d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge OpenSSL 1.1.1h.

Browse Source
This commit is contained in:
Jung-uk Kim 2020-09-22 16:18:31 +00:00
commit 58f351825a
787 changed files with 3880 additions and 5533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
crypto/openssl/CHANGES
View File

@ -7,6 +7,33 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch. release branch.
Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
*) Certificates with explicit curve parameters are now disallowed in
verification chains if the X509_V_FLAG_X509_STRICT flag is used.
[Tomas Mraz]
*) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configuring DTLS-based contexts, and
conversely, silently ignore DTLS protocol version bounds when configuring
TLS-based contexts. The commands can be repeated to set bounds of both
types. The same applies with the corresponding "min_protocol" and
"max_protocol" command-line switches, in case some application uses both TLS
and DTLS.
SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds. Previously
attempts to apply bounds to these protocol versions would result in an
error. Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.
[Viktor Dukhovni]
*) Handshake now fails if Extended Master Secret extension is dropped
on renegotiation.
[Tomas Mraz]
*) The Oracle Developer Studio compiler will start reporting deprecated APIs
Changes between 1.1.1f and 1.1.1g [21 Apr 2020] Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
*) Fixed segmentation fault in SSL_check_chain() *) Fixed segmentation fault in SSL_check_chain()

38
crypto/openssl/Configure
View File

@ -217,12 +217,22 @@ sub resolve_config;
# Unified build supports separate build dir # Unified build supports separate build dir
my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
# File::Spec::Unix doesn't detect case insensitivity, so we make sure to
# check if the source and build directory are really the same, and make
# them so. This avoids all kinds of confusion later on.
# We must check @File::Spec::ISA rather than using File::Spec->isa() to
# know if File::Spec ended up loading File::Spec::Unix.
$srcdir = $blddir
if (grep(/::Unix$/, @File::Spec::ISA)
&& samedir($srcdir, $blddir));
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
$config{sourcedir} = abs2rel($srcdir); $config{sourcedir} = abs2rel($srcdir, $blddir);
$config{builddir} = abs2rel($blddir); $config{builddir} = abs2rel($blddir, $blddir);
# Collect reconfiguration information if needed # Collect reconfiguration information if needed
my @argvcopy=@ARGV; my @argvcopy=@ARGV;
@ -1049,6 +1059,9 @@ if (scalar(@seed_sources) == 0) {
print "Using os-specific seed configuration\n"; print "Using os-specific seed configuration\n";
push @seed_sources, 'os'; push @seed_sources, 'os';
} }
if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) {
delete $disabled{'egd'};
}
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1; warn <<_____ if scalar(@seed_sources) == 1;
@ -3424,6 +3437,27 @@ sub absolutedir {
return realpath($dir); return realpath($dir);
} }
# Check if all paths are one and the same, using stat. They must both exist
# We need this for the cases when File::Spec doesn't detect case insensitivity
# (File::Spec::Unix assumes case sensitivity)
sub samedir {
die "samedir expects two arguments\n" unless scalar @_ == 2;
my @stat0 = stat($_[0]); # First argument
my @stat1 = stat($_[1]); # Second argument
die "Couldn't stat $_[0]" unless @stat0;
die "Couldn't stat $_[1]" unless @stat1;
# Compare device number
return 0 unless ($stat0[0] == $stat1[0]);
# Compare "inode". The perl manual recommends comparing as
# string rather than as number.
return 0 unless ($stat0[1] eq $stat1[1]);
return 1; # All the same
}
sub quotify { sub quotify {
my %processors = ( my %processors = (
perl => sub { my $x = shift; perl => sub { my $x = shift;

8
crypto/openssl/NEWS
View File

@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
o Disallow explicit curve parameters in verifications chains when
X509_V_FLAG_X509_STRICT is used
o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
contexts
o Oracle Developer Studio will start reporting deprecation warnings
Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020] Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967) o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)

2
crypto/openssl/NOTES.PERL
View File

@ -109,7 +109,7 @@
$ cpan -f -i Text::Template $ cpan -f -i Text::Template
Note: on VMS, you must quote any argument that contains upper case Note: on VMS, you must quote any argument that contains uppercase
characters, so the lines above would be: characters, so the lines above would be:
$ cpan -i "Text::Template" $ cpan -i "Text::Template"

2
crypto/openssl/README
View File

@ -1,5 +1,5 @@
OpenSSL 1.1.1g 21 Apr 2020 OpenSSL 1.1.1h 22 Sep 2020
Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

8
crypto/openssl/apps/genpkey.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -177,9 +177,12 @@ int genpkey_main(int argc, char **argv)
goto end; goto end;
} }
ret = 0;
if (rv <= 0) { if (rv <= 0) {
BIO_puts(bio_err, "Error writing key\n"); BIO_puts(bio_err, "Error writing key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
ret = 1;
} }
if (text) { if (text) {
@ -191,11 +194,10 @@ int genpkey_main(int argc, char **argv)
if (rv <= 0) { if (rv <= 0) {
BIO_puts(bio_err, "Error printing key\n"); BIO_puts(bio_err, "Error printing key\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
ret = 1;
} }
} }
ret = 0;
end: end:
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(ctx);

4
crypto/openssl/apps/rsa8192.pem
View File

@ -1,5 +1,4 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
@ -62,7 +61,7 @@ JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9 kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU 2cYUn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8 PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
@ -98,4 +97,3 @@ TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8= I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----

22
crypto/openssl/apps/s_client.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved. * Copyright 2005 Nokia. All rights reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
@ -1283,22 +1283,42 @@ int s_client_main(int argc, char **argv)
case OPT_SSL3: case OPT_SSL3:
min_version = SSL3_VERSION; min_version = SSL3_VERSION;
max_version = SSL3_VERSION; max_version = SSL3_VERSION;
socket_type = SOCK_STREAM;
#ifndef OPENSSL_NO_DTLS
isdtls = 0;
#endif
break; break;
case OPT_TLS1_3: case OPT_TLS1_3:
min_version = TLS1_3_VERSION; min_version = TLS1_3_VERSION;
max_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION;
socket_type = SOCK_STREAM;
#ifndef OPENSSL_NO_DTLS
isdtls = 0;
#endif
break; break;
case OPT_TLS1_2: case OPT_TLS1_2:
min_version = TLS1_2_VERSION; min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION;
socket_type = SOCK_STREAM;
#ifndef OPENSSL_NO_DTLS
isdtls = 0;
#endif
break; break;
case OPT_TLS1_1: case OPT_TLS1_1:
min_version = TLS1_1_VERSION; min_version = TLS1_1_VERSION;
max_version = TLS1_1_VERSION; max_version = TLS1_1_VERSION;
socket_type = SOCK_STREAM;
#ifndef OPENSSL_NO_DTLS
isdtls = 0;
#endif
break; break;
case OPT_TLS1: case OPT_TLS1:
min_version = TLS1_VERSION; min_version = TLS1_VERSION;
max_version = TLS1_VERSION; max_version = TLS1_VERSION;
socket_type = SOCK_STREAM;
#ifndef OPENSSL_NO_DTLS
isdtls = 0;
#endif
break; break;
case OPT_DTLS: case OPT_DTLS:
#ifndef OPENSSL_NO_DTLS #ifndef OPENSSL_NO_DTLS

4
crypto/openssl/apps/x509.c
View File

@ -140,9 +140,9 @@ const OPTIONS x509_options[] = {
{"", OPT_MD, '-', "Any supported digest"}, {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5 #ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"}, "Print old-style (MD5) subject hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
#endif #endif
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},

3
crypto/openssl/appveyor.yml
View File

@ -46,7 +46,8 @@ before_build:
- cd .. - cd ..
- ps: >- - ps: >-
if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER`
-or (&git log -2 | Select-String "\[extended tests\]") ) { -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT |
Select-String "\[extended tests\]") ) {
$env:EXTENDED_TESTS="yes" $env:EXTENDED_TESTS="yes"
} }

351
crypto/openssl/crypto/aes/aes_core.c
View File

@ -673,357 +673,6 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
InvCipher(in, out, rk, key->rounds); InvCipher(in, out, rk, key->rounds);
} }
# ifndef OPENSSL_SMALL_FOOTPRINT
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
const unsigned char *ivec);
static void RawToBits(const u8 raw[64], u64 bits[8])
{
int i, j;
u64 in, out;
memset(bits, 0, 64);
for (i = 0; i < 8; i++) {
in = 0;
for (j = 0; j < 8; j++)
in |= ((u64)raw[i * 8 + j]) << (8 * j);
out = in & 0xF0F0F0F00F0F0F0FuLL;
out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
out |= (in & 0x00000000F0F0F0F0uLL) << 28;
in = out & 0xCCCC3333CCCC3333uLL;
in |= (out & 0x3333000033330000uLL) >> 14;
in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
out = in & 0xAA55AA55AA55AA55uLL;
out |= (in & 0x5500550055005500uLL) >> 7;
out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
for (j = 0; j < 8; j++) {
bits[j] |= (out & 0xFFuLL) << (8 * i);
out = out >> 8;
}
}
}
static void BitsToRaw(const u64 bits[8], u8 raw[64])
{
int i, j;
u64 in, out;
for (i = 0; i < 8; i++) {
in = 0;
for (j = 0; j < 8; j++)
in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j);
out = in & 0xF0F0F0F00F0F0F0FuLL;
out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
out |= (in & 0x00000000F0F0F0F0uLL) << 28;
in = out & 0xCCCC3333CCCC3333uLL;
in |= (out & 0x3333000033330000uLL) >> 14;
in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
out = in & 0xAA55AA55AA55AA55uLL;
out |= (in & 0x5500550055005500uLL) >> 7;
out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
for (j = 0; j < 8; j++) {
raw[i * 8 + j] = (u8)out;
out = out >> 8;
}
}
}
static void BitsXtime(u64 state[8])
{
u64 b;
b = state[7];
state[7] = state[6];
state[6] = state[5];
state[5] = state[4];
state[4] = state[3] ^ b;
state[3] = state[2] ^ b;
state[2] = state[1];
state[1] = state[0] ^ b;
state[0] = b;
}
/*
* This S-box implementation follows a circuit described in
* Boyar and Peralta: "A new combinational logic minimization
* technique with applications to cryptology."
* https://eprint.iacr.org/2009/191.pdf
*
* The math is similar to above, in that it uses
* a tower field of GF(2^2^2^2) but with a different
* basis representation, that is better suited to
* logic designs.
*/
static void BitsSub(u64 state[8])
{
u64 x0, x1, x2, x3, x4, x5, x6, x7;
u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11;
u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21;
u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11;
u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21;
u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31;
u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41;
u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51;
u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61;
u64 t62, t63, t64, t65, t66, t67;
u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11;
u64 z12, z13, z14, z15, z16, z17;
u64 s0, s1, s2, s3, s4, s5, s6, s7;
x7 = state[0];
x6 = state[1];
x5 = state[2];
x4 = state[3];
x3 = state[4];
x2 = state[5];
x1 = state[6];
x0 = state[7];
y14 = x3 ^ x5;
y13 = x0 ^ x6;
y9 = x0 ^ x3;
y8 = x0 ^ x5;
t0 = x1 ^ x2;
y1 = t0 ^ x7;
y4 = y1 ^ x3;
y12 = y13 ^ y14;
y2 = y1 ^ x0;
y5 = y1 ^ x6;
y3 = y5 ^ y8;
t1 = x4 ^ y12;
y15 = t1 ^ x5;
y20 = t1 ^ x1;
y6 = y15 ^ x7;
y10 = y15 ^ t0;
y11 = y20 ^ y9;
y7 = x7 ^ y11;
y17 = y10 ^ y11;
y19 = y10 ^ y8;
y16 = t0 ^ y11;
y21 = y13 ^ y16;
y18 = x0 ^ y16;
t2 = y12 & y15;
t3 = y3 & y6;
t4 = t3 ^ t2;
t5 = y4 & x7;
t6 = t5 ^ t2;
t7 = y13 & y16;
t8 = y5 & y1;
t9 = t8 ^ t7;
t10 = y2 & y7;
t11 = t10 ^ t7;
t12 = y9 & y11;
t13 = y14 & y17;
t14 = t13 ^ t12;
t15 = y8 & y10;
t16 = t15 ^ t12;
t17 = t4 ^ t14;
t18 = t6 ^ t16;
t19 = t9 ^ t14;
t20 = t11 ^ t16;
t21 = t17 ^ y20;
t22 = t18 ^ y19;
t23 = t19 ^ y21;
t24 = t20 ^ y18;
t25 = t21 ^ t22;
t26 = t21 & t23;
t27 = t24 ^ t26;
t28 = t25 & t27;
t29 = t28 ^ t22;
t30 = t23 ^ t24;
t31 = t22 ^ t26;
t32 = t31 & t30;
t33 = t32 ^ t24;
t34 = t23 ^ t33;
t35 = t27 ^ t33;
t36 = t24 & t35;
t37 = t36 ^ t34;
t38 = t27 ^ t36;
t39 = t29 & t38;
t40 = t25 ^ t39;
t41 = t40 ^ t37;
t42 = t29 ^ t33;
t43 = t29 ^ t40;
t44 = t33 ^ t37;
t45 = t42 ^ t41;
z0 = t44 & y15;
z1 = t37 & y6;
z2 = t33 & x7;
z3 = t43 & y16;
z4 = t40 & y1;
z5 = t29 & y7;
z6 = t42 & y11;
z7 = t45 & y17;
z8 = t41 & y10;
z9 = t44 & y12;
z10 = t37 & y3;
z11 = t33 & y4;
z12 = t43 & y13;
z13 = t40 & y5;
z14 = t29 & y2;
z15 = t42 & y9;
z16 = t45 & y14;
z17 = t41 & y8;
t46 = z15 ^ z16;
t47 = z10 ^ z11;
t48 = z5 ^ z13;
t49 = z9 ^ z10;
t50 = z2 ^ z12;
t51 = z2 ^ z5;
t52 = z7 ^ z8;
t53 = z0 ^ z3;
t54 = z6 ^ z7;
t55 = z16 ^ z17;
t56 = z12 ^ t48;
t57 = t50 ^ t53;
t58 = z4 ^ t46;
t59 = z3 ^ t54;
t60 = t46 ^ t57;
t61 = z14 ^ t57;
t62 = t52 ^ t58;
t63 = t49 ^ t58;
t64 = z4 ^ t59;
t65 = t61 ^ t62;
t66 = z1 ^ t63;
s0 = t59 ^ t63;
s6 = ~(t56 ^ t62);
s7 = ~(t48 ^ t60);
t67 = t64 ^ t65;
s3 = t53 ^ t66;
s4 = t51 ^ t66;
s5 = t47 ^ t65;
s1 = ~(t64 ^ s3);
s2 = ~(t55 ^ t67);
state[0] = s7;
state[1] = s6;
state[2] = s5;
state[3] = s4;
state[4] = s3;
state[5] = s2;
state[6] = s1;
state[7] = s0;
}
static void BitsShiftRows(u64 state[8])
{
u64 s, s0;
int i;
for (i = 0; i < 8; i++) {
s = state[i];
s0 = s & 0x1111111111111111uLL;
s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12);
s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8);
s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4);
state[i] = s0;
}
}
static void BitsMixColumns(u64 state[8])
{
u64 s1, s;
u64 s0[8];
int i;
for (i = 0; i < 8; i++) {
s1 = state[i];
s = s1;
s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2);
s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1);
s ^= s1;
s0[i] = s;
}
BitsXtime(state);
for (i = 0; i < 8; i++) {
s1 = state[i];
s = s0[i];
s ^= s1;
s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3);
state[i] = s;
}
}
static void BitsAddRoundKey(u64 state[8], const u64 key[8])
{
int i;
for (i = 0; i < 8; i++)
state[i] ^= key[i];
}
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
const unsigned char *ivec)
{
struct {
u8 cipher[64];
u64 state[8];
u64 rd_key[AES_MAXNR + 1][8];
} *bs;
u32 ctr32;
int i;
ctr32 = GETU32(ivec + 12);
if (blocks >= 4
&& (bs = OPENSSL_malloc(sizeof(*bs)))) {
for (i = 0; i < key->rounds + 1; i++) {
memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16);
memcpy(bs->cipher + 16, bs->cipher, 16);
memcpy(bs->cipher + 32, bs->cipher, 32);
RawToBits(bs->cipher, bs->rd_key[i]);
}
while (blocks) {
memcpy(bs->cipher, ivec, 12);
PUTU32(bs->cipher + 12, ctr32);
ctr32++;
memcpy(bs->cipher + 16, ivec, 12);
PUTU32(bs->cipher + 28, ctr32);
ctr32++;
memcpy(bs->cipher + 32, ivec, 12);
PUTU32(bs->cipher + 44, ctr32);
ctr32++;
memcpy(bs->cipher + 48, ivec, 12);
PUTU32(bs->cipher + 60, ctr32);
ctr32++;
RawToBits(bs->cipher, bs->state);
BitsAddRoundKey(bs->state, bs->rd_key[0]);
for (i = 1; i < key->rounds; i++) {
BitsSub(bs->state);
BitsShiftRows(bs->state);
BitsMixColumns(bs->state);
BitsAddRoundKey(bs->state, bs->rd_key[i]);
}
BitsSub(bs->state);
BitsShiftRows(bs->state);
BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]);
BitsToRaw(bs->state, bs->cipher);
for (i = 0; i < 64 && blocks; i++) {
out[i] = in[i] ^ bs->cipher[i];
if ((i & 15) == 15)
blocks--;
}
in += i;
out += i;
}
OPENSSL_clear_free(bs, sizeof(*bs));
} else {
unsigned char cipher[16];
while (blocks) {
memcpy(cipher, ivec, 12);
PUTU32(cipher + 12, ctr32);
AES_encrypt(cipher, cipher, key);
for (i = 0; i < 16; i++)
out[i] = in[i] ^ cipher[i];
in += 16;
out += 16;
ctr32++;
blocks--;
}
}
}
# endif
#elif !defined(AES_ASM) #elif !defined(AES_ASM)
/*- /*-
Te0[x] = S [x].[02, 01, 01, 03]; Te0[x] = S [x].[02, 01, 01, 03];

16
crypto/openssl/crypto/aes/aes_ige.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -12,11 +12,6 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include "aes_local.h" #include "aes_local.h"
#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
typedef struct {
unsigned long data[N_WORDS];
} aes_block_t;
/* XXX: probably some better way to do this */ /* XXX: probably some better way to do this */
#if defined(__i386__) || defined(__x86_64__) #if defined(__i386__) || defined(__x86_64__)
# define UNALIGNED_MEMOPS_ARE_FAST 1 # define UNALIGNED_MEMOPS_ARE_FAST 1
@ -24,6 +19,15 @@ typedef struct {
# define UNALIGNED_MEMOPS_ARE_FAST 0 # define UNALIGNED_MEMOPS_ARE_FAST 0
#endif #endif
#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
typedef struct {
unsigned long data[N_WORDS];
#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST
} aes_block_t __attribute((__aligned__(1)));
#else
} aes_block_t;
#endif
#if UNALIGNED_MEMOPS_ARE_FAST #if UNALIGNED_MEMOPS_ARE_FAST
# define load_block(d, s) (d) = *(const aes_block_t *)(s) # define load_block(d, s) (d) = *(const aes_block_t *)(s)
# define store_block(d, s) *(aes_block_t *)(d) = (s) # define store_block(d, s) *(aes_block_t *)(d) = (s)

4
crypto/openssl/crypto/asn1/d2i_pr.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -56,6 +56,8 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
goto err; goto err;
EVP_PKEY_free(ret); EVP_PKEY_free(ret);
ret = tmp; ret = tmp;
if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
goto err;
} else { } else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err; goto err;

34
crypto/openssl/crypto/asn1/x_algor.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -92,3 +92,35 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
return 0; return 0;
return ASN1_TYPE_cmp(a->parameter, b->parameter); return ASN1_TYPE_cmp(a->parameter, b->parameter);
} }
int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
{
if (src == NULL || dest == NULL)
return 0;
if (dest->algorithm)
ASN1_OBJECT_free(dest->algorithm);
dest->algorithm = NULL;
if (dest->parameter)
ASN1_TYPE_free(dest->parameter);
dest->parameter = NULL;
if (src->algorithm)
if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
return 0;
if (src->parameter) {
dest->parameter = ASN1_TYPE_new();
if (dest->parameter == NULL)
return 0;
/* Assuming this is also correct for a BOOL.
* set does copy as a side effect.
*/
if (ASN1_TYPE_set1(dest->parameter,
src->parameter->type, src->parameter->value.ptr) == 0)
return 0;
}
return 1;
}

