Merge OpenSSL 1.0.2p.
This commit is contained in:
commit
dea77ea6fc
@ -7,6 +7,64 @@
|
|||||||
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||||
release branch.
|
release branch.
|
||||||
|
|
||||||
|
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
|
||||||
|
|
||||||
|
*) Client DoS due to large DH parameter
|
||||||
|
|
||||||
|
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
|
||||||
|
malicious server can send a very large prime value to the client. This will
|
||||||
|
cause the client to spend an unreasonably long period of time generating a
|
||||||
|
key for this prime resulting in a hang until the client has finished. This
|
||||||
|
could be exploited in a Denial Of Service attack.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
|
||||||
|
(CVE-2018-0732)
|
||||||
|
[Guido Vranken]
|
||||||
|
|
||||||
|
*) Cache timing vulnerability in RSA Key Generation
|
||||||
|
|
||||||
|
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
|
||||||
|
a cache timing side channel attack. An attacker with sufficient access to
|
||||||
|
mount cache timing attacks during the RSA key generation process could
|
||||||
|
recover the private key.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
|
||||||
|
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
|
||||||
|
(CVE-2018-0737)
|
||||||
|
[Billy Brumley]
|
||||||
|
|
||||||
|
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
|
||||||
|
parameter is no longer accepted, as it leads to a corrupt table. NULL
|
||||||
|
pem_str is reserved for alias entries only.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Revert blinding in ECDSA sign and instead make problematic addition
|
||||||
|
length-invariant. Switch even to fixed-length Montgomery multiplication.
|
||||||
|
[Andy Polyakov]
|
||||||
|
|
||||||
|
*) Change generating and checking of primes so that the error rate of not
|
||||||
|
being prime depends on the intended use based on the size of the input.
|
||||||
|
For larger primes this will result in more rounds of Miller-Rabin.
|
||||||
|
The maximal error rate for primes with more than 1080 bits is lowered
|
||||||
|
to 2^-128.
|
||||||
|
[Kurt Roeckx, Annie Yousar]
|
||||||
|
|
||||||
|
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
|
||||||
|
[Kurt Roeckx]
|
||||||
|
|
||||||
|
*) Add blinding to ECDSA and DSA signatures to protect against side channel
|
||||||
|
attacks discovered by Keegan Ryan (NCC Group).
|
||||||
|
[Matt Caswell]
|
||||||
|
|
||||||
|
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
|
||||||
|
now allow empty (zero character) pass phrases.
|
||||||
|
[Richard Levitte]
|
||||||
|
|
||||||
|
*) Certificate time validation (X509_cmp_time) enforces stricter
|
||||||
|
compliance with RFC 5280. Fractional seconds and timezone offsets
|
||||||
|
are no longer allowed.
|
||||||
|
[Emilia Käsper]
|
||||||
|
|
||||||
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
|
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
|
||||||
|
|
||||||
*) Constructed ASN.1 types with a recursive definition could exceed the stack
|
*) Constructed ASN.1 types with a recursive definition could exceed the stack
|
||||||
|
@ -1,26 +1,26 @@
|
|||||||
HOW TO CONTRIBUTE PATCHES TO OpenSSL
|
HOW TO CONTRIBUTE TO OpenSSL
|
||||||
------------------------------------
|
----------------------------
|
||||||
|
|
||||||
(Please visit https://www.openssl.org/community/getting-started.html for
|
(Please visit https://www.openssl.org/community/getting-started.html for
|
||||||
other ideas about how to contribute.)
|
other ideas about how to contribute.)
|
||||||
|
|
||||||
Development is coordinated on the openssl-dev mailing list (see the
|
Development is done on GitHub, https://github.com/openssl/openssl.
|
||||||
above link or https://mta.openssl.org for information on subscribing).
|
|
||||||
If you are unsure as to whether a feature will be useful for the general
|
|
||||||
OpenSSL community you might want to discuss it on the openssl-dev mailing
|
|
||||||
list first. Someone may be already working on the same thing or there
|
|
||||||
may be a good reason as to why that feature isn't implemented.
|
|
||||||
|
|
||||||
To submit a patch, make a pull request on GitHub. If you think the patch
|
To request new features or report bugs, please open an issue on GitHub
|
||||||
could use feedback from the community, please start a thread on openssl-dev
|
|
||||||
to discuss it.
|
|
||||||
|
|
||||||
Having addressed the following items before the PR will help make the
|
To submit a patch, please open a pull request on GitHub. If you are thinking
|
||||||
acceptance and review process faster:
|
of making a large contribution, open an issue for it before starting work,
|
||||||
|
to get comments from the community. Someone may be already working on
|
||||||
|
the same thing or there may be reasons why that feature isn't implemented.
|
||||||
|
|
||||||
1. Anything other than trivial contributions will require a contributor
|
To make it easier to review and accept your pull request, please follow these
|
||||||
licensing agreement, giving us permission to use your code. See
|
guidelines:
|
||||||
https://www.openssl.org/policies/cla.html for details.
|
|
||||||
|
1. Anything other than a trivial contribution requires a Contributor
|
||||||
|
License Agreement (CLA), giving us permission to use your code. See
|
||||||
|
https://www.openssl.org/policies/cla.html for details. If your
|
||||||
|
contribution is too small to require a CLA, put "CLA: trivial" on a
|
||||||
|
line by itself in your commit message body.
|
||||||
|
|
||||||
2. All source files should start with the following text (with
|
2. All source files should start with the following text (with
|
||||||
appropriate comment characters at the start of each line and the
|
appropriate comment characters at the start of each line and the
|
||||||
@ -34,21 +34,21 @@ acceptance and review process faster:
|
|||||||
https://www.openssl.org/source/license.html
|
https://www.openssl.org/source/license.html
|
||||||
|
|
||||||
3. Patches should be as current as possible; expect to have to rebase
|
3. Patches should be as current as possible; expect to have to rebase
|
||||||
often. We do not accept merge commits; You will be asked to remove
|
often. We do not accept merge commits, you will have to remove them
|
||||||
them before a patch is considered acceptable.
|
(usually by rebasing) before it will be acceptable.
|
||||||
|
|
||||||
4. Patches should follow our coding style (see
|
4. Patches should follow our coding style (see
|
||||||
https://www.openssl.org/policies/codingstyle.html) and compile without
|
https://www.openssl.org/policies/codingstyle.html) and compile
|
||||||
warnings. Where gcc or clang is availble you should use the
|
without warnings. Where gcc or clang is available you should use the
|
||||||
--strict-warnings Configure option. OpenSSL compiles on many varied
|
--strict-warnings Configure option. OpenSSL compiles on many varied
|
||||||
platforms: try to ensure you only use portable features.
|
platforms: try to ensure you only use portable features. Clean builds
|
||||||
Clean builds via Travis and AppVeyor are expected, and done whenever
|
via Travis and AppVeyor are required, and they are started automatically
|
||||||
a PR is created or updated.
|
whenever a PR is created or updated.
|
||||||
|
|
||||||
5. When at all possible, patches should include tests. These can
|
5. When at all possible, patches should include tests. These can
|
||||||
either be added to an existing test, or completely new. Please see
|
either be added to an existing test, or completely new. Please see
|
||||||
test/README for information on the test framework.
|
test/README for information on the test framework.
|
||||||
|
|
||||||
6. New features or changed functionality must include
|
6. New features or changed functionality must include
|
||||||
documentation. Please look at the "pod" files in doc/apps, doc/crypto
|
documentation. Please look at the "pod" files in doc for
|
||||||
and doc/ssl for examples of our style.
|
examples of our style.
|
||||||
|
@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled))
|
|||||||
$depflags .= " -DOPENSSL_NO_$ALGO";
|
$depflags .= " -DOPENSSL_NO_$ALGO";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (/^comp$/) { $zlib = 0; }
|
||||||
}
|
}
|
||||||
|
|
||||||
print "\n";
|
print "\n";
|
||||||
@ -1671,6 +1672,13 @@ while (<PIPE>) {
|
|||||||
}
|
}
|
||||||
close(PIPE);
|
close(PIPE);
|
||||||
|
|
||||||
|
# Xcode did not handle $cc -M before clang support
|
||||||
|
my $cc_as_makedepend = 0;
|
||||||
|
if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
|
||||||
|
&& !defined($predefined{__clang__}))) {
|
||||||
|
$cc_as_makedepend = 1;
|
||||||
|
}
|
||||||
|
|
||||||
if ($strict_warnings)
|
if ($strict_warnings)
|
||||||
{
|
{
|
||||||
my $wopt;
|
my $wopt;
|
||||||
@ -1730,14 +1738,14 @@ while (<IN>)
|
|||||||
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
|
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
|
||||||
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
|
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
|
||||||
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
|
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
|
||||||
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
|
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
s/^CC=.*$/CC= $cc/;
|
s/^CC=.*$/CC= $cc/;
|
||||||
s/^AR=\s*ar/AR= $ar/;
|
s/^AR=\s*ar/AR= $ar/;
|
||||||
s/^RANLIB=.*/RANLIB= $ranlib/;
|
s/^RANLIB=.*/RANLIB= $ranlib/;
|
||||||
s/^RC=.*/RC= $windres/;
|
s/^RC=.*/RC= $windres/;
|
||||||
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
|
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
|
||||||
}
|
}
|
||||||
s/^CFLAG=.*$/CFLAG= $cflags/;
|
s/^CFLAG=.*$/CFLAG= $cflags/;
|
||||||
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
|
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
## Makefile for OpenSSL
|
## Makefile for OpenSSL
|
||||||
##
|
##
|
||||||
|
|
||||||
VERSION=1.0.2o
|
VERSION=1.0.2p
|
||||||
MAJOR=1
|
MAJOR=1
|
||||||
MINOR=0.2
|
MINOR=0.2
|
||||||
SHLIB_VERSION_NUMBER=1.0.0
|
SHLIB_VERSION_NUMBER=1.0.0
|
||||||
|
@ -5,6 +5,11 @@
|
|||||||
This file gives a brief overview of the major changes between each OpenSSL
|
This file gives a brief overview of the major changes between each OpenSSL
|
||||||
release. For more details please read the CHANGES file.
|
release. For more details please read the CHANGES file.
|
||||||
|
|
||||||
|
Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
|
||||||
|
|
||||||
|
o Client DoS due to large DH parameter (CVE-2018-0732)
|
||||||
|
o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
|
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
|
||||||
|
|
||||||
o Constructed ASN.1 types with a recursive definition could exceed the
|
o Constructed ASN.1 types with a recursive definition could exceed the
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
OpenSSL 1.0.2o 27 Mar 2018
|
OpenSSL 1.0.2p 14 Aug 2018
|
||||||
|
|
||||||
Copyright (c) 1998-2015 The OpenSSL Project
|
Copyright (c) 1998-2018 The OpenSSL Project
|
||||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
|
|||||||
};
|
};
|
||||||
if (set_multi_opts(flags, arg, ex_tbl) == 0)
|
if (set_multi_opts(flags, arg, ex_tbl) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
if ((*flags & XN_FLAG_SEP_MASK) == 0)
|
if (*flags != XN_FLAG_COMPAT
|
||||||
|
&& (*flags & XN_FLAG_SEP_MASK) == 0)
|
||||||
*flags |= XN_FLAG_SEP_CPLUS_SPC;
|
*flags |= XN_FLAG_SEP_CPLUS_SPC;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
|
|||||||
ASN1_TYPE *atmp;
|
ASN1_TYPE *atmp;
|
||||||
int typ;
|
int typ;
|
||||||
j = atoi(sk_OPENSSL_STRING_value(osk, i));
|
j = atoi(sk_OPENSSL_STRING_value(osk, i));
|
||||||
if (j == 0) {
|
if (j <= 0 || j >= tmplen) {
|
||||||
BIO_printf(bio_err, "'%s' is an invalid number\n",
|
BIO_printf(bio_err, "'%s' is an invalid number\n",
|
||||||
sk_OPENSSL_STRING_value(osk, i));
|
sk_OPENSSL_STRING_value(osk, i));
|
||||||
continue;
|
continue;
|
||||||
@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
|
|||||||
num = tmplen;
|
num = tmplen;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (offset >= num) {
|
if (offset < 0 || offset >= num) {
|
||||||
BIO_printf(bio_err, "Error: offset too large\n");
|
BIO_printf(bio_err, "Error: offset out of range\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
num -= offset;
|
num -= offset;
|
||||||
|
|
||||||
if ((length == 0) || ((long)length > num))
|
if (length == 0 || length > (unsigned int)num)
|
||||||
length = (unsigned int)num;
|
length = (unsigned int)num;
|
||||||
if (derout) {
|
if (derout) {
|
||||||
if (BIO_write(derout, str + offset, length) != (int)length) {
|
if (BIO_write(derout, str + offset, length) != (int)length) {
|
||||||
|
@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
|
|||||||
if (j > 0) {
|
if (j > 0) {
|
||||||
total_done++;
|
total_done++;
|
||||||
BIO_printf(bio_err, "\n");
|
BIO_printf(bio_err, "\n");
|
||||||
if (!BN_add_word(serial, 1))
|
if (!BN_add_word(serial, 1)) {
|
||||||
|
X509_free(x);
|
||||||
goto err;
|
goto err;
|
||||||
|
}
|
||||||
if (!sk_X509_push(cert_sk, x)) {
|
if (!sk_X509_push(cert_sk, x)) {
|
||||||
BIO_printf(bio_err, "Memory allocation failure\n");
|
BIO_printf(bio_err, "Memory allocation failure\n");
|
||||||
|
X509_free(x);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 2000.
|
* 2000.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
|
|||||||
OCSP_response_status_str(i), i);
|
OCSP_response_status_str(i), i);
|
||||||
if (ignore_err)
|
if (ignore_err)
|
||||||
goto redo_accept;
|
goto redo_accept;
|
||||||
ret = 0;
|
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
|
|||||||
out_buf[0] = '$';
|
out_buf[0] = '$';
|
||||||
out_buf[1] = 0;
|
out_buf[1] = 0;
|
||||||
assert(strlen(magic) <= 4); /* "1" or "apr1" */
|
assert(strlen(magic) <= 4); /* "1" or "apr1" */
|
||||||
strncat(out_buf, magic, 4);
|
BUF_strlcat(out_buf, magic, sizeof(out_buf));
|
||||||
strncat(out_buf, "$", 1);
|
BUF_strlcat(out_buf, "$", sizeof(out_buf));
|
||||||
strncat(out_buf, salt, 8);
|
BUF_strlcat(out_buf, salt, sizeof(out_buf));
|
||||||
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
|
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
|
||||||
salt_out = out_buf + 2 + strlen(magic);
|
salt_out = out_buf + 2 + strlen(magic);
|
||||||
salt_len = strlen(salt_out);
|
salt_len = strlen(salt_out);
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -152,9 +152,8 @@ typedef fd_mask fd_set;
|
|||||||
#define PROTOCOL "tcp"
|
#define PROTOCOL "tcp"
|
||||||
|
|
||||||
int do_server(int port, int type, int *ret,
|
int do_server(int port, int type, int *ret,
|
||||||
int (*cb) (char *hostname, int s, int stype,
|
int (*cb) (int s, int stype, unsigned char *context),
|
||||||
unsigned char *context), unsigned char *context,
|
unsigned char *context, int naccept);
|
||||||
int naccept);
|
|
||||||
#ifdef HEADER_X509_H
|
#ifdef HEADER_X509_H
|
||||||
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
|
||||||
#endif
|
#endif
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -337,7 +337,7 @@ static void sc_usage(void)
|
|||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
" -prexit - print session information even on connection failure\n");
|
" -prexit - print session information even on connection failure\n");
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
" -showcerts - show all certificates in the chain\n");
|
" -showcerts - Show all certificates sent by the server\n");
|
||||||
BIO_printf(bio_err, " -debug - extra output\n");
|
BIO_printf(bio_err, " -debug - extra output\n");
|
||||||
#ifdef WATT32
|
#ifdef WATT32
|
||||||
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
|
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -209,9 +209,9 @@ typedef unsigned int u_int;
|
|||||||
#ifndef OPENSSL_NO_RSA
|
#ifndef OPENSSL_NO_RSA
|
||||||
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
|
||||||
#endif
|
#endif
|
||||||
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
|
static int sv_body(int s, int stype, unsigned char *context);
|
||||||
static int www_body(char *hostname, int s, int stype, unsigned char *context);
|
static int www_body(int s, int stype, unsigned char *context);
|
||||||
static int rev_body(char *hostname, int s, int stype, unsigned char *context);
|
static int rev_body(int s, int stype, unsigned char *context);
|
||||||
static void close_accept_socket(void);
|
static void close_accept_socket(void);
|
||||||
static void sv_usage(void);
|
static void sv_usage(void);
|
||||||
static int init_ssl_connection(SSL *s);
|
static int init_ssl_connection(SSL *s);
|
||||||
@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
|
|||||||
char *chCApath = NULL, *chCAfile = NULL;
|
char *chCApath = NULL, *chCAfile = NULL;
|
||||||
char *vfyCApath = NULL, *vfyCAfile = NULL;
|
char *vfyCApath = NULL, *vfyCAfile = NULL;
|
||||||
unsigned char *context = NULL;
|
unsigned char *context = NULL;
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
char *dhfile = NULL;
|
char *dhfile = NULL;
|
||||||
|
int no_dhe = 0;
|
||||||
|
#endif
|
||||||
int badop = 0;
|
int badop = 0;
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
int build_chain = 0;
|
int build_chain = 0;
|
||||||
int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
|
int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
|
||||||
int state = 0;
|
int state = 0;
|
||||||
const SSL_METHOD *meth = NULL;
|
const SSL_METHOD *meth = NULL;
|
||||||
int socket_type = SOCK_STREAM;
|
int socket_type = SOCK_STREAM;
|
||||||
@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
|
|||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
s_chain_file = *(++argv);
|
s_chain_file = *(++argv);
|
||||||
} else if (strcmp(*argv, "-dhparam") == 0) {
|
}
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
|
else if (strcmp(*argv, "-dhparam") == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
dhfile = *(++argv);
|
dhfile = *(++argv);
|
||||||
} else if (strcmp(*argv, "-dcertform") == 0) {
|
}
|
||||||
|
#endif
|
||||||
|
else if (strcmp(*argv, "-dcertform") == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
s_dcert_format = str2fmt(*(++argv));
|
s_dcert_format = str2fmt(*(++argv));
|
||||||
@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
|
|||||||
verify_quiet = 1;
|
verify_quiet = 1;
|
||||||
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
|
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
|
||||||
no_tmp_rsa = 1;
|
no_tmp_rsa = 1;
|
||||||
} else if (strcmp(*argv, "-no_dhe") == 0) {
|
}
|
||||||
|
#ifndef OPENSSL_NO_DH
|
||||||
|
else if (strcmp(*argv, "-no_dhe") == 0) {
|
||||||
no_dhe = 1;
|
no_dhe = 1;
|
||||||
} else if (strcmp(*argv, "-no_ecdhe") == 0) {
|
}
|
||||||
|
#endif
|
||||||
|
else if (strcmp(*argv, "-no_ecdhe") == 0) {
|
||||||
no_ecdhe = 1;
|
no_ecdhe = 1;
|
||||||
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
|
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
|
||||||
no_resume_ephemeral = 1;
|
no_resume_ephemeral = 1;
|
||||||
@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
|
|||||||
SSL_CTX_sess_get_cache_size(ssl_ctx));
|
SSL_CTX_sess_get_cache_size(ssl_ctx));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int sv_body(char *hostname, int s, int stype, unsigned char *context)
|
static int sv_body(int s, int stype, unsigned char *context)
|
||||||
{
|
{
|
||||||
char *buf = NULL;
|
char *buf = NULL;
|
||||||
fd_set readfds;
|
fd_set readfds;
|
||||||
@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int www_body(char *hostname, int s, int stype, unsigned char *context)
|
static int www_body(int s, int stype, unsigned char *context)
|
||||||
{
|
{
|
||||||
char *buf = NULL;
|
char *buf = NULL;
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
|
|||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int rev_body(char *hostname, int s, int stype, unsigned char *context)
|
static int rev_body(int s, int stype, unsigned char *context)
|
||||||
{
|
{
|
||||||
char *buf = NULL;
|
char *buf = NULL;
|
||||||
int i;
|
int i;
|
||||||
|
@ -109,7 +109,7 @@ static int ssl_sock_init(void);
|
|||||||
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
|
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
|
||||||
static int init_server(int *sock, int port, int type);
|
static int init_server(int *sock, int port, int type);
|
||||||
static int init_server_long(int *sock, int port, char *ip, int type);
|
static int init_server_long(int *sock, int port, char *ip, int type);
|
||||||
static int do_accept(int acc_sock, int *sock, char **host);
|
static int do_accept(int acc_sock, int *sock);
|
||||||
static int host_ip(char *str, unsigned char ip[4]);
|
static int host_ip(char *str, unsigned char ip[4]);
|
||||||
|
|
||||||
# ifdef OPENSSL_SYS_WIN16
|
# ifdef OPENSSL_SYS_WIN16
|
||||||
@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
int do_server(int port, int type, int *ret,
|
int do_server(int port, int type, int *ret,
|
||||||
int (*cb) (char *hostname, int s, int stype,
|
int (*cb) (int s, int stype, unsigned char *context),
|
||||||
unsigned char *context), unsigned char *context,
|
unsigned char *context, int naccept)
|
||||||
int naccept)
|
|
||||||
{
|
{
|
||||||
int sock;
|
int sock;
|
||||||
char *name = NULL;
|
|
||||||
int accept_socket = 0;
|
int accept_socket = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
|
|||||||
}
|
}
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (type == SOCK_STREAM) {
|
if (type == SOCK_STREAM) {
|
||||||
if (do_accept(accept_socket, &sock, &name) == 0) {
|
if (do_accept(accept_socket, &sock) == 0) {
|
||||||
SHUTDOWN(accept_socket);
|
SHUTDOWN(accept_socket);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
sock = accept_socket;
|
sock = accept_socket;
|
||||||
i = (*cb) (name, sock, type, context);
|
i = (*cb) (sock, type, context);
|
||||||
if (name != NULL)
|
|
||||||
OPENSSL_free(name);
|
|
||||||
if (type == SOCK_STREAM)
|
if (type == SOCK_STREAM)
|
||||||
SHUTDOWN2(sock);
|
SHUTDOWN2(sock);
|
||||||
if (naccept != -1)
|
if (naccept != -1)
|
||||||
@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
|
|||||||
return (init_server_long(sock, port, NULL, type));
|
return (init_server_long(sock, port, NULL, type));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int do_accept(int acc_sock, int *sock, char **host)
|
static int do_accept(int acc_sock, int *sock)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
struct hostent *h1, *h2;
|
|
||||||
static struct sockaddr_in from;
|
|
||||||
int len;
|
|
||||||
/* struct linger ling; */
|
|
||||||
|
|
||||||
if (!ssl_sock_init())
|
if (!ssl_sock_init())
|
||||||
return (0);
|
return 0;
|
||||||
|
|
||||||
# ifndef OPENSSL_SYS_WINDOWS
|
# ifndef OPENSSL_SYS_WINDOWS
|
||||||
redoit:
|
redoit:
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
memset((char *)&from, 0, sizeof(from));
|
|
||||||
len = sizeof(from);
|
|
||||||
/*
|
/*
|
||||||
* Note: under VMS with SOCKETSHR the fourth parameter is currently of
|
* Note: under VMS with SOCKETSHR the fourth parameter is currently of
|
||||||
* type (int *) whereas under other systems it is (void *) if you don't
|
* type (int *) whereas under other systems it is (void *) if you don't
|
||||||
* have a cast it will choke the compiler: if you do have a cast then you
|
* have a cast it will choke the compiler: if you do have a cast then you
|
||||||
* can either go for (int *) or (void *).
