d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge OpenSSL 1.1.1e.

Browse Source
This commit is contained in:
Jung-uk Kim 2020-03-18 02:13:12 +00:00
commit 17f01e9963
1473 changed files with 10063 additions and 48549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ObsoleteFiles.inc
View File

@ -36,6 +36,12 @@
# xargs -n1 | sort | uniq -d; # xargs -n1 | sort | uniq -d;
# done # done
# 20200317: OpenSSL 1.1.1e import
OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_security_bits.3.gz
OLD_FILES+=usr/share/openssl/man/man3/EVP_PKEY_size.3.gz
OLD_FILES+=usr/share/openssl/man/man3/X509_LOOKUP_get_method_data.3.gz
OLD_FILES+=usr/share/openssl/man/man3/X509_LOOKUP_get_store.3.gz
OLD_FILES+=usr/share/openssl/man/man3/X509_LOOKUP_set_method_data.3.gz
# 20200310: new clang import which bumps version from 9.0.1 to 10.0.0. # 20200310: new clang import which bumps version from 9.0.1 to 10.0.0.
OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/algorithm OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/algorithm
OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/complex OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/complex

85
crypto/openssl/CHANGES
View File

@ -7,6 +7,73 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch. release branch.
Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
*) Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
[Matt Caswell]
*) Check that ed25519 and ed448 are allowed by the security level. Previously
signature algorithms not using an MD were not being checked that they were
allowed by the security level.
[Kurt Roeckx]
*) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
was not quite right. The behaviour was not consistent between resumption
and normal handshakes, and also not quite consistent with historical
behaviour. The behaviour in various scenarios has been clarified and
it has been updated to make it match historical behaviour as closely as
possible.
[Matt Caswell]
*) [VMS only] The header files that the VMS compilers include automatically,
__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that
the C++ compiler doesn't understand. This is a shortcoming in the
compiler, but can be worked around with __cplusplus guards.
C++ applications that use OpenSSL libraries must be compiled using the
qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL
functions. Otherwise, only functions with symbols of less than 31
characters can be used, as the linker will not be able to successfully
resolve symbols with longer names.
[Richard Levitte]
*) Corrected the documentation of the return values from the EVP_DigestSign*
set of functions. The documentation mentioned negative values for some
errors, but this was never the case, so the mention of negative values
was removed.
Code that followed the documentation and thereby check with something
like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed.
[Richard Levitte]
*) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,
3-prime RSA1536, and DSA1024 as a result of this defect would be very
difficult to perform and are not believed likely. Attacks against DH512
are considered just feasible. However, for an attack the target would
have to re-use the DH512 private key, which is not recommended anyway.
Also applications directly using the low level API BN_mod_exp may be
affected if they use BN_FLG_CONSTTIME.
(CVE-2019-1551)
[Andy Polyakov]
*) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
The presence of this system service is determined at run-time.
[Richard Levitte]
*) Added newline escaping functionality to a filename when using openssl dgst.
This output format is to replicate the output format found in the '*sum'
checksum programs. This aims to preserve backward compatibility.
[Matt Eaton, Richard Levitte, and Paul Dale]
*) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
the first value.
[Jon Spillett]
Changes between 1.1.1c and 1.1.1d [10 Sep 2019] Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
*) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
@ -633,9 +700,9 @@
bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
alerts across multiple records (some of which could be empty). In practice alerts across multiple records (some of which could be empty). In practice
it make no sense to send an empty alert record, or to fragment one. TLSv1.3 it make no sense to send an empty alert record, or to fragment one. TLSv1.3
prohibts this altogether and other libraries (BoringSSL, NSS) do not prohibits this altogether and other libraries (BoringSSL, NSS) do not
support this at all. Supporting it adds significant complexity to the support this at all. Supporting it adds significant complexity to the
record layer, and its removal is unlikely to cause inter-operability record layer, and its removal is unlikely to cause interoperability
issues. issues.
[Matt Caswell] [Matt Caswell]
@ -3652,7 +3719,7 @@
implementations). implementations).
[Emilia Käsper, Adam Langley, Bodo Moeller (Google)] [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
*) Use type ossl_ssize_t instad of ssize_t which isn't available on *) Use type ossl_ssize_t instead of ssize_t which isn't available on
all platforms. Move ssize_t definition from e_os.h to the public all platforms. Move ssize_t definition from e_os.h to the public
header file e_os2.h as it now appears in public header file cms.h header file e_os2.h as it now appears in public header file cms.h
[Steve Henson] [Steve Henson]
@ -8373,7 +8440,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) New OCSP utility. Allows OCSP requests to be generated or *) New OCSP utility. Allows OCSP requests to be generated or
read. The request can be sent to a responder and the output read. The request can be sent to a responder and the output
parsed, outputed or printed in text form. Not complete yet: parsed, outputted or printed in text form. Not complete yet:
still needs to check the OCSP response validity. still needs to check the OCSP response validity.
[Steve Henson] [Steve Henson]
@ -9368,7 +9435,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Andy Polyakov] [Andy Polyakov]
*) Modified SSL library such that the verify_callback that has been set *) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being specifically for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was used. Before the change, a verify_callback set with this function was
ignored and the verify_callback() set in the SSL_CTX at the time of ignored and the verify_callback() set in the SSL_CTX at the time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
@ -10485,10 +10552,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
as other interfaces in OpenSSL, like the BIO interface. as other interfaces in OpenSSL, like the BIO interface.
NCONF_dump_* dump the internal storage of the configuration file, NCONF_dump_* dump the internal storage of the configuration file,
which is useful for debugging. All other functions take the same which is useful for debugging. All other functions take the same
arguments as the old CONF_* functions wth the exception of the arguments as the old CONF_* functions with the exception of the
first that must be a `CONF *' instead of a `LHASH *'. first that must be a `CONF *' instead of a `LHASH *'.
To make it easer to use the new classes with the old CONF_* functions, To make it easier to use the new classes with the old CONF_* functions,
the function CONF_set_default_method is provided. the function CONF_set_default_method is provided.
[Richard Levitte] [Richard Levitte]
@ -12331,7 +12398,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
than the old method: it now uses a modified version of Ulf's parser to than the old method: it now uses a modified version of Ulf's parser to
read the ANSI prototypes in all header files (thus the old K&R definitions read the ANSI prototypes in all header files (thus the old K&R definitions
aren't needed for error creation any more) and do a better job of aren't needed for error creation any more) and do a better job of
translating function codes into names. The old 'ASN1 error code imbedded translating function codes into names. The old 'ASN1 error code embedded
in a comment' is no longer necessary and it doesn't use .err files which in a comment' is no longer necessary and it doesn't use .err files which
have now been deleted. Also the error code call doesn't have to appear all have now been deleted. Also the error code call doesn't have to appear all
on one line (which resulted in some large lines...). on one line (which resulted in some large lines...).
@ -12632,7 +12699,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Add a useful kludge to allow package maintainers to specify compiler and *) Add a useful kludge to allow package maintainers to specify compiler and
other platforms details on the command line without having to patch the other platforms details on the command line without having to patch the
Configure script everytime: One now can use ``perl Configure Configure script every time: One now can use ``perl Configure
<id>:<details>'', i.e. platform ids are allowed to have details appended <id>:<details>'', i.e. platform ids are allowed to have details appended
to them (separated by colons). This is treated as there would be a static to them (separated by colons). This is treated as there would be a static
pre-configured entry in Configure's %table under key <id> with value pre-configured entry in Configure's %table under key <id> with value

2
crypto/openssl/CONTRIBUTING
View File

@ -58,7 +58,7 @@ guidelines:
consider adding a note in CHANGES. This could be a summarising consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details. description of the change, and could explain the grander details.
Have a look through existing entries for inspiration. Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners. Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in CHANGES. Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher with a specific release without having to sift through the higher

