, indent, 80); BIO_puts(bio, "Random:\n"); @@ -864,8 +867,10 @@ static int ssl_print_extension(BIO *bio, int indent, int server, break; if (extlen != 4) return 0; - max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8) - | ext[3]; + max_early_data = ((unsigned int)ext[0] << 24) + | ((unsigned int)ext[1] << 16) + | ((unsigned int)ext[2] << 8) + | (unsigned int)ext[3]; BIO_indent(bio, indent + 2, 80); BIO_printf(bio, "max_early_data=%u\n", max_early_data); break; @@ -1356,7 +1361,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, } if (msglen < 4) return 0; - tick_life = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + tick_life = ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); @@ -1367,7 +1375,10 @@ static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl, if (msglen < 4) return 0; ticket_age_add = - (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; + ((unsigned int)msg[0] << 24) + | ((unsigned int)msg[1] << 16) + | ((unsigned int)msg[2] << 8) + | (unsigned int)msg[3]; msglen -= 4; msg += 4; BIO_indent(bio, indent + 2, 80); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c old mode 100755 new mode 100644 index 86754dc9677ca012796317e5621c0448ee54b708..b8fb07f210ef2c6d7c26e70e1221f029b6c9b4ba --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -390,11 +390,18 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, uint32_t algenc; ivlen = EVP_CCM_TLS_IV_LEN; - if (s->s3->tmp.new_cipher == NULL) { + if (s->s3->tmp.new_cipher != NULL) { + algenc = s->s3->tmp.new_cipher->algorithm_enc; + } else if (s->session->cipher != NULL) { /* We've not selected a cipher yet - we must be doing early data */ algenc = s->session->cipher->algorithm_enc; + } else if (s->psksession != NULL && s->psksession->cipher != NULL) { + /* We must be doing early data with out-of-band PSK */ + algenc = s->psksession->cipher->algorithm_enc; } else { - algenc = s->s3->tmp.new_cipher->algorithm_enc; + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, + ERR_R_EVP_LIB); + goto err; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c old mode 100755 new mode 100644 diff --git a/test/CAss.cnf b/test/CAss.cnf old mode 100755 new mode 100644 diff --git a/test/CAssdh.cnf b/test/CAssdh.cnf old mode 100755 new mode 100644 diff --git a/test/CAssdsa.cnf b/test/CAssdsa.cnf old mode 100755 new mode 100644 diff --git a/test/CAssrsa.cnf b/test/CAssrsa.cnf old mode 100755 new mode 100644 diff --git a/test/CAtsa.cnf b/test/CAtsa.cnf old mode 100755 new mode 100644 diff --git a/test/P1ss.cnf b/test/P1ss.cnf old mode 100755 new mode 100644 diff --git a/test/P2ss.cnf b/test/P2ss.cnf old mode 100755 new mode 100644 diff --git a/test/README b/test/README old mode 100755 new mode 100644 diff --git a/test/README.external b/test/README.external old mode 100755 new mode 100644 diff --git a/test/README.ssltest.md b/test/README.ssltest.md old mode 100755 new mode 100644 diff --git a/test/Sssdsa.cnf b/test/Sssdsa.cnf old mode 100755 new mode 100644 diff --git a/test/Sssrsa.cnf b/test/Sssrsa.cnf old mode 100755 new mode 100644 diff --git a/test/Uss.cnf b/test/Uss.cnf old mode 100755 new mode 100644 diff --git a/test/aborttest.c b/test/aborttest.c old mode 100755 new mode 100644 diff --git a/test/afalgtest.c b/test/afalgtest.c old mode 100755 new mode 100644 diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c old mode 100755 new mode 100644 index 369023d5f1110f965d508a26a156e32334e76a29..18f0ca12e960828435e93e8c49e0c77dc9c16865 --- a/test/asn1_decode_test.c +++ b/test/asn1_decode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -160,6 +160,41 @@ static int test_uint64(void) return 1; } +typedef struct { + ASN1_STRING *invalidDirString; +} INVALIDTEMPLATE; + +ASN1_SEQUENCE(INVALIDTEMPLATE) = { + /* + * DirectoryString is a CHOICE type so it must use explicit tagging - + * but we deliberately use implicit here, which makes this template invalid. + */ + ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) +} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) + +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) +IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) + +/* Empty sequence for invalid template test */ +static unsigned char t_invalid_template[] = { + 0x30, 0x03, /* SEQUENCE tag + length */ + 0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */ +}; + +static int test_invalid_template(void) +{ + const unsigned char *p = t_invalid_template; + INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p, + sizeof(t_invalid_template)); + + /* We expect a NULL pointer return */ + if (TEST_ptr_null(tmp)) + return 1; + + INVALIDTEMPLATE_free(tmp); + return 0; +} + int setup_tests(void) { #if OPENSSL_API_COMPAT < 0x10200000L @@ -169,5 +204,6 @@ int setup_tests(void) ADD_TEST(test_uint32); ADD_TEST(test_int64); ADD_TEST(test_uint64); + ADD_TEST(test_invalid_template); return 1; } diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c old mode 100755 new mode 100644 index ed920a4d660aaeaa869867895257a3e96f531925..51c380294261e5f76b749e1a002ee7150ead41c0 --- a/test/asn1_encode_test.c +++ b/test/asn1_encode_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -856,6 +856,38 @@ static int test_uint64(void) return test_intern(&uint64_test_package); } +typedef struct { + ASN1_STRING *invalidDirString; +} INVALIDTEMPLATE; + +ASN1_SEQUENCE(INVALIDTEMPLATE) = { + /* + * DirectoryString is a CHOICE type so it must use explicit tagging - + * but we deliberately use implicit here, which makes this template invalid. + */ + ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) +} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) + +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) +IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) + +static int test_invalid_template(void) +{ + INVALIDTEMPLATE *temp = INVALIDTEMPLATE_new(); + int ret; + + if (!TEST_ptr(temp)) + return 0; + + ret = i2d_INVALIDTEMPLATE(temp, NULL); + + INVALIDTEMPLATE_free(temp); + + /* We expect the i2d operation to fail */ + return ret < 0; +} + + int setup_tests(void) { #if OPENSSL_API_COMPAT < 0x10200000L @@ -866,5 +898,6 @@ int setup_tests(void) ADD_TEST(test_uint32); ADD_TEST(test_int64); ADD_TEST(test_uint64); + ADD_TEST(test_invalid_template); return 1; } diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c old mode 100755 new mode 100644 diff --git a/test/asn1_string_table_test.c b/test/asn1_string_table_test.c old mode 100755 new mode 100644 diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c old mode 100755 new mode 100644 diff --git a/test/asynciotest.c b/test/asynciotest.c old mode 100755 new mode 100644 diff --git a/test/asynctest.c b/test/asynctest.c old mode 100755 new mode 100644 diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c old mode 100755 new mode 100644 diff --git a/test/bftest.c b/test/bftest.c old mode 100755 new mode 100644 diff --git a/test/bio_callback_test.c b/test/bio_callback_test.c old mode 100755 new mode 100644 diff --git a/test/bio_enc_test.c b/test/bio_enc_test.c old mode 100755 new mode 100644 diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c old mode 100755 new mode 100644 diff --git a/test/bioprinttest.c b/test/bioprinttest.c old mode 100755 new mode 100644 index 680391ea9f4e416f9470d814be5a2142fabd9b1b..40218e3fadad17e57a1868ec5ad9dd63e9063f45 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -249,6 +249,7 @@ static int test_big(void) if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; + return 1; } diff --git a/test/bntest.c b/test/bntest.c old mode 100755 new mode 100644 diff --git a/test/build.info b/test/build.info old mode 100755 new mode 100644 index 200fb8c141a9007e1728b9bcc5bd8f615911a51f..bc3dae81f992e63bf5d347e88c5a3cc7df6056de --- a/test/build.info +++ b/test/build.info @@ -461,6 +461,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN IF[{- !$disabled{ec} -}] PROGRAMS_NO_INST=ec_internal_test curve448_internal_test ENDIF + IF[{- !$disabled{cmac} -}] + PROGRAMS_NO_INST=cmactest + ENDIF SOURCE[poly1305_internal_test]=poly1305_internal_test.c INCLUDE[poly1305_internal_test]=.. ../include @@ -494,6 +497,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[ctype_internal_test]=.. ../include DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{cmac} -}] + SOURCE[cmactest]=cmactest.c + INCLUDE[cmactest]=../include + DEPEND[cmactest]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[siphash_internal_test]=siphash_internal_test.c INCLUDE[siphash_internal_test]=.. ../include DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a @@ -558,7 +567,6 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN SOURCE[gosttest]=gosttest.c ssltestlib.c INCLUDE[gosttest]=../include .. DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a -ENDIF SOURCE[ssl_ctx_test]=ssl_ctx_test.c INCLUDE[ssl_ctx_test]=../include @@ -600,3 +608,4 @@ _____ _____ } -} +ENDIF diff --git a/test/casttest.c b/test/casttest.c old mode 100755 new mode 100644 diff --git a/test/certs/alt1-cert.pem b/test/certs/alt1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/alt1-key.pem b/test/certs/alt1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/alt2-cert.pem b/test/certs/alt2-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/alt2-key.pem b/test/certs/alt2-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/alt3-cert.pem b/test/certs/alt3-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/alt3-key.pem b/test/certs/alt3-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc3-cert.pem b/test/certs/bad-pc3-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc3-key.pem b/test/certs/bad-pc3-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc4-cert.pem b/test/certs/bad-pc4-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc4-key.pem b/test/certs/bad-pc4-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc6-cert.pem b/test/certs/bad-pc6-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad-pc6-key.pem b/test/certs/bad-pc6-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/bad.key b/test/certs/bad.key old mode 100755 new mode 100644 diff --git a/test/certs/bad.pem b/test/certs/bad.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt1-cert.pem b/test/certs/badalt1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt1-key.pem b/test/certs/badalt1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt10-cert.pem b/test/certs/badalt10-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt10-key.pem b/test/certs/badalt10-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt2-cert.pem b/test/certs/badalt2-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt2-key.pem b/test/certs/badalt2-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt3-cert.pem b/test/certs/badalt3-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt3-key.pem b/test/certs/badalt3-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt4-cert.pem b/test/certs/badalt4-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt4-key.pem b/test/certs/badalt4-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt5-cert.pem b/test/certs/badalt5-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt5-key.pem b/test/certs/badalt5-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt6-cert.pem b/test/certs/badalt6-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt6-key.pem b/test/certs/badalt6-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt7-cert.pem b/test/certs/badalt7-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt7-key.pem b/test/certs/badalt7-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt8-cert.pem b/test/certs/badalt8-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt8-key.pem b/test/certs/badalt8-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt9-cert.pem b/test/certs/badalt9-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badalt9-key.pem b/test/certs/badalt9-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/badcn1-cert.pem b/test/certs/badcn1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/badcn1-key.pem b/test/certs/badcn1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca+anyEKU.pem b/test/certs/ca+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca+clientAuth.pem b/test/certs/ca+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca+serverAuth.pem b/test/certs/ca+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-anyEKU.pem b/test/certs/ca-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert-768.pem b/test/certs/ca-cert-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert-768i.pem b/test/certs/ca-cert-768i.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert-ec-explicit.pem b/test/certs/ca-cert-ec-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..d741ecdb65e3571d3bfa65e7be96024c9aac67e3 --- /dev/null +++ b/test/certs/ca-cert-ec-explicit.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMDkxNTEzMDY0MVoYDzIxMjAwOTE2MTMwNjQxWjANMQswCQYDVQQD +DAJDQTCCAUswggEDBgcqhkjOPQIBMIH3AgEBMCwGByqGSM49AQECIQD/////AAAA +AQAAAAAAAAAAAAAAAP///////////////zBbBCD/////AAAAAQAAAAAAAAAAAAAA +AP///////////////AQgWsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsD +FQDEnTYIhucEk2pmeOETnSa3gZ9+kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLesz +oPShOUXYmMKWT+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD///// +AAAAAP//////////vOb6racXnoTzucrC/GMlUQIBAQNCAASlXna3kSD/Yol3RA5I +icjIxYb9UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM +5NDco1MwUTAdBgNVHQ4EFgQUFk6ucH6gMXeadmuV7a1iWEnU/CIwHwYDVR0jBBgw +FoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQsFAAOCAQEAdyUgfT0eAsZzoHFXoWN5uqi0MHuhLI37TEzkH5h7iTpDQJTQ +F0SjbawfM/nxxUekRW3mjFu3lft+VA7yC0OTNBLffan/vTh+HGOvvYZSMJYgKrMG +PRWgDId+n9RTcQCf+91cISvOazHixRiJG7JfRLdNZsAE+miw4HgPLFboTwpxtTDJ +zJ4ssBC6P+5IHwBCtNMiilJMMMzuSaZa5iSo6M9AdXWfcQN3uhW1lgQOLOlKLcbo +3UhW1GMMhTTeytM5aylbKhRsnL7ozmS44zsKZ25YaQxgjdKitFjVN6j7eyQ7C9J2 +bLXgl3APweLQbGGs0zv08Ad0SCCKYLHK6mMJqg== +-----END CERTIFICATE----- diff --git a/test/certs/ca-cert-ec-named.pem b/test/certs/ca-cert-ec-named.pem new file mode 100644 index 0000000000000000000000000000000000000000..5fbe251afb3548aa343ab2a2e7cb83f3e08d4619 --- /dev/null +++ b/test/certs/ca-cert-ec-named.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICJDCCAQygAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMDkxNTEzMDY1MFoYDzIxMjAwOTE2MTMwNjUwWjANMQswCQYDVQQD +DAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPt+MXCi9+wztEvmdG2EVSk7 +bAiJMXJXW/u0NbcGCrrbhO1NJSHHV3Lks888sqeSPh/bif/ASJ0HX+VarMUoFIKj +UzBRMB0GA1UdDgQWBBRjigU5REz8Lwf1iD6mALVhsHIanjAfBgNVHSMEGDAWgBSO +9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQCQs9wpblefb2C9a7usGL1DJjWJQIFHtUf+6p/KPgEV7LF138ECjL5s +0AWRd8Q8SbsBH49j2r3LLLMkvFglyRaN+FF+TCC/UQtclTb4+HgLsUT2xSU8U2cY +SOnzNB5AX/qAAsdOGqOjivPtGXcXFexDKPsw3n+3rJgymBP6hbLagb47IabNhot5 +bMM6S+bmfpMwfsm885zr5vG2Gg9FjjH94Vx4I7eRLkjCS88gkIR1J35ecHFteOdo +idOaCHQddYiKukBzgdjtTxSDXKffkaybylrwOZ8VBlQd3zC7s02d+riHCnroLnnE +cwYLlJ5z6jN7zoPZ55yX/EmA0RVny2le +-----END CERTIFICATE----- diff --git a/test/certs/ca-cert-md5-any.pem b/test/certs/ca-cert-md5-any.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert-md5.pem b/test/certs/ca-cert-md5.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert.pem b/test/certs/ca-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-cert2.pem b/test/certs/ca-cert2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-clientAuth.pem b/test/certs/ca-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-expired.pem b/test/certs/ca-expired.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-key-768.pem b/test/certs/ca-key-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-key-ec-explicit.pem b/test/certs/ca-key-ec-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..08add31ca5c49112eb3ec61ca5c424cc85be324d --- /dev/null +++ b/test/certs/ca-key-ec-explicit.pem @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg +9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A +AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgdEf20fpuqEZU +tZ4ORoq4vb5ETV4a6QOl/iGnDQt++/ihRANCAASlXna3kSD/Yol3RA5IicjIxYb9 +UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM5NDc +-----END PRIVATE KEY----- diff --git a/test/certs/ca-key-ec-named.pem b/test/certs/ca-key-ec-named.pem new file mode 100644 index 0000000000000000000000000000000000000000..cff7a64e84d10791c9d21ae7f76d7d44d7ca6594 --- /dev/null +++ b/test/certs/ca-key-ec-named.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCTrYrMKcyV49+w4B +TWr2WTZsMM4aFpaYulKAuhiuQ7mhRANCAAT7fjFwovfsM7RL5nRthFUpO2wIiTFy +V1v7tDW3Bgq624TtTSUhx1dy5LPPPLKnkj4f24n/wEidB1/lWqzFKBSC +-----END PRIVATE KEY----- diff --git a/test/certs/ca-key.pem b/test/certs/ca-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-key2.pem b/test/certs/ca-key2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-name2.pem b/test/certs/ca-name2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-nonbc.pem b/test/certs/ca-nonbc.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-nonca.pem b/test/certs/ca-nonca.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-pss-cert.pem b/test/certs/ca-pss-cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..566b63a800f79adda57c3ad5c381ac03d60c9e54 --- /dev/null +++ b/test/certs/ca-pss-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXjCCAhagAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIxMDEyNjEwMDUwOFoYDzIxMjEwMTI3MTAwNTA4WjARMQ8wDQYDVQQD +DAZDQS1QU1MwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAtclsFtJOQgAC +ZxTPn2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivw +epDaiu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJ +t+8psfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaR +fmU7tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4h +gwnjXASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0Eybjyk +gyAu7Zlf/wIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAd +BgNVHQ4EFgQUGfmhA/VcxWkh7VUBHxUdHHQLgrAwHwYDVR0jBBgwFoAUjvUlrx6b +a4Q9fICayVOcTXL3o1IwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY +BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAF6rSSBj+dkv0UGuE1El +lB9zVpqVlV72RY8gAkmSJmbzblHEO/PYV/UnNJ2C2IXEhAQaE0xKCg+WC2RO56oc +qZc6UXBCN8G9rJKVxgXVbciP4pQYN6POpmhJfQqzNPwzTADt3HY6X9gQtyG0fuQF +OPDc+mXjRvBrcYMkAgYiKe+oA45WDWYpIvipWVQ3xP/BSGJqrdKx5SOrJA72+BLM +bPbD3tBC2SVirDjv0N926Wcb/JQFkM+5YY2/yKNybstngr4Pb1T/tESsIZvGG2Tk +3IhBl1dJtC9gpGTRa8NzQvcmPK9VUjWtv5YNA+FxD9FTxGibh7Aw1fbFCV91Qjc3 +JQQ= +-----END CERTIFICATE----- diff --git a/test/certs/ca-pss-key.pem b/test/certs/ca-pss-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..9270c36484474113ba7c0fdec9966296542dae56 --- /dev/null +++ b/test/certs/ca-pss-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADALBgkqhkiG9w0BAQoEggSpMIIEpQIBAAKCAQEAtclsFtJOQgACZxTP +n2T2ksmibRNVAnEfVCgfJxsPN3aEERgqqhWbC4LmGHRIIjQ9DpobarydJivwepDa +iu11rgwXgenIobIVvVr2+L3ngalYdkwmmPVImNN8Ef575ybE/kVgTu9X37DJt+8p +sfVGeFg4RKykOi7SfPCSKHKSeZUXPj9AYwZDw4HX2rhstRopXAmUzz2/uAaRfmU7 +tYOG5qhfMUpP+Ce0ZBlLE9JjasY+d20/mDFuvFEc5qjfzNqv/7okyBjaWB4hgwnj +XASrqKlqHKVU1UyrJc76yAniimy+IoXKAELetIJGSN15GYaWJcAIs0EybjykgyAu +7Zlf/wIDAQABAoIBAErkiNt+GS+nwVWmhUMt3UfsOjal2EgBQt7xCKSbyVEYSqCg +TDN2Y0IC07kPbwhobR8u7kyzGCs5vwE/3EmQOwNRh/3FyxqSu9IfP9CKrG4GzqMu +DFjH9PjBaEQhi/pXRqFbA6qBgLpvoytcJNlkK3w5HDVuytoNoDpJAm4XhbEAwVG2 +u3De40lPKXBFaGjSrUQETnrm0Fhj+J7+VMheQZVjEHwMIOmbIDcckV0OSIWn00XG +/Md0y0i/U8S0TkP9sVC+cKkKMCNL+BJYf5YucUIna/9PgBD36RRRq2D0e8/iP8m+ +ftnmW7fxlL2neTZ2sAS+4sm7sOoudaeAta+JoEECgYEA5ZjbBJf+FhyFOBFRoYow +OHP+JfU7rdi8n5GpNswVmtNx3FK+eoUz+PlXTluUydS3L40ba7/mzYFzAZETF6YO +Z8STkmvLxRTDzvZoE0SCJQAcG9I1oVWMufDVnHvljflH+IBjvMQM527dfFgaebvD +TkRvnCup2oV3uT430++15K0CgYEAyrESfgP5f9+zZqz30N+QTWHZCzCUqSDcGhke +Irvjs5tSrCQibbSGkGNHZ/V019K8rKJQlvNbEEzlRRcohuqIuUPgPmXBbbruqCBP +a1+DD/HRg6BrTsNo67SbUJ6EsV5D80Ie76Yzye3By7E71xvFzFxbMwcwPFHBDViR +m4oRwNsCgYEAtdb/N78tVNPXytUkot0wXbW4RtXYI1Lx6StTKnwubEYk+otqIt1W +kUzhkcTEralUQEvwuMDvCjoJHOeKiINTC2pMOn43j+pnPoY3XXM35BgXKw2svg9k +emu8ssgJwgz5rF37ICjh03Yh4vZgWaOVBmr7PmPyjYiBjuwxCSDkHa0CgYEAkqwP +9aBqq131NBd2PG+KvHRR2wcMjFZ672e9puTPoOiEqox7XWeE+Hbe9RtpscONRF8w +cgsnmmQKhDR93yNYTLgRTRXVItJiYMcAsXIsJR2XvugWvqgpBGds/Km426CbCyyN +tl1OnJCv6/YUl1RBjeBHHmXVQdDnIgE1XJhMwIECgYEAt4zgPqswoicfDBqakP6X +ZND0s7fiki2YBmXyASIoUACnpJEWsOOEJrAcW7xtgXgjNxKdk1JqYV3ggU8wgCvv +9Ugsx0FiuPmIBhYNZMWIItNmpYqPm8KbEwIPqChs9OA+5FREFwFjJgGK2ublfmVj +dN2I3LilMIXTE4/MQ8Lhcjc= +-----END PRIVATE KEY----- diff --git a/test/certs/ca-root2.pem b/test/certs/ca-root2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ca-serverAuth.pem b/test/certs/ca-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca+anyEKU.pem b/test/certs/cca+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca+clientAuth.pem b/test/certs/cca+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca+serverAuth.pem b/test/certs/cca+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca-anyEKU.pem b/test/certs/cca-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca-cert.pem b/test/certs/cca-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca-clientAuth.pem b/test/certs/cca-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/cca-serverAuth.pem b/test/certs/cca-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/client-ed25519-cert.pem b/test/certs/client-ed25519-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/client-ed25519-key.pem b/test/certs/client-ed25519-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/client-ed448-cert.pem b/test/certs/client-ed448-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/client-ed448-key.pem b/test/certs/client-ed448-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot+anyEKU.pem b/test/certs/croot+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot+clientAuth.pem b/test/certs/croot+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot+serverAuth.pem b/test/certs/croot+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot-anyEKU.pem b/test/certs/croot-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot-cert.pem b/test/certs/croot-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot-clientAuth.pem b/test/certs/croot-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/croot-serverAuth.pem b/test/certs/croot-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/cyrillic.msb b/test/certs/cyrillic.msb old mode 100755 new mode 100644 diff --git a/test/certs/cyrillic.pem b/test/certs/cyrillic.pem old mode 100755 new mode 100644 diff --git a/test/certs/cyrillic.utf8 b/test/certs/cyrillic.utf8 old mode 100755 new mode 100644 diff --git a/test/certs/cyrillic_crl.pem b/test/certs/cyrillic_crl.pem old mode 100755 new mode 100644 diff --git a/test/certs/cyrillic_crl.utf8 b/test/certs/cyrillic_crl.utf8 old mode 100755 new mode 100644 diff --git a/test/certs/dhp2048.pem b/test/certs/dhp2048.