Merge OpenSSL 1.0.2m.
This commit is contained in:
commit
47902a71f3
@ -2,6 +2,44 @@
|
|||||||
OpenSSL CHANGES
|
OpenSSL CHANGES
|
||||||
_______________
|
_______________
|
||||||
|
|
||||||
|
This is a high-level summary of the most important changes.
|
||||||
|
For a full list of changes, see the git commit log; for example,
|
||||||
|
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||||
|
release branch.
|
||||||
|
|
||||||
|
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
|
||||||
|
|
||||||
|
*) bn_sqrx8x_internal carry bug on x86_64
|
||||||
|
|
||||||
|
There is a carry propagating bug in the x86_64 Montgomery squaring
|
||||||
|
procedure. No EC algorithms are affected. Analysis suggests that attacks
|
||||||
|
against RSA and DSA as a result of this defect would be very difficult to
|
||||||
|
perform and are not believed likely. Attacks against DH are considered just
|
||||||
|
feasible (although very difficult) because most of the work necessary to
|
||||||
|
deduce information about a private key may be performed offline. The amount
|
||||||
|
of resources required for such an attack would be very significant and
|
||||||
|
likely only accessible to a limited number of attackers. An attacker would
|
||||||
|
additionally need online access to an unpatched system using the target
|
||||||
|
private key in a scenario with persistent DH parameters and a private
|
||||||
|
key that is shared between multiple clients.
|
||||||
|
|
||||||
|
This only affects processors that support the BMI1, BMI2 and ADX extensions
|
||||||
|
like Intel Broadwell (5th generation) and later or AMD Ryzen.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL by the OSS-Fuzz project.
|
||||||
|
(CVE-2017-3736)
|
||||||
|
[Andy Polyakov]
|
||||||
|
|
||||||
|
*) Malformed X.509 IPAddressFamily could cause OOB read
|
||||||
|
|
||||||
|
If an X.509 certificate has a malformed IPAddressFamily extension,
|
||||||
|
OpenSSL could do a one-byte buffer overread. The most likely result
|
||||||
|
would be an erroneous display of the certificate in text format.
|
||||||
|
|
||||||
|
This issue was reported to OpenSSL by the OSS-Fuzz project.
|
||||||
|
(CVE-2017-3735)
|
||||||
|
[Rich Salz]
|
||||||
|
|
||||||
Changes between 1.0.2k and 1.0.2l [25 May 2017]
|
Changes between 1.0.2k and 1.0.2l [25 May 2017]
|
||||||
|
|
||||||
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
|
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
|
||||||
|
@ -190,10 +190,8 @@
|
|||||||
the failure that isn't a problem in OpenSSL itself (like a missing
|
the failure that isn't a problem in OpenSSL itself (like a missing
|
||||||
or malfunctioning bc). If it is a problem with OpenSSL itself,
|
or malfunctioning bc). If it is a problem with OpenSSL itself,
|
||||||
try removing any compiler optimization flags from the CFLAG line
|
try removing any compiler optimization flags from the CFLAG line
|
||||||
in Makefile.ssl and run "make clean; make". Please send a bug
|
in Makefile.ssl and run "make clean; make". To report a bug please open an
|
||||||
report to <openssl-bugs@openssl.org>, including the output of
|
issue on GitHub, at https://github.com/openssl/openssl/issues.
|
||||||
"make report" in order to be added to the request tracker at
|
|
||||||
http://www.openssl.org/support/rt.html.
|
|
||||||
|
|
||||||
4. If everything tests ok, install OpenSSL with
|
4. If everything tests ok, install OpenSSL with
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
## Makefile for OpenSSL
|
## Makefile for OpenSSL
|
||||||
##
|
##
|
||||||
|
|
||||||
VERSION=1.0.2l
|
VERSION=1.0.2m
|
||||||
MAJOR=1
|
MAJOR=1
|
||||||
MINOR=0.2
|
MINOR=0.2
|
||||||
SHLIB_VERSION_NUMBER=1.0.0
|
SHLIB_VERSION_NUMBER=1.0.0
|
||||||
|
@ -5,6 +5,11 @@
|
|||||||
This file gives a brief overview of the major changes between each OpenSSL
|
This file gives a brief overview of the major changes between each OpenSSL
|
||||||
release. For more details please read the CHANGES file.
|
release. For more details please read the CHANGES file.
|
||||||
|
|
||||||
|
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
|
||||||
|
|
||||||
|
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
|
||||||
|
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
|
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
|
||||||
|
|
||||||
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
|
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
OpenSSL 1.0.2l 25 May 2017
|
OpenSSL 1.0.2m 2 Nov 2017
|
||||||
|
|
||||||
Copyright (c) 1998-2015 The OpenSSL Project
|
Copyright (c) 1998-2015 The OpenSSL Project
|
||||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||||
|
@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
|
|||||||
/* Lets add the extensions, if there are any */
|
/* Lets add the extensions, if there are any */
|
||||||
if (ext_sect) {
|
if (ext_sect) {
|
||||||
X509V3_CTX ctx;
|
X509V3_CTX ctx;
|
||||||
if (ci->version == NULL)
|
|
||||||
if ((ci->version = ASN1_INTEGER_new()) == NULL)
|
|
||||||
goto err;
|
|
||||||
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Free the current entries if any, there should not be any I believe
|
* Free the current entries if any, there should not be any I believe
|
||||||
@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
STACK_OF(X509_EXTENSION) *exts = ci->extensions;
|
||||||
|
|
||||||
|
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
|
||||||
|
/* Make it an X509 v3 certificate. */
|
||||||
|
if (!X509_set_version(ret, 2))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
/* Set the right value for the noemailDN option */
|
/* Set the right value for the noemailDN option */
|
||||||
if (email_dn == 0) {
|
if (email_dn == 0) {
|
||||||
if (!X509_set_subject_name(ret, dn_subject))
|
if (!X509_set_subject_name(ret, dn_subject))
|
||||||
|
@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv)
|
|||||||
if (strstr(mbuf, "/stream:features>"))
|
if (strstr(mbuf, "/stream:features>"))
|
||||||
goto shut;
|
goto shut;
|
||||||
seen = BIO_read(sbio, mbuf, BUFSIZZ);
|
seen = BIO_read(sbio, mbuf, BUFSIZZ);
|
||||||
|
if (seen <= 0)
|
||||||
|
goto shut;
|
||||||
mbuf[seen] = 0;
|
mbuf[seen] = 0;
|
||||||
}
|
}
|
||||||
BIO_printf(sbio,
|
BIO_printf(sbio,
|
||||||
|
@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
|
|||||||
PEM_write_bio_X509(io, peer);
|
PEM_write_bio_X509(io, peer);
|
||||||
} else
|
} else
|
||||||
BIO_puts(io, "no client certificate available\n");
|
BIO_puts(io, "no client certificate available\n");
|
||||||
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
|
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
|
||||||
break;
|
break;
|
||||||
} else if ((www == 2 || www == 3)
|
} else if ((www == 2 || www == 3)
|
||||||
&& (strncmp("GET /", buf, 5) == 0)) {
|
&& (strncmp("GET /", buf, 5) == 0)) {
|
||||||
|
@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
|
|||||||
# if !defined(SIGALRM)
|
# if !defined(SIGALRM)
|
||||||
# define SIGALRM
|
# define SIGALRM
|
||||||
# endif
|
# endif
|
||||||
static unsigned int lapse, schlock;
|
static volatile unsigned int lapse;
|
||||||
|
static volatile unsigned int schlock;
|
||||||
static void alarm_win32(unsigned int secs)
|
static void alarm_win32(unsigned int secs)
|
||||||
{
|
{
|
||||||
lapse = secs * 1000;
|
lapse = secs * 1000;
|
||||||
@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err, "no EVP given\n");
|
BIO_printf(bio_err, "no EVP given\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
evp_md = NULL;
|
||||||
evp_cipher = EVP_get_cipherbyname(*argv);
|
evp_cipher = EVP_get_cipherbyname(*argv);
|
||||||
if (!evp_cipher) {
|
if (!evp_cipher) {
|
||||||
evp_md = EVP_get_digestbyname(*argv);
|
evp_md = EVP_get_digestbyname(*argv);
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
|
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
|
||||||
*/
|
*/
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
e = setup_engine(bio_err, engine, 0);
|
e = setup_engine(bio_err, engine, 0);
|
||||||
|
|
||||||
if (keyfile) {
|
if (keyfile != NULL) {
|
||||||
pkey = load_key(bio_err,
|
pkey = load_key(bio_err,
|
||||||
strcmp(keyfile, "-") ? keyfile : NULL,
|
strcmp(keyfile, "-") ? keyfile : NULL,
|
||||||
FORMAT_PEM, 1, passin, e, "private key");
|
FORMAT_PEM, 1, passin, e, "private key");
|
||||||
if (!pkey) {
|
if (pkey == NULL)
|
||||||
goto end;
|
goto end;
|
||||||
}
|
|
||||||
spki = NETSCAPE_SPKI_new();
|
spki = NETSCAPE_SPKI_new();
|
||||||
if (challenge)
|
if (spki == NULL)
|
||||||
|
goto end;
|
||||||
|
if (challenge != NULL)
|
||||||
ASN1_STRING_set(spki->spkac->challenge,
|
ASN1_STRING_set(spki->spkac->challenge,
|
||||||
challenge, (int)strlen(challenge));
|
challenge, (int)strlen(challenge));
|
||||||
NETSCAPE_SPKI_set_pubkey(spki, pkey);
|
NETSCAPE_SPKI_set_pubkey(spki, pkey);
|
||||||
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
|
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
|
||||||
spkstr = NETSCAPE_SPKI_b64_encode(spki);
|
spkstr = NETSCAPE_SPKI_b64_encode(spki);
|
||||||
|
if (spkstr == NULL)
|
||||||
|
goto end;
|
||||||
|
|
||||||
if (outfile)
|
if (outfile)
|
||||||
out = BIO_new_file(outfile, "w");
|
out = BIO_new_file(outfile, "w");
|
||||||
@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
|
|||||||
|
|
||||||
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
|
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
|
||||||
|
|
||||||
if (!spki) {
|
if (spki == NULL) {
|
||||||
BIO_printf(bio_err, "Error loading SPKAC\n");
|
BIO_printf(bio_err, "Error loading SPKAC\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
|
|||||||
pkey = NETSCAPE_SPKI_get_pubkey(spki);
|
pkey = NETSCAPE_SPKI_get_pubkey(spki);
|
||||||
if (verify) {
|
if (verify) {
|
||||||
i = NETSCAPE_SPKI_verify(spki, pkey);
|
i = NETSCAPE_SPKI_verify(spki, pkey);
|
||||||
if (i > 0)
|
if (i > 0) {
|
||||||
BIO_printf(bio_err, "Signature OK\n");
|
BIO_printf(bio_err, "Signature OK\n");
|
||||||
else {
|
} else {
|
||||||
BIO_printf(bio_err, "Signature Failure\n");
|
BIO_printf(bio_err, "Signature Failure\n");
|
||||||
ERR_print_errors(bio_err);
|
ERR_print_errors(bio_err);
|
||||||
goto end;
|
goto end;
|
||||||
|
@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
|
|||||||
int i;
|
int i;
|
||||||
if (id == NULL)
|
if (id == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
if (type == DB_SRP_INDEX)
|
if (type == DB_SRP_INDEX) {
|
||||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||||
if (pp[DB_srptype][0] == DB_SRP_INDEX
|
if (pp[DB_srptype][0] == DB_SRP_INDEX
|
||||||
&& !strcmp(id, pp[DB_srpid]))
|
&& !strcmp(id, pp[DB_srpid]))
|
||||||
return i;
|
return i;
|
||||||
} else
|
}
|
||||||
|
} else {
|
||||||
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
||||||
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
||||||
|
|
||||||
@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
|
|||||||
&& !strcmp(id, pp[DB_srpid]))
|
&& !strcmp(id, pp[DB_srpid]))
|
||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
|
|||||||
char **irow;
|
char **irow;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if ((irow =
|
irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
|
||||||
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
|
if (irow == NULL) {
|
||||||
BIO_printf(bio_err, "Memory allocation failure\n");
|
BIO_printf(bio_err, "Memory allocation failure\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
|
|||||||
char *srp_usersalt, const char *g, const char *N,
|
char *srp_usersalt, const char *g, const char *N,
|
||||||
const char *passin, BIO *bio, int verbose)
|
const char *passin, BIO *bio, int verbose)
|
||||||
{
|
{
|
||||||
char password[1024];
|
char password[1025];
|
||||||
PW_CB_DATA cb_tmp;
|
PW_CB_DATA cb_tmp;
|
||||||
char *verifier = NULL;
|
char *verifier = NULL;
|
||||||
char *gNid = NULL;
|
char *gNid = NULL;
|
||||||
|
int len;
|
||||||
|
|
||||||
cb_tmp.prompt_info = user;
|
cb_tmp.prompt_info = user;
|
||||||
cb_tmp.password = passin;
|
cb_tmp.password = passin;
|
||||||
|
|
||||||
if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
|
len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
|
||||||
|
if (len > 0) {
|
||||||
|
password[len] = 0;
|
||||||
VERBOSE BIO_printf(bio,
|
VERBOSE BIO_printf(bio,
|
||||||
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
||||||
user, srp_verifier, srp_usersalt, g, N);
|
user, srp_verifier, srp_usersalt, g, N);
|
||||||
BIO_printf(bio, "Pass %s\n", password);
|
VVERBOSE BIO_printf(bio, "Pass %s\n", password);
|
||||||
|
|
||||||
if (!
