Update upstream source from tag 'upstream/1.1.1-pre6'
Update to upstream version '1.1.1-pre6'
with Debian dir 166404a8d0a288afa7a5b153deb47b5a30f9a8e9
Kurt Roeckx
6 years ago
| 56 | 56 | /test/ssltest_old |
| 57 | 57 | /test/x509aux |
| 58 | 58 | /test/v3ext |
| 59 | /test/versions | |
| 59 | 60 | /test/ossl_shim/ossl_shim |
| 60 | 61 | |
| 61 | 62 | # Certain files that get created by tests on the fly |
| 0 | 0 | dist: trusty |
| 1 | 1 | sudo: required |
| 2 | ||
| 3 | osx_image: xcode9.3 | |
| 2 | 4 | |
| 3 | 5 | language: c |
| 4 | 6 | cache: ccache |
| 30 | 32 | env: |
| 31 | 33 | - CONFIG_OPTS="" DESTDIR="_install" |
| 32 | 34 | - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2" |
| 33 | - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" | |
| 35 | - CONFIG_OPTS="no-asm no-makedepend --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes" | |
| 34 | 36 | |
| 35 | 37 | matrix: |
| 36 | 38 | include: |
| 160 | 162 | else |
| 161 | 163 | make="make"; |
| 162 | 164 | fi |
| 165 | - if [ -n "$GENERATE" ]; then | |
| 166 | make2="$make PERL=no-perl"; | |
| 167 | else | |
| 168 | make2="$make"; | |
| 169 | fi | |
| 163 | 170 | - top=${PWD} |
| 164 | 171 | - if [ -n "$DESTDIR" ]; then |
| 165 | 172 | cd _build; |
| 177 | 184 | echo -e '+\057\057 MAKE DOC-NITS FAILED'; false; |
| 178 | 185 | fi; |
| 179 | 186 | fi |
| 180 | - if $make; then | |
| 181 | echo -e '+\057\057\057 MAKE OK'; | |
| 182 | else | |
| 183 | echo -e '+\057\057\057 MAKE FAILED'; false; | |
| 187 | - if [ -n "$GENERATE" ]; then | |
| 188 | if $make build_all_generated; then | |
| 189 | echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED OK'; | |
| 190 | else | |
| 191 | echo -e '+\057\057\057 MAKE BUILD_ALL_GENERATED FAILED'; false; | |
| 192 | fi; | |
| 193 | fi | |
| 194 | - if $make2; then | |
| 195 | echo -e '+\057\057\057\057 MAKE OK'; | |
| 196 | else | |
| 197 | echo -e '+\057\057\057\057 MAKE FAILED'; false; | |
| 184 | 198 | fi; |
| 185 | 199 | - if [ -z "$BUILDONLY" ]; then |
| 186 | 200 | if [ -n "$CROSS_COMPILE" ]; then |
| 193 | 207 | sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh; |
| 194 | 208 | fi; |
| 195 | 209 | if HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test; then |
| 196 | echo -e '+\057\057\057\057 MAKE TEST OK'; | |
| 197 | else | |
| 198 | echo -e '+\057\057\057\057 MAKE TEST FAILED'; false; | |
| 210 | echo -e '+\057\057\057\057\057 MAKE TEST OK'; | |
| 211 | else | |
| 212 | echo -e '+\057\057\057\057\057 MAKE TEST FAILED'; false; | |
| 199 | 213 | fi; |
| 200 | 214 | else |
| 201 | 215 | if $make build_tests >~/build.log 2>&1; then |
| 202 | echo -e '+\057\057\057\057\057 MAKE BUILD_TESTS OK'; | |
| 203 | else | |
| 204 | echo -e '+\057\057\057\057\057 MAKE BUILD_TESTS FAILED'; | |
| 216 | echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS OK'; | |
| 217 | else | |
| 218 | echo -e '+\057\057\057\057\057\057 MAKE BUILD_TESTS FAILED'; | |
| 205 | 219 | cat ~/build.log |
| 206 | 220 | false; |
| 207 | 221 | fi; |
| 209 | 223 | - if [ -n "$DESTDIR" ]; then |
| 210 | 224 | mkdir "$top/$DESTDIR"; |
| 211 | 225 | if $make install install_docs DESTDIR="$top/$DESTDIR" >~/install.log 2>&1 ; then |
| 212 | echo -e '+\057\057\057\057\057\057 MAKE INSTALL OK'; | |
| 213 | else | |
| 214 | echo -e '+\057\057\057\057\057\057 MAKE INSTALL FAILED'; | |
| 226 | echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL OK'; | |
| 227 | else | |
| 228 | echo -e '+\057\057\057\057\057\057\057 MAKE INSTALL FAILED'; | |
| 215 | 229 | cat ~/install.log; |
| 216 | 230 | false; |
| 217 | 231 | fi; |
| 7 | 7 | release branch. |
| 8 | 8 | |
| 9 | 9 | Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] |
| 10 | ||
| 11 | *) Updated CONTRIBUTING | |
| 12 | [Rich Salz] | |
| 13 | ||
| 14 | *) Updated DRBG / RAND to request nonce and additional low entropy | |
| 15 | randomness from the system. | |
| 16 | [Matthias St. Pierre] | |
| 17 | ||
| 18 | *) Updated 'openssl rehash' to use OpenSSL consistent default. | |
| 19 | [Richard Levitte] | |
| 20 | ||
| 21 | *) Moved the load of the ssl_conf module to libcrypto, which helps | |
| 22 | loading engines that libssl uses before libssl is initialised. | |
| 23 | [Matt Caswell] | |
| 24 | ||
| 25 | *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA | |
| 26 | [Matt Caswell] | |
| 27 | ||
| 28 | *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases. | |
| 29 | [Ingo Schwarze, Rich Salz] | |
| 30 | ||
| 31 | *) Added output of accepting IP address and port for 'openssl s_server' | |
| 32 | [Richard Levitte] | |
| 33 | ||
| 34 | *) Added a new API for TLSv1.3 ciphersuites: | |
| 35 | SSL_CTX_set_ciphersuites() | |
| 36 | SSL_set_ciphersuites() | |
| 37 | [Matt Caswell] | |
| 38 | ||
| 39 | *) Memory allocation failures consistenly add an error to the error | |
| 40 | stack. | |
| 41 | [Rich Salz] | |
| 42 | ||
| 43 | *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values | |
| 44 | in libcrypto when run as setuid/setgid. | |
| 45 | [Bernd Edlinger] | |
| 46 | ||
| 47 | *) Load any config file by default when libssl is used. | |
| 48 | [Matt Caswell] | |
| 10 | 49 | |
| 11 | 50 | *) Added new public header file <openssl/rand_drbg.h> and documentation |
| 12 | 51 | for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. |
| 25 | 64 | below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3. |
| 26 | 65 | In order to avoid issues where legacy TLSv1.2 ciphersuite configuration |
| 27 | 66 | would otherwise inadvertently disable all TLSv1.3 ciphersuites the |
| 28 | configuraton has been separated out. See the ciphers man page or the | |
| 67 | configuration has been separated out. See the ciphers man page or the | |
| 29 | 68 | SSL_CTX_set_ciphersuites() man page for more information. |
| 30 | 69 | [Matt Caswell] |
| 31 | 70 | |
| 293 | 332 | issues, has been replaced to always returns NULL. |
| 294 | 333 | [Rich Salz] |
| 295 | 334 | |
| 296 | Changes between 1.1.0g and 1.1.0h [xx XXX xxxx] | |
| 335 | ||
| 336 | Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] | |
| 337 | ||
| 338 | *) Fixed a text canonicalisation bug in CMS | |
| 339 | ||
| 340 | Where a CMS detached signature is used with text content the text goes | |
| 341 | through a canonicalisation process first prior to signing or verifying a | |
| 342 | signature. This process strips trailing space at the end of lines, converts | |
| 343 | line terminators to CRLF and removes additional trailing line terminators | |
| 344 | at the end of a file. A bug in the canonicalisation process meant that | |
| 345 | some characters, such as form-feed, were incorrectly treated as whitespace | |
| 346 | and removed. This is contrary to the specification (RFC5485). This fix | |
| 347 | could mean that detached text data signed with an earlier version of | |
| 348 | OpenSSL 1.1.0 may fail to verify using the fixed version, or text data | |
| 349 | signed with a fixed OpenSSL may fail to verify with an earlier version of | |
| 350 | OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data | |
| 351 | and use the "-binary" flag (for the "cms" command line application) or set | |
| 352 | the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). | |
| 353 | [Matt Caswell] | |
| 354 | ||
| 355 | Changes between 1.1.0g and 1.1.0h [27 Mar 2018] | |
| 297 | 356 | |
| 298 | 357 | *) Constructed ASN.1 types with a recursive definition could exceed the stack |
| 299 | 358 | |
| 0 | HOW TO CONTRIBUTE PATCHES TO OpenSSL | |
| 1 | ------------------------------------ | |
| 0 | HOW TO CONTRIBUTE TO OpenSSL | |
| 1 | ---------------------------- | |
| 2 | 2 | |
| 3 | 3 | (Please visit https://www.openssl.org/community/getting-started.html for |
| 4 | 4 | other ideas about how to contribute.) |
| 5 | 5 | |
| 6 | Development is coordinated on the openssl-dev mailing list (see the | |
| 7 | above link or https://mta.openssl.org for information on subscribing). | |
| 8 | If you are unsure as to whether a feature will be useful for the general | |
| 9 | OpenSSL community you might want to discuss it on the openssl-dev mailing | |
| 10 | list first. Someone may be already working on the same thing or there | |
| 11 | may be a good reason as to why that feature isn't implemented. | |
| 6 | Development is done on GitHub, https://github.com/openssl/openssl. | |
| 12 | 7 | |
| 13 | To submit a patch, make a pull request on GitHub. If you think the patch | |
| 14 | could use feedback from the community, please start a thread on openssl-dev | |
| 15 | to discuss it. | |
| 8 | To request new features or report bugs, please open an issue on GitHub | |
| 16 | 9 | |
| 17 | Having addressed the following items before the PR will help make the | |
| 18 | acceptance and review process faster: | |
| 10 | To submit a patch, please open a pull request on GitHub. If you are thinking | |
| 11 | of making a large contribution, open an issue for it before starting work, | |
| 12 | to get comments from the community. Someone may be already working on | |
| 13 | the same thing or there may be reasons why that feature isn't implemented. | |
| 19 | 14 | |
| 20 | 1. Anything other than trivial contributions will require a contributor | |
| 21 | licensing agreement, giving us permission to use your code. See | |
| 22 | https://www.openssl.org/policies/cla.html for details. | |
| 15 | To make it easier to review and accept your pull request, please follow these | |
| 16 | guidelines: | |
| 17 | ||
| 18 | 1. Anything other than a trivial contribution requires a Contributor | |
| 19 | License Agreement (CLA), giving us permission to use your code. See | |
| 20 | https://www.openssl.org/policies/cla.html for details. If your | |
| 21 | contribution is too small to require a CLA, put "CLA: trivial" on a | |
| 22 | line by itself in your commit message body. | |
| 23 | 23 | |
| 24 | 24 | 2. All source files should start with the following text (with |
| 25 | 25 | appropriate comment characters at the start of each line and the |
| 33 | 33 | https://www.openssl.org/source/license.html |
| 34 | 34 | |
| 35 | 35 | 3. Patches should be as current as possible; expect to have to rebase |
| 36 | often. We do not accept merge commits; You will be asked to remove | |
| 37 | them before a patch is considered acceptable. | |
| 36 | often. We do not accept merge commits, you will have to remove them | |
| 37 | (usually by rebasing) before it will be acceptable. | |
| 38 | 38 | |
| 39 | 39 | 4. Patches should follow our coding style (see |
| 40 | https://www.openssl.org/policies/codingstyle.html) and compile without | |
| 41 | warnings. Where gcc or clang is available you should use the | |
| 40 | https://www.openssl.org/policies/codingstyle.html) and compile | |
| 41 | without warnings. Where gcc or clang is available you should use the | |
| 42 | 42 | --strict-warnings Configure option. OpenSSL compiles on many varied |
| 43 | platforms: try to ensure you only use portable features. | |
| 44 | Clean builds via Travis and AppVeyor are expected, and done whenever | |
| 45 | a PR is created or updated. | |
| 43 | platforms: try to ensure you only use portable features. Clean builds | |
| 44 | via Travis and AppVeyor are required, and they are started automatically | |
| 45 | whenever a PR is created or updated. | |
| 46 | 46 | |
| 47 | 47 | 5. When at all possible, patches should include tests. These can |
| 48 | 48 | either be added to an existing test, or completely new. Please see |
| 49 | 49 | test/README for information on the test framework. |
| 50 | 50 | |
| 51 | 51 | 6. New features or changed functionality must include |
| 52 | documentation. Please look at the "pod" files in doc/man[1357] | |
| 53 | for examples of our style. | |
| 52 | documentation. Please look at the "pod" files in doc/man[1357] for | |
| 53 | examples of our style. Run "make doc-nits" to make sure that your | |
| 54 | documentation changes are clean. | |
| 33 | 33 | padlock_asm_src => "", |
| 34 | 34 | chacha_asm_src => "chacha_enc.c", |
| 35 | 35 | poly1305_asm_src => "", |
| 36 | keccak1600_asm_src => "keccak1600.c", | |
| 36 | 37 | |
| 37 | 38 | unistd => "<unistd.h>", |
| 38 | 39 | shared_target => "", |
| 225 | 226 | padlock_asm_src => "e_padlock-x86_64.s", |
| 226 | 227 | chacha_asm_src => "chacha-x86_64.s", |
| 227 | 228 | poly1305_asm_src=> "poly1305-x86_64.s", |
| 229 | keccak1600_asm_src => "keccak1600-x86_64.s", | |
| 228 | 230 | }, |
| 229 | 231 | ia64_asm => { |
| 230 | 232 | template => 1, |
| 286 | 288 | modes_asm_src => "ghash-s390x.S", |
| 287 | 289 | chacha_asm_src => "chacha-s390x.S", |
| 288 | 290 | poly1305_asm_src=> "poly1305-s390x.S", |
| 291 | keccak1600_asm_src => "keccak1600-s390x.S", | |
| 289 | 292 | }, |
| 290 | 293 | armv4_asm => { |
| 291 | 294 | template => 1, |
| 297 | 300 | modes_asm_src => "ghash-armv4.S ghashv8-armx.S", |
