diff --git a/CHANGES b/CHANGES index c6ca3439480e..0250e4ef026b 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,73 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1d and 1.1.1e [17 Mar 2020] + *) Properly detect EOF while reading in libssl. Previously if we hit an EOF + while reading in libssl then we would report an error back to the + application (SSL_ERROR_SYSCALL) but errno would be 0. We now add + an error to the stack (which means we instead return SSL_ERROR_SSL) and + therefore give a hint as to what went wrong. + [Matt Caswell] + + *) Check that ed25519 and ed448 are allowed by the security level. Previously + signature algorithms not using an MD were not being checked that they were + allowed by the security level. + [Kurt Roeckx] + + *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername() + was not quite right. The behaviour was not consistent between resumption + and normal handshakes, and also not quite consistent with historical + behaviour. The behaviour in various scenarios has been clarified and + it has been updated to make it match historical behaviour as closely as + possible. + [Matt Caswell] + + *) [VMS only] The header files that the VMS compilers include automatically, + __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that + the C++ compiler doesn't understand. This is a shortcoming in the + compiler, but can be worked around with __cplusplus guards. + + C++ applications that use OpenSSL libraries must be compiled using the + qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL + functions. Otherwise, only functions with symbols of less than 31 + characters can be used, as the linker will not be able to successfully + resolve symbols with longer names. + [Richard Levitte] + + *) Corrected the documentation of the return values from the EVP_DigestSign* + set of functions. The documentation mentioned negative values for some + errors, but this was never the case, so the mention of negative values + was removed. + + Code that followed the documentation and thereby check with something + like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed. + [Richard Levitte] + + *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against DH512 + are considered just feasible. However, for an attack the target would + have to re-use the DH512 private key, which is not recommended anyway. + Also applications directly using the low level API BN_mod_exp may be + affected if they use BN_FLG_CONSTTIME. + (CVE-2019-1551) + [Andy Polyakov] + + *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. + The presence of this system service is determined at run-time. + [Richard Levitte] + + *) Added newline escaping functionality to a filename when using openssl dgst. + This output format is to replicate the output format found in the '*sum' + checksum programs. This aims to preserve backward compatibility. + [Matt Eaton, Richard Levitte, and Paul Dale] + + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random @@ -633,9 +700,9 @@ bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such alerts across multiple records (some of which could be empty). In practice it make no sense to send an empty alert record, or to fragment one. TLSv1.3 - prohibts this altogether and other libraries (BoringSSL, NSS) do not + prohibits this altogether and other libraries (BoringSSL, NSS) do not support this at all. Supporting it adds significant complexity to the - record layer, and its removal is unlikely to cause inter-operability + record layer, and its removal is unlikely to cause interoperability issues. [Matt Caswell] @@ -3652,7 +3719,7 @@ implementations). [Emilia Käsper, Adam Langley, Bodo Moeller (Google)] - *) Use type ossl_ssize_t instad of ssize_t which isn't available on + *) Use type ossl_ssize_t instead of ssize_t which isn't available on all platforms. Move ssize_t definition from e_os.h to the public header file e_os2.h as it now appears in public header file cms.h [Steve Henson] @@ -8373,7 +8440,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New OCSP utility. Allows OCSP requests to be generated or read. The request can be sent to a responder and the output - parsed, outputed or printed in text form. Not complete yet: + parsed, outputted or printed in text form. Not complete yet: still needs to check the OCSP response validity. [Steve Henson] @@ -9368,7 +9435,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Andy Polyakov] *) Modified SSL library such that the verify_callback that has been set - specificly for an SSL object with SSL_set_verify() is actually being + specifically for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced @@ -10485,10 +10552,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k as other interfaces in OpenSSL, like the BIO interface. NCONF_dump_* dump the internal storage of the configuration file, which is useful for debugging. All other functions take the same - arguments as the old CONF_* functions wth the exception of the + arguments as the old CONF_* functions with the exception of the first that must be a `CONF *' instead of a `LHASH *'. - To make it easer to use the new classes with the old CONF_* functions, + To make it easier to use the new classes with the old CONF_* functions, the function CONF_set_default_method is provided. [Richard Levitte] @@ -12331,7 +12398,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k than the old method: it now uses a modified version of Ulf's parser to read the ANSI prototypes in all header files (thus the old K&R definitions aren't needed for error creation any more) and do a better job of - translating function codes into names. The old 'ASN1 error code imbedded + translating function codes into names. The old 'ASN1 error code embedded in a comment' is no longer necessary and it doesn't use .err files which have now been deleted. Also the error code call doesn't have to appear all on one line (which resulted in some large lines...). @@ -12632,7 +12699,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Add a useful kludge to allow package maintainers to specify compiler and other platforms details on the command line without having to patch the - Configure script everytime: One now can use ``perl Configure + Configure script every time: One now can use ``perl Configure :
'', i.e. platform ids are allowed to have details appended to them (separated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key with value diff --git a/CONTRIBUTING b/CONTRIBUTING index 5d717763d51e..57be75ce2b8a 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -58,7 +58,7 @@ guidelines: consider adding a note in CHANGES. This could be a summarising description of the change, and could explain the grander details. Have a look through existing entries for inspiration. - Please note that this is NOT simply a copy of git-log oneliners. + Please note that this is NOT simply a copy of git-log one-liners. Also note that security fixes get an entry in CHANGES. This file helps users get more in depth information of what comes with a specific release without having to sift through the higher diff --git a/Configure b/Configure index 5a699836f32a..2e9efaa5f3da 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,15 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # no-sse2 disables IA-32 SSE2 code in assembly modules, the above # mentioned '386' option implies this one # no- build without specified algorithm (rsa, idea, rc5, ...) -# - + compiler options are passed through +# - + All options which are unknown to the 'Configure' script are +# / passed through to the compiler. Unix-style options beginning +# with a '-' or '+' are recognized, as well as Windows-style +# options beginning with a '/'. If the option contains arguments +# separated by spaces, then the URL-style notation %20 can be +# used for the space character in order to avoid having to quote +# the option. For example, -opt%20arg gets expanded to -opt arg. +# In fact, any ASCII character can be encoded as %xx using its +# hexadecimal encoding. # -static while -static is also a pass-through compiler option (and # as such is limited to environments where it's actually # meaningful), it triggers a number configuration options, @@ -152,6 +160,10 @@ my @clang_devteam_warn = qw( -Wmissing-variable-declarations ); +my @cl_devteam_warn = qw( + /WX +); + # This adds backtrace information to the memory leak info. Is only used # when crypto-mdebug-backtrace is enabled. my $memleak_devteam_backtrace = "-rdynamic"; @@ -346,6 +358,7 @@ my @disablables = ( "dgram", "dh", "dsa", + "dso", "dtls", "dynamic-engine", "ec", @@ -423,7 +436,6 @@ my %deprecated_disablables = ( "buf-freelists" => undef, "ripemd" => "rmd160", "ui" => "ui-console", - "dso" => "", # Empty string means we're silent about it ); # All of the following are disabled by default: @@ -480,6 +492,7 @@ my @disable_cascades = ( # Without position independent code, there can be no shared libraries or DSOs "pic" => [ "shared" ], "shared" => [ "dynamic-engine" ], + "dso" => [ "dynamic-engine" ], "engine" => [ "afalgeng", "devcryptoeng" ], # no-autoalginit is only useful when building non-shared @@ -520,7 +533,7 @@ while ((my $first, my $second) = (shift @list, shift @list)) { &usage if ($#ARGV < 0); -# For the "make variables" CINCLUDES and CDEFINES, we support lists with +# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with # platform specific list separators. Users from those platforms should # recognise those separators from how you set up the PATH to find executables. # The default is the Unix like separator, :, but as an exception, we also @@ -776,7 +789,7 @@ while (@argvcopy) { die "FIPS mode not supported\n"; } - elsif (/^[-+]/) + elsif (m|^[-+/]|) { if (/^--prefix=(.*)$/) { @@ -853,11 +866,11 @@ while (@argvcopy) { push @{$useradd{LDFLAGS}}, $_; } - elsif (/^-D(.*)$/) + elsif (m|^[-/]D(.*)$|) { push @{$useradd{CPPDEFINES}}, $1; } - elsif (/^-I(.*)$/) + elsif (m|^[-/]I(.*)$|) { push @{$useradd{CPPINCLUDES}}, $1; } @@ -867,11 +880,23 @@ while (@argvcopy) } else # common if (/^[-+]/), just pass down... { + # Treat %xx as an ASCII code (e.g. replace %20 by a space character). + # This provides a simple way to pass options with arguments separated + # by spaces without quoting (e.g. -opt%20arg translates to -opt arg). $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; push @{$useradd{CFLAGS}}, $_; push @{$useradd{CXXFLAGS}}, $_; } } + elsif (m|^/|) + { + # Treat %xx as an ASCII code (e.g. replace %20 by a space character). + # This provides a simple way to pass options with arguments separated + # by spaces without quoting (e.g. /opt%20arg translates to /opt arg). + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + push @{$useradd{CFLAGS}}, $_; + push @{$useradd{CXXFLAGS}}, $_; + } else { die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); @@ -949,7 +974,11 @@ foreach (keys %user) { if (defined $value) { if (ref $user{$_} eq 'ARRAY') { - $user{$_} = [ split /$list_separator_re/, $value ]; + if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') { + $user{$_} = [ split /$list_separator_re/, $value ]; + } else { + $user{$_} = [ $value ]; + } } elsif (!defined $user{$_}) { $user{$_} = $value; } @@ -1162,43 +1191,6 @@ foreach (keys %useradd) { # Allow overriding the build file name $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; -my %disabled_info = (); # For configdata.pm -foreach my $what (sort keys %disabled) { - $config{options} .= " no-$what"; - - if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic', - 'dynamic-engine', 'makedepend', - 'zlib-dynamic', 'zlib', 'sse2' )) { - (my $WHAT = uc $what) =~ s|-|_|g; - - # Fix up C macro end names - $WHAT = "RMD160" if $what eq "ripemd"; - - # fix-up crypto/directory name(s) - $what = "ripemd" if $what eq "rmd160"; - $what = "whrlpool" if $what eq "whirlpool"; - - my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; - - if ((grep { $what eq $_ } @{$config{sdirs}}) - && $what ne 'async' && $what ne 'err') { - @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; - $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; - - if ($what ne 'engine') { - push @{$config{openssl_algorithm_defines}}, $macro; - } else { - @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; - push @{$disabled_info{engine}->{skipped}}, catdir('engines'); - push @{$config{openssl_other_defines}}, $macro; - } - } else { - push @{$config{openssl_other_defines}}, $macro; - } - - } -} - # Make sure build_scheme is consistent. $target{build_scheme} = [ $target{build_scheme} ] if ref($target{build_scheme}) ne "ARRAY"; @@ -1288,10 +1280,8 @@ if ($target{shared_target} eq "") } if ($disabled{"dynamic-engine"}) { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; $config{dynamic_engines} = 0; } else { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE"; $config{dynamic_engines} = 1; } @@ -1375,6 +1365,7 @@ unless ($disabled{asm}) { } if ($target{aes_asm_src}) { push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; + push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);; # aes-ctr.fake is not a real file, only indication that assembler # module implements AES_ctr32_encrypt... push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); @@ -1501,11 +1492,20 @@ if ($strict_warnings) my $wopt; my $gccver = $predefined_C{__GNUC__} // -1; - warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike" - unless $gccver >= 4; - push @strict_warnings_collection, @gcc_devteam_warn; - push @strict_warnings_collection, @clang_devteam_warn - if (defined($predefined_C{__clang__})); + if ($gccver >= 4) + { + push @strict_warnings_collection, @gcc_devteam_warn; + push @strict_warnings_collection, @clang_devteam_warn + if (defined($predefined_C{__clang__})); + } + elsif ($config{target} =~ /^VC-/) + { + push @strict_warnings_collection, @cl_devteam_warn; + } + else + { + warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC" + } } if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { @@ -1552,7 +1552,20 @@ unless ($disabled{afalgeng}) { } } -push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); +unless ($disabled{devcryptoeng}) { + if ($target =~ m/^BSD/) { + my $maxver = 5*100 + 7; + my $sysstr = `uname -s`; + my $verstr = `uname -r`; + $sysstr =~ s|\R$||; + $verstr =~ s|\R$||; + my ($ma, $mi, @rest) = split m|\.|, $verstr; + my $ver = $ma*100 + $mi; + if ($sysstr eq 'OpenBSD' && $ver >= $maxver) { + disable('too-new-kernel', 'devcryptoeng'); + } + } +} # Get the extra flags used when building shared libraries and modules. We # do this late because some of them depend on %disabled. @@ -1597,6 +1610,49 @@ $target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_l # ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON +my %disabled_info = (); # For configdata.pm +foreach my $what (sort keys %disabled) { + $config{options} .= " no-$what"; + + if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic', + 'dynamic-engine', 'makedepend', + 'zlib-dynamic', 'zlib', 'sse2' )) { + (my $WHAT = uc $what) =~ s|-|_|g; + + # Fix up C macro end names + $WHAT = "RMD160" if $what eq "ripemd"; + + # fix-up crypto/directory name(s) + $what = "ripemd" if $what eq "rmd160"; + $what = "whrlpool" if $what eq "whirlpool"; + + my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; + + if ((grep { $what eq $_ } @{$config{sdirs}}) + && $what ne 'async' && $what ne 'err' && $what ne 'dso') { + @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}}; + $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ]; + + if ($what ne 'engine') { + push @{$config{openssl_algorithm_defines}}, $macro; + } else { + @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; + push @{$disabled_info{engine}->{skipped}}, catdir('engines'); + push @{$config{openssl_other_defines}}, $macro; + } + } else { + push @{$config{openssl_other_defines}}, $macro; + } + + } +} + +if ($disabled{"dynamic-engine"}) { + push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; +} else { + push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE"; +} + # If we use the unified build, collect information from build.info files my %unified_info = (); diff --git a/FREEBSD-upgrade b/FREEBSD-upgrade index c60153e376bd..fe4fdb9adb2e 100644 --- a/FREEBSD-upgrade +++ b/FREEBSD-upgrade @@ -11,7 +11,7 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://repo.freebsd.org/base" -setenv OSSLVER 1.1.1d +setenv OSSLVER 1.1.1e ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` diff --git a/INSTALL b/INSTALL index 2119cbae9e59..328ad2baf480 100644 --- a/INSTALL +++ b/INSTALL @@ -351,6 +351,9 @@ Don't build support for datagram based BIOs. Selecting this option will also force the disabling of DTLS. + no-dso + Don't build support for loading Dynamic Shared Objects. + enable-devcryptoeng Build the /dev/crypto engine. It is automatically selected on BSD implementations, in which case it can be disabled with @@ -605,10 +608,19 @@ Take note of the VAR=value documentation below and how these flags interact with those variables. - -xxx, +xxx + -xxx, +xxx, /xxx Additional options that are not otherwise recognised are - passed through as they are to the compiler as well. Again, - consult your compiler documentation. + passed through as they are to the compiler as well. + Unix-style options beginning with a '-' or '+' and + Windows-style options beginning with a '/' are recognized. + Again, consult your compiler documentation. + + If the option contains arguments separated by spaces, + then the URL-style notation %20 can be used for the space + character in order to avoid having to quote the option. + For example, -opt%20arg gets expanded to -opt arg. + In fact, any ASCII character can be encoded as %xx using its + hexadecimal encoding. Take note of the VAR=value documentation below and how these flags interact with those variables. @@ -1071,7 +1083,7 @@ HASHBANGPERL The command string for the Perl executable to insert in the - #! line of perl scripts that will be publically installed. + #! line of perl scripts that will be publicly installed. Default: /usr/bin/env perl Note: the value of this variable is added to the same scripts on all platforms, but it's only relevant on Unix-like platforms. diff --git a/NEWS b/NEWS index 1c88dee35389..eba6c3b6d93f 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] + + o Fixed an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli (CVE-2019-1551) + Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] o Fixed a fork protection issue (CVE-2019-1549) diff --git a/README b/README index 51bb4789be2a..8e9ce75a335d 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1d 10 Sep 2019 + OpenSSL 1.1.1e 17 Mar 2020 Copyright (c) 1998-2019 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/apps.c b/apps/apps.c index 7177c5d98266..c06241abb975 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in) size_t len; unsigned char *out; size_t i, start = 0; + size_t skipped = 0; len = strlen(in); - if (len >= 65535) + if (len == 0 || len >= 65535) return NULL; - out = app_malloc(strlen(in) + 1, "NPN buffer"); + out = app_malloc(len + 1, "NPN buffer"); for (i = 0; i <= len; ++i) { if (i == len || in[i] == ',') { + /* + * Zero-length ALPN elements are invalid on the wire, we could be + * strict and reject the entire string, but just ignoring extra + * commas seems harmless and more friendly. + * + * Every comma we skip in this way puts the input buffer another + * byte ahead of the output buffer, so all stores into the output + * buffer need to be decremented by the number commas skipped. + */ + if (i == start) { + ++start; + ++skipped; + continue; + } if (i - start > 255) { OPENSSL_free(out); return NULL; } - out[start] = (unsigned char)(i - start); + out[start-skipped] = (unsigned char)(i - start); start = i + 1; } else { - out[i + 1] = in[i]; + out[i + 1 - skipped] = in[i]; } } - *outlen = len + 1; + if (len <= skipped) { + OPENSSL_free(out); + return NULL; + } + + *outlen = len + 1 - skipped; return out; } diff --git a/apps/apps.h b/apps/apps.h index 4a3e1a88573e..34c3fd8633c1 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_APPS_H -# define HEADER_APPS_H +#ifndef OSSL_APPS_H +# define OSSL_APPS_H # include "e_os.h" /* struct timeval for DTLS */ # include "internal/nelem.h" diff --git a/apps/dgst.c b/apps/dgst.c index d6f5a0e2e712..e595f7d8186f 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -19,6 +19,7 @@ #include #include #include +#include #undef BUFSIZE #define BUFSIZE 1024*8 @@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file); +static void show_digests(const OBJ_NAME *name, void *bio_); + +struct doall_dgst_digests { + BIO *bio; + int n; +}; typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST, OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, @@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = { {OPT_HELP_STR, 1, '-', " file... files to digest (default is stdin)\n"}, {"help", OPT_HELP, '-', "Display this summary"}, + {"list", OPT_LIST, '-', "List digests"}, {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, @@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv) int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0; unsigned char *buf = NULL, *sigbuf = NULL; int engine_impl = 0; + struct doall_dgst_digests dec; prog = opt_progname(argv[0]); buf = app_malloc(BUFSIZE, "I/O buffer"); @@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv) opt_help(dgst_options); ret = 0; goto end; + case OPT_LIST: + BIO_printf(bio_out, "Supported digests:\n"); + dec.bio = bio_out; + dec.n = 0; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, + show_digests, &dec); + BIO_printf(bio_out, "\n"); + ret = 0; + goto end; case OPT_C: separator = 1; break; @@ -413,20 +431,86 @@ int dgst_main(int argc, char **argv) return ret; } +static void show_digests(const OBJ_NAME *name, void *arg) +{ + struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; + const EVP_MD *md = NULL; + + /* Filter out signed digests (a.k.a signature algorithms) */ + if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) + return; + + if (!islower((unsigned char)*name->name)) + return; + + /* Filter out message digests that we cannot use */ + md = EVP_get_digestbyname(name->name); + if (md == NULL) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; + } else { + BIO_printf(dec->bio, " "); + } +} + +/* + * The newline_escape_filename function performs newline escaping for any + * filename that contains a newline. This function also takes a pointer + * to backslash. The backslash pointer is a flag to indicating whether a newline + * is present in the filename. If a newline is present, the backslash flag is + * set and the output format will contain a backslash at the beginning of the + * digest output. This output format is to replicate the output format found + * in the '*sum' checksum programs. This aims to preserve backward + * compatibility. + */ +static const char *newline_escape_filename(const char *file, int * backslash) +{ + size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0; + char *file_cpy = NULL; + + for (i = 0; i < length; i++) + if (file[i] == '\n') + newline_count++; + + mem_len = length + newline_count + 1; + file_cpy = app_malloc(mem_len, file); + i = 0; + + while(e < length) { + const char c = file[e]; + if (c == '\n') { + file_cpy[i++] = '\\'; + file_cpy[i++] = 'n'; + *backslash = 1; + } else { + file_cpy[i++] = c; + } + e++; + } + file_cpy[i] = '\0'; + return (const char*)file_cpy; +} + + int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *sig_name, const char *md_name, const char *file) { - size_t len; - int i; + size_t len = BUFSIZE; + int i, backslash = 0, ret = 1; + unsigned char *sigbuf = NULL; while (BIO_pending(bp) || !BIO_eof(bp)) { i = BIO_read(bp, (char *)buf, BUFSIZE); if (i < 0) { BIO_printf(bio_err, "Read Error in %s\n", file); ERR_print_errors(bio_err); - return 1; + goto end; } if (i == 0) break; @@ -439,37 +523,51 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, BIO_printf(out, "Verified OK\n"); } else if (i == 0) { BIO_printf(out, "Verification Failure\n"); - return 1; + goto end; } else { BIO_printf(bio_err, "Error Verifying Data\n"); ERR_print_errors(bio_err); - return 1; + goto end; } - return 0; + ret = 0; + goto end; } if (key != NULL) { EVP_MD_CTX *ctx; + int pkey_len; BIO_get_md_ctx(bp, &ctx); - len = BUFSIZE; + pkey_len = EVP_PKEY_size(key); + if (pkey_len > BUFSIZE) { + len = pkey_len; + sigbuf = app_malloc(len, "Signature buffer"); + buf = sigbuf; + } if (!EVP_DigestSignFinal(ctx, buf, &len)) { BIO_printf(bio_err, "Error Signing Data\n"); ERR_print_errors(bio_err); - return 1; + goto end; } } else { len = BIO_gets(bp, (char *)buf, BUFSIZE); if ((int)len < 0) { ERR_print_errors(bio_err); - return 1; + goto end; } } if (binout) { BIO_write(out, buf, len); } else if (sep == 2) { + file = newline_escape_filename(file, &backslash); + + if (backslash == 1) + BIO_puts(out, "\\"); + for (i = 0; i < (int)len; i++) BIO_printf(out, "%02x", buf[i]); + BIO_printf(out, " *%s\n", file); + OPENSSL_free((char *)file); } else { if (sig_name != NULL) { BIO_puts(out, sig_name); @@ -488,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, } BIO_printf(out, "\n"); } - return 0; + + ret = 0; + end: + if (sigbuf != NULL) + OPENSSL_clear_free(sigbuf, len); + + return ret; } diff --git a/apps/enc.c b/apps/enc.c index d1772f3eb9f2..ddf51e0dba15 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -50,7 +50,8 @@ typedef enum OPTION_choice { const OPTIONS enc_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"ciphers", OPT_LIST, '-', "List ciphers"}, + {"list", OPT_LIST, '-', "List ciphers"}, + {"ciphers", OPT_LIST, '-', "Alias for -list"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, diff --git a/apps/ocsp.c b/apps/ocsp.c index 5d2391816995..b85a4d82c1bd 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -114,7 +114,7 @@ static int acfd = (int) INVALID_SOCKET; static int index_changed(CA_DB *); static void spawn_loop(void); static int print_syslog(const char *str, size_t len, void *levPtr); -static void sock_timeout(int signum); +static void socket_timeout(int signum); # endif # ifndef OPENSSL_NO_SOCK @@ -597,7 +597,7 @@ int ocsp_main(int argc, char **argv) if (multi && acbio != NULL) spawn_loop(); if (acbio != NULL && req_timeout > 0) - signal(SIGALRM, sock_timeout); + signal(SIGALRM, socket_timeout); #endif if (acbio != NULL) @@ -1352,7 +1352,7 @@ static int urldecode(char *p) # endif # ifdef OCSP_DAEMON -static void sock_timeout(int signum) +static void socket_timeout(int signum) { if (acfd != (int)INVALID_SOCKET) (void)shutdown(acfd, SHUT_RD); diff --git a/apps/openssl.c b/apps/openssl.c index 9648f35b0284..ff7b759a40b1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -164,6 +164,13 @@ int main(int argc, char *argv[]) } prog = prog_init(); + if (prog == NULL) { + BIO_printf(bio_err, + "FATAL: Startup failure (dev note: prog_init() failed)\n"); + ERR_print_errors(bio_err); + ret = 1; + goto end; + } pname = opt_progname(argv[0]); /* first check the program name */ diff --git a/apps/passwd.c b/apps/passwd.c index aa516c874e65..d741d05335f8 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -807,7 +807,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ (*salt_p)[i] = 0; # ifdef CHARSET_EBCDIC - /* The password encryption funtion will convert back to ASCII */ + /* The password encryption function will convert back to ASCII */ ascii2ebcdic(*salt_p, *salt_p, saltlen); # endif } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d0600b376043..3603b60c19b3 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc); +void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) return ret; } +/* Generalised x509 attribute value print */ + +void print_attribute(BIO *out, const ASN1_TYPE *av) +{ + char *value; + + switch (av->type) { + case V_ASN1_BMPSTRING: + value = OPENSSL_uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + OPENSSL_free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "\n", av->type); + break; + } +} + /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, @@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, { X509_ATTRIBUTE *attr; ASN1_TYPE *av; - char *value; - int i, attr_nid; + int i, j, attr_nid; if (!attrlst) { BIO_printf(out, "%s: \n", name); return 1; @@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, } if (X509_ATTRIBUTE_count(attr)) { - av = X509_ATTRIBUTE_get0_type(attr, 0); - switch (av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); - BIO_printf(out, "%s\n", value); - OPENSSL_free(value); - break; - - case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); - break; - - case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); - break; - - default: - BIO_printf(out, "\n", av->type); - break; + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) + { + av = X509_ATTRIBUTE_get0_type(attr, j); + print_attribute(out, av); } } else { BIO_printf(out, "\n"); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 2c4e524b693e..831e14dab4b3 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv) /* Sanity check the input */ if (buf_inlen > EVP_MAX_MD_SIZE && (pkey_op == EVP_PKEY_OP_SIGN - || pkey_op == EVP_PKEY_OP_VERIFY - || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) { + || pkey_op == EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "Error: The input data looks too long to be a hash\n"); goto end; diff --git a/apps/req.c b/apps/req.c index f9d6fba1094d..a603907cd5af 100644 --- a/apps/req.c +++ b/apps/req.c @@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) *p = '\0'; /* Finally have a clean "key"; see if it's there [by attempt to add it]. */ - if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv)) - != NULL || lh_OPENSSL_STRING_error(addexts)) { - OPENSSL_free(p != NULL ? p : kv); + p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv); + if (p != NULL) { + OPENSSL_free(p); + return 1; + } else if (lh_OPENSSL_STRING_error(addexts)) { + OPENSSL_free(kv); return -1; } @@ -435,12 +438,14 @@ int req_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); - req_conf = app_load_config(template); + if ((req_conf = app_load_config(template)) == NULL) + goto end; if (addext_bio) { if (verbose) BIO_printf(bio_err, "Using additional configuration from command line\n"); - addext_conf = app_load_config_bio(addext_bio, NULL); + if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL) + goto end; } if (template != default_config_file && !app_load_modules(req_conf)) goto end; diff --git a/apps/s_cb.c b/apps/s_cb.c index 5dc1d03f2883..6406ddfb9e1b 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -188,6 +188,7 @@ static STRINT_PAIR cert_type_list[] = { {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, {"GOST01 Sign", TLS_CT_GOST01_SIGN}, + {"GOST12 Sign", TLS_CT_GOST12_SIGN}, {NULL} }; diff --git a/apps/s_server.c b/apps/s_server.c index 929a08bd85b0..2248a432e268 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -180,9 +180,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } #endif -#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") -#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") - static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, size_t identity_len, SSL_SESSION **sess) { @@ -3208,6 +3205,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context) if (e[0] == ' ') break; + if (e[0] == ':') { + /* Windows drive. We treat this the same way as ".." */ + dot = -1; + break; + } + switch (dot) { case 1: dot = (e[0] == '.') ? 2 : 0; @@ -3216,11 +3219,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) dot = (e[0] == '.') ? 3 : 0; break; case 3: - dot = (e[0] == '/') ? -1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; break; } if (dot == 0) - dot = (e[0] == '/') ? 1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; } dot = (dot == 3) || (dot == -1); /* filename contains ".." * component */ @@ -3234,11 +3237,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context) if (dot) { BIO_puts(io, text); - BIO_printf(io, "'%s' contains '..' reference\r\n", p); + BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); break; } - if (*p == '/') { + if (*p == '/' || *p == '\\') { BIO_puts(io, text); BIO_printf(io, "'%s' is an invalid path\r\n", p); break; diff --git a/apps/server.pem b/apps/server.pem index d0fc265f0455..b3807591994d 100644 --- a/apps/server.pem +++ b/apps/server.pem @@ -1,52 +1,47 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA -----BEGIN CERTIFICATE----- -MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU -41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI -AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW -BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49 -hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK -WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp -yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7 -vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds -xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t -JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv -h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL -tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu -D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI -uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 -qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn -zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 -r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D -AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R -5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm -W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH -674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg -utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY -BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX -4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a -WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 -bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH -6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex -4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa -WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g -n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB -JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ -OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX -xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK -UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq +jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH +EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd +igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp +4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/ +WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p +8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq +gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD +nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u +OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4 +nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU +otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4 +XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA +trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V ++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G +PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd +vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs +7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT +SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5 +lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/ +yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww +poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY +rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx +Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL +Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws +KQypwAFz0tbHxaNag/bSAN0J +-----END PRIVATE KEY----- diff --git a/apps/speed.c b/apps/speed.c index 20149506cc74..d4ae7ab7bfde 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -1242,8 +1242,6 @@ static int run_benchmark(int async_jobs, OSSL_ASYNC_FD job_fd = 0; size_t num_job_fds = 0; - run = 1; - if (async_jobs == 0) { return loop_function((void *)&loopargs); } @@ -2412,7 +2410,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks1, iv, CAMELLIA_ENCRYPT); @@ -2434,7 +2432,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks2, iv, CAMELLIA_ENCRYPT); @@ -2452,7 +2450,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++) + for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &camellia_ks3, iv, CAMELLIA_ENCRYPT); @@ -2472,7 +2470,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++) + for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++) IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &idea_ks, iv, IDEA_ENCRYPT); @@ -2492,7 +2490,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++) + for (count = 0; COND(c[D_CBC_SEED][testnum]); count++) SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &seed_ks, iv, 1); d = Time_F(STOP); @@ -2515,7 +2513,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++) + for (count = 0; COND(c[D_CBC_RC2][testnum]); count++) RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &rc2_ks, iv, RC2_ENCRYPT); @@ -2539,7 +2537,7 @@ int speed_main(int argc, char **argv) exit(1); } Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++) + for (count = 0; COND(c[D_CBC_RC5][testnum]); count++) RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &rc5_ks, iv, RC5_ENCRYPT); @@ -2559,7 +2557,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++) + for (count = 0; COND(c[D_CBC_BF][testnum]); count++) BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &bf_ks, iv, BF_ENCRYPT); @@ -2579,7 +2577,7 @@ int speed_main(int argc, char **argv) print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], lengths[testnum], seconds.sym); Time_F(START); - for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++) + for (count = 0; COND(c[D_CBC_CAST][testnum]); count++) CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, (size_t)lengths[testnum], &cast_ks, iv, CAST_ENCRYPT); @@ -3006,7 +3004,7 @@ int speed_main(int argc, char **argv) pctx = NULL; } if (kctx == NULL || /* keygen ctx is not null */ - !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { + EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH keygen failure.\n"); ERR_print_errors(bio_err); @@ -3014,12 +3012,12 @@ int speed_main(int argc, char **argv) break; } - if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ - !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ + if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */ + EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */ !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ - !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ - !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ - !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ + EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */ + EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */ + EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */ outlen == 0 || /* ensure outlen is a valid size */ outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { ecdh_checks = 0; @@ -3106,8 +3104,8 @@ int speed_main(int argc, char **argv) if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) == NULL - || !EVP_PKEY_keygen_init(ed_pctx) - || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { + || EVP_PKEY_keygen_init(ed_pctx) <= 0 + || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { st = 0; EVP_PKEY_CTX_free(ed_pctx); break; @@ -3395,6 +3393,7 @@ static void print_message(const char *s, long num, int length, int tm) mr ? "+DT:%s:%d:%d\n" : "Doing %s for %ds on %d size blocks: ", s, tm, length); (void)BIO_flush(bio_err); + run = 1; alarm(tm); #else BIO_printf(bio_err, @@ -3412,6 +3411,7 @@ static void pkey_print_message(const char *str, const char *str2, long num, mr ? "+DTP:%d:%s:%s:%d\n" : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); + run = 1; alarm(tm); #else BIO_printf(bio_err, @@ -3584,6 +3584,7 @@ static int do_multi(int multi, int size_num) p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); + sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); eddsa_results[k][0] += d; @@ -3641,7 +3642,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); - for (count = 0, run = 1; run && count < 0x7fffffff; count++) { + for (count = 0; run && count < 0x7fffffff; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff --git a/apps/timeouts.h b/apps/timeouts.h index e023b0aa4920..7e606cba0b20 100644 --- a/apps/timeouts.h +++ b/apps/timeouts.h @@ -7,11 +7,11 @@ * https://www.openssl.org/source/license.html */ -#ifndef INCLUDED_TIMEOUTS_H -# define INCLUDED_TIMEOUTS_H +#ifndef OSSL_APPS_TIMEOUTS_H +# define OSSL_APPS_TIMEOUTS_H /* numbers in us */ # define DGRAM_RCV_TIMEOUT 250000 # define DGRAM_SND_TIMEOUT 250000 -#endif /* ! INCLUDED_TIMEOUTS_H */ +#endif /* ! OSSL_APPS_TIMEOUTS_H */ diff --git a/apps/ts.c b/apps/ts.c index 930c1daaab6d..44a8f75d4a37 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -282,7 +282,8 @@ int ts_main(int argc, char **argv) goto end; } - conf = load_config_file(configfile); + if ((conf = load_config_file(configfile)) == NULL) + goto end; if (configfile != default_config_file && !app_load_modules(conf)) goto end; diff --git a/apps/x509.c b/apps/x509.c index 81291a9a4f90..5bb110fe4a0a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ const OPTIONS x509_options[] = { {"outform", OPT_OUTFORM, 'f', "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, + {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, @@ -107,7 +107,7 @@ const OPTIONS x509_options[] = { {"checkend", OPT_CHECKEND, 'M', "Check whether the cert expires in the next arg seconds"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, - {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, + {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"}, {"x509toreq", OPT_X509TOREQ, '-', "Output a certification request object"}, {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"}, @@ -130,7 +130,7 @@ const OPTIONS x509_options[] = { {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, - {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, + {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, @@ -217,7 +217,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat)) + if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat)) goto opthelp; break; case OPT_CAFORM: @@ -225,7 +225,7 @@ int x509_main(int argc, char **argv) goto opthelp; break; case OPT_CAKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) + if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat)) goto opthelp; break; case OPT_OUT: diff --git a/appveyor.yml b/appveyor.yml index 24966c0faa5c..242d6a9ffe6f 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,3 +1,6 @@ +image: + - Visual Studio 2017 + platform: - x64 - x86 @@ -5,17 +8,24 @@ platform: environment: fast_finish: true matrix: - - VSVER: 14 + - VSVER: 15 configuration: - shared - plain + - minimal before_build: + - ps: >- + Install-Module VSSetup -Scope CurrentUser + - ps: >- + Get-VSSetupInstance -All + - ps: >- + gci env:* | sort-object name - ps: >- If ($env:Platform -Match "x86") { $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32 no-asm" + $env:TARGET="VC-WIN32 no-asm --strict-warnings" } Else { $env:VCVARS_PLATFORM="amd64" $env:TARGET="VC-WIN64A-masm" @@ -23,11 +33,12 @@ before_build: - ps: >- If ($env:Configuration -Match "shared") { $env:SHARED="no-makedepend" + } ElseIf ($env:Configuration -Match "minimal") { + $env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT" } Else { $env:SHARED="no-shared no-makedepend" } - - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS")) - - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM% + - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM% - mkdir _build - cd _build - perl ..\Configure %TARGET% %SHARED% diff --git a/build.info b/build.info index 3dda4e89bf5c..05c9bdd19c56 100644 --- a/build.info +++ b/build.info @@ -9,20 +9,20 @@ ""; -} LIBS=libcrypto libssl -INCLUDE[libcrypto]=. crypto/include include +INCLUDE[libcrypto]=. include INCLUDE[libssl]=. include DEPEND[libssl]=libcrypto # Empty DEPEND "indices" means the dependencies are expected to be built # unconditionally before anything else. -DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \ - crypto/include/internal/dso_conf.h +DEPEND[]=include/openssl/opensslconf.h include/crypto/bn_conf.h \ + include/crypto/dso_conf.h DEPEND[include/openssl/opensslconf.h]=configdata.pm GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in -DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm -GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in -DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm -GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in +DEPEND[include/crypto/bn_conf.h]=configdata.pm +GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in +DEPEND[include/crypto/dso_conf.h]=configdata.pm +GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in IF[{- defined $target{shared_defflag} -}] IF[{- $config{target} =~ /^mingw/ -}] diff --git a/config b/config index c1a94d4e42fa..f28828d4826e 100755 --- a/config +++ b/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -509,10 +509,7 @@ case "$GUESSOS" in OUT="ios64-cross" ;; alpha-*-linux2) ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` - case ${ISA:-generic} in - *[678]) OUT="linux-alpha+bwx-$CC" ;; - *) OUT="linux-alpha-$CC" ;; - esac + OUT="linux-alpha-$CC" if [ "$CC" = "gcc" ]; then case ${ISA:-generic} in EV5|EV45) __CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5" @@ -908,8 +905,12 @@ fi OUT="$OUT" -$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null -if [ $? = "0" ]; then +if [ "$OUT" = "darwin64-x86_64-cc" ]; then + echo "WARNING! If you wish to build 32-bit libraries, then you have to" + echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." +fi + +if $PERL $THERE/Configure LIST | grep "$OUT" > /dev/null; then if [ "$VERBOSE" = "true" ]; then echo /usr/bin/env \ __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \ @@ -939,8 +940,5 @@ else exit 1 fi -if [ "$OUT" = "darwin64-x86_64-cc" ]; then - echo "WARNING! If you wish to build 32-bit libraries, then you have to" - echo " invoke 'KERNEL_BITS=32 $THERE/config $options'." -fi +# Do not add anothing from here on, so we don't lose the Configure exit code ) diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c index b1022895c855..bbbec0aee138 100644 --- a/crypto/LPdir_unix.c +++ b/crypto/LPdir_unix.c @@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) return 0; } - strncpy((*ctx)->entry_name, direntry->d_name, - sizeof((*ctx)->entry_name) - 1); - (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; + OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, + sizeof((*ctx)->entry_name)); #ifdef __VMS if ((*ctx)->expect_file_generations) { char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index f1f11fd8de7b..e3e688f528a5 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -41,7 +41,7 @@ #include #include #include -#include "aes_locl.h" +#include "aes_local.h" #ifndef AES_ASM /*- diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 29bfc1ad66f7..4fa360ca8b8d 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -10,7 +10,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key, const int enc) diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 75f796cf3b8f..dce4ef11be4f 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include -#include "aes_locl.h" +#include "aes_local.h" #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) typedef struct { diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_local.h similarity index 90% rename from crypto/aes/aes_locl.h rename to crypto/aes/aes_local.h index adee29df8d91..cc8456861d92 100644 --- a/crypto/aes/aes_locl.h +++ b/crypto/aes/aes_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AES_LOCL_H -# define HEADER_AES_LOCL_H +#ifndef OSSL_CRYPTO_AES_LOCAL_H +# define OSSL_CRYPTO_AES_LOCAL_H # include # include @@ -39,4 +39,4 @@ typedef unsigned char u8; /* This controls loop-unrolling in aes_core.c */ # undef FULL_UNROLL -#endif /* !HEADER_AES_LOCL_H */ +#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c index 7403c84f82d2..e0edc72ba71c 100644 --- a/crypto/aes/aes_misc.c +++ b/crypto/aes/aes_misc.c @@ -9,7 +9,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" const char *AES_options(void) { diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 1b660d716d6c..50b53abc1219 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -46,7 +46,7 @@ #include #include -#include "aes_locl.h" +#include "aes_local.h" /* * These two parameters control which table, 256-byte or 2KB, is diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 998158998e90..1112eef50c0b 100755 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1242,4 +1242,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl index 19d2cc176fb2..cad3fcd06e36 100755 --- a/crypto/aes/asm/aes-c64xplus.pl +++ b/crypto/aes/asm/aes-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1379,4 +1379,4 @@ AES_Td4: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index 716c3356ead9..b5601e90ea3f 100755 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2167,4 +2167,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl index e817c757f8c2..5b07fac3d004 100755 --- a/crypto/aes/asm/aes-parisc.pl +++ b/crypto/aes/asm/aes-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1035,4 +1035,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl index ca69df4c3e95..bb4ee84ae337 100755 --- a/crypto/aes/asm/aes-ppc.pl +++ b/crypto/aes/asm/aes-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1456,4 +1456,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 815fde8fcd7e..4cb8f4331742 100755 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1987,7 +1987,7 @@ $code.=<<___; .Lxts_enc_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_encrypt,.-AES_xts_encrypt @@ -2267,7 +2267,7 @@ $code.=<<___; stg $sp,$tweak-16+8($sp) .Lxts_dec_done: stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$twesk+8($sp) + stg $sp,$tweak+8($sp) lm${g} %r6,$ra,6*$SIZE_T($sp) br $ra .size AES_xts_decrypt,.-AES_xts_decrypt @@ -2279,4 +2279,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl index 40d1f94ccd72..1b37a9203c27 100755 --- a/crypto/aes/asm/aes-sparcv9.pl +++ b/crypto/aes/asm/aes-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1189,4 +1189,4 @@ ___ $code =~ s/fmovs.*$//gm; print $code; -close STDOUT; # ensure flush +close STDOUT or die "error closing STDOUT: $!"; # ensure flush diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl index 9ddf0b4b00ec..1678c4f786f2 100755 --- a/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/aes/asm/aesfx-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1267,4 +1267,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl index 1f356d2d3fbb..be2434f12041 100755 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/crypto/aes/asm/aesni-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1471,4 +1471,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index b01a4c55c86a..42fe5d469ea6 100755 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && `ml64 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); +$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); $shaext=1; ### set to zero if compiling for 1.0.1 @@ -133,6 +133,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc,\@abi-omnipotent .align 32 aesni_cbc_sha1_enc: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11 @@ -151,6 +152,7 @@ ___ $code.=<<___; jmp aesni_cbc_sha1_enc_ssse3 ret +.cfi_endproc .size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc ___ @@ -840,6 +842,7 @@ $code.=<<___; .type aesni256_cbc_sha1_dec,\@abi-omnipotent .align 32 aesni256_cbc_sha1_dec: +.cfi_startproc # caller should check for SSSE3 and AES-NI bits mov OPENSSL_ia32cap_P+0(%rip),%r10d mov OPENSSL_ia32cap_P+4(%rip),%r11d @@ -854,6 +857,7 @@ ___ $code.=<<___; jmp aesni256_cbc_sha1_dec_ssse3 ret +.cfi_endproc .size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec .type aesni256_cbc_sha1_dec_ssse3,\@function,6 @@ -1760,6 +1764,7 @@ $code.=<<___; .type aesni_cbc_sha1_enc_shaext,\@function,6 .align 32 aesni_cbc_sha1_enc_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1911,6 +1916,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext ___ }}} @@ -2137,4 +2143,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index ef460237108e..f1b144eccbdd 100755 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -123,6 +123,7 @@ $code=<<___; .type $func,\@abi-omnipotent .align 16 $func: +.cfi_startproc ___ if ($avx) { $code.=<<___; @@ -162,6 +163,7 @@ $code.=<<___; ud2 .Lprobe: ret +.cfi_endproc .size $func,.-$func .align 64 @@ -1084,7 +1086,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rsi as frame pointer + mov $_rsp,%rsi +.cfi_def_cfa %rsi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rsi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -1106,7 +1124,17 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -1232,26 +1260,28 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+7*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_ivp,$ivp - mov $_rsp,%rsi + mov 16*$SZ+4*8($Tbl),$ivp + mov 16*$SZ+7*8($Tbl),%rsi .cfi_def_cfa %rsi,8 vmovdqu $iv,($ivp) # output IV vzeroall ___ $code.=<<___ if ($win64); - movaps `$framesz+16*0`(%rsp),%xmm6 - movaps `$framesz+16*1`(%rsp),%xmm7 - movaps `$framesz+16*2`(%rsp),%xmm8 - movaps `$framesz+16*3`(%rsp),%xmm9 - movaps `$framesz+16*4`(%rsp),%xmm10 - movaps `$framesz+16*5`(%rsp),%xmm11 - movaps `$framesz+16*6`(%rsp),%xmm12 - movaps `$framesz+16*7`(%rsp),%xmm13 - movaps `$framesz+16*8`(%rsp),%xmm14 - movaps `$framesz+16*9`(%rsp),%xmm15 + movaps `$framesz+16*0`($Tbl),%xmm6 + movaps `$framesz+16*1`($Tbl),%xmm7 + movaps `$framesz+16*2`($Tbl),%xmm8 + movaps `$framesz+16*3`($Tbl),%xmm9 + movaps `$framesz+16*4`($Tbl),%xmm10 + movaps `$framesz+16*5`($Tbl),%xmm11 + movaps `$framesz+16*6`($Tbl),%xmm12 + movaps `$framesz+16*7`($Tbl),%xmm13 + movaps `$framesz+16*8`($Tbl),%xmm14 + movaps `$framesz+16*9`($Tbl),%xmm15 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -1339,6 +1369,7 @@ $code.=<<___; .type ${func}_shaext,\@function,6 .align 32 ${func}_shaext: +.cfi_startproc mov `($win64?56:8)`(%rsp),$inp # load 7th argument ___ $code.=<<___ if ($win64); @@ -1555,6 +1586,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size ${func}_shaext,.-${func}_shaext ___ } @@ -1767,4 +1799,4 @@ sub rex { $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl index b351fca28e02..fe2b26542ab6 100755 --- a/crypto/aes/asm/aesni-x86.pl +++ b/crypto/aes/asm/aesni-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3412,4 +3412,4 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl index b68c14da60ca..f8c2e2393438 100755 --- a/crypto/aes/asm/aesni-x86_64.pl +++ b/crypto/aes/asm/aesni-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ # nothing one can do and the result appears optimal. CCM result is # identical to CBC, because CBC-MAC is essentially CBC encrypt without # saving output. CCM CTR "stays invisible," because it's neatly -# interleaved wih CBC-MAC. This provides ~30% improvement over +# interleaved with CBC-MAC. This provides ~30% improvement over # "straightforward" CCM implementation with CTR and CBC-MAC performed # disjointly. Parallelizable modes practically achieve the theoretical # limit. @@ -984,6 +984,7 @@ $code.=<<___; .type aesni_ccm64_encrypt_blocks,\@function,6 .align 16 aesni_ccm64_encrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1066,6 +1067,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks ___ ###################################################################### @@ -1074,6 +1076,7 @@ $code.=<<___; .type aesni_ccm64_decrypt_blocks,\@function,6 .align 16 aesni_ccm64_decrypt_blocks: +.cfi_startproc ___ $code.=<<___ if ($win64); lea -0x58(%rsp),%rsp @@ -1173,6 +1176,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks ___ } @@ -2339,7 +2343,7 @@ $code.=<<___; movdqu `16*0`($inp),$inout0 # load input movdqa $rndkey0,$twmask movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 # intput^=tweak^round[0] + pxor @tweak[0],$inout0 # input^=tweak^round[0] movdqu `16*2`($inp),$inout2 pxor @tweak[1],$inout1 aesdec $rndkey1,$inout0 @@ -3031,6 +3035,7 @@ $code.=<<___; .type __ocb_encrypt6,\@abi-omnipotent .align 32 __ocb_encrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3128,11 +3133,13 @@ __ocb_encrypt6: aesenclast @offset[4],$inout4 aesenclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_encrypt6,.-__ocb_encrypt6 .type __ocb_encrypt4,\@abi-omnipotent .align 32 __ocb_encrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3197,11 +3204,13 @@ __ocb_encrypt4: aesenclast @offset[2],$inout2 aesenclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_encrypt4,.-__ocb_encrypt4 .type __ocb_encrypt1,\@abi-omnipotent .align 32 __ocb_encrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout0,$checksum # accumulate checksum @@ -3232,6 +3241,7 @@ __ocb_encrypt1: aesenclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_encrypt1,.-__ocb_encrypt1 .globl aesni_ocb_decrypt @@ -3513,6 +3523,7 @@ $code.=<<___; .type __ocb_decrypt6,\@abi-omnipotent .align 32 __ocb_decrypt6: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3604,11 +3615,13 @@ __ocb_decrypt6: aesdeclast @offset[4],$inout4 aesdeclast @offset[5],$inout5 ret +.cfi_endproc .size __ocb_decrypt6,.-__ocb_decrypt6 .type __ocb_decrypt4,\@abi-omnipotent .align 32 __ocb_decrypt4: +.cfi_startproc pxor $rndkey0l,@offset[5] # offset_i ^ round[0] movdqu ($L_p,$i1),@offset[1] movdqa @offset[0],@offset[2] @@ -3669,11 +3682,13 @@ __ocb_decrypt4: aesdeclast @offset[2],$inout2 aesdeclast @offset[3],$inout3 ret +.cfi_endproc .size __ocb_decrypt4,.-__ocb_decrypt4 .type __ocb_decrypt1,\@abi-omnipotent .align 32 __ocb_decrypt1: +.cfi_startproc pxor @offset[5],$inout5 # offset_i pxor $rndkey0l,$inout5 # offset_i ^ round[0] pxor $inout5,$inout0 # input ^ round[0] ^ offset_i @@ -3703,6 +3718,7 @@ __ocb_decrypt1: aesdeclast $inout5,$inout0 ret +.cfi_endproc .size __ocb_decrypt1,.-__ocb_decrypt1 ___ } }} @@ -4637,7 +4653,6 @@ __aesni_set_encrypt_key: add \$8,%rsp .cfi_adjust_cfa_offset -8 ret -.cfi_endproc .LSEH_end_set_encrypt_key: .align 16 @@ -4708,6 +4723,7 @@ __aesni_set_encrypt_key: shufps \$0b10101010,%xmm1,%xmm1 # critical path xorps %xmm1,%xmm2 ret +.cfi_endproc .size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key ___ @@ -4812,7 +4828,7 @@ ctr_xts_se_handler: mov 56($disp),%r11 # disp->HandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->RipHandlerData mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue lable + lea (%rsi,%r10),%r10 # prologue label cmp %r10,%rbx # context->Rip -#include "internal/aria.h" +#include "crypto/aria.h" #include #include diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl index 06c8add7a075..319927e6c729 100755 --- a/crypto/arm64cpuid.pl +++ b/crypto/arm64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,4 +144,4 @@ CRYPTO_memcmp: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index f11b543df64f..8b7105571d78 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __ARM_ARCH_H__ -# define __ARM_ARCH_H__ +#ifndef OSSL_CRYPTO_ARM_ARCH_H +# define OSSL_CRYPTO_ARM_ARCH_H # if !defined(__ARM_ARCH__) # if defined(__CC_ARM) diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index ab007c19c3cd..d1b71f836f10 100755 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -293,4 +293,4 @@ atomic_add_spinlock: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index bffbd160a233..f462dd107368 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) { diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index a1a17901b8f8..a452b3deba08 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -13,7 +13,7 @@ #include "internal/numbers.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef NO_OLD_ASN1 # ifndef OPENSSL_NO_STDIO diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index d3878d6e57fe..133bbb1581cb 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_GENERALIZEDTIME */ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 70a45cb3cc77..9c1a9f52b5e6 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 949fe6c1611a..bdb697ab30c1 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 5e1424a806fb..d67a723c9611 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -9,14 +9,14 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 8a373d9da9f6..85a631a27aa7 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 146fdb962628..72381b665551 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index ea4dd1c5b189..4879b33785e9 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index c36dd9500169..54e0de1931c2 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -16,10 +16,10 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 732328e05049..4a96315df03b 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" int ASN1_TYPE_get(const ASN1_TYPE *a) { diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index b224991aa3df..0ff37b16c51f 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" /* This is the primary function used to parse ASN1_UTCTIME */ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index cdaf17c3cbc1..4b5f54234fa5 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -18,8 +18,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #ifndef NO_ASN1_OLD diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index d7d270dbb581..5e8c3ed1d5b0 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "standard_methods.h" diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 88c4b5391802..a7d32ae5e2c3 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, long max); diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_local.h similarity index 100% rename from crypto/asn1/asn1_locl.h rename to crypto/asn1/asn1_local.h diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 4b60c615de76..3f10c7cb94c5 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int nl, hl, j, r; ASN1_OBJECT *o = NULL; ASN1_OCTET_STRING *os = NULL; + ASN1_INTEGER *ai = NULL; + ASN1_ENUMERATED *ae = NULL; /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent, dump_cont = 0; @@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ASN1_OCTET_STRING_free(os); os = NULL; } else if (tag == V_ASN1_INTEGER) { - ASN1_INTEGER *bs; int i; opp = op; - bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); - if (bs != NULL) { + ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl); + if (ai != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_INTEGER) + if (ai->type == V_ASN1_NEG_INTEGER) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ai->length; i++) { + if (BIO_printf(bp, "%02X", ai->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ai->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_INTEGER_free(bs); + ASN1_INTEGER_free(ai); + ai = NULL; } else if (tag == V_ASN1_ENUMERATED) { - ASN1_ENUMERATED *bs; int i; opp = op; - bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); - if (bs != NULL) { + ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); + if (ae != NULL) { if (BIO_write(bp, ":", 1) <= 0) goto end; - if (bs->type == V_ASN1_NEG_ENUMERATED) + if (ae->type == V_ASN1_NEG_ENUMERATED) if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) + for (i = 0; i < ae->length; i++) { + if (BIO_printf(bp, "%02X", ae->data[i]) <= 0) goto end; } - if (bs->length == 0) { + if (ae->length == 0) { if (BIO_write(bp, "00", 2) <= 0) goto end; } @@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; dump_cont = 1; } - ASN1_ENUMERATED_free(bs); + ASN1_ENUMERATED_free(ae); + ae = NULL; } else if (len > 0 && dump) { if (!nl) { if (BIO_write(bp, "\n", 1) <= 0) @@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, end: ASN1_OBJECT_free(o); ASN1_OCTET_STRING_free(os); + ASN1_INTEGER_free(ai); + ASN1_ENUMERATED_free(ae); *pp = p; return ret; } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index dfd5be634754..38735cd86f3e 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/bio.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* * Generalised MIME like utilities for streaming ASN1. Although many have a @@ -198,6 +198,14 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) BIO_puts(out, "gostr3411-94"); goto err; + case NID_id_GostR3411_2012_256: + BIO_puts(out, "gostr3411-2012-256"); + goto err; + + case NID_id_GostR3411_2012_512: + BIO_puts(out, "gostr3411-2012-512"); + goto err; + default: if (have_unknown) write_comma = 0; diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 68a01f31179e..732ce972aa29 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/objects.h" +#include "crypto/asn1.h" +#include "crypto/objects.h" /* Simple ASN1 OID module: add all objects in a given section */ diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index f15d72d73661..cac354c6bf33 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index aa0d6ad6aed0..6ec010738049 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 7bc16c7bceb4..8327ac16ca9c 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -17,7 +17,7 @@ #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 6d6bddc651cc..3a18381173d4 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index f893489a6719..53dfec71b5d4 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c index 445b0c84251f..0374c0bfbdc0 100644 --- a/crypto/asn1/i2d_pr.c +++ b/crypto/asn1/i2d_pr.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index dbee827e0d37..ab509b1ac976 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* Minor tweak to operation: zero private key data */ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 3b2c9df8917f..651622aedc8f 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" +#include "crypto/bn.h" /* Number of octets per line */ #define ASN1_BUF_PRINT_WIDTH 15 diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index c2a521ed5180..2332b204edc1 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -15,7 +15,7 @@ #include #include #include "internal/numbers.h" -#include "asn1_locl.h" +#include "asn1_local.h" /* diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 30be314ff982..d600c7a53804 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index bbce489fe003..2916bef7863a 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -11,7 +11,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Free up an ASN1 structure */ diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 6b8ea8ddd74d..287f2af33b58 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -13,7 +13,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 1fb66f1062ba..56d5ea0f39e3 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "asn1_locl.h" +#include "crypto/asn1.h" +#include "asn1_local.h" /* * Print routines. diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index e1df2cfcae04..f0f218ae8bbe 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * General ASN1 structure recursive scanner: iterate through all fields diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 7ceecffce758..a448685e19a9 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -15,7 +15,7 @@ #include #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* Utility functions for manipulating fields and offsets */ diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 853d45b8bc8a..4c4a718850ee 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -11,7 +11,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" ASN1_SEQUENCE(X509_ALGOR) = { ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 6c93ea7510da..c6b3accd3a10 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if (!*pval) + if (*pval == NULL) return; if (it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); @@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, { BIGNUM *bn; int pad; - if (!*pval) + if (*pval == NULL) return -1; bn = (BIGNUM *)*pval; /* If MSB set in an octet we need a padding byte */ @@ -133,7 +133,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int ret; BIGNUM *bn; - if (!*pval && !bn_secure_new(pval, it)) + if (*pval == NULL && !bn_secure_new(pval, it)) return 0; ret = bn_c2i(pval, cont, len, utype, free_cont, it); diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c index 0ee552cf0a48..96c1a259e1fe 100644 --- a/crypto/asn1/x_int64.c +++ b/crypto/asn1/x_int64.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include #include -#include "asn1_locl.h" +#include "asn1_local.h" /* * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index e465cf2d4d10..fb24e240cba8 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE(X509_SIG) = { ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c index 3eaf170f2e50..26801f873130 100644 --- a/crypto/async/arch/async_null.c +++ b/crypto/async/arch/async_null.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_NULL int ASYNC_is_capable(void) diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c index 02c342d3dfa9..95678d4fa686 100644 --- a/crypto/async/arch/async_posix.c +++ b/crypto/async/arch/async_posix.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "../async_locl.h" +#include "../async_local.h" #ifdef ASYNC_POSIX diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h index 62449fe60e04..873c0316ddf3 100644 --- a/crypto/async/arch/async_posix.h +++ b/crypto/async/arch/async_posix.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H -#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H +#ifndef OSSL_CRYPTO_ASYNC_POSIX_H +#define OSSL_CRYPTO_ASYNC_POSIX_H #include #if defined(OPENSSL_SYS_UNIX) \ @@ -55,4 +55,4 @@ void async_fibre_free(async_fibre *fibre); # endif #endif -#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ +#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */ diff --git a/crypto/async/async.c b/crypto/async/async.c index 1d83e4576f81..326015c605e9 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -16,10 +16,10 @@ #undef _FORTIFY_SOURCE /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #define ASYNC_JOB_RUNNING 0 diff --git a/crypto/async/async_locl.h b/crypto/async/async_local.h similarity index 98% rename from crypto/async/async_locl.h rename to crypto/async/async_local.h index d7790293f74f..dd1a85e02684 100644 --- a/crypto/async/async_locl.h +++ b/crypto/async/async_local.h @@ -20,7 +20,7 @@ # include #endif -#include "internal/async.h" +#include "crypto/async.h" #include typedef struct async_ctx_st async_ctx; diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c index b23e43e8c862..7723f949a67e 100644 --- a/crypto/async/async_wait.c +++ b/crypto/async/async_wait.c @@ -8,7 +8,7 @@ */ /* This must be the first #include file */ -#include "async_locl.h" +#include "async_local.h" #include diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl index 4e913aecf42d..cddc17bddafa 100644 --- a/crypto/bf/asm/bf-586.pl +++ b/crypto/bf/asm/bf-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub BF_encrypt { diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c index ce6e13b5a4cc..12332c540d66 100644 --- a/crypto/bf/bf_cfb64.c +++ b/crypto/bf/bf_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c index dc1becdbe4ed..38e784cc2dad 100644 --- a/crypto/bf/bf_ecb.c +++ b/crypto/bf/bf_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" #include /* diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c index 67c0d78aec5c..423a4697a51e 100644 --- a/crypto/bf/bf_enc.c +++ b/crypto/bf/bf_enc.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_local.h similarity index 98% rename from crypto/bf/bf_locl.h rename to crypto/bf/bf_local.h index b1a415e5132c..8c76976fa4d9 100644 --- a/crypto/bf/bf_locl.h +++ b/crypto/bf/bf_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BF_LOCL_H -# define HEADER_BF_LOCL_H +#ifndef OSSL_CRYPTO_BF_LOCAL_H +# define OSSL_CRYPTO_BF_LOCAL_H # include /* NOTE - c is not incremented as per n2l */ diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c index 6418217b307d..5d75401fcca5 100644 --- a/crypto/bf/bf_ofb64.c +++ b/crypto/bf/bf_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "bf_locl.h" +#include "bf_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c index a4903a2a71de..ed29cf9153a4 100644 --- a/crypto/bf/bf_skey.c +++ b/crypto/bf/bf_skey.c @@ -10,7 +10,7 @@ #include #include #include -#include "bf_locl.h" +#include "bf_local.h" #include "bf_pi.h" void BF_set_key(BF_KEY *key, int len, const unsigned char *data) diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index dd5008e636a4..d11268b6dc59 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #ifndef OPENSSL_NO_SOCK @@ -22,7 +22,7 @@ CRYPTO_RWLOCK *bio_lookup_lock; static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; /* - * Throughout this file and bio_lcl.h, the existence of the macro + * Throughout this file and bio_local.h, the existence of the macro * AI_PASSIVE is used to detect the availability of struct addrinfo, * getnameinfo() and getaddrinfo(). If that macro doesn't exist, * we use our own implementation instead, using gethostbyname, @@ -694,9 +694,11 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, hints.ai_flags |= AI_PASSIVE; /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to - * macro magic in bio_lcl.h + * macro magic in bio_local.h */ +# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) retry: +# endif switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { # ifdef EAI_SYSTEM case EAI_SYSTEM: diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 0d06414e7d91..f175e244b233 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -12,7 +12,7 @@ */ #include -#include "bio_lcl.h" +#include "bio_local.h" #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) @@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if (indent < 0) indent = 0; - else if (indent > 128) - indent = 128; + else if (indent > 64) + indent = 64; dump_width = DUMP_WIDTH_LESS_INDENT(indent); rows = len / dump_width; diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 9e907fcaa778..8ef90ac1d4f8 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/numbers.h" #include diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e7a24d02cbe5..df431e6d523d 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK # define SOCKET_PROTOCOL IPPROTO_TCP # ifdef SO_MAXCONN diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c index 5d82ab22dc30..335dfabc6180 100644 --- a/crypto/bio/b_sock2.c +++ b/crypto/bio/b_sock2.c @@ -11,7 +11,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 8e87a629b8b5..51ae1f918d87 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int buffer_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index 194c7b8af713..72f9901813ea 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 4bc84eeba659..dd7011ab669f 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index 613fb2e0583d..48c6be692a5d 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" /* diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 1154c233afd8..a153100a8825 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index ca375b911ae8..d2202e537b30 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -10,7 +10,7 @@ #include #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_local.h similarity index 97% rename from crypto/bio/bio_lcl.h rename to crypto/bio/bio_local.h index e2c05a20de6c..8b2122129396 100644 --- a/crypto/bio/bio_lcl.h +++ b/crypto/bio/bio_local.h @@ -27,11 +27,11 @@ * For clarity, we check for internal/cryptlib.h since it's a common header * that also includes bio.h. */ -# ifdef HEADER_CRYPTLIB_H -# error internal/cryptlib.h included before bio_lcl.h +# ifdef OSSL_INTERNAL_CRYPTLIB_H +# error internal/cryptlib.h included before bio_local.h # endif # ifdef HEADER_BIO_H -# error openssl/bio.h included before bio_lcl.h +# error openssl/bio.h included before bio_local.h # endif /* diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c index 493ff63a9012..da116461922e 100644 --- a/crypto/bio/bio_meth.c +++ b/crypto/bio/bio_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/thread_once.h" CRYPTO_RWLOCK *bio_type_lock = NULL; diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 993e5903a04f..b38e47a592f4 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -527,7 +527,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_DUP: break; - + case BIO_CTRL_EOF: + if (b->next_bio == NULL) + ret = 0; + else + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; default: ret = 0; break; diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index e34382c55781..c97349e43282 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -21,7 +21,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #include diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index e9673fe78336..dd43a406018c 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_SOCK @@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a); #define BIO_CONN_S_CONNECT 4 #define BIO_CONN_S_OK 5 #define BIO_CONN_S_BLOCKED_CONNECT 6 +#define BIO_CONN_S_CONNECT_ERROR 7 static const BIO_METHOD methods_connectp = { BIO_TYPE_CONNECT, @@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) ERR_add_error_data(4, "hostname=", c->param_hostname, " service=", c->param_service); - BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + c->state = BIO_CONN_S_CONNECT_ERROR; + break; } goto exit_loop; } else { @@ -197,6 +199,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c) c->state = BIO_CONN_S_OK; break; + case BIO_CONN_S_CONNECT_ERROR: + BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + ret = 0; + goto exit_loop; + case BIO_CONN_S_OK: ret = 1; goto exit_loop; @@ -309,6 +316,8 @@ static int conn_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -488,6 +497,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) *fptr = data->info_callback; } break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 551821609f73..942fd8b514be 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #ifndef OPENSSL_NO_DGRAM # ifndef OPENSSL_NO_SCTP diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index 5bc539c90b96..ccbe1626baf2 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #if defined(OPENSSL_NO_POSIX_IO) /* @@ -123,6 +123,8 @@ static int fd_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_fd_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -186,6 +188,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a21020559760..1a70ce799404 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -27,7 +27,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include #if !defined(OPENSSL_NO_STDIO) diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index e9ab932ec295..b9579faaa2a5 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -19,7 +19,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #if defined(OPENSSL_SYS_WINCE) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 2d536e9db05f..7cb4a57813fd 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int mem_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index 08f1d2bc98a3..e73ce7841d41 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" static int null_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index ad38453201f1..6251f3d46a17 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ #include #include -#include "bio_lcl.h" +#include "bio_local.h" #include "internal/cryptlib.h" #ifndef OPENSSL_NO_SOCK @@ -101,6 +101,8 @@ static int sock_read(BIO *b, char *out, int outl) if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); + else if (ret == 0) + b->flags |= BIO_FLAGS_IN_EOF; } } return ret; @@ -151,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_FLUSH: ret = 1; break; + case BIO_CTRL_EOF: + ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0; + break; default: ret = 0; break; diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_local.h similarity index 100% rename from crypto/blake2/blake2_locl.h rename to crypto/blake2/blake2_local.h diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c index 4b353dd498bb..fc6e5f1a3f3c 100644 --- a/crypto/blake2/blake2b.c +++ b/crypto/blake2/blake2b.c @@ -18,7 +18,7 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint64_t blake2b_IV[8] = diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c index 8211374d123f..d072e05ca364 100644 --- a/crypto/blake2/blake2s.c +++ b/crypto/blake2/blake2s.c @@ -18,7 +18,7 @@ #include #include -#include "blake2_locl.h" +#include "blake2_local.h" #include "blake2_impl.h" static const uint32_t blake2s_IV[8] = diff --git a/crypto/blake2/m_blake2b.c b/crypto/blake2/m_blake2b.c index c493648c3cd0..ce4d8f95652f 100644 --- a/crypto/blake2/m_blake2b.c +++ b/crypto/blake2/m_blake2b.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/blake2/m_blake2s.c b/crypto/blake2/m_blake2s.c index 83b2811e4432..b8fb048b30bf 100644 --- a/crypto/blake2/m_blake2s.c +++ b/crypto/blake2/m_blake2s.c @@ -20,8 +20,8 @@ # include # include -# include "blake2_locl.h" -# include "internal/evp_int.h" +# include "blake2_local.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod index 706a140342cd..5d5c4fa99fa1 100644 --- a/crypto/bn/README.pod +++ b/crypto/bn/README.pod @@ -188,7 +188,7 @@ B and the 2*B word arrays B and B. The implementations use the following macros which, depending on the architecture, may use "long long" C operations or inline assembler. -They are defined in C. +They are defined in C. mul(B, B, B, B) computes B*B+B and places the low word of the result in B and the high word in B. diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 7a0cdb2e8a00..3a83cb855007 100755 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -329,4 +329,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 6bedc62ba62d..eadc8bbf6322 100755 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -754,4 +754,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl index d8347bf93249..bc9a18dc4ce6 100755 --- a/crypto/bn/asm/armv8-mont.pl +++ b/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1511,4 +1511,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl index 58effc8808dd..e0422405d5f3 100644 --- a/crypto/bn/asm/bn-586.pl +++ b/crypto/bn/asm/bn-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub bn_mul_add_words { diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl index 9c46da3af8d1..3bb8d120e96a 100755 --- a/crypto/bn/asm/c64xplus-gf2m.pl +++ b/crypto/bn/asm/c64xplus-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,4 +157,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl index 97f5e3a19fc4..3c34fa885c30 100644 --- a/crypto/bn/asm/co-586.pl +++ b/crypto/bn/asm/co-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,7 @@ open STDOUT,">$output"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub mul_add_c { @@ -39,17 +39,17 @@ sub mul_add_c &mul("edx"); &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a &mov("eax",&wparam(0)) if $pos > 0; # load r[] ### &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b + &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b ### &adc($c2,0); # is pos > 1, it means it is the last loop &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a + &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a } sub sqr_add_c diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index ec486f77792b..7a4e74d71942 100755 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -857,4 +857,4 @@ ___ open STDOUT,">$output" if $output; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index fbe5d04f716c..3b79a4b186d7 100755 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -430,4 +430,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index a205189eb684..8ad715bda4d4 100755 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2260,4 +2260,4 @@ $code.=<<___; .end bn_sqr_comba4 ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index aa9f626ed267..6a7c714a156e 100755 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index ec7e019a4380..278314c57bd6 100755 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1987,4 +1987,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl index d6d4e66f92e9..a8d3f14e9b8e 100644 --- a/crypto/bn/asm/ppc.pl +++ b/crypto/bn/asm/ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2009,4 +2009,4 @@ Lppcasm_maw_adios: EOF $data =~ s/\`([^\`]*)\`/eval $1/gem; print $data; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index c41b620bc23e..b55fd46c824f 100755 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1649,4 +1649,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index 85cd73c668bd..9b54f9d9ed3c 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2: ___ }}} -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl index b1797b649f00..8172dace74ee 100755 --- a/crypto/bn/asm/rsaz-x86_64.pl +++ b/crypto/bn/asm/rsaz-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2012, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul subq \$128+24, %rsp .cfi_adjust_cfa_offset 128+24 .Lsqr_body: - movq $mod, %rbp # common argument + movq $mod, %xmm1 # common off-load movq ($inp), %rdx movq 8($inp), %rax movq $n0, 128(%rsp) @@ -134,7 +134,8 @@ $code.=<<___; .Loop_sqr: movl $times,128+8(%rsp) #first iteration - movq %rdx, %rbx + movq %rdx, %rbx # 0($inp) + mov %rax, %rbp # 8($inp) mulq %rdx movq %rax, %r8 movq 16($inp), %rax @@ -173,31 +174,29 @@ $code.=<<___; mulq %rbx addq %rax, %r14 movq %rbx, %rax - movq %rdx, %r15 - adcq \$0, %r15 + adcq \$0, %rdx - addq %r8, %r8 #shlq \$1, %r8 - movq %r9, %rcx - adcq %r9, %r9 #shld \$1, %r8, %r9 + xorq %rcx,%rcx # rcx:r8 = r8 << 1 + addq %r8, %r8 + movq %rdx, %r15 + adcq \$0, %rcx mulq %rax - movq %rax, (%rsp) - addq %rdx, %r8 - adcq \$0, %r9 + addq %r8, %rdx + adcq \$0, %rcx - movq %r8, 8(%rsp) - shrq \$63, %rcx + movq %rax, (%rsp) + movq %rdx, 8(%rsp) #second iteration - movq 8($inp), %r8 movq 16($inp), %rax - mulq %r8 + mulq %rbp addq %rax, %r10 movq 24($inp), %rax movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r11 movq 32($inp), %rax adcq \$0, %rdx @@ -205,7 +204,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r12 movq 40($inp), %rax adcq \$0, %rdx @@ -213,7 +212,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r13 movq 48($inp), %rax adcq \$0, %rdx @@ -221,7 +220,7 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r14 movq 56($inp), %rax adcq \$0, %rdx @@ -229,39 +228,39 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx - mulq %r8 + mulq %rbp addq %rax, %r15 - movq %r8, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rbx, %r15 - movq %rdx, %r8 - movq %r10, %rdx - adcq \$0, %r8 + adcq \$0, %rdx - add %rdx, %rdx - lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - movq %r11, %rbx - adcq %r11, %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r8 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + movq 16($inp), %rbp addq %rax, %r9 + movq 24($inp), %rax adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 16(%rsp) movq %r10, 24(%rsp) - shrq \$63, %rbx #third iteration - movq 16($inp), %r9 - movq 24($inp), %rax - mulq %r9 + mulq %rbp addq %rax, %r12 movq 32($inp), %rax movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r13 movq 40($inp), %rax adcq \$0, %rdx @@ -269,7 +268,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 + mulq %rbp addq %rax, %r14 movq 48($inp), %rax adcq \$0, %rdx @@ -277,9 +276,7 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - movq %r12, %r10 - lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 + mulq %rbp addq %rax, %r15 movq 56($inp), %rax adcq \$0, %rdx @@ -287,36 +284,40 @@ $code.=<<___; movq %rdx, %rcx adcq \$0, %rcx - mulq %r9 - shrq \$63, %r10 + mulq %rbp addq %rax, %r8 - movq %r9, %rax + movq %rbp, %rax adcq \$0, %rdx addq %rcx, %r8 - movq %rdx, %r9 - adcq \$0, %r9 + adcq \$0, %rdx - movq %r13, %rcx - leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r9 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax + movq 24($inp), %r10 addq %rax, %r11 + movq 32($inp), %rax adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 32(%rsp) movq %r12, 40(%rsp) - shrq \$63, %rcx #fourth iteration - movq 24($inp), %r10 - movq 32($inp), %rax + mov %rax, %r11 # 32($inp) mulq %r10 addq %rax, %r14 movq 40($inp), %rax movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %r12 # 40($inp) mulq %r10 addq %rax, %r15 movq 48($inp), %rax @@ -325,9 +326,8 @@ $code.=<<___; movq %rdx, %rbx adcq \$0, %rbx + mov %rax, %rbp # 48($inp) mulq %r10 - movq %r14, %r12 - leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 addq %rax, %r8 movq 56($inp), %rax adcq \$0, %rdx @@ -336,32 +336,33 @@ $code.=<<___; adcq \$0, %rbx mulq %r10 - shrq \$63, %r12 addq %rax, %r9 movq %r10, %rax adcq \$0, %rdx addq %rbx, %r9 - movq %rdx, %r10 - adcq \$0, %r10 + adcq \$0, %rdx - movq %r15, %rbx - leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 + xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 + addq %r13, %r13 + movq %rdx, %r10 + adcq %r14, %r14 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r13 + movq %r12, %rax # 40($inp) adcq %rdx, %r14 - adcq \$0, %r15 + adcq \$0, %rbx movq %r13, 48(%rsp) movq %r14, 56(%rsp) - shrq \$63, %rbx #fifth iteration - movq 32($inp), %r11 - movq 40($inp), %rax mulq %r11 addq %rax, %r8 - movq 48($inp), %rax + movq %rbp, %rax # 48($inp) movq %rdx, %rcx adcq \$0, %rcx @@ -369,97 +370,99 @@ $code.=<<___; addq %rax, %r9 movq 56($inp), %rax adcq \$0, %rdx - movq %r8, %r12 - leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 addq %rcx, %r9 movq %rdx, %rcx adcq \$0, %rcx + mov %rax, %r14 # 56($inp) mulq %r11 - shrq \$63, %r12 addq %rax, %r10 movq %r11, %rax adcq \$0, %rdx addq %rcx, %r10 - movq %rdx, %r11 - adcq \$0, %r11 + adcq \$0, %rdx - movq %r9, %rcx - leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 + xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 + addq %r15, %r15 + movq %rdx, %r11 + adcq %r8, %r8 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r15 + movq %rbp, %rax # 48($inp) adcq %rdx, %r8 - adcq \$0, %r9 + adcq \$0, %rcx movq %r15, 64(%rsp) movq %r8, 72(%rsp) - shrq \$63, %rcx #sixth iteration - movq 40($inp), %r12 - movq 48($inp), %rax mulq %r12 addq %rax, %r10 - movq 56($inp), %rax + movq %r14, %rax # 56($inp) movq %rdx, %rbx adcq \$0, %rbx mulq %r12 addq %rax, %r11 movq %r12, %rax - movq %r10, %r15 - leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 adcq \$0, %rdx - shrq \$63, %r15 addq %rbx, %r11 - movq %rdx, %r12 - adcq \$0, %r12 + adcq \$0, %rdx - movq %r11, %rbx - leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 + xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 + addq %r9, %r9 + movq %rdx, %r12 + adcq %r10, %r10 + adcq \$0, %rbx mulq %rax + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax addq %rax, %r9 + movq %r14, %rax # 56($inp) adcq %rdx, %r10 - adcq \$0, %r11 + adcq \$0, %rbx movq %r9, 80(%rsp) movq %r10, 88(%rsp) #seventh iteration - movq 48($inp), %r13 - movq 56($inp), %rax - mulq %r13 + mulq %rbp addq %rax, %r12 - movq %r13, %rax - movq %rdx, %r13 - adcq \$0, %r13 + movq %rbp, %rax + adcq \$0, %rdx - xorq %r14, %r14 - shlq \$1, %rbx - adcq %r12, %r12 #shld \$1, %rbx, %r12 - adcq %r13, %r13 #shld \$1, %r12, %r13 - adcq %r14, %r14 #shld \$1, %r13, %r14 + xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 + addq %r11, %r11 + movq %rdx, %r13 + adcq %r12, %r12 + adcq \$0, %rcx mulq %rax + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rbx, %rax addq %rax, %r11 + movq %r14, %rax # 56($inp) adcq %rdx, %r12 - adcq \$0, %r13 + adcq \$0, %rcx movq %r11, 96(%rsp) movq %r12, 104(%rsp) #eighth iteration - movq 56($inp), %rax + xorq %rbx, %rbx # rbx:r13 = r13 << 1 + addq %r13, %r13 + adcq \$0, %rbx + mulq %rax - addq %rax, %r13 - adcq \$0, %rdx - - addq %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + addq %rcx, %rax + addq %r13, %rax + adcq %rbx, %rdx movq (%rsp), %r8 movq 8(%rsp), %r9 @@ -469,6 +472,10 @@ $code.=<<___; movq 40(%rsp), %r13 movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %xmm1, %rbp + + movq %rax, 112(%rsp) + movq %rdx, 120(%rsp) call __rsaz_512_reduce @@ -500,9 +507,9 @@ $code.=<<___; .Loop_sqrx: movl $times,128+8(%rsp) movq $out, %xmm0 # off-load - movq %rbp, %xmm1 # off-load #first iteration mulx %rax, %r8, %r9 + mov %rax, %rbx mulx 16($inp), %rcx, %r10 xor %rbp, %rbp # cf=0, of=0 @@ -510,40 +517,39 @@ $code.=<<___; mulx 24($inp), %rax, %r11 adcx %rcx, %r9 - mulx 32($inp), %rcx, %r12 + .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 adcx %rax, %r10 - mulx 40($inp), %rax, %r13 + .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 adcx %rcx, %r11 - .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 + mulx 48($inp), %rcx, %r14 adcx %rax, %r12 adcx %rcx, %r13 - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 + mulx 56($inp), %rax, %r15 adcx %rax, %r14 adcx %rbp, %r15 # %rbp is 0 - mov %r9, %rcx - shld \$1, %r8, %r9 - shl \$1, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rdx, %r8 - mov 8($inp), %rdx - adcx %rbp, %r9 + mulx %rdx, %rax, $out + mov %rbx, %rdx # 8($inp) + xor %rcx, %rcx + adox %r8, %r8 + adcx $out, %r8 + adox %rbp, %rcx + adcx %rbp, %rcx mov %rax, (%rsp) mov %r8, 8(%rsp) #second iteration - mulx 16($inp), %rax, %rbx + .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx adox %rax, %r10 adcx %rbx, %r11 - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 + mulx 24($inp), $out, %r8 adox $out, %r11 + .byte 0x66 adcx %r8, %r12 mulx 32($inp), %rax, %rbx @@ -561,24 +567,25 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 adox $out, %r15 adcx %rbp, %r8 + mulx %rdx, %rax, $out adox %rbp, %r8 + .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp,%ebp - mulx %rdx, %rax, %rcx - mov 16($inp), %rdx + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 adcx %rax, %r9 - adcx %rcx, %r10 - adcx %rbp, %r11 + adox %rbp, %rbx + adcx $out, %r10 + adcx %rbp, %rbx mov %r9, 16(%rsp) .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) #third iteration - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 + mulx 24($inp), $out, %r9 adox $out, %r12 adcx %r9, %r13 @@ -586,7 +593,7 @@ $code.=<<___; adox %rax, %r13 adcx %rcx, %r14 - mulx 40($inp), $out, %r9 + .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 adox $out, %r14 adcx %r9, %r15 @@ -594,27 +601,28 @@ $code.=<<___; adox %rax, %r15 adcx %rcx, %r8 - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 + mulx 56($inp), $out, %r9 adox $out, %r8 adcx %rbp, %r9 + mulx %rdx, %rax, $out adox %rbp, %r9 - - mov %r13, %rcx - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 mov 24($inp), %rdx - adcx %rbp, %r13 + + xor %rcx, %rcx + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 + adcx %rax, %r11 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx mov %r11, 32(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) + mov %r12, 40(%rsp) #fourth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx + mulx 32($inp), %rax, %rbx adox %rax, %r14 adcx %rbx, %r15 @@ -629,25 +637,25 @@ $code.=<<___; mulx 56($inp), $out, %r10 adox $out, %r9 adcx %rbp, %r10 + mulx %rdx, %rax, $out adox %rbp, %r10 - - .byte 0x66 - mov %r15, %rbx - shld \$1, %r14, %r15 - shld \$1, %rcx, %r14 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r13 - adcx %rdx, %r14 mov 32($inp), %rdx - adcx %rbp, %r15 + + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r14, %r14 + adcx %rax, %r13 + adox %rbp, %rbx + adcx $out, %r14 + adcx %rbp, %rbx mov %r13, 48(%rsp) mov %r14, 56(%rsp) #fifth iteration - .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 + mulx 40($inp), $out, %r11 adox $out, %r8 adcx %r11, %r9 @@ -658,18 +666,19 @@ $code.=<<___; mulx 56($inp), $out, %r11 adox $out, %r10 adcx %rbp, %r11 + mulx %rdx, %rax, $out + mov 40($inp), %rdx adox %rbp, %r11 - mov %r9, %rcx - shld \$1, %r8, %r9 - shld \$1, %rbx, %r8 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx + xor %rcx, %rcx + adox %r15, %r15 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r8, %r8 adcx %rax, %r15 - adcx %rdx, %r8 - mov 40($inp), %rdx - adcx %rbp, %r9 + adox %rbp, %rcx + adcx $out, %r8 + adcx %rbp, %rcx mov %r15, 64(%rsp) mov %r8, 72(%rsp) @@ -682,18 +691,19 @@ $code.=<<___; .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 adox $out, %r11 adcx %rbp, %r12 + mulx %rdx, %rax, $out adox %rbp, %r12 - - mov %r11, %rbx - shld \$1, %r10, %r11 - shld \$1, %rcx, %r10 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r9 - adcx %rdx, %r10 mov 48($inp), %rdx - adcx %rbp, %r11 + + xor %rbx, %rbx + adox %r9, %r9 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %r10, %r10 + adcx %rax, %r9 + adcx $out, %r10 + adox %rbp, %rbx + adcx %rbp, %rbx mov %r9, 80(%rsp) mov %r10, 88(%rsp) @@ -703,31 +713,31 @@ $code.=<<___; adox %rax, %r12 adox %rbp, %r13 - xor %r14, %r14 - shld \$1, %r13, %r14 - shld \$1, %r12, %r13 - shld \$1, %rbx, %r12 - - xor %ebp, %ebp - mulx %rdx, %rax, %rdx - adcx %rax, %r11 - adcx %rdx, %r12 + mulx %rdx, %rax, $out + xor %rcx, %rcx mov 56($inp), %rdx - adcx %rbp, %r13 + adox %r11, %r11 + # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rbx, %rax + adox %r12, %r12 + adcx %rax, %r11 + adox %rbp, %rcx + adcx $out, %r12 + adcx %rbp, %rcx .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) #eighth iteration mulx %rdx, %rax, %rdx - adox %rax, %r13 - adox %rbp, %rdx + xor %rbx, %rbx + adox %r13, %r13 + # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here + adcx %rcx, %rax + adox %rbp, %rbx + adcx %r13, %rax + adcx %rdx, %rbx - .byte 0x66 - add %rdx, %r14 - - movq %r13, 112(%rsp) - movq %r14, 120(%rsp) movq %xmm0, $out movq %xmm1, %rbp @@ -741,6 +751,9 @@ $code.=<<___; movq 48(%rsp), %r14 movq 56(%rsp), %r15 + movq %rax, 112(%rsp) + movq %rbx, 120(%rsp) + call __rsaz_512_reducex addq 64(%rsp), %r8 @@ -1606,6 +1619,7 @@ $code.=<<___; .type __rsaz_512_reduce,\@abi-omnipotent .align 32 __rsaz_512_reduce: +.cfi_startproc movq %r8, %rbx imulq 128+8(%rsp), %rbx movq 0(%rbp), %rax @@ -1685,6 +1699,7 @@ __rsaz_512_reduce: jne .Lreduction_loop ret +.cfi_endproc .size __rsaz_512_reduce,.-__rsaz_512_reduce ___ } @@ -1698,6 +1713,7 @@ $code.=<<___; .type __rsaz_512_reducex,\@abi-omnipotent .align 32 __rsaz_512_reducex: +.cfi_startproc #movq 128+8(%rsp), %rdx # pull $n0 imulq %r8, %rdx xorq %rsi, %rsi # cf=0,of=0 @@ -1750,6 +1766,7 @@ __rsaz_512_reducex: jne .Lreduction_loopx ret +.cfi_endproc .size __rsaz_512_reducex,.-__rsaz_512_reducex ___ } @@ -1761,6 +1778,7 @@ $code.=<<___; .type __rsaz_512_subtract,\@abi-omnipotent .align 32 __rsaz_512_subtract: +.cfi_startproc movq %r8, ($out) movq %r9, 8($out) movq %r10, 16($out) @@ -1814,6 +1832,7 @@ __rsaz_512_subtract: movq %r15, 56($out) ret +.cfi_endproc .size __rsaz_512_subtract,.-__rsaz_512_subtract ___ } @@ -1827,6 +1846,7 @@ $code.=<<___; .type __rsaz_512_mul,\@abi-omnipotent .align 32 __rsaz_512_mul: +.cfi_startproc leaq 8(%rsp), %rdi movq ($ap), %rax @@ -1965,6 +1985,7 @@ __rsaz_512_mul: movq %r15, 56(%rdi) ret +.cfi_endproc .size __rsaz_512_mul,.-__rsaz_512_mul ___ } @@ -1979,6 +2000,7 @@ $code.=<<___; .type __rsaz_512_mulx,\@abi-omnipotent .align 32 __rsaz_512_mulx: +.cfi_startproc mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller mov \$-6, %rcx @@ -2095,6 +2117,7 @@ __rsaz_512_mulx: mov %r15, 8+64+56(%rsp) ret +.cfi_endproc .size __rsaz_512_mulx,.-__rsaz_512_mulx ___ } @@ -2105,6 +2128,7 @@ $code.=<<___; .type rsaz_512_scatter4,\@abi-omnipotent .align 16 rsaz_512_scatter4: +.cfi_startproc leaq ($out,$power,8), $out movl \$8, %r9d jmp .Loop_scatter @@ -2117,12 +2141,14 @@ rsaz_512_scatter4: decl %r9d jnz .Loop_scatter ret +.cfi_endproc .size rsaz_512_scatter4,.-rsaz_512_scatter4 .globl rsaz_512_gather4 .type rsaz_512_gather4,\@abi-omnipotent .align 16 rsaz_512_gather4: +.cfi_startproc ___ $code.=<<___ if ($win64); .LSEH_begin_rsaz_512_gather4: @@ -2217,6 +2243,7 @@ ___ $code.=<<___; ret .LSEH_end_rsaz_512_gather4: +.cfi_endproc .size rsaz_512_gather4,.-rsaz_512_gather4 .align 64 @@ -2401,4 +2428,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index 06181bf9b95f..a7e4b8a97d30 100755 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -225,4 +225,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index c2fc5adffe0d..bc8c8951e060 100755 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -197,7 +197,7 @@ $code.=<<___; lghi $NHI,0 alcgr $NHI,$nhi - la $j,8(%r0) # j=1 + la $j,8 # j=1 lr $count,$num .align 16 @@ -241,7 +241,7 @@ $code.=<<___; la $ap,$stdframe($sp) ahi $num,1 # restore $num, incidentally clears "borrow" - la $j,0(%r0) + la $j,0 lr $count,$num .Lsub: lg $alo,0($j,$ap) lg $nlo,0($j,$np) @@ -255,7 +255,7 @@ $code.=<<___; lghi $NHI,-1 xgr $NHI,$AHI - la $j,0(%r0) + la $j,0 lgr $count,$num .Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy lg $alo,0($j,$rp) @@ -281,4 +281,4 @@ foreach (split("\n",$code)) { s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e; print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S index 292a7a9998bd..b666c41a88a4 100755 --- a/crypto/bn/asm/s390x.S +++ b/crypto/bn/asm/s390x.S @@ -511,7 +511,7 @@ bn_mul_comba4: lghi zero,0 mul_add_c(0,0,c1,c2,c3); - stg c1,0*8(%r3) + stg c1,0*8(%r2) lghi c1,0 mul_add_c(0,1,c2,c3,c1); diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl index fcae9cfc5b44..62e297a01692 100755 --- a/crypto/bn/asm/sparct4-mont.pl +++ b/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1225,4 +1225,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl index dcf11a87a18e..238a93dca56c 100755 --- a/crypto/bn/asm/sparcv9-gf2m.pl +++ b/crypto/bn/asm/sparcv9-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -197,4 +197,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index b41903af985f..d1a3c2bc4343 100755 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -617,4 +617,4 @@ $code.=<<___; ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl index c8f759df9fbd..7a1fca1263a9 100755 --- a/crypto/bn/asm/sparcv9a-mont.pl +++ b/crypto/bn/asm/sparcv9a-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/ print $code; # flush -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index 9cf717e84102..9dbc8d458792 100755 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -248,4 +248,4 @@ $sp=&DWP(28,"esp"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 04833a0c876d..d797af8745dc 100755 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -381,4 +381,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index d03efcc75023..436d90b11ea4 100755 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -322,4 +322,4 @@ if ($sse2) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl index 7ba2133ac9c3..2103f806b65a 100755 --- a/crypto/bn/asm/x86-mont.pl +++ b/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -628,4 +628,4 @@ $sbit=$num; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 31839ba060fa..e6fdaadf0e91 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "../bn_lcl.h" +#include "../bn_local.h" #if !(defined(__GNUC__) && __GNUC__>=2) # include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ #else diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 0fd6e985d7b0..655f13c89ee8 100755 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -421,4 +421,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index c051135e30dd..e00cac448b89 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -1589,4 +1589,4 @@ ___ } print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index f43e13d11643..887770b30db1 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -580,6 +580,7 @@ $code.=<<___; .type mul4x_internal,\@abi-omnipotent .align 32 mul4x_internal: +.cfi_startproc shl \$5,$num # $num was in bytes movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index lea .Linc(%rip),%rax @@ -1074,6 +1075,7 @@ $code.=<<___ ___ } $code.=<<___; +.cfi_endproc .size mul4x_internal,.-mul4x_internal ___ }}} @@ -1239,6 +1241,7 @@ $code.=<<___; .align 32 bn_sqr8x_internal: __bn_sqr8x_internal: +.cfi_startproc ############################################################## # Squaring part: # @@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction: cmp %rdx,$tptr # end of t[]? jb .L8x_reduction_loop ret +.cfi_endproc .size bn_sqr8x_internal,.-bn_sqr8x_internal ___ } @@ -2042,6 +2046,7 @@ $code.=<<___; .type __bn_post4x_internal,\@abi-omnipotent .align 32 __bn_post4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 lea (%rdi,$num),$tptr # %rdi was $tptr above mov $num,%rcx @@ -2092,6 +2097,7 @@ __bn_post4x_internal: mov $num,%r10 # prepare for back-to-back call neg $num # restore $num ret +.cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal ___ } @@ -2101,10 +2107,12 @@ $code.=<<___; .type bn_from_montgomery,\@abi-omnipotent .align 32 bn_from_montgomery: +.cfi_startproc testl \$7,`($win64?"48(%rsp)":"%r9d")` jz bn_from_mont8x xor %eax,%eax ret +.cfi_endproc .size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,\@function,6 @@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5: .type mulx4x_internal,\@abi-omnipotent .align 32 mulx4x_internal: +.cfi_startproc mov $num,8(%rsp) # save -$num (it was in bytes) mov $num,%r10 neg $num # restore $num @@ -2750,6 +2759,7 @@ $code.=<<___; mov 8*2(%rbp),%r14 mov 8*3(%rbp),%r15 jmp .Lsqrx4x_sub_entry # common post-condition +.cfi_endproc .size mulx4x_internal,.-mulx4x_internal ___ } { @@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp"); $code.=<<___; .align 32 __bn_postx4x_internal: +.cfi_startproc mov 8*0($nptr),%r12 mov %rcx,%r10 # -$num mov %rcx,%r9 # -$num @@ -3602,6 +3613,7 @@ __bn_postx4x_internal: neg %r9 # restore $num ret +.cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal ___ } @@ -3618,6 +3630,7 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: +.cfi_startproc lea 0($inp),%r10 lea 1($inp),%r11 mov $num,%ecx @@ -3631,12 +3644,14 @@ bn_get_bits5: shrl %cl,%eax and \$31,%eax ret +.cfi_endproc .size bn_get_bits5,.-bn_get_bits5 .globl bn_scatter5 .type bn_scatter5,\@abi-omnipotent .align 16 bn_scatter5: +.cfi_startproc cmp \$0, $num jz .Lscatter_epilogue lea ($tbl,$idx,8),$tbl @@ -3649,6 +3664,7 @@ bn_scatter5: jnz .Lscatter .Lscatter_epilogue: ret +.cfi_endproc .size bn_scatter5,.-bn_scatter5 .globl bn_gather5 @@ -3656,6 +3672,7 @@ bn_scatter5: .align 32 bn_gather5: .LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases +.cfi_startproc # I can't trust assembler to use specific encoding:-( .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp @@ -3740,6 +3757,7 @@ $code.=<<___; lea (%r10),%rsp ret .LSEH_end_bn_gather5: +.cfi_endproc .size bn_gather5,.-bn_gather5 ___ } @@ -3942,4 +3960,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index f2736b8f6d41..8ffe49618a8b 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* signed add of b to a. */ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index 729b2480acd1..4d83a8cf1115 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 450cdfb34866..76fc7ebcffc0 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define BN_BLINDING_COUNTER 32 diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 90cecea2aa5d..042cb247d37f 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /*- * TODO list diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 58bcf197a490..b60269cd57a6 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include "internal/cryptlib.h" -# include "bn_lcl.h" +# include "bn_local.h" BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, const BIGNUM *rem, diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 38acdee234d0..58c44f0b179e 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -7,12 +7,12 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_DH #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* DH parameters from RFC5114 */ # if BN_BITS2 == 64 diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 7fc0132830a1..286d69c895fd 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* The old slow way */ #if 0 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 88f2baf0e553..9531acfc3c94 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -8,8 +8,8 @@ */ #include "internal/cryptlib.h" -#include "internal/constant_time_locl.h" -#include "bn_lcl.h" +#include "internal/constant_time.h" +#include "bn_local.h" #include #ifdef _WIN32 diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 082c9286a0f4..e542abe46fa1 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define TABLE_SIZE 32 diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 0091ea4e08a6..ef81acb77ba6 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -8,113 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); - -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) -{ - BIGNUM *a, *b, *t; - int ret = 0; - - bn_check_top(in_a); - bn_check_top(in_b); - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (b == NULL) - goto err; - - if (BN_copy(a, in_a) == NULL) - goto err; - if (BN_copy(b, in_b) == NULL) - goto err; - a->neg = 0; - b->neg = 0; - - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - t = euclid(a, b); - if (t == NULL) - goto err; - - if (BN_copy(r, t) == NULL) - goto err; - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} - -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) -{ - BIGNUM *t; - int shifts = 0; - - bn_check_top(a); - bn_check_top(b); - - /* 0 <= b <= a */ - while (!BN_is_zero(b)) { - /* 0 < b <= a */ - - if (BN_is_odd(a)) { - if (BN_is_odd(b)) { - if (!BN_sub(a, a, b)) - goto err; - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a odd - b even */ - - if (!BN_rshift1(b, b)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } - } else { /* a is even */ - - if (BN_is_odd(b)) { - if (!BN_rshift1(a, a)) - goto err; - if (BN_cmp(a, b) < 0) { - t = a; - a = b; - b = t; - } - } else { /* a even - b even */ - - if (!BN_rshift1(a, a)) - goto err; - if (!BN_rshift1(b, b)) - goto err; - shifts++; - } - } - /* 0 <= b <= a */ - } - - if (shifts) { - if (!BN_lshift(a, a, shifts)) - goto err; - } - bn_check_top(a); - return a; - err: - return NULL; -} +#include "bn_local.h" /* solves ax == 1 (mod n) */ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, @@ -621,3 +515,115 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, bn_check_top(ret); return ret; } + +/*- + * This function is based on the constant-time GCD work by Bernstein and Yang: + * https://eprint.iacr.org/2019/266 + * Generalized fast GCD function to allow even inputs. + * The algorithm first finds the shared powers of 2 between + * the inputs, and removes them, reducing at least one of the + * inputs to an odd value. Then it proceeds to calculate the GCD. + * Before returning the resulting GCD, we take care of adding + * back the powers of two removed at the beginning. + * Note 1: we assume the bit length of both inputs is public information, + * since access to top potentially leaks this information. + */ +int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + BIGNUM *g, *temp = NULL; + BN_ULONG mask = 0; + int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0; + + /* Note 2: zero input corner cases are not constant-time since they are + * handled immediately. An attacker can run an attack under this + * assumption without the need of side-channel information. */ + if (BN_is_zero(in_b)) { + ret = BN_copy(r, in_a) != NULL; + r->neg = 0; + return ret; + } + if (BN_is_zero(in_a)) { + ret = BN_copy(r, in_b) != NULL; + r->neg = 0; + return ret; + } + + bn_check_top(in_a); + bn_check_top(in_b); + + BN_CTX_start(ctx); + temp = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + + /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */ + if (g == NULL + || !BN_lshift1(g, in_b) + || !BN_lshift1(r, in_a)) + goto err; + + /* find shared powers of two, i.e. "shifts" >= 1 */ + for (i = 0; i < r->dmax && i < g->dmax; i++) { + mask = ~(r->d[i] | g->d[i]); + for (j = 0; j < BN_BITS2; j++) { + bit &= mask; + shifts += bit; + mask >>= 1; + } + } + + /* subtract shared powers of two; shifts >= 1 */ + if (!BN_rshift(r, r, shifts) + || !BN_rshift(g, g, shifts)) + goto err; + + /* expand to biggest nword, with room for a possible extra word */ + top = 1 + ((r->top >= g->top) ? r->top : g->top); + if (bn_wexpand(r, top) == NULL + || bn_wexpand(g, top) == NULL + || bn_wexpand(temp, top) == NULL) + goto err; + + /* re arrange inputs s.t. r is odd */ + BN_consttime_swap((~r->d[0]) & 1, r, g, top); + + /* compute the number of iterations */ + rlen = BN_num_bits(r); + glen = BN_num_bits(g); + m = 4 + 3 * ((rlen >= glen) ? rlen : glen); + + for (i = 0; i < m; i++) { + /* conditionally flip signs if delta is positive and g is odd */ + cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + delta = (-cond & -delta) | ((cond - 1) & delta); + r->neg ^= cond; + /* swap */ + BN_consttime_swap(cond, r, g, top); + + /* elimination step */ + delta++; + if (!BN_add(temp, g, r)) + goto err; + BN_consttime_swap(g->d[0] & 1 /* g is odd */ + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + g, temp, top); + if (!BN_rshift1(g, g)) + goto err; + } + + /* remove possible negative sign */ + r->neg = 0; + /* add powers of 2 removed, then correct the artificial shift */ + if (!BN_lshift(r, r, shifts) + || !BN_rshift1(r, r)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + bn_check_top(r); + return ret; +} diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 34d8b69c1ec9..a2ea86755182 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -12,7 +12,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 46bc97575dfe..147b4fa022cf 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index b9bc6cca27fe..c1e09d272120 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 254069ff3819..86d4956c8a8c 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_local.h similarity index 99% rename from crypto/bn/bn_lcl.h rename to crypto/bn/bn_local.h index 7f823a6178a5..37228104c640 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_LCL_H -# define HEADER_BN_LCL_H +#ifndef OSSL_CRYPTO_BN_LOCAL_H +# define OSSL_CRYPTO_BN_LOCAL_H /* * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or @@ -18,10 +18,10 @@ # include # if !defined(OPENSSL_SYS_UEFI) -# include "internal/bn_conf.h" +# include "crypto/bn_conf.h" # endif -# include "internal/bn_int.h" +# include "crypto/bn.h" /* * These preprocessor symbols control various aspects of the bignum headers diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 712fc8ac145b..f7d2e2650ed8 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) { diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 393d27c392c7..1e5045a010bb 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -15,7 +15,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #define MONT_WORD /* use the faster word-based algorithm */ diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 043e21d26a38..bdbe822415c7 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) { diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 5eda65cfbb04..6743e7be8166 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) /* diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index dcdd321c6688..325dc228490a 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 19b081f38eb7..6d74da26d3c7 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* * The quick sieve algorithm approach to weeding out primes is Philip diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 2eb7b52f76f9..ba48244534b0 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 1853269d903d..69749a9fa7dc 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -8,11 +8,11 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include -#include "bn_lcl.h" +#include "bn_local.h" static const char Hex[] = "0123456789ABCDEF"; diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 051f29e34305..6b4b50a068f1 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -10,7 +10,7 @@ #include #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" #include #include diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 9ab767f42fe9..e82231334123 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) { diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index b7a1e0ff9ae3..210a83f586d2 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) { @@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) for (i = 0; i < a->top; i++) { t = *(ap++); *(rp++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - if (c) { - *rp = 1; - r->top++; + c = t >> (BN_BITS2 - 1); } + *rp = c; + r->top += c; bn_check_top(r); return 1; } @@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a) int BN_rshift1(BIGNUM *r, const BIGNUM *a) { BN_ULONG *ap, *rp, t, c; - int i, j; + int i; bn_check_top(r); bn_check_top(a); @@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) } i = a->top; ap = a->d; - j = i - (ap[i - 1] == 1); if (a != r) { - if (bn_wexpand(r, j) == NULL) + if (bn_wexpand(r, i) == NULL) return 0; r->neg = a->neg; } rp = r->d; + r->top = i; t = ap[--i]; - c = (t & 1) ? BN_TBIT : 0; - if (t >>= 1) - rp[i] = t; + rp[i] = t >> 1; + c = t << (BN_BITS2 - 1); + r->top -= (t == 1); while (i > 0) { t = ap[--i]; rp[i] = ((t >> 1) & BN_MASK2) | c; - c = (t & 1) ? BN_TBIT : 0; + c = t << (BN_BITS2 - 1); } - r->top = j; if (!r->top) r->neg = 0; /* don't allow negative zero */ bn_check_top(r); @@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, j, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, tmp; - - bn_check_top(r); - bn_check_top(a); + int ret = 0; if (n < 0) { BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); return 0; } - nw = n / BN_BITS2; - rb = n % BN_BITS2; - lb = BN_BITS2 - rb; - if (nw >= a->top || a->top == 0) { - BN_zero(r); - return 1; - } - i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; - if (r != a) { - if (bn_wexpand(r, i) == NULL) - return 0; - r->neg = a->neg; - } else { - if (n == 0) - return 1; /* or the copying loop will go berserk */ - } + ret = bn_rshift_fixed_top(r, a, n); - f = &(a->d[nw]); - t = r->d; - j = a->top - nw; - r->top = i; - - if (rb == 0) { - for (i = j; i != 0; i--) - *(t++) = *(f++); - } else { - l = *(f++); - for (i = j - 1; i != 0; i--) { - tmp = (l >> rb) & BN_MASK2; - l = *(f++); - *(t++) = (tmp | (l << lb)) & BN_MASK2; - } - if ((l = (l >> rb) & BN_MASK2)) - *(t) = l; - } - if (!r->top) - r->neg = 0; /* don't allow negative zero */ + bn_correct_top(r); bn_check_top(r); - return 1; + + return ret; } /* diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 0c0a590f0c6a..7f3a179177b6 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" /* r must not be a */ /* diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index c3e66b033bde..1723d5ded5a8 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c index 27b6ebe518ea..820757be60e3 100644 --- a/crypto/bn/bn_srp.c +++ b/crypto/bn/bn_srp.c @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -#include "bn_lcl.h" +#include "bn_local.h" #include "internal/nelem.h" #ifndef OPENSSL_NO_SRP #include -#include "internal/bn_srp.h" +#include "crypto/bn_srp.h" # if (BN_BYTES == 8) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index 262d7668fcd4..18fb3030a8f4 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "bn_lcl.h" +#include "bn_local.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) { diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c index 9eb8384fdeb2..009950259d41 100644 --- a/crypto/bn/bn_x931p.c +++ b/crypto/bn/bn_x931p.c @@ -9,7 +9,7 @@ #include #include -#include "bn_lcl.h" +#include "bn_local.h" /* X9.31 routines for prime derivation */ diff --git a/crypto/bn/build.info b/crypto/bn/build.info index a463eddabbbb..b9ed5322fa68 100644 --- a/crypto/bn/build.info +++ b/crypto/bn/build.info @@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\ {- $target{bn_asm_src} -} \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c -INCLUDE[../../libcrypto]=../../crypto/include INCLUDE[bn_exp.o]=.. diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h index c5864f8aaa8c..88f65a4bae46 100644 --- a/crypto/bn/rsaz_exp.h +++ b/crypto/bn/rsaz_exp.h @@ -12,8 +12,8 @@ * (2) University of Haifa, Israel */ -#ifndef RSAZ_EXP_H -# define RSAZ_EXP_H +#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H +# define OSSL_CRYPTO_BN_RSAZ_EXP_H # undef RSAZ_ENABLED # if defined(OPENSSL_BN_ASM_MONT) && \ diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl index b7b11d50316b..9aeee574ebf8 100755 --- a/crypto/c64xpluscpuid.pl +++ b/crypto/c64xpluscpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -284,4 +284,4 @@ bus_loop2_done?: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl index 55af9b4e3d01..cd514acfae4a 100755 --- a/crypto/camellia/asm/cmll-x86.pl +++ b/crypto/camellia/asm/cmll-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1147,4 +1147,4 @@ my ($s0,$s1,$s2,$s3) = @T; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl index 02c52c3efe47..59e1840160ff 100755 --- a/crypto/camellia/asm/cmll-x86_64.pl +++ b/crypto/camellia/asm/cmll-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,11 +125,13 @@ $code=<<___; .type Camellia_EncryptBlock,\@abi-omnipotent .align 16 Camellia_EncryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Lenc_rounds +.cfi_endproc .size Camellia_EncryptBlock,.-Camellia_EncryptBlock # V2 .globl Camellia_EncryptBlock_Rounds @@ -198,6 +200,7 @@ Camellia_EncryptBlock_Rounds: .type _x86_64_Camellia_encrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_encrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -241,6 +244,7 @@ $code.=<<___; mov $t3,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt # V1.x API @@ -248,11 +252,13 @@ $code.=<<___; .type Camellia_DecryptBlock,\@abi-omnipotent .align 16 Camellia_DecryptBlock: +.cfi_startproc movl \$128,%eax subl $arg0d,%eax movl \$3,$arg0d adcl \$0,$arg0d # keyBitLength==128?3:4 jmp .Ldec_rounds +.cfi_endproc .size Camellia_DecryptBlock,.-Camellia_DecryptBlock # V2 .globl Camellia_DecryptBlock_Rounds @@ -321,6 +327,7 @@ Camellia_DecryptBlock_Rounds: .type _x86_64_Camellia_decrypt,\@abi-omnipotent .align 16 _x86_64_Camellia_decrypt: +.cfi_startproc xor 0($key),@S[1] xor 4($key),@S[0] # ^=key[0-3] xor 8($key),@S[3] @@ -365,6 +372,7 @@ $code.