|
if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
|
||||||
(gNid =
|
&verifier, N, g))) {
|
||||||
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
|
|
||||||
g))) {
|
|
||||||
BIO_printf(bio, "Internal error validating SRP verifier\n");
|
BIO_printf(bio, "Internal error validating SRP verifier\n");
|
||||||
} else {
|
} else {
|
||||||
if (strcmp(verifier, srp_verifier))
|
if (strcmp(verifier, srp_verifier))
|
||||||
gNid = NULL;
|
gNid = NULL;
|
||||||
OPENSSL_free(verifier);
|
OPENSSL_free(verifier);
|
||||||
}
|
}
|
||||||
|
OPENSSL_cleanse(password, len);
|
||||||
}
|
}
|
||||||
return gNid;
|
return gNid;
|
||||||
}
|
}
|
||||||
@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
|
|||||||
char **srp_usersalt, char *g, char *N,
|
char **srp_usersalt, char *g, char *N,
|
||||||
char *passout, BIO *bio, int verbose)
|
char *passout, BIO *bio, int verbose)
|
||||||
{
|
{
|
||||||
char password[1024];
|
char password[1025];
|
||||||
PW_CB_DATA cb_tmp;
|
PW_CB_DATA cb_tmp;
|
||||||
char *gNid = NULL;
|
char *gNid = NULL;
|
||||||
char *salt = NULL;
|
char *salt = NULL;
|
||||||
|
int len;
|
||||||
cb_tmp.prompt_info = user;
|
cb_tmp.prompt_info = user;
|
||||||
cb_tmp.password = passout;
|
cb_tmp.password = passout;
|
||||||
|
|
||||||
if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
|
len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
|
||||||
|
if (len > 0) {
|
||||||
|
password[len] = 0;
|
||||||
VERBOSE BIO_printf(bio,
|
VERBOSE BIO_printf(bio,
|
||||||
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
||||||
user, g, N);
|
user, g, N);
|
||||||
if (!
|
if (!(gNid = SRP_create_verifier(user, password, &salt,
|
||||||
(gNid =
|
srp_verifier, N, g))) {
|
||||||
SRP_create_verifier(user, password, &salt, srp_verifier, N,
|
|
||||||
g))) {
|
|
||||||
BIO_printf(bio, "Internal error creating SRP verifier\n");
|
BIO_printf(bio, "Internal error creating SRP verifier\n");
|
||||||
} else
|
} else {
|
||||||
*srp_usersalt = salt;
|
*srp_usersalt = salt;
|
||||||
|
}
|
||||||
|
OPENSSL_cleanse(password, len);
|
||||||
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
|
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
|
||||||
gNid, salt, *srp_verifier);
|
gNid, salt, *srp_verifier);
|
||||||
|
|
||||||
@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
|
|||||||
argc--;
|
argc--;
|
||||||
argv++;
|
argv++;
|
||||||
while (argc >= 1 && badops == 0) {
|
while (argc >= 1 && badops == 0) {
|
||||||
if (strcmp(*argv, "-verbose") == 0)
|
if (strcmp(*argv, "-verbose") == 0) {
|
||||||
verbose++;
|
verbose++;
|
||||||
else if (strcmp(*argv, "-config") == 0) {
|
} else if (strcmp(*argv, "-config") == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
configfile = *(++argv);
|
configfile = *(++argv);
|
||||||
@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
|
|||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
dbfile = *(++argv);
|
dbfile = *(++argv);
|
||||||
} else if (strcmp(*argv, "-add") == 0)
|
} else if (strcmp(*argv, "-add") == 0) {
|
||||||
add_user = 1;
|
add_user = 1;
|
||||||
else if (strcmp(*argv, "-delete") == 0)
|
} else if (strcmp(*argv, "-delete") == 0) {
|
||||||
delete_user = 1;
|
delete_user = 1;
|
||||||
else if (strcmp(*argv, "-modify") == 0)
|
} else if (strcmp(*argv, "-modify") == 0) {
|
||||||
modify_user = 1;
|
modify_user = 1;
|
||||||
else if (strcmp(*argv, "-list") == 0)
|
} else if (strcmp(*argv, "-list") == 0) {
|
||||||
list_user = 1;
|
list_user = 1;
|
||||||
else if (strcmp(*argv, "-gn") == 0) {
|
} else if (strcmp(*argv, "-gn") == 0) {
|
||||||
if (--argc < 1)
|
if (--argc < 1)
|
||||||
goto bad;
|
goto bad;
|
||||||
gN = *(++argv);
|
gN = *(++argv);
|
||||||
@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
|
|||||||
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
BIO_printf(bio_err, "unknown option %s\n", *argv);
|
||||||
badops = 1;
|
badops = 1;
|
||||||
break;
|
break;
|
||||||
} else
|
} else {
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
argc--;
|
argc--;
|
||||||
argv++;
|
argv++;
|
||||||
@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
|
|||||||
"Need at least one user for options -add, -delete, -modify. \n");
|
"Need at least one user for options -add, -delete, -modify. \n");
|
||||||
badops = 1;
|
badops = 1;
|
||||||
}
|
}
|
||||||
if ((passin || passout) && argc != 1) {
|
if ((passargin || passargout) && argc != 1) {
|
||||||
BIO_printf(bio_err,
|
BIO_printf(bio_err,
|
||||||
"-passin, -passout arguments only valid with one user.\n");
|
"-passin, -passout arguments only valid with one user.\n");
|
||||||
badops = 1;
|
badops = 1;
|
||||||
@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
|
|||||||
doupdatedb = 1;
|
doupdatedb = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (--argc > 0)
|
if (--argc > 0) {
|
||||||
user = *(argv++);
|
user = *(argv++);
|
||||||
else {
|
} else {
|
||||||
user = NULL;
|
user = NULL;
|
||||||
list_user = 0;
|
list_user = 0;
|
||||||
}
|
}
|
||||||
|
@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
|
|||||||
STDERR->printflush(", $output written.\n") if $options{v};
|
STDERR->printflush(", $output written.\n") if $options{v};
|
||||||
}
|
}
|
||||||
$curl->cleanup();
|
$curl->cleanup();
|
||||||
WWW::Curl::Easy::global_cleanup();
|
|
||||||
|
@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
|
|||||||
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||||
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
|
tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
|
||||||
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
|
||||||
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
|
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
|
||||||
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
|
||||||
@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
|
|||||||
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
|
||||||
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
|
||||||
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
|
||||||
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
|
tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
|
||||||
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
|
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
|
||||||
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
|
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
|
||||||
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
|
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
|
||||||
|
@ -56,6 +56,7 @@
|
|||||||
* [including the GNU Public Licence.]
|
* [including the GNU Public Licence.]
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <limits.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "cryptlib.h"
|
#include "cryptlib.h"
|
||||||
#include <openssl/asn1.h>
|
#include <openssl/asn1.h>
|
||||||
@ -136,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (len > INT_MAX) {
|
||||||
|
i = ASN1_R_STRING_TOO_LONG;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
if ((a == NULL) || ((*a) == NULL)) {
|
if ((a == NULL) || ((*a) == NULL)) {
|
||||||
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
|
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
|
||||||
return (NULL);
|
return (NULL);
|
||||||
|
63
crypto/openssl/crypto/asn1/asn1_int.h
Normal file
63
crypto/openssl/crypto/asn1/asn1_int.h
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
/* asn1t.h */
|
||||||
|
/*
|
||||||
|
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
|
||||||
|
* 2006.
|
||||||
|
*/
|
||||||
|
/* ====================================================================
|
||||||
|
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in
|
||||||
|
* the documentation and/or other materials provided with the
|
||||||
|
* distribution.
|
||||||
|
*
|
||||||
|
* 3. All advertising materials mentioning features or use of this
|
||||||
|
* software must display the following acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||||
|
* endorse or promote products derived from this software without
|
||||||
|
* prior written permission. For written permission, please contact
|
||||||
|
* licensing@OpenSSL.org.
|
||||||
|
*
|
||||||
|
* 5. Products derived from this software may not be called "OpenSSL"
|
||||||
|
* nor may "OpenSSL" appear in their names without prior written
|
||||||
|
* permission of the OpenSSL Project.
|
||||||
|
*
|
||||||
|
* 6. Redistributions of any form whatsoever must retain the following
|
||||||
|
* acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||||
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||||
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This product includes cryptographic software written by Eric Young
|
||||||
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
||||||
|
* Hudson (tjh@cryptsoft.com).
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Internal ASN1 template structures and functions: not for application use */
|
||||||
|
|
||||||
|
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||||
|
int combine);
|
@ -61,9 +61,7 @@
|
|||||||
#include <openssl/asn1.h>
|
#include <openssl/asn1.h>
|
||||||
#include <openssl/asn1t.h>
|
#include <openssl/asn1t.h>
|
||||||
#include <openssl/objects.h>
|
#include <openssl/objects.h>
|
||||||
|
#include "asn1_int.h"
|
||||||
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
||||||
int combine);
|
|
||||||
|
|
||||||
/* Free up an ASN1 structure */
|
/* Free up an ASN1 structure */
|
||||||
|
|
||||||
@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
|||||||
asn1_item_combine_free(pval, it, 0);
|
asn1_item_combine_free(pval, it, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
||||||
int combine)
|
|
||||||
{
|
{
|
||||||
const ASN1_TEMPLATE *tt = NULL, *seqtt;
|
const ASN1_TEMPLATE *tt = NULL, *seqtt;
|
||||||
const ASN1_EXTERN_FUNCS *ef;
|
const ASN1_EXTERN_FUNCS *ef;
|
||||||
|
@ -63,6 +63,7 @@
|
|||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/asn1t.h>
|
#include <openssl/asn1t.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include "asn1_int.h"
|
||||||
|
|
||||||
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||||
int combine);
|
int combine);
|
||||||
@ -199,7 +200,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
memerr2:
|
memerr2:
|
||||||
ASN1_item_ex_free(pval, it);
|
asn1_item_combine_free(pval, it, combine);
|
||||||
memerr:
|
memerr:
|
||||||
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
|
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
@ -209,7 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
auxerr2:
|
auxerr2:
|
||||||
ASN1_item_ex_free(pval, it);
|
asn1_item_combine_free(pval, it, combine);
|
||||||
auxerr:
|
auxerr:
|
||||||
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
|
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
|
||||||
#ifdef CRYPTO_MDEBUG
|
#ifdef CRYPTO_MDEBUG
|
||||||
|
@ -523,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
|
|||||||
|
|
||||||
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
|
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
|
||||||
{
|
{
|
||||||
X509_NAME *in;
|
if ((name = X509_NAME_dup(name)) == NULL)
|
||||||
|
return 0;
|
||||||
if (!xn || !name)
|
X509_NAME_free(*xn);
|
||||||
return (0);
|
*xn = name;
|
||||||
|
return 1;
|
||||||
if (*xn != name) {
|
|
||||||
in = X509_NAME_dup(name);
|
|
||||||
if (in != NULL) {
|
|
||||||
X509_NAME_free(*xn);
|
|
||||||
*xn = in;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return (*xn != NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
|
IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
|
||||||
|
@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
|
|||||||
X509_PKEY *ret = NULL;
|
X509_PKEY *ret = NULL;
|
||||||
ASN1_CTX c;
|
ASN1_CTX c;
|
||||||
|
|
||||||
M_ASN1_New_Malloc(ret, X509_PKEY);
|
ret = OPENSSL_malloc(sizeof(X509_PKEY));
|
||||||
|
if (ret == NULL) {
|
||||||
|
c.line = __LINE__;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
ret->version = 0;
|
ret->version = 0;
|
||||||
M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
|
ret->enc_algor = X509_ALGOR_new();
|
||||||
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
|
ret->enc_pkey = M_ASN1_OCTET_STRING_new();
|
||||||
ret->dec_pkey = NULL;
|
ret->dec_pkey = NULL;
|
||||||
ret->key_length = 0;
|
ret->key_length = 0;
|
||||||
ret->key_data = NULL;
|
ret->key_data = NULL;
|
||||||
@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
|
|||||||
ret->cipher.cipher = NULL;
|
ret->cipher.cipher = NULL;
|
||||||
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
|
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
|
||||||
ret->references = 1;
|
ret->references = 1;
|
||||||
return (ret);
|
if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
|
||||||
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
|
c.line = __LINE__;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
err:
|
||||||
|
X509_PKEY_free(ret);
|
||||||
|
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
void X509_PKEY_free(X509_PKEY *x)
|
void X509_PKEY_free(X509_PKEY *x)
|
||||||
|
@ -3090,11 +3090,19 @@ $code.=<<___;
|
|||||||
|
|
||||||
.align 32
|
.align 32
|
||||||
.Lsqrx8x_break:
|
.Lsqrx8x_break:
|
||||||
sub 16+8(%rsp),%r8 # consume last carry
|
xor $zero,$zero
|
||||||
|
sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
|
||||||
|
adcx $zero,%r8
|
||||||
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
|
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