154
crypto/openssl/Configure
View File

@ -1,6 +1,6 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# -*- mode: perl; -*- # -*- mode: perl; -*-
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -69,7 +69,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above # no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one # mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...) # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through # -<xxx> +<xxx> All options which are unknown to the 'Configure' script are
# /<xxx> passed through to the compiler. Unix-style options beginning
# with a '-' or '+' are recognized, as well as Windows-style
# options beginning with a '/'. If the option contains arguments
# separated by spaces, then the URL-style notation %20 can be
# used for the space character in order to avoid having to quote
# the option. For example, -opt%20arg gets expanded to -opt arg.
# In fact, any ASCII character can be encoded as %xx using its
# hexadecimal encoding.
# -static while -static is also a pass-through compiler option (and # -static while -static is also a pass-through compiler option (and
# as such is limited to environments where it's actually # as such is limited to environments where it's actually
# meaningful), it triggers a number configuration options, # meaningful), it triggers a number configuration options,
@ -152,6 +160,10 @@ my @clang_devteam_warn = qw(
-Wmissing-variable-declarations -Wmissing-variable-declarations
); );
my @cl_devteam_warn = qw(
/WX
);
# This adds backtrace information to the memory leak info. Is only used # This adds backtrace information to the memory leak info. Is only used
# when crypto-mdebug-backtrace is enabled. # when crypto-mdebug-backtrace is enabled.
my $memleak_devteam_backtrace = "-rdynamic"; my $memleak_devteam_backtrace = "-rdynamic";
@ -346,6 +358,7 @@ my @disablables = (
"dgram", "dgram",
"dh", "dh",
"dsa", "dsa",
"dso",
"dtls", "dtls",
"dynamic-engine", "dynamic-engine",
"ec", "ec",
@ -423,7 +436,6 @@ my %deprecated_disablables = (
"buf-freelists" => undef, "buf-freelists" => undef,
"ripemd" => "rmd160", "ripemd" => "rmd160",
"ui" => "ui-console", "ui" => "ui-console",
"dso" => "", # Empty string means we're silent about it
); );
# All of the following are disabled by default: # All of the following are disabled by default:
@ -480,6 +492,7 @@ my @disable_cascades = (
# Without position independent code, there can be no shared libraries or DSOs # Without position independent code, there can be no shared libraries or DSOs
"pic" => [ "shared" ], "pic" => [ "shared" ],
"shared" => [ "dynamic-engine" ], "shared" => [ "dynamic-engine" ],
"dso" => [ "dynamic-engine" ],
"engine" => [ "afalgeng", "devcryptoeng" ], "engine" => [ "afalgeng", "devcryptoeng" ],
# no-autoalginit is only useful when building non-shared # no-autoalginit is only useful when building non-shared
@ -520,7 +533,7 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
&usage if ($#ARGV < 0); &usage if ($#ARGV < 0);
# For the "make variables" CINCLUDES and CDEFINES, we support lists with # For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with
# platform specific list separators. Users from those platforms should # platform specific list separators. Users from those platforms should
# recognise those separators from how you set up the PATH to find executables. # recognise those separators from how you set up the PATH to find executables.
# The default is the Unix like separator, :, but as an exception, we also # The default is the Unix like separator, :, but as an exception, we also
@ -776,7 +789,7 @@ while (@argvcopy)
{ {
die "FIPS mode not supported\n"; die "FIPS mode not supported\n";
} }
elsif (/^[-+]/) elsif (m|^[-+/]|)
{ {
if (/^--prefix=(.*)$/) if (/^--prefix=(.*)$/)
{ {
@ -853,11 +866,11 @@ while (@argvcopy)
{ {
push @{$useradd{LDFLAGS}}, $_; push @{$useradd{LDFLAGS}}, $_;
} }
elsif (/^-D(.*)$/) elsif (m|^[-/]D(.*)$|)
{ {
push @{$useradd{CPPDEFINES}}, $1; push @{$useradd{CPPDEFINES}}, $1;
} }
elsif (/^-I(.*)$/) elsif (m|^[-/]I(.*)$|)
{ {
push @{$useradd{CPPINCLUDES}}, $1; push @{$useradd{CPPINCLUDES}}, $1;
} }
@ -867,11 +880,23 @@ while (@argvcopy)
} }
else # common if (/^[-+]/), just pass down... else # common if (/^[-+]/), just pass down...
{ {
# Treat %xx as an ASCII code (e.g. replace %20 by a space character).
# This provides a simple way to pass options with arguments separated
# by spaces without quoting (e.g. -opt%20arg translates to -opt arg).
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
push @{$useradd{CFLAGS}}, $_; push @{$useradd{CFLAGS}}, $_;
push @{$useradd{CXXFLAGS}}, $_; push @{$useradd{CXXFLAGS}}, $_;
} }
} }
elsif (m|^/|)
{
# Treat %xx as an ASCII code (e.g. replace %20 by a space character).
# This provides a simple way to pass options with arguments separated
# by spaces without quoting (e.g. /opt%20arg translates to /opt arg).
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
push @{$useradd{CFLAGS}}, $_;
push @{$useradd{CXXFLAGS}}, $_;
}
else else
{ {
die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
@ -949,7 +974,11 @@ foreach (keys %user) {
if (defined $value) { if (defined $value) {
if (ref $user{$_} eq 'ARRAY') { if (ref $user{$_} eq 'ARRAY') {
if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') {
$user{$_} = [ split /$list_separator_re/, $value ]; $user{$_} = [ split /$list_separator_re/, $value ];
} else {
$user{$_} = [ $value ];
}
} elsif (!defined $user{$_}) { } elsif (!defined $user{$_}) {
$user{$_} = $value; $user{$_} = $value;
} }
@ -1162,43 +1191,6 @@ foreach (keys %useradd) {
# Allow overriding the build file name # Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
my %disabled_info = (); # For configdata.pm
foreach my $what (sort keys %disabled) {
$config{options} .= " no-$what";
if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic',
'dynamic-engine', 'makedepend',
'zlib-dynamic', 'zlib', 'sse2' )) {
(my $WHAT = uc $what) =~ s|-|_|g;
# Fix up C macro end names
$WHAT = "RMD160" if $what eq "ripemd";
# fix-up crypto/directory name(s)
$what = "ripemd" if $what eq "rmd160";
$what = "whrlpool" if $what eq "whirlpool";
my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT";
if ((grep { $what eq $_ } @{$config{sdirs}})
&& $what ne 'async' && $what ne 'err') {
@{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}};
$disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ];
if ($what ne 'engine') {
push @{$config{openssl_algorithm_defines}}, $macro;
} else {
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
push @{$disabled_info{engine}->{skipped}}, catdir('engines');
push @{$config{openssl_other_defines}}, $macro;
}
} else {
push @{$config{openssl_other_defines}}, $macro;
}
}
}
# Make sure build_scheme is consistent. # Make sure build_scheme is consistent.
$target{build_scheme} = [ $target{build_scheme} ] $target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY"; if ref($target{build_scheme}) ne "ARRAY";
@ -1288,10 +1280,8 @@ if ($target{shared_target} eq "")
} }
if ($disabled{"dynamic-engine"}) { if ($disabled{"dynamic-engine"}) {
push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
$config{dynamic_engines} = 0; $config{dynamic_engines} = 0;
} else { } else {
push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE";
$config{dynamic_engines} = 1; $config{dynamic_engines} = 1;
} }
@ -1375,6 +1365,7 @@ unless ($disabled{asm}) {
} }
if ($target{aes_asm_src}) { if ($target{aes_asm_src}) {
push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
# aes-ctr.fake is not a real file, only indication that assembler # aes-ctr.fake is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt... # module implements AES_ctr32_encrypt...
push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
@ -1501,12 +1492,21 @@ if ($strict_warnings)
my $wopt; my $wopt;
my $gccver = $predefined_C{__GNUC__} // -1; my $gccver = $predefined_C{__GNUC__} // -1;
warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike" if ($gccver >= 4)
unless $gccver >= 4; {
push @strict_warnings_collection, @gcc_devteam_warn; push @strict_warnings_collection, @gcc_devteam_warn;
push @strict_warnings_collection, @clang_devteam_warn push @strict_warnings_collection, @clang_devteam_warn
if (defined($predefined_C{__clang__})); if (defined($predefined_C{__clang__}));
} }
elsif ($config{target} =~ /^VC-/)
{
push @strict_warnings_collection, @cl_devteam_warn;
}
else
{
warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC"
}
}
if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads'); disable('static', 'pic', 'threads');
@ -1552,7 +1552,20 @@ unless ($disabled{afalgeng}) {
} }
} }
push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); unless ($disabled{devcryptoeng}) {
if ($target =~ m/^BSD/) {
my $maxver = 5*100 + 7;
my $sysstr = `uname -s`;
my $verstr = `uname -r`;
$sysstr =~ s|\R$||;
$verstr =~ s|\R$||;
my ($ma, $mi, @rest) = split m|\.|, $verstr;
my $ver = $ma*100 + $mi;
if ($sysstr eq 'OpenBSD' && $ver >= $maxver) {
disable('too-new-kernel', 'devcryptoeng');
}
}
}
# Get the extra flags used when building shared libraries and modules. We # Get the extra flags used when building shared libraries and modules. We
# do this late because some of them depend on %disabled. # do this late because some of them depend on %disabled.
@ -1597,6 +1610,49 @@ $target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_l
# ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON # ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON
my %disabled_info = (); # For configdata.pm
foreach my $what (sort keys %disabled) {
$config{options} .= " no-$what";
if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic',
'dynamic-engine', 'makedepend',
'zlib-dynamic', 'zlib', 'sse2' )) {
(my $WHAT = uc $what) =~ s|-|_|g;
# Fix up C macro end names
$WHAT = "RMD160" if $what eq "ripemd";
# fix-up crypto/directory name(s)
$what = "ripemd" if $what eq "rmd160";
$what = "whrlpool" if $what eq "whirlpool";
my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT";
if ((grep { $what eq $_ } @{$config{sdirs}})
&& $what ne 'async' && $what ne 'err' && $what ne 'dso') {
@{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}};
$disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ];
if ($what ne 'engine') {
push @{$config{openssl_algorithm_defines}}, $macro;
} else {
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
push @{$disabled_info{engine}->{skipped}}, catdir('engines');
push @{$config{openssl_other_defines}}, $macro;
}
} else {
push @{$config{openssl_other_defines}}, $macro;
}
}
}
if ($disabled{"dynamic-engine"}) {
push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
} else {
push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE";
}
# If we use the unified build, collect information from build.info files # If we use the unified build, collect information from build.info files
my %unified_info = (); my %unified_info = ();

20
crypto/openssl/INSTALL
View File

@ -351,6 +351,9 @@
Don't build support for datagram based BIOs. Selecting this Don't build support for datagram based BIOs. Selecting this
option will also force the disabling of DTLS. option will also force the disabling of DTLS.
no-dso
Don't build support for loading Dynamic Shared Objects.
enable-devcryptoeng enable-devcryptoeng
Build the /dev/crypto engine. It is automatically selected Build the /dev/crypto engine. It is automatically selected
on BSD implementations, in which case it can be disabled with on BSD implementations, in which case it can be disabled with
@ -605,10 +608,19 @@
Take note of the VAR=value documentation below and how Take note of the VAR=value documentation below and how
these flags interact with those variables. these flags interact with those variables.
-xxx, +xxx -xxx, +xxx, /xxx
Additional options that are not otherwise recognised are Additional options that are not otherwise recognised are
passed through as they are to the compiler as well. Again, passed through as they are to the compiler as well.
consult your compiler documentation. Unix-style options beginning with a '-' or '+' and
Windows-style options beginning with a '/' are recognized.
Again, consult your compiler documentation.
If the option contains arguments separated by spaces,
then the URL-style notation %20 can be used for the space
character in order to avoid having to quote the option.
For example, -opt%20arg gets expanded to -opt arg.
In fact, any ASCII character can be encoded as %xx using its
hexadecimal encoding.
Take note of the VAR=value documentation below and how Take note of the VAR=value documentation below and how
these flags interact with those variables. these flags interact with those variables.
@ -1071,7 +1083,7 @@
HASHBANGPERL HASHBANGPERL
The command string for the Perl executable to insert in the The command string for the Perl executable to insert in the
#! line of perl scripts that will be publically installed. #! line of perl scripts that will be publicly installed.
Default: /usr/bin/env perl Default: /usr/bin/env perl
Note: the value of this variable is added to the same scripts Note: the value of this variable is added to the same scripts
on all platforms, but it's only relevant on Unix-like platforms. on all platforms, but it's only relevant on Unix-like platforms.

5
crypto/openssl/NEWS
View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli (CVE-2019-1551)
Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
o Fixed a fork protection issue (CVE-2019-1549) o Fixed a fork protection issue (CVE-2019-1549)

2
crypto/openssl/README
View File

@ -1,5 +1,5 @@
OpenSSL 1.1.1d 10 Sep 2019 OpenSSL 1.1.1e 17 Mar 2020
Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1998-2019 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

30
crypto/openssl/apps/apps.c
View File

@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
size_t len; size_t len;
unsigned char *out; unsigned char *out;
size_t i, start = 0; size_t i, start = 0;
size_t skipped = 0;
len = strlen(in); len = strlen(in);
if (len >= 65535) if (len == 0 || len >= 65535)
return NULL; return NULL;
out = app_malloc(strlen(in) + 1, "NPN buffer"); out = app_malloc(len + 1, "NPN buffer");
for (i = 0; i <= len; ++i) { for (i = 0; i <= len; ++i) {
if (i == len || in[i] == ',') { if (i == len || in[i] == ',') {
/*
* Zero-length ALPN elements are invalid on the wire, we could be
* strict and reject the entire string, but just ignoring extra
* commas seems harmless and more friendly.
*
* Every comma we skip in this way puts the input buffer another
* byte ahead of the output buffer, so all stores into the output
* buffer need to be decremented by the number commas skipped.
*/
if (i == start) {
++start;
++skipped;
continue;
}
if (i - start > 255) { if (i - start > 255) {
OPENSSL_free(out); OPENSSL_free(out);
return NULL; return NULL;
} }
out[start] = (unsigned char)(i - start); out[start-skipped] = (unsigned char)(i - start);
start = i + 1; start = i + 1;
} else { } else {
out[i + 1] = in[i]; out[i + 1 - skipped] = in[i];
} }
} }
*outlen = len + 1; if (len <= skipped) {
OPENSSL_free(out);
return NULL;
}
*outlen = len + 1 - skipped;
return out; return out;
} }

4
crypto/openssl/apps/apps.h
View File

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#ifndef HEADER_APPS_H #ifndef OSSL_APPS_H
# define HEADER_APPS_H # define OSSL_APPS_H
# include "e_os.h" /* struct timeval for DTLS */ # include "e_os.h" /* struct timeval for DTLS */
# include "internal/nelem.h" # include "internal/nelem.h"