=<<___; mov $t1,@S[3] .byte 0xf3,0xc3 # rep ret +.cfi_endproc .size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt ___ @@ -1142,4 +1150,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl index 6396679a5af4..71a40f6af90c 100755 --- a/crypto/camellia/asm/cmllt4-sparcv9.pl +++ b/crypto/camellia/asm/cmllt4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -936,4 +936,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c index c200b823041b..f623864bc413 100644 --- a/crypto/camellia/camellia.c +++ b/crypto/camellia/camellia.c @@ -40,7 +40,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" #include #include diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c index d932f1b37517..5760d1ed35fc 100644 --- a/crypto/camellia/cmll_ecb.c +++ b/crypto/camellia/cmll_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cmll_locl.h" +#include "cmll_local.h" void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAMELLIA_KEY *key, const int enc) diff --git a/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_local.h similarity index 91% rename from crypto/camellia/cmll_locl.h rename to crypto/camellia/cmll_local.h index 6403b390d82d..d16baa55facc 100644 --- a/crypto/camellia/cmll_locl.h +++ b/crypto/camellia/cmll_local.h @@ -22,8 +22,8 @@ * to the OpenSSL project. */ -#ifndef HEADER_CAMELLIA_LOCL_H -# define HEADER_CAMELLIA_LOCL_H +#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H +# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H typedef unsigned int u32; typedef unsigned char u8; @@ -40,4 +40,4 @@ void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ +#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c index e5f014b79cbc..d8fc3738c404 100644 --- a/crypto/camellia/cmll_misc.c +++ b/crypto/camellia/cmll_misc.c @@ -9,7 +9,7 @@ #include #include -#include "cmll_locl.h" +#include "cmll_local.h" int Camellia_set_key(const unsigned char *userKey, const int bits, CAMELLIA_KEY *key) diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl index d5d38965cf76..04710819380a 100644 --- a/crypto/cast/asm/cast-586.pl +++ b/crypto/cast/asm/cast-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -46,7 +46,7 @@ $S4="CAST_S_table3"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub CAST_encrypt { local($name,$enc)=@_; diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c index bd7cb2f46843..72221595382b 100644 --- a/crypto/cast/c_cfb64.c +++ b/crypto/cast/c_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c index da4179438f1d..6fe093f75b1b 100644 --- a/crypto/cast/c_ecb.c +++ b/crypto/cast/c_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c index 700b6d162a9f..d27d1fc0a54f 100644 --- a/crypto/cast/c_enc.c +++ b/crypto/cast/c_enc.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c index dffb074762c2..49c0cfade577 100644 --- a/crypto/cast/c_ofb64.c +++ b/crypto/cast/c_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c index 962d2a60b4c5..0311482d20dd 100644 --- a/crypto/cast/c_skey.c +++ b/crypto/cast/c_skey.c @@ -8,7 +8,7 @@ */ #include -#include "cast_lcl.h" +#include "cast_local.h" #include "cast_s.h" #define CAST_exp(l,A,a,n) \ diff --git a/crypto/cast/cast_lcl.h b/crypto/cast/cast_local.h similarity index 100% rename from crypto/cast/cast_lcl.h rename to crypto/cast/cast_local.h diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index d3fadcc63d33..81c616add313 100755 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1157,4 +1157,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index e90be6d0e5bd..22655747295e 100755 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1141,4 +1141,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/chacha/asm/chacha-c64xplus.pl index 266401eb1644..4bd18a4f8f95 100755 --- a/crypto/chacha/asm/chacha-c64xplus.pl +++ b/crypto/chacha/asm/chacha-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -923,4 +923,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl index f4f8610bf3bf..3073deac17ee 100755 --- a/crypto/chacha/asm/chacha-ppc.pl +++ b/crypto/chacha/asm/chacha-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1345,4 +1345,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl index c31526473dba..dd66a9c60309 100755 --- a/crypto/chacha/asm/chacha-s390x.pl +++ b/crypto/chacha/asm/chacha-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -323,4 +323,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index 13c217dcf1f2..a1f5694b691e 100755 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; @@ -1152,4 +1152,4 @@ sub XOPROUND { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index b54f3b1525bc..647d2537ceae 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -4002,4 +4002,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c index 239f68ab825e..18251eac08de 100644 --- a/crypto/chacha/chacha_enc.c +++ b/crypto/chacha/chacha_enc.c @@ -11,7 +11,8 @@ #include -#include "internal/chacha.h" +#include "crypto/chacha.h" +#include "crypto/ctype.h" typedef unsigned int u32; typedef unsigned char u8; @@ -78,10 +79,18 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t todo, i; /* sigma constant "expand 32-byte k" in little-endian encoding */ - input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24); - input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24); - input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24); - input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24); + input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) + | ((u32)ossl_toascii('p') << 16) + | ((u32)ossl_toascii('a') << 24); + input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('3') << 24); + input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) + | ((u32)ossl_toascii('b') << 16) + | ((u32)ossl_toascii('y') << 24); + input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) + | ((u32)ossl_toascii(' ') << 16) + | ((u32)ossl_toascii('k') << 24); input[4] = key[0]; input[5] = key[1]; diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index a58454a089c6..82adf18c8019 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 10748f148859..5574f25be868 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* The context structure and "key" is simply a CMAC_CTX */ diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 993ea6b219ab..08069d72a29e 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -11,7 +11,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c index 0566019753bd..4f716619193a 100644 --- a/crypto/cms/cms_att.c +++ b/crypto/cms/cms_att.c @@ -12,7 +12,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" #include "internal/nelem.h" /*- diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index f05e308418f8..45365b8ba247 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -15,7 +15,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" #ifdef ZLIB diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 5da6802fcd5e..0df2e698c237 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -13,7 +13,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS DigestedData Utilities */ diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index a1719830e8d4..fc490303d4c6 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" /* CMS EncryptedData Utilities */ diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 26fb81f79ab1..04940146fd25 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS EnvelopedData Utilities */ diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 4780231c22bb..a21c443ae85e 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index d18f980a9732..b37e485f5a28 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -12,7 +12,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) { diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 5e83814d0fcf..cafc3040ac70 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -14,8 +14,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" /* Key Agreement Recipient Info (KARI) routines */ @@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); - if (!pctx || !EVP_PKEY_derive_init(pctx)) + if (!pctx || EVP_PKEY_derive_init(pctx) <= 0) goto err; kari->pctx = pctx; return 1; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index c2cac260109d..57afba436115 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "cms_lcl.h" +#include "cms_local.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_local.h similarity index 99% rename from crypto/cms/cms_lcl.h rename to crypto/cms/cms_local.h index 68aa01271bc2..a0ce4448f603 100644 --- a/crypto/cms/cms_lcl.h +++ b/crypto/cms/cms_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CMS_LCL_H -# define HEADER_CMS_LCL_H +#ifndef OSSL_CRYPTO_CMS_LOCAL_H +# define OSSL_CRYPTO_CMS_LOCAL_H # include diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 26e3bdcf9e41..d7414883396c 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -15,8 +15,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, ossl_ssize_t passlen) diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 3841513f8bd2..29ba4c1b1334 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -14,9 +14,9 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* CMS SignedData Utilities */ diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 10815639f811..652e97b2e877 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -13,8 +13,8 @@ #include #include #include -#include "cms_lcl.h" -#include "internal/asn1_int.h" +#include "cms_local.h" +#include "crypto/asn1.h" static BIO *cms_get_text_bio(BIO *out, unsigned int flags) { diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index d688deee5f23..b81933791312 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -13,9 +13,9 @@ #include #include "internal/comp.h" #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/bio.h" -#include "comp_lcl.h" +#include "comp_local.h" COMP_METHOD *COMP_zlib(void); @@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_copy_next_retry(b); break; + case BIO_CTRL_WPENDING: + if (ctx->obuf == NULL) + return 0; + + if (ctx->odone) { + ret = ctx->ocount; + } else { + ret = ctx->ocount; + if (ret == 0) + /* Unknown amount pending but we are not finished */ + ret = 1; + } + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + + case BIO_CTRL_PENDING: + ret = ctx->zin.avail_in; + if (ret == 0) + ret = BIO_ctrl(next, cmd, num, ptr); + break; + default: ret = BIO_ctrl(next, cmd, num, ptr); break; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 6ae2114496b0..56920e1cca51 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -13,7 +13,7 @@ #include #include #include -#include "comp_lcl.h" +#include "comp_local.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_local.h similarity index 100% rename from crypto/comp/comp_lcl.h rename to crypto/comp/comp_local.h diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 8e3f42a0caca..ca76fa3679b8 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -703,7 +703,9 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) { const char *filename; + size_t pathlen; + pathlen = strlen(path); while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { size_t namelen; @@ -716,7 +718,7 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) char *newpath; BIO *bio; - newlen = strlen(path) + namelen + 2; + newlen = pathlen + namelen + 2; newpath = OPENSSL_zalloc(newlen); if (newpath == NULL) { CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE); @@ -727,14 +729,11 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) * If the given path isn't clear VMS syntax, * we treat it as on Unix. */ - { - size_t pathlen = strlen(path); - - if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>' - || path[pathlen - 1] == ':') { - /* Clear VMS directory syntax, just copy as is */ - OPENSSL_strlcpy(newpath, path, newlen); - } + if (path[pathlen - 1] == ']' + || path[pathlen - 1] == '>' + || path[pathlen - 1] == ':') { + /* Clear VMS directory syntax, just copy as is */ + OPENSSL_strlcpy(newpath, path, newlen); } #endif if (newpath[0] == '\0') { diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 2016d31b8929..2ced300e40d6 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 2d40ac97ec27..0b7dd26d63b0 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -11,7 +11,7 @@ #include #include #include "internal/conf.h" -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include diff --git a/crypto/conf/conf_lcl.h b/crypto/conf/conf_local.h similarity index 100% rename from crypto/conf/conf_lcl.h rename to crypto/conf/conf_local.h diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 7e86948e89e9..d7eaa8509b2f 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -14,7 +14,7 @@ #include #include #include -#include "conf_lcl.h" +#include "conf_local.h" /* Load all OpenSSL builtin modules */ diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c index 387f2cf46c31..4bd8117d365c 100644 --- a/crypto/conf/conf_ssl.c +++ b/crypto/conf/conf_ssl.c @@ -12,7 +12,7 @@ #include #include #include "internal/sslconf.h" -#include "conf_lcl.h" +#include "conf_local.h" /* * SSL library configuration module placeholder. We load it here but defer diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 7b761a3adced..1f36b20c86ed 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -9,7 +9,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ @@ -49,7 +49,7 @@ typedef char variant_char; # define ossl_getenv getenv # endif -# include "internal/ctype.h" +# include "crypto/ctype.h" static int todigit(variant_char c) { diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c index 109ffcdcf24a..4abe11ca298b 100644 --- a/crypto/ct/ct_b64.c +++ b/crypto/ct/ct_b64.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Decodes the base64 string |in| into |out|. diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_local.h similarity index 100% rename from crypto/ct/ct_locl.h rename to crypto/ct/ct_local.h diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c index 0dd691c0f711..d4b6645af48d 100644 --- a/crypto/ct/ct_oct.c +++ b/crypto/ct/ct_oct.c @@ -19,7 +19,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) { diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c index 0d7b3463877d..df66e8a494d0 100644 --- a/crypto/ct/ct_policy.c +++ b/crypto/ct/ct_policy.c @@ -15,7 +15,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" /* * Number of seconds in the future that an SCT timestamp can be, by default, diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c index 376e04523e57..e6584b57f391 100644 --- a/crypto/ct/ct_prn.c +++ b/crypto/ct/ct_prn.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" static void SCT_signature_algorithms_print(const SCT *sct, BIO *out) { diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c index 1dc16857ba50..4ff36e2fbd49 100644 --- a/crypto/ct/ct_sct.c +++ b/crypto/ct/ct_sct.c @@ -17,7 +17,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT *SCT_new(void) { diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c index 75a5027df0e8..841e768033e5 100644 --- a/crypto/ct/ct_sct_ctx.c +++ b/crypto/ct/ct_sct_ctx.c @@ -18,7 +18,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" SCT_CTX *SCT_CTX_new(void) { diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c index cabcf5782aa4..74fd34f4154e 100644 --- a/crypto/ct/ct_vfy.c +++ b/crypto/ct/ct_vfy.c @@ -14,7 +14,7 @@ #include #include -#include "ct_locl.h" +#include "ct_local.h" typedef enum sct_signature_type_t { SIGNATURE_TYPE_NOT_SET = -1, diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c index ec186d1f5b83..19c2a852d24a 100644 --- a/crypto/ct/ct_x509v3.c +++ b/crypto/ct/ct_x509v3.c @@ -11,7 +11,7 @@ # error "CT is disabled" #endif -#include "ct_locl.h" +#include "ct_local.h" static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) { diff --git a/crypto/ctype.c b/crypto/ctype.c index e05f84cd4086..b7f1183f9ccf 100644 --- a/crypto/ctype.c +++ b/crypto/ctype.c @@ -9,7 +9,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "openssl/ebcdic.h" /* diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl index a02d18063149..d14b9f89b6b6 100644 --- a/crypto/des/asm/crypt586.pl +++ b/crypto/des/asm/crypt586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ $R="esi"; &fcrypt_body("fcrypt_body"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub fcrypt_body { diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl index 2bcc54ef2f25..07d9d87ac735 100644 --- a/crypto/des/asm/des-586.pl +++ b/crypto/des/asm/des-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ $small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub DES_encrypt_internal() { diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index 4ada97b175d9..ebb5e7cd1d75 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -106,15 +106,15 @@ changequote({,}) ! technique. ! ! The macro also loads address sbox 1 to 5 to global 1 to 5, address -! sbox 6 to local6, and addres sbox 8 to out3. +! sbox 6 to local6, and address sbox 8 to out3. ! -! Rotates the halfs 3 left to bring the sbox bits in convenient positions. +! Rotates the halves 3 left to bring the sbox bits in convenient positions. ! ! Loads key first round from address in parameter 5 to out0, out1. ! ! After the original LibDES initial permutation, the resulting left ! is in the variable initially used for right and vice versa. The macro -! implements the possibility to keep the halfs in the original registers. +! implements the possibility to keep the halves in the original registers. ! ! parameter 1 left ! parameter 2 right @@ -1184,7 +1184,7 @@ DES_encrypt2: add %o7,global1,global1 sub global1,.PIC.DES_SPtrans-.des_and,out2 - ! Set sbox address 1 to 6 and rotate halfs 3 left + ! Set sbox address 1 to 6 and rotate halves 3 left ! Errors caught by destest? Yes. Still? *NO* !sethi %hi(DES_SPtrans), global1 ! address sbox 1 diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl index fe1fdc7025cf..5c92a52b7957 100755 --- a/crypto/des/asm/dest4-sparcv9.pl +++ b/crypto/des/asm/dest4-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -624,4 +624,4 @@ ___ &emit_assembler(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c index 5a1f72f82db8..c5e2e017b84e 100644 --- a/crypto/des/cbc_cksm.c +++ b/crypto/des/cbc_cksm.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, long length, DES_key_schedule *schedule, diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c index 21943f6143ea..490d925f46f4 100644 --- a/crypto/des/cfb64ede.c +++ b/crypto/des/cfb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c index 96de51b055ec..ca0e82164803 100644 --- a/crypto/des/cfb64enc.c +++ b/crypto/des/cfb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c index 544392e405c2..17018420e6cc 100644 --- a/crypto/des/cfb_enc.c +++ b/crypto/des/cfb_enc.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "des_locl.h" +#include "des_local.h" #include /* diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c index ed134ace8c32..45eec615d8b0 100644 --- a/crypto/des/des_enc.c +++ b/crypto/des/des_enc.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" #include "spr.h" void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) diff --git a/crypto/des/des_locl.h b/crypto/des/des_local.h similarity index 99% rename from crypto/des/des_locl.h rename to crypto/des/des_local.h index f401e6f3ebe8..0f58a1c9ae2e 100644 --- a/crypto/des/des_locl.h +++ b/crypto/des/des_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DES_LOCL_H -# define HEADER_DES_LOCL_H +#ifndef OSSL_CRYPTO_DES_LOCAL_H +# define OSSL_CRYPTO_DES_LOCAL_H # include diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c index 6ac89d4e78bb..7afa8eaadde7 100644 --- a/crypto/des/ecb3_enc.c +++ b/crypto/des/ecb3_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks1, DES_key_schedule *ks2, diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index 5ed079d15fdc..513c65e116cd 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" #include #include diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index aaee4bf236a5..e83cf76b615c 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -19,7 +19,7 @@ #endif #include -#include "des_locl.h" +#include "des_local.h" /* * Added more values to handle illegal salt values the way normal crypt() diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c index fe2369a93526..22f967b8c6d3 100644 --- a/crypto/des/fcrypt_b.c +++ b/crypto/des/fcrypt_b.c @@ -10,7 +10,7 @@ #include #define DES_FCRYPT -#include "des_locl.h" +#include "des_local.h" #undef DES_FCRYPT #undef PERM_OP diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c index 244f15ca2a96..cd4b071a3d73 100644 --- a/crypto/des/ncbc_enc.c +++ b/crypto/des/ncbc_enc.c @@ -13,7 +13,7 @@ * des_enc.c (DES_ncbc_encrypt) */ -#include "des_locl.h" +#include "des_local.h" #ifdef CBC_ENC_C__DONT_UPDATE_IV void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c index a551a07e0eb4..68cf2dc557c6 100644 --- a/crypto/des/ofb64ede.c +++ b/crypto/des/ofb64ede.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c index 30976c871daa..5796980c1865 100644 --- a/crypto/des/ofb64enc.c +++ b/crypto/des/ofb64enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c index 65a9b8604d80..2b0498994b51 100644 --- a/crypto/des/ofb_enc.c +++ b/crypto/des/ofb_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* * The input and output are loaded in multiples of 8 bits. What this means is diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c index 0fa058f03f07..3490592741c6 100644 --- a/crypto/des/pcbc_enc.c +++ b/crypto/des/pcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c index 81e6be8226aa..10b6abf69ea5 100644 --- a/crypto/des/qud_cksm.c +++ b/crypto/des/qud_cksm.c @@ -13,7 +13,7 @@ * only based on the code in this paper and is almost definitely not the same * as the MIT implementation. */ -#include "des_locl.h" +#include "des_local.h" #define Q_B0(a) (((DES_LONG)(a))) #define Q_B1(a) (((DES_LONG)(a))<<8) diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index adbad72362f5..cbcb616cb2ad 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -16,7 +16,7 @@ * 1.0 First working version */ #include -#include "des_locl.h" +#include "des_local.h" /* defaults to false */ OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c index e18d726522ba..61db60512567 100644 --- a/crypto/des/str2key.c +++ b/crypto/des/str2key.c @@ -8,7 +8,7 @@ */ #include -#include "des_locl.h" +#include "des_local.h" void DES_string_to_key(const char *str, DES_cblock *key) { diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c index c4e455d9b912..fb3fd5292cb6 100644 --- a/crypto/des/xcbc_enc.c +++ b/crypto/des/xcbc_enc.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "des_locl.h" +#include "des_local.h" /* RSA's DESX */ diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 05a1d4227ee3..d53004080d5e 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -11,10 +11,10 @@ #include "internal/cryptlib.h" #include #include -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include /* @@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) err: OPENSSL_free(penc); X509_ALGOR_free(wrap_alg); + OPENSSL_free(dukm); return rv; } diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 1a40633b4806..e37f0904e560 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index d13d8206ce50..4ac169e75c23 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" # define DH_NUMBER_ITERATIONS_FOR_PRIME 64 diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index d293835eb22b..ab82ab58bd2a 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ #include #include "internal/cryptlib.h" #include -#include "dh_locl.h" +#include "dh_local.h" static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); @@ -54,7 +54,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, * for 3, p mod 12 == 11 * for 5, p mod 60 == 59 * - * However for compatibilty with previous versions we use: + * However for compatibility with previous versions we use: * for 2, p mod 24 == 11 * for 5, p mod 60 == 23 */ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 718aa422d935..daffdf74dd37 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -9,8 +9,8 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" -#include "internal/bn_int.h" +#include "dh_local.h" +#include "crypto/bn.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index e7e7ef08e9e3..04b79d355ca4 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dh_locl.h" +#include "dh_local.h" #include int DH_set_method(DH *dh, const DH_METHOD *meth) diff --git a/crypto/dh/dh_locl.h b/crypto/dh/dh_local.h similarity index 100% rename from crypto/dh/dh_locl.h rename to crypto/dh/dh_local.h diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c index 59c4d7e96782..8a54a8108fc3 100644 --- a/crypto/dh/dh_meth.c +++ b/crypto/dh/dh_meth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dh_locl.h" +#include "dh_local.h" #include #include diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 568831f1c2a7..1fd94deb4731 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -12,11 +12,11 @@ #include #include #include -#include "dh_locl.h" +#include "dh_local.h" #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* DH pkey context structure */ diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index c4a219590e9e..e3603a05a322 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -9,9 +9,9 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" /* * Macro to make a DH structure from BIGNUM data. NB: although just copying diff --git a/crypto/dh/dh_rfc7919.c b/crypto/dh/dh_rfc7919.c index a54b468e552c..03d30a1f5d59 100644 --- a/crypto/dh/dh_rfc7919.c +++ b/crypto/dh/dh_rfc7919.c @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "dh_locl.h" +#include "dh_local.h" #include #include -#include "internal/bn_dh.h" +#include "crypto/bn_dh.h" static DH *dh_param_init(const BIGNUM *p, int32_t nbits) { diff --git a/crypto/dllmain.c b/crypto/dllmain.c index 0838c55e4897..e8217893b9ed 100644 --- a/crypto/dllmain.c +++ b/crypto/dllmain.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #if defined(_WIN32) || defined(__CYGWIN__) # ifdef __CYGWIN__ diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 49aa1ae23bab..2dcaa0815fd6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -11,11 +11,11 @@ #include "internal/cryptlib.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 6499e87ef318..9cafd5ca8a90 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -9,7 +9,7 @@ #include #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index af59a582b53e..5d066a06c546 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -21,7 +21,7 @@ #include #include #include -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index a48af5849291..bdeddd4f61df 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -11,7 +11,7 @@ #include #include "internal/cryptlib.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" static int dsa_builtin_keygen(DSA *dsa); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 1048601bebde..f98af5853dc1 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "dsa_locl.h" +#include "dsa_local.h" #include #include #include diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_local.h similarity index 100% rename from crypto/dsa/dsa_locl.h rename to crypto/dsa/dsa_local.h diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c index ff4fae44a7c3..1e6ee2f4ed3b 100644 --- a/crypto/dsa/dsa_meth.c +++ b/crypto/dsa/dsa_meth.c @@ -15,7 +15,7 @@ * or in the file LICENSE in the source distribution. */ -#include "dsa_locl.h" +#include "dsa_local.h" #include #include diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 16161dcadf22..a983def64e76 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -9,10 +9,10 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "dsa_locl.h" +#include "dsa_local.h" #include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 1dd2fef9beb9..4ca3747a4646 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "dsa_locl.h" +#include "crypto/evp.h" +#include "dsa_local.h" /* DSA pkey context structure */ @@ -178,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, } if (strcmp(type, "dsa_paramgen_q_bits") == 0) { int qbits = atoi(value); - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, - NULL); + return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); } if (strcmp(type, "dsa_paramgen_md") == 0) { const EVP_MD *md = EVP_get_digestbyname(value); @@ -189,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); return 0; } - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)md); + return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); } return -2; } diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index e9466b29f1d7..51c7754b93e4 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" #include DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 21f98cd94e5c..6f80a4aab7a5 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "dsa_locl.h" +#include "dsa_local.h" int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 290d73cf3575..3bbb10e5ca98 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef DSO_DL diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index ba3b55fcbffa..4719e8f4f337 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -16,7 +16,7 @@ # define _GNU_SOURCE /* make sure dladdr is declared */ #endif -#include "dso_locl.h" +#include "dso_local.h" #include "e_os.h" #ifdef DSO_DLFCN diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 2e75021d39ea..50a39bb7d5d8 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #include "internal/refcount.h" static DSO_METHOD *default_DSO_meth = NULL; diff --git a/crypto/dso/dso_locl.h b/crypto/dso/dso_local.h similarity index 99% rename from crypto/dso/dso_locl.h rename to crypto/dso/dso_local.h index 14a0ccb7c012..43b7df9d7832 100644 --- a/crypto/dso/dso_locl.h +++ b/crypto/dso/dso_local.h @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include "internal/dso.h" -#include "internal/dso_conf.h" +#include "crypto/dso_conf.h" #include "internal/refcount.h" /**********************************************************************/ diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c index f0dd38ace259..c76a04db23f9 100644 --- a/crypto/dso/dso_openssl.c +++ b/crypto/dso/dso_openssl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "dso_locl.h" +#include "dso_local.h" #ifdef DSO_NONE diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index 83abbdd89578..ea538c0698d5 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1394,7 +1394,7 @@ my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use three of them for !in1infty, !in2intfy and +# We use three of them for ~in1infty, ~in2infty and # result of check for zero. $code.=<<___; @@ -1424,7 +1424,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+8] @ !in2infty + str r12,[sp,#32*18+8] @ ~in2infty ldmia $a_ptr!,{r4-r11} @ copy in1_x add r3,sp,#$in1_x @@ -1445,7 +1445,7 @@ ecp_nistz256_point_add: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*18+4] @ !in1infty + str r12,[sp,#32*18+4] @ ~in1infty add $a_ptr,sp,#$in2_z add $b_ptr,sp,#$in2_z @@ -1510,33 +1510,20 @@ ecp_nistz256_point_add: orr $a0,$a0,$a2 orr $a4,$a4,$a6 orr $a0,$a0,$a7 - orrs $a0,$a0,$a4 + orr $a0,$a0,$a4 @ ~is_equal(U1,U2) - bne .Ladd_proceed @ is_equal(U1,U2)? + ldr $t0,[sp,#32*18+4] @ ~in1infty + ldr $t1,[sp,#32*18+8] @ ~in2infty + ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) + mvn $t0,$t0 @ -1/0 -> 0/-1 + mvn $t1,$t1 @ -1/0 -> 0/-1 + orr $a0,$t0 + orr $a0,$t1 + orrs $a0,$t2 @ set flags - ldr $t0,[sp,#32*18+4] - ldr $t1,[sp,#32*18+8] - ldr $t2,[sp,#32*18+12] - tst $t0,$t1 - beq .Ladd_proceed @ (in1infty || in2infty)? - tst $t2,$t2 - beq .Ladd_double @ is_equal(S1,S2)? + @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) + bne .Ladd_proceed - ldr $r_ptr,[sp,#32*18+16] - eor r4,r4,r4 - eor r5,r5,r5 - eor r6,r6,r6 - eor r7,r7,r7 - eor r8,r8,r8 - eor r9,r9,r9 - eor r10,r10,r10 - eor r11,r11,r11 - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - stmia $r_ptr!,{r4-r11} - b .Ladd_done - -.align 4 .Ladd_double: ldr $a_ptr,[sp,#32*18+20] add sp,sp,#32*(18-5)+16 @ difference in frame sizes @@ -1601,15 +1588,15 @@ ecp_nistz256_point_add: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*18+4] @ !in1intfy - ldr r12,[sp,#32*18+8] @ !in2intfy + ldr r11,[sp,#32*18+4] @ ~in1infty + ldr r12,[sp,#32*18+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*18+16] ___ for($i=0;$i<96;$i+=8) { # conditional moves @@ -1617,11 +1604,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1656,7 +1643,7 @@ my $Z1sqr = $S2; # 256-bit vectors on top. Then note that we push # starting from r0, which means that we have copy of # input arguments just below these temporary vectors. -# We use two of them for !in1infty, !in2intfy. +# We use two of them for ~in1infty, ~in2infty. my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); @@ -1687,7 +1674,7 @@ ecp_nistz256_point_add_affine: #endif movne r12,#-1 stmia r3,{r4-r11} - str r12,[sp,#32*15+4] @ !in1infty + str r12,[sp,#32*15+4] @ ~in1infty ldmia $b_ptr!,{r4-r11} @ copy in2_x add r3,sp,#$in2_x @@ -1714,7 +1701,7 @@ ecp_nistz256_point_add_affine: it ne #endif movne r12,#-1 - str r12,[sp,#32*15+8] @ !in2infty + str r12,[sp,#32*15+8] @ ~in2infty add $a_ptr,sp,#$in1_z add $b_ptr,sp,#$in1_z @@ -1796,15 +1783,15 @@ ecp_nistz256_point_add_affine: add $b_ptr,sp,#$S2 bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - ldr r11,[sp,#32*15+4] @ !in1intfy - ldr r12,[sp,#32*15+8] @ !in2intfy + ldr r11,[sp,#32*15+4] @ ~in1infty + ldr r12,[sp,#32*15+8] @ ~in2infty add r1,sp,#$res_x add r2,sp,#$in2_x - and r10,r11,r12 + and r10,r11,r12 @ ~in1infty & ~in2infty mvn r11,r11 add r3,sp,#$in1_x - and r11,r11,r12 - mvn r12,r12 + and r11,r11,r12 @ in1infty & ~in2infty + mvn r12,r12 @ in2infty ldr $r_ptr,[sp,#32*15] ___ for($i=0;$i<64;$i+=8) { # conditional moves @@ -1812,11 +1799,11 @@ $code.=<<___; ldmia r1!,{r4-r5} @ res_x ldmia r2!,{r6-r7} @ in2_x ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 + and r4,r4,r10 @ ~in1infty & ~in2infty and r5,r5,r10 - and r6,r6,r11 + and r6,r6,r11 @ in1infty & ~in2infty and r7,r7,r11 - and r8,r8,r12 + and r8,r8,r12 @ in2infty and r9,r9,r12 orr r4,r4,r6 orr r5,r5,r7 @@ -1862,4 +1849,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index 887ddfb1ea9b..e93e18f29f19 100755 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -722,7 +722,7 @@ $code.=<<___; .align 5 ecp_nistz256_point_double: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] @@ -855,7 +855,7 @@ ecp_nistz256_point_double: add sp,x29,#0 // destroy frame ldp x19,x20,[x29,#16] ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_double,.-ecp_nistz256_point_double @@ -872,7 +872,7 @@ my ($res_x,$res_y,$res_z, my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); # above map() describes stack layout with 12 temporary # 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26)); +my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp0,$temp1,$temp2)=map("x$_",(21..28)); $code.=<<___; .globl ecp_nistz256_point_add @@ -880,12 +880,13 @@ $code.=<<___; .align 5 ecp_nistz256_point_add: .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! + stp x29,x30,[sp,#-96]! add x29,sp,#0 stp x19,x20,[sp,#16] stp x21,x22,[sp,#32] stp x23,x24,[sp,#48] stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] sub sp,sp,#32*12 ldp $a0,$a1,[$bp,#64] // in2_z @@ -899,7 +900,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in2infty,$t0,$t2 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z2sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z2sqr, in2_z); @@ -909,7 +910,7 @@ ecp_nistz256_point_add: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -950,7 +951,7 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $temp,$acc0,$acc2 + orr $temp0,$acc0,$acc2 // ~is_equal(S1,S2) add $bp,sp,#$Z2sqr add $rp,sp,#$U1 @@ -971,32 +972,21 @@ ecp_nistz256_point_add: orr $acc0,$acc0,$acc1 // see if result is zero orr $acc2,$acc2,$acc3 - orr $acc0,$acc0,$acc2 - tst $acc0,$acc0 - b.ne .Ladd_proceed // is_equal(U1,U2)? + orr $acc0,$acc0,$acc2 // ~is_equal(U1,U2) - tst $in1infty,$in2infty - b.eq .Ladd_proceed // (in1infty || in2infty)? + mvn $temp1,$in1infty // -1/0 -> 0/-1 + mvn $temp2,$in2infty // -1/0 -> 0/-1 + orr $acc0,$acc0,$temp1 + orr $acc0,$acc0,$temp2 + orr $acc0,$acc0,$temp0 + cbnz $acc0,.Ladd_proceed // if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - tst $temp,$temp - b.eq .Ladd_double // is_equal(S1,S2)? - - eor $a0,$a0,$a0 - eor $a1,$a1,$a1 - stp $a0,$a1,[$rp_real] - stp $a0,$a1,[$rp_real,#16] - stp $a0,$a1,[$rp_real,#32] - stp $a0,$a1,[$rp_real,#48] - stp $a0,$a1,[$rp_real,#64] - stp $a0,$a1,[$rp_real,#80] - b .Ladd_done - -.align 4 .Ladd_double: mov $ap,$ap_real mov $rp,$rp_real ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] add sp,sp,#32*(12-4) // difference in stack frames b .Ldouble_shortcut @@ -1081,14 +1071,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1102,13 +1092,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1122,7 +1112,8 @@ $code.=<<___; ldp x21,x22,[x29,#32] ldp x23,x24,[x29,#48] ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#96 .inst 0xd50323bf // autiasp ret .size ecp_nistz256_point_add,.-ecp_nistz256_point_add @@ -1166,7 +1157,7 @@ ecp_nistz256_point_add_affine: orr $t2,$a2,$a3 orr $in1infty,$t0,$t2 cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty + csetm $in1infty,ne // ~in1infty ldp $acc0,$acc1,[$bp] // in2_x ldp $acc2,$acc3,[$bp,#16] @@ -1180,7 +1171,7 @@ ecp_nistz256_point_add_affine: orr $t0,$t0,$t2 orr $in2infty,$acc0,$t0 cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty + csetm $in2infty,ne // ~in2infty add $rp,sp,#$Z1sqr bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); @@ -1290,14 +1281,14 @@ ___ for($i=0;$i<64;$i+=32) { # conditional moves $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne ldp $a0,$a1,[sp,#$res_x+$i+32] // res csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? ldp $a2,$a3,[sp,#$res_x+$i+48] csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne @@ -1314,13 +1305,13 @@ ___ } $code.=<<___; ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? + cmp $in1infty,#0 // ~$in1intfy, remember? ldp $acc2,$acc3,[$ap_real,#$i+16] csel $t0,$a0,$t0,ne csel $t1,$a1,$t1,ne csel $t2,$a2,$t2,ne csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? + cmp $in2infty,#0 // ~$in2intfy, remember? csel $acc0,$t0,$acc0,ne csel $acc1,$t1,$acc1,ne csel $acc2,$t2,$acc2,ne @@ -1880,4 +1871,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl index 794e56a082fc..5071d09ac2ec 100755 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -47,7 +47,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -2077,4 +2077,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl index 984c7f205056..2bf54e2aa544 100755 --- a/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2379,4 +2379,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 4383bea4a7be..042e122718b7 100755 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -3057,4 +3057,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl index 0c6fc665bf46..e926d69b020b 100755 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1388,7 +1388,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 18 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, result of check for zero and + # ~in1infty, ~in2infty, result of check for zero and # OPENSSL_ia32cap_P copy. [one unused word for padding] &stack_push(8*18+5); if ($sse2) { @@ -1419,7 +1419,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+4,"esp"),"ebp"); # !in2infty + &mov (&DWP(32*18+4,"esp"),"ebp"); # ~in2infty &lea ("edi",&DWP($in1_x,"esp")); for($i=0;$i<96;$i+=16) { @@ -1441,7 +1441,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*18+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*18+0,"esp"),"ebp"); # ~in1infty &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy &lea ("esi",&DWP($in2_z,"esp")); @@ -1516,23 +1516,19 @@ for ($i=0;$i<7;$i++) { &or ("eax",&DWP(0,"edi")); &or ("eax",&DWP(4,"edi")); &or ("eax",&DWP(8,"edi")); - &or ("eax",&DWP(12,"edi")); + &or ("eax",&DWP(12,"edi")); # ~is_equal(U1,U2) + &mov ("ebx",&DWP(32*18+0,"esp")); # ~in1infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &mov ("ebx",&DWP(32*18+4,"esp")); # ~in2infty + ¬ ("ebx"); # -1/0 -> 0/-1 + &or ("eax","ebx"); + &or ("eax",&DWP(32*18+8,"esp")); # ~is_equal(S1,S2) + + # if (~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) &data_byte(0x3e); # predict taken - &jnz (&label("add_proceed")); # is_equal(U1,U2)? - - &mov ("eax",&DWP(32*18+0,"esp")); - &and ("eax",&DWP(32*18+4,"esp")); - &mov ("ebx",&DWP(32*18+8,"esp")); - &jz (&label("add_proceed")); # (in1infty || in2infty)? - &test ("ebx","ebx"); - &jz (&label("add_double")); # is_equal(S1,S2)? - - &mov ("edi",&wparam(0)); - &xor ("eax","eax"); - &mov ("ecx",96/4); - &data_byte(0xfc,0xf3,0xab); # cld; stosd - &jmp (&label("add_done")); + &jnz (&label("add_proceed")); &set_label("add_double",16); &mov ("esi",&wparam(1)); @@ -1614,34 +1610,34 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*18+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*18+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*18+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*18+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves for($i=64;$i<96;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1668,7 +1664,7 @@ for ($i=0;$i<7;$i++) { # above map() describes stack layout with 15 temporary # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, and OPENSSL_ia32cap_P copy. + # ~in1infty, ~in2infty, and OPENSSL_ia32cap_P copy. &stack_push(8*15+3); if ($sse2) { &call ("_picup_eax"); @@ -1698,7 +1694,7 @@ for ($i=0;$i<7;$i++) { &sub ("eax","ebp"); &or ("ebp","eax"); &sar ("ebp",31); - &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty + &mov (&DWP(32*15+0,"esp"),"ebp"); # ~in1infty &lea ("edi",&DWP($in2_x,"esp")); for($i=0;$i<64;$i+=16) { @@ -1724,7 +1720,7 @@ for ($i=0;$i<7;$i++) { &lea ("ebp",&DWP($in1_z,"esp")); &sar ("ebx",31); &lea ("edi",&DWP($Z1sqr,"esp")); - &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty + &mov (&DWP(32*15+4,"esp"),"ebx"); # ~in2infty &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); @@ -1823,14 +1819,14 @@ for ($i=0;$i<7;$i++) { &lea ("edi",&DWP($res_y,"esp")); &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty + &mov ("ebp",&DWP(32*15+0,"esp")); # ~in1infty + &mov ("esi",&DWP(32*15+4,"esp")); # ~in2infty &mov ("edi",&wparam(0)); &mov ("edx","ebp"); ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); + &and ("edx","esi"); # ~in1infty & ~in2infty + &and ("ebp","esi"); # in1infty & ~in2infty + ¬ ("esi"); # in2infty ######################################## # conditional moves @@ -1848,11 +1844,11 @@ for ($i=0;$i<7;$i++) { &mov (&DWP($i,"edi"),"eax"); } for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); + &mov ("eax","edx"); # ~in1infty & ~in2infty &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); + &mov ("ebx","ebp"); # in1infty & ~in2infty &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); + &mov ("ecx","esi"); # in2infty &and ("ecx",&DWP($in1_x+$i,"esp")); &or ("eax","ebx"); &or ("eax","ecx"); @@ -1863,4 +1859,4 @@ for ($i=0;$i<7;$i++) { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 10ccc6414a49..de9b194510bf 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2014, Intel Corporation. All Rights Reserved. # Copyright (c) 2015 CloudFlare, Inc. # @@ -72,7 +72,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -1579,6 +1579,7 @@ $code.=<<___; .type ecp_nistz256_to_mont,\@function,2 .align 32 ecp_nistz256_to_mont: +.cfi_startproc ___ $code.=<<___ if ($addx); mov \$0x80100, %ecx @@ -1587,6 +1588,7 @@ ___ $code.=<<___; lea .LRR(%rip), $b_org jmp .Lmul_mont +.cfi_endproc .size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont ################################################################################ @@ -2562,6 +2564,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w5,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w5: +.cfi_startproc lea -3($index,$index,2), $index movdqa 0x00($in_t), %xmm0 shl \$5, $index @@ -2578,6 +2581,7 @@ ecp_nistz256_scatter_w5: movdqa %xmm5, 0x50($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 ################################################################################ @@ -2685,6 +2689,7 @@ $code.=<<___; .type ecp_nistz256_scatter_w7,\@abi-omnipotent .align 32 ecp_nistz256_scatter_w7: +.cfi_startproc movdqu 0x00($in_t), %xmm0 shl \$6, $index movdqu 0x10($in_t), %xmm1 @@ -2696,6 +2701,7 @@ ecp_nistz256_scatter_w7: movdqa %xmm3, 0x30($val,$index) ret +.cfi_endproc .size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 ################################################################################ @@ -3020,8 +3026,10 @@ $code.=<<___; .type ecp_nistz256_avx2_gather_w7,\@function,3 .align 32 ecp_nistz256_avx2_gather_w7: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 ___ } @@ -3617,29 +3625,19 @@ $code.=<<___; call __ecp_nistz256_sub_from$x # p256_sub(H, U2, U1); or $acc5, $acc4 # see if result is zero + or $acc0, $acc4 + or $acc1, $acc4 # !is_equal(U1, U2) + + movq %xmm2, $acc0 # in1infty | in2infty + movq %xmm3, $acc1 # !is_equal(S1, S2) + or $acc0, $acc4 or $acc1, $acc4 + # if (!is_equal(U1, U2) | in1infty | in2infty | !is_equal(S1, S2)) .byte 0x3e # predict taken - jnz .Ladd_proceed$x # is_equal(U1,U2)? - movq %xmm2, $acc0 - movq %xmm3, $acc1 - test $acc0, $acc0 - jnz .Ladd_proceed$x # (in1infty || in2infty)? - test $acc1, $acc1 - jz .Ladd_double$x # is_equal(S1,S2)? + jnz .Ladd_proceed$x - movq %xmm0, $r_ptr # restore $r_ptr - pxor %xmm0, %xmm0 - movdqu %xmm0, 0x00($r_ptr) - movdqu %xmm0, 0x10($r_ptr) - movdqu %xmm0, 0x20($r_ptr) - movdqu %xmm0, 0x30($r_ptr) - movdqu %xmm0, 0x40($r_ptr) - movdqu %xmm0, 0x50($r_ptr) - jmp .Ladd_done$x - -.align 32 .Ladd_double$x: movq %xmm1, $a_ptr # restore $a_ptr movq %xmm0, $r_ptr # restore $r_ptr @@ -4738,4 +4736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl index 6e8b36420f53..f4b523bf8a08 100755 --- a/crypto/ec/asm/x25519-ppc64.pl +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -821,4 +821,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index 18dc6af9fae9..3d9d1dc1ad0c 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $addx = ($ver>=3.03); } @@ -488,12 +488,14 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc mov OPENSSL_ia32cap_P+8(%rip),%ecx xor %eax,%eax and \$0x80100,%ecx cmp \$0x80100,%ecx cmove %ecx,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -722,6 +724,7 @@ x25519_fe64_sqr: .align 32 x25519_fe64_mul121666: .Lfe64_mul121666_body: +.cfi_startproc mov \$121666,%edx mulx 8*0(%rsi),$acc0,%rcx mulx 8*1(%rsi),$acc1,%rax @@ -750,6 +753,7 @@ x25519_fe64_mul121666: .Lfe64_mul121666_epilogue: ret +.cfi_endproc .size x25519_fe64_mul121666,.-x25519_fe64_mul121666 .globl x25519_fe64_add @@ -757,6 +761,7 @@ x25519_fe64_mul121666: .align 32 x25519_fe64_add: .Lfe64_add_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -785,6 +790,7 @@ x25519_fe64_add: .Lfe64_add_epilogue: ret +.cfi_endproc .size x25519_fe64_add,.-x25519_fe64_add .globl x25519_fe64_sub @@ -792,6 +798,7 @@ x25519_fe64_add: .align 32 x25519_fe64_sub: .Lfe64_sub_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -820,6 +827,7 @@ x25519_fe64_sub: .Lfe64_sub_epilogue: ret +.cfi_endproc .size x25519_fe64_sub,.-x25519_fe64_sub .globl x25519_fe64_tobytes @@ -827,6 +835,7 @@ x25519_fe64_sub: .align 32 x25519_fe64_tobytes: .Lfe64_to_body: +.cfi_startproc mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -862,6 +871,7 @@ x25519_fe64_tobytes: .Lfe64_to_epilogue: ret +.cfi_endproc .size x25519_fe64_tobytes,.-x25519_fe64_tobytes ___ } else { @@ -870,8 +880,10 @@ $code.=<<___; .type x25519_fe64_eligible,\@abi-omnipotent .align 32 x25519_fe64_eligible: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size x25519_fe64_eligible,.-x25519_fe64_eligible .globl x25519_fe64_mul @@ -887,8 +899,10 @@ x25519_fe64_mul121666: x25519_fe64_add: x25519_fe64_sub: x25519_fe64_tobytes: +.cfi_startproc .byte 0x0f,0x0b # ud2 ret +.cfi_endproc .size x25519_fe64_mul,.-x25519_fe64_mul ___ } @@ -1114,4 +1128,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index c5d887ec4cd4..952da0e65385 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ diff --git a/crypto/ec/curve448/arch_32/arch_intrinsics.h b/crypto/ec/curve448/arch_32/arch_intrinsics.h index 48081c77170b..5f6389863d15 100644 --- a/crypto/ec/curve448/arch_32/arch_intrinsics.h +++ b/crypto/ec/curve448/arch_32/arch_intrinsics.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H -# define HEADER_ARCH_32_ARCH_INTRINSICS_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" # define ARCH_WORD_BITS 32 @@ -24,4 +24,4 @@ static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) return ((uint64_t)a) * b; } -#endif /* HEADER_ARCH_32_ARCH_INTRINSICS_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ diff --git a/crypto/ec/curve448/arch_32/f_impl.h b/crypto/ec/curve448/arch_32/f_impl.h index bbde84a03897..e1ddddaee08d 100644 --- a/crypto/ec/curve448/arch_32/f_impl.h +++ b/crypto/ec/curve448/arch_32/f_impl.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ARCH_32_F_IMPL_H -# define HEADER_ARCH_32_F_IMPL_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H +# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H # define GF_HEADROOM 2 # define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) @@ -57,4 +57,4 @@ void gf_weak_reduce(gf a) a->limb[0] = (a->limb[0] & mask) + tmp; } -#endif /* HEADER_ARCH_32_F_IMPL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index 19bd3857812c..12d97f06795b 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -15,7 +15,7 @@ #include "point_448.h" #include "ed448.h" -#include "curve448_lcl.h" +#include "curve448_local.h" #define COFACTOR 4 diff --git a/crypto/ec/curve448/curve448_lcl.h b/crypto/ec/curve448/curve448_local.h similarity index 91% rename from crypto/ec/curve448/curve448_lcl.h rename to crypto/ec/curve448/curve448_local.h index 2bc3bd84c86d..b27770661f89 100644 --- a/crypto/ec/curve448/curve448_lcl.h +++ b/crypto/ec/curve448/curve448_local.h @@ -6,8 +6,8 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CURVE448_LCL_H -# define HEADER_CURVE448_LCL_H +#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H +# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H # include "curve448utils.h" int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], @@ -35,4 +35,4 @@ int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], int ED448_public_from_private(uint8_t out_public_key[57], const uint8_t private_key[57]); -#endif /* HEADER_CURVE448_LCL_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h index 9032bb4f730a..86c258e745e4 100644 --- a/crypto/ec/curve448/curve448utils.h +++ b/crypto/ec/curve448/curve448utils.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_CURVE448UTILS_H -# define HEADER_CURVE448UTILS_H +#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H +# define OSSL_CRYPTO_EC_CURVE448UTILS_H # include diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h index 5fe939e8e19d..c1e5c2832f9b 100644 --- a/crypto/ec/curve448/ed448.h +++ b/crypto/ec/curve448/ed448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_ED448_H -# define HEADER_ED448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H +# define OSSL_CRYPTO_EC_CURVE448_ED448_H # include "point_448.h" @@ -192,4 +192,4 @@ c448_error_t c448_ed448_convert_private_key_to_x448( uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed[EDDSA_448_PRIVATE_BYTES]); -#endif /* HEADER_ED448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index b28f7dff9138..82741f543549 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -12,7 +12,7 @@ #include #include #include -#include "curve448_lcl.h" +#include "curve448_local.h" #include "word.h" #include "ed448.h" #include "internal/numbers.h" @@ -50,7 +50,12 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, const uint8_t *context, size_t context_len) { - const char *dom_s = "SigEd448"; +#ifdef CHARSET_EBCDIC + const char dom_s[] = {0x53, 0x69, 0x67, 0x45, + 0x64, 0x34, 0x34, 0x38, 0x00}; +#else + const char dom_s[] = "SigEd448"; +#endif uint8_t dom[2]; if (context_len > UINT8_MAX) diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h index d96d4c023d44..ccd04482d205 100644 --- a/crypto/ec/curve448/field.h +++ b/crypto/ec/curve448/field.h @@ -10,10 +10,10 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_FIELD_H -# define HEADER_FIELD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H +# define OSSL_CRYPTO_EC_CURVE448_FIELD_H -# include "internal/constant_time_locl.h" +# include "internal/constant_time.h" # include # include # include "word.h" @@ -165,4 +165,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap) } } -#endif /* HEADER_FIELD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */ diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h index 399f91b9a1d9..93e715fd9c8d 100644 --- a/crypto/ec/curve448/point_448.h +++ b/crypto/ec/curve448/point_448.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_POINT_448_H -# define HEADER_POINT_448_H +#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H +# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H # include "curve448utils.h" # include "field.h" @@ -298,4 +298,4 @@ void curve448_scalar_destroy(curve448_scalar_t scalar); /* Overwrite point with zeros. */ void curve448_point_destroy(curve448_point_t point); -#endif /* HEADER_POINT_448_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h index a48b9e053a5c..237cc9b63139 100644 --- a/crypto/ec/curve448/word.h +++ b/crypto/ec/curve448/word.h @@ -10,8 +10,8 @@ * Originally written by Mike Hamburg */ -#ifndef HEADER_WORD_H -# define HEADER_WORD_H +#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H +# define OSSL_CRYPTO_EC_CURVE448_WORD_H # include # include @@ -78,4 +78,4 @@ static ossl_inline mask_t bool_to_mask(c448_bool_t m) return ret; } -#endif /* HEADER_WORD_H */ +#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index ee300518d69c..48543265eeab 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 898e741fcb97..84e5537a034a 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -10,8 +10,8 @@ #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index c086f47ab3cc..221038373921 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -14,9 +14,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" #ifndef OPENSSL_NO_CMS static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 1ce1181fc10a..336afc989d30 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include @@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, unsigned char *buffer = NULL; const EC_POINT *point = NULL; point_conversion_form_t form; + ASN1_INTEGER *orig; if (params == NULL) { if ((ret = ECPARAMETERS_new()) == NULL) { @@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB); goto err; } - ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); + ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); if (ret->order == NULL) { + ret->order = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, /* set the cofactor (optional) */ tmp = EC_GROUP_get0_cofactor(group); if (tmp != NULL) { - ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); if (ret->cofactor == NULL) { + ret->cofactor = orig; ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -846,6 +849,20 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) * serialized using explicit parameters by default. */ EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); + + /* + * If the input params do not contain the optional seed field we make + * sure it is not added to the returned group. + * + * The seed field is not really used inside libcrypto anyway, and + * adding it to parsed explicit parameter keys would alter their DER + * encoding output (because of the extra field) which could impact + * applications fingerprinting keys by their DER encoding. + */ + if (params->curve->seed == NULL) { + if (EC_GROUP_set_seed(ret, NULL, 0) != 1) + goto err; + } } ok = 1; diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index eeb06ec1cbe3..d0706d2857e6 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ec_lcl.h" +#include "ec_local.h" #include int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 477349d4413e..8de486cbd763 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include #include #include diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 0ec346c125ad..944e317d9d14 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -9,7 +9,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 9349abf03079..08aaac5d8a6f 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include -#include "ec_lcl.h" +#include "ec_local.h" #include "internal/refcount.h" #include #include diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 64a5d20872e4..53a4a9295201 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -11,7 +11,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" static const EC_KEY_METHOD openssl_ec_key_method = { diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 1289c8608edd..3554ada82797 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* functions for EC_GROUP objects */ diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_local.h similarity index 99% rename from crypto/ec/ec_lcl.h rename to crypto/ec/ec_local.h index fbdb04ea3a04..e656fbd5e775 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_local.h @@ -14,7 +14,7 @@ #include #include #include "internal/refcount.h" -#include "internal/ec_int.h" +#include "crypto/ec.h" #if defined(__SUNPRO_C) # if __SUNPRO_C >= 0x520 diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 57bdf116f1b6..7980a6728288 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -12,8 +12,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" /* diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index 522f79e67360..7ddc86b047ca 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -13,7 +13,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 454be16c5439..64d2cc93a620 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -12,9 +12,9 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* EC pkey context structure */ diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c index 027a51928aab..660fc400fb75 100644 --- a/crypto/ec/ec_print.c +++ b/crypto/ec/ec_print.c @@ -9,7 +9,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point, @@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, EC_POINT *ret; if ((buf_len = BN_num_bytes(bn)) == 0) - return NULL; + buf_len = 1; if ((buf = OPENSSL_malloc(buf_len)) == NULL) { ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); return NULL; } - if (!BN_bn2bin(bn, buf)) { + if (!BN_bn2binpad(bn, buf, buf_len)) { OPENSSL_free(buf); return NULL; } diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index d686f9d897df..96efac62f66f 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -10,7 +10,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" /* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index ab51ee7138ff..0be00d43da4e 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -17,7 +17,7 @@ #include #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, const EC_POINT *pub_key, const EC_KEY *ecdh) diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index c35ed2dcd0e7..1da87bfb5e39 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -11,8 +11,8 @@ #include #include #include -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -309,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, goto err; ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); err: - OPENSSL_clear_free(der, derlen); + OPENSSL_free(der); ECDSA_SIG_free(s); return ret; } diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c index aee06e991bad..dc79c8c8e3df 100644 --- a/crypto/ec/ecdsa_sign.c +++ b/crypto/ec/ecdsa_sign.c @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c index f61a20063e4b..ff597bdc143c 100644 --- a/crypto/ec/ecdsa_vrf.c +++ b/crypto/ec/ecdsa_vrf.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ec_lcl.h" +#include "ec_local.h" #include /*- @@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, if (eckey->meth->verify_sig != NULL) return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } /*- @@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, eckey); ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + return -1; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 252e66ef3791..bdc39d5efb0e 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -10,7 +10,7 @@ #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_mont_method(void) { diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 5eaa99d8402b..9fd01279a891 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -12,7 +12,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_nist_method(void) { diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index fbbdb9d9386c..9a9ced8f1343 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -907,6 +907,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; widefelem tmp, tmp2; limb z1_is_zero, z2_is_zero, x_equal, y_equal; + limb points_equal; if (!mixed) { /* ftmp2 = z2^2 */ @@ -963,15 +964,41 @@ static void point_add(felem x3, felem y3, felem z3, felem_reduce(ftmp, tmp); /* - * the formulae are incorrect if the points are equal so we check for - * this and do doubling if this happens + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ x_equal = felem_is_zero(ftmp); y_equal = felem_is_zero(ftmp3); + /* + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); - /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + + /* + * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this + * specific implementation `felem_is_zero()` returns truth as `0x1` + * (rather than `0xff..ff`). + * + * This implies that `~true` in this implementation becomes + * `0xff..fe` (rather than `0x0`): for this reason, to be used in + * the if expression, we mask out only the last bit in the next + * line. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1; + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 22ba69aa44ba..e23e9d2a0b34 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -74,8 +74,8 @@ static const felem_bytearray nistp256_curve_params[5] = { {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */ - {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, + {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, @@ -1241,6 +1241,7 @@ static void point_add(felem x3, felem y3, felem z3, longfelem tmp, tmp2; smallfelem small1, small2, small3, small4, small5; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; felem_shrink(small3, z1); @@ -1340,7 +1341,26 @@ static void point_add(felem x3, felem y3, felem z3, felem_shrink(small1, ftmp5); y_equal = smallfelem_is_zero(small1); - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { + /* + * This is obviously not constant-time but, as mentioned before, this + * case never happens during single point multiplication, so there is no + * timing leak for ECDH or ECDSA signing. + */ point_double(x3, y3, z3, x1, y1, z1); return; } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 6340f4827937..75eeba853679 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include -# include "ec_lcl.h" +# include "ec_local.h" # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 /* even with gcc, the typedef won't work for 32-bit platforms */ @@ -1158,6 +1158,7 @@ static void point_add(felem x3, felem y3, felem z3, felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; largefelem tmp, tmp2; limb x_equal, y_equal, z1_is_zero, z2_is_zero; + limb points_equal; z1_is_zero = felem_is_zero(z1); z2_is_zero = felem_is_zero(z2); @@ -1242,7 +1243,24 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar64(ftmp5, 2); /* ftmp5[i] < 2^61 */ - if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + /* + * The formulae are incorrect if the points are equal, in affine coordinates + * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this + * happens. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. + * + * The special case of either point being the point at infinity (z1 and/or + * z2 are zero), is handled separately later on in this function, so we + * avoid jumping to point_double here in those special cases. + * + * Notice the comment below on the implications of this branching for timing + * leaks and why it is considered practically irrelevant. + */ + points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); + + if (points_equal) { /* * This is obviously not constant-time but it will almost-never happen * for ECDH / ECDSA. The case where it can happen is during scalar-mult diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c index f89a2f0aacc1..60e1325c340f 100644 --- a/crypto/ec/ecp_nistputil.c +++ b/crypto/ec/ecp_nistputil.c @@ -33,7 +33,7 @@ NON_EMPTY_TRANSLATION_UNIT */ # include -# include "ec_lcl.h" +# include "ec_local.h" /* * Convert an array of points into affine coordinates. (If the point at diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 7ad5eb627de1..ba9268138862 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * @@ -21,8 +21,8 @@ #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "ec_lcl.h" +#include "crypto/bn.h" +#include "ec_local.h" #include "internal/refcount.h" #if BN_BITS2 != 64 @@ -358,16 +358,47 @@ static void ecp_nistz256_point_add(P256_POINT *r, ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ /* - * This should not happen during sign/ecdh, so no constant time violation + * The formulae are incorrect if the points are equal so we check for + * this and do doubling if this happens. + * + * Points here are in Jacobian projective coordinates (Xi, Yi, Zi) + * that are bound to the affine coordinates (xi, yi) by the following + * equations: + * - xi = Xi / (Zi)^2 + * - y1 = Yi / (Zi)^3 + * + * For the sake of optimization, the algorithm operates over + * intermediate variables U1, U2 and S1, S2 that are derived from + * the projective coordinates: + * - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2 + * - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3 + * + * It is easy to prove that is_equal(U1, U2) implies that the affine + * x-coordinates are equal, or either point is at infinity. + * Likewise is_equal(S1, S2) implies that the affine y-coordinates are + * equal, or either point is at infinity. + * + * The special case of either point being the point at infinity (Z1 or Z2 + * is zero), is handled separately later on in this function, so we avoid + * jumping to point_double here in those special cases. + * + * When both points are inverse of each other, we know that the affine + * x-coordinates are equal, and the y-coordinates have different sign. + * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2 + * will equal 0, thus the result is infinity, if we simply let this + * function continue normally. + * + * We use bitwise operations to avoid potential side-channels introduced by + * the short-circuiting behaviour of boolean operators. */ - if (is_equal(U1, U2) && !in1infty && !in2infty) { - if (is_equal(S1, S2)) { - ecp_nistz256_point_double(r, a); - return; - } else { - memset(r, 0, sizeof(*r)); - return; - } + if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) { + /* + * This is obviously not constant-time but it should never happen during + * single point multiplication, so there is no timing leak for ECDH or + * ECDSA signing. + */ + ecp_nistz256_point_double(r, a); + return; } ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 7ade1b3d2173..9460763256fd 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index e6e4c9d2cbb7..b354bfe9ce9e 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -11,7 +11,7 @@ #include #include -#include "ec_lcl.h" +#include "ec_local.h" const EC_METHOD *EC_GFp_simple_method(void) { diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index c87419b5db38..9dc5259e4afc 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -12,10 +12,10 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "ec_lcl.h" -#include "curve448/curve448_lcl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "ec_local.h" +#include "curve448/curve448_local.h" #define X25519_BITS 253 #define X25519_SECURITY_BITS 128 @@ -191,7 +191,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) } rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE); - ASN1_OCTET_STRING_free(oct); + ASN1_STRING_clear_free(oct); return rv; } diff --git a/crypto/engine/README b/crypto/engine/README index c7a5696ca14c..0f8a8fbde410 100644 --- a/crypto/engine/README +++ b/crypto/engine/README @@ -9,7 +9,7 @@ for masochists" document *and* a rather extensive commit log message. (I'd get lynched for sticking all this in CHANGES or the commit mails :-). ENGINE_TABLE underlies this restructuring, as described in the internal header -"eng_int.h", implemented in eng_table.c, and used in each of the "class" files; +"eng_local.h", implemented in eng_table.c, and used in each of the "class" files; tb_rsa.c, tb_dsa.c, etc. However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index af306ccffc12..b675ed7892e2 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "eng_int.h" +#include "eng_local.h" void ENGINE_load_builtin_engines(void) { diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index 6f0a066d06d1..df00df6acd61 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include /* #define ENGINE_CONF_DEBUG */ diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c index 3bc4aab16fed..e65e78447b43 100644 --- a/crypto/engine/eng_ctrl.c +++ b/crypto/engine/eng_ctrl.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * When querying a ENGINE-specific control command's 'description', this diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c index a727c6f64606..49e9ce1af33b 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -22,7 +22,7 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" /* #define ENGINE_DEVCRYPTO_DEBUG */ diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 843226c077db..06e677290a70 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include "internal/dso.h" #include diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 591fddc8e4fb..fe231a65f658 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include int ENGINE_set_default(ENGINE *e, unsigned int flags) diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c index 7c235fc472a2..6c9063f8f681 100644 --- a/crypto/engine/eng_init.c +++ b/crypto/engine/eng_init.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" /* * Initialise a engine type for use (or up its functional reference count if diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index d7f2026fac54..b851ff695756 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -8,7 +8,7 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include #include "internal/refcount.h" diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 45c339c54157..1352fb7c961d 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* * The linked-list of pointers to engine types. engine_list_head incorporates diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_local.h similarity index 97% rename from crypto/engine/eng_int.h rename to crypto/engine/eng_local.h index b95483341e20..8ef7172b9f45 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_local.h @@ -8,11 +8,11 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_ENGINE_INT_H -# define HEADER_ENGINE_INT_H +#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H +# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H # include "internal/cryptlib.h" -# include "internal/engine.h" +# include "crypto/engine.h" # include "internal/thread_once.h" # include "internal/refcount.h" @@ -168,4 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE; DEFINE_LHASH_OF(ENGINE_PILE); -#endif /* HEADER_ENGINE_INT_H */ +#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index d9b3067a1322..25631fb879ee 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,7 +11,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include @@ -167,7 +167,7 @@ static int bind_fn(ENGINE *e, const char *id) } IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ #ifdef TEST_ENG_OPENSSL_RC4 /*- diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index 305a648feb6a..e813bc6db0e6 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" /* Basic get/set stuff */ diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 261e5debbfd7..9dceb1671099 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -11,7 +11,7 @@ #include #include -#include "internal/engine.h" +#include "crypto/engine.h" #include #include #include diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index ac4b02fc12a8..72f393dbe143 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "eng_int.h" +#include "eng_local.h" /* The type of the items in the table */ struct st_engine_pile { @@ -26,7 +26,7 @@ struct st_engine_pile { int uptodate; }; -/* The type exposed in eng_int.h */ +/* The type exposed in eng_local.h */ struct st_engine_table { LHASH_OF(ENGINE_PILE) piles; }; /* ENGINE_TABLE */ @@ -76,7 +76,7 @@ static int int_table_check(ENGINE_TABLE **t, int create) } /* - * Privately exposed (via eng_int.h) functions for adding and/or removing + * Privately exposed (via eng_local.h) functions for adding and/or removing * ENGINEs from the implementation table */ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 4bcc76136a10..72850b9398e3 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -8,9 +8,9 @@ */ #include "e_os.h" -#include "eng_int.h" +#include "eng_local.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" /* * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the @@ -147,7 +147,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); for (i = 0; i < nidcount; i++) { e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (((int)strlen(ameth->pem_str) == len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == len) && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c index faa967c475f5..236da346cd4c 100644 --- a/crypto/engine/tb_cipher.c +++ b/crypto/engine/tb_cipher.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *cipher_table = NULL; diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c index 785119f65af9..a13a13950083 100644 --- a/crypto/engine/tb_dh.c +++ b/crypto/engine/tb_dh.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c index d644b1b0a825..a6e6337a01d9 100644 --- a/crypto/engine/tb_digest.c +++ b/crypto/engine/tb_digest.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *digest_table = NULL; diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c index 65b6ea8d3a0e..2c77f0f3e151 100644 --- a/crypto/engine/tb_dsa.c +++ b/crypto/engine/tb_dsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dsa_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c index 1e5073685410..907d55ae8c44 100644 --- a/crypto/engine/tb_eckey.c +++ b/crypto/engine/tb_eckey.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c index 03cd1e69dd6d..c5c001c5cbec 100644 --- a/crypto/engine/tb_pkmeth.c +++ b/crypto/engine/tb_pkmeth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" #include static ENGINE_TABLE *pkey_meth_table = NULL; diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c index 98a98073cdd0..92f61c5a8840 100644 --- a/crypto/engine/tb_rand.c +++ b/crypto/engine/tb_rand.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rand_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c index d8d2e34f848b..43e865e6d6d1 100644 --- a/crypto/engine/tb_rsa.c +++ b/crypto/engine/tb_rsa.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "eng_int.h" +#include "eng_local.h" static ENGINE_TABLE *rsa_table = NULL; static const int dummy_nid = 1; diff --git a/crypto/err/err.c b/crypto/err/err.c index 3a58ccb95882..1372d52f80ee 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -10,17 +10,17 @@ #include #include #include -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/err.h" -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include #include #include #include "internal/thread_once.h" -#include "internal/ctype.h" -#include "internal/constant_time_locl.h" +#include "crypto/ctype.h" +#include "internal/constant_time.h" #include "e_os.h" static int err_load_strings(const ERR_STRING_DATA *str); diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index d9ec04b60676..7c0a5f0b9c5f 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -8,7 +8,7 @@ */ #include -#include "internal/err_int.h" +#include "crypto/err.h" #include #include #include diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a433b0324078..f5324c6819d8 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1002,6 +1002,7 @@ PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify +RAND_F_DATA_COLLECT_METHOD:127:data_collect_method RAND_F_DRBG_BYTES:101:drbg_bytes RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy RAND_F_DRBG_SETUP:117:drbg_setup @@ -1027,6 +1028,7 @@ RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed RAND_F_RAND_POOL_GROW:125:rand_pool_grow RAND_F_RAND_POOL_NEW:116:rand_pool_new +RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo_bytes RAND_F_RAND_WRITE_FILE:112:RAND_write_file RSA_F_CHECK_PADDING_MD:140:check_padding_md RSA_F_ENCODE_PKCS1:146:encode_pkcs1 @@ -1178,6 +1180,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ ossl_statem_server_post_process_message SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ @@ -2254,6 +2257,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized EVP_R_INVALID_DIGEST:152:invalid digest EVP_R_INVALID_FIPS_MODE:168:invalid fips mode +EVP_R_INVALID_IV_LENGTH:194:invalid iv length EVP_R_INVALID_KEY:163:invalid key EVP_R_INVALID_KEY_LENGTH:130:invalid key length EVP_R_INVALID_OPERATION:148:invalid operation @@ -2848,6 +2852,7 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data +SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading SSL_R_UNEXPECTED_MESSAGE:244:unexpected message SSL_R_UNEXPECTED_RECORD:245:unexpected record SSL_R_UNINITIALIZED:276:uninitialized diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 288dee01b220..fed4cf1eb1ff 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -12,8 +12,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" #include "internal/bio.h" /* diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 300db6cd320d..a77cfb1552de 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -76,7 +76,7 @@ #include "internal/bio.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int ok_write(BIO *h, const char *buf, int num); static int ok_read(BIO *h, char *buf, int size); diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 086b3c4d51b4..22fdcc409c16 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 1267531a7d23..16ac1b67f465 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include #include diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c index e2295c4dc589..272e48249e42 100644 --- a/crypto/evp/cmeth_lib.c +++ b/crypto/evp/cmeth_lib.c @@ -10,8 +10,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) { diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 6693f270b694..d1bfa274ca81 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1db346fc864b..405ddbf9bf09 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,10 +14,10 @@ #include #include #include -#include "internal/evp_int.h" -#include "modes_lcl.h" +#include "crypto/evp.h" +#include "modes_local.h" #include -#include "evp_locl.h" +#include "evp_local.h" typedef struct { union { @@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter) # define HWAES_xts_decrypt aes_p8_xts_decrypt #endif -#if !defined(OPENSSL_NO_ASM) && ( \ +#if defined(OPENSSL_CPUID_OBJ) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ @@ -1127,7 +1127,7 @@ typedef struct { } icv; unsigned char k[32]; } kmac_param; - /* KMAC-AES paramater block - end */ + /* KMAC-AES parameter block - end */ union { unsigned long long g[2]; @@ -1414,7 +1414,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, (OPENSSL_s390xcap_P.kma[0] & \ S390X_CAPBIT(S390X_AES_256))) -/* iv + padding length for iv lenghts != 12 */ +/* iv + padding length for iv lengths != 12 */ # define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) /*- diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 09d24dc3d02a..27c36b46e7a4 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -17,9 +17,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/evp_int.h" -#include "internal/constant_time_locl.h" +#include "modes_local.h" +#include "crypto/evp.h" +#include "internal/constant_time.h" typedef struct { AES_KEY ks; @@ -33,7 +33,7 @@ typedef struct { #define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index caac0c9d3da2..cc622b6faa8c 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -18,9 +18,9 @@ #include #include #include -#include "modes_lcl.h" -#include "internal/constant_time_locl.h" -#include "internal/evp_int.h" +#include "modes_local.h" +#include "internal/constant_time.h" +#include "crypto/evp.h" typedef struct { AES_KEY ks; @@ -34,7 +34,7 @@ typedef struct { # define NO_PAYLOAD_LENGTH ((size_t)-1) -#if defined(AES_ASM) && ( \ +#if defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) @@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) { return NULL; } -#endif +#endif /* AESNI_ASM */ diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c index fcaceb3bcadf..1cc6dd91a95a 100644 --- a/crypto/evp/e_aria.c +++ b/crypto/evp/e_aria.c @@ -14,10 +14,10 @@ # include # include # include -# include "internal/aria.h" -# include "internal/evp_int.h" -# include "modes_lcl.h" -# include "evp_locl.h" +# include "crypto/aria.h" +# include "crypto/evp.h" +# include "modes_local.h" +# include "evp_local.h" /* ARIA subkey Structure */ typedef struct { @@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (!cctx->iv_set) return -1; - if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) - return -1; if (!out) { if (!in) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), @@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_ccm128_aad(ccm, in, len); return len; } + + /* The tag must be set before actually decrypting data */ + if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) + return -1; + /* If not set length yet do it */ if (!cctx->len_set) { if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index dc386905c5cb..9a065582c6c8 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 2df4a6e3e011..502d6936cc13 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" -# include "modes_lcl.h" +# include "crypto/evp.h" +# include "modes_local.h" static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 259d44059b20..df9f445bd0a2 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_CAST # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 435a38d3658d..bdc406bb69dc 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -14,9 +14,9 @@ # include # include -# include "evp_locl.h" -# include "internal/evp_int.h" -# include "internal/chacha.h" +# include "evp_local.h" +# include "crypto/evp.h" +# include "crypto/chacha.h" typedef struct { union { @@ -146,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void) } # ifndef OPENSSL_NO_POLY1305 -# include "internal/poly1305.h" +# include "crypto/poly1305.h" typedef struct { EVP_CHACHA_KEY key; diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index c13fb3e25a9b..6d6e919af696 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -12,7 +12,7 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 6b492ce47023..2a5597fee527 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -12,10 +12,10 @@ #ifndef OPENSSL_NO_DES # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include -# include "evp_locl.h" +# include "evp_local.h" typedef struct { union { diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index 93f6a4131fa8..1068378ddc75 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_IDEA # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 18a8468216a0..0725454a3a4a 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index aa0d14018687..4d8a0ee4b015 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index d16abdd0d2d7..c24bc8fe5982 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -16,7 +16,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; /* working key */ diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index b1e8ccd6ddca..201ce443435c 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -19,7 +19,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" typedef struct { RC4_KEY ks; diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index dc5589b68813..c86e87b65ab4 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -13,9 +13,9 @@ #ifndef OPENSSL_NO_RC5 # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include -# include "evp_locl.h" +# include "evp_local.h" # include static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index 40aec5fc6ac0..aeb2363beade 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index 79deb6563646..fce32794fc51 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -13,8 +13,8 @@ #ifndef OPENSSL_NO_SM4 # include # include -# include "internal/sm4.h" -# include "internal/evp_int.h" +# include "crypto/sm4.h" +# include "crypto/evp.h" typedef struct { SM4_KEY ks; diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 57ce813da824..b73077542264 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -14,7 +14,7 @@ # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" # include static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index da32d4fd1973..9307ff046424 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -11,8 +11,8 @@ #include #include "internal/cryptlib.h" #include -#include "evp_locl.h" -#include "internal/evp_int.h" +#include "evp_local.h" +#include "crypto/evp.h" static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 05dd791b6cb0..b9b6490fe069 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -15,8 +15,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) { @@ -305,6 +305,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, bl = ctx->cipher->block_size; + /* + * CCM mode needs to know about the case where inl == 0 && in == NULL - it + * means the plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { /* If block size > 1 then the cipher will have to do this check */ if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { @@ -320,10 +331,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; @@ -457,6 +464,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; + /* + * CCM mode needs to know about the case where inl == 0 - it means the + * plaintext/ciphertext length is 0 + */ + if (inl < 0 + || (inl == 0 + && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) { + *outl = 0; + return inl == 0; + } + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { if (b == 1 && is_partially_overlapping(out, in, cmpl)) { EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); @@ -472,11 +490,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return 1; } - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ctx->flags & EVP_CIPH_NO_PADDING) return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 84bd3c2dab27..05481d827fb4 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "input not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 4935c2a94a1a..45cde0da8bfc 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) { diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_local.h similarity index 100% rename from crypto/evp/evp_locl.h rename to crypto/evp/evp_local.h diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 5a88817b4aa9..967203f373c9 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -12,7 +12,7 @@ #include #include #include -#include "evp_locl.h" +#include "evp_local.h" /* Password based encryption (PBE) functions */ diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index e61a8761a92d..586b74605cbd 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" /* Extract a private key from a PKCS8 structure */ diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index c4e28ae17af2..1aec5185239d 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -18,7 +18,7 @@ # include # include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 0efc586dbaff..45d2cafee101 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 3d96ae93b6c4..d26b5a4d31dc 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_md5_sha1.c b/crypto/evp/m_md5_sha1.c index 2d98886ba0e7..eeec2b13e9ed 100644 --- a/crypto/evp/m_md5_sha1.c +++ b/crypto/evp/m_md5_sha1.c @@ -15,7 +15,7 @@ # include # include # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include struct md5_sha1_ctx { diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 1051a9070f97..fffa751efd18 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 5dce1d510e28..0847139df17b 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index 7ab320843cee..d93ad24fe58a 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -17,7 +17,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index ac52417855b3..22b9bbc7d861 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -14,8 +14,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sha.h" +#include "crypto/evp.h" +#include "crypto/sha.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/m_sha3.c b/crypto/evp/m_sha3.c index 01cf57d313d0..54c592a3cce2 100644 --- a/crypto/evp/m_sha3.c +++ b/crypto/evp/m_sha3.c @@ -12,8 +12,8 @@ #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, size_t r); diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 94e37f02b22e..04643acc8837 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -12,8 +12,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "evp_locl.h" +#include "crypto/evp.h" +#include "evp_local.h" static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) { diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index 27e2b3c5cab8..5ce15d2d5e57 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -16,7 +16,7 @@ # include # include # include -# include "internal/evp_int.h" +# include "crypto/evp.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 077c2a6c4b9a..90c7b73b7a49 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -10,9 +10,9 @@ #include #include "internal/cryptlib.h" #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_add_cipher(const EVP_CIPHER *c) { diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 7e55d0bfb817..6c5f45f73368 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_MD_CTX *ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; + int i, ivl, kl; PBEPARAM *pbe; int saltlen, iter; unsigned char *salt; @@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, return 0; } + ivl = EVP_CIPHER_iv_length(cipher); + if (ivl < 0 || ivl > 16) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + kl = EVP_CIPHER_key_length(cipher); + if (kl < 0 || kl > (int)sizeof(md_tmp)) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH); + PBEPARAM_free(pbe); + return 0; + } + if (!pbe->iter) iter = 1; else @@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestUpdate(ctx, salt, saltlen)) goto err; PBEPARAM_free(pbe); + pbe = NULL; if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; mdsize = EVP_MD_size(md); @@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) goto err; } - OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); + memcpy(key, md_tmp, kl); + memcpy(iv, md_tmp + (16 - ivl), ivl); if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) goto err; OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); @@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + PBEPARAM_free(pbe); EVP_MD_CTX_free(ctx); return rv; } diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index e819eb9b47dc..7f625b3d57f3 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -13,7 +13,7 @@ # include # include # include -# include "evp_locl.h" +# include "evp_local.h" /* set this to print out info about the keygen algorithm */ /* #define OPENSSL_DEBUG_PKCS5V2 */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 3cd7ca8d54ca..9f1a485a5b83 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -21,8 +21,8 @@ #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" static void EVP_PKEY_free_it(EVP_PKEY *x); @@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) { - if (pkey->ameth && pkey->ameth->param_missing) + if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing) return pkey->ameth->param_missing(pkey); return 0; } @@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - if (pkey->type != EVP_PKEY_RSA) { + if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } @@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { - int ret = EVP_PKEY_assign_DH(pkey, key); + int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; + int ret = EVP_PKEY_assign(pkey, type, key); + if (ret) DH_up_ref(key); return ret; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 6cb442e4f91d..0383294a87c8 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 6e8c565dfd6b..e27196f7c2e6 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index de1c07e17114..02f4093461d8 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -12,7 +12,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #define M_check_autoarg(ctx, arg, arglen, err) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index e14965f33384..3ad6d5c7c7a0 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -12,9 +12,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/bn_int.h" -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/bn.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 7fbf895e0732..603ccd835219 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" #include "internal/numbers.h" typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); @@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->digestsign = digestsign; +} + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + pmeth->digestverify = digestverify; +} + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)) { @@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, *pctrl_str = pmeth->ctrl_str; } +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + if (digestsign) + *digestsign = pmeth->digestsign; +} + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen, const unsigned char *tbs, + size_t tbslen)) +{ + if (digestverify) + *digestverify = pmeth->digestverify; +} + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)) { diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 08dc7c40734d..22f3b70edf14 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include "internal/thread_once.h" /* diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index fa204e9068e4..638f61b5863a 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -10,8 +10,8 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" /* * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 55dd27d63b5c..56f98707f539 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" /* HMAC pkey context structure */ diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 0c0a7133fb5a..5e087bf92ff2 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,21 +13,22 @@ #include "internal/cryptlib.h" #include #include -#include "hmac_lcl.h" +#include "hmac_local.h" int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { - int rv = 0; - int i, j, reset = 0; + int rv = 0, reset = 0; + int i, j; unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; + unsigned int keytmp_length; + unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; /* If we are changing MD then we must have a key */ if (md != NULL && md != ctx->md && (key == NULL || len < 0)) return 0; if (md != NULL) { - reset = 1; ctx->md = md; } else if (ctx->md) { md = ctx->md; @@ -44,35 +45,34 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (key != NULL) { reset = 1; + j = EVP_MD_block_size(md); - if (!ossl_assert(j <= (int)sizeof(ctx->key))) + if (!ossl_assert(j <= (int)sizeof(keytmp))) return 0; if (j < len) { if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) || !EVP_DigestUpdate(ctx->md_ctx, key, len) - || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, - &ctx->key_length)) + || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, + &keytmp_length)) return 0; } else { - if (len < 0 || len > (int)sizeof(ctx->key)) + if (len < 0 || len > (int)sizeof(keytmp)) return 0; - memcpy(ctx->key, key, len); - ctx->key_length = len; + memcpy(keytmp, key, len); + keytmp_length = len; } - if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length); - } + if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) + memset(&keytmp[keytmp_length], 0, + HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); - if (reset) { for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x36 ^ ctx->key[i]; + pad[i] = 0x36 ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) goto err; for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x5c ^ ctx->key[i]; + pad[i] = 0x5c ^ keytmp[i]; if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) goto err; @@ -81,8 +81,10 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, goto err; rv = 1; err: - if (reset) + if (reset) { + OPENSSL_cleanse(keytmp, sizeof(keytmp)); OPENSSL_cleanse(pad, sizeof(pad)); + } return rv; } @@ -149,8 +151,6 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_reset(ctx->o_ctx); EVP_MD_CTX_reset(ctx->md_ctx); ctx->md = NULL; - ctx->key_length = 0; - OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); } void HMAC_CTX_free(HMAC_CTX *ctx) @@ -201,8 +201,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE); - dctx->key_length = sctx->key_length; dctx->md = sctx->md; return 1; err: diff --git a/crypto/hmac/hmac_lcl.h b/crypto/hmac/hmac_local.h similarity index 71% rename from crypto/hmac/hmac_lcl.h rename to crypto/hmac/hmac_local.h index 8fd8345694a2..8bcc55817ae5 100644 --- a/crypto/hmac/hmac_lcl.h +++ b/crypto/hmac/hmac_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_HMAC_LCL_H -# define HEADER_HMAC_LCL_H +#ifndef OSSL_CRYPTO_HMAC_LOCAL_H +# define OSSL_CRYPTO_HMAC_LOCAL_H /* The current largest case is for SHA3-224 */ #define HMAC_MAX_MD_CBLOCK_SIZE 144 @@ -18,8 +18,6 @@ struct hmac_ctx_st { EVP_MD_CTX *md_ctx; EVP_MD_CTX *i_ctx; EVP_MD_CTX *o_ctx; - unsigned int key_length; - unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE]; }; #endif diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c index a70a8682a780..4eff467111be 100644 --- a/crypto/idea/i_cbc.c +++ b/crypto/idea/i_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c index daf467eb5c26..61c723015b99 100644 --- a/crypto/idea/i_cfb64.c +++ b/crypto/idea/i_cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c index 058d0c14c005..cb724e1a6c0b 100644 --- a/crypto/idea/i_ecb.c +++ b/crypto/idea/i_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" #include const char *IDEA_options(void) diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c index 997a7b88edf4..f000ced58620 100644 --- a/crypto/idea/i_ofb64.c +++ b/crypto/idea/i_ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c index 9d9145580fcf..230338d7e3ab 100644 --- a/crypto/idea/i_skey.c +++ b/crypto/idea/i_skey.c @@ -8,7 +8,7 @@ */ #include -#include "idea_lcl.h" +#include "idea_local.h" static IDEA_INT inverse(unsigned int xin); void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_local.h similarity index 100% rename from crypto/idea/idea_lcl.h rename to crypto/idea/idea_local.h diff --git a/crypto/include/internal/store.h b/crypto/include/internal/store.h deleted file mode 100644 index f5013dc36795..000000000000 --- a/crypto/include/internal/store.h +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -void ossl_store_cleanup_int(void); diff --git a/crypto/init.c b/crypto/init.c index 9fc0e8ef68aa..1b0d523beae0 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -8,25 +8,25 @@ */ #include "e_os.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include "internal/bio.h" #include -#include "internal/evp_int.h" +#include "crypto/evp.h" #include "internal/conf.h" -#include "internal/async.h" -#include "internal/engine.h" +#include "crypto/async.h" +#include "crypto/engine.h" #include "internal/comp.h" #include "internal/err.h" -#include "internal/err_int.h" -#include "internal/objects.h" +#include "crypto/err.h" +#include "crypto/objects.h" #include #include #include "internal/thread_once.h" -#include "internal/dso_conf.h" +#include "crypto/dso_conf.h" #include "internal/dso.h" -#include "internal/store.h" +#include "crypto/store.h" static int stopped = 0; diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index ae46fad609ac..25bf4b729f64 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #define HKDF_MAXBUF 1024 diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c index 61fd390e95f0..68606ac00aed 100644 --- a/crypto/kdf/scrypt.c +++ b/crypto/kdf/scrypt.c @@ -13,7 +13,7 @@ #include #include #include "internal/cryptlib.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" #ifndef OPENSSL_NO_SCRYPT diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index 49f7ecced906..e9ca8e12780b 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/evp_int.h" +#include "crypto/evp.h" static int tls1_prf_alg(const EVP_MD *md, const unsigned char *sec, size_t slen, diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 65b91e1ef415..45f1b105554f 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -18,7 +18,7 @@ #include #include -#include "lhash_lcl.h" +#include "lhash_local.h" # ifndef OPENSSL_NO_STDIO void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 485d4c3ffff4..9dc887d91e4b 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/ctype.h" -#include "internal/lhash.h" -#include "lhash_lcl.h" +#include "crypto/ctype.h" +#include "crypto/lhash.h" +#include "lhash_local.h" /* * A hashing implementation that appears to be based on the linear hashing diff --git a/crypto/lhash/lhash_lcl.h b/crypto/lhash/lhash_local.h similarity index 100% rename from crypto/lhash/lhash_lcl.h rename to crypto/lhash/lhash_local.h diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c index 5319618615e3..29b6b252bae3 100644 --- a/crypto/md4/md4_dgst.c +++ b/crypto/md4/md4_dgst.c @@ -9,7 +9,7 @@ #include #include -#include "md4_locl.h" +#include "md4_local.h" /* * Implemented from RFC1186 The MD4 Message-Digest Algorithm @@ -39,7 +39,7 @@ void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_local.h similarity index 96% rename from crypto/md4/md4_locl.h rename to crypto/md4/md4_local.h index a6c4003fdbc2..5f05720e9769 100644 --- a/crypto/md4/md4_locl.h +++ b/crypto/md4/md4_local.h @@ -31,7 +31,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) @@ -53,7 +53,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); #define R1(a,b,c,d,k,s,t) { \ a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); };\ + a=ROTATE(a,s); }; #define R2(a,b,c,d,k,s,t) { \ a+=((k)+(t)+H((b),(c),(d))); \ diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl index 15e14864d195..7986a2413da2 100644 --- a/crypto/md5/asm/md5-586.pl +++ b/crypto/md5/asm/md5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,7 @@ $X="esi"; &md5_block("md5_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Np { diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl index 6a62c6253189..3595e3d32fc9 100755 --- a/crypto/md5/asm/md5-sparcv9.pl +++ b/crypto/md5/asm/md5-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -434,4 +434,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl index 386d8048ec02..c6a172d448c6 100755 --- a/crypto/md5/asm/md5-x86_64.pl +++ b/crypto/md5/asm/md5-x86_64.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # Author: Marc Bevand -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -390,4 +390,4 @@ ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c index fbede6742af6..d84cba37ae98 100644 --- a/crypto/md5/md5_dgst.c +++ b/crypto/md5/md5_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "md5_locl.h" +#include "md5_local.h" #include /* @@ -39,7 +39,7 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) const unsigned char *data = data_; register unsigned MD32_REG_T A, B, C, D, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_local.h similarity index 98% rename from crypto/md5/md5_locl.h rename to crypto/md5/md5_local.h index 4eb7e50ef4d0..b0087bea81c4 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_local.h @@ -42,7 +42,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) @@ -62,7 +62,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); #define R0(a,b,c,d,k,s,t) { \ a+=((k)+(t)+F((b),(c),(d))); \ a=ROTATE(a,s); \ - a+=b; };\ + a+=b; }; #define R1(a,b,c,d,k,s,t) { \ a+=((k)+(t)+G((b),(c),(d))); \ diff --git a/crypto/mem.c b/crypto/mem.c index 780053ffeff1..2b39ca3a1049 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -9,7 +9,7 @@ #include "e_os.h" #include "internal/cryptlib.h" -#include "internal/cryptlib_int.h" +#include "crypto/cryptlib.h" #include #include #include diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h index e18ac07210c5..4ae1a1a9339e 100644 --- a/crypto/mips_arch.h +++ b/crypto/mips_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __MIPS_ARCH_H__ -# define __MIPS_ARCH_H__ +#ifndef OSSL_CRYPTO_MIPS_ARCH_H +# define OSSL_CRYPTO_MIPS_ARCH_H # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index b42016101ebc..959efedb0de7 100755 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -90,6 +90,7 @@ $code=<<___; .type _aesni_ctr32_ghash_6x,\@abi-omnipotent .align 32 _aesni_ctr32_ghash_6x: +.cfi_startproc vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb sub \$6,$len vpxor $Z0,$Z0,$Z0 # $Z0 = 0 @@ -397,6 +398,7 @@ _aesni_ctr32_ghash_6x: vpxor $Z0,$Xi,$Xi # modulo-scheduled ret +.cfi_endproc .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x ___ ###################################################################### @@ -543,6 +545,7 @@ $code.=<<___; .type _aesni_ctr32_6x,\@abi-omnipotent .align 32 _aesni_ctr32_6x: +.cfi_startproc vmovdqu 0x00-0x80($key),$Z0 # borrow $Z0 for $rndkey vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb lea -1($rounds),%r13 @@ -629,6 +632,7 @@ _aesni_ctr32_6x: vpshufb $Ii,$T1,$T1 # next counter value vpxor $Z0,$inout5,$inout5 jmp .Loop_ctr32 +.cfi_endproc .size _aesni_ctr32_6x,.-_aesni_ctr32_6x .globl aesni_gcm_encrypt @@ -1079,15 +1083,19 @@ $code=<<___; # assembler is too old .globl aesni_gcm_encrypt .type aesni_gcm_encrypt,\@abi-omnipotent aesni_gcm_encrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_encrypt,.-aesni_gcm_encrypt .globl aesni_gcm_decrypt .type aesni_gcm_decrypt,\@abi-omnipotent aesni_gcm_decrypt: +.cfi_startproc xor %eax,%eax ret +.cfi_endproc .size aesni_gcm_decrypt,.-aesni_gcm_decrypt ___ }}} @@ -1096,4 +1104,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index dcc23f7d7dbe..d84ac6f2bf43 100755 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl index 3cadda39945c..5826dcbdfe64 100755 --- a/crypto/modes/asm/ghash-c64xplus.pl +++ b/crypto/modes/asm/ghash-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -244,4 +244,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl index eb9ded91e5b6..6e29f995fa85 100755 --- a/crypto/modes/asm/ghash-ia64.pl +++ b/crypto/modes/asm/ghash-ia64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -467,4 +467,4 @@ $code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm if ($big_endian); $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl index a614c99c22ce..d798b7abf490 100755 --- a/crypto/modes/asm/ghash-parisc.pl +++ b/crypto/modes/asm/ghash-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -745,4 +745,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl index 17dc375053c5..2f3ca295bdca 100755 --- a/crypto/modes/asm/ghash-s390x.pl +++ b/crypto/modes/asm/ghash-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -259,4 +259,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index c4eb3b1f0206..ccebc74b4e97 100755 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -578,4 +578,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index bcbe6e399d13..4183d99b68b1 100755 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1378,7 +1378,7 @@ my ($Xhi,$Xi)=@_; &asciz("GHASH for x86, CRYPTOGAMS by "); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; # A question was risen about choice of vanilla MMX. Or rather why wasn't # SSE2 chosen instead? In addition to the fact that MMX runs on legacy diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 6b2a51ecd77e..0a0bfd575cee 100755 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1815,4 +1815,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl index 6a2ac712950b..447472cb4592 100755 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ b/crypto/modes/asm/ghashp8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -668,4 +668,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 47e882008069..d0e398b50ae0 100755 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -778,4 +778,4 @@ if ($flavour =~ /64/) { ######## 64-bit code } } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index 4ce5eb2ae341..fc7e0b60510b 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index 05a33239f56e..424722811c16 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index e439567fe59f..b6bec414a966 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index 03920b447333..ae35116e9524 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c index 93826a1e2f06..9052e857764f 100644 --- a/crypto/modes/cts128.c +++ b/crypto/modes/cts128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 15f76e3e86bc..48775e6d05ff 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_local.h similarity index 100% rename from crypto/modes/modes_lcl.h rename to crypto/modes/modes_local.h diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 713b9aaf19d5..b39a55a1a145 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -10,7 +10,7 @@ #include #include #include -#include "modes_lcl.h" +#include "modes_local.h" #ifndef OPENSSL_NO_OCB diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index 83092564c6b6..44bdf888db1a 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include /* diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 81b1eacd5920..b5bda5e6402d 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -8,7 +8,7 @@ */ #include -#include "modes_lcl.h" +#include "modes_local.h" #include int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index c4355370cb15..979d83577c22 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -17,8 +17,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/lhash.h" -#include "obj_lcl.h" +#include "crypto/lhash.h" +#include "obj_local.h" #include "e_os.h" /* diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ef2d1e0ddaf2..46006fe6cf9c 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -8,15 +8,15 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include #include -#include "internal/objects.h" +#include "crypto/objects.h" #include -#include "internal/asn1_int.h" -#include "obj_lcl.h" +#include "crypto/asn1.h" +#include "obj_local.h" /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index ea91db660b65..d1b1bc7faf91 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"ITU-T", "itu-t", NID_itu_t}, {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, - {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, - {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, + {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]}, + {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]}, {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, @@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = { 134, /* "Microsoft Individual Code Signing" */ 856, /* "Microsoft Local Key set" */ 137, /* "Microsoft Server Gated Crypto" */ - 648, /* "Microsoft Smartcardlogin" */ + 648, /* "Microsoft Smartcard Login" */ 136, /* "Microsoft Trust List Signing" */ - 649, /* "Microsoft Universal Principal Name" */ + 649, /* "Microsoft User Principal Name" */ 393, /* "NULL" */ 404, /* "NULL" */ 72, /* "Netscape Base Url" */ diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c index acbdeec2c980..456a1598cec5 100644 --- a/crypto/objects/obj_lib.c +++ b/crypto/objects/obj_lib.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { diff --git a/crypto/objects/obj_lcl.h b/crypto/objects/obj_local.h similarity index 100% rename from crypto/objects/obj_lcl.h rename to crypto/objects/obj_local.h diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 9144d569dcd0..1ca04bbff19f 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 5b2bb54eb929..c49d4c568b59 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -426,9 +426,9 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System !Cname ms-smartcard-login -1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcard Login !Cname ms-upn -1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft User Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index 1e0b82797bdc..a869e32bc8b3 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 739ac01807a0..55ffd45c6ec0 100755 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -16,7 +16,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP requests and extracting relevant diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 3ab5308a12bb..f6c387ffb7d7 100755 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -12,7 +12,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 42c368643135..ba408bc86f98 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -10,7 +10,7 @@ #include "e_os.h" #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index b8b91cc9eb3f..37ac6c03fd04 100755 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include /* Convert a certificate and its issuer to an OCSP_CERTID */ diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_local.h similarity index 100% rename from crypto/ocsp/ocsp_lcl.h rename to crypto/ocsp/ocsp_local.h diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 5605812ef74b..1965f2a183b3 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -10,7 +10,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include "internal/cryptlib.h" #include diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 6bd6f7b6d892..e35fc52fd944 100755 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -14,7 +14,7 @@ #include #include #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" /* * Utility functions related to sending OCSP responses and extracting diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 9a8d34386621..e87b71c0c791 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -8,7 +8,7 @@ */ #include -#include "ocsp_lcl.h" +#include "ocsp_local.h" #include #include diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 2d425a8951d6..a174ce15a60d 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -12,7 +12,7 @@ # include # include # include -# include "ocsp_lcl.h" +# include "ocsp_local.h" # include # include "../x509v3/ext_dat.h" diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl index 5a231c49f02a..f4d364754a1f 100755 --- a/crypto/pariscid.pl +++ b/crypto/pariscid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -272,5 +272,5 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 0e7181311340..9d57ee7cc2e5 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -84,9 +84,8 @@ IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, - RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, - PEM_STRING_PUBLIC, - RSA_PUBKEY) + RSAPublicKey) +IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif #ifndef OPENSSL_NO_DSA static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) @@ -115,7 +114,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) - IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) # ifndef OPENSSL_NO_STDIO DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) { @@ -176,6 +175,6 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, #ifndef OPENSSL_NO_DH IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) - IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) +IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) #endif IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 4bb86463fae5..64baf7108ea4 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -8,7 +8,7 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include "internal/cryptlib.h" #include @@ -18,7 +18,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index aa032d2b1cac..e58cdf4a3e0b 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -17,8 +17,8 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" int pem_check_suffix(const char *pem_str, const char *suffix); diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 2bbee4a306e4..1fc19c17f913 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -844,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) goto error; OPENSSL_cleanse(keybuf, 20); - if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) + if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) goto error; - if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen)) + if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen)) goto error; } diff --git a/crypto/perlasm/README b/crypto/perlasm/README index 3177c3716542..59f2c95515fe 100644 --- a/crypto/perlasm/README +++ b/crypto/perlasm/README @@ -35,7 +35,7 @@ Functions of interest are: &function_begin_B(name,extra) Same as normal function_begin but no pushing. &function_end(name) Call at end of function. &function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. +&function_end_B(name) Call at end but with pop or ret. &swtmp(num) Address on stack temp word. &wparam(num) Parameter number num, that was push in C convention. This all works over pushes diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index ca2f8b990b97..48819be54052 100755 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -174,4 +174,4 @@ while(my $line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index d220c6245b56..08668b295bf6 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -341,4 +341,4 @@ while($line=<>) { print "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 29a0eacfd532..59af6df9c200 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1216,7 +1216,7 @@ while(defined(my $line=<>)) { print "\n$current_segment\tENDS\n" if ($current_segment && $masm); print "END\n" if ($masm); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; ################################################# # Cross-reference x86_64 ABI "card" diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 193ed8097dc3..af184c86af5d 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Pack an object into an OCTET STRING and turn into a safebag */ diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 422dfc398fab..88f145890cf6 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 ASN1 module */ diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index c324f5051469..a958fdf3465e 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Add a local keyid to a safebag */ diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index 10cf8dd589d9..d43dc3b30cf3 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 88db0f2dc4f9..7ecc29ec0ce0 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" /* Initialise a PKCS12 structure to take data */ diff --git a/crypto/pkcs12/p12_lcl.h b/crypto/pkcs12/p12_local.h similarity index 100% rename from crypto/pkcs12/p12_lcl.h rename to crypto/pkcs12/p12_local.h diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 0cbbed364a21..3658003fe598 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" int PKCS12_mac_present(const PKCS12 *p12) { diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 0ce75ed330ee..0334289a89fa 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -13,7 +13,7 @@ #include #include #include -#include "p12_lcl.h" +#include "p12_local.h" /* PKCS#12 password change routine */ diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 86a07e1335e4..05fc388a9969 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c index a09c5b93132a..7cf522786b03 100644 --- a/crypto/pkcs12/p12_sbag.c +++ b/crypto/pkcs12/p12_sbag.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "p12_lcl.h" +#include "p12_local.h" #if OPENSSL_API_COMPAT < 0x10100000L ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 16b76431d1bd..ec4d9abd587f 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -11,8 +11,8 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) { diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index 5cdb6be05914..f77e1170f66b 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1250,4 +1250,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 6c6c9bb05be0..9bfee2759579 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -943,4 +943,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl index 28b6772ee5fe..965825dc3eda 100755 --- a/crypto/poly1305/asm/poly1305-mips.pl +++ b/crypto/poly1305/asm/poly1305-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -433,5 +433,5 @@ ___ $output=pop and open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl index 0c6d015d585b..e5d6933ac4d5 100755 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ b/crypto/poly1305/asm/poly1305-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -642,4 +642,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl index 09f818584842..a9ab20714697 100755 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ b/crypto/poly1305/asm/poly1305-ppcfp.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -736,4 +736,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl index 82d757d9a1ca..bcc8fd3b886a 100755 --- a/crypto/poly1305/asm/poly1305-s390x.pl +++ b/crypto/poly1305/asm/poly1305-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -224,4 +224,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl index 0bdd04892544..997e0d8344c6 100755 --- a/crypto/poly1305/asm/poly1305-sparcv9.pl +++ b/crypto/poly1305/asm/poly1305-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1117,4 +1117,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl index 1e09ddcc10d7..4aaf63a0a1dd 100755 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ b/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } @@ -1812,4 +1812,4 @@ sub vlazy_reduction { &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index 342ad7f18aa7..c014be1ca9fa 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=12); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -168,6 +168,7 @@ $code.=<<___; .type poly1305_init,\@function,3 .align 32 poly1305_init: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -219,6 +220,7 @@ $code.=<<___; mov \$1,%eax .Lno_key: ret +.cfi_endproc .size poly1305_init,.-poly1305_init .type poly1305_blocks,\@function,4 @@ -298,6 +300,7 @@ $code.=<<___; .type poly1305_emit,\@function,3 .align 32 poly1305_emit: +.cfi_startproc .Lemit: mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 @@ -318,6 +321,7 @@ poly1305_emit: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit,.-poly1305_emit ___ if ($avx) { @@ -342,15 +346,18 @@ $code.=<<___; .type __poly1305_block,\@abi-omnipotent .align 32 __poly1305_block: +.cfi_startproc ___ &poly1305_iteration(); $code.=<<___; ret +.cfi_endproc .size __poly1305_block,.-__poly1305_block .type __poly1305_init_avx,\@abi-omnipotent .align 32 __poly1305_init_avx: +.cfi_startproc mov $r0,$h0 mov $r1,$h1 xor $h2,$h2 @@ -508,6 +515,7 @@ __poly1305_init_avx: lea -48-64($ctx),$ctx # size [de-]optimization ret +.cfi_endproc .size __poly1305_init_avx,.-__poly1305_init_avx .type poly1305_blocks_avx,\@function,4 @@ -1373,6 +1381,7 @@ $code.=<<___; .type poly1305_emit_avx,\@function,3 .align 32 poly1305_emit_avx: +.cfi_startproc cmpl \$0,20($ctx) # is_base2_26? je .Lemit @@ -1423,6 +1432,7 @@ poly1305_emit_avx: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_avx,.