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee+clientAuth.pem b/test/certs/ee+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee+serverAuth.pem b/test/certs/ee+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-cert-768.pem b/test/certs/ee-cert-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-cert-768i.pem b/test/certs/ee-cert-768i.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-cert-ec-explicit.pem b/test/certs/ee-cert-ec-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..eccb3342caaa92cae13f5c9f1173b643092a299b --- /dev/null +++ b/test/certs/ee-cert-ec-explicit.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIChzCCAi6gAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y +MDA5MTUxMzE0MzlaGA8yMTIwMDkxNjEzMTQzOVowGTEXMBUGA1UEAwwOc2VydmVy +LmV4YW1wbGUwggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA//// +/wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAA +AAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n +0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9 +gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA +/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAE+7TDP7C9VqQP +TnqoJc/Fvf/N45BX+lBfmfiGBeRKtSsvrERUlymzQ4/nxVtymozAgFxQ0my998HH +TSVCj7Sq56N9MHswHQYDVR0OBBYEFKKwEfKYhNv6fbQf0Xd0te7J3GZdMB8GA1Ud +IwQYMBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwCgYIKoZIzj0E +AwIDRwAwRAIgb4UITAOFlATeaayWQX9r5gf61qcnzT7TjXCekf7ww9oCIBDltg/u +ZvS9gqviMFuPjTuk/FhsCTAUzTT7WmgcWeH7 +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-ec-named-explicit.pem b/test/certs/ee-cert-ec-named-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..db13c0e5ef544db5fb9957a561d1addb3a1e1548 --- /dev/null +++ b/test/certs/ee-cert-ec-named-explicit.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlDCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y +MDA5MTUxMzE0NDVaGA8yMTIwMDkxNjEzMTQ0NVowGTEXMBUGA1UEAwwOc2VydmVy +LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQv5PnMStW/Wx9lpvjl +JTsFIjc2wBv14sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEst +tYKzo30wezAdBgNVHQ4EFgQUmb/qcE413hkpmtjEMyRZZFcN1TYwHwYDVR0jBBgw +FoAUFk6ucH6gMXeadmuV7a1iWEnU/CIwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr +BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNI +ADBFAiEA9y6J8rdAbO0mDZscIb8rIn6HgxBW4WAqTlFeZeHjjOYCIAmt2ldyObOL +tXaiaxYX3WAOR1vmfzsdrkCAOCfAkpbo +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-ec-named-named.pem b/test/certs/ee-cert-ec-named-named.pem new file mode 100644 index 0000000000000000000000000000000000000000..0730febf46807ae4792dd672b99aef92ff5eb063 --- /dev/null +++ b/test/certs/ee-cert-ec-named-named.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBkzCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y +MDA5MTUxNDEwNDhaGA8yMTIwMDkxNjE0MTA0OFowGTEXMBUGA1UEAwwOc2VydmVy +LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS0YU57+RFRWxr/frnL ++vOYkY3h9roKnvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ3 +5b0Po30wezAdBgNVHQ4EFgQUypypuZrUl0BEmbuhfJpo3QFNIvUwHwYDVR0jBBgw +FoAUY4oFOURM/C8H9Yg+pgC1YbByGp4wCQYDVR0TBAIwADATBgNVHSUEDDAKBggr +BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNH +ADBEAiAEkKD7H5uxQ4YbQOiN4evbu5RCV5W7TVE80iBfcY5u4wIgGcwr++lVNX0Q +CTT+M3ukDjOA8OEvKUz1TiDuRAQ29qU= +-----END CERTIFICATE----- diff --git a/test/certs/ee-cert-md5.pem b/test/certs/ee-cert-md5.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-cert.pem b/test/certs/ee-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-cert2.pem b/test/certs/ee-cert2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-client-chain.pem b/test/certs/ee-client-chain.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-client.pem b/test/certs/ee-client.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-clientAuth.pem b/test/certs/ee-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-ecdsa-client-chain.pem b/test/certs/ee-ecdsa-client-chain.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-ecdsa-key.pem b/test/certs/ee-ecdsa-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-ed25519.pem b/test/certs/ee-ed25519.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-expired.pem b/test/certs/ee-expired.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-key-768.pem b/test/certs/ee-key-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-key-ec-explicit.pem b/test/certs/ee-key-ec-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..d847d85dbec268653d6ed6011a86092c23bff445 --- /dev/null +++ b/test/certs/ee-key-ec-explicit.pem @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB +AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA +///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV +AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg +9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A +AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg0cmpcTcEYG5G +ZaVkGjtsBc3sLZn1EuV9qNK2qx6iNzmhRANCAAT7tMM/sL1WpA9Oeqglz8W9/83j +kFf6UF+Z+IYF5Eq1Ky+sRFSXKbNDj+fFW3KajMCAXFDSbL33wcdNJUKPtKrn +-----END PRIVATE KEY----- diff --git a/test/certs/ee-key-ec-named-explicit.pem b/test/certs/ee-key-ec-named-explicit.pem new file mode 100644 index 0000000000000000000000000000000000000000..28f81e9569a79f024d7f163c9222be611dbc05dc --- /dev/null +++ b/test/certs/ee-key-ec-named-explicit.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2ue+X5ZFJPJPQG2E +WQY4ALv2PkPp2Gy6KrMiokgmjkehRANCAAQv5PnMStW/Wx9lpvjlJTsFIjc2wBv1 +4sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEsttYKz +-----END PRIVATE KEY----- diff --git a/test/certs/ee-key-ec-named-named.pem b/test/certs/ee-key-ec-named-named.pem new file mode 100644 index 0000000000000000000000000000000000000000..d627bcf0dd7bae07d79e195da31648050c77990c --- /dev/null +++ b/test/certs/ee-key-ec-named-named.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGSoneIKG3//ujXGu +/EoJdNhpKZj026EF/YQ5FblUBWahRANCAAS0YU57+RFRWxr/frnL+vOYkY3h9roK +nvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ35b0P +-----END PRIVATE KEY----- diff --git a/test/certs/ee-key.pem b/test/certs/ee-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-name2.pem b/test/certs/ee-name2.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-pathlen.pem b/test/certs/ee-pathlen.pem new file mode 100644 index 0000000000000000000000000000000000000000..0bcae1d7bdb91e2091a7c93d8c2350b7954770a1 --- /dev/null +++ b/test/certs/ee-pathlen.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICszCCAZugAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg +Fw0yMDA0MDMwODA0MTVaGA8yMTIwMDQwNDA4MDQxNVowGTEXMBUGA1UEAwwOc2Vy +dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY +YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT +5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l +Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 +U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 +ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn +iIQPYf55NB9KiR+3AgMBAAGjEDAOMAwGA1UdEwQFMAMCAQAwDQYJKoZIhvcNAQEL +BQADggEBAApOUnWWd09I0ts3xa1oK7eakc+fKTF4d7pbGznFNONaCR3KFRgnBVlG +Bm8/oehrrQ28Ad3XPSug34DQQ5kM6JIuaddx50/n4Xkgj8/fgXVA0HXizOJ3QpKC +IojLVajXlQHhpo72VUQuNOha0UxG9daYjS20iXRhanTm9rUz7qQZEugVQCiR0z/f +9NgM7FU9UaSidzH3gZu/Ufc4Ggn6nZV7LM9sf4IUV+KszS1VpcK+9phAmsB6BaAi +cFXvVXZjTNualQgPyPwOD8c+vVCIfIemfF5TZ6fyqpOjprWQAphwrTtfNDSmqRTz +FRhDf+vJERQclgUtg37EgWGKtnNQeRY= +-----END CERTIFICATE----- diff --git a/test/certs/ee-pss-cert.pem b/test/certs/ee-pss-cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..e908783b5536829aa75640fbdb8a816720327b6e --- /dev/null +++ b/test/certs/ee-pss-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDdDCCAiygAwIBAgIBAjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEa +MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIDARMQ8wDQYDVQQDDAZDQS1Q +U1MwIBcNMjEwMTI2MTAwNjMzWhgPMjEyMTAxMjcxMDA2MzNaMBExDzANBgNVBAMM +BkVFLVBTUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e +2ywP1XP74reoG3p1YCvUfTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx// +DcZD/jE0+CjYdemju4iC76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aO +wjagEf/AWTX9SRzdHEIzBniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5Zq +ghsVi9GZq+Seb5Sq0pblV/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktH +aKcpxz9K4iIntO+QY9fv0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h +/nk0H0qJH7cCAwEAAaN1MHMwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOi +MB8GA1UdIwQYMBaAFBn5oQP1XMVpIe1VAR8VHRx0C4KwMAkGA1UdEwQCMAAwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwEQYDVR0RBAowCIIGRUUtUFNTMD0GCSqGSIb3DQEB +CjAwoA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaID +AgEgA4IBAQCzCXb5XpMvhuwWso9wj4B8AJjCugMlGdrLXIj3ueqyS1qSEcFp1meO +9jMDCjAkitTdZjf3gqEghC/joUd+XAw3JfOPOl36WlNrm9bwZTnfnCYFRrdprfMo +Q1Kqy9SNvDeHZZVcGeU3PZSt+EabmR9mQODg/qfpa9/3WktzFbvxlPOS7Tb0n2tn +vQnTmyrmGN2/o8X1qGQgETw5bH3csKgsPh668zN/gv3DxNN0EVACLaOSahNsNQa7 +KCcl1ez5KcFc0QIlQajhorTYOIeTb8UmR4wdy5C4Nd9P5OKv1sQvVO9PtswAv/s7 +Vs48cDO1+ASn0KjN41hXN5+fOIlNqOeU +-----END CERTIFICATE----- diff --git a/test/certs/ee-pss-sha1-cert.pem b/test/certs/ee-pss-sha1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-pss-sha256-cert.pem b/test/certs/ee-pss-sha256-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ee-self-signed.pem b/test/certs/ee-self-signed.pem new file mode 100644 index 0000000000000000000000000000000000000000..e854c9ad272d24eeb99a398756b2a48fa2b9f104 --- /dev/null +++ b/test/certs/ee-self-signed.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP +MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg +K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 +iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c +QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS +luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj +1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB +o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU +55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC +B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm +WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO +h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG +G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf +vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o +ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= +-----END CERTIFICATE----- diff --git a/test/certs/ee-serverAuth.pem b/test/certs/ee-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs3.pem b/test/certs/embeddedSCTs3.pem old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs3.sct b/test/certs/embeddedSCTs3.sct old mode 100755 new mode 100644 diff --git a/test/certs/embeddedSCTs3_issuer.pem b/test/certs/embeddedSCTs3_issuer.pem old mode 100755 new mode 100644 diff --git a/test/certs/goodcn1-cert.pem b/test/certs/goodcn1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/goodcn1-key.pem b/test/certs/goodcn1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/interCA.key b/test/certs/interCA.key old mode 100755 new mode 100644 diff --git a/test/certs/interCA.pem b/test/certs/interCA.pem old mode 100755 new mode 100644 diff --git a/test/certs/invalid-cert.pem b/test/certs/invalid-cert.pem new file mode 100644 index 0000000000000000000000000000000000000000..a8951305a3dc6945ed43e252bdf621090a4323cb --- /dev/null +++ b/test/certs/invalid-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN TRUSTED CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIUEUSW5o7qpgNCWyXic9Fc9tCLS0gwDQYJKoZIhvcNAQEL +BQAwEzERMA8GA1UEAwwIUGVyc29TaW0wHhcNMjAxMjE2MDY1NjM5WhcNMzAxMjE2 +MDY1NjM5WjATMREwDwYDVQQDDAhQZXJzb1NpbTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMsgRKnnZbQtG9bB9Hn+CoOOsanmnRELSlGq521qi/eBgs2w +SdHYM6rsJFwY89RvINLGeUZh/pu7c+ODtTafAWE3JkynG01d2Zrvp1V1r97+FGyD +f+b1hAggxBy70bTRyr1gAoKQTAm74U/1lj13EpWz7zshgXJ/Pn/hUyTmpNW+fTRE +xaifN0jkl5tZUURGA6w3+BRhVDQtt92vLihqUGaEFpL8yqqFnN44AoQ5+lgMafWi +UyYMHcK75ZB8WWklq8zjRP3xC1h56k01rT6KJO6i+BxMcADerYsn5qTlcUiKcpRU +b6RzLvCUwj91t1aX6npDI3BzSP+wBUUANBfuHEMCAwEAAaNxMG8wFwYDVR0OBBA8 +yBBnvz1Zt6pHm2GwBaRyMBcGA1UdIwQQPMgQZ789WbeqR5thsAWkcjAPBgNVHRMB +Af8EBTADAQH/MAsGA1UdDwQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwDQYJKoZIhvcNAQELBQADggEBAIEzVbttOUc7kK4aY+74TANFZK/qtBQ7 +94a/P30TGWSRUq2HnDsR8Vo4z8xm5oKeC+SIi6NGzviWYquuzpJ7idcbr0MIuSyD ++Vg6n1sG64DxWNdGO9lR5c4mWFdIajShczS2+4QIRB/lFZCf7GhPMtIcbP1o9ckY +2vyv5ZAEU9Z5n0PY+abrKsj0XyvJwdycEsUTywa36fuv6hP3UboLtvK6naXLMrTj +WtSA6PXjHy7h8h0NC8XLk64mc0lcRC4WM+xJ/C+NHglpmBqBxnStpnZykMZYD1Vy +JJ1wNc+Y3e2uMBDxZviH3dIPIgqP1Vpi2TWfqr3DTBNCRf4dl/wwNU8= +-----END TRUSTED CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/certs/leaf.key old mode 100755 new mode 100644 diff --git a/test/certs/leaf.pem b/test/certs/leaf.pem old mode 100755 new mode 100644 diff --git a/test/certs/many-constraints.pem b/test/certs/many-constraints.pem old mode 100755 new mode 100644 diff --git a/test/certs/many-names1.pem b/test/certs/many-names1.pem old mode 100755 new mode 100644 diff --git a/test/certs/many-names2.pem b/test/certs/many-names2.pem old mode 100755 new mode 100644 diff --git a/test/certs/many-names3.pem b/test/certs/many-names3.pem old mode 100755 new mode 100644 diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index ebb71c177857166ef7e59123b0152dd97941cc8f..d8e70423911f71d7acf37505b66576a161147552 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -1,6 +1,6 @@ #! /bin/bash # -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2016 Viktor Dukhovni . # All rights reserved. # @@ -114,6 +114,19 @@ genroot() { } genca() { + local OPTIND=1 + local purpose= + + while getopts p: o + do + case $o in + p) purpose="$OPTARG";; + *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2 + return 1;; + esac + done + + shift $((OPTIND - 1)) local cn=$1; shift local key=$1; shift local cert=$1; shift @@ -123,17 +136,16 @@ genca() { local akid="authorityKeyIdentifier = keyid" exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = critical,CA:true") - for eku in "$@" - do - exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku") - done + if [ -n "$purpose" ]; then + exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$purpose") + fi if [ -n "$NC" ]; then exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") fi csr=$(req "$key" "CN = $cn") || return 1 echo "$csr" | cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ - -set_serial 2 -days "${DAYS}" + -set_serial 2 -days "${DAYS}" "$@" } gen_nonbc_ca() { diff --git a/test/certs/nca+anyEKU.pem b/test/certs/nca+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/nca+serverAuth.pem b/test/certs/nca+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca-cert.pem b/test/certs/ncca-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca-key.pem b/test/certs/ncca-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca1-cert.pem b/test/certs/ncca1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca1-key.pem b/test/certs/ncca1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca2-cert.pem b/test/certs/ncca2-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca2-key.pem b/test/certs/ncca2-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca3-cert.pem b/test/certs/ncca3-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/ncca3-key.pem b/test/certs/ncca3-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/nroot+anyEKU.pem b/test/certs/nroot+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/nroot+serverAuth.pem b/test/certs/nroot+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/p256-server-cert.pem b/test/certs/p256-server-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/p256-server-key.pem b/test/certs/p256-server-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/p384-root-key.pem b/test/certs/p384-root-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/p384-root.pem b/test/certs/p384-root.pem old mode 100755 new mode 100644 diff --git a/test/certs/p384-server-cert.pem b/test/certs/p384-server-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/p384-server-key.pem b/test/certs/p384-server-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/pathlen.pem b/test/certs/pathlen.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc1-cert.pem b/test/certs/pc1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc1-key.pem b/test/certs/pc1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc2-cert.pem b/test/certs/pc2-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc2-key.pem b/test/certs/pc2-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc5-cert.pem b/test/certs/pc5-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/pc5-key.pem b/test/certs/pc5-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/root+anyEKU.pem b/test/certs/root+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/root+clientAuth.pem b/test/certs/root+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root+serverAuth.pem b/test/certs/root+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-anyEKU.pem b/test/certs/root-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-cert-768.pem b/test/certs/root-cert-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-cert-md5.pem b/test/certs/root-cert-md5.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-cert-rsa2.pem b/test/certs/root-cert-rsa2.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-cert.pem b/test/certs/root-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-cert2.pem b/test/certs/root-cert2.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-clientAuth.pem b/test/certs/root-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-ed25519.pem b/test/certs/root-ed25519.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-expired.pem b/test/certs/root-expired.pem new file mode 100644 index 0000000000000000000000000000000000000000..eb5b697ed2ad03ce5875ee873e1db9201d55aec8 --- /dev/null +++ b/test/certs/root-expired.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8jCCAdqgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMB4XDTIwMTIwMjE0MTYwOVoXDTIwMTIwMTE0MTYwOVowEjEQMA4GA1UEAwwH +Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOHmAPUGvKBG +OHkPPx5xGRNtAt8rm3Zr/KywIe3WkQhCO6VjNexSW6CiSsXWAJQDl1o9uWco0n3j +IVyk7cY8jY6E0Z1Uwz3ZdKKWdmdx+cYaUHez/XjuW+DjjIkjwpoi7D7UN54HzcAr +VREXOjRCHGkNOhiw7RWUXsb9nofGHOeUGpLAXwXBc0PlA94JkckkztiOi34u4DFI +0YYqalUmeugLNk6XseCkydpcaUsDgAhWg6Mfsiq4wUz+xbFN1MABqu2+ziW97mmt +9gfNbiuhiVT1aOuYCe3JYGbLM2JKA7Bo1g6rX8E1VX79Ru6669y2oqPthX9337Vo +IkN+ZiQjr8UCAwEAAaNTMFEwHQYDVR0OBBYEFI71Ja8em2uEPXyAmslTnE1y96NS +MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQELBQADggEBAH1uqov7eXVT6GbhJ7foASTQpIaVi4GXIfbS +bYKCb0erWkLfW7EKalOTBp5TjWONSM4mX2OlZag7yq1P1YwMaBA51OkH0Ojic9fX +majK2S/ZyFI6NLoPqN0Uw/K1HHU0DXpK/mf3YdFOEZMf9LVlXR0O6og19HxBmNnN +LhTOQ29IGqNzayHGBi4U8LG+UAe5sxlC+gnnQEPGMrOS1XElybtHIxnqk2LJDvXj +2Dj12TCISD9bQ53oRkudTvTPyvxK6OsnFC/wTBmHk03yxnZdQEKyj9guahiRb+hj +sz4mDWWMmelcr6veEfzzlUZK7aoIrpJmgukhv/Qafwczo38J5U0= +-----END CERTIFICATE----- diff --git a/test/certs/root-key-768.pem b/test/certs/root-key-768.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-key.pem b/test/certs/root-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-key2.pem b/test/certs/root-key2.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-name2.pem b/test/certs/root-name2.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-nonca.pem b/test/certs/root-nonca.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-noserver.pem b/test/certs/root-noserver.pem old mode 100755 new mode 100644 diff --git a/test/certs/root-serverAuth.pem b/test/certs/root-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root2+clientAuth.pem b/test/certs/root2+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root2+serverAuth.pem b/test/certs/root2+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/root2-serverAuth.pem b/test/certs/root2-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/rootCA.key b/test/certs/rootCA.key old mode 100755 new mode 100644 diff --git a/test/certs/rootCA.pem b/test/certs/rootCA.pem old mode 100755 new mode 100644 diff --git a/test/certs/rootcert.pem b/test/certs/rootcert.pem old mode 100755 new mode 100644 diff --git a/test/certs/rootkey.pem b/test/certs/rootkey.pem old mode 100755 new mode 100644 diff --git a/test/certs/roots.pem b/test/certs/roots.