|
* can either go for (int *) or (void *).
|
||||||
*/
|
*/
|
||||||
ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
|
ret = accept(acc_sock, NULL, NULL);
|
||||||
if (ret == INVALID_SOCKET) {
|
if (ret == INVALID_SOCKET) {
|
||||||
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
|
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
|
||||||
int i;
|
int i;
|
||||||
@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **host)
|
|||||||
fprintf(stderr, "errno=%d ", errno);
|
fprintf(stderr, "errno=%d ", errno);
|
||||||
perror("accept");
|
perror("accept");
|
||||||
# endif
|
# endif
|
||||||
return (0);
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*-
|
|
||||||
ling.l_onoff=1;
|
|
||||||
ling.l_linger=0;
|
|
||||||
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
|
|
||||||
if (i < 0) { perror("linger"); return(0); }
|
|
||||||
i=0;
|
|
||||||
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
|
|
||||||
if (i < 0) { perror("keepalive"); return(0); }
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (host == NULL)
|
|
||||||
goto end;
|
|
||||||
# ifndef BIT_FIELD_LIMITS
|
|
||||||
/* I should use WSAAsyncGetHostByName() under windows */
|
|
||||||
h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
|
|
||||||
sizeof(from.sin_addr.s_addr), AF_INET);
|
|
||||||
# else
|
|
||||||
h1 = gethostbyaddr((char *)&from.sin_addr,
|
|
||||||
sizeof(struct in_addr), AF_INET);
|
|
||||||
# endif
|
|
||||||
if (h1 == NULL) {
|
|
||||||
BIO_printf(bio_err, "bad gethostbyaddr\n");
|
|
||||||
*host = NULL;
|
|
||||||
/* return(0); */
|
|
||||||
} else {
|
|
||||||
if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
|
|
||||||
perror("OPENSSL_malloc");
|
|
||||||
closesocket(ret);
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
|
|
||||||
|
|
||||||
h2 = GetHostByName(*host);
|
|
||||||
if (h2 == NULL) {
|
|
||||||
BIO_printf(bio_err, "gethostbyname failure\n");
|
|
||||||
closesocket(ret);
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
if (h2->h_addrtype != AF_INET) {
|
|
||||||
BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
|
|
||||||
closesocket(ret);
|
|
||||||
return (0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
end:
|
|
||||||
*sock = ret;
|
*sock = ret;
|
||||||
return (1);
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
|
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
|
||||||
|
@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
|
|||||||
X509_STORE_set_flags(ctx, vflags);
|
X509_STORE_set_flags(ctx, vflags);
|
||||||
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
|
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
|
X509_STORE_CTX_free(csc);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (tchain)
|
if (tchain)
|
||||||
|
@ -46,7 +46,7 @@ SRC= $(LIBSRC)
|
|||||||
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
|
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
|
||||||
ossl_typ.h
|
ossl_typ.h
|
||||||
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
|
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
|
||||||
constant_time_locl.h $(EXHEADER)
|
constant_time_locl.h bn_int.h $(EXHEADER)
|
||||||
|
|
||||||
ALL= $(GENERAL) $(SRC) $(HEADER)
|
ALL= $(GENERAL) $(SRC) $(HEADER)
|
||||||
|
|
||||||
|
@ -63,17 +63,31 @@
|
|||||||
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
|
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
unsigned char *p;
|
unsigned char *p, *allocated = NULL;
|
||||||
|
|
||||||
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
|
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
|
||||||
if (pp == NULL)
|
if (pp == NULL)
|
||||||
return (r);
|
return (r);
|
||||||
p = *pp;
|
|
||||||
|
if (*pp == NULL) {
|
||||||
|
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
|
||||||
|
ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
p = *pp;
|
||||||
|
}
|
||||||
|
|
||||||
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
|
||||||
*(p++) = (unsigned char)a;
|
*p = (unsigned char)a;
|
||||||
*pp = p;
|
|
||||||
return (r);
|
|
||||||
|
/*
|
||||||
|
* If a new buffer was allocated, just return it back.
|
||||||
|
* If not, return the incremented buffer pointer.
|
||||||
|
*/
|
||||||
|
*pp = allocated != NULL ? allocated : p + 1;
|
||||||
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
|
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
|
||||||
|
@ -66,7 +66,7 @@
|
|||||||
|
|
||||||
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
||||||
{
|
{
|
||||||
unsigned char *p;
|
unsigned char *p, *allocated = NULL;
|
||||||
int objsize;
|
int objsize;
|
||||||
|
|
||||||
if ((a == NULL) || (a->data == NULL))
|
if ((a == NULL) || (a->data == NULL))
|
||||||
@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
|
|||||||
if (pp == NULL || objsize == -1)
|
if (pp == NULL || objsize == -1)
|
||||||
return objsize;
|
return objsize;
|
||||||
|
|
||||||
p = *pp;
|
if (*pp == NULL) {
|
||||||
|
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
|
||||||
|
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
p = *pp;
|
||||||
|
}
|
||||||
|
|
||||||
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
|
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
|
||||||
memcpy(p, a->data, a->length);
|
memcpy(p, a->data, a->length);
|
||||||
p += a->length;
|
|
||||||
|
|
||||||
*pp = p;
|
/*
|
||||||
return (objsize);
|
* If a new buffer was allocated, just return it back.
|
||||||
|
* If not, return the incremented buffer pointer.
|
||||||
|
*/
|
||||||
|
*pp = allocated != NULL ? allocated : p + a->length;
|
||||||
|
return objsize;
|
||||||
}
|
}
|
||||||
|
|
||||||
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
|
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 2000.
|
* 2000.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
|
|||||||
int type, unsigned char flags, char *quotes, char_io *io_ch,
|
int type, unsigned char flags, char *quotes, char_io *io_ch,
|
||||||
void *arg)
|
void *arg)
|
||||||
{
|
{
|
||||||
int i, outlen, len;
|
int i, outlen, len, charwidth;
|
||||||
unsigned char orflags, *p, *q;
|
unsigned char orflags, *p, *q;
|
||||||
unsigned long c;
|
unsigned long c;
|
||||||
p = buf;
|
p = buf;
|
||||||
q = buf + buflen;
|
q = buf + buflen;
|
||||||
outlen = 0;
|
outlen = 0;
|
||||||
|
charwidth = type & BUF_TYPE_WIDTH_MASK;
|
||||||
|
|
||||||
|
switch (charwidth) {
|
||||||
|
case 4:
|
||||||
|
if (buflen & 3) {
|
||||||
|
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
if (buflen & 1) {
|
||||||
|
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
while (p != q) {
|
while (p != q) {
|
||||||
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
|
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
|
||||||
orflags = CHARTYPE_FIRST_ESC_2253;
|
orflags = CHARTYPE_FIRST_ESC_2253;
|
||||||
else
|
else
|
||||||
orflags = 0;
|
orflags = 0;
|
||||||
switch (type & BUF_TYPE_WIDTH_MASK) {
|
|
||||||
|
switch (charwidth) {
|
||||||
case 4:
|
case 4:
|
||||||
c = ((unsigned long)*p++) << 24;
|
c = ((unsigned long)*p++) << 24;
|
||||||
c |= ((unsigned long)*p++) << 16;
|
c |= ((unsigned long)*p++) << 16;
|
||||||
@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
|
|||||||
i = UTF8_getc(p, buflen, &c);
|
i = UTF8_getc(p, buflen, &c);
|
||||||
if (i < 0)
|
if (i < 0)
|
||||||
return -1; /* Invalid UTF8String */
|
return -1; /* Invalid UTF8String */
|
||||||
|
buflen -= i;
|
||||||
p += i;
|
p += i;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* 2006.
|
* 2006.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
|
|||||||
} else
|
} else
|
||||||
ameth->info = NULL;
|
ameth->info = NULL;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* One of the following must be true:
|
||||||
|
*
|
||||||
|
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
|
||||||
|
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
|
||||||
|
*
|
||||||
|
* Anything else is an error and may lead to a corrupt ASN1 method table
|
||||||
|
*/
|
||||||
|
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|
||||||
|
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
|
||||||
|
goto err;
|
||||||
|
|
||||||
if (pem_str) {
|
if (pem_str) {
|
||||||
ameth->pem_str = BUF_strdup(pem_str);
|
ameth->pem_str = BUF_strdup(pem_str);
|
||||||
if (!ameth->pem_str)
|
if (!ameth->pem_str)
|
||||||
|
@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
|
|||||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||||
* made after this point may be overwritten when the script is next run.
|
* made after this point may be overwritten when the script is next run.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
void ERR_load_ASN1_strings(void);
|
void ERR_load_ASN1_strings(void);
|
||||||
|
|
||||||
/* Error codes for the ASN1 functions. */
|
/* Error codes for the ASN1 functions. */
|
||||||
@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
|
|||||||
# define ASN1_F_D2I_X509 156
|
# define ASN1_F_D2I_X509 156
|
||||||
# define ASN1_F_D2I_X509_CINF 157
|
# define ASN1_F_D2I_X509_CINF 157
|
||||||
# define ASN1_F_D2I_X509_PKEY 159
|
# define ASN1_F_D2I_X509_PKEY 159
|
||||||
|
# define ASN1_F_DO_BUF 221
|
||||||
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
|
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
|
||||||
|
# define ASN1_F_I2D_ASN1_BOOLEAN 223
|
||||||
|
# define ASN1_F_I2D_ASN1_OBJECT 222
|
||||||
# define ASN1_F_I2D_ASN1_SET 188
|
# define ASN1_F_I2D_ASN1_SET 188
|
||||||
# define ASN1_F_I2D_ASN1_TIME 160
|
# define ASN1_F_I2D_ASN1_TIME 160
|
||||||
# define ASN1_F_I2D_DSA_PUBKEY 161
|
# define ASN1_F_I2D_DSA_PUBKEY 161
|
||||||
@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
|
|||||||
# define ASN1_R_WRONG_TAG 168
|
# define ASN1_R_WRONG_TAG 168
|
||||||
# define ASN1_R_WRONG_TYPE 169
|
# define ASN1_R_WRONG_TYPE 169
|
||||||
|
|
||||||
#ifdef __cplusplus
|
# ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
|
|||||||
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
|
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
|
||||||
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
|
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
|
||||||
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
|
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
|
||||||
|
{ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
|
||||||
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
|
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
|
||||||
|
{ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
|
||||||
|
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
|
||||||
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
|
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
|
||||||
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
|
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
|
||||||
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
|
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 2000.
|
* 2000.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
|
|||||||
otmp = (ASN1_OBJECT *)*pval;
|
otmp = (ASN1_OBJECT *)*pval;
|
||||||
cont = otmp->data;
|
cont = otmp->data;
|
||||||
len = otmp->length;
|
len = otmp->length;
|
||||||
|
if (cont == NULL || len == 0)
|
||||||
|
return -1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case V_ASN1_NULL:
|
case V_ASN1_NULL:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* crypto/bio/bss_log.c */
|
/* crypto/bio/bss_log.c */
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
|
|||||||
if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
|
if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
strncpy(buf, in, inl);
|
memcpy(buf, in, inl);
|
||||||
buf[inl] = '\0';
|
buf[inl] = '\0';
|
||||||
|
|
||||||
i = 0;
|
i = 0;
|
||||||
|
@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
BIO_clear_retry_flags(b);
|
BIO_clear_retry_flags(b);
|
||||||
|
if (inl == 0)
|
||||||
|
return 0;
|
||||||
blen = bm->length;
|
blen = bm->length;
|
||||||
if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
|
if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
|
||||||
goto end;
|
goto end;
|
||||||
|
@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
|||||||
bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
|
bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c
|
||||||
|
bn_add.o: bn_lcl.h
|
||||||
bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
|
bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c
|
||||||
|
bn_asm.o: bn_lcl.h
|
||||||
bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
|
bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h
|
||||||
|
bn_blind.o: bn_blind.c bn_lcl.h
|
||||||
bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||||
bn_const.o: ../../include/openssl/opensslconf.h
|
bn_const.o: ../../include/openssl/opensslconf.h
|
||||||
bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
|||||||
bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
|
bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c
|
||||||
|
bn_ctx.o: bn_lcl.h
|
||||||
bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
|||||||
bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
||||||
bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||||
bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
|
bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h
|
||||||
bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
|
bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c
|
||||||
|
bn_div.o: bn_lcl.h
|
||||||
bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||||
bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||||
@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
|||||||
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
|
bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
|
||||||
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h
|
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h
|
||||||
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
|||||||
bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
|
bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c
|
||||||
|
bn_exp2.o: bn_lcl.h
|
||||||
bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
|
bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c
|
||||||
|
bn_gcd.o: bn_lcl.h
|
||||||
bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
|
bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c
|
||||||
|
bn_gf2m.o: bn_lcl.h
|
||||||
bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
|
bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c
|
||||||
|
bn_kron.o: bn_lcl.h
|
||||||
bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
|
bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_lib.o: bn_lib.c
|
||||||
bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
|
bn_mod.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_mod.o: bn_mod.c
|
||||||
bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
|
bn_mont.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_mont.o: bn_mont.c
|
||||||
bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
|
bn_mpi.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_mpi.o: bn_mpi.c
|
||||||
bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
|
bn_mul.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_mul.o: bn_mul.c
|
||||||
bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
|
bn_nist.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_nist.o: bn_nist.c
|
||||||
bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
@ -331,14 +346,15 @@ bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
|||||||
bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
||||||
bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||||
bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
|
bn_prime.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
|
||||||
bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
|
bn_print.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_print.o: bn_print.c
|
||||||
bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
@ -346,42 +362,47 @@ bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
|||||||
bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
|
||||||
bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||||
bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
|
bn_rand.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_rand.c
|
||||||
bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
|
bn_recp.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_recp.o: bn_recp.c
|
||||||
bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
|
bn_shift.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_shift.o: bn_shift.c
|
||||||
bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
|
bn_sqr.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_sqr.o: bn_sqr.c
|
||||||
bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
|
bn_sqrt.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_sqrt.o: bn_sqrt.c
|
||||||
bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||||
bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
||||||
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
|
bn_word.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
|
||||||
|
bn_word.o: bn_word.c
|
||||||
bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||||
bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
||||||
bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
|
@ -216,14 +216,15 @@ bn_mul_mont:
|
|||||||
mov $tp,sp @ "rewind" $tp
|
mov $tp,sp @ "rewind" $tp
|
||||||
sub $rp,$rp,$aj @ "rewind" $rp
|
sub $rp,$rp,$aj @ "rewind" $rp
|
||||||
|
|
||||||
and $ap,$tp,$nhi
|
.Lcopy: ldr $tj,[$tp] @ conditional copy
|
||||||
bic $np,$rp,$nhi
|
ldr $aj,[$rp]
|
||||||
orr $ap,$ap,$np @ ap=borrow?tp:rp
|
|
||||||
|
|
||||||
.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh
|
|
||||||
str sp,[$tp],#4 @ zap tp
|
str sp,[$tp],#4 @ zap tp
|
||||||
str $tj,[$rp],#4
|
#ifdef __thumb2__
|
||||||
cmp $tp,$num
|
it cc
|
||||||
|
#endif
|
||||||
|
movcc $aj,$tj
|
||||||
|
str $aj,[$rp],#4
|
||||||
|
teq $tp,$num @ preserve carry
|
||||||
bne .Lcopy
