Import OpenSSL 1.1.1g.
This commit is contained in:
parent
b6cfecdc04
commit
65aa3028e5
21
CHANGES
21
CHANGES
@ -7,6 +7,27 @@
|
||||
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||
release branch.
|
||||
|
||||
Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
|
||||
|
||||
*) Fixed segmentation fault in SSL_check_chain()
|
||||
Server or client applications that call the SSL_check_chain() function
|
||||
during or after a TLS 1.3 handshake may crash due to a NULL pointer
|
||||
dereference as a result of incorrect handling of the
|
||||
"signature_algorithms_cert" TLS extension. The crash occurs if an invalid
|
||||
or unrecognised signature algorithm is received from the peer. This could
|
||||
be exploited by a malicious peer in a Denial of Service attack.
|
||||
(CVE-2020-1967)
|
||||
[Benjamin Kaduk]
|
||||
|
||||
*) Added AES consttime code for no-asm configurations
|
||||
an optional constant time support for AES was added
|
||||
when building openssl for no-asm.
|
||||
Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
|
||||
Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
|
||||
At this time this feature is by default disabled.
|
||||
It will be enabled by default in 3.0.
|
||||
[Bernd Edlinger]
|
||||
|
||||
Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
|
||||
|
||||
*) Revert the change of EOF detection while reading in libssl to avoid
|
||||
|
@ -11,7 +11,7 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
|
||||
# Xlist
|
||||
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
|
||||
setenv FSVN "svn+ssh://repo.freebsd.org/base"
|
||||
setenv OSSLVER 1.1.1e
|
||||
setenv OSSLVER 1.1.1g
|
||||
|
||||
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
|
||||
|
||||
|
6
INSTALL
6
INSTALL
@ -535,9 +535,9 @@
|
||||
conjunction with the "-DPEDANTIC" option (or the
|
||||
--strict-warnings option).
|
||||
|
||||
no-ui
|
||||
Don't build with the "UI" capability (i.e. the set of
|
||||
features enabling text based prompts).
|
||||
no-ui-console
|
||||
Don't build with the "UI" console method (i.e. the "UI"
|
||||
method that enables text based console prompts).
|
||||
|
||||
enable-unit-test
|
||||
Enable additional unit test APIs. This should not typically
|
||||
|
4
NEWS
4
NEWS
@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
|
||||
|
||||
o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
|
||||
|
||||
Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
|
||||
|
||||
o Revert the unexpected EOF reporting via SSL_ERROR_SSL
|
||||
|
2
README
2
README
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.1.1f 31 Mar 2020
|
||||
OpenSSL 1.1.1g 21 Apr 2020
|
||||
|
||||
Copyright (c) 1998-2020 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
@ -1,16 +1,17 @@
|
||||
{- our @apps_openssl_src =
|
||||
qw(openssl.c
|
||||
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c
|
||||
dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c
|
||||
genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c
|
||||
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c
|
||||
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c
|
||||
enc.c errstr.c
|
||||
genpkey.c nseq.c passwd.c pkcs7.c pkcs8.c
|
||||
pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c
|
||||
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
|
||||
srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
|
||||
verify.c version.c x509.c rehash.c storeutl.c);
|
||||
our @apps_lib_src =
|
||||
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
|
||||
split(/\s+/, $target{apps_aux_src}) );
|
||||
our @apps_init_src = split(/\s+/, $target{apps_init_src});
|
||||
"" -}
|
||||
|
||||
IF[{- !$disabled{apps} -}]
|
||||
LIBS_NO_INST=libapps.a
|
||||
SOURCE[libapps.a]={- join(" ", @apps_lib_src) -}
|
||||
@ -21,11 +22,51 @@ IF[{- !$disabled{apps} -}]
|
||||
SOURCE[openssl]={- join(" ", @apps_openssl_src) -}
|
||||
INCLUDE[openssl]=.. ../include
|
||||
DEPEND[openssl]=libapps.a ../libssl
|
||||
|
||||
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
|
||||
IF[{- !$disabled{'des'} -}]
|
||||
SOURCE[openssl]=pkcs12.c
|
||||
DEPEND[pkcs12.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'ec'} -}]
|
||||
SOURCE[openssl]=ec.c ecparam.c
|
||||
DEPEND[ec.o]=progs.h
|
||||
DEPEND[ecparam.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'ocsp'} -}]
|
||||
SOURCE[openssl]=ocsp.c
|
||||
DEPEND[ocsp.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'srp'} -}]
|
||||
SOURCE[openssl]=srp.c
|
||||
DEPEND[srp.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'ts'} -}]
|
||||
SOURCE[openssl]=ts.c
|
||||
DEPEND[ts.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'dh'} -}]
|
||||
SOURCE[openssl]=dhparam.c
|
||||
DEPEND[dhparam.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'dsa'} -}]
|
||||
SOURCE[openssl]=dsa.c dsaparam.c gendsa.c
|
||||
DEPEND[dsa.o]=progs.h
|
||||
DEPEND[dsaparam.o]=progs.h
|
||||
DEPEND[gendsa.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'engine'} -}]
|
||||
SOURCE[openssl]=engine.c
|
||||
DEPEND[engine.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- !$disabled{'rsa'} -}]
|
||||
SOURCE[openssl]=rsa.c rsautl.c genrsa.c
|
||||
DEPEND[rsa.o]=progs.h
|
||||
DEPEND[rsautl.o]=progs.h
|
||||
DEPEND[genrsa.o]=progs.h
|
||||
ENDIF
|
||||
IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-)/ -}]
|
||||
GENERATE[openssl.rc]=../util/mkrc.pl openssl
|
||||
SOURCE[openssl]=openssl.rc
|
||||
ENDIF
|
||||
ENDIF
|
||||
|
||||
{- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" }
|
||||
@apps_openssl_src) -}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,28 +8,24 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DH
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dh.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
# include <openssl/dsa.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
# define DEFBITS 2048
|
||||
#define DEFBITS 2048
|
||||
|
||||
static int dh_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
@ -56,13 +52,13 @@ const OPTIONS dhparam_options[] = {
|
||||
{"C", OPT_C, '-', "Print C code"},
|
||||
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
|
||||
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
{"dsaparam", OPT_DSAPARAM, '-',
|
||||
"Read or generate DSA parameters, convert to DH"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -146,13 +142,13 @@ int dhparam_main(int argc, char **argv)
|
||||
if (g && !num)
|
||||
num = DEFBITS;
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam && g) {
|
||||
BIO_printf(bio_err,
|
||||
"generator may not be chosen for DSA parameters\n");
|
||||
goto end;
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
out = bio_open_default(outfile, 'w', outformat);
|
||||
if (out == NULL)
|
||||
@ -173,7 +169,7 @@ int dhparam_main(int argc, char **argv)
|
||||
|
||||
BN_GENCB_set(cb, dh_cb, bio_err);
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa = DSA_new();
|
||||
|
||||
@ -196,7 +192,7 @@ int dhparam_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
#endif
|
||||
{
|
||||
dh = DH_new();
|
||||
BIO_printf(bio_err,
|
||||
@ -217,7 +213,7 @@ int dhparam_main(int argc, char **argv)
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
if (dsaparam) {
|
||||
DSA *dsa;
|
||||
|
||||
@ -239,7 +235,7 @@ int dhparam_main(int argc, char **argv)
|
||||
goto end;
|
||||
}
|
||||
} else
|
||||
# endif
|
||||
#endif
|
||||
{
|
||||
if (informat == FORMAT_ASN1) {
|
||||
/*
|
||||
@ -376,4 +372,3 @@ static int dh_cb(int p, int n, BN_GENCB *cb)
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
49
apps/dsa.c
49
apps/dsa.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,23 +8,19 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <time.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/bn.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -49,14 +45,14 @@ const OPTIONS dsa_options[] = {
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
|
||||
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
|
||||
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -71,9 +67,9 @@ int dsa_main(int argc, char **argv)
|
||||
OPTION_CHOICE o;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
|
||||
int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
# ifndef OPENSSL_NO_RC4
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
int pvk_encr = 2;
|
||||
# endif
|
||||
#endif
|
||||
int private = 0;
|
||||
|
||||
prog = opt_init(argc, argv, dsa_options);
|
||||
@ -214,7 +210,7 @@ int dsa_main(int argc, char **argv)
|
||||
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
|
||||
NULL, 0, NULL, passout);
|
||||
}
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
#ifndef OPENSSL_NO_RSA
|
||||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
|
||||
EVP_PKEY *pk;
|
||||
pk = EVP_PKEY_new();
|
||||
@ -243,7 +239,7 @@ int dsa_main(int argc, char **argv)
|
||||
i = i2b_PrivateKey_bio(out, pk);
|
||||
}
|
||||
EVP_PKEY_free(pk);
|
||||
# endif
|
||||
#endif
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
@ -262,4 +258,3 @@ int dsa_main(int argc, char **argv)
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,22 +8,18 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
static int dsa_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
@ -44,9 +40,9 @@ const OPTIONS dsaparam_options[] = {
|
||||
{"noout", OPT_NOOUT, '-', "No output"},
|
||||
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -255,4 +251,3 @@ static int dsa_cb(int p, int n, BN_GENCB *cb)
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
29
apps/ec.c
29
apps/ec.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,19 +8,15 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_EC
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/pem.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
static OPT_PAIR conv_forms[] = {
|
||||
{"compressed", POINT_CONVERSION_COMPRESSED},
|
||||
@ -62,9 +58,9 @@ const OPTIONS ec_options[] = {
|
||||
"Specifies the way the ec parameters are encoded"},
|
||||
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -280,4 +276,3 @@ int ec_main(int argc, char **argv)
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -9,22 +9,18 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_EC
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <time.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/ec.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -55,9 +51,9 @@ const OPTIONS ecparam_options[] = {
|
||||
"Specifies the way the ec parameters are encoded"},
|
||||
{"genkey", OPT_GENKEY, '-', "Generate ec key"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -446,5 +442,3 @@ int ecparam_main(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,19 +8,15 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_ENGINE
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/ssl.h>
|
||||
# include <openssl/store.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/store.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -486,4 +482,3 @@ int engine_main(int argc, char **argv)
|
||||
BIO_free_all(out);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,22 +8,18 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <string.h>
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/dsa.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -39,9 +35,9 @@ const OPTIONS gendsa_options[] = {
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -143,4 +139,3 @@ int gendsa_main(int argc, char **argv)
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,27 +8,23 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
# include <stdio.h>
|
||||
# include <string.h>
|
||||
# include <sys/types.h>
|
||||
# include <sys/stat.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/rsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rand.h>
|
||||
|
||||
# define DEFBITS 2048
|
||||
# define DEFPRIMES 2
|
||||
#define DEFBITS 2048
|
||||
#define DEFPRIMES 2
|
||||
|
||||
static int genrsa_cb(int p, int n, BN_GENCB *cb);
|
||||
|
||||
@ -48,9 +44,9 @@ const OPTIONS genrsa_options[] = {
|
||||
OPT_R_OPTIONS,
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{"primes", OPT_PRIMES, 'p', "Specify number of primes"},
|
||||
{NULL}
|
||||
};
|
||||
@ -198,4 +194,3 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb)
|
||||
(void)BIO_flush(BN_GENCB_get_arg(cb));
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
123
apps/ocsp.c
123
apps/ocsp.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -9,48 +9,45 @@
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
|
||||
#ifdef OPENSSL_NO_OCSP
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
|
||||
* on OpenVMS */
|
||||
# endif
|
||||
#endif
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <time.h>
|
||||
# include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <ctype.h>
|
||||
|
||||
/* Needs to be included before the openssl headers */
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include "internal/sockets.h"
|
||||
# include <openssl/e_os2.h>
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/ssl.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/bn.h>
|
||||
# include <openssl/x509v3.h>
|
||||
# include <openssl/rand.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include "internal/sockets.h"
|
||||
#include <openssl/e_os2.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#ifndef HAVE_FORK
|
||||
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
|
||||
#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
|
||||
# define HAVE_FORK 0
|
||||
# else
|
||||
#else
|
||||
# define HAVE_FORK 1
|
||||
# endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if HAVE_FORK
|
||||
# undef NO_FORK
|
||||
#undef NO_FORK
|
||||
#else
|
||||
# define NO_FORK
|
||||
#define NO_FORK
|
||||
#endif
|
||||
|
||||
# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
|
||||
#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
|
||||
&& !defined(OPENSSL_NO_POSIX_IO)
|
||||
# define OCSP_DAEMON
|
||||
# include <sys/types.h>
|
||||
@ -58,16 +55,16 @@ NON_EMPTY_TRANSLATION_UNIT
|
||||
# include <syslog.h>
|
||||
# include <signal.h>
|
||||
# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
|
||||
# else
|
||||
#else
|
||||
# undef LOG_INFO
|
||||
# undef LOG_WARNING
|
||||
# undef LOG_ERR
|
||||
# define LOG_INFO 0
|
||||
# define LOG_WARNING 1
|
||||
# define LOG_ERR 2
|
||||
# endif
|
||||
#endif
|
||||
|
||||
# if defined(OPENSSL_SYS_VXWORKS)
|
||||
#if defined(OPENSSL_SYS_VXWORKS)
|
||||
/* not supported */
|
||||
int setpgid(pid_t pid, pid_t pgid)
|
||||
{
|
||||
@ -80,9 +77,9 @@ pid_t fork(void)
|
||||
errno = ENOSYS;
|
||||
return (pid_t) -1;
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
/* Maximum leeway in validity period: default 5 minutes */
|
||||
# define MAX_VALIDITY_PERIOD (5 * 60)
|
||||
#define MAX_VALIDITY_PERIOD (5 * 60)
|
||||
|
||||
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
|
||||
const EVP_MD *cert_id_md, X509 *issuer,
|
||||
@ -109,20 +106,20 @@ static void log_message(int level, const char *fmt, ...);
|
||||
static char *prog;
|
||||
static int multi = 0;
|
||||
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
static int acfd = (int) INVALID_SOCKET;
|
||||
static int index_changed(CA_DB *);
|
||||
static void spawn_loop(void);
|
||||
static int print_syslog(const char *str, size_t len, void *levPtr);
|
||||
static void socket_timeout(int signum);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
# ifndef OPENSSL_NO_SOCK
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
|
||||
const char *path,
|
||||
const STACK_OF(CONF_VALUE) *headers,
|
||||
OCSP_REQUEST *req, int req_timeout);
|
||||
# endif
|
||||
#endif
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -160,9 +157,9 @@ const OPTIONS ocsp_options[] = {
|
||||
"Don't include any certificates in response"},
|
||||
{"resp_key_id", OPT_RESP_KEY_ID, '-',
|
||||
"Identify response by signing certificate key ID"},
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
{"multi", OPT_MULTI, 'p', "run multiple responder processes"},
|
||||
# endif
|
||||
#endif
|
||||
{"no_certs", OPT_NO_CERTS, '-',
|
||||
"Don't include any certificates in signed request"},
|
||||
{"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
|
||||
@ -511,9 +508,9 @@ int ocsp_main(int argc, char **argv)
|
||||
trailing_md = 1;
|
||||
break;
|
||||
case OPT_MULTI:
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
multi = atoi(opt_arg());
|
||||
# endif
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -593,7 +590,7 @@ int ocsp_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
if (multi && acbio != NULL)
|
||||
spawn_loop();
|
||||
if (acbio != NULL && req_timeout > 0)
|
||||
@ -606,7 +603,7 @@ int ocsp_main(int argc, char **argv)
|
||||
redo_accept:
|
||||
|
||||
if (acbio != NULL) {
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
if (index_changed(rdb)) {
|
||||
CA_DB *newrdb = load_index(ridx_filename, NULL);
|
||||
|
||||
@ -619,7 +616,7 @@ int ocsp_main(int argc, char **argv)
|
||||
ridx_filename);
|
||||
}
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
req = NULL;
|
||||
if (!do_responder(&req, &cbio, acbio, req_timeout))
|
||||
@ -688,16 +685,16 @@ int ocsp_main(int argc, char **argv)
|
||||
if (cbio != NULL)
|
||||
send_ocsp_response(cbio, resp);
|
||||
} else if (host != NULL) {
|
||||
# ifndef OPENSSL_NO_SOCK
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
resp = process_responder(req, host, path,
|
||||
port, use_ssl, headers, req_timeout);
|
||||
if (resp == NULL)
|
||||
goto end;
|
||||
# else
|
||||
#else
|
||||
BIO_printf(bio_err,
|
||||
"Error creating connect BIO - sockets not supported.\n");
|
||||
goto end;
|
||||
# endif
|
||||
#endif
|
||||
} else if (respin != NULL) {
|
||||
derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
|
||||
if (derbio == NULL)
|
||||
@ -840,7 +837,7 @@ log_message(int level, const char *fmt, ...)