126
crypto/openssl/apps/dgst.c
View File

@ -19,6 +19,7 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <ctype.h>
#undef BUFSIZE #undef BUFSIZE
#define BUFSIZE 1024*8 #define BUFSIZE 1024*8
@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name, const char *sig_name, const char *md_name,
const char *file); const char *file);
static void show_digests(const OBJ_NAME *name, void *bio_);
struct doall_dgst_digests {
BIO *bio;
int n;
};
typedef enum OPTION_choice { typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', {OPT_HELP_STR, 1, '-',
" file... files to digest (default is stdin)\n"}, " file... files to digest (default is stdin)\n"},
{"help", OPT_HELP, '-', "Display this summary"}, {"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
{"c", OPT_C, '-', "Print the digest with separating colons"}, {"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"}, {"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv)
int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
unsigned char *buf = NULL, *sigbuf = NULL; unsigned char *buf = NULL, *sigbuf = NULL;
int engine_impl = 0; int engine_impl = 0;
struct doall_dgst_digests dec;
prog = opt_progname(argv[0]); prog = opt_progname(argv[0]);
buf = app_malloc(BUFSIZE, "I/O buffer"); buf = app_malloc(BUFSIZE, "I/O buffer");
@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv)
opt_help(dgst_options); opt_help(dgst_options);
ret = 0; ret = 0;
goto end; goto end;
case OPT_LIST:
BIO_printf(bio_out, "Supported digests:\n");
dec.bio = bio_out;
dec.n = 0;
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
show_digests, &dec);
BIO_printf(bio_out, "\n");
ret = 0;
goto end;
case OPT_C: case OPT_C:
separator = 1; separator = 1;
break; break;
@ -413,20 +431,86 @@ int dgst_main(int argc, char **argv)
return ret; return ret;
} }
static void show_digests(const OBJ_NAME *name, void *arg)
{
struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
const EVP_MD *md = NULL;
/* Filter out signed digests (a.k.a signature algorithms) */
if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
return;
if (!islower((unsigned char)*name->name))
return;
/* Filter out message digests that we cannot use */
md = EVP_get_digestbyname(name->name);
if (md == NULL)
return;
BIO_printf(dec->bio, "-%-25s", name->name);
if (++dec->n == 3) {
BIO_printf(dec->bio, "\n");
dec->n = 0;
} else {
BIO_printf(dec->bio, " ");
}
}
/*
* The newline_escape_filename function performs newline escaping for any
* filename that contains a newline. This function also takes a pointer
* to backslash. The backslash pointer is a flag to indicating whether a newline
* is present in the filename. If a newline is present, the backslash flag is
* set and the output format will contain a backslash at the beginning of the
* digest output. This output format is to replicate the output format found
* in the '*sum' checksum programs. This aims to preserve backward
* compatibility.
*/
static const char *newline_escape_filename(const char *file, int * backslash)
{
size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
char *file_cpy = NULL;
for (i = 0; i < length; i++)
if (file[i] == '\n')
newline_count++;
mem_len = length + newline_count + 1;
file_cpy = app_malloc(mem_len, file);
i = 0;
while(e < length) {
const char c = file[e];
if (c == '\n') {
file_cpy[i++] = '\\';
file_cpy[i++] = 'n';
*backslash = 1;
} else {
file_cpy[i++] = c;
}
e++;
}
file_cpy[i] = '\0';
return (const char*)file_cpy;
}
int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
EVP_PKEY *key, unsigned char *sigin, int siglen, EVP_PKEY *key, unsigned char *sigin, int siglen,
const char *sig_name, const char *md_name, const char *sig_name, const char *md_name,
const char *file) const char *file)
{ {
size_t len; size_t len = BUFSIZE;
int i; int i, backslash = 0, ret = 1;
unsigned char *sigbuf = NULL;
while (BIO_pending(bp) || !BIO_eof(bp)) { while (BIO_pending(bp) || !BIO_eof(bp)) {
i = BIO_read(bp, (char *)buf, BUFSIZE); i = BIO_read(bp, (char *)buf, BUFSIZE);
if (i < 0) { if (i < 0) {
BIO_printf(bio_err, "Read Error in %s\n", file); BIO_printf(bio_err, "Read Error in %s\n", file);
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; goto end;
} }
if (i == 0) if (i == 0)
break; break;
@ -439,37 +523,51 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
BIO_printf(out, "Verified OK\n"); BIO_printf(out, "Verified OK\n");
} else if (i == 0) { } else if (i == 0) {
BIO_printf(out, "Verification Failure\n"); BIO_printf(out, "Verification Failure\n");
return 1; goto end;
} else { } else {
BIO_printf(bio_err, "Error Verifying Data\n"); BIO_printf(bio_err, "Error Verifying Data\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; goto end;
} }
return 0; ret = 0;
goto end;
} }
if (key != NULL) { if (key != NULL) {
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
int pkey_len;
BIO_get_md_ctx(bp, &ctx); BIO_get_md_ctx(bp, &ctx);
len = BUFSIZE; pkey_len = EVP_PKEY_size(key);
if (pkey_len > BUFSIZE) {
len = pkey_len;
sigbuf = app_malloc(len, "Signature buffer");
buf = sigbuf;
}
if (!EVP_DigestSignFinal(ctx, buf, &len)) { if (!EVP_DigestSignFinal(ctx, buf, &len)) {
BIO_printf(bio_err, "Error Signing Data\n"); BIO_printf(bio_err, "Error Signing Data\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; goto end;
} }
} else { } else {
len = BIO_gets(bp, (char *)buf, BUFSIZE); len = BIO_gets(bp, (char *)buf, BUFSIZE);
if ((int)len < 0) { if ((int)len < 0) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
return 1; goto end;
} }
} }
if (binout) { if (binout) {
BIO_write(out, buf, len); BIO_write(out, buf, len);
} else if (sep == 2) { } else if (sep == 2) {
file = newline_escape_filename(file, &backslash);
if (backslash == 1)
BIO_puts(out, "\\");
for (i = 0; i < (int)len; i++) for (i = 0; i < (int)len; i++)
BIO_printf(out, "%02x", buf[i]); BIO_printf(out, "%02x", buf[i]);
BIO_printf(out, " *%s\n", file); BIO_printf(out, " *%s\n", file);
OPENSSL_free((char *)file);
} else { } else {
if (sig_name != NULL) { if (sig_name != NULL) {
BIO_puts(out, sig_name); BIO_puts(out, sig_name);
@ -488,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
} }
BIO_printf(out, "\n"); BIO_printf(out, "\n");
} }
return 0;
ret = 0;
end:
if (sigbuf != NULL)
OPENSSL_clear_free(sigbuf, len);
return ret;
} }

3
crypto/openssl/apps/enc.c
View File

@ -50,7 +50,8 @@ typedef enum OPTION_choice {
const OPTIONS enc_options[] = { const OPTIONS enc_options[] = {
{"help", OPT_HELP, '-', "Display this summary"}, {"help", OPT_HELP, '-', "Display this summary"},
{"ciphers", OPT_LIST, '-', "List ciphers"}, {"list", OPT_LIST, '-', "List ciphers"},
{"ciphers", OPT_LIST, '-', "Alias for -list"},
{"in", OPT_IN, '<', "Input file"}, {"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"}, {"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"}, {"pass", OPT_PASS, 's', "Passphrase source"},

6
crypto/openssl/apps/ocsp.c
View File

@ -114,7 +114,7 @@ static int acfd = (int) INVALID_SOCKET;
static int index_changed(CA_DB *); static int index_changed(CA_DB *);
static void spawn_loop(void); static void spawn_loop(void);
static int print_syslog(const char *str, size_t len, void *levPtr); static int print_syslog(const char *str, size_t len, void *levPtr);
static void sock_timeout(int signum); static void socket_timeout(int signum);
# endif # endif
# ifndef OPENSSL_NO_SOCK # ifndef OPENSSL_NO_SOCK
@ -597,7 +597,7 @@ int ocsp_main(int argc, char **argv)
if (multi && acbio != NULL) if (multi && acbio != NULL)
spawn_loop(); spawn_loop();
if (acbio != NULL && req_timeout > 0) if (acbio != NULL && req_timeout > 0)
signal(SIGALRM, sock_timeout); signal(SIGALRM, socket_timeout);
#endif #endif
if (acbio != NULL) if (acbio != NULL)
@ -1352,7 +1352,7 @@ static int urldecode(char *p)
# endif # endif
# ifdef OCSP_DAEMON # ifdef OCSP_DAEMON
static void sock_timeout(int signum) static void socket_timeout(int signum)
{ {
if (acfd != (int)INVALID_SOCKET) if (acfd != (int)INVALID_SOCKET)
(void)shutdown(acfd, SHUT_RD); (void)shutdown(acfd, SHUT_RD);

7
crypto/openssl/apps/openssl.c
View File

@ -164,6 +164,13 @@ int main(int argc, char *argv[])
} }
prog = prog_init(); prog = prog_init();
if (prog == NULL) {
BIO_printf(bio_err,
"FATAL: Startup failure (dev note: prog_init() failed)\n");
ERR_print_errors(bio_err);
ret = 1;
goto end;
}
pname = opt_progname(argv[0]); pname = opt_progname(argv[0]);
/* first check the program name */ /* first check the program name */

2
crypto/openssl/apps/passwd.c
View File

@ -807,7 +807,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
(*salt_p)[i] = 0; (*salt_p)[i] = 0;
# ifdef CHARSET_EBCDIC # ifdef CHARSET_EBCDIC
/* The password encryption funtion will convert back to ASCII */ /* The password encryption function will convert back to ASCII */
ascii2ebcdic(*salt_p, *salt_p, saltlen); ascii2ebcdic(*salt_p, *salt_p, saltlen);
# endif # endif
} }

70
crypto/openssl/apps/pkcs12.c
View File

@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
const char *pass, int passlen, const char *pass, int passlen,
int options, char *pempass, const EVP_CIPHER *enc); int options, char *pempass, const EVP_CIPHER *enc);
void print_attribute(BIO *out, const ASN1_TYPE *av);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name); const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len); void hex_prin(BIO *out, unsigned char *buf, int len);
@ -878,39 +879,12 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
return ret; return ret;
} }
/* Generalised attribute print: handle PKCS#8 and bag attributes */ /* Generalised x509 attribute value print */
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, void print_attribute(BIO *out, const ASN1_TYPE *av)
const char *name)
{ {
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
char *value; char *value;
int i, attr_nid;
if (!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
if (!sk_X509_ATTRIBUTE_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
ASN1_OBJECT *attr_obj;
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
attr_obj = X509_ATTRIBUTE_get0_object(attr);
attr_nid = OBJ_obj2nid(attr_obj);
BIO_printf(out, " ");
if (attr_nid == NID_undef) {
i2a_ASN1_OBJECT(out, attr_obj);
BIO_printf(out, ": ");
} else {
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
}
if (X509_ATTRIBUTE_count(attr)) {
av = X509_ATTRIBUTE_get0_type(attr, 0);
switch (av->type) { switch (av->type) {
case V_ASN1_BMPSTRING: case V_ASN1_BMPSTRING:
value = OPENSSL_uni2asc(av->value.bmpstring->data, value = OPENSSL_uni2asc(av->value.bmpstring->data,
@ -935,6 +909,44 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
BIO_printf(out, "<Unsupported tag %d>\n", av->type); BIO_printf(out, "<Unsupported tag %d>\n", av->type);
break; break;
} }
}
/* Generalised attribute print: handle PKCS#8 and bag attributes */
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *av;
int i, j, attr_nid;
if (!attrlst) {
BIO_printf(out, "%s: <No Attributes>\n", name);
return 1;
}
if (!sk_X509_ATTRIBUTE_num(attrlst)) {
BIO_printf(out, "%s: <Empty Attributes>\n", name);
return 1;
}
BIO_printf(out, "%s\n", name);
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
ASN1_OBJECT *attr_obj;
attr = sk_X509_ATTRIBUTE_value(attrlst, i);
attr_obj = X509_ATTRIBUTE_get0_object(attr);
attr_nid = OBJ_obj2nid(attr_obj);
BIO_printf(out, " ");
if (attr_nid == NID_undef) {
i2a_ASN1_OBJECT(out, attr_obj);
BIO_printf(out, ": ");
} else {
BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
}
if (X509_ATTRIBUTE_count(attr)) {
for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
{
av = X509_ATTRIBUTE_get0_type(attr, j);
print_attribute(out, av);
}
} else { } else {
BIO_printf(out, "<No Values>\n"); BIO_printf(out, "<No Values>\n");
} }

