MFH
Sponsored by: The FreeBSD Foundation
This commit is contained in:
commit
c8296cbb96
@ -70,7 +70,15 @@ recurse_body()
|
||||
echo -e "cod\ndover sole\nhaddock\nhalibut\npilchard" > recurse/d/fish
|
||||
echo -e "cod\nhaddock\nplaice" > recurse/a/f/favourite-fish
|
||||
|
||||
# Begin FreeBSD
|
||||
if true; then
|
||||
atf_check -o file:"$(atf_get_srcdir)/d_recurse.out" -x "grep -r haddock recurse | sort"
|
||||
else
|
||||
# End FreeBSD
|
||||
atf_check -o file:"$(atf_get_srcdir)/d_recurse.out" grep -r haddock recurse
|
||||
# Begin FreeBSD
|
||||
fi
|
||||
# End FreeBSD
|
||||
}
|
||||
|
||||
atf_test_case recurse_symlink
|
||||
|
@ -1,30 +1,2 @@
|
||||
The OpenSSL project depends on volunteer efforts and financial support from
|
||||
the end user community. That support comes in the form of donations and paid
|
||||
sponsorships, software support contracts, paid consulting services
|
||||
and commissioned software development.
|
||||
|
||||
Since all these activities support the continued development and improvement
|
||||
of OpenSSL we consider all these clients and customers as sponsors of the
|
||||
OpenSSL project.
|
||||
|
||||
We would like to identify and thank the following such sponsors for their past
|
||||
or current significant support of the OpenSSL project:
|
||||
|
||||
Major support:
|
||||
|
||||
Qualys http://www.qualys.com/
|
||||
|
||||
Very significant support:
|
||||
|
||||
OpenGear: http://www.opengear.com/
|
||||
|
||||
Significant support:
|
||||
|
||||
PSW Group: http://www.psw.net/
|
||||
Acano Ltd. http://acano.com/
|
||||
|
||||
Please note that we ask permission to identify sponsors and that some sponsors
|
||||
we consider eligible for inclusion here have requested to remain anonymous.
|
||||
|
||||
Additional sponsorship or financial support is always welcome: for more
|
||||
information please contact the OpenSSL Software Foundation.
|
||||
Please https://www.openssl.org/community/thanks.html for the current
|
||||
acknowledgements.
|
||||
|
@ -2,6 +2,54 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
|
||||
|
||||
*) DH small subgroups
|
||||
|
||||
Historically OpenSSL only ever generated DH parameters based on "safe"
|
||||
primes. More recently (in version 1.0.2) support was provided for
|
||||
generating X9.42 style parameter files such as those required for RFC 5114
|
||||
support. The primes used in such files may not be "safe". Where an
|
||||
application is using DH configured with parameters based on primes that are
|
||||
not "safe" then an attacker could use this fact to find a peer's private
|
||||
DH exponent. This attack requires that the attacker complete multiple
|
||||
handshakes in which the peer uses the same private DH exponent. For example
|
||||
this could be used to discover a TLS server's private DH exponent if it's
|
||||
reusing the private DH exponent or it's using a static DH ciphersuite.
|
||||
|
||||
OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
|
||||
TLS. It is not on by default. If the option is not set then the server
|
||||
reuses the same private DH exponent for the life of the server process and
|
||||
would be vulnerable to this attack. It is believed that many popular
|
||||
applications do set this option and would therefore not be at risk.
|
||||
|
||||
The fix for this issue adds an additional check where a "q" parameter is
|
||||
available (as is the case in X9.42 based parameters). This detects the
|
||||
only known attack, and is the only possible defense for static DH
|
||||
ciphersuites. This could have some performance impact.
|
||||
|
||||
Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
|
||||
default and cannot be disabled. This could have some performance impact.
|
||||
|
||||
This issue was reported to OpenSSL by Antonio Sanso (Adobe).
|
||||
(CVE-2016-0701)
|
||||
[Matt Caswell]
|
||||
|
||||
*) SSLv2 doesn't block disabled ciphers
|
||||
|
||||
A malicious client can negotiate SSLv2 ciphers that have been disabled on
|
||||
the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
|
||||
been disabled, provided that the SSLv2 protocol was not also disabled via
|
||||
SSL_OP_NO_SSLv2.
|
||||
|
||||
This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
|
||||
and Sebastian Schinzel.
|
||||
(CVE-2015-3197)
|
||||
[Viktor Dukhovni]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 1024 bits.
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
|
||||
|
||||
*) BN_mod_exp may produce incorrect results on x86_64
|
||||
|
@ -124,6 +124,9 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali
|
||||
# -Wextended-offsetof
|
||||
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
|
||||
|
||||
# Warn that "make depend" should be run?
|
||||
my $warn_make_depend = 0;
|
||||
|
||||
my $strict_warnings = 0;
|
||||
|
||||
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
|
||||
@ -1513,7 +1516,7 @@ if ($target =~ /\-icc$/) # Intel C compiler
|
||||
# linker only when --prefix is not /usr.
|
||||
if ($target =~ /^BSD\-/)
|
||||
{
|
||||
$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
|
||||
}
|
||||
|
||||
if ($sys_id ne "")
|
||||
@ -2028,14 +2031,8 @@ EOF
|
||||
&dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
|
||||
}
|
||||
if ($depflags ne $default_depflags && !$make_depend) {
|
||||
print <<EOF;
|
||||
|
||||
Since you've disabled or enabled at least one algorithm, you need to do
|
||||
the following before building:
|
||||
|
||||
make depend
|
||||
EOF
|
||||
}
|
||||
$warn_make_depend++;
|
||||
}
|
||||
}
|
||||
|
||||
# create the ms/version32.rc file if needed
|
||||
@ -2114,12 +2111,18 @@ EOF
|
||||
|
||||
print <<\EOF if ($no_shared_warn);
|
||||
|
||||
You gave the option 'shared'. Normally, that would give you shared libraries.