| 298 | 301 | chacha_asm_src => "chacha-armv4.S", |
| 299 | 302 | poly1305_asm_src=> "poly1305-armv4.S", |
| 303 | keccak1600_asm_src => "keccak1600-armv4.S", | |
| 300 | 304 | perlasm_scheme => "void" |
| 301 | 305 | }, |
| 302 | 306 | aarch64_asm => { |
| 309 | 313 | modes_asm_src => "ghashv8-armx.S", |
| 310 | 314 | chacha_asm_src => "chacha-armv8.S", |
| 311 | 315 | poly1305_asm_src=> "poly1305-armv8.S", |
| 316 | keccak1600_asm_src => "keccak1600-armv8.S", | |
| 312 | 317 | }, |
| 313 | 318 | parisc11_asm => { |
| 314 | 319 | template => 1, |
| 339 | 344 | inherit_from => [ "ppc32_asm" ], |
| 340 | 345 | template => 1, |
| 341 | 346 | ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s", |
| 342 | ||
| 347 | keccak1600_asm_src => "keccak1600-ppc64.s", | |
| 343 | 348 | }, |
| 344 | 349 | ); |
| 451 | 451 | # targets; b) performance-critical 32-bit assembly modules implement |
| 452 | 452 | # even PA-RISC 2.0-specific code paths, which are chosen at run-time, |
| 453 | 453 | # thus adequate performance is provided even with PA-RISC 1.1 build. |
| 454 | "hpux-common" => { | |
| 455 | inherit_from => [ "BASE_unix" ], | |
| 456 | template => 1, | |
| 457 | defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED", | |
| 458 | "_HPUX_ALT_XOPEN_SOCKET_API"), | |
| 459 | lib_cppflags => "-DB_ENDIAN", | |
| 460 | thread_scheme => "pthreads", | |
| 461 | dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds | |
| 462 | shared_target => "hpux-shared", | |
| 463 | }, | |
| 454 | 464 | "hpux-parisc-gcc" => { |
| 455 | inherit_from => [ "BASE_unix" ], | |
| 465 | inherit_from => [ "hpux-common" ], | |
| 456 | 466 | CC => "gcc", |
| 457 | 467 | CFLAGS => picker(debug => "-O0 -g", |
| 458 | 468 | release => "-O3"), |
| 459 | 469 | cflags => add(threads("-pthread")), |
| 460 | lib_cppflags => "-DB_ENDIAN -DBN_DIV2W", | |
| 461 | ex_libs => add("-Wl,+s -ldld", threads("-pthread")), | |
| 462 | bn_ops => "BN_LLONG", | |
| 463 | thread_scheme => "pthreads", | |
| 470 | lib_cppflags => add("-DBN_DIV2W"), | |
| 471 | ex_libs => add("-ldld", threads("-pthread")), | |
| 472 | bn_ops => "BN_LLONG RC4_CHAR", | |
| 464 | 473 | dso_scheme => "dl", |
| 465 | shared_target => "hpux-shared", | |
| 466 | 474 | shared_cflag => "-fPIC", |
| 467 | 475 | shared_ldflag => "-shared", |
| 468 | 476 | shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", |
| 472 | 480 | multilib => "/pa1.1", |
| 473 | 481 | }, |
| 474 | 482 | "hpux64-parisc2-gcc" => { |
| 475 | inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], | |
| 483 | inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], | |
| 476 | 484 | CC => "gcc", |
| 477 | 485 | CFLAGS => combine(picker(debug => "-O0 -g", |
| 478 | 486 | release => "-O3")), |
| 479 | cppflags => threads("-D_REENTRANT"), | |
| 480 | lib_cppflags => "-DB_ENDIAN", | |
| 481 | ex_libs => add("-ldl"), | |
| 487 | cflags => add(threads("-pthread")), | |
| 488 | ex_libs => add("-ldl", threads("-pthread")), | |
| 482 | 489 | bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", |
| 483 | thread_scheme => "pthreads", | |
| 484 | dso_scheme => "dlfcn", | |
| 485 | shared_target => "hpux-shared", | |
| 486 | 490 | shared_cflag => "-fpic", |
| 487 | 491 | shared_ldflag => "-shared", |
| 488 | 492 | shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", |
| 491 | 495 | |
| 492 | 496 | # More attempts at unified 10.X and 11.X targets for HP C compiler. |
| 493 | 497 | "hpux-parisc-cc" => { |
| 494 | inherit_from => [ "BASE_unix" ], | |
| 498 | inherit_from => [ "hpux-common" ], | |
| 495 | 499 | CC => "cc", |
| 496 | 500 | CFLAGS => picker(debug => "+O0 +d -g", |
| 497 | 501 | release => "+O3"), |
| 498 | 502 | cflags => "+Optrs_strongly_typed -Ae +ESlit", |
| 499 | 503 | cppflags => threads("-D_REENTRANT"), |
| 500 | lib_cppflags => "-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", | |
| 501 | ex_libs => add("-Wl,+s -ldld",threads("-lpthread")), | |
| 504 | lib_cppflags => add("-DBN_DIV2W -DMD32_XARRAY"), | |
| 505 | ex_libs => add("-ldld", threads("-lpthread")), | |
| 502 | 506 | bn_ops => "RC4_CHAR", |
| 503 | thread_scheme => "pthreads", | |
| 504 | 507 | dso_scheme => "dl", |
| 505 | shared_target => "hpux-shared", | |
| 506 | 508 | shared_cflag => "+Z", |
| 507 | 509 | shared_ldflag => "-b", |
| 508 | 510 | shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", |
| 513 | 515 | multilib => "/pa1.1", |
| 514 | 516 | }, |
| 515 | 517 | "hpux64-parisc2-cc" => { |
| 516 | inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], | |
| 518 | inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], | |
| 517 | 519 | CC => "cc", |
| 518 | 520 | CFLAGS => picker(debug => "+O0 +d -g", |
| 519 | 521 | release => "+O3") , |
| 520 | 522 | cflags => "+DD64 +Optrs_strongly_typed -Ae +ESlit", |
| 521 | 523 | cppflags => threads("-D_REENTRANT") , |
| 522 | lib_cppflags => "-DB_ENDIAN -DMD32_XARRAY", | |
| 523 | ex_libs => add("-ldl",threads("-lpthread")), | |
| 524 | lib_cppflags => add("-DMD32_XARRAY"), | |
| 525 | ex_libs => add("-ldl", threads("-lpthread")), | |
| 524 | 526 | bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", |
| 525 | thread_scheme => "pthreads", | |
| 526 | dso_scheme => "dlfcn", | |
| 527 | shared_target => "hpux-shared", | |
| 528 | 527 | shared_cflag => "+Z", |
| 529 | 528 | shared_ldflag => "-b", |
| 530 | 529 | shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", |
| 533 | 532 | |
| 534 | 533 | # HP/UX IA-64 targets |
| 535 | 534 | "hpux-ia64-cc" => { |
| 536 | inherit_from => [ "BASE_unix", asm("ia64_asm") ], | |
| 535 | inherit_from => [ "hpux-common", asm("ia64_asm") ], | |
| 537 | 536 | CC => "cc", |
| 538 | 537 | CFLAGS => picker(debug => "+O0 +d -g", |
| 539 | 538 | release => "+O2"), |
| 540 | 539 | cflags => "-Ae +DD32 +Olit=all -z", |
| 541 | 540 | cppflags => add(threads("-D_REENTRANT")), |
| 542 | lib_cppflags => "-DB_ENDIAN", | |
| 543 | ex_libs => add("-ldl",threads("-lpthread")), | |
| 541 | ex_libs => add("-ldl", threads("-lpthread")), | |
| 544 | 542 | bn_ops => "SIXTY_FOUR_BIT", |
| 545 | thread_scheme => "pthreads", | |
| 546 | dso_scheme => "dlfcn", | |
| 547 | shared_target => "hpux-shared", | |
| 548 | 543 | shared_cflag => "+Z", |
| 549 | 544 | shared_ldflag => "-b", |
| 550 | 545 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", |
| 551 | 546 | multilib => "/hpux32", |
| 552 | 547 | }, |
| 553 | 548 | "hpux64-ia64-cc" => { |
| 554 | inherit_from => [ "BASE_unix", asm("ia64_asm") ], | |
| 549 | inherit_from => [ "hpux-common", asm("ia64_asm") ], | |
| 555 | 550 | CC => "cc", |
| 556 | 551 | CFLAGS => picker(debug => "+O0 +d -g", |
| 557 | 552 | release => "+O3"), |
| 558 | 553 | cflags => "-Ae +DD64 +Olit=all -z", |
| 559 | 554 | cppflags => threads("-D_REENTRANT"), |
| 560 | lib_cppflags => "-DB_ENDIAN", | |
| 561 | 555 | ex_libs => add("-ldl", threads("-lpthread")), |
| 562 | 556 | bn_ops => "SIXTY_FOUR_BIT_LONG", |
| 563 | thread_scheme => "pthreads", | |
| 564 | dso_scheme => "dlfcn", | |
| 565 | shared_target => "hpux-shared", | |
| 566 | 557 | shared_cflag => "+Z", |
| 567 | 558 | shared_ldflag => "-b", |
| 568 | 559 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", |
| 570 | 561 | }, |
| 571 | 562 | # GCC builds... |
| 572 | 563 | "hpux-ia64-gcc" => { |
| 573 | inherit_from => [ "BASE_unix", asm("ia64_asm") ], | |
| 564 | inherit_from => [ "hpux-common", asm("ia64_asm") ], | |
| 574 | 565 | CC => "gcc", |
| 575 | 566 | CFLAGS => picker(debug => "-O0 -g", |
| 576 | 567 | release => "-O3"), |
| 577 | 568 | cflags => add(threads("-pthread")), |
| 578 | lib_cppflags => "-DB_ENDIAN", | |
| 579 | 569 | ex_libs => add("-ldl", threads("-pthread")), |
| 580 | 570 | bn_ops => "SIXTY_FOUR_BIT", |
| 581 | thread_scheme => "pthreads", | |
| 582 | dso_scheme => "dlfcn", | |
| 583 | shared_target => "hpux-shared", | |
| 584 | 571 | shared_cflag => "-fpic", |
| 585 | 572 | shared_ldflag => "-shared", |
| 586 | 573 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", |
| 587 | 574 | multilib => "/hpux32", |
| 588 | 575 | }, |
| 589 | 576 | "hpux64-ia64-gcc" => { |
| 590 | inherit_from => [ "BASE_unix", asm("ia64_asm") ], | |
| 577 | inherit_from => [ "hpux-common", asm("ia64_asm") ], | |
| 591 | 578 | CC => "gcc", |
| 592 | 579 | CFLAGS => picker(debug => "-O0 -g", |
| 593 | 580 | release => "-O3"), |
| 594 | 581 | cflags => combine("-mlp64", threads("-pthread")), |
| 595 | lib_cppflags => "-DB_ENDIAN", | |
| 596 | 582 | ex_libs => add("-ldl", threads("-pthread")), |
| 597 | 583 | bn_ops => "SIXTY_FOUR_BIT_LONG", |
| 598 | thread_scheme => "pthreads", | |
| 599 | dso_scheme => "dlfcn", | |
| 600 | shared_target => "hpux-shared", | |
| 601 | 584 | shared_cflag => "-fpic", |
| 602 | 585 | shared_ldflag => "-shared", |
| 603 | 586 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", |
| 1608 | 1591 | inherit_from => [ "darwin-common" ], |
| 1609 | 1592 | cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), |
| 1610 | 1593 | sys_id => "iOS", |
| 1594 | disable => [ "engine" ], | |
| 1611 | 1595 | }, |
| 1612 | 1596 | "ios-cross" => { |
| 1613 | 1597 | inherit_from => [ "darwin-common", asm("armv4_asm") ], |
| 1617 | 1601 | cflags => add("-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), |
| 1618 | 1602 | sys_id => "iOS", |
| 1619 | 1603 | perlasm_scheme => "ios32", |
| 1604 | disable => [ "engine" ], | |
| 1620 | 1605 | }, |
| 1621 | 1606 | "ios64-cross" => { |
| 1622 | 1607 | inherit_from => [ "darwin-common", asm("aarch64_asm") ], |
| 1624 | 1609 | sys_id => "iOS", |
| 1625 | 1610 | bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", |
| 1626 | 1611 | perlasm_scheme => "ios64", |
| 1612 | disable => [ "engine" ], | |
| 1627 | 1613 | }, |
| 1628 | 1614 | |
| 1629 | 1615 | ##### GNU Hurd |
| 131 | 131 | cxxflags => add(sub { android_ndk()->{cflags} }), |
| 132 | 132 | bn_ops => sub { android_ndk()->{bn_ops} }, |
| 133 | 133 | bin_cflags => "-pie", |
| 134 | enable => [ ], | |
| 134 | 135 | }, |
| 135 | 136 | "android-arm" => { |
| 136 | 137 | ################################################################ |
| 3 | 3 | # Mobile[?] Windows editions. It's a set up "umbrella" libraries that |
| 4 | 4 | # export subset of Win32 API that are common to all Windows 10 devices. |
| 5 | 5 | # |
| 6 | # TODO: drop onecore_downlevel.lib. | |
| 6 | # OneCore Configuration temporarly dedicated for console applications | |
| 7 | # due to disabled event logging, which is incompatible with one core. | |
| 8 | # Error messages are provided via standard error only. | |
| 9 | # TODO: extend error handling to use ETW based eventing | |
| 10 | # (Or rework whole error messaging) | |
| 7 | 11 | |
| 8 | 12 | my %targets = ( |
| 9 | 13 | "VC-WIN32-ONECORE" => { |
| 12 | 16 | # hidden reference to kernel32.lib, but we don't actually want |
| 13 | 17 | # it in "onecore" build. |
| 14 | 18 | lflags => add("/NODEFAULTLIB:kernel32.lib"), |
| 15 | ex_libs => "onecore.lib onecore_downlevel.lib", | |
| 19 | defines => add("OPENSSL_SYS_WIN_CORE"), | |
| 20 | ex_libs => "onecore.lib", | |
| 16 | 21 | }, |
| 17 | 22 | "VC-WIN64A-ONECORE" => { |
| 18 | 23 | inherit_from => [ "VC-WIN64A" ], |
| 19 | 24 | lflags => add("/NODEFAULTLIB:kernel32.lib"), |
| 20 | ex_libs => "onecore.lib onecore_downlevel.lib", | |
| 25 | defines => add("OPENSSL_SYS_WIN_CORE"), | |
| 26 | ex_libs => "onecore.lib", | |
| 21 | 27 | }, |
| 22 | 28 | |
| 23 | 29 | # Windows on ARM targets. ARM compilers are additional components in |
| 38 | 44 | |
| 39 | 45 | "VC-WIN32-ARM" => { |
| 40 | 46 | inherit_from => [ "VC-noCE-common" ], |
| 41 | defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE"), | |
| 47 | defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", | |
| 48 | "OPENSSL_SYS_WIN_CORE"), | |
| 42 | 49 | bn_ops => "BN_LLONG RC4_CHAR EXPORT_VAR_AS_FN", |
| 43 | 50 | lflags => add("/NODEFAULTLIB:kernel32.lib"), |
| 44 | ex_libs => "onecore.lib onecore_downlevel.lib", | |
| 51 | ex_libs => "onecore.lib", | |
| 45 | 52 | multilib => "-arm", |
| 46 | 53 | }, |
| 47 | 54 | "VC-WIN64-ARM" => { |
| 48 | 55 | inherit_from => [ "VC-noCE-common" ], |
| 49 | defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE"), | |
| 56 | defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", | |
| 57 | "OPENSSL_SYS_WIN_CORE"), | |
| 50 | 58 | bn_ops => "SIXTY_FOUR_BIT RC4_CHAR EXPORT_VAR_AS_FN", |
| 51 | 59 | lflags => add("/NODEFAULTLIB:kernel32.lib"), |
| 52 | ex_libs => "onecore.lib onecore_downlevel.lib", | |
| 60 | ex_libs => "onecore.lib", | |
| 53 | 61 | multilib => "-arm64", |
| 54 | 62 | }, |
| 55 | 63 | ); |
| 0 | ## -*- mode: perl; -*- | |
| 1 | ## Build configuration targets for openssl-team members | |
| 2 | ||
| 3 | my %targets = ( | |
| 4 | "purify" => { | |
| 5 | inherit_from => [ 'BASE_unix' ], | |
| 6 | cc => "purify gcc", | |