8
crypto/openssl/crypto/bio/b_print.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -635,7 +635,11 @@ fmtfp(char **sbuffer,
fvalue = tmpvalue; fvalue = tmpvalue;
} }
ufvalue = abs_val(fvalue); ufvalue = abs_val(fvalue);
if (ufvalue > ULONG_MAX) { /*
* By subtracting 65535 (2^16-1) we cancel the low order 15 bits
* of ULONG_MAX to avoid using imprecise floating point values.
*/
if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) {
/* Number too big */ /* Number too big */
return 0; return 0;
} }

6
crypto/openssl/crypto/bio/bss_acpt.c
View File

@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
b->init = 1; b->init = 1;
} else if (num == 1) { } else if (num == 1) {
OPENSSL_free(data->param_serv); OPENSSL_free(data->param_serv);
data->param_serv = BUF_strdup(ptr); if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL)
b->init = 1; ret = 0;
else
b->init = 1;
} else if (num == 2) { } else if (num == 2) {
data->bind_mode |= BIO_SOCK_NONBLOCK; data->bind_mode |= BIO_SOCK_NONBLOCK;
} else if (num == 3) { } else if (num == 3) {

36
crypto/openssl/crypto/bio/bss_conn.c
View File

@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
case BIO_CONN_S_BLOCKED_CONNECT: case BIO_CONN_S_BLOCKED_CONNECT:
i = BIO_sock_error(b->num); i = BIO_sock_error(b->num);
if (i) { if (i != 0) {
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) {
/*
* if there are more addresses to try, do that first
*/
BIO_closesocket(b->num);
c->state = BIO_CONN_S_CREATE_SOCKET;
ERR_clear_error();
break;
}
SYSerr(SYS_F_CONNECT, i); SYSerr(SYS_F_CONNECT, i);
ERR_add_error_data(4, ERR_add_error_data(4,
"hostname=", c->param_hostname, "hostname=", c->param_hostname,
@ -407,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_C_SET_CONNECT: case BIO_C_SET_CONNECT:
if (ptr != NULL) { if (ptr != NULL) {
b->init = 1; b->init = 1;
if (num == 0) { if (num == 0) { /* BIO_set_conn_hostname */
char *hold_service = data->param_service; char *hold_service = data->param_service;
/* We affect the hostname regardless. However, the input /* We affect the hostname regardless. However, the input
* string might contain a host:service spec, so we must * string might contain a host:service spec, so we must
* parse it, which might or might not affect the service * parse it, which might or might not affect the service
*/ */
OPENSSL_free(data->param_hostname); OPENSSL_free(data->param_hostname);
data->param_hostname = NULL; data->param_hostname = NULL;
ret = BIO_parse_hostserv(ptr, ret = BIO_parse_hostserv(ptr,
@ -421,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_PARSE_PRIO_HOST); BIO_PARSE_PRIO_HOST);
if (hold_service != data->param_service) if (hold_service != data->param_service)
OPENSSL_free(hold_service); OPENSSL_free(hold_service);
} else if (num == 1) { } else if (num == 1) { /* BIO_set_conn_port */
OPENSSL_free(data->param_service); OPENSSL_free(data->param_service);
data->param_service = BUF_strdup(ptr); if ((data->param_service = OPENSSL_strdup(ptr)) == NULL)
} else if (num == 2) { ret = 0;
} else if (num == 2) { /* BIO_set_conn_address */
const BIO_ADDR *addr = (const BIO_ADDR *)ptr; const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
char *host = BIO_ADDR_hostname_string(addr, 1);
char *service = BIO_ADDR_service_string(addr, 1);
ret = host != NULL && service != NULL;
if (ret) { if (ret) {
data->param_hostname = BIO_ADDR_hostname_string(addr, 1); OPENSSL_free(data->param_hostname);
data->param_service = BIO_ADDR_service_string(addr, 1); data->param_hostname = host;
OPENSSL_free(data->param_service);
data->param_service = service;
BIO_ADDRINFO_free(data->addr_first); BIO_ADDRINFO_free(data->addr_first);
data->addr_first = NULL; data->addr_first = NULL;
data->addr_iter = NULL; data->addr_iter = NULL;
} else {
OPENSSL_free(host);
OPENSSL_free(service);
} }
} else if (num == 3) { } else if (num == 3) { /* BIO_set_conn_ip_family */
data->connect_family = *(int *)ptr; data->connect_family = *(int *)ptr;
} else { } else {
ret = 0; ret = 0;

386
crypto/openssl/crypto/bn/bn_gcd.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -10,22 +10,189 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include "bn_local.h" #include "bn_local.h"
/* solves ax == 1 (mod n) */ /*
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
const BIGNUM *a, const BIGNUM *n, * not contain branches that may leak sensitive information.
BN_CTX *ctx); *
* This is a static function, we ensure all callers in this file pass valid
BIGNUM *BN_mod_inverse(BIGNUM *in, * arguments: all passed pointers here are non-NULL.
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) */
static ossl_inline
BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx, int *pnoinv)
{ {
BIGNUM *rv; BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
int noinv; BIGNUM *ret = NULL;
rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); int sign;
if (noinv)
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); bn_check_top(a);
return rv; bn_check_top(n);
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
D = BN_CTX_get(ctx);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
if (T == NULL)
goto err;
if (in == NULL)
R = BN_new();
else
R = in;
if (R == NULL)
goto err;
BN_one(X);
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
if (BN_copy(A, n) == NULL)
goto err;
A->neg = 0;
if (B->neg || (BN_ucmp(B, A) >= 0)) {
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_B;
bn_init(&local_B);
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, &local_B, A, ctx))
goto err;
/* Ensure local_B goes out of scope before any further use of B */
}
}
sign = -1;
/*-
* From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
*/
while (!BN_is_zero(B)) {
BIGNUM *tmp;
/*-
* 0 < B < A,
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_A;
bn_init(&local_A);
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
if (!BN_div(D, M, &local_A, B, ctx))
goto err;
/* Ensure local_A goes out of scope before any further use of A */
}
/*-
* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
tmp = A; /* keep the BIGNUM object, the value does not
* matter */
/* (A, B) := (B, A mod B) ... */
A = B;
B = M;
/* ... so we have 0 <= B < A again */
/*-
* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
* sign*Y*a - D*A == B (mod |n|).
* Similarly, (*) translates into
* -sign*X*a == A (mod |n|).
*
* Thus,
* sign*Y*a + D*sign*X*a == B (mod |n|),
* i.e.
* sign*(Y + D*X)*a == B (mod |n|).
*
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
if (!BN_mul(tmp, D, X, ctx))
goto err;
if (!BN_add(tmp, tmp, Y))
goto err;
M = Y; /* keep the BIGNUM object, the value does not
* matter */
Y = X;
X = tmp;
sign = -sign;
}
/*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
* sign*Y*a == A (mod |n|),
* where Y is non-negative.
*/
if (sign < 0) {
if (!BN_sub(Y, n, Y))
goto err;
}
/* Now Y*a == A (mod |n|). */
if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
if (!Y->neg && BN_ucmp(Y, n) < 0) {
if (!BN_copy(R, Y))
goto err;
} else {
if (!BN_nnmod(R, Y, n, ctx))
goto err;
}
} else {
*pnoinv = 1;
/* caller sets the BN_R_NO_INVERSE error */
goto err;
}
ret = R;
*pnoinv = 0;
err:
if ((ret == NULL) && (in == NULL))
BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
return ret;
} }
/*
* This is an internal function, we assume all callers pass valid arguments:
* all pointers passed here are assumed non-NULL.
*/
BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *int_bn_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
int *pnoinv) int *pnoinv)
@ -36,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
/* This is invalid input so we don't worry about constant time here */ /* This is invalid input so we don't worry about constant time here */
if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
if (pnoinv != NULL) *pnoinv = 1;
*pnoinv = 1;
return NULL; return NULL;
} }
if (pnoinv != NULL) *pnoinv = 0;
*pnoinv = 0;
if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
|| (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_inverse_no_branch(in, a, n, ctx); return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv);
} }
bn_check_top(a); bn_check_top(a);
@ -332,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
goto err; goto err;
} }
} else { } else {
if (pnoinv) *pnoinv = 1;
*pnoinv = 1;
goto err; goto err;
} }
ret = R; ret = R;
@ -345,175 +509,27 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
return ret; return ret;
} }
/* /* solves ax == 1 (mod n) */
* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does BIGNUM *BN_mod_inverse(BIGNUM *in,
* not contain branches that may leak sensitive information. const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
*/
static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n,
BN_CTX *ctx)
{ {
BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; BN_CTX *new_ctx = NULL;
BIGNUM *ret = NULL; BIGNUM *rv;
int sign; int noinv = 0;
bn_check_top(a); if (ctx == NULL) {
bn_check_top(n); ctx = new_ctx = BN_CTX_new();
if (ctx == NULL) {
BN_CTX_start(ctx); BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE);
A = BN_CTX_get(ctx); return NULL;
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
D = BN_CTX_get(ctx);
M = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
T = BN_CTX_get(ctx);
if (T == NULL)
goto err;
if (in == NULL)
R = BN_new();
else
R = in;
if (R == NULL)
goto err;
BN_one(X);
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
if (BN_copy(A, n) == NULL)
goto err;
A->neg = 0;
if (B->neg || (BN_ucmp(B, A) >= 0)) {
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_B;
bn_init(&local_B);
BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, &local_B, A, ctx))
goto err;
/* Ensure local_B goes out of scope before any further use of B */
} }
} }
sign = -1;
/*-
* From B = a mod |n|, A = |n| it follows that
*
* 0 <= B < A,
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
*/
while (!BN_is_zero(B)) { rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
BIGNUM *tmp; if (noinv)
BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
/*- BN_CTX_free(new_ctx);
* 0 < B < A, return rv;
* (*) -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|)
*/
/*
* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
* BN_div_no_branch will be called eventually.
*/
{
BIGNUM local_A;
bn_init(&local_A);
BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
if (!BN_div(D, M, &local_A, B, ctx))
goto err;
/* Ensure local_A goes out of scope before any further use of A */
}
/*-
* Now
* A = D*B + M;
* thus we have
* (**) sign*Y*a == D*B + M (mod |n|).
*/
tmp = A; /* keep the BIGNUM object, the value does not
* matter */
/* (A, B) := (B, A mod B) ... */
A = B;
B = M;
/* ... so we have 0 <= B < A again */
/*-
* Since the former M is now B and the former B is now A,
* (**) translates into
* sign*Y*a == D*A + B (mod |n|),
* i.e.
* sign*Y*a - D*A == B (mod |n|).
* Similarly, (*) translates into
* -sign*X*a == A (mod |n|).
*
* Thus,
* sign*Y*a + D*sign*X*a == B (mod |n|),
* i.e.
* sign*(Y + D*X)*a == B (mod |n|).
*
* So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
* -sign*X*a == B (mod |n|),
* sign*Y*a == A (mod |n|).
* Note that X and Y stay non-negative all the time.
*/
if (!BN_mul(tmp, D, X, ctx))
goto err;
if (!BN_add(tmp, tmp, Y))
goto err;
M = Y; /* keep the BIGNUM object, the value does not
* matter */
Y = X;
X = tmp;
sign = -sign;
}
/*-
* The while loop (Euclid's algorithm) ends when
* A == gcd(a,n);
* we have
* sign*Y*a == A (mod |n|),
* where Y is non-negative.
*/
if (sign < 0) {
if (!BN_sub(Y, n, Y))
goto err;
}
/* Now Y*a == A (mod |n|). */
if (BN_is_one(A)) {
/* Y*a == 1 (mod |n|) */
if (!Y->neg && BN_ucmp(Y, n) < 0) {
if (!BN_copy(R, Y))
goto err;
} else {
if (!BN_nnmod(R, Y, n, ctx))
goto err;
}
} else {
BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
goto err;
}
ret = R;
err:
if ((ret == NULL) && (in == NULL))
BN_free(R);
BN_CTX_end(ctx);
bn_check_top(ret);
return ret;
} }
/*- /*-

22
crypto/openssl/crypto/bn/bn_lib.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -87,6 +87,15 @@ const BIGNUM *BN_value_one(void)
return &const_one; return &const_one;
} }
/*
* Old Visual Studio ARM compiler miscompiles BN_num_bits_word()
* https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
*/
#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \
&& _MSC_VER>=1400 && _MSC_VER<1501
# define MS_BROKEN_BN_num_bits_word
# pragma optimize("", off)
#endif
int BN_num_bits_word(BN_ULONG l) int BN_num_bits_word(BN_ULONG l)
{ {
BN_ULONG x, mask; BN_ULONG x, mask;
@ -131,6 +140,9 @@ int BN_num_bits_word(BN_ULONG l)
return bits; return bits;
} }
#ifdef MS_BROKEN_BN_num_bits_word
# pragma optimize("", on)
#endif
/* /*
* This function still leaks `a->dmax`: it's caller's responsibility to * This function still leaks `a->dmax`: it's caller's responsibility to
@ -322,15 +334,19 @@ BIGNUM *BN_dup(const BIGNUM *a)
BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
{ {
int bn_words;
bn_check_top(b); bn_check_top(b);
bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
if (a == b) if (a == b)
return a; return a;
if (bn_wexpand(a, b->top) == NULL) if (bn_wexpand(a, bn_words) == NULL)
return NULL; return NULL;
if (b->top > 0) if (b->top > 0)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words);
a->neg = b->neg; a->neg = b->neg;
a->top = b->top; a->top = b->top;

4
crypto/openssl/crypto/bn/bn_mpi.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -45,7 +45,7 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
int neg = 0; int neg = 0;
BIGNUM *a = NULL; BIGNUM *a = NULL;
if (n < 4) { if (n < 4 || (d[0] & 0x80) != 0) {
BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
return NULL; return NULL;
} }

21
crypto/openssl/crypto/cmac/cmac.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -116,11 +116,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 1; return 1;
} }
/* Initialise context */ /* Initialise context */
if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) if (cipher != NULL) {
return 0; /* Ensure we can't use this ctx until we also have a key */
ctx->nlast_block = -1;
if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
return 0;
}
/* Non-NULL key means initialisation complete */ /* Non-NULL key means initialisation complete */
if (key) { if (key != NULL) {
int bl; int bl;
/* If anything fails then ensure we can't use this ctx */
ctx->nlast_block = -1;
if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
return 0; return 0;
if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
@ -128,7 +135,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
return 0; return 0;
bl = EVP_CIPHER_CTX_block_size(ctx->cctx); bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0)
return 0; return 0;
make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k1, ctx->tbl, bl);
make_kn(ctx->k2, ctx->k1, bl); make_kn(ctx->k2, ctx->k1, bl);
@ -166,12 +173,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
return 1; return 1;
data += nleft; data += nleft;
/* Else not final block so encrypt it */ /* Else not final block so encrypt it */
if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0)
return 0; return 0;
} }
/* Encrypt all but one of the complete blocks left */ /* Encrypt all but one of the complete blocks left */
while (dlen > bl) { while (dlen > bl) {
if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0)
return 0; return 0;
dlen -= bl; dlen -= bl;
data += bl; data += bl;

5
crypto/openssl/crypto/cms/cms_lib.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
default: default:
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE); CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
return NULL; goto err;
} }
if (cmsbio) if (cmsbio)
return BIO_push(cmsbio, cont); return BIO_push(cmsbio, cont);
err:
if (!icont) if (!icont)
BIO_free(cont); BIO_free(cont);
return NULL; return NULL;

6
crypto/openssl/crypto/cms/cms_sd.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -897,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
ASN1_INTEGER *key = NULL; ASN1_INTEGER *key = NULL;
if (keysize > 0) { if (keysize > 0) {
key = ASN1_INTEGER_new(); key = ASN1_INTEGER_new();
if (key == NULL || !ASN1_INTEGER_set(key, keysize)) if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
ASN1_INTEGER_free(key);
return 0; return 0;
}
} }
alg = X509_ALGOR_new(); alg = X509_ALGOR_new();
if (alg == NULL) { if (alg == NULL) {

4
crypto/openssl/crypto/conf/conf_def.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -376,11 +376,13 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
if (biosk == NULL) { if (biosk == NULL) {
if ((biosk = sk_BIO_new_null()) == NULL) { if ((biosk = sk_BIO_new_null()) == NULL) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
BIO_free(next);
goto err; goto err;
} }
} }
if (!sk_BIO_push(biosk, in)) { if (!sk_BIO_push(biosk, in)) {
CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
BIO_free(next);
goto err; goto err;
} }
/* continue with reading from the included BIO */ /* continue with reading from the included BIO */

6
crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
View File

@ -1517,9 +1517,9 @@ ecp_nistz256_point_add:
ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2)
mvn $t0,$t0 @ -1/0 -> 0/-1 mvn $t0,$t0 @ -1/0 -> 0/-1
mvn $t1,$t1 @ -1/0 -> 0/-1 mvn $t1,$t1 @ -1/0 -> 0/-1
orr $a0,$t0 orr $a0,$a0,$t0
orr $a0,$t1 orr $a0,$a0,$t1
orrs $a0,$t2 @ set flags orrs $a0,$a0,$t2 @ set flags
@ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
bne .Ladd_proceed bne .Ladd_proceed

2080
crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
View File

File diff suppressed because it is too large Load Diff

27
crypto/openssl/crypto/ec/ec_ameth.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -23,7 +23,7 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
#endif #endif
static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key)
{ {
const EC_GROUP *group; const EC_GROUP *group;
int nid; int nid;
@ -35,7 +35,14 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
&& (nid = EC_GROUP_get_curve_name(group))) && (nid = EC_GROUP_get_curve_name(group)))
/* we have a 'named curve' => just set the OID */ /* we have a 'named curve' => just set the OID */
{ {
*ppval = OBJ_nid2obj(nid); ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid);
if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
ASN1_OBJECT_free(asn1obj);
ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID);
return 0;
}
*ppval = asn1obj;
*pptype = V_ASN1_OBJECT; *pptype = V_ASN1_OBJECT;
} else { /* explicit parameters */ } else { /* explicit parameters */
@ -43,7 +50,17 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
pstr = ASN1_STRING_new(); pstr = ASN1_STRING_new();
if (pstr == NULL) if (pstr == NULL)
return 0; return 0;
pstr->length = i2d_ECParameters(ec_key, &pstr->data);
/*
* The cast in the following line is intentional as the
* `i2d_ECParameters` signature can't be constified (see discussion at
* https://github.com/openssl/openssl/pull/9347 where related and
* required constification backports were rejected).
*
* This cast should be safe anyway, because we can expect
* `i2d_ECParameters()` to treat the first argument as if it was const.
*/
pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data);
if (pstr->length <= 0) { if (pstr->length <= 0) {
ASN1_STRING_free(pstr); ASN1_STRING_free(pstr);
ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
@ -57,7 +74,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{ {
EC_KEY *ec_key = pkey->pkey.ec; const EC_KEY *ec_key = pkey->pkey.ec;
void *pval = NULL; void *pval = NULL;
int ptype; int ptype;
unsigned char *penc = NULL, *p; unsigned char *penc = NULL, *p;

40
crypto/openssl/crypto/ec/ec_asn1.c
View File

@ -137,6 +137,12 @@ struct ec_parameters_st {
ASN1_INTEGER *cofactor; ASN1_INTEGER *cofactor;
} /* ECPARAMETERS */ ; } /* ECPARAMETERS */ ;
typedef enum {
ECPKPARAMETERS_TYPE_NAMED = 0,
ECPKPARAMETERS_TYPE_EXPLICIT,
ECPKPARAMETERS_TYPE_IMPLICIT
} ecpk_parameters_type_t;
struct ecpk_parameters_st { struct ecpk_parameters_st {
int type; int type;
union { union {
@ -535,9 +541,10 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
return NULL; return NULL;
} }
} else { } else {
if (ret->type == 0) if (ret->type == ECPKPARAMETERS_TYPE_NAMED)
ASN1_OBJECT_free(ret->value.named_curve); ASN1_OBJECT_free(ret->value.named_curve);
else if (ret->type == 1 && ret->value.parameters) else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT
&& ret->value.parameters != NULL)
ECPARAMETERS_free(ret->value.parameters); ECPARAMETERS_free(ret->value.parameters);
} }
@ -547,15 +554,22 @@ ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
*/ */
tmp = EC_GROUP_get_curve_name(group); tmp = EC_GROUP_get_curve_name(group);
if (tmp) { if (tmp) {
ret->type = 0; ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp);
if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
ASN1_OBJECT_free(asn1obj);
ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);
ok = 0; ok = 0;
} else {
ret->type = ECPKPARAMETERS_TYPE_NAMED;
ret->value.named_curve = asn1obj;
}
} else } else
/* we don't know the nid => ERROR */ /* we don't know the nid => ERROR */
ok = 0; ok = 0;
} else { } else {
/* use the ECPARAMETERS structure */ /* use the ECPARAMETERS structure */
ret->type = 1; ret->type = ECPKPARAMETERS_TYPE_EXPLICIT;
if ((ret->value.parameters = if ((ret->value.parameters =
EC_GROUP_get_ecparameters(group, NULL)) == NULL) EC_GROUP_get_ecparameters(group, NULL)) == NULL)
ok = 0; ok = 0;
@ -894,7 +908,8 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
return NULL; return NULL;
} }
if (params->type == 0) { /* the curve is given by an OID */ if (params->type == ECPKPARAMETERS_TYPE_NAMED) {
/* the curve is given by an OID */
tmp = OBJ_obj2nid(params->value.named_curve); tmp = OBJ_obj2nid(params->value.named_curve);
if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
@ -902,15 +917,16 @@ EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
return NULL; return NULL;
} }
EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
} else if (params->type == 1) { /* the parameters are given by a } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) {
* ECPARAMETERS structure */ /* the parameters are given by an ECPARAMETERS structure */
ret = EC_GROUP_new_from_ecparameters(params->value.parameters); ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
if (!ret) { if (!ret) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB); ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
return NULL; return NULL;
} }
EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
} else if (params->type == 2) { /* implicitlyCA */ } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) {
/* implicit parameters inherited from CA - unsupported */
return NULL; return NULL;
} else { } else {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR); ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
@ -940,6 +956,9 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
return NULL; return NULL;
} }
if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
group->decoded_from_explicit_params = 1;
if (a) { if (a) {
EC_GROUP_free(*a); EC_GROUP_free(*a);
*a = group; *a = group;
@ -991,6 +1010,9 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
if (priv_key->parameters) { if (priv_key->parameters) {
EC_GROUP_free(ret->group); EC_GROUP_free(ret->group);
ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
if (ret->group != NULL
&& priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT)
ret->group->decoded_from_explicit_params = 1;
} }
if (ret->group == NULL) { if (ret->group == NULL) {