|
bne .Lcopy
|
||||||
|
|
||||||
add sp,$num,#4 @ skip over tp[num+1]
|
add sp,$num,#4 @ skip over tp[num+1]
|
||||||
|
@ -332,19 +332,19 @@ bn_mul_mont_general:
|
|||||||
{ .mmb; sub rptr=rptr,len // rewind
|
{ .mmb; sub rptr=rptr,len // rewind
|
||||||
sub tptr=tptr,len
|
sub tptr=tptr,len
|
||||||
clrrrb.pr };;
|
clrrrb.pr };;
|
||||||
{ .mmi; and aptr=tptr,topbit
|
{ .mmi; mov aptr=rptr
|
||||||
andcm bptr=rptr,topbit
|
mov bptr=tptr
|
||||||
mov pr.rot=1<<16 };;
|
mov pr.rot=1<<16 };;
|
||||||
{ .mii; or nptr=aptr,bptr
|
{ .mii; cmp.eq p0,p6=topbit,r0
|
||||||
mov ar.lc=lc
|
mov ar.lc=lc
|
||||||
mov ar.ec=3 };;
|
mov ar.ec=2 };;
|
||||||
|
|
||||||
.Lcopy_ctop:
|
.Lcopy_ctop:
|
||||||
{ .mmb; (p16) ld8 n[0]=[nptr],8
|
{ .mmi; (p16) ld8 a[0]=[aptr],8
|
||||||
(p18) st8 [tptr]=r0,8
|
(p16) ld8 t[0]=[bptr],8
|
||||||
(p16) nop.b 0 }
|
(p6) mov a[1]=t[1] };; // (p17)
|
||||||
{ .mmb; (p16) nop.m 0
|
{ .mmb; (p17) st8 [rptr]=a[1],8
|
||||||
(p18) st8 [rptr]=n[2],8
|
(p17) st8 [tptr]=r0,8
|
||||||
br.ctop.sptk .Lcopy_ctop };;
|
br.ctop.sptk .Lcopy_ctop };;
|
||||||
.Lcopy_cend:
|
.Lcopy_cend:
|
||||||
|
|
||||||
|
@ -377,15 +377,13 @@ $code.=<<___;
|
|||||||
$PTR_SUB $rp,$num # restore rp
|
$PTR_SUB $rp,$num # restore rp
|
||||||
not $hi1,$hi0
|
not $hi1,$hi0
|
||||||
|
|
||||||
and $ap,$hi0,$sp
|
.Lcopy: $LD $nj,($tp) # conditional move
|
||||||
and $bp,$hi1,$rp
|
$LD $aj,($rp)
|
||||||
or $ap,$ap,$bp # ap=borrow?tp:rp
|
|
||||||
|
|
||||||
.align 4
|
|
||||||
.Lcopy: $LD $aj,($ap)
|
|
||||||
$PTR_ADD $ap,$BNSZ
|
|
||||||
$ST $zero,($tp)
|
$ST $zero,($tp)
|
||||||
$PTR_ADD $tp,$BNSZ
|
$PTR_ADD $tp,$BNSZ
|
||||||
|
and $nj,$hi0
|
||||||
|
and $aj,$hi1
|
||||||
|
or $aj,$nj
|
||||||
sltu $at,$tp,$tj
|
sltu $at,$tp,$tj
|
||||||
$ST $aj,($rp)
|
$ST $aj,($rp)
|
||||||
bnez $at,.Lcopy
|
bnez $at,.Lcopy
|
||||||
|
@ -510,7 +510,6 @@ L\$sub
|
|||||||
stws,ma $hi1,4($rp)
|
stws,ma $hi1,4($rp)
|
||||||
|
|
||||||
subb $ti0,%r0,$hi1
|
subb $ti0,%r0,$hi1
|
||||||
ldo -4($tp),$tp
|
|
||||||
___
|
___
|
||||||
$code.=<<___ if ($BN_SZ==8);
|
$code.=<<___ if ($BN_SZ==8);
|
||||||
ldd,ma 8($tp),$ti0
|
ldd,ma 8($tp),$ti0
|
||||||
@ -525,21 +524,19 @@ L\$sub
|
|||||||
|
|
||||||
extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
|
extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
|
||||||
sub,db $ti0,%r0,$hi1
|
sub,db $ti0,%r0,$hi1
|
||||||
ldo -8($tp),$tp
|
|
||||||
___
|
___
|
||||||
$code.=<<___;
|
$code.=<<___;
|
||||||
and $tp,$hi1,$ap
|
ldo `$LOCALS+32`($fp),$tp
|
||||||
andcm $rp,$hi1,$bp
|
|
||||||
or $ap,$bp,$np
|
|
||||||
|
|
||||||
sub $rp,$arrsz,$rp ; rewind rp
|
sub $rp,$arrsz,$rp ; rewind rp
|
||||||
subi 0,$arrsz,$idx
|
subi 0,$arrsz,$idx
|
||||||
ldo `$LOCALS+32`($fp),$tp
|
|
||||||
L\$copy
|
L\$copy
|
||||||
ldd $idx($np),$hi0
|
ldd 0($tp),$ti0
|
||||||
|
ldd 0($rp),$hi0
|
||||||
std,ma %r0,8($tp)
|
std,ma %r0,8($tp)
|
||||||
addib,<> 8,$idx,.-8 ; L\$copy
|
comiclr,= 0,$hi1,%r0
|
||||||
std,ma $hi0,8($rp)
|
copy $ti0,$hi0
|
||||||
|
addib,<> 8,$idx,L\$copy
|
||||||
|
std,ma $hi0,8($rp)
|
||||||
___
|
___
|
||||||
|
|
||||||
if ($BN_SZ==4) { # PA-RISC 1.1 code-path
|
if ($BN_SZ==4) { # PA-RISC 1.1 code-path
|
||||||
@ -849,17 +846,16 @@ L\$sub_pa11
|
|||||||
stws,ma $hi1,4($rp)
|
stws,ma $hi1,4($rp)
|
||||||
|
|
||||||
subb $ti0,%r0,$hi1
|
subb $ti0,%r0,$hi1
|
||||||
ldo -4($tp),$tp
|
|
||||||
and $tp,$hi1,$ap
|
|
||||||
andcm $rp,$hi1,$bp
|
|
||||||
or $ap,$bp,$np
|
|
||||||
|
|
||||||
|
ldo `$LOCALS+32`($fp),$tp
|
||||||
sub $rp,$arrsz,$rp ; rewind rp
|
sub $rp,$arrsz,$rp ; rewind rp
|
||||||
subi 0,$arrsz,$idx
|
subi 0,$arrsz,$idx
|
||||||
ldo `$LOCALS+32`($fp),$tp
|
|
||||||
L\$copy_pa11
|
L\$copy_pa11
|
||||||
ldwx $idx($np),$hi0
|
ldw 0($tp),$ti0
|
||||||
|
ldw 0($rp),$hi0
|
||||||
stws,ma %r0,4($tp)
|
stws,ma %r0,4($tp)
|
||||||
|
comiclr,= 0,$hi1,%r0
|
||||||
|
copy $ti0,$hi0
|
||||||
addib,<> 4,$idx,L\$copy_pa11
|
addib,<> 4,$idx,L\$copy_pa11
|
||||||
stws,ma $hi0,4($rp)
|
stws,ma $hi0,4($rp)
|
||||||
|
|
||||||
|
@ -294,15 +294,16 @@ Lsub: $LDX $tj,$tp,$j
|
|||||||
li $j,0
|
li $j,0
|
||||||
mtctr $num
|
mtctr $num
|
||||||
subfe $ovf,$j,$ovf ; handle upmost overflow bit
|
subfe $ovf,$j,$ovf ; handle upmost overflow bit
|
||||||
and $ap,$tp,$ovf
|
|
||||||
andc $np,$rp,$ovf
|
|
||||||
or $ap,$ap,$np ; ap=borrow?tp:rp
|
|
||||||
|
|
||||||
.align 4
|
.align 4
|
||||||
Lcopy: ; copy or in-place refresh
|
Lcopy: ; conditional copy
|
||||||
$LDX $tj,$ap,$j
|
$LDX $tj,$tp,$j
|
||||||
$STX $tj,$rp,$j
|
$LDX $aj,$rp,$j
|
||||||
|
and $tj,$tj,$ovf
|
||||||
|
andc $aj,$aj,$ovf
|
||||||
$STX $j,$tp,$j ; zap at once
|
$STX $j,$tp,$j ; zap at once
|
||||||
|
or $aj,$aj,$tj
|
||||||
|
$STX $aj,$rp,$j
|
||||||
addi $j,$j,$BNSZ
|
addi $j,$j,$BNSZ
|
||||||
bdnz Lcopy
|
bdnz Lcopy
|
||||||
|
|
||||||
|
@ -1494,16 +1494,14 @@ Lsub: ldx $t0,$tp,$i
|
|||||||
|
|
||||||
li $i,0
|
li $i,0
|
||||||
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
||||||
and $ap,$tp,$ovf
|
|
||||||
andc $np,$rp,$ovf
|
|
||||||
or $ap,$ap,$np ; ap=borrow?tp:rp
|
|
||||||
addi $t7,$ap,8
|
|
||||||
mtctr $j
|
mtctr $j
|
||||||
|
|
||||||
.align 4
|
.align 4
|
||||||
Lcopy: ; copy or in-place refresh
|
Lcopy: ; conditional copy
|
||||||
ldx $t0,$ap,$i
|
ldx $t0,$tp,$i
|
||||||
ldx $t1,$t7,$i
|
ldx $t1,$t4,$i
|
||||||
|
ldx $t2,$rp,$i
|
||||||
|
ldx $t3,$t6,$i
|
||||||
std $i,8($nap_d) ; zap nap_d
|
std $i,8($nap_d) ; zap nap_d
|
||||||
std $i,16($nap_d)
|
std $i,16($nap_d)
|
||||||
std $i,24($nap_d)
|
std $i,24($nap_d)
|
||||||
@ -1512,6 +1510,12 @@ Lcopy: ; copy or in-place refresh
|
|||||||
std $i,48($nap_d)
|
std $i,48($nap_d)
|
||||||
std $i,56($nap_d)
|
std $i,56($nap_d)
|
||||||
stdu $i,64($nap_d)
|
stdu $i,64($nap_d)
|
||||||
|
and $t0,$t0,$ovf
|
||||||
|
and $t1,$t1,$ovf
|
||||||
|
andc $t2,$t2,$ovf
|
||||||
|
andc $t3,$t3,$ovf
|
||||||
|
or $t0,$t0,$t2
|
||||||
|
or $t1,$t1,$t3
|
||||||
stdx $t0,$rp,$i
|
stdx $t0,$rp,$i
|
||||||
stdx $t1,$t6,$i
|
stdx $t1,$t6,$i
|
||||||
stdx $i,$tp,$i ; zap tp at once
|
stdx $i,$tp,$i ; zap tp at once
|
||||||
@ -1554,20 +1558,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order
|
|||||||
|
|
||||||
li $i,0
|
li $i,0
|
||||||
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
subfe $ovf,$i,$ovf ; handle upmost overflow bit
|
||||||
addi $tp,$sp,`$FRAME+$TRANSFER+4`
|
addi $ap,$sp,`$FRAME+$TRANSFER+4`
|
||||||
subf $rp,$num,$rp ; rewind rp
|
subf $rp,$num,$rp ; rewind rp
|
||||||
and $ap,$tp,$ovf
|
|
||||||
andc $np,$rp,$ovf
|
|
||||||
or $ap,$ap,$np ; ap=borrow?tp:rp
|
|
||||||
addi $tp,$sp,`$FRAME+$TRANSFER`
|
addi $tp,$sp,`$FRAME+$TRANSFER`
|
||||||
mtctr $j
|
mtctr $j
|
||||||
|
|
||||||
.align 4
|
.align 4
|
||||||
Lcopy: ; copy or in-place refresh
|
Lcopy: ; conditional copy
|
||||||
lwz $t0,4($ap)
|
lwz $t0,4($ap)
|
||||||
lwz $t1,8($ap)
|
lwz $t1,8($ap)
|
||||||
lwz $t2,12($ap)
|
lwz $t2,12($ap)
|
||||||
lwzu $t3,16($ap)
|
lwzu $t3,16($ap)
|
||||||
|
lwz $t4,4($rp)
|
||||||
|
lwz $t5,8($rp)
|
||||||
|
lwz $t6,12($rp)
|
||||||
|
lwz $t7,16($rp)
|
||||||
std $i,8($nap_d) ; zap nap_d
|
std $i,8($nap_d) ; zap nap_d
|
||||||
std $i,16($nap_d)
|
std $i,16($nap_d)
|
||||||
std $i,24($nap_d)
|
std $i,24($nap_d)
|
||||||
@ -1576,6 +1581,18 @@ Lcopy: ; copy or in-place refresh
|
|||||||
std $i,48($nap_d)
|
std $i,48($nap_d)
|
||||||
std $i,56($nap_d)
|
std $i,56($nap_d)
|
||||||
stdu $i,64($nap_d)
|
stdu $i,64($nap_d)
|
||||||
|
and $t0,$t0,$ovf
|
||||||
|
and $t1,$t1,$ovf
|
||||||
|
and $t2,$t2,$ovf
|
||||||
|
and $t3,$t3,$ovf
|
||||||
|
andc $t4,$t4,$ovf
|
||||||
|
andc $t5,$t5,$ovf
|
||||||
|
andc $t6,$t6,$ovf
|
||||||
|
andc $t7,$t7,$ovf
|
||||||
|
or $t0,$t0,$t4
|
||||||
|
or $t1,$t1,$t5
|
||||||
|
or $t2,$t2,$t6
|
||||||
|
or $t3,$t3,$t7
|
||||||
stw $t0,4($rp)
|
stw $t0,4($rp)
|
||||||
stw $t1,8($rp)
|
stw $t1,8($rp)
|
||||||
stw $t2,12($rp)
|
stw $t2,12($rp)
|
||||||
|
@ -97,7 +97,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
|||||||
$addx = ($1>=11);
|
$addx = ($1>=11);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||||
$avx = ($ver>=3.0) + ($ver>=3.01);
|
$avx = ($ver>=3.0) + ($ver>=3.01);
|
||||||
$addx = ($ver>=3.03);
|
$addx = ($ver>=3.03);
|
||||||
|
@ -245,16 +245,16 @@ $code.=<<___;
|
|||||||
brct $count,.Lsub
|
brct $count,.Lsub
|
||||||
lghi $ahi,0
|
lghi $ahi,0
|
||||||
slbgr $AHI,$ahi # handle upmost carry
|
slbgr $AHI,$ahi # handle upmost carry
|
||||||
|
lghi $NHI,-1
|
||||||
ngr $ap,$AHI
|
xgr $NHI,$AHI
|
||||||
lghi $np,-1
|
|
||||||
xgr $np,$AHI
|
|
||||||
ngr $np,$rp
|
|
||||||
ogr $ap,$np # ap=borrow?tp:rp
|
|
||||||
|
|
||||||
la $j,0(%r0)
|
la $j,0(%r0)
|
||||||
lgr $count,$num
|
lgr $count,$num
|
||||||
.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh
|
.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
|
||||||
|
lg $alo,0($j,$rp)
|
||||||
|
ngr $ahi,$AHI
|
||||||
|
ngr $alo,$NHI
|
||||||
|
ogr $alo,$ahi
|
||||||
_dswap $alo
|
_dswap $alo
|
||||||
stg $j,$stdframe($j,$sp) # zap tp
|
stg $j,$stdframe($j,$sp) # zap tp
|
||||||
stg $alo,0($j,$rp)
|
stg $alo,0($j,$rp)
|
||||||
|
@ -878,19 +878,17 @@ $code.=<<___;
|
|||||||
sub $tp, $num, $tp
|
sub $tp, $num, $tp
|
||||||
sub $rp, $num, $rp
|
sub $rp, $num, $rp
|
||||||
|
|
||||||
subc $ovf, %g0, $ovf ! handle upmost overflow bit
|
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
|
||||||
and $tp, $ovf, $ap
|
|
||||||
andn $rp, $ovf, $np
|
|
||||||
or $np, $ap, $ap ! ap=borrow?tp:rp
|
|
||||||
ba .Lcopy
|
ba .Lcopy
|
||||||
sub $num, 8, $cnt
|
sub $num, 8, $cnt
|
||||||
|
|
||||||
.align 16
|
.align 16
|
||||||
.Lcopy: ! copy or in-place refresh
|
.Lcopy: ! conditional copy
|
||||||
ldx [$ap+0], $t2
|
ldx [$tp], $tj
|
||||||
add $ap, 8, $ap
|
ldx [$rp+0], $t2
|
||||||
stx %g0, [$tp] ! zap
|
stx %g0, [$tp] ! zap
|
||||||
add $tp, 8, $tp
|
add $tp, 8, $tp
|
||||||
|
movcs %icc, $tj, $t2
|
||||||
stx $t2, [$rp+0]
|
stx $t2, [$rp+0]
|
||||||
add $rp, 8, $rp
|
add $rp, 8, $rp
|
||||||
brnz $cnt, .Lcopy
|
brnz $cnt, .Lcopy
|
||||||
@ -1126,19 +1124,17 @@ $code.=<<___;
|
|||||||
sub $tp, $num, $tp
|
sub $tp, $num, $tp
|
||||||
sub $rp, $num, $rp
|
sub $rp, $num, $rp
|
||||||
|
|
||||||
subc $ovf, %g0, $ovf ! handle upmost overflow bit
|
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
|
||||||
and $tp, $ovf, $ap
|
|
||||||
andn $rp, $ovf, $np
|
|
||||||
or $np, $ap, $ap ! ap=borrow?tp:rp
|
|
||||||
ba .Lcopy_g5
|
ba .Lcopy_g5
|
||||||
sub $num, 8, $cnt
|
sub $num, 8, $cnt
|
||||||
|
|
||||||
.align 16
|
.align 16
|
||||||
.Lcopy_g5: ! copy or in-place refresh
|
.Lcopy_g5: ! conditional copy
|
||||||
ldx [$ap+0], $t2
|
ldx [$tp], $tj
|
||||||
add $ap, 8, $ap
|
ldx [$rp+0], $t2
|
||||||
stx %g0, [$tp] ! zap
|
stx %g0, [$tp] ! zap
|
||||||
add $tp, 8, $tp
|
add $tp, 8, $tp
|
||||||
|
movcs %icc, $tj, $t2
|
||||||
stx $t2, [$rp+0]
|
stx $t2, [$rp+0]
|
||||||
add $rp, 8, $rp
|
add $rp, 8, $rp
|
||||||
brnz $cnt, .Lcopy_g5
|
brnz $cnt, .Lcopy_g5
|
||||||
|
@ -255,7 +255,6 @@ $fname:
|
|||||||
.Ltail:
|
.Ltail:
|
||||||
add $np,$num,$np
|
add $np,$num,$np
|
||||||
add $rp,$num,$rp
|
add $rp,$num,$rp
|
||||||
mov $tp,$ap
|
|
||||||
sub %g0,$num,%o7 ! k=-num
|
sub %g0,$num,%o7 ! k=-num
|
||||||
ba .Lsub
|
ba .Lsub
|
||||||
subcc %g0,%g0,%g0 ! clear %icc.c
|
subcc %g0,%g0,%g0 ! clear %icc.c
|
||||||
@ -268,15 +267,14 @@ $fname:
|
|||||||
add %o7,4,%o7
|
add %o7,4,%o7
|
||||||
brnz %o7,.Lsub
|
brnz %o7,.Lsub
|
||||||
st %o1,[$i]
|
st %o1,[$i]
|
||||||
subc $car2,0,$car2 ! handle upmost overflow bit
|
subccc $car2,0,$car2 ! handle upmost overflow bit
|
||||||
and $tp,$car2,$ap
|
|
||||||
andn $rp,$car2,$np
|
|
||||||
or $ap,$np,$ap
|
|
||||||
sub %g0,$num,%o7
|
sub %g0,$num,%o7
|
||||||
|
|
||||||
.Lcopy:
|
.Lcopy:
|
||||||
ld [$ap+%o7],%o0 ! copy or in-place refresh
|
ld [$tp+%o7],%o1 ! conditional copy
|
||||||
|
ld [$rp+%o7],%o0
|
||||||
st %g0,[$tp+%o7] ! zap tp
|
st %g0,[$tp+%o7] ! zap tp
|
||||||
|
movcs %icc,%o1,%o0
|
||||||
st %o0,[$rp+%o7]
|
st %o0,[$rp+%o7]
|
||||||
add %o7,4,%o7
|
add %o7,4,%o7
|
||||||
brnz %o7,.Lcopy
|
brnz %o7,.Lcopy
|
||||||
@ -485,6 +483,9 @@ $code.=<<___;
|
|||||||
mulx $npj,$mul1,$acc1
|
mulx $npj,$mul1,$acc1
|
||||||
add $tpj,$car1,$car1
|
add $tpj,$car1,$car1
|
||||||
ld [$np+$j],$npj ! np[j]
|
ld [$np+$j],$npj ! np[j]
|
||||||
|
srlx $car1,32,$tmp0
|
||||||
|
and $car1,$mask,$car1
|
||||||
|
add $tmp0,$sbit,$sbit
|
||||||
add $acc0,$car1,$car1
|
add $acc0,$car1,$car1
|
||||||
ld [$tp+8],$tpj ! tp[j]
|
ld [$tp+8],$tpj ! tp[j]
|
||||||
add $acc1,$car1,$car1
|
add $acc1,$car1,$car1
|
||||||
|
@ -203,18 +203,15 @@ $sp=&DWP(28,"esp");
|
|||||||
|
|
||||||
&mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit
|
&mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit
|
||||||
&sbb ("eax",0);
|
&sbb ("eax",0);
|
||||||
&and ("esi","eax");
|
|
||||||
¬ ("eax");
|
|
||||||
&mov ("ebp","edi");
|
|
||||||
&and ("ebp","eax");
|
|
||||||
&or ("esi","ebp"); # tp=carry?tp:rp
|
|
||||||
|
|
||||||
&mov ("ecx","edx"); # num
|
&mov ("ecx","edx"); # num
|
||||||
&xor ("edx","edx"); # i=0
|
&mov ("edx",0); # i=0
|
||||||
|
|
||||||
&set_label("copy",8);
|
&set_label("copy",8);
|
||||||
&mov ("eax",&DWP(0,"esi","edx",4));
|
&mov ("ebx",&DWP(0,"esi","edx",4));
|
||||||
&mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp
|
&mov ("eax",&DWP(0,"edi","edx",4));
|
||||||
|
&mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp
|
||||||
|
&cmovc ("eax","ebx");
|
||||||
&mov (&DWP(0,"edi","edx",4),"eax");
|
&mov (&DWP(0,"edi","edx",4),"eax");
|
||||||
&lea ("edx",&DWP(1,"edx")); # i++
|
&lea ("edx",&DWP(1,"edx")); # i++
|
||||||
&loop (&label("copy"));
|
&loop (&label("copy"));
|
||||||
|
@ -299,23 +299,23 @@ $code.=<<___;
|
|||||||
sub $anp, $num, $anp
|
sub $anp, $num, $anp
|
||||||
sub $rp, $num, $rp
|
sub $rp, $num, $rp
|
||||||
|
|
||||||
subc $ovf, %g0, $ovf ! handle upmost overflow bit
|
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
|
||||||
and $tp, $ovf, $ap
|
|
||||||
andn $rp, $ovf, $np
|
|
||||||
or $np, $ap, $ap ! ap=borrow?tp:rp
|
|
||||||
ba .Lcopy
|
ba .Lcopy
|
||||||
sub $num, 8, $cnt
|
sub $num, 8, $cnt
|
||||||
|
|
||||||
.align 16
|
.align 16
|
||||||
.Lcopy: ! copy or in-place refresh
|
.Lcopy: ! conditional copy
|
||||||
ld [$ap+0], $t2
|
ld [$tp+0], $t0
|
||||||
ld [$ap+4], $t3
|
ld [$tp+4], $t1
|
||||||
add $ap, 8, $ap
|
ld [$rp+0], $t2
|
||||||
|
ld [$rp+4], $t3
|
||||||
stx %g0, [$tp] ! zap
|
stx %g0, [$tp] ! zap
|
||||||
add $tp, 8, $tp
|
add $tp, 8, $tp
|
||||||
stx %g0, [$anp] ! zap
|
stx %g0, [$anp] ! zap
|
||||||
stx %g0, [$anp+8]
|
stx %g0, [$anp+8]
|
||||||
add $anp, 16, $anp
|
add $anp, 16, $anp
|
||||||
|
movcs %icc, $t0, $t2
|
||||||
|
movcs %icc, $t1, $t3
|
||||||
st $t3, [$rp+0] ! flip order
|
st $t3, [$rp+0] ! flip order
|
||||||
st $t2, [$rp+4]
|
st $t2, [$rp+4]
|
||||||
add $rp, 8, $rp
|
add $rp, 8, $rp
|
||||||
|
@ -592,16 +592,18 @@ $sbit=$num;
|
|||||||
&jge (&label("sub"));
|
&jge (&label("sub"));
|
||||||
|
|
||||||
&sbb ("eax",0); # handle upmost overflow bit
|
&sbb ("eax",0); # handle upmost overflow bit
|
||||||
&and ($tp,"eax");
|
&mov ("edx",-1);
|
||||||
¬ ("eax");
|
&xor ("edx","eax");
|
||||||
&mov ($np,$rp);
|
&jmp (&label("copy"));
|
||||||
&and ($np,"eax");
|
|
||||||
&or ($tp,$np); # tp=carry?tp:rp
|
|
||||||
|
|
||||||
&set_label("copy",16); # copy or in-place refresh
|
&set_label("copy",16); # conditional copy
|
||||||
&mov ("eax",&DWP(0,$tp,$num,4));
|
&mov ($tp,&DWP($frame,"esp",$num,4));
|
||||||
&mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i]
|
&mov ($np,&DWP(0,$rp,$num,4));
|
||||||
&mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
|
&mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
|
||||||
|
&and ($tp,"eax");
|
||||||
|
&and ($np,"edx");
|
||||||
|
&or ($np,$tp);
|
||||||
|
&mov (&DWP(0,$rp,$num,4),$np);
|
||||||
&dec ($num);
|
&dec ($num);
|
||||||
&jge (&label("copy"));
|
&jge (&label("copy"));
|
||||||
|
|
||||||
|
@ -293,30 +293,30 @@ $code.=<<___;
|
|||||||
|
|
||||||
xor $i,$i # i=0 and clear CF!
|
xor $i,$i # i=0 and clear CF!
|
||||||
mov (%rsp),%rax # tp[0]
|
mov (%rsp),%rax # tp[0]
|
||||||
lea (%rsp),$ap # borrow ap for tp
|
|
||||||
mov $num,$j # j=num
|
mov $num,$j # j=num
|
||||||
jmp .Lsub
|
|
||||||
.align 16
|
.align 16
|
||||||
.Lsub: sbb ($np,$i,8),%rax
|
.Lsub: sbb ($np,$i,8),%rax
|
||||||
mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
|
mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
|
||||||
mov 8($ap,$i,8),%rax # tp[i+1]
|
mov 8(%rsp,$i,8),%rax # tp[i+1]
|
||||||
lea 1($i),$i # i++
|
lea 1($i),$i # i++
|
||||||
dec $j # doesnn't affect CF!
|
dec $j # doesnn't affect CF!
|
||||||
jnz .Lsub
|
jnz .Lsub
|
||||||
|
|
||||||
sbb \$0,%rax # handle upmost overflow bit
|
sbb \$0,%rax # handle upmost overflow bit
|
||||||
|
mov \$-1,%rbx
|
||||||
|
xor %rax,%rbx # not %rax
|
||||||
xor $i,$i
|
xor $i,$i
|
||||||
and %rax,$ap
|
|
||||||
not %rax
|
|
||||||
mov $rp,$np
|
|
||||||
and %rax,$np
|
|
||||||
mov $num,$j # j=num
|
mov $num,$j # j=num
|
||||||
or $np,$ap # ap=borrow?tp:rp
|
|
||||||
.align 16
|
.Lcopy: # conditional copy
|
||||||
.Lcopy: # copy or in-place refresh
|
mov ($rp,$i,8),%rcx
|
||||||
mov ($ap,$i,8),%rax
|
mov (%rsp,$i,8),%rdx
|
||||||
mov $i,(%rsp,$i,8) # zap temporary vector
|
and %rbx,%rcx
|
||||||
mov %rax,($rp,$i,8) # rp[i]=tp[i]
|
and %rax,%rdx
|
||||||
|
mov $num,(%rsp,$i,8) # zap temporary vector
|
||||||
|
or %rcx,%rdx
|
||||||
|
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
|
||||||
lea 1($i),$i
|
lea 1($i),$i
|
||||||
sub \$1,$j
|
sub \$1,$j
|
||||||
jnz .Lcopy
|
jnz .Lcopy
|
||||||
@ -686,10 +686,10 @@ ___
|
|||||||
my @ri=("%rax","%rdx",$m0,$m1);
|
my @ri=("%rax","%rdx",$m0,$m1);
|
||||||
$code.=<<___;
|
$code.=<<___;
|
||||||
mov 16(%rsp,$num,8),$rp # restore $rp
|
mov 16(%rsp,$num,8),$rp # restore $rp
|
||||||
|
lea -4($num),$j
|
||||||
mov 0(%rsp),@ri[0] # tp[0]
|
mov 0(%rsp),@ri[0] # tp[0]
|
||||||
pxor %xmm0,%xmm0
|
|
||||||
mov 8(%rsp),@ri[1] # tp[1]
|
mov 8(%rsp),@ri[1] # tp[1]
|
||||||
shr \$2,$num # num/=4
|
shr \$2,$j # j=num/4-1
|
||||||
lea (%rsp),$ap # borrow ap for tp
|
lea (%rsp),$ap # borrow ap for tp
|
||||||
xor $i,$i # i=0 and clear CF!