-poly1305_emit_avx ___ @@ -2741,6 +2751,7 @@ $code.=<<___; .type poly1305_init_base2_44,\@function,3 .align 32 poly1305_init_base2_44: +.cfi_startproc xor %rax,%rax mov %rax,0($ctx) # initialize hash value mov %rax,8($ctx) @@ -2782,6 +2793,7 @@ ___ $code.=<<___; mov \$1,%eax ret +.cfi_endproc .size poly1305_init_base2_44,.-poly1305_init_base2_44 ___ { @@ -2793,6 +2805,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52,\@function,4 .align 32 poly1305_blocks_vpmadd52: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52 # too short @@ -2899,6 +2912,7 @@ poly1305_blocks_vpmadd52: .Lno_data_vpmadd52: ret +.cfi_endproc .size poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52 ___ } @@ -2916,6 +2930,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_4x,\@function,4 .align 32 poly1305_blocks_vpmadd52_4x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_4x # too short @@ -3340,6 +3355,7 @@ poly1305_blocks_vpmadd52_4x: .Lno_data_vpmadd52_4x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x ___ } @@ -3358,6 +3374,7 @@ $code.=<<___; .type poly1305_blocks_vpmadd52_8x,\@function,4 .align 32 poly1305_blocks_vpmadd52_8x: +.cfi_startproc shr \$4,$len jz .Lno_data_vpmadd52_8x # too short @@ -3713,6 +3730,7 @@ $code.=<<___; .Lno_data_vpmadd52_8x: ret +.cfi_endproc .size poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x ___ } @@ -3720,6 +3738,7 @@ $code.=<<___; .type poly1305_emit_base2_44,\@function,3 .align 32 poly1305_emit_base2_44: +.cfi_startproc mov 0($ctx),%r8 # load hash value mov 8($ctx),%r9 mov 16($ctx),%r10 @@ -3750,6 +3769,7 @@ poly1305_emit_base2_44: mov %rcx,8($mac) ret +.cfi_endproc .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 ___ } } } @@ -3800,6 +3820,7 @@ $code.=<<___; .type xor128_encrypt_n_pad,\@abi-omnipotent .align 16 xor128_encrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3841,12 +3862,14 @@ xor128_encrypt_n_pad: .Ldone_enc: mov $otp,%rax ret +.cfi_endproc .size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad .globl xor128_decrypt_n_pad .type xor128_decrypt_n_pad,\@abi-omnipotent .align 16 xor128_decrypt_n_pad: +.cfi_startproc sub $otp,$inp sub $otp,$out mov $len,%r10 # put len aside @@ -3892,6 +3915,7 @@ xor128_decrypt_n_pad: .Ldone_dec: mov $otp,%rax ret +.cfi_endproc .size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad ___ } @@ -4156,4 +4180,4 @@ foreach (split('\n',$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index 1d182364aee4..e7f5b92c8f3d 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -11,7 +11,7 @@ #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" size_t Poly1305_ctx_size(void) @@ -89,7 +89,7 @@ static void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit); /* - * Type-agnostic "rip-off" from constant_time_locl.h + * Type-agnostic "rip-off" from constant_time.h */ # define CONSTANT_TIME_CARRY(a,b) ( \ (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c index 033ee8cd9699..0c8a91dc79dc 100644 --- a/crypto/poly1305/poly1305_ameth.c +++ b/crypto/poly1305/poly1305_ameth.c @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/poly1305.h" +#include "crypto/asn1.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * POLY1305 "ASN1" method. This is just here to indicate the maximum diff --git a/crypto/poly1305/poly1305_pmeth.c b/crypto/poly1305/poly1305_pmeth.c index 3bc24c98cd61..49a799a12f51 100644 --- a/crypto/poly1305/poly1305_pmeth.c +++ b/crypto/poly1305/poly1305_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/poly1305.h" +#include "crypto/poly1305.h" #include "poly1305_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* POLY1305 pkey context structure */ diff --git a/crypto/ppc_arch.h b/crypto/ppc_arch.h index 72bd7468745c..e3845e9394ae 100644 --- a/crypto/ppc_arch.h +++ b/crypto/ppc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_PPC_ARCH_H -# define HEADER_PPC_ARCH_H +#ifndef OSSL_CRYPTO_PPC_ARCH_H +# define OSSL_CRYPTO_PPC_ARCH_H extern unsigned int OPENSSL_ppccap_P; diff --git a/crypto/ppccap.c b/crypto/ppccap.c index a59485207b16..b12cd949ccfe 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -29,8 +29,8 @@ #include #include #include -#include -#include "bn/bn_lcl.h" +#include +#include "bn/bn_local.h" #include "ppc_arch.h" diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl index a38445fd3c52..2065cbb84b10 100755 --- a/crypto/ppccpuid.pl +++ b/crypto/ppccpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -379,4 +379,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index a243361b56e4..93b82f34ceda 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -14,7 +14,7 @@ #include #include "internal/thread_once.h" #include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" /* * Implementation of NIST SP 800-90A CTR DRBG. */ diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 12bb627a04ef..faf0590c6c28 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include #include -#include "rand_lcl.h" +#include "rand_local.h" #include "internal/thread_once.h" -#include "internal/rand_int.h" -#include "internal/cryptlib_int.h" +#include "crypto/rand.h" +#include "crypto/cryptlib.h" /* * Support framework for NIST SP 800-90A DRBG @@ -1044,7 +1044,7 @@ static int drbg_add(const void *buf, int num, double randomness) return ret; #else /* - * If an os entropy source is avaible then we declare the buffer content + * If an os entropy source is available then we declare the buffer content * as additional data by setting randomness to zero and trigger a regular * reseeding. */ diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index ae4d8559fb28..a3ae5f53c295 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,8 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA RAND_str_functs[] = { + {ERR_PACK(ERR_LIB_RAND, RAND_F_DATA_COLLECT_METHOD, 0), + "data_collect_method"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"}, @@ -49,6 +51,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = { "rand_pool_bytes_needed"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"}, + {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_PSEUDO_BYTES, 0), "RAND_pseudo_bytes"}, {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"}, {0, NULL} }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 91b26523110f..ab4e9b5486cb 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,10 +11,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/rand_int.h" +#include "crypto/rand.h" #include #include "internal/thread_once.h" -#include "rand_lcl.h" +#include "rand_local.h" #include "e_os.h" #ifndef OPENSSL_NO_ENGINE @@ -386,6 +386,9 @@ int RAND_poll(void) const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth == NULL) + return 0; + if (meth == RAND_OpenSSL()) { /* fill random pool and seed the master DRBG */ RAND_DRBG *drbg = RAND_DRBG_get0_master(); @@ -765,7 +768,7 @@ int rand_pool_add(RAND_POOL *pool, * is returned without producing an error message. * * After updating the buffer, rand_pool_add_end() needs to be called - * to finish the udpate operation (see next comment). + * to finish the update operation (see next comment). */ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len) { @@ -896,7 +899,7 @@ void RAND_seed(const void *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->seed != NULL) + if (meth != NULL && meth->seed != NULL) meth->seed(buf, num); } @@ -904,7 +907,7 @@ void RAND_add(const void *buf, int num, double randomness) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->add != NULL) + if (meth != NULL && meth->add != NULL) meth->add(buf, num, randomness); } @@ -917,24 +920,22 @@ int RAND_priv_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); RAND_DRBG *drbg; - int ret; - if (meth != RAND_OpenSSL()) + if (meth != NULL && meth != RAND_OpenSSL()) return RAND_bytes(buf, num); drbg = RAND_DRBG_get0_private(); - if (drbg == NULL) - return 0; + if (drbg != NULL) + return RAND_DRBG_bytes(drbg, buf, num); - ret = RAND_DRBG_bytes(drbg, buf, num); - return ret; + return 0; } int RAND_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->bytes != NULL) + if (meth != NULL && meth->bytes != NULL) return meth->bytes(buf, num); RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; @@ -945,8 +946,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->pseudorand != NULL) + if (meth != NULL && meth->pseudorand != NULL) return meth->pseudorand(buf, num); + RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } #endif @@ -955,7 +957,7 @@ int RAND_status(void) { const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth->status != NULL) + if (meth != NULL && meth->status != NULL) return meth->status(); return 0; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_local.h old mode 100755 new mode 100644 similarity index 98% rename from crypto/rand/rand_lcl.h rename to crypto/rand/rand_local.h index 306c59f6efa0..1bc9bf7d266d --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_RAND_LCL_H -# define HEADER_RAND_LCL_H +#ifndef OSSL_CRYPTO_RAND_LOCAL_H +# define OSSL_CRYPTO_RAND_LOCAL_H # include # include @@ -82,7 +82,7 @@ * Typically, the DRBGs will set a minimum larger than this so optimal * allocation ought to take place (for full quality seed material). * - * The normal value has been chosed by noticing that the rand_drbg_get_nonce + * The normal value has been chosen by noticing that the rand_drbg_get_nonce * function is usually the largest of the built in allocation (twenty four * bytes and then appending another sixteen bytes). This means the buffer ends * with 40 bytes. The value of forty eight is comfortably above this which diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 69efcdeed752..fe457cab4a3b 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,8 +15,8 @@ #include "internal/cryptlib.h" #include #include -#include "rand_lcl.h" -#include "internal/rand_int.h" +#include "rand_local.h" +#include "crypto/rand.h" #include #include "internal/dso.h" #ifdef __linux @@ -80,7 +80,8 @@ static uint64_t get_timer_bits(void); # define OSSL_POSIX_TIMER_OKAY # endif # endif -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none. this simplifies the following logic */ @@ -282,12 +283,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen) # if defined(OPENSSL_RAND_SEED_GETRANDOM) # if defined(__linux) && !defined(__NR_getrandom) -# if defined(__arm__) && defined(__NR_SYSCALL_BASE) +# if defined(__arm__) # define __NR_getrandom (__NR_SYSCALL_BASE+384) # elif defined(__i386__) # define __NR_getrandom 355 -# elif defined(__x86_64__) && !defined(__ILP32__) -# define __NR_getrandom 318 +# elif defined(__x86_64__) +# if defined(__ILP32__) +# define __NR_getrandom (__X32_SYSCALL_BIT + 318) +# else +# define __NR_getrandom 318 +# endif +# elif defined(__xtensa__) +# define __NR_getrandom 338 +# elif defined(__s390__) || defined(__s390x__) +# define __NR_getrandom 349 +# elif defined(__bfin__) +# define __NR_getrandom 389 +# elif defined(__powerpc__) +# define __NR_getrandom 359 +# elif defined(__mips__) || defined(__mips64) +# if _MIPS_SIM == _MIPS_SIM_ABI32 +# define __NR_getrandom (__NR_Linux + 353) +# elif _MIPS_SIM == _MIPS_SIM_ABI64 +# define __NR_getrandom (__NR_Linux + 313) +# elif _MIPS_SIM == _MIPS_SIM_NABI32 +# define __NR_getrandom (__NR_Linux + 317) +# endif +# elif defined(__hppa__) +# define __NR_getrandom (__NR_Linux + 339) +# elif defined(__sparc__) +# define __NR_getrandom 347 +# elif defined(__ia64__) +# define __NR_getrandom 1339 +# elif defined(__alpha__) +# define __NR_getrandom 511 +# elif defined(__sh__) +# if defined(__SH5__) +# define __NR_getrandom 373 +# else +# define __NR_getrandom 384 +# endif +# elif defined(__avr32__) +# define __NR_getrandom 317 +# elif defined(__microblaze__) +# define __NR_getrandom 385 +# elif defined(__m68k__) +# define __NR_getrandom 352 +# elif defined(__cris__) +# define __NR_getrandom 356 +# elif defined(__aarch64__) +# define __NR_getrandom 278 +# else /* generic */ +# define __NR_getrandom 278 # endif # endif @@ -814,4 +861,5 @@ static uint64_t get_timer_bits(void) # endif return time(NULL); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c index 2b59353b1154..17e86f690e01 100644 --- a/crypto/rc2/rc2_cbc.c +++ b/crypto/rc2/rc2_cbc.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int encrypt) diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c index fb2f78273d8e..8d9927cd5858 100644 --- a/crypto/rc2/rc2_ecb.c +++ b/crypto/rc2/rc2_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" #include /*- diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_local.h similarity index 100% rename from crypto/rc2/rc2_locl.h rename to crypto/rc2/rc2_local.h diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c index 55d8ba37155c..60ebd42f2636 100644 --- a/crypto/rc2/rc2_skey.c +++ b/crypto/rc2/rc2_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" static const unsigned char key_table[256] = { 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c index e11093db9e21..8d1c3a4d8f66 100644 --- a/crypto/rc2/rc2cfb64.c +++ b/crypto/rc2/rc2cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c index d610278a9bdc..61b2c56434bf 100644 --- a/crypto/rc2/rc2ofb64.c +++ b/crypto/rc2/rc2ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc2_locl.h" +#include "rc2_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl index 8c5cf87d05ce..3a936de1f9a7 100644 --- a/crypto/rc4/asm/rc4-586.pl +++ b/crypto/rc4/asm/rc4-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -423,4 +423,4 @@ $idx="edx"; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl index 1354d1821493..b12d044af465 100755 --- a/crypto/rc4/asm/rc4-c64xplus.pl +++ b/crypto/rc4/asm/rc4-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -189,4 +189,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl index 74e5191051eb..7aa5c21bd836 100755 --- a/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/crypto/rc4/asm/rc4-md5-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -484,6 +484,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,6 +520,7 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options @@ -658,4 +660,4 @@ $code =~ s/#rc4#//gm if ($rc4); print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl index 4111f339dae4..631e742b739d 100755 --- a/crypto/rc4/asm/rc4-parisc.pl +++ b/crypto/rc4/asm/rc4-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -330,4 +330,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl index 469f110fafee..dded0b75e7f9 100755 --- a/crypto/rc4/asm/rc4-s390x.pl +++ b/crypto/rc4/asm/rc4-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -184,7 +184,7 @@ $code.=<<___; RC4_set_key: stm${g} %r6,%r8,6*$SIZE_T($sp) lhi $cnt,256 - la $idx,0(%r0) + la $idx,0 sth $idx,0($key) .align 4 .L1stloop: @@ -194,8 +194,8 @@ RC4_set_key: lghi $ikey,-256 lr $cnt,$len - la $iinp,0(%r0) - la $idx,0(%r0) + la $iinp,0 + la $idx,0 .align 16 .L2ndloop: llgc $acc,2+256($ikey,$key) @@ -212,7 +212,7 @@ RC4_set_key: jz .Ldone brct $cnt,.L2ndloop lr $cnt,$len - la $iinp,0(%r0) + la $iinp,0 j .L2ndloop .Ldone: lm${g} %r6,%r8,6*$SIZE_T($sp) @@ -238,4 +238,4 @@ RC4_options: ___ print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl index 1a9cc47d7253..423eb5b4a997 100755 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ b/crypto/rc4/asm/rc4-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -138,11 +138,12 @@ $code=<<___; .globl RC4 .type RC4,\@function,4 .align 16 -RC4: or $len,$len +RC4: +.cfi_startproc + or $len,$len jne .Lentry ret .Lentry: -.cfi_startproc push %rbx .cfi_push %rbx push %r12 @@ -453,6 +454,7 @@ $code.=<<___; .type RC4_set_key,\@function,3 .align 16 RC4_set_key: +.cfi_startproc lea 8($dat),$dat lea ($inp,$len),$inp neg $len @@ -519,12 +521,14 @@ RC4_set_key: mov %eax,-8($dat) mov %eax,-4($dat) ret +.cfi_endproc .size RC4_set_key,.-RC4_set_key .globl RC4_options .type RC4_options,\@abi-omnipotent .align 16 RC4_options: +.cfi_startproc lea .Lopts(%rip),%rax mov OPENSSL_ia32cap_P(%rip),%edx bt \$20,%edx @@ -537,6 +541,7 @@ RC4_options: add \$12,%rax .Ldone: ret +.cfi_endproc .align 64 .Lopts: .asciz "rc4(8x,int)" @@ -693,4 +698,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c index 638a75bb06a9..09ef6a896f07 100644 --- a/crypto/rc4/rc4_enc.c +++ b/crypto/rc4/rc4_enc.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" /*- * RC4 as implemented from a posting from diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_local.h similarity index 86% rename from crypto/rc4/rc4_locl.h rename to crypto/rc4/rc4_local.h index 4380addbccb2..e739be4be793 100644 --- a/crypto/rc4/rc4_locl.h +++ b/crypto/rc4/rc4_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_RC4_LOCL_H -# define HEADER_RC4_LOCL_H +#ifndef OSSL_CRYPTO_RC4_LOCAL_H +# define OSSL_CRYPTO_RC4_LOCAL_H # include # include "internal/cryptlib.h" diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c index e9007331eb33..100eb79c2ada 100644 --- a/crypto/rc4/rc4_skey.c +++ b/crypto/rc4/rc4_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc4_locl.h" +#include "rc4_local.h" #include const char *RC4_options(void) diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl index e58a98bc83b6..af11be816259 100644 --- a/crypto/rc5/asm/rc5-586.pl +++ b/crypto/rc5/asm/rc5-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ $tmp4="edx"; &cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub RC5_32_encrypt { diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c index c32f38e473e8..94ec646390dd 100644 --- a/crypto/rc5/rc5_ecb.c +++ b/crypto/rc5/rc5_ecb.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" #include void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c index 58631dee20d2..75ddeb2eaf2b 100644 --- a/crypto/rc5/rc5_enc.c +++ b/crypto/rc5/rc5_enc.c @@ -9,7 +9,7 @@ #include #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC5_32_KEY *ks, unsigned char *iv, diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_local.h similarity index 100% rename from crypto/rc5/rc5_locl.h rename to crypto/rc5/rc5_local.h diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c index 943a7849bb89..b2e6bbb1af24 100644 --- a/crypto/rc5/rc5_skey.c +++ b/crypto/rc5/rc5_skey.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds) diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c index 9a8aa6b244c9..cfce7ec1e84c 100644 --- a/crypto/rc5/rc5cfb64.c +++ b/crypto/rc5/rc5cfb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit cfb mode is being used. diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c index 3a41d773cb6e..224eb968579c 100644 --- a/crypto/rc5/rc5ofb64.c +++ b/crypto/rc5/rc5ofb64.c @@ -8,7 +8,7 @@ */ #include -#include "rc5_locl.h" +#include "rc5_local.h" /* * The input and output encrypted as though 64bit ofb mode is being used. diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl index 84aa7ced17c0..e8d02812ba5e 100644 --- a/crypto/ripemd/asm/rmd-586.pl +++ b/crypto/ripemd/asm/rmd-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ $KR3=0x7A6D76E9; &ripemd160_block("ripemd160_block_asm_data_order"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; sub Xv { diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c index a1670c7fbd83..e9e440f18c10 100644 --- a/crypto/ripemd/rmd_dgst.c +++ b/crypto/ripemd/rmd_dgst.c @@ -8,7 +8,7 @@ */ #include -#include "rmd_locl.h" +#include "rmd_local.h" #include #ifdef RMD160_ASM @@ -39,7 +39,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) register unsigned MD32_REG_T A, B, C, D, E; unsigned MD32_REG_T a, b, c, d, e, l; # ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_locl.h for details. */ + /* See comment in crypto/sha/sha_local.h for details. */ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; # define X(i) XX##i diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_local.h similarity index 96% rename from crypto/ripemd/rmd_locl.h rename to crypto/ripemd/rmd_local.h index f1ae4323ca9b..f3604e349006 100644 --- a/crypto/ripemd/rmd_locl.h +++ b/crypto/ripemd/rmd_local.h @@ -13,7 +13,7 @@ #include /* - * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c + * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c * FOR EXPLANATIONS ON FOLLOWING "CODE." */ #ifdef RMD160_ASM @@ -42,7 +42,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#include "internal/md32_common.h" +#include "crypto/md32_common.h" /* * Transformed F2 and F4 are courtesy of Wei Dai diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 9dcb85d83757..6692a51ed8fe 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "rsa_local.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index 9fe62c82eb2f..e8df8d762e16 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* * Override the default free and new methods, diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 1b69be30ca41..b4ba7fce3ffb 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -9,7 +9,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_check_key(const RSA *key) { diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index f4ef8b4381f7..f1131ce9e0ad 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_bits(const RSA *r) { diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 2b818088606c..29056a62a1ae 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -17,7 +17,7 @@ #include #include "internal/cryptlib.h" #include -#include "rsa_locl.h" +#include "rsa_local.h" static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, BN_GENCB *cb); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index e737a28898cc..63fd1a6db492 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -11,11 +11,11 @@ #include #include "internal/cryptlib.h" #include "internal/refcount.h" -#include "internal/bn_int.h" +#include "crypto/bn.h" #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" RSA *RSA_new(void) { @@ -451,6 +451,11 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r) return r->iqmp; } +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) +{ + return r->pss; +} + void RSA_clear_flags(RSA *r, int flags) { r->flags &= ~flags; diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_local.h similarity index 100% rename from crypto/rsa/rsa_locl.h rename to crypto/rsa/rsa_local.h diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c index def19f375f92..2845b79db8ef 100644 --- a/crypto/rsa/rsa_meth.c +++ b/crypto/rsa/rsa_meth.c @@ -8,7 +8,7 @@ */ #include -#include "rsa_locl.h" +#include "rsa_local.h" #include RSA_METHOD *RSA_meth_new(const char *name, int flags) diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c index e7e810823b27..44dda8f800bc 100644 --- a/crypto/rsa/rsa_mp.c +++ b/crypto/rsa/rsa_mp.c @@ -10,7 +10,7 @@ #include #include -#include "rsa_locl.h" +#include "rsa_local.h" void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) { diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 48b888bf27ad..302360a96415 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -20,7 +20,7 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -28,7 +28,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index c8c3b7886aa9..b52a66f6a628 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -8,9 +8,9 @@ */ #include "internal/cryptlib.h" -#include "internal/bn_int.h" -#include "rsa_locl.h" -#include "internal/constant_time_locl.h" +#include "crypto/bn.h" +#include "rsa_local.h" +#include "internal/constant_time.h" static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 5260d12f4c91..a3d0b7cef81e 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -57,7 +57,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, * D - data. */ - if (num < 11) + if (num < RSA_PKCS1_PADDING_SIZE) return -1; /* Accept inputs with and without the leading 0-byte. */ @@ -120,7 +120,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -169,7 +169,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * section 7.2.2. */ - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); return -1; @@ -226,8 +226,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, good &= constant_time_ge(tlen, mlen); /* - * Move the result in-place by |num|-11-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+11 to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -235,16 +235,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), - num - 11, tlen); - for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); - for (i = 11; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + 11], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 082ab8fd8a1f..0eb21c8af975 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" #include #include "internal/cryptlib.h" @@ -18,8 +18,8 @@ #include #include #include -#include "internal/evp_int.h" -#include "rsa_locl.h" +#include "crypto/evp.h" +#include "rsa_local.h" /* RSA pkey context structure */ diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index f7c575d00ab1..40ce1c4d378a 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -14,7 +14,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 952d24fb8ae4..7fc69361bf0a 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -13,8 +13,8 @@ #include #include #include -#include "internal/x509_int.h" -#include "rsa_locl.h" +#include "crypto/x509.h" +#include "rsa_local.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 3859128a6d80..1f155be175da 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/constant_time_locl.h" +#include "internal/constant_time.h" int RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from, int flen) @@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, int i, j; unsigned char *p; - if (flen > (tlen - 11)) { + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; @@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, if (tlen <= 0 || flen <= 0) return -1; - if (flen > num || num < 11) { + if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } @@ -141,8 +141,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE); /* - * Move the result in-place by |num|-11-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+11 to |to|. + * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. + * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. * Otherwise leave |to| unchanged. * Copy the memory back in a way that does not reveal the size of * the data being copied via a timing side channel. This requires copying @@ -150,16 +150,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, * length. Clear bits do a non-copy with identical access pattern. * The loop below has overall complexity of O(N*log(N)). */ - tlen = constant_time_select_int(constant_time_lt(num - 11, tlen), - num - 11, tlen); - for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0); - for (i = 11; i < num - msg_index; i++) + tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), + num - RSA_PKCS1_PADDING_SIZE, tlen); + for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { + mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); + for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); } for (i = 0; i < tlen; i++) { mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + 11], to[i]); + to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); } OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index e7ac476bb4a4..322cd14a840d 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -12,7 +12,7 @@ #include #include #include -#include "rsa_locl.h" +#include "rsa_local.h" /* X9.31 RSA key derivation and generation */ diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 4a775a927db7..4d2cc02eb3d3 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef S390X_ARCH_H -# define S390X_ARCH_H +#ifndef OSSL_CRYPTO_S390X_ARCH_H +# define OSSL_CRYPTO_S390X_ARCH_H # ifndef __ASSEMBLER__ diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl index ec700a47d98e..5cbb962530c5 100755 --- a/crypto/s390xcpuid.pl +++ b/crypto/s390xcpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -418,4 +418,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; # force flush +close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c index d62da91edea6..c3a1f183a5cc 100644 --- a/crypto/seed/seed.c +++ b/crypto/seed/seed.c @@ -42,7 +42,7 @@ # endif # include -# include "seed_locl.h" +# include "seed_local.h" # ifdef SS /* can get defined on Solaris by inclusion of * */ diff --git a/crypto/seed/seed_locl.h b/crypto/seed/seed_local.h similarity index 97% rename from crypto/seed/seed_locl.h rename to crypto/seed/seed_local.h index ac2950d97c2b..e3681f8bd455 100644 --- a/crypto/seed/seed_locl.h +++ b/crypto/seed/seed_local.h @@ -32,8 +32,8 @@ * SUCH DAMAGE. * */ -#ifndef HEADER_SEED_LOCL_H -# define HEADER_SEED_LOCL_H +#ifndef OSSL_CRYPTO_SEED_LOCAL_H +# define OSSL_CRYPTO_SEED_LOCAL_H # include "openssl/e_os2.h" # include @@ -109,4 +109,4 @@ typedef unsigned int seed_word; (X1) ^= (T0); \ (X2) ^= (T1) -#endif /* HEADER_SEED_LOCL_H */ +#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ diff --git a/crypto/sha/asm/keccak1600-armv4.pl b/crypto/sha/asm/keccak1600-armv4.pl index cb8ccc90f5b9..39fe559e974b 100755 --- a/crypto/sha/asm/keccak1600-armv4.pl +++ b/crypto/sha/asm/keccak1600-armv4.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1603,4 +1603,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl index 3173c77f5363..ce5df4d6de1b 100755 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ b/crypto/sha/asm/keccak1600-armv8.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -877,4 +877,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx2.pl b/crypto/sha/asm/keccak1600-avx2.pl index d9fc1c59ec29..6104caf4ff1f 100755 --- a/crypto/sha/asm/keccak1600-avx2.pl +++ b/crypto/sha/asm/keccak1600-avx2.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -479,4 +479,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512.pl b/crypto/sha/asm/keccak1600-avx512.pl index 9074ff02dec3..6bfff7881756 100755 --- a/crypto/sha/asm/keccak1600-avx512.pl +++ b/crypto/sha/asm/keccak1600-avx512.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -548,4 +548,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512vl.pl b/crypto/sha/asm/keccak1600-avx512vl.pl index a21bb8615a7c..446706fc67d1 100755 --- a/crypto/sha/asm/keccak1600-avx512vl.pl +++ b/crypto/sha/asm/keccak1600-avx512vl.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -389,4 +389,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-c64x.pl b/crypto/sha/asm/keccak1600-c64x.pl index b00af9af91d8..4d1bbee2cfdd 100755 --- a/crypto/sha/asm/keccak1600-c64x.pl +++ b/crypto/sha/asm/keccak1600-c64x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -882,4 +882,4 @@ ___ $output=pop; open STDOUT,">$output"; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-mmx.pl b/crypto/sha/asm/keccak1600-mmx.pl index c7685add79dd..353f1e147c3b 100755 --- a/crypto/sha/asm/keccak1600-mmx.pl +++ b/crypto/sha/asm/keccak1600-mmx.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ # produce worse code. On the other hand one can wonder why not 128-bit # SSE2? Well, SSE2 won't provide double improvement, rather far from # that, if any at all on some processors, because it will take extra -# permutations and inter-bank data trasfers. Besides, contemporary +# permutations and inter-bank data transfers. Besides, contemporary # CPUs are better off executing 64-bit code, and it makes lesser sense # to invest into fancy 32-bit code. And the decision doesn't seem to # be inadequate, if one compares below results to "64-bit platforms in @@ -437,4 +437,4 @@ sub Rho() { ######### regular Rho step &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl index 30e70c5d6d7b..11b6329f09c0 100755 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ b/crypto/sha/asm/keccak1600-ppc64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -755,4 +755,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl index 1184cf233eba..a7d819a59057 100755 --- a/crypto/sha/asm/keccak1600-s390x.pl +++ b/crypto/sha/asm/keccak1600-s390x.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -557,4 +557,4 @@ ___ $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl index 42de5bf12344..b1a7e65e6baa 100755 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ b/crypto/sha/asm/keccak1600-x86_64.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ # Ryzen 8.8 # # (*) Corresponds to SHA3-256. Improvement over compiler-generate -# varies a lot, most commont coefficient is 15% in comparison to +# varies a lot, most common coefficient is 15% in comparison to # gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x. # (**) Sandy Bridge has broken rotate instruction. Performance can be # improved by 14% by replacing rotates with double-precision @@ -84,6 +84,7 @@ $code.=<<___; .type __KeccakF1600,\@abi-omnipotent .align 32 __KeccakF1600: +.cfi_startproc mov $A[4][0](%rdi),@C[0] mov $A[4][1](%rdi),@C[1] mov $A[4][2](%rdi),@C[2] @@ -342,6 +343,7 @@ $code.=<<___; lea -192($iotas),$iotas # rewind iotas ret +.cfi_endproc .size __KeccakF1600,.-__KeccakF1600 .type KeccakF1600,\@abi-omnipotent @@ -604,4 +606,4 @@ foreach (split("\n",$code)) { print $_, "\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl index de2bcd660a09..c04c7deafeda 100755 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ b/crypto/sha/asm/keccak1600p8-ppc.pl @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -847,4 +847,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl index 9d4ff7f39a52..f7b85e6c6d7e 100644 --- a/crypto/sha/asm/sha1-586.pl +++ b/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 @@ -1488,4 +1488,4 @@ sub Xtail_avx() &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 7ff5bfbba6cb..52d426bb29f8 100755 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -739,4 +739,4 @@ foreach (split($/,$code)) { print $_,$/; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl index 3ba871fedee6..aa44feb9c7c5 100755 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -361,4 +361,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl index 4db2bcb06b31..ceec503a9829 100755 --- a/crypto/sha/asm/sha1-c64xplus.pl +++ b/crypto/sha/asm/sha1-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -334,4 +334,4 @@ $code.=<<___; ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl index 443b649830f4..a78266d62fc3 100755 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/crypto/sha/asm/sha1-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1625,4 +1625,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index 08f84bc3b3d9..c293cd3bfa4e 100755 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -458,4 +458,4 @@ $code.=<<___; .asciiz "SHA1 for MIPS, CRYPTOGAMS by " ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl index b001be16a23c..70ef7956abfa 100755 --- a/crypto/sha/asm/sha1-parisc.pl +++ b/crypto/sha/asm/sha1-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -276,4 +276,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl index 0cda0a3e1517..650a62912008 100755 --- a/crypto/sha/asm/sha1-ppc.pl +++ b/crypto/sha/asm/sha1-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -348,4 +348,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl index 5729c3089877..653a6cb50a8a 100755 --- a/crypto/sha/asm/sha1-s390x.pl +++ b/crypto/sha/asm/sha1-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -246,4 +246,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl index 3e612e3d5f68..8c23d85a3d09 100755 --- a/crypto/sha/asm/sha1-sparcv9.pl +++ b/crypto/sha/asm/sha1-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -431,4 +431,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl index 50d3e136a12d..4e90da4b8bc9 100755 --- a/crypto/sha/asm/sha1-sparcv9a.pl +++ b/crypto/sha/asm/sha1-sparcv9a.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -605,4 +605,4 @@ $code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ &unalignaddr($1,$2,$3,$4) /gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl index ac74a25d6ead..b53e0bee052d 100755 --- a/crypto/sha/asm/sha1-thumb.pl +++ b/crypto/sha/asm/sha1-thumb.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -263,4 +263,4 @@ $code.=<<___; ___ print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl index 60819f61867c..0680d6d0a2b2 100755 --- a/crypto/sha/asm/sha1-x86_64.pl +++ b/crypto/sha/asm/sha1-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -119,7 +119,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -468,8 +468,8 @@ $code.=<<___ if ($win64); .Lepilogue_shaext: ___ $code.=<<___; -.cfi_endproc ret +.cfi_endproc .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext ___ }}} @@ -2129,4 +2129,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index dccc771ad584..6989d59bd735 100755 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1293,4 +1293,4 @@ sub bodyx_00_15 () { # +10% &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index edcfc31278e3..d120febb4832 100755 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -729,4 +729,4 @@ foreach (split($/,$code)) { print $_,"\n"; } -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl index 3ab7d9b68946..b2d00e4fb1ab 100755 --- a/crypto/sha/asm/sha256-c64xplus.pl +++ b/crypto/sha/asm/sha256-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -317,4 +317,4 @@ K256: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl index 73978dbd81d6..81ac814effc4 100755 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/crypto/sha/asm/sha256-mb-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -1611,4 +1611,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index 867ce30b9721..66b6e96f9ded 100755 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -922,4 +922,4 @@ sub BODY_00_15_ssse3 { # "phase-less" copy of BODY_00_15_sse2 &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 0b4c5674d9df..e9c5e0ce7687 100755 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -665,4 +665,4 @@ while() { close SELF; print $code; -close STDOUT; # enforce flush +close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl index 01ffe9f98c3e..07dcba42dcf4 100755 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -902,4 +902,4 @@ foreach(split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl index 9ebfc92e23ae..4263fb1349aa 100755 --- a/crypto/sha/asm/sha512-c64xplus.pl +++ b/crypto/sha/asm/sha512-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -435,4 +435,4 @@ K512: ___ print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index dab684dde5bc..15acd5308dda 100755 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -518,4 +518,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl index 59eb320ab6ed..132f1db8eb9e 100755 --- a/crypto/sha/asm/sha512-parisc.pl +++ b/crypto/sha/asm/sha512-parisc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -804,4 +804,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl index 71699f663706..265ecfa58c87 100755 --- a/crypto/sha/asm/sha512-ppc.pl +++ b/crypto/sha/asm/sha512-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -796,4 +796,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl index 4c0f4e79315b..9752fed4ea26 100755 --- a/crypto/sha/asm/sha512-s390x.pl +++ b/crypto/sha/asm/sha512-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -321,4 +321,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem; $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index c215909633ae..54429d34e398 100755 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -854,4 +854,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl index f2ebdfdb68b6..64ae641c1407 100755 --- a/crypto/sha/asm/sha512-x86_64.pl +++ b/crypto/sha/asm/sha512-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -135,7 +135,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $avx = ($1>=10) + ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } @@ -569,6 +569,7 @@ $code.=<<___; .align 64 sha256_block_data_order_shaext: _shaext_shortcut: +.cfi_startproc ___ $code.=<<___ if ($win64); lea `-8-5*16`(%rsp),%rsp @@ -712,6 +713,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret +.cfi_endproc .size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext ___ }}} @@ -1992,7 +1994,23 @@ $code.=<<___; vmovdqa $t0,0x00(%rsp) xor $a1,$a1 vmovdqa $t1,0x20(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; mov $B,$a3 vmovdqa $t2,0x00(%rsp) xor $C,$a3 # magic @@ -2012,7 +2030,18 @@ my @X = @_; my @insns = (&$body,&$body,&$body,&$body); # 96 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%2)==0); + if (($j%2)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_256_AVX()) { # 29 instructions eval; eval(shift(@insns)); @@ -2083,7 +2112,23 @@ $code.=<<___; vmovdqa $t2,0x40(%rsp) vpaddq 0x40($Tbl),@X[6],$t2 vmovdqa $t3,0x60(%rsp) +___ +$code.=<<___ if (!$win64); +# temporarily use %rdi as frame pointer + mov $_rsp,%rdi +.cfi_def_cfa %rdi,8 +___ +$code.=<<___; lea -$PUSH8(%rsp),%rsp +___ +$code.=<<___ if (!$win64); +# the frame info is at $_rsp, but the stack is moving... +# so a second frame pointer is saved at -8(%rsp) +# that is in the red zone + mov %rdi,-8(%rsp) +.cfi_cfa_expression %rsp-8,deref,+8 +___ +$code.=<<___; vpaddq 0x60($Tbl),@X[7],$t3 vmovdqa $t0,0x00(%rsp) xor $a1,$a1 @@ -2107,7 +2152,18 @@ my @X = @_; my @insns = (&$body,&$body); # 48 instructions my $base = "+2*$PUSH8(%rsp)"; - &lea ("%rsp","-$PUSH8(%rsp)") if (($j%4)==0); + if (($j%4)==0) { + &lea ("%rsp","-$PUSH8(%rsp)"); +$code.=<<___ if (!$win64); +.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 +# copy secondary frame pointer to new location again at -8(%rsp) + pushq $PUSH8-8(%rsp) +.cfi_cfa_expression %rsp,deref,+8 + lea 8(%rsp),%rsp +.cfi_cfa_expression %rsp-8,deref,+8 +___ + } + foreach (Xupdate_512_AVX()) { # 23 instructions eval; if ($_ !~ /\;$/) { @@ -2182,6 +2238,8 @@ $code.=<<___; add $a1,$A #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp lea `2*$SZ*($rounds-8)`(%rsp),%rsp +# restore frame pointer to original location at $_rsp +.cfi_cfa_expression $_rsp,deref,+8 add $SZ*0($ctx),$A add $SZ*1($ctx),$B @@ -2207,22 +2265,24 @@ $code.=<<___; jbe .Loop_avx2 lea (%rsp),$Tbl +# temporarily use $Tbl as index to $_rsp +# this avoids the need to save a secondary frame pointer at -8(%rsp) +.cfi_cfa_expression $Tbl+`16*$SZ+3*8`,deref,+8 .Ldone_avx2: - lea ($Tbl),%rsp - mov $_rsp,%rsi + mov `16*$SZ+3*8`($Tbl),%rsi .cfi_def_cfa %rsi,8 vzeroupper ___ $code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 + movaps 16*$SZ+32($Tbl),%xmm6 + movaps 16*$SZ+48($Tbl),%xmm7 + movaps 16*$SZ+64($Tbl),%xmm8 + movaps 16*$SZ+80($Tbl),%xmm9 ___ $code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96(%rsp),%xmm10 - movaps 16*$SZ+112(%rsp),%xmm11 + movaps 16*$SZ+96($Tbl),%xmm10 + movaps 16*$SZ+112($Tbl),%xmm11 ___ $code.=<<___; mov -48(%rsi),%r15 @@ -2495,4 +2555,4 @@ foreach (split("\n",$code)) { print $_,"\n"; } -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index 0d4fdd292c07..3f202964261d 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -417,4 +417,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index 819370e61540..7965829e64b0 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -14,4 +14,4 @@ /* The implementation is in ../md32_common.h */ -# include "sha_locl.h" +# include "sha_local.h" diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index bf78f075eefb..11050ba54714 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -128,7 +128,7 @@ static #endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #ifndef SHA256_ASM static const SHA_LONG K256[64] = { diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 50b65ee811d6..ca1f387a64f8 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -50,7 +50,7 @@ #include #include "internal/cryptlib.h" -#include "internal/sha.h" +#include "crypto/sha.h" #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_local.h similarity index 99% rename from crypto/sha/sha_locl.h rename to crypto/sha/sha_local.h index 4e5a09038267..6edb9ef1d27e 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_local.h @@ -42,7 +42,7 @@ static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #endif -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #define INIT_DATA_h0 0x67452301UL #define INIT_DATA_h1 0xefcdab89UL diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c index be74a38d934d..07d94c1e6e59 100644 --- a/crypto/siphash/siphash.c +++ b/crypto/siphash/siphash.c @@ -27,7 +27,7 @@ #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" /* default: SipHash-2-4 */ diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c index c0ab7efae4b6..2da6dfec8025 100644 --- a/crypto/siphash/siphash_ameth.c +++ b/crypto/siphash/siphash_ameth.c @@ -10,10 +10,10 @@ #include #include "internal/cryptlib.h" #include -#include "internal/asn1_int.h" -#include "internal/siphash.h" +#include "crypto/asn1.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* * SIPHASH "ASN1" method. This is just here to indicate the maximum diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c index 66e552fec5e5..0c7d2c61902c 100644 --- a/crypto/siphash/siphash_pmeth.c +++ b/crypto/siphash/siphash_pmeth.c @@ -13,9 +13,9 @@ #include #include #include -#include "internal/siphash.h" +#include "crypto/siphash.h" #include "siphash_local.h" -#include "internal/evp_int.h" +#include "crypto/evp.h" /* SIPHASH pkey context structure */ diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 4389fc731edd..ef505f64412b 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ecdh_KDF_X9_63() */ #include #include #include diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index 653c6797f86f..e5973e9c7140 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -9,7 +9,7 @@ */ #include -#include "internal/sm2err.h" +#include "crypto/sm2err.h" #ifndef OPENSSL_NO_ERR diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index d187699cc411..b42a14c32f26 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -11,9 +11,9 @@ #include #include #include -#include "internal/evp_int.h" -#include "internal/sm2.h" -#include "internal/sm2err.h" +#include "crypto/evp.h" +#include "crypto/sm2.h" +#include "crypto/sm2err.h" /* EC pkey context structure */ @@ -220,6 +220,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) *(size_t *)p2 = smctx->id_len; return 1; + case EVP_PKEY_CTRL_DIGESTINIT: + /* nothing to be inited, this is to suppress the error... */ + return 1; + default: return -2; } diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 50ecb4d68cc6..683f03f93580 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -9,9 +9,9 @@ * https://www.openssl.org/source/license.html */ -#include "internal/sm2.h" -#include "internal/sm2err.h" -#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */ +#include "crypto/sm2.h" +#include "crypto/sm2err.h" +#include "crypto/ec.h" /* ec_group_do_inverse_ord() */ #include "internal/numbers.h" #include #include diff --git a/crypto/sm3/m_sm3.c b/crypto/sm3/m_sm3.c index 85538dc8af06..7e54f4298431 100644 --- a/crypto/sm3/m_sm3.c +++ b/crypto/sm3/m_sm3.c @@ -12,8 +12,8 @@ #ifndef OPENSSL_NO_SM3 # include -# include "internal/evp_int.h" -# include "internal/sm3.h" +# include "crypto/evp.h" +# include "crypto/sm3.h" static int init(EVP_MD_CTX *ctx) { diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c index 1588dd115aa2..d78292b4c5b7 100644 --- a/crypto/sm3/sm3.c +++ b/crypto/sm3/sm3.c @@ -10,7 +10,7 @@ */ #include -#include "sm3_locl.h" +#include "sm3_local.h" int sm3_init(SM3_CTX *c) { diff --git a/crypto/sm3/sm3_locl.h b/crypto/sm3/sm3_local.h similarity index 97% rename from crypto/sm3/sm3_locl.h rename to crypto/sm3/sm3_local.h index efa6db57c6cd..7171de510de3 100644 --- a/crypto/sm3/sm3_locl.h +++ b/crypto/sm3/sm3_local.h @@ -10,7 +10,7 @@ */ #include -#include "internal/sm3.h" +#include "crypto/sm3.h" #define DATA_ORDER_IS_BIG_ENDIAN @@ -36,7 +36,7 @@ void sm3_transform(SM3_CTX *c, const unsigned char *data); -#include "internal/md32_common.h" +#include "crypto/md32_common.h" #define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) #define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) diff --git a/crypto/sm4/sm4.c b/crypto/sm4/sm4.c index 0c819a4b68eb..5750e763319a 100644 --- a/crypto/sm4/sm4.c +++ b/crypto/sm4/sm4.c @@ -10,7 +10,7 @@ */ #include -#include "internal/sm4.h" +#include "crypto/sm4.h" static const uint8_t SM4_S[256] = { 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, diff --git a/crypto/sparc_arch.h b/crypto/sparc_arch.h index 99eafb331352..c74063be2fa6 100644 --- a/crypto/sparc_arch.h +++ b/crypto/sparc_arch.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef __SPARC_ARCH_H__ -# define __SPARC_ARCH_H__ +#ifndef OSSL_CRYPTO_SPARC_ARCH_H +# define OSSL_CRYPTO_SPARC_ARCH_H # define SPARCV9_TICK_PRIVILEGED (1<<0) # define SPARCV9_PREFER_FPU (1<<1) @@ -115,4 +115,4 @@ mov tmp, %o7; # endif -#endif /* __SPARC_ARCH_H__ */ +#endif /* OSSL_CRYPTO_SPARC_ARCH_H */ diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c index c8c567536b33..ff1a983ac98b 100644 --- a/crypto/sparcv9cap.c +++ b/crypto/sparcv9cap.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -268,7 +268,7 @@ void OPENSSL_cpuid_setup(void) /* * In wait for better solution _sparcv9_rdcfr is masked by - * VIS3 flag, because it goes to uninterruptable endless + * VIS3 flag, because it goes to uninterruptible endless * loop on UltraSPARC II running Solaris. Things might be * different on Linux... */ diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index ca20f6d09798..4f417de0c989 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -16,7 +16,7 @@ # include # include # include -# include "internal/bn_srp.h" +# include "crypto/bn_srp.h" /* calculate = SHA1(PAD(x) || PAD(y)) */ diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index eb279dd4187a..3dd2ab050757 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -13,7 +13,7 @@ #ifndef OPENSSL_NO_SRP # include "internal/cryptlib.h" -# include "internal/evp_int.h" +# include "crypto/evp.h" # include # include # include diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 6f569ee62d71..8f1d20e74aa4 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -24,12 +24,12 @@ #include #include #include /* For the PKCS8 stuff o.O */ -#include "internal/asn1_int.h" -#include "internal/ctype.h" +#include "crypto/asn1.h" +#include "crypto/ctype.h" #include "internal/o_dir.h" #include "internal/cryptlib.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" #ifdef _WIN32 # define stat _stat diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c index b398bf598ff6..0103c8db8aaf 100644 --- a/crypto/store/store_init.c +++ b/crypto/store/store_init.c @@ -8,8 +8,8 @@ */ #include -#include "internal/store.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_store_init) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 7de2e31f556f..fb8184d2d9b5 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -18,8 +18,8 @@ #include #include #include "internal/thread_once.h" -#include "internal/store_int.h" -#include "store_locl.h" +#include "crypto/store.h" +#include "store_local.h" struct ossl_store_ctx_st { const OSSL_STORE_LOADER *loader; diff --git a/crypto/store/store_locl.h b/crypto/store/store_local.h similarity index 100% rename from crypto/store/store_locl.h rename to crypto/store/store_local.h diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c index e68cb3c56853..3631d9b50634 100644 --- a/crypto/store/store_register.c +++ b/crypto/store/store_register.c @@ -8,12 +8,12 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include -#include "store_locl.h" +#include "store_local.h" static CRYPTO_RWLOCK *registry_lock; static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; diff --git a/crypto/threads_none.c b/crypto/threads_none.c index aabf0e0dc090..aaaaae872a9b 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -143,7 +143,7 @@ int openssl_get_fork_id(void) # if defined(OPENSSL_SYS_UNIX) return getpid(); # else - return return 0; + return 0; # endif } #endif diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 8707207082c9..2840f5858acb 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -10,7 +10,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index ce2e12c593e0..bfe981364b03 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) { diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_local.h similarity index 100% rename from crypto/ts/ts_lcl.h rename to crypto/ts/ts_local.h diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c index 0dedf47d924b..4eba5cf0181c 100644 --- a/crypto/ts/ts_req_print.c +++ b/crypto/ts/ts_req_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_print_bio(BIO *bio, TS_REQ *a) { diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 2073d3395d75..a4568e3b779d 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 6eb0ec8d7504..a2451aaa8d81 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -13,7 +13,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" struct status_map_st { int bit; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 1b2b84ef6b67..a584ae5f5edd 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -14,7 +14,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 3ecee39a22c2..3fa0dbd0f09e 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) { diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 9deda81b07fb..086021247c01 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -12,7 +12,7 @@ #include #include #include -#include "ts_lcl.h" +#include "ts_local.h" static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index d4792ee04f59..1e80e0d37029 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -10,7 +10,7 @@ #include "internal/cryptlib.h" #include #include -#include "ts_lcl.h" +#include "ts_local.h" TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index f550972d3eec..49cc45057c4c 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -13,7 +13,7 @@ #include #include #include -#include "ui_locl.h" +#include "ui_local.h" UI *UI_new(void) { diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_local.h similarity index 98% rename from crypto/ui/ui_locl.h rename to crypto/ui/ui_local.h index 19b33b8fc677..8a7dbda14721 100644 --- a/crypto/ui/ui_locl.h +++ b/crypto/ui/ui_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_UI_LOCL_H -# define HEADER_UI_LOCL_H +#ifndef OSSL_CRYPTO_UI_LOCAL_H +# define OSSL_CRYPTO_UI_LOCAL_H # include # include diff --git a/crypto/ui/ui_null.c b/crypto/ui/ui_null.c index 9e5f6fca59e5..9ab00e0a7cb8 100644 --- a/crypto/ui/ui_null.c +++ b/crypto/ui/ui_null.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ui_locl.h" +#include "ui_local.h" static const UI_METHOD ui_null = { "OpenSSL NULL UI", diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 0ec9f0daf333..168de4630dcc 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -53,7 +53,7 @@ # endif # endif -# include "ui_locl.h" +# include "ui_local.h" # include "internal/cryptlib.h" # ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index b379324f9bab..32a3c4e38de2 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -8,8 +8,9 @@ */ #include +#include /* PEM_def_callback() */ #include "internal/thread_once.h" -#include "ui_locl.h" +#include "ui_local.h" #ifndef BUFSIZ #define BUFSIZ 256 @@ -156,7 +157,7 @@ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) return NULL; } data->rwflag = rwflag; - data->cb = cb; + data->cb = cb != NULL ? cb : PEM_def_callback; return ui_method; } diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index 2241c6f0f24e..176be50a67f2 100755 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -69,19 +69,19 @@ sub LL() unshift(@_,pop(@_)); } } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub scale() { if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } sub row() { if ($SCALE==2) { ((8-shift)&7); } elsif ($SCALE==8) { (8*shift); } - else { die "unvalid SCALE value"; } + else { die "invalid SCALE value"; } } $tbl="ebp"; @@ -504,4 +504,4 @@ for($i=0;$i<8;$i++) { &function_end_B("whirlpool_block_mmx"); &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl index fe23d8cad00b..b4fcd8be3c75 100755 --- a/crypto/whrlpool/asm/wp-x86_64.pl +++ b/crypto/whrlpool/asm/wp-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -614,4 +614,4 @@ ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c index 2ae5c38aba63..c21c04dbc1bb 100644 --- a/crypto/whrlpool/wp_block.c +++ b/crypto/whrlpool/wp_block.c @@ -36,7 +36,7 @@ * */ -#include "wp_locl.h" +#include "wp_local.h" #include typedef unsigned char u8; diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c index 1ac29803a4d6..e8a3392268aa 100644 --- a/crypto/whrlpool/wp_dgst.c +++ b/crypto/whrlpool/wp_dgst.c @@ -53,7 +53,7 @@ */ #include -#include "wp_locl.h" +#include "wp_local.h" #include int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) diff --git a/crypto/whrlpool/wp_locl.h b/crypto/whrlpool/wp_local.h similarity index 100% rename from crypto/whrlpool/wp_locl.h rename to crypto/whrlpool/wp_local.h diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index b691a83a0dfb..238c2519a6e2 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -19,8 +19,8 @@ #endif #include -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" struct lookup_dir_hashes_st { unsigned long hash; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 244512c9352b..237b362e2746 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index ccacbe7cbf8f..12d807f705ed 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 3c4566d2e708..651aa7808309 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 833bfce1bf23..e06489c3347b 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) { diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 2db843760c68..4cdab724eadf 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include int X509_CRL_get_ext_count(const X509_CRL *x) diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_local.h similarity index 100% rename from crypto/x509/x509_lcl.h rename to crypto/x509/x509_local.h diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index b7d2e66574c4..641a41c35c78 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include "internal/refcount.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c index 9dc587a09212..9348cc8eb788 100644 --- a/crypto/x509/x509_meth.c +++ b/crypto/x509/x509_meth.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) { diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 85c39415c11e..f54d483cc4dd 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * Limit to ensure we don't overflow: much greater than diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index 3d72787d3164..6b1623feacb7 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 0bdbb81db894..7ba0f26495f9 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 3ab6bf35115f..164b4e2be136 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -15,9 +15,9 @@ #include #include #include -#include "internal/asn1_int.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/asn1.h" +#include "crypto/x509.h" +#include "x509_local.h" int X509_set_version(X509 *x, long version) { diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index d749af4d590a..9e199d63e46a 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); static void trtable_free(X509_TRUST *p); diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 75ae767d608c..c7876023304c 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -15,7 +15,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 6be2c71e8692..361954c62ee7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -12,7 +12,7 @@ #include #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include @@ -22,8 +22,8 @@ #include #include #include "internal/dane.h" -#include "internal/x509_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "x509_local.h" /* CRL score values */ diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index aea186295c2a..68b681d5ee85 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -14,9 +14,9 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "x509_lcl.h" +#include "x509_local.h" /* X509_VERIFY_PARAM functions */ diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 7645ce375970..6c08509138d5 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_CRL_set_version(X509_CRL *x, long version) { diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 64a73e793fdf..c86d8e7914f1 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -14,7 +14,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index e8921b82a838..9da3f2ee27df 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" int X509_REQ_set_version(X509_REQ *x, long version) { diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 24e4114601ca..6cccfa99d1a6 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include #include diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 9a41e547cb2e..813c5b01c3ae 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -12,7 +12,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" /*- * X509_ATTRIBUTE: this has the following form: diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 12ab3cca42c0..e864126fef37 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include -#include "x509_lcl.h" +#include "x509_local.h" static int X509_REVOKED_cmp(const X509_REVOKED *const *a, const X509_REVOKED *const *b); diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c index f10f4a4d8769..bd7518ef12bf 100644 --- a/crypto/x509/x_exten.c +++ b/crypto/x509/x_exten.c @@ -11,7 +11,7 @@ #include #include #include -#include "x509_lcl.h" +#include "x509_local.h" ASN1_SEQUENCE(X509_EXTENSION) = { ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index a1e9bbdb669d..aa7f4722b6b9 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -8,13 +8,13 @@ */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" -#include "internal/asn1_int.h" -#include "x509_lcl.h" +#include "crypto/x509.h" +#include "crypto/asn1.h" +#include "x509_local.h" /* * Maximum length of X509_NAME: much larger than anything we should diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 1c87b8268eb5..4f694b93fb00 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -11,9 +11,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "internal/x509_int.