5
crypto/openssl/apps/pkeyutl.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv)
/* Sanity check the input */ /* Sanity check the input */
if (buf_inlen > EVP_MAX_MD_SIZE if (buf_inlen > EVP_MAX_MD_SIZE
&& (pkey_op == EVP_PKEY_OP_SIGN && (pkey_op == EVP_PKEY_OP_SIGN
|| pkey_op == EVP_PKEY_OP_VERIFY || pkey_op == EVP_PKEY_OP_VERIFY)) {
|| pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
BIO_printf(bio_err, BIO_printf(bio_err,
"Error: The input data looks too long to be a hash\n"); "Error: The input data looks too long to be a hash\n");
goto end; goto end;

15
crypto/openssl/apps/req.c
View File

@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
*p = '\0'; *p = '\0';
/* Finally have a clean "key"; see if it's there [by attempt to add it]. */ /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv)) p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
!= NULL || lh_OPENSSL_STRING_error(addexts)) { if (p != NULL) {
OPENSSL_free(p != NULL ? p : kv); OPENSSL_free(p);
return 1;
} else if (lh_OPENSSL_STRING_error(addexts)) {
OPENSSL_free(kv);
return -1; return -1;
} }
@ -435,12 +438,14 @@ int req_main(int argc, char **argv)
if (verbose) if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", template); BIO_printf(bio_err, "Using configuration from %s\n", template);
req_conf = app_load_config(template); if ((req_conf = app_load_config(template)) == NULL)
goto end;
if (addext_bio) { if (addext_bio) {
if (verbose) if (verbose)
BIO_printf(bio_err, BIO_printf(bio_err,
"Using additional configuration from command line\n"); "Using additional configuration from command line\n");
addext_conf = app_load_config_bio(addext_bio, NULL); if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL)
goto end;
} }
if (template != default_config_file && !app_load_modules(req_conf)) if (template != default_config_file && !app_load_modules(req_conf))
goto end; goto end;

3
crypto/openssl/apps/s_cb.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -188,6 +188,7 @@ static STRINT_PAIR cert_type_list[] = {
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
{"GOST01 Sign", TLS_CT_GOST01_SIGN}, {"GOST01 Sign", TLS_CT_GOST01_SIGN},
{"GOST12 Sign", TLS_CT_GOST12_SIGN},
{NULL} {NULL}
}; };

17
crypto/openssl/apps/s_server.c
View File

@ -180,9 +180,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
} }
#endif #endif
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
size_t identity_len, SSL_SESSION **sess) size_t identity_len, SSL_SESSION **sess)
{ {
@ -3208,6 +3205,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
if (e[0] == ' ') if (e[0] == ' ')
break; break;
if (e[0] == ':') {
/* Windows drive. We treat this the same way as ".." */
dot = -1;
break;
}
switch (dot) { switch (dot) {
case 1: case 1:
dot = (e[0] == '.') ? 2 : 0; dot = (e[0] == '.') ? 2 : 0;
@ -3216,11 +3219,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
dot = (e[0] == '.') ? 3 : 0; dot = (e[0] == '.') ? 3 : 0;
break; break;
case 3: case 3:
dot = (e[0] == '/') ? -1 : 0; dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
break; break;
} }
if (dot == 0) if (dot == 0)
dot = (e[0] == '/') ? 1 : 0; dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
} }
dot = (dot == 3) || (dot == -1); /* filename contains ".." dot = (dot == 3) || (dot == -1); /* filename contains ".."
* component */ * component */
@ -3234,11 +3237,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
if (dot) { if (dot) {
BIO_puts(io, text); BIO_puts(io, text);
BIO_printf(io, "'%s' contains '..' reference\r\n", p); BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
break; break;
} }
if (*p == '/') { if (*p == '/' || *p == '\\') {
BIO_puts(io, text); BIO_puts(io, text);
BIO_printf(io, "'%s' is an invalid path\r\n", p); BIO_printf(io, "'%s' is an invalid path\r\n", p);
break; break;

95
crypto/openssl/apps/server.pem
View File

@ -1,52 +1,47 @@
subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw 3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ 8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq
h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH
tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd
D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp
uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/
qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p
zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq
r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD
AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u
5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4
W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU
674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4
utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA
BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V
4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a +ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G
WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd
bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs
6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex 7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT
4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5
WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/
n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww
JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws
-----END RSA PRIVATE KEY----- KQypwAFz0tbHxaNag/bSAN0J
-----END PRIVATE KEY-----

43
crypto/openssl/apps/speed.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
@ -1242,8 +1242,6 @@ static int run_benchmark(int async_jobs,
OSSL_ASYNC_FD job_fd = 0; OSSL_ASYNC_FD job_fd = 0;
size_t num_job_fds = 0; size_t num_job_fds = 0;
run = 1;
if (async_jobs == 0) { if (async_jobs == 0) {
return loop_function((void *)&loopargs); return loop_function((void *)&loopargs);
} }
@ -2412,7 +2410,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++) for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++)
Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &camellia_ks1, (size_t)lengths[testnum], &camellia_ks1,
iv, CAMELLIA_ENCRYPT); iv, CAMELLIA_ENCRYPT);
@ -2434,7 +2432,7 @@ int speed_main(int argc, char **argv)
exit(1); exit(1);
} }
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++) for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++)
Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &camellia_ks2, (size_t)lengths[testnum], &camellia_ks2,
iv, CAMELLIA_ENCRYPT); iv, CAMELLIA_ENCRYPT);
@ -2452,7 +2450,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++) for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++)
Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &camellia_ks3, (size_t)lengths[testnum], &camellia_ks3,
iv, CAMELLIA_ENCRYPT); iv, CAMELLIA_ENCRYPT);
@ -2472,7 +2470,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++) for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++)
IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &idea_ks, (size_t)lengths[testnum], &idea_ks,
iv, IDEA_ENCRYPT); iv, IDEA_ENCRYPT);
@ -2492,7 +2490,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++) for (count = 0; COND(c[D_CBC_SEED][testnum]); count++)
SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &seed_ks, iv, 1); (size_t)lengths[testnum], &seed_ks, iv, 1);
d = Time_F(STOP); d = Time_F(STOP);
@ -2515,7 +2513,7 @@ int speed_main(int argc, char **argv)
exit(1); exit(1);
} }
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++) for (count = 0; COND(c[D_CBC_RC2][testnum]); count++)
RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &rc2_ks, (size_t)lengths[testnum], &rc2_ks,
iv, RC2_ENCRYPT); iv, RC2_ENCRYPT);
@ -2539,7 +2537,7 @@ int speed_main(int argc, char **argv)
exit(1); exit(1);
} }
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++) for (count = 0; COND(c[D_CBC_RC5][testnum]); count++)
RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &rc5_ks, (size_t)lengths[testnum], &rc5_ks,
iv, RC5_ENCRYPT); iv, RC5_ENCRYPT);
@ -2559,7 +2557,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++) for (count = 0; COND(c[D_CBC_BF][testnum]); count++)
BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &bf_ks, (size_t)lengths[testnum], &bf_ks,
iv, BF_ENCRYPT); iv, BF_ENCRYPT);
@ -2579,7 +2577,7 @@ int speed_main(int argc, char **argv)
print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
lengths[testnum], seconds.sym); lengths[testnum], seconds.sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++) for (count = 0; COND(c[D_CBC_CAST][testnum]); count++)
CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
(size_t)lengths[testnum], &cast_ks, (size_t)lengths[testnum], &cast_ks,
iv, CAST_ENCRYPT); iv, CAST_ENCRYPT);
@ -3006,7 +3004,7 @@ int speed_main(int argc, char **argv)
pctx = NULL; pctx = NULL;
} }
if (kctx == NULL || /* keygen ctx is not null */ if (kctx == NULL || /* keygen ctx is not null */
!EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) {
ecdh_checks = 0; ecdh_checks = 0;
BIO_printf(bio_err, "ECDH keygen failure.\n"); BIO_printf(bio_err, "ECDH keygen failure.\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
@ -3014,12 +3012,12 @@ int speed_main(int argc, char **argv)
break; break;
} }
if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */
!EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */
!(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
!EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */
!EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */
!EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */
outlen == 0 || /* ensure outlen is a valid size */ outlen == 0 || /* ensure outlen is a valid size */
outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
ecdh_checks = 0; ecdh_checks = 0;
@ -3106,8 +3104,8 @@ int speed_main(int argc, char **argv)
if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL))
== NULL == NULL
|| !EVP_PKEY_keygen_init(ed_pctx) || EVP_PKEY_keygen_init(ed_pctx) <= 0
|| !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
st = 0; st = 0;
EVP_PKEY_CTX_free(ed_pctx); EVP_PKEY_CTX_free(ed_pctx);
break; break;
@ -3395,6 +3393,7 @@ static void print_message(const char *s, long num, int length, int tm)
mr ? "+DT:%s:%d:%d\n" mr ? "+DT:%s:%d:%d\n"
: "Doing %s for %ds on %d size blocks: ", s, tm, length); : "Doing %s for %ds on %d size blocks: ", s, tm, length);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
run = 1;
alarm(tm); alarm(tm);
#else #else
BIO_printf(bio_err, BIO_printf(bio_err,
@ -3412,6 +3411,7 @@ static void pkey_print_message(const char *str, const char *str2, long num,
mr ? "+DTP:%d:%s:%s:%d\n" mr ? "+DTP:%d:%s:%s:%d\n"
: "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
run = 1;
alarm(tm); alarm(tm);
#else #else
BIO_printf(bio_err, BIO_printf(bio_err,
@ -3584,6 +3584,7 @@ static int do_multi(int multi, int size_num)
p = buf + 4; p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
sstrsep(&p, sep);
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
eddsa_results[k][0] += d; eddsa_results[k][0] += d;
@ -3641,7 +3642,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
for (j = 0; j < num; j++) { for (j = 0; j < num; j++) {
print_message(alg_name, 0, mblengths[j], seconds->sym); print_message(alg_name, 0, mblengths[j], seconds->sym);
Time_F(START); Time_F(START);
for (count = 0, run = 1; run && count < 0x7fffffff; count++) { for (count = 0; run && count < 0x7fffffff; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j]; size_t len = mblengths[j];

6
crypto/openssl/apps/timeouts.h
View File

@ -7,11 +7,11 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#ifndef INCLUDED_TIMEOUTS_H #ifndef OSSL_APPS_TIMEOUTS_H
# define INCLUDED_TIMEOUTS_H # define OSSL_APPS_TIMEOUTS_H
/* numbers in us */ /* numbers in us */
# define DGRAM_RCV_TIMEOUT 250000 # define DGRAM_RCV_TIMEOUT 250000
# define DGRAM_SND_TIMEOUT 250000 # define DGRAM_SND_TIMEOUT 250000
#endif /* ! INCLUDED_TIMEOUTS_H */ #endif /* ! OSSL_APPS_TIMEOUTS_H */

3
crypto/openssl/apps/ts.c
View File

@ -282,7 +282,8 @@ int ts_main(int argc, char **argv)
goto end; goto end;
} }
conf = load_config_file(configfile); if ((conf = load_config_file(configfile)) == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf)) if (configfile != default_config_file && !app_load_modules(conf))
goto end; goto end;