|
||||||
|
adcx $zero,%r9
|
||||||
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
|
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
|
||||||
xor %ebp,%ebp # xor $zero,$zero
|
adc \$0,%r10
|
||||||
mov %r8,0*8($tptr)
|
mov %r8,0*8($tptr)
|
||||||
|
adc \$0,%r11
|
||||||
|
adc \$0,%r12
|
||||||
|
adc \$0,%r13
|
||||||
|
adc \$0,%r14
|
||||||
|
adc \$0,%r15
|
||||||
cmp $carry,$tptr # cf=0, of=0
|
cmp $carry,$tptr # cf=0, of=0
|
||||||
je .Lsqrx8x_outer_loop
|
je .Lsqrx8x_outer_loop
|
||||||
|
|
||||||
|
@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
|||||||
int i, bits, ret = 0;
|
int i, bits, ret = 0;
|
||||||
BIGNUM *v, *rr;
|
BIGNUM *v, *rr;
|
||||||
|
|
||||||
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
|
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
|
||||||
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
||||||
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||||
return -1;
|
return -1;
|
||||||
@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
|
|||||||
if (BN_is_odd(m)) {
|
if (BN_is_odd(m)) {
|
||||||
# ifdef MONT_EXP_WORD
|
# ifdef MONT_EXP_WORD
|
||||||
if (a->top == 1 && !a->neg
|
if (a->top == 1 && !a->neg
|
||||||
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
|
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
|
||||||
|
&& (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
|
||||||
|
&& (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
|
||||||
BN_ULONG A = a->d[0];
|
BN_ULONG A = a->d[0];
|
||||||
ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
|
ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
|
||||||
} else
|
} else
|
||||||
@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|||||||
BIGNUM *val[TABLE_SIZE];
|
BIGNUM *val[TABLE_SIZE];
|
||||||
BN_RECP_CTX recp;
|
BN_RECP_CTX recp;
|
||||||
|
|
||||||
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
|
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
|
||||||
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
||||||
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||||
return -1;
|
return -1;
|
||||||
@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||||||
BIGNUM *val[TABLE_SIZE];
|
BIGNUM *val[TABLE_SIZE];
|
||||||
BN_MONT_CTX *mont = NULL;
|
BN_MONT_CTX *mont = NULL;
|
||||||
|
|
||||||
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
|
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
|
||||||
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
|
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|
|||||||
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
|
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
|
||||||
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
|
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
|
||||||
|
|
||||||
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
|
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
|
||||||
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
||||||
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||||
return -1;
|
return -1;
|
||||||
@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|||||||
/* Table of variables obtained from 'ctx' */
|
/* Table of variables obtained from 'ctx' */
|
||||||
BIGNUM *val[TABLE_SIZE];
|
BIGNUM *val[TABLE_SIZE];
|
||||||
|
|
||||||
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
|
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|
||||||
|
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
|
||||||
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
|
||||||
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
|
|||||||
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
|
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
|
||||||
|
BN_set_flags(a, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
a->top = b->top;
|
a->top = b->top;
|
||||||
a->neg = b->neg;
|
a->neg = b->neg;
|
||||||
bn_check_top(a);
|
bn_check_top(a);
|
||||||
|
@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
|
|||||||
tmod.dmax = 2;
|
tmod.dmax = 2;
|
||||||
tmod.neg = 0;
|
tmod.neg = 0;
|
||||||
|
|
||||||
|
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
|
||||||
|
BN_set_flags(&tmod, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
|
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
|
||||||
|
|
||||||
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
|
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
|
||||||
|
@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
|
|||||||
rr->top = top;
|
rr->top = top;
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
# if 0
|
|
||||||
if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
|
|
||||||
BIGNUM *tmp_bn = (BIGNUM *)b;
|
|
||||||
if (bn_wexpand(tmp_bn, al) == NULL)
|
|
||||||
goto err;
|
|
||||||
tmp_bn->d[bl] = 0;
|
|
||||||
bl++;
|
|
||||||
i--;
|
|
||||||
} else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
|
|
||||||
BIGNUM *tmp_bn = (BIGNUM *)a;
|
|
||||||
if (bn_wexpand(tmp_bn, bl) == NULL)
|
|
||||||
goto err;
|
|
||||||
tmp_bn->d[al] = 0;
|
|
||||||
al++;
|
|
||||||
i++;
|
|
||||||
}
|
|
||||||
if (i == 0) {
|
|
||||||
/* symmetric and > 4 */
|
|
||||||
/* 16 or larger */
|
|
||||||
j = BN_num_bits_word((BN_ULONG)al);
|
|
||||||
j = 1 << (j - 1);
|
|
||||||
k = j + j;
|
|
||||||
t = BN_CTX_get(ctx);
|
|
||||||
if (al == j) { /* exact multiple */
|
|
||||||
if (bn_wexpand(t, k * 2) == NULL)
|
|
||||||
goto err;
|
|
||||||
if (bn_wexpand(rr, k * 2) == NULL)
|
|
||||||
goto err;
|
|
||||||
bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
|
|
||||||
} else {
|
|
||||||
if (bn_wexpand(t, k * 4) == NULL)
|
|
||||||
goto err;
|
|
||||||
if (bn_wexpand(rr, k * 4) == NULL)
|
|
||||||
goto err;
|
|
||||||
bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
|
|
||||||
}
|
|
||||||
rr->top = top;
|
|
||||||
goto end;
|
|
||||||
}
|
|
||||||
# endif
|
|
||||||
}
|
}
|
||||||
#endif /* BN_RECURSION */
|
#endif /* BN_RECURSION */
|
||||||
if (bn_wexpand(rr, top) == NULL)
|
if (bn_wexpand(rr, top) == NULL)
|
||||||
|
@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
|
|||||||
|
|
||||||
BN_CTX_start(ctx);
|
BN_CTX_start(ctx);
|
||||||
t = BN_CTX_get(ctx);
|
t = BN_CTX_get(ctx);
|
||||||
|
if (t == NULL)
|
||||||
|
goto err;
|
||||||
|
|
||||||
for (i = 0; i < 1000; i++) {
|
for (i = 0; i < 1000; i++) {
|
||||||
if (!BN_rand(Xq, nbits, 1, 0))
|
if (!BN_rand(Xq, nbits, 1, 0))
|
||||||
@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
BN_CTX_start(ctx);
|
BN_CTX_start(ctx);
|
||||||
if (!Xp1)
|
if (Xp1 == NULL)
|
||||||
Xp1 = BN_CTX_get(ctx);
|
Xp1 = BN_CTX_get(ctx);
|
||||||
if (!Xp2)
|
if (Xp2 == NULL)
|
||||||
Xp2 = BN_CTX_get(ctx);
|
Xp2 = BN_CTX_get(ctx);
|
||||||
|
if (Xp1 == NULL || Xp2 == NULL)
|
||||||
|
goto error;
|
||||||
|
|
||||||
if (!BN_rand(Xp1, 101, 0, 0))
|
if (!BN_rand(Xp1, 101, 0, 0))
|
||||||
goto error;
|
goto error;
|
||||||
|
@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
|
||||||
|
#endif
|
||||||
|
|
||||||
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
|
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
|
||||||
{
|
{
|
||||||
if (threadid_callback)
|
if (threadid_callback)
|
||||||
return 0;
|
return 0;
|
||||||
threadid_callback = func;
|
threadid_callback = func;
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
FIPS_crypto_threadid_set_callback(func);
|
||||||
|
#endif
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
|
|||||||
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
|
||||||
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
|
||||||
dh_gen.o: ../cryptlib.h dh_gen.c
|
dh_gen.o: ../cryptlib.h dh_gen.c
|
||||||
dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
||||||
dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
|
dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
|
||||||
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
|
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
|
||||||
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
|
||||||
|
@ -257,11 +257,13 @@ DH *DH_get_1024_160(void);
|
|||||||
DH *DH_get_2048_224(void);
|
DH *DH_get_2048_224(void);
|
||||||
DH *DH_get_2048_256(void);
|
DH *DH_get_2048_256(void);
|
||||||
|
|
||||||
|
# ifndef OPENSSL_NO_CMS
|
||||||
/* RFC2631 KDF */
|
/* RFC2631 KDF */
|
||||||
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
|
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
|
||||||
const unsigned char *Z, size_t Zlen,
|
const unsigned char *Z, size_t Zlen,
|
||||||
ASN1_OBJECT *key_oid,
|
ASN1_OBJECT *key_oid,
|
||||||
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
|
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
|
||||||
|
# endif
|
||||||
|
|
||||||
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
|
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
|
||||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
|
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
|
||||||
|
@ -51,6 +51,9 @@
|
|||||||
* ====================================================================
|
* ====================================================================
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <e_os.h>
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_CMS
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
|
|||||||
EVP_MD_CTX_cleanup(&mctx);
|
EVP_MD_CTX_cleanup(&mctx);
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
|||||||
case EVP_PKEY_CTRL_DH_KDF_TYPE:
|
case EVP_PKEY_CTRL_DH_KDF_TYPE:
|
||||||
if (p1 == -2)
|
if (p1 == -2)
|
||||||
return dctx->kdf_type;
|
return dctx->kdf_type;
|
||||||
|
#ifdef OPENSSL_NO_CMS
|
||||||
|
if (p1 != EVP_PKEY_DH_KDF_NONE)
|
||||||
|
#else
|
||||||
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
|
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
|
||||||
|
#endif
|
||||||
return -2;
|
return -2;
|
||||||
dctx->kdf_type = p1;
|
dctx->kdf_type = p1;
|
||||||
return 1;
|
return 1;
|
||||||
@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
|
|||||||
return ret;
|
return ret;
|
||||||
*keylen = ret;
|
*keylen = ret;
|
||||||
return 1;
|
return 1;
|
||||||
} else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
|
}
|
||||||
|
#ifndef OPENSSL_NO_CMS
|
||||||
|
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
|
||||||
unsigned char *Z = NULL;
|
unsigned char *Z = NULL;
|
||||||
size_t Zlen = 0;
|
size_t Zlen = 0;
|
||||||
if (!dctx->kdf_outlen || !dctx->kdf_oid)
|
if (!dctx->kdf_outlen || !dctx->kdf_oid)
|
||||||
@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
|
|||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
|
|||||||
goto dsaerr;
|
goto dsaerr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
|
||||||
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
|
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
|
||||||
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
|
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
|
||||||
goto dsaerr;
|
goto dsaerr;
|
||||||
|
@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
|||||||
} else {
|
} else {
|
||||||
p = BN_CTX_get(ctx);
|
p = BN_CTX_get(ctx);
|
||||||
q = BN_CTX_get(ctx);
|
q = BN_CTX_get(ctx);
|
||||||
|
if (q == NULL)
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!BN_lshift(test, BN_value_one(), L - 1))
|
if (!BN_lshift(test, BN_value_one(), L - 1))
|
||||||
|
@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
{
|
{
|
||||||
BN_CTX *ctx;
|
BN_CTX *ctx;
|
||||||
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
|
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
|
||||||
|
BIGNUM l, m;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int q_bits;
|
||||||
|
|
||||||
if (!dsa->p || !dsa->q || !dsa->g) {
|
if (!dsa->p || !dsa->q || !dsa->g) {
|
||||||
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
|
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
|
||||||
@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
|
|
||||||
BN_init(&k);
|
BN_init(&k);
|
||||||
BN_init(&kq);
|
BN_init(&kq);
|
||||||
|
BN_init(&l);
|
||||||
|
BN_init(&m);
|
||||||
|
|
||||||
if (ctx_in == NULL) {
|
if (ctx_in == NULL) {
|
||||||
if ((ctx = BN_CTX_new()) == NULL)
|
if ((ctx = BN_CTX_new()) == NULL)
|
||||||
@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
if ((r = BN_new()) == NULL)
|
if ((r = BN_new()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
/* Preallocate space */
|
||||||
|
q_bits = BN_num_bits(dsa->q);
|
||||||
|
if (!BN_set_bit(&k, q_bits)
|
||||||
|
|| !BN_set_bit(&l, q_bits)
|
||||||
|
|| !BN_set_bit(&m, q_bits))
|
||||||
|
goto err;
|
||||||
|
|
||||||
/* Get random k */
|
/* Get random k */
|
||||||
do
|
do
|
||||||
if (!BN_rand_range(&k, dsa->q))
|
if (!BN_rand_range(&k, dsa->q))
|
||||||
@ -263,25 +274,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
/* Compute r = (g^k mod p) mod q */
|
/* Compute r = (g^k mod p) mod q */
|
||||||
|
|
||||||
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
|
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
|
||||||
if (!BN_copy(&kq, &k))
|
/*
|
||||||
|
* We do not want timing information to leak the length of k, so we
|
||||||
|
* compute G^k using an equivalent scalar of fixed bit-length.
|
||||||
|
*
|
||||||
|
* We unconditionally perform both of these additions to prevent a
|
||||||
|
* small timing information leakage. We then choose the sum that is
|
||||||
|
* one bit longer than the modulus.
|
||||||
|
*
|
||||||
|
* TODO: revisit the BN_copy aiming for a memory access agnostic
|
||||||
|
* conditional copy.