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca+anyEKU.pem b/test/certs/sca+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca+clientAuth.pem b/test/certs/sca+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca+serverAuth.pem b/test/certs/sca+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca-anyEKU.pem b/test/certs/sca-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca-cert.pem b/test/certs/sca-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca-clientAuth.pem b/test/certs/sca-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sca-serverAuth.pem b/test/certs/sca-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-cecdsa-cert.pem b/test/certs/server-cecdsa-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-cecdsa-key.pem b/test/certs/server-cecdsa-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-dsa-cert.pem b/test/certs/server-dsa-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-dsa-key.pem b/test/certs/server-dsa-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ecdsa-brainpoolP256r1-cert.pem b/test/certs/server-ecdsa-brainpoolP256r1-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ecdsa-brainpoolP256r1-key.pem b/test/certs/server-ecdsa-brainpoolP256r1-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ecdsa-cert.pem b/test/certs/server-ecdsa-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ecdsa-key.pem b/test/certs/server-ecdsa-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ed25519-cert.pem b/test/certs/server-ed25519-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ed25519-key.pem b/test/certs/server-ed25519-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ed448-cert.pem b/test/certs/server-ed448-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-ed448-key.pem b/test/certs/server-ed448-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-pss-cert.pem b/test/certs/server-pss-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-pss-key.pem b/test/certs/server-pss-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-pss-restrict-cert.pem b/test/certs/server-pss-restrict-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-pss-restrict-key.pem b/test/certs/server-pss-restrict-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/server-trusted.pem b/test/certs/server-trusted.pem old mode 100755 new mode 100644 diff --git a/test/certs/servercert.pem b/test/certs/servercert.pem old mode 100755 new mode 100644 diff --git a/test/certs/serverkey.pem b/test/certs/serverkey.pem old mode 100755 new mode 100644 diff --git a/test/certs/setup.sh b/test/certs/setup.sh index 2d53ea5b08c6cb91d8fd45b644009cc92489660a..49aab7118f0fd6ebf4df6ad25ee9418811948622 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -1,10 +1,11 @@ -#! /bin/sh +#! /bin/bash # Primary root: root-cert # root cert variants: CA:false, key2, DN2 # trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU # ./mkcert.sh genroot "Root CA" root-key root-cert +DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired ./mkcert.sh genss "Root CA" root-key root-nonca ./mkcert.sh genroot "Root CA" root-key2 root-cert2 ./mkcert.sh genroot "Root Cert 2" root-key root-name2 @@ -116,11 +117,15 @@ openssl x509 -in ca-cert-md5.pem -trustout \ # CA has 768-bit key OPENSSL_KEYBITS=768 \ ./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert +# EC cert with explicit curve +./mkcert.sh genca "CA" ca-key-ec-explicit ca-cert-ec-explicit root-key root-cert +# EC cert with named curve +./mkcert.sh genca "CA" ca-key-ec-named ca-cert-ec-named root-key root-cert # client intermediate ca: cca-cert # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth # -./mkcert.sh genca "CA" ca-key cca-cert root-key root-cert clientAuth +./mkcert.sh genca -p clientAuth "CA" ca-key cca-cert root-key root-cert # openssl x509 -in cca-cert.pem -trustout \ -addtrust serverAuth -out cca+serverAuth.pem @@ -138,7 +143,7 @@ openssl x509 -in cca-cert.pem -trustout \ # server intermediate ca: sca-cert # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth, -anyEKU, +anyEKU # -./mkcert.sh genca "CA" ca-key sca-cert root-key root-cert serverAuth +./mkcert.sh genca -p serverAuth "CA" ca-key sca-cert root-key root-cert # openssl x509 -in sca-cert.pem -trustout \ -addtrust serverAuth -out sca+serverAuth.pem @@ -154,7 +159,7 @@ openssl x509 -in sca-cert.pem -trustout \ -addtrust anyExtendedKeyUsage -out sca+anyEKU.pem # Primary leaf cert: ee-cert -# ee variants: expired, issuer-key2, issuer-name2 +# ee variants: expired, issuer-key2, issuer-name2, bad-pathlen # trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth # purpose variants: client # @@ -163,6 +168,8 @@ openssl x509 -in sca-cert.pem -trustout \ ./mkcert.sh genee server.example ee-key ee-cert2 ca-key2 ca-cert2 ./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2 ./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert +./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \ + -extfile <(echo "basicConstraints=CA:FALSE,pathlen:0") # bash needed here # openssl x509 -in ee-cert.pem -trustout \ -addtrust serverAuth -out ee+serverAuth.pem @@ -182,6 +189,17 @@ OPENSSL_SIGALG=md5 \ # 768-bit leaf key OPENSSL_KEYBITS=768 \ ./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert +# EC cert with explicit curve signed by named curve ca +./mkcert.sh genee server.example ee-key-ec-explicit ee-cert-ec-explicit ca-key-ec-named ca-cert-ec-named +# EC cert with named curve signed by explicit curve ca +./mkcert.sh genee server.example ee-key-ec-named-explicit \ + ee-cert-ec-named-explicit ca-key-ec-explicit ca-cert-ec-explicit +# EC cert with named curve signed by named curve ca +./mkcert.sh genee server.example ee-key-ec-named-named \ + ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named + +# self-signed end-entity cert with explicit keyUsage not including KeyCertSign +openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500 # Proxy certificates, off of ee-client # Start with some good ones @@ -362,9 +380,14 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ # SHA1 ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest -# SHA256 +# EE SHA256 ./mkcert.sh genee PSS-SHA256 ee-key ee-pss-sha256-cert ca-key ca-cert \ - -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:digest +# CA-PSS +./mkcert.sh genca "CA-PSS" ca-pss-key ca-pss-cert root-key root-cert \ + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 +./mkcert.sh genee "EE-PSS" ee-key ee-pss-cert ca-pss-key ca-pss-cert \ + -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 OPENSSL_KEYALG=ec OPENSSL_KEYBITS=brainpoolP256r1 ./mkcert.sh genee \ "Server ECDSA brainpoolP256r1 cert" server-ecdsa-brainpoolP256r1-key \ diff --git a/test/certs/some-names1.pem b/test/certs/some-names1.pem old mode 100755 new mode 100644 diff --git a/test/certs/some-names2.pem b/test/certs/some-names2.pem old mode 100755 new mode 100644 diff --git a/test/certs/some-names3.pem b/test/certs/some-names3.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot+anyEKU.pem b/test/certs/sroot+anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot+clientAuth.pem b/test/certs/sroot+clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot+serverAuth.pem b/test/certs/sroot+serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot-anyEKU.pem b/test/certs/sroot-anyEKU.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot-cert.pem b/test/certs/sroot-cert.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot-clientAuth.pem b/test/certs/sroot-clientAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/sroot-serverAuth.pem b/test/certs/sroot-serverAuth.pem old mode 100755 new mode 100644 diff --git a/test/certs/subinterCA-ss.pem b/test/certs/subinterCA-ss.pem old mode 100755 new mode 100644 diff --git a/test/certs/subinterCA.key b/test/certs/subinterCA.key old mode 100755 new mode 100644 diff --git a/test/certs/subinterCA.pem b/test/certs/subinterCA.pem old mode 100755 new mode 100644 diff --git a/test/certs/untrusted.pem b/test/certs/untrusted.pem old mode 100755 new mode 100644 diff --git a/test/certs/wrongcert.pem b/test/certs/wrongcert.pem old mode 100755 new mode 100644 diff --git a/test/certs/wrongkey.pem b/test/certs/wrongkey.pem old mode 100755 new mode 100644 diff --git a/test/certs/x509-check-key.pem b/test/certs/x509-check-key.pem old mode 100755 new mode 100644 diff --git a/test/certs/x509-check.csr b/test/certs/x509-check.csr old mode 100755 new mode 100644 diff --git a/test/chacha_internal_test.c b/test/chacha_internal_test.c old mode 100755 new mode 100644 diff --git a/test/cipher_overhead_test.c b/test/cipher_overhead_test.c old mode 100755 new mode 100644 diff --git a/test/cipherbytes_test.c b/test/cipherbytes_test.c old mode 100755 new mode 100644 diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c old mode 100755 new mode 100644 diff --git a/test/ciphername_test.c b/test/ciphername_test.c old mode 100755 new mode 100644 diff --git a/test/clienthellotest.c b/test/clienthellotest.c old mode 100755 new mode 100644 diff --git a/test/cmactest.c b/test/cmactest.c new file mode 100644 index 0000000000000000000000000000000000000000..ddd753782f55f4d7b944ad6a00864fdef2b99c44 --- /dev/null +++ b/test/cmactest.c @@ -0,0 +1,210 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/nelem.h" + +#include +#include +#include + +#include "testutil.h" + +static const char xtskey[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +static struct test_st { + const char key[32]; + int key_len; + const unsigned char data[64]; + int data_len; + const char *mac; +} test[3] = { + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }, + 16, + "My test data", + 12, + "29cec977c48f63c200bd5c4a6881b224" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data", + 12, + "db6493aa04e4761f473b2b453c031c9a" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data again", + 18, + "65c11c75ecf590badd0a5e56cbb8af60" + }, +}; + +static char *pt(unsigned char *md, unsigned int len); + +static int test_cmac_bad(void) +{ + CMAC_CTX *ctx = NULL; + int ret = 0; + + ctx = CMAC_CTX_new(); + if (!TEST_ptr(ctx) + || !TEST_false(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Should be able to pass cipher first, and then key */ + || !TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_128_cbc(), NULL)) + /* Must have a key */ + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Now supply the key */ + || !TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, NULL, NULL)) + /* Update should now work */ + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* XTS is not a suitable cipher to use */ + || !TEST_false(CMAC_Init(ctx, xtskey, sizeof(xtskey), EVP_aes_128_xts(), + NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_run(void) +{ + char *p; + CMAC_CTX *ctx = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[1].key, test[1].key_len, + EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[1].data, test[1].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[1].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + /* Test reusing a key */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + /* Test setting the cipher and key separately */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_copy(void) +{ + char *p; + CMAC_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + ctx2 = CMAC_CTX_new(); + if (!TEST_ptr(ctx) || !TEST_ptr(ctx2)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_CTX_copy(ctx2, ctx)) + || !TEST_true(CMAC_Final(ctx2, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx2); + CMAC_CTX_free(ctx); + return ret; +} + +static char *pt(unsigned char *md, unsigned int len) +{ + unsigned int i; + static char buf[80]; + + for (i = 0; i < len; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return buf; +} + +int setup_tests(void) +{ + ADD_TEST(test_cmac_bad); + ADD_TEST(test_cmac_run); + ADD_TEST(test_cmac_copy); + return 1; +} + diff --git a/test/cms-examples.pl b/test/cms-examples.pl old mode 100755 new mode 100644 diff --git a/test/cmsapitest.c b/test/cmsapitest.c old mode 100755 new mode 100644 diff --git a/test/conf_include_test.c b/test/conf_include_test.c old mode 100755 new mode 100644 diff --git a/test/constant_time_test.c b/test/constant_time_test.c old mode 100755 new mode 100644 diff --git a/test/crltest.c b/test/crltest.c old mode 100755 new mode 100644 diff --git a/test/ct/log_list.conf b/test/ct/log_list.conf old mode 100755 new mode 100644 diff --git a/test/ct/tls1.sct b/test/ct/tls1.sct old mode 100755 new mode 100644 diff --git a/test/ct_test.c b/test/ct_test.c old mode 100755 new mode 100644 diff --git a/test/ctype_internal_test.c b/test/ctype_internal_test.c old mode 100755 new mode 100644 diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad-cms.der b/test/d2i-tests/bad-cms.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad-int-pad0.der b/test/d2i-tests/bad-int-pad0.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad-int-padminus1.der b/test/d2i-tests/bad-int-padminus1.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad_bio.der b/test/d2i-tests/bad_bio.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad_cert.der b/test/d2i-tests/bad_cert.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/bad_generalname.der b/test/d2i-tests/bad_generalname.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/high_tag.der b/test/d2i-tests/high_tag.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/int0.der b/test/d2i-tests/int0.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/int1.der b/test/d2i-tests/int1.der old mode 100755 new mode 100644 diff --git a/test/d2i-tests/intminus1.der b/test/d2i-tests/intminus1.der old mode 100755 new mode 100644 diff --git a/test/d2i_test.c b/test/d2i_test.c old mode 100755 new mode 100644 diff --git a/test/danetest.c b/test/danetest.c old mode 100755 new mode 100644 diff --git a/test/danetest.in b/test/danetest.in old mode 100755 new mode 100644 diff --git a/test/danetest.pem b/test/danetest.pem old mode 100755 new mode 100644 diff --git a/test/destest.c b/test/destest.c old mode 100755 new mode 100644 diff --git a/test/dhtest.c b/test/dhtest.c old mode 100755 new mode 100644 diff --git a/test/drbg_cavs_data.c b/test/drbg_cavs_data.c old mode 100755 new mode 100644 diff --git a/test/drbg_cavs_data.h b/test/drbg_cavs_data.h old mode 100755 new mode 100644 diff --git a/test/drbg_cavs_test.c b/test/drbg_cavs_test.c old mode 100755 new mode 100644 diff --git a/test/drbgtest.c b/test/drbgtest.c old mode 100755 new mode 100644 index 2aff4aaf030d13950efb99685363a75dc419c15e..a9ba5b49393be9bc05b3c3e97e9dad41434169db --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -286,7 +286,6 @@ static int instantiate(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, */ static int error_check(DRBG_SELFTEST_DATA *td) { - static char zero[sizeof(RAND_DRBG)]; RAND_DRBG *drbg = NULL; TEST_CTX t; unsigned char buff[1024]; @@ -302,7 +301,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) + || !TEST_false(RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1))) goto err; /* @@ -311,7 +310,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test entropy source failure detection: i.e. returns no data */ t.entropylen = 0; - if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0)) + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))) goto err; /* Try to generate output from uninstantiated DRBG */ @@ -321,16 +320,18 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test insufficient entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = drbg->min_entropylen - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; /* Test too much entropy */ + if (!init(drbg, td, &t)) + goto err; t.entropylen = drbg->max_entropylen + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; @@ -340,18 +341,20 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test too small nonce */ if (drbg->min_noncelen) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = drbg->min_noncelen - 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } /* Test too large nonce */ if (drbg->max_noncelen) { + if (!init(drbg, td, &t)) + goto err; t.noncelen = drbg->max_noncelen + 1; - if (!init(drbg, td, &t) - || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0 + if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !uninstantiate(drbg)) goto err; } @@ -377,7 +380,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) * failure. */ t.entropylen = 0; - if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, + if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1, td->adin, td->adinlen)) || !uninstantiate(drbg)) goto err; @@ -385,15 +388,15 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Instantiate again with valid data */ if (!instantiate(drbg, td, &t)) goto err; - reseed_counter_tmp = drbg->reseed_gen_counter; - drbg->reseed_gen_counter = drbg->reseed_interval; + reseed_counter_tmp = drbg->generate_counter; + drbg->generate_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) - || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) + || !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; @@ -410,15 +413,15 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test reseed counter works */ if (!instantiate(drbg, td, &t)) goto err; - reseed_counter_tmp = drbg->reseed_gen_counter; - drbg->reseed_gen_counter = drbg->reseed_interval; + reseed_counter_tmp = drbg->generate_counter; + drbg->generate_counter = drbg->reseed_interval; /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, td->adinlen)) || !TEST_int_eq(t.entropycnt, 1) - || !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1) + || !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1) || !uninstantiate(drbg)) goto err; @@ -428,12 +431,12 @@ static int error_check(DRBG_SELFTEST_DATA *td) /* Test explicit reseed with too large additional input */ if (!instantiate(drbg, td, &t) - || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0) + || !TEST_false(RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0))) goto err; /* Test explicit reseed with entropy source failure */ t.entropylen = 0; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -441,7 +444,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->max_entropylen + 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; @@ -449,14 +452,10 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->min_entropylen - 1; - if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) + if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0)) || !uninstantiate(drbg)) goto err; - /* Standard says we have to check uninstantiate really zeroes */ - if (!TEST_mem_eq(zero, sizeof(drbg->data), &drbg->data, sizeof(drbg->data))) - goto err; - ret = 1; err: @@ -483,7 +482,7 @@ static int test_error_checks(int i) DRBG_SELFTEST_DATA *td = &drbg_test[i]; int rv = 0; - if (error_check(td)) + if (!error_check(td)) goto err; rv = 1; @@ -601,14 +600,14 @@ static int test_drbg_reseed(int expect_success, */ /* Test whether seed propagation is enabled */ - if (!TEST_int_ne(master->reseed_prop_counter, 0) - || !TEST_int_ne(public->reseed_prop_counter, 0) - || !TEST_int_ne(private->reseed_prop_counter, 0)) + if (!TEST_int_ne(master->reseed_counter, 0) + || !TEST_int_ne(public->reseed_counter, 0) + || !TEST_int_ne(private->reseed_counter, 0)) return 0; /* Check whether the master DRBG's reseed counter is the largest one */ - if (!TEST_int_le(public->reseed_prop_counter, master->reseed_prop_counter) - || !TEST_int_le(private->reseed_prop_counter, master->reseed_prop_counter)) + if (!TEST_int_le(public->reseed_counter, master->reseed_counter) + || !TEST_int_le(private->reseed_counter, master->reseed_counter)) return 0; /* @@ -656,8 +655,8 @@ static int test_drbg_reseed(int expect_success, if (expect_success == 1) { /* Test whether all three reseed counters are synchronized */ - if (!TEST_int_eq(public->reseed_prop_counter, master->reseed_prop_counter) - || !TEST_int_eq(private->reseed_prop_counter, master->reseed_prop_counter)) + if (!TEST_int_eq(public->reseed_counter, master->reseed_counter) + || !TEST_int_eq(private->reseed_counter, master->reseed_counter)) return 0; /* Test whether reseed time of master DRBG is set correctly */ @@ -771,7 +770,7 @@ static int test_rand_drbg_reseed(void) * Test whether the public and private DRBG are both reseeded when their * reseed counters differ from the master's reseed counter. */ - master->reseed_prop_counter++; + master->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0))) goto error; reset_drbg_hook_ctx(); @@ -780,8 +779,8 @@ static int test_rand_drbg_reseed(void) * Test whether the public DRBG is reseeded when its reseed counter differs * from the master's reseed counter. */ - master->reseed_prop_counter++; - private->reseed_prop_counter++; + master->reseed_counter++; + private->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0))) goto error; reset_drbg_hook_ctx(); @@ -790,8 +789,8 @@ static int test_rand_drbg_reseed(void) * Test whether the private DRBG is reseeded when its reseed counter differs * from the master's reseed counter. */ - master->reseed_prop_counter++; - public->reseed_prop_counter++; + master->reseed_counter++; + public->reseed_counter++; if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0))) goto error; reset_drbg_hook_ctx(); @@ -824,7 +823,7 @@ static int test_rand_drbg_reseed(void) * Test whether none of the DRBGs is reseed if the master fails to reseed */ master_ctx.fail = 1; - master->reseed_prop_counter++; + master->reseed_counter++; RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0))) goto error; diff --git a/test/drbgtest.h b/test/drbgtest.h old mode 100755 new mode 100644 diff --git a/test/dsa_no_digest_size_test.c b/test/dsa_no_digest_size_test.c old mode 100755 new mode 100644 diff --git a/test/dsatest.c b/test/dsatest.c old mode 100755 new mode 100644 diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c old mode 100755 new mode 100644 diff --git a/test/dtlstest.c b/test/dtlstest.c old mode 100755 new mode 100644 diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c old mode 100755 new mode 100644 diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c old mode 100755 new mode 100644 index 4b849312be7820e138a2e70bdb5368c93ca13d55..5b708e201c230146cb1973567376a5f4ff817b43 --- a/test/ec_internal_test.c +++ b/test/ec_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -183,6 +183,106 @@ static int field_tests_default(int n) return ret; } +/* + * Tests behavior of the decoded_from_explicit_params flag and API + */ +static int decoded_flag_test(void) +{ + EC_GROUP *grp; + EC_GROUP *grp_copy = NULL; + ECPARAMETERS *ecparams = NULL; + ECPKPARAMETERS *ecpkparams = NULL; + EC_KEY *key = NULL; + unsigned char *encodedparams = NULL; + const unsigned char *encp; + int encodedlen; + int testresult = 0; + + /* Test EC_GROUP_new not setting the flag */ + grp = EC_GROUP_new(EC_GFp_simple_method()); + if (!TEST_ptr(grp) + || !TEST_int_eq(grp->decoded_from_explicit_params, 0)) + goto err; + EC_GROUP_free(grp); + + /* Test EC_GROUP_new_by_curve_name not setting the flag */ + grp = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); + if (!TEST_ptr(grp) + || !TEST_int_eq(grp->decoded_from_explicit_params, 0)) + goto err; + + /* Test EC_GROUP_new_from_ecparameters not setting the flag */ + if (!TEST_ptr(ecparams = EC_GROUP_get_ecparameters(grp, NULL)) + || !TEST_ptr(grp_copy = EC_GROUP_new_from_ecparameters(ecparams)) + || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0)) + goto err; + EC_GROUP_free(grp_copy); + grp_copy = NULL; + ECPARAMETERS_free(ecparams); + ecparams = NULL; + + /* Test EC_GROUP_new_from_ecpkparameters not setting the flag */ + if (!TEST_int_eq(EC_GROUP_get_asn1_flag(grp), OPENSSL_EC_NAMED_CURVE) + || !TEST_ptr(ecpkparams = EC_GROUP_get_ecpkparameters(grp, NULL)) + || !TEST_ptr(grp_copy = EC_GROUP_new_from_ecpkparameters(ecpkparams)) + || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0) + || !TEST_ptr(key = EC_KEY_new()) + /* Test EC_KEY_decoded_from_explicit_params on key without a group */ + || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), -1) + || !