|
||||
va_list ap;
|
||||
|
||||
va_start(ap, fmt);
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
if (multi) {
|
||||
char buf[1024];
|
||||
if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) {
|
||||
@ -849,7 +846,7 @@ log_message(int level, const char *fmt, ...)
|
||||
if (level >= LOG_ERR)
|
||||
ERR_print_errors_cb(print_syslog, &level);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
if (!multi) {
|
||||
BIO_printf(bio_err, "%s: ", prog);
|
||||
BIO_vprintf(bio_err, fmt, ap);
|
||||
@ -858,7 +855,7 @@ log_message(int level, const char *fmt, ...)
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
|
||||
static int print_syslog(const char *str, size_t len, void *levPtr)
|
||||
{
|
||||
@ -1011,7 +1008,7 @@ static void spawn_loop(void)
|
||||
syslog(LOG_INFO, "terminating on signal: %d", termsig);
|
||||
killall(0, kidpids);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
|
||||
const EVP_MD *cert_id_md, X509 *issuer,
|
||||
@ -1291,11 +1288,11 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
|
||||
|
||||
static BIO *init_responder(const char *port)
|
||||
{
|
||||
# ifdef OPENSSL_NO_SOCK
|
||||
#ifdef OPENSSL_NO_SOCK
|
||||
BIO_printf(bio_err,
|
||||
"Error setting up accept BIO - sockets not supported.\n");
|
||||
return NULL;
|
||||
# else
|
||||
#else
|
||||
BIO *acbio = NULL, *bufbio = NULL;
|
||||
|
||||
bufbio = BIO_new(BIO_f_buffer());
|
||||
@ -1322,10 +1319,10 @@ static BIO *init_responder(const char *port)
|
||||
BIO_free_all(acbio);
|
||||
BIO_free(bufbio);
|
||||
return NULL;
|
||||
# endif
|
||||
#endif
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_SOCK
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
/*
|
||||
* Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
|
||||
*/
|
||||
@ -1349,22 +1346,22 @@ static int urldecode(char *p)
|
||||
*out = '\0';
|
||||
return (int)(out - save);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
# ifdef OCSP_DAEMON
|
||||
#ifdef OCSP_DAEMON
|
||||
static void socket_timeout(int signum)
|
||||
{
|
||||
if (acfd != (int)INVALID_SOCKET)
|
||||
(void)shutdown(acfd, SHUT_RD);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
|
||||
static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
|
||||
int timeout)
|
||||
{
|
||||
# ifdef OPENSSL_NO_SOCK
|
||||
#ifdef OPENSSL_NO_SOCK
|
||||
return 0;
|
||||
# else
|
||||
#else
|
||||
int len;
|
||||
OCSP_REQUEST *req = NULL;
|
||||
char inbuf[2048], reqbuf[2048];
|
||||
@ -1476,7 +1473,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
|
||||
acfd = (int)INVALID_SOCKET;
|
||||
# endif
|
||||
return 1;
|
||||
# endif
|
||||
#endif
|
||||
}
|
||||
|
||||
static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
|
||||
@ -1492,7 +1489,7 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
|
||||
return 1;
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_SOCK
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
|
||||
const char *path,
|
||||
const STACK_OF(CONF_VALUE) *headers,
|
||||
@ -1623,6 +1620,4 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
|
||||
SSL_CTX_free(ctx);
|
||||
return resp;
|
||||
}
|
||||
# endif
|
||||
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,25 +8,21 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#if defined(OPENSSL_NO_DES)
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/pkcs12.h>
|
||||
|
||||
# define NOKEYS 0x1
|
||||
# define NOCERTS 0x2
|
||||
# define INFO 0x4
|
||||
# define CLCERTS 0x8
|
||||
# define CACERTS 0x10
|
||||
#define NOKEYS 0x1
|
||||
#define NOCERTS 0x2
|
||||
#define INFO 0x4
|
||||
#define CLCERTS 0x8
|
||||
#define CACERTS 0x10
|
||||
|
||||
#define PASSWD_BUF_SIZE 2048
|
||||
|
||||
@ -74,15 +70,15 @@ const OPTIONS pkcs12_options[] = {
|
||||
{"chain", OPT_CHAIN, '-', "Add certificate chain"},
|
||||
{"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
|
||||
{"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
|
||||
# ifndef OPENSSL_NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
{"descert", OPT_DESCERT, '-',
|
||||
"Encrypt output with 3DES (default RC2-40)"},
|
||||
{"certpbe", OPT_CERTPBE, 's',
|
||||
"Certificate PBE algorithm (default RC2-40)"},
|
||||
# else
|
||||
#else
|
||||
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
|
||||
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
|
||||
# endif
|
||||
#endif
|
||||
{"export", OPT_EXPORT, '-', "Output PKCS12 file"},
|
||||
{"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
|
||||
{"maciter", OPT_MACITER, '-', "Use MAC iteration"},
|
||||
@ -113,9 +109,9 @@ const OPTIONS pkcs12_options[] = {
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
"Do not load certificates from the default certificates directory"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -126,11 +122,11 @@ int pkcs12_main(int argc, char **argv)
|
||||
char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
|
||||
int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
|
||||
int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
|
||||
# ifndef OPENSSL_NO_RC2
|
||||
#ifndef OPENSSL_NO_RC2
|
||||
int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
|
||||
# else
|
||||
#else
|
||||
int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
# endif
|
||||
#endif
|
||||
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
|
||||
int ret = 1, macver = 1, add_lmk = 0, private = 0;
|
||||
int noprompt = 0;
|
||||
@ -976,5 +972,3 @@ static int set_pbe(int *ppbe, const char *str)
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
53
apps/rsa.c
53
apps/rsa.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,23 +8,19 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <time.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/rsa.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/bn.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -53,14 +49,14 @@ const OPTIONS rsa_options[] = {
|
||||
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
|
||||
{"check", OPT_CHECK, '-', "Verify key consistency"},
|
||||
{"", OPT_CIPHER, '-', "Any supported cipher"},
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
{"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
|
||||
{"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
|
||||
{"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -75,9 +71,9 @@ int rsa_main(int argc, char **argv)
|
||||
int i, private = 0;
|
||||
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
|
||||
int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
int pvk_encr = 2;
|
||||
# endif
|
||||
#endif
|
||||
OPTION_CHOICE o;
|
||||
|
||||
prog = opt_init(argc, argv, rsa_options);
|
||||
@ -130,9 +126,9 @@ int rsa_main(int argc, char **argv)
|
||||
case OPT_PVK_STRONG: /* pvk_encr:= 2 */
|
||||
case OPT_PVK_WEAK: /* pvk_encr:= 1 */
|
||||
case OPT_PVK_NONE: /* pvk_encr:= 0 */
|
||||
# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
|
||||
pvk_encr = (o - OPT_PVK_NONE);
|
||||
# endif
|
||||
#endif
|
||||
break;
|
||||
case OPT_NOOUT:
|
||||
noout = 1;
|
||||
@ -265,7 +261,7 @@ int rsa_main(int argc, char **argv)
|
||||
i = PEM_write_bio_RSAPrivateKey(out, rsa,
|
||||
enc, NULL, 0, NULL, passout);
|
||||
}
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
#ifndef OPENSSL_NO_DSA
|
||||
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
|
||||
EVP_PKEY *pk;
|
||||
pk = EVP_PKEY_new();
|
||||
@ -294,7 +290,7 @@ int rsa_main(int argc, char **argv)
|
||||
i = i2b_PrivateKey_bio(out, pk);
|
||||
}
|
||||
EVP_PKEY_free(pk);
|
||||
# endif
|
||||
#endif
|
||||
} else {
|
||||
BIO_printf(bio_err, "bad output format specified for outfile\n");
|
||||
goto end;
|
||||
@ -313,4 +309,3 @@ int rsa_main(int argc, char **argv)
|
||||
OPENSSL_free(passout);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,25 +8,21 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_RSA
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <string.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rsa.h>
|
||||
#define RSA_SIGN 1
|
||||
#define RSA_VERIFY 2
|
||||
#define RSA_ENCRYPT 3
|
||||
#define RSA_DECRYPT 4
|
||||
|
||||
# define RSA_SIGN 1
|
||||
# define RSA_VERIFY 2
|
||||
# define RSA_ENCRYPT 3
|
||||
# define RSA_DECRYPT 4
|
||||
|
||||
# define KEY_PRIVKEY 1
|
||||
# define KEY_PUBKEY 2
|
||||
# define KEY_CERT 3
|
||||
#define KEY_PRIVKEY 1
|
||||
#define KEY_PUBKEY 2
|
||||
#define KEY_CERT 3
|
||||
|
||||
typedef enum OPTION_choice {
|
||||
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
||||
@ -60,9 +56,9 @@ const OPTIONS rsautl_options[] = {
|
||||
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -279,4 +275,3 @@ int rsautl_main(int argc, char **argv)
|
||||
OPENSSL_free(passin);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -62,6 +62,7 @@ const OPTIONS s_time_options[] = {
|
||||
{"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
|
||||
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
|
||||
{"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
||||
{"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
"Do not load the default certificates file"},
|
||||
{"no-CApath", OPT_NOCAPATH, '-',
|
||||
|
41
apps/srp.c
41
apps/srp.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -12,28 +12,24 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_SRP
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/txt_db.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/srp.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include <openssl/conf.h>
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/txt_db.h>
|
||||
# include <openssl/buffer.h>
|
||||
# include <openssl/srp.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
|
||||
# define BASE_SECTION "srp"
|
||||
# define CONFIG_FILE "openssl.cnf"
|
||||
#define BASE_SECTION "srp"
|
||||
#define CONFIG_FILE "openssl.cnf"
|
||||
|
||||
|
||||
# define ENV_DATABASE "srpvfile"
|
||||
# define ENV_DEFAULT_SRP "default_srp"
|
||||
#define ENV_DATABASE "srpvfile"
|
||||
#define ENV_DEFAULT_SRP "default_srp"
|
||||
|
||||
static int get_index(CA_DB *db, char *id, char type)
|
||||
{
|
||||
@ -212,9 +208,9 @@ const OPTIONS srp_options[] = {
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
||||
OPT_R_OPTIONS,
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{NULL}
|
||||
};
|
||||
|
||||
@ -610,4 +606,3 @@ int srp_main(int argc, char **argv)