|
||||||
|
*/
|
||||||
|
if (!BN_add(&l, &k, dsa->q)
|
||||||
|
|| !BN_add(&m, &l, dsa->q)
|
||||||
|
|| !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
BN_set_flags(&kq, BN_FLG_CONSTTIME);
|
BN_set_flags(&kq, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
/*
|
|
||||||
* We do not want timing information to leak the length of k, so we
|
|
||||||
* compute g^k using an equivalent exponent of fixed length. (This
|
|
||||||
* is a kludge that we need because the BN_mod_exp_mont() does not
|
|
||||||
* let us specify the desired timing behaviour.)
|
|
||||||
*/
|
|
||||||
|
|
||||||
if (!BN_add(&kq, &kq, dsa->q))
|
|
||||||
goto err;
|
|
||||||
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
|
|
||||||
if (!BN_add(&kq, &kq, dsa->q))
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
K = &kq;
|
K = &kq;
|
||||||
} else {
|
} else {
|
||||||
K = &k;
|
K = &k;
|
||||||
@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
BN_CTX_free(ctx);
|
BN_CTX_free(ctx);
|
||||||
BN_clear_free(&k);
|
BN_clear_free(&k);
|
||||||
BN_clear_free(&kq);
|
BN_clear_free(&kq);
|
||||||
return (ret);
|
BN_clear_free(&l);
|
||||||
|
BN_clear_free(&m);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
|
static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
|
||||||
|
@ -1178,19 +1178,18 @@ __ecp_nistz256_sqr_montx:
|
|||||||
adox $t1, $acc5
|
adox $t1, $acc5
|
||||||
.byte 0x67,0x67
|
.byte 0x67,0x67
|
||||||
mulx %rdx, $t0, $t4
|
mulx %rdx, $t0, $t4
|
||||||
mov $acc0, %rdx
|
mov .Lpoly+8*3(%rip), %rdx
|
||||||
adox $t0, $acc6
|
adox $t0, $acc6
|
||||||
shlx $a_ptr, $acc0, $t0
|
shlx $a_ptr, $acc0, $t0
|
||||||
adox $t4, $acc7
|
adox $t4, $acc7
|
||||||
shrx $a_ptr, $acc0, $t4
|
shrx $a_ptr, $acc0, $t4
|
||||||
mov .Lpoly+8*3(%rip), $t1
|
mov %rdx,$t1
|
||||||
|
|
||||||
# reduction step 1
|
# reduction step 1
|
||||||
add $t0, $acc1
|
add $t0, $acc1
|
||||||
adc $t4, $acc2
|
adc $t4, $acc2
|
||||||
|
|
||||||
mulx $t1, $t0, $acc0
|
mulx $acc0, $t0, $acc0
|
||||||
mov $acc1, %rdx
|
|
||||||
adc $t0, $acc3
|
adc $t0, $acc3
|
||||||
shlx $a_ptr, $acc1, $t0
|
shlx $a_ptr, $acc1, $t0
|
||||||
adc \$0, $acc0
|
adc \$0, $acc0
|
||||||
@ -1200,8 +1199,7 @@ __ecp_nistz256_sqr_montx:
|
|||||||
add $t0, $acc2
|
add $t0, $acc2
|
||||||
adc $t4, $acc3
|
adc $t4, $acc3
|
||||||
|
|
||||||
mulx $t1, $t0, $acc1
|
mulx $acc1, $t0, $acc1
|
||||||
mov $acc2, %rdx
|
|
||||||
adc $t0, $acc0
|
adc $t0, $acc0
|
||||||
shlx $a_ptr, $acc2, $t0
|
shlx $a_ptr, $acc2, $t0
|
||||||
adc \$0, $acc1
|
adc \$0, $acc1
|
||||||
@ -1211,8 +1209,7 @@ __ecp_nistz256_sqr_montx:
|
|||||||
add $t0, $acc3
|
add $t0, $acc3
|
||||||
adc $t4, $acc0
|
adc $t4, $acc0
|
||||||
|
|
||||||
mulx $t1, $t0, $acc2
|
mulx $acc2, $t0, $acc2
|
||||||
mov $acc3, %rdx
|
|
||||||
adc $t0, $acc1
|
adc $t0, $acc1
|
||||||
shlx $a_ptr, $acc3, $t0
|
shlx $a_ptr, $acc3, $t0
|
||||||
adc \$0, $acc2
|
adc \$0, $acc2
|
||||||
@ -1222,12 +1219,12 @@ __ecp_nistz256_sqr_montx:
|
|||||||
add $t0, $acc0
|
add $t0, $acc0
|
||||||
adc $t4, $acc1
|
adc $t4, $acc1
|
||||||
|
|
||||||
mulx $t1, $t0, $acc3
|
mulx $acc3, $t0, $acc3
|
||||||
adc $t0, $acc2
|
adc $t0, $acc2
|
||||||
adc \$0, $acc3
|
adc \$0, $acc3
|
||||||
|
|
||||||
xor $t3, $t3 # cf=0
|
xor $t3, $t3
|
||||||
adc $acc0, $acc4 # accumulate upper half
|
add $acc0, $acc4 # accumulate upper half
|
||||||
mov .Lpoly+8*1(%rip), $a_ptr
|
mov .Lpoly+8*1(%rip), $a_ptr
|
||||||
adc $acc1, $acc5
|
adc $acc1, $acc5
|
||||||
mov $acc4, $acc0
|
mov $acc4, $acc0
|
||||||
@ -1236,8 +1233,7 @@ __ecp_nistz256_sqr_montx:
|
|||||||
mov $acc5, $acc1
|
mov $acc5, $acc1
|
||||||
adc \$0, $t3
|
adc \$0, $t3
|
||||||
|
|
||||||
xor %eax, %eax # cf=0
|
sub \$-1, $acc4 # .Lpoly[0]
|
||||||
sbb \$-1, $acc4 # .Lpoly[0]
|
|
||||||
mov $acc6, $acc2
|
mov $acc6, $acc2
|
||||||
sbb $a_ptr, $acc5 # .Lpoly[1]
|
sbb $a_ptr, $acc5 # .Lpoly[1]
|
||||||
sbb \$0, $acc6 # .Lpoly[2]
|
sbb \$0, $acc6 # .Lpoly[2]
|
||||||
|
@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
|
|||||||
BN_CTX_free(new_ctx);
|
BN_CTX_free(new_ctx);
|
||||||
if (mont != NULL)
|
if (mont != NULL)
|
||||||
BN_MONT_CTX_free(mont);
|
BN_MONT_CTX_free(mont);
|
||||||
|
if (one != NULL)
|
||||||
|
BN_free(one);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -716,7 +716,7 @@ static limb felem_is_zero(const felem in)
|
|||||||
return (zero | two224m96p1 | two225m97p2);
|
return (zero | two224m96p1 | two225m97p2);
|
||||||
}
|
}
|
||||||
|
|
||||||
static limb felem_is_zero_int(const felem in)
|
static int felem_is_zero_int(const void *in)
|
||||||
{
|
{
|
||||||
return (int)(felem_is_zero(in) & ((limb) 1));
|
return (int)(felem_is_zero(in) & ((limb) 1));
|
||||||
}
|
}
|
||||||
@ -1391,7 +1391,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3],
|
|||||||
sizeof(felem),
|
sizeof(felem),
|
||||||
tmp_felems,
|
tmp_felems,
|
||||||
(void (*)(void *))felem_one,
|
(void (*)(void *))felem_one,
|
||||||
(int (*)(const void *))
|
|
||||||
felem_is_zero_int,
|
felem_is_zero_int,
|
||||||
(void (*)(void *, const void *))
|
(void (*)(void *, const void *))
|
||||||
felem_assign,
|
felem_assign,
|
||||||
|
@ -977,7 +977,7 @@ static limb smallfelem_is_zero(const smallfelem small)
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int smallfelem_is_zero_int(const smallfelem small)
|
static int smallfelem_is_zero_int(const void *small)
|
||||||
{
|
{
|
||||||
return (int)(smallfelem_is_zero(small) & ((limb) 1));
|
return (int)(smallfelem_is_zero(small) & ((limb) 1));
|
||||||
}
|
}
|
||||||
@ -1979,7 +1979,6 @@ static void make_points_affine(size_t num, smallfelem points[][3],
|
|||||||
sizeof(smallfelem),
|
sizeof(smallfelem),
|
||||||
tmp_smallfelems,
|
tmp_smallfelems,
|
||||||
(void (*)(void *))smallfelem_one,
|
(void (*)(void *))smallfelem_one,
|
||||||
(int (*)(const void *))
|
|
||||||
smallfelem_is_zero_int,
|
smallfelem_is_zero_int,
|
||||||
(void (*)(void *, const void *))
|
(void (*)(void *, const void *))
|
||||||
smallfelem_assign,
|
smallfelem_assign,
|
||||||
|
@ -871,7 +871,7 @@ static limb felem_is_zero(const felem in)
|
|||||||
return is_zero;
|
return is_zero;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int felem_is_zero_int(const felem in)
|
static int felem_is_zero_int(const void *in)
|
||||||
{
|
{
|
||||||
return (int)(felem_is_zero(in) & ((limb) 1));
|
return (int)(felem_is_zero(in) & ((limb) 1));
|
||||||
}
|
}
|
||||||
@ -1787,7 +1787,6 @@ static void make_points_affine(size_t num, felem points[][3],
|
|||||||
sizeof(felem),
|
sizeof(felem),
|
||||||
tmp_felems,
|
tmp_felems,
|
||||||
(void (*)(void *))felem_one,
|
(void (*)(void *))felem_one,
|
||||||
(int (*)(const void *))
|
|
||||||
felem_is_zero_int,
|
felem_is_zero_int,
|
||||||
(void (*)(void *, const void *))
|
(void (*)(void *, const void *))
|
||||||
felem_assign,
|
felem_assign,
|
||||||
|
@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
|
|||||||
*/
|
*/
|
||||||
ecdh_data_free(ecdh_data);
|
ecdh_data_free(ecdh_data);
|
||||||
ecdh_data = (ECDH_DATA *)data;
|
ecdh_data = (ECDH_DATA *)data;
|
||||||
|
} else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
|
||||||
|
ecdh_data_free,
|
||||||
|
ecdh_data_free) != ecdh_data) {
|
||||||
|
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
|
||||||
|
ecdh_data_free(ecdh_data);
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
} else
|
} else {
|
||||||
ecdh_data = (ECDH_DATA *)data;
|
ecdh_data = (ECDH_DATA *)data;
|
||||||
|
}
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
|
if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
|
||||||
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
|
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
|
||||||
|
@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
|
|||||||
*/
|
*/
|
||||||
ecdsa_data_free(ecdsa_data);
|
ecdsa_data_free(ecdsa_data);
|
||||||
ecdsa_data = (ECDSA_DATA *)data;
|
ecdsa_data = (ECDSA_DATA *)data;
|
||||||
|
} else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
|
||||||
|
ecdsa_data_free,
|
||||||
|
ecdsa_data_free) != ecdsa_data) {
|
||||||
|
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
|
||||||
|
ecdsa_data_free(ecdsa_data);
|
||||||
|
return NULL;
|
||||||
}
|
}
|
||||||
} else
|
} else {
|
||||||
ecdsa_data = (ECDSA_DATA *)data;
|
ecdsa_data = (ECDSA_DATA *)data;
|
||||||
|
}
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
|
if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
|
||||||
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
|
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {
|
||||||
|
@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
EC_POINT *tmp_point = NULL;
|
EC_POINT *tmp_point = NULL;
|
||||||
const EC_GROUP *group;
|
const EC_GROUP *group;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
int order_bits;
|
||||||
|
|
||||||
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
|
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
|
||||||
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
|
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
|
||||||
@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Preallocate space */
|
||||||
|
order_bits = BN_num_bits(order);
|
||||||
|
if (!BN_set_bit(k, order_bits)
|
||||||
|
|| !BN_set_bit(r, order_bits)
|
||||||
|
|| !BN_set_bit(X, order_bits))
|
||||||
|
goto err;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
/* get random k */
|
/* get random k */
|
||||||
do
|
do
|
||||||
@ -139,13 +147,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
|||||||
/*
|
/*
|
||||||
* We do not want timing information to leak the length of k, so we
|
* We do not want timing information to leak the length of k, so we
|
||||||
* compute G*k using an equivalent scalar of fixed bit-length.
|
* compute G*k using an equivalent scalar of fixed bit-length.
|
||||||
|
*
|
||||||
|
* We unconditionally perform both of these additions to prevent a
|
||||||
|
* small timing information leakage. We then choose the sum that is
|
||||||
|
* one bit longer than the order. This guarantees the code
|
||||||
|
* path used in the constant time implementations elsewhere.
|
||||||
|
*
|
||||||
|
* TODO: revisit the BN_copy aiming for a memory access agnostic
|
||||||
|
* conditional copy.