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1) + /* Test EC_KEY_decoded_from_explicit_params negative case */ + || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 0)) + goto err; + EC_GROUP_free(grp_copy); + grp_copy = NULL; + ECPKPARAMETERS_free(ecpkparams); + ecpkparams = NULL; + + /* Test d2i_ECPKParameters with named params not setting the flag */ + if (!TEST_int_gt(encodedlen = i2d_ECPKParameters(grp, &encodedparams), 0) + || !TEST_ptr(encp = encodedparams) + || !TEST_ptr(grp_copy = d2i_ECPKParameters(NULL, &encp, encodedlen)) + || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0)) + goto err; + EC_GROUP_free(grp_copy); + grp_copy = NULL; + OPENSSL_free(encodedparams); + encodedparams = NULL; + + /* Asn1 flag stays set to explicit with EC_GROUP_new_from_ecpkparameters */ + EC_GROUP_set_asn1_flag(grp, OPENSSL_EC_EXPLICIT_CURVE); + if (!TEST_ptr(ecpkparams = EC_GROUP_get_ecpkparameters(grp, NULL)) + || !TEST_ptr(grp_copy = EC_GROUP_new_from_ecpkparameters(ecpkparams)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(grp_copy), OPENSSL_EC_EXPLICIT_CURVE) + || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0)) + goto err; + EC_GROUP_free(grp_copy); + grp_copy = NULL; + + /* Test d2i_ECPKParameters with explicit params setting the flag */ + if (!TEST_int_gt(encodedlen = i2d_ECPKParameters(grp, &encodedparams), 0) + || !TEST_ptr(encp = encodedparams) + || !TEST_ptr(grp_copy = d2i_ECPKParameters(NULL, &encp, encodedlen)) + || !TEST_int_eq(EC_GROUP_get_asn1_flag(grp_copy), OPENSSL_EC_EXPLICIT_CURVE) + || !TEST_int_eq(grp_copy->decoded_from_explicit_params, 1) + || !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1) + /* Test EC_KEY_decoded_from_explicit_params positive case */ + || !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 1)) + goto err; + + testresult = 1; + + err: + EC_KEY_free(key); + EC_GROUP_free(grp); + EC_GROUP_free(grp_copy); + ECPARAMETERS_free(ecparams); + ECPKPARAMETERS_free(ecpkparams); + OPENSSL_free(encodedparams); + + return testresult; +} + int setup_tests(void) { crv_len = EC_get_builtin_curves(NULL, 0); @@ -196,6 +296,7 @@ int setup_tests(void) ADD_TEST(field_tests_ec2_simple); #endif ADD_ALL_TESTS(field_tests_default, crv_len); + ADD_TEST(decoded_flag_test); return 1; } diff --git a/test/ecdsatest.c b/test/ecdsatest.c old mode 100755 new mode 100644 diff --git a/test/ecdsatest.h b/test/ecdsatest.h old mode 100755 new mode 100644 diff --git a/test/ecstresstest.c b/test/ecstresstest.c old mode 100755 new mode 100644 diff --git a/test/ectest.c b/test/ectest.c old mode 100755 new mode 100644 index 5c01cc95dde94adeb879ad377a467eb339d1f9d0..9bdbf70afb402a43424d874e432f069aa78b17c3 --- a/test/ectest.c +++ b/test/ectest.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -2099,6 +2099,87 @@ static int ec_point_hex2point_test(int id) return ret; } +/* + * check the EC_METHOD respects the supplied EC_GROUP_set_generator G + */ +static int custom_generator_test(int id) +{ + int ret = 0, nid, bsize; + EC_GROUP *group = NULL; + EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + unsigned char *b1 = NULL, *b2 = NULL; + + /* Do some setup */ + nid = curves[id].nid; + TEST_note("Curve %s", OBJ_nid2sn(nid)); + if (!TEST_ptr(ctx = BN_CTX_new())) + return 0; + + BN_CTX_start(ctx); + + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) + goto err; + + /* expected byte length of encoded points */ + bsize = (EC_GROUP_get_degree(group) + 7) / 8; + bsize = 2 * bsize + 1; + + if (!TEST_ptr(k = BN_CTX_get(ctx)) + /* fetch a testing scalar k != 0,1 */ + || !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1, + BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) + /* make k even */ + || !TEST_true(BN_clear_bit(k, 0)) + || !TEST_ptr(G2 = EC_POINT_new(group)) + || !TEST_ptr(Q1 = EC_POINT_new(group)) + /* Q1 := kG */ + || !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx)) + /* pull out the bytes of that */ + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b1 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q1, + POINT_CONVERSION_UNCOMPRESSED, b1, + bsize, ctx), bsize) + /* new generator is G2 := 2G */ + || !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group), + ctx)) + || !TEST_true(EC_GROUP_set_generator(group, G2, + EC_GROUP_get0_order(group), + EC_GROUP_get0_cofactor(group))) + || !TEST_ptr(Q2 = EC_POINT_new(group)) + || !TEST_true(BN_rshift1(k, k)) + /* Q2 := k/2 G2 */ + || !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, NULL, + 0, ctx), bsize) + || !TEST_ptr(b2 = OPENSSL_malloc(bsize)) + || !TEST_int_eq(EC_POINT_point2oct(group, Q2, + POINT_CONVERSION_UNCOMPRESSED, b2, + bsize, ctx), bsize) + /* Q1 = kG = k/2 G2 = Q2 should hold */ + || !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + EC_POINT_free(Q1); + EC_POINT_free(Q2); + EC_POINT_free(G2); + EC_GROUP_free(group); + BN_CTX_free(ctx); + OPENSSL_free(b1); + OPENSSL_free(b2); + + return ret; +} + #endif /* OPENSSL_NO_EC */ int setup_tests(void) @@ -2126,6 +2207,7 @@ int setup_tests(void) ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len); ADD_ALL_TESTS(ec_point_hex2point_test, crv_len); + ADD_ALL_TESTS(custom_generator_test, crv_len); #endif /* OPENSSL_NO_EC */ return 1; } diff --git a/test/enginetest.c b/test/enginetest.c old mode 100755 new mode 100644 diff --git a/test/errtest.c b/test/errtest.c old mode 100755 new mode 100644 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c old mode 100755 new mode 100644 diff --git a/test/evp_test.c b/test/evp_test.c old mode 100755 new mode 100644 diff --git a/test/evp_test.h b/test/evp_test.h old mode 100755 new mode 100644 diff --git a/test/exdatatest.c b/test/exdatatest.c old mode 100755 new mode 100644 diff --git a/test/exptest.c b/test/exptest.c old mode 100755 new mode 100644 diff --git a/test/fatalerrtest.c b/test/fatalerrtest.c old mode 100755 new mode 100644 diff --git a/test/generate_buildtest.pl b/test/generate_buildtest.pl old mode 100755 new mode 100644 diff --git a/test/generate_ssl_tests.pl b/test/generate_ssl_tests.pl old mode 100755 new mode 100644 diff --git a/test/gmdifftest.c b/test/gmdifftest.c old mode 100755 new mode 100644 diff --git a/test/gosttest.c b/test/gosttest.c old mode 100755 new mode 100644 diff --git a/test/handshake_helper.c b/test/handshake_helper.c old mode 100755 new mode 100644 index 1742004b5b80699793e4da574996ce01ec5011e1..167447b20e603b9880736815064d728ce523be10 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -637,7 +637,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; - size_t alpn_protos_len; + size_t alpn_protos_len = 0; + if (!TEST_true(parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len)) /* Reversed return value convention... */ diff --git a/test/handshake_helper.h b/test/handshake_helper.h old mode 100755 new mode 100644 diff --git a/test/hmactest.c b/test/hmactest.c old mode 100755 new mode 100644 diff --git a/test/ideatest.c b/test/ideatest.c old mode 100755 new mode 100644 diff --git a/test/igetest.c b/test/igetest.c old mode 100755 new mode 100644 diff --git a/test/lhash_test.c b/test/lhash_test.c old mode 100755 new mode 100644 diff --git a/test/md2test.c b/test/md2test.c old mode 100755 new mode 100644 diff --git a/test/mdc2_internal_test.c b/test/mdc2_internal_test.c old mode 100755 new mode 100644 diff --git a/test/mdc2test.c b/test/mdc2test.c old mode 100755 new mode 100644 diff --git a/test/memleaktest.c b/test/memleaktest.c old mode 100755 new mode 100644 diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D1.ors b/test/ocsp-tests/D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D1_Cert_EE.pem b/test/ocsp-tests/D1_Cert_EE.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D1_Issuer_ICA.pem b/test/ocsp-tests/D1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D2.ors b/test/ocsp-tests/D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D2_Cert_ICA.pem b/test/ocsp-tests/D2_Cert_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D2_Issuer_Root.pem b/test/ocsp-tests/D2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D3.ors b/test/ocsp-tests/D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D3_Cert_EE.pem b/test/ocsp-tests/D3_Cert_EE.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/D3_Issuer_Root.pem b/test/ocsp-tests/D3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISDOSC_D1.ors b/test/ocsp-tests/ISDOSC_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISDOSC_D2.ors b/test/ocsp-tests/ISDOSC_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISDOSC_D3.ors b/test/ocsp-tests/ISDOSC_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem b/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_D2_Issuer_Root.pem b/test/ocsp-tests/ISIC_D2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_D3_Issuer_Root.pem b/test/ocsp-tests/ISIC_D3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem b/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem b/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem b/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_D1.ors b/test/ocsp-tests/ISOP_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_D2.ors b/test/ocsp-tests/ISOP_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_D3.ors b/test/ocsp-tests/ISOP_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_ND1.ors b/test/ocsp-tests/ISOP_ND1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_ND2.ors b/test/ocsp-tests/ISOP_ND2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ISOP_ND3.ors b/test/ocsp-tests/ISOP_ND3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND1.ors b/test/ocsp-tests/ND1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND1_Cert_EE.pem b/test/ocsp-tests/ND1_Cert_EE.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND1_Cross_Root.pem b/test/ocsp-tests/ND1_Cross_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem b/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND1_Issuer_ICA.pem b/test/ocsp-tests/ND1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND2.ors b/test/ocsp-tests/ND2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND2_Cert_ICA.pem b/test/ocsp-tests/ND2_Cert_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND2_Issuer_Root.pem b/test/ocsp-tests/ND2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND3.ors b/test/ocsp-tests/ND3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND3_Cert_EE.pem b/test/ocsp-tests/ND3_Cert_EE.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/ND3_Issuer_Root.pem b/test/ocsp-tests/ND3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_D1.ors b/test/ocsp-tests/WIKH_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_D2.ors b/test/ocsp-tests/WIKH_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_D3.ors b/test/ocsp-tests/WIKH_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_ND1.ors b/test/ocsp-tests/WIKH_ND1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_ND2.ors b/test/ocsp-tests/WIKH_ND2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WIKH_ND3.ors b/test/ocsp-tests/WIKH_ND3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_D1.ors b/test/ocsp-tests/WINH_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_D2.ors b/test/ocsp-tests/WINH_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_D3.ors b/test/ocsp-tests/WINH_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_ND1.ors b/test/ocsp-tests/WINH_ND1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_ND2.ors b/test/ocsp-tests/WINH_ND2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WINH_ND3.ors b/test/ocsp-tests/WINH_ND3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKDOSC_D1.ors b/test/ocsp-tests/WKDOSC_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKDOSC_D2.ors b/test/ocsp-tests/WKDOSC_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKDOSC_D3.ors b/test/ocsp-tests/WKDOSC_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem b/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_D2_Issuer_Root.pem b/test/ocsp-tests/WKIC_D2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_D3_Issuer_Root.pem b/test/ocsp-tests/WKIC_D3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem b/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem b/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem b/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_D1.ors b/test/ocsp-tests/WRID_D1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_D2.ors b/test/ocsp-tests/WRID_D2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_D3.ors b/test/ocsp-tests/WRID_D3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_ND1.ors b/test/ocsp-tests/WRID_ND1.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_ND2.ors b/test/ocsp-tests/WRID_ND2.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WRID_ND3.ors b/test/ocsp-tests/WRID_ND3.ors old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem b/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem b/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem b/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem b/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem b/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem b/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem old mode 100755 new mode 100644 diff --git a/test/ocspapitest.c b/test/ocspapitest.c old mode 100755 new mode 100644 diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc old mode 100755 new mode 100644 diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h old mode 100755 new mode 100644 diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info old mode 100755 new mode 100644 diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h old mode 100755 new mode 100644 diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json old mode 100755 new mode 100644 diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc old mode 100755 new mode 100644 diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc old mode 100755 new mode 100644 diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h old mode 100755 new mode 100644 diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc old mode 100755 new mode 100644 diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h old mode 100755 new mode 100644 diff --git a/test/packettest.c b/test/packettest.c old mode 100755 new mode 100644 diff --git a/test/pbelutest.c b/test/pbelutest.c old mode 100755 new mode 100644 diff --git a/test/pemtest.c b/test/pemtest.c old mode 100755 new mode 100644 diff --git a/test/pkcs7-1.pem b/test/pkcs7-1.pem old mode 100755 new mode 100644 diff --git a/test/pkcs7.pem b/test/pkcs7.pem old mode 100755 new mode 100644 diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c old mode 100755 new mode 100644 diff --git a/test/pkey_meth_test.c b/test/pkey_meth_test.c old mode 100755 new mode 100644 diff --git a/test/pkits-test.pl b/test/pkits-test.pl old mode 100755 new mode 100644 diff --git a/test/poly1305_internal_test.c b/test/poly1305_internal_test.c old mode 100755 new mode 100644 diff --git a/test/rc2test.c b/test/rc2test.c old mode 100755 new mode 100644 diff --git a/test/rc4test.c b/test/rc4test.c old mode 100755 new mode 100644 diff --git a/test/rc5test.c b/test/rc5test.c old mode 100755 new mode 100644 diff --git a/test/rdrand_sanitytest.c b/test/rdrand_sanitytest.c old mode 100755 new mode 100644 diff --git a/test/recipes/01-test_abort.t b/test/recipes/01-test_abort.t old mode 100755 new mode 100644 diff --git a/test/recipes/01-test_sanity.t b/test/recipes/01-test_sanity.t old mode 100755 new mode 100644 diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t old mode 100755 new mode 100644 diff --git a/test/recipes/01-test_test.t b/test/recipes/01-test_test.t old mode 100755 new mode 100644 diff --git a/test/recipes/02-test_errstr.t b/test/recipes/02-test_errstr.t old mode 100755 new mode 100644 diff --git a/test/recipes/02-test_internal_ctype.t b/test/recipes/02-test_internal_ctype.t old mode 100755 new mode 100644 diff --git a/test/recipes/02-test_lhash.t b/test/recipes/02-test_lhash.t old mode 100755 new mode 100644 diff --git a/test/recipes/02-test_ordinals.t b/test/recipes/02-test_ordinals.t old mode 100755 new mode 100644 diff --git a/test/recipes/02-test_stack.t b/test/recipes/02-test_stack.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_exdata.t b/test/recipes/03-test_exdata.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_asn1.t b/test/recipes/03-test_internal_asn1.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_chacha.t b/test/recipes/03-test_internal_chacha.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_curve448.t b/test/recipes/03-test_internal_curve448.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_ec.t b/test/recipes/03-test_internal_ec.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_mdc2.t b/test/recipes/03-test_internal_mdc2.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_modes.t b/test/recipes/03-test_internal_modes.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_poly1305.t b/test/recipes/03-test_internal_poly1305.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_siphash.t b/test/recipes/03-test_internal_siphash.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_sm2.t b/test/recipes/03-test_internal_sm2.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_sm4.t b/test/recipes/03-test_internal_sm4.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_ssl_cert_table.t b/test/recipes/03-test_internal_ssl_cert_table.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_internal_x509.t b/test/recipes/03-test_internal_x509.t old mode 100755 new mode 100644 diff --git a/test/recipes/03-test_ui.t b/test/recipes/03-test_ui.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_asn1_decode.t b/test/recipes/04-test_asn1_decode.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_asn1_encode.t b/test/recipes/04-test_asn1_encode.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_asn1_string_table.t b/test/recipes/04-test_asn1_string_table.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_bio_callback.t b/test/recipes/04-test_bio_callback.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_bioprint.t b/test/recipes/04-test_bioprint.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_err.t b/test/recipes/04-test_err.t old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem.t b/test/recipes/04-test_pem.t old mode 100755 new mode 100644 index c32161111981cf6420bba364755cd5040ef5af87..4f24011eeea39918f3a72ad395d78f5cc7add59c --- a/test/recipes/04-test_pem.t +++ b/test/recipes/04-test_pem.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,8 @@ my %cert_expected = ( "cert-1023line.pem" => 1, "cert-1024line.pem" => 1, "cert-1025line.pem" => 1, + "cert-254-chars-at-the-end.pem" => 1, + "cert-254-chars-in-the-middle.pem" => 1, "cert-255line.pem" => 1, "cert-256line.pem" => 1, "cert-257line.pem" => 1, @@ -42,6 +44,7 @@ my %cert_expected = ( "cert-misalignedpad.pem" => 0, "cert-onecolumn.pem" => 1, "cert-oneline.pem" => 1, + "cert-oneline-multiple-of-254.pem" => 1, "cert-shortandlongline.pem" => 1, "cert-shortline.pem" => 1, "cert-threecolumn.pem" => 1, diff --git a/test/recipes/04-test_pem_data/NOTES b/test/recipes/04-test_pem_data/NOTES old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/beermug.pem b/test/recipes/04-test_pem_data/beermug.