|
xor $i,$i # i=0 and clear CF!
|
||||||
|
|
||||||
@ -697,9 +697,7 @@ $code.=<<___;
|
|||||||
mov 16($ap),@ri[2] # tp[2]
|
mov 16($ap),@ri[2] # tp[2]
|
||||||
mov 24($ap),@ri[3] # tp[3]
|
mov 24($ap),@ri[3] # tp[3]
|
||||||
sbb 8($np),@ri[1]
|
sbb 8($np),@ri[1]
|
||||||
lea -1($num),$j # j=num/4-1
|
|
||||||
jmp .Lsub4x
|
|
||||||
.align 16
|
|
||||||
.Lsub4x:
|
.Lsub4x:
|
||||||
mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
|
mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
|
||||||
mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
|
mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
|
||||||
@ -726,34 +724,35 @@ $code.=<<___;
|
|||||||
|
|
||||||
sbb \$0,@ri[0] # handle upmost overflow bit
|
sbb \$0,@ri[0] # handle upmost overflow bit
|
||||||
mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
|
mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
|
||||||
xor $i,$i # i=0
|
pxor %xmm0,%xmm0
|
||||||
and @ri[0],$ap
|
movq @ri[0],%xmm4
|
||||||
not @ri[0]
|
pcmpeqd %xmm5,%xmm5
|
||||||
mov $rp,$np
|
pshufd \$0,%xmm4,%xmm4
|
||||||
and @ri[0],$np
|
mov $num,$j
|
||||||
lea -1($num),$j
|
pxor %xmm4,%xmm5
|
||||||
or $np,$ap # ap=borrow?tp:rp
|
shr \$2,$j # j=num/4
|
||||||
|
xor %eax,%eax # i=0
|
||||||
|
|
||||||
movdqu ($ap),%xmm1
|
|
||||||
movdqa %xmm0,(%rsp)
|
|
||||||
movdqu %xmm1,($rp)
|
|
||||||
jmp .Lcopy4x
|
jmp .Lcopy4x
|
||||||
.align 16
|
.align 16
|
||||||
.Lcopy4x: # copy or in-place refresh
|
.Lcopy4x: # conditional copy
|
||||||
movdqu 16($ap,$i),%xmm2
|
movdqa (%rsp,%rax),%xmm1
|
||||||
movdqu 32($ap,$i),%xmm1
|
movdqu ($rp,%rax),%xmm2
|
||||||
movdqa %xmm0,16(%rsp,$i)
|
pand %xmm4,%xmm1
|
||||||
movdqu %xmm2,16($rp,$i)
|
pand %xmm5,%xmm2
|
||||||
movdqa %xmm0,32(%rsp,$i)
|
movdqa 16(%rsp,%rax),%xmm3
|
||||||
movdqu %xmm1,32($rp,$i)
|
movdqa %xmm0,(%rsp,%rax)
|
||||||
lea 32($i),$i
|
por %xmm2,%xmm1
|
||||||
|
movdqu 16($rp,%rax),%xmm2
|
||||||
|
movdqu %xmm1,($rp,%rax)
|
||||||
|
pand %xmm4,%xmm3
|
||||||
|
pand %xmm5,%xmm2
|
||||||
|
movdqa %xmm0,16(%rsp,%rax)
|
||||||
|
por %xmm2,%xmm3
|
||||||
|
movdqu %xmm3,16($rp,%rax)
|
||||||
|
lea 32(%rax),%rax
|
||||||
dec $j
|
dec $j
|
||||||
jnz .Lcopy4x
|
jnz .Lcopy4x
|
||||||
|
|
||||||
shl \$2,$num
|
|
||||||
movdqu 16($ap,$i),%xmm2
|
|
||||||
movdqa %xmm0,16(%rsp,$i)
|
|
||||||
movdqu %xmm2,16($rp,$i)
|
|
||||||
___
|
___
|
||||||
}
|
}
|
||||||
$code.=<<___;
|
$code.=<<___;
|
||||||
|
@ -405,18 +405,19 @@ $code.=<<___;
|
|||||||
jnz .Lsub
|
jnz .Lsub
|
||||||
|
|
||||||
sbb \$0,%rax # handle upmost overflow bit
|
sbb \$0,%rax # handle upmost overflow bit
|
||||||
|
mov \$-1,%rbx
|
||||||
|
xor %rax,%rbx
|
||||||
xor $i,$i
|
xor $i,$i
|
||||||
and %rax,$ap
|
|
||||||
not %rax
|
|
||||||
mov $rp,$np
|
|
||||||
and %rax,$np
|
|
||||||
mov $num,$j # j=num
|
mov $num,$j # j=num
|
||||||
or $np,$ap # ap=borrow?tp:rp
|
|
||||||
.align 16
|
.Lcopy: # conditional copy
|
||||||
.Lcopy: # copy or in-place refresh
|
mov ($rp,$i,8),%rcx
|
||||||
mov ($ap,$i,8),%rax
|
mov (%rsp,$i,8),%rdx
|
||||||
|
and %rbx,%rcx
|
||||||
|
and %rax,%rdx
|
||||||
mov $i,(%rsp,$i,8) # zap temporary vector
|
mov $i,(%rsp,$i,8) # zap temporary vector
|
||||||
mov %rax,($rp,$i,8) # rp[i]=tp[i]
|
or %rcx,%rdx
|
||||||
|
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
|
||||||
lea 1($i),$i
|
lea 1($i),$i
|
||||||
sub \$1,$j
|
sub \$1,$j
|
||||||
jnz .Lcopy
|
jnz .Lcopy
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
|
|||||||
* on the size of the number */
|
* on the size of the number */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* number of Miller-Rabin iterations for an error rate of less than 2^-80 for
|
* BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
|
||||||
* random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
|
* that will be done for checking that a random number is probably prime. The
|
||||||
* Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
|
* error rate for accepting a composite number as prime depends on the size of
|
||||||
* original paper: Damgaard, Landrock, Pomerance: Average case error
|
* the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
|
||||||
* estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
|
* and so the level is what you would expect for a key of double the size of the
|
||||||
* 177-194)
|
* prime.
|
||||||
|
*
|
||||||
|
* This table is generated using the algorithm of FIPS PUB 186-4
|
||||||
|
* Digital Signature Standard (DSS), section F.1, page 117.
|
||||||
|
* (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
|
||||||
|
*
|
||||||
|
* The following magma script was used to generate the output:
|
||||||
|
* securitybits:=125;
|
||||||
|
* k:=1024;
|
||||||
|
* for t:=1 to 65 do
|
||||||
|
* for M:=3 to Floor(2*Sqrt(k-1)-1) do
|
||||||
|
* S:=0;
|
||||||
|
* // Sum over m
|
||||||
|
* for m:=3 to M do
|
||||||
|
* s:=0;
|
||||||
|
* // Sum over j
|
||||||
|
* for j:=2 to m do
|
||||||
|
* s+:=(RealField(32)!2)^-(j+(k-1)/j);
|
||||||
|
* end for;
|
||||||
|
* S+:=2^(m-(m-1)*t)*s;
|
||||||
|
* end for;
|
||||||
|
* A:=2^(k-2-M*t);
|
||||||
|
* B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
|
||||||
|
* pkt:=2.00743*Log(2)*k*2^-k*(A+B);
|
||||||
|
* seclevel:=Floor(-Log(2,pkt));
|
||||||
|
* if seclevel ge securitybits then
|
||||||
|
* printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M;
|
||||||
|
* break;
|
||||||
|
* end if;
|
||||||
|
* end for;
|
||||||
|
* if seclevel ge securitybits then break; end if;
|
||||||
|
* end for;
|
||||||
|
*
|
||||||
|
* It can be run online at:
|
||||||
|
* http://magma.maths.usyd.edu.au/calc
|
||||||
|
*
|
||||||
|
* And will output:
|
||||||
|
* k: 1024, security: 129 bits (t: 6, M: 23)
|
||||||
|
*
|
||||||
|
* k is the number of bits of the prime, securitybits is the level we want to
|
||||||
|
* reach.
|
||||||
|
*
|
||||||
|
* prime length | RSA key size | # MR tests | security level
|
||||||
|
* -------------+--------------|------------+---------------
|
||||||
|
* (b) >= 6394 | >= 12788 | 3 | 256 bit
|
||||||
|
* (b) >= 3747 | >= 7494 | 3 | 192 bit
|
||||||
|
* (b) >= 1345 | >= 2690 | 4 | 128 bit
|
||||||
|
* (b) >= 1080 | >= 2160 | 5 | 128 bit
|
||||||
|
* (b) >= 852 | >= 1704 | 5 | 112 bit
|
||||||
|
* (b) >= 476 | >= 952 | 5 | 80 bit
|
||||||
|
* (b) >= 400 | >= 800 | 6 | 80 bit
|
||||||
|
* (b) >= 347 | >= 694 | 7 | 80 bit
|
||||||
|
* (b) >= 308 | >= 616 | 8 | 80 bit
|
||||||
|
* (b) >= 55 | >= 110 | 27 | 64 bit
|
||||||
|
* (b) >= 6 | >= 12 | 34 | 64 bit
|
||||||
*/
|
*/
|
||||||
# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
|
|
||||||
(b) >= 850 ? 3 : \
|
# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \
|
||||||
(b) >= 650 ? 4 : \
|
(b) >= 1345 ? 4 : \
|
||||||
(b) >= 550 ? 5 : \
|
(b) >= 476 ? 5 : \
|
||||||
(b) >= 450 ? 6 : \
|
(b) >= 400 ? 6 : \
|
||||||
(b) >= 400 ? 7 : \
|
(b) >= 347 ? 7 : \
|
||||||
(b) >= 350 ? 8 : \
|
(b) >= 308 ? 8 : \
|
||||||
(b) >= 300 ? 9 : \
|
(b) >= 55 ? 27 : \
|
||||||
(b) >= 250 ? 12 : \
|
/* b >= 6 */ 34)
|
||||||
(b) >= 200 ? 15 : \
|
|
||||||
(b) >= 150 ? 18 : \
|
|
||||||
/* b >= 100 */ 27)
|
|
||||||
|
|
||||||
# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
|
# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
|
||||||
|
|
||||||
@ -773,6 +824,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
|
|||||||
/* We only need assert() when debugging */
|
/* We only need assert() when debugging */
|
||||||
# include <assert.h>
|
# include <assert.h>
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
|
||||||
|
* bn_correct_top, in other words such vectors are permitted to have zeros
|
||||||
|
* in most significant limbs. Such vectors are used internally to achieve
|
||||||
|
* execution time invariance for critical operations with private keys.
|
||||||
|
* It's BN_DEBUG-only flag, because user application is not supposed to
|
||||||
|
* observe it anyway. Moreover, optimizing compiler would actually remove
|
||||||
|
* all operations manipulating the bit in question in non-BN_DEBUG build.
|
||||||
|
*/
|
||||||
|
# define BN_FLG_FIXED_TOP 0x10000
|
||||||
# ifdef BN_DEBUG_RAND
|
# ifdef BN_DEBUG_RAND
|
||||||
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
|
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
|
||||||
# ifndef RAND_pseudo_bytes
|
# ifndef RAND_pseudo_bytes
|
||||||
@ -805,8 +866,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
|||||||
do { \
|
do { \
|
||||||
const BIGNUM *_bnum2 = (a); \
|
const BIGNUM *_bnum2 = (a); \
|
||||||
if (_bnum2 != NULL) { \
|
if (_bnum2 != NULL) { \
|
||||||
assert((_bnum2->top == 0) || \
|
int _top = _bnum2->top; \
|
||||||
(_bnum2->d[_bnum2->top - 1] != 0)); \
|
assert((_top == 0) || \
|
||||||
|
(_bnum2->flags & BN_FLG_FIXED_TOP) || \
|
||||||
|
(_bnum2->d[_top - 1] != 0)); \
|
||||||
bn_pollute(_bnum2); \
|
bn_pollute(_bnum2); \
|
||||||
} \
|
} \
|
||||||
} while(0)
|
} while(0)
|
||||||
@ -824,6 +887,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
|||||||
|
|
||||||
# else /* !BN_DEBUG */
|
# else /* !BN_DEBUG */
|
||||||
|
|
||||||
|
# define BN_FLG_FIXED_TOP 0
|
||||||
# define bn_pollute(a)
|
# define bn_pollute(a)
|
||||||
# define bn_check_top(a)
|
# define bn_check_top(a)
|
||||||
# define bn_fix_top(a) bn_correct_top(a)
|
# define bn_fix_top(a) bn_correct_top(a)
|
||||||
|
@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
|
|||||||
wnum.neg = 0;
|
wnum.neg = 0;
|
||||||
wnum.d = &(snum->d[loop]);
|
wnum.d = &(snum->d[loop]);
|
||||||
wnum.top = div_n;
|
wnum.top = div_n;
|
||||||
|
wnum.flags = BN_FLG_STATIC_DATA;
|
||||||
/*
|
/*
|
||||||
* only needed when BN_ucmp messes up the values between top and max
|
* only needed when BN_ucmp messes up the values between top and max
|
||||||
*/
|
*/
|
||||||
|
@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|||||||
|
|
||||||
bits = BN_num_bits(p);
|
bits = BN_num_bits(p);
|
||||||
if (bits == 0) {
|
if (bits == 0) {
|
||||||
/* x**0 mod 1 is still zero. */
|
/* x**0 mod 1, or x**0 mod -1 is still zero. */
|
||||||
if (BN_is_one(m)) {
|
if (BN_abs_is_word(m, 1)) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
BN_zero(r);
|
BN_zero(r);
|
||||||
} else {
|
} else {
|
||||||
@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
}
|
}
|
||||||
bits = BN_num_bits(p);
|
bits = BN_num_bits(p);
|
||||||
if (bits == 0) {
|
if (bits == 0) {
|
||||||
/* x**0 mod 1 is still zero. */
|
/* x**0 mod 1, or x**0 mod -1 is still zero. */
|
||||||
if (BN_is_one(m)) {
|
if (BN_abs_is_word(m, 1)) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
BN_zero(rr);
|
BN_zero(rr);
|
||||||
} else {
|
} else {
|
||||||
@ -473,17 +473,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
ret = 1;
|
ret = 1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!BN_to_montgomery(val[0], aa, mont, ctx))
|
if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
|
||||||
goto err; /* 1 */
|
goto err; /* 1 */
|
||||||
|
|
||||||
window = BN_window_bits_for_exponent_size(bits);
|
window = BN_window_bits_for_exponent_size(bits);
|
||||||
if (window > 1) {
|
if (window > 1) {
|
||||||
if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
|
if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
|
||||||
goto err; /* 2 */
|
goto err; /* 2 */
|
||||||
j = 1 << (window - 1);
|
j = 1 << (window - 1);
|
||||||
for (i = 1; i < j; i++) {
|
for (i = 1; i < j; i++) {
|
||||||
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
|
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
|
||||||
!BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
|
!bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -505,19 +505,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
for (i = 1; i < j; i++)
|
for (i = 1; i < j; i++)
|
||||||
r->d[i] = (~m->d[i]) & BN_MASK2;
|
r->d[i] = (~m->d[i]) & BN_MASK2;
|
||||||
r->top = j;
|
r->top = j;
|
||||||
/*
|
r->flags |= BN_FLG_FIXED_TOP;
|
||||||
* Upper words will be zero if the corresponding words of 'm' were
|
|
||||||
* 0xfff[...], so decrement r->top accordingly.
|
|
||||||
*/
|
|
||||||
bn_correct_top(r);
|
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
|
if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (BN_is_bit_set(p, wstart) == 0) {
|
if (BN_is_bit_set(p, wstart) == 0) {
|
||||||
if (!start) {
|
if (!start) {
|
||||||
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
|
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (wstart == 0)
|
if (wstart == 0)
|
||||||
@ -548,12 +544,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
/* add the 'bytes above' */
|
/* add the 'bytes above' */
|
||||||
if (!start)
|
if (!start)
|
||||||
for (i = 0; i < j; i++) {
|
for (i = 0; i < j; i++) {
|
||||||
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
|
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* wvalue will be an odd number < 2^window */
|
/* wvalue will be an odd number < 2^window */
|
||||||
if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
|
if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* move the 'window' down further */
|
/* move the 'window' down further */
|
||||||
@ -563,6 +559,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
if (wstart < 0)
|
if (wstart < 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
|
||||||
|
* removes padding [if any] and makes return value suitable for public
|
||||||
|
* API consumer.
|
||||||
|
*/
|
||||||
#if defined(SPARC_T4_MONT)
|
#if defined(SPARC_T4_MONT)
|
||||||
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
||||||
j = mont->N.top; /* borrow j */
|
j = mont->N.top; /* borrow j */
|
||||||
@ -681,7 +682,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
|||||||
}
|
}
|
||||||
|
|
||||||
b->top = top;
|
b->top = top;
|
||||||
bn_correct_top(b);
|
b->flags |= BN_FLG_FIXED_TOP;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -733,8 +734,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
*/
|
*/
|
||||||
bits = p->top * BN_BITS2;
|
bits = p->top * BN_BITS2;
|
||||||
if (bits == 0) {
|
if (bits == 0) {
|
||||||
/* x**0 mod 1 is still zero. */
|
/* x**0 mod 1, or x**0 mod -1 is still zero. */
|
||||||
if (BN_is_one(m)) {
|
if (BN_abs_is_word(m, 1)) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
BN_zero(rr);
|
BN_zero(rr);
|
||||||
} else {
|
} else {
|
||||||
@ -852,16 +853,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
tmp.top = top;
|
tmp.top = top;
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
|
if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* prepare a^1 in Montgomery domain */
|
/* prepare a^1 in Montgomery domain */
|
||||||
if (a->neg || BN_ucmp(a, m) >= 0) {
|
if (a->neg || BN_ucmp(a, m) >= 0) {
|
||||||
if (!BN_mod(&am, a, m, ctx))
|
if (!BN_mod(&am, a, m, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
if (!BN_to_montgomery(&am, &am, mont, ctx))
|
if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
} else if (!BN_to_montgomery(&am, a, mont, ctx))
|
} else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
#if defined(SPARC_T4_MONT)
|
#if defined(SPARC_T4_MONT)
|
||||||
@ -1128,14 +1129,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
* performance advantage of sqr over mul).
|
* performance advantage of sqr over mul).
|
||||||
*/
|
*/
|
||||||
if (window > 1) {
|
if (window > 1) {
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
|
if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
|
||||||
window))
|
window))
|
||||||
goto err;
|
goto err;
|
||||||
for (i = 3; i < numPowers; i++) {
|
for (i = 3; i < numPowers; i++) {
|
||||||
/* Calculate a^i = a^(i-1) * a */
|
/* Calculate a^i = a^(i-1) * a */
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
|
if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
|
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
|
||||||
window))
|
window))
|
||||||
@ -1159,7 +1160,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
|
|
||||||
/* Scan the window, squaring the result as we go */
|
/* Scan the window, squaring the result as we go */
|
||||||
for (i = 0; i < window; i++, bits--) {
|
for (i = 0; i < window; i++, bits--) {
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
|
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
|
||||||
}
|
}
|
||||||
@ -1172,12 +1173,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Multiply the result into the intermediate result */
|
/* Multiply the result into the intermediate result */
|
||||||
if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
|
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Convert the final result from montgomery to standard format */
|
/*
|
||||||
|
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
|
||||||
|
* removes padding [if any] and makes return value suitable for public
|
||||||
|
* API consumer.