3
crypto/openssl/crypto/ec/ec_err.c
View File

@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -341,6 +341,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
{ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES),

83
crypto/openssl/crypto/ec/ec_key.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
@ -14,6 +14,7 @@
#include "internal/refcount.h" #include "internal/refcount.h"
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/engine.h> #include <openssl/engine.h>
#include "crypto/bn.h"
EC_KEY *EC_KEY_new(void) EC_KEY *EC_KEY_new(void)
{ {
@ -416,17 +417,86 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
{ {
int fixed_top;
const BIGNUM *order = NULL;
BIGNUM *tmp_key = NULL;
if (key->group == NULL || key->group->meth == NULL) if (key->group == NULL || key->group->meth == NULL)
return 0; return 0;
/*
* Not only should key->group be set, but it should also be in a valid
* fully initialized state.
*
* Specifically, to operate in constant time, we need that the group order
* is set, as we use its length as the fixed public size of any scalar used
* as an EC private key.
*/
order = EC_GROUP_get0_order(key->group);
if (order == NULL || BN_is_zero(order))
return 0; /* This should never happen */
if (key->group->meth->set_private != NULL if (key->group->meth->set_private != NULL
&& key->group->meth->set_private(key, priv_key) == 0) && key->group->meth->set_private(key, priv_key) == 0)
return 0; return 0;
if (key->meth->set_private != NULL if (key->meth->set_private != NULL
&& key->meth->set_private(key, priv_key) == 0) && key->meth->set_private(key, priv_key) == 0)
return 0; return 0;
/*
* We should never leak the bit length of the secret scalar in the key,
* so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
* holding the secret scalar.
*
* This is important also because `BN_dup()` (and `BN_copy()`) do not
* propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and
* this brings an extra risk of inadvertently losing the flag, even when
* the caller specifically set it.
*
* The propagation has been turned on and off a few times in the past
* years because in some conditions has shown unintended consequences in
* some code paths, so at the moment we can't fix this in the BN layer.
*
* In `EC_KEY_set_private_key()` we can work around the propagation by
* manually setting the flag after `BN_dup()` as we know for sure that
* inside the EC module the `BN_FLG_CONSTTIME` is always treated
* correctly and should not generate unintended consequences.
*
* Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
* to preallocate the BIGNUM internal buffer to a fixed public size big
* enough that operations performed during the processing never trigger
* a realloc which would leak the size of the scalar through memory
* accesses.
*
* Fixed Length
* ------------
*
* The order of the large prime subgroup of the curve is our choice for
* a fixed public size, as that is generally the upper bound for
* generating a private key in EC cryptosystems and should fit all valid
* secret scalars.
*
* For preallocating the BIGNUM storage we look at the number of "words"
* required for the internal representation of the order, and we
* preallocate 2 extra "words" in case any of the subsequent processing
* might temporarily overflow the order length.
*/
tmp_key = BN_dup(priv_key);
if (tmp_key == NULL)
return 0;
BN_set_flags(tmp_key, BN_FLG_CONSTTIME);
fixed_top = bn_get_top(order) + 2;
if (bn_wexpand(tmp_key, fixed_top) == NULL) {
BN_clear_free(tmp_key);
return 0;
}
BN_clear_free(key->priv_key); BN_clear_free(key->priv_key);
key->priv_key = BN_dup(priv_key); key->priv_key = tmp_key;
return (key->priv_key == NULL) ? 0 : 1;
return 1;
} }
const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
@ -494,6 +564,13 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags)
key->flags &= ~flags; key->flags &= ~flags;
} }
int EC_KEY_decoded_from_explicit_params(const EC_KEY *key)
{
if (key == NULL || key->group == NULL)
return -1;
return key->group->decoded_from_explicit_params;
}
size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
unsigned char **pbuf, BN_CTX *ctx) unsigned char **pbuf, BN_CTX *ctx)
{ {

1
crypto/openssl/crypto/ec/ec_lib.c
View File

@ -211,6 +211,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->asn1_flag = src->asn1_flag; dest->asn1_flag = src->asn1_flag;
dest->asn1_form = src->asn1_form; dest->asn1_form = src->asn1_form;
dest->decoded_from_explicit_params = src->decoded_from_explicit_params;
if (src->seed) { if (src->seed) {
OPENSSL_free(dest->seed); OPENSSL_free(dest->seed);

4
crypto/openssl/crypto/ec/ec_local.h
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
@ -209,6 +209,8 @@ struct ec_group_st {
BIGNUM *order, *cofactor; BIGNUM *order, *cofactor;
int curve_name; /* optional NID for named curve */ int curve_name; /* optional NID for named curve */
int asn1_flag; /* flag to control the asn1 encoding */ int asn1_flag; /* flag to control the asn1 encoding */
int decoded_from_explicit_params; /* set if decoded from explicit
* curve parameters encoding */
point_conversion_form_t asn1_form; point_conversion_form_t asn1_form;
unsigned char *seed; /* optional seed for parameters (appears in unsigned char *seed; /* optional seed for parameters (appears in
* ASN1) */ * ASN1) */

9
crypto/openssl/crypto/ec/ecp_nistp224.c
View File

@ -72,6 +72,7 @@ typedef uint64_t u64;
*/ */
typedef uint64_t limb; typedef uint64_t limb;
typedef uint64_t limb_aX __attribute((__aligned__(1)));
typedef uint128_t widelimb; typedef uint128_t widelimb;
typedef limb felem[4]; typedef limb felem[4];
@ -307,10 +308,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void)
*/ */
static void bin28_to_felem(felem out, const u8 in[28]) static void bin28_to_felem(felem out, const u8 in[28])
{ {
out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; out[0] = *((const limb *)(in)) & 0x00ffffffffffffff;
out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff;
out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff;
out[3] = (*((const uint64_t *)(in+20))) >> 8; out[3] = (*((const limb_aX *)(in + 20))) >> 8;
} }
static void felem_to_bin28(u8 out[28], const felem in) static void felem_to_bin28(u8 out[28], const felem in)

33
crypto/openssl/crypto/ec/ecp_nistp521.c
View File

@ -128,6 +128,7 @@ static const felem_bytearray nistp521_curve_params[5] = {
# define NLIMBS 9 # define NLIMBS 9
typedef uint64_t limb; typedef uint64_t limb;
typedef limb limb_aX __attribute((__aligned__(1)));
typedef limb felem[NLIMBS]; typedef limb felem[NLIMBS];
typedef uint128_t largefelem[NLIMBS]; typedef uint128_t largefelem[NLIMBS];
@ -141,14 +142,14 @@ static const limb bottom58bits = 0x3ffffffffffffff;
static void bin66_to_felem(felem out, const u8 in[66]) static void bin66_to_felem(felem out, const u8 in[66])
{ {
out[0] = (*((limb *) & in[0])) & bottom58bits; out[0] = (*((limb *) & in[0])) & bottom58bits;
out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits;
out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits;
out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits;
out[4] = (*((limb *) & in[29])) & bottom58bits; out[4] = (*((limb_aX *) & in[29])) & bottom58bits;
out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits;
out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits;
out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits;
out[8] = (*((limb *) & in[58])) & bottom57bits; out[8] = (*((limb_aX *) & in[58])) & bottom57bits;
} }
/* /*
@ -159,14 +160,14 @@ static void felem_to_bin66(u8 out[66], const felem in)
{ {
memset(out, 0, 66); memset(out, 0, 66);
(*((limb *) & out[0])) = in[0]; (*((limb *) & out[0])) = in[0];
(*((limb *) & out[7])) |= in[1] << 2; (*((limb_aX *) & out[7])) |= in[1] << 2;
(*((limb *) & out[14])) |= in[2] << 4; (*((limb_aX *) & out[14])) |= in[2] << 4;
(*((limb *) & out[21])) |= in[3] << 6; (*((limb_aX *) & out[21])) |= in[3] << 6;
(*((limb *) & out[29])) = in[4]; (*((limb_aX *) & out[29])) = in[4];
(*((limb *) & out[36])) |= in[5] << 2; (*((limb_aX *) & out[36])) |= in[5] << 2;
(*((limb *) & out[43])) |= in[6] << 4; (*((limb_aX *) & out[43])) |= in[6] << 4;
(*((limb *) & out[50])) |= in[7] << 6; (*((limb_aX *) & out[50])) |= in[7] << 6;
(*((limb *) & out[58])) = in[8]; (*((limb_aX *) & out[58])) = in[8];
} }
/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ /* BN_to_felem converts an OpenSSL BIGNUM into an felem */

302
crypto/openssl/crypto/ec/ecp_nistz256.c
View File

@ -929,207 +929,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
return ret; return ret;
} }
/*
* Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great
* code processing 4 points in parallel, corresponding serial operation
* is several times slower, because it uses 29x29=58-bit multiplication
* as opposite to 64x64=128-bit in integer-only scalar case. As result
* it doesn't provide *significant* performance improvement. Note that
* just defining ECP_NISTZ256_AVX2 is not sufficient to make it work,
* you'd need to compile even asm/ecp_nistz256-avx.pl module.
*/
#if defined(ECP_NISTZ256_AVX2)
# if !(defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64)) || \
!(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */
# undef ECP_NISTZ256_AVX2
# else
/* Constant time access, loading four values, from four consecutive tables */
void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in,
int index0, int index1, int index2,
int index3);
void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in);
void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4);
void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4,
const void *Bx4);
void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4,
const void *Bx4);
void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4);
void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4);
void ecp_nistz256_avx2_set1(void *RESULTx4);
int ecp_nistz_avx2_eligible(void);
static void booth_recode_w7(unsigned char *sign,
unsigned char *digit, unsigned char in)
{
unsigned char s, d;
s = ~((in >> 7) - 1);
d = (1 << 8) - in - 1;
d = (d & s) | (in & ~s);
d = (d >> 1) + (d & 1);
*sign = s & 1;
*digit = d;
}
/*
* ecp_nistz256_avx2_mul_g performs multiplication by G, using only the
* precomputed table. It does 4 affine point additions in parallel,
* significantly speeding up point multiplication for a fixed value.
*/
static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
unsigned char p_str[33],
const P256_POINT_AFFINE(*preComputedTable)[64])
{
const unsigned int window_size = 7;
const unsigned int mask = (1 << (window_size + 1)) - 1;
unsigned int wvalue;
/* Using 4 windows at a time */
unsigned char sign0, digit0;
unsigned char sign1, digit1;
unsigned char sign2, digit2;
unsigned char sign3, digit3;
unsigned int idx = 0;
BN_ULONG tmp[P256_LIMBS];
int i;
ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 };
ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 };
ALIGN32 P256_POINT_AFFINE point_arr[4];
ALIGN32 P256_POINT res_point_arr[4];
/* Initial four windows */
wvalue = *((u16 *) & p_str[0]);
wvalue = (wvalue << 1) & mask;
idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);
ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0],
digit0, digit1, digit2, digit3);
ecp_nistz256_neg(tmp, point_arr[0].Y);
copy_conditional(point_arr[0].Y, tmp, sign0);
ecp_nistz256_neg(tmp, point_arr[1].Y);
copy_conditional(point_arr[1].Y, tmp, sign1);
ecp_nistz256_neg(tmp, point_arr[2].Y);
copy_conditional(point_arr[2].Y, tmp, sign2);
ecp_nistz256_neg(tmp, point_arr[3].Y);
copy_conditional(point_arr[3].Y, tmp, sign3);
ecp_nistz256_avx2_transpose_convert(aX4, point_arr);
ecp_nistz256_avx2_to_mont(aX4, aX4);
ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]);
ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);
ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1],
digit0, digit1, digit2, digit3);
ecp_nistz256_neg(tmp, point_arr[0].Y);
copy_conditional(point_arr[0].Y, tmp, sign0);
ecp_nistz256_neg(tmp, point_arr[1].Y);
copy_conditional(point_arr[1].Y, tmp, sign1);
ecp_nistz256_neg(tmp, point_arr[2].Y);
copy_conditional(point_arr[2].Y, tmp, sign2);
ecp_nistz256_neg(tmp, point_arr[3].Y);
copy_conditional(point_arr[3].Y, tmp, sign3);
ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
ecp_nistz256_avx2_to_mont(bX4, bX4);
ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
/* Optimized when both inputs are affine */
ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4);
for (i = 2; i < 9; i++) {
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);
ecp_nistz256_avx2_multi_gather_w7(point_arr,
preComputedTable[4 * i],
digit0, digit1, digit2, digit3);
ecp_nistz256_neg(tmp, point_arr[0].Y);
copy_conditional(point_arr[0].Y, tmp, sign0);
ecp_nistz256_neg(tmp, point_arr[1].Y);
copy_conditional(point_arr[1].Y, tmp, sign1);
ecp_nistz256_neg(tmp, point_arr[2].Y);
copy_conditional(point_arr[2].Y, tmp, sign2);
ecp_nistz256_neg(tmp, point_arr[3].Y);
copy_conditional(point_arr[3].Y, tmp, sign3);
ecp_nistz256_avx2_transpose_convert(bX4, point_arr);
ecp_nistz256_avx2_to_mont(bX4, bX4);
ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]);
ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4);
}
ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]);
ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]);
ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]);
ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4);
/* Last window is performed serially */
wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
booth_recode_w7(&sign0, &digit0, wvalue);
ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r,
preComputedTable[36], digit0);
ecp_nistz256_neg(tmp, r->Y);
copy_conditional(r->Y, tmp, sign0);
memcpy(r->Z, ONE, sizeof(ONE));
/* Sum the four windows */
ecp_nistz256_point_add(r, r, &res_point_arr[0]);
ecp_nistz256_point_add(r, r, &res_point_arr[1]);
ecp_nistz256_point_add(r, r, &res_point_arr[2]);
ecp_nistz256_point_add(r, r, &res_point_arr[3]);
}
# endif
#endif
__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
const P256_POINT_AFFINE *in, const P256_POINT_AFFINE *in,
BN_CTX *ctx) BN_CTX *ctx)
@ -1219,6 +1018,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
} }
if (preComputedTable) { if (preComputedTable) {
BN_ULONG infty;
if ((BN_num_bits(scalar) > 256) if ((BN_num_bits(scalar) > 256)
|| BN_is_negative(scalar)) { || BN_is_negative(scalar)) {
if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) if ((tmp_scalar = BN_CTX_get(ctx)) == NULL)
@ -1250,67 +1051,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
for (; i < 33; i++) for (; i < 33; i++)
p_str[i] = 0; p_str[i] = 0;
#if defined(ECP_NISTZ256_AVX2) /* First window */
if (ecp_nistz_avx2_eligible()) { wvalue = (p_str[0] << 1) & mask;
ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); idx += window_size;
} else
#endif
{
BN_ULONG infty;
/* First window */ wvalue = _booth_recode_w7(wvalue);
wvalue = (p_str[0] << 1) & mask;
ecp_nistz256_gather_w7(&p.a, preComputedTable[0],
wvalue >> 1);
ecp_nistz256_neg(p.p.Z, p.p.Y);
copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
/*
* Since affine infinity is encoded as (0,0) and
* Jacobian is (,,0), we need to harmonize them
* by assigning "one" or zero to Z.
*/
infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
if (P256_LIMBS == 8)
infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
infty = 0 - is_zero(infty);
infty = ~infty;
p.p.Z[0] = ONE[0] & infty;
p.p.Z[1] = ONE[1] & infty;
p.p.Z[2] = ONE[2] & infty;
p.p.Z[3] = ONE[3] & infty;
if (P256_LIMBS == 8) {
p.p.Z[4] = ONE[4] & infty;
p.p.Z[5] = ONE[5] & infty;
p.p.Z[6] = ONE[6] & infty;
p.p.Z[7] = ONE[7] & infty;
}
for (i = 1; i < 37; i++) {
unsigned int off = (idx - 1) / 8;
wvalue = p_str[off] | p_str[off + 1] << 8;
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size; idx += window_size;
wvalue = _booth_recode_w7(wvalue); wvalue = _booth_recode_w7(wvalue);
ecp_nistz256_gather_w7(&p.a, preComputedTable[0], ecp_nistz256_gather_w7(&t.a,
wvalue >> 1); preComputedTable[i], wvalue >> 1);
ecp_nistz256_neg(p.p.Z, p.p.Y); ecp_nistz256_neg(t.p.Z, t.a.Y);
copy_conditional(p.p.Y, p.p.Z, wvalue & 1); copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
/* ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
* Since affine infinity is encoded as (0,0) and
* Jacobian ias (,,0), we need to harmonize them
* by assigning "one" or zero to Z.
*/
infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
if (P256_LIMBS == 8)
infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
infty = 0 - is_zero(infty);
infty = ~infty;
p.p.Z[0] = ONE[0] & infty;
p.p.Z[1] = ONE[1] & infty;
p.p.Z[2] = ONE[2] & infty;
p.p.Z[3] = ONE[3] & infty;
if (P256_LIMBS == 8) {
p.p.Z[4] = ONE[4] & infty;
p.p.Z[5] = ONE[5] & infty;
p.p.Z[6] = ONE[6] & infty;
p.p.Z[7] = ONE[7] & infty;
}
for (i = 1; i < 37; i++) {
unsigned int off = (idx - 1) / 8;
wvalue = p_str[off] | p_str[off + 1] << 8;
wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
idx += window_size;
wvalue = _booth_recode_w7(wvalue);
ecp_nistz256_gather_w7(&t.a,
preComputedTable[i], wvalue >> 1);
ecp_nistz256_neg(t.p.Z, t.a.Y);
copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
}
} }
} else { } else {
p_is_infinity = 1; p_is_infinity = 1;

3
crypto/openssl/crypto/engine/eng_lib.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -171,6 +171,7 @@ void engine_cleanup_int(void)
cleanup_stack = NULL; cleanup_stack = NULL;
} }
CRYPTO_THREAD_lock_free(global_engine_lock); CRYPTO_THREAD_lock_free(global_engine_lock);
global_engine_lock = NULL;
} }
/* Now the "ex_data" support */ /* Now the "ex_data" support */

5
crypto/openssl/crypto/err/openssl.txt
View File

@ -934,6 +934,8 @@ PEM_F_PEM_READ_PRIVATEKEY:124:PEM_read_PrivateKey
PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal PEM_F_PEM_SIGNFINAL:112:PEM_SignFinal
PEM_F_PEM_WRITE:113:PEM_write PEM_F_PEM_WRITE:113:PEM_write
PEM_F_PEM_WRITE_BIO:114:PEM_write_bio PEM_F_PEM_WRITE_BIO:114:PEM_write_bio
PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL:147:\
PEM_write_bio_PrivateKey_traditional
PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey PEM_F_PEM_WRITE_PRIVATEKEY:139:PEM_write_PrivateKey
PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read
PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio
@ -1742,6 +1744,7 @@ X509_F_X509_NAME_PRINT:117:X509_NAME_print
X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new X509_F_X509_OBJECT_NEW:150:X509_OBJECT_new
X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp X509_F_X509_PRINT_EX_FP:118:X509_print_ex_fp
X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode X509_F_X509_PUBKEY_DECODE:148:x509_pubkey_decode
X509_F_X509_PUBKEY_GET:161:X509_PUBKEY_get
X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0 X509_F_X509_PUBKEY_GET0:119:X509_PUBKEY_get0
X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set X509_F_X509_PUBKEY_SET:120:X509_PUBKEY_set
X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key X509_F_X509_REQ_CHECK_PRIVATE_KEY:144:X509_REQ_check_private_key
@ -2164,6 +2167,7 @@ EC_R_KEYS_NOT_SET:140:keys not set
EC_R_LADDER_POST_FAILURE:136:ladder post failure EC_R_LADDER_POST_FAILURE:136:ladder post failure
EC_R_LADDER_PRE_FAILURE:153:ladder pre failure EC_R_LADDER_PRE_FAILURE:153:ladder pre failure
EC_R_LADDER_STEP_FAILURE:162:ladder step failure EC_R_LADDER_STEP_FAILURE:162:ladder step failure
EC_R_MISSING_OID:167:missing OID
EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PARAMETERS:124:missing parameters
EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_MISSING_PRIVATE_KEY:125:missing private key
EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values
@ -2398,6 +2402,7 @@ PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv
PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
PKCS12_R_DECODE_ERROR:101:decode error PKCS12_R_DECODE_ERROR:101:decode error