| 7 | CFLAGS => "-g -Wall", | |
| 8 | thread_scheme => "(unknown)", | |
| 9 | ex_libs => add(" ","-lsocket -lnsl"), | |
| 10 | }, | |
| 11 | "debug" => { | |
| 12 | inherit_from => [ 'BASE_unix' ], | |
| 13 | cc => "gcc", | |
| 14 | cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror", | |
| 15 | thread_scheme => "(unknown)", | |
| 16 | }, | |
| 17 | "debug-erbridge" => { | |
| 18 | inherit_from => [ 'BASE_unix', "x86_64_asm" ], | |
| 19 | cc => "gcc", | |
| 20 | cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g", | |
| 21 | threads("-D_REENTRANT")), | |
| 22 | ex_libs => add(" ","-ldl"), | |
| 23 | bn_ops => "SIXTY_FOUR_BIT_LONG", | |
| 24 | thread_scheme => "pthreads", | |
| 25 | perlasm_scheme => "elf", | |
| 26 | dso_scheme => "dlfcn", | |
| 27 | shared_target => "linux-shared", | |
| 28 | shared_cflag => "-fPIC", | |
| 29 | shared_ldflag => "-m64", | |
| 30 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | |
| 31 | multilib => "64", | |
| 32 | }, | |
| 33 | "debug-linux-pentium" => { | |
| 34 | inherit_from => [ 'BASE_unix', "x86_elf_asm" ], | |
| 35 | cc => "gcc", | |
| 36 | cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall", | |
| 37 | threads("-D_REENTRANT")), | |
| 38 | ex_libs => add(" ","-ldl"), | |
| 39 | bn_ops => "BN_LLONG", | |
| 40 | thread_scheme => "pthreads", | |
| 41 | dso_scheme => "dlfcn", | |
| 42 | }, | |
| 43 | "debug-linux-ppro" => { | |
| 44 | inherit_from => [ 'BASE_unix', "x86_elf_asm" ], | |
| 45 | cc => "gcc", | |
| 46 | cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall", | |
| 47 | threads("-D_REENTRANT")), | |
| 48 | ex_libs => add(" ","-ldl"), | |
| 49 | bn_ops => "BN_LLONG", | |
| 50 | thread_scheme => "pthreads", | |
| 51 | dso_scheme => "dlfcn", | |
| 52 | }, | |
| 53 | "debug-linux-ia32-aes" => { | |
| 54 | inherit_from => [ 'BASE_unix' ], | |
| 55 | cc => "gcc", | |
| 56 | cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", | |
| 57 | threads("-D_REENTRANT")), | |
| 58 | ex_libs => add(" ","-ldl"), | |
| 59 | bn_ops => "BN_LLONG", | |
| 60 | cpuid_asm_src => "x86cpuid.s", | |
| 61 | bn_asm_src => "bn-586.s co-586.s x86-mont.s", | |
| 62 | des_asm_src => "des-586.s crypt586.s", | |
| 63 | aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s", | |
| 64 | bf_asm_src => "bf-586.s", | |
| 65 | md5_asm_src => "md5-586.s", | |
| 66 | sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s", | |
| 67 | cast_asm_src => "cast-586.s", | |
| 68 | rc4_asm_src => "rc4-586.s", | |
| 69 | rmd160_asm_src => "rmd-586.s", | |
| 70 | rc5_asm_src => "rc5-586.s", | |
| 71 | wp_asm_src => "wp_block.s wp-mmx.s", | |
| 72 | modes_asm_src => "ghash-x86.s", | |
| 73 | padlock_asm_src => "e_padlock-x86.s", | |
| 74 | thread_scheme => "pthreads", | |
| 75 | perlasm_scheme => "elf", | |
| 76 | dso_scheme => "dlfcn", | |
| 77 | shared_target => "linux-shared", | |
| 78 | shared_cflag => "-fPIC", | |
| 79 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | |
| 80 | }, | |
| 81 | "dist" => { | |
| 82 | inherit_from => [ 'BASE_unix' ], | |
| 83 | CC => "cc", | |
| 84 | CFLAGS => "-O", | |
| 85 | thread_scheme => "(unknown)", | |
| 86 | }, | |
| 87 | "debug-test-64-clang" => { | |
| 88 | inherit_from => [ 'BASE_unix', "x86_64_asm" ], | |
| 89 | cc => "clang", | |
| 90 | cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", | |
| 91 | threads("${BSDthreads}")), | |
| 92 | bn_ops => "SIXTY_FOUR_BIT_LONG", | |
| 93 | thread_scheme => "pthreads", | |
| 94 | perlasm_scheme => "elf", | |
| 95 | dso_scheme => "dlfcn", | |
| 96 | shared_target => "bsd-gcc-shared", | |
| 97 | shared_cflag => "-fPIC", | |
| 98 | shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | |
| 99 | }, | |
| 100 | "darwin64-debug-test-64-clang" => { | |
| 101 | inherit_from => [ 'BASE_unix', "x86_64_asm" ], | |
| 102 | cc => "clang", | |
| 103 | cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", | |
| 104 | threads("${BSDthreads}")), | |
| 105 | sys_id => "MACOSX", | |
| 106 | bn_ops => "SIXTY_FOUR_BIT_LONG", | |
| 107 | thread_scheme => "pthreads", | |
| 108 | perlasm_scheme => "macosx", | |
| 109 | dso_scheme => "dlfcn", | |
| 110 | shared_target => "darwin-shared", | |
| 111 | shared_cflag => "-fPIC -fno-common", | |
| 112 | shared_ldflag => "-arch x86_64 -dynamiclib", | |
| 113 | shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib", | |
| 114 | }, | |
| 115 | ); |
| 164 | 164 | that use dlopen() et al but do not have |
| 165 | 165 | fcntl.h), "DL" (shl_load() et al), "WIN32" |
| 166 | 166 | and "VMS". |
| 167 | perlasm_scheme => The perlasm method used to created the | |
| 167 | perlasm_scheme => The perlasm method used to create the | |
| 168 | 168 | assembler files used when compiling with |
| 169 | 169 | assembler implementations. |
| 170 | 170 | shared_target => The shared library building method used. |
| 428 | 428 | |
| 429 | 429 | This should be rarely used, and care should be taken to make sure it's |
| 430 | 430 | only used when supported. For example, native Windows build doesn't |
| 431 | support build static libraries and DLLs at the same time, so using | |
| 431 | support building static libraries and DLLs at the same time, so using | |
| 432 | 432 | static libraries on Windows can only be done when configured |
| 433 | 433 | 'no-shared'. |
| 434 | 434 | |
| 444 | 444 | |
| 445 | 445 | RENAME[libfoo]=libbar |
| 446 | 446 | |
| 447 | That lines has "libfoo" get renamed to "libbar". While it makes no | |
| 447 | That line has "libfoo" renamed to "libbar". While it makes no | |
| 448 | 448 | sense at all to just have a rename like that (why not just use |
| 449 | 449 | "libbar" everywhere?), it does make sense when it can be used |
| 450 | 450 | conditionally. See a little further below for an example. |
| 0 | {- # -*- Mode: perl -*- | |
| 1 | ||
| 2 | # Commonly used list of generated files | |
| 3 | # The reason for the complexity is that the build.info files provide | |
| 4 | # GENERATE rules for *all* platforms without discrimination, while the | |
| 5 | # build files only want those for a particular build. Therefore, we | |
| 6 | # need to extrapolate exactly what we need to generate. The way to do | |
| 7 | # that is to extract all possible source files from diverse tables and | |
| 8 | # filter out all that are not generated | |
| 9 | my %generatables = | |
| 10 | map { $_ => 1 } | |
| 11 | ( # The sources of stuff may be generated | |
| 12 | ( map { @{$unified_info{sources}->{$_}} } | |
| 13 | keys %{$unified_info{sources}} ), | |
| 14 | $disabled{shared} | |
| 15 | ? () | |
| 16 | : ( map { @{$unified_info{shared_sources}->{$_}} } | |
| 17 | keys %{$unified_info{shared_sources}} ), | |
| 18 | # Things we explicitely depend on are usually generated | |
| 19 | ( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} } | |
| 20 | keys %{$unified_info{depends}} )); | |
| 21 | our @generated = | |
| 22 | sort ( ( grep { defined $unified_info{generate}->{$_} } | |
| 23 | sort keys %generatables ), | |
| 24 | # Scripts are assumed to be generated, so add thhem too | |
| 25 | ( grep { defined $unified_info{sources}->{$_} } | |
| 26 | @{$unified_info{scripts}} ) ); | |
| 27 | ||
| 28 | # Avoid strange output | |
| 29 | ""; | |
| 30 | -} |
| 54 | 54 | our @install_shlibs = |
| 55 | 55 | map { $unified_info{sharednames}->{$_} || () } |
| 56 | 56 | grep(!/\.a$/, @{$unified_info{install}->{libraries}}); |
| 57 | our @generated = ( ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x } | |
| 58 | grep { defined $unified_info{generate}->{$_} } | |
| 59 | map { @{$unified_info{sources}->{$_}} } | |
| 60 | grep { /\.o$/ } keys %{$unified_info{sources}} ), | |
| 61 | ( grep { /\.h$/ } keys %{$unified_info{generate}} ) ); | |
| 62 | 57 | |
| 63 | 58 | # This is a horrible hack, but is needed because recursive inclusion of files |
| 64 | 59 | # in different directories does not work well with HP C. |
| 135 | 130 | join(", ", map { "-\n\t".$_ } @deps); -} |
| 136 | 131 | {- output_on() if $disabled{makedepend}; "" -} |
| 137 | 132 | GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -} |
| 138 | GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -} | |
| 133 | GENERATED={- # common0.tmpl provides @generated | |
| 134 | join(", ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; "-\n\t".$x } | |
| 135 | @generated) -} | |
| 139 | 136 | |
| 140 | 137 | INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -} |
| 141 | 138 | INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -} |
| 417 | 414 | # Convenience target to prebuild all generated files, not just the mandatory |
| 418 | 415 | # ones |
| 419 | 416 | build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) |
| 417 | @ ! {- output_off() if $disabled{makedepend}; "" -} | |
| 418 | @ WRITE SYS$OUTPUT "Warning: consider configuring with no-makedepend, because if" | |
| 419 | @ WRITE SYS$OUTPUT " target system doesn't have $(PERL)," | |
| 420 | @ WRITE SYS$OUTPUT " then make will fail..." | |
| 421 | @ ! {- output_on() if $disabled{makedepend}; "" -} | |
| 420 | 422 | |
| 421 | 423 | test : tests |
| 422 | 424 | {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep |
| 488 | 490 | {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -} |
| 489 | 491 | {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -} |
| 490 | 492 | {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -} |
| 493 | {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -} | |
| 491 | 494 | {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -} |
| 492 | 495 | - DELETE [...]*.MAP;* |
| 493 | 496 | - DELETE [...]*.D;* |
| 0 | ## -*- mode: perl; -*- | |
| 1 | ## Build configuration targets for openssl-team members | |
| 2 | ||
| 3 | # This is to support 'make dist' | |
| 4 | my %targets = ( | |
| 5 | "dist" => { | |
| 6 | inherit_from => [ 'BASE_unix' ], | |
| 7 | CC => "cc", | |
| 8 | CFLAGS => "-O", | |
| 9 | thread_scheme => "(unknown)", | |
| 10 | }, | |
| 11 | ); |
| 105 | 105 | grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } |
| 106 | 106 | keys %{$unified_info{sources}}); -} |
| 107 | 107 | {- output_on() if $disabled{makedepend}; "" -} |
| 108 | GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} | |
| 109 | GENERATED={- join(" ", | |
| 110 | ( grep { defined $unified_info{generate}->{$_} } | |
| 111 | map { @{$unified_info{sources}->{$_}} } | |
| 112 | grep { /\.(?:o|res)$/ } keys %{$unified_info{sources}} ), | |
| 113 | ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} | |
| 108 | GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}}) -} | |
| 109 | GENERATED={- # common0.tmpl provides @generated | |
| 110 | join(" ", @generated ) -} | |
| 114 | 111 | |
| 115 | 112 | INSTALL_LIBS={- join(" ", map { lib($_) } @{$unified_info{install}->{libraries}}) -} |
| 116 | 113 | INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} |
| 355 | 352 | # Convenience target to prebuild all generated files, not just the mandatory |
| 356 | 353 | # ones |
| 357 | 354 | build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) |
| 355 | @ : {- output_off() if $disabled{makedepend}; "" -} | |
| 356 | @echo "Warning: consider configuring with no-makedepend, because if" | |
| 357 | @echo " target system doesn't have $(PERL)," | |
| 358 | @echo " then make will fail..." | |
| 359 | @ : {- output_on() if $disabled{makedepend}; "" -} | |
| 358 | 360 | |
| 359 | 361 | test: tests |
| 360 | 362 | {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils |
| 366 | 368 | RESULT_D=test-runs \ |
| 367 | 369 | PERL="$(PERL)" \ |
| 368 | 370 | EXE_EXT={- $exeext -} \ |
| 369 | OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \ | |
| 371 | OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \ | |
| 370 | 372 | OPENSSL_DEBUG_MEMORY=on \ |
| 371 | 373 | $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) |
| 372 | 374 | @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} |
| 387 | 389 | |
| 388 | 390 | libclean: |
| 389 | 391 | @set -e; for s in $(SHLIB_INFO); do \ |
| 392 | if [ "$$s" = ";" ]; then continue; fi; \ | |
| 390 | 393 | s1=`echo "$$s" | cut -f1 -d";"`; \ |
| 391 | 394 | s2=`echo "$$s" | cut -f2 -d";"`; \ |
| 392 | $(ECHO) $(RM) $$s1; \ | |
| 395 | $(ECHO) $(RM) $$s1; {- output_off() unless windowsdll(); "" -}\ | |
| 396 | $(RM) apps/$$s1; \ | |
| 397 | $(RM) test/$$s1; \ | |
| 398 | $(RM) fuzz/$$s1; {- output_on() unless windowsdll(); "" -}\ | |
| 393 | 399 | $(RM) $$s1; \ |
| 394 | 400 | if [ "$$s1" != "$$s2" ]; then \ |
| 395 | 401 | $(ECHO) $(RM) $$s2; \ |
| 401 | 407 | |
| 402 | 408 | clean: libclean |
| 403 | 409 | $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) |
| 404 | $(RM) $(GENERATED) | |
| 410 | $(RM) $(GENERATED_MANDATORY) $(GENERATED) | |
| 405 | 411 | -$(RM) `find . -name '*{- $depext -}' -a \! -path "./.git/*"` |
| 406 | 412 | -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"` |
