Merge OpenSSL 1.0.2m.

This commit is contained in:
Jung-uk Kim 2017-11-02 18:04:29 +00:00
commit 47902a71f3
510 changed files with 3031 additions and 747 deletions

View File

@ -2,6 +2,44 @@
OpenSSL CHANGES
_______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
Changes between 1.0.2k and 1.0.2l [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target

View File

@ -190,10 +190,8 @@
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt.html.
in Makefile.ssl and run "make clean; make". To report a bug please open an
issue on GitHub, at https://github.com/openssl/openssl/issues.
4. If everything tests ok, install OpenSSL with

View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2l
VERSION=1.0.2m
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0

View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2l 25 May 2017
OpenSSL 1.0.2m 2 Nov 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

View File

@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */
if (ext_sect) {
X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/*
* Free the current entries if any, there should not be any I believe
@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
}
{
STACK_OF(X509_EXTENSION) *exts = ci->extensions;
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;
}
/* Set the right value for the noemailDN option */
if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject))

View File

@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>"))
goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
goto shut;
mbuf[seen] = 0;
}
BIO_printf(sbio,

View File

@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer);
} else
BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n");
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {

View File

@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM)
# define SIGALRM
# endif
static unsigned int lapse, schlock;
static volatile unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n");
goto end;
}
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv);

View File

@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
}
e = setup_engine(bio_err, engine, 0);
if (keyfile) {
if (keyfile != NULL) {
pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) {
if (pkey == NULL)
goto end;
}
spki = NETSCAPE_SPKI_new();
if (challenge)
if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
if (outfile)
out = BIO_new_file(outfile, "w");
@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) {
if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err);
goto end;
@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0)
if (i > 0) {
BIO_printf(bio_err, "Signature OK\n");
else {
} else {
BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err);
goto end;

View File

@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i;
if (id == NULL)
return -1;
if (type == DB_SRP_INDEX)
if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid]))
return i;
} else
}
} else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid]))
return i;
}
}
return -1;
}
@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow;
int i;
if ((irow =
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
return 0;
}
@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *verifier = NULL;
char *gNid = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password);
VVERBOSE BIO_printf(bio, "Pass %s\n", password);
if (!
(gNid =
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
&verifier, N, g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n");
} else {
if (strcmp(verifier, srp_verifier))
gNid = NULL;
OPENSSL_free(verifier);
}
OPENSSL_cleanse(password, len);
}
return gNid;
}
@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose)
{
char password[1024];
char password[1025];
PW_CB_DATA cb_tmp;
char *gNid = NULL;
char *salt = NULL;
int len;
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
if (!
(gNid =
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
if (!(gNid = SRP_create_verifier(user, password, &salt,
srp_verifier, N, g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n");
} else
} else {
*srp_usersalt = salt;
}
OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier);
@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--;
argv++;
while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0)
if (strcmp(*argv, "-verbose") == 0) {
verbose++;
else if (strcmp(*argv, "-config") == 0) {
} else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1)
goto bad;
configfile = *(++argv);
@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1)
goto bad;
dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0)
} else if (strcmp(*argv, "-add") == 0) {
add_user = 1;
else if (strcmp(*argv, "-delete") == 0)
} else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1;
else if (strcmp(*argv, "-modify") == 0)
} else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1;
else if (strcmp(*argv, "-list") == 0)
} else if (strcmp(*argv, "-list") == 0) {
list_user = 1;
else if (strcmp(*argv, "-gn") == 0) {
} else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1)
goto bad;
gN = *(++argv);
@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1;
break;
} else
} else {
break;
}
argc--;
argv++;
@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n");
badops = 1;
}
if ((passin || passout) && argc != 1) {
if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n");
badops = 1;
@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1;
}
}
if (--argc > 0)
if (--argc > 0) {
user = *(argv++);
else {
} else {
user = NULL;
list_user = 0;
}

View File

@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();
WWW::Curl::Easy::global_cleanup();

View File

@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <limits.h>
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
@ -136,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err;
}
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
return (NULL);

View File

@ -0,0 +1,63 @@
/* asn1t.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Internal ASN1 template structures and functions: not for application use */
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

View File

@ -61,9 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/objects.h>
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
#include "asn1_int.h"
/* Free up an ASN1 structure */
@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0);
}
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine)
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
{
const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef;

View File

@ -63,6 +63,7 @@
#include <openssl/err.h>
#include <openssl/asn1t.h>
#include <string.h>
#include "asn1_int.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
@ -199,7 +200,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1;
memerr2:
ASN1_item_ex_free(pval, it);
asn1_item_combine_free(pval, it, combine);
memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG
@ -209,7 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;
auxerr2:
ASN1_item_ex_free(pval, it);
asn1_item_combine_free(pval, it, combine);
auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
#ifdef CRYPTO_MDEBUG