|
||||
release_engine(e);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
48
apps/ts.c
48
apps/ts.c
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -8,29 +8,26 @@
|
||||
*/
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifdef OPENSSL_NO_TS
|
||||
NON_EMPTY_TRANSLATION_UNIT
|
||||
#else
|
||||
# include <stdio.h>
|
||||
# include <stdlib.h>
|
||||
# include <string.h>
|
||||
# include "apps.h"
|
||||
# include "progs.h"
|
||||
# include <openssl/bio.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/pem.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/ts.h>
|
||||
# include <openssl/bn.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include "progs.h"
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/ts.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
/* Request nonce length, in bits (must be a multiple of 8). */
|
||||
# define NONCE_LENGTH 64
|
||||
#define NONCE_LENGTH 64
|
||||
|
||||
/* Name of config entry that defines the OID file. */
|
||||
# define ENV_OID_FILE "oid_file"
|
||||
#define ENV_OID_FILE "oid_file"
|
||||
|
||||
/* Is |EXACTLY_ONE| of three pointers set? */
|
||||
# define EXACTLY_ONE(a, b, c) \
|
||||
#define EXACTLY_ONE(a, b, c) \
|
||||
(( a && !b && !c) || \
|
||||
( b && !a && !c) || \
|
||||
( c && !a && !b))
|
||||
@ -114,9 +111,9 @@ const OPTIONS ts_options[] = {
|
||||
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
|
||||
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
|
||||
{"", OPT_MD, '-', "Any supported digest"},
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
||||
# endif
|
||||
#endif
|
||||
{OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
|
||||
OPT_V_OPTIONS,
|
||||
{OPT_HELP_STR, 1, '-', "\n"},
|
||||
@ -137,11 +134,11 @@ static char* opt_helplist[] = {
|
||||
" [-signer tsa_cert.pem] [-inkey private_key.pem]",
|
||||
" [-chain certs_file.pem] [-tspolicy oid]",
|
||||
" [-in file] [-token_in] [-out file] [-token_out]",
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
" [-text] [-engine id]",
|
||||
# else
|
||||
#else
|
||||
" [-text]",
|
||||
# endif
|
||||
#endif
|
||||
" or",
|
||||
"ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
|
||||
" [-data file] [-digest hexstring]",
|
||||
@ -682,10 +679,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, const char *eng
|
||||
goto end;
|
||||
if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
|
||||
goto end;
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (!TS_CONF_set_crypto_device(conf, section, engine))
|
||||
goto end;
|
||||
# endif
|
||||
#endif
|
||||
if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
|
||||
goto end;
|
||||
if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
|
||||
@ -984,4 +981,3 @@ static int verify_cb(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
return ok;
|
||||
}
|
||||
#endif /* ndef OPENSSL_NO_TS */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -43,7 +43,988 @@
|
||||
#include <openssl/aes.h>
|
||||
#include "aes_local.h"
|
||||
|
||||
#ifndef AES_ASM
|
||||
#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM)
|
||||
typedef union {
|
||||
unsigned char b[8];
|
||||
u32 w[2];
|
||||
u64 d;
|
||||
} uni;
|
||||
|
||||
/*
|
||||
* Compute w := (w * x) mod (x^8 + x^4 + x^3 + x^1 + 1)
|
||||
* Therefore the name "xtime".
|
||||
*/
|
||||
static void XtimeWord(u32 *w)
|
||||
{
|
||||
u32 a, b;
|
||||
|
||||
a = *w;
|
||||
b = a & 0x80808080u;
|
||||
a ^= b;
|
||||
b -= b >> 7;
|
||||
b &= 0x1B1B1B1Bu;
|
||||
b ^= a << 1;
|
||||
*w = b;
|
||||
}
|
||||
|
||||
static void XtimeLong(u64 *w)
|
||||
{
|
||||
u64 a, b;
|
||||
|
||||
a = *w;
|
||||
b = a & 0x8080808080808080uLL;
|
||||
a ^= b;
|
||||
b -= b >> 7;
|
||||
b &= 0x1B1B1B1B1B1B1B1BuLL;
|
||||
b ^= a << 1;
|
||||
*w = b;
|
||||
}
|
||||
|
||||
/*
|
||||
* This computes w := S * w ^ -1 + c, where c = {01100011}.
|
||||
* Instead of using GF(2^8) mod (x^8+x^4+x^3+x+1} we do the inversion
|
||||
* in GF(GF(GF(2^2)^2)^2) mod (X^2+X+8)
|
||||
* and GF(GF(2^2)^2) mod (X^2+X+2)
|
||||
* and GF(2^2) mod (X^2+X+1)
|
||||
* The first part of the algorithm below transfers the coordinates
|
||||
* {0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80} =>
|
||||
* {1,Y,Y^2,Y^3,Y^4,Y^5,Y^6,Y^7} with Y=0x41:
|
||||
* {0x01,0x41,0x66,0x6c,0x56,0x9a,0x58,0xc4}
|
||||
* The last part undoes the coordinate transfer and the final affine
|
||||
* transformation S:
|
||||
* b[i] = b[i] + b[(i+4)%8] + b[(i+5)%8] + b[(i+6)%8] + b[(i+7)%8] + c[i]
|
||||
* in one step.
|
||||
* The multiplication in GF(2^2^2^2) is done in ordinary coords:
|
||||
* A = (a0*1 + a1*x^4)
|
||||
* B = (b0*1 + b1*x^4)
|
||||
* AB = ((a0*b0 + 8*a1*b1)*1 + (a1*b0 + (a0+a1)*b1)*x^4)
|
||||
* When A = (a0,a1) is given we want to solve AB = 1:
|
||||
* (a) 1 = a0*b0 + 8*a1*b1
|
||||
* (b) 0 = a1*b0 + (a0+a1)*b1
|
||||
* => multiply (a) by a1 and (b) by a0
|
||||
* (c) a1 = a1*a0*b0 + (8*a1*a1)*b1
|
||||
* (d) 0 = a1*a0*b0 + (a0*a0+a1*a0)*b1
|
||||
* => add (c) + (d)
|
||||
* (e) a1 = (a0*a0 + a1*a0 + 8*a1*a1)*b1
|
||||
* => therefore
|
||||
* b1 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * a1
|
||||
* => and adding (a1*b0) to (b) we get
|
||||
* (f) a1*b0 = (a0+a1)*b1
|
||||
* => therefore
|
||||
* b0 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * (a0+a1)
|
||||
* Note this formula also works for the case
|
||||
* (a0+a1)*a0 + 8*a1*a1 = 0
|
||||
* if the inverse element for 0^-1 is mapped to 0.
|
||||
* Repeat the same for GF(2^2^2) and GF(2^2).
|
||||
* We get the following algorithm:
|
||||
* inv8(a0,a1):
|
||||
* x0 = a0^a1
|
||||
* [y0,y1] = mul4([x0,a1],[a0,a1]); (*)
|
||||
* y1 = mul4(8,y1);
|
||||
* t = inv4(y0^y1);
|
||||
* [b0,b1] = mul4([x0,a1],[t,t]); (*)
|
||||
* return [b0,b1];
|
||||
* The non-linear multiplies (*) can be done in parallel at no extra cost.
|
||||
*/
|
||||
static void SubWord(u32 *w)
|
||||
{
|
||||
u32 x, y, a1, a2, a3, a4, a5, a6;
|
||||
|
||||
x = *w;
|
||||
y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7);
|
||||
x &= 0xDDDDDDDDu;
|
||||
x ^= y & 0x57575757u;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x1C1C1C1Cu;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x4A4A4A4Au;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x42424242u;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x64646464u;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0xE0E0E0E0u;
|
||||
a1 = x;
|
||||
a1 ^= (x & 0xF0F0F0F0u) >> 4;
|
||||
a2 = ((x & 0xCCCCCCCCu) >> 2) | ((x & 0x33333333u) << 2);
|
||||
a3 = x & a1;
|
||||
a3 ^= (a3 & 0xAAAAAAAAu) >> 1;
|
||||
a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAu;
|
||||
a4 = a2 & a1;
|
||||
a4 ^= (a4 & 0xAAAAAAAAu) >> 1;
|
||||
a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAu;
|
||||
a5 = (a3 & 0xCCCCCCCCu) >> 2;
|
||||
a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu;
|
||||
a4 = a5 & 0x22222222u;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x22222222u;
|
||||
a3 ^= a4;
|
||||
a5 = a3 & 0xA0A0A0A0u;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a3 << 1) & 0xA0A0A0A0u;
|
||||
a4 = a5 & 0xC0C0C0C0u;
|
||||
a6 = a4 >> 2;
|
||||
a4 ^= (a5 << 2) & 0xC0C0C0C0u;
|
||||
a5 = a6 & 0x20202020u;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a6 << 1) & 0x20202020u;
|
||||
a4 |= a5;
|
||||
a3 ^= a4 >> 4;
|
||||
a3 &= 0x0F0F0F0Fu;
|
||||
a2 = a3;
|
||||
a2 ^= (a3 & 0x0C0C0C0Cu) >> 2;
|
||||
a4 = a3 & a2;
|
||||
a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1;
|
||||
a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au;
|
||||
a5 = a4 & 0x08080808u;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a4 << 1) & 0x08080808u;
|
||||
a4 ^= a5 >> 2;
|
||||
a4 &= 0x03030303u;
|
||||
a4 ^= (a4 & 0x02020202u) >> 1;
|
||||
a4 |= a4 << 2;
|
||||
a3 = a2 & a4;
|
||||
a3 ^= (a3 & 0x0A0A0A0Au) >> 1;
|
||||
a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0Au;
|
||||
a3 |= a3 << 4;
|
||||
a2 = ((a1 & 0xCCCCCCCCu) >> 2) | ((a1 & 0x33333333u) << 2);
|
||||
x = a1 & a3;
|
||||
x ^= (x & 0xAAAAAAAAu) >> 1;
|
||||
x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAu;
|
||||
a4 = a2 & a3;
|
||||
a4 ^= (a4 & 0xAAAAAAAAu) >> 1;
|
||||
a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAu;
|
||||
a5 = (x & 0xCCCCCCCCu) >> 2;
|
||||
x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu;
|
||||
a4 = a5 & 0x22222222u;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x22222222u;
|
||||
x ^= a4;
|
||||
y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7);
|
||||
x &= 0x39393939u;
|
||||
x ^= y & 0x3F3F3F3Fu;
|
||||
y = ((y & 0xFCFCFCFCu) >> 2) | ((y & 0x03030303u) << 6);
|
||||
x ^= y & 0x97979797u;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x9B9B9B9Bu;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x3C3C3C3Cu;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0xDDDDDDDDu;
|
||||
y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
|
||||
x ^= y & 0x72727272u;
|
||||
x ^= 0x63636363u;
|
||||
*w = x;
|
||||
}
|
||||
|
||||
static void SubLong(u64 *w)
|
||||
{
|
||||
u64 x, y, a1, a2, a3, a4, a5, a6;
|
||||
|
||||
x = *w;
|
||||
y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
|
||||
x &= 0xDDDDDDDDDDDDDDDDuLL;
|
||||
x ^= y & 0x5757575757575757uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x1C1C1C1C1C1C1C1CuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x4A4A4A4A4A4A4A4AuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x4242424242424242uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x6464646464646464uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xE0E0E0E0E0E0E0E0uLL;
|
||||
a1 = x;
|
||||
a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4;
|
||||
a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2);
|
||||
a3 = x & a1;
|
||||
a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a4 = a2 & a1;
|
||||
a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
|
||||
a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
|
||||
a4 = a5 & 0x2222222222222222uLL;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x2222222222222222uLL;
|
||||
a3 ^= a4;
|
||||
a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL;
|
||||
a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL;
|
||||
a6 = a4 >> 2;
|
||||
a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL;
|
||||