| 407 | 413 | $(RM) core |
| 790 | 796 | mkdir -p $$TMPDIR/$$DISTDIR; \ |
| 791 | 797 | (cd $(SRCDIR); \ |
| 792 | 798 | excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \ |
| 793 | excl_re="^(fuzz/corpora|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \ | |
| 799 | excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \ | |
| 794 | 800 | echo "$$excl_re"; \ |
| 795 | 801 | git ls-tree -r --name-only --full-tree HEAD \ |
| 796 | 802 | | egrep -v "$$excl_re" \ |
| 953 | 959 | } |
| 954 | 960 | return <<"EOF"; |
| 955 | 961 | $args{src}: $args{generator}->[0] $deps |
| 956 | \$(CPP) $incs $cppflags $args{generator}->[0] | \\ | |
| 962 | \$(CC) $incs $cppflags -E $args{generator}->[0] | \\ | |
| 957 | 963 | \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ |
| 958 | 964 | EOF |
| 959 | 965 | } |
| 976 | 982 | $cmd = '$(RC)'; |
| 977 | 983 | $cmdflags = '$(RCFLAGS)'; |
| 978 | 984 | $cmdcompile = ''; |
| 979 | $makedepprog = undef; | |
| 980 | 985 | } elsif (grep /\.(cc|cpp)$/, @srcs) { |
| 981 | 986 | $cmd = '$(CXX)'; |
| 982 | 987 | $cmdcompile = ' -c'; |
| 1002 | 1007 | $cmd $cmdflags -c -o \$\@ $srcs |
| 1003 | 1008 | EOF |
| 1004 | 1009 | } elsif (grep /\.S$/, @srcs) { |
| 1005 | # In case one wonders why not just $(CC) -c file.S. While it | |
| 1006 | # does work with contemporary compilers, there are some legacy | |
| 1007 | # ones that get it wrong. Hence the elaborate scheme... We | |
| 1008 | # don't care to maintain dependecy lists, because dependency | |
| 1009 | # is rather weak, at most one header file that lists constants | |
| 1010 | # which are assigned in ascending order. | |
| 1010 | # Originally there was mutli-step rule with $(CC) -E file.S | |
| 1011 | # followed by $(CC) -c file.s. It compensated for one of | |
| 1012 | # legacy platform compiler's inability to handle .S files. | |
| 1013 | # The platform is long discontinued by vendor so there is | |
| 1014 | # hardly a point to drag it along... | |
| 1011 | 1015 | $recipe .= <<"EOF"; |
| 1012 | 1016 | $obj$objext: $deps |
| 1013 | ( trap "rm -f \$@.*" INT 0; \\ | |
| 1014 | \$(CPP) $incs $cmdflags $srcs | \\ | |
| 1015 | \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\ | |
| 1016 | $cmd $cmdflags -c -o \$\@ \$@.s ) | |
| 1017 | EOF | |
| 1018 | } elsif (defined $makedepprog && $makedepprog !~ /\/makedepend/) { | |
| 1017 | $cmd $incs $cmdflags -c -o \$\@ $srcs | |
| 1018 | EOF | |
| 1019 | } elsif (defined $makedepprog && $makedepprog !~ /\/makedepend/ | |
| 1020 | && !grep /\.rc$/, @srcs) { | |
| 1019 | 1021 | $recipe .= <<"EOF"; |
| 1020 | 1022 | $obj$objext: $deps |
| 1021 | 1023 | $cmd $incs $cmdflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs |
| 87 | 87 | keys %{$unified_info{sources}}); -} |
| 88 | 88 | {- output_on() if $disabled{makedepend}; "" -} |
| 89 | 89 | GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} |
| 90 | GENERATED={- join(" ", | |
| 91 | ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x } | |
| 92 | grep { defined $unified_info{generate}->{$_} } | |
| 93 | map { @{$unified_info{sources}->{$_}} } | |
| 94 | grep { /\.o$/ } keys %{$unified_info{sources}} ), | |
| 95 | ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} | |
| 90 | GENERATED={- # common0.tmpl provides @generated | |
| 91 | join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x } | |
| 92 | @generated) -} | |
| 96 | 93 | |
| 97 | 94 | INSTALL_LIBS={- join(" ", map { lib($_) } @{$unified_info{install}->{libraries}}) -} |
| 98 | 95 | INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} |
| 321 | 318 | # Convenience target to prebuild all generated files, not just the mandatory |
| 322 | 319 | # ones |
| 323 | 320 | build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) |
| 321 | @rem {- output_off() if $disabled{makedepend}; "" -} | |
| 322 | @echo "Warning: consider configuring with no-makedepend, because if" | |
| 323 | @echo " target system doesn't have $(PERL)," | |
| 324 | @echo " then make will fail..." | |
| 325 | @rem {- output_on() if $disabled{makedepend}; "" -} | |
| 324 | 326 | |
| 325 | 327 | test: tests |
| 326 | 328 | {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep |
| 357 | 359 | {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} |
| 358 | 360 | -del /Q /F $(ENGINES) |
| 359 | 361 | -del /Q /F $(SCRIPTS) |
| 362 | -del /Q /F $(GENERATED_MANDATORY) | |
| 360 | 363 | -del /Q /F $(GENERATED) |
| 361 | 364 | -del /Q /S /F *.d *.obj *.pdb *.exp *.ilk *.manifest |
| 362 | 365 | -del /Q /S /F engines\*.lib |
| 363 | 366 | -del /Q /S /F apps\*.lib apps\*.rc apps\*.res |
| 367 | -rmdir /Q /S test\test-runs | |
| 364 | 368 | |
| 365 | 369 | distclean: clean |
| 366 | 370 | -del /Q /F configdata.pm |
| 581 | 585 | return <<"EOF"; |
| 582 | 586 | $obj$objext: $deps |
| 583 | 587 | \$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs |
| 588 | EOF | |
| 589 | } elsif ($srcs[0] =~ /.S$/) { | |
| 590 | return <<"EOF"; | |
| 591 | $obj$objext: $deps | |
| 592 | \$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm | |
| 584 | 593 | EOF |
| 585 | 594 | } |
| 586 | 595 | return <<"EOF" if (!$disabled{makedepend}); |
| 324 | 324 | "async", |
| 325 | 325 | "autoalginit", |
| 326 | 326 | "autoerrinit", |
| 327 | "autoload-config", | |
| 327 | 328 | "bf", |
| 328 | 329 | "blake2", |
| 329 | 330 | "camellia", |
| 425 | 426 | # All of the following are disabled by default: |
| 426 | 427 | |
| 427 | 428 | our %disabled = ( # "what" => "comment" |
| 428 | "asan" => "default", | |
| 429 | "asan" => "default", | |
| 429 | 430 | "crypto-mdebug" => "default", |
| 430 | 431 | "crypto-mdebug-backtrace" => "default", |
| 431 | 432 | "devcryptoeng" => "default", |
| 1357 | 1358 | push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); |
| 1358 | 1359 | push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); |
| 1359 | 1360 | } |
| 1361 | if ($target{keccak1600_asm_src} ne $table{DEFAULTS}->{keccak1600_asm_src}) { | |
| 1362 | push @{$config{lib_defines}}, "KECCAK1600_ASM"; | |
| 1363 | } | |
| 1360 | 1364 | if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) { |
| 1361 | 1365 | push @{$config{lib_defines}}, "RC4_ASM"; |
| 1362 | 1366 | } |
| 1629 | 1633 | die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; |
| 1630 | 1634 | } |
| 1631 | 1635 | $config{build_file_templates} |
| 1632 | = [ $build_file_template, | |
| 1636 | = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), | |
| 1637 | $blddir), | |
| 1638 | $build_file_template, | |
| 1633 | 1639 | cleanfile($srcdir, catfile("Configurations", "common.tmpl"), |
| 1634 | 1640 | $blddir) ]; |
| 1635 | 1641 | |
| 223 | 223 | os: Use a trusted operating system entropy source. |
| 224 | 224 | This is the default method if such an entropy |
| 225 | 225 | source exists. |
| 226 | getrandom: Use the L<getrandom(2)> system call if available. | |
| 226 | getrandom: Use the L<getrandom(2)> or equivalent system | |
| 227 | call. | |
| 227 | 228 | devrandom: Use the the first device from the DEVRANDOM list |
| 228 | 229 | which can be opened to read random bytes. The |
| 229 | 230 | DEVRANDOM preprocessor constant expands to |
| 275 | 276 | error strings. For a statically linked application this may |
| 276 | 277 | be undesirable if small executable size is an objective. |
| 277 | 278 | |
| 279 | no-autoload-config | |
| 280 | Don't automatically load the default openssl.cnf file. | |
| 281 | Typically OpenSSL will automatically load a system config | |
| 282 | file which configures default ssl options. | |
| 278 | 283 | |
| 279 | 284 | no-capieng |
| 280 | 285 | Don't build the CAPI engine. This option will be forced if |
| 0 | ||
| 0 | 1 | ## |
| 1 | 2 | ## Makefile for OpenSSL |
| 2 | 3 | ## |
| 3 | 4 | ## WARNING: do not edit! |
| 4 | ## Generated by Configure from Configurations/unix-Makefile.tmpl, Configurations/common.tmpl | |
| 5 | ## Generated by Configure from Configurations/common0.tmpl, Configurations/unix-Makefile.tmpl, Configurations/common.tmpl | |
| 5 | 6 | |
| 6 | 7 | PLATFORM=dist |
| 7 | 8 | OPTIONS= no-asan no-crypto-mdebug no-crypto-mdebug-backtrace no-devcryptoeng no-ec_nistp_64_gcc_128 no-egd no-external-tests no-fuzz-afl no-fuzz-libfuzzer no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl-trace no-ssl3 no-ssl3-method no-tls13downgrade no-ubsan no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic |
| 9 | 10 | SRCDIR=. |
| 10 | 11 | BLDDIR=. |
| 11 | 12 | |
| 12 | VERSION=1.1.1-pre4 | |
| 13 | VERSION=1.1.1-pre6 | |
| 13 | 14 | MAJOR=1 |
| 14 | 15 | MINOR=1.1 |
| 15 | 16 | SHLIB_VERSION_NUMBER=1.1 |
| 28 | 29 | PROGRAMS=apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/afalgtest test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bioprinttest test/bntest test/buildtest_aes test/buildtest_asn1 test/buildtest_asn1t test/buildtest_async test/buildtest_bio test/buildtest_blowfish test/buildtest_bn test/buildtest_buffer test/buildtest_camellia test/buildtest_cast test/buildtest_cmac test/buildtest_cms test/buildtest_comp test/buildtest_conf test/buildtest_conf_api test/buildtest_crypto test/buildtest_ct test/buildtest_des test/buildtest_dh test/buildtest_dsa test/buildtest_dtls1 test/buildtest_e_os2 test/buildtest_ebcdic test/buildtest_ec test/buildtest_ecdh test/buildtest_ecdsa test/buildtest_engine test/buildtest_evp test/buildtest_hmac test/buildtest_idea test/buildtest_kdf test/buildtest_lhash test/buildtest_md4 test/buildtest_md5 test/buildtest_mdc2 test/buildtest_modes test/buildtest_obj_mac test/buildtest_objects test/buildtest_ocsp test/buildtest_opensslv test/buildtest_ossl_typ test/buildtest_pem test/buildtest_pem2 test/buildtest_pkcs12 test/buildtest_pkcs7 test/buildtest_rand test/buildtest_rand_drbg test/buildtest_rc2 test/buildtest_rc4 test/buildtest_ripemd test/buildtest_rsa test/buildtest_safestack test/buildtest_seed test/buildtest_sha test/buildtest_sm2 test/buildtest_srp test/buildtest_srtp test/buildtest_ssl test/buildtest_ssl2 test/buildtest_stack test/buildtest_store test/buildtest_symhacks test/buildtest_tls1 test/buildtest_ts test/buildtest_txt_db test/buildtest_ui test/buildtest_whrlpool test/buildtest_x509 test/buildtest_x509_vfy test/buildtest_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/conf_include_test test/constant_time_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbgtest test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ecdsatest test/ecstresstest test/ectest test/enginetest test/evp_extra_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/gmdifftest test/hmactest test/ideatest test/igetest test/lhash_test test/md2test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/ocspapitest test/packettest test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_mp_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/siphash_internal_test test/sm2crypttest test/sm2sigtest test/sm4_internal_test test/srptest test/ssl_cert_table_internal_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux |
| 29 | 30 | SCRIPTS=apps/CA.pl apps/tsget tools/c_rehash util/shlib_wrap.sh |
| 30 | 31 | |