12
crypto/openssl/apps/x509.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -72,7 +72,7 @@ const OPTIONS x509_options[] = {
{"outform", OPT_OUTFORM, 'f', {"outform", OPT_OUTFORM, 'f',
"Output format - default PEM (one of DER or PEM)"}, "Output format - default PEM (one of DER or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"}, {"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
{"serial", OPT_SERIAL, '-', "Print serial number value"}, {"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
@ -107,7 +107,7 @@ const OPTIONS x509_options[] = {
{"checkend", OPT_CHECKEND, 'M', {"checkend", OPT_CHECKEND, 'M',
"Check whether the cert expires in the next arg seconds"}, "Check whether the cert expires in the next arg seconds"},
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
{"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
{"x509toreq", OPT_X509TOREQ, '-', {"x509toreq", OPT_X509TOREQ, '-',
"Output a certification request object"}, "Output a certification request object"},
{"req", OPT_REQ, '-', "Input is a certificate request, sign and output"}, {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
@ -130,7 +130,7 @@ const OPTIONS x509_options[] = {
{"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
{"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
@ -217,7 +217,7 @@ int x509_main(int argc, char **argv)
goto opthelp; goto opthelp;
break; break;
case OPT_KEYFORM: case OPT_KEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat)) if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
goto opthelp; goto opthelp;
break; break;
case OPT_CAFORM: case OPT_CAFORM:
@ -225,7 +225,7 @@ int x509_main(int argc, char **argv)
goto opthelp; goto opthelp;
break; break;
case OPT_CAKEYFORM: case OPT_CAKEYFORM:
if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat))
goto opthelp; goto opthelp;
break; break;
case OPT_OUT: case OPT_OUT:

19
crypto/openssl/appveyor.yml
View File

@ -1,3 +1,6 @@
image:
- Visual Studio 2017
platform: platform:
- x64 - x64
- x86 - x86
@ -5,17 +8,24 @@ platform:
environment: environment:
fast_finish: true fast_finish: true
matrix: matrix:
- VSVER: 14 - VSVER: 15
configuration: configuration:
- shared - shared
- plain - plain
- minimal
before_build: before_build:
- ps: >-
Install-Module VSSetup -Scope CurrentUser
- ps: >-
Get-VSSetupInstance -All
- ps: >-
gci env:* | sort-object name
- ps: >- - ps: >-
If ($env:Platform -Match "x86") { If ($env:Platform -Match "x86") {
$env:VCVARS_PLATFORM="x86" $env:VCVARS_PLATFORM="x86"
$env:TARGET="VC-WIN32 no-asm" $env:TARGET="VC-WIN32 no-asm --strict-warnings"
} Else { } Else {
$env:VCVARS_PLATFORM="amd64" $env:VCVARS_PLATFORM="amd64"
$env:TARGET="VC-WIN64A-masm" $env:TARGET="VC-WIN64A-masm"
@ -23,11 +33,12 @@ before_build:
- ps: >- - ps: >-
If ($env:Configuration -Match "shared") { If ($env:Configuration -Match "shared") {
$env:SHARED="no-makedepend" $env:SHARED="no-makedepend"
} ElseIf ($env:Configuration -Match "minimal") {
$env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT"
} Else { } Else {
$env:SHARED="no-shared no-makedepend" $env:SHARED="no-shared no-makedepend"
} }
- ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
- call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
- mkdir _build - mkdir _build
- cd _build - cd _build
- perl ..\Configure %TARGET% %SHARED% - perl ..\Configure %TARGET% %SHARED%

14
crypto/openssl/build.info
View File

@ -9,20 +9,20 @@
""; "";
-} -}
LIBS=libcrypto libssl LIBS=libcrypto libssl
INCLUDE[libcrypto]=. crypto/include include INCLUDE[libcrypto]=. include
INCLUDE[libssl]=. include INCLUDE[libssl]=. include
DEPEND[libssl]=libcrypto DEPEND[libssl]=libcrypto
# Empty DEPEND "indices" means the dependencies are expected to be built # Empty DEPEND "indices" means the dependencies are expected to be built
# unconditionally before anything else. # unconditionally before anything else.
DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \ DEPEND[]=include/openssl/opensslconf.h include/crypto/bn_conf.h \
crypto/include/internal/dso_conf.h include/crypto/dso_conf.h
DEPEND[include/openssl/opensslconf.h]=configdata.pm DEPEND[include/openssl/opensslconf.h]=configdata.pm
GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm DEPEND[include/crypto/bn_conf.h]=configdata.pm
GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm DEPEND[include/crypto/dso_conf.h]=configdata.pm
GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
IF[{- defined $target{shared_defflag} -}] IF[{- defined $target{shared_defflag} -}]
IF[{- $config{target} =~ /^mingw/ -}] IF[{- $config{target} =~ /^mingw/ -}]

20
crypto/openssl/config
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -509,10 +509,7 @@ case "$GUESSOS" in
OUT="ios64-cross" ;; OUT="ios64-cross" ;;
alpha-*-linux2) alpha-*-linux2)
ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
case ${ISA:-generic} in OUT="linux-alpha-$CC"
*[678]) OUT="linux-alpha+bwx-$CC" ;;
*) OUT="linux-alpha-$CC" ;;
esac
if [ "$CC" = "gcc" ]; then if [ "$CC" = "gcc" ]; then
case ${ISA:-generic} in case ${ISA:-generic} in
EV5|EV45) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5" EV5|EV45) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5"
@ -908,8 +905,12 @@ fi
OUT="$OUT" OUT="$OUT"
$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null if [ "$OUT" = "darwin64-x86_64-cc" ]; then
if [ $? = "0" ]; then echo "WARNING! If you wish to build 32-bit libraries, then you have to"
echo " invoke 'KERNEL_BITS=32 $THERE/config $options'."
fi
if $PERL $THERE/Configure LIST | grep "$OUT" > /dev/null; then
if [ "$VERBOSE" = "true" ]; then if [ "$VERBOSE" = "true" ]; then
echo /usr/bin/env \ echo /usr/bin/env \
__CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \ __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \
@ -939,8 +940,5 @@ else
exit 1 exit 1
fi fi
if [ "$OUT" = "darwin64-x86_64-cc" ]; then # Do not add anothing from here on, so we don't lose the Configure exit code
echo "WARNING! If you wish to build 32-bit libraries, then you have to"
echo " invoke 'KERNEL_BITS=32 $THERE/config $options'."
fi
) )

5
crypto/openssl/crypto/LPdir_unix.c
View File

@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
return 0; return 0;
} }
strncpy((*ctx)->entry_name, direntry->d_name, OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name,
sizeof((*ctx)->entry_name) - 1); sizeof((*ctx)->entry_name));
(*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
#ifdef __VMS #ifdef __VMS
if ((*ctx)->expect_file_generations) { if ((*ctx)->expect_file_generations) {
char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);

2
crypto/openssl/crypto/aes/aes_core.c
View File

@ -41,7 +41,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_local.h"
#ifndef AES_ASM #ifndef AES_ASM
/*- /*-

2
crypto/openssl/crypto/aes/aes_ecb.c
View File

@ -10,7 +10,7 @@
#include <assert.h> #include <assert.h>
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_local.h"
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc) const AES_KEY *key, const int enc)

2
crypto/openssl/crypto/aes/aes_ige.c
View File

@ -10,7 +10,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_local.h"
#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
typedef struct { typedef struct {

6
crypto/openssl/crypto/aes/aes_locl.h → crypto/openssl/crypto/aes/aes_local.h
View File

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#ifndef HEADER_AES_LOCL_H #ifndef OSSL_CRYPTO_AES_LOCAL_H
# define HEADER_AES_LOCL_H # define OSSL_CRYPTO_AES_LOCAL_H
# include <openssl/e_os2.h> # include <openssl/e_os2.h>
# include <stdio.h> # include <stdio.h>
@ -39,4 +39,4 @@ typedef unsigned char u8;
/* This controls loop-unrolling in aes_core.c */ /* This controls loop-unrolling in aes_core.c */
# undef FULL_UNROLL # undef FULL_UNROLL
#endif /* !HEADER_AES_LOCL_H */ #endif /* !OSSL_CRYPTO_AES_LOCAL_H */

2
crypto/openssl/crypto/aes/aes_misc.c
View File

@ -9,7 +9,7 @@
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_local.h"
const char *AES_options(void) const char *AES_options(void)
{ {

2
crypto/openssl/crypto/aes/aes_x86core.c
View File

@ -46,7 +46,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_locl.h" #include "aes_local.h"
/* /*
* These two parameters control which table, 256-byte or 2KB, is * These two parameters control which table, 256-byte or 2KB, is

4
crypto/openssl/crypto/aes/asm/aes-armv4.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1242,4 +1242,4 @@ while(<SELF>) {
close SELF; close SELF;
print $code; print $code;
close STDOUT; # enforce flush close STDOUT or die "error closing STDOUT: $!"; # enforce flush

4
crypto/openssl/crypto/aes/asm/aes-c64xplus.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1379,4 +1379,4 @@ AES_Td4:
___ ___
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aes-mips.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -2167,4 +2167,4 @@ foreach (split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aes-parisc.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1035,4 +1035,4 @@ foreach (split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aes-ppc.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1456,4 +1456,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

8
crypto/openssl/crypto/aes/asm/aes-s390x.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1987,7 +1987,7 @@ $code.=<<___;
.Lxts_enc_done: .Lxts_enc_done:
stg $sp,$tweak+0($sp) # wipe tweak stg $sp,$tweak+0($sp) # wipe tweak
stg $sp,$twesk+8($sp) stg $sp,$tweak+8($sp)
lm${g} %r6,$ra,6*$SIZE_T($sp) lm${g} %r6,$ra,6*$SIZE_T($sp)
br $ra br $ra
.size AES_xts_encrypt,.-AES_xts_encrypt .size AES_xts_encrypt,.-AES_xts_encrypt
@ -2267,7 +2267,7 @@ $code.=<<___;
stg $sp,$tweak-16+8($sp) stg $sp,$tweak-16+8($sp)
.Lxts_dec_done: .Lxts_dec_done:
stg $sp,$tweak+0($sp) # wipe tweak stg $sp,$tweak+0($sp) # wipe tweak
stg $sp,$twesk+8($sp) stg $sp,$tweak+8($sp)
lm${g} %r6,$ra,6*$SIZE_T($sp) lm${g} %r6,$ra,6*$SIZE_T($sp)
br $ra br $ra
.size AES_xts_decrypt,.-AES_xts_decrypt .size AES_xts_decrypt,.-AES_xts_decrypt
@ -2279,4 +2279,4 @@ ___
$code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code; print $code;
close STDOUT; # force flush close STDOUT or die "error closing STDOUT: $!"; # force flush

4
crypto/openssl/crypto/aes/asm/aes-sparcv9.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1189,4 +1189,4 @@ ___
$code =~ s/fmovs.*$//gm; $code =~ s/fmovs.*$//gm;
print $code; print $code;
close STDOUT; # ensure flush close STDOUT or die "error closing STDOUT: $!"; # ensure flush

4
crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1267,4 +1267,4 @@ foreach (split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

6
crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=11); $avx = ($1>=10) + ($1>=11);
} }
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0); $avx = ($2>=3.0) + ($2>3.0);
} }
@ -1471,4 +1471,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