a5 = a6 & 0x2020202020202020uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a6 << 1) & 0x2020202020202020uLL;
|
||||
a4 |= a5;
|
||||
a3 ^= a4 >> 4;
|
||||
a3 &= 0x0F0F0F0F0F0F0F0FuLL;
|
||||
a2 = a3;
|
||||
a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2;
|
||||
a4 = a3 & a2;
|
||||
a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
|
||||
a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL;
|
||||
a5 = a4 & 0x0808080808080808uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a4 << 1) & 0x0808080808080808uLL;
|
||||
a4 ^= a5 >> 2;
|
||||
a4 &= 0x0303030303030303uLL;
|
||||
a4 ^= (a4 & 0x0202020202020202uLL) >> 1;
|
||||
a4 |= a4 << 2;
|
||||
a3 = a2 & a4;
|
||||
a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
|
||||
a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL;
|
||||
a3 |= a3 << 4;
|
||||
a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2);
|
||||
x = a1 & a3;
|
||||
x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a4 = a2 & a3;
|
||||
a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
|
||||
x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
|
||||
a4 = a5 & 0x2222222222222222uLL;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x2222222222222222uLL;
|
||||
x ^= a4;
|
||||
y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
|
||||
x &= 0x3939393939393939uLL;
|
||||
x ^= y & 0x3F3F3F3F3F3F3F3FuLL;
|
||||
y = ((y & 0xFCFCFCFCFCFCFCFCuLL) >> 2) | ((y & 0x0303030303030303uLL) << 6);
|
||||
x ^= y & 0x9797979797979797uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x9B9B9B9B9B9B9B9BuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x3C3C3C3C3C3C3C3CuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xDDDDDDDDDDDDDDDDuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x7272727272727272uLL;
|
||||
x ^= 0x6363636363636363uLL;
|
||||
*w = x;
|
||||
}
|
||||
|
||||
/*
|
||||
* This computes w := (S^-1 * (w + c))^-1
|
||||
*/
|
||||
static void InvSubLong(u64 *w)
|
||||
{
|
||||
u64 x, y, a1, a2, a3, a4, a5, a6;
|
||||
|
||||
x = *w;
|
||||
x ^= 0x6363636363636363uLL;
|
||||
y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
|
||||
x &= 0xFDFDFDFDFDFDFDFDuLL;
|
||||
x ^= y & 0x5E5E5E5E5E5E5E5EuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xF3F3F3F3F3F3F3F3uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xF5F5F5F5F5F5F5F5uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x7878787878787878uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x7777777777777777uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x1515151515151515uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xA5A5A5A5A5A5A5A5uLL;
|
||||
a1 = x;
|
||||
a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4;
|
||||
a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2);
|
||||
a3 = x & a1;
|
||||
a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a4 = a2 & a1;
|
||||
a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
|
||||
a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
|
||||
a4 = a5 & 0x2222222222222222uLL;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x2222222222222222uLL;
|
||||
a3 ^= a4;
|
||||
a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL;
|
||||
a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL;
|
||||
a6 = a4 >> 2;
|
||||
a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL;
|
||||
a5 = a6 & 0x2020202020202020uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a6 << 1) & 0x2020202020202020uLL;
|
||||
a4 |= a5;
|
||||
a3 ^= a4 >> 4;
|
||||
a3 &= 0x0F0F0F0F0F0F0F0FuLL;
|
||||
a2 = a3;
|
||||
a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2;
|
||||
a4 = a3 & a2;
|
||||
a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
|
||||
a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL;
|
||||
a5 = a4 & 0x0808080808080808uLL;
|
||||
a5 |= a5 >> 1;
|
||||
a5 ^= (a4 << 1) & 0x0808080808080808uLL;
|
||||
a4 ^= a5 >> 2;
|
||||
a4 &= 0x0303030303030303uLL;
|
||||
a4 ^= (a4 & 0x0202020202020202uLL) >> 1;
|
||||
a4 |= a4 << 2;
|
||||
a3 = a2 & a4;
|
||||
a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
|
||||
a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL;
|
||||
a3 |= a3 << 4;
|
||||
a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2);
|
||||
x = a1 & a3;
|
||||
x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a4 = a2 & a3;
|
||||
a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
|
||||
a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
|
||||
a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
|
||||
x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
|
||||
a4 = a5 & 0x2222222222222222uLL;
|
||||
a4 |= a4 >> 1;
|
||||
a4 ^= (a5 << 1) & 0x2222222222222222uLL;
|
||||
x ^= a4;
|
||||
y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
|
||||
x &= 0xB5B5B5B5B5B5B5B5uLL;
|
||||
x ^= y & 0x4040404040404040uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x8080808080808080uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x1616161616161616uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xEBEBEBEBEBEBEBEBuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x9797979797979797uLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0xFBFBFBFBFBFBFBFBuLL;
|
||||
y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
|
||||
x ^= y & 0x7D7D7D7D7D7D7D7DuLL;
|
||||
*w = x;
|
||||
}
|
||||
|
||||
static void ShiftRows(u64 *state)
|
||||
{
|
||||
unsigned char s[4];
|
||||
unsigned char *s0;
|
||||
int r;
|
||||
|
||||
s0 = (unsigned char *)state;
|
||||
for (r = 0; r < 4; r++) {
|
||||
s[0] = s0[0*4 + r];
|
||||
s[1] = s0[1*4 + r];
|
||||
s[2] = s0[2*4 + r];
|
||||
s[3] = s0[3*4 + r];
|
||||
s0[0*4 + r] = s[(r+0) % 4];
|
||||
s0[1*4 + r] = s[(r+1) % 4];
|
||||
s0[2*4 + r] = s[(r+2) % 4];
|
||||
s0[3*4 + r] = s[(r+3) % 4];
|
||||
}
|
||||
}
|
||||
|
||||
static void InvShiftRows(u64 *state)
|
||||
{
|
||||
unsigned char s[4];
|
||||
unsigned char *s0;
|
||||
int r;
|
||||
|
||||
s0 = (unsigned char *)state;
|
||||
for (r = 0; r < 4; r++) {
|
||||
s[0] = s0[0*4 + r];
|
||||
s[1] = s0[1*4 + r];
|
||||
s[2] = s0[2*4 + r];
|
||||
s[3] = s0[3*4 + r];
|
||||
s0[0*4 + r] = s[(4-r) % 4];
|
||||
s0[1*4 + r] = s[(5-r) % 4];
|
||||
s0[2*4 + r] = s[(6-r) % 4];
|
||||
s0[3*4 + r] = s[(7-r) % 4];
|
||||
}
|
||||
}
|
||||
|
||||
static void MixColumns(u64 *state)
|
||||
{
|
||||
uni s1;
|
||||
uni s;
|
||||
int c;
|
||||
|
||||
for (c = 0; c < 2; c++) {
|
||||
s1.d = state[c];
|
||||
s.d = s1.d;
|
||||
s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16)
|
||||
| ((s.d & 0x0000FFFF0000FFFFuLL) << 16);
|
||||
s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8)
|
||||
| ((s.d & 0x00FF00FF00FF00FFuLL) << 8);
|
||||
s.d ^= s1.d;
|
||||
XtimeLong(&s1.d);
|
||||
s.d ^= s1.d;
|
||||
s.b[0] ^= s1.b[1];
|
||||
s.b[1] ^= s1.b[2];
|
||||
s.b[2] ^= s1.b[3];
|
||||
s.b[3] ^= s1.b[0];
|
||||
s.b[4] ^= s1.b[5];
|
||||
s.b[5] ^= s1.b[6];
|
||||
s.b[6] ^= s1.b[7];
|
||||
s.b[7] ^= s1.b[4];
|
||||
state[c] = s.d;
|
||||
}
|
||||
}
|
||||
|
||||
static void InvMixColumns(u64 *state)
|
||||
{
|
||||
uni s1;
|
||||
uni s;
|
||||
int c;
|
||||
|
||||
for (c = 0; c < 2; c++) {
|
||||
s1.d = state[c];
|
||||
s.d = s1.d;
|
||||
s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16)
|
||||
| ((s.d & 0x0000FFFF0000FFFFuLL) << 16);
|
||||
s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8)
|
||||
| ((s.d & 0x00FF00FF00FF00FFuLL) << 8);
|
||||
s.d ^= s1.d;
|
||||
XtimeLong(&s1.d);
|
||||
s.d ^= s1.d;
|
||||
s.b[0] ^= s1.b[1];
|
||||
s.b[1] ^= s1.b[2];
|
||||
s.b[2] ^= s1.b[3];
|
||||
s.b[3] ^= s1.b[0];
|
||||
s.b[4] ^= s1.b[5];
|
||||
s.b[5] ^= s1.b[6];
|
||||
s.b[6] ^= s1.b[7];
|
||||
s.b[7] ^= s1.b[4];
|
||||
XtimeLong(&s1.d);
|
||||
s1.d ^= ((s1.d & 0xFFFF0000FFFF0000uLL) >> 16)
|
||||
| ((s1.d & 0x0000FFFF0000FFFFuLL) << 16);
|
||||
s.d ^= s1.d;
|
||||
XtimeLong(&s1.d);
|
||||
s1.d ^= ((s1.d & 0xFF00FF00FF00FF00uLL) >> 8)
|
||||
| ((s1.d & 0x00FF00FF00FF00FFuLL) << 8);
|
||||
s.d ^= s1.d;
|
||||
state[c] = s.d;
|
||||
}
|
||||
}
|
||||
|
||||
static void AddRoundKey(u64 *state, const u64 *w)
|
||||
{
|
||||
state[0] ^= w[0];
|
||||
state[1] ^= w[1];
|
||||
}
|
||||
|
||||
static void Cipher(const unsigned char *in, unsigned char *out,
|
||||
const u64 *w, int nr)
|
||||
{
|
||||
u64 state[2];
|
||||
int i;
|
||||
|
||||
memcpy(state, in, 16);
|
||||
|
||||
AddRoundKey(state, w);
|
||||
|
||||
for (i = 1; i < nr; i++) {
|
||||
SubLong(&state[0]);
|
||||
SubLong(&state[1]);
|
||||
ShiftRows(state);
|
||||
MixColumns(state);
|
||||
AddRoundKey(state, w + i*2);
|
||||
}
|
||||
|
||||
SubLong(&state[0]);
|
||||
SubLong(&state[1]);
|
||||
ShiftRows(state);
|
||||
AddRoundKey(state, w + nr*2);
|
||||
|
||||
memcpy(out, state, 16);
|
||||
}
|
||||
|
||||
static void InvCipher(const unsigned char *in, unsigned char *out,
|
||||
const u64 *w, int nr)
|
||||
|
||||
{
|
||||
u64 state[2];
|
||||
int i;
|
||||
|
||||
memcpy(state, in, 16);
|
||||
|
||||
AddRoundKey(state, w + nr*2);
|
||||
|
||||
for (i = nr - 1; i > 0; i--) {
|
||||
InvShiftRows(state);
|
||||
InvSubLong(&state[0]);
|
||||
InvSubLong(&state[1]);
|
||||
AddRoundKey(state, w + i*2);
|
||||
InvMixColumns(state);
|
||||
}
|
||||
|
||||
InvShiftRows(state);
|
||||
InvSubLong(&state[0]);
|
||||
InvSubLong(&state[1]);
|
||||
AddRoundKey(state, w);
|
||||
|
||||
memcpy(out, state, 16);
|
||||
}
|
||||
|
||||
static void RotWord(u32 *x)
|
||||
{
|
||||
unsigned char *w0;
|
||||
unsigned char tmp;
|
||||
|
||||
w0 = (unsigned char *)x;
|
||||
tmp = w0[0];
|
||||
w0[0] = w0[1];
|
||||
w0[1] = w0[2];
|
||||
w0[2] = w0[3];
|
||||
w0[3] = tmp;
|
||||
}
|
||||
|
||||
static void KeyExpansion(const unsigned char *key, u64 *w,
|
||||
int nr, int nk)
|
||||
{
|
||||
u32 rcon;
|
||||
uni prev;
|
||||
u32 temp;
|
||||
int i, n;
|
||||
|
||||
memcpy(w, key, nk*4);
|
||||
memcpy(&rcon, "\1\0\0\0", 4);
|
||||
n = nk/2;
|
||||
prev.d = w[n-1];
|
||||
for (i = n; i < (nr+1)*2; i++) {
|
||||
temp = prev.w[1];
|
||||
if (i % n == 0) {
|
||||
RotWord(&temp);
|
||||
SubWord(&temp);
|
||||
temp ^= rcon;
|
||||
XtimeWord(&rcon);
|
||||
} else if (nk > 6 && i % n == 2) {
|
||||
SubWord(&temp);
|
||||
}
|
||||
prev.d = w[i-n];
|
||||
prev.w[0] ^= temp;
|
||||
prev.w[1] ^= prev.w[0];
|
||||
w[i] = prev.d;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Expand the cipher key into the encryption key schedule.