| 31 | DEPS=apps/s_time.d crypto/pem/pem_lib.d crypto/camellia/cmll_ctr.d crypto/evp/bio_ok.d crypto/evp/evp_cnf.d crypto/bio/bss_fd.d crypto/kdf/tls1_prf.d test/buildtest_md4.d crypto/evp/bio_md.d test/testutil/stanza.d crypto/dsa/dsa_prn.d test/buildtest_camellia.d crypto/pkcs12/p12_init.d crypto/x509v3/v3_admis.d crypto/x509/x509_vpm.d crypto/pem/pem_oth.d crypto/ec/ecdh_kdf.d crypto/asn1/x_sig.d crypto/bio/bss_null.d crypto/bn/bn_dh.d test/buildtest_rand.d crypto/x509v3/v3_bitst.d fuzz/conf.d crypto/modes/cbc128.d crypto/poly1305/poly1305.d crypto/blake2/m_blake2b.d test/uitest.d crypto/evp/e_des.d crypto/des/fcrypt.d crypto/bn/bn_mont.d crypto/err/err_prn.d ssl/packet.d crypto/evp/bio_enc.d crypto/pem/pem_info.d crypto/evp/p_lib.d crypto/dh/dh_asn1.d apps/pkeyparam.d crypto/rsa/rsa_sign.d crypto/asn1/a_strnid.d crypto/store/store_init.d crypto/sm4/sm4.d apps/spkac.d crypto/hmac/hm_ameth.d crypto/pkcs12/p12_npas.d crypto/engine/tb_rsa.d crypto/ec/ecx_meth.d ssl/t1_trce.d apps/dsaparam.d crypto/sm2/sm2_crypt.d crypto/ct/ct_policy.d crypto/aes/aes_cfb.d crypto/hmac/hm_pmeth.d crypto/ec/curve448/curve448_tables.d crypto/rsa/rsa_pss.d test/v3nametest.d crypto/asn1/a_gentm.d ssl/ssl_lib.d test/buildtest_hmac.d crypto/srp/srp_lib.d crypto/seed/seed_cfb.d crypto/conf/conf_mod.d crypto/pkcs12/pk12err.d crypto/pkcs12/p12_decr.d crypto/modes/ctr128.d test/buildtest_asn1.d crypto/ec/eck_prn.d crypto/x509v3/v3_pcia.d crypto/pkcs12/p12_key.d crypto/asn1/f_int.d crypto/des/ofb64enc.d crypto/ui/ui_null.d crypto/cms/cms_err.d crypto/pkcs7/pk7_doit.d crypto/evp/m_sha1.d crypto/asn1/x_int64.d test/packettest.d apps/nseq.d crypto/asn1/p5_scrypt.d test/ssl_cert_table_internal_test.d crypto/ct/ct_sct_ctx.d test/buildtest_dh.d test/testutil/output_helpers.d test/dtlstest.d crypto/asn1/asn1_par.d crypto/ct/ct_prn.d test/buildtest_pkcs7.d crypto/ts/ts_rsp_print.d crypto/dh/dh_gen.d crypto/bf/bf_ofb64.d test/srptest.d test/buildtest_tls1.d crypto/bio/bss_log.d crypto/cms/cms_smime.d crypto/modes/ccm128.d crypto/aes/aes_misc.d apps/dhparam.d crypto/asn1/a_time.d crypto/ec/ec_curve.d crypto/objects/obj_xref.d crypto/ct/ct_x509v3.d crypto/ec/curve448/eddsa.d crypto/des/xcbc_enc.d test/buildtest_seed.d crypto/rand/rand_err.d crypto/dsa/dsa_meth.d crypto/ocsp/ocsp_srv.d crypto/bn/bn_add.d crypto/ocsp/ocsp_err.d crypto/bio/bss_conn.d crypto/bn/bn_kron.d crypto/whrlpool/wp_block.d test/sslbuffertest.d crypto/ts/ts_conf.d crypto/rsa/rsa_oaep.d crypto/idea/i_ecb.d crypto/asn1/asn1_item_list.d crypto/cms/cms_kari.d crypto/engine/tb_pkmeth.d test/evp_test.d apps/genpkey.d crypto/asn1/asn_moid.d crypto/evp/bio_b64.d crypto/bn/bn_gcd.d crypto/ec/ec_err.d test/exptest.d crypto/asn1/tasn_prn.d crypto/ts/ts_lib.d ssl/record/rec_layer_s3.d crypto/evp/m_mdc2.d crypto/rc2/rc2_ecb.d ssl/statem/statem_srvr.d crypto/poly1305/poly1305_pmeth.d test/buildtest_conf.d crypto/x509v3/v3_crld.d apps/ecparam.d crypto/ct/ct_err.d crypto/x509/x_attrib.d crypto/comp/comp_lib.d crypto/x509v3/v3_ncons.d crypto/des/pcbc_enc.d apps/pkcs12.d crypto/des/qud_cksm.d crypto/pkcs7/bio_pk7.d crypto/bn/bn_rand.d crypto/asn1/a_i2d_fp.d crypto/engine/eng_fat.d ssl/methods.d test/bio_enc_test.d crypto/asn1/evp_asn1.d test/testutil/driver.d test/mdc2_internal_test.d ssl/d1_srtp.d crypto/sha/sha512.d crypto/x509/x509_v3.d test/servername_test.d crypto/engine/eng_rdrand.d apps/smime.d test/danetest.d apps/dgst.d test/buildtest_ssl.d test/dsatest.d crypto/md4/md4_one.d crypto/pkcs7/pk7_smime.d crypto/ec/ecdsa_sign.d crypto/x509/x_x509.d crypto/seed/seed.d crypto/dsa/dsa_ameth.d crypto/md5/md5_one.d test/ct_test.d crypto/idea/i_skey.d crypto/sm2/sm2_za.d crypto/cms/cms_ess.d ssl/d1_msg.d crypto/dsa/dsa_lib.d test/buildtest_stack.d test/aborttest.d crypto/init.d crypto/engine/eng_ctrl.d test/buildtest_sha.d crypto/evp/e_seed.d apps/dsa.d crypto/cms/cms_cd.d ssl/record/rec_layer_d1.d crypto/des/des_enc.d crypto/ex_data.d ssl/ssl_err.d crypto/evp/pmeth_gn.d test/buildtest_ct.d crypto/bio/bio_meth.d fuzz/x509.d crypto/ec/ec_lib.d crypto/asn1/a_int.d crypto/conf/conf_sap.d crypto/asn1/asn_mime.d crypto/x509v3/v3_int.d crypto/cms/cms_enc.d crypto/rand/randfile.d test/asn1_string_table_test.d crypto/mdc2/mdc2dgst.d ssl/pqueue.d apps/rsautl.d crypto/pkcs7/pk7_lib.d test/buildtest_obj_mac.d ssl/t1_lib.d test/buildtest_crypto.d crypto/x509/x_x509a.d crypto/ocsp/ocsp_prn.d ssl/statem/statem_clnt.d crypto/x509v3/v3_lib.d crypto/siphash/siphash_ameth.d test/buildtest_objects.d crypto/ec/ecdh_ossl.d crypto/evp/evp_key.d crypto/store/store_err.d fuzz/asn1.d crypto/dsa/dsa_vrf.d crypto/mem_dbg.d test/buildtest_cms.d crypto/bn/bn_const.d crypto/o_fopen.d crypto/pkcs12/p12_mutl.d ssl/s3_lib.d crypto/modes/ofb128.d crypto/ocsp/ocsp_ext.d apps/sess_id.d ssl/statem/extensions_srvr.d crypto/ec/ec_kmeth.d crypto/bio/bf_lbuf.d crypto/async/arch/async_posix.d crypto/dh/dh_key.d crypto/evp/c_alld.d apps/asn1pars.d crypto/asn1/a_mbstr.d test/buildtest_store.d crypto/bn/bn_x931p.d crypto/ct/ct_log.d crypto/rsa/rsa_x931.d crypto/pkcs7/pk7_asn1.d apps/apps.d crypto/bn/bn_exp.d crypto/ripemd/rmd_one.d test/chacha_internal_test.d apps/rehash.d crypto/bio/bio_err.d crypto/store/store_register.d crypto/ec/ecp_smpl.d ssl/ssl_sess.d crypto/pem/pem_all.d crypto/comp/comp_err.d apps/pkeyutl.d crypto/bn/bn_div.d crypto/asn1/a_strex.d crypto/o_str.d crypto/ts/ts_rsp_sign.d crypto/des/str2key.d crypto/asn1/p8_pkey.d test/buildtest_symhacks.d test/buildtest_comp.d crypto/asn1/t_spki.d ssl/ssl_txt.d crypto/bf/bf_cfb64.d crypto/asn1/f_string.d test/sysdefaulttest.d crypto/dso/dso_lib.d test/asn1_encode_test.d crypto/rsa/rsa_mp.d test/lhash_test.d crypto/sha/sha1_one.d crypto/asn1/a_utctm.d test/siphash_internal_test.d apps/genrsa.d crypto/bn/bn_mul.d crypto/ec/ecdsa_ossl.d test/buildtest_lhash.d crypto/modes/cts128.d crypto/x509/x509_lu.d crypto/x509/x509_vfy.d crypto/dh/dh_meth.d crypto/pkcs12/p12_p8e.d crypto/cms/cms_pwri.d crypto/ts/ts_req_print.d crypto/asn1/tasn_typ.d crypto/evp/m_wp.d apps/s_cb.d test/afalgtest.d crypto/x509v3/v3_bcons.d crypto/engine/eng_err.d crypto/asn1/x_info.d crypto/async/async_err.d crypto/dso/dso_vms.d test/conf_include_test.d crypto/chacha/chacha_enc.d crypto/asn1/t_bitst.d test/ideatest.d crypto/x509v3/v3_conf.d crypto/ui/ui_err.d crypto/x509v3/pcy_tree.d crypto/dso/dso_openssl.d test/tls13encryptiontest.d test/x509aux.d crypto/bn/bn_print.d crypto/evp/m_null.d crypto/bio/b_dump.d test/sm2sigtest.d test/x509_internal_test.d test/buildtest_cast.d crypto/rsa/rsa_x931g.d crypto/bn/bn_err.d crypto/ec/ec2_oct.d crypto/camellia/cmll_ofb.d apps/s_socket.d crypto/rand/rand_lib.d crypto/ec/ecp_nist.d test/modes_internal_test.d test/rsa_test.d crypto/x509/x509_txt.d crypto/x509/x509cset.d crypto/x509v3/v3_cpols.d crypto/blake2/m_blake2s.d crypto/rsa/rsa_meth.d ssl/record/ssl3_record.d test/x509_dup_cert_test.d crypto/cast/c_cfb64.d crypto/asn1/a_utf8.d test/tls13ccstest.d crypto/ocsp/ocsp_lib.d crypto/ts/ts_rsp_verify.d test/buildtest_pem.d crypto/des/ecb_enc.d crypto/md4/md4_dgst.d ssl/record/ssl3_buffer.d crypto/engine/eng_pkey.d test/buildtest_md5.d test/test_test.d crypto/ec/curve448/curve448.d test/igetest.d crypto/pkcs7/pkcs7err.d crypto/des/ecb3_enc.d test/drbg_cavs_data.d crypto/x509/t_x509.d crypto/x509/x509name.d test/drbgtest.d crypto/pkcs12/p12_utl.d test/casttest.d test/versions.d crypto/x509v3/pcy_data.d crypto/dsa/dsa_sign.d crypto/x509/x509_obj.d test/sanitytest.d crypto/sm3/sm3.d crypto/x509v3/v3_alt.d ssl/ssl_conf.d test/mdc2test.d fuzz/cms.d apps/gendsa.d test/ctype_internal_test.d crypto/evp/p_seal.d test/exdatatest.d crypto/bn/bn_asm.d ssl/record/dtls1_bitmap.d crypto/uid.d crypto/o_time.d crypto/srp/srp_vfy.d crypto/pkcs7/pk7_attr.d crypto/ctype.d crypto/pem/pem_err.d crypto/ec/ec_asn1.d crypto/ec/curve448/f_generic.d crypto/bn/bn_mod.d crypto/bio/bss_file.d test/buildtest_aes.d crypto/rsa/rsa_chk.d fuzz/ct.d crypto/des/cbc_enc.d apps/ca.d apps/prime.d crypto/des/cfb64ede.d crypto/stack/stack.d crypto/x509v3/v3_pci.d crypto/threads_none.d crypto/ts/ts_verify_ctx.d crypto/bn/bn_exp2.d crypto/ec/ecp_nistp224.d crypto/hmac/hmac.d crypto/cms/cms_asn1.d crypto/ec/curve448/scalar.d crypto/engine/eng_table.d crypto/dh/dh_ameth.d ssl/statem/extensions_clnt.d apps/engine.d crypto/evp/p5_crpt.d ssl/statem/extensions_cust.d crypto/des/ofb64ede.d crypto/evp/p5_crpt2.d crypto/lhash/lhash.d crypto/ec/ecp_nistputil.d crypto/x509/x_req.d test/buildtest_mdc2.d crypto/objects/o_names.d crypto/dh/dh_pmeth.d crypto/dso/dso_dl.d crypto/siphash/siphash.d test/buildtest_cmac.d apps/rand.d crypto/asn1/bio_asn1.d test/d2i_test.d fuzz/server.d crypto/engine/eng_init.d test/buildtest_engine.d crypto/x509v3/v3err.d crypto/evp/e_cast.d ssl/statem/statem.d crypto/cms/cms_dd.d crypto/evp/evp_err.d crypto/dso/dso_dlfcn.d crypto/evp/evp_pbe.d crypto/ec/ec2_smpl.d crypto/asn1/n_pkey.d crypto/ebcdic.d crypto/ec/ec_print.d crypto/rc2/rc2_skey.d crypto/rsa/rsa_ssl.d crypto/aria/aria.d crypto/x509/x509rset.d crypto/aes/aes_core.d crypto/dsa/dsa_depr.d apps/speed.d crypto/async/arch/async_win.d crypto/cms/cms_env.d crypto/evp/p_open.d test/sslapitest.d crypto/bio/bss_sock.d crypto/x509v3/v3_prn.d crypto/bio/bio_cb.d test/buildtest_x509v3.d crypto/bio/b_sock2.d crypto/evp/e_des3.d test/time_offset_test.d test/ssl_test_ctx_test.d crypto/pem/pem_sign.d crypto/bf/bf_enc.d crypto/o_fips.d crypto/rsa/rsa_gen.d test/ssltest_old.d crypto/modes/gcm128.d apps/ciphers.d crypto/evp/m_sigver.d crypto/pem/pem_pkey.d crypto/x509/x509_r2x.d ssl/ssl_asn1.d crypto/threads_pthread.d crypto/bio/bf_buff.d test/dtlsv1listentest.d crypto/blake2/blake2b.d crypto/dsa/dsa_asn1.d crypto/evp/e_bf.d crypto/bn/bn_prime.d crypto/bio/bf_nbio.d crypto/ts/ts_req_utils.d crypto/evp/evp_enc.d crypto/buffer/buf_err.d test/testutil/tap_bio.d crypto/evp/p_sign.d crypto/x509v3/pcy_cache.d test/testutil/init.d crypto/rsa/rsa_crpt.d crypto/blake2/blake2s.d test/ectest.d crypto/cast/c_ofb64.d crypto/des/set_key.d test/buildtest_safestack.d test/pkey_meth_kdf_test.d test/secmemtest.d crypto/evp/pmeth_lib.d crypto/asn1/x_algor.d crypto/evp/m_ripemd.d fuzz/crl.d crypto/ocsp/ocsp_ht.d crypto/engine/eng_list.d crypto/rc4/rc4_skey.d crypto/modes/ocb128.d test/testutil/test_cleanup.d test/x509_time_test.d apps/x509.d crypto/bio/bio_lib.d crypto/cms/cms_att.d crypto/rsa/rsa_asn1.d crypto/evp/p_enc.d test/buildtest_kdf.d crypto/evp/e_null.d crypto/dh/dh_check.d test/buildtest_pkcs12.d crypto/cast/c_skey.d crypto/pkcs12/p12_kiss.d crypto/evp/evp_lib.d test/cipherbytes_test.d crypto/x509v3/pcy_node.d test/buildtest_ecdh.d crypto/evp/e_aes_cbc_hmac_sha1.d crypto/rsa/rsa_prn.d test/gmdifftest.d crypto/des/cfb64enc.d test/bad_dtls_test.d crypto/pkcs12/p12_asn.d test/stack_test.d crypto/camellia/camellia.d crypto/evp/pmeth_fn.d crypto/x509v3/pcy_lib.d crypto/evp/pbe_scrypt.d test/curve448_internal_test.d crypto/x509v3/v3_info.d apps/version.d crypto/pkcs12/p12_add.d crypto/ec/ec_pmeth.d crypto/dso/dso_err.d crypto/dh/dh_rfc7919.d test/buildtest_blowfish.d crypto/x509v3/v3_akey.d crypto/asn1/p5_pbe.d crypto/mdc2/mdc2_one.d crypto/camellia/cmll_cbc.d apps/enc.d crypto/ui/ui_openssl.d crypto/cast/c_enc.d crypto/bn/bn_shift.d test/pemtest.d crypto/asn1/tasn_enc.d crypto/dh/dh_err.d test/ssl_test.d test/bioprinttest.d crypto/x509v3/v3_akeya.d crypto/bio/bss_mem.d test/testutil/cb.d crypto/asn1/a_type.d crypto/objects/obj_err.d crypto/x509/x_crl.d crypto/x509/x509_ext.d test/memleaktest.d crypto/bn/bn_intern.d test/clienthellotest.d crypto/asn1/x_pkey.d crypto/dh/dh_prn.d crypto/threads_win.d apps/openssl.d crypto/ec/ec2_mult.d crypto/x509v3/pcy_map.d crypto/rsa/rsa_ossl.d crypto/evp/e_chacha20_poly1305.d crypto/ui/ui_util.d crypto/pem/pem_xaux.d crypto/asn1/asn_pack.d crypto/x509v3/v3_pcons.d crypto/ec/ec_cvt.d test/buildtest_srp.d crypto/dsa/dsa_err.d crypto/asn1/a_verify.d crypto/rc2/rc2_cbc.d test/fatalerrtest.d crypto/asn1/tasn_fre.d crypto/bio/bf_null.d crypto/des/rand_key.d test/cipherlist_test.d crypto/async/async_wait.d crypto/x509v3/v3_sxnet.d test/buildtest_async.d test/buildtest_opensslv.d apps/pkey.d crypto/bn/bn_nist.d test/bntest.d test/buildtest_x509.d crypto/evp/e_aes.d crypto/seed/seed_ofb.d crypto/x509/x509type.d crypto/cms/cms_lib.d crypto/whrlpool/wp_dgst.d test/testutil/main.d test/evp_extra_test.d test/rc4test.d apps/pkcs7.d crypto/cms/cms_io.d crypto/pkcs12/p12_attr.d test/bio_callback_test.d crypto/ec/ec_key.d ssl/ssl_mcnf.d crypto/x509v3/v3_purp.d test/verify_extra_test.d test/rdrand_sanitytest.d crypto/dh/dh_kdf.d crypto/siphash/siphash_pmeth.d crypto/evp/e_rc5.d test/buildtest_txt_db.d crypto/evp/digest.d crypto/engine/tb_digest.d test/asn1_time_test.d crypto/evp/c_allc.d crypto/camellia/cmll_cfb.d crypto/evp/e_aes_cbc_hmac_sha256.d test/testutil/basic_output.d crypto/bio/bss_bio.d crypto/o_init.d crypto/cmac/cmac.d crypto/md5/md5_dgst.d ssl/ssl_utst.d test/dtls_mtu_test.d crypto/x509v3/v3_skey.d ssl/t1_enc.d crypto/pkcs12/p12_p8d.d test/ciphername_test.d crypto/dh/dh_lib.d crypto/ec/ecp_oct.d crypto/sha/sha1dgst.d crypto/bn/bn_ctx.d crypto/asn1/tasn_dec.d ssl/tls13_enc.d test/enginetest.d test/crltest.d test/ssltestlib.d crypto/ec/ecp_nistp521.d crypto/rand/drbg_ctr.d crypto/ct/ct_vfy.d apps/errstr.d test/buildtest_ui.d crypto/idea/i_ofb64.d apps/req.d crypto/asn1/asn1_gen.d crypto/evp/names.d ssl/ssl_stat.d crypto/camellia/cmll_misc.d crypto/async/arch/async_null.d crypto/cmac/cm_ameth.d test/buildtest_rand_drbg.d crypto/ec/ec_oct.d crypto/bn/bn_depr.d test/ocspapitest.d ssl/ssl_ciph.d crypto/des/cfb_enc.d crypto/engine/eng_cnf.d crypto/x509/x_name.d crypto/comp/c_zlib.d crypto/x509v3/v3_pku.d crypto/kdf/scrypt.d crypto/rsa/rsa_lib.d crypto/asn1/asn_mstbl.d apps/opt.d crypto/asn1/a_print.d crypto/x509v3/v3_addr.d test/buildtest_ossl_typ.d test/buildtest_ts.d crypto/dsa/dsa_ossl.d crypto/asn1/bio_ndef.d crypto/x509v3/v3_enum.d test/buildtest_idea.d crypto/ct/ct_oct.d crypto/sm3/m_sm3.d test/buildtest_rsa.d test/ecdsatest.d fuzz/client.d crypto/asn1/t_pkey.d crypto/aes/aes_ecb.d ssl/ssl_rsa.d crypto/ts/ts_rsp_utils.d crypto/bio/b_sock.d crypto/rc4/rc4_enc.d crypto/ocsp/ocsp_cl.d crypto/ec/ec_mult.d crypto/aes/aes_cbc.d test/dhtest.d ssl/ssl_cert.d crypto/ec/ecdsa_vrf.d crypto/pkcs12/p12_crt.d crypto/des/ofb_enc.d crypto/x509/by_dir.d crypto/evp/e_rc2.d test/x509_check_cert_pkey_test.d fuzz/test-corpus.d crypto/evp/p_dec.d crypto/conf/conf_api.d crypto/cpt_err.d crypto/x509/x509_set.d crypto/asn1/asn1_lib.d test/buildtest_bio.d crypto/evp/m_md5.d crypto/ocsp/ocsp_vfy.d crypto/asn1/i2d_pr.d crypto/dsa/dsa_key.d crypto/rc2/rc2cfb64.d test/buildtest_ocsp.d