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-1023line.pem b/test/recipes/04-test_pem_data/cert-1023line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-1024line.pem b/test/recipes/04-test_pem_data/cert-1024line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-1025line.pem b/test/recipes/04-test_pem_data/cert-1025line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem new file mode 100644 index 0000000000000000000000000000000000000000..0b6a3ba3ba8dec7c82100549d1183087c87c9d49 --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem @@ -0,0 +1,6 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLf +mipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo +9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjo +Kx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem new file mode 100644 index 0000000000000000000000000000000000000000..cc9076b49f487a98cedc8f434fc79055d6988bad --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem @@ -0,0 +1,5 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT +3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCB +TaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-255line.pem b/test/recipes/04-test_pem_data/cert-255line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-256line.pem b/test/recipes/04-test_pem_data/cert-256line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-257line.pem b/test/recipes/04-test_pem_data/cert-257line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-blankline.pem b/test/recipes/04-test_pem_data/cert-blankline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-comment.pem b/test/recipes/04-test_pem_data/cert-comment.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-earlypad.pem b/test/recipes/04-test_pem_data/cert-earlypad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-extrapad.pem b/test/recipes/04-test_pem_data/cert-extrapad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-infixwhitespace.pem b/test/recipes/04-test_pem_data/cert-infixwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-junk.pem b/test/recipes/04-test_pem_data/cert-junk.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem b/test/recipes/04-test_pem_data/cert-leadingwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-longline.pem b/test/recipes/04-test_pem_data/cert-longline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-misalignedpad.pem b/test/recipes/04-test_pem_data/cert-misalignedpad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-onecolumn.pem b/test/recipes/04-test_pem_data/cert-onecolumn.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem new file mode 100644 index 0000000000000000000000000000000000000000..e0af85959d3ec7bf086c513049dd5ef4811ce88e --- /dev/null +++ b/test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c= +-----END CERTIFICATE----- diff --git a/test/recipes/04-test_pem_data/cert-oneline.pem b/test/recipes/04-test_pem_data/cert-oneline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-shortandlongline.pem b/test/recipes/04-test_pem_data/cert-shortandlongline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-shortline.pem b/test/recipes/04-test_pem_data/cert-shortline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-threecolumn.pem b/test/recipes/04-test_pem_data/cert-threecolumn.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem b/test/recipes/04-test_pem_data/cert-trailingwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/cert.pem b/test/recipes/04-test_pem_data/cert.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/csr.pem b/test/recipes/04-test_pem_data/csr.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-1023line.pem b/test/recipes/04-test_pem_data/dsa-1023line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-1024line.pem b/test/recipes/04-test_pem_data/dsa-1024line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-1025line.pem b/test/recipes/04-test_pem_data/dsa-1025line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-255line.pem b/test/recipes/04-test_pem_data/dsa-255line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-256line.pem b/test/recipes/04-test_pem_data/dsa-256line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-257line.pem b/test/recipes/04-test_pem_data/dsa-257line.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-blankline.pem b/test/recipes/04-test_pem_data/dsa-blankline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-comment.pem b/test/recipes/04-test_pem_data/dsa-comment.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-corruptedheader.pem b/test/recipes/04-test_pem_data/dsa-corruptedheader.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-corruptiv.pem b/test/recipes/04-test_pem_data/dsa-corruptiv.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-earlypad.pem b/test/recipes/04-test_pem_data/dsa-earlypad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-extrapad.pem b/test/recipes/04-test_pem_data/dsa-extrapad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem b/test/recipes/04-test_pem_data/dsa-infixwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-junk.pem b/test/recipes/04-test_pem_data/dsa-junk.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem b/test/recipes/04-test_pem_data/dsa-leadingwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-longline.pem b/test/recipes/04-test_pem_data/dsa-longline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-misalignedpad.pem b/test/recipes/04-test_pem_data/dsa-misalignedpad.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-onecolumn.pem b/test/recipes/04-test_pem_data/dsa-onecolumn.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-oneline.pem b/test/recipes/04-test_pem_data/dsa-oneline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-onelineheader.pem b/test/recipes/04-test_pem_data/dsa-onelineheader.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-shortandlongline.pem b/test/recipes/04-test_pem_data/dsa-shortandlongline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-shortline.pem b/test/recipes/04-test_pem_data/dsa-shortline.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-threecolumn.pem b/test/recipes/04-test_pem_data/dsa-threecolumn.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem b/test/recipes/04-test_pem_data/dsa-trailingwhitespace.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsa.pem b/test/recipes/04-test_pem_data/dsa.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/dsaparam.pem b/test/recipes/04-test_pem_data/dsaparam.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/key.pem b/test/recipes/04-test_pem_data/key.pem old mode 100755 new mode 100644 diff --git a/test/recipes/04-test_pem_data/wellknown b/test/recipes/04-test_pem_data/wellknown old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_bf.t b/test/recipes/05-test_bf.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_cast.t b/test/recipes/05-test_cast.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_cmac.t b/test/recipes/05-test_cmac.t new file mode 100644 index 0000000000000000000000000000000000000000..da4272c7bd46d02c1b16a61d2009ffa30a1799d6 --- /dev/null +++ b/test/recipes/05-test_cmac.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_cmac", "cmactest", "cmac"); diff --git a/test/recipes/05-test_des.t b/test/recipes/05-test_des.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_hmac.t b/test/recipes/05-test_hmac.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_idea.t b/test/recipes/05-test_idea.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_md2.t b/test/recipes/05-test_md2.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_mdc2.t b/test/recipes/05-test_mdc2.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_rc2.t b/test/recipes/05-test_rc2.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_rc4.t b/test/recipes/05-test_rc4.t old mode 100755 new mode 100644 diff --git a/test/recipes/05-test_rc5.t b/test/recipes/05-test_rc5.t old mode 100755 new mode 100644 diff --git a/test/recipes/06-test-rdrand.t b/test/recipes/06-test-rdrand.t old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn.t b/test/recipes/10-test_bn.t old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn_data/bnexp.txt b/test/recipes/10-test_bn_data/bnexp.txt old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn_data/bnmul.txt b/test/recipes/10-test_bn_data/bnmul.txt old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn_data/bnshift.txt b/test/recipes/10-test_bn_data/bnshift.txt old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_bn_data/bnsum.txt b/test/recipes/10-test_bn_data/bnsum.txt old mode 100755 new mode 100644 diff --git a/test/recipes/10-test_exp.t b/test/recipes/10-test_exp.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_dh.t b/test/recipes/15-test_dh.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_dsa.t b/test/recipes/15-test_dsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t old mode 100755 new mode 100644 index a1c704a3f08bf7359f0aebe4ffb8ddaf73ee48cb..87301665acbb6e6e98c2d6f857e5a22539256713 --- a/test/recipes/15-test_ec.t +++ b/test/recipes/15-test_ec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,23 +16,51 @@ use OpenSSL::Test::Utils; setup("test_ec"); -plan tests => 5; +plan tests => 11; require_ok(srctop_file('test','recipes','tconversion.pl')); ok(run(test(["ectest"])), "running ectest"); - SKIP: { - skip "Skipping ec conversion test", 3 - if disabled("ec"); - - subtest 'ec conversions -- private key' => sub { - tconversion("ec", srctop_file("test","testec-p256.pem")); - }; - subtest 'ec conversions -- private key PKCS#8' => sub { - tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey"); - }; - subtest 'ec conversions -- public key' => sub { - tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout"); - }; +SKIP: { + skip "Skipping EC conversion test", 3 + if disabled("ec"); + + subtest 'EC conversions -- private key' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem")); + }; + subtest 'EC conversions -- private key PKCS#8' => sub { + tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey"); + }; + subtest 'EC conversions -- public key' => sub { + tconversion("ec", srctop_file("test","testecpub-p256.pem"), + "ec", "-pubin", "-pubout"); + }; +} + +SKIP: { + skip "Skipping EdDSA conversion test", 6 + if disabled("ec"); + + subtest 'Ed25519 conversions -- private key' => sub { + tconversion("pkey", srctop_file("test","tested25519.pem")); + }; + subtest 'Ed25519 conversions -- private key PKCS#8' => sub { + tconversion("pkey", srctop_file("test","tested25519.pem"), "pkey"); + }; + subtest 'Ed25519 conversions -- public key' => sub { + tconversion("pkey", srctop_file("test","tested25519pub.pem"), + "pkey", "-pubin", "-pubout"); + }; + + subtest 'Ed448 conversions -- private key' => sub { + tconversion("pkey", srctop_file("test","tested448.pem")); + }; + subtest 'Ed448 conversions -- private key PKCS#8' => sub { + tconversion("pkey", srctop_file("test","tested448.pem"), "pkey"); + }; + subtest 'Ed448 conversions -- public key' => sub { + tconversion("pkey", srctop_file("test","tested448pub.pem"), + "pkey", "-pubin", "-pubout"); + }; } diff --git a/test/recipes/15-test_ecdsa.t b/test/recipes/15-test_ecdsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem b/test/recipes/15-test_ecparam_data/invalid/c2pnb208w1-reducible.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem b/test/recipes/15-test_ecparam_data/invalid/nistp256-nonprime.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem b/test/recipes/15-test_ecparam_data/invalid/nistp256-offcurve.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem b/test/recipes/15-test_ecparam_data/invalid/nistp256-wrongorder.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb163v3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb176v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb272w1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb304w1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2pnb368w1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb191v3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb239v3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb359v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem b/test/recipes/15-test_ecparam_data/valid/c2tnb431r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime192v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem b/test/recipes/15-test_ecparam_data/valid/prime192v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime192v2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem b/test/recipes/15-test_ecparam_data/valid/prime192v2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime192v3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem b/test/recipes/15-test_ecparam_data/valid/prime192v3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime239v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem b/test/recipes/15-test_ecparam_data/valid/prime239v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime239v2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem b/test/recipes/15-test_ecparam_data/valid/prime239v2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime239v3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem b/test/recipes/15-test_ecparam_data/valid/prime239v3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/prime256v1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem b/test/recipes/15-test_ecparam_data/valid/prime256v1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp112r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp112r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp112r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem b/test/recipes/15-test_ecparam_data/valid/secp112r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp128r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp128r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp128r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem b/test/recipes/15-test_ecparam_data/valid/secp128r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp160k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp160r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp160r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp160r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem b/test/recipes/15-test_ecparam_data/valid/secp160r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp192k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp224k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp224r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp224r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp256k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp384r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp384r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem b/test/recipes/15-test_ecparam_data/valid/secp521r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect113r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem b/test/recipes/15-test_ecparam_data/valid/sect113r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect131r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect131r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect131r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem b/test/recipes/15-test_ecparam_data/valid/sect131r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect163k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect163r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect163r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem b/test/recipes/15-test_ecparam_data/valid/sect163r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect193r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem b/test/recipes/15-test_ecparam_data/valid/sect193r2-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect233k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect233r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect239k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect283k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect283r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect409k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect409r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect571k1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem b/test/recipes/15-test_ecparam_data/valid/sect571r1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls12-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls6-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls7-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem b/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-named.pem old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t new file mode 100644 index 0000000000000000000000000000000000000000..1b7ec026fa429b22acb59a89425d99e254e0c0ff --- /dev/null +++ b/test/recipes/15-test_genec.t @@ -0,0 +1,306 @@ +#! /usr/bin/env perl +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_genec"); + +plan skip_all => "This test is unsupported in a no-ec build" + if disabled("ec"); + +my @prime_curves = qw( + secp112r1 + secp112r2 + secp128r1 + secp128r2 + secp160k1 + secp160r1 + secp160r2 + secp192k1 + secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 + prime192v1 + prime192v2 + prime192v3 + prime239v1 + prime239v2 + prime239v3 + prime256v1 + wap-wsg-idm-ecid-wtls6 + wap-wsg-idm-ecid-wtls7 + wap-wsg-idm-ecid-wtls8 + wap-wsg-idm-ecid-wtls9 + wap-wsg-idm-ecid-wtls12 + brainpoolP160r1 + brainpoolP160t1 + brainpoolP192r1 + brainpoolP192t1 + brainpoolP224r1 + brainpoolP224t1 + brainpoolP256r1 + brainpoolP256t1 + brainpoolP320r1 + brainpoolP320t1 + brainpoolP384r1 + brainpoolP384t1 + brainpoolP512r1 + brainpoolP512t1 +); + +my @binary_curves = qw( + sect113r1 + sect113r2 + sect131r1 + sect131r2 + sect163k1 + sect163r1 + sect163r2 + sect193r1 + sect193r2 + sect233k1 + sect233r1 + sect239k1 + sect283k1 + sect283r1 + sect409k1 + sect409r1 + sect571k1 + sect571r1 + c2pnb163v1 + c2pnb163v2 + c2pnb163v3 + c2pnb176v1 + c2tnb191v1 + c2tnb191v2 + c2tnb191v3 + c2pnb208w1 + c2tnb239v1 + c2tnb239v2 + c2tnb239v3 + c2pnb272w1 + c2pnb304w1 + c2tnb359v1 + c2pnb368w1 + c2tnb431r1 + wap-wsg-idm-ecid-wtls1 + wap-wsg-idm-ecid-wtls3 + wap-wsg-idm-ecid-wtls4 + wap-wsg-idm-ecid-wtls5 + wap-wsg-idm-ecid-wtls10 + wap-wsg-idm-ecid-wtls11 +); + +my @explicit_only_curves = (); +push(@explicit_only_curves, qw( + Oakley-EC2N-3 + Oakley-EC2N-4 + )) if !disabled("ec2m"); + +my @other_curves = (); +push(@other_curves, 'SM2') + if !disabled("sm2"); + +my @curve_aliases = qw( + P-192 + P-224 + P-256 + P-384 + P-521 +); +push(@curve_aliases, qw( + B-163 + B-233 + B-283 + B-409 + B-571 + K-163 + K-233 + K-283 + K-409 + K-571 +)) if !disabled("ec2m"); + +my @curve_list = (); +push(@curve_list, @prime_curves); +push(@curve_list, @binary_curves) + if !disabled("ec2m"); +push(@curve_list, @other_curves); +push(@curve_list, @curve_aliases); + +my @params_encodings = ('named_curve', 'explicit'); + +my @output_formats = ('PEM', 'DER'); + +plan tests => scalar(@curve_list) * scalar(@params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + + 1 # Checking that with no curve it fails + + 1 # Checking that with unknown curve it fails + + 1 # Subtest for explicit only curves + ; + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); + +foreach my $curvename (@curve_list) { + foreach my $paramenc (@params_encodings) { + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + } +} + +subtest "test curves that only support explicit parameters encoding" => sub { + @curve_list = @explicit_only_curves; + + plan skip_all => "This test is unsupported under current configuration" + if scalar(@curve_list) <= 0; + + plan tests => scalar(@curve_list) * scalar(@params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + ; + + foreach my $curvename (@curve_list) { + my $paramenc = "explicit"; + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + my $paramenc = "named_curve"; + + # --- Test generating parameters --- + + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + } +}; diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_mp_rsa.t b/test/recipes/15-test_mp_rsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_mp_rsa_data/plain_text b/test/recipes/15-test_mp_rsa_data/plain_text old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_out_option.t b/test/recipes/15-test_out_option.