Import OpenSSL 1.1.1c.
This commit is contained in:
parent
cfa887f746
commit
a36e0f5b4f
71
CHANGES
71
CHANGES
@ -7,6 +7,77 @@
|
||||
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||
release branch.
|
||||
|
||||
Changes between 1.1.1b and 1.1.1c [28 May 2019]
|
||||
|
||||
*) Add build tests for C++. These are generated files that only do one
|
||||
thing, to include one public OpenSSL head file each. This tests that
|
||||
the public header files can be usefully included in a C++ application.
|
||||
|
||||
This test isn't enabled by default. It can be enabled with the option
|
||||
'enable-buildtest-c++'.
|
||||
[Richard Levitte]
|
||||
|
||||
*) Enable SHA3 pre-hashing for ECDSA and DSA.
|
||||
[Patrick Steuer]
|
||||
|
||||
*) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
|
||||
This changes the size when using the genpkey app when no size is given. It
|
||||
fixes an omission in earlier changes that changed all RSA, DSA and DH
|
||||
generation apps to use 2048 bits by default.
|
||||
[Kurt Roeckx]
|
||||
|
||||
*) Reorganize the manual pages to consistently have RETURN VALUES,
|
||||
EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust
|
||||
util/fix-doc-nits accordingly.
|
||||
[Paul Yang, Joshua Lock]
|
||||
|
||||
*) Add the missing accessor EVP_PKEY_get0_engine()
|
||||
[Matt Caswell]
|
||||
|
||||
*) Have apps like 's_client' and 's_server' output the signature scheme
|
||||
along with other cipher suite parameters when debugging.
|
||||
[Lorinczy Zsigmond]
|
||||
|
||||
*) Make OPENSSL_config() error agnostic again.
|
||||
[Richard Levitte]
|
||||
|
||||
*) Do the error handling in RSA decryption constant time.
|
||||
[Bernd Edlinger]
|
||||
|
||||
*) Prevent over long nonces in ChaCha20-Poly1305.
|
||||
|
||||
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input
|
||||
for every encryption operation. RFC 7539 specifies that the nonce value
|
||||
(IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length
|
||||
and front pads the nonce with 0 bytes if it is less than 12
|
||||
bytes. However it also incorrectly allows a nonce to be set of up to 16
|
||||
bytes. In this case only the last 12 bytes are significant and any
|
||||
additional leading bytes are ignored.
|
||||
|
||||
It is a requirement of using this cipher that nonce values are
|
||||
unique. Messages encrypted using a reused nonce value are susceptible to
|
||||
serious confidentiality and integrity attacks. If an application changes
|
||||
the default nonce length to be longer than 12 bytes and then makes a
|
||||
change to the leading bytes of the nonce expecting the new value to be a
|
||||
new unique nonce then such an application could inadvertently encrypt
|
||||
messages with a reused nonce.
|
||||
|
||||
Additionally the ignored bytes in a long nonce are not covered by the
|
||||
integrity guarantee of this cipher. Any application that relies on the
|
||||
integrity of these ignored leading bytes of a long nonce may be further
|
||||
affected. Any OpenSSL internal use of this cipher, including in SSL/TLS,
|
||||
is safe because no such use sets such a long nonce value. However user
|
||||
applications that use this cipher directly and set a non-default nonce
|
||||
length to be longer than 12 bytes may be vulnerable.
|
||||
|
||||
This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk
|
||||
Greef of Ronomon.
|
||||
(CVE-2019-1543)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Ensure that SM2 only uses SM3 as digest algorithm
|
||||
[Paul Yang]
|
||||
|
||||
Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
|
||||
|
||||
*) Added SCA hardening for modular field inversion in EC_GROUP through
|
||||
|
21
INSTALL
21
INSTALL
@ -287,6 +287,19 @@
|
||||
Typically OpenSSL will automatically load a system config
|
||||
file which configures default ssl options.
|
||||
|
||||
enable-buildtest-c++
|
||||
While testing, generate C++ buildtest files that
|
||||
simply check that the public OpenSSL header files
|
||||
are usable standalone with C++.
|
||||
|
||||
Enabling this option demands extra care. For any
|
||||
compiler flag given directly as configuration
|
||||
option, you must ensure that it's valid for both
|
||||
the C and the C++ compiler. If not, the C++ build
|
||||
test will most likely break. As an alternative,
|
||||
you can use the language specific variables, CFLAGS
|
||||
and CXXFLAGS.
|
||||
|
||||
no-capieng
|
||||
Don't build the CAPI engine. This option will be forced if
|
||||
on a platform that does not support CAPI.
|
||||
@ -331,9 +344,6 @@
|
||||
on BSD implementations, in which case it can be disabled with
|
||||
no-devcryptoeng.
|
||||
|
||||
no-dso
|
||||
Don't build support for loading Dynamic Shared Objects.
|
||||
|
||||
no-dynamic-engine
|
||||
Don't build the dynamically loaded engines. This only has an
|
||||
effect in a "shared" build
|
||||
@ -665,6 +675,11 @@
|
||||
CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- \
|
||||
./config -DCOOKIE
|
||||
|
||||
If CC is set, it is advisable to also set CXX to ensure
|
||||
both C and C++ compilers are in the same "family". This
|
||||
becomes relevant with 'enable-external-tests' and
|
||||
'enable-buildtest-c++'.
|
||||
|
||||
reconf
|
||||
reconfigure
|
||||
Reconfigure from earlier data. This fetches the previous
|
||||
|
4
NEWS
4
NEWS
@ -5,6 +5,10 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
|
||||
|
||||
o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
|
||||
|
||||
Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
|
||||
|
||||
o Change the info callback signals for the start and end of a post-handshake
|
||||
|
@ -78,7 +78,7 @@
|
||||
---------------------------------
|
||||
|
||||
There are a number of ways to install a perl module. In all
|
||||
descriptions below, Text::Template will server as an example.
|
||||
descriptions below, Text::Template will serve as an example.
|
||||
|
||||
1. for Linux users, the easiest is to install with the use of your
|
||||
favorite package manager. Usually, all you need to do is search
|
||||
|
4
README
4
README
@ -1,7 +1,7 @@
|
||||
|
||||
OpenSSL 1.1.1b 26 Feb 2019
|
||||
OpenSSL 1.1.1c 28 May 2019
|
||||
|
||||
Copyright (c) 1998-2018 The OpenSSL Project
|
||||
Copyright (c) 1998-2019 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
All rights reserved.
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -170,17 +170,17 @@ int asn1parse_main(int argc, char **argv)
|
||||
if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
|
||||
goto end;
|
||||
|
||||
if ((buf = BUF_MEM_new()) == NULL)
|
||||
goto end;
|
||||
if (strictpem) {
|
||||
if (PEM_read_bio(in, &name, &header, &str, &num) !=
|
||||
1) {
|
||||
if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
|
||||
BIO_printf(bio_err, "Error reading PEM file\n");
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
buf->data = (char *)str;
|
||||
buf->length = buf->max = num;
|
||||
} else {
|
||||
|
||||
if ((buf = BUF_MEM_new()) == NULL)
|
||||
goto end;
|
||||
if (!BUF_MEM_grow(buf, BUFSIZ * 8))
|
||||
goto end; /* Pre-allocate :-) */
|
||||
|
||||
@ -303,8 +303,6 @@ int asn1parse_main(int argc, char **argv)
|
||||
BUF_MEM_free(buf);
|
||||
OPENSSL_free(name);
|
||||
OPENSSL_free(header);
|
||||
if (strictpem)
|
||||
OPENSSL_free(str);
|
||||
ASN1_TYPE_free(at);
|
||||
sk_OPENSSL_STRING_free(osk);
|
||||
return ret;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -636,6 +636,7 @@ int cms_main(int argc, char **argv)
|
||||
goto opthelp;
|
||||
}
|
||||
} else if (!operation) {
|
||||
BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n");
|
||||
goto opthelp;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -500,7 +500,7 @@ int enc_main(int argc, char **argv)
|
||||
if (hiv != NULL) {
|
||||
int siz = EVP_CIPHER_iv_length(cipher);
|
||||
if (siz == 0) {
|
||||
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||
BIO_printf(bio_err, "warning: iv not used by this cipher\n");
|
||||
} else if (!set_hex(hiv, iv, siz)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
|
11
apps/ocsp.c
11
apps/ocsp.c
@ -641,8 +641,10 @@ redo_accept:
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (req != NULL && add_nonce)
|
||||
OCSP_request_add1_nonce(req, NULL, -1);
|
||||
if (req != NULL && add_nonce) {
|
||||
if (!OCSP_request_add1_nonce(req, NULL, -1))
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (signfile != NULL) {
|
||||
if (keyfile == NULL)
|
||||
@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags);
|
||||
if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
|
||||
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (badsig) {
|
||||
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
|
||||
|
106
apps/s_cb.c
106
apps/s_cb.c
@ -683,6 +683,53 @@ static STRINT_PAIR tlsext_types[] = {
|
||||
{NULL}
|
||||
};
|
||||
|
||||
/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
|
||||
static STRINT_PAIR signature_tls13_scheme_list[] = {
|
||||
{"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
|
||||
{"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
|
||||
/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
|
||||
/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
|
||||
{"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
|
||||
{"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
|
||||
{"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
|
||||
{"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
|
||||
{"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
|
||||
{"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
|
||||
{"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
|
||||
{"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
|
||||
{"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
|
||||
{"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */},
|
||||
{"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */},
|
||||
{"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
|
||||
{"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
|
||||
{"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
|
||||
{"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
|
||||
{"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
|
||||
{"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
/* from rfc5246 7.4.1.4.1. */
|
||||
static STRINT_PAIR signature_tls12_alg_list[] = {
|
||||
{"anonymous", TLSEXT_signature_anonymous /* 0 */},
|
||||
{"RSA", TLSEXT_signature_rsa /* 1 */},
|
||||
{"DSA", TLSEXT_signature_dsa /* 2 */},
|
||||
{"ECDSA", TLSEXT_signature_ecdsa /* 3 */},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
/* from rfc5246 7.4.1.4.1. */
|
||||
static STRINT_PAIR signature_tls12_hash_list[] = {
|
||||
{"none", TLSEXT_hash_none /* 0 */},
|
||||
{"MD5", TLSEXT_hash_md5 /* 1 */},
|
||||
{"SHA1", TLSEXT_hash_sha1 /* 2 */},
|
||||