|
||||||
|
*/
|
||||||
#if defined(SPARC_T4_MONT)
|
#if defined(SPARC_T4_MONT)
|
||||||
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
|
||||||
am.d[0] = 1; /* borrow am */
|
am.d[0] = 1; /* borrow am */
|
||||||
@ -1247,8 +1252,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|
|||||||
|
|
||||||
bits = BN_num_bits(p);
|
bits = BN_num_bits(p);
|
||||||
if (bits == 0) {
|
if (bits == 0) {
|
||||||
/* x**0 mod 1 is still zero. */
|
/* x**0 mod 1, or x**0 mod -1 is still zero. */
|
||||||
if (BN_is_one(m)) {
|
if (BN_abs_is_word(m, 1)) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
BN_zero(rr);
|
BN_zero(rr);
|
||||||
} else {
|
} else {
|
||||||
@ -1369,9 +1374,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|||||||
}
|
}
|
||||||
|
|
||||||
bits = BN_num_bits(p);
|
bits = BN_num_bits(p);
|
||||||
if (bits == 0) {
|
if (bits == 0) {
|
||||||
/* x**0 mod 1 is still zero. */
|
/* x**0 mod 1, or x**0 mod -1 is still zero. */
|
||||||
if (BN_is_one(m)) {
|
if (BN_abs_is_word(m, 1)) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
BN_zero(r);
|
BN_zero(r);
|
||||||
} else {
|
} else {
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -103,30 +103,32 @@
|
|||||||
*/
|
*/
|
||||||
# define MAX_ITERATIONS 50
|
# define MAX_ITERATIONS 50
|
||||||
|
|
||||||
static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
|
# define SQR_nibble(w) ((((w) & 8) << 3) \
|
||||||
64, 65, 68, 69, 80, 81, 84, 85
|
| (((w) & 4) << 2) \
|
||||||
};
|
| (((w) & 2) << 1) \
|
||||||
|
| ((w) & 1))
|
||||||
|
|
||||||
|
|
||||||
/* Platform-specific macros to accelerate squaring. */
|
/* Platform-specific macros to accelerate squaring. */
|
||||||
# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
|
# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
|
||||||
# define SQR1(w) \
|
# define SQR1(w) \
|
||||||
SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
|
SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
|
||||||
SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
|
SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
|
||||||
SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
|
SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
|
||||||
SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
|
SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32)
|
||||||
# define SQR0(w) \
|
# define SQR0(w) \
|
||||||
SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
|
SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
|
||||||
SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
|
SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
|
||||||
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
|
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
|
||||||
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
|
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
|
||||||
# endif
|
# endif
|
||||||
# ifdef THIRTY_TWO_BIT
|
# ifdef THIRTY_TWO_BIT
|
||||||
# define SQR1(w) \
|
# define SQR1(w) \
|
||||||
SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
|
SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
|
||||||
SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
|
SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16)
|
||||||
# define SQR0(w) \
|
# define SQR0(w) \
|
||||||
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
|
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
|
||||||
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
|
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
# if !defined(OPENSSL_BN_ASM_GF2m)
|
# if !defined(OPENSSL_BN_ASM_GF2m)
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -113,6 +113,7 @@
|
|||||||
# define HEADER_BN_LCL_H
|
# define HEADER_BN_LCL_H
|
||||||
|
|
||||||
# include <openssl/bn.h>
|
# include <openssl/bn.h>
|
||||||
|
# include "bn_int.h"
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
|
@ -263,8 +263,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
|
|||||||
const BN_ULONG *B;
|
const BN_ULONG *B;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
bn_check_top(b);
|
|
||||||
|
|
||||||
if (words > (INT_MAX / (4 * BN_BITS2))) {
|
if (words > (INT_MAX / (4 * BN_BITS2))) {
|
||||||
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
|
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -398,8 +396,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
|
|||||||
|
|
||||||
BIGNUM *bn_expand2(BIGNUM *b, int words)
|
BIGNUM *bn_expand2(BIGNUM *b, int words)
|
||||||
{
|
{
|
||||||
bn_check_top(b);
|
|
||||||
|
|
||||||
if (words > b->dmax) {
|
if (words > b->dmax) {
|
||||||
BN_ULONG *a = bn_expand_internal(b, words);
|
BN_ULONG *a = bn_expand_internal(b, words);
|
||||||
if (!a)
|
if (!a)
|
||||||
@ -433,7 +429,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
|
|||||||
assert(A == &(b->d[b->dmax]));
|
assert(A == &(b->d[b->dmax]));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
bn_check_top(b);
|
|
||||||
return b;
|
return b;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -497,12 +492,18 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
|
|||||||
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
|
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
a->top = b->top;
|
|
||||||
a->neg = b->neg;
|
a->neg = b->neg;
|
||||||
|
a->top = b->top;
|
||||||
|
a->flags |= b->flags & BN_FLG_FIXED_TOP;
|
||||||
bn_check_top(a);
|
bn_check_top(a);
|
||||||
return (a);
|
return (a);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
|
||||||
|
| BN_FLG_CONSTTIME \
|
||||||
|
| BN_FLG_FIXED_TOP))
|
||||||
|
#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
|
||||||
|
|
||||||
void BN_swap(BIGNUM *a, BIGNUM *b)
|
void BN_swap(BIGNUM *a, BIGNUM *b)
|
||||||
{
|
{
|
||||||
int flags_old_a, flags_old_b;
|
int flags_old_a, flags_old_b;
|
||||||
@ -530,10 +531,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
|
|||||||
b->dmax = tmp_dmax;
|
b->dmax = tmp_dmax;
|
||||||
b->neg = tmp_neg;
|
b->neg = tmp_neg;
|
||||||
|
|
||||||
a->flags =
|
a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
|
||||||
(flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
|
b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
|
||||||
b->flags =
|
|
||||||
(flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
|
|
||||||
bn_check_top(a);
|
bn_check_top(a);
|
||||||
bn_check_top(b);
|
bn_check_top(b);
|
||||||
}
|
}
|
||||||
@ -545,6 +544,7 @@ void BN_clear(BIGNUM *a)
|
|||||||
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
|
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
|
||||||
a->top = 0;
|
a->top = 0;
|
||||||
a->neg = 0;
|
a->neg = 0;
|
||||||
|
a->flags &= ~BN_FLG_FIXED_TOP;
|
||||||
}
|
}
|
||||||
|
|
||||||
BN_ULONG BN_get_word(const BIGNUM *a)
|
BN_ULONG BN_get_word(const BIGNUM *a)
|
||||||
@ -565,6 +565,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
|
|||||||
a->neg = 0;
|
a->neg = 0;
|
||||||
a->d[0] = w;
|
a->d[0] = w;
|
||||||
a->top = (w ? 1 : 0);
|
a->top = (w ? 1 : 0);
|
||||||
|
a->flags &= ~BN_FLG_FIXED_TOP;
|
||||||
bn_check_top(a);
|
bn_check_top(a);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
@ -613,6 +614,41 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* ignore negative */
|
/* ignore negative */
|
||||||
|
static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||||
|
{
|
||||||
|
int n;
|
||||||
|
size_t i, inc, lasti, j;
|
||||||
|
BN_ULONG l;
|
||||||
|
|
||||||
|
n = BN_num_bytes(a);
|
||||||
|
if (tolen == -1)
|
||||||
|
tolen = n;
|
||||||
|
else if (tolen < n)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (n == 0) {
|
||||||
|
OPENSSL_cleanse(to, tolen);
|
||||||
|
return tolen;
|
||||||
|
}
|
||||||
|
|
||||||
|
lasti = n - 1;
|
||||||
|
for (i = 0, inc = 1, j = tolen; j > 0;) {
|
||||||
|
l = a->d[i / BN_BYTES];
|
||||||
|
to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc));
|
||||||
|
inc = (i - lasti) >> (8 * sizeof(i) - 1);
|
||||||
|
i += inc; /* stay on top limb */
|
||||||
|
}
|
||||||
|
|
||||||
|
return tolen;
|
||||||
|
}
|
||||||
|
|
||||||
|
int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
||||||
|
{
|
||||||
|
if (tolen < 0)
|
||||||
|
return -1;
|
||||||
|
return bn2binpad(a, to, tolen);
|
||||||
|
}
|
||||||
|
|
||||||
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
|
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
|
||||||
{
|
{
|
||||||
int n, i;
|
int n, i;
|
||||||
@ -711,6 +747,7 @@ int BN_set_bit(BIGNUM *a, int n)
|
|||||||
for (k = a->top; k < i + 1; k++)
|
for (k = a->top; k < i + 1; k++)
|
||||||
a->d[k] = 0;
|
a->d[k] = 0;
|
||||||
a->top = i + 1;
|
a->top = i + 1;
|
||||||
|
a->flags &= ~BN_FLG_FIXED_TOP;
|
||||||
}
|
}
|
||||||
|
|
||||||
a->d[i] |= (((BN_ULONG)1) << j);
|
a->d[i] |= (((BN_ULONG)1) << j);
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* for the OpenSSL project.
|
* for the OpenSSL project.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -149,16 +149,71 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* BN_mod_add variant that may be used if both a and b are non-negative and
|
* BN_mod_add variant that may be used if both a and b are non-negative and
|
||||||
* less than m
|
* less than m. The original algorithm was
|
||||||
|
*
|
||||||
|
* if (!BN_uadd(r, a, b))
|
||||||
|
* return 0;
|
||||||
|
* if (BN_ucmp(r, m) >= 0)
|
||||||
|
* return BN_usub(r, r, m);
|
||||||
|
*
|
||||||
|
* which is replaced with addition, subtracting modulus, and conditional
|
||||||
|
* move depending on whether or not subtraction borrowed.
|
||||||
*/
|
*/
|
||||||
|
int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
|
const BIGNUM *m)
|
||||||
|
{
|
||||||
|
size_t i, ai, bi, mtop = m->top;
|
||||||
|
BN_ULONG storage[1024 / BN_BITS2];
|
||||||
|
BN_ULONG carry, temp, mask, *rp, *tp = storage;
|
||||||
|
const BN_ULONG *ap, *bp;
|
||||||
|
|
||||||
|
if (bn_wexpand(r, m->top) == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (mtop > sizeof(storage) / sizeof(storage[0])
|
||||||
|
&& (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
ap = a->d != NULL ? a->d : tp;
|
||||||
|
bp = b->d != NULL ? b->d : tp;
|
||||||
|
|
||||||
|
for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
|
||||||
|
mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
|
||||||
|
temp = ((ap[ai] & mask) + carry) & BN_MASK2;
|
||||||
|
carry = (temp < carry);
|
||||||
|
|
||||||
|
mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
|
||||||
|
tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
|
||||||
|
carry += (tp[i] < temp);
|
||||||
|
|
||||||
|
i++;
|
||||||
|
ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
|
||||||
|
bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
|
||||||
|
}
|
||||||
|
rp = r->d;
|
||||||
|
carry -= bn_sub_words(rp, tp, m->d, mtop);
|
||||||
|
for (i = 0; i < mtop; i++) {
|
||||||
|
rp[i] = (carry & tp[i]) | (~carry & rp[i]);
|
||||||
|
((volatile BN_ULONG *)tp)[i] = 0;
|
||||||
|
}
|
||||||
|
r->top = mtop;
|
||||||
|
r->neg = 0;
|
||||||
|
|
||||||
|
if (tp != storage)
|
||||||
|
OPENSSL_free(tp);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
const BIGNUM *m)
|
const BIGNUM *m)
|
||||||
{
|
{
|
||||||
if (!BN_uadd(r, a, b))
|
int ret = bn_mod_add_fixed_top(r, a, b, m);
|
||||||
return 0;
|
|
||||||
if (BN_ucmp(r, m) >= 0)
|
if (ret)
|
||||||
return BN_usub(r, r, m);
|
bn_correct_top(r);
|
||||||
return 1;
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||||
|
@ -123,11 +123,22 @@
|
|||||||
#define MONT_WORD /* use the faster word-based algorithm */
|
#define MONT_WORD /* use the faster word-based algorithm */
|
||||||
|
|
||||||
#ifdef MONT_WORD
|
#ifdef MONT_WORD
|
||||||
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
|
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
BN_MONT_CTX *mont, BN_CTX *ctx)
|
BN_MONT_CTX *mont, BN_CTX *ctx)
|
||||||
|
{
|
||||||
|
int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
|
||||||
|
|
||||||
|
bn_correct_top(r);
|
||||||
|
bn_check_top(r);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
|
BN_MONT_CTX *mont, BN_CTX *ctx)
|
||||||
{
|
{
|
||||||
BIGNUM *tmp;
|
BIGNUM *tmp;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
@ -140,8 +151,8 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
|||||||
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
|
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
|
||||||
r->neg = a->neg ^ b->neg;
|
r->neg = a->neg ^ b->neg;
|
||||||
r->top = num;
|
r->top = num;
|
||||||
bn_correct_top(r);
|
r->flags |= BN_FLG_FIXED_TOP;
|
||||||
return (1);
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -161,13 +172,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
|||||||
}
|
}
|
||||||
/* reduce from aRR to aR */
|
/* reduce from aRR to aR */
|
||||||
#ifdef MONT_WORD
|
#ifdef MONT_WORD
|
||||||
if (!BN_from_montgomery_word(r, tmp, mont))
|
if (!bn_from_montgomery_word(r, tmp, mont))
|
||||||
goto err;
|
goto err;
|
||||||
#else
|
#else
|
||||||
if (!BN_from_montgomery(r, tmp, mont, ctx))
|
if (!BN_from_montgomery(r, tmp, mont, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
#endif
|
#endif
|
||||||
bn_check_top(r);
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
err:
|
err:
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
@ -175,7 +185,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifdef MONT_WORD
|
#ifdef MONT_WORD
|
||||||
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
||||||
{
|
{
|
||||||
BIGNUM *n;
|
BIGNUM *n;
|
||||||
BN_ULONG *ap, *np, *rp, n0, v, carry;
|
BN_ULONG *ap, *np, *rp, n0, v, carry;
|
||||||
@ -205,6 +215,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
|||||||
# endif
|
# endif
|
||||||
|
|
||||||
r->top = max;
|
r->top = max;
|
||||||
|
r->flags |= BN_FLG_FIXED_TOP;
|
||||||
n0 = mont->n0[0];
|
n0 = mont->n0[0];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -223,6 +234,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
|||||||
if (bn_wexpand(ret, nl) == NULL)
|
if (bn_wexpand(ret, nl) == NULL)
|
||||||
return (0);
|
return (0);
|
||||||
ret->top = nl;
|
ret->top = nl;
|
||||||
|
ret->flags |= BN_FLG_FIXED_TOP;
|
||||||
ret->neg = r->neg;
|
ret->neg = r->neg;
|
||||||
|
|
||||||
rp = ret->d;
|
rp = ret->d;
|
||||||
@ -233,20 +245,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
|
|||||||
*/
|
*/
|
||||||
ap = &(r->d[nl]);
|
ap = &(r->d[nl]);
|
||||||
|
|
||||||
|
carry -= bn_sub_words(rp, ap, np, nl);
|
||||||
/*
|
/*
|
||||||
* |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
|
* |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
|
||||||
* cannot be -1. That would imply the subtraction did not fit in |nl| words,
|
* |carry| cannot be 1. That would imply the subtraction did not fit in
|
||||||
* and we know at most one subtraction is needed.
|
* |nl| words, and we know at most one subtraction is needed.
|
||||||
*/
|
*/
|
||||||
v = bn_sub_words(rp, ap, np, nl) - carry;
|
|
||||||
v = 0 - v;
|
|
||||||
for (i = 0; i < nl; i++) {
|
for (i = 0; i < nl; i++) {
|
||||||
rp[i] = (v & ap[i]) | (~v & rp[i]);
|
rp[i] = (carry & ap[i]) | (~carry & rp[i]);
|
||||||
ap[i] = 0;
|
ap[i] = 0;
|
||||||
}
|
}
|
||||||
bn_correct_top(r);
|
|
||||||
bn_correct_top(ret);
|
|
||||||
bn_check_top(ret);
|
|
||||||
|
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
@ -260,8 +268,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
|
|||||||
BIGNUM *t;
|
BIGNUM *t;
|
||||||
|
|
||||||
BN_CTX_start(ctx);
|
BN_CTX_start(ctx);
|
||||||
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
|
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
|
||||||
retn = BN_from_montgomery_word(ret, t, mont);
|
retn = bn_from_montgomery_word(ret, t, mont);
|
||||||
|
bn_correct_top(ret);
|
||||||
|
bn_check_top(ret);
|
||||||
|
}
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
#else /* !MONT_WORD */
|
#else /* !MONT_WORD */
|
||||||
BIGNUM *t1, *t2;
|
BIGNUM *t1, *t2;
|
||||||
@ -299,6 +310,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
|
|||||||
return (retn);
|
return (retn);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||||
|
BN_CTX *ctx)
|
||||||
|
{
|
||||||
|
return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
|
||||||
|
}
|
||||||
|
|
||||||
BN_MONT_CTX *BN_MONT_CTX_new(void)
|
BN_MONT_CTX *BN_MONT_CTX_new(void)
|
||||||
{
|
{
|
||||||
BN_MONT_CTX *ret;
|
BN_MONT_CTX *ret;
|
||||||
@ -335,7 +352,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
|
|||||||
|
|
||||||
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int i, ret = 0;
|
||||||
BIGNUM *Ri, *R;
|
BIGNUM *Ri, *R;
|
||||||
|
|
||||||
if (BN_is_zero(mod))
|
if (BN_is_zero(mod))
|
||||||
@ -466,6 +483,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
|||||||
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
|
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
|
||||||
|
mont->RR.d[i] = 0;
|
||||||
|
mont->RR.top = ret;
|
||||||
|
mont->RR.flags |= BN_FLG_FIXED_TOP;
|
||||||
|
|
||||||
ret = 1;
|
ret = 1;
|
||||||
err:
|
err:
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
|
@ -135,14 +135,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
rr->neg = 0;
|
rr->neg = 0;
|
||||||
/*
|
rr->top = max;
|
||||||
* If the most-significant half of the top word of 'a' is zero, then the
|
bn_correct_top(rr);
|
||||||
* square of 'a' will max-1 words.
|
|
||||||
*/
|
|
||||||
if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
|
|
||||||
rr->top = max - 1;
|
|
||||||
else
|
|
||||||
rr->top = max;
|
|
||||||
if (r != rr && BN_copy(r, rr) == NULL)
|
if (r != rr && BN_copy(r, rr) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
15
crypto/openssl/crypto/bn_int.h
Normal file
15
crypto/openssl/crypto/bn_int.h
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
/*
|
||||||
|
* Some BIGNUM functions assume most significant limb to be non-zero, which
|
||||||
|
* is customarily arranged by bn_correct_top. Output from below functions
|
||||||
|
* is not processed with bn_correct_top, and for this reason it may not be
|
||||||
|
* returned out of public API. It may only be passed internally into other
|
||||||
|
* functions known to support non-minimal or zero-padded BIGNUMs.
|
||||||
|
*/
|
||||||
|
int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
|
BN_MONT_CTX *mont, BN_CTX *ctx);
|
||||||
|
int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
|
||||||
|
BN_CTX *ctx);
|
||||||
|
int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
||||||
|
const BIGNUM *m);
|
||||||
|
|
||||||
|
int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
|
@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
|
|||||||
|
|
||||||
vv = lh_CONF_VALUE_insert(conf->data, v);
|
vv = lh_CONF_VALUE_insert(conf->data, v);
|
||||||
OPENSSL_assert(vv == NULL);
|
OPENSSL_assert(vv == NULL);
|
||||||
|
if (lh_CONF_VALUE_error(conf->data) > 0)
|
||||||
|
goto err;
|
||||||
ok = 1;
|
ok = 1;
|
||||||
err:
|
err:
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
|
@ -130,10 +130,15 @@ static int generate_key(DH *dh)
|
|||||||
int ok = 0;
|
int ok = 0;
|
||||||
int generate_new_key = 0;
|
int generate_new_key = 0;
|
||||||
unsigned l;
|
unsigned l;
|
||||||
BN_CTX *ctx;
|
BN_CTX *ctx = NULL;
|
||||||
BN_MONT_CTX *mont = NULL;
|
BN_MONT_CTX *mont = NULL;
|
||||||
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
BIGNUM *pub_key = NULL, *priv_key = NULL;
|
||||||
|
|
||||||
|
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||||
|
DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ctx = BN_CTX_new();
|
ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* 2006.
|
* 2006.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return 1;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
const EVP_PKEY_METHOD dh_pkey_meth = {
|
const EVP_PKEY_METHOD dh_pkey_meth = {
|
||||||
|
@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x);
|
|||||||
int DSA_print_fp(FILE *bp, const DSA *x, int off);
|
int DSA_print_fp(FILE *bp, const DSA *x, int off);
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
# define DSS_prime_checks 50
|
# define DSS_prime_checks 64
|
||||||
/*
|
/*
|
||||||
* Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
|
* Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
|
||||||
* Rabin-Miller
|
* have one value here we set the number of checks to 64 which is the 128 bit
|
||||||
|
* security level that is the highest level and valid for creating a 3072 bit
|
||||||
|
* DSA key.
|
||||||
*/
|
*/
|
||||||
# define DSA_is_prime(n, callback, cb_arg) \
|
# define DSA_is_prime(n, callback, cb_arg) \
|
||||||
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
|
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
|
||||||
@ -307,6 +309,7 @@ void ERR_load_DSA_strings(void);
|
|||||||
# define DSA_F_I2D_DSA_SIG 111
|
# define DSA_F_I2D_DSA_SIG 111
|
||||||
# define DSA_F_OLD_DSA_PRIV_DECODE 122
|
# define DSA_F_OLD_DSA_PRIV_DECODE 122
|
||||||
# define DSA_F_PKEY_DSA_CTRL 120
|
# define DSA_F_PKEY_DSA_CTRL 120
|
||||||
|
# define DSA_F_PKEY_DSA_CTRL_STR 127
|
||||||
# define DSA_F_PKEY_DSA_KEYGEN 121
|
# define DSA_F_PKEY_DSA_KEYGEN 121
|
||||||
# define DSA_F_SIG_CB 114
|
# define DSA_F_SIG_CB 114
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* crypto/dsa/dsa_err.c */
|
/* crypto/dsa/dsa_err.c */
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -95,6 +95,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
|
|||||||
{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
|
{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
|
||||||
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
|
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
|
||||||
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
|
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
|
||||||
|
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "PKEY_DSA_CTRL_STR"},
|
||||||
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
|
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
|
||||||
{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
|
{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
|
||||||
{0, NULL}
|
{0, NULL}
|
||||||
|
@ -146,9 +146,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
|
|||||||
/* invalid q size */
|
/* invalid q size */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (evpmd == NULL)
|
if (evpmd == NULL) {
|
||||||
/* use SHA1 as default */
|
if (qsize == SHA_DIGEST_LENGTH)
|
||||||
evpmd = EVP_sha1();
|
evpmd = EVP_sha1();
|
||||||
|
else if (qsize == SHA224_DIGEST_LENGTH)
|
||||||
|
evpmd = EVP_sha224();
|
||||||
|
else
|
||||||
|
evpmd = EVP_sha256();
|
||||||
|
} else {
|
||||||
|
qsize = EVP_MD_size(evpmd);
|
||||||
|
}
|
||||||
|
|
||||||
if (bits < 512)
|
if (bits < 512)
|
||||||
bits = 512;
|
bits = 512;
|
||||||
|
@ -133,17 +133,13 @@ const DSA_METHOD *DSA_OpenSSL(void)
|
|||||||
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||||
{
|
{
|
||||||
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
|
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
|
||||||
BIGNUM m;
|
BIGNUM *m, *blind, *blindm, *tmp;
|
||||||
BIGNUM xr;
|
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
int reason = ERR_R_BN_LIB;
|
int reason = ERR_R_BN_LIB;
|
||||||
DSA_SIG *ret = NULL;
|
DSA_SIG *ret = NULL;
|
||||||
int noredo = 0;
|
int noredo = 0;
|
||||||
|
|
||||||
BN_init(&m);
|
if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
|
||||||
BN_init(&xr);
|
|
||||||
|
|
||||||
if (!dsa->p || !dsa->q || !dsa->g) {
|
|
||||||
reason = DSA_R_MISSING_PARAMETERS;
|
reason = DSA_R_MISSING_PARAMETERS;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -154,6 +150,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
ctx = BN_CTX_new();
|
ctx = BN_CTX_new();
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
m = BN_CTX_get(ctx);
|
||||||
|
blind = BN_CTX_get(ctx);
|
||||||
|
blindm = BN_CTX_get(ctx);
|
||||||
|
tmp = BN_CTX_get(ctx);
|
||||||
|
if (tmp == NULL)
|
||||||
|
goto err;
|
||||||
|
|
||||||
redo:
|
redo:
|
||||||
if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
|
if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
|
||||||
if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
|
if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
|
||||||
@ -173,20 +176,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
* 4.2
|
* 4.2
|
||||||
*/
|
*/
|
||||||
dlen = BN_num_bytes(dsa->q);
|
dlen = BN_num_bytes(dsa->q);
|
||||||
if (BN_bin2bn(dgst, dlen, &m) == NULL)
|
if (BN_bin2bn(dgst, dlen, m) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* Compute s = inv(k) (m + xr) mod q */
|
/*
|
||||||
if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
|
* The normal signature calculation is:
|
||||||
goto err; /* s = xr */
|
*
|
||||||
if (!BN_add(s, &xr, &m))
|
* s := k^-1 * (m + r * priv_key) mod q
|
||||||
goto err; /* s = m + xr */
|
*
|
||||||
if (BN_cmp(s, dsa->q) > 0)
|
* We will blind this to protect against side channel attacks
|
||||||
if (!BN_sub(s, s, dsa->q))
|
*
|
||||||
|
* s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Generate a blinding value */
|
||||||
|
do {
|
||||||
|
if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0))
|
||||||
goto err;
|
goto err;
|
||||||
|
} while (BN_is_zero(blind));
|
||||||
|
BN_set_flags(blind, BN_FLG_CONSTTIME);
|
||||||
|
BN_set_flags(blindm, BN_FLG_CONSTTIME);
|
||||||
|
BN_set_flags(tmp, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
|
/* tmp := blind * priv_key * r mod q */
|
||||||
|
if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
|
||||||
|
goto err;
|
||||||
|
if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
/* blindm := blind * m mod q */
|
||||||
|
if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
/* s : = (blind * priv_key * r) + (blind * m) mod q */
|
||||||
|
if (!BN_mod_add_quick(s, tmp, blindm, dsa->q))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
/* s := s * k^-1 mod q */
|
||||||
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
|
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
/* s:= s * blind^-1 mod q */
|
||||||
|
if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
|
||||||
|
goto err;
|
||||||
|
if (!BN_mod_mul(s, s, blind, dsa->q, ctx))
|
||||||
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
||||||
* unlikely.