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" +#include "crypto/x509.h" #include #include diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c index c2da95a73ecf..d2b02f6dae86 100644 --- a/crypto/x509/x_req.c +++ b/crypto/x509/x_req.c @@ -11,7 +11,7 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /*- * X509_REQ_INFO is handled in an unusual way to get round diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index afe59c46c518..7aa8b77ae73a 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -13,7 +13,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index 8c9ad71d1b29..c5175faef7af 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c @@ -12,7 +12,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" /* * X509_CERT_AUX routines. These are used to encode additional user diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 623870b1f6f5..04401bace8c5 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" static int policy_data_cmp(const X509_POLICY_DATA *const *a, const X509_POLICY_DATA *const *b); diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index bd3bb0e40dfe..073505951322 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* Policy Node routines */ diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index 67f7eafc6e8d..2e196b838ca2 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* accessor functions */ diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_local.h similarity index 100% rename from crypto/x509v3/pcy_int.h rename to crypto/x509v3/pcy_local.h diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index ab9dd21b7d93..ae2a62c97787 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -10,9 +10,9 @@ #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" -#include "pcy_int.h" +#include "pcy_local.h" /* * Set policy mapping entries in cache. Note: this modifies the passed diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index 1ffe98498bdb..e2d7b1532236 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -12,7 +12,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" static int node_cmp(const X509_POLICY_NODE *const *a, const X509_POLICY_NODE *const *b) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 87f51d001bbb..6e8322cbc5e3 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -11,7 +11,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" /* * Enable this to print out the complete policy tree at various point during diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index bb58e0484611..4258dbc40c0f 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" #ifndef OPENSSL_NO_RFC3779 diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h index fa23fc761759..ea7632b3708d 100644 --- a/crypto/x509v3/v3_admis.h +++ b/crypto/x509v3/v3_admis.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_V3_ADMISSION_H -# define HEADER_V3_ADMISSION_H +#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H +# define OSSL_CRYPTO_X509V3_V3_ADMIS_H struct NamingAuthority_st { ASN1_OBJECT* namingAuthorityId; diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index dfcb9094f4fc..7ac2911b91af 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, { int i; GENERAL_NAME *gen; + STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - ret = i2v_GENERAL_NAME(method, gen, ret); + /* + * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes + * wrong we need to free the stack - but only if it was empty when we + * originally entered this function. + */ + tmpret = i2v_GENERAL_NAME(method, gen, ret); + if (tmpret == NULL) { + if (origret == NULL) + sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); + return NULL; + } + ret = tmpret; } - if (!ret) + if (ret == NULL) return sk_CONF_VALUE_new_null(); return ret; } diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 089f2ae29f0c..ac6857267291 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -20,7 +20,7 @@ #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" @@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor, static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ERR_R_MALLOC_FAILURE); goto done; @@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid) static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) { ASN1_INTEGER *a_max_plus_one = NULL; + ASN1_INTEGER *orig; BIGNUM *bn = NULL; int i, ret = 0; @@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) */ if ((bn == NULL && (bn = BN_new()) == NULL) || ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1) || - (a_max_plus_one = - BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { + !BN_add_word(bn, 1)) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; + } + + if ((a_max_plus_one = + BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { + a_max_plus_one = orig; X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 7acaebfa2250..e93de3454604 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -10,11 +10,11 @@ /* extension creation utilities */ #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include "internal/cryptlib.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include static int v3_check_critical(const char **value); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 7a47fd38b379..1d12c899125c 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -14,7 +14,7 @@ #include #include -#include "pcy_int.h" +#include "pcy_local.h" #include "ext_dat.h" /* Certificate policies extension support: this one is a bit complex... */ diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 6cba4240abf1..4854748ffb51 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -14,7 +14,7 @@ #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_crld(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 9a2cd5af00c7..2a7b4f0992a8 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -10,12 +10,12 @@ #include "internal/cryptlib.h" #include "internal/numbers.h" #include -#include "internal/asn1_int.h" +#include "crypto/asn1.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2f06289d1949..3f60c2ea1da3 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -12,7 +12,7 @@ #include "internal/numbers.h" #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "internal/tsan_assist.h" static void x509v3_cache_extensions(X509 *x); diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 749f51b2f00e..c2e82045682a 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -10,7 +10,7 @@ #include #include "internal/cryptlib.h" #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include "ext_dat.h" static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index c9b40d2c76eb..7281a7b917a8 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -12,11 +12,11 @@ #include "e_os.h" #include "internal/cryptlib.h" #include -#include "internal/ctype.h" +#include "crypto/ctype.h" #include #include #include -#include "internal/x509_int.h" +#include "crypto/x509.h" #include #include "ext_dat.h" diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index 6423e803b759..d9536d65768f 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,7 @@ print<<___; .type OPENSSL_atomic_add,\@abi-omnipotent .align 16 OPENSSL_atomic_add: +.cfi_startproc movl ($arg1),%eax .Lspin: leaq ($arg2,%rax),%r8 .byte 0xf0 # lock @@ -47,16 +48,19 @@ OPENSSL_atomic_add: movl %r8d,%eax .byte 0x48,0x98 # cltq/cdqe ret +.cfi_endproc .size OPENSSL_atomic_add,.-OPENSSL_atomic_add .globl OPENSSL_rdtsc .type OPENSSL_rdtsc,\@abi-omnipotent .align 16 OPENSSL_rdtsc: +.cfi_startproc rdtsc shl \$32,%rdx or %rdx,%rax ret +.cfi_endproc .size OPENSSL_rdtsc,.-OPENSSL_rdtsc .globl OPENSSL_ia32_cpuid @@ -232,6 +236,7 @@ OPENSSL_ia32_cpuid: .type OPENSSL_cleanse,\@abi-omnipotent .align 16 OPENSSL_cleanse: +.cfi_startproc xor %rax,%rax cmp \$15,$arg2 jae .Lot @@ -261,12 +266,14 @@ OPENSSL_cleanse: cmp \$0,$arg2 jne .Little ret +.cfi_endproc .size OPENSSL_cleanse,.-OPENSSL_cleanse .globl CRYPTO_memcmp .type CRYPTO_memcmp,\@abi-omnipotent .align 16 CRYPTO_memcmp: +.cfi_startproc xor %rax,%rax xor %r10,%r10 cmp \$0,$arg3 @@ -295,6 +302,7 @@ CRYPTO_memcmp: shr \$63,%rax .Lno_data: ret +.cfi_endproc .size CRYPTO_memcmp,.-CRYPTO_memcmp ___ @@ -303,6 +311,7 @@ print<<___ if (!$win64); .type OPENSSL_wipe_cpu,\@abi-omnipotent .align 16 OPENSSL_wipe_cpu: +.cfi_startproc pxor %xmm0,%xmm0 pxor %xmm1,%xmm1 pxor %xmm2,%xmm2 @@ -329,6 +338,7 @@ OPENSSL_wipe_cpu: xorq %r11,%r11 leaq 8(%rsp),%rax ret +.cfi_endproc .size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu ___ print<<___ if ($win64); @@ -365,6 +375,7 @@ print<<___; .type OPENSSL_instrument_bus,\@abi-omnipotent .align 16 OPENSSL_instrument_bus: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg2,$max @@ -391,12 +402,14 @@ OPENSSL_instrument_bus: mov $max,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus .globl OPENSSL_instrument_bus2 .type OPENSSL_instrument_bus2,\@abi-omnipotent .align 16 OPENSSL_instrument_bus2: +.cfi_startproc mov $arg1,$out # tribute to Win64 mov $arg2,$cnt mov $arg3,$max @@ -439,6 +452,7 @@ OPENSSL_instrument_bus2: mov $redzone(%rsp),%rax sub $cnt,%rax ret +.cfi_endproc .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 ___ } @@ -450,6 +464,7 @@ print<<___; .type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent .align 16 OPENSSL_ia32_${rdop}_bytes: +.cfi_startproc xor %rax, %rax # return value cmp \$0,$arg2 je .Ldone_${rdop}_bytes @@ -486,10 +501,11 @@ OPENSSL_ia32_${rdop}_bytes: .Ldone_${rdop}_bytes: xor %r10,%r10 # Clear sensitive data from register ret +.cfi_endproc .size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes ___ } gen_random("rdrand"); gen_random("rdseed"); -close STDOUT; # flush +close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index d43dda4d935c..ba4fd80fb32e 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -506,4 +506,4 @@ my $rdop = shift; &asm_finish(); -close STDOUT; +close STDOUT or die "error closing STDOUT: $!"; diff --git a/doc/HOWTO/proxy_certificates.txt b/doc/HOWTO/proxy_certificates.txt deleted file mode 100644 index 3c4234926111..000000000000 --- a/doc/HOWTO/proxy_certificates.txt +++ /dev/null @@ -1,319 +0,0 @@ - HOWTO proxy certificates - -0. WARNING - -NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED! The code is just examples to -show you how things could be done. There might be typos or type conflicts, and -you will have to resolve them. - -1. Introduction - -Proxy certificates are defined in RFC 3820. They are really usual certificates -with the mandatory extension proxyCertInfo. - -Proxy certificates are issued by an End Entity (typically a user), either -directly with the EE certificate as issuing certificate, or by extension through -an already issued proxy certificate. Proxy certificates are used to extend -rights to some other entity (a computer process, typically, or sometimes to the -user itself). This allows the entity to perform operations on behalf of the -owner of the EE certificate. - -See https://www.ietf.org/rfc/rfc3820.txt for more information. - - -2. A warning about proxy certificates - -No one seems to have tested proxy certificates with security in mind. To this -date, it seems that proxy certificates have only been used in a context highly -aware of them. - -Existing applications might misbehave when trying to validate a chain of -certificates which use a proxy certificate. They might incorrectly consider the -leaf to be the certificate to check for authorisation data, which is controlled -by the EE certificate owner. - -subjectAltName and issuerAltName are forbidden in proxy certificates, and this -is enforced in OpenSSL. The subject must be the same as the issuer, with one -commonName added on. - -Possible threats we can think of at this time include: - - - impersonation through commonName (think server certificates). - - use of additional extensions, possibly non-standard ones used in certain - environments, that would grant extra or different authorisation rights. - -For these reasons, OpenSSL requires that the use of proxy certificates be -explicitly allowed. Currently, this can be done using the following methods: - - - if the application directly calls X509_verify_cert(), it can first call: - - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - - Where ctx is the pointer which then gets passed to X509_verify_cert(). - - - proxy certificate validation can be enabled before starting the application - by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS. - -In the future, it might be possible to enable proxy certificates by editing -openssl.cnf. - - -3. How to create proxy certificates - -Creating proxy certificates is quite easy, by taking advantage of a lack of -checks in the 'openssl x509' application (*ahem*). You must first create a -configuration section that contains a definition of the proxyCertInfo extension, -for example: - - [ v3_proxy ] - # A proxy certificate MUST NEVER be a CA certificate. - basicConstraints=CA:FALSE - - # Usual authority key ID - authorityKeyIdentifier=keyid,issuer:always - - # The extension which marks this certificate as a proxy - proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB - -It's also possible to specify the proxy extension in a separate section: - - proxyCertInfo=critical,@proxy_ext - - [ proxy_ext ] - language=id-ppl-anyLanguage - pathlen=0 - policy=text:BC - -The policy value has a specific syntax, {syntag}:{string}, where the syntag -determines what will be done with the string. The following syntags are -recognised: - - text indicates that the string is simply bytes, without any encoding: - - policy=text:räksmörgås - - Previous versions of this design had a specific tag for UTF-8 text. - However, since the bytes are copied as-is anyway, there is no need for - such a specific tag. - - hex indicates the string is encoded in hex, with colons between each byte - (every second hex digit): - - policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 - - Previous versions of this design had a tag to insert a complete DER - blob. However, the only legal use for this would be to surround the - bytes that would go with the hex: tag with whatever is needed to - construct a correct OCTET STRING. The DER tag therefore felt - superfluous, and was removed. - - file indicates that the text of the policy should really be taken from a - file. The string is then really a file name. This is useful for - policies that are large (more than a few lines, e.g. XML documents). - -The 'policy' setting can be split up in multiple lines like this: - - 0.policy=This is - 1.policy= a multi- - 2.policy=line policy. - -NOTE: the proxy policy value is the part which determines the rights granted to -the process using the proxy certificate. The value is completely dependent on -the application reading and interpreting it! - -Now that you have created an extension section for your proxy certificate, you -can easily create a proxy certificate by doing: - - openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key - openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \ - -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy - -You can also create a proxy certificate using another proxy certificate as -issuer (note: I'm using a different configuration section for it): - - openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key - openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \ - -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2 - - -4. How to have your application interpret the policy? - -The basic way to interpret proxy policies is to start with some default rights, -then compute the resulting rights by checking the proxy certificate against -the chain of proxy certificates, user certificate and CA certificates. You then -use the final computed rights. Sounds easy, huh? It almost is. - -The slightly complicated part is figuring out how to pass data between your -application and the certificate validation procedure. - -You need the following ingredients: - - - a callback function that will be called for every certificate being - validated. The callback be called several times for each certificate, - so you must be careful to do the proxy policy interpretation at the right - time. You also need to fill in the defaults when the EE certificate is - checked. - - - a data structure that is shared between your application code and the - callback. - - - a wrapper function that sets it all up. - - - an ex_data index function that creates an index into the generic ex_data - store that is attached to an X509 validation context. - -Here is some skeleton code you can fill in: - - #include - #include - #include - #include - - #define total_rights 25 - - /* - * In this example, I will use a view of granted rights as a bit - * array, one bit for each possible right. - */ - typedef struct your_rights { - unsigned char rights[(total_rights + 7) / 8]; - } YOUR_RIGHTS; - - /* - * The following procedure will create an index for the ex_data - * store in the X509 validation context the first time it's called. - * Subsequent calls will return the same index. */ - static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) - { - static volatile int idx = -1; - if (idx < 0) { - X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); - if (idx < 0) { - idx = X509_STORE_CTX_get_ex_new_index(0, - "for verify callback", - NULL,NULL,NULL); - } - X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); - } - return idx; - } - - /* Callback to be given to the X509 validation procedure. */ - static int verify_callback(int ok, X509_STORE_CTX *ctx) - { - if (ok == 1) { - /* - * It's REALLY important you keep the proxy policy - * check within this section. It's important to know - * that when ok is 1, the certificates are checked - * from top to bottom. You get the CA root first, - * followed by the possible chain of intermediate - * CAs, followed by the EE certificate, followed by - * the possible proxy certificates. - */ - X509 *xs = X509_STORE_CTX_get_current_cert(ctx); - - if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { - YOUR_RIGHTS *rights = - (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx(ctx)); - PROXY_CERT_INFO_EXTENSION *pci = - X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); - - switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { - case NID_Independent: - /* - * Do whatever you need to grant explicit rights to - * this particular proxy certificate, usually by - * pulling them from some database. If there are none - * to be found, clear all rights (making this and any - * subsequent proxy certificate void of any rights). - */ - memset(rights->rights, 0, sizeof(rights->rights)); - break; - case NID_id_ppl_inheritAll: - /* - * This is basically a NOP, we simply let the current - * rights stand as they are. - */ - break; - default: - /* This is usually the most complex section of code. - * You really do whatever you want as long as you - * follow RFC 3820. In the example we use here, the - * simplest thing to do is to build another, temporary - * bit array and fill it with the rights granted by - * the current proxy certificate, then use it as a - * mask on the accumulated rights bit array, and - * voilà, you now have a new accumulated rights bit - * array. - */ - { - int i; - YOUR_RIGHTS tmp_rights; - memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); - - /* - * process_rights() is supposed to be a procedure - * that takes a string and its length, interprets - * it and sets the bits in the YOUR_RIGHTS pointed - * at by the third argument. - */ - process_rights((char *) pci->proxyPolicy->policy->data, - pci->proxyPolicy->policy->length, - &tmp_rights); - - for(i = 0; i < total_rights / 8; i++) - rights->rights[i] &= tmp_rights.rights[i]; - } - break; - } - PROXY_CERT_INFO_EXTENSION_free(pci); - } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { - /* We have an EE certificate, let's use it to set default! */ - YOUR_RIGHTS *rights = - (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx(ctx)); - - /* The following procedure finds out what rights the owner - * of the current certificate has, and sets them in the - * YOUR_RIGHTS structure pointed at by the second - * argument. - */ - set_default_rights(xs, rights); - } - } - return ok; - } - - static int my_X509_verify_cert(X509_STORE_CTX *ctx, - YOUR_RIGHTS *needed_rights) - { - int ok; - int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = - X509_STORE_CTX_get_verify_cb(ctx); - YOUR_RIGHTS rights; - - X509_STORE_CTX_set_verify_cb(ctx, verify_callback); - X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights); - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - ok = X509_verify_cert(ctx); - - if (ok == 1) { - ok = check_needed_rights(rights, needed_rights); - } - - X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); - - return ok; - } - - -If you use SSL or TLS, you can easily set up a callback to have the -certificates checked properly, using the code above: - - SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights); - - --- -Richard Levitte diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod index 7385a00941ea..27bb31493a7f 100644 --- a/doc/man1/ca.pod +++ b/doc/man1/ca.pod @@ -51,6 +51,7 @@ B B [B<-engine id>] [B<-subj arg>] [B<-utf8>] +[B<-sigopt nm:v>] [B<-create_serial>] [B<-rand_serial>] [B<-multivalue-rdn>] @@ -134,6 +135,11 @@ The private key to sign requests with. The format of the data in the private key file. The default is PEM. +=item B<-sigopt nm:v> + +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. + =item B<-key password> The password used to encrypt the private key. Since on some diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod index 66a6697eb10e..ea2c4e3e1598 100644 --- a/doc/man1/dgst.pod +++ b/doc/man1/dgst.pod @@ -12,6 +12,7 @@ B [B<-help>] [B<-c>] [B<-d>] +[B<-list>] [B<-hex>] [B<-binary>] [B<-r>] @@ -22,6 +23,7 @@ B [B<-verify filename>] [B<-prverify filename>] [B<-signature filename>] +[B<-sigopt nm:v>] [B<-hmac key>] [B<-fips-fingerprint>] [B<-rand file...>] @@ -66,6 +68,10 @@ B format output is used. Print out BIO debugging information. +=item B<-list> + +Prints out a list of supported message digests. + =item B<-hex> Digest is to be output as a hex dump. This is the default case for a "normal" @@ -78,7 +84,8 @@ Output the digest or signature in binary form. =item B<-r> -Output the digest in the "coreutils" format used by programs like B. +Output the digest in the "coreutils" format, including newlines. +Used by programs like B. =item B<-out filename> diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod index a3e0b03b2000..6f20ac1fc7d5 100644 --- a/doc/man1/enc.pod +++ b/doc/man1/enc.pod @@ -9,6 +9,7 @@ enc - symmetric cipher routines B> [B<-help>] +[B<-list>] [B<-ciphers>] [B<-in filename>] [B<-out filename>] @@ -56,10 +57,14 @@ either by itself or in addition to the encryption or decryption. Print out a usage message. -=item B<-ciphers> +=item B<-list> List all supported ciphers. +=item B<-ciphers> + +Alias of -list to display all supported ciphers. + =item B<-in filename> The input filename, standard input by default. @@ -419,6 +424,8 @@ certain parameters. So if, for example, you want to use RC2 with a The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. +The B<-list> option was added in OpenSSL 1.1.1e. + =head1 COPYRIGHT Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/rand.pod b/doc/man1/rand.pod index 5dd9e8e0a56a..b5d45ab51cf0 100644 --- a/doc/man1/rand.pod +++ b/doc/man1/rand.pod @@ -18,12 +18,14 @@ I =head1 DESCRIPTION -The B command outputs I pseudo-random bytes after seeding -the random number generator once. As in other B command -line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd> -in addition to the files given in the B<-rand> option. A new -I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough -seeding was obtained from these sources. +This command generates I random bytes using a cryptographically +secure pseudo random number generator (CSPRNG). + +The random bytes are generated using the L function, +which provides a security level of 256 bits, provided it managed to +seed itself successfully from a trusted operating system entropy source. +Otherwise, the command will fail with a nonzero error code. +For more details, see L, L, and L. =head1 OPTIONS @@ -44,6 +46,8 @@ generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +Explicitly specifying a seed file is in general not necessary, see the +L section for more information. =item [B<-writerand file>] @@ -60,13 +64,28 @@ Show the output as a hex string. =back +=head1 NOTES + +Prior to OpenSSL 1.1.1, it was common for applications to store information +about the state of the random-number generator in a file that was loaded +at startup and rewritten upon exit. On modern operating systems, this is +generally no longer necessary as OpenSSL will seed itself from a trusted +entropy source provided by the operating system. The B<-rand> and +B<-writerand> flags are still supported for special platforms or +circumstances that might require them. + +It is generally an error to use the same seed file more than once and +every use of B<-rand> should be paired with B<-writerand>. + =head1 SEE ALSO -L +L, +L, +L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/req.pod b/doc/man1/req.pod index a9b5b1690a5c..730c59079d67 100644 --- a/doc/man1/req.pod +++ b/doc/man1/req.pod @@ -46,6 +46,7 @@ B B [B<-reqopt>] [B<-subject>] [B<-subj arg>] +[B<-sigopt nm:v>] [B<-batch>] [B<-verbose>] [B<-engine id>] @@ -82,6 +83,11 @@ This specifies the input filename to read a request from or standard input if this option is not specified. A request is only read if the creation options (B<-new> and B<-newkey>) are not specified. +=item B<-sigopt nm:v> + +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. + =item B<-passin arg> The input file password source. For more information about the format of B @@ -689,7 +695,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index e2475ea0678f..68a152a272bd 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -335,7 +335,7 @@ at a positive depth or else "matched EE certificate" at depth 0. Use one or more times to specify the RRDATA fields of the DANE TLSA RRset associated with the target service. The B value is -specied in "presentation form", that is four whitespace separated +specified in "presentation form", that is four whitespace separated fields that specify the usage, selector, matching type and associated data, with the last of these encoded in hexadecimal. Optional whitespace is ignored in the associated data field. For example: @@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/sess_id.pod b/doc/man1/sess_id.pod index 1f7a1e8670cf..6c54ed988bbe 100644 --- a/doc/man1/sess_id.pod +++ b/doc/man1/sess_id.pod @@ -93,7 +93,7 @@ Typical output: Timeout : 300 (sec) Verify return code 0 (ok) -Theses are described below in more detail. +These are described below in more detail. =over 4 @@ -156,7 +156,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod index 7878753414da..65cec9dbda67 100644 --- a/doc/man1/x509.pod +++ b/doc/man1/x509.pod @@ -11,7 +11,7 @@ B B [B<-help>] [B<-inform DER|PEM>] [B<-outform DER|PEM>] -[B<-keyform DER|PEM>] +[B<-keyform DER|PEM|ENGINE>] [B<-CAform DER|PEM>] [B<-CAkeyform DER|PEM>] [B<-in filename>] @@ -44,7 +44,7 @@ B B [B<-setalias arg>] [B<-days arg>] [B<-set_serial n>] -[B<-signkey filename>] +[B<-signkey arg>] [B<-passin arg>] [B<-x509toreq>] [B<-req>] @@ -61,6 +61,7 @@ B B [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] +[B<-sigopt nm:v>] [B<-rand file...>] [B<-writerand file>] [B<-engine id>] @@ -349,10 +350,11 @@ can thus behave like a "mini CA". =over 4 -=item B<-signkey filename> +=item B<-signkey arg> This option causes the input file to be self signed using the supplied -private key. +private key or engine. The private key's format is specified with the +B<-keyform> option. If the input file is a certificate it sets the issuer name to the subject name (i.e. makes it self signed) changes the public key to the @@ -366,6 +368,11 @@ If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request. +=item B<-sigopt nm:v> + +Pass options to the signature algorithm during sign or verify operations. +Names and values of these options are algorithm-specific. + =item B<-passin arg> The key password source. For more information about the format of B @@ -378,7 +385,7 @@ certificate is being created from another certificate (for example with the B<-signkey> or the B<-CA> options). Normally all extensions are retained. -=item B<-keyform PEM|DER> +=item B<-keyform PEM|DER|ENGINE> Specifies the format (DER or PEM) of the private key file used in the B<-signkey> option. @@ -925,7 +932,7 @@ the old form must have their links rebuilt using B or similar. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod index 9b73290742d4..ac6a5799df9d 100644 --- a/doc/man3/ASN1_INTEGER_get_int64.pod +++ b/doc/man3/ASN1_INTEGER_get_int64.pod @@ -22,10 +22,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); - int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a); + int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); - int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r); + int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); diff --git a/doc/man3/ASN1_TYPE_get.pod b/doc/man3/ASN1_TYPE_get.pod index 70c56878b8e6..fb797220a47f 100644 --- a/doc/man3/ASN1_TYPE_get.pod +++ b/doc/man3/ASN1_TYPE_get.pod @@ -69,7 +69,7 @@ If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the return value is non-zero. Technically if both parameters are NULL the two types could be absent OPTIONAL fields and so should match, however passing NULL values could also indicate a programming error (for example an -unparseable type which returns NULL) for types which do B match. So +unparsable type which returns NULL) for types which do B match. So applications should handle the case of two absent values separately. =head1 RETURN VALUES @@ -90,7 +90,7 @@ NULL on failure. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_buffer.pod b/doc/man3/BIO_f_buffer.pod index 8ceaaa3c0343..047a11d2407c 100644 --- a/doc/man3/BIO_f_buffer.pod +++ b/doc/man3/BIO_f_buffer.pod @@ -49,10 +49,20 @@ is expanded. These functions, other than BIO_f_buffer(), are implemented as macros. -Buffering BIOs implement BIO_gets() by using BIO_read_ex() operations on the -next BIO in the chain. By prepending a buffering BIO to a chain it is therefore -possible to provide BIO_gets() functionality if the following BIOs do not -support it (for example SSL BIOs). +Buffering BIOs implement BIO_read_ex() and BIO_gets() by using +BIO_read_ex() operations on the next BIO in the chain and storing the +result in an internal buffer, from which bytes are given back to the +caller as appropriate for the call; a BIO_gets() is guaranteed to give +the caller a whole line, and BIO_read_ex() is guaranteed to give the +caller the number of bytes it asks for, unless there's an error or end +of communication is reached in the next BIO. By prepending a +buffering BIO to a chain it is therefore possible to provide +BIO_gets() or exact size BIO_read_ex() functionality if the following +BIOs do not support it. + +Do not add more than one BIO_f_buffer() to a BIO chain. The result of +doing so will force a full read of the size of the internal buffer of +the top BIO_f_buffer(), which is 4 KiB at a minimum. Data is only written to the next BIO in the chain when the write buffer fills or when BIO_flush() is called. It is therefore important to call BIO_flush() @@ -82,7 +92,7 @@ L. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_get_ex_new_index.pod b/doc/man3/BIO_get_ex_new_index.pod index e61228f1caea..89008531d381 100644 --- a/doc/man3/BIO_get_ex_new_index.pod +++ b/doc/man3/BIO_get_ex_new_index.pod @@ -39,7 +39,7 @@ L. These functions handle application-specific data for OpenSSL data structures. -TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index() +TYPE_get_ex_new_index() is a macro that calls CRYPTO_get_ex_new_index() with the correct B value. TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with @@ -50,7 +50,7 @@ an offset into the opaque exdata part of the TYPE object. =head1 RETURN VALUES -TYPE_get_new_ex_index() returns a new index on success or -1 on error. +TYPE_get_ex_new_index() returns a new index on success or -1 on error. TYPE_set_ex_data() returns 1 on success or 0 on error. @@ -62,7 +62,7 @@ L. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DTLSv1_listen.pod b/doc/man3/DTLSv1_listen.pod index 76be40b68f10..98511a475f9f 100644 --- a/doc/man3/DTLSv1_listen.pod +++ b/doc/man3/DTLSv1_listen.pod @@ -66,9 +66,9 @@ the peer and continue the handshake in a connected state. Prior to calling DTLSv1_listen() user code must ensure that cookie generation and verification callbacks have been set up using -SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb() -respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb() -and SSL_CTX_set_stateless_cookie_verify_cb() must be used instead. +L and L +respectively. For SSL_stateless(), L +and L must be used instead. Since DTLSv1_listen() operates entirely statelessly whilst processing incoming ClientHellos it is unable to process fragmented messages (since this would @@ -112,8 +112,10 @@ errors as non-fatal), whilst return codes >0 indicate success. =head1 SEE ALSO -L, L, -L, L +L, L, +L, +L, L, +L, L, L =head1 HISTORY diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index 7bf350062375..0d50fdc0c74f 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -40,7 +40,7 @@ EC_GROUP_get_pentanomial_basis int EC_GROUP_get_asn1_flag(const EC_GROUP *group); void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); - point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); @@ -61,34 +61,39 @@ EC_GROUP_get_pentanomial_basis =head1 DESCRIPTION -EC_GROUP_copy copies the curve B into B. Both B and B must use the same EC_METHOD. +EC_GROUP_copy() copies the curve B into B. Both B and B must use the same EC_METHOD. -EC_GROUP_dup creates a new EC_GROUP object and copies the content from B to the newly created +EC_GROUP_dup() creates a new EC_GROUP object and copies the content from B to the newly created EC_GROUP object. -EC_GROUP_method_of obtains the EC_METHOD of B. +EC_GROUP_method_of() obtains the EC_METHOD of B. -EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These +EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These parameters include the B, the B and the B. The B is a well defined point on the curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and n-1 where n is the B. The B multiplied by the B gives the number of points on the curve. -EC_GROUP_get0_generator returns the generator for the identified B. +EC_GROUP_get0_generator() returns the generator for the identified B. -The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided B and B parameters -with the respective order and cofactors for the B. +EC_GROUP_get_order() retrieves the order of B and copies its value into +B. It fails in case B is not fully initialized (i.e., its order +is not set or set to zero). -The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively +EC_GROUP_get_cofactor() retrieves the cofactor of B and copies its value +into B. It fails in case B is not fully initialized or if the +cofactor is not set (or set to zero). + +The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively (see L). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name -will return 0. +will return NID_undef. The asn1_flag value is used to determine whether the curve encoding uses explicit parameters or a named curve using an ASN1 OID: many applications only support the latter form. If asn1_flag is B then the named curve form is used and the parameters must have a corresponding named curve NID set. If asn1_flags is B the -parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and -EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. +parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and +EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve. Note: B was added in OpenSSL 1.1.0, for previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL 1.1.0 the default form was to use explicit parameters (meaning that @@ -119,32 +124,32 @@ the two possible solutions for y has been used, followed by the octets for x. For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two possible solutions for y has been used, followed by the octets for x, followed by the octets for y. -The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form +The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form for the curve respectively. ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library -does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block -containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the -builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using -EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the +built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use this seed value, although it will be preserved in any ASN1 based communications. -EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be the value m. -The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid. +The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. In either case for the curve to be valid the discriminant must be non zero. -The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include +The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has the correct order. -EC_GROUP_cmp compares B and B to determine whether they represent the same curve or not. +EC_GROUP_cmp() compares B and B to determine whether they represent the same curve or not. -The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves +The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial function f(x). This function is either a trinomial of the form: @@ -154,39 +159,48 @@ or a pentanomial of the form: f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 -The function EC_GROUP_get_basis_type returns a NID identifying whether a trinomial or pentanomial is in use for the field. The -function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of B. Similarly -the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of B, +The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of B. Similarly +the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of B, B and B respectively. =head1 RETURN VALUES -The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check, -EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis. +The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(), +EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis(). -EC_GROUP_dup returns a pointer to the duplicated curve, or NULL on error. +EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error. -EC_GROUP_method_of returns the EC_METHOD implementation in use for the given curve or NULL on error. +EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error. -EC_GROUP_get0_generator returns the generator for the given curve or NULL on error. +EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error. -EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form -and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the -specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. +EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for +B or if copying into B fails, 1 otherwise. + +EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for B or if copying into B fails, 1 otherwise. + +EC_GROUP_get_curve_name() returns the curve name (NID) for B or will return NID_undef if no curve name is associated. + +EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified B . + +EC_GROUP_get_point_conversion_form() returns the point_conversion_form for B. + +EC_GROUP_get_degree() returns the degree for B or 0 if the operation is not supported by the underlying group implementation. EC_GROUP_get0_order() returns an internal pointer to the group order. EC_GROUP_order_bits() returns the number of bits in the group order. EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor. -EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not -specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. +EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not +specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified. -EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is +EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is 0, the return value will be 1. On error 0 is returned. -EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error. +EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error. -EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. =head1 SEE ALSO diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 1eee494927f5..c80b191785c4 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -57,49 +57,63 @@ objects =head1 DESCRIPTION -Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the -prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised +Within the library there are two forms of elliptic curve that are of interest. +The first form is those defined over the prime field Fp. The elements of Fp are +the integers 0 to p-1, where p is a prime number. This gives us a revised elliptic curve equation as follows: y^2 mod p = x^3 +ax + b mod p -The second form is those defined over a binary field F2^m where the elements of the field are integers of length at -most m bits. For this form the elliptic curve equation is modified to: +The second form is those defined over a binary field F2^m where the elements of +the field are integers of length at most m bits. For this form the elliptic +curve equation is modified to: y^2 + xy = x^3 + ax^2 + b (where b != 0) -Operations in a binary field are performed relative to an B. All such curves with OpenSSL -use a trinomial or a pentanomial for this parameter. +Operations in a binary field are performed relative to an B. All such curves with OpenSSL use a trinomial or a pentanomial for +this parameter. -A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B (see -L). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. -EC_GROUP_new_from_ecparameters() will create a group from the -specified B and -EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B. +A new curve can be constructed by calling EC_GROUP_new(), using the +implementation provided by B (see L). It is then +necessary to call EC_GROUP_set_curve() to set the curve parameters. +EC_GROUP_new_from_ecparameters() will create a group from the specified +B and EC_GROUP_new_from_ecpkparameters() will create a group from the +specific PK B. -EC_GROUP_set_curve() sets the curve parameters B

represents the irreducible polynomial - each bit -represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether -the polynomial is a trinomial or a pentanomial. +EC_GROUP_set_curve() sets the curve parameters B

, B and B. For a curve +over Fp B

is the prime for the field. For a curve over F2^m B

represents +the irreducible polynomial - each bit represents a term in the polynomial. +Therefore there will either be three or five bits set dependent on whether the +polynomial is a trinomial or a pentanomial. +In either case, B and B represents the coefficients a and b from the +relevant equation introduced above. EC_group_get_curve() obtains the previously set curve parameters. -EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for -backwards compatibility only and should not be used. +EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for +EC_GROUP_set_curve(). They are defined for backwards compatibility only and +should not be used. -EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for -backwards compatibility only and should not be used. +EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for +EC_GROUP_get_curve(). They are defined for backwards compatibility only and +should not be used. -The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the -EC_GROUP_set_curve function. An appropriate default implementation method will be used. +The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are +shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function. +An appropriate default implementation method will be used. -Whilst the library can be used to create any curve using the functions described above, there are also a number of -predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function -EC_get_builtin_curves. The parameter B should be an array of EC_builtin_curve structures of size B. The function -will populate the B array with information about the builtin curves. If B is less than the total number of -curves available, then the first B curves will be returned. Otherwise the total number of curves will be -provided. The return value is the total number of curves available (whether that number has been populated in B or -not). Passing a NULL B, or setting B to 0 will do nothing other than return the total number of curves available. +Whilst the library can be used to create any curve using the functions described +above, there are also a number of predefined curves that are available. In order +to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves(). The parameter B should be an array of +EC_builtin_curve structures of size B. The function will populate the +B array with information about the builtin curves. If B is less than +the total number of curves available, then the first B curves will be +returned. Otherwise the total number of curves will be provided. The return +value is the total number of curves available (whether that number has been +populated in B or not). Passing a NULL B, or setting B to 0 will +do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows: typedef struct { @@ -107,24 +121,28 @@ The EC_builtin_curve structure is defined as follows: const char *comment; } EC_builtin_curve; -Each EC_builtin_curve item has a unique integer id (B), and a human readable comment string describing the curve. +Each EC_builtin_curve item has a unique integer id (B), and a human +readable comment string describing the curve. -In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B of the curve to +In order to construct a builtin curve use the function +EC_GROUP_new_by_curve_name() and provide the B of the curve to be constructed. -EC_GROUP_free frees the memory associated with the EC_GROUP. +EC_GROUP_free() frees the memory associated with the EC_GROUP. If B is NULL nothing is done. -EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. -If B is NULL nothing is done. +EC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and +then frees its memory. If B is NULL nothing is done. =head1 RETURN VALUES -All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error. +All EC_GROUP_new* functions return a pointer to the newly constructed group, or +NULL on error. -EC_get_builtin_curves returns the number of builtin curves that are available. +EC_get_builtin_curves() returns the number of builtin curves that are available. -EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. +EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(), +EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error. =head1 SEE ALSO @@ -134,7 +152,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod index 796f6666dd38..8cadaa75f145 100644 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -171,6 +171,26 @@ The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively. +The function EC_POINT_point2oct() encodes the given curve point B

as an +octet string into the buffer B of size B, using the specified +conversion form B

. +The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve +Cryptography") standard. +Similarly the function EC_POINT_oct2point() decodes a curve point into B

from +the octet string contained in the given buffer B of size B, conforming +to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. + +The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point B

, +respectively, to the hexadecimal or BIGNUM representation of the same +encoding of the function EC_POINT_point2oct(). +Vice versa, similarly to the function EC_POINT_oct2point(), the functions +EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or +BIGNUM representation into the EC_POINT B

. + +Notice that, according to the standard, the octet string encoding of the point +at infinity for a given curve is fixed to a single octet of value zero and that, +vice versa, a single octet of size zero is decoded as the point at infinity. + The function EC_POINT_point2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. Calling the function with a NULL buffer will not perform the conversion but diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 3e3e34229763..434e22030fdd 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -2,17 +2,17 @@ =head1 NAME -EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, -EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, -EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, +EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, +EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, -EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, +EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, +EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, -EVP_get_digestbyname, EVP_get_digestbynid, -EVP_get_digestbyobj, -EVP_MD_CTX_set_pkey_ctx - EVP digest routines +EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, +EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines =head1 SYNOPSIS @@ -26,6 +26,8 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + int EVP_Digest(const void *data, size_t count, unsigned char *md, + unsigned int *size, const EVP_MD *type, ENGINE *impl); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); @@ -42,12 +44,18 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines int EVP_MD_pkey_type(const EVP_MD *md); int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); + unsigned long EVP_MD_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_size(const EVP_MD *ctx); - int EVP_MD_CTX_block_size(const EVP_MD *ctx); - int EVP_MD_CTX_type(const EVP_MD *ctx); + int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, + const void *data, size_t count); + void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, + int (*update)(EVP_MD_CTX *ctx, + const void *data, size_t count)); const EVP_MD *EVP_md_null(void); @@ -55,6 +63,7 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines const EVP_MD *EVP_get_digestbynid(int type); const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); + EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); =head1 DESCRIPTION @@ -79,12 +88,24 @@ Cleans up digest context B and frees up the space allocated to it. =item EVP_MD_CTX_ctrl() -Performs digest-specific control actions on context B. +Performs digest-specific control actions on context B. The control command +is indicated in B and any additional arguments in B and B. +EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions +may apply depending on the control type and digest implementation. +See L below for more information. =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() Sets, clears and tests B flags. See L below for more information. +=item EVP_Digest() + +A wrapper around the Digest Init_ex, Update and Final_ex functions. +Hashes B bytes of data at B using a digest B from ENGINE +B. The digest value is placed in B and its length is written at B +if the pointer is not NULL. At most B bytes will be written. +If B is NULL the default implementation of digest B is used. + =item EVP_DigestInit_ex() Sets up digest context B to use a digest B from ENGINE B. @@ -122,7 +143,7 @@ few bytes. =item EVP_DigestInit() Behaves in the same way as EVP_DigestInit_ex() except it always uses the -default digest implementation. +default digest implementation and calls EVP_MD_CTX_reset(). =item EVP_DigestFinal() @@ -163,6 +184,21 @@ EVP_MD_meth_set_app_datasize(). Returns the B structure corresponding to the passed B. +=item EVP_MD_CTX_set_update_fn() + +Sets the update function for B to B. +This is the function that is called by EVP_DigestUpdate. If not set, the +update function from the B type specified at initialization is used. + +=item EVP_MD_CTX_update_fn() + +Returns the update function for B. + +=item EVP_MD_flags() + +Returns the B flags. Note that these are different from the B +ones. See L for more information. + =item EVP_MD_pkey_type() Returns the NID of the public key signing algorithm associated with this @@ -182,10 +218,15 @@ EVP_get_digestbyobj() Returns an B structure when passed a digest name, a digest B or an B structure respectively. +=item EVP_MD_CTX_pkey_ctx() + +Returns the B assigned to B. The returned pointer should not +be freed by the caller. + =item EVP_MD_CTX_set_pkey_ctx() Assigns an B to B. This is usually used to provide -a customzied B to L or +a customized B to L or L. The B passed to this function should be freed by the caller. A NULL B pointer is also allowed to clear the B assigned to B. In such case, freeing the cleared B or not @@ -193,6 +234,27 @@ depends on how the B is created. =back +=head1 CONTROLS + +EVP_MD_CTX_ctrl() can be used to send the following standard controls: + +=over 4 + +=item EVP_MD_CTRL_MICALG + +Gets the digest Message Integrity Check algorithm string. This is used when +creating S/MIME multipart/signed messages, as specified in RFC 3851. +The string value is written to B. + +=item EVP_MD_CTRL_XOF_LEN + +This control sets the digest length for extendable output functions to B. +Sending this control directly should not be necessary, the use of +C is preferred. +Currently used by SHAKE. + +=back + =head1 FLAGS EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() @@ -245,8 +307,7 @@ Returns 1 if successful or 0 for failure. Returns 1 if successful or 0 for failure. =item EVP_MD_type(), -EVP_MD_pkey_type(), -EVP_MD_type() +EVP_MD_pkey_type() Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. @@ -350,6 +411,7 @@ digest name passed on the command line. =head1 SEE ALSO +L, L, L diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 0bbc3d0ff8f3..912880a5e1c5 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -36,7 +36,7 @@ EVP_MD_CTX is freed). The digest B may be NULL if the signing algorithm supports it. No B will be created by EVP_DigestSignInit() if the passed B -has already been assigned one via L. See also L. +has already been assigned one via L. See also L. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of @@ -102,10 +102,8 @@ EVP_DigestSignFinal(). =head1 RETURN VALUES -EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignaFinal() and -EVP_DigestSign() return 1 for success and 0 or a negative value for failure. In -particular, a return value of -2 indicates the operation is not supported by the -public key algorithm. +EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and +EVP_DigestSign() return 1 for success and 0 for failure. The error codes can be obtained from L. @@ -158,7 +156,7 @@ were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 05b99bb913ce..0806cd5d58c4 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -33,7 +33,7 @@ inside EVP_DigestVerifyInit() and it will be freed automatically when the EVP_MD_CTX is freed). No B will be created by EVP_DigestSignInit() if the passed B -has already been assigned one via L. See also L. +has already been assigned one via L. See also L. EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 6b068617b0ad..aaf9975c4c26 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -492,6 +492,15 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an existing context without allocating and freeing it up on each call. +There are some differences between functions EVP_CipherInit() and +EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills +the passed context object with zeros. As a consequence, EVP_CipherInit() does +not allow step-by-step initialization of the ctx when the I and I are +passed in separate calls. It also means that the flags set for the CTX are +removed, and it is especially important for the +B flag treated specially in +EVP_CipherInit_ex(). + EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. =head1 BUGS diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index 0265c7d50456..e17a4cd519ab 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -84,7 +84,12 @@ together. The available flags are: =item EVP_MD_FLAG_ONESHOT -This digest method can only handles one block of input. +This digest method can only handle one block of input. + +=item EVP_MD_FLAG_XOF + +This digest method is an extensible-output function (XOF) and supports +the B control. =item EVP_MD_FLAG_DIGALGID_NULL @@ -105,19 +110,24 @@ B as default. I Currently unused. +=item EVP_MD_FLAG_FIPS + +This digest method is suitable for use in FIPS mode. +Currently unused. + =back EVP_MD_meth_set_init() sets the digest init function for B. -The digest init function is called by EVP_DigestInit(), +The digest init function is called by EVP_Digest(), EVP_DigestInit(), EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit() and EVP_VerifyInit_ex(). EVP_MD_meth_set_update() sets the digest update function for B. -The digest update function is called by EVP_DigestUpdate(), +The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and EVP_SignUpdate(). EVP_MD_meth_set_final() sets the digest final function for B. -The digest final function is called by EVP_DigestFinal(), +The digest final function is called by EVP_Digest(), EVP_DigestFinal(), EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal(). EVP_MD_meth_set_copy() sets the function for B to do extra @@ -138,6 +148,7 @@ This cleanup function is called by EVP_MD_CTX_reset() and EVP_MD_CTX_free(). EVP_MD_meth_set_ctrl() sets the control function for B. +See L for the available controls. EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), @@ -169,7 +180,7 @@ The B structure was openly available in OpenSSL before version =head1 COPYRIGHT -Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 75fad0f70ce0..16d8462a4263 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -23,6 +23,8 @@ EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dsa_paramgen_q_bits, +EVP_PKEY_CTX_set_dsa_paramgen_md, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, @@ -93,6 +95,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); + int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits); + int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); #include @@ -255,7 +259,17 @@ by the library and should not be freed by the caller. =head2 DSA parameters The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used -for DSA parameter generation to B. If not specified 1024 is used. +for DSA parameter generation to B. If not specified, 1024 is used. + +The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the +subprime parameter B for DSA parameter generation to B. If not +specified, 160 is used. If a digest function is specified below, this parameter +is ignored and instead, the number of bits in B matches the size of the +digest. + +The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for +DSA parameter generation to B. If not specified, one of SHA-1, SHA-224, or +SHA-256 is selected to match the bit length of B above. =head2 DH parameters diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index 8a167ce0d6ff..106873d9acc1 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -8,14 +8,18 @@ EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, -EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify, +EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, -EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check, +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, +EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify, +EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove @@ -112,6 +116,18 @@ EVP_PKEY_meth_remove int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); + void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, @@ -200,6 +216,18 @@ EVP_PKEY_meth_remove int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); + void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index ebe20986dba1..667269cc624e 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -72,21 +72,24 @@ EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. EVP_PKEY_get_raw_private_key() fills the buffer provided by B with raw -private key data. The number of bytes written is populated in B<*len>. If the -buffer B is NULL then B<*len> is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the private key data. This function -only works for algorithms that support raw private keys. Currently this is: -B, B, B, B, -B, B or B. +private key data. The size of the B buffer should be in B<*len> on entry +to the function, and on exit B<*len> is updated with the number of bytes +actually written. If the buffer B is NULL then B<*len> is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the private +key data. This function only works for algorithms that support raw private keys. +Currently this is: B, B, B, +B, B, B or B. EVP_PKEY_get_raw_public_key() fills the buffer provided by B with raw -public key data. The number of bytes written is populated in B<*len>. If the -buffer B is NULL then B<*len> is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the public key data. This function -only works for algorithms that support raw public keys. Currently this is: -B, B, B or B. +public key data. The size of the B buffer should be in B<*len> on entry +to the function, and on exit B<*len> is updated with the number of bytes +actually written. If the buffer B is NULL then B<*len> is populated with +the number of bytes required to hold the key. The calling application is +responsible for ensuring that the buffer is large enough to receive the public +key data. This function only works for algorithms that support raw public keys. +Currently this is: B, B, B or +B. =head1 NOTES @@ -126,7 +129,7 @@ EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_size.pod b/doc/man3/EVP_PKEY_size.pod new file mode 100644 index 000000000000..786c5039142c --- /dev/null +++ b/doc/man3/EVP_PKEY_size.pod @@ -0,0 +1,80 @@ +=pod + +=head1 NAME + +EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +- EVP_PKEY information functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_size(const EVP_PKEY *pkey); + int EVP_PKEY_bits(const EVP_PKEY *pkey); + int EVP_PKEY_security_bits(const EVP_PKEY *pkey); + +=head1 DESCRIPTION + +EVP_PKEY_size() returns the maximum suitable size for the output +buffers for almost all operations that can be done with I. +The primary documented use is with L and +L, but it isn't limited there. The returned size is +also large enough for the output buffer of L, +L, L, L. + +It must be stressed that, unless the documentation for the operation +that's being performed says otherwise, the size returned by +EVP_PKEY_size() is only preliminary and not exact, so the final +contents of the target buffer may be smaller. It is therefore crucial +to take note of the size given back by the function that performs the +operation, such as L (the I argument will +receive that length), to avoid bugs. + +EVP_PKEY_bits() returns the cryptographic length of the cryptosystem +to which the key in I belongs, in bits. Note that the definition +of cryptographic length is specific to the key cryptosystem. + +EVP_PKEY_security_bits() returns the number of security bits of the given +I, bits of security is defined in NIST SP800-57. + +=head1 RETURN VALUES + +EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a +positive number, or 0 if this size isn't available. + +=head1 NOTES + +Most functions that have an output buffer and are mentioned with +EVP_PKEY_size() have a functionality where you can pass NULL for the +buffer and still pass a pointer to an integer and get the exact size +that this function call delivers in the context that it's called in. +This allows those functions to be called twice, once to find out the +exact buffer size, then allocate the buffer in between, and call that +function again actually output the data. For those functions, it +isn't strictly necessary to call EVP_PKEY_size() to find out the +buffer size, but may be useful in cases where it's desirable to know +the upper limit in advance. + +It should also be especially noted that EVP_PKEY_size() shouldn't be +used to get the output size for EVP_DigestSignFinal(), according to +L. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index c26b7f7d5d22..22ce747d333f 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -2,10 +2,8 @@ =head1 NAME -EVP_PKEY_size, -EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, -EVP_PKEY_security_bits - EVP signing -functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal +- EVP signing functions =head1 SYNOPSIS @@ -17,49 +15,36 @@ functions void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_PKEY_size(const EVP_PKEY *pkey); - int EVP_PKEY_security_bits(const EVP_PKEY *pkey); - =head1 DESCRIPTION The EVP signature routines are a high level interface to digital signatures. -EVP_SignInit_ex() sets up signing context B to use digest -B from ENGINE B. B must be created with +EVP_SignInit_ex() sets up signing context I to use digest +I from B I. I must be created with EVP_MD_CTX_new() before calling this function. -EVP_SignUpdate() hashes B bytes of data at B into the -signature context B. This function can be called several times on the -same B to include additional data. +EVP_SignUpdate() hashes I bytes of data at I into the +signature context I. This function can be called several times on the +same I to include additional data. -EVP_SignFinal() signs the data in B using the private key B and -places the signature in B. B must be at least EVP_PKEY_size(pkey) -bytes in size. B is an OUT parameter, and not used as an IN parameter. +EVP_SignFinal() signs the data in I using the private key I and +places the signature in I. I must be at least C +bytes in size. I is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at B, at most EVP_PKEY_size(pkey) bytes +will be written to the integer at I, at most C bytes will be written. -EVP_SignInit() initializes a signing context B to use the default -implementation of digest B. - -EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual -signature returned by EVP_SignFinal() may be smaller. - -EVP_PKEY_security_bits() returns the number of security bits of the given B, -bits of security is defined in NIST SP800-57. +EVP_SignInit() initializes a signing context I to use the default +implementation of digest I. =head1 RETURN VALUES EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 for success and 0 for failure. -EVP_PKEY_size() returns the maximum size of a signature in bytes. - The error codes can be obtained by L. -EVP_PKEY_security_bits() returns the number of security bits. - =head1 NOTES The B interface to digital signatures should almost always be used in @@ -95,6 +80,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. =head1 SEE ALSO +L, L, L, L, L, L, L, L, @@ -103,7 +89,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_request_add1_nonce.pod b/doc/man3/OCSP_request_add1_nonce.pod index 66e4c7b8fb78..81bf645108f3 100644 --- a/doc/man3/OCSP_request_add1_nonce.pod +++ b/doc/man3/OCSP_request_add1_nonce.pod @@ -24,7 +24,7 @@ it adds a nonce to OCSP basic response B. OCSP_check_nonce() compares the nonce value in B and B. -OCSP_copy_nonce() copys any nonce value present in B to B. +OCSP_copy_nonce() copies any nonce value present in B to B. =head1 RETURN VALUES @@ -74,7 +74,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_response_status.pod b/doc/man3/OCSP_response_status.pod index 82f95b3af1d1..e7e22e4cb549 100644 --- a/doc/man3/OCSP_response_status.pod +++ b/doc/man3/OCSP_response_status.pod @@ -58,7 +58,7 @@ with the X509 certificate B. OCSP_basic_sign() signs OCSP response B using certificate B, private key B, digest B and additional certificates B. If the B option -B is set then no certificates will be included in the request. If the +B is set then no certificates will be included in the response. If the B option B is set then the responder is identified by key ID rather than by name. OCSP_basic_sign_ctx() also signs OCSP response B but uses the parameters contained in digest context B. @@ -107,7 +107,7 @@ The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index 65ba235c104e..a129a16bf23c 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -24,8 +24,7 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); - OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req, - int maxline); + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); =head1 DESCRIPTION @@ -54,8 +53,8 @@ OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This function should be called after any calls to OCSP_REQ_CTX_add1_header(). OCSP_sendreq_bio() performs an OCSP request using the responder B, the URL -path B, the OCSP request B and with a response header maximum line -length of B. If B is zero a default value of 4k is used. +path B, and the OCSP request B with a response header maximum line +length 4k. It waits indefinitely on a response. =head1 RETURN VALUES @@ -112,7 +111,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 2d678c951f0a..c60e038309a1 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -160,7 +160,7 @@ about what is being done. For example, identifying the field names when parsing a complicated data structure. OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push()) -attachs an identifying string to the allocation stack. +attaches an identifying string to the allocation stack. This must be a global or other static string; it is not copied. OPENSSL_mem_debug_pop() removes identifying state from the stack. @@ -245,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.> =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 6c395383513b..86c2522afe49 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -7,6 +7,7 @@ CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, CRYPTO_secure_used - secure heap storage =head1 SYNOPSIS @@ -33,6 +34,7 @@ CRYPTO_secure_used - secure heap storage size_t OPENSSL_secure_actual_size(const void *ptr); + int CRYPTO_secure_allocated(const void *ptr); size_t CRYPTO_secure_used(); =head1 DESCRIPTION @@ -90,6 +92,8 @@ OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation. +OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap. + CRYPTO_secure_used() returns the number of bytes allocated in the secure heap. diff --git a/doc/man3/PEM_bytes_read_bio.pod b/doc/man3/PEM_bytes_read_bio.pod index 3a5bfee9969f..eb2fb2059ee7 100644 --- a/doc/man3/PEM_bytes_read_bio.pod +++ b/doc/man3/PEM_bytes_read_bio.pod @@ -17,7 +17,8 @@ PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structur =head1 DESCRIPTION -PEM_bytes_read_bio() reads PEM-formatted (RFC 1421) data from the BIO +PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468) +data from the BIO I for the data type given in I (RSA PRIVATE KEY, CERTIFICATE, etc.). If multiple PEM-encoded data structures are present in the same stream, PEM_bytes_read_bio() will skip non-matching data types and @@ -66,7 +67,6 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or =head1 SEE ALSO -L, L, L diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 7c381e85feff..a8306500fb3c 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -15,7 +15,8 @@ PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, -PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters, +PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, @@ -110,6 +111,9 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); + EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); + int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x); + DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); int PEM_write_bio_DSAparams(BIO *bp, DSA *x); @@ -216,6 +220,12 @@ a DSA structure. The public key is encoded using a SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. +The B functions read or write key parameters in PEM format using +an EVP_PKEY structure. The encoding depends on the type of key; for DSA key +parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH +key parameters, it will be a PKCS#3 DHparameter structure. I type>. + The B functions process DSA parameters using a DSA structure. The parameters are encoded using a Dss-Parms structure as defined in RFC2459. diff --git a/doc/man3/PEM_read_bio_ex.pod b/doc/man3/PEM_read_bio_ex.pod index a16b0ede5a9c..9748e74e0f77 100644 --- a/doc/man3/PEM_read_bio_ex.pod +++ b/doc/man3/PEM_read_bio_ex.pod @@ -52,7 +52,7 @@ PEM_read_bio_ex() returns 1 for success or 0 for failure. =head1 SEE ALSO -L +L =head1 HISTORY diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index e2265d170a61..c44c2f967607 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -19,8 +19,8 @@ Deprecated: =head1 DESCRIPTION -RAND_bytes() puts B cryptographically strong pseudo-random bytes -into B. +RAND_bytes() generates B random bytes using a cryptographically +secure pseudo random generator (CSPRNG) and stores them in B. RAND_priv_bytes() has the same semantics as RAND_bytes(). It is intended to be used for generating values that should remain private. If using the @@ -31,10 +31,22 @@ and L. =head1 NOTES -Always check the error return value of RAND_bytes() and -RAND_priv_bytes() and do not take randomness for granted: an error occurs -if the CSPRNG has not been seeded with enough randomness to ensure an -unpredictable byte sequence. +By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it +was able to seed itself from a trusted entropy source. +On all major platforms supported by OpenSSL (including the Unix-like platforms +and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use +using the operating systems's random generator. + +If the entropy source fails or is not available, the CSPRNG will enter an +error state and refuse to generate random bytes. For that reason, it is important +to always check the error return value of RAND_bytes() and RAND_priv_bytes() and +not take randomness for granted. + +On other platforms, there might not be a trusted entropy source available +or OpenSSL might have been explicitly configured to use different entropy sources. +If you are in doubt about the quality of the entropy source, don't hesitate to ask +your operating system vendor or post a question on GitHub or the openssl-users +mailing list. =head1 RETURN VALUES @@ -68,7 +80,7 @@ The RAND_priv_bytes() function was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/RAND_set_rand_method.pod b/doc/man3/RAND_set_rand_method.pod index 83a6cac17a51..b120e712e6f3 100644 --- a/doc/man3/RAND_set_rand_method.pod +++ b/doc/man3/RAND_set_rand_method.pod @@ -48,7 +48,7 @@ Each pointer may be NULL if the function is not implemented. =head1 RETURN VALUES -RAND_set_rand_method() returns 1 on success and 0 on failue. +RAND_set_rand_method() returns 1 on success and 0 on failure. RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective methods. diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index 358c2de256f9..adcd57c49071 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -5,7 +5,7 @@ RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, -RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, +RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, @@ -33,6 +33,7 @@ RSA_set0_multi_prime_params, RSA_get_version const BIGNUM *RSA_get0_dmp1(const RSA *r); const BIGNUM *RSA_get0_dmq1(const RSA *r); const BIGNUM *RSA_get0_iqmp(const RSA *r); + const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); @@ -98,6 +99,8 @@ retrieved separately by the corresponding function RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(), RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively. +RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters. + RSA_set_flags() sets the flags in the B parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to @@ -157,6 +160,8 @@ L, L =head1 HISTORY +The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e. + The RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(), RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(), diff --git a/doc/man3/SSL_CTX_sess_set_get_cb.pod b/doc/man3/SSL_CTX_sess_set_get_cb.pod index 774c4b120f6e..d30f84d78a28 100644 --- a/doc/man3/SSL_CTX_sess_set_get_cb.pod +++ b/doc/man3/SSL_CTX_sess_set_get_cb.pod @@ -28,19 +28,19 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS =head1 DESCRIPTION -SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically +SSL_CTX_sess_set_new_cb() sets the callback function that is called whenever a new session was negotiated. -SSL_CTX_sess_set_remove_cb() sets the callback function, which is -automatically called whenever a session is removed by the SSL engine, -because it is considered faulty or the session has become obsolete because -of exceeding the timeout value. +SSL_CTX_sess_set_remove_cb() sets the callback function that is +called whenever a session is removed by the SSL engine. For example, +this can occur because a session is considered faulty or has become obsolete +because of exceeding the timeout value. -SSL_CTX_sess_set_get_cb() sets the callback function which is called, -whenever a SSL/TLS client proposed to resume a session but the session +SSL_CTX_sess_set_get_cb() sets the callback function that is called +whenever a TLS client proposed to resume a session but the session could not be found in the internal session cache (see L). -(SSL/TLS server only.) +(TLS server only.) SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the @@ -54,12 +54,19 @@ session cache is realized via callback functions. Inside these callback functions, session can be saved to disk or put into a database using the L interface. -The new_session_cb() is called, whenever a new session has been negotiated -and session caching is enabled (see -L). -The new_session_cb() is passed the B connection and the ssl session -B. If the callback returns B<0>, the session will be immediately -removed again. Note that in TLSv1.3, sessions are established after the main +The new_session_cb() is called whenever a new session has been negotiated and +session caching is enabled (see L). The +new_session_cb() is passed the B connection and the nascent +ssl session B. +Since sessions are reference-counted objects, the reference count on the +session is incremented before the callback, on behalf of the application. If +the callback returns B<0>, the session will be immediately removed from the +internal cache and the reference count released. If the callback returns B<1>, +the application retains the reference (for an entry in the +application-maintained "external session cache"), and is responsible for +calling SSL_SESSION_free() when the session reference is no longer in use. + +Note that in TLSv1.3, sessions are established after the main handshake has completed. The server decides when to send the client the session information and this may occur some time after the end of the handshake (or not at all). This means that applications should expect the new_session_cb() @@ -72,21 +79,23 @@ In TLSv1.3 it is recommended that each SSL_SESSION object is only used for resumption once. One way of enforcing that is for applications to call L after a session has been used. -The remove_session_cb() is called, whenever the SSL engine removes a session -from the internal cache. This happens when the session is removed because +The remove_session_cb() is called whenever the SSL engine removes a session +from the internal cache. This can happen when the session is removed because it is expired or when a connection was not shutdown cleanly. It also happens for all sessions in the internal session cache when L is called. The remove_session_cb() is passed the B and the ssl session B. It does not provide any feedback. -The get_session_cb() is only called on SSL/TLS servers with the session id -proposed by the client. The get_session_cb() is always called, also when +The get_session_cb() is only called on SSL/TLS servers, and is given +the session id +proposed by the client. The get_session_cb() is always called, even when session caching was disabled. The get_session_cb() is passed the -B connection, the session id of length B at the memory location -B. With the parameter B the callback can require the -SSL engine to increment the reference count of the SSL_SESSION object, -Normally the reference count is not incremented and therefore the -session must not be explicitly freed with +B connection and the session id of length B at the memory location +B. By setting the parameter B to B<1>, the callback can require the +SSL engine to increment the reference count of the SSL_SESSION object; +setting B to B<0> causes the reference count to remain unchanged. +If the get_session_cb() does not write to B, the reference count +is incremented and the session must be explicitly freed with L. =head1 RETURN VALUES @@ -104,7 +113,7 @@ L =head1 COPYRIGHT -Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod index f29153ed25d8..aa167f6332ed 100644 --- a/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod +++ b/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod @@ -3,7 +3,9 @@ =head1 NAME SSL_CTX_set_stateless_cookie_generate_cb, -SSL_CTX_set_stateless_cookie_verify_cb +SSL_CTX_set_stateless_cookie_verify_cb, +SSL_CTX_set_cookie_generate_cb, +SSL_CTX_set_cookie_verify_cb - Callback functions for stateless TLS1.3 cookies =head1 SYNOPSIS @@ -21,22 +23,51 @@ SSL_CTX_set_stateless_cookie_verify_cb const unsigned char *cookie, size_t cookie_len)); + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, + unsigned char + *cookie, + unsigned int + *cookie_len)); + void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, + const unsigned + char *cookie, + unsigned int + cookie_len)); + =head1 DESCRIPTION -SSL_CTX_set_cookie_generate_cb() sets the callback used by L -to generate the application-controlled portion of the cookie provided to clients -in the HelloRetryRequest transmitted as a response to a ClientHello with a -missing or invalid cookie. gen_stateless_cookie_cb() must write at most -SSL_COOKIE_LENGTH bytes into B, and must write the number of bytes -written to B. If a cookie cannot be generated, a zero return value -can be used to abort the handshake. +SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by +L to generate the application-controlled portion of the cookie +provided to clients in the HelloRetryRequest transmitted as a response to a +ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must +write at most SSL_COOKIE_LENGTH bytes into B, and must write the number +of bytes written to B. If a cookie cannot be generated, a zero +return value can be used to abort the handshake. -SSL_CTX_set_cookie_verify_cb() sets the callback used by L to -determine whether the application-controlled portion of a ClientHello cookie is -valid. A nonzero return value from app_verify_cookie_cb() communicates that the -cookie is valid. The integrity of the entire cookie, including the -application-controlled portion, is automatically verified by HMAC before -verify_stateless_cookie_cb() is called. +SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by +L to determine whether the application-controlled portion of a +ClientHello cookie is valid. The cookie data is pointed to by B and is of +length B. A nonzero return value from verify_stateless_cookie_cb() +communicates that the cookie is valid. The integrity of the entire cookie, +including the application-controlled portion, is automatically verified by HMAC +before verify_stateless_cookie_cb() is called. + +SSL_CTX_set_cookie_generate_cb() sets the callback used by L +to generate the cookie provided to clients in the HelloVerifyRequest transmitted +as a response to a ClientHello with a missing or invalid cookie. +app_gen_cookie_cb() must write at most DTLS1_COOKIE_LENGTH bytes into +B, and must write the number of bytes written to B. If a +cookie cannot be generated, a zero return value can be used to abort the +handshake. + +SSL_CTX_set_cookie_verify_cb() sets the callback used by L to +determine whether the cookie in a ClientHello is valid. The cookie data is +pointed to by B and is of length B. A nonzero return value +from app_verify_cookie_cb() communicates that the cookie is valid. The +integrity of the cookie is not verified by OpenSSL. This is an application +responsibility. =head1 RETURN VALUES @@ -44,7 +75,13 @@ Neither function returns a value. =head1 SEE ALSO -L +L, +L + +=head1 HISTORY + +SSL_CTX_set_stateless_cookie_generate_cb() and +SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod index b1fb5ab7d9fa..e971035734e1 100644 --- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -11,7 +11,7 @@ SSL_set_tlsext_host_name - handle server name indication (SNI) #include long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, - int (*cb)(SSL *, int *, void *)); + int (*cb)(SSL *s, int *al, void *arg)); long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); const char *SSL_get_servername(const SSL *s, const int type); @@ -21,21 +21,106 @@ SSL_set_tlsext_host_name - handle server name indication (SNI) =head1 DESCRIPTION -The functionality provided by the servername callback is superseded by the -ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). -The servername callback is retained for historical compatibility. +The functionality provided by the servername callback is mostly superseded by +the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb(). +However, even where the ClientHello callback is used, the servername callback is +still necessary in order to acknowledge the servername requested by the client. SSL_CTX_set_tlsext_servername_callback() sets the application callback B used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When B -is NULL, SNI is not used. The B value is a pointer which is passed to -the application callback. +is NULL, SNI is not used. + +The servername callback should return one of the following values: + +=over 4 + +=item SSL_TLSEXT_ERR_OK + +This is used to indicate that the servername requested by the client has been +accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set +up a different configuration for the selected servername in this case. + +=item SSL_TLSEXT_ERR_ALERT_FATAL + +In this case the servername requested by the client is not accepted and the +handshake will be aborted. The value of the alert to be used should be stored in +the location pointed to by the B parameter to the callback. By default this +value is initialised to SSL_AD_UNRECOGNIZED_NAME. + +=item SSL_TLSEXT_ERR_ALERT_WARNING + +If this value is returned then the servername is not accepted by the server. +However the handshake will continue and send a warning alert instead. The value +of the alert should be stored in the location pointed to by the B parameter +as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support +warning alerts, so if TLSv1.3 has been negotiated then this return value is +treated the same way as SSL_TLSEXT_ERR_NOACK. + +=item SSL_TLSEXT_ERR_NOACK + +This return value indicates that the servername is not accepted by the server. +No alerts are sent and the server will not acknowledge the requested servername. + +=back SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be -passed into the callback for this B. +passed into the callback (via the B parameter) for this B. -SSL_get_servername() returns a servername extension value of the specified -type if provided in the Client Hello or NULL. +The behaviour of SSL_get_servername() depends on a number of different factors. +In particular note that in TLSv1.3 the servername is negotiated in every +handshake. In TLSv1.2 the servername is only negotiated on initial handshakes +and not on resumption handshakes. + +=over 4 + +=item On the client, before the handshake + +If a servername has been set via a call to SSL_set_tlsext_host_name() then it +will return that servername. + +If one has not been set, but a TLSv1.2 resumption is being attempted and the +session from the original handshake had a servername accepted by the server then +it will return that servername. + +Otherwise it returns NULL. + +=item On the client, during or after the handshake and a TLSv1.2 (or below) +resumption occurred + +If the session from the orignal handshake had a servername accepted by the +server then it will return that servername. + +Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL +if it was not called. + +=item On the client, during or after the handshake and a TLSv1.2 (or below) +resumption did not occur + +It will return the servername set via SSL_set_tlsext_host_name() or NULL if it +was not called. + +=item On the server, before the handshake + +The function will always return NULL before the handshake + +=item On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption occurred + +If a servername was accepted by the server in the original handshake then it +will return that servername, or NULL otherwise. + +=item On the server, after the servername extension has been processed and a +TLSv1.2 (or below) resumption did not occur + +The function will return the servername requested by the client in this +handshake or NULL if none was requested. + +=back + +Note that the ClientHello callback occurs before a servername extension from the +client is processed. The servername, certificate and ALPN callbacks occur after +a servername extension from the client is processed. SSL_get_servername_type() returns the servername type or -1 if no servername is present. Currently the only supported type (defined in RFC3546) is @@ -65,9 +150,26 @@ SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error. L, L, L, L +=head1 HISTORY + +SSL_get_servername() historically provided some unexpected results in certain +corner cases. This has been fixed from OpenSSL 1.1.1e. + +Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 +handshake, the server accepted it, and then the client successfully resumed but +set a different explict servername in the second handshake then when called by +the client it returned the servername from the second handshake. This has now +been changed to return the servername requested in the original handshake. + +Also prior to 1.1.1e, if the client sent a servername in the first handshake but +the server did not accept it, and then a second handshake occured where TLSv1.2 +resumption was successful then when called by the server it returned the +servername requested in the original handshake. This has now been changed to +NULL. + =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index c8f7526610a8..0957ade5e106 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -39,9 +39,9 @@ SSL_set_psk_find_session_callback =head1 DESCRIPTION -A client application wishing to use TLSv1.3 PSKs should set a callback -using either SSL_CTX_set_psk_use_session_callback() or -SSL_set_psk_use_session_callback() as appropriate. +A server application wishing to use TLSv1.3 PSKs should set a callback +using either SSL_CTX_set_psk_find_session_callback() or +SSL_set_psk_find_session_callback() as appropriate. The callback function is given a pointer to the SSL connection in B and an identity in B of length B. The callback function diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod index 475f700a88c5..6e39cbc656dd 100644 --- a/doc/man3/SSL_SESSION_get0_hostname.pod +++ b/doc/man3/SSL_SESSION_get0_hostname.pod @@ -24,7 +24,10 @@ SSL_SESSION_set1_alpn_selected =head1 DESCRIPTION SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created, or NULL if no value was sent. +client when the session was created if it was accepted by the server and TLSv1.2 +or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the +SNI hostname is negotiated with each handshake including resumption handshakes +and is therefore never associated with the session. The value returned is a pointer to memory maintained within B and should not be free'd. @@ -64,7 +67,7 @@ SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_accept.pod b/doc/man3/SSL_accept.pod index 335655f0c8c8..b1595f7acf34 100644 --- a/doc/man3/SSL_accept.pod +++ b/doc/man3/SSL_accept.pod @@ -56,7 +56,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation +not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value B to find out the reason. @@ -72,7 +72,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_connect.pod b/doc/man3/SSL_connect.pod index 426b8ad757db..f7d9e57db622 100644 --- a/doc/man3/SSL_connect.pod +++ b/doc/man3/SSL_connect.pod @@ -71,7 +71,7 @@ established. The TLS/SSL handshake was not successful, because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation +not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value B to find out the reason. @@ -87,7 +87,7 @@ L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_do_handshake.pod b/doc/man3/SSL_do_handshake.pod index a1b973f7b80a..8852f9d3e3dc 100644 --- a/doc/man3/SSL_do_handshake.pod +++ b/doc/man3/SSL_do_handshake.pod @@ -57,7 +57,7 @@ established. The TLS/SSL handshake was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation +not clean. It can also occur if action is needed to continue the operation for non-blocking BIOs. Call SSL_get_error() with the return value B to find out the reason. @@ -71,7 +71,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod index a6cfb308d30c..f354ef4177dc 100644 --- a/doc/man3/SSL_load_client_CA_file.pod +++ b/doc/man3/SSL_load_client_CA_file.pod @@ -2,7 +2,10 @@ =head1 NAME -SSL_load_client_CA_file - load certificate names from file +SSL_load_client_CA_file, +SSL_add_file_cert_subjects_to_stack, +SSL_add_dir_cert_subjects_to_stack +- load certificate names =head1 SYNOPSIS @@ -10,11 +13,23 @@ SSL_load_client_CA_file - load certificate names from file STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); + int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *file) + int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, + const char *dir) + =head1 DESCRIPTION -SSL_load_client_CA_file() reads certificates from B and returns +SSL_load_client_CA_file() reads certificates from I and returns a STACK_OF(X509_NAME) with the subject names found. +SSL_add_file_cert_subjects_to_stack() reads certificates from I, +and adds their subject name to the already existing I. + +SSL_add_dir_cert_subjects_to_stack() reads certificates from every +file in the directory I

, and adds their subject name to the +already existing I. + =head1 NOTES SSL_load_client_CA_file() reads a file of PEM formatted certificates and diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod new file mode 100644 index 000000000000..3e0bb6ab221c --- /dev/null +++ b/doc/man3/X509_LOOKUP.pod @@ -0,0 +1,212 @@ +=pod + +=head1 NAME + +X509_LOOKUP, X509_LOOKUP_TYPE, +X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init, +X509_LOOKUP_shutdown, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_ctrl, +X509_LOOKUP_load_file, X509_LOOKUP_add_dir, +X509_LOOKUP_get_store, X509_LOOKUP_by_subject, +X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint, +X509_LOOKUP_by_alias +- OpenSSL certificate lookup mechanisms + +=head1 SYNOPSIS + + #include + + typedef x509_lookup_st X509_LOOKUP; + + typedef enum X509_LOOKUP_TYPE; + + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); + int X509_LOOKUP_init(X509_LOOKUP *ctx); + int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + void X509_LOOKUP_free(X509_LOOKUP *ctx); + + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); + void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); + + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type); + int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type); + + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); + + int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); + int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + X509_NAME *name, ASN1_INTEGER *serial, + X509_OBJECT *ret); + int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const unsigned char *bytes, int len, + X509_OBJECT *ret); + int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, + const char *str, int len, X509_OBJECT *ret); + +=head1 DESCRIPTION + +The B structure holds the information needed to look up +certificates and CRLs according to an associated L. +Multiple B instances can be added to an L +to enable lookup in that store. + +X509_LOOKUP_new() creates a new B using the given lookup +I. +It can also be created by calling L, which +will associate an B with the lookup mechanism. + +X509_LOOKUP_init() initializes the internal state and resources as +needed by the given B to do its work. + +X509_LOOKUP_shutdown() tears down the internal state and resources of +the given B. + +X509_LOOKUP_free() destructs the given B. + +X509_LOOKUP_set_method_data() associates a pointer to application data +to the given B. + +X509_LOOKUP_get_method_data() retrieves a pointer to application data +from the given B. + +X509_LOOKUP_ctrl() is used to set or get additional data to or from an +B structure or its associated L. +The arguments of the control command are passed via I and I, +its return value via I<*ret>. +The meaning of the arguments depends on the I number of the +control command. In general, this function is not called directly, but +wrapped by a macro call, see below. +The control Is known to OpenSSL are discussed in more depth +in L. + +X509_LOOKUP_load_file() passes a filename to be loaded immediately +into the associated B. +I indicates what type of object is expected. +This can only be used with a lookup using the implementation +L. + +X509_LOOKUP_add_dir() passes a directory specification from which +certificates and CRLs are loaded on demand into the associated +B. +I indicates what type of object is expected. +This can only be used with a lookup using the implementation +L. + +X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(), +X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented +as macros that use X509_LOOKUP_ctrl(). + +X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up +certificates and CRLs in the L associated with the +B using different criteria, where the looked up object is +stored in I. +Some of the underlying Bs will also cache objects +matching the criteria in the associated B, which makes it +possible to handle cases where the criteria have more than one hit. + +=head2 File Types + +X509_LOOKUP_load_file() and X509_LOOKUP_add_dir() take a I, +which can be one of the following: + +=over 4 + +=item B + +The file or files that are loaded are expected to be in PEM format. + +=item B + +The file or files that are loaded are expected to be in raw DER format. + +=item B + +The default certificate file or directory is used. In this case, +I is ignored. + +=begin comment + +TODO +Document X509_get_default_cert_file_env(3), +X509_get_default_cert_file(3), X509_get_default_cert_dir_env(3) and +X509_get_default_cert_dir(3) and link to them here. + +=end comment + +=back + +=head2 Control Commands + +The Bs built into OpenSSL recognise the following +X509_LOOKUP_ctrl() Is: + +=over 4 + +=item B + +This is the command that X509_LOOKUP_load_file() uses. +The filename is passed in I, and the type in I. + +=item B + +This is the command that X509_LOOKUP_add_dir() uses. +The directory specification is passed in I, and the type in +I. + +=item B + +This is the command that X509_LOOKUP_add_store() uses. +The URI is passed in I. + +=item B + +This is the command that X509_LOOKUP_load_store() uses. +The URI is passed in I. + +=back + +=head1 RETURN VALUES + +X509_LOOKUP_new() returns an B pointer when successful, +or NULL on error. + +X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or +0 on error. + +X509_LOOKUP_ctrl() returns -1 if the B doesn't have an +associated B, or 1 if the X<509_LOOKUP_METHOD> +doesn't have a control function. +Otherwise, it returns what the control function in the +B returns, which is usually 1 on success and 0 in +error. + +X509_LOOKUP_get_store() returns an B pointer if there is +one, otherwise NULL. + +X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(), +X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0 +if there is no B or that method doesn't implement +the corresponding function. +Otherwise, it returns what the corresponding function in the +B returns, which is usually 1 on success and 0 in +error. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/X509_LOOKUP_meth_new.pod b/doc/man3/X509_LOOKUP_meth_new.pod index e5f0a098b3fa..a4e7466395dd 100644 --- a/doc/man3/X509_LOOKUP_meth_new.pod +++ b/doc/man3/X509_LOOKUP_meth_new.pod @@ -2,6 +2,7 @@ =head1 NAME +X509_LOOKUP_METHOD, X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, @@ -16,14 +17,15 @@ X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, -X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, -X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL - Routines to build up X509_LOOKUP methods =head1 SYNOPSIS #include + typedef x509_lookup_method_st X509_LOOKUP_METHOD; + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); @@ -92,11 +94,6 @@ X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( const X509_LOOKUP_METHOD *method); - int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); - void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); - - X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); - int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); @@ -118,7 +115,7 @@ X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the function that is called when an B object is created with X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP specific data, the supplied new_item function should allocate this data and -invoke X509_LOOKUP_set_method_data(). +invoke L. X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function that is used to free any method data that was allocated and set from within @@ -126,7 +123,7 @@ new_item function. X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the function that is used to initialize the method data that was set with -X509_LOOKUP_set_method_data() as part of the new_item routine. +L as part of the new_item routine. X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set the function that is used to shut down the method data whose state was @@ -164,9 +161,9 @@ increments the result's reference count. Any method data that was created as a result of the new_item function set by X509_LOOKUP_meth_set_new_item() can be accessed with -X509_LOOKUP_get_method_data(). The B object that owns the -X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups -should return 1, and unsuccessful lookups should return 0. +L. The B object that owns the +X509_LOOKUP may be accessed with L. Successful +lookups should return 1, and unsuccessful lookups should return 0. X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve @@ -189,7 +186,7 @@ The functions described here were added in OpenSSL 1.1.0i. =head1 COPYRIGHT -Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index 472db508bc4e..c5042858be85 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -28,7 +28,7 @@ X509_STORE_CTX_verify_fn void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); - STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index 3ea5b8b1272f..d840bd6d69bf 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -2,8 +2,10 @@ =head1 NAME +X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths - X509_STORE manipulation @@ -12,6 +14,8 @@ X509_STORE_set_default_paths #include + typedef x509_store_st X509_STORE; + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); int X509_STORE_set_depth(X509_STORE *store, int depth); @@ -19,6 +23,9 @@ X509_STORE_set_default_paths int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, + X509_LOOKUP_METHOD *meth); + int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); @@ -65,6 +72,11 @@ for the corresponding values used in certificate chain validation. Their behavior is documented in the corresponding B manual pages, e.g., L. +X509_STORE_add_lookup() finds or creates a L with the +L I and adds it to the B +I. This also associates the B with the lookup, so +B functions can look up objects in that store. + X509_STORE_load_locations() loads trusted certificate(s) into an B from a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. The certificates @@ -83,6 +95,9 @@ X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), X509_STORE_load_locations(), and X509_STORE_set_default_paths() return 1 on success or 0 on failure. +X509_STORE_add_lookup() returns the found or created +L, or NULL on error. + =head1 SEE ALSO L. @@ -92,7 +107,7 @@ L =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index e36270f73940..a8319bd4715b 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -307,7 +307,6 @@ i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, -i2d_PublicKey, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, @@ -461,7 +460,7 @@ Represents an ASN1 OBJECT IDENTIFIER. Represents a PKCS#3 DH parameters structure. -=item B +=item B Represents an ANSI X9.42 DH parameters structure. @@ -611,7 +610,7 @@ efficiency reasons. =head1 COPYRIGHT -Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 992fdfccf917..7b50b099198c 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -355,6 +355,22 @@ Simple OpenSSL library configuration example to enter FIPS mode: Note: in the above example you will get an error in non FIPS capable versions of OpenSSL. +Simple OpenSSL library configuration to make TLS 1.3 the system-default +minimum TLS version: + + # Toplevel section for openssl (including libssl) + openssl_conf = default_conf_section + + [default_conf_section] + # We only specify configuration for the "ssl module" + ssl_conf = ssl_section + + [ssl_section] + system_default = system_default_section + + [system_default_section] + MinProtocol = TLSv1.3 + More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: # Default appname: should match "appname" parameter (if any) @@ -426,7 +442,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/Ed25519.pod b/doc/man7/Ed25519.pod index 6442e0ea4378..8ab4fff76493 100644 --- a/doc/man7/Ed25519.pod +++ b/doc/man7/Ed25519.pod @@ -11,7 +11,7 @@ Ed448 The B and B EVP_PKEY implementation supports key generation, one-shot digest sign and digest verify using PureEdDSA and B or B (see RFC8032). It has associated private and public key formats compatible with -draft-ietf-curdle-pkix-04. +RFC 8410. No additional parameters can be set during key generation, one-shot signing or verification. In particular, because PureEdDSA is used, a digest must B be @@ -77,7 +77,7 @@ L, =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/X25519.pod b/doc/man7/X25519.pod index 4851f8a1d9dc..6f153cb4b983 100644 --- a/doc/man7/X25519.pod +++ b/doc/man7/X25519.pod @@ -10,7 +10,7 @@ X448 The B and B EVP_PKEY implementation supports key generation and key derivation using B and B. It has associated private and public -key formats compatible with draft-ietf-curdle-pkix-03. +key formats compatible with RFC 8410. No additional parameters can be set during key generation. @@ -64,7 +64,7 @@ L =head1 COPYRIGHT -Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/passphrase-encoding.pod b/doc/man7/passphrase-encoding.pod index 68108445269b..19dcef9acc36 100644 --- a/doc/man7/passphrase-encoding.pod +++ b/doc/man7/passphrase-encoding.pod @@ -65,7 +65,7 @@ A pass phrase encoded in ISO-8859-2 could very well have a sequence such as 0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE" and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN -SMALL LETTER I WITH DIARESIS) I. A pass phrase that contains this kind of byte sequence will give a different outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. @@ -170,7 +170,7 @@ L =head1 COPYRIGHT -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/proxy-certificates.pod b/doc/man7/proxy-certificates.pod new file mode 100644 index 000000000000..df5ee1b4b518 --- /dev/null +++ b/doc/man7/proxy-certificates.pod @@ -0,0 +1,363 @@ +=pod + +=encoding UTF-8 + +=head1 NAME + +proxy-certificates - Proxy certificates in OpenSSL + +=head1 DESCRIPTION + +Proxy certificates are defined in RFC 3820. They are used to +extend rights to some other entity (a computer process, typically, or +sometimes to the user itself). This allows the entity to perform +operations on behalf of the owner of the EE (End Entity) certificate. + +The requirements for a valid proxy certificate are: + +=over 4 + +=item * + +They are issued by an End Entity, either a normal EE certificate, or +another proxy certificate. + +=item * + +They must not have the B or B +extensions. + +=item * + +They must have the B extension. + +=item * + +They must have the subject of their issuer, with one B +added. + +=back + +=head2 Enabling proxy certificate verification + +OpenSSL expects applications that want to use proxy certificates to be +specially aware of them, and make that explicit. This is done by +setting an X509 verification flag: + + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + +or + + X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS); + +See L for a discussion on this requirement. + +=head2 Creating proxy certificates + +Creating proxy certificates can be done using the L +command, with some extra extensions: + + [ v3_proxy ] + # A proxy certificate MUST NEVER be a CA certificate. + basicConstraints=CA:FALSE + + # Usual authority key ID + authorityKeyIdentifier=keyid,issuer:always + + # The extension which marks this certificate as a proxy + proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB + +It's also possible to specify the proxy extension in a separate section: + + proxyCertInfo=critical,@proxy_ext + + [ proxy_ext ] + language=id-ppl-anyLanguage + pathlen=0 + policy=text:BC + +The policy value has a specific syntax, I:I, where the +I determines what will be done with the string. The following +Is are recognised: + +=over 4 + +=item B + +indicates that the string is a byte sequence, without any encoding: + + policy=text:räksmörgås + +=item B + +indicates the string is encoded hexadecimal encoded binary data, with +colons between each byte (every second hex digit): + + policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 + +=item B + +indicates that the text of the policy should be taken from a file. +The string is then a filename. This is useful for policies that are +large (more than a few lines, e.g. XML documents). + +=back + +I + +With a proxy extension, creating a proxy certificate is a matter of +two commands: + + openssl req -new -config proxy.cnf \ + -out proxy.req -keyout proxy.key \ + -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" + + openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \ + -CA user.crt -CAkey user.key -days 7 \ + -extfile proxy.cnf -extensions v3_proxy1 + +You can also create a proxy certificate using another proxy +certificate as issuer (note: using a different configuration +section for the proxy extensions): + + openssl req -new -config proxy.cnf \ + -out proxy2.req -keyout proxy2.key \ + -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" + + openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \ + -CA proxy.crt -CAkey proxy.key -days 7 \ + -extfile proxy.cnf -extensions v3_proxy2 + +=head2 Using proxy certs in applications + +To interpret proxy policies, the application would normally start with +some default rights (perhaps none at all), then compute the resulting +rights by checking the rights against the chain of proxy certificates, +user certificate and CA certificates. + +The complicated part is figuring out how to pass data between your +application and the certificate validation procedure. + +The following ingredients are needed for such processing: + +=over 4 + +=item * + +a callback function that will be called for every certificate being +validated. The callback is called several times for each certificate, +so you must be careful to do the proxy policy interpretation at the +right time. You also need to fill in the defaults when the EE +certificate is checked. + +=item * + +a data structure that is shared between your application code and the +callback. + +=item * + +a wrapper function that sets it all up. + +=item * + +an ex_data index function that creates an index into the generic +ex_data store that is attached to an X509 validation context. + +=back + +The following skeleton code can be used as a starting point: + + #include + #include + #include + #include + + #define total_rights 25 + + /* + * In this example, I will use a view of granted rights as a bit + * array, one bit for each possible right. + */ + typedef struct your_rights { + unsigned char rights[(total_rights + 7) / 8]; + } YOUR_RIGHTS; + + /* + * The following procedure will create an index for the ex_data + * store in the X509 validation context the first time it's + * called. Subsequent calls will return the same index. + */ + static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx) + { + static volatile int idx = -1; + + if (idx < 0) { + X509_STORE_lock(X509_STORE_CTX_get0_store(ctx)); + if (idx < 0) { + idx = X509_STORE_CTX_get_ex_new_index(0, + "for verify callback", + NULL,NULL,NULL); + } + X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx)); + } + return idx; + } + + /* Callback to be given to the X509 validation procedure. */ + static int verify_callback(int ok, X509_STORE_CTX *ctx) + { + if (ok == 1) { + /* + * It's REALLY important you keep the proxy policy check + * within this section. It's important to know that when + * ok is 1, the certificates are checked from top to + * bottom. You get the CA root first, followed by the + * possible chain of intermediate CAs, followed by the EE + * certificate, followed by the possible proxy + * certificates. + */ + X509 *xs = X509_STORE_CTX_get_current_cert(ctx); + + if (X509_get_extension_flags(xs) & EXFLAG_PROXY) { + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx(ctx)); + PROXY_CERT_INFO_EXTENSION *pci = + X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); + + switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { + case NID_Independent: + /* + * Do whatever you need to grant explicit rights + * to this particular proxy certificate, usually + * by pulling them from some database. If there + * are none to be found, clear all rights (making + * this and any subsequent proxy certificate void + * of any rights). + */ + memset(rights->rights, 0, sizeof(rights->rights)); + break; + case NID_id_ppl_inheritAll: + /* + * This is basically a NOP, we simply let the + * current rights stand as they are. + */ + break; + default: + /* + * This is usually the most complex section of + * code. You really do whatever you want as long + * as you follow RFC 3820. In the example we use + * here, the simplest thing to do is to build + * another, temporary bit array and fill it with + * the rights granted by the current proxy + * certificate, then use it as a mask on the + * accumulated rights bit array, and voilà, you + * now have a new accumulated rights bit array. + */ + { + int i; + YOUR_RIGHTS tmp_rights; + memset(tmp_rights.rights, 0, + sizeof(tmp_rights.rights)); + + /* + * process_rights() is supposed to be a + * procedure that takes a string and its + * length, interprets it and sets the bits + * in the YOUR_RIGHTS pointed at by the + * third argument. + */ + process_rights((char *) pci->proxyPolicy->policy->data, + pci->proxyPolicy->policy->length, + &tmp_rights); + + for(i = 0; i < total_rights / 8; i++) + rights->rights[i] &= tmp_rights.rights[i]; + } + break; + } + PROXY_CERT_INFO_EXTENSION_free(pci); + } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) { + /* We have an EE certificate, let's use it to set default! */ + YOUR_RIGHTS *rights = + (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, + get_proxy_auth_ex_data_idx(ctx)); + + /* + * The following procedure finds out what rights the + * owner of the current certificate has, and sets them + * in the YOUR_RIGHTS structure pointed at by the + * second argument. + */ + set_default_rights(xs, rights); + } + } + return ok; + } + + static int my_X509_verify_cert(X509_STORE_CTX *ctx, + YOUR_RIGHTS *needed_rights) + { + int ok; + int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = + X509_STORE_CTX_get_verify_cb(ctx); + YOUR_RIGHTS rights; + + X509_STORE_CTX_set_verify_cb(ctx, verify_callback); + X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), + &rights); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + ok = X509_verify_cert(ctx); + + if (ok == 1) { + ok = check_needed_rights(rights, needed_rights); + } + + X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); + + return ok; + } + +If you use SSL or TLS, you can easily set up a callback to have the +certificates checked properly, using the code above: + + SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, + &needed_rights); + +=head1 NOTES + +To this date, it seems that proxy certificates have only been used in +environments that are aware of them, and no one seems to have +investigated how they can be used or misused outside of such an +environment. + +For that reason, OpenSSL requires that applications aware of proxy +certificates must also make that explicit. + +B and B are forbidden in proxy +certificates, and this is enforced in OpenSSL. The subject must be +the same as the issuer, with one commonName added on. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, L, +L + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/e_os.h b/e_os.h index 858bc40cb1fc..34223a0bcdb6 100644 --- a/e_os.h +++ b/e_os.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_E_OS_H -# define HEADER_E_OS_H +#ifndef OSSL_E_OS_H +# define OSSL_E_OS_H # include # include @@ -42,7 +42,7 @@ # endif /* * Some operating systems do not permit select(2) on their random devices, - * defining this to zero will force the used of read(2) to extract one byte + * defining this to zero will force the use of read(2) to extract one byte * from /dev/random. */ # ifndef DEVRANDM_WAIT_USE_SELECT diff --git a/engines/e_afalg.c b/engines/e_afalg.c index 7f62d77e5bc1..4b1722846133 100644 --- a/engines/e_afalg.c +++ b/engines/e_afalg.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -456,7 +456,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in, /* * vmsplice and splice are used to pin the user space input buffer for - * kernel space processing avoiding copys from user to kernel space + * kernel space processing avoiding copies from user to kernel space */ ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT); if (ret < 0) { diff --git a/engines/e_afalg.h b/engines/e_afalg.h index 2c03c448d684..3323c898c634 100644 --- a/engines/e_afalg.h +++ b/engines/e_afalg.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AFALG_H -# define HEADER_AFALG_H +#ifndef OSSL_ENGINES_E_AFALG_H +# define OSSL_ENGINES_E_AFALG_H # if defined(__GNUC__) && __GNUC__ >= 4 && \ (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) diff --git a/engines/e_afalg_err.h b/engines/e_afalg_err.h index 3eb1332bbfe4..3036443f4470 100644 --- a/engines/e_afalg_err.h +++ b/engines/e_afalg_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_AFALGERR_H -# define HEADER_AFALGERR_H +#ifndef OSSL_ENGINES_E_AFALG_ERR_H +# define OSSL_ENGINES_E_AFALG_ERR_H # define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/engines/e_capi_err.h b/engines/e_capi_err.h index e034c98cae84..e3a927aa7339 100644 --- a/engines/e_capi_err.h +++ b/engines/e_capi_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CAPIERR_H -# define HEADER_CAPIERR_H +#ifndef OSSL_ENGINES_E_CAPI_ERR_H +# define OSSL_ENGINES_E_CAPI_ERR_H # define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/engines/e_dasync_err.h b/engines/e_dasync_err.h index 7c2c0278790b..5b74d8be25f1 100644 --- a/engines/e_dasync_err.h +++ b/engines/e_dasync_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DASYNCERR_H -# define HEADER_DASYNCERR_H +#ifndef OSSL_ENGINES_E_DASYNC_ERR_H +# define OSSL_ENGINES_E_DASYNC_ERR_H # define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/engines/e_ossltest_err.h b/engines/e_ossltest_err.h index e745c1a236d4..8e6535b76c08 100644 --- a/engines/e_ossltest_err.h +++ b/engines/e_ossltest_err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_OSSLTESTERR_H -# define HEADER_OSSLTESTERR_H +#ifndef OSSL_ENGINES_E_OSSLTEST_ERR_H +# define OSSL_ENGINES_E_OSSLTEST_ERR_H # define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE) diff --git a/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/include/crypto/__DECC_INCLUDE_EPILOGUE.H similarity index 100% rename from crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H rename to include/crypto/__DECC_INCLUDE_EPILOGUE.H diff --git a/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/include/crypto/__DECC_INCLUDE_PROLOGUE.H similarity index 100% rename from crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H rename to include/crypto/__DECC_INCLUDE_PROLOGUE.H diff --git a/crypto/include/internal/aria.h b/include/crypto/aria.h similarity index 96% rename from crypto/include/internal/aria.h rename to include/crypto/aria.h index 355abe539805..03a62950ae41 100644 --- a/crypto/include/internal/aria.h +++ b/include/crypto/aria.h @@ -10,8 +10,8 @@ /* Copyright (c) 2017 National Security Research Institute. All rights reserved. */ -#ifndef HEADER_ARIA_H -# define HEADER_ARIA_H +#ifndef OSSL_CRYPTO_ARIA_H +# define OSSL_CRYPTO_ARIA_H # include diff --git a/crypto/include/internal/asn1_int.h b/include/crypto/asn1.h similarity index 100% rename from crypto/include/internal/asn1_int.h rename to include/crypto/asn1.h diff --git a/crypto/include/internal/async.h b/include/crypto/async.h similarity index 100% rename from crypto/include/internal/async.h rename to include/crypto/async.h diff --git a/crypto/include/internal/bn_int.h b/include/crypto/bn.h similarity index 98% rename from crypto/include/internal/bn_int.h rename to include/crypto/bn.h index 30be7efe14d8..60afda1dadee 100644 --- a/crypto/include/internal/bn_int.h +++ b/include/crypto/bn.