{"SHA224", TLSEXT_hash_sha224 /* 3 */},
|
||||
{"SHA256", TLSEXT_hash_sha256 /* 4 */},
|
||||
{"SHA384", TLSEXT_hash_sha384 /* 5 */},
|
||||
{"SHA512", TLSEXT_hash_sha512 /* 6 */},
|
||||
{NULL}
|
||||
};
|
||||
|
||||
void tlsext_cb(SSL *s, int client_server, int type,
|
||||
const unsigned char *data, int len, void *arg)
|
||||
{
|
||||
@ -1282,9 +1329,9 @@ static STRINT_PAIR callback_types[] = {
|
||||
{"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
|
||||
{"Shared Curve", SSL_SECOP_CURVE_SHARED},
|
||||
{"Check Curve", SSL_SECOP_CURVE_CHECK},
|
||||
{"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED},
|
||||
{"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED},
|
||||
{"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK},
|
||||
{"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
|
||||
{"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
|
||||
{"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
|
||||
{"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
|
||||
{"Certificate chain EE key", SSL_SECOP_EE_KEY},
|
||||
{"Certificate chain CA key", SSL_SECOP_CA_KEY},
|
||||
@ -1304,29 +1351,37 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
|
||||
security_debug_ex *sdb = ex;
|
||||
int rv, show_bits = 1, cert_md = 0;
|
||||
const char *nm;
|
||||
int show_nm;
|
||||
rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
|
||||
if (rv == 1 && sdb->verbose < 2)
|
||||
return 1;
|
||||
BIO_puts(sdb->out, "Security callback: ");
|
||||
|
||||
nm = lookup(op, callback_types, NULL);
|
||||
show_nm = nm != NULL;
|
||||
switch (op) {
|
||||
case SSL_SECOP_TICKET:
|
||||
case SSL_SECOP_COMPRESSION:
|
||||
show_bits = 0;
|
||||
nm = NULL;
|
||||
show_nm = 0;
|
||||
break;
|
||||
case SSL_SECOP_VERSION:
|
||||
BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
|
||||
show_bits = 0;
|
||||
nm = NULL;
|
||||
show_nm = 0;
|
||||
break;
|
||||
case SSL_SECOP_CA_MD:
|
||||
case SSL_SECOP_PEER_CA_MD:
|
||||
cert_md = 1;
|
||||
break;
|
||||
case SSL_SECOP_SIGALG_SUPPORTED:
|
||||
case SSL_SECOP_SIGALG_SHARED:
|
||||
case SSL_SECOP_SIGALG_CHECK:
|
||||
case SSL_SECOP_SIGALG_MASK:
|
||||
show_nm = 0;
|
||||
break;
|
||||
}
|
||||
if (nm != NULL)
|
||||
if (show_nm)
|
||||
BIO_printf(sdb->out, "%s=", nm);
|
||||
|
||||
switch (op & SSL_SECOP_OTHER_TYPE) {
|
||||
@ -1373,27 +1428,28 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
|
||||
{
|
||||
const unsigned char *salg = other;
|
||||
const char *sname = NULL;
|
||||
switch (salg[1]) {
|
||||
case TLSEXT_signature_anonymous:
|
||||
sname = "anonymous";
|
||||
break;
|
||||
case TLSEXT_signature_rsa:
|
||||
sname = "RSA";
|
||||
break;
|
||||
case TLSEXT_signature_dsa:
|
||||
sname = "DSA";
|
||||
break;
|
||||
case TLSEXT_signature_ecdsa:
|
||||
sname = "ECDSA";
|
||||
break;
|
||||
}
|
||||
int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
|
||||
/* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
|
||||
|
||||
BIO_puts(sdb->out, OBJ_nid2sn(nid));
|
||||
if (sname)
|
||||
BIO_printf(sdb->out, ", algorithm=%s", sname);
|
||||
if (nm != NULL)
|
||||
BIO_printf(sdb->out, "%s", nm);
|
||||
else
|
||||
BIO_printf(sdb->out, ", algid=%d", salg[1]);
|
||||
break;
|
||||
BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
|
||||
|
||||
sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
|
||||
if (sname != NULL) {
|
||||
BIO_printf(sdb->out, " scheme=%s", sname);
|
||||
} else {
|
||||
int alg_code = salg[1];
|
||||
int hash_code = salg[0];
|
||||
const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
|
||||
const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
|
||||
|
||||
if (alg_str != NULL && hash_str != NULL)
|
||||
BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
|
||||
else
|
||||
BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -2253,7 +2253,7 @@ int s_client_main(int argc, char **argv)
|
||||
do {
|
||||
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
|
||||
}
|
||||
while (mbuf_len > 3 && mbuf[3] == '-');
|
||||
while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' '));
|
||||
(void)BIO_flush(fbio);
|
||||
BIO_pop(fbio);
|
||||
BIO_free(fbio);
|
||||
|
83
apps/speed.c
83
apps/speed.c
@ -489,30 +489,35 @@ static const OPT_PAIR rsa_choices[] = {
|
||||
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
||||
#endif /* OPENSSL_NO_RSA */
|
||||
|
||||
#define R_EC_P160 0
|
||||
#define R_EC_P192 1
|
||||
#define R_EC_P224 2
|
||||
#define R_EC_P256 3
|
||||
#define R_EC_P384 4
|
||||
#define R_EC_P521 5
|
||||
#define R_EC_K163 6
|
||||
#define R_EC_K233 7
|
||||
#define R_EC_K283 8
|
||||
#define R_EC_K409 9
|
||||
#define R_EC_K571 10
|
||||
#define R_EC_B163 11
|
||||
#define R_EC_B233 12
|
||||
#define R_EC_B283 13
|
||||
#define R_EC_B409 14
|
||||
#define R_EC_B571 15
|
||||
#define R_EC_BRP256R1 16
|
||||
#define R_EC_BRP256T1 17
|
||||
#define R_EC_BRP384R1 18
|
||||
#define R_EC_BRP384T1 19
|
||||
#define R_EC_BRP512R1 20
|
||||
#define R_EC_BRP512T1 21
|
||||
#define R_EC_X25519 22
|
||||
#define R_EC_X448 23
|
||||
enum {
|
||||
R_EC_P160,
|
||||
R_EC_P192,
|
||||
R_EC_P224,
|
||||
R_EC_P256,
|
||||
R_EC_P384,
|
||||
R_EC_P521,
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
R_EC_K163,
|
||||
R_EC_K233,
|
||||
R_EC_K283,
|
||||
R_EC_K409,
|
||||
R_EC_K571,
|
||||
R_EC_B163,
|
||||
R_EC_B233,
|
||||
R_EC_B283,
|
||||
R_EC_B409,
|
||||
R_EC_B571,
|
||||
#endif
|
||||
R_EC_BRP256R1,
|
||||
R_EC_BRP256T1,
|
||||
R_EC_BRP384R1,
|
||||
R_EC_BRP384T1,
|
||||
R_EC_BRP512R1,
|
||||
R_EC_BRP512T1,
|
||||
R_EC_X25519,
|
||||
R_EC_X448
|
||||
};
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
static OPT_PAIR ecdsa_choices[] = {
|
||||
{"ecdsap160", R_EC_P160},
|
||||
@ -521,6 +526,7 @@ static OPT_PAIR ecdsa_choices[] = {
|
||||
{"ecdsap256", R_EC_P256},
|
||||
{"ecdsap384", R_EC_P384},
|
||||
{"ecdsap521", R_EC_P521},
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
{"ecdsak163", R_EC_K163},
|
||||
{"ecdsak233", R_EC_K233},
|
||||
{"ecdsak283", R_EC_K283},
|
||||
@ -531,6 +537,7 @@ static OPT_PAIR ecdsa_choices[] = {
|
||||
{"ecdsab283", R_EC_B283},
|
||||
{"ecdsab409", R_EC_B409},
|
||||
{"ecdsab571", R_EC_B571},
|
||||
# endif
|
||||
{"ecdsabrp256r1", R_EC_BRP256R1},
|
||||
{"ecdsabrp256t1", R_EC_BRP256T1},
|
||||
{"ecdsabrp384r1", R_EC_BRP384R1},
|
||||
@ -549,6 +556,7 @@ static const OPT_PAIR ecdh_choices[] = {
|
||||
{"ecdhp256", R_EC_P256},
|
||||
{"ecdhp384", R_EC_P384},
|
||||
{"ecdhp521", R_EC_P521},
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
{"ecdhk163", R_EC_K163},
|
||||
{"ecdhk233", R_EC_K233},
|
||||
{"ecdhk283", R_EC_K283},
|
||||
@ -559,6 +567,7 @@ static const OPT_PAIR ecdh_choices[] = {
|
||||
{"ecdhb283", R_EC_B283},
|
||||
{"ecdhb409", R_EC_B409},
|
||||
{"ecdhb571", R_EC_B571},
|
||||
# endif
|
||||
{"ecdhbrp256r1", R_EC_BRP256R1},
|
||||
{"ecdhbrp256t1", R_EC_BRP256T1},
|
||||
{"ecdhbrp384r1", R_EC_BRP384R1},
|
||||
@ -1501,6 +1510,7 @@ int speed_main(int argc, char **argv)
|
||||
{"nistp256", NID_X9_62_prime256v1, 256},
|
||||
{"nistp384", NID_secp384r1, 384},
|
||||
{"nistp521", NID_secp521r1, 521},
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
/* Binary Curves */
|
||||
{"nistk163", NID_sect163k1, 163},
|
||||
{"nistk233", NID_sect233k1, 233},
|
||||
@ -1512,6 +1522,7 @@ int speed_main(int argc, char **argv)
|
||||
{"nistb283", NID_sect283r1, 283},
|
||||
{"nistb409", NID_sect409r1, 409},
|
||||
{"nistb571", NID_sect571r1, 571},
|
||||
# endif
|
||||
{"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
||||
{"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
||||
{"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
||||
@ -2031,6 +2042,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
ecdsa_c[R_EC_K163][0] = count / 1000;
|
||||
ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
@ -2059,6 +2071,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
# endif
|
||||
|
||||
ecdh_c[R_EC_P160][0] = count / 1000;
|
||||
for (i = R_EC_P192; i <= R_EC_P521; i++) {
|
||||
@ -2071,6 +2084,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
# ifndef OPENSSL_NO_EC2M
|
||||
ecdh_c[R_EC_K163][0] = count / 1000;
|
||||
for (i = R_EC_K233; i <= R_EC_K571; i++) {
|
||||
ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
|
||||
@ -2093,6 +2107,7 @@ int speed_main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
}
|
||||
# endif
|
||||
/* repeated code good to factorize */
|
||||
ecdh_c[R_EC_BRP256R1][0] = count / 1000;
|
||||
for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
|
||||
@ -2614,16 +2629,28 @@ int speed_main(int argc, char **argv)
|
||||
|
||||
for (k = 0; k < loopargs_len; k++) {
|
||||
loopargs[k].ctx = EVP_CIPHER_CTX_new();
|
||||
EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
|
||||
iv, decrypt ? 0 : 1);
|
||||
if (loopargs[k].ctx == NULL) {
|
||||
BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
|
||||
exit(1);
|
||||
}
|
||||
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
|
||||
NULL, iv, decrypt ? 0 : 1)) {
|
||||
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
|
||||
|
||||
keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
|
||||
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
|
||||
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
|
||||
EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
|
||||
loopargs[k].key, NULL, -1);
|
||||
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
|
||||
loopargs[k].key, NULL, -1)) {
|
||||
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
||||
ERR_print_errors(bio_err);
|
||||
exit(1);
|
||||
}
|
||||
OPENSSL_clear_free(loopargs[k].key, keylen);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@ -1829,7 +1829,7 @@ Lctr32_enc8x_three:
|
||||
stvx_u $out1,$x10,$out
|
||||
stvx_u $out2,$x20,$out
|
||||
addi $out,$out,0x30
|
||||
b Lcbc_dec8x_done
|
||||
b Lctr32_enc8x_done
|
||||
|
||||
.align 5
|
||||
Lctr32_enc8x_two:
|
||||
@ -1841,7 +1841,7 @@ Lctr32_enc8x_two:
|
||||
stvx_u $out0,$x00,$out
|
||||
stvx_u $out1,$x10,$out
|
||||
addi $out,$out,0x20
|
||||
b Lcbc_dec8x_done
|
||||
b Lctr32_enc8x_done
|
||||
|
||||
.align 5
|
||||
Lctr32_enc8x_one:
|
||||
|
@ -683,6 +683,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
|
||||
hints.ai_family = family;
|
||||
hints.ai_socktype = socktype;
|
||||
hints.ai_protocol = protocol;
|
||||
#ifdef AI_ADDRCONFIG
|
||||
#ifdef AF_UNSPEC
|
||||
if (family == AF_UNSPEC)
|
||||
#endif
|
||||
hints.ai_flags |= AI_ADDRCONFIG;
|
||||
#endif
|
||||
|
||||
if (lookup_type == BIO_LOOKUP_SERVER)
|
||||
hints.ai_flags |= AI_PASSIVE;
|
||||
|
@ -57,7 +57,12 @@ static const BIO_METHOD secmem_method = {
|
||||
NULL, /* mem_callback_ctrl */
|
||||
};
|
||||
|
||||
/* BIO memory stores buffer and read pointer */
|
||||
/*
|
||||
* BIO memory stores buffer and read pointer
|
||||
* however the roles are different for read only BIOs.