5
crypto/openssl/crypto/evp/e_aes.c
View File

@ -130,11 +130,6 @@ void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
size_t len, const AES_KEY *key1, size_t len, const AES_KEY *key1,
const AES_KEY *key2, const unsigned char iv[16]); const AES_KEY *key2, const unsigned char iv[16]);
#endif #endif
#if !defined(AES_ASM) && !defined(AES_CTR_ASM) \
&& defined(OPENSSL_AES_CONST_TIME) \
&& !defined(OPENSSL_SMALL_FOOTPRINT)
# define AES_CTR_ASM
#endif
#ifdef AES_CTR_ASM #ifdef AES_CTR_ASM
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key, size_t blocks, const AES_KEY *key,

4
crypto/openssl/crypto/evp/encode.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
table = data_ascii2bin; table = data_ascii2bin;
/* trim white space from the start of the line. */ /* trim white space from the start of the line. */
while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) {
f++; f++;
n--; n--;
} }

4
crypto/openssl/crypto/mem_sec.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
@ -502,7 +502,7 @@ static void sh_done(void)
OPENSSL_free(sh.freelist); OPENSSL_free(sh.freelist);
OPENSSL_free(sh.bittable); OPENSSL_free(sh.bittable);
OPENSSL_free(sh.bitmalloc); OPENSSL_free(sh.bitmalloc);
if (sh.map_result != NULL && sh.map_size) if (sh.map_result != MAP_FAILED && sh.map_size)
munmap(sh.map_result, sh.map_size); munmap(sh.map_result, sh.map_size);
memset(&sh, 0, sizeof(sh)); memset(&sh, 0, sizeof(sh));
} }

21
crypto/openssl/crypto/modes/cbc128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -15,6 +15,12 @@
# define STRICT_ALIGNMENT 0 # define STRICT_ALIGNMENT 0
#endif #endif
#if defined(__GNUC__) && !STRICT_ALIGNMENT
typedef size_t size_t_aX __attribute((__aligned__(1)));
#else
typedef size_t size_t_aX;
#endif
void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const void *key, size_t len, const void *key,
unsigned char ivec[16], block128_f block) unsigned char ivec[16], block128_f block)
@ -40,8 +46,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
} else { } else {
while (len >= 16) { while (len >= 16) {
for (n = 0; n < 16; n += sizeof(size_t)) for (n = 0; n < 16; n += sizeof(size_t))
*(size_t *)(out + n) = *(size_t_aX *)(out + n) =
*(size_t *)(in + n) ^ *(size_t *)(iv + n); *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n);
(*block) (out, out, key); (*block) (out, out, key);
iv = out; iv = out;
len -= 16; len -= 16;
@ -96,7 +102,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
} }
} else if (16 % sizeof(size_t) == 0) { /* always true */ } else if (16 % sizeof(size_t) == 0) { /* always true */
while (len >= 16) { while (len >= 16) {
size_t *out_t = (size_t *)out, *iv_t = (size_t *)iv; size_t_aX *out_t = (size_t_aX *)out;
size_t_aX *iv_t = (size_t_aX *)iv;
(*block) (in, out, key); (*block) (in, out, key);
for (n = 0; n < 16 / sizeof(size_t); n++) for (n = 0; n < 16 / sizeof(size_t); n++)
@ -125,8 +132,10 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
} }
} else if (16 % sizeof(size_t) == 0) { /* always true */ } else if (16 % sizeof(size_t) == 0) { /* always true */
while (len >= 16) { while (len >= 16) {
size_t c, *out_t = (size_t *)out, *ivec_t = (size_t *)ivec; size_t c;
const size_t *in_t = (const size_t *)in; size_t_aX *out_t = (size_t_aX *)out;
size_t_aX *ivec_t = (size_t_aX *)ivec;
const size_t_aX *in_t = (const size_t_aX *)in;
(*block) (in, tmp.c, key); (*block) (in, tmp.c, key);
for (n = 0; n < 16 / sizeof(size_t); n++) { for (n = 0; n < 16 / sizeof(size_t); n++) {

24
crypto/openssl/crypto/modes/ccm128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,14 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#ifndef STRICT_ALIGNMENT
# ifdef __GNUC__
typedef u64 u64_a1 __attribute((__aligned__(1)));
# else
typedef u64 u64_a1;
# endif
#endif
/* /*
* First you setup M and L parameters and pass the key schedule. This is * First you setup M and L parameters and pass the key schedule. This is
* called once per session setup... * called once per session setup...
@ -170,8 +178,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
ctx->cmac.u[0] ^= temp.u[0]; ctx->cmac.u[0] ^= temp.u[0];
ctx->cmac.u[1] ^= temp.u[1]; ctx->cmac.u[1] ^= temp.u[1];
#else #else
ctx->cmac.u[0] ^= ((u64 *)inp)[0]; ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0];
ctx->cmac.u[1] ^= ((u64 *)inp)[1]; ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1];
#endif #endif
(*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->cmac.c, ctx->cmac.c, key);
(*block) (ctx->nonce.c, scratch.c, key); (*block) (ctx->nonce.c, scratch.c, key);
@ -181,8 +189,8 @@ int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
temp.u[1] ^= scratch.u[1]; temp.u[1] ^= scratch.u[1];
memcpy(out, temp.c, 16); memcpy(out, temp.c, 16);
#else #else
((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]; ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0];
((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]; ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1];
#endif #endif
inp += 16; inp += 16;
out += 16; out += 16;
@ -254,8 +262,10 @@ int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
memcpy(out, scratch.c, 16); memcpy(out, scratch.c, 16);
#else #else
ctx->cmac.u[0] ^= (((u64 *)out)[0] = scratch.u[0] ^ ((u64 *)inp)[0]); ctx->cmac.u[0] ^= (((u64_a1 *)out)[0]
ctx->cmac.u[1] ^= (((u64 *)out)[1] = scratch.u[1] ^ ((u64 *)inp)[1]); = scratch.u[0] ^ ((u64_a1 *)inp)[0]);
ctx->cmac.u[1] ^= (((u64_a1 *)out)[1]
= scratch.u[1] ^ ((u64_a1 *)inp)[1]);
#endif #endif
(*block) (ctx->cmac.c, ctx->cmac.c, key); (*block) (ctx->cmac.c, ctx->cmac.c, key);

20
crypto/openssl/crypto/modes/cfb128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,12 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
typedef size_t size_t_aX __attribute((__aligned__(1)));
#else
typedef size_t size_t_aX;
#endif
/* /*
* The input and output encrypted as though 128bit cfb mode is being used. * The input and output encrypted as though 128bit cfb mode is being used.
* The extra state information to record how much of the 128bit block we have * The extra state information to record how much of the 128bit block we have
@ -43,8 +49,9 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
while (len >= 16) { while (len >= 16) {
(*block) (ivec, ivec, key); (*block) (ivec, ivec, key);
for (; n < 16; n += sizeof(size_t)) { for (; n < 16; n += sizeof(size_t)) {
*(size_t *)(out + n) = *(size_t_aX *)(out + n) =
*(size_t *)(ivec + n) ^= *(size_t *)(in + n); *(size_t_aX *)(ivec + n)
^= *(size_t_aX *)(in + n);
} }
len -= 16; len -= 16;
out += 16; out += 16;
@ -92,9 +99,10 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
while (len >= 16) { while (len >= 16) {
(*block) (ivec, ivec, key); (*block) (ivec, ivec, key);
for (; n < 16; n += sizeof(size_t)) { for (; n < 16; n += sizeof(size_t)) {
size_t t = *(size_t *)(in + n); size_t t = *(size_t_aX *)(in + n);
*(size_t *)(out + n) = *(size_t *)(ivec + n) ^ t; *(size_t_aX *)(out + n)
*(size_t *)(ivec + n) = t; = *(size_t_aX *)(ivec + n) ^ t;
*(size_t_aX *)(ivec + n) = t;
} }
len -= 16; len -= 16;
out += 16; out += 16;

13
crypto/openssl/crypto/modes/ctr128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,12 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
typedef size_t size_t_aX __attribute((__aligned__(1)));
#else
typedef size_t size_t_aX;
#endif
/* /*
* NOTE: the IV/counter CTR mode is big-endian. The code itself is * NOTE: the IV/counter CTR mode is big-endian. The code itself is
* endian-neutral. * endian-neutral.
@ -97,8 +103,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
(*block) (ivec, ecount_buf, key); (*block) (ivec, ecount_buf, key);
ctr128_inc_aligned(ivec); ctr128_inc_aligned(ivec);
for (n = 0; n < 16; n += sizeof(size_t)) for (n = 0; n < 16; n += sizeof(size_t))
*(size_t *)(out + n) = *(size_t_aX *)(out + n) =
*(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n); *(size_t_aX *)(in + n)
^ *(size_t_aX *)(ecount_buf + n);
len -= 16; len -= 16;
out += 16; out += 16;
in += 16; in += 16;

24
crypto/openssl/crypto/modes/gcm128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,12 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
typedef size_t size_t_aX __attribute((__aligned__(1)));
#else
typedef size_t size_t_aX;
#endif
#if defined(BSWAP4) && defined(STRICT_ALIGNMENT) #if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
/* redefine, because alignment is ensured */ /* redefine, because alignment is ensured */
# undef GETU32 # undef GETU32
@ -1080,8 +1086,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
size_t j = GHASH_CHUNK; size_t j = GHASH_CHUNK;
while (j) { while (j) {
size_t *out_t = (size_t *)out; size_t_aX *out_t = (size_t_aX *)out;
const size_t *in_t = (const size_t *)in; const size_t_aX *in_t = (const size_t_aX *)in;
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
@ -1107,8 +1113,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
size_t j = i; size_t j = i;
while (len >= 16) { while (len >= 16) {
size_t *out_t = (size_t *)out; size_t_aX *out_t = (size_t_aX *)out;
const size_t *in_t = (const size_t *)in; const size_t_aX *in_t = (const size_t_aX *)in;
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
@ -1318,8 +1324,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
GHASH(ctx, in, GHASH_CHUNK); GHASH(ctx, in, GHASH_CHUNK);
while (j) { while (j) {
size_t *out_t = (size_t *)out; size_t_aX *out_t = (size_t_aX *)out;
const size_t *in_t = (const size_t *)in; const size_t_aX *in_t = (const size_t_aX *)in;
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
@ -1343,8 +1349,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if ((i = (len & (size_t)-16))) { if ((i = (len & (size_t)-16))) {
GHASH(ctx, in, i); GHASH(ctx, in, i);
while (len >= 16) { while (len >= 16) {
size_t *out_t = (size_t *)out; size_t_aX *out_t = (size_t_aX *)out;
const size_t *in_t = (const size_t *)in; const size_t_aX *in_t = (const size_t_aX *)in;
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;

14
crypto/openssl/crypto/modes/modes_local.h
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -37,6 +37,14 @@ typedef unsigned char u8;
# endif # endif
#endif #endif
#ifndef STRICT_ALIGNMENT
# ifdef __GNUC__
typedef u32 u32_a1 __attribute((__aligned__(1)));
# else
typedef u32 u32_a1;
# endif
#endif
#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__GNUC__) && __GNUC__>=2 # if defined(__GNUC__) && __GNUC__>=2
# if defined(__x86_64) || defined(__x86_64__) # if defined(__x86_64) || defined(__x86_64__)
@ -86,8 +94,8 @@ _asm mov eax, val _asm bswap eax}
# endif # endif
#endif #endif
#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
# define GETU32(p) BSWAP4(*(const u32 *)(p)) # define GETU32(p) BSWAP4(*(const u32_a1 *)(p))
# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) # define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v)
#else #else
# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) # define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) # define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))

13
crypto/openssl/crypto/modes/ofb128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,12 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
typedef size_t size_t_aX __attribute((__aligned__(1)));
#else
typedef size_t size_t_aX;
#endif
/* /*
* The input and output encrypted as though 128bit ofb mode is being used. * The input and output encrypted as though 128bit ofb mode is being used.
* The extra state information to record how much of the 128bit block we have * The extra state information to record how much of the 128bit block we have
@ -41,8 +47,9 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
while (len >= 16) { while (len >= 16) {
(*block) (ivec, ivec, key); (*block) (ivec, ivec, key);
for (; n < 16; n += sizeof(size_t)) for (; n < 16; n += sizeof(size_t))
*(size_t *)(out + n) = *(size_t_aX *)(out + n) =
*(size_t *)(in + n) ^ *(size_t *)(ivec + n); *(size_t_aX *)(in + n)
^ *(size_t_aX *)(ivec + n);
len -= 16; len -= 16;
out += 16; out += 16;
in += 16; in += 16;

26
crypto/openssl/crypto/modes/xts128.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -11,6 +11,14 @@
#include "modes_local.h" #include "modes_local.h"
#include <string.h> #include <string.h>
#ifndef STRICT_ALIGNMENT
# ifdef __GNUC__
typedef u64 u64_a1 __attribute((__aligned__(1)));
# else
typedef u64 u64_a1;
# endif
#endif
int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
const unsigned char iv[16], const unsigned char iv[16],
const unsigned char *inp, unsigned char *out, const unsigned char *inp, unsigned char *out,
@ -45,8 +53,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
scratch.u[0] ^= tweak.u[0]; scratch.u[0] ^= tweak.u[0];
scratch.u[1] ^= tweak.u[1]; scratch.u[1] ^= tweak.u[1];
#else #else
scratch.u[0] = ((u64 *)inp)[0] ^ tweak.u[0]; scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0];
scratch.u[1] = ((u64 *)inp)[1] ^ tweak.u[1]; scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1];
#endif #endif
(*ctx->block1) (scratch.c, scratch.c, ctx->key1); (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
#if defined(STRICT_ALIGNMENT) #if defined(STRICT_ALIGNMENT)
@ -54,8 +62,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
scratch.u[1] ^= tweak.u[1]; scratch.u[1] ^= tweak.u[1];
memcpy(out, scratch.c, 16); memcpy(out, scratch.c, 16);
#else #else
((u64 *)out)[0] = scratch.u[0] ^= tweak.u[0]; ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0];
((u64 *)out)[1] = scratch.u[1] ^= tweak.u[1]; ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1];
#endif #endif
inp += 16; inp += 16;
out += 16; out += 16;
@ -128,8 +136,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
scratch.u[0] ^= tweak1.u[0]; scratch.u[0] ^= tweak1.u[0];
scratch.u[1] ^= tweak1.u[1]; scratch.u[1] ^= tweak1.u[1];
#else #else
scratch.u[0] = ((u64 *)inp)[0] ^ tweak1.u[0]; scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0];
scratch.u[1] = ((u64 *)inp)[1] ^ tweak1.u[1]; scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1];
#endif #endif
(*ctx->block1) (scratch.c, scratch.c, ctx->key1); (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
scratch.u[0] ^= tweak1.u[0]; scratch.u[0] ^= tweak1.u[0];
@ -148,8 +156,8 @@ int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
scratch.u[1] ^= tweak.u[1]; scratch.u[1] ^= tweak.u[1];
memcpy(out, scratch.c, 16); memcpy(out, scratch.c, 16);
#else #else
((u64 *)out)[0] = scratch.u[0] ^ tweak.u[0]; ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0];
((u64 *)out)[1] = scratch.u[1] ^ tweak.u[1]; ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1];
#endif #endif
} }

4
crypto/openssl/crypto/o_str.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -220,7 +220,7 @@ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
int openssl_strerror_r(int errnum, char *buf, size_t buflen) int openssl_strerror_r(int errnum, char *buf, size_t buflen)
{ {
#if defined(_MSC_VER) && _MSC_VER>=1400 #if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE)
return !strerror_s(buf, buflen, errnum); return !strerror_s(buf, buflen, errnum);
#elif defined(_GNU_SOURCE) #elif defined(_GNU_SOURCE)
char *err; char *err;

4
crypto/openssl/crypto/o_time.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -41,7 +41,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
if (gmtime_r(timer, result) == NULL) if (gmtime_r(timer, result) == NULL)
return NULL; return NULL;
ts = result; ts = result;
#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 #elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE)
if (gmtime_s(result, timer)) if (gmtime_s(result, timer))
return NULL; return NULL;
ts = result; ts = result;

6
crypto/openssl/crypto/pem/pem_err.c
View File

@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -60,6 +60,8 @@ static const ERR_STRING_DATA PEM_str_functs[] = {
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"},
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"},
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"},
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0),
"PEM_write_bio_PrivateKey_traditional"},
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0), {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0),
"PEM_write_PrivateKey"}, "PEM_write_PrivateKey"},
{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"}, {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"},
@ -109,6 +111,8 @@ static const ERR_STRING_DATA PEM_str_reasons[] = {
"unsupported encryption"}, "unsupported encryption"},
{ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
"unsupported key components"}, "unsupported key components"},
{ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
"unsupported public key type"},
{0, NULL} {0, NULL}
}; };

34
crypto/openssl/crypto/pem/pem_lib.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -332,7 +332,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
} }
} }
if ((dsize = i2d(x, NULL)) < 0) { if ((dsize = i2d(x, NULL)) <= 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
dsize = 0; dsize = 0;
goto err; goto err;
@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
{ {
BIO *tmp = *header; BIO *tmp = *header;
char *linebuf, *p; char *linebuf, *p;
int len, line, ret = 0, end = 0; int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
/* 0 if not seen (yet), 1 if reading header, 2 if finished header */ /* 0 if not seen (yet), 1 if reading header, 2 if finished header */
enum header_status got_header = MAYBE_HEADER; enum header_status got_header = MAYBE_HEADER;
unsigned int flags_mask; unsigned int flags_mask;
@ -809,10 +809,18 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
flags_mask = ~0u; flags_mask = ~0u;
len = BIO_gets(bp, linebuf, LINESIZE); len = BIO_gets(bp, linebuf, LINESIZE);
if (len <= 0) { if (len <= 0) {
PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_SHORT_HEADER); PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
goto err; goto err;
} }
/*
* Check if line has been read completely or if only part of the line
* has been read. Keep the previous value to ignore newlines that
* appear due to reading a line up until the char before the newline.
*/
prev_partial_line_read = partial_line_read;
partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n';
if (got_header == MAYBE_HEADER) { if (got_header == MAYBE_HEADER) {
if (memchr(linebuf, ':', len) != NULL) if (memchr(linebuf, ':', len) != NULL)
got_header = IN_HEADER; got_header = IN_HEADER;
@ -823,13 +831,19 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
/* Check for end of header. */ /* Check for end of header. */
if (linebuf[0] == '\n') { if (linebuf[0] == '\n') {
if (got_header == POST_HEADER) { /*
/* Another blank line is an error. */ * If previous line has been read only partially this newline is a
PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE); * regular newline at the end of a line and not an empty line.
goto err; */
if (!prev_partial_line_read) {
if (got_header == POST_HEADER) {
/* Another blank line is an error. */
PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
goto err;
}
got_header = POST_HEADER;
tmp = *data;
} }
got_header = POST_HEADER;
tmp = *data;
continue; continue;
} }

8
crypto/openssl/crypto/pem/pem_pkey.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -108,6 +108,12 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
pem_password_cb *cb, void *u) pem_password_cb *cb, void *u)
{ {
char pem_str[80]; char pem_str[80];
if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) {
PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL,
PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return 0;
}
BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
pem_str, bp, x, enc, kstr, klen, cb, u); pem_str, bp, x, enc, kstr, klen, cb, u);

12
crypto/openssl/crypto/pem/pvkfmt.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -29,10 +29,10 @@ static unsigned int read_ledword(const unsigned char **in)
{ {
const unsigned char *p = *in; const unsigned char *p = *in;
unsigned int ret; unsigned int ret;
ret = *p++; ret = (unsigned int)*p++;
ret |= (*p++ << 8); ret |= (unsigned int)*p++ << 8;
ret |= (*p++ << 16); ret |= (unsigned int)*p++ << 16;
ret |= (*p++ << 24); ret |= (unsigned int)*p++ << 24;
*in = p; *in = p;
return ret; return ret;
} }
@ -875,9 +875,9 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
wrlen = BIO_write(out, tmp, outlen); wrlen = BIO_write(out, tmp, outlen);
OPENSSL_free(tmp); OPENSSL_free(tmp);
if (wrlen == outlen) { if (wrlen == outlen) {
PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
return outlen; return outlen;
} }
PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
return -1; return -1;
} }