View File

@ -523,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
X509_NAME *in;
if (!xn || !name)
return (0);
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
if ((name = X509_NAME_dup(name)) == NULL)
return 0;
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
*xn = name;
return 1;
}
IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

View File

@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
X509_PKEY *ret = NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, X509_PKEY);
ret = OPENSSL_malloc(sizeof(X509_PKEY));
if (ret == NULL) {
c.line = __LINE__;
goto err;
}
ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
ret->enc_algor = X509_ALGOR_new();
ret->enc_pkey = M_ASN1_OCTET_STRING_new();
ret->dec_pkey = NULL;
ret->key_length = 0;
ret->key_data = NULL;
@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
ret->cipher.cipher = NULL;
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
ret->references = 1;
return (ret);
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
c.line = __LINE__;
goto err;
}
return ret;
err:
X509_PKEY_free(ret);
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
return NULL;
}
void X509_PKEY_free(X509_PKEY *x)

View File

@ -3090,11 +3090,19 @@ $code.=<<___;
.align 32
.Lsqrx8x_break:
sub 16+8(%rsp),%r8 # consume last carry
xor $zero,$zero
sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
xor %ebp,%ebp # xor $zero,$zero
adc \$0,%r10
mov %r8,0*8($tptr)
adc \$0,%r11
adc \$0,%r12
adc \$0,%r13
adc \$0,%r14
adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop

View File

@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
int i, bits, ret = 0;
BIGNUM *v, *rr;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
if (BN_is_odd(m)) {
# ifdef MONT_EXP_WORD
if (a->top == 1 && !a->neg
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
BN_ULONG A = a->d[0];
ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
} else
@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_RECP_CTX recp;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;
@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE];
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1;

View File

@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
BN_set_flags(a, BN_FLG_CONSTTIME);
a->top = b->top;
a->neg = b->neg;
bn_check_top(a);

View File

@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
tmod.dmax = 2;
tmod.neg = 0;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&tmod, BN_FLG_CONSTTIME);
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

View File

@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
rr->top = top;
goto end;
}
# if 0
if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)b;
if (bn_wexpand(tmp_bn, al) == NULL)
goto err;
tmp_bn->d[bl] = 0;
bl++;
i--;
} else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)a;
if (bn_wexpand(tmp_bn, bl) == NULL)
goto err;
tmp_bn->d[al] = 0;
al++;
i++;
}
if (i == 0) {
/* symmetric and > 4 */
/* 16 or larger */
j = BN_num_bits_word((BN_ULONG)al);
j = 1 << (j - 1);
k = j + j;
t = BN_CTX_get(ctx);
if (al == j) { /* exact multiple */
if (bn_wexpand(t, k * 2) == NULL)
goto err;
if (bn_wexpand(rr, k * 2) == NULL)
goto err;
bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
} else {
if (bn_wexpand(t, k * 4) == NULL)
goto err;
if (bn_wexpand(rr, k * 4) == NULL)
goto err;
bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
}
rr->top = top;
goto end;
}
# endif
}
#endif /* BN_RECURSION */
if (bn_wexpand(rr, top) == NULL)

View File

@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0))
@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
int ret = 0;
BN_CTX_start(ctx);
if (!Xp1)
if (Xp1 == NULL)
Xp1 = BN_CTX_get(ctx);
if (!Xp2)
if (Xp2 == NULL)
Xp2 = BN_CTX_get(ctx);
if (Xp1 == NULL || Xp2 == NULL)
goto error;
if (!BN_rand(Xp1, 101, 0, 0))
goto error;

View File

@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
}
}
#ifdef OPENSSL_FIPS
extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
#endif
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
{
if (threadid_callback)
return 0;
threadid_callback = func;
#ifdef OPENSSL_FIPS
FIPS_crypto_threadid_set_callback(func);
#endif
return 1;
}

View File

@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c
dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

View File

@ -257,11 +257,13 @@ DH *DH_get_1024_160(void);
DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void);
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# endif
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \

View File

@ -51,6 +51,9 @@
* ====================================================================
*/
#include <e_os.h>
#ifndef OPENSSL_NO_CMS
#include <string.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
EVP_MD_CTX_cleanup(&mctx);
return rv;
}
#endif