|
||||||
*/
|
*/
|
||||||
|
if (!BN_add(r, k, order)
|
||||||
if (!BN_add(k, k, order))
|
|| !BN_add(X, r, order)
|
||||||
|
|| !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
|
||||||
goto err;
|
goto err;
|
||||||
if (BN_num_bits(k) <= BN_num_bits(order))
|
|
||||||
if (!BN_add(k, k, order))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
/* compute r the x-coordinate of generator * k */
|
/* compute r the x-coordinate of generator * k */
|
||||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
||||||
|
@ -725,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
es->top = (es->top + 1) % ERR_NUM_ERRORS;
|
es->top = (es->top + 1) % ERR_NUM_ERRORS;
|
||||||
if (es->top == es->bottom)
|
if (es->top == es->bottom)
|
||||||
@ -742,6 +744,8 @@ void ERR_clear_error(void)
|
|||||||
ERR_STATE *es;
|
ERR_STATE *es;
|
||||||
|
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
for (i = 0; i < ERR_NUM_ERRORS; i++) {
|
for (i = 0; i < ERR_NUM_ERRORS; i++) {
|
||||||
err_clear(es, i);
|
err_clear(es, i);
|
||||||
@ -806,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file,
|
|||||||
unsigned long ret;
|
unsigned long ret;
|
||||||
|
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (inc && top) {
|
if (inc && top) {
|
||||||
if (file)
|
if (file)
|
||||||
@ -1016,7 +1022,6 @@ void ERR_remove_state(unsigned long pid)
|
|||||||
|
|
||||||
ERR_STATE *ERR_get_state(void)
|
ERR_STATE *ERR_get_state(void)
|
||||||
{
|
{
|
||||||
static ERR_STATE fallback;
|
|
||||||
ERR_STATE *ret, tmp, *tmpp = NULL;
|
ERR_STATE *ret, tmp, *tmpp = NULL;
|
||||||
int i;
|
int i;
|
||||||
CRYPTO_THREADID tid;
|
CRYPTO_THREADID tid;
|
||||||
@ -1030,7 +1035,7 @@ ERR_STATE *ERR_get_state(void)
|
|||||||
if (ret == NULL) {
|
if (ret == NULL) {
|
||||||
ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
|
ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
return (&fallback);
|
return NULL;
|
||||||
CRYPTO_THREADID_cpy(&ret->tid, &tid);
|
CRYPTO_THREADID_cpy(&ret->tid, &tid);
|
||||||
ret->top = 0;
|
ret->top = 0;
|
||||||
ret->bottom = 0;
|
ret->bottom = 0;
|
||||||
@ -1042,7 +1047,7 @@ ERR_STATE *ERR_get_state(void)
|
|||||||
/* To check if insertion failed, do a get. */
|
/* To check if insertion failed, do a get. */
|
||||||
if (ERRFN(thread_get_item) (ret) != ret) {
|
if (ERRFN(thread_get_item) (ret) != ret) {
|
||||||
ERR_STATE_free(ret); /* could not insert it */
|
ERR_STATE_free(ret); /* could not insert it */
|
||||||
return (&fallback);
|
return NULL;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
* If a race occured in this function and we came second, tmpp is the
|
* If a race occured in this function and we came second, tmpp is the
|
||||||
@ -1066,10 +1071,10 @@ void ERR_set_error_data(char *data, int flags)
|
|||||||
int i;
|
int i;
|
||||||
|
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
i = es->top;
|
i = es->top;
|
||||||
if (i == 0)
|
|
||||||
i = ERR_NUM_ERRORS - 1;
|
|
||||||
|
|
||||||
err_clear_data(es, i);
|
err_clear_data(es, i);
|
||||||
es->err_data[i] = data;
|
es->err_data[i] = data;
|
||||||
@ -1121,6 +1126,8 @@ int ERR_set_mark(void)
|
|||||||
ERR_STATE *es;
|
ERR_STATE *es;
|
||||||
|
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
if (es->bottom == es->top)
|
if (es->bottom == es->top)
|
||||||
return 0;
|
return 0;
|
||||||
@ -1133,6 +1140,8 @@ int ERR_pop_to_mark(void)
|
|||||||
ERR_STATE *es;
|
ERR_STATE *es;
|
||||||
|
|
||||||
es = ERR_get_state();
|
es = ERR_get_state();
|
||||||
|
if (es == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
while (es->bottom != es->top
|
while (es->bottom != es->top
|
||||||
&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
|
&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
|
||||||
|
@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||||||
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
||||||
maxpad &= 255;
|
maxpad &= 255;
|
||||||
|
|
||||||
ret &= constant_time_ge(maxpad, pad);
|
mask = constant_time_ge(maxpad, pad);
|
||||||
|
ret &= mask;
|
||||||
|
/*
|
||||||
|
* If pad is invalid then we will fail the above test but we must
|
||||||
|
* continue anyway because we are in constant time code. However,
|
||||||
|
* we'll use the maxpad value instead of the supplied pad to make
|
||||||
|
* sure we perform well defined pointer arithmetic.
|
||||||
|
*/
|
||||||
|
pad = constant_time_select(mask, pad, maxpad);
|
||||||
|
|
||||||
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
|
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
|
||||||
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
|
|
||||||
inp_len &= mask;
|
|
||||||
ret &= (int)mask;
|
|
||||||
|
|
||||||
key->aux.tls_aad[plen - 2] = inp_len >> 8;
|
key->aux.tls_aad[plen - 2] = inp_len >> 8;
|
||||||
key->aux.tls_aad[plen - 1] = inp_len;
|
key->aux.tls_aad[plen - 1] = inp_len;
|
||||||
|
@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|||||||
* to identify it and avoid stitch invocation. So that after we
|
* to identify it and avoid stitch invocation. So that after we
|
||||||
* establish that current CPU supports AVX, we even see if it's
|
* establish that current CPU supports AVX, we even see if it's
|
||||||
* either even XOP-capable Bulldozer-based or GenuineIntel one.
|
* either even XOP-capable Bulldozer-based or GenuineIntel one.
|
||||||
|
* But SHAEXT-capable go ahead...
|
||||||
*/
|
*/
|
||||||
if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */
|
if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */
|
||||||
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
|
((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
|
||||||
| (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */
|
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
|
||||||
|
| (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */
|
||||||
plen > (sha_off + iv) &&
|
plen > (sha_off + iv) &&
|
||||||
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
|
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
|
||||||
SHA256_Update(&key->md, in + iv, sha_off);
|
SHA256_Update(&key->md, in + iv, sha_off);
|
||||||
@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
|
|||||||
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
|
||||||
maxpad &= 255;
|
maxpad &= 255;
|
||||||
|
|
||||||
ret &= constant_time_ge(maxpad, pad);
|
mask = constant_time_ge(maxpad, pad);
|
||||||
|
ret &= mask;
|
||||||
|
/*
|
||||||
|
* If pad is invalid then we will fail the above test but we must
|
||||||
|
* continue anyway because we are in constant time code. However,
|
||||||
|
* we'll use the maxpad value instead of the supplied pad to make
|
||||||
|
* sure we perform well defined pointer arithmetic.
|
||||||
|
*/
|
||||||
|
pad = constant_time_select(mask, pad, maxpad);
|
||||||
|
|
||||||
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
|
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
|
||||||
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
|
|
||||||
inp_len &= mask;
|
|
||||||
ret &= (int)mask;
|
|
||||||
|
|
||||||
key->aux.tls_aad[plen - 2] = inp_len >> 8;
|
key->aux.tls_aad[plen - 2] = inp_len >> 8;
|
||||||
key->aux.tls_aad[plen - 1] = inp_len;
|
key->aux.tls_aad[plen - 1] = inp_len;
|
||||||
|
@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
|
|||||||
const char *type,
|
const char *type,
|
||||||
const char *value));
|
const char *value));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pinit) (EVP_PKEY_CTX *ctx));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pcopy) (EVP_PKEY_CTX *dst,
|
||||||
|
EVP_PKEY_CTX *src));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
|
||||||
|
void (**pcleanup) (EVP_PKEY_CTX *ctx));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pparamgen) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_PKEY *pkey));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pkeygen) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_PKEY *pkey));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**psign_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**psign) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *sig, size_t *siglen,
|
||||||
|
const unsigned char *tbs,
|
||||||
|
size_t tbslen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverify_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pverify) (EVP_PKEY_CTX *ctx,
|
||||||
|
const unsigned char *sig,
|
||||||
|
size_t siglen,
|
||||||
|
const unsigned char *tbs,
|
||||||
|
size_t tbslen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverify_recover_init) (EVP_PKEY_CTX
|
||||||
|
*ctx),
|
||||||
|
int (**pverify_recover) (EVP_PKEY_CTX
|
||||||
|
*ctx,
|
||||||
|
unsigned char
|
||||||
|
*sig,
|
||||||
|
size_t *siglen,
|
||||||
|
const unsigned
|
||||||
|
char *tbs,
|
||||||
|
size_t tbslen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_MD_CTX *mctx),
|
||||||
|
int (**psignctx) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *sig,
|
||||||
|
size_t *siglen,
|
||||||
|
EVP_MD_CTX *mctx));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_MD_CTX *mctx),
|
||||||
|
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
|
||||||
|
const unsigned char *sig,
|
||||||
|
int siglen,
|
||||||
|
EVP_MD_CTX *mctx));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *out,
|
||||||
|
size_t *outlen,
|
||||||
|
const unsigned char *in,
|
||||||
|
size_t inlen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *out,
|
||||||
|
size_t *outlen,
|
||||||
|
const unsigned char *in,
|
||||||
|
size_t inlen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pderive_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pderive) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *key,
|
||||||
|
size_t *keylen));
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
|
||||||
|
void *p2),
|
||||||
|
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
|
||||||
|
const char *type,
|
||||||
|
const char *value));
|
||||||
|
|
||||||
void EVP_add_alg_module(void);
|
void EVP_add_alg_module(void);
|
||||||
|
|
||||||
/* BEGIN ERROR CODES */
|
/* BEGIN ERROR CODES */
|
||||||
|
@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
|
|||||||
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
|
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
|
||||||
int verify)
|
int verify)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = -1;
|
||||||
char buff[BUFSIZ];
|
char buff[BUFSIZ];
|
||||||
UI *ui;
|
UI *ui;
|
||||||
|
|
||||||
@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
|
|||||||
prompt = prompt_string;
|
prompt = prompt_string;
|
||||||
ui = UI_new();
|
ui = UI_new();
|
||||||
if (ui == NULL)
|
if (ui == NULL)
|
||||||
return -1;
|
return ret;
|
||||||
UI_add_input_string(ui, prompt, 0, buf, min,
|
if (UI_add_input_string(ui, prompt, 0, buf, min,
|
||||||
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
|
(len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
|
||||||
if (verify)
|
|| (verify
|
||||||
UI_add_verify_string(ui, prompt, 0,
|
&& UI_add_verify_string(ui, prompt, 0, buff, min,
|
||||||
buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
|
(len >= BUFSIZ) ? BUFSIZ - 1 : len,
|
||||||
buf);
|
buf) < 0))
|
||||||
|
goto end;
|
||||||
ret = UI_process(ui);
|
ret = UI_process(ui);
|
||||||
UI_free(ui);
|
|
||||||
OPENSSL_cleanse(buff, BUFSIZ);
|
OPENSSL_cleanse(buff, BUFSIZ);
|
||||||
|
end:
|
||||||
|
UI_free(ui);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -589,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
|
|||||||
pmeth->ctrl = ctrl;
|
pmeth->ctrl = ctrl;
|
||||||
pmeth->ctrl_str = ctrl_str;
|
pmeth->ctrl_str = ctrl_str;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pinit) (EVP_PKEY_CTX *ctx))
|
||||||
|
{
|
||||||
|
*pinit = pmeth->init;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pcopy) (EVP_PKEY_CTX *dst,
|
||||||
|
EVP_PKEY_CTX *src))
|
||||||
|
{
|
||||||
|
*pcopy = pmeth->copy;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
|
||||||
|
void (**pcleanup) (EVP_PKEY_CTX *ctx))
|
||||||
|
{
|
||||||
|
*pcleanup = pmeth->cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pparamgen) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_PKEY *pkey))
|
||||||
|
{
|
||||||
|
if (pparamgen_init)
|
||||||
|
*pparamgen_init = pmeth->paramgen_init;
|
||||||
|
if (pparamgen)
|
||||||
|
*pparamgen = pmeth->paramgen;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pkeygen) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_PKEY *pkey))
|
||||||
|
{
|
||||||
|
if (pkeygen_init)
|
||||||
|
*pkeygen_init = pmeth->keygen_init;
|
||||||
|
if (pkeygen)
|
||||||
|
*pkeygen = pmeth->keygen;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**psign_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**psign) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *sig, size_t *siglen,
|
||||||
|
const unsigned char *tbs,
|
||||||
|
size_t tbslen))
|
||||||
|
{
|
||||||
|
if (psign_init)
|
||||||
|
*psign_init = pmeth->sign_init;
|
||||||
|
if (psign)
|
||||||
|
*psign = pmeth->sign;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverify_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pverify) (EVP_PKEY_CTX *ctx,
|
||||||
|
const unsigned char *sig,
|
||||||
|
size_t siglen,
|
||||||
|
const unsigned char *tbs,
|
||||||
|
size_t tbslen))
|
||||||
|
{
|
||||||
|
if (pverify_init)
|
||||||
|
*pverify_init = pmeth->verify_init;
|
||||||
|
if (pverify)
|
||||||
|