|
||||
* In that case the readp just stores the original state
|
||||
* to be used for reset.
|
||||
*/
|
||||
typedef struct bio_buf_mem_st {
|
||||
struct buf_mem_st *buf; /* allocated buffer */
|
||||
struct buf_mem_st *readp; /* read pointer */
|
||||
@ -192,11 +197,14 @@ static int mem_read(BIO *b, char *out, int outl)
|
||||
BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
|
||||
BUF_MEM *bm = bbm->readp;
|
||||
|
||||
if (b->flags & BIO_FLAGS_MEM_RDONLY)
|
||||
bm = bbm->buf;
|
||||
BIO_clear_retry_flags(b);
|
||||
ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
|
||||
if ((out != NULL) && (ret > 0)) {
|
||||
memcpy(out, bm->data, ret);
|
||||
bm->length -= ret;
|
||||
bm->max -= ret;
|
||||
bm->data += ret;
|
||||
} else if (bm->length == 0) {
|
||||
ret = b->num;
|
||||
@ -241,29 +249,36 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
|
||||
BUF_MEM *bm;
|
||||
|
||||
if (b->flags & BIO_FLAGS_MEM_RDONLY)
|
||||
bm = bbm->buf;
|
||||
else
|
||||
bm = bbm->readp;
|
||||
|
||||
switch (cmd) {
|
||||
case BIO_CTRL_RESET:
|
||||
bm = bbm->buf;
|
||||
if (bm->data != NULL) {
|
||||
/* For read only case reset to the start again */
|
||||
if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) {
|
||||
bm->length = bm->max;
|
||||
if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) {
|
||||
if (b->flags & BIO_FLAGS_NONCLEAR_RST) {
|
||||
bm->length = bm->max;
|
||||
} else {
|
||||
memset(bm->data, 0, bm->max);
|
||||
bm->length = 0;
|
||||
}
|
||||
*bbm->readp = *bbm->buf;
|
||||
} else {
|
||||
memset(bm->data, 0, bm->max);
|
||||
bm->length = 0;
|
||||
/* For read only case just reset to the start again */
|
||||
*bbm->buf = *bbm->readp;
|
||||
}
|
||||
*bbm->readp = *bbm->buf;
|
||||
}
|
||||
break;
|
||||
case BIO_CTRL_EOF:
|
||||
bm = bbm->readp;
|
||||
ret = (long)(bm->length == 0);
|
||||
break;
|
||||
case BIO_C_SET_BUF_MEM_EOF_RETURN:
|
||||
b->num = (int)num;
|
||||
break;
|
||||
case BIO_CTRL_INFO:
|
||||
bm = bbm->readp;
|
||||
ret = (long)bm->length;
|
||||
if (ptr != NULL) {
|
||||
pptr = (char **)ptr;
|
||||
@ -278,8 +293,9 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
break;
|
||||
case BIO_C_GET_BUF_MEM_PTR:
|
||||
if (ptr != NULL) {
|
||||
mem_buf_sync(b);
|
||||
bm = bbm->readp;
|
||||
if (!(b->flags & BIO_FLAGS_MEM_RDONLY))
|
||||
mem_buf_sync(b);
|
||||
bm = bbm->buf;
|
||||
pptr = (char **)ptr;
|
||||
*pptr = (char *)bm;
|
||||
}
|
||||
@ -294,7 +310,6 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ret = 0L;
|
||||
break;
|
||||
case BIO_CTRL_PENDING:
|
||||
bm = bbm->readp;
|
||||
ret = (long)bm->length;
|
||||
break;
|
||||
case BIO_CTRL_DUP:
|
||||
@ -318,6 +333,8 @@ static int mem_gets(BIO *bp, char *buf, int size)
|
||||
BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
|
||||
BUF_MEM *bm = bbm->readp;
|
||||
|
||||
if (bp->flags & BIO_FLAGS_MEM_RDONLY)
|
||||
bm = bbm->buf;
|
||||
BIO_clear_retry_flags(bp);
|
||||
j = bm->length;
|
||||
if ((size - 1) < j)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -23,10 +23,10 @@
|
||||
|
||||
static const uint64_t blake2b_IV[8] =
|
||||
{
|
||||
0x6a09e667f3bcc908U, 0xbb67ae8584caa73bU,
|
||||
0x3c6ef372fe94f82bU, 0xa54ff53a5f1d36f1U,
|
||||
0x510e527fade682d1U, 0x9b05688c2b3e6c1fU,
|
||||
0x1f83d9abfb41bd6bU, 0x5be0cd19137e2179U
|
||||
0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
|
||||
0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
|
||||
0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
|
||||
0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
|
||||
};
|
||||
|
||||
static const uint8_t blake2b_sigma[12][16] =
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@ -89,7 +89,7 @@ if ($flavour =~ /64|n32/i) {
|
||||
$SZREG=4;
|
||||
$REG_S="sw";
|
||||
$REG_L="lw";
|
||||
$code=".set mips2\n";
|
||||
$code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n";
|
||||
}
|
||||
|
||||
# Below is N32/64 register layout used in the original module.
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@ -258,6 +258,7 @@ $data=<<EOF;
|
||||
# .text section
|
||||
|
||||
.machine "any"
|
||||
.text
|
||||
|
||||
#
|
||||
# NOTE: The following label name should be changed to
|
||||
|
@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx)
|
||||
|
||||
void BN_CTX_end(BN_CTX *ctx)
|
||||
{
|
||||
if (ctx == NULL)
|
||||
return;
|
||||
CTXDBG_ENTRY("BN_CTX_end", ctx);
|
||||
if (ctx->err_stack)
|
||||
ctx->err_stack--;
|
||||
|
@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
|
||||
|
||||
void BN_clear(BIGNUM *a)
|
||||
{
|
||||
if (a == NULL)
|
||||
return;
|
||||
bn_check_top(a);
|
||||
if (a->d != NULL)
|
||||
OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -135,8 +135,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
|
||||
found = 1;
|
||||
err:
|
||||
OPENSSL_free(mods);
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
bn_check_top(ret);
|
||||
return found;
|
||||
|
@ -9,6 +9,8 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[chacha-armv4.o]=..
|
||||
GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[chacha-armv8.o]=..
|
||||
GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[chacha-s390x.o]=..
|
||||
|
||||
BEGINRAW[Makefile(unix)]
|
||||
##### CHACHA assembler implementations
|
||||
|
@ -35,6 +35,7 @@ void OPENSSL_config(const char *appname)
|
||||
memset(&settings, 0, sizeof(settings));
|
||||
if (appname != NULL)
|
||||
settings.appname = strdup(appname);
|
||||
settings.flags = DEFAULT_CONF_MFLAGS;
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
|
||||
}
|
||||
#endif
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -12,6 +12,8 @@
|
||||
#include <openssl/bn.h>
|
||||
#include "dh_locl.h"
|
||||
|
||||
# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
|
||||
|
||||
/*-
|
||||
* Check that p and g are suitable enough
|
||||
*
|
||||
@ -58,10 +60,8 @@ int DH_check_params(const DH *dh, int *ret)
|
||||
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
||||
@ -127,7 +127,7 @@ int DH_check(const DH *dh, int *ret)
|
||||
if (!BN_is_one(t1))
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
}
|
||||
r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
@ -155,7 +155,7 @@ int DH_check(const DH *dh, int *ret)
|
||||
} else
|
||||
*ret |= DH_UNABLE_TO_CHECK_GENERATOR;
|
||||
|
||||
r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
@ -163,7 +163,7 @@ int DH_check(const DH *dh, int *ret)
|
||||
else if (!dh->q) {
|
||||
if (!BN_rshift1(t1, dh->p))
|
||||
goto err;
|
||||
r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
@ -171,10 +171,8 @@ int DH_check(const DH *dh, int *ret)
|
||||
}
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
||||
@ -225,9 +223,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
||||
ok = 0;
|
||||
}
|
||||
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
|
||||
ret = BN_bn2bin(tmp, key);
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
|
||||
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
dctx->prime_len = 1024;
|
||||
dctx->prime_len = 2048;
|
||||
dctx->subprime_len = -1;
|
||||
dctx->generator = 2;
|
||||
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
|
||||
if (seed_out)
|
||||
memcpy(seed_out, seed, qsize);
|
||||
}
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
BN_MONT_CTX_free(mont);
|
||||
return ok;
|
||||
@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
|
||||
OPENSSL_free(seed);
|
||||
if (seed_out != seed_tmp)
|
||||
OPENSSL_free(seed_tmp);
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
BN_MONT_CTX_free(mont);
|
||||
EVP_MD_CTX_free(mctx);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -190,6 +190,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Reject obviously invalid parameters */
|
||||
if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
|
||||
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
|
||||
return 0;
|
||||
}
|
||||
|
||||
k = BN_new();
|
||||
l = BN_new();
|
||||
if (k == NULL || l == NULL)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -20,8 +20,8 @@
|
||||
|
||||
typedef struct {
|
||||
/* Parameter gen parameters */
|
||||
int nbits; /* size of p in bits (default: 1024) */
|
||||
int qbits; /* size of q in bits (default: 160) */
|
||||
int nbits; /* size of p in bits (default: 2048) */
|
||||
int qbits; /* size of q in bits (default: 224) */
|
||||
const EVP_MD *pmd; /* MD for parameter generation */
|
||||
/* Keygen callback info */
|
||||
int gentmp[2];
|
||||
@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
|
||||
|
||||
if (dctx == NULL)
|
||||
return 0;
|
||||
dctx->nbits = 1024;
|
||||
dctx->qbits = 160;
|
||||
dctx->nbits = 2048;
|
||||
dctx->qbits = 224;
|
||||
dctx->pmd = NULL;
|
||||
dctx->md = NULL;
|
||||
|
||||
@ -138,7 +138,11 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
|
||||
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
#include "dso_locl.h"
|
||||
|
||||
#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN)
|
||||
#ifdef DSO_NONE
|
||||
|
||||
static DSO_METHOD dso_meth_null = {
|
||||
"NULL shared library method"
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -254,6 +254,7 @@ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32],
|
||||
#if defined(X25519_ASM) \
|
||||
|| ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
|
||||
&& !defined(__sparc__) \
|
||||
&& (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \
|
||||
&& !(defined(__ANDROID__) && !defined(__clang__)) )
|
||||
/*
|
||||
* Base 2^51 implementation. It's virtually no different from reference
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2016 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -27,8 +27,8 @@
|
||||
static const curve448_scalar_t precomputed_scalarmul_adjustment = {
|
||||
{
|
||||
{
|
||||
SC_LIMB(0xc873d6d54a7bb0cf), SC_LIMB(0xe933d8d723a70aad),
|
||||
SC_LIMB(0xbb124b65129c96fd), SC_LIMB(0x00000008335dc163)
|
||||
SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL),
|
||||
SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL)
|
||||
}
|
||||
}
|
||||
};
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -24,7 +24,9 @@
|
||||
*/
|
||||
# ifndef C448_WORD_BITS
|
||||
# if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \
|
||||
&& !defined(__sparc__)
|
||||
&& !defined(__sparc__) \
|
||||
&& (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8))
|
||||
|
||||
# define C448_WORD_BITS 64 /* The number of bits in a word */
|
||||
# else
|
||||
# define C448_WORD_BITS 32 /* The number of bits in a word */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2016 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -12,9 +12,9 @@
|
||||
#include "field.h"
|
||||
|
||||
static const gf MODULUS = {
|
||||
FIELD_LITERAL(0xffffffffffffff, 0xffffffffffffff, 0xffffffffffffff,
|
||||
0xffffffffffffff, 0xfffffffffffffe, 0xffffffffffffff,
|
||||
0xffffffffffffff, 0xffffffffffffff)
|
||||
FIELD_LITERAL(0xffffffffffffffULL, 0xffffffffffffffULL, 0xffffffffffffffULL,
|
||||
0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL,
|
||||
0xffffffffffffffULL, 0xffffffffffffffULL)
|
||||
};
|
||||
|
||||
/* Serialize to wire format. */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2016 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -14,24 +14,24 @@
|
||||
#include "word.h"
|
||||
#include "point_448.h"
|
||||
|
||||
static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5;
|
||||
static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5ULL;
|
||||
static const curve448_scalar_t sc_p = {
|
||||
{
|
||||
{
|
||||
SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55),
|
||||
SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9),
|
||||
SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff),
|
||||
SC_LIMB(0x3fffffffffffffff)
|
||||
SC_LIMB(0x2378c292ab5844f3ULL), SC_LIMB(0x216cc2728dc58f55ULL),
|
||||
SC_LIMB(0xc44edb49aed63690ULL), SC_LIMB(0xffffffff7cca23e9ULL),
|
||||
SC_LIMB(0xffffffffffffffffULL), SC_LIMB(0xffffffffffffffffULL),
|
||||
SC_LIMB(0x3fffffffffffffffULL)
|
||||
}
|
||||
}
|
||||
}, sc_r2 = {