View File

@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DH_KDF_TYPE:
if (p1 == -2)
return dctx->kdf_type;
#ifdef OPENSSL_NO_CMS
if (p1 != EVP_PKEY_DH_KDF_NONE)
#else
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
#endif
return -2;
dctx->kdf_type = p1;
return 1;
@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
*keylen = ret;
return 1;
} else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
}
#ifndef OPENSSL_NO_CMS
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
unsigned char *Z = NULL;
size_t Zlen = 0;
if (!dctx->kdf_outlen || !dctx->kdf_oid)
@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
}
return ret;
}
#endif
return 1;
}

View File

@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
goto dsaerr;
}
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr;

View File

@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
} else {
p = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
if (q == NULL)
goto err;
}
if (!BN_lshift(test, BN_value_one(), L - 1))

View File

@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
{
BN_CTX *ctx;
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
BIGNUM l, m;
int ret = 0;
int q_bits;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_init(&k);
BN_init(&kq);
BN_init(&l);
BN_init(&m);
if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL)
@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if ((r = BN_new()) == NULL)
goto err;
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
if (!BN_set_bit(&k, q_bits)
|| !BN_set_bit(&l, q_bits)
|| !BN_set_bit(&m, q_bits))
goto err;
/* Get random k */
do
if (!BN_rand_range(&k, dsa->q))
@ -263,25 +274,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
/* Compute r = (g^k mod p) mod q */
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
if (!BN_copy(&kq, &k))
/*
* We do not want timing information to leak the length of k, so we
* compute G^k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(&l, &k, dsa->q)
|| !BN_add(&m, &l, dsa->q)
|| !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m))
goto err;
BN_set_flags(&kq, BN_FLG_CONSTTIME);
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
* is a kludge that we need because the BN_mod_exp_mont() does not
* let us specify the desired timing behaviour.)
*/
if (!BN_add(&kq, &kq, dsa->q))
goto err;
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
if (!BN_add(&kq, &kq, dsa->q))
goto err;
}
K = &kq;
} else {
K = &k;
@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_CTX_free(ctx);
BN_clear_free(&k);
BN_clear_free(&kq);
return (ret);
BN_clear_free(&l);
BN_clear_free(&m);
return ret;
}
static int dsa_do_verify(const unsigned char *dgst, int dgst_len,

View File

@ -1178,19 +1178,18 @@ __ecp_nistz256_sqr_montx:
adox $t1, $acc5
.byte 0x67,0x67
mulx %rdx, $t0, $t4
mov $acc0, %rdx
mov .Lpoly+8*3(%rip), %rdx
adox $t0, $acc6
shlx $a_ptr, $acc0, $t0
adox $t4, $acc7
shrx $a_ptr, $acc0, $t4
mov .Lpoly+8*3(%rip), $t1
mov %rdx,$t1
# reduction step 1
add $t0, $acc1
adc $t4, $acc2
mulx $t1, $t0, $acc0
mov $acc1, %rdx
mulx $acc0, $t0, $acc0
adc $t0, $acc3
shlx $a_ptr, $acc1, $t0
adc \$0, $acc0
@ -1200,8 +1199,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc2
adc $t4, $acc3
mulx $t1, $t0, $acc1
mov $acc2, %rdx
mulx $acc1, $t0, $acc1
adc $t0, $acc0
shlx $a_ptr, $acc2, $t0
adc \$0, $acc1
@ -1211,8 +1209,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc3
adc $t4, $acc0
mulx $t1, $t0, $acc2
mov $acc3, %rdx
mulx $acc2, $t0, $acc2
adc $t0, $acc1
shlx $a_ptr, $acc3, $t0
adc \$0, $acc2
@ -1222,12 +1219,12 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc0
adc $t4, $acc1
mulx $t1, $t0, $acc3
mulx $acc3, $t0, $acc3
adc $t0, $acc2
adc \$0, $acc3
xor $t3, $t3 # cf=0
adc $acc0, $acc4 # accumulate upper half
xor $t3, $t3
add $acc0, $acc4 # accumulate upper half
mov .Lpoly+8*1(%rip), $a_ptr
adc $acc1, $acc5
mov $acc4, $acc0
@ -1236,8 +1233,7 @@ __ecp_nistz256_sqr_montx:
mov $acc5, $acc1
adc \$0, $t3
xor %eax, %eax # cf=0
sbb \$-1, $acc4 # .Lpoly[0]
sub \$-1, $acc4 # .Lpoly[0]
mov $acc6, $acc2
sbb $a_ptr, $acc5 # .Lpoly[1]
sbb \$0, $acc6 # .Lpoly[2]

View File

@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX_free(new_ctx);
if (mont != NULL)
BN_MONT_CTX_free(mont);
if (one != NULL)
BN_free(one);
return ret;
}