|
||||
Unfortunately, the OpenSSL configuration doesn't include shared library support
|
||||
for this platform yet, so it will pretend you gave the option 'no-shared'. If
|
||||
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
|
||||
libraries on this platform, they will at least look at it and try their best
|
||||
(but please first make sure you have tried with a current version of OpenSSL).
|
||||
You gave the option 'shared', which is not supported on this platform, so
|
||||
we will pretend you gave the option 'no-shared'. If you know how to implement
|
||||
shared libraries, please let us know (but please first make sure you have
|
||||
tried with a current version of OpenSSL).
|
||||
EOF
|
||||
|
||||
print <<EOF if ($warn_make_depend);
|
||||
|
||||
*** Because of configuration changes, you MUST do the following before
|
||||
*** building:
|
||||
|
||||
make depend
|
||||
EOF
|
||||
|
||||
exit(0);
|
||||
|
@ -164,10 +164,10 @@
|
||||
standard headers). If it is a problem with OpenSSL itself, please
|
||||
report the problem to <openssl-bugs@openssl.org> (note that your
|
||||
message will be recorded in the request tracker publicly readable
|
||||
via http://www.openssl.org/support/rt.html and will be forwarded to a
|
||||
public mailing list). Include the output of "make report" in your message.
|
||||
Please check out the request tracker. Maybe the bug was already
|
||||
reported or has already been fixed.
|
||||
at https://www.openssl.org/community/index.html#bugs and will be
|
||||
forwarded to a public mailing list). Include the output of "make
|
||||
report" in your message. Please check out the request tracker. Maybe
|
||||
the bug was already reported or has already been fixed.
|
||||
|
||||
[If you encounter assembler error messages, try the "no-asm"
|
||||
configuration option as an immediate fix.]
|
||||
|
@ -12,7 +12,7 @@
|
||||
---------------
|
||||
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
|
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.2e
|
||||
VERSION=1.0.2f
|
||||
MAJOR=1
|
||||
MINOR=0.2
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@ -182,8 +182,7 @@ SHARED_LDFLAGS=
|
||||
GENERAL= Makefile
|
||||
BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
TARFILE= ../$(NAME).tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
@ -501,38 +500,35 @@ TABLE: Configure
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
|
||||
--owner openssl:0 --group openssl:0 \
|
||||
--transform 's|^|openssl-$(VERSION)/|' \
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
|
||||
--owner 0 --group 0 \
|
||||
--transform 's|^|$(NAME)/|' \
|
||||
-cvf -
|
||||
|
||||
../$(TARFILE).list:
|
||||
$(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\! -name '*test' \! -name '.#*' \! -name '*~' \
|
||||
| sort > ../$(TARFILE).list
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: ../$(TARFILE).list
|
||||
tar: $(TARFILE).list
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE).gz
|
||||
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE).gz
|
||||
|
||||
tar-snap: ../$(TARFILE).list
|
||||
$(TAR_COMMAND) > ../$(TARFILE)
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE)
|
||||
tar-snap: $(TARFILE).list
|
||||
$(TAR_COMMAND) > $(TARFILE)
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
install: all install_docs install_sw
|
||||
|
||||
|
@ -180,8 +180,7 @@ SHARED_LDFLAGS=
|
||||
GENERAL= Makefile
|
||||
BASENAME= openssl
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
TARFILE= ../$(NAME).tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
@ -499,38 +498,35 @@ TABLE: Configure
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
|
||||
# tar does not support the --files-from option.
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list \
|
||||
--owner openssl:0 --group openssl:0 \
|
||||
--transform 's|^|openssl-$(VERSION)/|' \
|
||||
TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
|
||||
--owner 0 --group 0 \
|
||||
--transform 's|^|$(NAME)/|' \
|
||||
-cvf -
|
||||
|
||||
../$(TARFILE).list:
|
||||
$(TARFILE).list:
|
||||
find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
|
||||
\! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \
|
||||
\! -name '*test' \! -name '.#*' \! -name '*~' \
|
||||
| sort > ../$(TARFILE).list
|
||||
\( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
|
||||
\! -name '.#*' \! -name '*~' \! -type l \
|
||||
| sort > $(TARFILE).list
|
||||
|
||||
tar: ../$(TARFILE).list
|
||||
tar: $(TARFILE).list
|
||||
find . -type d -print | xargs chmod 755
|
||||
find . -type f -print | xargs chmod a+r
|
||||
find . -type f -perm -0100 -print | xargs chmod a+x
|
||||
$(TAR_COMMAND) | gzip --best >../$(TARFILE).gz
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE).gz
|
||||
$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE).gz
|
||||
|
||||
tar-snap: ../$(TARFILE).list
|
||||
$(TAR_COMMAND) > ../$(TARFILE)
|
||||
rm -f ../$(TARFILE).list
|
||||
ls -l ../$(TARFILE)
|
||||
tar-snap: $(TARFILE).list
|
||||
$(TAR_COMMAND) > $(TARFILE)
|
||||
rm -f $(TARFILE).list
|
||||
ls -l $(TARFILE)
|
||||
|
||||
dist:
|
||||
$(PERL) Configure dist
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='$(SDIRS)' clean
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
|
||||
@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
|
||||
|
||||
install: all install_docs install_sw
|
||||
|
||||
|
@ -5,6 +5,11 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
|
||||
|
||||
o DH small subgroups (CVE-2016-0701)
|
||||
o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
|
||||
|
||||
Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
|
||||
|
||||
o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.2e 3 Dec 2015
|
||||
OpenSSL 1.0.2f 28 Jan 2016
|
||||
|
||||
Copyright (c) 1998-2015 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
@ -90,11 +90,12 @@
|
||||
|
||||
In order to avoid spam, this is a moderated mailing list, and it might
|
||||
take a day for the ticket to show up. (We also scan posts to make sure
|
||||
that security disclosures aren't publically posted by mistake.) Mail to
|
||||
this address is recorded in the public RT (request tracker) database (see
|
||||
https://www.openssl.org/support/rt.html for details) and also forwarded
|
||||
the public openssl-dev mailing list. Confidential mail may be sent to
|
||||
openssl-security@openssl.org (PGP key available from the key servers).