*pverify = pmeth->verify;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverify_recover_init) (EVP_PKEY_CTX
|
||||||
|
*ctx),
|
||||||
|
int (**pverify_recover) (EVP_PKEY_CTX
|
||||||
|
*ctx,
|
||||||
|
unsigned char
|
||||||
|
*sig,
|
||||||
|
size_t *siglen,
|
||||||
|
const unsigned
|
||||||
|
char *tbs,
|
||||||
|
size_t tbslen))
|
||||||
|
{
|
||||||
|
if (pverify_recover_init)
|
||||||
|
*pverify_recover_init = pmeth->verify_recover_init;
|
||||||
|
if (pverify_recover)
|
||||||
|
*pverify_recover = pmeth->verify_recover;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_MD_CTX *mctx),
|
||||||
|
int (**psignctx) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *sig,
|
||||||
|
size_t *siglen,
|
||||||
|
EVP_MD_CTX *mctx))
|
||||||
|
{
|
||||||
|
if (psignctx_init)
|
||||||
|
*psignctx_init = pmeth->signctx_init;
|
||||||
|
if (psignctx)
|
||||||
|
*psignctx = pmeth->signctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
|
||||||
|
EVP_MD_CTX *mctx),
|
||||||
|
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
|
||||||
|
const unsigned char *sig,
|
||||||
|
int siglen,
|
||||||
|
EVP_MD_CTX *mctx))
|
||||||
|
{
|
||||||
|
if (pverifyctx_init)
|
||||||
|
*pverifyctx_init = pmeth->verifyctx_init;
|
||||||
|
if (pverifyctx)
|
||||||
|
*pverifyctx = pmeth->verifyctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *out,
|
||||||
|
size_t *outlen,
|
||||||
|
const unsigned char *in,
|
||||||
|
size_t inlen))
|
||||||
|
{
|
||||||
|
if (pencrypt_init)
|
||||||
|
*pencrypt_init = pmeth->encrypt_init;
|
||||||
|
if (pencryptfn)
|
||||||
|
*pencryptfn = pmeth->encrypt;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *out,
|
||||||
|
size_t *outlen,
|
||||||
|
const unsigned char *in,
|
||||||
|
size_t inlen))
|
||||||
|
{
|
||||||
|
if (pdecrypt_init)
|
||||||
|
*pdecrypt_init = pmeth->decrypt_init;
|
||||||
|
if (pdecrypt)
|
||||||
|
*pdecrypt = pmeth->decrypt;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pderive_init) (EVP_PKEY_CTX *ctx),
|
||||||
|
int (**pderive) (EVP_PKEY_CTX *ctx,
|
||||||
|
unsigned char *key,
|
||||||
|
size_t *keylen))
|
||||||
|
{
|
||||||
|
if (pderive_init)
|
||||||
|
*pderive_init = pmeth->derive_init;
|
||||||
|
if (pderive)
|
||||||
|
*pderive = pmeth->derive;
|
||||||
|
}
|
||||||
|
|
||||||
|
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
|
||||||
|
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
|
||||||
|
void *p2),
|
||||||
|
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
|
||||||
|
const char *type,
|
||||||
|
const char *value))
|
||||||
|
{
|
||||||
|
if (pctrl)
|
||||||
|
*pctrl = pmeth->ctrl;
|
||||||
|
if (pctrl_str)
|
||||||
|
*pctrl_str = pmeth->ctrl_str;
|
||||||
|
}
|
||||||
|
@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
|
|||||||
if (j < mx)
|
if (j < mx)
|
||||||
mx = j;
|
mx = j;
|
||||||
if (mx > 0) {
|
if (mx > 0) {
|
||||||
if (!CRYPTO_set_ex_data(to, mx - 1, NULL))
|
/*
|
||||||
|
* Make sure the ex_data stack is at least |mx| elements long to avoid
|
||||||
|
* issues in the for loop that follows; so go get the |mx|'th element
|
||||||
|
* (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
|
||||||
|
* to itself. This is normally a no-op; but ensures the stack is the
|
||||||
|
* proper size
|
||||||
|
*/
|
||||||
|
if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
|
||||||
goto skip;
|
goto skip;
|
||||||
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
|
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
|
||||||
if (!storage)
|
if (!storage)
|
||||||
|
@ -101,6 +101,24 @@
|
|||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/lhash.h>
|
#include <openssl/lhash.h>
|
||||||
|
|
||||||
|
/*
|
||||||
|
* A hashing implementation that appears to be based on the linear hashing
|
||||||
|
* alogrithm:
|
||||||
|
* https://en.wikipedia.org/wiki/Linear_hashing
|
||||||
|
*
|
||||||
|
* Litwin, Witold (1980), "Linear hashing: A new tool for file and table
|
||||||
|
* addressing", Proc. 6th Conference on Very Large Databases: 212–223
|
||||||
|
* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
|
||||||
|
*
|
||||||
|
* From the wikipedia article "Linear hashing is used in the BDB Berkeley
|
||||||
|
* database system, which in turn is used by many software systems such as
|
||||||
|
* OpenLDAP, using a C implementation derived from the CACM article and first
|
||||||
|
* published on the Usenet in 1988 by Esmond Pitt."
|
||||||
|
*
|
||||||
|
* The CACM paper is available here:
|
||||||
|
* https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
|
||||||
|
*/
|
||||||
|
|
||||||
const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
|
const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
|
||||||
|
|
||||||
#undef MIN_NODES
|
#undef MIN_NODES
|
||||||
@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
|
|||||||
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
|
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
|
||||||
#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
|
#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
|
||||||
|
|
||||||
static void expand(_LHASH *lh);
|
static int expand(_LHASH *lh);
|
||||||
static void contract(_LHASH *lh);
|
static void contract(_LHASH *lh);
|
||||||
static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
|
static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
|
||||||
|
|
||||||
@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data)
|
|||||||
void *ret;
|
void *ret;
|
||||||
|
|
||||||
lh->error = 0;
|
lh->error = 0;
|
||||||
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
|
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)
|
||||||
expand(lh);
|
&& !expand(lh))
|
||||||
|
return NULL;
|
||||||
|
|
||||||
rn = getrn(lh, data, &hash);
|
rn = getrn(lh, data, &hash);
|
||||||
|
|
||||||
@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
|
|||||||
doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
|
doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void expand(_LHASH *lh)
|
static int expand(_LHASH *lh)
|
||||||
{
|
{
|
||||||
LHASH_NODE **n, **n1, **n2, *np;
|
LHASH_NODE **n, **n1, **n2, *np;
|
||||||
unsigned int p, i, j;
|
unsigned int p, pmax, nni, j;
|
||||||
unsigned long hash, nni;
|
unsigned long hash;
|
||||||
|
|
||||||
|
nni = lh->num_alloc_nodes;
|
||||||
|
p = lh->p;
|
||||||
|
pmax = lh->pmax;
|
||||||
|
if (p + 1 >= pmax) {
|
||||||
|
j = nni * 2;
|
||||||
|
n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
|
||||||
|
if (n == NULL) {
|
||||||
|
lh->error++;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
lh->b = n;
|
||||||
|
memset(n + nni, 0, sizeof(*n) * (j - nni));
|
||||||
|
lh->pmax = nni;
|
||||||
|
lh->num_alloc_nodes = j;
|
||||||
|
lh->num_expand_reallocs++;
|
||||||
|
lh->p = 0;
|
||||||
|
} else {
|
||||||
|
lh->p++;
|
||||||
|
}
|
||||||
|
|
||||||
lh->num_nodes++;
|
lh->num_nodes++;
|
||||||
lh->num_expands++;
|
lh->num_expands++;
|
||||||
p = (int)lh->p++;
|
|
||||||
n1 = &(lh->b[p]);
|
n1 = &(lh->b[p]);
|
||||||
n2 = &(lh->b[p + (int)lh->pmax]);
|
n2 = &(lh->b[p + pmax]);
|
||||||
*n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */
|
*n2 = NULL;
|
||||||
nni = lh->num_alloc_nodes;
|
|
||||||
|
|
||||||
for (np = *n1; np != NULL;) {
|
for (np = *n1; np != NULL;) {
|
||||||
#ifndef OPENSSL_NO_HASH_COMP
|
#ifndef OPENSSL_NO_HASH_COMP
|
||||||
@ -330,25 +367,7 @@ static void expand(_LHASH *lh)
|
|||||||
np = *n1;
|
np = *n1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((lh->p) >= lh->pmax) {
|
return 1;
|
||||||
j = (int)lh->num_alloc_nodes * 2;
|
|
||||||
n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
|
|
||||||
(int)(sizeof(LHASH_NODE *) * j));
|
|
||||||
if (n == NULL) {
|
|
||||||
lh->error++;
|
|
||||||
lh->num_nodes--;
|
|
||||||
lh->p = 0;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
/* else */
|
|
||||||
for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
|
|
||||||
n[i] = NULL; /* 02/03/92 eay */
|
|
||||||
lh->pmax = lh->num_alloc_nodes;
|
|
||||||
lh->num_alloc_nodes = j;
|
|
||||||
lh->num_expand_reallocs++;
|
|
||||||
lh->p = 0;
|
|
||||||
lh->b = n;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void contract(_LHASH *lh)
|
static void contract(_LHASH *lh)
|
||||||
|
@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else if (certs != NULL) {
|
||||||
|
untrusted = certs;
|
||||||
} else {
|
} else {
|
||||||
untrusted = bs->certs;
|
untrusted = bs->certs;
|
||||||
}
|
}
|
||||||
|
@ -30,11 +30,11 @@ extern "C" {
|
|||||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||||
* major minor fix final patch/beta)
|
* major minor fix final patch/beta)
|
||||||
*/
|
*/
|
||||||
# define OPENSSL_VERSION_NUMBER 0x100020cfL
|
# define OPENSSL_VERSION_NUMBER 0x100020dfL
|
||||||
# ifdef OPENSSL_FIPS
|
# ifdef OPENSSL_FIPS
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-fips 25 May 2017"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
|
||||||
# else
|
# else
|
||||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-freebsd 25 May 2017"
|
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-freebsd 2 Nov 2017"
|
||||||
# endif
|
# endif
|
||||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||||
|
|
||||||
|
@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
|
|||||||
((c >= '0') && (c <= '9'))))
|
((c >= '0') && (c <= '9'))))
|
||||||
break;
|
break;
|
||||||
#else
|
#else
|
||||||
if (!(isupper(c) || (c == '-') || isdigit(c)))
|
if (!(isupper((unsigned char)c) || (c == '-')
|
||||||
|
|| isdigit((unsigned char)c)))
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
header++;
|
header++;
|
||||||
|
@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|||||||
}
|
}
|
||||||
p8inf = PKCS8_decrypt(p8, psbuf, klen);
|
p8inf = PKCS8_decrypt(p8, psbuf, klen);
|
||||||
X509_SIG_free(p8);
|
X509_SIG_free(p8);
|
||||||
|
OPENSSL_cleanse(psbuf, klen);
|
||||||
if (!p8inf)
|
if (!p8inf)
|
||||||
return NULL;
|
return NULL;
|
||||||
ret = EVP_PKCS82PKEY(p8inf);
|
ret = EVP_PKCS82PKEY(p8inf);
|
||||||
|
@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|||||||
}
|
}
|
||||||
p8inf = PKCS8_decrypt(p8, psbuf, klen);
|
p8inf = PKCS8_decrypt(p8, psbuf, klen);
|
||||||
X509_SIG_free(p8);
|
X509_SIG_free(p8);
|
||||||
|
OPENSSL_cleanse(psbuf, klen);
|
||||||
if (!p8inf)
|
if (!p8inf)
|
||||||
goto p8err;
|
goto p8err;
|
||||||
ret = EVP_PKCS82PKEY(p8inf);
|
ret = EVP_PKCS82PKEY(p8inf);
|
||||||
|
@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
{
|
{
|
||||||
STACK_OF(X509) *ocerts = NULL;
|
STACK_OF(X509) *ocerts = NULL;
|
||||||
X509 *x = NULL;
|
X509 *x = NULL;
|
||||||
|
|
||||||
|
if (pkey)
|
||||||
|
*pkey = NULL;
|
||||||
|
if (cert)
|
||||||
|
*cert = NULL;
|
||||||
|
|
||||||
/* Check for NULL PKCS12 structure */
|
/* Check for NULL PKCS12 structure */
|
||||||
|
|
||||||
if (!p12) {
|
if (!p12) {
|
||||||
@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pkey)
|
|
||||||
*pkey = NULL;
|
|
||||||
if (cert)
|
|
||||||
*cert = NULL;
|
|
||||||
|
|
||||||
/* Check the mac */
|
/* Check the mac */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
|
|
||||||
if (!ocerts) {
|
if (!ocerts) {
|
||||||
PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
|
PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
|
||||||
return 0;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
|
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
|
||||||
@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
|
|||||||
|
|
||||||
err:
|
err:
|
||||||
|
|
||||||
if (pkey && *pkey)
|
if (pkey) {
|
||||||
EVP_PKEY_free(*pkey);
|
EVP_PKEY_free(*pkey);
|
||||||
if (cert && *cert)
|
*pkey = NULL;
|
||||||
|
}
|
||||||
|
if (cert) {
|
||||||
X509_free(*cert);
|
X509_free(*cert);
|
||||||
|
*cert = NULL;
|
||||||
|
}
|
||||||
if (x)
|
if (x)
|
||||||
X509_free(x);
|
X509_free(x);
|
||||||
if (ocerts)
|
if (ocerts)
|
||||||
|
@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
|
|||||||
return 2;
|
return 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_CMS
|
||||||
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
|
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
|
||||||
X509_ALGOR **pmaskHash)
|
X509_ALGOR **pmaskHash)
|
||||||
{
|
{
|
||||||
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
|
|||||||
return pss;
|
return pss;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_CMS
|
|
||||||
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
|
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
|
||||||
{
|
{
|
||||||
EVP_PKEY_CTX *pkctx;
|
EVP_PKEY_CTX *pkctx;
|
||||||
|
@ -237,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
|||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
|
||||||
RSA_R_OAEP_DECODING_ERROR);
|
RSA_R_OAEP_DECODING_ERROR);
|
||||||
cleanup:
|
cleanup:
|
||||||
if (db != NULL)
|
if (db != NULL) {
|
||||||
|
OPENSSL_cleanse(db, dblen);
|
||||||
OPENSSL_free(db);
|
OPENSSL_free(db);
|
||||||
if (em != NULL)
|
}
|
||||||
|
if (em != NULL) {
|
||||||
|
OPENSSL_cleanse(em, num);
|
||||||
OPENSSL_free(em);
|
OPENSSL_free(em);
|
||||||
|
}
|
||||||
return mlen;
|
return mlen;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
|||||||
* We can't continue in constant-time because we need to copy the result
|
* We can't continue in constant-time because we need to copy the result
|
||||||
* and we cannot fake its length. This unavoidably leaks timing
|
* and we cannot fake its length. This unavoidably leaks timing
|
||||||
* information at the API boundary.