apps/storeutl.d crypto/engine/tb_rand.d crypto/dsa/dsa_pmeth.d apps/ts.d crypto/aes/aes_wrap.d crypto/asn1/tasn_utl.d crypto/rsa/rsa_none.d crypto/asn1/tasn_new.d crypto/o_dir.d fuzz/asn1parse.d crypto/conf/conf_lib.d test/destest.d crypto/lhash/lh_stats.d crypto/asn1/i2d_pu.d test/rsa_mp_test.d crypto/bn/bn_sqrt.d crypto/bn/bn_word.d apps/ocsp.d crypto/pem/pem_x509.d test/drbg_cavs_test.d test/cipher_overhead_test.d crypto/ocsp/v3_ocsp.d crypto/objects/obj_dat.d test/buildtest_srtp.d crypto/rand/rand_unix.d crypto/engine/eng_all.d test/buildtest_e_os2.d crypto/objects/obj_lib.d crypto/pem/pem_pk8.d crypto/conf/conf_err.d crypto/store/store_strings.d crypto/dsa/dsa_gen.d test/buildtest_asn1t.d crypto/evp/e_xcbc_d.d crypto/evp/m_sha3.d crypto/ts/ts_err.d crypto/x509/x_exten.d crypto/ec/ec_ameth.d crypto/kdf/kdf_err.d crypto/err/err_all.d crypto/engine/tb_dsa.d test/sslcorrupttest.d test/constant_time_test.d crypto/evp/e_idea.d test/buildtest_whrlpool.d test/buildtest_x509_vfy.d crypto/rsa/rsa_pk1.d crypto/des/fcrypt_b.d crypto/asn1/a_bitstr.d crypto/cryptlib.d crypto/modes/xts128.d apps/srp.d crypto/txt_db/txt_db.d crypto/evp/p_verify.d crypto/engine/tb_asnmth.d crypto/engine/eng_openssl.d crypto/aes/aes_ige.d crypto/engine/tb_cipher.d crypto/mem_sec.d crypto/seed/seed_cbc.d crypto/bn/bn_recp.d crypto/async/async.d ssl/s3_msg.d crypto/engine/tb_eckey.d crypto/asn1/tasn_scn.d crypto/ct/ct_sct.d crypto/asn1/x_long.d crypto/x509/t_req.d crypto/evp/e_old.d test/rc5test.d test/threadstest.d crypto/camellia/cmll_ecb.d crypto/pkcs12/p12_crpt.d crypto/x509/x509_cmp.d crypto/evp/e_sm4.d crypto/engine/tb_dh.d ssl/tls_srp.d crypto/modes/cfb128.d crypto/pkcs12/p12_sbag.d crypto/evp/e_rc4.d crypto/x509v3/v3_asid.d engines/e_capi.d crypto/dso/dso_win32.d apps/s_client.d crypto/bio/b_addr.d crypto/kdf/hkdf.d crypto/x509/x_pubkey.d crypto/asn1/asn1_err.d crypto/mem.d crypto/store/loader_file.d crypto/rsa/rsa_err.d crypto/asn1/x_val.d crypto/ec/ec_check.d crypto/evp/encode.d test/buildtest_modes.d crypto/asn1/d2i_pu.d apps/app_rand.d test/pbelutest.d crypto/evp/cmeth_lib.d crypto/asn1/p5_pbev2.d crypto/rsa/rsa_pmeth.d test/asynctest.d crypto/ec/curve25519.d test/buildtest_bn.d test/buildtest_conf_api.d apps/cms.d apps/crl2p7.d test/ssl_test_ctx.d apps/bf_prefix.d engines/e_padlock.d crypto/des/cbc_cksm.d crypto/ripemd/rmd_dgst.d ssl/d1_lib.d test/recordlentest.d crypto/x509v3/v3_tlsf.d crypto/modes/wrap128.d test/buildtest_ripemd.d crypto/cms/cms_sd.d test/testutil/tests.d crypto/poly1305/poly1305_ameth.d apps/crl.d crypto/ec/curve448/arch_32/f_impl.d crypto/asn1/a_digest.d crypto/engine/eng_dyn.d test/asn1_internal_test.d crypto/x509/x509_err.d crypto/cmac/cm_pmeth.d crypto/bn/bn_gf2m.d test/buildtest_ssl2.d apps/rsa.d crypto/seed/seed_ecb.d crypto/asn1/a_sign.d crypto/asn1/x_spki.d ssl/s3_enc.d crypto/bio/b_print.d crypto/idea/i_cfb64.d test/testutil/format_output.d crypto/aes/aes_ofb.d crypto/x509v3/v3_extku.d fuzz/bndiv.d crypto/bf/bf_ecb.d crypto/conf/conf_mall.d crypto/asn1/x_bignum.d crypto/rand/rand_egd.d crypto/evp/m_md5_sha1.d test/buildtest_rc4.d crypto/bf/bf_skey.d crypto/asn1/d2i_pr.d crypto/sha/sha256.d apps/ec.d test/buildtest_rc2.d crypto/bn/bn_mpi.d crypto/asn1/ameth_lib.d crypto/mem_clr.d test/buildtest_sm2.d crypto/asn1/a_object.d crypto/bn/bn_srp.d crypto/conf/conf_def.d test/poly1305_internal_test.d crypto/rsa/rsa_saos.d test/buildtest_ecdsa.d crypto/sm2/sm2_err.d crypto/store/store_lib.d crypto/x509/x509_trs.d crypto/ec/ecp_nistp256.d crypto/asn1/a_d2i_fp.d crypto/evp/m_md4.d test/buildtest_buffer.d apps/pkcs8.d test/v3ext.d crypto/evp/m_md2.d crypto/x509/x509_att.d crypto/rand/rand_win.d crypto/rsa/rsa_depr.d crypto/bio/bss_acpt.d crypto/dh/dh_depr.d crypto/ec/ecp_mont.d crypto/bn/bn_blind.d crypto/pkcs7/pk7_mime.d ssl/statem/statem_dtls.d crypto/ts/ts_asn1.d crypto/sm2/sm2_sign.d crypto/asn1/a_dup.d test/buildtest_evp.d ssl/bio_ssl.d test/buildtest_ec.d test/wpackettest.d crypto/x509v3/v3_genn.d crypto/bn/bn_lib.d test/bftest.d ssl/statem/extensions.d crypto/asn1/nsseq.d test/buildtest_dtls1.d crypto/x509v3/v3_utl.d crypto/x509/t_crl.d crypto/dh/dh_rfc5114.d test/asynciotest.d crypto/evp/evp_pkey.d fuzz/bignum.d crypto/buffer/buffer.d apps/verify.d crypto/bn/bn_sqr.d test/sm4_internal_test.d crypto/sha/keccak1600.d test/pkey_meth_test.d crypto/x509/x509spki.d test/md2test.d crypto/x509v3/v3_pmaps.d crypto/ui/ui_lib.d apps/passwd.d crypto/ocsp/ocsp_asn.d crypto/idea/i_cbc.d crypto/evp/e_aria.d crypto/x509/by_file.d crypto/x509/x509_req.d crypto/x509/x509_def.d test/buildtest_des.d crypto/rand/drbg_lib.d ssl/s3_cbc.d crypto/pem/pvkfmt.d apps/s_server.d test/buildtest_pem2.d crypto/err/err.d crypto/x509v3/v3_ia5.d crypto/asn1/a_octet.d crypto/x509/x_all.d crypto/evp/e_camellia.d test/buildtest_dsa.d crypto/rsa/rsa_ameth.d crypto/ct/ct_b64.d ssl/ssl_init.d crypto/bio/bss_dgram.d test/ecstresstest.d crypto/engine/eng_lib.d crypto/rc2/rc2ofb64.d ssl/statem/statem_lib.d crypto/evp/e_rc4_hmac_md5.d crypto/rand/rand_vms.d test/rc2test.d crypto/cast/c_ecb.d ssl/record/ssl3_record_tls13.d crypto/x509/x509_d2.d test/handshake_helper.d test/sm2crypttest.d crypto/cversion.d test/hmactest.d test/buildtest_ebcdic.d | |
| 32 | DEPS=crypto/ts/ts_req_print.d apps/nseq.d ssl/record/ssl3_record_tls13.d crypto/bio/b_dump.d crypto/store/store_strings.d crypto/pkcs12/p12_crpt.d crypto/x509/x509_txt.d crypto/bn/bn_mont.d test/buildtest_dsa.d crypto/mem_sec.d apps/verify.d apps/storeutl.d apps/rsautl.d crypto/dsa/dsa_pmeth.d test/buildtest_srp.d crypto/x509v3/v3_alt.d crypto/ec/curve448/eddsa.d crypto/bn/bn_lib.d crypto/async/async.d test/destest.d crypto/asn1/asn_mstbl.d crypto/o_fips.d ssl/s3_lib.d ssl/statem/statem.d crypto/blake2/m_blake2s.d test/packettest.d crypto/bio/bio_lib.d crypto/ec/ec_key.d ssl/record/ssl3_buffer.d crypto/o_dir.d crypto/x509v3/pcy_cache.d test/lhash_test.d crypto/evp/e_camellia.d apps/bf_prefix.d crypto/engine/eng_fat.d crypto/bf/bf_ecb.d crypto/evp/evp_pkey.d crypto/bn/bn_srp.d crypto/camellia/cmll_ofb.d crypto/x509v3/pcy_node.d crypto/rsa/rsa_ssl.d crypto/bn/bn_kron.d crypto/dsa/dsa_ossl.d crypto/bn/bn_x931p.d crypto/kdf/tls1_prf.d crypto/evp/e_rc2.d crypto/idea/i_cfb64.d crypto/x509v3/v3_bcons.d crypto/evp/m_md2.d crypto/rand/randfile.d apps/gendsa.d test/buildtest_engine.d crypto/evp/evp_cnf.d crypto/evp/e_des3.d crypto/blake2/blake2s.d crypto/x509v3/v3_prn.d test/x509_dup_cert_test.d apps/srp.d test/buildtest_x509_vfy.d crypto/evp/m_ripemd.d test/buildtest_ui.d crypto/ec/ecdsa_sign.d crypto/hmac/hmac.d apps/spkac.d crypto/ec/eck_prn.d crypto/evp/e_chacha20_poly1305.d crypto/pkcs12/p12_p8d.d crypto/des/cfb64ede.d test/dhtest.d crypto/x509v3/v3_ncons.d crypto/conf/conf_mod.d crypto/ctype.d crypto/poly1305/poly1305_pmeth.d crypto/evp/bio_b64.d crypto/sha/sha1_one.d crypto/dsa/dsa_sign.d crypto/aes/aes_ige.d crypto/bio/bf_lbuf.d crypto/ocsp/ocsp_ext.d crypto/dsa/dsa_prn.d crypto/pkcs7/pk7_asn1.d crypto/dso/dso_dlfcn.d crypto/evp/m_sha3.d crypto/ocsp/ocsp_prn.d crypto/x509/by_file.d crypto/sha/sha1dgst.d crypto/des/ecb3_enc.d crypto/asn1/a_utctm.d crypto/aes/aes_cbc.d crypto/objects/obj_lib.d crypto/x509v3/v3_genn.d ssl/t1_enc.d crypto/bf/bf_ofb64.d crypto/x509v3/pcy_lib.d test/wpackettest.d apps/req.d crypto/engine/tb_pkmeth.d test/evp_extra_test.d crypto/asn1/asn_moid.d crypto/bio/bf_buff.d crypto/cast/c_ofb64.d crypto/evp/c_alld.d test/buildtest_ssl2.d crypto/cms/cms_err.d crypto/engine/tb_rand.d crypto/asn1/p5_pbev2.d crypto/des/cfb_enc.d crypto/x509/x509_att.d test/buildtest_pem.d crypto/dh/dh_ameth.d crypto/bn/bn_mod.d crypto/sha/sha256.d test/ectest.d test/v3ext.d crypto/ec/ec_kmeth.d crypto/asn1/bio_ndef.d crypto/aes/aes_ofb.d crypto/bn/bn_exp.d apps/ecparam.d crypto/pkcs7/pk7_mime.d test/testutil/output_helpers.d apps/prime.d crypto/camellia/cmll_ecb.d test/chacha_internal_test.d crypto/siphash/siphash_pmeth.d test/v3nametest.d crypto/x509/x509name.d crypto/pkcs12/p12_kiss.d crypto/bio/bio_err.d test/buildtest_sm2.d ssl/ssl_txt.d test/drbgtest.d crypto/sm3/sm3.d crypto/cms/cms_cd.d crypto/engine/eng_rdrand.d crypto/dh/dh_prn.d crypto/modes/cbc128.d crypto/bio/bf_nbio.d crypto/seed/seed.d crypto/sm2/sm2_sign.d crypto/asn1/asn1_err.d crypto/asn1/d2i_pr.d crypto/ec/ecp_smpl.d ssl/ssl_init.d test/curve448_internal_test.d crypto/des/pcbc_enc.d apps/s_server.d crypto/asn1/evp_asn1.d crypto/cast/c_ecb.d crypto/aes/aes_wrap.d crypto/ts/ts_req_utils.d crypto/pem/pem_lib.d crypto/bn/bn_exp2.d test/asn1_encode_test.d crypto/ec/ec_curve.d crypto/dh/dh_key.d crypto/cast/c_skey.d crypto/async/arch/async_win.d crypto/cmac/cm_pmeth.d crypto/modes/ctr128.d crypto/hmac/hm_ameth.d test/buildtest_cmac.d test/buildtest_cms.d test/x509_internal_test.d crypto/asn1/a_sign.d test/buildtest_sha.d crypto/des/qud_cksm.d apps/speed.d crypto/ec/ec_mult.d ssl/s3_cbc.d test/ideatest.d test/buildtest_hmac.d test/testutil/driver.d apps/dsaparam.d crypto/x509/x509spki.d test/dtlsv1listentest.d crypto/ct/ct_prn.d crypto/x509v3/v3_enum.d crypto/dsa/dsa_err.d crypto/bn/bn_recp.d apps/ocsp.d test/buildtest_conf.d crypto/evp/bio_ok.d crypto/asn1/p5_pbe.d crypto/ts/ts_rsp_print.d apps/genpkey.d crypto/dh/dh_err.d fuzz/bndiv.d crypto/pkcs12/pk12err.d crypto/objects/obj_dat.d crypto/ui/ui_null.d crypto/ec/ec_print.d test/verify_extra_test.d crypto/pkcs12/p12_attr.d crypto/evp/evp_pbe.d test/buildtest_kdf.d crypto/ec/curve25519.d crypto/bn/bn_shift.d ssl/ssl_conf.d crypto/evp/m_md4.d test/ssl_test_ctx.d test/buildtest_ripemd.d apps/smime.d crypto/bn/bn_rand.d ssl/statem/statem_dtls.d ssl/d1_msg.d apps/pkcs8.d crypto/rand/rand_win.d crypto/ec/ec_check.d crypto/engine/eng_list.d crypto/des/ofb64ede.d crypto/engine/eng_err.d crypto/engine/eng_lib.d crypto/cms/cms_pwri.d crypto/des/ofb_enc.d crypto/asn1/t_pkey.d crypto/rand/rand_vms.d crypto/o_fopen.d test/sysdefaulttest.d crypto/chacha/chacha_enc.d ssl/t1_trce.d crypto/o_time.d test/memleaktest.d test/x509_time_test.d test/buildtest_bio.d test/bio_callback_test.d crypto/evp/p_seal.d crypto/x509/x509_cmp.d crypto/aes/aes_core.d crypto/dso/dso_vms.d ssl/statem/extensions_srvr.d crypto/x509/t_crl.d crypto/ec/ec_pmeth.d crypto/ts/ts_err.d crypto/ui/ui_util.d crypto/dh/dh_rfc5114.d test/sanitytest.d fuzz/asn1.d crypto/ec/ecp_nistp224.d test/buildtest_asn1.d test/buildtest_rsa.d apps/ciphers.d crypto/asn1/x_algor.d crypto/bn/bn_mpi.d test/buildtest_store.d crypto/evp/m_sha1.d crypto/ec/ec_cvt.d crypto/conf/conf_err.d crypto/modes/ofb128.d crypto/evp/bio_enc.d crypto/dso/dso_openssl.d crypto/cms/cms_ess.d crypto/x509v3/v3_bitst.d crypto/asn1/x_int64.d crypto/rsa/rsa_x931g.d apps/crl2p7.d crypto/bio/bss_log.d crypto/asn1/f_int.d crypto/modes/cfb128.d test/mdc2_internal_test.d test/casttest.d crypto/hmac/hm_pmeth.d crypto/cast/c_enc.d test/buildtest_symhacks.d crypto/mem_clr.d crypto/rsa/rsa_prn.d crypto/bio/bf_null.d crypto/dsa/dsa_ameth.d ssl/ssl_asn1.d test/ct_test.d ssl/ssl_rsa.d test/asn1_time_test.d ssl/ssl_ciph.d test/buildtest_ocsp.d crypto/blake2/m_blake2b.d fuzz/bignum.d crypto/blake2/blake2b.d test/buildtest_mdc2.d fuzz/crl.d crypto/evp/m_md5_sha1.d crypto/cms/cms_att.d test/ssl_test_ctx_test.d apps/pkcs7.d crypto/asn1/a_strex.d ssl/statem/extensions.d crypto/rc4/rc4_enc.d crypto/pkcs12/p12_p8e.d crypto/bn/bn_print.d test/buildtest_dtls1.d crypto/pem/pem_all.d crypto/engine/eng_pkey.d crypto/asn1/asn1_item_list.d crypto/aria/aria.d crypto/camellia/cmll_ctr.d crypto/ec/ecp_nistp521.d crypto/cms/cms_enc.d crypto/siphash/siphash.d crypto/des/cbc_enc.d crypto/async/async_err.d crypto/pem/pem_sign.d crypto/bn/bn_dh.d crypto/engine/tb_asnmth.d crypto/cms/cms_io.d crypto/sha/sha512.d crypto/x509v3/v3_asid.d crypto/x509v3/v3_cpols.d crypto/store/store_err.d crypto/async/async_wait.d crypto/ocsp/ocsp_cl.d test/aborttest.d crypto/asn1/a_type.d crypto/rsa/rsa_oaep.d crypto/evp/encode.d test/ciphername_test.d crypto/x509/x509_d2.d test/pkey_meth_test.d crypto/comp/c_zlib.d crypto/rc2/rc2_cbc.d test/exdatatest.d test/asn1_string_table_test.d apps/pkcs12.d apps/apps.d crypto/asn1/tasn_prn.d crypto/x509/by_dir.d test/buildtest_dh.d test/buildtest_objects.d apps/asn1pars.d crypto/evp/e_cast.d fuzz/server.d crypto/x509v3/v3_tlsf.d crypto/bio/bss_conn.d test/bntest.d crypto/x509v3/v3err.d test/sm4_internal_test.d test/buildtest_tls1.d crypto/camellia/cmll_cbc.d crypto/rsa/rsa_ossl.d crypto/ts/ts_verify_ctx.d test/rdrand_sanitytest.d crypto/conf/conf_lib.d crypto/evp/m_sigver.d crypto/ec/ecdh_kdf.d test/buildtest_crypto.d crypto/uid.d test/buildtest_md5.d test/buildtest_conf_api.d crypto/x509/x_pubkey.d crypto/dso/dso_win32.d crypto/kdf/scrypt.d test/modes_internal_test.d test/rc2test.d apps/opt.d crypto/x509/x509_def.d test/igetest.d crypto/dsa/dsa_key.d crypto/pkcs12/p12_asn.d crypto/kdf/hkdf.d crypto/bio/bss_sock.d crypto/x509/x_x509.d crypto/evp/e_rc4_hmac_md5.d crypto/asn1/a_octet.d