|
||||
*/
|
||||
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key)
|
||||
{
|
||||
u64 *rk;
|
||||
|
||||
if (!userKey || !key)
|
||||
return -1;
|
||||
if (bits != 128 && bits != 192 && bits != 256)
|
||||
return -2;
|
||||
|
||||
rk = (u64*)key->rd_key;
|
||||
|
||||
if (bits == 128)
|
||||
key->rounds = 10;
|
||||
else if (bits == 192)
|
||||
key->rounds = 12;
|
||||
else
|
||||
key->rounds = 14;
|
||||
|
||||
KeyExpansion(userKey, rk, key->rounds, bits/32);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Expand the cipher key into the decryption key schedule.
|
||||
*/
|
||||
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
|
||||
AES_KEY *key)
|
||||
{
|
||||
return AES_set_encrypt_key(userKey, bits, key);
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypt a single block
|
||||
* in and out can overlap
|
||||
*/
|
||||
void AES_encrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key)
|
||||
{
|
||||
const u64 *rk;
|
||||
|
||||
assert(in && out && key);
|
||||
rk = (u64*)key->rd_key;
|
||||
|
||||
Cipher(in, out, rk, key->rounds);
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt a single block
|
||||
* in and out can overlap
|
||||
*/
|
||||
void AES_decrypt(const unsigned char *in, unsigned char *out,
|
||||
const AES_KEY *key)
|
||||
{
|
||||
const u64 *rk;
|
||||
|
||||
assert(in && out && key);
|
||||
rk = (u64*)key->rd_key;
|
||||
|
||||
InvCipher(in, out, rk, key->rounds);
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_SMALL_FOOTPRINT
|
||||
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t blocks, const AES_KEY *key,
|
||||
const unsigned char *ivec);
|
||||
|
||||
static void RawToBits(const u8 raw[64], u64 bits[8])
|
||||
{
|
||||
int i, j;
|
||||
u64 in, out;
|
||||
|
||||
memset(bits, 0, 64);
|
||||
for (i = 0; i < 8; i++) {
|
||||
in = 0;
|
||||
for (j = 0; j < 8; j++)
|
||||
in |= ((u64)raw[i * 8 + j]) << (8 * j);
|
||||
out = in & 0xF0F0F0F00F0F0F0FuLL;
|
||||
out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
|
||||
out |= (in & 0x00000000F0F0F0F0uLL) << 28;
|
||||
in = out & 0xCCCC3333CCCC3333uLL;
|
||||
in |= (out & 0x3333000033330000uLL) >> 14;
|
||||
in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
|
||||
out = in & 0xAA55AA55AA55AA55uLL;
|
||||
out |= (in & 0x5500550055005500uLL) >> 7;
|
||||
out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
|
||||
for (j = 0; j < 8; j++) {
|
||||
bits[j] |= (out & 0xFFuLL) << (8 * i);
|
||||
out = out >> 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void BitsToRaw(const u64 bits[8], u8 raw[64])
|
||||
{
|
||||
int i, j;
|
||||
u64 in, out;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
in = 0;
|
||||
for (j = 0; j < 8; j++)
|
||||
in |= ((bits[j] >> (8 * i)) & 0xFFuLL) << (8 * j);
|
||||
out = in & 0xF0F0F0F00F0F0F0FuLL;
|
||||
out |= (in & 0x0F0F0F0F00000000uLL) >> 28;
|
||||
out |= (in & 0x00000000F0F0F0F0uLL) << 28;
|
||||
in = out & 0xCCCC3333CCCC3333uLL;
|
||||
in |= (out & 0x3333000033330000uLL) >> 14;
|
||||
in |= (out & 0x0000CCCC0000CCCCuLL) << 14;
|
||||
out = in & 0xAA55AA55AA55AA55uLL;
|
||||
out |= (in & 0x5500550055005500uLL) >> 7;
|
||||
out |= (in & 0x00AA00AA00AA00AAuLL) << 7;
|
||||
for (j = 0; j < 8; j++) {
|
||||
raw[i * 8 + j] = (u8)out;
|
||||
out = out >> 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void BitsXtime(u64 state[8])
|
||||
{
|
||||
u64 b;
|
||||
|
||||
b = state[7];
|
||||
state[7] = state[6];
|
||||
state[6] = state[5];
|
||||
state[5] = state[4];
|
||||
state[4] = state[3] ^ b;
|
||||
state[3] = state[2] ^ b;
|
||||
state[2] = state[1];
|
||||
state[1] = state[0] ^ b;
|
||||
state[0] = b;
|
||||
}
|
||||
|
||||
/*
|
||||
* This S-box implementation follows a circuit described in
|
||||
* Boyar and Peralta: "A new combinational logic minimization
|
||||
* technique with applications to cryptology."
|
||||
* https://eprint.iacr.org/2009/191.pdf
|
||||
*
|
||||
* The math is similar to above, in that it uses
|
||||
* a tower field of GF(2^2^2^2) but with a different
|
||||
* basis representation, that is better suited to
|
||||
* logic designs.
|
||||
*/
|
||||
static void BitsSub(u64 state[8])
|
||||
{
|
||||
u64 x0, x1, x2, x3, x4, x5, x6, x7;
|
||||
u64 y1, y2, y3, y4, y5, y6, y7, y8, y9, y10, y11;
|
||||
u64 y12, y13, y14, y15, y16, y17, y18, y19, y20, y21;
|
||||
u64 t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11;
|
||||
u64 t12, t13, t14, t15, t16, t17, t18, t19, t20, t21;
|
||||
u64 t22, t23, t24, t25, t26, t27, t28, t29, t30, t31;
|
||||
u64 t32, t33, t34, t35, t36, t37, t38, t39, t40, t41;
|
||||
u64 t42, t43, t44, t45, t46, t47, t48, t49, t50, t51;
|
||||
u64 t52, t53, t54, t55, t56, t57, t58, t59, t60, t61;
|
||||
u64 t62, t63, t64, t65, t66, t67;
|
||||
u64 z0, z1, z2, z3, z4, z5, z6, z7, z8, z9, z10, z11;
|
||||
u64 z12, z13, z14, z15, z16, z17;
|
||||
u64 s0, s1, s2, s3, s4, s5, s6, s7;
|
||||
|
||||
x7 = state[0];
|
||||
x6 = state[1];
|
||||
x5 = state[2];
|
||||
x4 = state[3];
|
||||
x3 = state[4];
|
||||
x2 = state[5];
|
||||
x1 = state[6];
|
||||
x0 = state[7];
|
||||
y14 = x3 ^ x5;
|
||||
y13 = x0 ^ x6;
|
||||
y9 = x0 ^ x3;
|
||||
y8 = x0 ^ x5;
|
||||
t0 = x1 ^ x2;
|
||||
y1 = t0 ^ x7;
|
||||
y4 = y1 ^ x3;
|
||||
y12 = y13 ^ y14;
|
||||
y2 = y1 ^ x0;
|
||||
y5 = y1 ^ x6;
|
||||
y3 = y5 ^ y8;
|
||||
t1 = x4 ^ y12;
|
||||
y15 = t1 ^ x5;
|
||||
y20 = t1 ^ x1;
|
||||
y6 = y15 ^ x7;
|
||||
y10 = y15 ^ t0;
|
||||
y11 = y20 ^ y9;
|
||||
y7 = x7 ^ y11;
|
||||
y17 = y10 ^ y11;
|
||||
y19 = y10 ^ y8;
|
||||
y16 = t0 ^ y11;
|
||||
y21 = y13 ^ y16;
|
||||
y18 = x0 ^ y16;
|
||||
t2 = y12 & y15;
|
||||
t3 = y3 & y6;
|
||||
t4 = t3 ^ t2;
|
||||
t5 = y4 & x7;
|
||||
t6 = t5 ^ t2;
|
||||
t7 = y13 & y16;
|
||||
t8 = y5 & y1;
|
||||
t9 = t8 ^ t7;
|
||||
t10 = y2 & y7;
|
||||
t11 = t10 ^ t7;
|
||||
t12 = y9 & y11;
|
||||
t13 = y14 & y17;
|
||||
t14 = t13 ^ t12;
|
||||
t15 = y8 & y10;
|
||||
t16 = t15 ^ t12;
|
||||
t17 = t4 ^ t14;
|
||||
t18 = t6 ^ t16;
|
||||
t19 = t9 ^ t14;
|
||||
t20 = t11 ^ t16;
|
||||
t21 = t17 ^ y20;
|
||||
t22 = t18 ^ y19;
|
||||
t23 = t19 ^ y21;
|
||||
t24 = t20 ^ y18;
|
||||
t25 = t21 ^ t22;
|
||||
t26 = t21 & t23;
|
||||
t27 = t24 ^ t26;
|
||||
t28 = t25 & t27;
|
||||
t29 = t28 ^ t22;
|
||||
t30 = t23 ^ t24;
|
||||
t31 = t22 ^ t26;
|
||||
t32 = t31 & t30;
|
||||
t33 = t32 ^ t24;
|
||||
t34 = t23 ^ t33;
|
||||
t35 = t27 ^ t33;
|
||||
t36 = t24 & t35;
|
||||
t37 = t36 ^ t34;
|
||||
t38 = t27 ^ t36;
|
||||
t39 = t29 & t38;
|
||||
t40 = t25 ^ t39;
|
||||
t41 = t40 ^ t37;
|
||||
t42 = t29 ^ t33;
|
||||
t43 = t29 ^ t40;
|
||||
t44 = t33 ^ t37;
|
||||
t45 = t42 ^ t41;
|
||||
z0 = t44 & y15;
|
||||
z1 = t37 & y6;
|
||||
z2 = t33 & x7;
|
||||
z3 = t43 & y16;
|
||||
z4 = t40 & y1;
|
||||
z5 = t29 & y7;
|
||||
z6 = t42 & y11;
|
||||
z7 = t45 & y17;
|
||||
z8 = t41 & y10;
|
||||
z9 = t44 & y12;
|
||||
z10 = t37 & y3;
|
||||
z11 = t33 & y4;
|
||||
z12 = t43 & y13;
|
||||
z13 = t40 & y5;
|
||||
z14 = t29 & y2;
|
||||
z15 = t42 & y9;
|
||||
z16 = t45 & y14;
|
||||
z17 = t41 & y8;
|
||||
t46 = z15 ^ z16;
|
||||
t47 = z10 ^ z11;
|
||||
t48 = z5 ^ z13;
|
||||
t49 = z9 ^ z10;
|
||||
t50 = z2 ^ z12;
|
||||
t51 = z2 ^ z5;
|
||||
t52 = z7 ^ z8;
|
||||
t53 = z0 ^ z3;
|
||||
t54 = z6 ^ z7;
|
||||
t55 = z16 ^ z17;
|
||||
t56 = z12 ^ t48;
|
||||
t57 = t50 ^ t53;
|
||||
t58 = z4 ^ t46;
|
||||
t59 = z3 ^ t54;
|
||||
t60 = t46 ^ t57;
|
||||
t61 = z14 ^ t57;
|
||||
t62 = t52 ^ t58;
|
||||
t63 = t49 ^ t58;
|
||||
t64 = z4 ^ t59;
|
||||
t65 = t61 ^ t62;
|
||||
t66 = z1 ^ t63;
|
||||
s0 = t59 ^ t63;
|
||||
s6 = ~(t56 ^ t62);
|
||||
s7 = ~(t48 ^ t60);
|
||||
t67 = t64 ^ t65;
|
||||
s3 = t53 ^ t66;
|
||||
s4 = t51 ^ t66;
|
||||
s5 = t47 ^ t65;
|
||||
s1 = ~(t64 ^ s3);
|
||||
s2 = ~(t55 ^ t67);
|
||||
state[0] = s7;
|
||||
state[1] = s6;
|
||||
state[2] = s5;
|
||||
state[3] = s4;
|
||||
state[4] = s3;
|
||||
state[5] = s2;
|
||||
state[6] = s1;
|
||||
state[7] = s0;
|
||||
}
|
||||
|
||||
static void BitsShiftRows(u64 state[8])
|
||||
{
|
||||
u64 s, s0;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
s = state[i];
|
||||
s0 = s & 0x1111111111111111uLL;
|
||||
s0 |= ((s & 0x2220222022202220uLL) >> 4) | ((s & 0x0002000200020002uLL) << 12);
|
||||
s0 |= ((s & 0x4400440044004400uLL) >> 8) | ((s & 0x0044004400440044uLL) << 8);
|
||||
s0 |= ((s & 0x8000800080008000uLL) >> 12) | ((s & 0x0888088808880888uLL) << 4);
|
||||
state[i] = s0;
|
||||
}
|
||||
}
|
||||
|
||||
static void BitsMixColumns(u64 state[8])
|
||||
{
|
||||
u64 s1, s;
|
||||
u64 s0[8];
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 8; i++) {
|
||||
s1 = state[i];
|
||||
s = s1;
|
||||
s ^= ((s & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((s & 0x3333333333333333uLL) << 2);
|
||||
s ^= ((s & 0xAAAAAAAAAAAAAAAAuLL) >> 1) | ((s & 0x5555555555555555uLL) << 1);
|
||||
s ^= s1;
|
||||
s0[i] = s;
|
||||
}
|
||||
BitsXtime(state);
|
||||
for (i = 0; i < 8; i++) {
|
||||
s1 = state[i];
|
||||
s = s0[i];
|
||||
s ^= s1;
|
||||
s ^= ((s1 & 0xEEEEEEEEEEEEEEEEuLL) >> 1) | ((s1 & 0x1111111111111111uLL) << 3);
|
||||
state[i] = s;
|
||||
}
|
||||
}
|
||||
|
||||
static void BitsAddRoundKey(u64 state[8], const u64 key[8])
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 8; i++)
|
||||
state[i] ^= key[i];
|
||||
}
|
||||
|
||||
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t blocks, const AES_KEY *key,
|
||||
const unsigned char *ivec)
|
||||
{
|
||||
struct {
|
||||
u8 cipher[64];
|
||||
u64 state[8];
|
||||
u64 rd_key[AES_MAXNR + 1][8];
|
||||
} *bs;
|
||||
u32 ctr32;
|
||||
int i;
|
||||
|
||||
ctr32 = GETU32(ivec + 12);
|
||||
if (blocks >= 4
|
||||
&& (bs = OPENSSL_malloc(sizeof(*bs)))) {