View File

@ -716,7 +716,7 @@ static limb felem_is_zero(const felem in)
return (zero | two224m96p1 | two225m97p2);
}
static limb felem_is_zero_int(const felem in)
static int felem_is_zero_int(const void *in)
{
return (int)(felem_is_zero(in) & ((limb) 1));
}
@ -1391,7 +1391,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3],
sizeof(felem),
tmp_felems,
(void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int,
(void (*)(void *, const void *))
felem_assign,

View File

@ -977,7 +977,7 @@ static limb smallfelem_is_zero(const smallfelem small)
return result;
}
static int smallfelem_is_zero_int(const smallfelem small)
static int smallfelem_is_zero_int(const void *small)
{
return (int)(smallfelem_is_zero(small) & ((limb) 1));
}
@ -1979,7 +1979,6 @@ static void make_points_affine(size_t num, smallfelem points[][3],
sizeof(smallfelem),
tmp_smallfelems,
(void (*)(void *))smallfelem_one,
(int (*)(const void *))
smallfelem_is_zero_int,
(void (*)(void *, const void *))
smallfelem_assign,

View File

@ -871,7 +871,7 @@ static limb felem_is_zero(const felem in)
return is_zero;
}
static int felem_is_zero_int(const felem in)
static int felem_is_zero_int(const void *in)
{
return (int)(felem_is_zero(in) & ((limb) 1));
}
@ -1787,7 +1787,6 @@ static void make_points_affine(size_t num, felem points[][3],
sizeof(felem),
tmp_felems,
(void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int,
(void (*)(void *, const void *))
felem_assign,

View File

@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
*/
ecdh_data_free(ecdh_data);
ecdh_data = (ECDH_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
ecdh_data_free,
ecdh_data_free) != ecdh_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdh_data_free(ecdh_data);
return NULL;
}
} else
} else {
ecdh_data = (ECDH_DATA *)data;
}
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

View File

@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
*/
ecdsa_data_free(ecdsa_data);
ecdsa_data = (ECDSA_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
ecdsa_data_free,
ecdsa_data_free) != ecdsa_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdsa_data_free(ecdsa_data);
return NULL;
}
} else
} else {
ecdsa_data = (ECDSA_DATA *)data;
}
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

View File

@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
EC_POINT *tmp_point = NULL;
const EC_GROUP *group;
int ret = 0;
int order_bits;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
goto err;
}
/* Preallocate space */
order_bits = BN_num_bits(order);
if (!BN_set_bit(k, order_bits)
|| !BN_set_bit(r, order_bits)
|| !BN_set_bit(X, order_bits))
goto err;
do {
/* get random k */
do
@ -139,12 +147,18 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
/*
* We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the order. This guarantees the code
* path used in the constant time implementations elsewhere.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(k, k, order))
goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order))
if (!BN_add(r, k, order)
|| !BN_add(X, r, order)
|| !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
goto err;
/* compute r the x-coordinate of generator * k */

View File

@ -725,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line)
}
#endif
es = ERR_get_state();
if (es == NULL)
return;
es->top = (es->top + 1) % ERR_NUM_ERRORS;
if (es->top == es->bottom)
@ -742,6 +744,8 @@ void ERR_clear_error(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return;
for (i = 0; i < ERR_NUM_ERRORS; i++) {
err_clear(es, i);
@ -806,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file,
unsigned long ret;
es = ERR_get_state();
if (es == NULL)
return 0;
if (inc && top) {
if (file)
@ -1016,7 +1022,6 @@ void ERR_remove_state(unsigned long pid)
ERR_STATE *ERR_get_state(void)
{
static ERR_STATE fallback;
ERR_STATE *ret, tmp, *tmpp = NULL;
int i;
CRYPTO_THREADID tid;
@ -1030,7 +1035,7 @@ ERR_STATE *ERR_get_state(void)
if (ret == NULL) {
ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
if (ret == NULL)
return (&fallback);
return NULL;
CRYPTO_THREADID_cpy(&ret->tid, &tid);
ret->top = 0;
ret->bottom = 0;
@ -1042,7 +1047,7 @@ ERR_STATE *ERR_get_state(void)
/* To check if insertion failed, do a get. */
if (ERRFN(thread_get_item) (ret) != ret) {
ERR_STATE_free(ret); /* could not insert it */
return (&fallback);
return NULL;
}
/*
* If a race occured in this function and we came second, tmpp is the
@ -1066,10 +1071,10 @@ void ERR_set_error_data(char *data, int flags)
int i;
es = ERR_get_state();
if (es == NULL)
return;
i = es->top;
if (i == 0)
i = ERR_NUM_ERRORS - 1;
err_clear_data(es, i);
es->err_data[i] = data;
@ -1121,6 +1126,8 @@ int ERR_set_mark(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return 0;
if (es->bottom == es->top)
return 0;
@ -1133,6 +1140,8 @@ int ERR_pop_to_mark(void)
ERR_STATE *es;
es = ERR_get_state();
if (es == NULL)
return 0;
while (es->bottom != es->top
&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {

View File

@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
ret &= constant_time_ge(maxpad, pad);
mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;

View File

@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
* to identify it and avoid stitch invocation. So that after we
* establish that current CPU supports AVX, we even see if it's
* either even XOP-capable Bulldozer-based or GenuineIntel one.
* But SHAEXT-capable go ahead...
*/
if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */
if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */
((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
| (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */
| (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */
plen > (sha_off + iv) &&
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
SHA256_Update(&key->md, in + iv, sha_off);
@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
ret &= constant_time_ge(maxpad, pad);
mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len;

View File

@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
const char *type,
const char *value));
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src));
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen));
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
void EVP_add_alg_module(void);
/* BEGIN ERROR CODES */

View File

@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
{
int ret;
int ret = -1;
char buff[BUFSIZ];
UI *ui;
@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
prompt = prompt_string;
ui = UI_new();
if (ui == NULL)
return -1;
UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
if (verify)
UI_add_verify_string(ui, prompt, 0,
buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf);
return ret;
if (UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
|| (verify
&& UI_add_verify_string(ui, prompt, 0, buff, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf) < 0))
goto end;
ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff, BUFSIZ);
end:
UI_free(ui);
return ret;
}

View File

@ -589,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl = ctrl;
pmeth->ctrl_str = ctrl_str;
}
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx))
{
*pinit = pmeth->init;
}
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src))
{
*pcopy = pmeth->copy;
}
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx))
{
*pcleanup = pmeth->cleanup;
}
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pparamgen_init)
*pparamgen_init = pmeth->paramgen_init;
if (pparamgen)
*pparamgen = pmeth->paramgen;
}
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pkeygen_init)
*pkeygen_init = pmeth->keygen_init;
if (pkeygen)
*pkeygen = pmeth->keygen;
}
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (psign_init)
*psign_init = pmeth->sign_init;
if (psign)
*psign = pmeth->sign;
}
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (pverify_init)
*pverify_init = pmeth->verify_init;
if (pverify)
*pverify = pmeth->verify;
}
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen))
{
if (pverify_recover_init)
*pverify_recover_init = pmeth->verify_recover_init;
if (pverify_recover)
*pverify_recover = pmeth->verify_recover;
}
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx))
{
if (psignctx_init)
*psignctx_init = pmeth->signctx_init;
if (psignctx)
*psignctx = pmeth->signctx;
}
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx))
{
if (pverifyctx_init)
*pverifyctx_init = pmeth->verifyctx_init;
if (pverifyctx)
*pverifyctx = pmeth->verifyctx;
}
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pencrypt_init)
*pencrypt_init = pmeth->encrypt_init;
if (pencryptfn)
*pencryptfn = pmeth->encrypt;
}
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pdecrypt_init)
*pdecrypt_init = pmeth->decrypt_init;
if (pdecrypt)
*pdecrypt = pmeth->decrypt;
}
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen))
{
if (pderive_init)
*pderive_init = pmeth->derive_init;
if (pderive)
*pderive = pmeth->derive;
}
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value))
{
if (pctrl)
*pctrl = pmeth->ctrl;
if (pctrl_str)
*pctrl_str = pmeth->ctrl_str;
}

View File

@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
if (j < mx)
mx = j;
if (mx > 0) {
if (!CRYPTO_set_ex_data(to, mx - 1, NULL))
/*
* Make sure the ex_data stack is at least |mx| elements long to avoid
* issues in the for loop that follows; so go get the |mx|'th element
* (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
* to itself. This is normally a no-op; but ensures the stack is the
* proper size
*/
if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
goto skip;
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
if (!storage)