12
crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
`ml64 2>&1` =~ /Version ([0-9]+)\./ && `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10); $1>=10);
$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); $avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0);
$shaext=1; ### set to zero if compiling for 1.0.1 $shaext=1; ### set to zero if compiling for 1.0.1
@ -133,6 +133,7 @@ $code.=<<___;
.type aesni_cbc_sha1_enc,\@abi-omnipotent .type aesni_cbc_sha1_enc,\@abi-omnipotent
.align 32 .align 32
aesni_cbc_sha1_enc: aesni_cbc_sha1_enc:
.cfi_startproc
# caller should check for SSSE3 and AES-NI bits # caller should check for SSSE3 and AES-NI bits
mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+0(%rip),%r10d
mov OPENSSL_ia32cap_P+4(%rip),%r11 mov OPENSSL_ia32cap_P+4(%rip),%r11
@ -151,6 +152,7 @@ ___
$code.=<<___; $code.=<<___;
jmp aesni_cbc_sha1_enc_ssse3 jmp aesni_cbc_sha1_enc_ssse3
ret ret
.cfi_endproc
.size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc .size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
___ ___
@ -840,6 +842,7 @@ $code.=<<___;
.type aesni256_cbc_sha1_dec,\@abi-omnipotent .type aesni256_cbc_sha1_dec,\@abi-omnipotent
.align 32 .align 32
aesni256_cbc_sha1_dec: aesni256_cbc_sha1_dec:
.cfi_startproc
# caller should check for SSSE3 and AES-NI bits # caller should check for SSSE3 and AES-NI bits
mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+0(%rip),%r10d
mov OPENSSL_ia32cap_P+4(%rip),%r11d mov OPENSSL_ia32cap_P+4(%rip),%r11d
@ -854,6 +857,7 @@ ___
$code.=<<___; $code.=<<___;
jmp aesni256_cbc_sha1_dec_ssse3 jmp aesni256_cbc_sha1_dec_ssse3
ret ret
.cfi_endproc
.size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec .size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec
.type aesni256_cbc_sha1_dec_ssse3,\@function,6 .type aesni256_cbc_sha1_dec_ssse3,\@function,6
@ -1760,6 +1764,7 @@ $code.=<<___;
.type aesni_cbc_sha1_enc_shaext,\@function,6 .type aesni_cbc_sha1_enc_shaext,\@function,6
.align 32 .align 32
aesni_cbc_sha1_enc_shaext: aesni_cbc_sha1_enc_shaext:
.cfi_startproc
mov `($win64?56:8)`(%rsp),$inp # load 7th argument mov `($win64?56:8)`(%rsp),$inp # load 7th argument
___ ___
$code.=<<___ if ($win64); $code.=<<___ if ($win64);
@ -1911,6 +1916,7 @@ $code.=<<___ if ($win64);
___ ___
$code.=<<___; $code.=<<___;
ret ret
.cfi_endproc
.size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext .size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext
___ ___
}}} }}}
@ -2137,4 +2143,4 @@ foreach (split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

66
crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$avx = ($1>=10) + ($1>=12); $avx = ($1>=10) + ($1>=12);
} }
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0); $avx = ($2>=3.0) + ($2>3.0);
} }
@ -123,6 +123,7 @@ $code=<<___;
.type $func,\@abi-omnipotent .type $func,\@abi-omnipotent
.align 16 .align 16
$func: $func:
.cfi_startproc
___ ___
if ($avx) { if ($avx) {
$code.=<<___; $code.=<<___;
@ -162,6 +163,7 @@ $code.=<<___;
ud2 ud2
.Lprobe: .Lprobe:
ret ret
.cfi_endproc
.size $func,.-$func .size $func,.-$func
.align 64 .align 64
@ -1084,7 +1086,23 @@ $code.=<<___;
vmovdqa $t0,0x00(%rsp) vmovdqa $t0,0x00(%rsp)
xor $a1,$a1 xor $a1,$a1
vmovdqa $t1,0x20(%rsp) vmovdqa $t1,0x20(%rsp)
___
$code.=<<___ if (!$win64);
# temporarily use %rsi as frame pointer
mov $_rsp,%rsi
.cfi_def_cfa %rsi,8
___
$code.=<<___;
lea -$PUSH8(%rsp),%rsp lea -$PUSH8(%rsp),%rsp
___
$code.=<<___ if (!$win64);
# the frame info is at $_rsp, but the stack is moving...
# so a second frame pointer is saved at -8(%rsp)
# that is in the red zone
mov %rsi,-8(%rsp)
.cfi_cfa_expression %rsp-8,deref,+8
___
$code.=<<___;
mov $B,$a3 mov $B,$a3
vmovdqa $t2,0x00(%rsp) vmovdqa $t2,0x00(%rsp)
xor $C,$a3 # magic xor $C,$a3 # magic
@ -1106,7 +1124,17 @@ my @X = @_;
my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my @insns = (&$body,&$body,&$body,&$body); # 96 instructions
my $base = "+2*$PUSH8(%rsp)"; my $base = "+2*$PUSH8(%rsp)";
&lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); if (($j%2)==0) {
&lea ("%rsp","-$PUSH8(%rsp)");
$code.=<<___ if (!$win64);
.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8
# copy secondary frame pointer to new location again at -8(%rsp)
pushq $PUSH8-8(%rsp)
.cfi_cfa_expression %rsp,deref,+8
lea 8(%rsp),%rsp
.cfi_cfa_expression %rsp-8,deref,+8
___
}
foreach (Xupdate_256_AVX()) { # 29 instructions foreach (Xupdate_256_AVX()) { # 29 instructions
eval; eval;
eval(shift(@insns)); eval(shift(@insns));
@ -1232,26 +1260,28 @@ $code.=<<___;
jbe .Loop_avx2 jbe .Loop_avx2
lea (%rsp),$Tbl lea (%rsp),$Tbl
# temporarily use $Tbl as index to $_rsp
# this avoids the need to save a secondary frame pointer at -8(%rsp)
.cfi_cfa_expression $Tbl+`16*$SZ+7*8`,deref,+8
.Ldone_avx2: .Ldone_avx2:
lea ($Tbl),%rsp mov 16*$SZ+4*8($Tbl),$ivp
mov $_ivp,$ivp mov 16*$SZ+7*8($Tbl),%rsi
mov $_rsp,%rsi
.cfi_def_cfa %rsi,8 .cfi_def_cfa %rsi,8
vmovdqu $iv,($ivp) # output IV vmovdqu $iv,($ivp) # output IV
vzeroall vzeroall
___ ___
$code.=<<___ if ($win64); $code.=<<___ if ($win64);
movaps `$framesz+16*0`(%rsp),%xmm6 movaps `$framesz+16*0`($Tbl),%xmm6
movaps `$framesz+16*1`(%rsp),%xmm7 movaps `$framesz+16*1`($Tbl),%xmm7
movaps `$framesz+16*2`(%rsp),%xmm8 movaps `$framesz+16*2`($Tbl),%xmm8
movaps `$framesz+16*3`(%rsp),%xmm9 movaps `$framesz+16*3`($Tbl),%xmm9
movaps `$framesz+16*4`(%rsp),%xmm10 movaps `$framesz+16*4`($Tbl),%xmm10
movaps `$framesz+16*5`(%rsp),%xmm11 movaps `$framesz+16*5`($Tbl),%xmm11
movaps `$framesz+16*6`(%rsp),%xmm12 movaps `$framesz+16*6`($Tbl),%xmm12
movaps `$framesz+16*7`(%rsp),%xmm13 movaps `$framesz+16*7`($Tbl),%xmm13
movaps `$framesz+16*8`(%rsp),%xmm14 movaps `$framesz+16*8`($Tbl),%xmm14
movaps `$framesz+16*9`(%rsp),%xmm15 movaps `$framesz+16*9`($Tbl),%xmm15
___ ___
$code.=<<___; $code.=<<___;
mov -48(%rsi),%r15 mov -48(%rsi),%r15
@ -1339,6 +1369,7 @@ $code.=<<___;
.type ${func}_shaext,\@function,6 .type ${func}_shaext,\@function,6
.align 32 .align 32
${func}_shaext: ${func}_shaext:
.cfi_startproc
mov `($win64?56:8)`(%rsp),$inp # load 7th argument mov `($win64?56:8)`(%rsp),$inp # load 7th argument
___ ___
$code.=<<___ if ($win64); $code.=<<___ if ($win64);
@ -1555,6 +1586,7 @@ $code.=<<___ if ($win64);
___ ___
$code.=<<___; $code.=<<___;
ret ret
.cfi_endproc
.size ${func}_shaext,.-${func}_shaext .size ${func}_shaext,.-${func}_shaext
___ ___
} }
@ -1767,4 +1799,4 @@ sub rex {
$code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\`([^\`]*)\`/eval $1/gem;
$code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem; $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aesni-x86.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -3412,4 +3412,4 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&asm_finish(); &asm_finish();
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