|
||||
{
|
||||
{
|
||||
|
||||
SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9),
|
||||
SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838),
|
||||
SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af),
|
||||
SC_LIMB(0x3402a939f823b729)
|
||||
SC_LIMB(0xe3539257049b9b60ULL), SC_LIMB(0x7af32c4bc1b195d9ULL),
|
||||
SC_LIMB(0x0d66de2388ea1859ULL), SC_LIMB(0xae17cf725ee4d838ULL),
|
||||
SC_LIMB(0x1a9cc14ba3c47c44ULL), SC_LIMB(0x2052bcb7e4d070afULL),
|
||||
SC_LIMB(0x3402a939f823b729ULL)
|
||||
}
|
||||
}
|
||||
};
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -237,7 +237,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
point_conversion_form_t form;
|
||||
int y_bit;
|
||||
int y_bit, m;
|
||||
BN_CTX *new_ctx = NULL;
|
||||
BIGNUM *x, *y, *yxi;
|
||||
size_t field_len, enc_len;
|
||||
@ -270,7 +270,8 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
return EC_POINT_set_to_infinity(group, point);
|
||||
}
|
||||
|
||||
field_len = (EC_GROUP_get_degree(group) + 7) / 8;
|
||||
m = EC_GROUP_get_degree(group);
|
||||
field_len = (m + 7) / 8;
|
||||
enc_len =
|
||||
(form ==
|
||||
POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
|
||||
@ -295,7 +296,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
|
||||
if (!BN_bin2bn(buf + 1, field_len, x))
|
||||
goto err;
|
||||
if (BN_ucmp(x, group->field) >= 0) {
|
||||
if (BN_num_bits(x) > m) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
|
||||
goto err;
|
||||
}
|
||||
@ -306,7 +307,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
} else {
|
||||
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
|
||||
goto err;
|
||||
if (BN_ucmp(y, group->field) >= 0) {
|
||||
if (BN_num_bits(y) > m) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
|
||||
goto err;
|
||||
}
|
||||
|
@ -204,8 +204,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -504,7 +504,12 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
|
||||
#endif
|
||||
|
||||
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
|
||||
*(int *)arg2 = NID_sha256;
|
||||
if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
|
||||
/* For SM2, the only valid digest-alg is SM3 */
|
||||
*(int *)arg2 = NID_sm3;
|
||||
} else {
|
||||
*(int *)arg2 = NID_sha256;
|
||||
}
|
||||
return 1;
|
||||
|
||||
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -1074,8 +1074,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -378,7 +378,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
|
||||
|
||||
err:
|
||||
EC_POINT_free(p);
|
||||
EC_POINT_free(s);
|
||||
EC_POINT_clear_free(s);
|
||||
BN_CTX_end(ctx);
|
||||
|
||||
return ret;
|
||||
@ -441,7 +441,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
* scalar multiplication implementation based on a Montgomery ladder,
|
||||
* with various timing attack defenses.
|
||||
*/
|
||||
if ((scalar != NULL) && (num == 0)) {
|
||||
if ((scalar != group->order) && (scalar != NULL) && (num == 0)) {
|
||||
/*-
|
||||
* In this case we want to compute scalar * GeneratorPoint: this
|
||||
* codepath is reached most prominently by (ephemeral) key
|
||||
@ -452,7 +452,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
|
||||
*/
|
||||
return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
|
||||
}
|
||||
if ((scalar == NULL) && (num == 1)) {
|
||||
if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) {
|
||||
/*-
|
||||
* In this case we want to compute scalar * VariablePoint: this
|
||||
* codepath is reached most prominently by the second half of ECDH,
|
||||
@ -948,8 +948,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
EC_ec_pre_comp_free(pre_comp);
|
||||
if (points) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -323,7 +323,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
|
||||
EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
|
||||
ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -112,9 +112,8 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
EC_POINT_free(tmp);
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
EC_POINT_clear_free(tmp);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_free(buf);
|
||||
return ret;
|
||||
|
@ -357,10 +357,15 @@ static void felem_diff64(felem out, const felem in)
|
||||
static void felem_diff_128_64(largefelem out, const felem in)
|
||||
{
|
||||
/*
|
||||
* In order to prevent underflow, we add 0 mod p before subtracting.
|
||||
* In order to prevent underflow, we add 64p mod p (which is equivalent
|
||||
* to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521
|
||||
* digit number with all bits set to 1. See "The representation of field
|
||||
* elements" comment above for a description of how limbs are used to
|
||||
* represent a number. 64p is represented with 8 limbs containing a number
|
||||
* with 58 bits set and one limb with a number with 57 bits set.
|
||||
*/
|
||||
static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5);
|
||||
static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4);
|
||||
static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6);
|
||||
static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5);
|
||||
|
||||
out[0] += two63m6 - in[0];
|
||||
out[1] += two63m5 - in[1];
|
||||
|
@ -888,8 +888,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
|
||||
EC_nistz256_pre_comp_free(pre_comp);
|
||||
|
@ -307,8 +307,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return ret;
|
||||
}
|
||||
@ -787,8 +786,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
if (ctx) /* otherwise we already called BN_CTX_end */
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(new_ctx);
|
||||
return ret;
|
||||
}
|
||||
|
@ -523,8 +523,24 @@ static unsigned long get_error_values(int inc, int top, const char **file,
|
||||
return ERR_R_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
while (es->bottom != es->top) {
|
||||
if (es->err_flags[es->top] & ERR_FLAG_CLEAR) {
|
||||
err_clear(es, es->top);
|
||||
es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
|
||||
continue;
|
||||
}
|
||||
i = (es->bottom + 1) % ERR_NUM_ERRORS;
|
||||
if (es->err_flags[i] & ERR_FLAG_CLEAR) {
|
||||
es->bottom = i;
|
||||
err_clear(es, es->bottom);
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (es->bottom == es->top)
|
||||
return 0;
|
||||
|
||||
if (top)
|
||||
i = es->top; /* last error */
|
||||
else
|
||||
@ -913,25 +929,6 @@ int ERR_clear_last_mark(void)
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef UINTPTR_T
|
||||
# undef UINTPTR_T
|
||||
#endif
|
||||
/*
|
||||
* uintptr_t is the answer, but unfortunately C89, current "least common
|
||||
* denominator" doesn't define it. Most legacy platforms typedef it anyway,
|
||||
* so that attempt to fill the gaps means that one would have to identify
|
||||
* that track these gaps, which would be undesirable. Macro it is...
|
||||
*/
|
||||
#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
|
||||
/*
|
||||
* But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
|
||||
* even in 64-bit builds, which means that it won't work as mask.
|
||||
*/
|
||||
# define UINTPTR_T unsigned long long
|
||||
#else
|
||||
# define UINTPTR_T size_t
|
||||
#endif
|
||||
|
||||
void err_clear_last_constant_time(int clear)
|
||||
{
|
||||
ERR_STATE *es;
|
||||
@ -943,11 +940,11 @@ void err_clear_last_constant_time(int clear)
|
||||
|
||||
top = es->top;
|
||||
|
||||
es->err_flags[top] &= ~(0 - clear);
|
||||
es->err_buffer[top] &= ~(0UL - clear);
|
||||
es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
|
||||
~((UINTPTR_T)0 - clear));
|
||||
es->err_line[top] |= 0 - clear;
|
||||
|
||||
es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
|
||||
/*
|
||||
* Flag error as cleared but remove it elsewhere to avoid two errors
|
||||
* accessing the same error stack location, revealing timing information.
|
||||
*/
|
||||
clear = constant_time_select_int(constant_time_eq_int(clear, 0),
|
||||
0, ERR_FLAG_CLEAR);
|
||||
es->err_flags[top] |= clear;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -150,6 +150,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
|
||||
|
||||
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
{
|
||||
if (count == 0)
|
||||
return 1;
|
||||
|
||||
return ctx->update(ctx, data, count);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -2216,9 +2216,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
if (!cctx->aes.ccm.iv_set)
|
||||
return -1;
|
||||
|
||||
if (!enc && !cctx->aes.ccm.tag_set)
|
||||
return -1;
|
||||
|
||||
if (out == NULL) {
|
||||
/* Update(): Pass message length. */
|
||||
if (in == NULL) {
|
||||
@ -2237,6 +2234,10 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
return len;
|
||||
}
|
||||
|
||||
/* The tag must be set before actually decrypting data */
|
||||
if (!enc && !cctx->aes.ccm.tag_set)
|
||||
return -1;
|
||||
|
||||
/* Update(): Process message. */
|
||||
|
||||
if (!cctx->aes.ccm.len_set) {
|
||||
@ -3643,8 +3644,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
if (!cctx->iv_set)
|
||||
return -1;
|
||||
|
||||
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
|
||||
return -1;
|
||||
if (!out) {
|
||||
if (!in) {
|
||||
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
|
||||
@ -3659,6 +3658,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
CRYPTO_ccm128_aad(ccm, in, len);
|
||||
return len;
|
||||
}
|
||||
|
||||
/* The tag must be set before actually decrypting data */
|
||||
if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
|
||||
return -1;
|
||||
|
||||
/* If not set length yet do it */
|
||||
if (!cctx->len_set) {
|
||||
if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
@ -486,6 +486,16 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
|
||||
|
||||
if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
|
||||
OPENSSL_free(gctx->iv);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
@ -727,6 +737,8 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
}
|
||||
|
||||
#define aria_ccm_cleanup NULL
|
||||
|
||||
#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \
|
||||
| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
|
||||
| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
|
||||
@ -739,7 +751,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \
|
||||
ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \
|
||||
aria_##mode##_init_key, \
|
||||
aria_##mode##_cipher, \
|
||||
NULL, \
|
||||
aria_##mode##_cleanup, \
|
||||
sizeof(EVP_ARIA_##MODE##_CTX), \
|
||||
NULL,NULL,aria_##mode##_ctrl,NULL }; \
|
||||
const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -30,6 +30,8 @@ typedef struct {
|
||||
|
||||
#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
|
||||
|
||||
#define CHACHA20_POLY1305_MAX_IVLEN 12
|
||||
|
||||
static int chacha_init_key(EVP_CIPHER_CTX *ctx,
|
||||
const unsigned char user_key[CHACHA_KEY_SIZE],
|
||||
const unsigned char iv[CHACHA_CTR_SIZE], int enc)
|
||||
@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
return 1;
|
||||
|
||||
case EVP_CTRL_AEAD_SET_IVLEN:
|
||||
if (arg <= 0 || arg > CHACHA_CTR_SIZE)
|
||||
if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
|
||||
return 0;
|
||||
actx->nonce_len = arg;
|
||||
return 1;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -394,6 +394,11 @@ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
|
||||
pkey->pmeth_engine = e;
|
||||
return 1;
|
||||
}
|
||||
|
||||
ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
|
||||
{
|
||||
return pkey->engine;
|
||||
}
|
||||
#endif
|
||||
int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
|
||||
{
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
}
|
||||
|
||||
size = EVP_PKEY_size(priv);
|
||||
key = OPENSSL_malloc(size + 2);
|
||||
key = OPENSSL_malloc(size);
|
||||
if (key == NULL) {
|
||||
/* ERROR */
|
||||
EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -35,6 +35,13 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* The HMAC construction is not allowed to be used with the
|
||||
* extendable-output functions (XOF) shake128 and shake256.