View File

@ -101,6 +101,24 @@
#include <openssl/crypto.h>
#include <openssl/lhash.h>
/*
* A hashing implementation that appears to be based on the linear hashing
* alogrithm:
* https://en.wikipedia.org/wiki/Linear_hashing
*
* Litwin, Witold (1980), "Linear hashing: A new tool for file and table
* addressing", Proc. 6th Conference on Very Large Databases: 212223
* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
*
* From the wikipedia article "Linear hashing is used in the BDB Berkeley
* database system, which in turn is used by many software systems such as
* OpenLDAP, using a C implementation derived from the CACM article and first
* published on the Usenet in 1988 by Esmond Pitt."
*
* The CACM paper is available here:
* https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
*/
const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#undef MIN_NODES
@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
static void expand(_LHASH *lh);
static int expand(_LHASH *lh);
static void contract(_LHASH *lh);
static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data)
void *ret;
lh->error = 0;
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
expand(lh);
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)
&& !expand(lh))
return NULL;
rn = getrn(lh, data, &hash);
@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
}
static void expand(_LHASH *lh)
static int expand(_LHASH *lh)
{
LHASH_NODE **n, **n1, **n2, *np;
unsigned int p, i, j;
unsigned long hash, nni;
unsigned int p, pmax, nni, j;
unsigned long hash;
nni = lh->num_alloc_nodes;
p = lh->p;
pmax = lh->pmax;
if (p + 1 >= pmax) {
j = nni * 2;
n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
return 0;
}
lh->b = n;
memset(n + nni, 0, sizeof(*n) * (j - nni));
lh->pmax = nni;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
} else {
lh->p++;
}
lh->num_nodes++;
lh->num_expands++;
p = (int)lh->p++;
n1 = &(lh->b[p]);
n2 = &(lh->b[p + (int)lh->pmax]);
*n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */
nni = lh->num_alloc_nodes;
n2 = &(lh->b[p + pmax]);
*n2 = NULL;
for (np = *n1; np != NULL;) {
#ifndef OPENSSL_NO_HASH_COMP
@ -330,25 +367,7 @@ static void expand(_LHASH *lh)
np = *n1;
}
if ((lh->p) >= lh->pmax) {
j = (int)lh->num_alloc_nodes * 2;
n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
lh->num_nodes--;
lh->p = 0;
return;
}
/* else */
for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
n[i] = NULL; /* 02/03/92 eay */
lh->pmax = lh->num_alloc_nodes;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
lh->b = n;
}
return 1;
}
static void contract(_LHASH *lh)

View File

@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
goto end;
}
}
} else if (certs != NULL) {
untrusted = certs;
} else {
untrusted = bs->certs;
}

View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x100020cfL
# define OPENSSL_VERSION_NUMBER 0x100020dfL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-fips 25 May 2017"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-freebsd 25 May 2017"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-freebsd 2 Nov 2017"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
((c >= '0') && (c <= '9'))))
break;
#else
if (!(isupper(c) || (c == '-') || isdigit(c)))
if (!(isupper((unsigned char)c) || (c == '-')
|| isdigit((unsigned char)c)))
break;
#endif
header++;

View File

@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
return NULL;
ret = EVP_PKCS82PKEY(p8inf);

View File

@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);

View File

@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
{
STACK_OF(X509) *ocerts = NULL;
X509 *x = NULL;
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check for NULL PKCS12 structure */
if (!p12) {
@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
return 0;
}
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check the mac */
/*
@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (!ocerts) {
PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
return 0;
goto err;
}
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
err:
if (pkey && *pkey)
if (pkey) {
EVP_PKEY_free(*pkey);
if (cert && *cert)
*pkey = NULL;
}
if (cert) {
X509_free(*cert);
*cert = NULL;
}
if (x)
X509_free(x);
if (ocerts)

View File

@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2;
}
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash)
{
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss;
}
#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;

View File

@ -237,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
if (db != NULL)
if (db != NULL) {
OPENSSL_cleanse(db, dblen);
OPENSSL_free(db);
if (em != NULL)
}
if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em);
}
return mlen;
}

View File

@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* We can't continue in constant-time because we need to copy the result
* and we cannot fake its length. This unavoidably leaks timing
* information at the API boundary.
* TODO(emilia): this could be addressed at the call site,
* see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
*/
if (!good) {
mlen = -1;
@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
memcpy(to, em + msg_index, mlen);
err:
if (em != NULL)
if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em);
}
if (mlen == -1)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
RSA_R_PKCS_DECODING_ERROR);