|
||||
that security disclosures aren't publically posted by mistake.) Mail
|
||||
to this address is recorded in the public RT (request tracker) database
|
||||
(see https://www.openssl.org/community/index.html#bugs for details) and
|
||||
also forwarded the public openssl-dev mailing list. Confidential mail
|
||||
may be sent to openssl-security@openssl.org (PGP key available from the
|
||||
key servers).
|
||||
|
||||
Please do NOT use this for general assistance or support queries.
|
||||
Just because something doesn't work the way you expect does not mean it
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/* apps/engine.c */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
|
||||
bs = OCSP_BASICRESP_new();
|
||||
thisupd = X509_gmtime_adj(NULL, 0);
|
||||
if (ndays != -1)
|
||||
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
|
||||
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
|
||||
|
||||
/* Examine each certificate id in the request */
|
||||
for (i = 0; i < id_count; i++) {
|
||||
|
@ -79,7 +79,8 @@ const EVP_CIPHER *enc;
|
||||
# define CLCERTS 0x8
|
||||
# define CACERTS 0x10
|
||||
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain);
|
||||
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
|
||||
int options, char *pempass);
|
||||
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
|
||||
@ -594,7 +595,7 @@ int MAIN(int argc, char **argv)
|
||||
vret = get_cert_chain(ucert, store, &chain2);
|
||||
X509_STORE_free(store);
|
||||
|
||||
if (!vret) {
|
||||
if (vret == X509_V_OK) {
|
||||
/* Exclude verified certificate */
|
||||
for (i = 1; i < sk_X509_num(chain2); i++)
|
||||
sk_X509_push(certs, sk_X509_value(chain2, i));
|
||||
@ -602,7 +603,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_free(sk_X509_value(chain2, 0));
|
||||
sk_X509_free(chain2);
|
||||
} else {
|
||||
if (vret >= 0)
|
||||
if (vret != X509_V_ERR_UNSPECIFIED)
|
||||
BIO_printf(bio_err, "Error %s getting chain.\n",
|
||||
X509_verify_cert_error_string(vret));
|
||||
else
|
||||
@ -906,36 +907,25 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
|
||||
|
||||
/* Given a single certificate return a verified chain or NULL if error */
|
||||
|
||||
/* Hope this is OK .... */
|
||||
|
||||
int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
|
||||
static int get_cert_chain(X509 *cert, X509_STORE *store,
|
||||
STACK_OF(X509) **chain)
|
||||
{
|
||||
X509_STORE_CTX store_ctx;
|
||||
STACK_OF(X509) *chn;
|
||||
STACK_OF(X509) *chn = NULL;
|
||||
int i = 0;
|
||||
|
||||
/*
|
||||
* FIXME: Should really check the return status of X509_STORE_CTX_init
|
||||
* for an error, but how that fits into the return value of this function
|
||||
* is less obvious.
|
||||
*/
|
||||
X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
|
||||
if (X509_verify_cert(&store_ctx) <= 0) {
|
||||
i = X509_STORE_CTX_get_error(&store_ctx);
|
||||
if (i == 0)
|
||||
/*
|
||||
* avoid returning 0 if X509_verify_cert() did not set an
|
||||
* appropriate error value in the context
|
||||
*/
|
||||
i = -1;
|
||||
chn = NULL;
|
||||
goto err;
|
||||
} else
|
||||
if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
|
||||
*chain = NULL;
|
||||
return X509_V_ERR_UNSPECIFIED;
|
||||
}
|
||||
|
||||
if (X509_verify_cert(&store_ctx) > 0)
|
||||
chn = X509_STORE_CTX_get1_chain(&store_ctx);
|
||||
err:
|
||||
else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
|
||||
i = X509_V_ERR_UNSPECIFIED;
|
||||
|
||||
X509_STORE_CTX_cleanup(&store_ctx);
|
||||
*chain = chn;
|
||||
|
||||
return i;
|
||||
}
|
||||
|
||||
|
@ -74,10 +74,11 @@ static void usage(void);
|
||||
|
||||
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
|
||||
char *keyfile, int keyform, int key_type,
|
||||
char *passargin, int pkey_op, ENGINE *e);
|
||||
char *passargin, int pkey_op, ENGINE *e,
|
||||
int impl);
|
||||
|
||||
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
|
||||
const char *file);
|
||||
const char *file, ENGINE* e);
|
||||
|
||||
static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
|
||||
unsigned char *out, size_t *poutlen,
|
||||
@ -97,6 +98,7 @@ int MAIN(int argc, char **argv)
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
char *passargin = NULL;
|
||||
int keysize = -1;
|
||||
int engine_impl = 0;
|
||||
|
||||
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
|
||||
size_t buf_outlen;
|
||||
@ -137,7 +139,7 @@ int MAIN(int argc, char **argv)
|
||||
else {
|
||||
ctx = init_ctx(&keysize,
|
||||
*(++argv), keyform, key_type,
|
||||
passargin, pkey_op, e);
|
||||
passargin, pkey_op, e, engine_impl);
|
||||
if (!ctx) {
|
||||
BIO_puts(bio_err, "Error initializing context\n");
|
||||
ERR_print_errors(bio_err);
|
||||
@ -147,7 +149,7 @@ int MAIN(int argc, char **argv)
|
||||
} else if (!strcmp(*argv, "-peerkey")) {
|
||||
if (--argc < 1)
|
||||
badarg = 1;
|
||||
else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
|
||||
else if (!setup_peer(bio_err, ctx, peerform, *(++argv), e))
|
||||
badarg = 1;
|
||||
} else if (!strcmp(*argv, "-passin")) {
|
||||
if (--argc < 1)
|
||||
@ -171,6 +173,8 @@ int MAIN(int argc, char **argv)
|
||||
badarg = 1;
|
||||
else
|
||||
e = setup_engine(bio_err, *(++argv), 0);
|
||||
} else if (!strcmp(*argv, "-engine_impl")) {
|
||||
engine_impl = 1;
|
||||
}
|
||||
#endif
|
||||
else if (!strcmp(*argv, "-pubin"))
|
||||
@ -368,7 +372,8 @@ static void usage()
|
||||
BIO_printf(bio_err, "-hexdump hex dump output\n");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
"-engine e use engine e, possibly a hardware device.\n");