|
* information at the API boundary.
|
||||||
* TODO(emilia): this could be addressed at the call site,
|
|
||||||
* see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
|
|
||||||
*/
|
*/
|
||||||
if (!good) {
|
if (!good) {
|
||||||
mlen = -1;
|
mlen = -1;
|
||||||
@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
|||||||
memcpy(to, em + msg_index, mlen);
|
memcpy(to, em + msg_index, mlen);
|
||||||
|
|
||||||
err:
|
err:
|
||||||
if (em != NULL)
|
if (em != NULL) {
|
||||||
|
OPENSSL_cleanse(em, num);
|
||||||
OPENSSL_free(em);
|
OPENSSL_free(em);
|
||||||
|
}
|
||||||
if (mlen == -1)
|
if (mlen == -1)
|
||||||
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
|
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
|
||||||
RSA_R_PKCS_DECODING_ERROR);
|
RSA_R_PKCS_DECODING_ERROR);
|
||||||
|
@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
|
|||||||
* FIPS mode.
|
* FIPS mode.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
|
static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd,
|
||||||
|
const EVP_MD **pmgf1md)
|
||||||
{
|
{
|
||||||
RSA_PKEY_CTX *rctx = ctx->data;
|
|
||||||
RSA *rsa = ctx->pkey->pkey.rsa;
|
|
||||||
int rv = -1;
|
int rv = -1;
|
||||||
|
|
||||||
if (!FIPS_mode())
|
if (!FIPS_mode())
|
||||||
return 0;
|
return 0;
|
||||||
if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
||||||
rv = 0;
|
rv = 0;
|
||||||
if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
|
if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
|
||||||
return -1;
|
return -1;
|
||||||
if (rctx->md) {
|
if (*pmd != NULL) {
|
||||||
const EVP_MD *fmd;
|
*pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd));
|
||||||
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md));
|
if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS))
|
||||||
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
|
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) {
|
if (*pmgf1md != NULL) {
|
||||||
const EVP_MD *fmd;
|
*pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md));
|
||||||
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md));
|
if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS))
|
||||||
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
|
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
|
|||||||
int ret;
|
int ret;
|
||||||
RSA_PKEY_CTX *rctx = ctx->data;
|
RSA_PKEY_CTX *rctx = ctx->data;
|
||||||
RSA *rsa = ctx->pkey->pkey.rsa;
|
RSA *rsa = ctx->pkey->pkey.rsa;
|
||||||
|
const EVP_MD *md = rctx->md;
|
||||||
|
const EVP_MD *mgf1md = rctx->mgf1md;
|
||||||
|
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
ret = pkey_fips_check_ctx(ctx);
|
ret = pkey_fips_check_rsa(rsa, &md, &mgf1md);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
|
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (rctx->md) {
|
if (md != NULL) {
|
||||||
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
|
if (tbslen != (size_t)EVP_MD_size(md)) {
|
||||||
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
|
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (ret > 0) {
|
if (ret > 0) {
|
||||||
unsigned int slen;
|
unsigned int slen;
|
||||||
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
|
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
|
||||||
rctx->pad_mode,
|
rctx->saltlen, mgf1md, sig, &slen);
|
||||||
rctx->saltlen,
|
|
||||||
rctx->mgf1md, sig, &slen);
|
|
||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
*siglen = slen;
|
*siglen = slen;
|
||||||
else
|
else
|
||||||
@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (EVP_MD_type(rctx->md) == NID_mdc2) {
|
if (EVP_MD_type(md) == NID_mdc2) {
|
||||||
unsigned int sltmp;
|
unsigned int sltmp;
|
||||||
if (rctx->pad_mode != RSA_PKCS1_PADDING)
|
if (rctx->pad_mode != RSA_PKCS1_PADDING)
|
||||||
return -1;
|
return -1;
|
||||||
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
|
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp,
|
||||||
tbs, tbslen, sig, &sltmp, rsa);
|
rsa);
|
||||||
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return ret;
|
return ret;
|
||||||
@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
memcpy(rctx->tbuf, tbs, tbslen);
|
memcpy(rctx->tbuf, tbs, tbslen);
|
||||||
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
|
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md));
|
||||||
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
|
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
|
||||||
sig, rsa, RSA_X931_PADDING);
|
sig, rsa, RSA_X931_PADDING);
|
||||||
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
|
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
|
||||||
unsigned int sltmp;
|
unsigned int sltmp;
|
||||||
ret = RSA_sign(EVP_MD_type(rctx->md),
|
ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa);
|
||||||
tbs, tbslen, sig, &sltmp, rsa);
|
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return ret;
|
return ret;
|
||||||
ret = sltmp;
|
ret = sltmp;
|
||||||
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
|
||||||
if (!setup_tbuf(rctx, ctx))
|
if (!setup_tbuf(rctx, ctx))
|
||||||
return -1;
|
return -1;
|
||||||
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
|
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs,
|
||||||
rctx->tbuf, tbs,
|
md, mgf1md, rctx->saltlen))
|
||||||
rctx->md, rctx->mgf1md,
|
|
||||||
rctx->saltlen))
|
|
||||||
return -1;
|
return -1;
|
||||||
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
|
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
|
||||||
sig, rsa, RSA_NO_PADDING);
|
sig, rsa, RSA_NO_PADDING);
|
||||||
@ -348,32 +343,31 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
|
|||||||
{
|
{
|
||||||
RSA_PKEY_CTX *rctx = ctx->data;
|
RSA_PKEY_CTX *rctx = ctx->data;
|
||||||
RSA *rsa = ctx->pkey->pkey.rsa;
|
RSA *rsa = ctx->pkey->pkey.rsa;
|
||||||
|
const EVP_MD *md = rctx->md;
|
||||||
|
const EVP_MD *mgf1md = rctx->mgf1md;
|
||||||
size_t rslen;
|
size_t rslen;
|
||||||
|
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
int rv;
|
int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md);
|
||||||
rv = pkey_fips_check_ctx(ctx);
|
|
||||||
if (rv < 0) {
|
if (rv < 0) {
|
||||||
RSAerr(RSA_F_PKEY_RSA_VERIFY,
|
RSAerr(RSA_F_PKEY_RSA_VERIFY,
|
||||||
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
|
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (rctx->md) {
|
if (md != NULL) {
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (rv > 0) {
|
if (rv > 0) {
|
||||||
return FIPS_rsa_verify_digest(rsa,
|
return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
|
||||||
tbs, tbslen,
|
rctx->saltlen, mgf1md, sig, siglen);
|
||||||
rctx->md,
|
|
||||||
rctx->pad_mode,
|
|
||||||
rctx->saltlen,
|
|
||||||
rctx->mgf1md, sig, siglen);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (rctx->pad_mode == RSA_PKCS1_PADDING)
|
if (rctx->pad_mode == RSA_PKCS1_PADDING)
|
||||||
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
|
return RSA_verify(EVP_MD_type(md), tbs, tbslen,
|
||||||
sig, siglen, rsa);
|
sig, siglen, rsa);
|
||||||
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
|
if (tbslen != (size_t)EVP_MD_size(md)) {
|
||||||
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
|
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@ -388,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
|
|||||||
rsa, RSA_NO_PADDING);
|
rsa, RSA_NO_PADDING);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
|
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md,
|
||||||
rctx->md, rctx->mgf1md,
|
|
||||||
rctx->tbuf, rctx->saltlen);
|
rctx->tbuf, rctx->saltlen);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -520,6 +520,7 @@ int UI_process(UI *ui)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
err:
|
err:
|
||||||
if (ui->meth->ui_close_session != NULL
|
if (ui->meth->ui_close_session != NULL
|
||||||
&& ui->meth->ui_close_session(ui) <= 0)
|
&& ui->meth->ui_close_session(ui) <= 0)
|
||||||
|
@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
|
|||||||
goto reconsider;
|
goto reconsider;
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
if (bits >= 8) {
|
if (bits > 8) {
|
||||||
b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
|
b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
|
||||||
b &= 0xff;
|
b &= 0xff;
|
||||||
if (bitrem)
|
if (bitrem)
|
||||||
@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
|
|||||||
}
|
}
|
||||||
if (bitrem)
|
if (bitrem)
|
||||||
c->data[byteoff] = b << (8 - bitrem);
|
c->data[byteoff] = b << (8 - bitrem);
|
||||||
} else { /* remaining less than 8 bits */
|
} else { /* remaining less than or equal to 8 bits */
|
||||||
|
|
||||||
b = (inp[0] << inpgap) & 0xff;
|
b = (inp[0] << inpgap) & 0xff;
|
||||||
if (bitrem)
|
if (bitrem)
|
||||||
|
@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
|
|||||||
if (!hent) {
|
if (!hent) {
|
||||||
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
|
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
|
||||||
if (hent == NULL) {
|
if (hent == NULL) {
|
||||||
|
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
|
||||||
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
|
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
|
|||||||
long argl, char **ret)
|
long argl, char **ret)
|
||||||
{
|
{
|
||||||
int ok = 0;
|
int ok = 0;
|
||||||
char *file;
|
const char *file;
|
||||||
|
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
case X509_L_FILE_LOAD:
|
case X509_L_FILE_LOAD:
|
||||||
if (argl == X509_FILETYPE_DEFAULT) {
|
if (argl == X509_FILETYPE_DEFAULT) {
|
||||||
file = (char *)getenv(X509_get_default_cert_file_env());
|
file = getenv(X509_get_default_cert_file_env());
|
||||||
if (file)
|
if (file)
|
||||||
ok = (X509_load_cert_crl_file(ctx, file,
|
ok = (X509_load_cert_crl_file(ctx, file,
|
||||||
X509_FILETYPE_PEM) != 0);
|
X509_FILETYPE_PEM) != 0);
|
||||||
@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
|
|||||||
|
|
||||||
if (type == X509_FILETYPE_PEM) {
|
if (type == X509_FILETYPE_PEM) {
|
||||||
for (;;) {
|
for (;;) {
|
||||||
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
|
x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
|
||||||
if (x == NULL) {
|
if (x == NULL) {
|
||||||
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
|
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
|
||||||
PEM_R_NO_START_LINE) && (count > 0)) {
|
PEM_R_NO_START_LINE) && (count > 0)) {
|
||||||
@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
|
|||||||
|
|
||||||
if (type == X509_FILETYPE_PEM) {
|
if (type == X509_FILETYPE_PEM) {
|
||||||
for (;;) {
|
for (;;) {
|
||||||
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
|
x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
|
||||||
if (x == NULL) {
|
if (x == NULL) {
|
||||||
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
|
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
|
||||||
PEM_R_NO_START_LINE) && (count > 0)) {
|
PEM_R_NO_START_LINE) && (count > 0)) {
|
||||||
@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
|
|||||||
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
|
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
|
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
if (!inf) {
|
if (!inf) {
|
||||||
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
|
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
|
||||||
|
@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
|
|||||||
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
|
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
int calc_ret;
|
||||||
X509_POLICY_TREE *tree = NULL;
|
X509_POLICY_TREE *tree = NULL;
|
||||||
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
|
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
|
||||||
*ptree = NULL;
|
*ptree = NULL;
|
||||||
@ -800,16 +801,19 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
|
|||||||
|
|
||||||
/* Tree is not empty: continue */
|
/* Tree is not empty: continue */
|
||||||
|
|
||||||
ret = tree_calculate_authority_set(tree, &auth_nodes);
|
calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
|
||||||
|
|
||||||
|
if (!calc_ret)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
|
||||||
|
|
||||||
|
if (calc_ret == 2)
|
||||||
|
sk_X509_POLICY_NODE_free(auth_nodes);
|
||||||
|
|
||||||
if (!ret)
|
if (!ret)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (ret == 2)
|
|
||||||
sk_X509_POLICY_NODE_free(auth_nodes);
|
|
||||||
|
|
||||||
if (tree)
|
if (tree)
|
||||||
*ptree = tree;
|
*ptree = tree;
|
||||||
|
@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
|
|||||||
*/
|
*/
|
||||||
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
|
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
|
||||||
{
|
{
|
||||||
return ((f != NULL &&
|
if (f == NULL
|
||||||
f->addressFamily != NULL && f->addressFamily->data != NULL)
|
|| f->addressFamily == NULL
|
||||||
? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
|
|| f->addressFamily->data == NULL
|
||||||
: 0);
|
|| f->addressFamily->length < 2)
|
||||||
|
return 0;
|
||||||
|
return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
|
|||||||
oth = OTHERNAME_new();
|
oth = OTHERNAME_new();
|
||||||
if (!oth)
|
if (!oth)
|
||||||
return 0;
|
return 0;
|
||||||
|
ASN1_TYPE_free(oth->value);
|
||||||
oth->type_id = oid;
|
oth->type_id = oid;
|
||||||
oth->value = value;
|
oth->value = value;
|
||||||
GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
|
GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
|
||||||
|
@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
|
|||||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
|
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
|
||||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
|
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We cannot use strncasecmp here because that applies locale specific rules.