|
||||
*/
|
||||
if ((EVP_MD_meth_get_flags(md) & EVP_MD_FLAG_XOF) != 0)
|
||||
return 0;
|
||||
|
||||
if (key != NULL) {
|
||||
reset = 1;
|
||||
j = EVP_MD_block_size(md);
|
||||
|
@ -1,6 +1,6 @@
|
||||
{- join("\n",map { "/* $_ */" } @autowarntext) -}
|
||||
/*
|
||||
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -10,7 +10,6 @@
|
||||
|
||||
#ifndef HEADER_DSO_CONF_H
|
||||
# define HEADER_DSO_CONF_H
|
||||
{- output_off() if $disabled{dso} -}
|
||||
{- # The DSO code currently always implements all functions so that no
|
||||
# applications will have to worry about that from a compilation point
|
||||
# of view. However, the "method"s may return zero unless that platform
|
||||
@ -18,6 +17,9 @@
|
||||
# by a define "DSO_<name>" ... we translate the "dso_scheme" config
|
||||
# string entry into using the following logic;
|
||||
my $scheme = uc $target{dso_scheme};
|
||||
if (!$scheme) {
|
||||
$scheme = "NONE";
|
||||
}
|
||||
my @macros = ( "DSO_$scheme" );
|
||||
if ($scheme eq 'DLFCN') {
|
||||
@macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" );
|
||||
@ -26,5 +28,4 @@
|
||||
}
|
||||
join("\n", map { "# define $_" } @macros); -}
|
||||
# define DSO_EXTENSION "{- $target{dso_extension} -}"
|
||||
{- output_on() if $disabled{dso} -}
|
||||
#endif
|
||||
|
@ -161,10 +161,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
|
||||
#ifdef OPENSSL_INIT_DEBUG
|
||||
fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
|
||||
#endif
|
||||
#if !defined(OPENSSL_NO_DSO) \
|
||||
&& !defined(OPENSSL_USE_NODELETE) \
|
||||
#if !defined(OPENSSL_USE_NODELETE) \
|
||||
&& !defined(OPENSSL_NO_PINSHARED)
|
||||
# ifdef DSO_WIN32
|
||||
# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
|
||||
{
|
||||
HMODULE handle = NULL;
|
||||
BOOL ret;
|
||||
@ -180,7 +179,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
|
||||
# endif
|
||||
return (ret == TRUE) ? 1 : 0;
|
||||
}
|
||||
# else
|
||||
# elif !defined(DSO_NONE)
|
||||
/*
|
||||
* Deliberately leak a reference to ourselves. This will force the library
|
||||
* to remain loaded until the atexit() handler is run at process exit.
|
||||
@ -702,7 +701,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
|
||||
ret = RUN_ONCE(&config, ossl_init_config);
|
||||
conf_settings = NULL;
|
||||
CRYPTO_THREAD_unlock(init_lock);
|
||||
if (!ret)
|
||||
if (ret <= 0)
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -764,8 +763,7 @@ int OPENSSL_atexit(void (*handler)(void))
|
||||
{
|
||||
OPENSSL_INIT_STOP *newhand;
|
||||
|
||||
#if !defined(OPENSSL_NO_DSO) \
|
||||
&& !defined(OPENSSL_USE_NODELETE)\
|
||||
#if !defined(OPENSSL_USE_NODELETE)\
|
||||
&& !defined(OPENSSL_NO_PINSHARED)
|
||||
{
|
||||
union {
|
||||
@ -774,7 +772,7 @@ int OPENSSL_atexit(void (*handler)(void))
|
||||
} handlersym;
|
||||
|
||||
handlersym.func = handler;
|
||||
# ifdef DSO_WIN32
|
||||
# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
|
||||
{
|
||||
HMODULE handle = NULL;
|
||||
BOOL ret;
|
||||
@ -790,7 +788,7 @@ int OPENSSL_atexit(void (*handler)(void))
|
||||
if (!ret)
|
||||
return 0;
|
||||
}
|
||||
# else
|
||||
# elif !defined(DSO_NONE)
|
||||
/*
|
||||
* Deliberately leak a reference to the handler. This will force the
|
||||
* library/code containing the handler to remain loaded until we run the
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -11,7 +11,7 @@
|
||||
# define __MIPS_ARCH_H__
|
||||
|
||||
# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
|
||||
defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6))
|
||||
defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \
|
||||
&& !defined(_MIPS_ARCH_MIPS32R2)
|
||||
# define _MIPS_ARCH_MIPS32R2
|
||||
# endif
|
||||
|
@ -1155,6 +1155,7 @@ ___
|
||||
} else {
|
||||
$code.=<<___;
|
||||
jmp .L_init_clmul
|
||||
.cfi_endproc
|
||||
.size gcm_init_avx,.-gcm_init_avx
|
||||
___
|
||||
}
|
||||
@ -1594,6 +1595,7 @@ ___
|
||||
} else {
|
||||
$code.=<<___;
|
||||
jmp .L_ghash_clmul
|
||||
.cfi_endproc
|
||||
.size gcm_ghash_avx,.-gcm_ghash_avx
|
||||
___
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
|
||||
|
||||
M *= 2;
|
||||
M += 2;
|
||||
if (len < M)
|
||||
if (len != M)
|
||||
return 0;
|
||||
memcpy(tag, ctx->cmac.c, M);
|
||||
return M;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
|
||||
#if defined(_MSC_VER) && _MSC_VER>=1400
|
||||
return !strerror_s(buf, buflen, errnum);
|
||||
#elif defined(_GNU_SOURCE)
|
||||
return strerror_r(errnum, buf, buflen) != NULL;
|
||||
char *err;
|
||||
|
||||
/*
|
||||
* GNU strerror_r may not actually set buf.
|
||||
* It can return a pointer to some (immutable) static string in which case
|
||||
* buf is left unused.
|
||||
*/
|
||||
err = strerror_r(errnum, buf, buflen);
|
||||
if (err == NULL)
|
||||
return 0;
|
||||
/*
|
||||
* If err is statically allocated, err != buf and we need to copy the data.
|
||||
* If err points somewhere inside buf, OPENSSL_strlcpy can handle this,
|
||||
* since src and dest are not annotated with __restrict and the function
|
||||
* reads src byte for byte and writes to dest.
|
||||
* If err == buf we do not have to copy anything.
|
||||
*/
|
||||
if (err != buf)
|
||||
OPENSSL_strlcpy(buf, err, buflen);
|
||||
return 1;
|
||||
#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
|
||||
(defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
|
||||
/*
|
||||
@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
|
||||
return !strerror_r(errnum, buf, buflen);
|
||||
#else
|
||||
char *err;
|
||||
|
||||
/* Fall back to non-thread safe strerror()...its all we can do */
|
||||
if (buflen < 2)
|
||||
return 0;
|
||||
@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
|
||||
/* Can this ever happen? */
|
||||
if (err == NULL)
|
||||
return 0;
|
||||
strncpy(buf, err, buflen - 1);
|
||||
buf[buflen - 1] = '\0';
|
||||
OPENSSL_strlcpy(buf, err, buflen);
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
@ -1070,7 +1070,7 @@ static const unsigned char so[7762] = {
|
||||
0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
|
||||
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
|
||||
@ -5364,7 +5364,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
|
||||
1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
|
||||
1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
|
||||
1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
|
||||
1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
|
||||
1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 2 1 */
|
||||
1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
|
||||
1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
|
||||
1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
|
||||
|
@ -1358,7 +1358,7 @@ id-tc26-algorithms 7 : id-tc26-wrap
|
||||
id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
|
||||
id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15
|
||||
id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
|
||||
id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
|
||||
id-tc26-wrap-gostr3412-2015-kuznyechik 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
|
||||
|
||||
id-tc26 2 : id-tc26-constants
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -439,6 +439,7 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
|
||||
|
||||
if ((sloc = OCSP_SERVICELOC_new()) == NULL)
|
||||
goto err;
|
||||
X509_NAME_free(sloc->issuer);
|
||||
if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL)
|
||||
goto err;
|
||||
if (urls && *urls
|
||||
@ -449,12 +450,11 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
|
||||
goto err;
|
||||
if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL)
|
||||
goto err;
|
||||
if ((ad->location = GENERAL_NAME_new()) == NULL)
|
||||
goto err;
|
||||
if ((ia5 = ASN1_IA5STRING_new()) == NULL)
|
||||
goto err;
|
||||
if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
|
||||
goto err;
|
||||
/* ad->location is allocated inside ACCESS_DESCRIPTION_new */
|
||||
ad->location->type = GEN_URI;
|
||||
ad->location->d.ia5 = ia5;
|
||||
ia5 = NULL;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -88,7 +88,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
|
||||
int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
|
||||
{
|
||||
int ret;
|
||||
ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
|
||||
@ -100,7 +100,7 @@ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
|
||||
return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
|
||||
}
|
||||
|
||||
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
|
||||
int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
|
||||
{
|
||||
int ret;
|
||||
ret = OCSP_id_issuer_cmp(a, b);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -31,7 +31,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|
||||
int i, ret = 0;
|
||||
unsigned int m_len;
|
||||
|
||||
m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
|
||||
m = OPENSSL_malloc(EVP_PKEY_size(pkey));
|
||||
if (m == NULL) {
|
||||
PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
|
@ -17,6 +17,7 @@ GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[poly1305-armv8.o]=..
|
||||
GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME)
|
||||
INCLUDE[poly1305-mips.o]=..
|
||||
GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME)
|
||||
|
||||
BEGINRAW[Makefile(unix)]
|
||||
{- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl
|
||||
|
@ -314,6 +314,7 @@ void OPENSSL_cpuid_setup(void)
|
||||
#ifdef OSSL_IMPLEMENT_GETAUXVAL
|
||||
{
|
||||
unsigned long hwcap = getauxval(HWCAP);
|
||||
unsigned long hwcap2 = getauxval(HWCAP2);
|
||||
|
||||
if (hwcap & HWCAP_FPU) {
|
||||
OPENSSL_ppccap_P |= PPC_FPU;
|
||||
@ -332,11 +333,11 @@ void OPENSSL_cpuid_setup(void)
|
||||
if (hwcap & HWCAP_ALTIVEC) {
|
||||
OPENSSL_ppccap_P |= PPC_ALTIVEC;
|
||||
|
||||
if ((hwcap & HWCAP_VSX) && (getauxval(HWCAP2) & HWCAP_VEC_CRYPTO))
|
||||
if ((hwcap & HWCAP_VSX) && (hwcap2 & HWCAP_VEC_CRYPTO))
|
||||
OPENSSL_ppccap_P |= PPC_CRYPTO207;
|
||||
}
|
||||
|
||||
if (hwcap & HWCAP_ARCH_3_00) {
|
||||
if (hwcap2 & HWCAP_ARCH_3_00) {
|
||||
OPENSSL_ppccap_P |= PPC_MADD300;
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -188,8 +188,8 @@ static RAND_DRBG *rand_drbg_new(int secure,
|
||||
unsigned int flags,
|
||||
RAND_DRBG *parent)
|
||||
{
|
||||
RAND_DRBG *drbg = secure ?