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_rsa.t b/test/recipes/15-test_rsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t old mode 100755 new mode 100644 diff --git a/test/recipes/20-test_dgst.t b/test/recipes/20-test_dgst.t new file mode 100644 index 0000000000000000000000000000000000000000..13c2b3af4bc68db192d98a38f273f655a3f2a494 --- /dev/null +++ b/test/recipes/20-test_dgst.t @@ -0,0 +1,104 @@ +#! /usr/bin/env perl +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT with srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_dgst"); + +plan tests => 5; + +sub tsignverify { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + + my $data_to_sign = srctop_file('test', 'README'); + my $other_data = srctop_file('test', 'README.external'); + + plan tests => 4; + + ok(run(app(['openssl', 'dgst', '-sign', $privkey, + '-out', 'testdgst.sig', + $data_to_sign])), + $testtext.": Generating signature"); + + ok(run(app(['openssl', 'dgst', '-prverify', $privkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with private key"); + + ok(run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $data_to_sign])), + $testtext.": Verify signature with public key"); + + ok(!run(app(['openssl', 'dgst', '-verify', $pubkey, + '-signature', 'testdgst.sig', + $other_data])), + $testtext.": Expect failure verifying mismatching data"); + + unlink 'testdgst.sig'; +} + +SKIP: { + skip "RSA is not supported by this OpenSSL build", 1 + if disabled("rsa"); + + subtest "RSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("RSA", + srctop_file("test","testrsa.pem"), + srctop_file("test","testrsapub.pem")); + }; +} + +SKIP: { + skip "DSA is not supported by this OpenSSL build", 1 + if disabled("dsa"); + + subtest "DSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("DSA", + srctop_file("test","testdsa.pem"), + srctop_file("test","testdsapub.pem")); + }; +} + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "ECDSA signature generation and verification with `dgst` CLI" => sub { + tsignverify("ECDSA", + srctop_file("test","testec-p256.pem"), + srctop_file("test","testecpub-p256.pem")); + }; +} + +SKIP: { + skip "EdDSA is not supported by this OpenSSL build", 2 + if disabled("ec"); + + skip "EdDSA is not supported with `dgst` CLI", 2; + + subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed25519", + srctop_file("test","tested25519.pem"), + srctop_file("test","tested25519pub.pem")); + }; + + subtest "Ed448 signature generation and verification with `dgst` CLI" => sub { + tsignverify("Ed448", + srctop_file("test","tested448.pem"), + srctop_file("test","tested448pub.pem")); + }; +} diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t old mode 100755 new mode 100644 diff --git a/test/recipes/20-test_enc_more.t b/test/recipes/20-test_enc_more.t old mode 100755 new mode 100644 diff --git a/test/recipes/20-test_passwd.t b/test/recipes/20-test_passwd.t old mode 100755 new mode 100644 diff --git a/test/recipes/25-test_crl.t b/test/recipes/25-test_crl.t old mode 100755 new mode 100644 diff --git a/test/recipes/25-test_d2i.t b/test/recipes/25-test_d2i.t old mode 100755 new mode 100644 diff --git a/test/recipes/25-test_pkcs7.t b/test/recipes/25-test_pkcs7.t old mode 100755 new mode 100644 diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t old mode 100755 new mode 100644 index cb30061fcabc5021c45885159a426533c8e842aa..5e1ea308a2f1f5512efedabb0fae9dd4710bca58 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 12; +plan tests => 14; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -106,6 +106,46 @@ subtest "generating certificate requests with ECDSA" => sub { } }; +subtest "generating certificate requests with Ed25519" => sub { + plan tests => 2; + + SKIP: { + skip "Ed25519 is not supported by this OpenSSL build", 2 + if disabled("ec"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "tested25519.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + +subtest "generating certificate requests with Ed448" => sub { + plan tests => 2; + + SKIP: { + skip "Ed448 is not supported by this OpenSSL build", 2 + if disabled("ec"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-new", "-out", "testreq.pem", "-utf8", + "-key", srctop_file("test", "tested448.pem")])), + "Generating request"); + + ok(run(app(["openssl", "req", + "-config", srctop_file("test", "test.cnf"), + "-verify", "-in", "testreq.pem", "-noout"])), + "Verifying signature on request"); + } +}; + subtest "generating certificate requests" => sub { plan tests => 2; diff --git a/test/recipes/25-test_sid.t b/test/recipes/25-test_sid.t old mode 100755 new mode 100644 diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t old mode 100755 new mode 100644 index b80a1cde3edde0fd9b40985960297d7d310407de..96b559e5c9aa307415d88d158ce84d8b3ad367ac --- a/test/recipes/25-test_verify.t +++ b/test/recipes/25-test_verify.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ sub verify { run(app([@args])); } -plan tests => 135; +plan tests => 146; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -132,6 +132,10 @@ ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"), "fail untrusted partial chain"); ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"), "accept trusted partial chain"); +ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"), + "reject expired trusted partial chain"); # this check is beyond RFC 5280 +ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]), + "reject expired trusted root"); # this check is beyond RFC 5280 ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"), "accept partial chain with server purpose"); ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"), @@ -222,6 +226,10 @@ ok(verify("ee-client", "sslclient", [qw(ee+clientAuth)], [], "-partial_chain"), "accept direct match with client trust"); ok(!verify("ee-client", "sslclient", [qw(ee-clientAuth)], [], "-partial_chain"), "reject direct match with client mistrust"); +ok(verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)]), + "accept non-ca with pathlen:0 by default"); +ok(!verify("ee-pathlen", "sslserver", [qw(root-cert)], [qw(ca-cert)], "-x509_strict"), + "reject non-ca with pathlen:0 with strict flag"); # Proxy certificates ok(!verify("pc1-cert", "sslclient", [qw(root-cert)], [qw(ee-client ca-cert)]), @@ -276,6 +284,27 @@ ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]), "reject md5 leaf at auth level 1"); +# Explicit vs named curve tests +SKIP: { + skip "EC is not supported by this OpenSSL build", 5 + if disabled("ec"); + ok(verify("ee-cert-ec-explicit", "sslserver", ["root-cert"], + ["ca-cert-ec-named"]), + "accept explicit curve leaf with named curve intermediate without strict"); + ok(verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"], + ["ca-cert-ec-explicit"]), + "accept named curve leaf with explicit curve intermediate without strict"); + ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"], + ["ca-cert-ec-named"], "-x509_strict"), + "reject explicit curve leaf with named curve intermediate with strict"); + ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"], + ["ca-cert-ec-explicit"], "-x509_strict"), + "reject named curve leaf with explicit curve intermediate with strict"); + ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"], + ["ca-cert-ec-named"], "-x509_strict"), + "accept named curve leaf with named curve intermediate with strict"); +} + # Depth tests, note the depth limit bounds the number of CA certificates # between the trust-anchor and the leaf, so, for example, with a root->ca->leaf # chain, depth = 1 is sufficient, but depth == 0 is not. @@ -348,6 +377,9 @@ ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_l ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), "PSS signature using SHA256 and auth level 2"); +ok(verify("ee-pss-cert", "sslserver", ["root-cert"], ["ca-pss-cert"], ), + "CA PSS signature"); + ok(!verify("many-names1", "sslserver", ["many-constraints"], ["many-constraints"], ), "Too many names and constraints to check (1)"); ok(!verify("many-names2", "sslserver", ["many-constraints"], ["many-constraints"], ), @@ -364,6 +396,9 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"] ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"), "Public Key Algorithm rsa instead of rsaEncryption"); + ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []), + "accept trusted self-signed EE cert excluding key usage keyCertSign"); + SKIP: { skip "Ed25519 is not supported by this OpenSSL build", 1 if disabled("ec"); diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_engine.t b/test/recipes/30-test_engine.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpcase.txt b/test/recipes/30-test_evp_data/evpcase.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpccmcavs.txt b/test/recipes/30-test_evp_data/evpccmcavs.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpdigest.txt b/test/recipes/30-test_evp_data/evpdigest.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpencod.txt b/test/recipes/30-test_evp_data/evpencod.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evpmac.txt b/test/recipes/30-test_evp_data/evpmac.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evppbe.txt b/test/recipes/30-test_evp_data/evppbe.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_data/evppkey_ecc.txt b/test/recipes/30-test_evp_data/evppkey_ecc.txt old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_pbelu.t b/test/recipes/30-test_pbelu.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_pkey_meth.t b/test/recipes/30-test_pkey_meth.t old mode 100755 new mode 100644 diff --git a/test/recipes/30-test_pkey_meth_kdf.t b/test/recipes/30-test_pkey_meth_kdf.t old mode 100755 new mode 100644 diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t old mode 100755 new mode 100644 diff --git a/test/recipes/60-test_x509_check_cert_pkey.t b/test/recipes/60-test_x509_check_cert_pkey.t old mode 100755 new mode 100644 diff --git a/test/recipes/60-test_x509_dup_cert.t b/test/recipes/60-test_x509_dup_cert.t old mode 100755 new mode 100644 diff --git a/test/recipes/60-test_x509_store.t b/test/recipes/60-test_x509_store.t old mode 100755 new mode 100644 diff --git a/test/recipes/60-test_x509_time.t b/test/recipes/60-test_x509_time.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_bad_dtls.t b/test/recipes/70-test_bad_dtls.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_key_share.t b/test/recipes/70-test_key_share.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_packet.t b/test/recipes/70-test_packet.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_recordlen.t b/test/recipes/70-test_recordlen.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t old mode 100755 new mode 100644 index 734f1cd21e6d053f8ff8538180afdadf63a4b8c7..a8162189edcdc4a0abdc01704ae92c240b8ad156 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new( $proxy->clientflags("-no_tls1_3"); $proxy->reneg(1); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 3; +plan tests => 4; ok(TLSProxy::Message->success(), "Basic renegotiation"); #Test 2: Client does not send the Reneg SCSV. Reneg should fail @@ -77,6 +77,20 @@ SKIP: { "Check ClientHello version is the same"); } +SKIP: { + skip "TLSv1.2 disabled", 1 + if disabled("tls1_2"); + + #Test 4: Test for CVE-2021-3449. client_sig_algs instead of sig_algs in + # resumption ClientHello + $proxy->clear(); + $proxy->filter(\&sigalgs_filter); + $proxy->clientflags("-tls1_2"); + $proxy->reneg(1); + $proxy->start(); + ok(TLSProxy::Message->fail(), "client_sig_algs instead of sig_algs"); +} + sub reneg_filter { my $proxy = shift; @@ -96,3 +110,23 @@ sub reneg_filter } } } + +sub sigalgs_filter +{ + my $proxy = shift; + my $cnt = 0; + + # We're only interested in the second ClientHello message + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { + next if ($cnt++ == 0); + + my $sigs = pack "C10", 0x00, 0x08, + # rsa_pkcs_sha{256,384,512,1} + 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01; + $message->set_extension(TLSProxy::Message::EXT_SIG_ALGS_CERT, $sigs); + $message->delete_extension(TLSProxy::Message::EXT_SIG_ALGS); + $message->repack(); + } + } +} diff --git a/test/recipes/70-test_servername.t b/test/recipes/70-test_servername.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t old mode 100755 new mode 100644 index b3339ff59f9833f33fde869dbc73f83de781b39e..9ea9d05219ca24a8af0e3f746cd6ab5a5b5894fe --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -44,7 +44,9 @@ use constant { COMPAT_SIGALGS => 6, SIGALGS_CERT_ALL => 7, SIGALGS_CERT_PKCS => 8, - SIGALGS_CERT_INVALID => 9 + SIGALGS_CERT_INVALID => 9, + UNRECOGNIZED_SIGALGS_CERT => 10, + UNRECOGNIZED_SIGALG => 11 }; #Note: Throughout this test we override the default ciphersuites where TLSv1.2 @@ -53,7 +55,7 @@ use constant { #Test 1: Default sig algs should succeed $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 24; +plan tests => 26; ok(TLSProxy::Message->success, "Default sigalgs"); my $testtype; @@ -282,6 +284,39 @@ SKIP: { ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); } +SKIP: { + skip "TLS 1.3 disabled", 2 if disabled("tls1_3"); + #Test 25: Send an unrecognized signature_algorithms_cert + # We should be able to skip over the unrecognized value and use a + # valid one that appears later in the list. + $proxy->clear(); + $proxy->filter(\&inject_unrecognized_sigalg); + $proxy->clientflags("-tls1_3"); + # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is + # needed to trigger (e.g.) CVE-2020-1967 + $proxy->serverflags("" . + " -xcert " . srctop_file("test", "certs", "servercert.pem") . + " -xkey " . srctop_file("test", "certs", "serverkey.pem") . + " -xchain " . srctop_file("test", "certs", "rootcert.pem")); + $testtype = UNRECOGNIZED_SIGALGS_CERT; + $proxy->start(); + ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello"); + + #Test 26: Send an unrecognized signature_algorithms + # We should be able to skip over the unrecognized value and use a + # valid one that appears later in the list. + $proxy->clear(); + $proxy->filter(\&inject_unrecognized_sigalg); + $proxy->clientflags("-tls1_3"); + $proxy->serverflags("" . + " -xcert " . srctop_file("test", "certs", "servercert.pem") . + " -xkey " . srctop_file("test", "certs", "serverkey.pem") . + " -xchain " . srctop_file("test", "certs", "rootcert.pem")); + $testtype = UNRECOGNIZED_SIGALG; + $proxy->start(); + ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello"); +} + sub sigalgs_filter @@ -427,3 +462,30 @@ sub modify_cert_verify_sigalg } } } + +sub inject_unrecognized_sigalg +{ + my $proxy = shift; + my $type; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + if ($testtype == UNRECOGNIZED_SIGALGS_CERT) { + $type = TLSProxy::Message::EXT_SIG_ALGS_CERT; + } elsif ($testtype == UNRECOGNIZED_SIGALG) { + $type = TLSProxy::Message::EXT_SIG_ALGS; + } else { + return; + } + + my $ext = pack "C8", + 0x00, 0x06, #Extension length + 0xfe, 0x18, #private use + 0x04, 0x01, #rsa_pkcs1_sha256 + 0x08, 0x04; #rsa_pss_rsae_sha256; + my $message = ${$proxy->message_list}[0]; + $message->set_extension($type, $ext); + $message->repack; +} diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13alerts.t b/test/recipes/70-test_tls13alerts.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13cookie.t b/test/recipes/70-test_tls13cookie.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t old mode 100755 new mode 100644 diff --git a/test/recipes/70-test_verify_extra.t b/test/recipes/70-test_verify_extra.t old mode 100755 new mode 100644 index 79a33cd01679ded9f8b997efbf47ff41b1bb7bc0..8c7c9576ceebb3e8b85e74361c496b44ce2ff10d --- a/test/recipes/70-test_verify_extra.t +++ b/test/recipes/70-test_verify_extra.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,4 +16,5 @@ plan tests => 1; ok(run(test(["verify_extra_test", srctop_file("test", "certs", "roots.pem"), srctop_file("test", "certs", "untrusted.pem"), - srctop_file("test", "certs", "bad.pem")]))); + srctop_file("test", "certs", "bad.pem"), + srctop_file("test", "certs", "rootCA.pem")]))); diff --git a/test/recipes/70-test_wpacket.t b/test/recipes/70-test_wpacket.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cipherbytes.t b/test/recipes/80-test_cipherbytes.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cipherlist.t b/test/recipes/80-test_cipherlist.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ciphername.t b/test/recipes/80-test_ciphername.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cms_data/bad_signtime_attr.cms b/test/recipes/80-test_cms_data/bad_signtime_attr.cms old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cms_data/ct_multiple_attr.cms b/test/recipes/80-test_cms_data/ct_multiple_attr.cms old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cms_data/no_ct_attr.cms b/test/recipes/80-test_cms_data/no_ct_attr.cms old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cms_data/no_md_attr.cms b/test/recipes/80-test_cms_data/no_md_attr.cms old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_dane.t b/test/recipes/80-test_dane.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_dtls.t b/test/recipes/80-test_dtls.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_dtls_mtu.t b/test/recipes/80-test_dtls_mtu.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_dtlsv1listen.t b/test/recipes/80-test_dtlsv1listen.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ocsp_data/cert.pem b/test/recipes/80-test_ocsp_data/cert.pem old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ocsp_data/key.pem b/test/recipes/80-test_ocsp_data/key.pem old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_sslcorrupt.t b/test/recipes/80-test_sslcorrupt.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t old mode 100755 new mode 100644 diff --git a/test/recipes/80-test_x509aux.t b/test/recipes/80-test_x509aux.t old mode 100755 new mode 100644 index 65ba5fcf529260ead90ad72206c1a4f573538770..4c3cefc45cc4c0098d7a01eb5ce36b442babea02 --- a/test/recipes/80-test_x509aux.t +++ b/test/recipes/80-test_x509aux.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,14 +14,17 @@ use OpenSSL::Test::Utils; setup("test_x509aux"); +my @path = qw(test certs); + plan skip_all => "test_dane uses ec which is not supported by this OpenSSL build" if disabled("ec"); plan tests => 1; # The number of tests being performed ok(run(test(["x509aux", - srctop_file("test", "certs", "roots.pem"), - srctop_file("test", "certs", "root+anyEKU.pem"), - srctop_file("test", "certs", "root-anyEKU.pem"), - srctop_file("test", "certs", "root-cert.pem")] - )), "x509aux tests"); + srctop_file(@path, "roots.pem"), + srctop_file(@path, "root+anyEKU.pem"), + srctop_file(@path, "root-anyEKU.pem"), + srctop_file(@path, "root-cert.pem"), + srctop_file(@path, "invalid-cert.pem"), + ])), "x509aux tests"); diff --git a/test/recipes/90-test_asn1_time.t b/test/recipes/90-test_asn1_time.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_async.t b/test/recipes/90-test_async.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_bio_enc.t b/test/recipes/90-test_bio_enc.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_bio_memleak.t b/test/recipes/90-test_bio_memleak.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_constant_time.t b/test/recipes/90-test_constant_time.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_fatalerr.t b/test/recipes/90-test_fatalerr.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gmdiff.t b/test/recipes/90-test_gmdiff.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.conf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost_data/server-cert2001.pem b/test/recipes/90-test_gost_data/server-cert2001.pem old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost_data/server-cert2012.pem b/test/recipes/90-test_gost_data/server-cert2012.pem old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost_data/server-key2001.pem b/test/recipes/90-test_gost_data/server-key2001.pem old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_gost_data/server-key2012.pem b/test/recipes/90-test_gost_data/server-key2012.pem old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_ige.t b/test/recipes/90-test_ige.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/conf-includes/includes1.cnf b/test/recipes/90-test_includes_data/conf-includes/includes1.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/conf-includes/includes2.cnf b/test/recipes/90-test_includes_data/conf-includes/includes2.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/includes-broken.cnf b/test/recipes/90-test_includes_data/includes-broken.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/includes-eq-ws.cnf b/test/recipes/90-test_includes_data/includes-eq-ws.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/includes-eq.cnf b/test/recipes/90-test_includes_data/includes-eq.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/includes-file.cnf b/test/recipes/90-test_includes_data/includes-file.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/includes.cnf b/test/recipes/90-test_includes_data/includes.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/vms-includes-file.cnf b/test/recipes/90-test_includes_data/vms-includes-file.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_includes_data/vms-includes.cnf b/test/recipes/90-test_includes_data/vms-includes.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_memleak.t b/test/recipes/90-test_memleak.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_overhead.t b/test/recipes/90-test_overhead.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_secmem.t b/test/recipes/90-test_secmem.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_shlibload.t b/test/recipes/90-test_shlibload.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_srp.t b/test/recipes/90-test_srp.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_sslapi_data/passwd.txt b/test/recipes/90-test_sslapi_data/passwd.txt old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_sslbuffers.t b/test/recipes/90-test_sslbuffers.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_store_data/ca.cnf b/test/recipes/90-test_store_data/ca.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_store_data/user.cnf b/test/recipes/90-test_store_data/user.cnf old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_sysdefault.t b/test/recipes/90-test_sysdefault.