|
||||||
|
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
|
||||||
|
* do a simple ASCII case comparison ignoring the locale (that is why we use
|
||||||
|
* numeric constants below).
|
||||||
|
*/
|
||||||
|
static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
|
||||||
|
{
|
||||||
|
for (; n > 0; n--, s1++, s2++) {
|
||||||
|
if (*s1 != *s2) {
|
||||||
|
unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
|
||||||
|
|
||||||
|
/* Convert to lower case */
|
||||||
|
if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
|
||||||
|
c1 += 0x20;
|
||||||
|
if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
|
||||||
|
c2 += 0x20;
|
||||||
|
|
||||||
|
if (c1 == c2)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (c1 < c2)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
/* c1 > c2 */
|
||||||
|
return 1;
|
||||||
|
} else if (*s1 == 0) {
|
||||||
|
/* If we get here we know that *s2 == 0 too */
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ia5casecmp(const char *s1, const char *s2)
|
||||||
|
{
|
||||||
|
/* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */
|
||||||
|
return ia5ncasecmp(s1, s2, (size_t)(-1));
|
||||||
|
}
|
||||||
|
|
||||||
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
|
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
|
||||||
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
|
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
|
||||||
{
|
{
|
||||||
@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
|
|||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strcasecmp(baseptr, dnsptr))
|
if (ia5casecmp(baseptr, dnsptr))
|
||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
|
|
||||||
return X509_V_OK;
|
return X509_V_OK;
|
||||||
@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
|
|||||||
if (!baseat && (*baseptr == '.')) {
|
if (!baseat && (*baseptr == '.')) {
|
||||||
if (eml->length > base->length) {
|
if (eml->length > base->length) {
|
||||||
emlptr += eml->length - base->length;
|
emlptr += eml->length - base->length;
|
||||||
if (!strcasecmp(baseptr, emlptr))
|
if (ia5casecmp(baseptr, emlptr) == 0)
|
||||||
return X509_V_OK;
|
return X509_V_OK;
|
||||||
}
|
}
|
||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
|
|||||||
}
|
}
|
||||||
emlptr = emlat + 1;
|
emlptr = emlat + 1;
|
||||||
/* Just have hostname left to match: case insensitive */
|
/* Just have hostname left to match: case insensitive */
|
||||||
if (strcasecmp(baseptr, emlptr))
|
if (ia5casecmp(baseptr, emlptr))
|
||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
|
|
||||||
return X509_V_OK;
|
return X509_V_OK;
|
||||||
@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
|
|||||||
if (*baseptr == '.') {
|
if (*baseptr == '.') {
|
||||||
if (hostlen > base->length) {
|
if (hostlen > base->length) {
|
||||||
p = hostptr + hostlen - base->length;
|
p = hostptr + hostlen - base->length;
|
||||||
if (!strncasecmp(p, baseptr, base->length))
|
if (ia5ncasecmp(p, baseptr, base->length) == 0)
|
||||||
return X509_V_OK;
|
return X509_V_OK;
|
||||||
}
|
}
|
||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((base->length != (int)hostlen)
|
if ((base->length != (int)hostlen)
|
||||||
|| strncasecmp(hostptr, baseptr, hostlen))
|
|| ia5ncasecmp(hostptr, baseptr, hostlen))
|
||||||
return X509_V_ERR_PERMITTED_VIOLATION;
|
return X509_V_ERR_PERMITTED_VIOLATION;
|
||||||
|
|
||||||
return X509_V_OK;
|
return X509_V_OK;
|
||||||
|
@ -136,8 +136,19 @@ OPENSSL_ia32_cpuid:
|
|||||||
or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs
|
or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs
|
||||||
and \$15,%ah
|
and \$15,%ah
|
||||||
cmp \$15,%ah # examine Family ID
|
cmp \$15,%ah # examine Family ID
|
||||||
jne .Lnotintel
|
jne .LnotP4
|
||||||
or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR
|
or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR
|
||||||
|
.LnotP4:
|
||||||
|
cmp \$6,%ah
|
||||||
|
jne .Lnotintel
|
||||||
|
and \$0x0fff0ff0,%eax
|
||||||
|
cmp \$0x00050670,%eax # Knights Landing
|
||||||
|
je .Lknights
|
||||||
|
cmp \$0x00080650,%eax # Knights Mill (according to sde)
|
||||||
|
jne .Lnotintel
|
||||||
|
.Lknights:
|
||||||
|
and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont
|
||||||
|
|
||||||
.Lnotintel:
|
.Lnotintel:
|
||||||
bt \$28,%edx # test hyper-threading bit
|
bt \$28,%edx # test hyper-threading bit
|
||||||
jnc .Lgeneric
|
jnc .Lgeneric
|
||||||
@ -162,6 +173,10 @@ OPENSSL_ia32_cpuid:
|
|||||||
mov \$7,%eax
|
mov \$7,%eax
|
||||||
xor %ecx,%ecx
|
xor %ecx,%ecx
|
||||||
cpuid
|
cpuid
|
||||||
|
bt \$26,%r9d # check XSAVE bit, cleared on Knights
|
||||||
|
jc .Lnotknights
|
||||||
|
and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag
|
||||||
|
.Lnotknights:
|
||||||
mov %ebx,8(%rdi) # save extended feature flags
|
mov %ebx,8(%rdi) # save extended feature flags
|
||||||
.Lno_extended_info:
|
.Lno_extended_info:
|
||||||
|
|
||||||
@ -175,7 +190,7 @@ OPENSSL_ia32_cpuid:
|
|||||||
.Lclear_avx:
|
.Lclear_avx:
|
||||||
mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11)
|
mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11)
|
||||||
and %eax,%r9d # clear AVX, FMA and AMD XOP bits
|
and %eax,%r9d # clear AVX, FMA and AMD XOP bits
|
||||||
andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5)
|
andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5)
|
||||||
.Ldone:
|
.Ldone:
|
||||||
shl \$32,%r9
|
shl \$32,%r9
|
||||||
mov %r10d,%eax
|
mov %r10d,%eax
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-asn1parse,
|
||||||
asn1parse - ASN.1 parsing tool
|
asn1parse - ASN.1 parsing tool
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-ca,
|
||||||
ca - sample minimal CA application
|
ca - sample minimal CA application
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-ciphers,
|
||||||
ciphers - SSL cipher display and cipher list tool.
|
ciphers - SSL cipher display and cipher list tool.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-cms,
|
||||||
cms - CMS utility
|
cms - CMS utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-crl,
|
||||||
crl - CRL utility
|
crl - CRL utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-crl2pkcs7,
|
||||||
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
|
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-dgst,
|
||||||
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
|
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-dhparam,
|
||||||
dhparam - DH parameter manipulation and generation
|
dhparam - DH parameter manipulation and generation
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-dsa,
|
||||||
dsa - DSA key processing
|
dsa - DSA key processing
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-dsaparam,
|
||||||
dsaparam - DSA parameter manipulation and generation
|
dsaparam - DSA parameter manipulation and generation
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-ec,
|
||||||
ec - EC key processing
|
ec - EC key processing
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-ecparam,
|
||||||
ecparam - EC parameter manipulation and generation
|
ecparam - EC parameter manipulation and generation
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-enc,
|
||||||
enc - symmetric cipher routines
|
enc - symmetric cipher routines
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-errstr,
|
||||||
errstr - lookup error codes
|
errstr - lookup error codes
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-gendsa,
|
||||||
gendsa - generate a DSA private key from a set of parameters
|
gendsa - generate a DSA private key from a set of parameters
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-genpkey,
|
||||||
genpkey - generate a private key
|
genpkey - generate a private key
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-genrsa,
|
||||||
genrsa - generate an RSA private key
|
genrsa - generate an RSA private key
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-nseq,
|
||||||
nseq - create or examine a netscape certificate sequence
|
nseq - create or examine a netscape certificate sequence
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-ocsp,
|
||||||
ocsp - Online Certificate Status Protocol utility
|
ocsp - Online Certificate Status Protocol utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-passwd,
|
||||||
passwd - compute password hashes
|
passwd - compute password hashes
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkcs12,
|
||||||
pkcs12 - PKCS#12 file utility
|
pkcs12 - PKCS#12 file utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkcs7,
|
||||||
pkcs7 - PKCS#7 utility
|
pkcs7 - PKCS#7 utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkcs8,
|
||||||
pkcs8 - PKCS#8 format private key conversion tool
|
pkcs8 - PKCS#8 format private key conversion tool
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkey,
|
||||||
pkey - public or private key processing tool
|
pkey - public or private key processing tool
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkeyparam,
|
||||||
pkeyparam - public key algorithm parameter processing tool
|
pkeyparam - public key algorithm parameter processing tool
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-pkeyutl,
|
||||||
pkeyutl - public key algorithm utility
|
pkeyutl - public key algorithm utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-rand,
|
||||||
rand - generate pseudo-random bytes
|
rand - generate pseudo-random bytes
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-req,
|
||||||
req - PKCS#10 certificate request and certificate generating utility.
|
req - PKCS#10 certificate request and certificate generating utility.
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-rsa,
|
||||||
rsa - RSA key processing tool
|
rsa - RSA key processing tool
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-rsautl,
|
||||||
rsautl - RSA utility
|
rsautl - RSA utility
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
@ -105,7 +106,7 @@ Recover the signed data
|
|||||||
|
|
||||||
Examine the raw signed data:
|
Examine the raw signed data:
|
||||||
|
|
||||||
openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
|
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
|
||||||
|
|
||||||
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
||||||
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-s_client,
|
||||||
s_client - SSL/TLS client program
|
s_client - SSL/TLS client program
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
@ -197,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>.
|
|||||||
=item B<-psk_identity identity>
|
=item B<-psk_identity identity>
|
||||||
|
|
||||||
Use the PSK identity B<identity> when using a PSK cipher suite.
|
Use the PSK identity B<identity> when using a PSK cipher suite.
|
||||||
|
The default value is "Client_identity" (without the quotes).
|
||||||
|
|
||||||
=item B<-psk key>
|
=item B<-psk key>
|
||||||
|
|
||||||
Use the PSK key B<key> when using a PSK cipher suite. The key is
|
Use the PSK key B<key> when using a PSK cipher suite. The key is
|
||||||
given as a hexadecimal number without leading 0x, for example -psk
|
given as a hexadecimal number without leading 0x, for example -psk
|
||||||
1a2b3c4d.
|
1a2b3c4d.
|
||||||
|
This option must be provided in order to use a PSK cipher.
|
||||||
|
|
||||||
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||||
|
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
|
openssl-s_server,
|
||||||
s_server - SSL/TLS server program
|
s_server - SSL/TLS server program
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
@ -219,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite.
|
|||||||
Use the PSK key B<key> when using a PSK cipher suite. The key is
|
Use the PSK key B<key> when using a PSK cipher suite. The key is
|
||||||
given as a hexadecimal number without leading 0x, for example -psk
|
given as a hexadecimal number without leading 0x, for example -psk
|
||||||
1a2b3c4d.
|
1a2b3c4d.
|
||||||
|
This option must be provided in order to use a PSK cipher.
|
||||||
|
|
||||||
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
|
||||||
|
|
||||||
@ -403,10 +405,6 @@ a web browser the command:
|
|||||||
|
|
||||||
can be used for example.
|
can be used for example.
|
||||||
|
|
||||||
Most web browsers (in particular Netscape and MSIE) only support RSA cipher
|
|
||||||
suites, so they cannot connect to servers which don't use a certificate
|
|
||||||
carrying an RSA key or a version of OpenSSL with RSA disabled.
|
|
||||||
|
|
||||||
Although specifying an empty list of CAs when requesting a client certificate
|
Although specifying an empty list of CAs when requesting a client certificate
|
||||||
is strictly speaking a protocol violation, some SSL clients interpret this to
|
is strictly speaking a protocol violation, some SSL clients interpret this to
|
||||||
mean any CA is acceptable. This is useful for debugging purposes.
|
mean any CA is acceptable. This is useful for debugging purposes.
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user