View File

@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
* FIPS mode.
*/
static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd,
const EVP_MD **pmgf1md)
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
int rv = -1;
if (!FIPS_mode())
return 0;
if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
rv = 0;
if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
return -1;
if (rctx->md) {
const EVP_MD *fmd;
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md));
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
if (*pmd != NULL) {
*pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd));
if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS))
return rv;
}
if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) {
const EVP_MD *fmd;
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md));
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
if (*pmgf1md != NULL) {
*pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md));
if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS))
return rv;
}
return 1;
@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
int ret;
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
#ifdef OPENSSL_FIPS
ret = pkey_fips_check_ctx(ctx);
ret = pkey_fips_check_rsa(rsa, &md, &mgf1md);
if (ret < 0) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1;
}
#endif
if (rctx->md) {
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
if (md != NULL) {
if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
#ifdef OPENSSL_FIPS
if (ret > 0) {
unsigned int slen;
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md, sig, &slen);
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
rctx->saltlen, mgf1md, sig, &slen);
if (ret > 0)
*siglen = slen;
else
@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
}
#endif
if (EVP_MD_type(rctx->md) == NID_mdc2) {
if (EVP_MD_type(md) == NID_mdc2) {
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
tbs, tbslen, sig, &sltmp, rsa);
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp,
rsa);
if (ret <= 0)
return ret;
@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
return -1;
}
memcpy(rctx->tbuf, tbs, tbslen);
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md));
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
sig, rsa, RSA_X931_PADDING);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
unsigned int sltmp;
ret = RSA_sign(EVP_MD_type(rctx->md),
tbs, tbslen, sig, &sltmp, rsa);
ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
return ret;
ret = sltmp;
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
rctx->tbuf, tbs,
rctx->md, rctx->mgf1md,
rctx->saltlen))
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs,
md, mgf1md, rctx->saltlen))
return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING);
@ -348,32 +343,31 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
{
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
size_t rslen;
#ifdef OPENSSL_FIPS
int rv;
rv = pkey_fips_check_ctx(ctx);
int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md);
if (rv < 0) {
RSAerr(RSA_F_PKEY_RSA_VERIFY,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1;
}
#endif
if (rctx->md) {
if (md != NULL) {
#ifdef OPENSSL_FIPS
if (rv > 0) {
return FIPS_rsa_verify_digest(rsa,
tbs, tbslen,
rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md, sig, siglen);
return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
rctx->saltlen, mgf1md, sig, siglen);
}
#endif
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
return RSA_verify(EVP_MD_type(md), tbs, tbslen,
sig, siglen, rsa);
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
@ -388,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
rsa, RSA_NO_PADDING);
if (ret <= 0)
return 0;
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
rctx->md, rctx->mgf1md,
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md,
rctx->tbuf, rctx->saltlen);
if (ret <= 0)
return 0;

View File

@ -520,6 +520,7 @@ int UI_process(UI *ui)
}
}
}
err:
if (ui->meth->ui_close_session != NULL
&& ui->meth->ui_close_session(ui) <= 0)

View File

@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
goto reconsider;
} else
#endif
if (bits >= 8) {
if (bits > 8) {
b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
b &= 0xff;
if (bitrem)
@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
}
if (bitrem)
c->data[byteoff] = b << (8 - bitrem);
} else { /* remaining less than 8 bits */
} else { /* remaining less than or equal to 8 bits */
b = (inp[0] << inpgap) & 0xff;
if (bitrem)

View File

@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
if (!hent) {
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
if (hent == NULL) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
goto finish;
}

View File

@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret)
{
int ok = 0;
char *file;
const char *file;
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)getenv(X509_get_default_cert_file_env());
file = getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) {
for (;;) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) {
@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
return 0;
}
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
BIO_free(in);
if (!inf) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);

View File

@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
{
int ret;
int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
*ptree = NULL;
@ -800,16 +801,19 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
/* Tree is not empty: continue */
ret = tree_calculate_authority_set(tree, &auth_nodes);
calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
if (!calc_ret)
goto error;
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
if (calc_ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (!ret)
goto error;
if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
goto error;
if (ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (tree)
*ptree = tree;

View File

@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
return ((f != NULL &&
f->addressFamily != NULL && f->addressFamily->data != NULL)
? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
: 0);
if (f == NULL
|| f->addressFamily == NULL
|| f->addressFamily->data == NULL
|| f->addressFamily->length < 2)
return 0;
return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*

View File

@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
oth = OTHERNAME_new();
if (!oth)
return 0;
ASN1_TYPE_free(oth->value);
oth->type_id = oid;
oth->value = value;
GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);