30
crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -59,7 +59,7 @@
# nothing one can do and the result appears optimal. CCM result is # nothing one can do and the result appears optimal. CCM result is
# identical to CBC, because CBC-MAC is essentially CBC encrypt without # identical to CBC, because CBC-MAC is essentially CBC encrypt without
# saving output. CCM CTR "stays invisible," because it's neatly # saving output. CCM CTR "stays invisible," because it's neatly
# interleaved wih CBC-MAC. This provides ~30% improvement over # interleaved with CBC-MAC. This provides ~30% improvement over
# "straightforward" CCM implementation with CTR and CBC-MAC performed # "straightforward" CCM implementation with CTR and CBC-MAC performed
# disjointly. Parallelizable modes practically achieve the theoretical # disjointly. Parallelizable modes practically achieve the theoretical
# limit. # limit.
@ -984,6 +984,7 @@ $code.=<<___;
.type aesni_ccm64_encrypt_blocks,\@function,6 .type aesni_ccm64_encrypt_blocks,\@function,6
.align 16 .align 16
aesni_ccm64_encrypt_blocks: aesni_ccm64_encrypt_blocks:
.cfi_startproc
___ ___
$code.=<<___ if ($win64); $code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp lea -0x58(%rsp),%rsp
@ -1066,6 +1067,7 @@ $code.=<<___ if ($win64);
___ ___
$code.=<<___; $code.=<<___;
ret ret
.cfi_endproc
.size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
___ ___
###################################################################### ######################################################################
@ -1074,6 +1076,7 @@ $code.=<<___;
.type aesni_ccm64_decrypt_blocks,\@function,6 .type aesni_ccm64_decrypt_blocks,\@function,6
.align 16 .align 16
aesni_ccm64_decrypt_blocks: aesni_ccm64_decrypt_blocks:
.cfi_startproc
___ ___
$code.=<<___ if ($win64); $code.=<<___ if ($win64);
lea -0x58(%rsp),%rsp lea -0x58(%rsp),%rsp
@ -1173,6 +1176,7 @@ $code.=<<___ if ($win64);
___ ___
$code.=<<___; $code.=<<___;
ret ret
.cfi_endproc
.size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
___ ___
} }
@ -2339,7 +2343,7 @@ $code.=<<___;
movdqu `16*0`($inp),$inout0 # load input movdqu `16*0`($inp),$inout0 # load input
movdqa $rndkey0,$twmask movdqa $rndkey0,$twmask
movdqu `16*1`($inp),$inout1 movdqu `16*1`($inp),$inout1
pxor @tweak[0],$inout0 # intput^=tweak^round[0] pxor @tweak[0],$inout0 # input^=tweak^round[0]
movdqu `16*2`($inp),$inout2 movdqu `16*2`($inp),$inout2
pxor @tweak[1],$inout1 pxor @tweak[1],$inout1
aesdec $rndkey1,$inout0 aesdec $rndkey1,$inout0
@ -3031,6 +3035,7 @@ $code.=<<___;
.type __ocb_encrypt6,\@abi-omnipotent .type __ocb_encrypt6,\@abi-omnipotent
.align 32 .align 32
__ocb_encrypt6: __ocb_encrypt6:
.cfi_startproc
pxor $rndkey0l,@offset[5] # offset_i ^ round[0] pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
movdqu ($L_p,$i1),@offset[1] movdqu ($L_p,$i1),@offset[1]
movdqa @offset[0],@offset[2] movdqa @offset[0],@offset[2]
@ -3128,11 +3133,13 @@ __ocb_encrypt6:
aesenclast @offset[4],$inout4 aesenclast @offset[4],$inout4
aesenclast @offset[5],$inout5 aesenclast @offset[5],$inout5
ret ret
.cfi_endproc
.size __ocb_encrypt6,.-__ocb_encrypt6 .size __ocb_encrypt6,.-__ocb_encrypt6
.type __ocb_encrypt4,\@abi-omnipotent .type __ocb_encrypt4,\@abi-omnipotent
.align 32 .align 32
__ocb_encrypt4: __ocb_encrypt4:
.cfi_startproc
pxor $rndkey0l,@offset[5] # offset_i ^ round[0] pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
movdqu ($L_p,$i1),@offset[1] movdqu ($L_p,$i1),@offset[1]
movdqa @offset[0],@offset[2] movdqa @offset[0],@offset[2]
@ -3197,11 +3204,13 @@ __ocb_encrypt4:
aesenclast @offset[2],$inout2 aesenclast @offset[2],$inout2
aesenclast @offset[3],$inout3 aesenclast @offset[3],$inout3
ret ret
.cfi_endproc
.size __ocb_encrypt4,.-__ocb_encrypt4 .size __ocb_encrypt4,.-__ocb_encrypt4
.type __ocb_encrypt1,\@abi-omnipotent .type __ocb_encrypt1,\@abi-omnipotent
.align 32 .align 32
__ocb_encrypt1: __ocb_encrypt1:
.cfi_startproc
pxor @offset[5],$inout5 # offset_i pxor @offset[5],$inout5 # offset_i
pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $rndkey0l,$inout5 # offset_i ^ round[0]
pxor $inout0,$checksum # accumulate checksum pxor $inout0,$checksum # accumulate checksum
@ -3232,6 +3241,7 @@ __ocb_encrypt1:
aesenclast $inout5,$inout0 aesenclast $inout5,$inout0
ret ret
.cfi_endproc
.size __ocb_encrypt1,.-__ocb_encrypt1 .size __ocb_encrypt1,.-__ocb_encrypt1
.globl aesni_ocb_decrypt .globl aesni_ocb_decrypt
@ -3513,6 +3523,7 @@ $code.=<<___;
.type __ocb_decrypt6,\@abi-omnipotent .type __ocb_decrypt6,\@abi-omnipotent
.align 32 .align 32
__ocb_decrypt6: __ocb_decrypt6:
.cfi_startproc
pxor $rndkey0l,@offset[5] # offset_i ^ round[0] pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
movdqu ($L_p,$i1),@offset[1] movdqu ($L_p,$i1),@offset[1]
movdqa @offset[0],@offset[2] movdqa @offset[0],@offset[2]
@ -3604,11 +3615,13 @@ __ocb_decrypt6:
aesdeclast @offset[4],$inout4 aesdeclast @offset[4],$inout4
aesdeclast @offset[5],$inout5 aesdeclast @offset[5],$inout5
ret ret
.cfi_endproc
.size __ocb_decrypt6,.-__ocb_decrypt6 .size __ocb_decrypt6,.-__ocb_decrypt6
.type __ocb_decrypt4,\@abi-omnipotent .type __ocb_decrypt4,\@abi-omnipotent
.align 32 .align 32
__ocb_decrypt4: __ocb_decrypt4:
.cfi_startproc
pxor $rndkey0l,@offset[5] # offset_i ^ round[0] pxor $rndkey0l,@offset[5] # offset_i ^ round[0]
movdqu ($L_p,$i1),@offset[1] movdqu ($L_p,$i1),@offset[1]
movdqa @offset[0],@offset[2] movdqa @offset[0],@offset[2]
@ -3669,11 +3682,13 @@ __ocb_decrypt4:
aesdeclast @offset[2],$inout2 aesdeclast @offset[2],$inout2
aesdeclast @offset[3],$inout3 aesdeclast @offset[3],$inout3
ret ret
.cfi_endproc
.size __ocb_decrypt4,.-__ocb_decrypt4 .size __ocb_decrypt4,.-__ocb_decrypt4
.type __ocb_decrypt1,\@abi-omnipotent .type __ocb_decrypt1,\@abi-omnipotent
.align 32 .align 32
__ocb_decrypt1: __ocb_decrypt1:
.cfi_startproc
pxor @offset[5],$inout5 # offset_i pxor @offset[5],$inout5 # offset_i
pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $rndkey0l,$inout5 # offset_i ^ round[0]
pxor $inout5,$inout0 # input ^ round[0] ^ offset_i pxor $inout5,$inout0 # input ^ round[0] ^ offset_i
@ -3703,6 +3718,7 @@ __ocb_decrypt1:
aesdeclast $inout5,$inout0 aesdeclast $inout5,$inout0
ret ret
.cfi_endproc
.size __ocb_decrypt1,.-__ocb_decrypt1 .size __ocb_decrypt1,.-__ocb_decrypt1
___ ___
} }} } }}
@ -4637,7 +4653,6 @@ __aesni_set_encrypt_key:
add \$8,%rsp add \$8,%rsp
.cfi_adjust_cfa_offset -8 .cfi_adjust_cfa_offset -8
ret ret
.cfi_endproc
.LSEH_end_set_encrypt_key: .LSEH_end_set_encrypt_key:
.align 16 .align 16
@ -4708,6 +4723,7 @@ __aesni_set_encrypt_key:
shufps \$0b10101010,%xmm1,%xmm1 # critical path shufps \$0b10101010,%xmm1,%xmm1 # critical path
xorps %xmm1,%xmm2 xorps %xmm1,%xmm2
ret ret
.cfi_endproc
.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
.size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key
___ ___
@ -4812,7 +4828,7 @@ ctr_xts_se_handler:
mov 56($disp),%r11 # disp->HandlerData mov 56($disp),%r11 # disp->HandlerData
mov 0(%r11),%r10d # HandlerData[0] mov 0(%r11),%r10d # HandlerData[0]
lea (%rsi,%r10),%r10 # prologue lable lea (%rsi,%r10),%r10 # prologue label
cmp %r10,%rbx # context->Rip<prologue label cmp %r10,%rbx # context->Rip<prologue label
jb .Lcommon_seh_tail jb .Lcommon_seh_tail
@ -4856,7 +4872,7 @@ ocb_se_handler:
mov 56($disp),%r11 # disp->HandlerData mov 56($disp),%r11 # disp->HandlerData
mov 0(%r11),%r10d # HandlerData[0] mov 0(%r11),%r10d # HandlerData[0]
lea (%rsi,%r10),%r10 # prologue lable lea (%rsi,%r10),%r10 # prologue label
cmp %r10,%rbx # context->Rip<prologue label cmp %r10,%rbx # context->Rip<prologue label
jb .Lcommon_seh_tail jb .Lcommon_seh_tail
@ -5138,4 +5154,4 @@ $code =~ s/\bmovbe\s+%eax,\s*([0-9]+)\(%rsp\)/movbe($1)/gem;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -3804,4 +3804,4 @@ foreach(split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aest4-sparcv9.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -926,4 +926,4 @@ ___
&emit_assembler(); &emit_assembler();
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/aesv8-armx.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1008,4 +1008,4 @@ if ($flavour =~ /64/) { ######## 64-bit code
} }
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -2488,4 +2488,4 @@ close SELF;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1274,4 +1274,4 @@ ___
} } } }
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/vpaes-ppc.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1591,4 +1591,4 @@ foreach (split("\n",$code)) {
print $_,"\n"; print $_,"\n";
} }
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/vpaes-x86.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -913,4 +913,4 @@ $k_dsbo=0x2c0; # decryption sbox final output
&asm_finish(); &asm_finish();
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -1238,4 +1238,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

2
crypto/openssl/crypto/aria/aria.c
View File

@ -19,7 +19,7 @@
*/ */
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#include "internal/aria.h" #include "crypto/aria.h"
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>

4
crypto/openssl/crypto/arm64cpuid.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -144,4 +144,4 @@ CRYPTO_memcmp:
___ ___
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

4
crypto/openssl/crypto/arm_arch.h
View File

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#ifndef __ARM_ARCH_H__ #ifndef OSSL_CRYPTO_ARM_ARCH_H
# define __ARM_ARCH_H__ # define OSSL_CRYPTO_ARM_ARCH_H
# if !defined(__ARM_ARCH__) # if !defined(__ARM_ARCH__)
# if defined(__CC_ARM) # if defined(__CC_ARM)

4
crypto/openssl/crypto/armv4cpuid.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -293,4 +293,4 @@ atomic_add_spinlock:
___ ___
print $code; print $code;
close STDOUT; close STDOUT or die "error closing STDOUT: $!";

2
crypto/openssl/crypto/asn1/a_bitstr.c
View File

@ -11,7 +11,7 @@
#include <stdio.h> #include <stdio.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "asn1_locl.h" #include "asn1_local.h"
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{ {

2
crypto/openssl/crypto/asn1/a_d2i_fp.c
View File

@ -13,7 +13,7 @@
#include "internal/numbers.h" #include "internal/numbers.h"
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#ifndef NO_OLD_ASN1 #ifndef NO_OLD_ASN1
# ifndef OPENSSL_NO_STDIO # ifndef OPENSSL_NO_STDIO

2
crypto/openssl/crypto/asn1/a_gentm.c
View File

@ -15,7 +15,7 @@
#include <time.h> #include <time.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* This is the primary function used to parse ASN1_GENERALIZEDTIME */ /* This is the primary function used to parse ASN1_GENERALIZEDTIME */
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)

2
crypto/openssl/crypto/asn1/a_int.c
View File

@ -13,7 +13,7 @@
#include <limits.h> #include <limits.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include "asn1_locl.h" #include "asn1_local.h"
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{ {

2
crypto/openssl/crypto/asn1/a_mbstr.c
View File

@ -8,7 +8,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>

6
crypto/openssl/crypto/asn1/a_object.c
View File

@ -9,14 +9,14 @@
#include <stdio.h> #include <stdio.h>
#include <limits.h> #include <limits.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "asn1_locl.h" #include "asn1_local.h"
int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
{ {

2
crypto/openssl/crypto/asn1/a_print.c
View File

@ -8,7 +8,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>

4
crypto/openssl/crypto/asn1/a_sign.c
View File

@ -18,8 +18,8 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/evp_int.h" #include "crypto/evp.h"
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD

2
crypto/openssl/crypto/asn1/a_strex.c
View File

@ -10,7 +10,7 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>

4
crypto/openssl/crypto/asn1/a_time.c
View File

@ -16,10 +16,10 @@
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "asn1_locl.h" #include "asn1_local.h"
IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

2
crypto/openssl/crypto/asn1/a_type.c
View File

@ -11,7 +11,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include "asn1_locl.h" #include "asn1_local.h"
int ASN1_TYPE_get(const ASN1_TYPE *a) int ASN1_TYPE_get(const ASN1_TYPE *a)
{ {

2
crypto/openssl/crypto/asn1/a_utctm.c
View File

@ -11,7 +11,7 @@
#include <time.h> #include <time.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* This is the primary function used to parse ASN1_UTCTIME */ /* This is the primary function used to parse ASN1_UTCTIME */
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)

4
crypto/openssl/crypto/asn1/a_verify.c
View File

@ -18,8 +18,8 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/evp_int.h" #include "crypto/evp.h"
#ifndef NO_ASN1_OLD #ifndef NO_ASN1_OLD

4
crypto/openssl/crypto/asn1/ameth_lib.c
View File

@ -13,8 +13,8 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/engine.h> #include <openssl/engine.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/evp_int.h" #include "crypto/evp.h"
#include "standard_methods.h" #include "standard_methods.h"