200
crypto/openssl/crypto/rand/drbg_ctr.c
View File

@ -63,15 +63,15 @@ static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
* Process a complete block using BCC algorithm of SP 800-90A 10.3.3 * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
*/ */
__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out, __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
const unsigned char *in) const unsigned char *in, int len)
{ {
int i, outlen = AES_BLOCK_SIZE; int i, outlen = AES_BLOCK_SIZE;
for (i = 0; i < 16; i++) for (i = 0; i < len; i++)
out[i] ^= in[i]; out[i] ^= in[i];
if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, AES_BLOCK_SIZE) if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len)
|| outlen != AES_BLOCK_SIZE) || outlen != len)
return 0; return 0;
return 1; return 1;
} }
@ -82,12 +82,16 @@ __owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
*/ */
__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in) __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
{ {
if (!ctr_BCC_block(ctr, ctr->KX, in) unsigned char in_tmp[48];
|| !ctr_BCC_block(ctr, ctr->KX + 16, in)) unsigned char num_of_blk = 2;
return 0;
if (ctr->keylen != 16 && !ctr_BCC_block(ctr, ctr->KX + 32, in)) memcpy(in_tmp, in, 16);
return 0; memcpy(in_tmp + 16, in, 16);
return 1; if (ctr->keylen != 16) {
memcpy(in_tmp + 32, in, 16);
num_of_blk = 3;
}
return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk);
} }
/* /*
@ -96,19 +100,14 @@ __owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
*/ */
__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr) __owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
{ {
unsigned char bltmp[48] = {0};
unsigned char num_of_blk;
memset(ctr->KX, 0, 48); memset(ctr->KX, 0, 48);
memset(ctr->bltmp, 0, 16); num_of_blk = ctr->keylen == 16 ? 2 : 3;
if (!ctr_BCC_block(ctr, ctr->KX, ctr->bltmp)) bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1;
return 0; bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2;
ctr->bltmp[3] = 1; return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE);
if (!ctr_BCC_block(ctr, ctr->KX + 16, ctr->bltmp))
return 0;
if (ctr->keylen != 16) {
ctr->bltmp[3] = 2;
if (!ctr_BCC_block(ctr, ctr->KX + 32, ctr->bltmp))
return 0;
}
return 1;
} }
/* /*
@ -197,20 +196,20 @@ __owur static int ctr_df(RAND_DRBG_CTR *ctr,
|| !ctr_BCC_final(ctr)) || !ctr_BCC_final(ctr))
return 0; return 0;
/* Set up key K */ /* Set up key K */
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->KX, NULL, 1)) if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1))
return 0; return 0;
/* X follows key K */ /* X follows key K */
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX, &outlen, ctr->KX + ctr->keylen, if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen,
AES_BLOCK_SIZE) AES_BLOCK_SIZE)
|| outlen != AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE)
return 0; return 0;
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 16, &outlen, ctr->KX, if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX,
AES_BLOCK_SIZE) AES_BLOCK_SIZE)
|| outlen != AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE)
return 0; return 0;
if (ctr->keylen != 16) if (ctr->keylen != 16)
if (!EVP_CipherUpdate(ctr->ctx, ctr->KX + 32, &outlen, ctr->KX + 16, if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen,
AES_BLOCK_SIZE) ctr->KX + 16, AES_BLOCK_SIZE)
|| outlen != AES_BLOCK_SIZE) || outlen != AES_BLOCK_SIZE)
return 0; return 0;
return 1; return 1;
@ -229,31 +228,25 @@ __owur static int ctr_update(RAND_DRBG *drbg,
{ {
RAND_DRBG_CTR *ctr = &drbg->data.ctr; RAND_DRBG_CTR *ctr = &drbg->data.ctr;
int outlen = AES_BLOCK_SIZE; int outlen = AES_BLOCK_SIZE;
unsigned char V_tmp[48], out[48];
unsigned char len;
/* correct key is already set up. */ /* correct key is already set up. */
memcpy(V_tmp, ctr->V, 16);
inc_128(ctr); inc_128(ctr);
if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outlen, ctr->V, AES_BLOCK_SIZE) memcpy(V_tmp + 16, ctr->V, 16);
|| outlen != AES_BLOCK_SIZE) if (ctr->keylen == 16) {
return 0; len = 32;
} else {
/* If keylen longer than 128 bits need extra encrypt */
if (ctr->keylen != 16) {
inc_128(ctr); inc_128(ctr);
if (!EVP_CipherUpdate(ctr->ctx, ctr->K+16, &outlen, ctr->V, memcpy(V_tmp + 32, ctr->V, 16);
AES_BLOCK_SIZE) len = 48;
|| outlen != AES_BLOCK_SIZE)
return 0;
} }
inc_128(ctr); if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len)
if (!EVP_CipherUpdate(ctr->ctx, ctr->V, &outlen, ctr->V, AES_BLOCK_SIZE) || outlen != len)
|| outlen != AES_BLOCK_SIZE)
return 0; return 0;
memcpy(ctr->K, out, ctr->keylen);
/* If 192 bit key part of V is on end of K */ memcpy(ctr->V, out + ctr->keylen, 16);
if (ctr->keylen == 24) {
memcpy(ctr->V + 8, ctr->V, 8);
memcpy(ctr->V, ctr->K + 24, 8);
}
if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) { if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
/* If no input reuse existing derived value */ /* If no input reuse existing derived value */
@ -268,7 +261,8 @@ __owur static int ctr_update(RAND_DRBG *drbg,
ctr_XOR(ctr, in2, in2len); ctr_XOR(ctr, in2, in2len);
} }
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)
|| !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1))
return 0; return 0;
return 1; return 1;
} }
@ -285,8 +279,10 @@ __owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
memset(ctr->K, 0, sizeof(ctr->K)); memset(ctr->K, 0, sizeof(ctr->K));
memset(ctr->V, 0, sizeof(ctr->V)); memset(ctr->V, 0, sizeof(ctr->V));
if (!EVP_CipherInit_ex(ctr->ctx, ctr->cipher, NULL, ctr->K, NULL, 1)) if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1))
return 0; return 0;
inc_128(ctr);
if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen)) if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
return 0; return 0;
return 1; return 1;
@ -296,20 +292,40 @@ __owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
const unsigned char *entropy, size_t entropylen, const unsigned char *entropy, size_t entropylen,
const unsigned char *adin, size_t adinlen) const unsigned char *adin, size_t adinlen)
{ {
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
if (entropy == NULL) if (entropy == NULL)
return 0; return 0;
inc_128(ctr);
if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0)) if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
return 0; return 0;
return 1; return 1;
} }
static void ctr96_inc(unsigned char *counter)
{
u32 n = 12, c = 1;
do {
--n;
c += counter[n];
counter[n] = (u8)c;
c >>= 8;
} while (n);
}
__owur static int drbg_ctr_generate(RAND_DRBG *drbg, __owur static int drbg_ctr_generate(RAND_DRBG *drbg,
unsigned char *out, size_t outlen, unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adinlen) const unsigned char *adin, size_t adinlen)
{ {
RAND_DRBG_CTR *ctr = &drbg->data.ctr; RAND_DRBG_CTR *ctr = &drbg->data.ctr;
unsigned int ctr32, blocks;
int outl, buflen;
if (adin != NULL && adinlen != 0) { if (adin != NULL && adinlen != 0) {
inc_128(ctr);
if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
return 0; return 0;
/* This means we reuse derived value */ /* This means we reuse derived value */
@ -321,28 +337,53 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg,
adinlen = 0; adinlen = 0;
} }
for ( ; ; ) { inc_128(ctr);
int outl = AES_BLOCK_SIZE;
if (outlen == 0) {
inc_128(ctr); inc_128(ctr);
if (outlen < 16) {
/* Use K as temp space as it will be updated */ if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
if (!EVP_CipherUpdate(ctr->ctx, ctr->K, &outl, ctr->V,
AES_BLOCK_SIZE)
|| outl != AES_BLOCK_SIZE)
return 0;
memcpy(out, ctr->K, outlen);
break;
}
if (!EVP_CipherUpdate(ctr->ctx, out, &outl, ctr->V, AES_BLOCK_SIZE)
|| outl != AES_BLOCK_SIZE)
return 0; return 0;
out += 16; return 1;
outlen -= 16;
if (outlen == 0)
break;
} }
memset(out, 0, outlen);
do {
if (!EVP_CipherInit_ex(ctr->ctx_ctr,
NULL, NULL, NULL, ctr->V, -1))
return 0;
/*-
* outlen has type size_t while EVP_CipherUpdate takes an
* int argument and thus cannot be guaranteed to process more
* than 2^31-1 bytes at a time. We process such huge generate
* requests in 2^30 byte chunks, which is the greatest multiple
* of AES block size lower than or equal to 2^31-1.
*/
buflen = outlen > (1U << 30) ? (1U << 30) : outlen;
blocks = (buflen + 15) / 16;
ctr32 = GETU32(ctr->V + 12) + blocks;
if (ctr32 < blocks) {
/* 32-bit counter overflow into V. */
if (ctr32 != 0) {
blocks -= ctr32;
buflen = blocks * 16;
ctr32 = 0;
}
ctr96_inc(ctr->V);
}
PUTU32(ctr->V + 12, ctr32);
if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen)
|| outl != buflen)
return 0;
out += buflen;
outlen -= buflen;
} while (outlen);
if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0)) if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
return 0; return 0;
return 1; return 1;
@ -350,7 +391,8 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg,
static int drbg_ctr_uninstantiate(RAND_DRBG *drbg) static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
{ {
EVP_CIPHER_CTX_free(drbg->data.ctr.ctx); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb);
EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr);
EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df); EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr)); OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
return 1; return 1;
@ -374,25 +416,36 @@ int drbg_ctr_init(RAND_DRBG *drbg)
return 0; return 0;
case NID_aes_128_ctr: case NID_aes_128_ctr:
keylen = 16; keylen = 16;
ctr->cipher = EVP_aes_128_ecb(); ctr->cipher_ecb = EVP_aes_128_ecb();
ctr->cipher_ctr = EVP_aes_128_ctr();
break; break;
case NID_aes_192_ctr: case NID_aes_192_ctr:
keylen = 24; keylen = 24;
ctr->cipher = EVP_aes_192_ecb(); ctr->cipher_ecb = EVP_aes_192_ecb();
ctr->cipher_ctr = EVP_aes_192_ctr();
break; break;
case NID_aes_256_ctr: case NID_aes_256_ctr:
keylen = 32; keylen = 32;
ctr->cipher = EVP_aes_256_ecb(); ctr->cipher_ecb = EVP_aes_256_ecb();
ctr->cipher_ctr = EVP_aes_256_ctr();
break; break;
} }
drbg->meth = &drbg_ctr_meth; drbg->meth = &drbg_ctr_meth;
ctr->keylen = keylen; ctr->keylen = keylen;
if (ctr->ctx == NULL) if (ctr->ctx_ecb == NULL)
ctr->ctx = EVP_CIPHER_CTX_new(); ctr->ctx_ecb = EVP_CIPHER_CTX_new();
if (ctr->ctx == NULL) if (ctr->ctx_ctr == NULL)
ctr->ctx_ctr = EVP_CIPHER_CTX_new();
if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL
|| !EVP_CipherInit_ex(ctr->ctx_ecb,
ctr->cipher_ecb, NULL, NULL, NULL, 1)
|| !EVP_CipherInit_ex(ctr->ctx_ctr,
ctr->cipher_ctr, NULL, NULL, NULL, 1))
return 0; return 0;
drbg->meth = &drbg_ctr_meth;
drbg->strength = keylen * 8; drbg->strength = keylen * 8;
drbg->seedlen = keylen + 16; drbg->seedlen = keylen + 16;
@ -410,7 +463,8 @@ int drbg_ctr_init(RAND_DRBG *drbg)
if (ctr->ctx_df == NULL) if (ctr->ctx_df == NULL)
return 0; return 0;
/* Set key schedule for df_key */ /* Set key schedule for df_key */
if (!EVP_CipherInit_ex(ctr->ctx_df, ctr->cipher, NULL, df_key, NULL, 1)) if (!EVP_CipherInit_ex(ctr->ctx_df,
ctr->cipher_ecb, NULL, df_key, NULL, 1))
return 0; return 0;
drbg->min_entropylen = ctr->keylen; drbg->min_entropylen = ctr->keylen;

58
crypto/openssl/crypto/rand/drbg_lib.c
View File

@ -327,13 +327,6 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
max_entropylen += drbg->max_noncelen; max_entropylen += drbg->max_noncelen;
} }
drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
if (drbg->reseed_next_counter) {
drbg->reseed_next_counter++;
if(!drbg->reseed_next_counter)
drbg->reseed_next_counter = 1;
}
if (drbg->get_entropy != NULL) if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, min_entropy, entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
min_entropylen, max_entropylen, 0); min_entropylen, max_entropylen, 0);
@ -359,9 +352,15 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
} }
drbg->state = DRBG_READY; drbg->state = DRBG_READY;
drbg->reseed_gen_counter = 1; drbg->generate_counter = 1;
drbg->reseed_time = time(NULL); drbg->reseed_time = time(NULL);
tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); if (drbg->enable_reseed_propagation) {
if (drbg->parent == NULL)
tsan_counter(&drbg->reseed_counter);
else
tsan_store(&drbg->reseed_counter,
tsan_load(&drbg->parent->reseed_counter));
}
end: end:
if (entropy != NULL && drbg->cleanup_entropy != NULL) if (entropy != NULL && drbg->cleanup_entropy != NULL)
@ -428,14 +427,6 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
} }
drbg->state = DRBG_ERROR; drbg->state = DRBG_ERROR;
drbg->reseed_next_counter = tsan_load(&drbg->reseed_prop_counter);
if (drbg->reseed_next_counter) {
drbg->reseed_next_counter++;
if(!drbg->reseed_next_counter)
drbg->reseed_next_counter = 1;
}
if (drbg->get_entropy != NULL) if (drbg->get_entropy != NULL)
entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
drbg->min_entropylen, drbg->min_entropylen,
@ -451,9 +442,15 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
goto end; goto end;
drbg->state = DRBG_READY; drbg->state = DRBG_READY;
drbg->reseed_gen_counter = 1; drbg->generate_counter = 1;
drbg->reseed_time = time(NULL); drbg->reseed_time = time(NULL);
tsan_store(&drbg->reseed_prop_counter, drbg->reseed_next_counter); if (drbg->enable_reseed_propagation) {
if (drbg->parent == NULL)
tsan_counter(&drbg->reseed_counter);
else
tsan_store(&drbg->reseed_counter,
tsan_load(&drbg->parent->reseed_counter));
}
end: end:
if (entropy != NULL && drbg->cleanup_entropy != NULL) if (entropy != NULL && drbg->cleanup_entropy != NULL)
@ -554,7 +551,9 @@ int rand_drbg_restart(RAND_DRBG *drbg,
drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
} else if (reseeded == 0) { } else if (reseeded == 0) {
/* do a full reseeding if it has not been done yet above */ /* do a full reseeding if it has not been done yet above */
RAND_DRBG_reseed(drbg, NULL, 0, 0); if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
}
} }
} }
@ -612,7 +611,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
} }
if (drbg->reseed_interval > 0) { if (drbg->reseed_interval > 0) {
if (drbg->reseed_gen_counter >= drbg->reseed_interval) if (drbg->generate_counter >= drbg->reseed_interval)
reseed_required = 1; reseed_required = 1;
} }
if (drbg->reseed_time_interval > 0) { if (drbg->reseed_time_interval > 0) {
@ -621,11 +620,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
|| now - drbg->reseed_time >= drbg->reseed_time_interval) || now - drbg->reseed_time >= drbg->reseed_time_interval)
reseed_required = 1; reseed_required = 1;
} }
if (drbg->parent != NULL) { if (drbg->enable_reseed_propagation && drbg->parent != NULL) {
unsigned int reseed_counter = tsan_load(&drbg->reseed_prop_counter); if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter))
if (reseed_counter > 0
&& tsan_load(&drbg->parent->reseed_prop_counter)
!= reseed_counter)
reseed_required = 1; reseed_required = 1;
} }
@ -644,7 +640,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
return 0; return 0;
} }
drbg->reseed_gen_counter++; drbg->generate_counter++;
return 1; return 1;
} }
@ -706,8 +702,7 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
RAND_DRBG_get_nonce_fn get_nonce, RAND_DRBG_get_nonce_fn get_nonce,
RAND_DRBG_cleanup_nonce_fn cleanup_nonce) RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
{ {
if (drbg->state != DRBG_UNINITIALISED if (drbg->state != DRBG_UNINITIALISED)
|| drbg->parent != NULL)
return 0; return 0;
drbg->get_entropy = get_entropy; drbg->get_entropy = get_entropy;
drbg->cleanup_entropy = cleanup_entropy; drbg->cleanup_entropy = cleanup_entropy;
@ -883,8 +878,9 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
if (parent == NULL && rand_drbg_enable_locking(drbg) == 0) if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
goto err; goto err;
/* enable seed propagation */ /* enable reseed propagation */
tsan_store(&drbg->reseed_prop_counter, 1); drbg->enable_reseed_propagation = 1;
drbg->reseed_counter = 1;
/* /*
* Ignore instantiation error to support just-in-time instantiation. * Ignore instantiation error to support just-in-time instantiation.

2
crypto/openssl/crypto/rand/rand_lib.c
View File

@ -174,8 +174,6 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
prediction_resistance, prediction_resistance,
(unsigned char *)&drbg, sizeof(drbg)) != 0) (unsigned char *)&drbg, sizeof(drbg)) != 0)
bytes = bytes_needed; bytes = bytes_needed;
drbg->reseed_next_counter
= tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent); rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes); rand_pool_add_end(pool, bytes, 8 * bytes);

19
crypto/openssl/crypto/rand/rand_local.h
View File

@ -138,9 +138,11 @@ typedef struct rand_drbg_method_st {
* The state of a DRBG AES-CTR. * The state of a DRBG AES-CTR.
*/ */
typedef struct rand_drbg_ctr_st { typedef struct rand_drbg_ctr_st {
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx_ecb;
EVP_CIPHER_CTX *ctx_ctr;
EVP_CIPHER_CTX *ctx_df; EVP_CIPHER_CTX *ctx_df;
const EVP_CIPHER *cipher; const EVP_CIPHER *cipher_ecb;
const EVP_CIPHER *cipher_ctr;
size_t keylen; size_t keylen;
unsigned char K[32]; unsigned char K[32];
unsigned char V[16]; unsigned char V[16];
@ -233,7 +235,7 @@ struct rand_drbg_st {
size_t max_perslen, max_adinlen; size_t max_perslen, max_adinlen;
/* Counts the number of generate requests since the last reseed. */ /* Counts the number of generate requests since the last reseed. */
unsigned int reseed_gen_counter; unsigned int generate_counter;
/* /*
* Maximum number of generate requests until a reseed is required. * Maximum number of generate requests until a reseed is required.
* This value is ignored if it is zero. * This value is ignored if it is zero.
@ -246,9 +248,15 @@ struct rand_drbg_st {
* This value is ignored if it is zero. * This value is ignored if it is zero.
*/ */
time_t reseed_time_interval; time_t reseed_time_interval;
/*
* Enables reseed propagation (see following comment)
*/
unsigned int enable_reseed_propagation;
/* /*
* Counts the number of reseeds since instantiation. * Counts the number of reseeds since instantiation.
* This value is ignored if it is zero. * This value is ignored if enable_reseed_propagation is zero.
* *
* This counter is used only for seed propagation from the <master> DRBG * This counter is used only for seed propagation from the <master> DRBG
* to its two children, the <public> and <private> DRBG. This feature is * to its two children, the <public> and <private> DRBG. This feature is
@ -256,8 +264,7 @@ struct rand_drbg_st {
* is added by RAND_add() or RAND_seed() will have an immediate effect on * is added by RAND_add() or RAND_seed() will have an immediate effect on
* the output of RAND_bytes() resp. RAND_priv_bytes(). * the output of RAND_bytes() resp. RAND_priv_bytes().
*/ */
TSAN_QUALIFIER unsigned int reseed_prop_counter; TSAN_QUALIFIER unsigned int reseed_counter;
unsigned int reseed_next_counter;
size_t seedlen; size_t seedlen;
DRBG_STATUS state; DRBG_STATUS state;