View File

@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
/*
* We cannot use strncasecmp here because that applies locale specific rules.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below).
*/
static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
{
for (; n > 0; n--, s1++, s2++) {
if (*s1 != *s2) {
unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
/* Convert to lower case */
if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
c1 += 0x20;
if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
c2 += 0x20;
if (c1 == c2)
continue;
if (c1 < c2)
return -1;
/* c1 > c2 */
return 1;
} else if (*s1 == 0) {
/* If we get here we know that *s2 == 0 too */
return 0;
}
}
return 0;
}
static int ia5casecmp(const char *s1, const char *s2)
{
/* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */
return ia5ncasecmp(s1, s2, (size_t)(-1));
}
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION;
}
if (strcasecmp(baseptr, dnsptr))
if (ia5casecmp(baseptr, dnsptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
if (!baseat && (*baseptr == '.')) {
if (eml->length > base->length) {
emlptr += eml->length - base->length;
if (!strcasecmp(baseptr, emlptr))
if (ia5casecmp(baseptr, emlptr) == 0)
return X509_V_OK;
}
return X509_V_ERR_PERMITTED_VIOLATION;
@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
}
emlptr = emlat + 1;
/* Just have hostname left to match: case insensitive */
if (strcasecmp(baseptr, emlptr))
if (ia5casecmp(baseptr, emlptr))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
if (*baseptr == '.') {
if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
if (!strncasecmp(p, baseptr, base->length))
if (ia5ncasecmp(p, baseptr, base->length) == 0)
return X509_V_OK;
}
return X509_V_ERR_PERMITTED_VIOLATION;
}
if ((base->length != (int)hostlen)
|| strncasecmp(hostptr, baseptr, hostlen))
|| ia5ncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;

View File

@ -136,8 +136,19 @@ OPENSSL_ia32_cpuid:
or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs
and \$15,%ah
cmp \$15,%ah # examine Family ID
jne .Lnotintel
jne .LnotP4
or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR
.LnotP4:
cmp \$6,%ah
jne .Lnotintel
and \$0x0fff0ff0,%eax
cmp \$0x00050670,%eax # Knights Landing
je .Lknights
cmp \$0x00080650,%eax # Knights Mill (according to sde)
jne .Lnotintel
.Lknights:
and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont
.Lnotintel:
bt \$28,%edx # test hyper-threading bit
jnc .Lgeneric
@ -162,6 +173,10 @@ OPENSSL_ia32_cpuid:
mov \$7,%eax
xor %ecx,%ecx
cpuid
bt \$26,%r9d # check XSAVE bit, cleared on Knights
jc .Lnotknights
and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag
.Lnotknights:
mov %ebx,8(%rdi) # save extended feature flags
.Lno_extended_info:
@ -175,7 +190,7 @@ OPENSSL_ia32_cpuid:
.Lclear_avx:
mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11)
and %eax,%r9d # clear AVX, FMA and AMD XOP bits
andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5)
andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5)
.Ldone:
shl \$32,%r9
mov %r10d,%eax

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-asn1parse,
asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-ca,
ca - sample minimal CA application
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ciphers,
ciphers - SSL cipher display and cipher list tool.
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-cms,
cms - CMS utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-crl,
crl - CRL utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-crl2pkcs7,
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dgst,
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dhparam,
dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dsa,
dsa - DSA key processing
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-dsaparam,
dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ec,
ec - EC key processing
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ecparam,
ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-enc,
enc - symmetric cipher routines
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-errstr,
errstr - lookup error codes
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-gendsa,
gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-genpkey,
genpkey - generate a private key
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-genrsa,
genrsa - generate an RSA private key
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-nseq,
nseq - create or examine a netscape certificate sequence
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-ocsp,
ocsp - Online Certificate Status Protocol utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-passwd,
passwd - compute password hashes
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-pkcs12,
pkcs12 - PKCS#12 file utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs7,
pkcs7 - PKCS#7 utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-pkey,
pkey - public or private key processing tool
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-pkeyparam,
pkeyparam - public key algorithm parameter processing tool
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-pkeyutl,
pkeyutl - public key algorithm utility
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-rand,
rand - generate pseudo-random bytes
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-req,
req - PKCS#10 certificate request and certificate generating utility.
=head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-rsa,
rsa - RSA key processing tool
=head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME
openssl-rsautl,
rsautl - RSA utility
=head1 SYNOPSIS
@ -105,7 +106,7 @@ Recover the signed data
Examine the raw signed data:
openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-s_client,
s_client - SSL/TLS client program
=head1 SYNOPSIS
@ -197,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>.
=item B<-psk_identity identity>
Use the PSK identity B<identity> when using a PSK cipher suite.
The default value is "Client_identity" (without the quotes).
=item B<-psk key>
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>

View File

@ -3,6 +3,7 @@
=head1 NAME
openssl-s_server,
s_server - SSL/TLS server program
=head1 SYNOPSIS
@ -219,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite.
Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
@ -403,10 +405,6 @@ a web browser the command:
can be used for example.
Most web browsers (in particular Netscape and MSIE) only support RSA cipher
suites, so they cannot connect to servers which don't use a certificate
carrying an RSA key or a version of OpenSSL with RSA disabled.
Although specifying an empty list of CAs when requesting a client certificate
is strictly speaking a protocol violation, some SSL clients interpret this to
mean any CA is acceptable. This is useful for debugging purposes.

Some files were not shown because too many files have changed in this diff Show More