|
||||
OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg));
|
||||
RAND_DRBG *drbg = secure ? OPENSSL_secure_zalloc(sizeof(*drbg))
|
||||
: OPENSSL_zalloc(sizeof(*drbg));
|
||||
|
||||
if (drbg == NULL) {
|
||||
RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -137,7 +137,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
|
||||
size_t entropy_available = 0;
|
||||
RAND_POOL *pool;
|
||||
|
||||
if (drbg->parent && drbg->strength > drbg->parent->strength) {
|
||||
if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
|
||||
/*
|
||||
* We currently don't support the algorithm from NIST SP 800-90C
|
||||
* 10.1.2 to use a weaker DRBG as source
|
||||
@ -155,7 +155,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (drbg->parent) {
|
||||
if (drbg->parent != NULL) {
|
||||
size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
|
||||
|
||||
@ -235,7 +235,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
|
||||
struct {
|
||||
void * instance;
|
||||
int count;
|
||||
} data = { 0 };
|
||||
} data = { NULL, 0 };
|
||||
|
||||
pool = rand_pool_new(0, min_len, max_len);
|
||||
if (pool == NULL)
|
||||
@ -402,7 +402,7 @@ int RAND_poll(void)
|
||||
} else {
|
||||
/* fill random pool and seed the current legacy RNG */
|
||||
pool = rand_pool_new(RAND_DRBG_STRENGTH,
|
||||
RAND_DRBG_STRENGTH / 8,
|
||||
(RAND_DRBG_STRENGTH + 7) / 8,
|
||||
RAND_POOL_MAX_LENGTH);
|
||||
if (pool == NULL)
|
||||
return 0;
|
||||
@ -689,7 +689,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
|
||||
|
||||
if (pool->buffer == NULL) {
|
||||
RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return pool->buffer + pool->len;
|
||||
|
@ -19,7 +19,7 @@
|
||||
#include <stdio.h>
|
||||
#include "internal/dso.h"
|
||||
#if defined(__linux)
|
||||
# include <sys/syscall.h>
|
||||
# include <asm/unistd.h>
|
||||
#endif
|
||||
#if defined(__FreeBSD__)
|
||||
# include <sys/types.h>
|
||||
@ -324,8 +324,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
|
||||
# endif
|
||||
|
||||
/* Linux supports this since version 3.17 */
|
||||
# if defined(__linux) && defined(SYS_getrandom)
|
||||
return syscall(SYS_getrandom, buf, buflen, 0);
|
||||
# if defined(__linux) && defined(__NR_getrandom)
|
||||
return syscall(__NR_getrandom, buf, buflen, 0);
|
||||
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
||||
return sysctl_random(buf, buflen);
|
||||
# else
|
||||
@ -510,6 +510,29 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
{
|
||||
size_t i;
|
||||
#ifdef DEVRANDOM_WAIT
|
||||
static int wait_done = 0;
|
||||
|
||||
/*
|
||||
* On some implementations reading from /dev/urandom is possible
|
||||
* before it is initialized. Therefore we wait for /dev/random
|
||||
* to be readable to make sure /dev/urandom is initialized.
|
||||
*/
|
||||
if (!wait_done && bytes_needed > 0) {
|
||||
int f = open(DEVRANDOM_WAIT, O_RDONLY);
|
||||
|
||||
if (f >= 0) {
|
||||
fd_set fds;
|
||||
|
||||
FD_ZERO(&fds);
|
||||
FD_SET(f, &fds);
|
||||
while (select(f+1, &fds, NULL, NULL, NULL) < 0
|
||||
&& errno == EINTR);
|
||||
close(f);
|
||||
}
|
||||
wait_done = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
|
||||
ssize_t bytes = 0;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -254,7 +254,7 @@ const char *RAND_file_name(char *buf, size_t size)
|
||||
size_t len;
|
||||
int use_randfile = 1;
|
||||
|
||||
#if defined(_WIN32) && defined(CP_UTF8)
|
||||
#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE)
|
||||
DWORD envlen;
|
||||
WCHAR *var;
|
||||
|
||||
|
@ -11,6 +11,8 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME)
|
||||
|
||||
GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME)
|
||||
|
||||
GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME)
|
||||
|
||||
BEGINRAW[Makefile]
|
||||
# GNU make "catch all"
|
||||
{- $builddir -}/rc4-%.s: {- $sourcedir -}/asm/rc4-%.pl
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -583,10 +583,12 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
|
||||
return NULL;
|
||||
if (saltlen == -1) {
|
||||
saltlen = EVP_MD_size(sigmd);
|
||||
} else if (saltlen == -2) {
|
||||
} else if (saltlen == -2 || saltlen == -3) {
|
||||
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
|
||||
if ((EVP_PKEY_bits(pk) & 0x7) == 1)
|
||||
saltlen--;
|
||||
if (saltlen < 0)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return rsa_pss_params_create(sigmd, mgf1md, saltlen);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -387,8 +387,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
|
||||
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
|
||||
ok = 0;
|
||||
}
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
* |num| is the length of the modulus; |flen| is the length of the
|
||||
* encoded message. Therefore, for any |from| that was obtained by
|
||||
* decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
|
||||
* num < 2 * mdlen + 2 must hold for the modulus irrespective of
|
||||
* |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of
|
||||
* the ciphertext, see PKCS #1 v2.2, section 7.1.2.
|
||||
* This does not leak any side-channel information.
|
||||
*/
|
||||
@ -179,17 +179,16 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
from = em;
|
||||
|
||||
/*
|
||||
* The first byte must be zero, however we must not leak if this is
|
||||
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
|
||||
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
|
||||
*/
|
||||
good = constant_time_is_zero(from[0]);
|
||||
good = constant_time_is_zero(em[0]);
|
||||
|
||||
maskedseed = from + 1;
|
||||
maskeddb = from + 1 + mdlen;
|
||||
maskedseed = em + 1;
|
||||
maskeddb = em + 1 + mdlen;
|
||||
|
||||
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
|
||||
goto cleanup;
|
||||
@ -230,29 +229,30 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
|
||||
mlen = dblen - msg_index;
|
||||
|
||||
/*
|
||||
* For good measure, do this check in constant tine as well.
|
||||
* For good measure, do this check in constant time as well.
|
||||
*/
|
||||
good &= constant_time_ge(tlen, mlen);
|
||||
|
||||
/*
|
||||
* Even though we can't fake result's length, we can pretend copying
|
||||
* |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |dblen|
|
||||
* bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
|
||||
* where |mlen'| is "saturated" |mlen| value. Deducing information
|
||||
* about failure or |mlen| would take attacker's ability to observe
|
||||
* memory access pattern with byte granularity *as it occurs*. It
|
||||
* should be noted that failure is indistinguishable from normal
|
||||
* operation if |tlen| is fixed by protocol.
|
||||
* Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
tlen = constant_time_select_int(constant_time_lt(dblen, tlen), dblen, tlen);
|
||||
msg_index = constant_time_select_int(good, msg_index, dblen - tlen);
|
||||
mlen = dblen - msg_index;
|
||||
for (from = db + msg_index, mask = good, i = 0; i < tlen; i++) {
|
||||
unsigned int equals = constant_time_eq(i, mlen);
|
||||
|
||||
from -= dblen & equals; /* if (i == dblen) rewind */
|
||||
mask &= mask ^ equals; /* if (i == dblen) mask = 0 */
|
||||
to[i] = constant_time_select_8(mask, from[i], to[i]);
|
||||
tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen),
|
||||
dblen - mdlen - 1, tlen);
|
||||
for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0);
|
||||
for (i = mdlen + 1; i < dblen - msg_index; i++)
|
||||
db[i] = constant_time_select_8(mask, db[i + msg_index], db[i]);
|
||||
}
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -148,8 +148,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
|
||||
*/
|
||||
r = BN_bn2binpad(ret, to, num);
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_clear_free(buf, num);
|
||||
return r;
|
||||
@ -354,8 +353,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
|
||||
*/
|
||||
r = BN_bn2binpad(res, to, num);
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_clear_free(buf, num);
|
||||
return r;
|
||||
@ -481,11 +479,10 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
||||
goto err;
|
||||
}
|
||||
RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
|
||||
err_clear_last_constant_time(r >= 0);
|
||||
err_clear_last_constant_time(1 & ~constant_time_msb(r));
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_clear_free(buf, num);
|
||||
return r;
|
||||
@ -581,8 +578,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
|
||||
RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
|
||||
|
||||
err:
|
||||
if (ctx != NULL)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
OPENSSL_clear_free(buf, num);
|
||||
return r;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -192,15 +192,14 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
from = em;
|
||||
|
||||
good = constant_time_is_zero(from[0]);
|
||||
good &= constant_time_eq(from[1], 2);
|
||||
good = constant_time_is_zero(em[0]);
|
||||
good &= constant_time_eq(em[1], 2);
|
||||
|
||||
/* scan over padding data */
|
||||
found_zero_byte = 0;
|
||||
for (i = 2; i < num; i++) {
|
||||
unsigned int equals0 = constant_time_is_zero(from[i]);
|
||||
unsigned int equals0 = constant_time_is_zero(em[i]);
|
||||
|
||||
zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
||||
i, zero_index);
|
||||
@ -208,7 +207,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
}
|
||||
|
||||
/*
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
||||
* also fails.
|
||||
*/
|
||||
@ -227,24 +226,25 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
|
||||
good &= constant_time_ge(tlen, mlen);
|
||||
|
||||
/*
|
||||
* Even though we can't fake result's length, we can pretend copying
|
||||
* |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
|
||||
* bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
|
||||
* where |mlen'| is "saturated" |mlen| value. Deducing information
|
||||
* about failure or |mlen| would take attacker's ability to observe
|
||||
* memory access pattern with byte granularity *as it occurs*. It
|
||||
* should be noted that failure is indistinguishable from normal
|
||||
* operation if |tlen| is fixed by protocol.
|
||||
* Move the result in-place by |num|-11-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |em|+11 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
|
||||
msg_index = constant_time_select_int(good, msg_index, num - tlen);
|
||||
mlen = num - msg_index;
|
||||
for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
|
||||
unsigned int equals = constant_time_eq(i, mlen);
|
||||
|
||||
from -= tlen & equals; /* if (i == mlen) rewind */
|
||||
mask &= mask ^ equals; /* if (i == mlen) mask = 0 */
|
||||
to[i] = constant_time_select_8(mask, from[i], to[i]);
|
||||
tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
|
||||
num - 11, tlen);
|
||||
for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
|
||||
for (i = 11; i < num - msg_index; i++)
|
||||
em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
||||
}
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
|
||||
}
|
||||
|
||||
OPENSSL_clear_free(em, num);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -7,6 +7,8 @@
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "internal/constant_time_locl.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/asn1t.h>
|
||||
@ -54,7 +56,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
|
||||
|
||||
if (rctx == NULL)
|
||||
return 0;
|
||||
rctx->nbits = 1024;
|
||||
rctx->nbits = 2048;
|
||||
rctx->primes = RSA_DEFAULT_PRIME_NUM;
|
||||
if (pkey_ctx_is_pss(ctx))
|
||||
rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
|
||||
@ -340,10 +342,9 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
|
||||
ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
|
||||
rctx->pad_mode);
|
||||
}
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
*outlen = ret;
|
||||
return 1;
|
||||
*outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
|
||||
ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int check_padding_md(const EVP_MD *md, int padding)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
|
||||
|
||||
/*
|
||||
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
|
||||
* if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
|
||||
* if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
|
||||
* preserves error code reporting for backward compatibility.