13
crypto/openssl/crypto/rand/rand_unix.c
View File

@ -26,12 +26,12 @@
# include <sys/utsname.h> # include <sys/utsname.h>
# endif # endif
#endif #endif
#if defined(__FreeBSD__) && !defined(OPENSSL_SYS_UEFI) #if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
# include <sys/types.h> # include <sys/types.h>
# include <sys/sysctl.h> # include <sys/sysctl.h>
# include <sys/param.h> # include <sys/param.h>
#endif #endif
#if defined(__OpenBSD__) || defined(__NetBSD__) #if defined(__OpenBSD__)
# include <sys/param.h> # include <sys/param.h>
#endif #endif
@ -247,10 +247,12 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
* when the sysctl returns long and we want to request something not a * when the sysctl returns long and we want to request something not a
* multiple of longs, which should never be the case. * multiple of longs, which should never be the case.
*/ */
#if defined(__FreeBSD__)
if (!ossl_assert(buflen % sizeof(long) == 0)) { if (!ossl_assert(buflen % sizeof(long) == 0)) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
#endif
/* /*
* On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
@ -268,7 +270,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
mib[1] = KERN_ARND; mib[1] = KERN_ARND;
do { do {
len = buflen; len = buflen > 256 ? 256 : buflen;
if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
return done > 0 ? done : -1; return done > 0 ? done : -1;
done += len; done += len;
@ -409,7 +411,8 @@ static struct random_device {
} random_devices[OSSL_NELEM(random_device_paths)]; } random_devices[OSSL_NELEM(random_device_paths)];
static int keep_random_devices_open = 1; static int keep_random_devices_open = 1;
# if defined(__linux) && defined(DEVRANDOM_WAIT) # if defined(__linux) && defined(DEVRANDOM_WAIT) \
&& defined(OPENSSL_RAND_SEED_GETRANDOM)
static void *shm_addr; static void *shm_addr;
static void cleanup_shm(void) static void cleanup_shm(void)
@ -487,7 +490,7 @@ static int wait_random_seeded(void)
} }
return seeded; return seeded;
} }
# else /* defined __linux */ # else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */
static int wait_random_seeded(void) static int wait_random_seeded(void)
{ {
return 1; return 1;

4
crypto/openssl/crypto/rand/randfile.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -26,7 +26,7 @@
#ifndef OPENSSL_NO_POSIX_IO #ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h> # include <sys/stat.h>
# include <fcntl.h> # include <fcntl.h>
# ifdef _WIN32 # if defined(_WIN32) && !defined(_WIN32_WCE)
# include <windows.h> # include <windows.h>
# include <io.h> # include <io.h>
# define stat _stat # define stat _stat

11
crypto/openssl/crypto/rsa/rsa_ameth.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -118,6 +118,15 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{ {
/*
* Don't check the public/private key, this is mostly for smart
* cards.
*/
if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
|| (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
return 1;
}
if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
|| BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
return 0; return 0;

38
crypto/openssl/crypto/store/loader_file.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
} }
} else { } else {
int i; int i;
#ifndef OPENSSL_NO_ENGINE
ENGINE *curengine = ENGINE_get_first();
while (curengine != NULL) {
ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
ENGINE_get_pkey_asn1_meths(curengine);
if (asn1meths != NULL) {
const int *nids = NULL;
int nids_n = asn1meths(curengine, NULL, &nids, 0);
for (i = 0; i < nids_n; i++) {
EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
EVP_PKEY *tmp_pkey = NULL;
const unsigned char *tmp_blob = blob;
if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
continue;
if (ameth2 == NULL
|| ameth2->pkey_flags & ASN1_PKEY_ALIAS)
continue;
tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL,
&tmp_blob, len);
if (tmp_pkey != NULL) {
if (pkey != NULL)
EVP_PKEY_free(tmp_pkey);
else
pkey = tmp_pkey;
(*matchcount)++;
}
}
}
curengine = ENGINE_get_next(curengine);
}
#endif
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
EVP_PKEY *tmp_pkey = NULL; EVP_PKEY *tmp_pkey = NULL;

8
crypto/openssl/crypto/store/store_lib.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -218,7 +218,11 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
int OSSL_STORE_close(OSSL_STORE_CTX *ctx) int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
{ {
int loader_ret = ctx->loader->close(ctx->loader_ctx); int loader_ret;
if (ctx == NULL)
return 1;
loader_ret = ctx->loader->close(ctx->loader_ctx);
OPENSSL_free(ctx); OPENSSL_free(ctx);
return loader_ret; return loader_ret;

2
crypto/openssl/crypto/ts/ts_rsp_sign.c
View File

@ -57,12 +57,14 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
goto err; goto err;
if (!ASN1_INTEGER_set(serial, 1)) if (!ASN1_INTEGER_set(serial, 1))
goto err; goto err;
return serial; return serial;
err: err:
TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
"Error during serial number generation."); "Error during serial number generation.");
ASN1_INTEGER_free(serial);
return NULL; return NULL;
} }

12
crypto/openssl/crypto/ui/ui_openssl.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -439,6 +439,16 @@ static int open_console(UI *ui)
is_a_tty = 0; is_a_tty = 0;
else else
# endif # endif
# ifdef EPERM
/*
* Linux can return EPERM (Operation not permitted),
* e.g. if a daemon executes openssl via fork()+execve()
* This should be ok
*/
if (errno == EPERM)
is_a_tty = 0;
else
# endif
# ifdef ENODEV # ifdef ENODEV
/* /*
* MacOS X returns ENODEV (Operation not supported by device), * MacOS X returns ENODEV (Operation not supported by device),

34
crypto/openssl/crypto/whrlpool/wp_block.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -63,6 +63,20 @@ typedef unsigned long long u64;
# undef STRICT_ALIGNMENT # undef STRICT_ALIGNMENT
#endif #endif
#ifndef STRICT_ALIGNMENT
# ifdef __GNUC__
typedef u64 u64_a1 __attribute((__aligned__(1)));
# else
typedef u64 u64_a1;
# endif
#endif
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
typedef u64 u64_aX __attribute((__aligned__(1)));
#else
typedef u64 u64_aX;
#endif
#undef SMALL_REGISTER_BANK #undef SMALL_REGISTER_BANK
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) #if defined(__i386) || defined(__i386__) || defined(_M_IX86)
# define SMALL_REGISTER_BANK # define SMALL_REGISTER_BANK
@ -191,13 +205,13 @@ typedef unsigned long long u64;
# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ # define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
c0,c1,c2,c3,c4,c5,c6,c7 c0,c1,c2,c3,c4,c5,c6,c7
# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) # define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) # define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]])
# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) # define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]])
# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) # define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]])
# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) # define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]])
# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) # define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]])
# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) # define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]])
# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) # define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]])
#endif #endif
static const static const
@ -531,7 +545,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
} else } else
# endif # endif
{ {
const u64 *pa = (const u64 *)p; const u64_aX *pa = (const u64_aX *)p;
S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
@ -769,7 +783,7 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
} else } else
# endif # endif
{ {
const u64 *pa = (const u64 *)p; const u64_aX *pa = (const u64_aX *)p;
H->q[0] ^= S.q[0] ^ pa[0]; H->q[0] ^= S.q[0] ^ pa[0];
H->q[1] ^= S.q[1] ^ pa[1]; H->q[1] ^= S.q[1] ^ pa[1];
H->q[2] ^= S.q[2] ^ pa[2]; H->q[2] ^= S.q[2] ^ pa[2];

3
crypto/openssl/crypto/x509/x509_err.c
View File

@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -79,6 +79,7 @@ static const ERR_STRING_DATA X509_str_functs[] = {
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0), {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
"x509_pubkey_decode"}, "x509_pubkey_decode"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"}, {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
{ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0), {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),

4
crypto/openssl/crypto/x509/x509_local.h
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -145,3 +145,5 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg, void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
const ASN1_STRING *sig); const ASN1_STRING *sig);
int x509_likely_issued(X509 *issuer, X509 *subject);
int x509_signing_allowed(const X509 *issuer, const X509 *subject);

14
crypto/openssl/crypto/x509/x509_req.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -286,6 +286,18 @@ void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
*palg = &req->sig_alg; *palg = &req->sig_alg;
} }
void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
{
if (req->signature)
ASN1_BIT_STRING_free(req->signature);
req->signature = psig;
}
int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
{
return X509_ALGOR_copy(&req->sig_alg, palg);
}
int X509_REQ_get_signature_nid(const X509_REQ *req) int X509_REQ_get_signature_nid(const X509_REQ *req)
{ {
return OBJ_obj2nid(req->sig_alg.algorithm); return OBJ_obj2nid(req->sig_alg.algorithm);

4
crypto/openssl/crypto/x509/x509_txt.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -174,6 +174,8 @@ const char *X509_verify_cert_error_string(long n)
return "OCSP verification failed"; return "OCSP verification failed";
case X509_V_ERR_OCSP_CERT_UNKNOWN: case X509_V_ERR_OCSP_CERT_UNKNOWN:
return "OCSP unknown cert"; return "OCSP unknown cert";
case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
return "Certificate public key has explicit ECC parameters";
default: default:
/* Printing an error number into a static buffer is not thread-safe */ /* Printing an error number into a static buffer is not thread-safe */

176
crypto/openssl/crypto/x509/x509_vfy.c
View File

@ -80,6 +80,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
static int check_curve(X509 *cert);
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
unsigned int *preasons, X509_CRL *crl, X509 *x); unsigned int *preasons, X509_CRL *crl, X509 *x);
@ -104,7 +105,12 @@ static int null_callback(int ok, X509_STORE_CTX *e)
return ok; return ok;
} }
/* Return 1 is a certificate is self signed */ /*
* Return 1 if given cert is considered self-signed, 0 if not or on error.
* This does not verify self-signedness but relies on x509v3_cache_extensions()
* matching issuer and subject names (i.e., the cert being self-issued) and any
* present authority key identifier matching the subject key identifier, etc.
*/
static int cert_self_signed(X509 *x) static int cert_self_signed(X509 *x)
{ {
if (X509_check_purpose(x, -1, 0) != 1) if (X509_check_purpose(x, -1, 0) != 1)
@ -131,10 +137,9 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
xtmp = sk_X509_value(certs, i); xtmp = sk_X509_value(certs, i);
if (!X509_cmp(xtmp, x)) if (!X509_cmp(xtmp, x))
break; break;
xtmp = NULL;
} }
if (i < sk_X509_num(certs)) if (xtmp != NULL && !X509_up_ref(xtmp))
X509_up_ref(xtmp);
else
xtmp = NULL; xtmp = NULL;
sk_X509_pop_free(certs, X509_free); sk_X509_pop_free(certs, X509_free);
return xtmp; return xtmp;
@ -267,17 +272,24 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
return -1; return -1;
} }
if (!X509_up_ref(ctx->cert)) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR);
ctx->error = X509_V_ERR_UNSPECIFIED;
return -1;
}
/* /*
* first we make sure the chain we are going to build is present and that * first we make sure the chain we are going to build is present and that
* the first entry is in place * the first entry is in place
*/ */
if (((ctx->chain = sk_X509_new_null()) == NULL) || if ((ctx->chain = sk_X509_new_null()) == NULL
(!sk_X509_push(ctx->chain, ctx->cert))) { || !sk_X509_push(ctx->chain, ctx->cert)) {
X509_free(ctx->cert);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
ctx->error = X509_V_ERR_OUT_OF_MEM; ctx->error = X509_V_ERR_OUT_OF_MEM;
return -1; return -1;
} }
X509_up_ref(ctx->cert);
ctx->num_untrusted = 1; ctx->num_untrusted = 1;
/* If the peer's public key is too weak, we can stop early. */ /* If the peer's public key is too weak, we can stop early. */
@ -319,30 +331,26 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
return rv; return rv;
} }
/* Given a possible certificate and issuer check them */ /*
* Check that the given certificate 'x' is issued by the certificate 'issuer'
* and the issuer is not yet in ctx->chain, where the exceptional case
* that 'x' is self-issued and ctx->chain has just one element is allowed.
*/
static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{ {
int ret; if (x509_likely_issued(issuer, x) != X509_V_OK)
if (x == issuer) return 0;
return cert_self_signed(x); if ((x->ex_flags & EXFLAG_SI) == 0 || sk_X509_num(ctx->chain) != 1) {
ret = X509_check_issued(issuer, x);
if (ret == X509_V_OK) {
int i; int i;
X509 *ch; X509 *ch;
/* Special case: single self signed certificate */
if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1)
return 1;
for (i = 0; i < sk_X509_num(ctx->chain); i++) { for (i = 0; i < sk_X509_num(ctx->chain); i++) {
ch = sk_X509_value(ctx->chain, i); ch = sk_X509_value(ctx->chain, i);
if (ch == issuer || !X509_cmp(ch, issuer)) { if (ch == issuer || X509_cmp(ch, issuer) == 0)
ret = X509_V_ERR_PATH_LOOP; return 0;
break;
}
} }
} }
return 1;
return (ret == X509_V_OK);
} }
/* Alternative lookup method: look from a STACK stored in other_ctx */ /* Alternative lookup method: look from a STACK stored in other_ctx */
@ -350,11 +358,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{ {
*issuer = find_issuer(ctx, ctx->other_ctx, x); *issuer = find_issuer(ctx, ctx->other_ctx, x);
if (*issuer) {
X509_up_ref(*issuer); if (*issuer == NULL || !X509_up_ref(*issuer))
return 1; goto err;
} else
return 0; return 1;
err:
*issuer = NULL;
return 0;
} }
static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
@ -366,15 +378,21 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
x = sk_X509_value(ctx->other_ctx, i); x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_up_ref(x)) {
sk_X509_pop_free(sk, X509_free);
X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR);
ctx->error = X509_V_ERR_UNSPECIFIED;
return NULL;
}
if (sk == NULL) if (sk == NULL)
sk = sk_X509_new_null(); sk = sk_X509_new_null();
if (sk == NULL || sk_X509_push(sk, x) == 0) { if (sk == NULL || !sk_X509_push(sk, x)) {
X509_free(x);
sk_X509_pop_free(sk, X509_free); sk_X509_pop_free(sk, X509_free);
X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
ctx->error = X509_V_ERR_OUT_OF_MEM; ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL; return NULL;
} }
X509_up_ref(x);
} }
} }
return sk; return sk;
@ -508,6 +526,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ret = 1; ret = 1;
break; break;
} }
if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
/* Check for presence of explicit elliptic curve parameters */
ret = check_curve(x);
if (ret < 0)
ctx->error = X509_V_ERR_UNSPECIFIED;
else if (ret == 0)
ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
}
if ((x->ex_flags & EXFLAG_CA) == 0 if ((x->ex_flags & EXFLAG_CA) == 0
&& x->ex_pathlen != -1 && x->ex_pathlen != -1
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
@ -1699,6 +1725,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
return 1; return 1;
} }
/* verify the issuer signatures and cert times of ctx->chain */
static int internal_verify(X509_STORE_CTX *ctx) static int internal_verify(X509_STORE_CTX *ctx)
{ {
int n = sk_X509_num(ctx->chain) - 1; int n = sk_X509_num(ctx->chain) - 1;
@ -1717,7 +1744,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
} }
if (ctx->check_issued(ctx, xi, xi)) if (ctx->check_issued(ctx, xi, xi))
xs = xi; xs = xi; /* the typical case: last cert in the chain is self-issued */
else { else {
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
xs = xi; xs = xi;
@ -1736,22 +1763,50 @@ static int internal_verify(X509_STORE_CTX *ctx)
* is allowed to reset errors (at its own peril). * is allowed to reset errors (at its own peril).
*/ */
while (n >= 0) { while (n >= 0) {
EVP_PKEY *pkey;
/* /*
* Skip signature check for self signed certificates unless explicitly * For each iteration of this loop:
* asked for. It doesn't add any security and just wastes time. If * n is the subject depth
* the issuer's public key is unusable, report the issuer certificate * xs is the subject cert, for which the signature is to be checked
* and its depth (rather than the depth of the subject). * xi is the supposed issuer cert containing the public key to use
* Initially xs == xi if the last cert in the chain is self-issued.
*
* Skip signature check for self-signed certificates unless explicitly
* asked for because it does not add any security and just wastes time.
*/ */
if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)
&& (xi->ex_flags & EXFLAG_SS) != 0)) {
EVP_PKEY *pkey;
/*
* If the issuer's public key is not available or its key usage
* does not support issuing the subject cert, report the issuer
* cert and its depth (rather than n, the depth of the subject).
*/
int issuer_depth = n + (xs == xi ? 0 : 1);
/*
* According to https://tools.ietf.org/html/rfc5280#section-6.1.4
* step (n) we must check any given key usage extension in a CA cert
* when preparing the verification of a certificate issued by it.
* According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3
* we must not verify a certifiate signature if the key usage of the
* CA certificate that issued the certificate prohibits signing.
* In case the 'issuing' certificate is the last in the chain and is
* not a CA certificate but a 'self-issued' end-entity cert (i.e.,
* xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply
* (see https://tools.ietf.org/html/rfc6818#section-2) and thus
* we are free to ignore any key usage restrictions on such certs.
*/
int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
? X509_V_OK : x509_signing_allowed(xi, xs);
if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret))
return 0;
if ((pkey = X509_get0_pubkey(xi)) == NULL) { if ((pkey = X509_get0_pubkey(xi)) == NULL) {
if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) if (!verify_cb_cert(ctx, xi, issuer_depth, ret))
return 0; return 0;
} else if (X509_verify(xs, pkey) <= 0) { } else if (X509_verify(xs, pkey) <= 0) {
if (!verify_cb_cert(ctx, xs, n, ret = X509_V_ERR_CERT_SIGNATURE_FAILURE;
X509_V_ERR_CERT_SIGNATURE_FAILURE)) if (!verify_cb_cert(ctx, xs, n, ret))
return 0; return 0;
} }
} }
@ -3158,7 +3213,16 @@ static int build_chain(X509_STORE_CTX *ctx)
/* Drop this issuer from future consideration */ /* Drop this issuer from future consideration */
(void) sk_X509_delete_ptr(sktmp, xtmp); (void) sk_X509_delete_ptr(sktmp, xtmp);
if (!X509_up_ref(xtmp)) {
X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
trust = X509_TRUST_REJECTED;
ctx->error = X509_V_ERR_UNSPECIFIED;
search = 0;
continue;
}
if (!sk_X509_push(ctx->chain, xtmp)) { if (!sk_X509_push(ctx->chain, xtmp)) {
X509_free(xtmp);
X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
trust = X509_TRUST_REJECTED; trust = X509_TRUST_REJECTED;
ctx->error = X509_V_ERR_OUT_OF_MEM; ctx->error = X509_V_ERR_OUT_OF_MEM;
@ -3166,7 +3230,7 @@ static int build_chain(X509_STORE_CTX *ctx)
continue; continue;
} }
X509_up_ref(x = xtmp); x = xtmp;
++ctx->num_untrusted; ++ctx->num_untrusted;
ss = cert_self_signed(xtmp); ss = cert_self_signed(xtmp);
@ -3257,6 +3321,32 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
} }
/*
* Check whether the public key of ``cert`` does not use explicit params
* for an elliptic curve.
*
* Returns 1 on success, 0 if check fails, -1 for other errors.
*/
static int check_curve(X509 *cert)
{
#ifndef OPENSSL_NO_EC
EVP_PKEY *pkey = X509_get0_pubkey(cert);
/* Unsupported or malformed key */
if (pkey == NULL)
return -1;
if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
int ret;
ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
return ret < 0 ? ret : !ret;
}
#endif
return 1;
}
/* /*
* Check whether the signature digest algorithm of ``cert`` meets the security * Check whether the signature digest algorithm of ``cert`` meets the security
* level of ``ctx``. Should not be checked for trust anchors (whether * level of ``ctx``. Should not be checked for trust anchors (whether

9
crypto/openssl/crypto/x509/x_pubkey.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -169,8 +169,11 @@ EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
{ {
EVP_PKEY *ret = X509_PUBKEY_get0(key); EVP_PKEY *ret = X509_PUBKEY_get0(key);
if (ret != NULL)
EVP_PKEY_up_ref(ret); if (ret != NULL && !EVP_PKEY_up_ref(ret)) {
X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR);
ret = NULL;
}
return ret; return ret;
} }

3
crypto/openssl/crypto/x509v3/pcy_data.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -52,6 +52,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
ret = OPENSSL_zalloc(sizeof(*ret)); ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) { if (ret == NULL) {
X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
ASN1_OBJECT_free(id);
return NULL; return NULL;
} }
ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); ret->expected_policy_set = sk_ASN1_OBJECT_new_null();

3
crypto/openssl/crypto/x509v3/v3_alt.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -275,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
num = sk_GENERAL_NAME_num(ialt); num = sk_GENERAL_NAME_num(ialt);
if (!sk_GENERAL_NAME_reserve(gens, num)) { if (!sk_GENERAL_NAME_reserve(gens, num)) {
X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
sk_GENERAL_NAME_free(ialt);
goto err; goto err;
} }