|
||||
"-engine e use engine e, maybe a hardware device, for loading keys.\n");
|
||||
BIO_printf(bio_err, "-engine_impl also use engine given by -engine for crypto operations\n");
|
||||
#endif
|
||||
BIO_printf(bio_err, "-passin arg pass phrase source\n");
|
||||
|
||||
@ -376,10 +381,12 @@ static void usage()
|
||||
|
||||
static EVP_PKEY_CTX *init_ctx(int *pkeysize,
|
||||
char *keyfile, int keyform, int key_type,
|
||||
char *passargin, int pkey_op, ENGINE *e)
|
||||
char *passargin, int pkey_op, ENGINE *e,
|
||||
int engine_impl)
|
||||
{
|
||||
EVP_PKEY *pkey = NULL;
|
||||
EVP_PKEY_CTX *ctx = NULL;
|
||||
ENGINE *impl = NULL;
|
||||
char *passin = NULL;
|
||||
int rv = -1;
|
||||
X509 *x;
|
||||
@ -418,9 +425,14 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
|
||||
|
||||
if (!pkey)
|
||||
goto end;
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, e);
|
||||
|
||||
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
if (engine_impl)
|
||||
impl = e;
|
||||
#endif
|
||||
|
||||
ctx = EVP_PKEY_CTX_new(pkey, impl);
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
if (!ctx)
|
||||
@ -467,16 +479,20 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
|
||||
}
|
||||
|
||||
static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
|
||||
const char *file)
|
||||
const char *file, ENGINE* e)
|
||||
{
|
||||
EVP_PKEY *peer = NULL;
|
||||
ENGINE* engine = NULL;
|
||||
int ret;
|
||||
if (!ctx) {
|
||||
BIO_puts(err, "-peerkey command before -inkey\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
|
||||
if (peerform == FORMAT_ENGINE)
|
||||
engine = e;
|
||||
|
||||
peer = load_pubkey(bio_err, file, peerform, 0, NULL, engine, "Peer Key");
|
||||
|
||||
if (!peer) {
|
||||
BIO_printf(bio_err, "Error reading peer key %s\n", file);
|
||||
|
@ -308,7 +308,7 @@ static void sc_usage(void)
|
||||
" -connect host:port - who to connect to (default is %s:%s)\n",
|
||||
SSL_HOST_NAME, PORT_STR);
|
||||
BIO_printf(bio_err,
|
||||
" -verify_host host - check peer certificate matches \"host\"\n");
|
||||
" -verify_hostname host - check peer certificate matches \"host\"\n");
|
||||
BIO_printf(bio_err,
|
||||
" -verify_email email - check peer certificate matches \"email\"\n");
|
||||
BIO_printf(bio_err,
|
||||
|
@ -498,7 +498,7 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err,
|
||||
" -accept arg - port to accept on (default is %d)\n", PORT);
|
||||
BIO_printf(bio_err,
|
||||
" -verify_host host - check peer certificate matches \"host\"\n");
|
||||
" -verify_hostname host - check peer certificate matches \"host\"\n");
|
||||
BIO_printf(bio_err,
|
||||
" -verify_email email - check peer certificate matches \"email\"\n");
|
||||
BIO_printf(bio_err,
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* apps/speed.c */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
|
||||
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
|
||||
goto err;
|
||||
|
||||
/* Lets just make it 12:00am GMT, Jan 1 1970 */
|
||||
/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
|
||||
/* 28 days to be certified */
|
||||
|
||||
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
|
||||
NULL)
|
||||
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!X509_set_pubkey(x, pkey))
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_cbc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_cfb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_core.c */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_ctr.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_ecb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_ige.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_misc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_ofb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/aes/aes_core.c */
|
||||
/**
|
||||
* rijndael-alg-fst.c
|
||||
*
|
||||
|
@ -63,7 +63,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -94,7 +94,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
|
||||
$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
`ml64 2>&1` =~ /Version ([0-9]+)\./ &&
|
||||
$1>=10);
|
||||
$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
|
||||
$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
|
||||
|
||||
$shaext=1; ### set to zero if compiling for 1.0.1
|
||||
|
||||
|
@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=12);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
|
||||
# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
|
||||
# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
|
||||
# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
|
||||
# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL)
|
||||
|
||||
# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
|
||||
|
||||
/* BIO_s_accept_socket() */
|
||||
/* BIO_s_accept() */
|
||||
# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
|
||||
# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
|
||||
/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
|
||||
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
|
||||
# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
|
||||
|
||||
/* BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_do_connect(b) BIO_do_handshake(b)
|
||||
# define BIO_do_accept(b) BIO_do_handshake(b)
|
||||
# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
|
||||
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
|
||||
# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
|
||||
# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
|
||||
|
||||
/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