|
||||
for (i = 0; i < key->rounds + 1; i++) {
|
||||
memcpy(bs->cipher + 0, &key->rd_key[4 * i], 16);
|
||||
memcpy(bs->cipher + 16, bs->cipher, 16);
|
||||
memcpy(bs->cipher + 32, bs->cipher, 32);
|
||||
RawToBits(bs->cipher, bs->rd_key[i]);
|
||||
}
|
||||
while (blocks) {
|
||||
memcpy(bs->cipher, ivec, 12);
|
||||
PUTU32(bs->cipher + 12, ctr32);
|
||||
ctr32++;
|
||||
memcpy(bs->cipher + 16, ivec, 12);
|
||||
PUTU32(bs->cipher + 28, ctr32);
|
||||
ctr32++;
|
||||
memcpy(bs->cipher + 32, ivec, 12);
|
||||
PUTU32(bs->cipher + 44, ctr32);
|
||||
ctr32++;
|
||||
memcpy(bs->cipher + 48, ivec, 12);
|
||||
PUTU32(bs->cipher + 60, ctr32);
|
||||
ctr32++;
|
||||
RawToBits(bs->cipher, bs->state);
|
||||
BitsAddRoundKey(bs->state, bs->rd_key[0]);
|
||||
for (i = 1; i < key->rounds; i++) {
|
||||
BitsSub(bs->state);
|
||||
BitsShiftRows(bs->state);
|
||||
BitsMixColumns(bs->state);
|
||||
BitsAddRoundKey(bs->state, bs->rd_key[i]);
|
||||
}
|
||||
BitsSub(bs->state);
|
||||
BitsShiftRows(bs->state);
|
||||
BitsAddRoundKey(bs->state, bs->rd_key[key->rounds]);
|
||||
BitsToRaw(bs->state, bs->cipher);
|
||||
for (i = 0; i < 64 && blocks; i++) {
|
||||
out[i] = in[i] ^ bs->cipher[i];
|
||||
if ((i & 15) == 15)
|
||||
blocks--;
|
||||
}
|
||||
in += i;
|
||||
out += i;
|
||||
}
|
||||
OPENSSL_clear_free(bs, sizeof(*bs));
|
||||
} else {
|
||||
unsigned char cipher[16];
|
||||
|
||||
while (blocks) {
|
||||
memcpy(cipher, ivec, 12);
|
||||
PUTU32(cipher + 12, ctr32);
|
||||
AES_encrypt(cipher, cipher, key);
|
||||
for (i = 0; i < 16; i++)
|
||||
out[i] = in[i] ^ cipher[i];
|
||||
in += 16;
|
||||
out += 16;
|
||||
ctr32++;
|
||||
blocks--;
|
||||
}
|
||||
}
|
||||
}
|
||||
# endif
|
||||
#elif !defined(AES_ASM)
|
||||
/*-
|
||||
Te0[x] = S [x].[02, 01, 01, 03];
|
||||
Te1[x] = S [x].[03, 02, 01, 01];
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -24,6 +24,7 @@
|
||||
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
|
||||
# endif
|
||||
|
||||
typedef unsigned long long u64;
|
||||
# ifdef AES_LONG
|
||||
typedef unsigned long u32;
|
||||
# else
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -268,18 +268,29 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
|
||||
int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
|
||||
{
|
||||
unsigned char *c;
|
||||
const char *data = _data;
|
||||
size_t len;
|
||||
|
||||
if (len < 0) {
|
||||
if (len_in < 0) {
|
||||
if (data == NULL)
|
||||
return 0;
|
||||
else
|
||||
len = strlen(data);
|
||||
} else {
|
||||
len = (size_t)len_in;
|
||||
}
|
||||
if ((str->length <= len) || (str->data == NULL)) {
|
||||
/*
|
||||
* Verify that the length fits within an integer for assignment to
|
||||
* str->length below. The additional 1 is subtracted to allow for the
|
||||
* '\0' terminator even though this isn't strictly necessary.
|
||||
*/
|
||||
if (len > INT_MAX - 1) {
|
||||
ASN1err(0, ASN1_R_TOO_LARGE);
|
||||
return 0;
|
||||
}
|
||||
if ((size_t)str->length <= len || str->data == NULL) {
|
||||
c = str->data;
|
||||
str->data = OPENSSL_realloc(c, len + 1);
|
||||
if (str->data == NULL) {
|
||||
|
@ -222,10 +222,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
|
||||
break;
|
||||
|
||||
case ACPT_S_CREATE_SOCKET:
|
||||
ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
|
||||
s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
|
||||
BIO_ADDRINFO_socktype(c->addr_iter),
|
||||
BIO_ADDRINFO_protocol(c->addr_iter), 0);
|
||||
if (ret == (int)INVALID_SOCKET) {
|
||||
if (s == (int)INVALID_SOCKET) {
|
||||
SYSerr(SYS_F_SOCKET, get_last_socket_error());
|
||||
ERR_add_error_data(4,
|
||||
"hostname=", c->param_addr,
|
||||
@ -233,9 +233,10 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c)
|
||||
BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
|
||||
goto exit_loop;
|
||||
}
|
||||
c->accept_sock = ret;
|
||||
b->num = ret;
|
||||
c->accept_sock = s;
|
||||
b->num = s;
|
||||
c->state = ACPT_S_LISTEN;
|
||||
s = -1;
|
||||
break;
|
||||
|
||||
case ACPT_S_LISTEN:
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -1297,5 +1297,7 @@ int ECDSA_size(const EC_KEY *r)
|
||||
i = i2d_ASN1_INTEGER(&bs, NULL);
|
||||
i += i; /* r and s */
|
||||
ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
|
||||
if (ret < 0)
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -1007,14 +1007,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
size_t i = 0;
|
||||
BN_CTX *new_ctx = NULL;
|
||||
|
||||
if ((scalar == NULL) && (num == 0)) {
|
||||
return EC_POINT_set_to_infinity(group, r);
|
||||
}
|
||||
|
||||
if (!ec_point_is_compat(r, group)) {
|
||||
ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (scalar == NULL && num == 0)
|
||||
return EC_POINT_set_to_infinity(group, r);
|
||||
|
||||
for (i = 0; i < num; i++) {
|
||||
if (!ec_point_is_compat(points[i], group)) {
|
||||
ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -260,16 +260,9 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Apply coordinate blinding for EC_POINT.
|
||||
*
|
||||
* The underlying EC_METHOD can optionally implement this function:
|
||||
* ec_point_blind_coordinates() returns 0 in case of errors or 1 on
|
||||
* success or if coordinate blinding is not implemented for this
|
||||
* group.
|
||||
*/
|
||||
if (!ec_point_blind_coordinates(group, p, ctx)) {
|
||||
ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE);
|
||||
/* ensure input point is in affine coords for ladder step efficiency */
|
||||
if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) {
|
||||
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -747,6 +740,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
if (r_is_at_infinity) {
|
||||
if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
|
||||
goto err;
|
||||
|
||||
/*-
|
||||
* Apply coordinate blinding for EC_POINT.
|
||||
*
|
||||
* The underlying EC_METHOD can optionally implement this function:
|
||||
* ec_point_blind_coordinates() returns 0 in case of errors or 1 on
|
||||
* success or if coordinate blinding is not implemented for this
|
||||
* group.
|
||||
*/
|
||||
if (!ec_point_blind_coordinates(group, r, ctx)) {
|
||||
ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
r_is_at_infinity = 0;
|
||||
} else {
|
||||
if (!EC_POINT_add
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -1372,6 +1372,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
|
||||
* Computes the multiplicative inverse of a in GF(p), storing the result in r.
|
||||
* If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
|
||||
* Since we don't have a Mont structure here, SCA hardening is with blinding.
|
||||
* NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.)
|
||||
*/
|
||||
int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
|
||||
BN_CTX *ctx)
|
||||
@ -1431,112 +1432,133 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
|
||||
temp = BN_CTX_get(ctx);
|
||||
if (temp == NULL) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* make sure lambda is not zero */
|
||||
/*-
|
||||
* Make sure lambda is not zero.
|
||||
* If the RNG fails, we cannot blind but nevertheless want
|
||||
* code to continue smoothly and not clobber the error stack.
|
||||
*/
|
||||
do {
|
||||
if (!BN_priv_rand_range(lambda, group->field)) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
ERR_set_mark();
|
||||
ret = BN_priv_rand_range(lambda, group->field);
|
||||
ERR_pop_to_mark();
|
||||
if (ret == 0) {
|
||||
ret = 1;
|
||||
goto end;
|
||||
}
|
||||
} while (BN_is_zero(lambda));
|
||||
|
||||
/* if field_encode defined convert between representations */
|
||||
if (group->meth->field_encode != NULL
|
||||
if ((group->meth->field_encode != NULL
|
||||
&& !group->meth->field_encode(group, lambda, lambda, ctx))
|
||||
goto err;
|
||||
if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx))
|
||||
goto err;
|
||||
if (!group->meth->field_sqr(group, temp, lambda, ctx))
|
||||
goto err;
|
||||
if (!group->meth->field_mul(group, p->X, p->X, temp, ctx))
|
||||
goto err;
|
||||
if (!group->meth->field_mul(group, temp, temp, lambda, ctx))
|
||||
goto err;
|
||||
if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
|
||||
goto err;
|
||||
p->Z_is_one = 0;
|
||||
|| !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)
|
||||
|| !group->meth->field_sqr(group, temp, lambda, ctx)
|
||||
|| !group->meth->field_mul(group, p->X, p->X, temp, ctx)
|
||||
|| !group->meth->field_mul(group, temp, temp, lambda, ctx)
|
||||
|| !group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
|
||||
goto end;
|
||||
|
||||
p->Z_is_one = 0;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
end:
|
||||
BN_CTX_end(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Set s := p, r := 2p.
|
||||
* Input:
|
||||
* - p: affine coordinates
|
||||
*
|
||||
* Output:
|
||||
* - s := p, r := 2p: blinded projective (homogeneous) coordinates
|
||||
*
|
||||
* For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
|
||||
* multiplication resistant against side channel attacks" appendix, as described
|
||||
* at
|
||||
* multiplication resistant against side channel attacks" appendix, described at
|
||||
* https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
|
||||
* simplified for Z1=1.
|
||||
*
|
||||
* The input point p will be in randomized Jacobian projective coords:
|
||||
* x = X/Z**2, y=Y/Z**3
|
||||
*
|
||||
* The output points p, s, and r are converted to standard (homogeneous)
|
||||
* projective coords:
|
||||
* x = X/Z, y=Y/Z
|
||||
* Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z)
|
||||
* for any non-zero \lambda that holds for projective (homogeneous) coords.