|
* unlikely.
|
||||||
@ -210,13 +245,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
BN_free(r);
|
BN_free(r);
|
||||||
BN_free(s);
|
BN_free(s);
|
||||||
}
|
}
|
||||||
if (ctx != NULL)
|
BN_CTX_free(ctx);
|
||||||
BN_CTX_free(ctx);
|
BN_clear_free(kinv);
|
||||||
BN_clear_free(&m);
|
return ret;
|
||||||
BN_clear_free(&xr);
|
|
||||||
if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
|
|
||||||
BN_clear_free(kinv);
|
|
||||||
return (ret);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* 2006.
|
* 2006.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -230,10 +230,16 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
|
|||||||
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
|
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
|
||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
if (!strcmp(type, "dsa_paramgen_md")) {
|
if (strcmp(type, "dsa_paramgen_md") == 0) {
|
||||||
|
const EVP_MD *md = EVP_get_digestbyname(value);
|
||||||
|
|
||||||
|
if (md == NULL) {
|
||||||
|
DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
|
||||||
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
|
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
|
||||||
(void *)EVP_get_digestbyname(value));
|
(void *)md);
|
||||||
}
|
}
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* 2006.
|
* 2006.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
|
|||||||
static EC_KEY *eckey_type2param(int ptype, void *pval)
|
static EC_KEY *eckey_type2param(int ptype, void *pval)
|
||||||
{
|
{
|
||||||
EC_KEY *eckey = NULL;
|
EC_KEY *eckey = NULL;
|
||||||
|
EC_GROUP *group = NULL;
|
||||||
|
|
||||||
if (ptype == V_ASN1_SEQUENCE) {
|
if (ptype == V_ASN1_SEQUENCE) {
|
||||||
ASN1_STRING *pstr = pval;
|
const ASN1_STRING *pstr = pval;
|
||||||
const unsigned char *pm = NULL;
|
const unsigned char *pm = pstr->data;
|
||||||
int pmlen;
|
int pmlen = pstr->length;
|
||||||
pm = pstr->data;
|
|
||||||
pmlen = pstr->length;
|
if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
|
||||||
if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
|
|
||||||
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
|
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
|
||||||
goto ecerr;
|
goto ecerr;
|
||||||
}
|
}
|
||||||
} else if (ptype == V_ASN1_OBJECT) {
|
} else if (ptype == V_ASN1_OBJECT) {
|
||||||
ASN1_OBJECT *poid = pval;
|
const ASN1_OBJECT *poid = pval;
|
||||||
EC_GROUP *group;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
|
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
|
||||||
@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
|
|||||||
return eckey;
|
return eckey;
|
||||||
|
|
||||||
ecerr:
|
ecerr:
|
||||||
if (eckey)
|
EC_KEY_free(eckey);
|
||||||
EC_KEY_free(eckey);
|
EC_GROUP_free(group);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* Originally written by Bodo Moeller for the OpenSSL project.
|
* Originally written by Bodo Moeller for the OpenSSL project.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -319,12 +319,16 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
|
|||||||
BN_zero(&group->cofactor);
|
BN_zero(&group->cofactor);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We ignore the return value because some groups have an order with
|
* Some groups have an order with
|
||||||
* factors of two, which makes the Montgomery setup fail.
|
* factors of two, which makes the Montgomery setup fail.
|
||||||
* |group->mont_data| will be NULL in this case.
|
* |group->mont_data| will be NULL in this case.
|
||||||
*/
|
*/
|
||||||
ec_precompute_mont_data(group);
|
if (BN_is_odd(&group->order)) {
|
||||||
|
return ec_precompute_mont_data(group);
|
||||||
|
}
|
||||||
|
|
||||||
|
BN_MONT_CTX_free(group->mont_data);
|
||||||
|
group->mont_data = NULL;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
|
|||||||
const P256_POINT_AFFINE *in,
|
const P256_POINT_AFFINE *in,
|
||||||
BN_CTX *ctx)
|
BN_CTX *ctx)
|
||||||
{
|
{
|
||||||
BIGNUM x, y;
|
BIGNUM x, y, z;
|
||||||
BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
|
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
memcpy(d_x, in->X, sizeof(d_x));
|
/*
|
||||||
x.d = d_x;
|
* |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
|
||||||
|
* flag, which effectively means "read-only data".
|
||||||
|
*/
|
||||||
|
x.d = (BN_ULONG *)in->X;
|
||||||
x.dmax = x.top = P256_LIMBS;
|
x.dmax = x.top = P256_LIMBS;
|
||||||
x.neg = 0;
|
x.neg = 0;
|
||||||
x.flags = BN_FLG_STATIC_DATA;
|
x.flags = BN_FLG_STATIC_DATA;
|
||||||
|
|
||||||
memcpy(d_y, in->Y, sizeof(d_y));
|
y.d = (BN_ULONG *)in->Y;
|
||||||
y.d = d_y;
|
|
||||||
y.dmax = y.top = P256_LIMBS;
|
y.dmax = y.top = P256_LIMBS;
|
||||||
y.neg = 0;
|
y.neg = 0;
|
||||||
y.flags = BN_FLG_STATIC_DATA;
|
y.flags = BN_FLG_STATIC_DATA;
|
||||||
|
|
||||||
ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx);
|
z.d = (BN_ULONG *)ONE;
|
||||||
|
z.dmax = z.top = P256_LIMBS;
|
||||||
|
z.neg = 0;
|
||||||
|
z.flags = BN_FLG_STATIC_DATA;
|
||||||
|
|
||||||
|
if ((ret = (BN_copy(&out->X, &x) != NULL))
|
||||||
|
&& (ret = (BN_copy(&out->Y, &y) != NULL))
|
||||||
|
&& (ret = (BN_copy(&out->Z, &z) != NULL)))
|
||||||
|
out->Z_is_one = 1;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -114,7 +114,7 @@ ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
|||||||
ecs_ossl.o: ../../include/openssl/opensslconf.h
|
ecs_ossl.o: ../../include/openssl/opensslconf.h
|
||||||
ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
|
ecs_ossl.o: ../../include/openssl/symhacks.h ../bn_int.h ecs_locl.h ecs_ossl.c
|
||||||
ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||||
ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||||
ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* Written by Nils Larsch for the OpenSSL project.
|
* Written by Nils Larsch for the OpenSSL project.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -137,7 +137,7 @@ int restore_rand(void)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int fbytes_counter = 0;
|
static int fbytes_counter = 0, use_fake = 0;
|
||||||
static const char *numbers[8] = {
|
static const char *numbers[8] = {
|
||||||
"651056770906015076056810763456358567190100156695615665659",
|
"651056770906015076056810763456358567190100156695615665659",
|
||||||
"6140507067065001063065065565667405560006161556565665656654",
|
"6140507067065001063065065565667405560006161556565665656654",
|
||||||
@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num)
|
|||||||
int ret;
|
int ret;
|
||||||
BIGNUM *tmp = NULL;
|
BIGNUM *tmp = NULL;
|
||||||
|
|
||||||
|
if (use_fake == 0)
|
||||||
|
return old_rand->bytes(buf, num);
|
||||||
|
|
||||||
|
use_fake = 0;
|
||||||
|
|
||||||
if (fbytes_counter >= 8)
|
if (fbytes_counter >= 8)
|
||||||
return 0;
|
return 0;
|
||||||
tmp = BN_new();
|
tmp = BN_new();
|
||||||
@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
|
|||||||
/* create the key */
|
/* create the key */
|
||||||
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
|
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
|
||||||
goto x962_int_err;
|
goto x962_int_err;
|
||||||
|
use_fake = 1;
|
||||||
if (!EC_KEY_generate_key(key))
|
if (!EC_KEY_generate_key(key))
|
||||||
goto x962_int_err;
|
goto x962_int_err;
|
||||||
BIO_printf(out, ".");
|
BIO_printf(out, ".");
|
||||||
(void)BIO_flush(out);
|
(void)BIO_flush(out);
|
||||||
/* create the signature */
|
/* create the signature */
|
||||||
|
use_fake = 1;
|
||||||
signature = ECDSA_do_sign(digest, 20, key);
|
signature = ECDSA_do_sign(digest, 20, key);
|
||||||
if (signature == NULL)
|
if (signature == NULL)
|
||||||
goto x962_int_err;
|
goto x962_int_err;
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* Written by Nils Larsch for the OpenSSL project
|
* Written by Nils Larsch for the OpenSSL project
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -60,6 +60,7 @@
|
|||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/obj_mac.h>
|
#include <openssl/obj_mac.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
|
#include "bn_int.h"
|
||||||
|
|
||||||
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
|
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
|
||||||
const BIGNUM *, const BIGNUM *,
|
const BIGNUM *, const BIGNUM *,
|
||||||
@ -251,13 +252,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
|||||||
EC_KEY *eckey)
|
EC_KEY *eckey)
|
||||||
{
|
{
|
||||||
int ok = 0, i;
|
int ok = 0, i;
|
||||||
BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
|
BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL;
|
||||||
const BIGNUM *ckinv;
|
const BIGNUM *ckinv;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
ECDSA_SIG *ret;
|
ECDSA_SIG *ret;
|
||||||
ECDSA_DATA *ecdsa;
|
ECDSA_DATA *ecdsa;
|
||||||
const BIGNUM *priv_key;
|
const BIGNUM *priv_key;
|
||||||
|
BN_MONT_CTX *mont_data;
|
||||||
|
|
||||||
ecdsa = ecdsa_check(eckey);
|
ecdsa = ecdsa_check(eckey);
|
||||||
group = EC_KEY_get0_group(eckey);
|
group = EC_KEY_get0_group(eckey);
|
||||||
@ -276,7 +278,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
|||||||
s = ret->s;
|
s = ret->s;
|
||||||
|
|
||||||
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
|
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
|
||||||
(tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
|
(m = BN_new()) == NULL) {
|
||||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -285,6 +287,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
|||||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
|
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
mont_data = EC_GROUP_get_mont_data(group);
|
||||||
|
|
||||||
i = BN_num_bits(order);
|
i = BN_num_bits(order);
|
||||||
/*
|
/*
|
||||||
* Need to truncate digest if it is too long: first truncate whole bytes.
|
* Need to truncate digest if it is too long: first truncate whole bytes.
|
||||||
@ -315,15 +319,27 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
|
/*
|
||||||
|
* With only one multiplicant being in Montgomery domain
|
||||||
|
* multiplication yields real result without post-conversion.
|
||||||
|
* Also note that all operations but last are performed with
|
||||||
|
* zero-padded vectors. Last operation, BN_mod_mul_montgomery
|
||||||
|
* below, returns user-visible value with removed zero padding.
|
||||||
|
*/
|
||||||
|
if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx)
|
||||||
|
|| !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) {
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
if (!bn_mod_add_fixed_top(s, s, m, order)) {
|
||||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!BN_mod_add_quick(s, tmp, m, order)) {
|
/*
|
||||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
* |s| can still be larger than modulus, because |m| can be. In
|
||||||
goto err;
|
* such case we count on Montgomery reduction to tie it up.
|
||||||
}
|
*/
|
||||||
if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
|
if (!bn_to_mont_fixed_top(s, s, mont_data, ctx)
|
||||||
|
|| !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) {
|
||||||
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@ -353,8 +369,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
|
|||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
if (m)
|
if (m)
|
||||||
BN_clear_free(m);
|
BN_clear_free(m);
|
||||||
if (tmp)
|
|
||||||
BN_clear_free(tmp);
|
|
||||||
if (order)
|
if (order)
|
||||||
BN_free(order);
|
BN_free(order);
|
||||||
if (kinv)
|
if (kinv)
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 2000.
|
* 2000.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
|
|||||||
if (!int_cleanup_check(1))
|
if (!int_cleanup_check(1))
|
||||||
return;
|
return;
|
||||||
item = int_cleanup_item(cb);
|
item = int_cleanup_item(cb);
|
||||||
if (item)
|
if (item != NULL) {
|
||||||
sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
|
if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
|
||||||
|
OPENSSL_free(item);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* The API function that performs all cleanup */
|
/* The API function that performs all cleanup */
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -215,7 +215,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
|
|||||||
ENGINE *e = sk_ENGINE_value(sk, i);
|
ENGINE *e = sk_ENGINE_value(sk, i);
|
||||||
EVP_PKEY_ASN1_METHOD *ameth;
|
EVP_PKEY_ASN1_METHOD *ameth;
|
||||||
e->pkey_asn1_meths(e, &ameth, NULL, nid);
|
e->pkey_asn1_meths(e, &ameth, NULL, nid);
|
||||||
if (((int)strlen(ameth->pem_str) == lk->len) &&
|
if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) &&
|
||||||
!strncasecmp(ameth->pem_str, lk->str, lk->len)) {
|
!strncasecmp(ameth->pem_str, lk->str, lk->len)) {
|
||||||
lk->e = e;
|
lk->e = e;
|
||||||
lk->ameth = ameth;
|
lk->ameth = ameth;
|
||||||
|
@ -109,6 +109,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
|
|||||||
if (gmtime_r(timer, result) == NULL)
|
if (gmtime_r(timer, result) == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
ts = result;
|
ts = result;
|
||||||
|
#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
|
||||||
|
if (gmtime_s(result, timer))
|
||||||
|
return NULL;
|
||||||
|
ts = result;
|
||||||
#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
|
#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
|
||||||
ts = gmtime(timer);
|
ts = gmtime(timer);
|
||||||
if (ts == NULL)
|
if (ts == NULL)
|
||||||
|
@ -30,11 +30,11 @@ extern "C" {
|
|||||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x100020ffL
|
# define OPENSSL_VERSION_NUMBER 0x1000210fL
|
||||||
# ifdef OPENSSL_FIPS
|
# ifdef OPENSSL_FIPS
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p-fips 14 Aug 2018"
|
||||||
# else
|
# else
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-freebsd 27 Mar 2018"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p-freebsd 14 Aug 2018"
|
||||||
# endif
|
# endif
|
||||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||||
|
|
||||||
|
@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
|
|||||||
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||||
unsigned int *siglen, EVP_PKEY *pkey);
|
unsigned int *siglen, EVP_PKEY *pkey);
|
||||||
|
|
||||||
int PEM_def_callback(char *buf, int num, int w, void *key);
|
/* The default pem_password_cb that's used internally */
|
||||||
|
int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
|
||||||
void PEM_proc_type(char *buf, int type);
|
void PEM_proc_type(char *buf, int type);
|
||||||
void PEM_dek_info(char *buf, const char *type, int len, char *str);
|
void PEM_dek_info(char *buf, const char *type, int len, char *str);
|
||||||
|
|
||||||
|
@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num);
|
|||||||
static int check_pem(const char *nm, const char *name);
|
static int check_pem(const char *nm, const char *name);
|
||||||
int pem_check_suffix(const char *pem_str, const char *suffix);
|
int pem_check_suffix(const char *pem_str, const char *suffix);
|
||||||
|
|
||||||
int PEM_def_callback(char *buf, int num, int w, void *key)
|
int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
|
||||||
{
|
{
|
||||||
#ifdef OPENSSL_NO_FP_API
|
int i, min_len;
|
||||||
/*
|
|
||||||
* We should not ever call the default callback routine from windows.
|
|
||||||
*/
|
|
||||||
PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
||||||
return (-1);
|
|
||||||
#else
|
|
||||||
int i, j;
|
|
||||||
const char *prompt;
|
const char *prompt;
|
||||||
if (key) {
|
|
||||||
i = strlen(key);
|
/* We assume that the user passes a default password as userdata */
|
||||||
|
if (userdata) {
|
||||||
|
i = strlen(userdata);
|
||||||
i = (i > num) ? num : i;
|
i = (i > num) ? num : i;
|
||||||
memcpy(buf, key, i);
|
memcpy(buf, userdata, i);
|
||||||
return (i);
|
return i;
|
||||||
}
|
}
|
||||||
|
|
||||||
prompt = EVP_get_pw_prompt();
|
prompt = EVP_get_pw_prompt();
|
||||||
if (prompt == NULL)
|
if (prompt == NULL)
|
||||||
prompt = "Enter PEM pass phrase:";
|
prompt = "Enter PEM pass phrase:";
|
||||||
|
|
||||||
for (;;) {
|
/*
|
||||||
/*
|
* rwflag == 0 means decryption
|
||||||
* We assume that w == 0 means decryption,
|
* rwflag == 1 means encryption
|
||||||
* while w == 1 means encryption
|
*
|
||||||
*/
|
* We assume that for encryption, we want a minimum length, while for
|
||||||
int min_len = w ? MIN_LENGTH : 0;
|
* decryption, we cannot know any minimum length, so we assume zero.
|
||||||
|
*/
|
||||||
|
min_len = rwflag ? MIN_LENGTH : 0;
|
||||||
|
|
||||||
i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
|
i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
|
||||||
if (i != 0) {
|
if (i != 0) {
|
||||||
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
|
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
|
||||||
memset(buf, 0, (unsigned int)num);
|
memset(buf, 0, (unsigned int)num);
|
||||||
return (-1);
|
return -1;
|
||||||
}
|
|
||||||
j = strlen(buf);
|
|
||||||
if (min_len && j < min_len) {
|
|
||||||
fprintf(stderr,
|
|
||||||
"phrase is too short, needs to be at least %d chars\n",
|
|
||||||
min_len);
|
|
||||||
} else
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
return (j);
|
return strlen(buf);
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PEM_proc_type(char *buf, int type)
|
void PEM_proc_type(char *buf, int type)
|
||||||
@ -459,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
|||||||
klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
|
klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
|
||||||
else
|
else
|
||||||
klen = callback(buf, PEM_BUFSIZE, 0, u);
|
klen = callback(buf, PEM_BUFSIZE, 0, u);
|
||||||
if (klen <= 0) {
|
if (klen < 0) {
|
||||||
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
|
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -499,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
|
|||||||
char **header_pp = &header;
|
char **header_pp = &header;
|
||||||
|
|
||||||
cipher->cipher = NULL;
|
cipher->cipher = NULL;
|
||||||
|
memset(cipher->iv, 0, sizeof(cipher->iv));
|
||||||
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
|
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
|
||||||
return (1);
|
return (1);
|
||||||
if (strncmp(header, "Proc-Type: ", 11) != 0) {
|
if (strncmp(header, "Proc-Type: ", 11) != 0) {
|
||||||
|
@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|||||||
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
else
|
else
|
||||||
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
if (klen <= 0) {
|
if (klen < 0) {
|
||||||
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
|
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
|
||||||
X509_SIG_free(p8);
|
X509_SIG_free(p8);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|||||||
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
else
|
else
|
||||||
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
if (klen <= 0) {
|
if (klen < 0) {
|
||||||
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
|
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
|
||||||
X509_SIG_free(p8);
|
X509_SIG_free(p8);
|
||||||
goto err;
|
goto err;
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
* 2005.
|
* 2005.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
|
|||||||
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
else
|
else
|
||||||
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
|
||||||
if (inlen <= 0) {
|
if (inlen < 0) {
|
||||||
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
|
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 1999.
|
* 1999.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -100,7 +100,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
|
|||||||
ASN1_ADB(PKCS12_SAFEBAG) = {
|
ASN1_ADB(PKCS12_SAFEBAG) = {
|
||||||
ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
|
ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
|
||||||
ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
|
ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
|
||||||
ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
|
ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
|
||||||
ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
|
ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
|
||||||
ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
|
ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
|
||||||
ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
|
ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
|
||||||
|
@ -153,7 +153,7 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
|
|||||||
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
|
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
|
||||||
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
|
rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c
|
||||||
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||||
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
||||||
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
|
||||||
|
@ -56,7 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -114,6 +114,7 @@
|
|||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
|
#include "bn_int.h"
|
||||||
|
|
||||||
#ifndef RSA_NULL
|
#ifndef RSA_NULL
|
||||||
|
|
||||||
@ -156,7 +157,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
|
|||||||
unsigned char *to, RSA *rsa, int padding)
|
unsigned char *to, RSA *rsa, int padding)
|
||||||
{
|
{
|
||||||
BIGNUM *f, *ret;
|
BIGNUM *f, *ret;
|
||||||
int i, j, k, num = 0, r = -1;
|
int i, num = 0, r = -1;
|
||||||
unsigned char *buf = NULL;
|
unsigned char *buf = NULL;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
|
|
||||||
@ -232,15 +233,10 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* put in leading 0 bytes if the number is less than the length of the
|
* BN_bn2binpad puts in leading 0 bytes if the number is less than
|
||||||
* modulus
|
* the length of the modulus.