|
||||
*/
|
||||
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
@ -67,7 +67,10 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
unsigned int good, found_zero_byte, mask, threes_in_row;
|
||||
int zero_index = 0, msg_index, mlen = -1, err;
|
||||
|
||||
if (flen < 10) {
|
||||
if (tlen <= 0 || flen <= 0)
|
||||
return -1;
|
||||
|
||||
if (flen > num || num < 11) {
|
||||
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
|
||||
return -1;
|
||||
}
|
||||
@ -89,10 +92,9 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
from -= 1 & mask;
|
||||
*--em = *from & mask;
|
||||
}
|
||||
from = em;
|
||||
|
||||
good = constant_time_is_zero(from[0]);
|
||||
good &= constant_time_eq(from[1], 2);
|
||||
good = constant_time_is_zero(em[0]);
|
||||
good &= constant_time_eq(em[1], 2);
|
||||
err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
|
||||
mask = ~good;
|
||||
|
||||
@ -100,18 +102,18 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
found_zero_byte = 0;
|
||||
threes_in_row = 0;
|
||||
for (i = 2; i < num; i++) {
|
||||
unsigned int equals0 = constant_time_is_zero(from[i]);
|
||||
unsigned int equals0 = constant_time_is_zero(em[i]);
|
||||
|
||||
zero_index = constant_time_select_int(~found_zero_byte & equals0,
|
||||
i, zero_index);
|
||||
found_zero_byte |= equals0;
|
||||
|
||||
threes_in_row += 1 & ~found_zero_byte;
|
||||
threes_in_row &= found_zero_byte | constant_time_eq(from[i], 3);
|
||||
threes_in_row &= found_zero_byte | constant_time_eq(em[i], 3);
|
||||
}
|
||||
|
||||
/*
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
||||
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
|
||||
* If we never found a 0-byte, then |zero_index| is 0 and the check
|
||||
* also fails.
|
||||
*/
|
||||
@ -120,7 +122,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
RSA_R_NULL_BEFORE_BLOCK_MISSING);
|
||||
mask = ~good;
|
||||
|
||||
good &= constant_time_lt(threes_in_row, 8);
|
||||
good &= constant_time_ge(threes_in_row, 8);
|
||||
err = constant_time_select_int(mask | good, err,
|
||||
RSA_R_SSLV3_ROLLBACK_ATTACK);
|
||||
mask = ~good;
|
||||
@ -139,24 +141,25 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
|
||||
err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
|
||||
|
||||
/*
|
||||
* Even though we can't fake result's length, we can pretend copying
|
||||
* |tlen| bytes where |mlen| bytes would be real. Last |tlen| of |num|
|
||||
* bytes are viewed as circular buffer with start at |tlen|-|mlen'|,
|
||||
* where |mlen'| is "saturated" |mlen| value. Deducing information
|
||||
* about failure or |mlen| would take attacker's ability to observe
|
||||
* memory access pattern with byte granularity *as it occurs*. It
|
||||
* should be noted that failure is indistinguishable from normal
|
||||
* operation if |tlen| is fixed by protocol.
|
||||
* Move the result in-place by |num|-11-|mlen| bytes to the left.
|
||||
* Then if |good| move |mlen| bytes from |em|+11 to |to|.
|
||||
* Otherwise leave |to| unchanged.
|
||||
* Copy the memory back in a way that does not reveal the size of
|
||||
* the data being copied via a timing side channel. This requires copying
|
||||
* parts of the buffer multiple times based on the bits set in the real
|
||||
* length. Clear bits do a non-copy with identical access pattern.
|
||||
* The loop below has overall complexity of O(N*log(N)).
|
||||
*/
|
||||
tlen = constant_time_select_int(constant_time_lt(num, tlen), num, tlen);
|
||||
msg_index = constant_time_select_int(good, msg_index, num - tlen);
|
||||
mlen = num - msg_index;
|
||||
for (from += msg_index, mask = good, i = 0; i < tlen; i++) {
|
||||
unsigned int equals = constant_time_eq(i, mlen);
|
||||
|
||||
from -= tlen & equals; /* if (i == mlen) rewind */
|
||||
mask &= mask ^ equals; /* if (i == mlen) mask = 0 */
|
||||
to[i] = constant_time_select_8(mask, from[i], to[i]);
|
||||
tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
|
||||
num - 11, tlen);
|
||||
for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
|
||||
mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
|
||||
for (i = 11; i < num - msg_index; i++)
|
||||
em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
|
||||
}
|
||||
for (i = 0; i < tlen; i++) {
|
||||
mask = good & constant_time_lt(i, mlen);
|
||||
to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
|
||||
}
|
||||
|
||||
OPENSSL_clear_free(em, num);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -133,8 +133,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
|
||||
|
||||
ret = 1;
|
||||
err:
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
BN_CTX_free(ctx2);
|
||||
|
||||
@ -188,8 +187,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
|
||||
ok = 1;
|
||||
|
||||
error:
|
||||
if (ctx)
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
if (ok)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -78,30 +78,30 @@ static const unsigned char rhotates[5][5] = {
|
||||
};
|
||||
|
||||
static const uint64_t iotas[] = {
|
||||
BIT_INTERLEAVE ? 0x0000000000000001U : 0x0000000000000001U,
|
||||
BIT_INTERLEAVE ? 0x0000008900000000U : 0x0000000000008082U,
|
||||
BIT_INTERLEAVE ? 0x8000008b00000000U : 0x800000000000808aU,
|
||||
BIT_INTERLEAVE ? 0x8000808000000000U : 0x8000000080008000U,
|
||||
BIT_INTERLEAVE ? 0x0000008b00000001U : 0x000000000000808bU,
|
||||
BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
|
||||
BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
|
||||
BIT_INTERLEAVE ? 0x8000008200000001U : 0x8000000000008009U,
|
||||
BIT_INTERLEAVE ? 0x0000000b00000000U : 0x000000000000008aU,
|
||||
BIT_INTERLEAVE ? 0x0000000a00000000U : 0x0000000000000088U,
|
||||
BIT_INTERLEAVE ? 0x0000808200000001U : 0x0000000080008009U,
|
||||
BIT_INTERLEAVE ? 0x0000800300000000U : 0x000000008000000aU,
|
||||
BIT_INTERLEAVE ? 0x0000808b00000001U : 0x000000008000808bU,
|
||||
BIT_INTERLEAVE ? 0x8000000b00000001U : 0x800000000000008bU,
|
||||
BIT_INTERLEAVE ? 0x8000008a00000001U : 0x8000000000008089U,
|
||||
BIT_INTERLEAVE ? 0x8000008100000001U : 0x8000000000008003U,
|
||||
BIT_INTERLEAVE ? 0x8000008100000000U : 0x8000000000008002U,
|
||||
BIT_INTERLEAVE ? 0x8000000800000000U : 0x8000000000000080U,
|
||||
BIT_INTERLEAVE ? 0x0000008300000000U : 0x000000000000800aU,
|
||||
BIT_INTERLEAVE ? 0x8000800300000000U : 0x800000008000000aU,
|
||||
BIT_INTERLEAVE ? 0x8000808800000001U : 0x8000000080008081U,
|
||||
BIT_INTERLEAVE ? 0x8000008800000000U : 0x8000000000008080U,
|
||||
BIT_INTERLEAVE ? 0x0000800000000001U : 0x0000000080000001U,
|
||||
BIT_INTERLEAVE ? 0x8000808200000000U : 0x8000000080008008U
|
||||
BIT_INTERLEAVE ? 0x0000000000000001ULL : 0x0000000000000001ULL,
|
||||
BIT_INTERLEAVE ? 0x0000008900000000ULL : 0x0000000000008082ULL,
|
||||
BIT_INTERLEAVE ? 0x8000008b00000000ULL : 0x800000000000808aULL,
|
||||
BIT_INTERLEAVE ? 0x8000808000000000ULL : 0x8000000080008000ULL,
|
||||
BIT_INTERLEAVE ? 0x0000008b00000001ULL : 0x000000000000808bULL,
|
||||
BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL,
|
||||
BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL,
|
||||
BIT_INTERLEAVE ? 0x8000008200000001ULL : 0x8000000000008009ULL,
|
||||
BIT_INTERLEAVE ? 0x0000000b00000000ULL : 0x000000000000008aULL,
|
||||
BIT_INTERLEAVE ? 0x0000000a00000000ULL : 0x0000000000000088ULL,
|
||||
BIT_INTERLEAVE ? 0x0000808200000001ULL : 0x0000000080008009ULL,
|
||||
BIT_INTERLEAVE ? 0x0000800300000000ULL : 0x000000008000000aULL,
|
||||
BIT_INTERLEAVE ? 0x0000808b00000001ULL : 0x000000008000808bULL,
|
||||
BIT_INTERLEAVE ? 0x8000000b00000001ULL : 0x800000000000008bULL,
|
||||
BIT_INTERLEAVE ? 0x8000008a00000001ULL : 0x8000000000008089ULL,
|
||||
BIT_INTERLEAVE ? 0x8000008100000001ULL : 0x8000000000008003ULL,
|
||||
BIT_INTERLEAVE ? 0x8000008100000000ULL : 0x8000000000008002ULL,
|
||||
BIT_INTERLEAVE ? 0x8000000800000000ULL : 0x8000000000000080ULL,
|
||||
BIT_INTERLEAVE ? 0x0000008300000000ULL : 0x000000000000800aULL,
|
||||
BIT_INTERLEAVE ? 0x8000800300000000ULL : 0x800000008000000aULL,
|
||||
BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL,
|
||||
BIT_INTERLEAVE ? 0x8000008800000000ULL : 0x8000000000008080ULL,
|
||||
BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL,
|
||||
BIT_INTERLEAVE ? 0x8000808200000000ULL : 0x8000000080008008ULL
|
||||
};
|
||||
|
||||
#if defined(KECCAK_REF)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -297,6 +297,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
|
||||
if (ctx == NULL)
|
||||
return 0;
|
||||
|
||||
stmp.type = X509_LU_NONE;
|
||||
stmp.data.ptr = NULL;
|
||||
|
||||
CRYPTO_THREAD_write_lock(ctx->lock);
|
||||
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
|
||||
CRYPTO_THREAD_unlock(ctx->lock);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@ -143,7 +143,7 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
|
||||
a->type = type;
|
||||
}
|
||||
|
||||
void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
|
||||
void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
|
||||
{
|
||||
if (ptype)
|
||||
*ptype = a->type;
|
||||
@ -188,7 +188,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
|
||||
return 1;
|
||||
}
|
||||
|
||||
int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen,
|
||||
int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
|
||||
ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
|
||||
{
|
||||
if (gen->type != GEN_OTHERNAME)
|
||||
|
@ -118,7 +118,7 @@ or ED448 algorithms.
|
||||
|
||||
=item B<rsa_keygen_bits:numbits>
|
||||
|
||||
The number of bits in the generated key. If not specified 1024 is used.
|
||||
The number of bits in the generated key. If not specified 2048 is used.
|
||||
|
||||
=item B<rsa_keygen_primes:numprimes>
|
||||
|
||||
@ -185,12 +185,12 @@ below.
|
||||
|
||||
=item B<dsa_paramgen_bits:numbits>
|
||||
|
||||
The number of bits in the generated prime. If not specified 1024 is used.
|
||||
The number of bits in the generated prime. If not specified 2048 is used.
|
||||
|
||||
=item B<dsa_paramgen_q_bits:numbits>
|
||||
|
||||
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
|
||||
specified 160 is used.
|
||||
specified 224 is used.
|
||||
|
||||
=item B<dsa_paramgen_md:digest>
|
||||
|
||||
@ -209,7 +209,7 @@ or B<sha256> if it is 256.
|
||||
|
||||
=item B<dh_paramgen_prime_len:numbits>
|
||||
|
||||
The number of bits in the prime parameter B<p>. The default is 1024.
|
||||
The number of bits in the prime parameter B<p>. The default is 2048.
|
||||
|
||||
=item B<dh_paramgen_subprime_len:numbits>
|
||||
|
||||
@ -325,7 +325,7 @@ The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -272,20 +272,19 @@ value less than the minimum restriction.
|
||||
=head1 DSA ALGORITHM
|
||||
|
||||
The DSA algorithm supports signing and verification operations only. Currently
|
||||
there are no additional options other than B<digest>. Only the SHA1
|
||||
digest can be used and this digest is assumed by default.
|
||||
there are no additional B<-pkeyopt> options other than B<digest>. The SHA1
|
||||
digest is assumed by default.
|
||||
|
||||
=head1 DH ALGORITHM
|
||||
|
||||
The DH algorithm only supports the derivation operation and no additional
|
||||
options.
|
||||
B<-pkeyopt> options.
|
||||
|
||||
=head1 EC ALGORITHM
|
||||
|
||||
The EC algorithm supports sign, verify and derive operations. The sign and
|
||||
verify operations use ECDSA and derive uses ECDH. Currently there are no
|
||||
additional options other than B<digest>. Only the SHA1 digest can be used and
|
||||
this digest is assumed by default.
|
||||
verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for
|
||||
the B<-pkeyopt> B<digest> option.
|
||||
|
||||
=head1 X25519 and X448 ALGORITHMS
|
||||
|
||||
@ -328,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -201,7 +201,7 @@ Even though SNI should normally be a DNS name and not an IP address, if
|
||||
B<-servername> is provided then that name will be sent, regardless of whether
|
||||
it is a DNS name or not.
|
||||
|
||||
This option cannot be used in conjuction with B<-noservername>.
|
||||
This option cannot be used in conjunction with B<-noservername>.
|
||||
|
||||
=item B<-noservername>
|
||||
|
||||
@ -542,7 +542,7 @@ further information).