|
||||
*/
|
||||
int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
|
||||
EC_POINT *r, EC_POINT *s,
|
||||
EC_POINT *p, BN_CTX *ctx)
|
||||
{
|
||||
BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
|
||||
BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL;
|
||||
|
||||
t1 = r->Z;
|
||||
t2 = r->Y;
|
||||
t1 = s->Z;
|
||||
t2 = r->Z;
|
||||
t3 = s->X;
|
||||
t4 = r->X;
|
||||
t5 = s->Y;
|
||||
t6 = s->Z;
|
||||
|
||||
/* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */
|
||||
if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx)
|
||||
|| !group->meth->field_sqr(group, t1, p->Z, ctx)
|
||||
|| !group->meth->field_mul(group, p->Z, p->Z, t1, ctx)
|
||||
/* r := 2p */
|
||||
|| !group->meth->field_sqr(group, t2, p->X, ctx)
|
||||
|| !group->meth->field_sqr(group, t3, p->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t4, t3, group->a, ctx)
|
||||
|| !BN_mod_sub_quick(t5, t2, t4, group->field)
|
||||
|| !BN_mod_add_quick(t2, t2, t4, group->field)
|
||||
|| !group->meth->field_sqr(group, t5, t5, ctx)
|
||||
|| !group->meth->field_mul(group, t6, t3, group->b, ctx)
|
||||
|| !group->meth->field_mul(group, t1, p->X, p->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t4, t1, t6, ctx)
|
||||
|| !BN_mod_lshift_quick(t4, t4, 3, group->field)
|
||||
if (!p->Z_is_one /* r := 2p */
|
||||
|| !group->meth->field_sqr(group, t3, p->X, ctx)
|
||||
|| !BN_mod_sub_quick(t4, t3, group->a, group->field)
|
||||
|| !group->meth->field_sqr(group, t4, t4, ctx)
|
||||
|| !group->meth->field_mul(group, t5, p->X, group->b, ctx)
|
||||
|| !BN_mod_lshift_quick(t5, t5, 3, group->field)
|
||||
/* r->X coord output */
|
||||
|| !BN_mod_sub_quick(r->X, t5, t4, group->field)
|
||||
|| !group->meth->field_mul(group, t1, t1, t2, ctx)
|
||||
|| !group->meth->field_mul(group, t2, t3, t6, ctx)
|
||||
|| !BN_mod_add_quick(t1, t1, t2, group->field)
|
||||
|| !BN_mod_sub_quick(r->X, t4, t5, group->field)
|
||||
|| !BN_mod_add_quick(t1, t3, group->a, group->field)
|
||||
|| !group->meth->field_mul(group, t2, p->X, t1, ctx)
|
||||
|| !BN_mod_add_quick(t2, group->b, t2, group->field)
|
||||
/* r->Z coord output */
|
||||
|| !BN_mod_lshift_quick(r->Z, t1, 2, group->field)
|
||||
|| !EC_POINT_copy(s, p))
|
||||
|| !BN_mod_lshift_quick(r->Z, t2, 2, group->field))
|
||||
return 0;
|
||||
|
||||
/* make sure lambda (r->Y here for storage) is not zero */
|
||||
do {
|
||||
if (!BN_priv_rand_range(r->Y, group->field))
|
||||
return 0;
|
||||
} while (BN_is_zero(r->Y));
|
||||
|
||||
/* make sure lambda (s->Z here for storage) is not zero */
|
||||
do {
|
||||
if (!BN_priv_rand_range(s->Z, group->field))
|
||||
return 0;
|
||||
} while (BN_is_zero(s->Z));
|
||||
|
||||
/* if field_encode defined convert between representations */
|
||||
if (group->meth->field_encode != NULL
|
||||
&& (!group->meth->field_encode(group, r->Y, r->Y, ctx)
|
||||
|| !group->meth->field_encode(group, s->Z, s->Z, ctx)))
|
||||
return 0;
|
||||
|
||||
/* blind r and s independently */
|
||||
if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
|
||||
|| !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)
|
||||
|| !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */
|
||||
return 0;
|
||||
|
||||
r->Z_is_one = 0;
|
||||
s->Z_is_one = 0;
|
||||
p->Z_is_one = 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Input:
|
||||
* - s, r: projective (homogeneous) coordinates
|
||||
* - p: affine coordinates
|
||||
*
|
||||
* Output:
|
||||
* - s := r + s, r := 2r: projective (homogeneous) coordinates
|
||||
*
|
||||
* Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
|
||||
* "A fast parallel elliptic curve multiplication resistant against side channel
|
||||
* attacks", as described at
|
||||
* https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-4
|
||||
* https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4
|
||||
*/
|
||||
int ec_GFp_simple_ladder_step(const EC_GROUP *group,
|
||||
EC_POINT *r, EC_POINT *s,
|
||||
EC_POINT *p, BN_CTX *ctx)
|
||||
{
|
||||
int ret = 0;
|
||||
BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL;
|
||||
BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
t0 = BN_CTX_get(ctx);
|
||||
@ -1546,50 +1568,47 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
|
||||
t4 = BN_CTX_get(ctx);
|
||||
t5 = BN_CTX_get(ctx);
|
||||
t6 = BN_CTX_get(ctx);
|
||||
t7 = BN_CTX_get(ctx);
|
||||
|
||||
if (t7 == NULL
|
||||
|| !group->meth->field_mul(group, t0, r->X, s->X, ctx)
|
||||
|| !group->meth->field_mul(group, t1, r->Z, s->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t2, r->X, s->Z, ctx)
|
||||
if (t6 == NULL
|
||||
|| !group->meth->field_mul(group, t6, r->X, s->X, ctx)
|
||||
|| !group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t4, r->X, s->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
|
||||
|| !group->meth->field_mul(group, t4, group->a, t1, ctx)
|
||||
|| !BN_mod_add_quick(t0, t0, t4, group->field)
|
||||
|| !BN_mod_add_quick(t4, t3, t2, group->field)
|
||||
|| !group->meth->field_mul(group, t0, t4, t0, ctx)
|
||||
|| !group->meth->field_sqr(group, t1, t1, ctx)
|
||||
|| !BN_mod_lshift_quick(t7, group->b, 2, group->field)
|
||||
|| !group->meth->field_mul(group, t1, t7, t1, ctx)
|
||||
|| !BN_mod_lshift1_quick(t0, t0, group->field)
|
||||
|| !BN_mod_add_quick(t0, t1, t0, group->field)
|
||||
|| !BN_mod_sub_quick(t1, t2, t3, group->field)
|
||||
|| !group->meth->field_sqr(group, t1, t1, ctx)
|
||||
|| !group->meth->field_mul(group, t3, t1, p->X, ctx)
|
||||
|| !group->meth->field_mul(group, t0, p->Z, t0, ctx)
|
||||
/* s->X coord output */
|
||||
|| !BN_mod_sub_quick(s->X, t0, t3, group->field)
|
||||
/* s->Z coord output */
|
||||
|| !group->meth->field_mul(group, s->Z, p->Z, t1, ctx)
|
||||
|| !group->meth->field_sqr(group, t3, r->X, ctx)
|
||||
|| !group->meth->field_sqr(group, t2, r->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t4, t2, group->a, ctx)
|
||||
|| !BN_mod_add_quick(t5, r->X, r->Z, group->field)
|
||||
|| !group->meth->field_sqr(group, t5, t5, ctx)
|
||||
|| !BN_mod_sub_quick(t5, t5, t3, group->field)
|
||||
|| !BN_mod_sub_quick(t5, t5, t2, group->field)
|
||||
|| !BN_mod_sub_quick(t6, t3, t4, group->field)
|
||||
|| !group->meth->field_sqr(group, t6, t6, ctx)
|
||||
|| !group->meth->field_mul(group, t0, t2, t5, ctx)
|
||||
|| !group->meth->field_mul(group, t0, t7, t0, ctx)
|
||||
/* r->X coord output */
|
||||
|| !BN_mod_sub_quick(r->X, t6, t0, group->field)
|
||||
|| !group->meth->field_mul(group, t5, group->a, t0, ctx)
|
||||
|| !BN_mod_add_quick(t5, t6, t5, group->field)
|
||||
|| !BN_mod_add_quick(t6, t3, t4, group->field)
|
||||
|| !group->meth->field_sqr(group, t3, t2, ctx)
|
||||
|| !group->meth->field_mul(group, t7, t3, t7, ctx)
|
||||
|| !group->meth->field_mul(group, t5, t5, t6, ctx)
|
||||
|| !group->meth->field_mul(group, t5, t6, t5, ctx)
|
||||
|| !group->meth->field_sqr(group, t0, t0, ctx)
|
||||
|| !BN_mod_lshift_quick(t2, group->b, 2, group->field)
|
||||
|| !group->meth->field_mul(group, t0, t2, t0, ctx)
|
||||
|| !BN_mod_lshift1_quick(t5, t5, group->field)
|
||||
|| !BN_mod_sub_quick(t3, t4, t3, group->field)
|
||||
/* s->Z coord output */
|
||||
|| !group->meth->field_sqr(group, s->Z, t3, ctx)
|
||||
|| !group->meth->field_mul(group, t4, s->Z, p->X, ctx)
|
||||
|| !BN_mod_add_quick(t0, t0, t5, group->field)
|
||||
/* s->X coord output */
|
||||
|| !BN_mod_sub_quick(s->X, t0, t4, group->field)
|
||||
|| !group->meth->field_sqr(group, t4, r->X, ctx)
|
||||
|| !group->meth->field_sqr(group, t5, r->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t6, t5, group->a, ctx)
|
||||
|| !BN_mod_add_quick(t1, r->X, r->Z, group->field)
|
||||
|| !group->meth->field_sqr(group, t1, t1, ctx)
|
||||
|| !BN_mod_sub_quick(t1, t1, t4, group->field)
|
||||
|| !BN_mod_sub_quick(t1, t1, t5, group->field)
|
||||
|| !BN_mod_sub_quick(t3, t4, t6, group->field)
|
||||
|| !group->meth->field_sqr(group, t3, t3, ctx)
|
||||
|| !group->meth->field_mul(group, t0, t5, t1, ctx)
|
||||
|| !group->meth->field_mul(group, t0, t2, t0, ctx)
|
||||
/* r->X coord output */
|
||||
|| !BN_mod_sub_quick(r->X, t3, t0, group->field)
|
||||
|| !BN_mod_add_quick(t3, t4, t6, group->field)
|
||||
|| !group->meth->field_sqr(group, t4, t5, ctx)
|
||||
|| !group->meth->field_mul(group, t4, t4, t2, ctx)
|
||||
|| !group->meth->field_mul(group, t1, t1, t3, ctx)
|
||||
|| !BN_mod_lshift1_quick(t1, t1, group->field)
|
||||
/* r->Z coord output */
|
||||
|| !BN_mod_add_quick(r->Z, t7, t5, group->field))
|
||||
|| !BN_mod_add_quick(r->Z, t4, t1, group->field))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
@ -1600,17 +1619,23 @@ int ec_GFp_simple_ladder_step(const EC_GROUP *group,
|
||||
}
|
||||
|
||||
/*-
|
||||
* Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
|
||||
* Elliptic Curves and Side-Channel Attacks", modified to work in projective
|
||||
* coordinates and return r in Jacobian projective coordinates.
|
||||
* Input:
|
||||
* - s, r: projective (homogeneous) coordinates
|
||||
* - p: affine coordinates
|
||||
*
|
||||
* X4 = two*Y1*X2*Z3*Z2*Z1;
|
||||
* Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1);
|
||||
* Z4 = two*Y1*Z3*SQR(Z2)*Z1;
|
||||
* Output:
|
||||
* - r := (x,y): affine coordinates
|
||||
*
|
||||
* Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
|
||||
* Elliptic Curves and Side-Channel Attacks", modified to work in mixed
|
||||
* projective coords, i.e. p is affine and (r,s) in projective (homogeneous)
|
||||
* coords, and return r in affine coordinates.