|
||||||
*/
|
*/
|
||||||
j = BN_num_bytes(ret);
|
r = bn_bn2binpad(ret, to, num);
|
||||||
i = BN_bn2bin(ret, &(to[num - j]));
|
|
||||||
for (k = 0; k < (num - i); k++)
|
|
||||||
to[k] = 0;
|
|
||||||
|
|
||||||
r = num;
|
|
||||||
err:
|
err:
|
||||||
if (ctx != NULL) {
|
if (ctx != NULL) {
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
@ -349,7 +345,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
|||||||
unsigned char *to, RSA *rsa, int padding)
|
unsigned char *to, RSA *rsa, int padding)
|
||||||
{
|
{
|
||||||
BIGNUM *f, *ret, *res;
|
BIGNUM *f, *ret, *res;
|
||||||
int i, j, k, num = 0, r = -1;
|
int i, num = 0, r = -1;
|
||||||
unsigned char *buf = NULL;
|
unsigned char *buf = NULL;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
int local_blinding = 0;
|
int local_blinding = 0;
|
||||||
@ -459,15 +455,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
|||||||
res = ret;
|
res = ret;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* put in leading 0 bytes if the number is less than the length of the
|
* BN_bn2binpad puts in leading 0 bytes if the number is less than
|
||||||
* modulus
|
* the length of the modulus.
|
||||||
*/
|
*/
|
||||||
j = BN_num_bytes(res);
|
r = bn_bn2binpad(res, to, num);
|
||||||
i = BN_bn2bin(res, &(to[num - j]));
|
|
||||||
for (k = 0; k < (num - i); k++)
|
|
||||||
to[k] = 0;
|
|
||||||
|
|
||||||
r = num;
|
|
||||||
err:
|
err:
|
||||||
if (ctx != NULL) {
|
if (ctx != NULL) {
|
||||||
BN_CTX_end(ctx);
|
BN_CTX_end(ctx);
|
||||||
@ -485,7 +476,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
|||||||
{
|
{
|
||||||
BIGNUM *f, *ret;
|
BIGNUM *f, *ret;
|
||||||
int j, num = 0, r = -1;
|
int j, num = 0, r = -1;
|
||||||
unsigned char *p;
|
|
||||||
unsigned char *buf = NULL;
|
unsigned char *buf = NULL;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
int local_blinding = 0;
|
int local_blinding = 0;
|
||||||
@ -576,8 +566,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
|||||||
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
p = buf;
|
j = bn_bn2binpad(ret, buf, num);
|
||||||
j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
|
|
||||||
|
|
||||||
switch (padding) {
|
switch (padding) {
|
||||||
case RSA_PKCS1_PADDING:
|
case RSA_PKCS1_PADDING:
|
||||||
@ -592,7 +581,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
|||||||
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
|
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
|
||||||
break;
|
break;
|
||||||
case RSA_NO_PADDING:
|
case RSA_NO_PADDING:
|
||||||
r = RSA_padding_check_none(to, num, buf, j, num);
|
memcpy(to, buf, (r = j));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
|
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
|
||||||
@ -619,7 +608,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
|||||||
{
|
{
|
||||||
BIGNUM *f, *ret;
|
BIGNUM *f, *ret;
|
||||||
int i, num = 0, r = -1;
|
int i, num = 0, r = -1;
|
||||||
unsigned char *p;
|
|
||||||
unsigned char *buf = NULL;
|
unsigned char *buf = NULL;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
|
|
||||||
@ -684,8 +672,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
|||||||
if (!BN_sub(ret, rsa->n, ret))
|
if (!BN_sub(ret, rsa->n, ret))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
p = buf;
|
i = bn_bn2binpad(ret, buf, num);
|
||||||
i = BN_bn2bin(ret, p);
|
|
||||||
|
|
||||||
switch (padding) {
|
switch (padding) {
|
||||||
case RSA_PKCS1_PADDING:
|
case RSA_PKCS1_PADDING:
|
||||||
@ -695,7 +682,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
|||||||
r = RSA_padding_check_X931(to, num, buf, i, num);
|
r = RSA_padding_check_X931(to, num, buf, i, num);
|
||||||
break;
|
break;
|
||||||
case RSA_NO_PADDING:
|
case RSA_NO_PADDING:
|
||||||
r = RSA_padding_check_none(to, num, buf, i, num);
|
memcpy(to, buf, (r = i));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
|
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
|
||||||
|
@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
|
|||||||
if (BN_copy(rsa->e, e_value) == NULL)
|
if (BN_copy(rsa->e, e_value) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
|
||||||
|
BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
|
||||||
BN_set_flags(r2, BN_FLG_CONSTTIME);
|
BN_set_flags(r2, BN_FLG_CONSTTIME);
|
||||||
/* generate p and q */
|
/* generate p and q */
|
||||||
for (;;) {
|
for (;;) {
|
||||||
|
@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
|||||||
int plen, const EVP_MD *md,
|
int plen, const EVP_MD *md,
|
||||||
const EVP_MD *mgf1md)
|
const EVP_MD *mgf1md)
|
||||||
{
|
{
|
||||||
int i, dblen, mlen = -1, one_index = 0, msg_index;
|
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
|
||||||
unsigned int good, found_one_byte;
|
unsigned int good, found_one_byte;
|
||||||
const unsigned char *maskedseed, *maskeddb;
|
const unsigned char *maskedseed, *maskeddb;
|
||||||
/*
|
/*
|
||||||
@ -153,32 +153,41 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
|||||||
|
|
||||||
dblen = num - mdlen - 1;
|
dblen = num - mdlen - 1;
|
||||||
db = OPENSSL_malloc(dblen);
|
db = OPENSSL_malloc(dblen);
|
||||||
em = OPENSSL_malloc(num);
|
if (db == NULL) {
|
||||||
if (db == NULL || em == NULL) {
|
|
||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
if (flen != num) {
|
||||||
* Always do this zero-padding copy (even when num == flen) to avoid
|
em = OPENSSL_malloc(num);
|
||||||
* leaking that information. The copy still leaks some side-channel
|
if (em == NULL) {
|
||||||
* information, but it's impossible to have a fixed memory access
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
||||||
* pattern since we can't read out of the bounds of |from|.
|
ERR_R_MALLOC_FAILURE);
|
||||||
*
|
goto cleanup;
|
||||||
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
|
}
|
||||||
*/
|
|
||||||
memset(em, 0, num);
|
/*
|
||||||
memcpy(em + num - flen, from, flen);
|
* Caller is encouraged to pass zero-padded message created with
|
||||||
|
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
|
||||||
|
* to avoid leaking that information. The copy still leaks some
|
||||||
|
* side-channel information, but it's impossible to have a fixed
|
||||||
|
* memory access pattern since we can't read out of the bounds of
|
||||||
|
* |from|.
|
||||||
|
*/
|
||||||
|
memset(em, 0, num);
|
||||||
|
memcpy(em + num - flen, from, flen);
|
||||||
|
from = em;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The first byte must be zero, however we must not leak if this is
|
* The first byte must be zero, however we must not leak if this is
|
||||||
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
|
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
|
||||||
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
|
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
|
||||||
*/
|
*/
|
||||||
good = constant_time_is_zero(em[0]);
|
good = constant_time_is_zero(from[0]);
|
||||||
|
|
||||||
maskedseed = em + 1;
|
maskedseed = from + 1;
|
||||||
maskeddb = em + 1 + mdlen;
|
maskeddb = from + 1 + mdlen;
|
||||||
|
|
||||||
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
|
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
@ -98,6 +98,27 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
|
|||||||
const unsigned char *p;
|
const unsigned char *p;
|
||||||
|
|
||||||
p = from;
|
p = from;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The format is
|
||||||
|
* 00 || 01 || PS || 00 || D
|
||||||
|
* PS - padding string, at least 8 bytes of FF
|
||||||
|
* D - data.
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (num < 11)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
/* Accept inputs with and without the leading 0-byte. */
|
||||||
|
if (num == flen) {
|
||||||
|
if ((*p++) != 0x00) {
|
||||||
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
|
||||||
|
RSA_R_INVALID_PADDING);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
flen--;
|
||||||
|
}
|
||||||
|
|
||||||
if ((num != (flen + 1)) || (*(p++) != 01)) {
|
if ((num != (flen + 1)) || (*(p++) != 01)) {
|
||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
|
||||||
RSA_R_BLOCK_TYPE_IS_NOT_01);
|
RSA_R_BLOCK_TYPE_IS_NOT_01);
|
||||||
@ -203,28 +224,31 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
|||||||
if (num < 11)
|
if (num < 11)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
em = OPENSSL_malloc(num);
|
if (flen != num) {
|
||||||
if (em == NULL) {
|
em = OPENSSL_malloc(num);
|
||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
|
if (em == NULL) {
|
||||||
return -1;
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
* Caller is encouraged to pass zero-padded message created with
|
||||||
|
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
|
||||||
|
* to avoid leaking that information. The copy still leaks some
|
||||||
|
* side-channel information, but it's impossible to have a fixed
|
||||||
|
* memory access pattern since we can't read out of the bounds of
|
||||||
|
* |from|.
|
||||||
|
*/
|
||||||
|
memset(em, 0, num);
|
||||||
|
memcpy(em + num - flen, from, flen);
|
||||||
|
from = em;
|
||||||
}
|
}
|
||||||
memset(em, 0, num);
|
|
||||||
/*
|
|
||||||
* Always do this zero-padding copy (even when num == flen) to avoid
|
|
||||||
* leaking that information. The copy still leaks some side-channel
|
|
||||||
* information, but it's impossible to have a fixed memory access
|
|
||||||
* pattern since we can't read out of the bounds of |from|.
|
|
||||||
*
|
|
||||||
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
|
|
||||||
*/
|
|
||||||
memcpy(em + num - flen, from, flen);
|
|
||||||
|
|
||||||
good = constant_time_is_zero(em[0]);
|
good = constant_time_is_zero(from[0]);
|
||||||
good &= constant_time_eq(em[1], 2);
|
good &= constant_time_eq(from[1], 2);
|
||||||
|
|
||||||
found_zero_byte = 0;
|
found_zero_byte = 0;
|
||||||
for (i = 2; i < num; i++) {
|
for (i = 2; i < num; i++) {
|
||||||
unsigned int equals0 = constant_time_is_zero(em[i]);
|
unsigned int equals0 = constant_time_is_zero(from[i]);
|
||||||
zero_index =
|
zero_index =
|
||||||
constant_time_select_int(~found_zero_byte & equals0, i,
|
constant_time_select_int(~found_zero_byte & equals0, i,
|
||||||
zero_index);
|
zero_index);
|
||||||
@ -232,7 +256,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
* PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
||||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
||||||
* also fails.
|
* also fails.
|
||||||
*/
|
*/
|
||||||
@ -261,7 +285,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(to, em + msg_index, mlen);
|
memcpy(to, from + msg_index, mlen);
|
||||||
|
|
||||||
err:
|
err:
|
||||||
if (em != NULL) {
|
if (em != NULL) {
|
||||||
|
@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
|
if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
|
||||||
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
|
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
|
||||||
}
|
}
|
||||||
/* Special case: SSL signature, just check the length */
|
/* Special case: SSL signature, just check the length */
|
||||||
@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
|||||||
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
|
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
|
if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
|
||||||
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
|
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,6 +112,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
|||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
|
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
|
||||||
return (-1);
|
return (-1);
|
||||||
}
|
}
|
||||||
|
/* Accept even zero-padded input */
|
||||||
|
if (flen == num) {
|
||||||
|
if (*(p++) != 0) {
|
||||||
|
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
flen--;
|
||||||
|
}
|
||||||
if ((num != (flen + 1)) || (*(p++) != 02)) {
|
if ((num != (flen + 1)) || (*(p++) != 02)) {
|
||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||||
return (-1);
|
return (-1);
|
||||||
|
@ -131,7 +131,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
|
|||||||
`ml 2>&1` =~ /Version ([0-9]+)\./ &&
|
`ml 2>&1` =~ /Version ([0-9]+)\./ &&
|
||||||
$1>=10); # first version supporting AVX
|
$1>=10); # first version supporting AVX
|
||||||
|
|
||||||
$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
|
$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
|
||||||
$2>=3.0); # first version supporting AVX
|
$2>=3.0); # first version supporting AVX
|
||||||
|
|
||||||
$shaext=$xmm; ### set to zero if compiling for 1.0.1
|
$shaext=$xmm; ### set to zero if compiling for 1.0.1
|
||||||
|
@ -83,7 +83,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" &&
|
|||||||
$avx = ($1>=10) + ($1>=11);
|
$avx = ($1>=10) + ($1>=11);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||||
$avx = ($2>=3.0) + ($2>3.0);
|
$avx = ($2>=3.0) + ($2>3.0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* OpenSSL project 2001.
|
* OpenSSL project 2001.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -567,17 +567,13 @@ static int echo_console(UI *ui)
|
|||||||
{
|
{
|
||||||
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
|
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
|
||||||
memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
|
memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
|
||||||
tty_new.TTY_FLAGS |= ECHO;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
|
|
||||||
if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
|
if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_SYS_VMS
|
#ifdef OPENSSL_SYS_VMS
|
||||||
if (is_a_tty) {
|
if (is_a_tty) {
|
||||||
tty_new[0] = tty_orig[0];
|
tty_new[0] = tty_orig[0];
|
||||||
tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
|
tty_new[1] = tty_orig[1];
|
||||||
tty_new[2] = tty_orig[2];
|
tty_new[2] = tty_orig[2];
|
||||||
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
|
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
|
||||||
0, 0, 0, 0);
|
0, 0, 0, 0);
|
||||||
|
@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
|
|||||||
|
|
||||||
ret = a->canon_enclen - b->canon_enclen;
|
ret = a->canon_enclen - b->canon_enclen;
|
||||||
|
|
||||||
if (ret)
|
if (ret != 0 || a->canon_enclen == 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
|
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
|
||||||
|
@ -311,7 +311,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
|
|||||||
X509_OBJECT stmp, *tmp;
|
X509_OBJECT stmp, *tmp;
|
||||||
int i, j;
|
int i, j;
|
||||||
|
|
||||||
|
if (ctx == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
||||||
|
|
||||||
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
|
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
|
||||||
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
|
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
|
||||||
|
|
||||||
@ -506,6 +510,10 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
|
|||||||
STACK_OF(X509) *sk;
|
STACK_OF(X509) *sk;
|
||||||
X509 *x;
|
X509 *x;
|
||||||
X509_OBJECT *obj;
|
X509_OBJECT *obj;
|
||||||
|
|
||||||
|
if (ctx->ctx == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
sk = sk_X509_new_null();
|
sk = sk_X509_new_null();
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
||||||
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
|
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
|
||||||
@ -551,6 +559,11 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
|
|||||||
STACK_OF(X509_CRL) *sk;
|
STACK_OF(X509_CRL) *sk;
|
||||||
X509_CRL *x;
|
X509_CRL *x;
|
||||||
X509_OBJECT *obj, xobj;
|
X509_OBJECT *obj, xobj;
|
||||||
|
|
||||||
|
|
||||||
|
if (ctx->ctx == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
sk = sk_X509_CRL_new_null();
|
sk = sk_X509_CRL_new_null();
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
||||||
|
|
||||||
@ -651,6 +664,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
|
|||||||
}
|
}
|
||||||
X509_OBJECT_free_contents(&obj);
|
X509_OBJECT_free_contents(&obj);
|
||||||
|
|
||||||
|
if (ctx->ctx == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
/* Else find index of first cert accepted by 'check_issued' */
|
/* Else find index of first cert accepted by 'check_issued' */
|
||||||
ret = 0;
|
ret = 0;
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
|
||||||
|
@ -56,6 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <ctype.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
@ -1937,119 +1938,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm)
|
|||||||
|
|
||||||
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
|
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
|
||||||
{
|
{
|
||||||
char *str;
|
static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
|
||||||
ASN1_TIME atm;
|
static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
|
||||||
long offset;
|
ASN1_TIME *asn1_cmp_time = NULL;
|
||||||
char buff1[24], buff2[24], *p;
|
int i, day, sec, ret = 0;
|
||||||
int i, j, remaining;
|
|
||||||
|
|
||||||
p = buff1;
|
|
||||||
remaining = ctm->length;
|
|
||||||
str = (char *)ctm->data;
|
|
||||||
/*
|
/*
|
||||||
* Note that the following (historical) code allows much more slack in the
|
* Note that ASN.1 allows much more slack in the time format than RFC5280.
|
||||||
* time format than RFC5280. In RFC5280, the representation is fixed:
|
* In RFC5280, the representation is fixed:
|
||||||
* UTCTime: YYMMDDHHMMSSZ
|
* UTCTime: YYMMDDHHMMSSZ
|
||||||
* GeneralizedTime: YYYYMMDDHHMMSSZ
|
* GeneralizedTime: YYYYMMDDHHMMSSZ
|
||||||
|
*
|
||||||
|
* We do NOT currently enforce the following RFC 5280 requirement:
|
||||||
|
* "CAs conforming to this profile MUST always encode certificate
|
||||||
|
* validity dates through the year 2049 as UTCTime; certificate validity
|
||||||
|
* dates in 2050 or later MUST be encoded as GeneralizedTime."
|
||||||
*/
|
*/
|
||||||
if (ctm->type == V_ASN1_UTCTIME) {
|
switch (ctm->type) {
|
||||||
/* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
|
case V_ASN1_UTCTIME:
|
||||||
int min_length = sizeof("YYMMDDHHMMZ") - 1;
|
if (ctm->length != (int)(utctime_length))
|
||||||
int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
|
|
||||||
if (remaining < min_length || remaining > max_length)
|
|
||||||
return 0;
|
return 0;
|
||||||
memcpy(p, str, 10);
|
break;
|
||||||
p += 10;
|
case V_ASN1_GENERALIZEDTIME:
|
||||||
str += 10;
|
if (ctm->length != (int)(generalizedtime_length))
|
||||||
remaining -= 10;
|
|
||||||
} else {
|
|
||||||
/* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
|
|
||||||
int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
|
|
||||||
int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
|
|
||||||
if (remaining < min_length || remaining > max_length)
|
|
||||||
return 0;
|
return 0;
|
||||||
memcpy(p, str, 12);
|
break;
|
||||||
p += 12;
|
default:
|
||||||
str += 12;
|
|
||||||
remaining -= 12;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
|
|
||||||
*(p++) = '0';
|
|
||||||
*(p++) = '0';
|
|
||||||
} else {
|
|
||||||
/* SS (seconds) */
|
|
||||||
if (remaining < 2)
|
|
||||||
return 0;
|
|
||||||
*(p++) = *(str++);
|
|
||||||
*(p++) = *(str++);
|
|
||||||
remaining -= 2;
|
|
||||||
/*
|
|
||||||
* Skip any (up to three) fractional seconds...
|
|
||||||
* TODO(emilia): in RFC5280, fractional seconds are forbidden.
|
|
||||||
* Can we just kill them altogether?
|
|
||||||
*/
|
|
||||||
if (remaining && *str == '.') {
|
|
||||||
str++;
|
|
||||||
remaining--;
|
|
||||||
for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
|
|
||||||
if (*str < '0' || *str > '9')
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
*(p++) = 'Z';
|
|
||||||
*(p++) = '\0';
|
|
||||||
|
|
||||||
/* We now need either a terminating 'Z' or an offset. */
|
|
||||||
if (!remaining)
|
|
||||||
return 0;
|
return 0;
|
||||||
if (*str == 'Z') {
|
|
||||||
if (remaining != 1)
|
|
||||||
return 0;
|
|
||||||
offset = 0;
|
|
||||||
} else {
|
|
||||||
/* (+-)HHMM */
|
|
||||||
if ((*str != '+') && (*str != '-'))
|
|
||||||
return 0;
|
|
||||||
/* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
|
|
||||||
if (remaining != 5)
|
|
||||||
return 0;
|
|
||||||
if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
|
|
||||||
str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
|
|
||||||
return 0;
|
|
||||||
offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
|
|
||||||
offset += (str[3] - '0') * 10 + (str[4] - '0');
|
|
||||||
if (*str == '-')
|
|
||||||
offset = -offset;
|
|
||||||
}
|
}
|
||||||
atm.type = ctm->type;
|
|
||||||
atm.flags = 0;
|
|
||||||
atm.length = sizeof(buff2);
|
|
||||||
atm.data = (unsigned char *)buff2;
|
|
||||||
|
|
||||||
if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
|
/**
|
||||||
|
* Verify the format: the ASN.1 functions we use below allow a more
|
||||||
|
* flexible format than what's mandated by RFC 5280.
|
||||||
|
* Digit and date ranges will be verified in the conversion methods.
|
||||||
|
*/
|
||||||
|
for (i = 0; i < ctm->length - 1; i++) {
|
||||||
|
if (!isdigit(ctm->data[i]))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (ctm->data[ctm->length - 1] != 'Z')
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (ctm->type == V_ASN1_UTCTIME) {
|
/*
|
||||||
i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
|
* There is ASN1_UTCTIME_cmp_time_t but no
|
||||||
if (i < 50)
|
* ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
|
||||||
i += 100; /* cf. RFC 2459 */
|
* so we go through ASN.1
|
||||||
j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
|
*/
|
||||||
if (j < 50)
|
asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
|
||||||
j += 100;
|
if (asn1_cmp_time == NULL)
|
||||||
|
goto err;
|
||||||
|
if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
|
||||||
|
goto err;
|
||||||
|
|
||||||
if (i < j)
|
/*
|
||||||
return -1;
|
* X509_cmp_time comparison is <=.
|
||||||
if (i > j)
|
* The return value 0 is reserved for errors.
|
||||||
return 1;
|
*/
|
||||||
}
|
ret = (day >= 0 && sec >= 0) ? -1 : 1;
|
||||||
i = strcmp(buff1, buff2);
|
|
||||||
if (i == 0) /* wait a second then return younger :-) */
|
err:
|
||||||
return -1;
|
ASN1_TIME_free(asn1_cmp_time);
|
||||||
else
|
return ret;
|
||||||
return i;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
|
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* 2001.
|
* 2001.