64
crypto/openssl/crypto/x509v3/v3_purp.c
View File

@ -13,6 +13,7 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/x509_vfy.h> #include <openssl/x509_vfy.h>
#include "crypto/x509.h" #include "crypto/x509.h"
#include "../x509/x509_local.h" /* for x509_signing_allowed() */
#include "internal/tsan_assist.h" #include "internal/tsan_assist.h"
static void x509v3_cache_extensions(X509 *x); static void x509v3_cache_extensions(X509 *x);
@ -344,6 +345,21 @@ static int setup_crldp(X509 *x)
return 1; return 1;
} }
/* Check that issuer public key algorithm matches subject signature algorithm */
static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject)
{
int pkey_nid;
if (pkey == NULL)
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
NULL, &pkey_nid) == 0)
return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey))
return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
return X509_V_OK;
}
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
#define ku_reject(x, usage) \ #define ku_reject(x, usage) \
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
@ -496,11 +512,11 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_INVALID;
/* Does subject name match issuer ? */ /* Does subject name match issuer ? */
if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
x->ex_flags |= EXFLAG_SI; x->ex_flags |= EXFLAG_SI; /* cert is self-issued */
/* If SKID matches AKID also indicate self signed */ if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */
if (X509_check_akid(x, x->akid) == X509_V_OK && /* .. and the signature alg matches the PUBKEY alg: */
!ku_reject(x, KU_KEY_CERT_SIGN)) && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK)
x->ex_flags |= EXFLAG_SS; x->ex_flags |= EXFLAG_SS; /* indicate self-signed */
} }
x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL);
if (x->altname == NULL && i != -1) if (x->altname == NULL && i != -1)
@ -792,6 +808,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
return 1; return 1;
} }
/*-
* Check if certificate I<issuer> is allowed to issue certificate I<subject>
* according to the B<keyUsage> field of I<issuer> if present
* depending on any proxyCertInfo extension of I<subject>.
* Returns 0 for OK, or positive for reason for rejection
* where reason codes match those for X509_verify_cert().
*/
int x509_signing_allowed(const X509 *issuer, const X509 *subject)
{
if (subject->ex_flags & EXFLAG_PROXY) {
if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
} else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
return X509_V_OK;
}
/*- /*-
* Various checks to see if one certificate issued the second. * Various checks to see if one certificate issued the second.
* This can be used to prune a set of possible issuer certificates * This can be used to prune a set of possible issuer certificates
@ -800,12 +833,23 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
* These are: * These are:
* 1. Check issuer_name(subject) == subject_name(issuer) * 1. Check issuer_name(subject) == subject_name(issuer)
* 2. If akid(subject) exists check it matches issuer * 2. If akid(subject) exists check it matches issuer
* 3. If key_usage(issuer) exists check it supports certificate signing * 3. Check that issuer public key algorithm matches subject signature algorithm
* 4. If key_usage(issuer) exists check it supports certificate signing
* returns 0 for OK, positive for reason for mismatch, reasons match * returns 0 for OK, positive for reason for mismatch, reasons match
* codes for X509_verify_cert() * codes for X509_verify_cert()
*/ */
int X509_check_issued(X509 *issuer, X509 *subject) int X509_check_issued(X509 *issuer, X509 *subject)
{
int ret;
if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK)
return ret;
return x509_signing_allowed(issuer, subject);
}
/* do the checks 1., 2., and 3. as described above for X509_check_issued() */
int x509_likely_issued(X509 *issuer, X509 *subject)
{ {
if (X509_NAME_cmp(X509_get_subject_name(issuer), if (X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_issuer_name(subject))) X509_get_issuer_name(subject)))
@ -824,12 +868,8 @@ int X509_check_issued(X509 *issuer, X509 *subject)
return ret; return ret;
} }
if (subject->ex_flags & EXFLAG_PROXY) { /* check if the subject signature alg matches the issuer's PUBKEY alg */
if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) return check_sig_alg_match(X509_get0_pubkey(issuer), subject);
return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
} else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
return X509_V_OK;
} }
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)

10
crypto/openssl/doc/man1/CA.pl.pod
View File

@ -91,7 +91,7 @@ to standard output. Leverages B<openssl ca> command.
=item B<-signCA> =item B<-signCA>
This option is the same as the B<-signreq> option except it uses the This option is the same as the B<-sign> option except it uses the
configuration file section B<v3_ca> and so makes the signed request a configuration file section B<v3_ca> and so makes the signed request a
valid CA certificate. This is useful when creating intermediate CA from valid CA certificate. This is useful when creating intermediate CA from
a root CA. Extra params are passed on to B<openssl ca> command. a root CA. Extra params are passed on to B<openssl ca> command.
@ -143,7 +143,7 @@ the request and finally create a PKCS#12 file containing it.
CA.pl -newca CA.pl -newca
CA.pl -newreq CA.pl -newreq
CA.pl -signreq CA.pl -sign
CA.pl -pkcs12 "My Test Certificate" CA.pl -pkcs12 "My Test Certificate"
=head1 DSA CERTIFICATES =head1 DSA CERTIFICATES
@ -164,7 +164,7 @@ Create the CA directories and files:
CA.pl -newca CA.pl -newca
enter cacert.pem when prompted for the CA file name. enter cacert.pem when prompted for the CA filename.
Create a DSA certificate request and private key (a different set of parameters Create a DSA certificate request and private key (a different set of parameters
can optionally be created first): can optionally be created first):
@ -173,7 +173,7 @@ can optionally be created first):
Sign the request: Sign the request:
CA.pl -signreq CA.pl -sign
=head1 NOTES =head1 NOTES
@ -204,7 +204,7 @@ L<config(5)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/ca.pod
View File

@ -219,7 +219,7 @@ DNs match the order of the request. This is not needed for Xenroll.
=item B<-noemailDN> =item B<-noemailDN>
The DN of a certificate can contain the EMAIL field if present in the The DN of a certificate can contain the EMAIL field if present in the
request DN, however it is good policy just having the e-mail set into request DN, however, it is good policy just having the e-mail set into
the altName extension of the certificate. When this option is set the the altName extension of the certificate. When this option is set the
EMAIL field is removed from the certificate' subject and set only in EMAIL field is removed from the certificate' subject and set only in
the, eventually present, extensions. The B<email_in_dn> keyword can be the, eventually present, extensions. The B<email_in_dn> keyword can be
@ -759,7 +759,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

5
crypto/openssl/doc/man1/dgst.pod
View File

@ -94,8 +94,7 @@ Filename to output to, or standard output by default.
=item B<-sign filename> =item B<-sign filename>
Digitally sign the digest using the private key in "filename". Note this option Digitally sign the digest using the private key in "filename". Note this option
does not support Ed25519 or Ed448 private keys. Use the B<pkeyutl> command does not support Ed25519 or Ed448 private keys.
instead for this.
=item B<-keyform arg> =item B<-keyform arg>
@ -242,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/enc.pod
View File

@ -240,7 +240,7 @@ a strong block cipher, such as AES, in CBC mode.
All the block ciphers normally use PKCS#5 padding, also known as standard All the block ciphers normally use PKCS#5 padding, also known as standard
block padding. This allows a rudimentary integrity or password check to block padding. This allows a rudimentary integrity or password check to
be performed. However since the chance of random data passing the test be performed. However, since the chance of random data passing the test
is better than 1 in 256 it isn't a very good test. is better than 1 in 256 it isn't a very good test.
If padding is disabled then the input data must be a multiple of the cipher If padding is disabled then the input data must be a multiple of the cipher
@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/ocsp.pod
View File

@ -176,7 +176,7 @@ Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
=item B<-host hostname:port>, B<-path pathname> =item B<-host hostname:port>, B<-path pathname>
If the B<host> option is present then the OCSP request is sent to the host If the B<host> option is present then the OCSP request is sent to the host
B<hostname> on port B<port>. B<path> specifies the HTTP path name to use B<hostname> on port B<port>. B<path> specifies the HTTP pathname to use
or "/" by default. This is equivalent to specifying B<-url> with scheme or "/" by default. This is equivalent to specifying B<-url> with scheme
http:// and the given hostname, port, and pathname. http:// and the given hostname, port, and pathname.
@ -490,7 +490,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/pkcs12.pod
View File

@ -245,7 +245,7 @@ This option is only interpreted by MSIE and similar MS software. Normally
encryption purposes but arbitrary length keys for signing. The B<-keysig> encryption purposes but arbitrary length keys for signing. The B<-keysig>
option marks the key for signing only. Signing only keys can be used for option marks the key for signing only. Signing only keys can be used for
S/MIME signing, authenticode (ActiveX control signing) and SSL client S/MIME signing, authenticode (ActiveX control signing) and SSL client
authentication, however due to a bug only MSIE 5.0 and later support authentication, however, due to a bug only MSIE 5.0 and later support
the use of signing only keys for SSL client authentication. the use of signing only keys for SSL client authentication.
=item B<-macalg digest> =item B<-macalg digest>
@ -383,7 +383,7 @@ L<pkcs8(1)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/pkcs8.pod
View File

@ -285,7 +285,7 @@ one million iterations of the password:
Test vectors from this PKCS#5 v2.0 implementation were posted to the Test vectors from this PKCS#5 v2.0 implementation were posted to the
pkcs-tng mailing list using triple DES, DES and RC2 with high iteration pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
counts, several people confirmed that they could decrypt the private counts, several people confirmed that they could decrypt the private
keys produced and Therefore it can be assumed that the PKCS#5 v2.0 keys produced and therefore, it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these implementation is reasonably accurate at least as far as these
algorithms are concerned. algorithms are concerned.
@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/pkeyutl.pod
View File

@ -38,7 +38,7 @@ B<openssl> B<pkeyutl>
=head1 DESCRIPTION =head1 DESCRIPTION
The B<pkeyutl> command can be used to perform low level public key operations The B<pkeyutl> command can be used to perform low-level public key operations
using any supported algorithm. using any supported algorithm.
=head1 OPTIONS =head1 OPTIONS
@ -327,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

8
crypto/openssl/doc/man1/s_client.pod
View File

@ -427,11 +427,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output.
=item B<-nbio_test> =item B<-nbio_test>
Tests non-blocking I/O Tests nonblocking I/O
=item B<-nbio> =item B<-nbio>
Turns on non-blocking I/O Turns on nonblocking I/O
=item B<-crlf> =item B<-crlf>
@ -781,14 +781,14 @@ is that a web client complains it has no certificates or gives an empty
list to choose from. This is normally because the server is not sending list to choose from. This is normally because the server is not sending
the clients certificate authority in its "acceptable CA list" when it the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using B<s_client> the CA list can be viewed requests a certificate. By using B<s_client> the CA list can be viewed
and checked. However some servers only request client authentication and checked. However, some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it after a specific URL is requested. To obtain the list in this case it
is necessary to use the B<-prexit> option and send an HTTP request is necessary to use the B<-prexit> option and send an HTTP request
for an appropriate page. for an appropriate page.
If a certificate is specified on the command line using the B<-cert> If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests option it will not be used unless the server specifically requests
a client certificate. Therefor merely including a client certificate a client certificate. Therefore, merely including a client certificate
on the command line is no guarantee that the certificate works. on the command line is no guarantee that the certificate works.
If there are problems verifying a server certificate then the If there are problems verifying a server certificate then the

6
crypto/openssl/doc/man1/s_server.pod
View File

@ -432,9 +432,9 @@ used in conjunction with B<-early_data>.
=item B<-id_prefix val> =item B<-id_prefix val>
Generate SSL/TLS session IDs prefixed by B<val>. This is mostly useful Generate SSL/TLS session IDs prefixed by B<val>. This is mostly useful
for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
servers, when each of which might be generating a unique range of session servers, when each of which might be generating a unique range of session
IDs (eg. with a certain prefix). IDs (e.g. with a certain prefix).
=item B<-rand file...> =item B<-rand file...>
@ -845,7 +845,7 @@ The
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/s_time.pod
View File

@ -177,14 +177,14 @@ is that a web client complains it has no certificates or gives an empty
list to choose from. This is normally because the server is not sending list to choose from. This is normally because the server is not sending
the clients certificate authority in its "acceptable CA list" when it the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using L<s_client(1)> the CA list can be requests a certificate. By using L<s_client(1)> the CA list can be
viewed and checked. However some servers only request client authentication viewed and checked. However, some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it after a specific URL is requested. To obtain the list in this case it
is necessary to use the B<-prexit> option of L<s_client(1)> and is necessary to use the B<-prexit> option of L<s_client(1)> and
send an HTTP request for an appropriate page. send an HTTP request for an appropriate page.
If a certificate is specified on the command line using the B<-cert> If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests option it will not be used unless the server specifically requests
a client certificate. Therefor merely including a client certificate a client certificate. Therefore, merely including a client certificate
on the command line is no guarantee that the certificate works. on the command line is no guarantee that the certificate works.
=head1 BUGS =head1 BUGS

2
crypto/openssl/doc/man1/sess_id.pod
View File

@ -142,7 +142,7 @@ The PEM encoded session format uses the header and footer lines:
Since the SSL session output contains the master key it is Since the SSL session output contains the master key it is
possible to read the contents of an encrypted session using this possible to read the contents of an encrypted session using this
information. Therefore appropriate security precautions should be taken if information. Therefore, appropriate security precautions should be taken if
the information is being output by a "real" application. This is however the information is being output by a "real" application. This is however
strongly discouraged and should only be used for debugging purposes. strongly discouraged and should only be used for debugging purposes.

94
crypto/openssl/doc/man1/ts.pod
View File

@ -101,23 +101,23 @@ the hash to the TSA.
=item 2. =item 2.
The TSA attaches the current date and time to the received hash value, The TSA attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By signs them and sends the timestamp token back to the client. By
creating this token the TSA certifies the existence of the original creating this token the TSA certifies the existence of the original
data file at the time of response generation. data file at the time of response generation.
=item 3. =item 3.
The TSA client receives the time stamp token and verifies the The TSA client receives the timestamp token and verifies the
signature on it. It also checks if the token contains the same hash signature on it. It also checks if the token contains the same hash
value that it had sent to the TSA. value that it had sent to the TSA.
=back =back
There is one DER encoded protocol data unit defined for transporting a time There is one DER encoded protocol data unit defined for transporting
stamp request to the TSA and one for sending the time stamp response a timestamp request to the TSA and one for sending the timestamp response
back to the client. The B<ts> command has three main functions: back to the client. The B<ts> command has three main functions:
creating a time stamp request based on a data file, creating a timestamp request based on a data file,
creating a time stamp response based on a request, verifying if a creating a timestamp response based on a request, verifying if a
response corresponds to a particular request or a data file. response corresponds to a particular request or a data file.
There is no support for sending the requests/responses automatically There is no support for sending the requests/responses automatically
@ -128,7 +128,7 @@ requests either by ftp or e-mail.
=head2 Time Stamp Request generation =head2 Time Stamp Request generation
The B<-query> switch can be used for creating and printing a time stamp The B<-query> switch can be used for creating and printing a timestamp
request with the following options: request with the following options:
=over 4 =over 4
@ -154,7 +154,7 @@ see L<openssl(1)/COMMAND SUMMARY>.
=item B<-data> file_to_hash =item B<-data> file_to_hash
The data file for which the time stamp request needs to be The data file for which the timestamp request needs to be
created. stdin is the default if neither the B<-data> nor the B<-digest> created. stdin is the default if neither the B<-data> nor the B<-digest>
parameter is specified. (Optional) parameter is specified. (Optional)
@ -175,7 +175,7 @@ The default is SHA-1. (Optional)
=item B<-tspolicy> object_id =item B<-tspolicy> object_id
The policy that the client expects the TSA to use for creating the The policy that the client expects the TSA to use for creating the
time stamp token. Either the dotted OID notation or OID names defined timestamp token. Either the dotted OID notation or OID names defined
in the config file can be used. If no policy is requested the TSA will in the config file can be used. If no policy is requested the TSA will
use its own default policy. (Optional) use its own default policy. (Optional)
@ -193,7 +193,7 @@ response. (Optional)
=item B<-in> request.tsq =item B<-in> request.tsq
This option specifies a previously created time stamp request in DER This option specifies a previously created timestamp request in DER
format that will be printed into the output file. Useful when you need format that will be printed into the output file. Useful when you need
to examine the content of a request in human-readable to examine the content of a request in human-readable
format. (Optional) format. (Optional)
@ -212,13 +212,13 @@ instead of DER. (Optional)
=head2 Time Stamp Response generation =head2 Time Stamp Response generation
A time stamp response (TimeStampResp) consists of a response status A timestamp response (TimeStampResp) consists of a response status
and the time stamp token itself (ContentInfo), if the token generation was and the timestamp token itself (ContentInfo), if the token generation was
successful. The B<-reply> command is for creating a time stamp successful. The B<-reply> command is for creating a timestamp
response or time stamp token based on a request and printing the response or timestamp token based on a request and printing the
response/token in human-readable format. If B<-token_out> is not response/token in human-readable format. If B<-token_out> is not
specified the output is always a time stamp response (TimeStampResp), specified the output is always a timestamp response (TimeStampResp),
otherwise it is a time stamp token (ContentInfo). otherwise it is a timestamp token (ContentInfo).
=over 4 =over 4
@ -237,7 +237,7 @@ used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional)
=item B<-queryfile> request.tsq =item B<-queryfile> request.tsq
The name of the file containing a DER encoded time stamp request. (Optional) The name of the file containing a DER encoded timestamp request. (Optional)
=item B<-passin> password_src =item B<-passin> password_src
@ -282,19 +282,19 @@ B<default_policy> config file option. (Optional)
=item B<-in> response.tsr =item B<-in> response.tsr
Specifies a previously created time stamp response or time stamp token Specifies a previously created timestamp response or timestamp token
(if B<-token_in> is also specified) in DER format that will be written (if B<-token_in> is also specified) in DER format that will be written
to the output file. This option does not require a request, it is to the output file. This option does not require a request, it is
useful e.g. when you need to examine the content of a response or useful e.g. when you need to examine the content of a response or
token or you want to extract the time stamp token from a response. If token or you want to extract the timestamp token from a response. If
the input is a token and the output is a time stamp response a default the input is a token and the output is a timestamp response a default
'granted' status info is added to the token. (Optional) 'granted' status info is added to the token. (Optional)
=item B<-token_in> =item B<-token_in>
This flag can be used together with the B<-in> option and indicates This flag can be used together with the B<-in> option and indicates
that the input is a DER encoded time stamp token (ContentInfo) instead that the input is a DER encoded timestamp token (ContentInfo) instead
of a time stamp response (TimeStampResp). (Optional) of a timestamp response (TimeStampResp). (Optional)
=item B<-out> response.tsr =item B<-out> response.tsr
@ -304,7 +304,7 @@ stdout. (Optional)
=item B<-token_out> =item B<-token_out>
The output is a time stamp token (ContentInfo) instead of time stamp The output is a timestamp token (ContentInfo) instead of timestamp
response (TimeStampResp). (Optional) response (TimeStampResp). (Optional)
=item B<-text> =item B<-text>
@ -323,8 +323,8 @@ for all available algorithms. Default is builtin. (Optional)
=head2 Time Stamp Response verification =head2 Time Stamp Response verification
The B<-verify> command is for verifying if a time stamp response or time The B<-verify> command is for verifying if a timestamp response or
stamp token is valid and matches a particular time stamp request or timestamp token is valid and matches a particular timestamp request or
data file. The B<-verify> command does not use the configuration file. data file. The B<-verify> command does not use the configuration file.
=over 4 =over 4
@ -345,18 +345,18 @@ specified with this one. (Optional)
=item B<-queryfile> request.tsq =item B<-queryfile> request.tsq
The original time stamp request in DER format. The B<-data> and B<-digest> The original timestamp request in DER format. The B<-data> and B<-digest>
options must not be specified with this one. (Optional) options must not be specified with this one. (Optional)
=item B<-in> response.tsr =item B<-in> response.tsr
The time stamp response that needs to be verified in DER format. (Mandatory) The timestamp response that needs to be verified in DER format. (Mandatory)
=item B<-token_in> =item B<-token_in>
This flag can be used together with the B<-in> option and indicates This flag can be used together with the B<-in> option and indicates
that the input is a DER encoded time stamp token (ContentInfo) instead that the input is a DER encoded timestamp token (ContentInfo) instead
of a time stamp response (TimeStampResp). (Optional) of a timestamp response (TimeStampResp). (Optional)
=item B<-CApath> trusted_cert_path =item B<-CApath> trusted_cert_path
@ -430,7 +430,7 @@ See L<ca(1)> for description. (Optional)
=item B<serial> =item B<serial>
The name of the file containing the hexadecimal serial number of the The name of the file containing the hexadecimal serial number of the
last time stamp response created. This number is incremented by 1 for last timestamp response created. This number is incremented by 1 for
each response. If the file does not exist at the time of response each response. If the file does not exist at the time of response
generation a new file is created with serial number 1. (Mandatory) generation a new file is created with serial number 1. (Mandatory)
@ -487,7 +487,7 @@ the components is missing zero is assumed for that field. (Optional)
=item B<clock_precision_digits> =item B<clock_precision_digits>
Specifies the maximum number of digits, which represent the fraction of Specifies the maximum number of digits, which represent the fraction of
seconds, that need to be included in the time field. The trailing zeroes seconds, that need to be included in the time field. The trailing zeros
must be removed from the time, so there might actually be fewer digits, must be removed from the time, so there might actually be fewer digits,
or no fraction of seconds at all. Supported only on UNIX platforms. or no fraction of seconds at all. Supported only on UNIX platforms.
The maximum value is 6, default is 0. The maximum value is 6, default is 0.
@ -530,13 +530,13 @@ openssl/apps/openssl.cnf will do.
=head2 Time Stamp Request =head2 Time Stamp Request
To create a time stamp request for design1.txt with SHA-1 To create a timestamp request for design1.txt with SHA-1
without nonce and policy and no certificate is required in the response: without nonce and policy and no certificate is required in the response:
openssl ts -query -data design1.txt -no_nonce \ openssl ts -query -data design1.txt -no_nonce \
-out design1.tsq -out design1.tsq
To create a similar time stamp request with specifying the message imprint To create a similar timestamp request with specifying the message imprint
explicitly: explicitly:
openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
@ -546,7 +546,7 @@ To print the content of the previous request in human readable format:
openssl ts -query -in design1.tsq -text openssl ts -query -in design1.tsq -text
To create a time stamp request which includes the MD-5 digest To create a timestamp request which includes the MD-5 digest
of design2.txt, requests the signer certificate and nonce, of design2.txt, requests the signer certificate and nonce,
specifies a policy id (assuming the tsa_policy1 name is defined in the specifies a policy id (assuming the tsa_policy1 name is defined in the
OID section of the config file): OID section of the config file):
@ -568,7 +568,7 @@ below assume that cacert.pem contains the certificate of the CA,
tsacert.pem is the signing certificate issued by cacert.pem and tsacert.pem is the signing certificate issued by cacert.pem and
tsakey.pem is the private key of the TSA. tsakey.pem is the private key of the TSA.
To create a time stamp response for a request: To create a timestamp response for a request:
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \ openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
-signer tsacert.pem -out design1.tsr -signer tsacert.pem -out design1.tsr
@ -577,44 +577,44 @@ If you want to use the settings in the config file you could just write:
openssl ts -reply -queryfile design1.tsq -out design1.tsr openssl ts -reply -queryfile design1.tsq -out design1.tsr
To print a time stamp reply to stdout in human readable format: To print a timestamp reply to stdout in human readable format:
openssl ts -reply -in design1.tsr -text openssl ts -reply -in design1.tsr -text
To create a time stamp token instead of time stamp response: To create a timestamp token instead of timestamp response:
openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
To print a time stamp token to stdout in human readable format: To print a timestamp token to stdout in human readable format:
openssl ts -reply -in design1_token.der -token_in -text -token_out openssl ts -reply -in design1_token.der -token_in -text -token_out
To extract the time stamp token from a response: To extract the timestamp token from a response:
openssl ts -reply -in design1.tsr -out design1_token.der -token_out openssl ts -reply -in design1.tsr -out design1_token.der -token_out
To add 'granted' status info to a time stamp token thereby creating a To add 'granted' status info to a timestamp token thereby creating a
valid response: valid response:
openssl ts -reply -in design1_token.der -token_in -out design1.tsr openssl ts -reply -in design1_token.der -token_in -out design1.tsr
=head2 Time Stamp Verification =head2 Time Stamp Verification
To verify a time stamp reply against a request: To verify a timestamp reply against a request:
openssl ts -verify -queryfile design1.tsq -in design1.tsr \ openssl ts -verify -queryfile design1.tsq -in design1.tsr \
-CAfile cacert.pem -untrusted tsacert.pem -CAfile cacert.pem -untrusted tsacert.pem
To verify a time stamp reply that includes the certificate chain: To verify a timestamp reply that includes the certificate chain:
openssl ts -verify -queryfile design2.tsq -in design2.tsr \ openssl ts -verify -queryfile design2.tsq -in design2.tsr \
-CAfile cacert.pem -CAfile cacert.pem
To verify a time stamp token against the original data file: To verify a timestamp token against the original data file:
openssl ts -verify -data design2.txt -in design2.tsr \ openssl ts -verify -data design2.txt -in design2.tsr \
-CAfile cacert.pem -CAfile cacert.pem
To verify a time stamp token against a message imprint: To verify a timestamp token against a message imprint:
openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-in design2.tsr -CAfile cacert.pem -in design2.tsr -CAfile cacert.pem
@ -628,7 +628,7 @@ You could also look at the 'test' directory for more examples.
=item * =item *
No support for time stamps over SMTP, though it is quite easy No support for timestamps over SMTP, though it is quite easy
to implement an automatic e-mail based TSA with L<procmail(1)> to implement an automatic e-mail based TSA with L<procmail(1)>
and L<perl(1)>. HTTP server support is provided in the form of and L<perl(1)>. HTTP server support is provided in the form of
a separate apache module. HTTP client support is provided by a separate apache module. HTTP client support is provided by
@ -638,7 +638,7 @@ L<tsget(1)>. Pure TCP/IP protocol is not supported.
The file containing the last serial number of the TSA is not The file containing the last serial number of the TSA is not
locked when being read or written. This is a problem if more than one locked when being read or written. This is a problem if more than one
instance of L<openssl(1)> is trying to create a time stamp instance of L<openssl(1)> is trying to create a timestamp
response at the same time. This is not an issue when using the apache response at the same time. This is not an issue when using the apache
server module, it does proper locking. server module, it does proper locking.
@ -665,7 +665,7 @@ L<config(5)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