|
||||
# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
|
||||
# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
|
||||
|
||||
/* BIO_s_file() */
|
||||
# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
|
||||
# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
|
||||
|
||||
/* BIO_s_fd() and BIO_s_file() */
|
||||
# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
|
||||
# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* crypto/bio/bss_bio.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
{
|
||||
BIO *dbio;
|
||||
int *ip;
|
||||
const char **pptr;
|
||||
const char **pptr = NULL;
|
||||
long ret = 1;
|
||||
BIO_CONNECT *data;
|
||||
|
||||
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_C_GET_CONNECT:
|
||||
if (ptr != NULL) {
|
||||
pptr = (const char **)ptr;
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
}
|
||||
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else if (num == 3) {
|
||||
*((int *)ptr) = data->port;
|
||||
if (b->init) {
|
||||
if (pptr != NULL) {
|
||||
ret = 1;
|
||||
if (num == 0) {
|
||||
*pptr = data->param_hostname;
|
||||
} else if (num == 1) {
|
||||
*pptr = data->param_port;
|
||||
} else if (num == 2) {
|
||||
*pptr = (char *)&(data->ip[0]);
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
if ((!b->init) || (ptr == NULL))
|
||||
if (num == 3) {
|
||||
ret = data->port;
|
||||
}
|
||||
} else {
|
||||
if (pptr != NULL)
|
||||
*pptr = "not initialized";
|
||||
ret = 1;
|
||||
ret = 0;
|
||||
}
|
||||
break;
|
||||
case BIO_C_SET_CONNECT:
|
||||
|
@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
switch (cmd) {
|
||||
case BIO_CTRL_RESET:
|
||||
num = 0;
|
||||
case BIO_C_FILE_SEEK:
|
||||
ret = 0;
|
||||
break;
|
||||
case BIO_C_FILE_TELL:
|
||||
case BIO_CTRL_INFO:
|
||||
ret = 0;
|
||||
break;
|
||||
|
@ -113,7 +113,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -68,7 +68,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -53,7 +53,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$addx = ($ver>=3.03);
|
||||
}
|
||||
|
@ -282,9 +282,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
|
||||
if (bits == 0) {
|
||||
ret = BN_one(r);
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(r);
|
||||
} else {
|
||||
ret = BN_one(r);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -418,7 +423,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
bits = BN_num_bits(p);
|
||||
if (bits == 0) {
|
||||
ret = BN_one(rr);
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else {
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -639,7 +650,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
|
||||
* precomputation memory layout to limit data-dependency to a minimum to
|
||||
* protect secret exponents (cf. the hyper-threading timing attacks pointed
|
||||
* out by Colin Percival,
|
||||
* http://www.daemong-consideredperthreading-considered-harmful/)
|
||||
* http://www.daemonology.net/hyperthreading-considered-harmful/)
|
||||
*/
|
||||
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx,
|
||||
@ -671,7 +682,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
if (bits == 0) {
|
||||
ret = BN_one(rr);
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else {
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1182,8 +1199,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(rr);
|
||||
} else
|
||||
} else {
|
||||
ret = BN_one(rr);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
if (a == 0) {
|
||||
@ -1297,9 +1315,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
}
|
||||
|
||||
bits = BN_num_bits(p);
|
||||
|
||||
if (bits == 0) {
|
||||
ret = BN_one(r);
|
||||
if (bits == 0) {
|
||||
/* x**0 mod 1 is still zero. */
|
||||
if (BN_is_one(m)) {
|
||||
ret = 1;
|
||||
BN_zero(r);
|
||||
} else {
|
||||
ret = BN_one(r);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -72,6 +72,25 @@
|
||||
static const char rnd_seed[] =
|
||||
"string to make the random number generator think it has entropy";
|
||||
|
||||
/*
|
||||
* Test that r == 0 in test_exp_mod_zero(). Returns one on success,
|
||||
* returns zero and prints debug output otherwise.
|
||||
*/
|
||||
static int a_is_zero_mod_one(const char *method, const BIGNUM *r,
|
||||
const BIGNUM *a) {
|
||||
if (!BN_is_zero(r)) {
|
||||
fprintf(stderr, "%s failed:\n", method);
|
||||
fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n");
|
||||
fprintf(stderr, "a = ");
|
||||
BN_print_fp(stderr, a);
|
||||
fprintf(stderr, "\nr = ");
|
||||
BN_print_fp(stderr, r);
|
||||
fprintf(stderr, "\n");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
|
||||
*/
|
||||
@ -79,8 +98,9 @@ static int test_exp_mod_zero()
|
||||
{
|
||||
BIGNUM a, p, m;
|
||||
BIGNUM r;
|
||||
BN_ULONG one_word = 1;
|
||||
BN_CTX *ctx = BN_CTX_new();
|
||||
int ret = 1;
|
||||
int ret = 1, failed = 0;
|
||||
|
||||
BN_init(&m);
|
||||
BN_one(&m);
|
||||
@ -92,21 +112,65 @@ static int test_exp_mod_zero()
|
||||
BN_zero(&p);
|
||||
|
||||
BN_init(&r);
|
||||
BN_mod_exp(&r, &a, &p, &m, ctx);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
if (BN_is_zero(&r))
|
||||
ret = 0;
|
||||
else {
|
||||
printf("1**0 mod 1 = ");
|
||||
BN_print_fp(stdout, &r);
|
||||
printf(", should be 0\n");
|
||||
if (!BN_rand(&a, 1024, 0, 0))
|
||||
goto err;
|
||||
|
||||
if (!BN_mod_exp(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
|
||||
goto err;
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
|
||||
failed = 1;
|
||||
|
||||
/*
|
||||
* A different codepath exists for single word multiplication
|
||||
* in non-constant-time only.