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -128,11 +128,10 @@ int X509_check_purpose(X509 *x, int id, int ca)
|
|||||||
{
|
{
|
||||||
int idx;
|
int idx;
|
||||||
const X509_PURPOSE *pt;
|
const X509_PURPOSE *pt;
|
||||||
if (!(x->ex_flags & EXFLAG_SET)) {
|
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509);
|
x509v3_cache_extensions(x);
|
||||||
x509v3_cache_extensions(x);
|
|
||||||
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
|
/* Return if side-effect only call */
|
||||||
}
|
|
||||||
if (id == -1)
|
if (id == -1)
|
||||||
return 1;
|
return 1;
|
||||||
idx = X509_PURPOSE_get_by_id(id);
|
idx = X509_PURPOSE_get_by_id(id);
|
||||||
@ -399,8 +398,16 @@ static void x509v3_cache_extensions(X509 *x)
|
|||||||
X509_EXTENSION *ex;
|
X509_EXTENSION *ex;
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (x->ex_flags & EXFLAG_SET)
|
if (x->ex_flags & EXFLAG_SET)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
CRYPTO_w_lock(CRYPTO_LOCK_X509);
|
||||||
|
if (x->ex_flags & EXFLAG_SET) {
|
||||||
|
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SHA
|
#ifndef OPENSSL_NO_SHA
|
||||||
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
|
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
|
||||||
#endif
|
#endif
|
||||||
@ -536,6 +543,7 @@ static void x509v3_cache_extensions(X509 *x)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
x->ex_flags |= EXFLAG_SET;
|
x->ex_flags |= EXFLAG_SET;
|
||||||
|
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
@ -578,11 +586,7 @@ static int check_ca(const X509 *x)
|
|||||||
|
|
||||||
int X509_check_ca(X509 *x)
|
int X509_check_ca(X509 *x)
|
||||||
{
|
{
|
||||||
if (!(x->ex_flags & EXFLAG_SET)) {
|
x509v3_cache_extensions(x);
|
||||||
CRYPTO_w_lock(CRYPTO_LOCK_X509);
|
|
||||||
x509v3_cache_extensions(x);
|
|
||||||
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
|
|
||||||
}
|
|
||||||
|
|
||||||
return check_ca(x);
|
return check_ca(x);
|
||||||
}
|
}
|
||||||
@ -796,6 +800,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
|
|||||||
if (X509_NAME_cmp(X509_get_subject_name(issuer),
|
if (X509_NAME_cmp(X509_get_subject_name(issuer),
|
||||||
X509_get_issuer_name(subject)))
|
X509_get_issuer_name(subject)))
|
||||||
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
|
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
|
||||||
|
|
||||||
x509v3_cache_extensions(issuer);
|
x509v3_cache_extensions(issuer);
|
||||||
x509v3_cache_extensions(subject);
|
x509v3_cache_extensions(subject);
|
||||||
|
|
||||||
|
@ -335,6 +335,9 @@ When encrypting a message this option may be used multiple times to specify
|
|||||||
each recipient. This form B<must> be used if customised parameters are
|
each recipient. This form B<must> be used if customised parameters are
|
||||||
required (for example to specify RSA-OAEP).
|
required (for example to specify RSA-OAEP).
|
||||||
|
|
||||||
|
Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
|
||||||
|
option.
|
||||||
|
|
||||||
=item B<-keyid>
|
=item B<-keyid>
|
||||||
|
|
||||||
use subject key identifier to identify certificates instead of issuer name and
|
use subject key identifier to identify certificates instead of issuer name and
|
||||||
@ -648,17 +651,14 @@ No revocation checking is done on the signer's certificate.
|
|||||||
=head1 HISTORY
|
=head1 HISTORY
|
||||||
|
|
||||||
The use of multiple B<-signer> options and the B<-resign> command were first
|
The use of multiple B<-signer> options and the B<-resign> command were first
|
||||||
added in OpenSSL 1.0.0
|
added in OpenSSL 1.0.0.
|
||||||
|
|
||||||
The B<keyopt> option was first added in OpenSSL 1.1.0
|
The B<keyopt> option was first added in OpenSSL 1.0.2.
|
||||||
|
|
||||||
The use of B<-recip> to specify the recipient when encrypting mail was first
|
Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
|
||||||
added to OpenSSL 1.1.0
|
|
||||||
|
|
||||||
Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
|
|
||||||
|
|
||||||
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
|
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
|
||||||
to OpenSSL 1.1.0.
|
to OpenSSL 1.0.2.
|
||||||
|
|
||||||
The -no_alt_chains options was first added to OpenSSL 1.0.2b.
|
The -no_alt_chains options was first added to OpenSSL 1.0.2b.
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ started or end of file is reached. A section name can consist of
|
|||||||
alphanumeric characters and underscores.
|
alphanumeric characters and underscores.
|
||||||
|
|
||||||
The first section of a configuration file is special and is referred
|
The first section of a configuration file is special and is referred
|
||||||
to as the B<default> section this is usually unnamed and is from the
|
to as the B<default> section. This section is usually unnamed and spans from the
|
||||||
start of file until the first named section. When a name is being looked up
|
start of file until the first named section. When a name is being looked up
|
||||||
it is first looked up in a named section (if any) and then the
|
it is first looked up in a named section (if any) and then the
|
||||||
default section.
|
default section.
|
||||||
|
@ -11,7 +11,7 @@ B<openssl> B<genpkey>
|
|||||||
[B<-out filename>]
|
[B<-out filename>]
|
||||||
[B<-outform PEM|DER>]
|
[B<-outform PEM|DER>]
|
||||||
[B<-pass arg>]
|
[B<-pass arg>]
|
||||||
[B<-cipher>]
|
[B<-I<cipher>>]
|
||||||
[B<-engine id>]
|
[B<-engine id>]
|
||||||
[B<-paramfile file>]
|
[B<-paramfile file>]
|
||||||
[B<-algorithm alg>]
|
[B<-algorithm alg>]
|
||||||
@ -34,21 +34,21 @@ used.
|
|||||||
|
|
||||||
=item B<-outform DER|PEM>
|
=item B<-outform DER|PEM>
|
||||||
|
|
||||||
This specifies the output format DER or PEM.
|
This specifies the output format DER or PEM. The default format is PEM.
|
||||||
|
|
||||||
=item B<-pass arg>
|
=item B<-pass arg>
|
||||||
|
|
||||||
the output file password source. For more information about the format of B<arg>
|
The output file password source. For more information about the format of B<arg>
|
||||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
|
||||||
|
|
||||||
=item B<-cipher>
|
=item B<-I<cipher>>
|
||||||
|
|
||||||
This option encrypts the private key with the supplied cipher. Any algorithm
|
This option encrypts the private key with the supplied cipher. Any algorithm
|
||||||
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
|
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
|
||||||
|
|
||||||
=item B<-engine id>
|
=item B<-engine id>
|
||||||
|
|
||||||
specifying an engine (by its unique B<id> string) will cause B<genpkey>
|
Specifying an engine (by its unique B<id> string) will cause B<genpkey>
|
||||||
to attempt to obtain a functional reference to the specified engine,
|
to attempt to obtain a functional reference to the specified engine,
|
||||||
thus initialising it if needed. The engine will then be set as the default
|
thus initialising it if needed. The engine will then be set as the default
|
||||||
for all available algorithms. If used this option should precede all other
|
for all available algorithms. If used this option should precede all other
|
||||||
@ -56,20 +56,33 @@ options.
|
|||||||
|
|
||||||
=item B<-algorithm alg>
|
=item B<-algorithm alg>
|
||||||
|
|
||||||
public key algorithm to use such as RSA, DSA or DH. If used this option must
|
Public key algorithm to use such as RSA, DSA or DH. If used this option must
|
||||||
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
|
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
|
||||||
are mutually exclusive.
|
are mutually exclusive. Engines may add algorithms in addition to the standard
|
||||||
|
built-in ones.
|
||||||
|
|
||||||
|
Valid built-in algorithm names for private key generation are RSA and EC.
|
||||||
|
|
||||||
|
Valid built-in algorithm names for parameter generation (see the B<-genparam>
|
||||||
|
option) are DH, DSA and EC.
|
||||||
|
|
||||||
|
Note that the algorithm name X9.42 DH may be used as a synonym for the DH
|
||||||
|
algorithm. These are identical and do not indicate the type of parameters that
|
||||||
|
will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3
|
||||||
|
or X9.42 DH parameters are required. See L<DH Parameter Generation Options>
|
||||||
|
below for more details.
|
||||||
|
|
||||||
=item B<-pkeyopt opt:value>
|
=item B<-pkeyopt opt:value>
|
||||||
|
|
||||||
set the public key algorithm option B<opt> to B<value>. The precise set of
|
Set the public key algorithm option B<opt> to B<value>. The precise set of
|
||||||
options supported depends on the public key algorithm used and its
|
options supported depends on the public key algorithm used and its
|
||||||
implementation. See B<KEY GENERATION OPTIONS> below for more details.
|
implementation. See L<KEY GENERATION OPTIONS> and
|
||||||
|
L<PARAMETER GENERATION OPTIONS> below for more details.
|
||||||
|
|
||||||
=item B<-genparam>
|
=item B<-genparam>
|
||||||
|
|
||||||
generate a set of parameters instead of a private key. If used this option must
|
Generate a set of parameters instead of a private key. If used this option must
|
||||||
precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
|
precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
|
||||||
|
|
||||||
=item B<-paramfile filename>
|
=item B<-paramfile filename>
|
||||||
|
|
||||||
@ -92,7 +105,7 @@ The options supported by each algorith and indeed each implementation of an
|
|||||||
algorithm can vary. The options for the OpenSSL implementations are detailed
|
algorithm can vary. The options for the OpenSSL implementations are detailed
|
||||||
below.
|
below.
|
||||||
|
|
||||||
=head1 RSA KEY GENERATION OPTIONS
|
=head2 RSA Key Generation Options
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
@ -107,49 +120,93 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
|
|||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
=head1 DSA PARAMETER GENERATION OPTIONS
|
=head2 EC Key Generation Options
|
||||||
|
|
||||||
=over 4
|
The EC key generation options can also be used for parameter generation.
|
||||||
|
|
||||||
=item B<dsa_paramgen_bits:numbits>
|
|
||||||
|
|
||||||
The number of bits in the generated parameters. If not specified 1024 is used.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 DH PARAMETER GENERATION OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
|
||||||
|
|
||||||
=item B<dh_paramgen_prime_len:numbits>
|
|
||||||
|
|
||||||
The number of bits in the prime parameter B<p>.
|
|
||||||
|
|
||||||
=item B<dh_paramgen_generator:value>
|
|
||||||
|
|
||||||
The value to use for the generator B<g>.
|
|
||||||
|
|
||||||
=item B<dh_rfc5114:num>
|
|
||||||
|
|
||||||
If this option is set then the appropriate RFC5114 parameters are used
|
|
||||||
instead of generating new parameters. The value B<num> can take the
|
|
||||||
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
|
|
||||||
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
|
|
||||||
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
|
|
||||||
2.1, 2.2 and 2.3 respectively.
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
=head1 EC PARAMETER GENERATION OPTIONS
|
|
||||||
|
|
||||||
=over 4
|
=over 4
|
||||||
|
|
||||||
=item B<ec_paramgen_curve:curve>
|
=item B<ec_paramgen_curve:curve>
|
||||||
|
|
||||||
the EC curve to use.
|
The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
|
||||||
|
|
||||||
|
=item B<ec_param_enc:encoding>
|
||||||
|
|
||||||
|
The encoding to use for parameters. The "encoding" parameter must be either
|
||||||
|
"named_curve" or "explicit". The default value is "named_curve".
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
=head1 PARAMETER GENERATION OPTIONS
|
||||||
|
|
||||||
|
The options supported by each algorithm and indeed each implementation of an
|
||||||
|
algorithm can vary. The options for the OpenSSL implementations are detailed
|
||||||
|
below.
|
||||||
|
|
||||||
|
=head2 DSA Parameter Generation Options
|
||||||
|
|
||||||
|
=over 4
|
||||||
|
|
||||||
|
=item B<dsa_paramgen_bits:numbits>
|
||||||
|
|
||||||
|
The number of bits in the generated prime. If not specified 1024 is used.
|
||||||
|
|
||||||
|
=item B<dsa_paramgen_q_bits:numbits>
|
||||||
|
|
||||||
|
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
||||||
|
specified 160 is used.
|
||||||
|
|
||||||
|
=item B<dsa_paramgen_md:digest>
|
||||||
|
|
||||||
|
The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
|
||||||
|
or B<sha256>. If set, then the number of bits in B<q> will match the output size
|
||||||
|
of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
|
||||||
|
ignored. If not set, then a digest will be used that gives an output matching
|
||||||
|
the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
|
||||||
|
or B<sha256> if it is 256.
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head2 DH Parameter Generation Options
|
||||||
|
|
||||||
|
=over 4
|
||||||
|
|
||||||
|
=item B<dh_paramgen_prime_len:numbits>
|
||||||
|
|
||||||
|
The number of bits in the prime parameter B<p>. The default is 1024.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_subprime_len:numbits>
|
||||||
|
|
||||||
|
The number of bits in the sub prime parameter B<q>. The default is 256 if the
|
||||||
|
prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
|
||||||
|
conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_generator:value>
|
||||||
|
|
||||||
|
The value to use for the generator B<g>. The default is 2.
|
||||||
|
|
||||||
|
=item B<dh_paramgen_type:value>
|
||||||
|
|
||||||
|
The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
|
||||||
|
The default is 0.
|
||||||
|
|
||||||
|
=item B<dh_rfc5114:num>
|
||||||
|
|
||||||
|
If this option is set, then the appropriate RFC5114 parameters are used
|
||||||
|
instead of generating new parameters. The value B<num> can take the
|
||||||
|
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
|
||||||
|
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
|
||||||
|
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
|
||||||
|
2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter
|
||||||
|
options.
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
=head2 EC Parameter Generation Options
|
||||||
|
|
||||||
|
The EC parameter generation options are the same as for key generation. See
|
||||||
|
L<EC Key Generation Options> above.
|
||||||
|
|
||||||
=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
|
=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
|
||||||
|
|
||||||
Gost 2001 support is not enabled by default. To enable this algorithm,
|
Gost 2001 support is not enabled by default. To enable this algorithm,
|
||||||
@ -179,8 +236,6 @@ numeric OID. Following parameter sets are supported:
|
|||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
The use of the genpkey program is encouraged over the algorithm specific
|
The use of the genpkey program is encouraged over the algorithm specific
|
||||||
@ -202,19 +257,25 @@ Generate a 2048 bit RSA key using 3 as the public exponent:
|
|||||||
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
|
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
|
||||||
-pkeyopt rsa_keygen_pubexp:3
|
-pkeyopt rsa_keygen_pubexp:3
|
||||||
|
|
||||||
Generate 1024 bit DSA parameters:
|
Generate 2048 bit DSA parameters:
|
||||||
|
|
||||||
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
|
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
|
||||||
-pkeyopt dsa_paramgen_bits:1024
|
-pkeyopt dsa_paramgen_bits:2048
|
||||||
|
|
||||||
Generate DSA key from parameters:
|
Generate DSA key from parameters:
|
||||||
|
|
||||||
openssl genpkey -paramfile dsap.pem -out dsakey.pem
|
openssl genpkey -paramfile dsap.pem -out dsakey.pem
|
||||||
|
|
||||||
Generate 1024 bit DH parameters:
|
Generate 2048 bit DH parameters:
|
||||||
|
|
||||||
openssl genpkey -genparam -algorithm DH -out dhp.pem \
|
openssl genpkey -genparam -algorithm DH -out dhp.pem \
|
||||||
-pkeyopt dh_paramgen_prime_len:1024
|
-pkeyopt dh_paramgen_prime_len:2048
|
||||||
|
|
||||||
|
Generate 2048 bit X9.42 DH parameters:
|
||||||
|
|
||||||
|
openssl genpkey -genparam -algorithm DH -out dhpx.pem \
|
||||||
|
-pkeyopt dh_paramgen_prime_len:2048 \
|
||||||
|
-pkeyopt dh_paramgen_type:1
|
||||||
|
|
||||||
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
|
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
|
||||||
|
|
||||||
@ -224,6 +285,16 @@ Generate DH key from parameters:
|
|||||||
|
|
||||||
openssl genpkey -paramfile dhp.pem -out dhkey.pem
|
openssl genpkey -paramfile dhp.pem -out dhkey.pem
|
||||||
|
|
||||||
|
Generate EC key directly:
|
||||||
|
|
||||||
|
openssl genpkey -algorithm EC -out eckey.pem \
|
||||||
|
-pkeyopt ec_paramgen_curve:P-384 \
|
||||||
|
-pkeyopt ec_param_enc:named_curve
|
||||||
|
|
||||||
|
=head1 HISTORY
|
||||||
|
|
||||||
|
The ability to use NIST curve names, and to generate an EC key directly,
|
||||||
|
were added in OpenSSL 1.0.2.
|
||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
|
@ -141,8 +141,9 @@ pauses 1 second between each read and write call.
|
|||||||
|
|
||||||
=item B<-showcerts>
|
=item B<-showcerts>
|
||||||
|
|
||||||
display the whole server certificate chain: normally only the server
|
Displays the server certificate list as sent by the server: it only consists of
|
||||||
certificate itself is displayed.
|
certificates the server has sent (in the order the server has sent them). It is
|
||||||
|
B<not> a verified chain.
|
||||||
|
|
||||||
=item B<-prexit>
|
=item B<-prexit>
|
||||||
|
|
||||||
@ -354,7 +355,8 @@ a client certificate. Therefor merely including a client certificate
|
|||||||
on the command line is no guarantee that the certificate works.
|
on the command line is no guarantee that the certificate works.
|
||||||
|
|
||||||
If there are problems verifying a server certificate then the
|
If there are problems verifying a server certificate then the
|
||||||
B<-showcerts> option can be used to show the whole chain.
|
B<-showcerts> option can be used to show all the certificates sent by the
|
||||||
|
server.
|
||||||
|
|
||||||
Since the SSLv23 client hello cannot include compression methods or extensions
|
Since the SSLv23 client hello cannot include compression methods or extensions
|
||||||
these will only be supported if its use is disabled, for example by using the
|
these will only be supported if its use is disabled, for example by using the
|
||||||
|
@ -60,7 +60,7 @@ BIO_s_fd() returns the file descriptor BIO method.
|
|||||||
|
|
||||||
BIO_reset() returns zero for success and -1 if an error occurred.
|
BIO_reset() returns zero for success and -1 if an error occurred.
|
||||||
BIO_seek() and BIO_tell() return the current file position or -1
|
BIO_seek() and BIO_tell() return the current file position or -1
|
||||||
is an error occurred. These values reflect the underlying lseek()
|
if an error occurred. These values reflect the underlying lseek()
|
||||||
behaviour.
|
behaviour.
|
||||||
|
|
||||||
BIO_set_fd() always returns 1.
|
BIO_set_fd() always returns 1.
|
||||||
|
@ -91,7 +91,9 @@ BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
|
|||||||
BN_mul().
|
BN_mul().
|
||||||
|
|
||||||
BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
|
BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
|
||||||
m>). This function uses less time and space than BN_exp().
|
m>). This function uses less time and space than BN_exp(). Do not call this
|
||||||
|
function when B<m> is even and any of the parameters have the
|
||||||
|
B<BN_FLG_CONSTTIME> flag set.
|
||||||
|
|
||||||
BN_gcd() computes the greatest common divisor of I<a> and I<b> and
|
BN_gcd() computes the greatest common divisor of I<a> and I<b> and
|
||||||
places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
|
places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
|
||||||
|
@ -39,8 +39,8 @@ numbers, the string is prefaced with a leading '-'. The string must be
|
|||||||
freed later using OPENSSL_free().
|
freed later using OPENSSL_free().
|
||||||
|
|
||||||
BN_hex2bn() converts the string B<str> containing a hexadecimal number
|
BN_hex2bn() converts the string B<str> containing a hexadecimal number
|
||||||
to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
|
to a B<BIGNUM> and stores it in **B<a>. If *B<a> is NULL, a new
|
||||||
B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
|
B<BIGNUM> is created. If B<a> is NULL, it only computes the number's
|
||||||
length in hexadecimal digits. If the string starts with '-', the
|
length in hexadecimal digits. If the string starts with '-', the
|
||||||
number is negative.
|
number is negative.
|
||||||
A "negative zero" is converted to zero.
|
A "negative zero" is converted to zero.
|
||||||
|
@ -90,7 +90,17 @@ If B<do_trial_division == 0>, this test is skipped.
|
|||||||
Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin
|
Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin
|
||||||
probabilistic primality test with B<nchecks> iterations. If
|
probabilistic primality test with B<nchecks> iterations. If
|
||||||
B<nchecks == BN_prime_checks>, a number of iterations is used that
|
B<nchecks == BN_prime_checks>, a number of iterations is used that
|
||||||
yields a false positive rate of at most 2^-80 for random input.
|
yields a false positive rate of at most 2^-64 for random input.
|
||||||
|
The error rate depends on the size of the prime and goes down for bigger primes.
|
||||||
|
The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits,
|
||||||
|
2^-192 at 3747 bits and 2^-256 at 6394 bits.
|
||||||
|
|
||||||
|
When the source of the prime is not random or not trusted, the number
|
||||||
|
of checks needs to be much higher to reach the same level of assurance:
|
||||||
|
It should equal half of the targeted security level in bits (rounded up to the
|
||||||
|
next integer if necessary).
|
||||||
|
For instance, to reach the 128 bit security level, B<nchecks> should be set to
|
||||||
|
64.
|
||||||
|
|
||||||
If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
|
If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
|
||||||
after the j-th iteration (j = 0, 1, ...). B<ctx> is a
|
after the j-th iteration (j = 0, 1, ...). B<ctx> is a
|
||||||
|
@ -18,9 +18,8 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
|
|||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
Only certificates carrying RSA keys are supported so the recipient certificates
|
Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
|
||||||
supplied to this function must all contain RSA public keys, though they do not
|
function.
|
||||||
have to be signed using the RSA algorithm.
|
|
||||||
|
|
||||||
EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
|
EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
|
||||||
because most clients will support it.
|
because most clients will support it.
|
||||||
|
@ -51,7 +51,7 @@ CMS_SignerInfo_set1_signer_cert().
|
|||||||
|
|
||||||
Once all signer certificates have been set CMS_verify() can be used.
|
Once all signer certificates have been set CMS_verify() can be used.
|
||||||
|
|
||||||
Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if
|
Although CMS_get0_SignerInfos() can return NULL if an error occurs B<or> if
|
||||||
there are no signers this is not a problem in practice because the only
|
there are no signers this is not a problem in practice because the only
|
||||||
error which can occur is if the B<cms> structure is not of type signedData
|
error which can occur is if the B<cms> structure is not of type signedData
|
||||||
due to application error.
|
due to application error.
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user