30
crypto/openssl/doc/man1/tsget.pod
View File

@ -24,15 +24,15 @@ B<-h> server_url
=head1 DESCRIPTION =head1 DESCRIPTION
The B<tsget> command can be used for sending a time stamp request, as The B<tsget> command can be used for sending a timestamp request, as
specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing specified in B<RFC 3161>, to a timestamp server over HTTP or HTTPS and storing
the time stamp response in a file. This tool cannot be used for creating the the timestamp response in a file. This tool cannot be used for creating the
requests and verifying responses, you can use the OpenSSL B<ts(1)> command to requests and verifying responses, you can use the OpenSSL B<ts(1)> command to
do that. B<tsget> can send several requests to the server without closing do that. B<tsget> can send several requests to the server without closing
the TCP connection if more than one requests are specified on the command the TCP connection if more than one requests are specified on the command
line. line.
The tool sends the following HTTP request for each time stamp request: The tool sends the following HTTP request for each timestamp request:
POST url HTTP/1.1 POST url HTTP/1.1
User-Agent: OpenTSA tsget.pl/<version> User-Agent: OpenTSA tsget.pl/<version>
@ -53,7 +53,7 @@ written to a file without any interpretation.
=item B<-h> server_url =item B<-h> server_url
The URL of the HTTP/HTTPS server listening for time stamp requests. The URL of the HTTP/HTTPS server listening for timestamp requests.
=item B<-e> extension =item B<-e> extension
@ -64,8 +64,8 @@ the input files. Default extension is '.tsr'. (Optional)
=item B<-o> output =item B<-o> output
This option can be specified only when just one request is sent to the This option can be specified only when just one request is sent to the
server. The time stamp response will be written to the given output file. '-' server. The timestamp response will be written to the given output file. '-'
means standard output. In case of multiple time stamp requests or the absence means standard output. In case of multiple timestamp requests or the absence
of this argument the names of the output files will be derived from the names of this argument the names of the output files will be derived from the names
of the input files and the default or specified extension argument. (Optional) of the input files and the default or specified extension argument. (Optional)
@ -124,7 +124,7 @@ The name of an EGD socket to get random data from. (Optional)
=item [request]... =item [request]...
List of files containing B<RFC 3161> DER-encoded time stamp requests. If no List of files containing B<RFC 3161> DER-encoded timestamp requests. If no
requests are specified only one request will be sent to the server and it will be requests are specified only one request will be sent to the server and it will be
read from the standard input. (Optional) read from the standard input. (Optional)
@ -139,35 +139,35 @@ arguments.
=head1 EXAMPLES =head1 EXAMPLES
The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid
time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
absolute path. absolute path.
Get a time stamp response for file1.tsq over HTTP, output is written to Get a timestamp response for file1.tsq over HTTP, output is written to
file1.tsr: file1.tsr:
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
Get a time stamp response for file1.tsq and file2.tsq over HTTP showing Get a timestamp response for file1.tsq and file2.tsq over HTTP showing
progress, output is written to file1.reply and file2.reply respectively: progress, output is written to file1.reply and file2.reply respectively:
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \ tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
file1.tsq file2.tsq file1.tsq file2.tsq
Create a time stamp request, write it to file3.tsq, send it to the server and Create a timestamp request, write it to file3.tsq, send it to the server and
write the response to file3.tsr: write the response to file3.tsr:
openssl ts -query -data file3.txt -cert | tee file3.tsq \ openssl ts -query -data file3.txt -cert | tee file3.tsq \
| tsget -h http://tsa.opentsa.org:8080/tsa \ | tsget -h http://tsa.opentsa.org:8080/tsa \
-o file3.tsr -o file3.tsr
Get a time stamp response for file1.tsq over HTTPS without client Get a timestamp response for file1.tsq over HTTPS without client
authentication: authentication:
tsget -h https://tsa.opentsa.org:8443/tsa \ tsget -h https://tsa.opentsa.org:8443/tsa \
-C cacerts.pem file1.tsq -C cacerts.pem file1.tsq
Get a time stamp response for file1.tsq over HTTPS with certificate-based Get a timestamp response for file1.tsq over HTTPS with certificate-based
client authentication (it will ask for the passphrase if client_key.pem is client authentication (it will ask for the passphrase if client_key.pem is
protected): protected):
@ -192,7 +192,7 @@ B<RFC 3161>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

11
crypto/openssl/doc/man1/verify.pod
View File

@ -98,8 +98,11 @@ current system time. B<timestamp> is the number of seconds since
=item B<-check_ss_sig> =item B<-check_ss_sig>
Verify the signature on the self-signed root CA. This is disabled by default Verify the signature of
because it doesn't add any security. the last certificate in a chain if the certificate is supposedly self-signed.
This is prohibited and will result in an error if it is a non-conforming CA
certificate with key usage restrictions not including the keyCertSign bit.
This verification is disabled by default because it doesn't add any security.
=item B<-CRLfile file> =item B<-CRLfile file>
@ -333,7 +336,7 @@ in PEM format.
=head1 VERIFY OPERATION =head1 VERIFY OPERATION
The B<verify> program uses the same functions as the internal SSL and S/MIME The B<verify> program uses the same functions as the internal SSL and S/MIME
verification, therefore this description applies to these verify operations verification, therefore, this description applies to these verify operations
too. too.
There is one crucial difference between the verify operations performed There is one crucial difference between the verify operations performed
@ -769,7 +772,7 @@ is silently ignored.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

2
crypto/openssl/doc/man1/x509.pod
View File

@ -255,7 +255,7 @@ Prints out the start and expiry dates of a certificate.
=item B<-checkend arg> =item B<-checkend arg>
Checks if the certificate expires within the next B<arg> seconds and exits Checks if the certificate expires within the next B<arg> seconds and exits
non-zero if yes it will expire or zero if not. nonzero if yes it will expire or zero if not.
=item B<-fingerprint> =item B<-fingerprint>

4
crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
View File

@ -81,7 +81,7 @@ instead.
In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an
integer of almost arbitrary size and so cannot always be represented by a C integer of almost arbitrary size and so cannot always be represented by a C
B<int64_t> type. However in many cases (for example version numbers) they B<int64_t> type. However, in many cases (for example version numbers) they
represent small integers which can be more easily manipulated if converted to represent small integers which can be more easily manipulated if converted to
an appropriate C integer type. an appropriate C integer type.
@ -123,7 +123,7 @@ were added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/ASN1_STRING_length.pod
View File

@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data()
is null terminated or does not contain embedded nulls. The actual format is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example of the data will depend on the actual string type itself: for example
for an IA5String the data will be ASCII, for a BMPString two bytes per for an IA5String the data will be ASCII, for a BMPString two bytes per
character in big endian format, and for an UTF8String it will be in UTF8 format. character in big endian format, and for a UTF8String it will be in UTF8 format.
Similar care should be take to ensure the data is in the correct format Similar care should be take to ensure the data is in the correct format
when calling ASN1_STRING_set(). when calling ASN1_STRING_set().
@ -103,7 +103,7 @@ L<ERR_get_error(3)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/ASN1_TIME_set.pod
View File

@ -117,7 +117,7 @@ one or both (depending on the time difference) of B<*pday> and B<*psec>
will be positive. If B<to> represents a time earlier than B<from> then will be positive. If B<to> represents a time earlier than B<from> then
one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from> one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from>
represent the same time then B<*pday> and B<*psec> will both be zero. represent the same time then B<*pday> and B<*psec> will both be zero.
If both B<*pday> and B<*psec> are non-zero they will always have the same If both B<*pday> and B<*psec> are nonzero they will always have the same
sign. The value of B<*psec> will always be less than the number of seconds sign. The value of B<*psec> will always be less than the number of seconds
in a day. If B<from> or B<to> is NULL the current time is used. in a day. If B<from> or B<to> is NULL the current time is used.
@ -167,7 +167,7 @@ format.
=head1 BUGS =head1 BUGS
ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print()
do not print out the time zone: it either prints out "GMT" or nothing. But all do not print out the timezone: it either prints out "GMT" or nothing. But all
certificates complying with RFC5280 et al use GMT anyway. certificates complying with RFC5280 et al use GMT anyway.
Use the ASN1_TIME_normalize() function to normalize the time value before Use the ASN1_TIME_normalize() function to normalize the time value before
@ -248,7 +248,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

10
crypto/openssl/doc/man3/ASN1_TYPE_get.pod
View File

@ -33,7 +33,7 @@ up after the call.
ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>. ASN1_TYPE_set1() sets the value of B<a> to B<type> a copy of B<value>.
ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if ASN1_TYPE_cmp() compares ASN.1 types B<a> and B<b> and returns 0 if
they are identical and non-zero otherwise. they are identical and nonzero otherwise.
ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in ASN1_TYPE_unpack_sequence() attempts to parse the SEQUENCE present in
B<t> using the ASN.1 structure B<it>. If successful it returns a pointer B<t> using the ASN.1 structure B<it>. If successful it returns a pointer
@ -62,12 +62,12 @@ length octets).
ASN1_TYPE_cmp() may not return zero if two types are equivalent but have ASN1_TYPE_cmp() may not return zero if two types are equivalent but have
different encodings. For example the single content octet of the boolean TRUE different encodings. For example the single content octet of the boolean TRUE
value under BER can have any non-zero encoding but ASN1_TYPE_cmp() will value under BER can have any nonzero encoding but ASN1_TYPE_cmp() will
only return zero if the values are the same. only return zero if the values are the same.
If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
return value is non-zero. Technically if both parameters are NULL the two return value is nonzero. Technically if both parameters are NULL the two
types could be absent OPTIONAL fields and so should match, however passing types could be absent OPTIONAL fields and so should match, however, passing
NULL values could also indicate a programming error (for example an NULL values could also indicate a programming error (for example an
unparsable type which returns NULL) for types which do B<not> match. So unparsable type which returns NULL) for types which do B<not> match. So
applications should handle the case of two absent values separately. applications should handle the case of two absent values separately.
@ -80,7 +80,7 @@ ASN1_TYPE_set() does not return a value.
ASN1_TYPE_set1() returns 1 for success and 0 for failure. ASN1_TYPE_set1() returns 1 for success and 0 for failure.
ASN1_TYPE_cmp() returns 0 if the types are identical and non-zero otherwise. ASN1_TYPE_cmp() returns 0 if the types are identical and nonzero otherwise.
ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or ASN1_TYPE_unpack_sequence() returns a pointer to an ASN.1 structure or
NULL on failure. NULL on failure.

6
crypto/openssl/doc/man3/ASYNC_WAIT_CTX_new.pod
View File

@ -50,7 +50,7 @@ job in B<*fd>. The number of file descriptors returned will be stored in
B<*numfds>. It is the caller's responsibility to ensure that sufficient memory B<*numfds>. It is the caller's responsibility to ensure that sufficient memory
has been allocated in B<*fd> to receive all the file descriptors. Calling has been allocated in B<*fd> to receive all the file descriptors. Calling
ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file ASYNC_WAIT_CTX_get_all_fds() with a NULL B<fd> value will return no file
descriptors but will still populate B<*numfds>. Therefore application code is descriptors but will still populate B<*numfds>. Therefore, application code is
typically expected to call this function twice: once to get the number of fds, typically expected to call this function twice: once to get the number of fds,
and then again when sufficient memory has been allocated. If only one and then again when sufficient memory has been allocated. If only one
asynchronous engine is being used then normally this call will only ever return asynchronous engine is being used then normally this call will only ever return
@ -117,7 +117,7 @@ success or 0 on error.
On Windows platforms the openssl/async.h header is dependent on some On Windows platforms the openssl/async.h header is dependent on some
of the types customarily made available by including windows.h. The of the types customarily made available by including windows.h. The
application developer is likely to require control over when the latter application developer is likely to require control over when the latter
is included, commonly as one of the first included headers. Therefore is included, commonly as one of the first included headers. Therefore,
it is defined as an application developer's responsibility to include it is defined as an application developer's responsibility to include
windows.h prior to async.h. windows.h prior to async.h.
@ -134,7 +134,7 @@ were added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/ASYNC_start_job.pod
View File

@ -166,7 +166,7 @@ otherwise.
On Windows platforms the openssl/async.h header is dependent on some On Windows platforms the openssl/async.h header is dependent on some
of the types customarily made available by including windows.h. The of the types customarily made available by including windows.h. The
application developer is likely to require control over when the latter application developer is likely to require control over when the latter
is included, commonly as one of the first included headers. Therefore is included, commonly as one of the first included headers. Therefore,
it is defined as an application developer's responsibility to include it is defined as an application developer's responsibility to include
windows.h prior to async.h. windows.h prior to async.h.
@ -321,7 +321,7 @@ added in OpenSSL 1.1.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/BF_encrypt.pod
View File

@ -60,7 +60,7 @@ recipient needs to know what it was initialized with, or it won't be able
to decrypt. Some programs and protocols simplify this, like SSH, where to decrypt. Some programs and protocols simplify this, like SSH, where
B<ivec> is simply initialized to zero. B<ivec> is simply initialized to zero.
BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt a variable
number of bytes (the amount does not have to be an exact multiple of 8). The number of bytes (the amount does not have to be an exact multiple of 8). The
purpose of the latter two is to simulate stream ciphers, and therefore, they purpose of the latter two is to simulate stream ciphers, and therefore, they
need the parameter B<num>, which is a pointer to an integer where the current need the parameter B<num>, which is a pointer to an integer where the current
@ -109,7 +109,7 @@ L<des_modes(7)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/BIO_ADDR.pod
View File

@ -42,7 +42,7 @@ BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new().
BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets
it back to an uninitialised state. it back to an uninitialised state.
BIO_ADDR_rawmake() takes a protocol B<family>, an byte array of BIO_ADDR_rawmake() takes a protocol B<family>, a byte array of
size B<wherelen> with an address in network byte order pointed at size B<wherelen> with an address in network byte order pointed at
by B<where> and a port number in network byte order in B<port> (except by B<where> and a port number in network byte order in B<port> (except
for the B<AF_UNIX> protocol family, where B<port> is meaningless and for the B<AF_UNIX> protocol family, where B<port> is meaningless and
@ -115,7 +115,7 @@ L<BIO_connect(3)>, L<BIO_s_connect(3)>
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/BIO_ADDRINFO.pod
View File

@ -94,7 +94,7 @@ information they should return isn't available.
The BIO_lookup_ex() implementation uses the platform provided getaddrinfo() The BIO_lookup_ex() implementation uses the platform provided getaddrinfo()
function. On Linux it is known that specifying 0 for the protocol will not function. On Linux it is known that specifying 0 for the protocol will not
return any SCTP based addresses when calling getaddrinfo(). Therefore if an SCTP return any SCTP based addresses when calling getaddrinfo(). Therefore, if an SCTP
address is required then the B<protocol> parameter to BIO_lookup_ex() should be address is required then the B<protocol> parameter to BIO_lookup_ex() should be
explicitly set to IPPROTO_SCTP. The same may be true on other platforms. explicitly set to IPPROTO_SCTP. The same may be true on other platforms.
@ -104,7 +104,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy

Some files were not shown because too many files have changed in this diff Show More