|
||||
*/
|
||||
if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
|
||||
goto err;
|
||||
|
||||
if (!BN_is_zero(&r)) {
|
||||
fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
|
||||
fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
|
||||
fprintf(stderr, "r = ");
|
||||
BN_print_fp(stderr, &r);
|
||||
fprintf(stderr, "\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
ret = failed;
|
||||
|
||||
err:
|
||||
BN_free(&r);
|
||||
BN_free(&a);
|
||||
BN_free(&p);
|
||||
BN_free(&m);
|
||||
BN_CTX_free(ctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia.c */
|
||||
/* ====================================================================
|
||||
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
|
||||
* ALL RIGHTS RESERVED.
|
||||
@ -67,7 +67,7 @@
|
||||
|
||||
/*
|
||||
* Algorithm Specification
|
||||
* http://info.isl.llia/specicrypt/eng/camellia/specifications.html
|
||||
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia.h */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_cbc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_cfb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_ctr.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_ecb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_locl.h */
|
||||
/* ====================================================================
|
||||
* Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
|
||||
* ALL RIGHTS RESERVED.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_misc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/camellia_ofb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/camellia/cmll_utl.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/des/des_old.c */
|
||||
|
||||
/*-
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/des/des_old.h */
|
||||
|
||||
/*-
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/des/des_old.c */
|
||||
|
||||
/*
|
||||
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
|
||||
|
@ -174,6 +174,7 @@ struct dh_st {
|
||||
/* DH_check_pub_key error codes */
|
||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
||||
# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
|
||||
# define DH_CHECK_PUBKEY_INVALID 0x03
|
||||
|
||||
/*
|
||||
* primes p where (p-1)/2 is prime too are called "safe"; we define this for
|
||||
|
@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
|
||||
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
int ok = 0;
|
||||
BIGNUM *q = NULL;
|
||||
BIGNUM *tmp = NULL;
|
||||
BN_CTX *ctx = NULL;
|
||||
|
||||
*ret = 0;
|
||||
q = BN_new();
|
||||
if (q == NULL)
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
BN_set_word(q, 1);
|
||||
if (BN_cmp(pub_key, q) <= 0)
|
||||
BN_CTX_start(ctx);
|
||||
tmp = BN_CTX_get(ctx);
|
||||
if (tmp == NULL)
|
||||
goto err;
|
||||
BN_set_word(tmp, 1);
|
||||
if (BN_cmp(pub_key, tmp) <= 0)
|
||||
*ret |= DH_CHECK_PUBKEY_TOO_SMALL;
|
||||
BN_copy(q, dh->p);
|
||||
BN_sub_word(q, 1);
|
||||
if (BN_cmp(pub_key, q) >= 0)
|
||||
BN_copy(tmp, dh->p);
|
||||
BN_sub_word(tmp, 1);
|
||||
if (BN_cmp(pub_key, tmp) >= 0)
|
||||
*ret |= DH_CHECK_PUBKEY_TOO_LARGE;
|
||||
|
||||
if (dh->q != NULL) {
|
||||
/* Check pub_key^q == 1 mod p */
|
||||
if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
|
||||
goto err;
|
||||
if (!BN_is_one(tmp))
|
||||
*ret |= DH_CHECK_PUBKEY_INVALID;
|
||||
}
|
||||
|
||||
ok = 1;
|
||||
err:
|
||||
if (q != NULL)
|
||||
BN_free(q);
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
return (ok);
|
||||
}
|
||||
|
@ -471,6 +471,31 @@ static const unsigned char dhtest_2048_256_Z[] = {
|
||||
0xC2, 0x6C, 0x5D, 0x7C
|
||||
};
|
||||
|
||||
static const unsigned char dhtest_rfc5114_2048_224_bad_y[] = {
|
||||
0x45, 0x32, 0x5F, 0x51, 0x07, 0xE5, 0xDF, 0x1C, 0xD6, 0x02, 0x82, 0xB3,
|
||||
0x32, 0x8F, 0xA4, 0x0F, 0x87, 0xB8, 0x41, 0xFE, 0xB9, 0x35, 0xDE, 0xAD,
|
||||
0xC6, 0x26, 0x85, 0xB4, 0xFF, 0x94, 0x8C, 0x12, 0x4C, 0xBF, 0x5B, 0x20,
|
||||
0xC4, 0x46, 0xA3, 0x26, 0xEB, 0xA4, 0x25, 0xB7, 0x68, 0x8E, 0xCC, 0x67,
|
||||