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
There are several known bug in SSL and TLS implementations. Adding this
|
||||
There are several known bugs in SSL and TLS implementations. Adding this
|
||||
option enables various workarounds.
|
||||
|
||||
=item B<-comp>
|
||||
|
@ -542,7 +542,7 @@ OpenSSL was built.
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
There are several known bug in SSL and TLS implementations. Adding this
|
||||
There are several known bugs in SSL and TLS implementations. Adding this
|
||||
option enables various workarounds.
|
||||
|
||||
=item B<-no_comp>
|
||||
|
@ -127,7 +127,7 @@ OpenSSL was built.
|
||||
|
||||
=item B<-bugs>
|
||||
|
||||
There are several known bug in SSL and TLS implementations. Adding this
|
||||
There are several known bugs in SSL and TLS implementations. Adding this
|
||||
option enables various workarounds.
|
||||
|
||||
=item B<-cipher cipherlist>
|
||||
@ -202,7 +202,7 @@ L<s_client(1)>, L<s_server(1)>, L<ciphers(1)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -262,7 +262,7 @@ specified, the argument is given to the engine as a key identifier.
|
||||
=item B<-I<digest>>
|
||||
|
||||
Signing digest to use. Overrides the B<signer_digest> config file
|
||||
option. (Optional)
|
||||
option. (Mandatory unless specified in the config file)
|
||||
|
||||
=item B<-chain> certs_file.pem
|
||||
|
||||
@ -460,7 +460,8 @@ command line option. (Optional)
|
||||
=item B<signer_digest>
|
||||
|
||||
Signing digest to use. The same as the
|
||||
B<-I<digest>> command line option. (Optional)
|
||||
B<-I<digest>> command line option. (Mandatory unless specified on the command
|
||||
line)
|
||||
|
||||
=item B<default_policy>
|
||||
|
||||
@ -664,7 +665,7 @@ L<config(5)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -173,38 +173,6 @@ certificates complying with RFC5280 et al use GMT anyway.
|
||||
Use the ASN1_TIME_normalize() function to normalize the time value before
|
||||
printing to get GMT results.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Set a time structure to one hour after the current time and print it out:
|
||||
|
||||
#include <time.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_TIME *tm;
|
||||
time_t t;
|
||||
BIO *b;
|
||||
|
||||
t = time(NULL);
|
||||
tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
|
||||
b = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
ASN1_TIME_print(b, tm);
|
||||
ASN1_STRING_free(tm);
|
||||
BIO_free(b);
|
||||
|
||||
Determine if one time is later or sooner than the current time:
|
||||
|
||||
int day, sec;
|
||||
|
||||
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
|
||||
/* Invalid time format */
|
||||
|
||||
if (day > 0 || sec > 0)
|
||||
printf("Later\n");
|
||||
else if (day < 0 || sec < 0)
|
||||
printf("Sooner\n");
|
||||
else
|
||||
printf("Same\n");
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ASN1_TIME_set(), ASN1_UTCTIME_set(), ASN1_GENERALIZEDTIME_set(), ASN1_TIME_adj(),
|
||||
@ -238,6 +206,38 @@ ASN1_TIME_compare() returns -1 if B<a> is before B<b>, 0 if B<a> equals B<b>, or
|
||||
ASN1_TIME_to_generalizedtime() returns a pointer to
|
||||
the appropriate time structure on success or NULL if an error occurred.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Set a time structure to one hour after the current time and print it out:
|
||||
|
||||
#include <time.h>
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
ASN1_TIME *tm;
|
||||
time_t t;
|
||||
BIO *b;
|
||||
|
||||
t = time(NULL);
|
||||
tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
|
||||
b = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
ASN1_TIME_print(b, tm);
|
||||
ASN1_STRING_free(tm);
|
||||
BIO_free(b);
|
||||
|
||||
Determine if one time is later or sooner than the current time:
|
||||
|
||||
int day, sec;
|
||||
|
||||
if (!ASN1_TIME_diff(&day, &sec, NULL, to))
|
||||
/* Invalid time format */
|
||||
|
||||
if (day > 0 || sec > 0)
|
||||
printf("Later\n");
|
||||
else if (day < 0 || sec < 0)
|
||||
printf("Sooner\n");
|
||||
else
|
||||
printf("Same\n");
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1.
|
||||
@ -248,7 +248,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -162,6 +162,13 @@ bits are zero.
|
||||
|
||||
=back
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ASN1_generate_nconf() and ASN1_generate_v3() return the encoded
|
||||
data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred.
|
||||
|
||||
The error codes that can be obtained by L<ERR_get_error(3)>.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
A simple IA5String:
|
||||
@ -247,20 +254,13 @@ structure:
|
||||
|
||||
e=INTEGER:0x010001
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ASN1_generate_nconf() and ASN1_generate_v3() return the encoded
|
||||
data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred.
|
||||
|
||||
The error codes that can be obtained by L<ERR_get_error(3)>.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -95,19 +95,19 @@ B<INVALID_SOCKET> (-1) on error. When an error has occurred, the
|
||||
OpenSSL error stack will hold the error data and errno has the system
|
||||
error.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(),
|
||||
BIO_get_accept_socket() and BIO_accept() were deprecated in
|
||||
OpenSSL 1.1.0. Use the functions described above instead.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<BIO_ADDR(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
BIO_gethostname(), BIO_get_port(), BIO_get_host_ip(),
|
||||
BIO_get_accept_socket() and BIO_accept() were deprecated in OpenSSL 1.1.0.
|
||||
Use the functions described above instead.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -36,6 +36,13 @@ The process of calling BIO_push() and BIO_pop() on a BIO may have additional
|
||||
consequences (a control call is made to the affected BIOs) any effects will
|
||||
be noted in the descriptions of individual BIOs.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
BIO_push() returns the end of the chain, B<b>.
|
||||
|
||||
BIO_pop() returns the next BIO in the chain, or NULL if there is no next
|
||||
BIO.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is
|
||||
@ -62,13 +69,6 @@ by B<md1> and B<md2>. If the call:
|
||||
The call will return B<b64> and the new chain will be B<md1-b64-f> data can
|
||||
be written to B<md1> as before.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
BIO_push() returns the end of the chain, B<b>.
|
||||
|
||||
BIO_pop() returns the next BIO in the chain, or NULL if there is no next
|
||||
BIO.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<bio>
|
||||
@ -79,7 +79,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -80,6 +80,24 @@ On Windows BIO_new_files reserves for the filename argument to be
|
||||
UTF-8 encoded. In other words if you have to make it work in multi-
|
||||
lingual environment, encode file names in UTF-8.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
BIO_s_file() returns the file BIO method.
|
||||
|
||||
BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
|
||||
occurred.
|
||||
|
||||
BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
|
||||
(although the current implementation never return 0).
|
||||
|
||||
BIO_seek() returns the same value as the underlying fseek() function:
|
||||
0 for success or -1 for failure.
|
||||
|
||||
BIO_tell() returns the current file position.
|
||||
|
||||
BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
|
||||
BIO_rw_filename() return 1 for success or 0 for failure.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
File BIO "hello world":
|
||||
@ -122,24 +140,6 @@ Alternative technique:
|
||||
BIO_printf(out, "Hello World\n");
|
||||
BIO_free(out);
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
BIO_s_file() returns the file BIO method.
|
||||
|
||||
BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
|
||||
occurred.
|
||||
|
||||
BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
|
||||
(although the current implementation never return 0).
|
||||
|
||||
BIO_seek() returns the same value as the underlying fseek() function:
|
||||
0 for success or -1 for failure.
|
||||
|
||||
BIO_tell() returns the current file position.
|
||||
|
||||
BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
|
||||
BIO_rw_filename() return 1 for success or 0 for failure.
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
BIO_reset() and BIO_seek() are implemented using fseek() on the underlying
|
||||
@ -158,7 +158,7 @@ L<BIO_set_close(3)>, L<BIO_get_close(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -88,6 +88,22 @@ a buffering BIO to the chain will speed up the process.
|
||||
Calling BIO_set_mem_buf() on a BIO created with BIO_new_secmem() will
|
||||
give undefined results, including perhaps a program crash.
|
||||
|
||||
Switching the memory BIO from read write to read only is not supported and
|
||||
can give undefined results including a program crash. There are two notable
|
||||
exceptions to the rule. The first one is to assign a static memory buffer
|
||||
immediately after BIO creation and set the BIO as read only.
|
||||
|
||||
The other supported sequence is to start with read write BIO then temporarily
|
||||
switch it to read only and call BIO_reset() on the read only BIO immediately
|
||||
before switching it back to read write. Before the BIO is freed it must be
|
||||
switched back to the read write mode.
|
||||
|
||||
Calling BIO_get_mem_ptr() on read only BIO will return a BUF_MEM that
|
||||
contains only the remaining data to be read. If the close status of the
|
||||
BIO is set to BIO_NOCLOSE, before freeing the BUF_MEM the data pointer
|
||||
in it must be set to NULL as the data pointer does not point to an
|
||||
allocated memory.
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
There should be an option to set the maximum size of a memory BIO.
|
||||
@ -124,7 +140,7 @@ BIO_new_mem_buf() returns a valid B<BIO> structure on success or NULL on error.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -27,6 +27,7 @@ calls must be made before calling any other functions that use the
|
||||
B<ctx> as an argument.
|
||||
|
||||
Finally, BN_CTX_end() must be called before returning from the function.
|
||||
If B<ctx> is NULL, nothing is done.
|
||||
When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
|
||||
BN_CTX_get() become invalid.
|
||||
|
||||
@ -47,7 +48,7 @@ L<BN_CTX_new(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -27,6 +27,7 @@ OPENSSL_secure_malloc(3) is used to store the value.
|
||||
BN_clear() is used to destroy sensitive data such as keys when they
|
||||
are no longer needed. It erases the memory used by B<a> and sets it
|
||||
to the value 0.
|
||||
If B<a> is NULL, nothing is done.
|
||||
|
||||
BN_free() frees the components of the B<BIGNUM>, and if it was created
|
||||
by BN_new(), also the structure itself. BN_clear_free() additionally
|
||||
@ -53,7 +54,7 @@ BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -59,6 +59,15 @@ seeded with enough randomness to ensure an unpredictable byte sequence.
|
||||
The functions return 1 on success, 0 on error.
|
||||
The error codes can be obtained by L<ERR_get_error(3)>.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>,
|
||||
L<RAND_add(3)>,
|
||||
L<RAND_bytes(3)>,
|
||||
L<RAND_priv_bytes(3)>,
|
||||
L<RAND(7)>,
|
||||
L<RAND_DRBG(7)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
=over 2
|
||||
@ -78,18 +87,9 @@ BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1.
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>,
|
||||
L<RAND_add(3)>,
|
||||
L<RAND_bytes(3)>,
|
||||
L<RAND_priv_bytes(3)>,
|
||||
L<RAND(7)>,
|
||||
L<RAND_DRBG(7)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user