crypto/asn1/bio_asn1.d crypto/ex_data.d crypto/ts/ts_rsp_verify.d crypto/rsa/rsa_pss.d crypto/stack/stack.d fuzz/conf.d crypto/ec/ec_oct.d crypto/ct/ct_policy.d test/servername_test.d crypto/store/loader_file.d apps/dgst.d crypto/cms/cms_asn1.d test/rc4test.d crypto/evp/e_aria.d crypto/rc2/rc2_skey.d crypto/bn/bn_nist.d crypto/rc4/rc4_skey.d apps/dhparam.d crypto/pem/pem_x509.d crypto/x509/x509_r2x.d crypto/cms/cms_dd.d crypto/cms/cms_env.d crypto/x509v3/v3_conf.d crypto/seed/seed_ofb.d crypto/evp/e_null.d crypto/ocsp/ocsp_srv.d crypto/asn1/x_pkey.d crypto/rand/rand_err.d crypto/mem.d crypto/x509v3/pcy_tree.d crypto/modes/xts128.d ssl/d1_srtp.d crypto/rand/rand_unix.d crypto/asn1/a_utf8.d crypto/engine/eng_table.d crypto/md4/md4_one.d crypto/rand/rand_lib.d crypto/x509v3/v3_ia5.d crypto/ct/ct_x509v3.d apps/pkey.d crypto/evp/e_des.d crypto/ui/ui_err.d test/buildtest_ts.d ssl/d1_lib.d crypto/bn/bn_prime.d crypto/rsa/rsa_meth.d crypto/bn/bn_word.d crypto/rsa/rsa_gen.d test/asn1_internal_test.d ssl/statem/statem_srvr.d apps/dsa.d crypto/evp/p_dec.d crypto/evp/p_verify.d crypto/ec/ecp_nistp256.d crypto/mem_dbg.d crypto/bn/bn_gf2m.d crypto/x509v3/v3_sxnet.d crypto/ec/curve448/scalar.d crypto/pkcs7/pk7_doit.d crypto/ec/ecp_nist.d crypto/rand/drbg_lib.d crypto/x509/x509_lu.d crypto/ct/ct_vfy.d crypto/asn1/a_d2i_fp.d crypto/cmac/cmac.d crypto/des/fcrypt.d crypto/ts/ts_conf.d test/bad_dtls_test.d crypto/aes/aes_misc.d crypto/bio/b_sock2.d crypto/evp/p5_crpt2.d crypto/dh/dh_lib.d ssl/s3_enc.d crypto/bn/bn_depr.d fuzz/ct.d ssl/bio_ssl.d crypto/x509v3/v3_crld.d apps/s_cb.d crypto/evp/e_sm4.d test/buildtest_obj_mac.d crypto/pkcs12/p12_decr.d test/buildtest_rc2.d crypto/dsa/dsa_depr.d crypto/x509/x509_ext.d crypto/evp/evp_key.d crypto/des/rand_key.d crypto/x509/x509_v3.d crypto/des/str2key.d crypto/evp/e_old.d crypto/pem/pem_err.d test/buildtest_rand.d crypto/asn1/nsseq.d test/gmdifftest.d engines/e_padlock.d test/poly1305_internal_test.d crypto/rsa/rsa_ameth.d crypto/asn1/i2d_pu.d apps/ec.d test/testutil/stanza.d crypto/rsa/rsa_pmeth.d test/buildtest_whrlpool.d test/buildtest_safestack.d crypto/evp/p_lib.d test/pemtest.d ssl/statem/extensions_cust.d ssl/ssl_utst.d test/time_offset_test.d crypto/cryptlib.d crypto/conf/conf_api.d crypto/bio/bss_mem.d test/buildtest_pem2.d crypto/idea/i_ofb64.d ssl/tls13_enc.d crypto/modes/ccm128.d apps/version.d crypto/asn1/tasn_fre.d crypto/pkcs7/pk7_smime.d apps/rehash.d crypto/evp/c_allc.d crypto/x509/x_name.d crypto/pkcs12/p12_init.d crypto/objects/obj_err.d crypto/rc2/rc2cfb64.d test/mdc2test.d crypto/pkcs7/pk7_lib.d test/ssl_test.d crypto/pem/pem_pkey.d crypto/evp/e_xcbc_d.d crypto/ripemd/rmd_one.d test/sm2sigtest.d crypto/evp/p_sign.d crypto/des/cfb64enc.d crypto/x509v3/v3_info.d apps/genrsa.d test/testutil/test_cleanup.d crypto/rsa/rsa_asn1.d crypto/bn/bn_sqr.d crypto/x509v3/v3_akeya.d crypto/dh/dh_pmeth.d test/x509aux.d crypto/bio/bio_meth.d crypto/engine/eng_ctrl.d crypto/ocsp/ocsp_lib.d crypto/bio/bio_cb.d test/ssl_cert_table_internal_test.d crypto/bio/bss_fd.d crypto/evp/e_aes.d test/buildtest_pkcs12.d apps/openssl.d crypto/evp/p_enc.d crypto/dsa/dsa_lib.d crypto/asn1/asn_mime.d crypto/pem/pvkfmt.d crypto/dh/dh_check.d test/recordlentest.d crypto/err/err_all.d crypto/whrlpool/wp_dgst.d test/buildtest_srtp.d crypto/dh/dh_depr.d crypto/evp/e_idea.d ssl/record/rec_layer_d1.d crypto/rsa/rsa_sign.d crypto/asn1/x_info.d crypto/ec/ecdh_ossl.d crypto/buffer/buffer.d test/buildtest_asn1t.d crypto/pkcs12/p12_sbag.d crypto/rsa/rsa_mp.d crypto/ts/ts_rsp_sign.d crypto/sm4/sm4.d crypto/ec/ecp_oct.d test/dsatest.d crypto/x509v3/v3_pci.d crypto/asn1/tasn_typ.d crypto/x509v3/v3_purp.d test/buildtest_md4.d crypto/ct/ct_sct.d crypto/ocsp/ocsp_asn.d test/siphash_internal_test.d test/threadstest.d crypto/x509v3/v3_pcons.d test/buildtest_e_os2.d crypto/evp/pmeth_fn.d test/buildtest_lhash.d crypto/ts/ts_asn1.d apps/rsa.d crypto/rsa/rsa_none.d crypto/asn1/i2d_pr.d crypto/pkcs7/pkcs7err.d test/enginetest.d crypto/evp/bio_md.d crypto/x509/x509rset.d crypto/sm2/sm2_err.d test/asynciotest.d crypto/bio/bss_dgram.d crypto/x509/x509_vfy.d crypto/dh/dh_asn1.d test/constant_time_test.d apps/passwd.d crypto/evp/m_mdc2.d crypto/conf/conf_ssl.d crypto/md4/md4_dgst.d crypto/x509/x509_vpm.d crypto/ct/ct_log.d test/test_test.d test/handshake_helper.d crypto/ec/ec2_mult.d fuzz/asn1parse.d crypto/ec/ecdsa_ossl.d crypto/rsa/rsa_pk1.d crypto/ocsp/ocsp_ht.d crypto/bn/bn_mul.d crypto/cms/cms_lib.d crypto/lhash/lhash.d crypto/ec/ec_err.d test/ecdsatest.d ssl/tls_srp.d crypto/cpt_err.d crypto/asn1/x_spki.d crypto/x509/x509_req.d crypto/ec/ecp_nistputil.d crypto/ct/ct_oct.d crypto/engine/tb_dh.d crypto/poly1305/poly1305.d test/buildtest_camellia.d test/conf_include_test.d test/bioprinttest.d crypto/evp/e_aes_cbc_hmac_sha256.d crypto/ocsp/v3_ocsp.d crypto/x509v3/v3_pku.d crypto/mdc2/mdc2_one.d crypto/comp/comp_lib.d test/danetest.d crypto/ec/ecp_mont.d apps/app_rand.d crypto/store/store_init.d crypto/srp/srp_vfy.d test/buildtest_ecdh.d ssl/record/ssl3_record.d test/dtls_mtu_test.d test/tls13ccstest.d crypto/whrlpool/wp_block.d apps/errstr.d crypto/x509/x_all.d test/cipher_overhead_test.d crypto/asn1/a_int.d test/tls13encryptiontest.d apps/pkeyparam.d crypto/x509v3/v3_int.d crypto/o_str.d test/clienthellotest.d crypto/dso/dso_dl.d crypto/asn1/tasn_dec.d test/buildtest_ct.d ssl/t1_lib.d crypto/asn1/p5_scrypt.d crypto/idea/i_skey.d crypto/camellia/cmll_cfb.d test/buildtest_ebcdic.d crypto/dsa/dsa_meth.d crypto/asn1/ameth_lib.d crypto/md5/md5_one.d crypto/pem/pem_pk8.d crypto/ec/ecdsa_vrf.d crypto/asn1/tasn_enc.d crypto/threads_win.d crypto/x509v3/v3_admis.d test/ssltestlib.d crypto/ocsp/ocsp_vfy.d test/buildtest_opensslv.d crypto/engine/eng_all.d test/buildtest_ssl.d crypto/init.d crypto/x509/x509_err.d crypto/md5/md5_dgst.d crypto/bio/bss_null.d test/cipherlist_test.d crypto/idea/i_cbc.d crypto/engine/eng_init.d crypto/x509v3/v3_addr.d test/hmactest.d crypto/x509/x_attrib.d apps/enc.d test/pkey_meth_kdf_test.d crypto/comp/comp_err.d crypto/sha/keccak1600.d test/asynctest.d crypto/rsa/rsa_lib.d crypto/lhash/lh_stats.d crypto/evp/e_seed.d ssl/s3_msg.d crypto/evp/pmeth_lib.d crypto/ec/curve448/f_generic.d crypto/modes/wrap128.d crypto/pem/pem_oth.d crypto/asn1/x_bignum.d crypto/des/des_enc.d crypto/ts/ts_lib.d test/buildtest_async.d crypto/modes/cts128.d test/bio_enc_test.d crypto/evp/cmeth_lib.d test/secmemtest.d crypto/asn1/f_string.d test/bftest.d crypto/des/fcrypt_b.d test/buildtest_stack.d crypto/asn1/tasn_new.d crypto/evp/e_aes_cbc_hmac_sha1.d crypto/bn/bn_blind.d crypto/ec/curve448/curve448.d apps/sess_id.d test/buildtest_rand_drbg.d test/buildtest_des.d crypto/o_init.d crypto/evp/evp_lib.d crypto/ripemd/rmd_dgst.d crypto/x509/x_exten.d crypto/evp/e_rc5.d crypto/x509/t_x509.d crypto/x509v3/v3_utl.d crypto/rand/drbg_ctr.d test/testutil/tests.d crypto/asn1/d2i_pu.d crypto/engine/tb_cipher.d crypto/bn/bn_gcd.d test/testutil/cb.d crypto/asn1/x_val.d crypto/cms/cms_smime.d crypto/ec/ec_lib.d test/fatalerrtest.d crypto/pkcs12/p12_mutl.d crypto/pem/pem_info.d crypto/idea/i_ecb.d crypto/bf/bf_cfb64.d crypto/cmac/cm_ameth.d crypto/sm2/sm2_za.d crypto/buffer/buf_err.d crypto/modes/ocb128.d ssl/ssl_cert.d crypto/objects/o_names.d crypto/des/set_key.d crypto/mdc2/mdc2dgst.d crypto/err/err.d crypto/sm3/m_sm3.d crypto/dso/dso_lib.d test/buildtest_comp.d test/buildtest_modes.d apps/engine.d test/md2test.d crypto/dh/dh_kdf.d test/testutil/format_output.d fuzz/test-corpus.d crypto/pkcs12/p12_add.d test/ecstresstest.d crypto/pkcs12/p12_npas.d crypto/des/ofb64enc.d crypto/rsa/rsa_chk.d crypto/dso/dso_err.d ssl/methods.d crypto/bio/bss_acpt.d test/buildtest_x509v3.d test/afalgtest.d crypto/x509v3/pcy_data.d crypto/asn1/a_object.d crypto/cast/c_cfb64.d crypto/objects/obj_xref.d test/buildtest_ossl_typ.d test/testutil/main.d crypto/evp/digest.d crypto/asn1/a_mbstr.d ssl/ssl_mcnf.d ssl/statem/extensions_clnt.d crypto/asn1/a_print.d test/versions.d crypto/ec/ec2_smpl.d test/sm2crypttest.d crypto/pkcs7/bio_pk7.d crypto/x509/x_crl.d crypto/x509/x509cset.d crypto/aes/aes_cfb.d crypto/ct/ct_err.d crypto/asn1/a_digest.d crypto/ec/curve448/arch_32/f_impl.d crypto/ct/ct_sct_ctx.d crypto/asn1/t_bitst.d crypto/ts/ts_rsp_utils.d crypto/rc2/rc2ofb64.d crypto/camellia/cmll_misc.d crypto/dh/dh_gen.d crypto/asn1/a_dup.d crypto/x509v3/v3_pcia.d crypto/pkcs12/p12_crt.d test/evp_test.d test/dtlstest.d crypto/rsa/rsa_crpt.d apps/x509.d test/buildtest_pkcs7.d crypto/evp/m_md5.d apps/crl.d ssl/ssl_lib.d crypto/engine/tb_eckey.d crypto/bio/b_sock.d crypto/bf/bf_enc.d engines/e_capi.d crypto/srp/srp_lib.d apps/s_socket.d crypto/bn/bn_sqrt.d crypto/asn1/tasn_scn.d test/testutil/basic_output.d crypto/conf/conf_sap.d test/ctype_internal_test.d test/buildtest_txt_db.d apps/cms.d test/buildtest_cast.d crypto/ec/ec_ameth.d crypto/evp/names.d ssl/ssl_sess.d crypto/evp/p5_crpt.d test/buildtest_idea.d crypto/dsa/dsa_gen.d crypto/siphash/siphash_ameth.d crypto/ebcdic.d test/pbelutest.d crypto/seed/seed_cfb.d fuzz/client.d crypto/asn1/asn_pack.d crypto/aes/aes_ecb.d ssl/pqueue.d test/exptest.d crypto/bio/b_print.d crypto/ct/ct_b64.d crypto/evp/m_wp.d crypto/x509/t_req.d crypto/dsa/dsa_asn1.d crypto/store/store_register.d crypto/async/arch/async_null.d crypto/pem/pem_xaux.d crypto/pkcs7/pk7_attr.d test/testutil/init.d fuzz/x509.d apps/s_time.d crypto/rand/rand_egd.d apps/ts.d crypto/x509/x509_obj.d test/crltest.d ssl/record/dtls1_bitmap.d crypto/x509/x_req.d test/ocspapitest.d test/buildtest_buffer.d crypto/dh/dh_rfc7919.d crypto/asn1/x_sig.d ssl/record/rec_layer_s3.d crypto/modes/gcm128.d crypto/bn/bn_const.d crypto/async/arch/async_posix.d apps/s_client.d crypto/seed/seed_ecb.d crypto/pkcs12/p12_utl.d crypto/sm2/sm2_crypt.d test/buildtest_blowfish.d test/sslbuffertest.d crypto/conf/conf_mall.d test/rc5test.d test/buildtest_seed.d crypto/x509/x509_trs.d crypto/rsa/rsa_saos.d crypto/seed/seed_cbc.d crypto/txt_db/txt_db.d crypto/bio/b_addr.d crypto/ec/curve448/curve448_tables.d test/drbg_cavs_test.d crypto/cversion.d crypto/rc2/rc2_ecb.d crypto/bn/bn_asm.d crypto/bio/bss_bio.d ssl/packet.d crypto/conf/conf_def.d crypto/bf/bf_skey.d crypto/asn1/a_bitstr.d test/drbg_cavs_data.d crypto/cms/cms_sd.d crypto/x509/x509_set.d ssl/ssl_err.d crypto/store/store_lib.d crypto/asn1/asn1_par.d crypto/bn/bn_add.d crypto/pkcs12/p12_key.d crypto/evp/evp_enc.d fuzz/cms.d crypto/bio/bss_file.d crypto/threads_none.d crypto/bn/bn_err.d crypto/asn1/t_spki.d apps/rand.d crypto/x509v3/v3_skey.d crypto/evp/m_null.d crypto/rsa/rsa_err.d crypto/asn1/a_strnid.d test/buildtest_aes.d crypto/asn1/a_i2d_fp.d crypto/ui/ui_openssl.d apps/pkeyutl.d crypto/asn1/x_long.d crypto/asn1/asn1_gen.d crypto/evp/evp_err.d test/buildtest_ec.d crypto/x509v3/pcy_map.d test/d2i_test.d crypto/camellia/camellia.d crypto/x509v3/v3_akey.d crypto/threads_pthread.d crypto/x509v3/v3_lib.d crypto/ec/ecx_meth.d test/uitest.d crypto/rsa/rsa_depr.d crypto/kdf/kdf_err.d ssl/statem/statem_clnt.d crypto/des/ecb_enc.d crypto/evp/p_open.d crypto/bn/bn_ctx.d crypto/ocsp/ocsp_err.d crypto/dsa/dsa_vrf.d crypto/x509/x_x509a.d crypto/evp/pbe_scrypt.d crypto/engine/tb_dsa.d apps/ca.d test/buildtest_evp.d crypto/ec/ec2_oct.d test/x509_check_cert_pkey_test.d test/srptest.d crypto/bn/bn_div.d crypto/rsa/rsa_x931.d crypto/asn1/a_time.d crypto/cms/cms_kari.d test/testutil/tap_bio.d test/cipherbytes_test.d crypto/engine/eng_cnf.d test/buildtest_rc4.d crypto/asn1/p8_pkey.d crypto/ui/ui_lib.d crypto/x509v3/v3_pmaps.d test/buildtest_bn.d crypto/asn1/tasn_utl.d crypto/engine/tb_rsa.d crypto/asn1/n_pkey.d ssl/ssl_stat.d crypto/x509v3/v3_extku.d crypto/engine/eng_openssl.d test/sslcorrupttest.d crypto/bn/bn_intern.d test/rsa_mp_test.d crypto/evp/pmeth_gn.d crypto/asn1/a_verify.d test/buildtest_ecdsa.d crypto/poly1305/poly1305_ameth.d test/ssltest_old.d test/sslapitest.d ssl/statem/statem_lib.d crypto/ec/ec_asn1.d crypto/engine/eng_dyn.d crypto/des/cbc_cksm.d crypto/dh/dh_meth.d crypto/asn1/asn1_lib.d crypto/err/err_prn.d crypto/x509/x509type.d crypto/engine/tb_digest.d crypto/evp/e_bf.d crypto/des/xcbc_enc.d crypto/evp/e_rc4.d test/stack_test.d test/buildtest_x509.d test/rsa_test.d crypto/asn1/a_gentm.d | |
| 32 | 33 | |
| 33 | 34 | GENERATED_MANDATORY=crypto/include/internal/bn_conf.h crypto/include/internal/dso_conf.h include/openssl/opensslconf.h |