0xBA, 0xEA, 0x58, 0xD0, 0xF2, 0xE9, 0xD2, 0x24, 0x72, 0x60, 0xDA, 0x88,
|
||||
0x18, 0x9C, 0xE0, 0x31, 0x6A, 0xAD, 0x50, 0x6D, 0x94, 0x35, 0x8B, 0x83,
|
||||
0x4A, 0x6E, 0xFA, 0x48, 0x73, 0x0F, 0x83, 0x87, 0xFF, 0x6B, 0x66, 0x1F,
|
||||
0xA8, 0x82, 0xC6, 0x01, 0xE5, 0x80, 0xB5, 0xB0, 0x52, 0xD0, 0xE9, 0xD8,
|
||||
0x72, 0xF9, 0x7D, 0x5B, 0x8B, 0xA5, 0x4C, 0xA5, 0x25, 0x95, 0x74, 0xE2,
|
||||
0x7A, 0x61, 0x4E, 0xA7, 0x8F, 0x12, 0xE2, 0xD2, 0x9D, 0x8C, 0x02, 0x70,
|
||||
0x34, 0x44, 0x32, 0xC7, 0xB2, 0xF3, 0xB9, 0xFE, 0x17, 0x2B, 0xD6, 0x1F,
|
||||
0x8B, 0x7E, 0x4A, 0xFA, 0xA3, 0xB5, 0x3E, 0x7A, 0x81, 0x9A, 0x33, 0x66,
|
||||
0x62, 0xA4, 0x50, 0x18, 0x3E, 0xA2, 0x5F, 0x00, 0x07, 0xD8, 0x9B, 0x22,
|
||||
0xE4, 0xEC, 0x84, 0xD5, 0xEB, 0x5A, 0xF3, 0x2A, 0x31, 0x23, 0xD8, 0x44,
|
||||
0x22, 0x2A, 0x8B, 0x37, 0x44, 0xCC, 0xC6, 0x87, 0x4B, 0xBE, 0x50, 0x9D,
|
||||
0x4A, 0xC4, 0x8E, 0x45, 0xCF, 0x72, 0x4D, 0xC0, 0x89, 0xB3, 0x72, 0xED,
|
||||
0x33, 0x2C, 0xBC, 0x7F, 0x16, 0x39, 0x3B, 0xEB, 0xD2, 0xDD, 0xA8, 0x01,
|
||||
0x73, 0x84, 0x62, 0xB9, 0x29, 0xD2, 0xC9, 0x51, 0x32, 0x9E, 0x7A, 0x6A,
|
||||
0xCF, 0xC1, 0x0A, 0xDB, 0x0E, 0xE0, 0x62, 0x77, 0x6F, 0x59, 0x62, 0x72,
|
||||
0x5A, 0x69, 0xA6, 0x5B, 0x70, 0xCA, 0x65, 0xC4, 0x95, 0x6F, 0x9A, 0xC2,
|
||||
0xDF, 0x72, 0x6D, 0xB1, 0x1E, 0x54, 0x7B, 0x51, 0xB4, 0xEF, 0x7F, 0x89,
|
||||
0x93, 0x74, 0x89, 0x59
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
DH *(*get_param) (void);
|
||||
const unsigned char *xA;
|
||||
@ -503,10 +528,15 @@ static const rfc5114_td rfctd[] = {
|
||||
static int run_rfc5114_tests(void)
|
||||
{
|
||||
int i;
|
||||
DH *dhA = NULL;
|
||||
DH *dhB = NULL;
|
||||
unsigned char *Z1 = NULL;
|
||||
unsigned char *Z2 = NULL;
|
||||
const rfc5114_td *td = NULL;
|
||||
BIGNUM *bady = NULL;
|
||||
|
||||
for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
|
||||
DH *dhA, *dhB;
|
||||
unsigned char *Z1 = NULL, *Z2 = NULL;
|
||||
const rfc5114_td *td = rfctd + i;
|
||||
td = rfctd + i;
|
||||
/* Set up DH structures setting key components */
|
||||
dhA = td->get_param();
|
||||
dhB = td->get_param();
|
||||
@ -549,14 +579,63 @@ static int run_rfc5114_tests(void)
|
||||
DH_free(dhB);
|
||||
OPENSSL_free(Z1);
|
||||
OPENSSL_free(Z2);
|
||||
|
||||
dhA = NULL;
|
||||
dhB = NULL;
|
||||
Z1 = NULL;
|
||||
Z2 = NULL;
|
||||
}
|
||||
|
||||
/* Now i == OSSL_NELEM(rfctd) */
|
||||
/* RFC5114 uses unsafe primes, so now test an invalid y value */
|
||||
dhA = DH_get_2048_224();
|
||||
if (dhA == NULL)
|
||||
goto bad_err;
|
||||
Z1 = OPENSSL_malloc(DH_size(dhA));
|
||||
if (Z1 == NULL)
|
||||
goto bad_err;
|
||||
|
||||
bady = BN_bin2bn(dhtest_rfc5114_2048_224_bad_y,
|
||||
sizeof(dhtest_rfc5114_2048_224_bad_y), NULL);
|
||||
if (bady == NULL)
|
||||
goto bad_err;
|
||||
|
||||
if (!DH_generate_key(dhA))
|
||||
goto bad_err;
|
||||
|
||||
if (DH_compute_key(Z1, bady, dhA) != -1) {
|
||||
/*
|
||||
* DH_compute_key should fail with -1. If we get here we unexpectedly
|
||||
* allowed an invalid y value
|
||||
*/
|
||||
goto err;
|
||||
}
|
||||
/* We'll have a stale error on the queue from the above test so clear it */
|
||||
ERR_clear_error();
|
||||
|
||||
printf("RFC5114 parameter test %d OK\n", i + 1);
|
||||
|
||||
BN_free(bady);
|
||||
DH_free(dhA);
|
||||
OPENSSL_free(Z1);
|
||||
|
||||
return 1;
|
||||
bad_err:
|
||||
BN_free(bady);
|
||||
DH_free(dhA);
|
||||
DH_free(dhB);
|
||||
OPENSSL_free(Z1);
|
||||
OPENSSL_free(Z2);
|
||||
|
||||
fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
|
||||
ERR_print_errors_fp(stderr);
|
||||
return 0;
|
||||
err:
|
||||
BN_free(bady);
|
||||
DH_free(dhA);
|
||||
DH_free(dhB);
|
||||
OPENSSL_free(Z1);
|
||||
OPENSSL_free(Z2);
|
||||
|
||||
fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
|
||||
return 0;
|
||||
}
|
||||
|
@ -187,9 +187,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
|
||||
goto err;
|
||||
|
||||
ret = DSA_SIG_new();
|
||||
if (ret == NULL)
|
||||
goto err;
|
||||
/*
|
||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
||||
* unlikely.