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_INT_H -# define HEADER_BN_INT_H +#ifndef OSSL_CRYPTO_BN_H +# define OSSL_CRYPTO_BN_H # include # include diff --git a/crypto/include/internal/bn_conf.h.in b/include/crypto/bn_conf.h.in similarity index 93% rename from crypto/include/internal/bn_conf.h.in rename to include/crypto/bn_conf.h.in index ec6e4f6c1b5e..b6b9eb743fd3 100644 --- a/crypto/include/internal/bn_conf.h.in +++ b/include/crypto/bn_conf.h.in @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_BN_CONF_H -# define HEADER_BN_CONF_H +#ifndef OSSL_CRYPTO_BN_CONF_H +# define OSSL_CRYPTO_BN_CONF_H /* * The contents of this file are not used in the UEFI build, as diff --git a/crypto/include/internal/bn_dh.h b/include/crypto/bn_dh.h similarity index 100% rename from crypto/include/internal/bn_dh.h rename to include/crypto/bn_dh.h diff --git a/crypto/include/internal/bn_srp.h b/include/crypto/bn_srp.h similarity index 100% rename from crypto/include/internal/bn_srp.h rename to include/crypto/bn_srp.h diff --git a/crypto/include/internal/chacha.h b/include/crypto/chacha.h similarity index 96% rename from crypto/include/internal/chacha.h rename to include/crypto/chacha.h index 67243f222801..4029400a670c 100644 --- a/crypto/include/internal/chacha.h +++ b/include/crypto/chacha.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CHACHA_H -#define HEADER_CHACHA_H +#ifndef OSSL_CRYPTO_CHACHA_H +#define OSSL_CRYPTO_CHACHA_H #include diff --git a/crypto/include/internal/cryptlib_int.h b/include/crypto/cryptlib.h similarity index 100% rename from crypto/include/internal/cryptlib_int.h rename to include/crypto/cryptlib.h diff --git a/crypto/include/internal/ctype.h b/include/crypto/ctype.h similarity index 98% rename from crypto/include/internal/ctype.h rename to include/crypto/ctype.h index 9f3a58339c4f..81ef8f5cf7e1 100644 --- a/crypto/include/internal/ctype.h +++ b/include/crypto/ctype.h @@ -18,8 +18,8 @@ * throughout the rest of the source code. Refer to issue #4154 for * details. */ -#ifndef INTERNAL_CTYPE_H -# define INTERNAL_CTYPE_H +#ifndef OSSL_CRYPTO_CTYPE_H +# define OSSL_CRYPTO_CTYPE_H # define CTYPE_MASK_lower 0x1 # define CTYPE_MASK_upper 0x2 diff --git a/crypto/include/internal/dso_conf.h.in b/include/crypto/dso_conf.h.in similarity index 90% rename from crypto/include/internal/dso_conf.h.in rename to include/crypto/dso_conf.h.in index 2a76818b50d9..57a09b10a259 100644 --- a/crypto/include/internal/dso_conf.h.in +++ b/include/crypto/dso_conf.h.in @@ -8,15 +8,15 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSO_CONF_H -# define HEADER_DSO_CONF_H +#ifndef OSSL_CRYPTO_DSO_CONF_H +# define OSSL_CRYPTO_DSO_CONF_H {- # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform # has support compiled in for them. Currently each method is enabled # by a define "DSO_" ... we translate the "dso_scheme" config # string entry into using the following logic; - my $scheme = uc $target{dso_scheme}; + my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme}; if (!$scheme) { $scheme = "NONE"; } diff --git a/crypto/include/internal/ec_int.h b/include/crypto/ec.h similarity index 96% rename from crypto/include/internal/ec_int.h rename to include/crypto/ec.h index 182c39cc8056..fe52ae704bb9 100644 --- a/crypto/include/internal/ec_int.h +++ b/include/crypto/ec.h @@ -9,8 +9,8 @@ /* Internal EC functions for other submodules: not for application use */ -#ifndef HEADER_OSSL_EC_INTERNAL_H -# define HEADER_OSSL_EC_INTERNAL_H +#ifndef OSSL_CRYPTO_EC_H +# define OSSL_CRYPTO_EC_H # include # ifndef OPENSSL_NO_EC diff --git a/crypto/include/internal/engine.h b/include/crypto/engine.h similarity index 100% rename from crypto/include/internal/engine.h rename to include/crypto/engine.h diff --git a/crypto/include/internal/err_int.h b/include/crypto/err.h similarity index 90% rename from crypto/include/internal/err_int.h rename to include/crypto/err.h index 44ac94462750..8ab0e5baaa2c 100644 --- a/crypto/include/internal/err_int.h +++ b/include/crypto/err.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_ERR_INT_H -# define INTERNAL_ERR_INT_H +#ifndef OSSL_CRYPTO_ERR_H +# define OSSL_CRYPTO_ERR_H int err_load_crypto_strings_int(void); void err_cleanup(void); diff --git a/crypto/include/internal/evp_int.h b/include/crypto/evp.h similarity index 100% rename from crypto/include/internal/evp_int.h rename to include/crypto/evp.h diff --git a/crypto/include/internal/lhash.h b/include/crypto/lhash.h similarity index 87% rename from crypto/include/internal/lhash.h rename to include/crypto/lhash.h index 200ba8685da2..ab060cce74b4 100644 --- a/crypto/include/internal/lhash.h +++ b/include/crypto/lhash.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_LHASH_H -# define INTERNAL_LHASH_H +#ifndef OSSL_CRYPTO_LHASH_H +# define OSSL_CRYPTO_LHASH_H unsigned long openssl_lh_strcasehash(const char *); diff --git a/crypto/include/internal/md32_common.h b/include/crypto/md32_common.h similarity index 100% rename from crypto/include/internal/md32_common.h rename to include/crypto/md32_common.h diff --git a/crypto/include/internal/objects.h b/include/crypto/objects.h similarity index 100% rename from crypto/include/internal/objects.h rename to include/crypto/objects.h diff --git a/crypto/include/internal/poly1305.h b/include/crypto/poly1305.h similarity index 100% rename from crypto/include/internal/poly1305.h rename to include/crypto/poly1305.h diff --git a/crypto/include/internal/rand_int.h b/include/crypto/rand.h similarity index 98% rename from crypto/include/internal/rand_int.h rename to include/crypto/rand.h index 10347ab0e374..5350d3a93119 100644 --- a/crypto/include/internal/rand_int.h +++ b/include/crypto/rand.h @@ -15,8 +15,8 @@ * or in the file LICENSE in the source distribution. */ -#ifndef HEADER_RAND_INT_H -# define HEADER_RAND_INT_H +#ifndef OSSL_CRYPTO_RAND_H +# define OSSL_CRYPTO_RAND_H # include diff --git a/crypto/include/internal/sha.h b/include/crypto/sha.h similarity index 89% rename from crypto/include/internal/sha.h rename to include/crypto/sha.h index 458a75e89d4a..6d15edb9e57e 100644 --- a/crypto/include/internal/sha.h +++ b/include/crypto/sha.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_SHA_H -# define HEADER_INTERNAL_SHA_H +#ifndef OSSL_CRYPTO_SHA_H +# define OSSL_CRYPTO_SHA_H # include diff --git a/crypto/include/internal/siphash.h b/include/crypto/siphash.h similarity index 100% rename from crypto/include/internal/siphash.h rename to include/crypto/siphash.h diff --git a/crypto/include/internal/sm2.h b/include/crypto/sm2.h similarity index 97% rename from crypto/include/internal/sm2.h rename to include/crypto/sm2.h index 5c5cd4b4f567..76ee80baff19 100644 --- a/crypto/include/internal/sm2.h +++ b/include/crypto/sm2.h @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM2_H -# define HEADER_SM2_H +#ifndef OSSL_CRYPTO_SM2_H +# define OSSL_CRYPTO_SM2_H # include # ifndef OPENSSL_NO_SM2 diff --git a/crypto/include/internal/sm2err.h b/include/crypto/sm2err.h similarity index 97% rename from crypto/include/internal/sm2err.h rename to include/crypto/sm2err.h index 09edfab787f4..d1c0ee25918c 100644 --- a/crypto/include/internal/sm2err.h +++ b/include/crypto/sm2err.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM2ERR_H -# define HEADER_SM2ERR_H +#ifndef OSSL_CRYPTO_SM2ERR_H +# define OSSL_CRYPTO_SM2ERR_H # ifndef HEADER_SYMHACKS_H # include diff --git a/crypto/include/internal/sm3.h b/include/crypto/sm3.h similarity index 94% rename from crypto/include/internal/sm3.h rename to include/crypto/sm3.h index 27eb471c2831..97e746033331 100644 --- a/crypto/include/internal/sm3.h +++ b/include/crypto/sm3.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM3_H -# define HEADER_SM3_H +#ifndef OSSL_CRYPTO_SM3_H +# define OSSL_CRYPTO_SM3_H # include diff --git a/crypto/include/internal/sm4.h b/include/crypto/sm4.h similarity index 94% rename from crypto/include/internal/sm4.h rename to include/crypto/sm4.h index f1f157ef5351..abe28f385e0a 100644 --- a/crypto/include/internal/sm4.h +++ b/include/crypto/sm4.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SM4_H -# define HEADER_SM4_H +#ifndef OSSL_CRYPTO_SM4_H +# define OSSL_CRYPTO_SM4_H # include # include diff --git a/crypto/include/internal/store_int.h b/include/crypto/store.h similarity index 82% rename from crypto/include/internal/store_int.h rename to include/crypto/store.h index 6f31e019ea21..428d3c60e13e 100644 --- a/crypto/include/internal/store_int.h +++ b/include/crypto/store.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_STORE_INT_H -# define HEADER_STORE_INT_H +#ifndef OSSL_CRYPTO_STORE_H +# define OSSL_CRYPTO_STORE_H # include # include @@ -23,4 +23,6 @@ OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, void *ui_data); int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx); +void ossl_store_cleanup_int(void); + #endif diff --git a/crypto/include/internal/x509_int.h b/include/crypto/x509.h similarity index 100% rename from crypto/include/internal/x509_int.h rename to include/crypto/x509.h diff --git a/include/internal/conf.h b/include/internal/conf.h index 29bc9f963c91..163fea8de418 100644 --- a/include/internal/conf.h +++ b/include/internal/conf.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_CONF_H -# define HEADER_INTERNAL_CONF_H +#ifndef OSSL_INTERNAL_CONF_H +# define OSSL_INTERNAL_CONF_H #include diff --git a/include/internal/constant_time_locl.h b/include/internal/constant_time.h similarity index 98% rename from include/internal/constant_time_locl.h rename to include/internal/constant_time.h index 0193a653d4bb..6600a1d72aeb 100644 --- a/include/internal/constant_time_locl.h +++ b/include/internal/constant_time.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CONSTANT_TIME_LOCL_H -# define HEADER_CONSTANT_TIME_LOCL_H +#ifndef OSSL_INTERNAL_CONSTANT_TIME_H +# define OSSL_INTERNAL_CONSTANT_TIME_H # include # include @@ -384,4 +384,4 @@ static ossl_inline void constant_time_lookup(void *out, */ void err_clear_last_constant_time(int clear); -#endif /* HEADER_CONSTANT_TIME_LOCL_H */ +#endif /* OSSL_INTERNAL_CONSTANT_TIME_H */ diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 23e17e5586e8..6e7291ae41bc 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_CRYPTLIB_H -# define HEADER_CRYPTLIB_H +#ifndef OSSL_INTERNAL_CRYPTLIB_H +# define OSSL_INTERNAL_CRYPTLIB_H # include # include diff --git a/include/internal/dane.h b/include/internal/dane.h index a1cb5488ba00..7a39bd7d7d46 100644 --- a/include/internal/dane.h +++ b/include/internal/dane.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_DANE_H -#define HEADER_INTERNAL_DANE_H +#ifndef OSSL_INTERNAL_DANE_H +#define OSSL_INTERNAL_DANE_H #include @@ -100,4 +100,4 @@ struct ssl_dane_st { #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) -#endif /* HEADER_INTERNAL_DANE_H */ +#endif /* OSSL_INTERNAL_DANE_H */ diff --git a/include/internal/dso.h b/include/internal/dso.h index eb5f7d53c7d6..c57c0c407592 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSO_H -# define HEADER_DSO_H +#ifndef OSSL_INTERNAL_DSO_H +# define OSSL_INTERNAL_DSO_H # include # include "internal/dsoerr.h" diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index 5f4511c4d6f8..94d642a22d8c 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -8,8 +8,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_DSOERR_H -# define HEADER_DSOERR_H +#ifndef OSSL_INTERNAL_DSOERR_H +# define OSSL_INTERNAL_DSOERR_H # ifndef HEADER_SYMHACKS_H # include diff --git a/include/internal/err.h b/include/internal/err.h index d46b8bdb2925..88dde7059157 100644 --- a/include/internal/err.h +++ b/include/internal/err.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef INTERNAL_ERR_H -# define INTERNAL_ERR_H +#ifndef OSSL_INTERNAL_ERR_H +# define OSSL_INTERNAL_ERR_H void err_free_strings_int(void); diff --git a/include/internal/nelem.h b/include/internal/nelem.h index d65a21a9fbef..699ef88ee523 100644 --- a/include/internal/nelem.h +++ b/include/internal/nelem.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_NELEM_H -# define HEADER_NELEM_H +#ifndef OSSL_INTERNAL_NELEM_H +# define OSSL_INTERNAL_NELEM_H # define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) #endif diff --git a/include/internal/numbers.h b/include/internal/numbers.h index 31931df3c2ff..f5ade5226e5b 100644 --- a/include/internal/numbers.h +++ b/include/internal/numbers.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_NUMBERS_H -# define HEADER_NUMBERS_H +#ifndef OSSL_INTERNAL_NUMBERS_H +# define OSSL_INTERNAL_NUMBERS_H # include diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h index e7b55e0c18b3..dafc8dd2e74b 100644 --- a/include/internal/o_dir.h +++ b/include/internal/o_dir.h @@ -36,8 +36,8 @@ * SUCH DAMAGE. */ -#ifndef O_DIR_H -# define O_DIR_H +#ifndef OSSL_INTERNAL_O_DIR_H +# define OSSL_INTERNAL_O_DIR_H typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; diff --git a/include/internal/o_str.h b/include/internal/o_str.h index 86403c9ee282..15c12e820d2b 100644 --- a/include/internal/o_str.h +++ b/include/internal/o_str.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_O_STR_H -# define HEADER_O_STR_H +#ifndef OSSL_INTERNAL_O_STR_H +# define OSSL_INTERNAL_O_STR_H # include /* to get size_t */ diff --git a/include/internal/refcount.h b/include/internal/refcount.h index 6e1a840ef1ea..8fb536eadc07 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -6,8 +6,8 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#ifndef HEADER_INTERNAL_REFCOUNT_H -# define HEADER_INTERNAL_REFCOUNT_H +#ifndef OSSL_INTERNAL_REFCOUNT_H +# define OSSL_INTERNAL_REFCOUNT_H /* Used to checking reference counts, most while doing perl5 stuff :-) */ # if defined(OPENSSL_NO_STDIO) diff --git a/include/internal/sockets.h b/include/internal/sockets.h index 5bb0355f07ed..39186efef207 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -8,8 +8,8 @@ */ -#ifndef HEADER_INTERNAL_SOCKETS -# define HEADER_INTERNAL_SOCKETS +#ifndef OSSL_INTERNAL_SOCKETS_H +# define OSSL_INTERNAL_SOCKETS_H # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) # define NO_SYS_PARAM_H diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h index d538f8614f58..92c8941d0250 100644 --- a/include/internal/sslconf.h +++ b/include/internal/sslconf.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SSLCONF_H -# define HEADER_SSLCONF_H +#ifndef OSSL_INTERNAL_SSLCONF_H +# define OSSL_INTERNAL_SSLCONF_H typedef struct ssl_conf_cmd_st SSL_CONF_CMD; diff --git a/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/include/openssl/__DECC_INCLUDE_EPILOGUE.H index c350018ad190..ad0a5f56dc9d 100644 --- a/include/openssl/__DECC_INCLUDE_EPILOGUE.H +++ b/include/openssl/__DECC_INCLUDE_EPILOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,9 +8,15 @@ */ /* - * This file is only used by HP C on VMS, and is included automatically + * This file is only used by HP C/C++ on VMS, and is included automatically * after each header file from this directory */ +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus /* restore state. Must correspond to the save in __decc_include_prologue.h */ -#pragma names restore +# pragma names restore +#endif diff --git a/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/include/openssl/__DECC_INCLUDE_PROLOGUE.H index 9a9c777f93f8..5f5513e821ac 100644 --- a/include/openssl/__DECC_INCLUDE_PROLOGUE.H +++ b/include/openssl/__DECC_INCLUDE_PROLOGUE.H @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,13 +8,19 @@ */ /* - * This file is only used by HP C on VMS, and is included automatically + * This file is only used by HP C/C++ on VMS, and is included automatically * after each header file from this directory */ +/* + * The C++ compiler doesn't understand these pragmas, even though it + * understands the corresponding command line qualifier. + */ +#ifndef __cplusplus /* save state */ -#pragma names save +# pragma names save /* have the compiler shorten symbols larger than 31 chars to 23 chars * followed by a 8 hex char CRC */ -#pragma names as_is,shortened +# pragma names as_is,shortened +#endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h index e1fddfb7969d..ae559a510507 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,6 +169,7 @@ extern "C" { */ # define BIO_FLAGS_MEM_RDONLY 0x200 # define BIO_FLAGS_NONCLEAR_RST 0x400 +# define BIO_FLAGS_IN_EOF 0x800 typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; diff --git a/include/openssl/ct.h b/include/openssl/ct.h index d4262fa04804..ebdba34d6777 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); /* * Loads the default CT log list into a |store|. - * See internal/cryptlib.h for the environment variable and file path that are - * consulted to find the default file. * Returns 1 if loading is successful, or 0 otherwise. */ __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 822eff347a29..6d8a18a4ad5a 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -162,6 +162,12 @@ DH *DSA_dup_DH(const DSA *r); # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL) +# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)) # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index a312e386cf9a..d55ca9c332dd 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -43,7 +43,7 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 -/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +/* Timeout multipliers */ # define DTLS1_TMO_READ_COUNT 2 # define DTLS1_TMO_WRITE_COUNT 2 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 545654a98b1c..a411f3f2f949 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -180,7 +180,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * if the following flag is set. */ # define EVP_MD_CTX_FLAG_FINALISE 0x0200 -/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */ +/* NOTE: 0x0400 is reserved for internal usage */ EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); @@ -1512,6 +1512,20 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, + int (*digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, + int (*digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check) (EVP_PKEY *pkey)); @@ -1617,6 +1631,20 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth, + int (**digestsign) (EVP_MD_CTX *ctx, + unsigned char *sig, + size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth, + int (**digestverify) (EVP_MD_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, int (**pcheck) (EVP_PKEY *pkey)); diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 6a651f556354..d2b26ea582de 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -160,6 +160,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_IV_LENGTH 194 # define EVP_R_INVALID_KEY 163 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 47b99d17fb8a..2e42d727d4d6 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,9 +120,8 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); # define DEFINE_LHASH_OF(type) \ LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ - static ossl_inline LHASH_OF(type) * \ - lh_##type##_new(unsigned long (*hfn)(const type *), \ - int (*cfn)(const type *, const type *)) \ + static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \ + int (*cfn)(const type *, const type *)) \ { \ return (LHASH_OF(type) *) \ OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 47dafe48d056..483fc0509e19 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at @@ -1290,12 +1290,12 @@ #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L #define SN_ms_smartcard_login "msSmartcardLogin" -#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define LN_ms_smartcard_login "Microsoft Smartcard Login" #define NID_ms_smartcard_login 648 #define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L #define SN_ms_upn "msUPN" -#define LN_ms_upn "Microsoft Universal Principal Name" +#define LN_ms_upn "Microsoft User Principal Name" #define NID_ms_upn 649 #define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 8582fe1ee1a4..4d759a49de43 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -123,7 +123,7 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \ bp,(char **)(x),cb,NULL) -# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ +# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\ (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \ bp,(char **)(x),cb,NULL) diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index c28e632c4425..dd8ef3df722f 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010104fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1d 10 Sep 2019" +# define OPENSSL_VERSION_NUMBER 0x1010105fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1e 17 Mar 2020" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 7993ca28f3da..e0edfaaf4760 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -109,6 +109,7 @@ typedef struct dsa_method DSA_METHOD; typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 70d1a17a4c6b..79d57905e3cb 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ int ERR_load_RAND_strings(void); /* * RAND function codes. */ +# define RAND_F_DATA_COLLECT_METHOD 127 # define RAND_F_DRBG_BYTES 101 # define RAND_F_DRBG_GET_ENTROPY 105 # define RAND_F_DRBG_SETUP 117 @@ -46,6 +47,7 @@ int ERR_load_RAND_strings(void); # define RAND_F_RAND_POOL_BYTES_NEEDED 115 # define RAND_F_RAND_POOL_GROW 125 # define RAND_F_RAND_POOL_NEW 116 +# define RAND_F_RAND_PSEUDO_BYTES 126 # define RAND_F_RAND_WRITE_FILE 112 /* diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index cdce1264eb5c..5e76365c0dfe 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -224,6 +224,7 @@ const BIGNUM *RSA_get0_q(const RSA *d); const BIGNUM *RSA_get0_dmp1(const RSA *r); const BIGNUM *RSA_get0_dmq1(const RSA *r); const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); void RSA_clear_flags(RSA *r, int flags); int RSA_test_flags(const RSA *r, int flags); void RSA_set_flags(RSA *r, int flags); @@ -279,14 +280,14 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) -typedef struct rsa_pss_params_st { +struct rsa_pss_params_st { X509_ALGOR *hashAlgorithm; X509_ALGOR *maskGenAlgorithm; ASN1_INTEGER *saltLength; ASN1_INTEGER *trailerField; /* Decoded hash algorithm from maskGenAlgorithm */ X509_ALGOR *maskHash; -} RSA_PSS_PARAMS; +}; DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 3d6850dea36e..0ef684f3c131 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -88,6 +88,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 # define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE 601 # define SSL_F_OSSL_STATEM_SERVER_POST_WORK 602 +# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK 640 # define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE 603 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 # define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 @@ -733,6 +734,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 +# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 # define SSL_R_UNEXPECTED_MESSAGE 244 # define SSL_R_UNEXPECTED_RECORD 245 # define SSL_R_UNINITIALIZED 276 diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index d1876d8b8c1f..ab9e6668cd57 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -14,7 +14,7 @@ #include #include "internal/bio.h" #include -#include "ssl_locl.h" +#include "ssl_local.h" static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written); static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index fcda32754735..2a15ee8ad965 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -11,7 +11,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" static void get_current_time(struct timeval *t); static int dtls1_handshake_write(SSL *s); diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index 6365b365e7f6..8a31064ae13f 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len, size_t *written) diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index ff8f0c5712df..c05a77e34668 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -15,7 +15,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SRTP diff --git a/ssl/methods.c b/ssl/methods.c index 348efe467dbb..c5e8898364cd 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -9,7 +9,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" /*- * TLS/SSLv3 methods diff --git a/ssl/packet.c b/ssl/packet.c index 95031430ed66..1ddde969f3b2 100644 --- a/ssl/packet.c +++ b/ssl/packet.c @@ -8,7 +8,7 @@ */ #include "internal/cryptlib.h" -#include "packet_locl.h" +#include "packet_local.h" #include #define DEFAULT_BUF_SIZE 256 diff --git a/ssl/packet_locl.h b/ssl/packet_local.h similarity index 99% rename from ssl/packet_locl.h rename to ssl/packet_local.h index 860360b8b231..1b6c2fb9bc3f 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_local.h @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_PACKET_LOCL_H -# define HEADER_PACKET_LOCL_H +#ifndef OSSL_SSL_PACKET_LOCAL_H +# define OSSL_SSL_PACKET_LOCAL_H # include # include @@ -871,4 +871,4 @@ unsigned char *WPACKET_get_curr(WPACKET *pkt); /* Release resources in a WPACKET if a failure has occurred. */ void WPACKET_cleanup(WPACKET *pkt); -#endif /* HEADER_PACKET_LOCL_H */ +#endif /* OSSL_SSL_PACKET_LOCAL_H */ diff --git a/ssl/pqueue.c b/ssl/pqueue.c index 548a7a443d91..758440217d45 100644 --- a/ssl/pqueue.c +++ b/ssl/pqueue.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #include struct pqueue_st { diff --git a/ssl/record/README b/ssl/record/README index 987e9fd305d9..630fe8027af1 100644 --- a/ssl/record/README +++ b/ssl/record/README @@ -12,7 +12,7 @@ of these components is defined by: 3) A set of accessor macros All struct definitions are in record.h. The functions and macros are either -defined in record.h or record_locl.h dependent on whether they are intended to +defined in record.h or record_local.h dependent on whether they are intended to be private to the record layer, or whether they form part of the API to the rest of libssl. @@ -55,7 +55,7 @@ Conceptually it looks like this: || rec_layer_d1.c || ||____________________|| |______________________| - record_locl.h ^ ^ ^ + record_local.h ^ ^ ^ _________________| | |_________________ | | | _____V_________ ______V________ _______V________ diff --git a/ssl/record/dtls1_bitmap.c b/ssl/record/dtls1_bitmap.c index 5923c53717c9..8167b4183404 100644 --- a/ssl/record/dtls1_bitmap.c +++ b/ssl/record/dtls1_bitmap.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" /* mod 128 saturating subtract of two 64-bit values in big-endian order */ static int satsub64be(const unsigned char *v1, const unsigned char *v2) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index cb5d54ef5a8f..73ca8a6ee4b9 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -9,11 +9,11 @@ #include #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include #include -#include "record_locl.h" -#include "../packet_locl.h" +#include "record_local.h" +#include "../packet_local.h" #include "internal/cryptlib.h" int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 982a06089c11..1c885a664f35 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,15 +10,15 @@ #include #include #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include #include #include -#include "record_locl.h" -#include "../packet_locl.h" +#include "record_local.h" +#include "../packet_local.h" #if defined(OPENSSL_SMALL_FOOTPRINT) || \ - !( defined(AES_ASM) && ( \ + !( defined(AESNI_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) ) \ ) @@ -296,6 +296,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, ret = BIO_read(s->rbio, pkt + len + left, max - left); if (ret >= 0) bioread = ret; + if (ret <= 0 + && !BIO_should_retry(s->rbio) + && BIO_eof(s->rbio)) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, + SSL_R_UNEXPECTED_EOF_WHILE_READING); + } } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET); diff --git a/ssl/record/record_locl.h b/ssl/record/record_local.h similarity index 100% rename from ssl/record/record_locl.h rename to ssl/record/record_local.h diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 53bd4cb190d0..605f8f9b75be 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n) { diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index e59ac5a67676..ab5d22aa10cb 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,10 +7,10 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "internal/constant_time_locl.h" +#include "../ssl_local.h" +#include "internal/constant_time.h" #include -#include "record_locl.h" +#include "record_local.h" #include "internal/cryptlib.h" static const unsigned char ssl3_pad_1[48] = { @@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_reset_read_sequence(&s->rlayer); return 1; } - SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD, + SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); return -1; } @@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr) * SSLfatal() for internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding is invalid or, if sending, an internal error @@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending) * internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record's padding is valid / the encryption was successful. * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, @@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) } else if ((bs != 1) && sending) { padnum = bs - (reclen[ctr] % bs); - /* Add weird padding of upto 256 bytes */ + /* Add weird padding of up to 256 bytes */ if (padnum > MAX_PADDING) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC, @@ -1610,6 +1610,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) int imac_size; size_t mac_size; unsigned char md[EVP_MAX_MD_SIZE]; + size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH; rr = RECORD_LAYER_get_rrec(&s->rlayer); sess = s->session; @@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0); /*- * enc_err is: - * 0: (in non-constant time) if the record is publically invalid. + * 0: (in non-constant time) if the record is publicly invalid. * 1: if the padding is valid * -1: if the padding is invalid */ @@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) } } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + /* use current Max Fragment Length setting if applicable */ + if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) + max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session); + + /* send overflow if the plaintext is too long now it has passed MAC */ + if (rr->length > max_plain_length) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG); return 0; @@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s) /* If received packet overflows own-client Max Fragment Length setting */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { + && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) { /* record too long, silently discard it */ rr->length = 0; rr->read = 1; diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c index a11ed483e668..ab50e3762499 100644 --- a/ssl/record/ssl3_record_tls13.c +++ b/ssl/record/ssl3_record_tls13.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "../ssl_locl.h" -#include "record_locl.h" +#include "../ssl_local.h" +#include "record_local.h" #include "internal/cryptlib.h" /*- @@ -16,7 +16,7 @@ * internal errors, but not otherwise. * * Returns: - * 0: (in non-constant time) if the record is publically invalid (i.e. too + * 0: (in non-constant time) if the record is publicly invalid (i.e. too * short etc). * 1: if the record encryption was successful. * -1: if the record's AEAD-authenticator is invalid or, if sending, diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 8377d7fe13dc..aa7d63f84a9f 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#include "internal/constant_time_locl.h" -#include "ssl_locl.h" +#include "internal/constant_time.h" +#include "ssl_local.h" #include "internal/cryptlib.h" #include diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 2e185e9fba9a..8a89f512fe60 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include "internal/cryptlib.h" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 066bf47221e2..a987604bcd0e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -12,7 +12,7 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -4639,7 +4639,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, OPENSSL_clear_free(s->s3->tmp.psk, psklen); s->s3->tmp.psk = NULL; if (!s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,pskpms, pskpmslen, + s->session->master_key, pskpms, pskpmslen, &s->session->master_key_length)) { OPENSSL_clear_free(pskpms, pskpmslen); /* SSLfatal() already called */ diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 42382547fb2a..339fb2774a63 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" int ssl3_do_change_cipher_spec(SSL *s) { diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b56c5e96c530..799fee771ba5 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -10,7 +10,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9df9fb96778d..5d3e83f32897 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -20,7 +20,7 @@ #include #include #include "internal/refcount.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include "ssl_cert_table.h" #include "internal/thread_once.h" @@ -601,14 +601,6 @@ static unsigned long xname_hash(const X509_NAME *a) return X509_NAME_hash((X509_NAME *)a); } -/** - * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; - * it doesn't really have anything to do with clients (except that a common use - * for a stack of CAs is to send it to the client). Actually, it doesn't have - * much to do with CAs, either, since it will load any old cert. - * \param file the file containing one or more certs. - * \return a ::STACK containing the certs. - */ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) { BIO *in = BIO_new(BIO_s_file()); @@ -666,15 +658,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) return ret; } -/** - * Add a file of certs to a stack. - * \param stack the stack to add to. - * \param file the file to add from. All certs in this file that are not - * already in the stack will be added. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file) { @@ -725,17 +708,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, return ret; } -/** - * Add a directory of certs to a stack. - * \param stack the stack to append to. - * \param dir the directory to append from. All files in this directory will be - * examined as potential certs. Any that are acceptable to - * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be - * included. - * \return 1 for success, 0 for failure. Note that in the case of failure some - * certs may have been added to \c stack. - */ - int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 27a1b2ec68b3..735a483c6448 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -17,7 +17,7 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/thread_once.h" #include "internal/cryptlib.h" @@ -92,7 +92,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT; /* * Constant SSL_MAX_DIGEST equal to size of digests array should be defined - * in the ssl_locl.h + * in the ssl_local.h */ #define SSL_MD_NUM_IDX SSL_MAX_DIGEST diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9c202708d7d9..8ef29bb34535 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -8,7 +8,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 4b12ed1485d9..a0c7b79659d4 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1205,6 +1205,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "unexpected ccs message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), "unexpected end of early data"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), + "unexpected eof while reading"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index f0969fa9b1af..d083d9597091 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -12,7 +12,7 @@ #include "internal/err.h" #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/thread_once.h" static int stopped; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ac820cf9fe16..7c7e59789ccd 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -10,7 +10,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -2623,31 +2623,85 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size) return buf; } -/** return a servername extension value if provided in Client Hello, or NULL. - * So far, only host_name types are defined (RFC 3546). +/** + * Return the requested servername (SNI) value. Note that the behaviour varies + * depending on: + * - whether this is called by the client or the server, + * - if we are before or during/after the handshake, + * - if a resumption or normal handshake is being attempted/has occurred + * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3 + * + * Note that only the host_name type is defined (RFC 3546). */ - const char *SSL_get_servername(const SSL *s, const int type) { + /* + * If we don't know if we are the client or the server yet then we assume + * client. + */ + int server = s->handshake_func == NULL ? 0 : s->server; if (type != TLSEXT_NAMETYPE_host_name) return NULL; - /* - * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an - * SNI value to return if we are resuming/resumed. N.B. that we still - * call the relevant callbacks for such resumption flows, and callbacks - * might error out if there is not a SNI value available. - */ - if (s->hit) - return s->session->ext.hostname; + if (server) { + /** + * Server side + * In TLSv1.3 on the server SNI is not associated with the session + * but in TLSv1.2 or below it is. + * + * Before the handshake: + * - return NULL + * + * During/after the handshake (TLSv1.2 or below resumption occurred): + * - If a servername was accepted by the server in the original + * handshake then it will return that servername, or NULL otherwise. + * + * During/after the handshake (TLSv1.2 or below resumption did not occur): + * - The function will return the servername requested by the client in + * this handshake or NULL if none was requested. + */ + if (s->hit && !SSL_IS_TLS13(s)) + return s->session->ext.hostname; + } else { + /** + * Client side + * + * Before the handshake: + * - If a servername has been set via a call to + * SSL_set_tlsext_host_name() then it will return that servername + * - If one has not been set, but a TLSv1.2 resumption is being + * attempted and the session from the original handshake had a + * servername accepted by the server then it will return that + * servername + * - Otherwise it returns NULL + * + * During/after the handshake (TLSv1.2 or below resumption occurred): + * - If the session from the orignal handshake had a servername accepted + * by the server then it will return that servername. + * - Otherwise it returns the servername set via + * SSL_set_tlsext_host_name() (or NULL if it was not called). + * + * During/after the handshake (TLSv1.2 or below resumption did not occur): + * - It will return the servername set via SSL_set_tlsext_host_name() + * (or NULL if it was not called). + */ + if (SSL_in_before(s)) { + if (s->ext.hostname == NULL + && s->session != NULL + && s->session->ssl_version != TLS1_3_VERSION) + return s->session->ext.hostname; + } else { + if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL) + return s->session->ext.hostname; + } + } + return s->ext.hostname; } int SSL_get_servername_type(const SSL *s) { - if (s->session - && (!s->ext.hostname ? s->session-> - ext.hostname : s->ext.hostname)) + if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL) return TLSEXT_NAMETYPE_host_name; return -1; } diff --git a/ssl/ssl_locl.h b/ssl/ssl_local.h similarity index 99% rename from ssl/ssl_locl.h rename to ssl/ssl_local.h index 25875c9f6d46..8ddbde772965 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_local.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -9,8 +9,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef HEADER_SSL_LOCL_H -# define HEADER_SSL_LOCL_H +#ifndef OSSL_SSL_LOCAL_H +# define OSSL_SSL_LOCAL_H # include "e_os.h" /* struct timeval for DTLS */ # include @@ -30,7 +30,7 @@ # include # include "record/record.h" # include "statem/statem.h" -# include "packet_locl.h" +# include "packet_local.h" # include "internal/dane.h" # include "internal/refcount.h" # include "internal/tsan_assist.h" @@ -2581,7 +2581,7 @@ __owur int tls_check_sigalg_curve(const SSL *s, int curve); # endif __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey); __owur int ssl_set_client_disabled(SSL *s); -__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde); +__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde); __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, size_t *hashlen); diff --git a/ssl/ssl_mcnf.c b/ssl/ssl_mcnf.c index a0e265771449..583df4166908 100644 --- a/ssl/ssl_mcnf.c +++ b/ssl/ssl_mcnf.c @@ -10,7 +10,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/sslconf.h" /* SSL library configuration module. */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 172e15f92087..b9693527b3d2 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -8,8 +8,8 @@ */ #include -#include "ssl_locl.h" -#include "packet_locl.h" +#include "ssl_local.h" +#include "packet_local.h" #include #include #include diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 52cfa7ef6d7f..40c157bb42f8 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -13,8 +13,8 @@ #include #include "internal/refcount.h" #include "internal/cryptlib.h" -#include "ssl_locl.h" -#include "statem/statem_locl.h" +#include "ssl_local.h" +#include "statem/statem_local.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s); diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 179513b1a3d0..ca51c0331c22 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" const char *SSL_state_string_long(const SSL *s) { diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index cf6e4c3c0579..457bc8b3c20a 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -10,7 +10,7 @@ #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c index cea1bc2707a8..487f56e53935 100644 --- a/ssl/ssl_utst.c +++ b/ssl/ssl_utst.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_UNIT_TEST diff --git a/ssl/statem/README b/ssl/statem/README index 145c69db8d54..86cc06637291 100644 --- a/ssl/statem/README +++ b/ssl/statem/README @@ -40,7 +40,7 @@ Conceptually the state machine component is designed as follows: | | | Core state machine code | |____________________________| - statem_locl.h ^ ^ + statem_local.h ^ ^ _________| |_______ | | _____________|____________ _____________|____________ diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 24410991b299..4ef8b417b820 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,8 +10,8 @@ #include #include "internal/nelem.h" #include "internal/cryptlib.h" -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" static int final_renegotiate(SSL *s, unsigned int context, int sent); @@ -94,7 +94,7 @@ typedef struct extensions_definition_st { /* * Definitions of all built-in extensions. NOTE: Changes in the number or order * of these extensions should be mirrored with equivalent changes to the - * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h. + * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h. * Each extension has an initialiser, a client and * server side parser and a finaliser. The initialiser is called (if the * extension is relevant to the given context) even if we did not see the @@ -949,8 +949,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) * was successful. */ if (s->server) { - /* TODO(OpenSSL1.2) revisit !sent case */ - if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) { + if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) { /* Only store the hostname in the session if we accepted it. */ OPENSSL_free(s->session->ext.hostname); s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); @@ -1011,6 +1010,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent) /* TLSv1.3 doesn't have warning alerts so we suppress this */ if (!SSL_IS_TLS13(s)) ssl3_send_alert(s, SSL3_AL_WARNING, altmp); + s->servername_done = 0; return 1; case SSL_TLSEXT_ERR_NOACK: @@ -1449,7 +1449,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE]; unsigned char *early_secret; #ifdef CHARSET_EBCDIC - static const unsigned char resumption_label[] = { 0x72, 0x65, 0x64, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; + static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; static const unsigned char external_label[] = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 }; #else static const unsigned char resumption_label[] = "res binder"; diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index f0ae642fa098..bcce0f1d9534 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -8,9 +8,9 @@ */ #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include "internal/cryptlib.h" -#include "statem_locl.h" +#include "statem_local.h" EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index a4cdc81d68b9..a0ba18efa704 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -10,9 +10,9 @@ /* Custom extension utility functions */ #include -#include "../ssl_locl.h" +#include "../ssl_local.h" #include "internal/cryptlib.h" -#include "statem_locl.h" +#include "statem_local.h" typedef struct { void *add_arg; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ab5453f63ecc..3b07c6b940f4 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,8 +8,8 @@ */ #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #define COOKIE_STATE_FORMAT_VERSION 0 @@ -127,6 +127,10 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, return 0; } + /* + * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3 + * we always use the SNI value from the handshake. + */ if (!s->hit || SSL_IS_TLS13(s)) { if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, @@ -155,8 +159,12 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, } s->servername_done = 1; - } - if (s->hit) { + } else { + /* + * In TLSv1.2 and below we should check if the SNI is consistent between + * the initial handshake and the resumption. In TLSv1.3 SNI is not + * associated with the session. + */ /* * TODO(openssl-team): if the SNI doesn't match, we MUST * fall back to a full handshake. @@ -164,9 +172,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, strlen(s->session->ext.hostname)); - - if (!s->servername_done && s->session->ext.hostname != NULL) - s->ext.early_data_ok = 0; } return 1; @@ -1330,8 +1335,14 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - if (s->hit || s->servername_done != 1 - || s->ext.hostname == NULL) + if (s->servername_done != 1) + return EXT_RETURN_NOT_SENT; + + /* + * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming. + * We just use the servername from the initial handshake. + */ + if (s->hit && !SSL_IS_TLS13(s)) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e3c5ec003874..20f5bd584e6c 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -9,8 +9,8 @@ #include "internal/cryptlib.h" #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include /* diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 6410414fb64a..64e392cfbfc7 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -12,8 +12,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include #include #include diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index b016fa7cff74..8e3fb686ee27 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -10,8 +10,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #include #include diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 22e9f0490e2d..43d6fd5de941 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -11,8 +11,8 @@ #include #include #include -#include "../ssl_locl.h" -#include "statem_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" #include "internal/cryptlib.h" #include #include @@ -169,17 +169,17 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs, void **hdata, size_t *hdatalen) { #ifdef CHARSET_EBCDIC - static const char *servercontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00 }; - static const char *clientcontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, + static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00 }; #else - static const char *servercontext = "TLS 1.3, server CertificateVerify"; - static const char *clientcontext = "TLS 1.3, client CertificateVerify"; + static const char servercontext[] = "TLS 1.3, server CertificateVerify"; + static const char clientcontext[] = "TLS 1.3, client CertificateVerify"; #endif if (SSL_IS_TLS13(s)) { size_t hashlen; @@ -844,9 +844,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } } else { + /* TLS 1.3 gets the secret size from the handshake md */ + size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, - &s->session->master_key_length)) { + &dummy)) { /* SSLfatal() already called */ return MSG_PROCESS_ERROR; } @@ -1033,14 +1035,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) int cleanuphand = s->statem.cleanuphand; if (clearbufs) { - if (!SSL_IS_DTLS(s)) { + if (!SSL_IS_DTLS(s) +#ifndef OPENSSL_NO_SCTP /* - * We don't do this in DTLS because we may still need the init_buf + * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS + * messages that require it. Therefore, DTLS procedures for retransmissions + * MUST NOT be used. + * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. + */ + || BIO_dgram_is_sctp(SSL_get_wbio(s)) +#endif + ) { + /* + * We don't do this in DTLS over UDP because we may still need the init_buf * in case there are any unexpected retransmits */ BUF_MEM_free(s->init_buf); s->init_buf = NULL; } + if (!ssl_free_wbio_buffer(s)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_local.h similarity index 100% rename from ssl/statem/statem_locl.h rename to ssl/statem/statem_local.h diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 8cf9c40d15c0..14cb27e6db01 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -10,9 +10,9 @@ */ #include -#include "../ssl_locl.h" -#include "statem_locl.h" -#include "internal/constant_time_locl.h" +#include "../ssl_local.h" +#include "statem_local.h" +#include "internal/constant_time.h" #include "internal/cryptlib.h" #include #include @@ -23,9 +23,24 @@ #include #include #include +#include #define TICKET_NONCE_SIZE 8 +typedef struct { + ASN1_TYPE *kxBlob; + ASN1_TYPE *opaqueBlob; +} GOST_KX_MESSAGE; + +DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE) + +ASN1_SEQUENCE(GOST_KX_MESSAGE) = { + ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY), + ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY), +} ASN1_SEQUENCE_END(GOST_KX_MESSAGE) + +IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE) + static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt); /* @@ -728,7 +743,15 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst) case TLS_ST_SW_CHANGE: if (SSL_IS_TLS13(s)) break; - s->session->cipher = s->s3->tmp.new_cipher; + /* Writes to s->session are only safe for initial handshakes */ + if (s->session->cipher == NULL) { + s->session->cipher = s->s3->tmp.new_cipher; + } else if (s->session->cipher != s->s3->tmp.new_cipher) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_OSSL_STATEM_SERVER_PRE_WORK, + ERR_R_INTERNAL_ERROR); + return WORK_ERROR; + } if (!s->method->ssl3_enc->setup_key_block(s)) { /* SSLfatal() already called */ return WORK_ERROR; @@ -932,9 +955,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst) } #endif if (SSL_IS_TLS13(s)) { + /* TLS 1.3 gets the secret size from the handshake md */ + size_t dummy; if (!s->method->ssl3_enc->generate_master_secret(s, s->master_secret, s->handshake_secret, 0, - &s->session->master_key_length) + &dummy) || !s->method->ssl3_enc->change_cipher_state(s, SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) /* SSLfatal() already called */ @@ -3320,9 +3345,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) const unsigned char *start; size_t outlen = 32, inlen; unsigned long alg_a; - unsigned int asn1id, asn1len; + GOST_KX_MESSAGE *pKX = NULL; + const unsigned char *ptr; int ret = 0; - PACKET encdata; /* Get our certificate private key */ alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3363,42 +3388,33 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0) ERR_clear_error(); } - /* Decrypt session key */ - if (!PACKET_get_1(pkt, &asn1id) - || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) - || !PACKET_peek_1(pkt, &asn1len)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (asn1len == 0x81) { - /* - * Long form length. Should only be one byte of length. Anything else - * isn't supported. - * We did a successful peek before so this shouldn't fail - */ - if (!PACKET_forward(pkt, 1)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } - } else if (asn1len >= 0x80) { - /* - * Indefinite length, or more than one long form length bytes. We don't - * support it - */ - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, - SSL_R_DECRYPTION_FAILED); - goto err; - } /* else short form length */ - if (!PACKET_as_length_prefixed_1(pkt, &encdata)) { - SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + ptr = PACKET_data(pkt); + /* Some implementations provide extra data in the opaqueBlob + * We have nothing to do with this blob so we just skip it */ + pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt)); + if (pKX == NULL + || pKX->kxBlob == NULL + || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) { + SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } + + if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, SSL_R_DECRYPTION_FAILED); goto err; } - inlen = PACKET_remaining(&encdata); - start = PACKET_data(&encdata); + + if (PACKET_remaining(pkt) != 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST, + SSL_R_DECRYPTION_FAILED); + goto err; + } + + inlen = pKX->kxBlob->value.sequence->length; + start = pKX->kxBlob->value.sequence->data; if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start, inlen) <= 0) { @@ -3420,6 +3436,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt) ret = 1; err: EVP_PKEY_CTX_free(pkey_ctx); + GOST_KX_MESSAGE_free(pKX); return ret; #else /* Should never happen */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 57fb17a66031..c85c0b0310e1 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -9,7 +9,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include #include #include @@ -466,7 +466,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned char hash[EVP_MAX_MD_SIZE * 2]; size_t hashlen; /* - * Digest cached records keeping record buffer (if present): this wont + * Digest cached records keeping record buffer (if present): this won't * affect client auth because we're freezing the buffer at the same * point (after client key exchange and before certificate verify) */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b482019c4c17..a254fd5a0559 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,10 +18,11 @@ #include #include #include "internal/nelem.h" -#include "ssl_locl.h" +#include "ssl_local.h" #include static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); +static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_enc, @@ -849,8 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) } /* - * Return a signature algorithm for TLS < 1.2 where the signature type - * is fixed by the certificate type. + * Returns a signature algorithm when the peer did not send a list of supported + * signature algorithms. The signature algorithm is fixed for the certificate + * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the + * certificate type from |s| will be used. + * Returns the signature algorithm to use, or NULL on error. */ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) { @@ -893,8 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) if (!tls1_lookup_md(lu, NULL)) return NULL; + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) + return NULL; return lu; } + if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg)) + return NULL; return &legacy_rsa_sigalg; } /* Set peer sigalg based key type */ @@ -983,6 +991,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve) } #endif +/* + * Return the number of security bits for the signature algorithm, or 0 on + * error. + */ +static int sigalg_security_bits(const SIGALG_LOOKUP *lu) +{ + const EVP_MD *md = NULL; + int secbits = 0; + + if (!tls1_lookup_md(lu, &md)) + return 0; + if (md != NULL) + { + /* Security bits: half digest bits */ + secbits = EVP_MD_size(md) * 4; + } else { + /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */ + if (lu->sigalg == TLSEXT_SIGALG_ed25519) + secbits = 128; + else if (lu->sigalg == TLSEXT_SIGALG_ed448) + secbits = 224; + } + return secbits; +} + /* * Check signature algorithm is consistent with sent supported signature * algorithms and if so set relevant digest and signature scheme in @@ -996,6 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) size_t sent_sigslen, i, cidx; int pkeyid = EVP_PKEY_id(pkey); const SIGALG_LOOKUP *lu; + int secbits = 0; /* Should never happen */ if (pkeyid == -1) @@ -1097,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSL_R_UNKNOWN_DIGEST); return 0; } - if (md != NULL) { - /* - * Make sure security callback allows algorithm. For historical - * reasons we have to pass the sigalg as a two byte char array. - */ - sigalgstr[0] = (sig >> 8) & 0xff; - sigalgstr[1] = sig & 0xff; - if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, - EVP_MD_size(md) * 4, EVP_MD_type(md), - (void *)sigalgstr)) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, - SSL_R_WRONG_SIGNATURE_TYPE); - return 0; - } + /* + * Make sure security callback allows algorithm. For historical + * reasons we have to pass the sigalg as a two byte char array. + */ + sigalgstr[0] = (sig >> 8) & 0xff; + sigalgstr[1] = sig & 0xff; + secbits = sigalg_security_bits(lu); + if (secbits == 0 || + !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits, + md != NULL ? EVP_MD_type(md) : NID_undef, + (void *)sigalgstr)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; } /* Store the sigalg the peer uses */ s->s3->tmp.peer_sigalg = lu; @@ -1176,7 +1210,7 @@ int ssl_set_client_disabled(SSL *s) * * Returns 1 when it's disabled, 0 when enabled. */ -int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe) +int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe) { if (c->algorithm_mkey & s->s3->tmp.mask_k || c->algorithm_auth & s->s3->tmp.mask_a) @@ -1556,7 +1590,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, } /* Check to see if a signature algorithm is allowed */ -static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) +static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) { unsigned char sigalgstr[2]; int secbits; @@ -1617,11 +1651,8 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) } } - if (lu->hash == NID_undef) - return 1; - /* Security bits: half digest bits */ - secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4; /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; sigalgstr[1] = lu->sigalg & 0xff; return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); @@ -2774,6 +2805,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) #endif break; } +#ifndef OPENSSL_NO_GOST + /* + * Some Windows-based implementations do not send GOST algorithms indication + * in supported_algorithms extension, so when we have GOST-based ciphersuite, + * we have to assume GOST support. + */ + if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) { + if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { + if (!fatalerrs) + return 1; + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, + SSL_F_TLS_CHOOSE_SIGALG, + SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); + return 0; + } else { + i = 0; + sig_idx = lu->sig_idx; + } + } +#endif if (i == s->shared_sigalgslen) { if (!fatalerrs) return 1; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index be3039af3822..5c84339314cd 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -7,7 +7,7 @@ * https://www.openssl.org/source/license.html */ -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SSL_TRACE @@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server, while (clen > 0) { if (!ssl_print_certificate(bio, indent + 2, &msg, &clen)) return 0; - if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE, - &msg, &clen)) + if (SSL_IS_TLS13(ssl) + && !ssl_print_extensions(bio, indent + 2, server, + SSL3_MT_CERTIFICATE, &msg, &clen)) return 0; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index b5f57a02f747..86754dc9677c 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,7 @@ */ #include -#include "ssl_locl.h" +#include "ssl_local.h" #include "internal/cryptlib.h" #include #include @@ -44,7 +44,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, * prefix and label + bytes for the label itself + 1 byte length of hash * + bytes for the hash itself */ - unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + + unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index f94e46b4e872..ede7427ff89d 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -14,7 +14,7 @@ #include #include #include -#include "ssl_locl.h" +#include "ssl_local.h" #ifndef OPENSSL_NO_SRP # include

, B and B. For a curve over Fp B -is the prime for the field. For a curve over F2^m B