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_time_offset.t b/test/recipes/90-test_time_offset.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_tls13ccs.t b/test/recipes/90-test_tls13ccs.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_tls13encryption.t b/test/recipes/90-test_tls13encryption.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_tls13secrets.t b/test/recipes/90-test_tls13secrets.t old mode 100755 new mode 100644 diff --git a/test/recipes/90-test_v3name.t b/test/recipes/90-test_v3name.t old mode 100755 new mode 100644 diff --git a/test/recipes/95-test_external_boringssl.t b/test/recipes/95-test_external_boringssl.t old mode 100755 new mode 100644 diff --git a/test/recipes/95-test_external_krb5.t b/test/recipes/95-test_external_krb5.t old mode 100755 new mode 100644 diff --git a/test/recipes/95-test_external_pyca.t b/test/recipes/95-test_external_pyca.t old mode 100755 new mode 100644 diff --git a/test/recipes/99-test_ecstress.t b/test/recipes/99-test_ecstress.t old mode 100755 new mode 100644 diff --git a/test/recipes/99-test_fuzz.t b/test/recipes/99-test_fuzz.t old mode 100755 new mode 100644 diff --git a/test/recipes/ocsp-response.der b/test/recipes/ocsp-response.der old mode 100755 new mode 100644 diff --git a/test/recipes/tconversion.pl b/test/recipes/tconversion.pl old mode 100755 new mode 100644 diff --git a/test/recordlentest.c b/test/recordlentest.c old mode 100755 new mode 100644 diff --git a/test/rsa_complex.c b/test/rsa_complex.c old mode 100755 new mode 100644 diff --git a/test/rsa_mp_test.c b/test/rsa_mp_test.c old mode 100755 new mode 100644 diff --git a/test/rsa_test.c b/test/rsa_test.c old mode 100755 new mode 100644 index 3820785edcc6f80d502fcd37172969b86b211dda..be6db029410c307cc8228c2afc7f3a8f97806e49 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,8 @@ int setup_tests(void) BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \ BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \ BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \ - memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ + if (c != NULL) \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ return sizeof(ctext_ex) - 1; static int key1(RSA *key, unsigned char *c) @@ -211,97 +212,99 @@ static int key3(RSA *key, unsigned char *c) SetKey; } -static int pad_unknown(void) -{ - unsigned long l; - while ((l = ERR_get_error()) != 0) - if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) - return 1; - return 0; -} - -static int rsa_setkey(RSA** key, unsigned char* ctext, int idx) +static int rsa_setkey(RSA** key, unsigned char *ctext, int idx) { int clen = 0; + *key = RSA_new(); - switch (idx) { - case 0: - clen = key1(*key, ctext); - break; - case 1: - clen = key2(*key, ctext); - break; - case 2: - clen = key3(*key, ctext); - break; - } + if (*key != NULL) + switch (idx) { + case 0: + clen = key1(*key, ctext); + break; + case 1: + clen = key2(*key, ctext); + break; + case 2: + clen = key3(*key, ctext); + break; + } return clen; } -static int test_rsa_pkcs1(int idx) +static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type, + int success, unsigned char *ctext_ex, int *clen, + RSA **retkey) { int ret = 0; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - unsigned char ctext_ex[256]; int plen; - int clen = 0; + int clentmp = 0; int num; plen = sizeof(ptext_ex) - 1; - clen = rsa_setkey(&key, ctext_ex, idx); + clentmp = rsa_setkey(&key, ctext_ex, idx); + if (clen != NULL) + *clen = clentmp; - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); - if (!TEST_int_eq(num, clen)) + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type); + if (!TEST_int_eq(num, clentmp)) goto err; - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); - if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) - goto err; + num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type); + if (success) { + if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen)) + goto err; + } else { + if (!TEST_int_lt(num, 0)) + goto err; + } ret = 1; + if (retkey != NULL) { + *retkey = key; + key = NULL; + } err: RSA_free(key); return ret; } +static int test_rsa_pkcs1(int idx) +{ + return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL, + NULL, NULL); +} + static int test_rsa_sslv23(int idx) { - int ret = 0; - RSA *key; - unsigned char ptext[256]; - unsigned char ctext[256]; - static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - unsigned char ctext_ex[256]; - int plen; - int clen = 0; - int num; + int ret; - plen = sizeof(ptext_ex) - 1; - clen = rsa_setkey(&key, ctext_ex, idx); + /* Simulate an SSLv2 only client talking to a TLS capable server */ + ret = test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_SSLV23_PADDING, 1, NULL, + NULL, NULL); - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_SSLV23_PADDING); - if (!TEST_int_eq(num, clen)) - goto err; + /* Simulate a TLS capable client talking to an SSLv2 only server */ + ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_PKCS1_PADDING, 1, NULL, + NULL, NULL); - num = RSA_private_decrypt(num, ctext, ptext, key, RSA_SSLV23_PADDING); - if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) - goto err; + /* + * Simulate a TLS capable client talking to a TLS capable server. Should + * fail due to detecting a rollback attack. + */ + ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_SSLV23_PADDING, 0, NULL, + NULL, NULL); - ret = 1; -err: - RSA_free(key); return ret; } static int test_rsa_oaep(int idx) { int ret = 0; - RSA *key; + RSA *key = NULL; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; @@ -311,28 +314,16 @@ static int test_rsa_oaep(int idx) int num; int n; - plen = sizeof(ptext_ex) - 1; - clen = rsa_setkey(&key, ctext_ex, idx); - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_OAEP_PADDING); - if (num == -1 && pad_unknown()) { - TEST_info("Skipping: No OAEP support"); - ret = 1; - goto err; - } - if (!TEST_int_eq(num, clen)) + if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1, + ctext_ex, &clen, &key)) goto err; - num = RSA_private_decrypt(num, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) - goto err; + plen = sizeof(ptext_ex) - 1; /* Different ciphertexts. Try decrypting ctext_ex */ num = RSA_private_decrypt(clen, ctext_ex, ptext, key, RSA_PKCS1_OAEP_PADDING); - if (!TEST_mem_eq(ptext, num, ptext_ex, plen)) + if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen)) goto err; /* Try decrypting corrupted ciphertexts. */ diff --git a/test/run_tests.pl b/test/run_tests.pl old mode 100755 new mode 100644 diff --git a/test/sanitytest.c b/test/sanitytest.c old mode 100755 new mode 100644 diff --git a/test/secmemtest.c b/test/secmemtest.c old mode 100755 new mode 100644 diff --git a/test/serverinfo.pem b/test/serverinfo.pem old mode 100755 new mode 100644 diff --git a/test/serverinfo2.pem b/test/serverinfo2.pem old mode 100755 new mode 100644 diff --git a/test/servername_test.c b/test/servername_test.c old mode 100755 new mode 100644 diff --git a/test/session.pem b/test/session.pem old mode 100755 new mode 100644 diff --git a/test/shibboleth.pfx b/test/shibboleth.pfx old mode 100755 new mode 100644 diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c old mode 100755 new mode 100644 diff --git a/test/siphash_internal_test.c b/test/siphash_internal_test.c old mode 100755 new mode 100644 diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c old mode 100755 new mode 100644 index 952f688e8b144848283d7af830017d590075b7be..2bb73947ff3bd6e89458b624915fd78f016c407f --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,17 +32,18 @@ static size_t fake_rand_size = 0; static int get_faked_bytes(unsigned char *buf, int num) { - int i; - if (fake_rand_bytes == NULL) return saved_rand->bytes(buf, num); - if (!TEST_size_t_le(fake_rand_bytes_offset + num, fake_rand_size)) + if (!TEST_size_t_gt(fake_rand_size, 0)) return 0; - for (i = 0; i != num; ++i) - buf[i] = fake_rand_bytes[fake_rand_bytes_offset + i]; - fake_rand_bytes_offset += num; + while (num-- > 0) { + if (fake_rand_bytes_offset >= fake_rand_size) + fake_rand_bytes_offset = 0; + *buf++ = fake_rand_bytes[fake_rand_bytes_offset++]; + } + return 1; } @@ -175,8 +176,7 @@ static int test_sm2_crypt(const EC_GROUP *group, start_fake_rand(k_hex); if (!TEST_true(sm2_encrypt(key, digest, (const uint8_t *)message, msg_len, - ctext, &ctext_len)) - || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) { + ctext, &ctext_len))) { restore_rand(); goto done; } @@ -296,8 +296,7 @@ static int test_sm2_sign(const EC_GROUP *group, start_fake_rand(k_hex); sig = sm2_do_sign(key, EVP_sm3(), (const uint8_t *)userid, strlen(userid), (const uint8_t *)message, msg_len); - if (!TEST_ptr(sig) - || !TEST_size_t_eq(fake_rand_bytes_offset, fake_rand_size)) { + if (!TEST_ptr(sig)) { restore_rand(); goto done; } diff --git a/test/sm4_internal_test.c b/test/sm4_internal_test.c old mode 100755 new mode 100644 diff --git a/test/smcont.txt b/test/smcont.txt old mode 100755 new mode 100644 diff --git a/test/smime-certs/ca.cnf b/test/smime-certs/ca.cnf old mode 100755 new mode 100644 diff --git a/test/smime-certs/mksmime-certs.sh b/test/smime-certs/mksmime-certs.sh old mode 100755 new mode 100644 diff --git a/test/smime-certs/smdh.pem b/test/smime-certs/smdh.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smdsa1.pem b/test/smime-certs/smdsa1.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smdsa2.pem b/test/smime-certs/smdsa2.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smdsa3.pem b/test/smime-certs/smdsa3.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smdsap.pem b/test/smime-certs/smdsap.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smec1.pem b/test/smime-certs/smec1.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smec2.pem b/test/smime-certs/smec2.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smec3.pem b/test/smime-certs/smec3.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smroot.pem b/test/smime-certs/smroot.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smrsa1.pem b/test/smime-certs/smrsa1.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smrsa2.pem b/test/smime-certs/smrsa2.pem old mode 100755 new mode 100644 diff --git a/test/smime-certs/smrsa3.pem b/test/smime-certs/smrsa3.pem old mode 100755 new mode 100644 diff --git a/test/srptest.c b/test/srptest.c old mode 100755 new mode 100644 diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/10-resumption.conf.in b/test/ssl-tests/10-resumption.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/11-dtls_resumption.conf.in b/test/ssl-tests/11-dtls_resumption.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/15-certstatus.conf b/test/ssl-tests/15-certstatus.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/15-certstatus.conf.in b/test/ssl-tests/15-certstatus.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/16-certstatus.conf b/test/ssl-tests/16-certstatus.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/16-dtls-certstatus.conf b/test/ssl-tests/16-dtls-certstatus.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/16-dtls-certstatus.conf.in b/test/ssl-tests/16-dtls-certstatus.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/21-key-update.conf b/test/ssl-tests/21-key-update.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/21-key-update.conf.in b/test/ssl-tests/21-key-update.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/22-compression.conf.in b/test/ssl-tests/22-compression.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/24-padding.conf b/test/ssl-tests/24-padding.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/24-padding.conf.in b/test/ssl-tests/24-padding.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/27-ticket-appdata.conf b/test/ssl-tests/27-ticket-appdata.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/27-ticket-appdata.conf.in b/test/ssl-tests/27-ticket-appdata.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf b/test/ssl-tests/29-dtls-sctp-label-bug.conf old mode 100755 new mode 100644 diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/test/ssl-tests/29-dtls-sctp-label-bug.conf.in old mode 100755 new mode 100644 diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm old mode 100755 new mode 100644 diff --git a/test/ssl-tests/ssltests_base.pm b/test/ssl-tests/ssltests_base.pm old mode 100755 new mode 100644 diff --git a/test/ssl_cert_table_internal_test.c b/test/ssl_cert_table_internal_test.c old mode 100755 new mode 100644 diff --git a/test/ssl_test.c b/test/ssl_test.c old mode 100755 new mode 100644 diff --git a/test/ssl_test.tmpl b/test/ssl_test.tmpl old mode 100755 new mode 100644 diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c old mode 100755 new mode 100644 diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h old mode 100755 new mode 100644 diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c old mode 100755 new mode 100644 diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf old mode 100755 new mode 100644 diff --git a/test/sslapitest.c b/test/sslapitest.c old mode 100755 new mode 100644 index 5c118108efeef54e2f4a5ec7af9df4157f51f181..4a27ee1ba260b887f48a5717c7ffdf150a44d04a --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -590,7 +590,6 @@ end: return testresult; } -#endif /* * Very focused test to exercise a single case in the server-side state @@ -702,6 +701,7 @@ end: return testresult; } +#endif static int execute_test_large_message(const SSL_METHOD *smeth, const SSL_METHOD *cmeth, @@ -2129,8 +2129,11 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, #define MSG6 "test" #define MSG7 "message." -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") +#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") +#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03") +#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04") +#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05") static SSL_SESSION *create_a_psk(SSL *ssl) @@ -3058,6 +3061,110 @@ static int test_early_data_psk(int idx) return testresult; } +/* + * Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites + * idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256 + * idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384 + * idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256, + * idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256 + * idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256 + */ +static int test_early_data_psk_with_all_ciphers(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_SESSION *sess = NULL; + unsigned char buf[20]; + size_t readbytes, written; + const SSL_CIPHER *cipher; + const char *cipher_str[] = { + TLS1_3_RFC_AES_128_GCM_SHA256, + TLS1_3_RFC_AES_256_GCM_SHA384, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_RFC_CHACHA20_POLY1305_SHA256, +# else + NULL, +# endif + TLS1_3_RFC_AES_128_CCM_SHA256, + TLS1_3_RFC_AES_128_CCM_8_SHA256 + }; + const unsigned char *cipher_bytes[] = { + TLS13_AES_128_GCM_SHA256_BYTES, + TLS13_AES_256_GCM_SHA384_BYTES, +# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS13_CHACHA20_POLY1305_SHA256_BYTES, +# else + NULL, +# endif + TLS13_AES_128_CCM_SHA256_BYTES, + TLS13_AES_128_CCM_8_SHA256_BYTES + }; + + if (cipher_str[idx] == NULL) + return 1; + + /* We always set this up with a final parameter of "2" for PSK */ + if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, + &serverssl, &sess, 2))) + goto end; + + if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx])) + || !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx]))) + goto end; + + /* + * 'setupearly_data_test' creates only one instance of SSL_SESSION + * and assigns to both client and server with incremented reference + * and the same instance is updated in 'sess'. + * So updating ciphersuite in 'sess' which will get reflected in + * PSK handshake using psk use sess and find sess cb. + */ + cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]); + if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))) + goto end; + + SSL_set_connect_state(clientssl); + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written))) + goto end; + + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED) + || !TEST_int_eq(SSL_connect(clientssl), 1) + || !TEST_int_eq(SSL_accept(serverssl), 1)) + goto end; + + /* Send some normal data from client to server */ + if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) + || !TEST_size_t_eq(written, strlen(MSG2))) + goto end; + + if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2))) + goto end; + + testresult = 1; + end: + SSL_SESSION_free(sess); + SSL_SESSION_free(clientpsk); + SSL_SESSION_free(serverpsk); + clientpsk = serverpsk = NULL; + if (clientssl != NULL) + SSL_shutdown(clientssl); + if (serverssl != NULL) + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + /* * Test that a server that doesn't try to read early data can handle a * client sending some. @@ -4325,9 +4432,20 @@ static int test_export_key_mat(int tst) SSL_CTX_set_min_proto_version(cctx, protocols[tst]); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, - NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + NULL))) + goto end; + + /* + * Premature call of SSL_export_keying_material should just fail. + */ + if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1, + sizeof(ckeymat1), label, + SMALL_LABEL_LEN + 1, context, + sizeof(context) - 1, 1), 0)) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) goto end; if (tst == 5) { @@ -6471,6 +6589,131 @@ static int test_servername(int tst) return testresult; } +#ifndef OPENSSL_NO_TLS1_2 +static int test_ssl_dup(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL, *client2ssl = NULL; + int testresult = 0; + BIO *rbio = NULL, *wbio = NULL; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION))) + goto end; + + client2ssl = SSL_dup(clientssl); + rbio = SSL_get_rbio(clientssl); + if (!TEST_ptr(rbio) + || !TEST_true(BIO_up_ref(rbio))) + goto end; + SSL_set0_rbio(client2ssl, rbio); + rbio = NULL; + + wbio = SSL_get_wbio(clientssl); + if (!TEST_ptr(wbio) || !TEST_true(BIO_up_ref(wbio))) + goto end; + SSL_set0_wbio(client2ssl, wbio); + rbio = NULL; + + if (!TEST_ptr(client2ssl) + /* Handshake not started so pointers should be different */ + || !TEST_ptr_ne(clientssl, client2ssl)) + goto end; + + if (!TEST_int_eq(SSL_get_min_proto_version(client2ssl), TLS1_2_VERSION) + || !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION)) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, client2ssl, SSL_ERROR_NONE))) + goto end; + + SSL_free(clientssl); + clientssl = SSL_dup(client2ssl); + if (!TEST_ptr(clientssl) + /* Handshake has finished so pointers should be the same */ + || !TEST_ptr_eq(clientssl, client2ssl)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_free(client2ssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif + +#ifndef OPENSSL_NO_TLS1_3 +/* + * Test that setting an SNI callback works with TLSv1.3. Specifically we check + * that it works even without a certificate configured for the original + * SSL_CTX + */ +static int test_sni_tls13(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + + /* Reset callback counter */ + snicb = 0; + + /* Create an initial SSL_CTX with no certificate configured */ + sctx = SSL_CTX_new(TLS_server_method()); + if (!TEST_ptr(sctx)) + goto end; + /* Require TLSv1.3 as a minimum */ + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_3_VERSION, 0, &sctx2, &cctx, cert, + privkey))) + goto end; + + /* Set up SNI */ + if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb)) + || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2))) + goto end; + + /* + * Connection should still succeed because the final SSL_CTX has the right + * certificates configured. + */ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* We should have had the SNI callback called exactly once */ + if (!TEST_int_eq(snicb, 1)) + goto end; + + testresult = 1; + +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx2); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} +#endif + int setup_tests(void) { if (!TEST_ptr(certsdir = test_get_argument(0)) @@ -6549,6 +6792,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_skip_abort, 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); + ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5); ADD_ALL_TESTS(test_early_data_not_expected, 3); # ifndef OPENSSL_NO_TLS1_2 ADD_ALL_TESTS(test_early_data_tls1_2, 3); @@ -6590,6 +6834,12 @@ int setup_tests(void) ADD_ALL_TESTS(test_client_cert_cb, 2); ADD_ALL_TESTS(test_ca_names, 3); ADD_ALL_TESTS(test_servername, 10); +#ifndef OPENSSL_NO_TLS1_2 + ADD_TEST(test_ssl_dup); +#endif +#ifndef OPENSSL_NO_TLS1_3 + ADD_TEST(test_sni_tls13); +#endif return 1; } diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c old mode 100755 new mode 100644 diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c old mode 100755 new mode 100644 diff --git a/test/ssltest_old.c b/test/ssltest_old.c old mode 100755 new mode 100644 diff --git a/test/ssltestlib.c b/test/ssltestlib.c old mode 100755 new mode 100644 diff --git a/test/ssltestlib.h b/test/ssltestlib.h old mode 100755 new mode 100644 diff --git a/test/stack_test.c b/test/stack_test.c old mode 100755 new mode 100644 diff --git a/test/sysdefault.cnf b/test/sysdefault.cnf old mode 100755 new mode 100644 diff --git a/test/sysdefaulttest.c b/test/sysdefaulttest.c old mode 100755 new mode 100644 diff --git a/test/test.cnf b/test/test.cnf old mode 100755 new mode 100644 diff --git a/test/test_test.c b/test/test_test.c old mode 100755 new mode 100644 diff --git a/test/testcrl.pem b/test/testcrl.pem old mode 100755 new mode 100644 diff --git a/test/testdsa.pem b/test/testdsa.pem old mode 100755 new mode 100644 diff --git a/test/testdsapub.pem b/test/testdsapub.pem old mode 100755 new mode 100644 diff --git a/test/testec-p256.pem b/test/testec-p256.pem old mode 100755 new mode 100644 diff --git a/test/testecpub-p256.pem b/test/testecpub-p256.pem old mode 100755 new mode 100644 diff --git a/test/tested25519.pem b/test/tested25519.pem new file mode 100644 index 0000000000000000000000000000000000000000..e447080ae285928f6d49718a50f81f0af98cd4da --- /dev/null +++ b/test/tested25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/test/tested25519pub.pem b/test/tested25519pub.pem new file mode 100644 index 0000000000000000000000000000000000000000..41b0218e948a3afc96f79cfbafe8f3865486a855 --- /dev/null +++ b/test/tested25519pub.