2
crypto/openssl/crypto/asn1/asn1_lib.c
View File

@ -11,7 +11,7 @@
#include <limits.h> #include <limits.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "asn1_locl.h" #include "asn1_local.h"
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
long max); long max);

0
crypto/openssl/crypto/asn1/asn1_locl.h → crypto/openssl/crypto/asn1/asn1_local.h
View File

38
crypto/openssl/crypto/asn1/asn1_par.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
int nl, hl, j, r; int nl, hl, j, r;
ASN1_OBJECT *o = NULL; ASN1_OBJECT *o = NULL;
ASN1_OCTET_STRING *os = NULL; ASN1_OCTET_STRING *os = NULL;
ASN1_INTEGER *ai = NULL;
ASN1_ENUMERATED *ae = NULL;
/* ASN1_BMPSTRING *bmp=NULL; */ /* ASN1_BMPSTRING *bmp=NULL; */
int dump_indent, dump_cont = 0; int dump_indent, dump_cont = 0;
@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
ASN1_OCTET_STRING_free(os); ASN1_OCTET_STRING_free(os);
os = NULL; os = NULL;
} else if (tag == V_ASN1_INTEGER) { } else if (tag == V_ASN1_INTEGER) {
ASN1_INTEGER *bs;
int i; int i;
opp = op; opp = op;
bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
if (bs != NULL) { if (ai != NULL) {
if (BIO_write(bp, ":", 1) <= 0) if (BIO_write(bp, ":", 1) <= 0)
goto end; goto end;
if (bs->type == V_ASN1_NEG_INTEGER) if (ai->type == V_ASN1_NEG_INTEGER)
if (BIO_write(bp, "-", 1) <= 0) if (BIO_write(bp, "-", 1) <= 0)
goto end; goto end;
for (i = 0; i < bs->length; i++) { for (i = 0; i < ai->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) if (BIO_printf(bp, "%02X", ai->data[i]) <= 0)
goto end; goto end;
} }
if (bs->length == 0) { if (ai->length == 0) {
if (BIO_write(bp, "00", 2) <= 0) if (BIO_write(bp, "00", 2) <= 0)
goto end; goto end;
} }
@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end; goto end;
dump_cont = 1; dump_cont = 1;
} }
ASN1_INTEGER_free(bs); ASN1_INTEGER_free(ai);
ai = NULL;
} else if (tag == V_ASN1_ENUMERATED) { } else if (tag == V_ASN1_ENUMERATED) {
ASN1_ENUMERATED *bs;
int i; int i;
opp = op; opp = op;
bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
if (bs != NULL) { if (ae != NULL) {
if (BIO_write(bp, ":", 1) <= 0) if (BIO_write(bp, ":", 1) <= 0)
goto end; goto end;
if (bs->type == V_ASN1_NEG_ENUMERATED) if (ae->type == V_ASN1_NEG_ENUMERATED)
if (BIO_write(bp, "-", 1) <= 0) if (BIO_write(bp, "-", 1) <= 0)
goto end; goto end;
for (i = 0; i < bs->length; i++) { for (i = 0; i < ae->length; i++) {
if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) if (BIO_printf(bp, "%02X", ae->data[i]) <= 0)
goto end; goto end;
} }
if (bs->length == 0) { if (ae->length == 0) {
if (BIO_write(bp, "00", 2) <= 0) if (BIO_write(bp, "00", 2) <= 0)
goto end; goto end;
} }
@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end; goto end;
dump_cont = 1; dump_cont = 1;
} }
ASN1_ENUMERATED_free(bs); ASN1_ENUMERATED_free(ae);
ae = NULL;
} else if (len > 0 && dump) { } else if (len > 0 && dump) {
if (!nl) { if (!nl) {
if (BIO_write(bp, "\n", 1) <= 0) if (BIO_write(bp, "\n", 1) <= 0)
@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
end: end:
ASN1_OBJECT_free(o); ASN1_OBJECT_free(o);
ASN1_OCTET_STRING_free(os); ASN1_OCTET_STRING_free(os);
ASN1_INTEGER_free(ai);
ASN1_ENUMERATED_free(ae);
*pp = p; *pp = p;
return ret; return ret;
} }

16
crypto/openssl/crypto/asn1/asn_mime.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -8,15 +8,15 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "internal/evp_int.h" #include "crypto/evp.h"
#include "internal/bio.h" #include "internal/bio.h"
#include "asn1_locl.h" #include "asn1_local.h"
/* /*
* Generalised MIME like utilities for streaming ASN1. Although many have a * Generalised MIME like utilities for streaming ASN1. Although many have a
@ -198,6 +198,14 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
BIO_puts(out, "gostr3411-94"); BIO_puts(out, "gostr3411-94");
goto err; goto err;
case NID_id_GostR3411_2012_256:
BIO_puts(out, "gostr3411-2012-256");
goto err;
case NID_id_GostR3411_2012_512:
BIO_puts(out, "gostr3411-2012-512");
goto err;
default: default:
if (have_unknown) if (have_unknown)
write_comma = 0; write_comma = 0;

6
crypto/openssl/crypto/asn1/asn_moid.c
View File

@ -8,13 +8,13 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/objects.h" #include "crypto/objects.h"
/* Simple ASN1 OID module: add all objects in a given section */ /* Simple ASN1 OID module: add all objects in a given section */

2
crypto/openssl/crypto/asn1/charmap.h
View File

@ -2,7 +2,7 @@
* WARNING: do not edit! * WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl * Generated by crypto/asn1/charmap.pl
* *
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/crypto/asn1/d2i_pr.c
View File

@ -15,8 +15,8 @@
#include <openssl/engine.h> #include <openssl/engine.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/evp_int.h" #include "crypto/evp.h"
EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length) long length)

2
crypto/openssl/crypto/asn1/d2i_pu.c
View File

@ -17,7 +17,7 @@
#include <openssl/dsa.h> #include <openssl/dsa.h>
#include <openssl/ec.h> #include <openssl/ec.h>
#include "internal/evp_int.h" #include "crypto/evp.h"
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length) long length)

2
crypto/openssl/crypto/asn1/f_int.c
View File

@ -8,7 +8,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>

2
crypto/openssl/crypto/asn1/f_string.c
View File

@ -8,7 +8,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include "internal/ctype.h" #include "crypto/ctype.h"
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>

4
crypto/openssl/crypto/asn1/i2d_pr.c
View File

@ -11,8 +11,8 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "internal/evp_int.h" #include "crypto/evp.h"
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
{ {

2
crypto/openssl/crypto/asn1/p8_pkey.c
View File

@ -11,7 +11,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include "internal/x509_int.h" #include "crypto/x509.h"
/* Minor tweak to operation: zero private key data */ /* Minor tweak to operation: zero private key data */
static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

2
crypto/openssl/crypto/asn1/t_pkey.c
View File

@ -11,7 +11,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include "internal/bn_int.h" #include "crypto/bn.h"
/* Number of octets per line */ /* Number of octets per line */
#define ASN1_BUF_PRINT_WIDTH 15 #define ASN1_BUF_PRINT_WIDTH 15

2
crypto/openssl/crypto/asn1/tasn_dec.c
View File

@ -15,7 +15,7 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "internal/numbers.h" #include "internal/numbers.h"
#include "asn1_locl.h" #include "asn1_local.h"
/* /*

4
crypto/openssl/crypto/asn1/tasn_enc.c
View File

@ -13,8 +13,8 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "asn1_locl.h" #include "asn1_local.h"
static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass); const ASN1_ITEM *it, int tag, int aclass);

2
crypto/openssl/crypto/asn1/tasn_fre.c
View File

@ -11,7 +11,7 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* Free up an ASN1 structure */ /* Free up an ASN1 structure */

2
crypto/openssl/crypto/asn1/tasn_new.c
View File

@ -13,7 +13,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <string.h> #include <string.h>
#include "asn1_locl.h" #include "asn1_local.h"
static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed); int embed);

4
crypto/openssl/crypto/asn1/tasn_prn.c
View File

@ -15,8 +15,8 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "internal/asn1_int.h" #include "crypto/asn1.h"
#include "asn1_locl.h" #include "asn1_local.h"
/* /*
* Print routines. * Print routines.

2
crypto/openssl/crypto/asn1/tasn_scn.c
View File

@ -15,7 +15,7 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* /*
* General ASN1 structure recursive scanner: iterate through all fields * General ASN1 structure recursive scanner: iterate through all fields

2
crypto/openssl/crypto/asn1/tasn_utl.c
View File

@ -15,7 +15,7 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* Utility functions for manipulating fields and offsets */ /* Utility functions for manipulating fields and offsets */

2
crypto/openssl/crypto/asn1/x_algor.c
View File

@ -11,7 +11,7 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "internal/evp_int.h" #include "crypto/evp.h"
ASN1_SEQUENCE(X509_ALGOR) = { ASN1_SEQUENCE(X509_ALGOR) = {
ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),

6
crypto/openssl/crypto/asn1/x_bignum.c
View File

@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{ {
if (!*pval) if (*pval == NULL)
return; return;
if (it->size & BN_SENSITIVE) if (it->size & BN_SENSITIVE)
BN_clear_free((BIGNUM *)*pval); BN_clear_free((BIGNUM *)*pval);
@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
{ {
BIGNUM *bn; BIGNUM *bn;
int pad; int pad;
if (!*pval) if (*pval == NULL)
return -1; return -1;
bn = (BIGNUM *)*pval; bn = (BIGNUM *)*pval;
/* If MSB set in an octet we need a padding byte */ /* If MSB set in an octet we need a padding byte */
@ -133,7 +133,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int ret; int ret;
BIGNUM *bn; BIGNUM *bn;
if (!*pval && !bn_secure_new(pval, it)) if (*pval == NULL && !bn_secure_new(pval, it))
return 0; return 0;
ret = bn_c2i(pval, cont, len, utype, free_cont, it); ret = bn_c2i(pval, cont, len, utype, free_cont, it);

2
crypto/openssl/crypto/asn1/x_int64.c
View File

@ -12,7 +12,7 @@
#include "internal/numbers.h" #include "internal/numbers.h"
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include "asn1_locl.h" #include "asn1_local.h"
/* /*
* Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.

2
crypto/openssl/crypto/asn1/x_sig.c
View File

@ -11,7 +11,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include "internal/x509_int.h" #include "crypto/x509.h"
ASN1_SEQUENCE(X509_SIG) = { ASN1_SEQUENCE(X509_SIG) = {
ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),

2
crypto/openssl/crypto/async/arch/async_null.c
View File

@ -8,7 +8,7 @@
*/ */
/* This must be the first #include file */ /* This must be the first #include file */
#include "../async_locl.h" #include "../async_local.h"
#ifdef ASYNC_NULL #ifdef ASYNC_NULL
int ASYNC_is_capable(void) int ASYNC_is_capable(void)

2
crypto/openssl/crypto/async/arch/async_posix.c
View File

@ -8,7 +8,7 @@
*/ */
/* This must be the first #include file */ /* This must be the first #include file */
#include "../async_locl.h" #include "../async_local.h"
#ifdef ASYNC_POSIX #ifdef ASYNC_POSIX

6
crypto/openssl/crypto/async/arch/async_posix.h
View File

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H #ifndef OSSL_CRYPTO_ASYNC_POSIX_H
#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H #define OSSL_CRYPTO_ASYNC_POSIX_H
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#if defined(OPENSSL_SYS_UNIX) \ #if defined(OPENSSL_SYS_UNIX) \
@ -55,4 +55,4 @@ void async_fibre_free(async_fibre *fibre);
# endif # endif
#endif #endif
#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ #endif /* OSSL_CRYPTO_ASYNC_POSIX_H */

Some files were not shown because too many files have changed in this diff Show More