|
||||
@ -201,11 +198,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
|
||||
}
|
||||
goto redo;
|
||||
}
|
||||
ret = DSA_SIG_new();
|
||||
if (ret == NULL)
|
||||
goto err;
|
||||
ret->r = r;
|
||||
ret->s = s;
|
||||
|
||||
err:
|
||||
if (!ret) {
|
||||
if (ret == NULL) {
|
||||
DSAerr(DSA_F_DSA_DO_SIGN, reason);
|
||||
BN_free(r);
|
||||
BN_free(s);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* dso.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* dso.h */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* dso_dl.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* dso_dlfcn.c */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* dso_lib.c */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$addx = ($1>=12);
|
||||
}
|
||||
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
|
||||
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
|
||||
$avx = ($ver>=3.0) + ($ver>=3.01);
|
||||
$addx = ($ver>=3.03);
|
||||
|
@ -746,6 +746,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
|
||||
goto err;
|
||||
if (!BN_one(&point->Z))
|
||||
goto err;
|
||||
point->Z_is_one = 1;
|
||||
|
||||
ret = 1;
|
||||
|
||||
|
@ -387,6 +387,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
|
||||
|
||||
tx = BN_CTX_get(ctx);
|
||||
ty = BN_CTX_get(ctx);
|
||||
if (ty == NULL)
|
||||
goto err;
|
||||
|
||||
#ifndef OPENSSL_NO_EC2M
|
||||
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
|
||||
|
@ -17,7 +17,7 @@ __attribute((aligned(4096)))
|
||||
#elif defined(_MSC_VER)
|
||||
__declspec(align(4096))
|
||||
#elif defined(__SUNPRO_C)
|
||||
# pragma align 4096(ecp_nistz256_precomputed)
|
||||
# pragma align 64(ecp_nistz256_precomputed)
|
||||
#endif
|
||||
static const BN_ULONG ecp_nistz256_precomputed[37][64 *
|
||||
sizeof(P256_POINT_AFFINE) /
|
||||
|
@ -1591,7 +1591,7 @@ struct nistp_test_params {
|
||||
int degree;
|
||||
/*
|
||||
* Qx, Qy and D are taken from
|
||||
* http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
|
||||
* Otherwise, values are standard curve parameters from FIPS 180-3
|
||||
*/
|
||||
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
|
||||
/* crypto/engine/eng_all.c */
|
||||
/*
|
||||
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
|
||||
* 2000.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/evp/e_camellia.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/evp/e_old.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2004.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/evp/e_seed.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/mem_clr.c */
|
||||
/*
|
||||
* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
|
||||
* 2002.
|
||||
|
@ -56,7 +56,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -105,7 +105,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_dir.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2004.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_dir.h */
|
||||
/*
|
||||
* Copied from Richard Levitte's (richard@levitte.org) LP library. All
|
||||
* symbol names have been changed, with permission from the author.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_dir.h */
|
||||
/*
|
||||
* Copied from Richard Levitte's (richard@levitte.org) LP library. All
|
||||
* symbol names have been changed, with permission from the author.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_str.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_str.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_time.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/o_time.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2001.
|
||||
|
@ -30,11 +30,11 @@ extern "C" {
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000205fL
|
||||
# define OPENSSL_VERSION_NUMBER 0x1000206fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-fips 3 Dec 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-fips 28 Jan 2016"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2e-freebsd 3 Dec 2015"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2f-freebsd 28 Jan 2016"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/rc4/rc4_utl.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
|
||||
/* crypto/rsa/rsa_chk.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
|
||||
if (rsa->meth->rsa_sign) {
|
||||
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
|
||||
}
|
||||
/* Special case: SSL signature, just check the length */
|
||||
@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
||||
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
|
||||
{
|
||||
|
||||
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
|
||||
if (rsa->meth->rsa_verify) {
|
||||
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/seed/seed_cbc.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/seed/seed_cfb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/seed/seed_ecb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/seed/seed_ofb.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
|
@ -58,7 +58,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -107,7 +107,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([2-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -59,7 +59,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -124,7 +124,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
|
||||
$avx = ($1>=10) + ($1>=11);
|
||||
}
|
||||
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
|
||||
$avx = ($2>=3.0) + ($2>3.0);
|
||||
}
|
||||
|
||||
|
@ -157,8 +157,8 @@ int main(int argc, char *argv[])
|
||||
if (err)
|
||||
printf("ERROR: %d\n", err);
|
||||
# endif
|
||||
EXIT(err);
|
||||
EVP_MD_CTX_cleanup(&c);
|
||||
EXIT(err);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/store/store.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/store/str_lib.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/store/str_locl.h */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/store/str_mem.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
|
||||
/* crypto/store/str_meth.c */
|
||||
/*
|
||||
* Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
|
||||
* 2003.
|
||||
|
@ -255,7 +255,8 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
|
||||
|
||||
/* chain is an out argument. */
|
||||
*chain = NULL;
|
||||
X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted);
|
||||
if (!X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted))
|
||||
return 0;
|
||||
X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
|
||||
i = X509_verify_cert(&cert_ctx);
|
||||
if (i <= 0) {
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user