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PUBLIC KEY----- diff --git a/test/tested448.pem b/test/tested448.pem new file mode 100644 index 0000000000000000000000000000000000000000..98af16420ad4bbde9273402c16f5b8461feb5e4e --- /dev/null +++ b/test/tested448.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOWyCpWLLgI0Q1jK+ichRPr9skp803fqMn2PJlg7240ij +UoyKP8wvBE45o/xblEkvjwMudUmiAJj5Ww== +-----END PRIVATE KEY----- diff --git a/test/tested448pub.pem b/test/tested448pub.pem new file mode 100644 index 0000000000000000000000000000000000000000..640da6f2be14500215c4564b8a6798f435ba8b66 --- /dev/null +++ b/test/tested448pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAX9dEm1m0Yf0s54fsYWrUah2hNCSFpw4fig6nXYDpZ3jt8SR2 +m0bHBhvWeD3x5Q9s0foavq/oJWGA +-----END PUBLIC KEY----- diff --git a/test/testp7.pem b/test/testp7.pem old mode 100755 new mode 100644 diff --git a/test/testreq2.pem b/test/testreq2.pem old mode 100755 new mode 100644 diff --git a/test/testrsa.pem b/test/testrsa.pem old mode 100755 new mode 100644 diff --git a/test/testrsapub.pem b/test/testrsapub.pem old mode 100755 new mode 100644 diff --git a/test/testsid.pem b/test/testsid.pem old mode 100755 new mode 100644 diff --git a/test/testutil.h b/test/testutil.h old mode 100755 new mode 100644 diff --git a/test/testutil/basic_output.c b/test/testutil/basic_output.c old mode 100755 new mode 100644 diff --git a/test/testutil/cb.c b/test/testutil/cb.c old mode 100755 new mode 100644 diff --git a/test/testutil/driver.c b/test/testutil/driver.c old mode 100755 new mode 100644 diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c old mode 100755 new mode 100644 diff --git a/test/testutil/main.c b/test/testutil/main.c old mode 100755 new mode 100644 diff --git a/test/testutil/output.h b/test/testutil/output.h old mode 100755 new mode 100644 diff --git a/test/testutil/output_helpers.c b/test/testutil/output_helpers.c old mode 100755 new mode 100644 diff --git a/test/testutil/random.c b/test/testutil/random.c old mode 100755 new mode 100644 diff --git a/test/testutil/stanza.c b/test/testutil/stanza.c old mode 100755 new mode 100644 diff --git a/test/testutil/tap_bio.c b/test/testutil/tap_bio.c old mode 100755 new mode 100644 diff --git a/test/testutil/test_cleanup.c b/test/testutil/test_cleanup.c old mode 100755 new mode 100644 diff --git a/test/testutil/tests.c b/test/testutil/tests.c old mode 100755 new mode 100644 diff --git a/test/testutil/testutil_init.c b/test/testutil/testutil_init.c old mode 100755 new mode 100644 diff --git a/test/testutil/tu_local.h b/test/testutil/tu_local.h old mode 100755 new mode 100644 diff --git a/test/testx509.pem b/test/testx509.pem old mode 100755 new mode 100644 diff --git a/test/threadstest.c b/test/threadstest.c old mode 100755 new mode 100644 diff --git a/test/time_offset_test.c b/test/time_offset_test.c old mode 100755 new mode 100644 diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c old mode 100755 new mode 100644 diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c old mode 100755 new mode 100644 index 479ff4105e5237e2bb623b9419f64344cb538e65..3625db9220f3c37a312087aa79a4a47c0489ff79 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -288,7 +288,7 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) { int ret = 0; unsigned char *refd; - size_t refdatalen; + size_t refdatalen = 0; if (enc) refd = multihexstr2buf(recd->ciphertext, &refdatalen); diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c old mode 100755 new mode 100644 diff --git a/test/uitest.c b/test/uitest.c old mode 100755 new mode 100644 diff --git a/test/v3-cert1.pem b/test/v3-cert1.pem old mode 100755 new mode 100644 diff --git a/test/v3-cert2.pem b/test/v3-cert2.pem old mode 100755 new mode 100644 diff --git a/test/v3ext.c b/test/v3ext.c old mode 100755 new mode 100644 diff --git a/test/v3nametest.c b/test/v3nametest.c old mode 100755 new mode 100644 index 86f3829aedbd8f3b23bd6b7e8c8d3c90321a51dd..d1852190b84eb948de8b5665762021b23b2c7766 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -1,5 +1,5 @@ /* - * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -359,8 +359,352 @@ static int call_run_cert(int i) return failed == 0; } +static struct gennamedata { + const unsigned char der[22]; + size_t derlen; +} gennames[] = { + { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * SEQUENCE {} + * } + * } + */ + { + 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 + }, + 21 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * [APPLICATION 0] {} + * } + * } + */ + { + 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 + }, + 21 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 + }, + 22 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } + * [0] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 + }, + 22 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * UTF8String { "b" } + * } + * } + */ + { + 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 + }, + 22 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * BOOLEAN { TRUE } + * } + * } + */ + { + 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff + }, + 22 + }, { + /* + * [0] { + * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } + * [0] { + * BOOLEAN { FALSE } + * } + * } + */ + { + 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, + 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 + }, + 22 + }, { + /* [1 PRIMITIVE] { "a" } */ + { + 0x81, 0x01, 0x61 + }, + 3 + }, { + /* [1 PRIMITIVE] { "b" } */ + { + 0x81, 0x01, 0x62 + }, + 3 + }, { + /* [2 PRIMITIVE] { "a" } */ + { + 0x82, 0x01, 0x61 + }, + 3 + }, { + /* [2 PRIMITIVE] { "b" } */ + { + 0x82, 0x01, 0x62 + }, + 3 + }, { + /* + * [4] { + * SEQUENCE { + * SET { + * SEQUENCE { + * # commonName + * OBJECT_IDENTIFIER { 2.5.4.3 } + * UTF8String { "a" } + * } + * } + * } + * } + */ + { + 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x01, 0x61 + }, + 16 + }, { + /* + * [4] { + * SEQUENCE { + * SET { + * SEQUENCE { + * # commonName + * OBJECT_IDENTIFIER { 2.5.4.3 } + * UTF8String { "b" } + * } + * } + * } + * } + */ + { + 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x01, 0x62 + }, + 16 + }, { + /* + * [5] { + * [1] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 + }, + 7 + }, { + /* + * [5] { + * [1] { + * UTF8String { "b" } + * } + * } + */ + { + 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 + }, + 7 + }, { + /* + * [5] { + * [0] { + * UTF8String {} + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 + }, + 11 + }, { + /* + * [5] { + * [0] { + * UTF8String { "a" } + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, + 0x61 + }, + 12 + }, { + /* + * [5] { + * [0] { + * UTF8String { "b" } + * } + * [1] { + * UTF8String { "a" } + * } + * } + */ + { + 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, + 0x61 + }, + 12 + }, { + /* [6 PRIMITIVE] { "a" } */ + { + 0x86, 0x01, 0x61 + }, + 3 + }, { + /* [6 PRIMITIVE] { "b" } */ + { + 0x86, 0x01, 0x62 + }, + 3 + }, { + /* [7 PRIMITIVE] { `11111111` } */ + { + 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 + }, + 6 + }, { + /* [7 PRIMITIVE] { `22222222`} */ + { + 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 + }, + 6 + }, { + /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ + { + 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + }, + 18 + }, { + /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ + { + 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 + }, + 18 + }, { + /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ + { + 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, + 0xb7, 0x09, 0x02, 0x01 + }, + 15 + }, { + /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ + { + 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, + 0xb7, 0x09, 0x02, 0x02 + }, + 15 + } +}; + +static int test_GENERAL_NAME_cmp(void) +{ + size_t i, j; + GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) + * OSSL_NELEM(gennames)); + GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) + * OSSL_NELEM(gennames)); + int testresult = 0; + + if (!TEST_ptr(namesa) || !TEST_ptr(namesb)) + goto end; + + for (i = 0; i < OSSL_NELEM(gennames); i++) { + const unsigned char *derp = gennames[i].der; + + /* + * We create two versions of each GENERAL_NAME so that we ensure when + * we compare them they are always different pointers. + */ + namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); + derp = gennames[i].der; + namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); + if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i])) + goto end; + } + + /* Every name should be equal to itself and not equal to any others. */ + for (i = 0; i < OSSL_NELEM(gennames); i++) { + for (j = 0; j < OSSL_NELEM(gennames); j++) { + if (i == j) { + if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) + goto end; + } else { + if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0)) + goto end; + } + } + } + testresult = 1; + + end: + for (i = 0; i < OSSL_NELEM(gennames); i++) { + if (namesa != NULL) + GENERAL_NAME_free(namesa[i]); + if (namesb != NULL) + GENERAL_NAME_free(namesb[i]); + } + OPENSSL_free(namesa); + OPENSSL_free(namesb); + + return testresult; +} + int setup_tests(void) { ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns)); + ADD_TEST(test_GENERAL_NAME_cmp); return 1; } diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c old mode 100755 new mode 100644 index d9d1498954b110123fe519a27e50611c9bef583c..b9959e0c6665ce79b600fd9288705b7bbaaaa4ec --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,21 @@ static const char *roots_f; static const char *untrusted_f; static const char *bad_f; +static const char *good_f; + +static X509 *load_cert_pem(const char *file) +{ + X509 *cert = NULL; + BIO *bio = NULL; + + if (!TEST_ptr(bio = BIO_new(BIO_s_file()))) + return NULL; + if (TEST_int_gt(BIO_read_filename(bio, file), 0)) + (void)TEST_ptr(cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)); + + BIO_free(bio); + return cert; +} static STACK_OF(X509) *load_certs_from_file(const char *filename) { @@ -58,7 +73,7 @@ static STACK_OF(X509) *load_certs_from_file(const char *filename) return certs; } -/* +/*- * Test for CVE-2015-1793 (Alternate Chains Certificate Forgery) * * Chain is as follows: @@ -125,10 +140,22 @@ static int test_alt_chains_cert_forgery(void) i = X509_verify_cert(sctx); - if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA) + goto err; + + /* repeat with X509_V_FLAG_X509_STRICT */ + X509_STORE_CTX_cleanup(sctx); + X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT); + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) /* This is the result we were expecting: Test passed */ ret = 1; - } + err: X509_STORE_CTX_free(sctx); X509_free(x); @@ -175,16 +202,48 @@ static int test_store_ctx(void) return testresult; } +static int test_self_signed(const char *filename, int expected) +{ + X509 *cert = load_cert_pem(filename); + STACK_OF(X509) *trusted = sk_X509_new_null(); + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + int ret; + + ret = TEST_ptr(cert) + && TEST_true(sk_X509_push(trusted, cert)) + && TEST_true(X509_STORE_CTX_init(ctx, NULL, cert, NULL)); + X509_STORE_CTX_set0_trusted_stack(ctx, trusted); + ret = ret && TEST_int_eq(X509_verify_cert(ctx), expected); + + X509_STORE_CTX_free(ctx); + sk_X509_free(trusted); + X509_free(cert); + return ret; +} + +static int test_self_signed_good(void) +{ + return test_self_signed(good_f, 1); +} + +static int test_self_signed_bad(void) +{ + return test_self_signed(bad_f, 0); +} + int setup_tests(void) { if (!TEST_ptr(roots_f = test_get_argument(0)) || !TEST_ptr(untrusted_f = test_get_argument(1)) - || !TEST_ptr(bad_f = test_get_argument(2))) { - TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); + || !TEST_ptr(bad_f = test_get_argument(2)) + || !TEST_ptr(good_f = test_get_argument(3))) { + TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem good.pem\n"); return 0; } ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); + ADD_TEST(test_self_signed_good); + ADD_TEST(test_self_signed_bad); return 1; } diff --git a/test/versions.c b/test/versions.c old mode 100755 new mode 100644 diff --git a/test/wpackettest.c b/test/wpackettest.c old mode 100755 new mode 100644 diff --git a/test/x509_check_cert_pkey_test.c b/test/x509_check_cert_pkey_test.c old mode 100755 new mode 100644 diff --git a/test/x509_dup_cert_test.c b/test/x509_dup_cert_test.c old mode 100755 new mode 100644 diff --git a/test/x509_internal_test.c b/test/x509_internal_test.c old mode 100755 new mode 100644 diff --git a/test/x509_time_test.c b/test/x509_time_test.c old mode 100755 new mode 100644 diff --git a/test/x509aux.c b/test/x509aux.c old mode 100755 new mode 100644 index e41f1f6809d2a1b432202b3c6cecd2f65ed71b7e..dee1b40e8ccf1e10292b010ad0945eb4e5caca60 --- a/test/x509aux.c +++ b/test/x509aux.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL licenses, (the "License"); * you may not use this file except in compliance with the License. @@ -30,17 +30,16 @@ static int test_certs(int num) typedef int (*i2d_X509_t)(X509 *, unsigned char **); int err = 0; BIO *fp = BIO_new_file(test_get_argument(num), "r"); - X509 *reuse = NULL; if (!TEST_ptr(fp)) return 0; for (c = 0; !err && PEM_read_bio(fp, &name, &header, &data, &len); ++c) { const int trusted = (strcmp(name, PEM_STRING_X509_TRUSTED) == 0); - d2i_X509_t d2i = trusted ? d2i_X509_AUX : d2i_X509; i2d_X509_t i2d = trusted ? i2d_X509_AUX : i2d_X509; X509 *cert = NULL; + X509 *reuse = NULL; const unsigned char *p = data; unsigned char *buf = NULL; unsigned char *bufp; @@ -93,9 +92,15 @@ static int test_certs(int num) goto next; } p = buf; - reuse = d2i(&reuse, &p, enclen); - if (reuse == NULL || X509_cmp (reuse, cert)) { - TEST_error("X509_cmp does not work with %s", name); + reuse = d2i(NULL, &p, enclen); + if (reuse == NULL) { + TEST_error("second d2i call failed for %s", name); + err = 1; + goto next; + } + err = X509_cmp(reuse, cert); + if (err != 0) { + TEST_error("X509_cmp for %s resulted in %d", name, err); err = 1; goto next; } @@ -141,13 +146,13 @@ static int test_certs(int num) */ next: X509_free(cert); + X509_free(reuse); OPENSSL_free(buf); OPENSSL_free(name); OPENSSL_free(header); OPENSSL_free(data); } BIO_free(fp); - X509_free(reuse); if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) { /* Reached end of PEM file */ diff --git a/tools/build.info b/tools/build.info old mode 100755 new mode 100644 diff --git a/tools/c_rehash.in b/tools/c_rehash.in old mode 100755 new mode 100644 index 421fd892086f9344822e74e1ac8b5bd836364548..fa7c6c9fef91a9ca6be036e0bda7ac112200bab4 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -1,7 +1,7 @@ #!{- $config{HASHBANGPERL} -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -161,7 +161,7 @@ sub check_file { sub link_hash_cert { my $fname = $_[0]; - $fname =~ s/'/'\\''/g; + $fname =~ s/\"/\\\"/g; my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; chomp $hash; chomp $fprint; diff --git a/util/add-depends.pl b/util/add-depends.pl old mode 100755 new mode 100644 diff --git a/util/build.info b/util/build.info old mode 100755 new mode 100644 diff --git a/util/cavs-to-evptest.pl b/util/cavs-to-evptest.pl old mode 100755 new mode 100644 diff --git a/util/copy.pl b/util/copy.pl old mode 100755 new mode 100644 diff --git a/util/dofile.pl b/util/dofile.pl old mode 100755 new mode 100644 diff --git a/util/echo.pl b/util/echo.pl old mode 100755 new mode 100644 diff --git a/util/indent.pro b/util/indent.pro old mode 100755 new mode 100644 diff --git a/util/libcrypto.num b/util/libcrypto.num old mode 100755 new mode 100644 index 876b7ca7103d2a03626fa66a9a388ed67a67eb0d..436f799bcacff177147e759cb36affe5ca965dc9 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4587,3 +4587,7 @@ EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION: EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION: EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION: RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA +X509_ALGOR_copy 4544 1_1_1h EXIST::FUNCTION: +X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION: +X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION: +EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC diff --git a/util/libssl.num b/util/libssl.num old mode 100755 new mode 100644 diff --git a/util/local_shlib.com.in b/util/local_shlib.com.in old mode 100755 new mode 100644 diff --git a/util/mkrc.pl b/util/mkrc.pl index 6762bc4a5698e085a099c4518381e37e2ba21632..18bde4d01a4c6e1f0e8ee49a7da8930df8226135 100755 --- a/util/mkrc.pl +++ b/util/mkrc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,7 +46,7 @@ if ( $filename =~ /openssl/i ) { $vft = "VFT_APP"; } -my $YEAR = [localtime()]->[5] + 1900; +my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; print <<___; #include diff --git a/util/perl/OpenSSL/Glob.pm b/util/perl/OpenSSL/Glob.pm old mode 100755 new mode 100644 diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm old mode 100755 new mode 100644 diff --git a/util/perl/OpenSSL/Test/Simple.pm b/util/perl/OpenSSL/Test/Simple.pm old mode 100755 new mode 100644 diff --git a/util/perl/OpenSSL/Test/Utils.pm b/util/perl/OpenSSL/Test/Utils.pm old mode 100755 new mode 100644 diff --git a/util/perl/OpenSSL/Util/Pod.pm b/util/perl/OpenSSL/Util/Pod.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/Alert.pm b/util/perl/TLSProxy/Alert.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/Certificate.pm b/util/perl/TLSProxy/Certificate.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/CertificateRequest.pm b/util/perl/TLSProxy/CertificateRequest.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/CertificateVerify.pm b/util/perl/TLSProxy/CertificateVerify.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/ClientHello.pm b/util/perl/TLSProxy/ClientHello.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/EncryptedExtensions.pm b/util/perl/TLSProxy/EncryptedExtensions.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm old mode 100755 new mode 100644 index 10b61560746a9db1883f1417dfd271e80142dbd3..c3c480669c66f7b29fe76907239ab2576c24cfda --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -1,4 +1,4 @@ -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -448,7 +448,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Only supports re-encrypting for TLSv1.3 +#Note: Only supports TLSv1.3 and ETM encryption sub repack { my $self = shift; @@ -490,15 +490,38 @@ sub repack # (If a length override is ever needed to construct invalid packets, # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); - $rec->len($rec->len + length($msgdata) - $old_length); - # Only support re-encryption for TLSv1.3. - if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { - #Add content type (1 byte) and 16 tag bytes - $rec->data($rec->decrypt_data - .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + # Only support re-encryption for TLSv1.3 and ETM. + if ($rec->encrypted()) { + if (TLSProxy::Proxy->is_tls13()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } elsif ($rec->etm()) { + my $data = $rec->decrypt_data; + #Add padding + my $padval = length($data) % 16; + $padval = 15 - $padval; + for (0..$padval) { + $data .= pack("C", $padval); + } + + #Add MAC. Assumed to be 20 bytes + foreach my $macval (0..19) { + $data .= pack("C", $macval); + } + + if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) { + #Explicit IV + $data = ("\0"x16).$data; + } + $rec->data($data); + } else { + die "Unsupported encryption: No ETM"; + } } else { $rec->data($rec->decrypt_data); } + $rec->len(length($rec->data)); #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata) diff --git a/util/perl/TLSProxy/NewSessionTicket.pm b/util/perl/TLSProxy/NewSessionTicket.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm old mode 100755 new mode 100644 diff --git a/util/perl/TLSProxy/ServerKeyExchange.pm b/util/perl/TLSProxy/ServerKeyExchange.pm old mode 100755 new mode 100644 diff --git a/util/perl/checkhandshake.pm b/util/perl/checkhandshake.pm old mode 100755 new mode 100644 diff --git a/util/perl/with_fallback.pm b/util/perl/with_fallback.pm old mode 100755 new mode 100644 diff --git a/util/private.num b/util/private.num old mode 100755 new mode 100644 diff --git a/util/su-filter.pl b/util/su-filter.pl old mode 100755 new mode 100644 diff --git a/util/unlocal_shlib.com.in b/util/unlocal_shlib.com.in old mode 100755 new mode 100644

, B and B. For a curve over Fp B