|
||||
*
|
||||
* X4 = two*Y1*X2*Z3*Z2;
|
||||
* Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2);
|
||||
* Z4 = two*Y1*Z3*SQR(Z2);
|
||||
*
|
||||
* Z4 != 0 because:
|
||||
* - Z1==0 implies p is at infinity, which would have caused an early exit in
|
||||
* the caller;
|
||||
* - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
|
||||
* - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
|
||||
* - Y1==0 implies p has order 2, so either r or s are infinity and handled by
|
||||
@ -1627,11 +1652,7 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
|
||||
return EC_POINT_set_to_infinity(group, r);
|
||||
|
||||
if (BN_is_zero(s->Z)) {
|
||||
/* (X,Y,Z) -> (XZ,YZ**2,Z) */
|
||||
if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx)
|
||||
|| !group->meth->field_sqr(group, r->Z, p->Z, ctx)
|
||||
|| !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx)
|
||||
|| !BN_copy(r->Z, p->Z)
|
||||
if (!EC_POINT_copy(r, p)
|
||||
|| !EC_POINT_invert(group, r, ctx))
|
||||
return 0;
|
||||
return 1;
|
||||
@ -1647,38 +1668,46 @@ int ec_GFp_simple_ladder_post(const EC_GROUP *group,
|
||||
t6 = BN_CTX_get(ctx);
|
||||
|
||||
if (t6 == NULL
|
||||
|| !BN_mod_lshift1_quick(t0, p->Y, group->field)
|
||||
|| !group->meth->field_mul(group, t1, r->X, p->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t2, r->Z, s->Z, ctx)
|
||||
|| !group->meth->field_mul(group, t2, t1, t2, ctx)
|
||||
|| !group->meth->field_mul(group, t3, t2, t0, ctx)
|
||||
|| !group->meth->field_mul(group, t2, r->Z, p->Z, ctx)
|
||||
|| !group->meth->field_sqr(group, t4, t2, ctx)
|
||||
|| !BN_mod_lshift1_quick(t5, group->b, group->field)
|
||||
|| !group->meth->field_mul(group, t4, t4, t5, ctx)
|
||||
|| !group->meth->field_mul(group, t6, t2, group->a, ctx)
|
||||
|| !group->meth->field_mul(group, t5, r->X, p->X, ctx)
|
||||
|| !BN_mod_add_quick(t5, t6, t5, group->field)
|
||||
|| !group->meth->field_mul(group, t6, r->Z, p->X, ctx)
|
||||
|| !BN_mod_add_quick(t2, t6, t1, group->field)
|
||||
|| !group->meth->field_mul(group, t5, t5, t2, ctx)
|
||||
|| !BN_mod_sub_quick(t6, t6, t1, group->field)
|
||||
|| !group->meth->field_sqr(group, t6, t6, ctx)
|
||||
|| !group->meth->field_mul(group, t6, t6, s->X, ctx)
|
||||
|| !BN_mod_add_quick(t4, t5, t4, group->field)
|
||||
|| !group->meth->field_mul(group, t4, t4, s->Z, ctx)
|
||||
|| !BN_mod_sub_quick(t4, t4, t6, group->field)
|
||||
|| !group->meth->field_sqr(group, t5, r->Z, ctx)
|
||||
|| !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx)
|
||||
|| !group->meth->field_mul(group, r->Z, t5, r->Z, ctx)
|
||||
|| !group->meth->field_mul(group, r->Z, r->Z, t0, ctx)
|
||||
/* t3 := X, t4 := Y */
|
||||
/* (X,Y,Z) -> (XZ,YZ**2,Z) */
|
||||
|| !group->meth->field_mul(group, r->X, t3, r->Z, ctx)
|
||||
|| !BN_mod_lshift1_quick(t4, p->Y, group->field)
|
||||
|| !group->meth->field_mul(group, t6, r->X, t4, ctx)
|
||||
|| !group->meth->field_mul(group, t6, s->Z, t6, ctx)
|
||||
|| !group->meth->field_mul(group, t5, r->Z, t6, ctx)
|
||||
|| !BN_mod_lshift1_quick(t1, group->b, group->field)
|
||||
|| !group->meth->field_mul(group, t1, s->Z, t1, ctx)
|
||||
|| !group->meth->field_sqr(group, t3, r->Z, ctx)
|
||||
|| !group->meth->field_mul(group, r->Y, t4, t3, ctx))
|
||||
|| !group->meth->field_mul(group, t2, t3, t1, ctx)
|
||||
|| !group->meth->field_mul(group, t6, r->Z, group->a, ctx)
|
||||
|| !group->meth->field_mul(group, t1, p->X, r->X, ctx)
|
||||
|| !BN_mod_add_quick(t1, t1, t6, group->field)
|
||||
|| !group->meth->field_mul(group, t1, s->Z, t1, ctx)
|
||||
|| !group->meth->field_mul(group, t0, p->X, r->Z, ctx)
|
||||
|| !BN_mod_add_quick(t6, r->X, t0, group->field)
|
||||
|| !group->meth->field_mul(group, t6, t6, t1, ctx)
|
||||
|| !BN_mod_add_quick(t6, t6, t2, group->field)
|
||||
|| !BN_mod_sub_quick(t0, t0, r->X, group->field)
|
||||
|| !group->meth->field_sqr(group, t0, t0, ctx)
|
||||
|| !group->meth->field_mul(group, t0, t0, s->X, ctx)
|
||||
|| !BN_mod_sub_quick(t0, t6, t0, group->field)
|
||||
|| !group->meth->field_mul(group, t1, s->Z, t4, ctx)
|
||||
|| !group->meth->field_mul(group, t1, t3, t1, ctx)
|
||||
|| (group->meth->field_decode != NULL
|
||||
&& !group->meth->field_decode(group, t1, t1, ctx))
|
||||
|| !group->meth->field_inv(group, t1, t1, ctx)
|
||||
|| (group->meth->field_encode != NULL
|
||||
&& !group->meth->field_encode(group, t1, t1, ctx))
|
||||
|| !group->meth->field_mul(group, r->X, t5, t1, ctx)
|
||||
|| !group->meth->field_mul(group, r->Y, t0, t1, ctx))
|
||||
goto err;
|
||||
|
||||
if (group->meth->field_set_to_one != NULL) {
|
||||
if (!group->meth->field_set_to_one(group, r->Z, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
if (!BN_one(r->Z))
|
||||
goto err;
|
||||
}
|
||||
|
||||
r->Z_is_one = 1;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
|
@ -130,6 +130,11 @@ void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
|
||||
size_t len, const AES_KEY *key1,
|
||||
const AES_KEY *key2, const unsigned char iv[16]);
|
||||
#endif
|
||||
#if !defined(AES_ASM) && !defined(AES_CTR_ASM) \
|
||||
&& defined(OPENSSL_AES_CONST_TIME) \
|
||||
&& !defined(OPENSSL_SMALL_FOOTPRINT)
|
||||
# define AES_CTR_ASM
|
||||
#endif
|
||||
#ifdef AES_CTR_ASM
|
||||
void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
|
||||
size_t blocks, const AES_KEY *key,
|
||||
|
@ -2,3 +2,5 @@ LIBS=../../libcrypto
|
||||
SOURCE[../../libcrypto]=\
|
||||
randfile.c rand_lib.c rand_err.c rand_egd.c \
|
||||
rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c
|
||||
|
||||
INCLUDE[drbg_ctr.o]=../modes
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -12,28 +12,25 @@
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "internal/thread_once.h"
|
||||
#include "modes_local.h"
|
||||
#include "internal/thread_once.h"
|
||||
#include "rand_local.h"
|
||||
|
||||
/*
|
||||
* Implementation of NIST SP 800-90A CTR DRBG.
|
||||
*/
|
||||
|
||||
static void inc_128(RAND_DRBG_CTR *ctr)
|
||||
{
|
||||
int i;
|
||||
unsigned char c;
|
||||
unsigned char *p = &ctr->V[15];
|
||||
unsigned char *p = &ctr->V[0];
|
||||
u32 n = 16, c = 1;
|
||||
|
||||
for (i = 0; i < 16; i++, p--) {
|
||||
c = *p;
|
||||
c++;
|
||||
*p = c;
|
||||
if (c != 0) {
|
||||
/* If we didn't wrap around, we're done. */
|
||||
break;
|
||||
}
|
||||
}
|
||||
do {
|
||||
--n;
|
||||
c += p[n];
|
||||
p[n] = (u8)c;
|
||||
c >>= 8;
|
||||
} while (n);
|
||||
}
|
||||
|
||||
static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
|
||||
|
@ -508,6 +508,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
|
||||
ret = 1;
|
||||
break;
|
||||
}
|
||||
if ((x->ex_flags & EXFLAG_CA) == 0
|
||||
&& x->ex_pathlen != -1
|
||||
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
|
||||
ctx->error = X509_V_ERR_INVALID_EXTENSION;
|
||||
ret = 0;
|
||||
}
|
||||
if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
|
||||
return 0;
|
||||
/* check_purpose() makes the callback as needed */
|
||||
|
@ -384,12 +384,16 @@ static void x509v3_cache_extensions(X509 *x)
|
||||
if (bs->ca)
|
||||
x->ex_flags |= EXFLAG_CA;
|
||||
if (bs->pathlen) {
|
||||
if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
|
||||
|| !bs->ca) {
|
||||
if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
|
||||
x->ex_flags |= EXFLAG_INVALID;
|
||||
x->ex_pathlen = 0;
|
||||
} else
|
||||
} else {
|
||||
x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
|
||||
if (!bs->ca && x->ex_pathlen != 0) {
|
||||
x->ex_flags |= EXFLAG_INVALID;
|
||||
x->ex_pathlen = 0;
|
||||
}
|
||||
}
|
||||
} else
|
||||
x->ex_pathlen = -1;
|
||||
BASIC_CONSTRAINTS_free(bs);
|
||||
@ -545,9 +549,11 @@ static void x509v3_cache_extensions(X509 *x)
|
||||
* return codes:
|
||||
* 0 not a CA
|
||||
* 1 is a CA
|
||||
* 2 basicConstraints absent so "maybe" a CA
|
||||
* 2 Only possible in older versions of openSSL when basicConstraints are absent
|
||||
* new versions will not return this value. May be a CA
|
||||
* 3 basicConstraints absent but self signed V1.
|
||||
* 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
* 5 Netscape specific CA Flags present
|
||||
*/
|
||||
|
||||
static int check_ca(const X509 *x)
|
||||
|
@ -14,7 +14,7 @@ B<openssl> B<s_time>
|
||||
[B<-cert filename>]
|
||||
[B<-key filename>]
|
||||
[B<-CApath directory>]
|
||||
[B<-cafile filename>]
|
||||
[B<-CAfile filename>]
|
||||
[B<-no-CAfile>]
|
||||
[B<-no-CApath>]
|
||||
[B<-reuse>]
|
||||
@ -202,7 +202,7 @@ L<s_client(1)>, L<s_server(1)>, L<ciphers(1)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -160,6 +160,13 @@ In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
|
||||
achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
|
||||
of a 512-bit key to achieve AES 256-bit security.
|
||||
|
||||
The XTS implementation in OpenSSL does not support streaming. That is there must
|
||||
only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
|
||||
similarly with the "Decrypt" functions).
|
||||
|
||||
The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
|
||||
the XTS "tweak" value.
|
||||
|
||||
=back
|
||||
|
||||
=head1 RETURN VALUES
|
||||
@ -176,7 +183,7 @@ L<EVP_CIPHER_meth_new(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -33,10 +33,10 @@ RAND_get_rand_method() returns a pointer to the current B<RAND_METHOD>.
|
||||
=head1 THE RAND_METHOD STRUCTURE
|
||||
|
||||
typedef struct rand_meth_st {
|
||||
void (*seed)(const void *buf, int num);
|
||||
int (*seed)(const void *buf, int num);
|
||||
int (*bytes)(unsigned char *buf, int num);
|
||||
void (*cleanup)(void);
|
||||
void (*add)(const void *buf, int num, int randomness);
|
||||
int (*add)(const void *buf, int num, double entropy);
|
||||
int (*pseudorand)(unsigned char *buf, int num);
|
||||
int (*status)(void);
|
||||
} RAND_METHOD;
|
||||
@ -60,7 +60,7 @@ L<RAND(7)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
74
doc/man3/X509_check_purpose.pod
Normal file
74
doc/man3/X509_check_purpose.pod
Normal file
@ -0,0 +1,74 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
X509_check_purpose - Check the purpose of a certificate
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
int X509_check_purpose(X509 *x, int id, int ca)
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This function checks if certificate I<x> was created with the purpose
|
||||
represented by I<id>. If I<ca> is nonzero, then certificate I<x> is
|
||||
checked to determine if it's a possible CA with various levels of certainty
|
||||
possibly returned.
|
||||
|
||||
Below are the potential ID's that can be checked:
|
||||
|
||||
# define X509_PURPOSE_SSL_CLIENT 1
|
||||
# define X509_PURPOSE_SSL_SERVER 2
|
||||
# define X509_PURPOSE_NS_SSL_SERVER 3
|
||||
# define X509_PURPOSE_SMIME_SIGN 4
|
||||
# define X509_PURPOSE_SMIME_ENCRYPT 5
|
||||
# define X509_PURPOSE_CRL_SIGN 6
|
||||
# define X509_PURPOSE_ANY 7
|
||||
# define X509_PURPOSE_OCSP_HELPER 8
|
||||
# define X509_PURPOSE_TIMESTAMP_SIGN 9
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
For non-CA checks
|
||||
|
||||
=over 4
|
||||
|
||||
=item -1 an error condition has occured
|
||||
|
||||
=item E<32>1 if the certificate was created to perform the purpose represented by I<id>
|
||||
|
||||
=item E<32>0 if the certificate was not created to perform the purpose represented by I<id>
|
||||
|
||||
=back
|
||||
|
||||
For CA checks the below integers could be returned with the following meanings:
|
||||
|
||||
=over 4
|
||||
|
||||
=item -1 an error condition has occured
|
||||
|
||||
=item E<32>0 not a CA or does not have the purpose represented by I<id>
|
||||
|
||||
=item E<32>1 is a CA.
|
||||
|
||||
=item E<32>2 Only possible in old versions of openSSL when basicConstraints are absent.
|
||||
New versions will not return this value. May be a CA
|
||||
|
||||
=item E<32>3 basicConstraints absent but self signed V1.
|
||||
|
||||
=item E<32>4 basicConstraints absent but keyUsage present and keyCertSign asserted.
|
||||
|
||||
=item E<32>5 legacy Netscape specific CA Flags present
|
||||
|
||||
=back
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use this
|
||||
file except in compliance with the License. You can obtain a copy in the file
|
||||
LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
@ -39,8 +39,8 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010106fL
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1f 31 Mar 2020"
|
||||
# define OPENSSL_VERSION_NUMBER 0x1010107fL
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1g 21 Apr 2020"
|
||||
|
||||
/*-
|
||||
* The macros below are to be used for shared library (.so, .dll, ...)
|
||||
|
@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
|
||||
sigalg = use_pc_sigalgs
|
||||
? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
|
||||
: s->shared_sigalgs[i];
|
||||
if (sig_nid == sigalg->sigandhash)
|
||||
if (sigalg != NULL && sig_nid == sigalg->sigandhash)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user