| 34 | GENERATED=test/buildtest_md4.c test/buildtest_camellia.c test/buildtest_rand.c test/buildtest_hmac.c test/buildtest_asn1.c test/buildtest_dh.c test/buildtest_pkcs7.c test/buildtest_tls1.c test/buildtest_seed.c test/buildtest_conf.c test/buildtest_ssl.c test/buildtest_stack.c test/buildtest_sha.c test/buildtest_ct.c test/buildtest_obj_mac.c test/buildtest_crypto.c test/buildtest_objects.c test/buildtest_cms.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_comp.c test/buildtest_lhash.c test/buildtest_cast.c test/buildtest_pem.c test/buildtest_md5.c test/buildtest_aes.c test/buildtest_mdc2.c test/buildtest_cmac.c test/buildtest_engine.c test/buildtest_x509v3.c test/buildtest_safestack.c test/buildtest_kdf.c test/buildtest_pkcs12.c test/buildtest_ecdh.c test/buildtest_blowfish.c test/buildtest_srp.c test/buildtest_async.c test/buildtest_opensslv.c test/buildtest_x509.c test/buildtest_txt_db.c test/buildtest_ui.c test/buildtest_rand_drbg.c test/buildtest_ossl_typ.c test/buildtest_ts.c test/buildtest_idea.c test/buildtest_rsa.c test/buildtest_bio.c test/buildtest_ocsp.c test/buildtest_srtp.c test/buildtest_e_os2.c test/buildtest_asn1t.c test/buildtest_whrlpool.c test/buildtest_x509_vfy.c test/buildtest_modes.c test/buildtest_bn.c test/buildtest_conf_api.c test/buildtest_ripemd.c test/buildtest_ssl2.c test/buildtest_rc4.c test/buildtest_rc2.c test/buildtest_sm2.c test/buildtest_ecdsa.c test/buildtest_buffer.c test/buildtest_evp.c test/buildtest_ec.c test/buildtest_dtls1.c test/buildtest_des.c test/buildtest_pem2.c test/buildtest_dsa.c test/buildtest_ebcdic.c apps/progs.h include/openssl/opensslconf.h crypto/include/internal/bn_conf.h crypto/buildinf.h crypto/include/internal/dso_conf.h | |
| 35 | GENERATED=apps/CA.pl apps/progs.h apps/tsget crypto/buildinf.h test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_evp.c test/buildtest_hmac.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_opensslv.c test/buildtest_ossl_typ.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_sha.c test/buildtest_sm2.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c tools/c_rehash util/shlib_wrap.sh | |
| 35 | 36 | |
| 36 | 37 | INSTALL_LIBS=libcrypto.a libssl.a |
| 37 | 38 | INSTALL_SHLIBS= |
| 189 | 190 | # Convenience target to prebuild all generated files, not just the mandatory |
| 190 | 191 | # ones |
| 191 | 192 | build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) |
| 193 | @ : | |
| 194 | @echo "Warning: consider configuring with no-makedepend, because if" | |
| 195 | @echo " target system doesn't have $(PERL)," | |
| 196 | @echo " then make will fail..." | |
| 197 | @ : | |
| 192 | 198 | |
| 193 | 199 | test: tests |
| 194 | 200 | tests: build_generated |
| 202 | 208 | RESULT_D=test-runs \ |
| 203 | 209 | PERL="$(PERL)" \ |
| 204 | 210 | EXE_EXT= \ |
| 205 | OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \ | |
| 211 | OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \ | |
| 206 | 212 | OPENSSL_DEBUG_MEMORY=on \ |
| 207 | 213 | $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) |
| 208 | 214 | @ : |
| 219 | 225 | |
| 220 | 226 | libclean: |
| 221 | 227 | @set -e; for s in $(SHLIB_INFO); do \ |
| 228 | if [ "$$s" = ";" ]; then continue; fi; \ | |
| 222 | 229 | s1=`echo "$$s" | cut -f1 -d";"`; \ |
| 223 | 230 | s2=`echo "$$s" | cut -f2 -d";"`; \ |
| 224 | 231 | $(ECHO) $(RM) $$s1; \ |
| 233 | 240 | |
| 234 | 241 | clean: libclean |
| 235 | 242 | $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) |
| 236 | $(RM) $(GENERATED) | |
| 243 | $(RM) $(GENERATED_MANDATORY) $(GENERATED) | |
| 237 | 244 | -$(RM) `find . -name '*.d' -a \! -path "./.git/*"` |
| 238 | 245 | -$(RM) `find . -name '*.o' -a \! -path "./.git/*"` |
| 239 | 246 | $(RM) core |
| 558 | 565 | mkdir -p $$TMPDIR/$$DISTDIR; \ |
| 559 | 566 | (cd $(SRCDIR); \ |
| 560 | 567 | excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \ |
| 561 | excl_re="^(fuzz/corpora|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \ | |
| 568 | excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \ | |
| 562 | 569 | echo "$$excl_re"; \ |
| 563 | 570 | git ls-tree -r --name-only --full-tree HEAD \ |
| 564 | 571 | | egrep -v "$$excl_re" \ |
| 644 | 651 | echo 'Version: '$(VERSION); \ |
| 645 | 652 | echo 'Requires: libssl libcrypto' ) > openssl.pc |
| 646 | 653 | |
| 647 | configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config Configurations/unix-Makefile.tmpl Configurations/common.tmpl ./build.info crypto/build.info ssl/build.info engines/build.info apps/build.info test/build.info util/build.info tools/build.info fuzz/build.info crypto/objects/build.info crypto/md4/build.info crypto/md5/build.info crypto/sha/build.info crypto/mdc2/build.info crypto/hmac/build.info crypto/ripemd/build.info crypto/whrlpool/build.info crypto/poly1305/build.info crypto/blake2/build.info crypto/siphash/build.info crypto/sm3/build.info crypto/des/build.info crypto/aes/build.info crypto/rc2/build.info crypto/rc4/build.info crypto/idea/build.info crypto/aria/build.info crypto/bf/build.info crypto/cast/build.info crypto/camellia/build.info crypto/seed/build.info crypto/sm4/build.info crypto/chacha/build.info crypto/modes/build.info crypto/bn/build.info crypto/ec/build.info crypto/rsa/build.info crypto/dsa/build.info crypto/dh/build.info crypto/sm2/build.info crypto/dso/build.info crypto/engine/build.info crypto/buffer/build.info crypto/bio/build.info crypto/stack/build.info crypto/lhash/build.info crypto/rand/build.info crypto/err/build.info crypto/evp/build.info crypto/asn1/build.info crypto/pem/build.info crypto/x509/build.info crypto/x509v3/build.info crypto/conf/build.info crypto/txt_db/build.info crypto/pkcs7/build.info crypto/pkcs12/build.info crypto/comp/build.info crypto/ocsp/build.info crypto/ui/build.info crypto/cms/build.info crypto/ts/build.info crypto/srp/build.info crypto/cmac/build.info crypto/ct/build.info crypto/async/build.info crypto/kdf/build.info crypto/store/build.info test/ossl_shim/build.info Configurations/00-base-templates.conf Configurations/90-team.conf Configurations/shared-info.pl | |
| 654 | configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config Configurations/common0.tmpl Configurations/unix-Makefile.tmpl Configurations/common.tmpl ./build.info crypto/build.info ssl/build.info engines/build.info apps/build.info test/build.info util/build.info tools/build.info fuzz/build.info crypto/objects/build.info crypto/md4/build.info crypto/md5/build.info crypto/sha/build.info crypto/mdc2/build.info crypto/hmac/build.info crypto/ripemd/build.info crypto/whrlpool/build.info crypto/poly1305/build.info crypto/blake2/build.info crypto/siphash/build.info crypto/sm3/build.info crypto/des/build.info crypto/aes/build.info crypto/rc2/build.info crypto/rc4/build.info crypto/idea/build.info crypto/aria/build.info crypto/bf/build.info crypto/cast/build.info crypto/camellia/build.info crypto/seed/build.info crypto/sm4/build.info crypto/chacha/build.info crypto/modes/build.info crypto/bn/build.info crypto/ec/build.info crypto/rsa/build.info crypto/dsa/build.info crypto/dh/build.info crypto/sm2/build.info crypto/dso/build.info crypto/engine/build.info crypto/buffer/build.info crypto/bio/build.info crypto/stack/build.info crypto/lhash/build.info crypto/rand/build.info crypto/err/build.info crypto/evp/build.info crypto/asn1/build.info crypto/pem/build.info crypto/x509/build.info crypto/x509v3/build.info crypto/conf/build.info crypto/txt_db/build.info crypto/pkcs7/build.info crypto/pkcs12/build.info crypto/comp/build.info crypto/ocsp/build.info crypto/ui/build.info crypto/cms/build.info crypto/ts/build.info crypto/srp/build.info crypto/cmac/build.info crypto/ct/build.info crypto/async/build.info crypto/kdf/build.info crypto/store/build.info test/ossl_shim/build.info Configurations/00-base-templates.conf Configurations/dist.conf Configurations/shared-info.pl | |
| 648 | 655 | @echo "Detected changed: $?" |
| 649 | 656 | $(PERL) configdata.pm -r |
| 650 | 657 | @echo "**************************************************" |
| 718 | 725 | else \ |
| 719 | 726 | mv apps/s_socket.d.tmp apps/s_socket.d; \ |
| 720 | 727 | fi |
| 721 | libcrypto.a: crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ige.o crypto/aes/aes_misc.o crypto/aes/aes_ofb.o crypto/aes/aes_wrap.o crypto/aria/aria.o crypto/asn1/a_bitstr.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o crypto/asn1/a_dup.o crypto/asn1/a_gentm.o crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o crypto/asn1/asn1_item_list.o crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o crypto/asn1/asn_moid.o crypto/asn1/asn_mstbl.o crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o crypto/asn1/d2i_pr.o crypto/asn1/d2i_pu.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/i2d_pu.o crypto/asn1/n_pkey.o crypto/asn1/nsseq.o crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p5_scrypt.o crypto/asn1/p8_pkey.o crypto/asn1/t_bitst.o crypto/asn1/t_pkey.o crypto/asn1/t_spki.o crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_scn.o crypto/asn1/tasn_typ.o crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_bignum.o crypto/asn1/x_info.o crypto/asn1/x_int64.o crypto/asn1/x_long.o crypto/asn1/x_pkey.o crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o crypto/async/arch/async_null.o crypto/async/arch/async_posix.o crypto/async/arch/async_win.o crypto/async/async.o crypto/async/async_err.o crypto/async/async_wait.o crypto/bf/bf_cfb64.o crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o crypto/bf/bf_skey.o crypto/bio/b_addr.o crypto/bio/b_dump.o crypto/bio/b_print.o crypto/bio/b_sock.o crypto/bio/b_sock2.o crypto/bio/bf_buff.o crypto/bio/bf_lbuf.o crypto/bio/bf_nbio.o crypto/bio/bf_null.o crypto/bio/bio_cb.o crypto/bio/bio_err.o crypto/bio/bio_lib.o crypto/bio/bio_meth.o crypto/bio/bss_acpt.o crypto/bio/bss_bio.o crypto/bio/bss_conn.o crypto/bio/bss_dgram.o crypto/bio/bss_fd.o crypto/bio/bss_file.o crypto/bio/bss_log.o crypto/bio/bss_mem.o crypto/bio/bss_null.o crypto/bio/bss_sock.o crypto/blake2/blake2b.o crypto/blake2/blake2s.o crypto/blake2/m_blake2b.o crypto/blake2/m_blake2s.o crypto/bn/bn_add.o crypto/bn/bn_asm.o crypto/bn/bn_blind.o crypto/bn/bn_const.o crypto/bn/bn_ctx.o crypto/bn/bn_depr.o crypto/bn/bn_dh.o crypto/bn/bn_div.o crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o crypto/bn/bn_gcd.o crypto/bn/bn_gf2m.o crypto/bn/bn_intern.o crypto/bn/bn_kron.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o crypto/bn/bn_mont.o crypto/bn/bn_mpi.o crypto/bn/bn_mul.o crypto/bn/bn_nist.o crypto/bn/bn_prime.o crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_sqrt.o crypto/bn/bn_srp.o crypto/bn/bn_word.o crypto/bn/bn_x931p.o crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o crypto/camellia/cmll_ctr.o crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o crypto/camellia/cmll_ofb.o crypto/cast/c_cfb64.o crypto/cast/c_ecb.o crypto/cast/c_enc.o crypto/cast/c_ofb64.o crypto/cast/c_skey.o crypto/chacha/chacha_enc.o crypto/cmac/cm_ameth.o crypto/cmac/cm_pmeth.o crypto/cmac/cmac.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o crypto/cms/cms_cd.o crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o crypto/cms/cms_err.o crypto/cms/cms_ess.o crypto/cms/cms_io.o crypto/cms/cms_kari.o crypto/cms/cms_lib.o crypto/cms/cms_pwri.o crypto/cms/cms_sd.o crypto/cms/cms_smime.o crypto/comp/c_zlib.o crypto/comp/comp_err.o crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mall.o crypto/conf/conf_mod.o crypto/conf/conf_sap.o crypto/cpt_err.o crypto/cryptlib.o crypto/ct/ct_b64.o crypto/ct/ct_err.o crypto/ct/ct_log.o crypto/ct/ct_oct.o crypto/ct/ct_policy.o crypto/ct/ct_prn.o crypto/ct/ct_sct.o crypto/ct/ct_sct_ctx.o crypto/ct/ct_vfy.o crypto/ct/ct_x509v3.o crypto/ctype.o crypto/cversion.o crypto/des/cbc_cksm.o crypto/des/cbc_enc.o crypto/des/cfb64ede.o crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc.o crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/fcrypt.o crypto/des/fcrypt_b.o crypto/des/ofb64ede.o crypto/des/ofb64enc.o crypto/des/ofb_enc.o crypto/des/pcbc_enc.o crypto/des/qud_cksm.o crypto/des/rand_key.o crypto/des/set_key.o crypto/des/str2key.o crypto/des/xcbc_enc.o crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o crypto/dh/dh_depr.o crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_kdf.o crypto/dh/dh_key.o crypto/dh/dh_lib.o crypto/dh/dh_meth.o crypto/dh/dh_pmeth.o crypto/dh/dh_prn.o crypto/dh/dh_rfc5114.o crypto/dh/dh_rfc7919.o crypto/dsa/dsa_ameth.o crypto/dsa/dsa_asn1.o crypto/dsa/dsa_depr.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_meth.o crypto/dsa/dsa_ossl.o crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_prn.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o crypto/dso/dso_dl.o crypto/dso/dso_dlfcn.o crypto/dso/dso_err.o crypto/dso/dso_lib.o crypto/dso/dso_openssl.o crypto/dso/dso_vms.o crypto/dso/dso_win32.o crypto/ebcdic.o crypto/ec/curve25519.o crypto/ec/curve448/arch_32/f_impl.o crypto/ec/curve448/curve448.o crypto/ec/curve448/curve448_tables.o crypto/ec/curve448/eddsa.o crypto/ec/curve448/f_generic.o crypto/ec/curve448/scalar.o crypto/ec/ec2_mult.o crypto/ec/ec2_oct.o crypto/ec/ec2_smpl.o crypto/ec/ec_ameth.o crypto/ec/ec_asn1.o crypto/ec/ec_check.o crypto/ec/ec_curve.o crypto/ec/ec_cvt.o crypto/ec/ec_err.o crypto/ec/ec_key.o crypto/ec/ec_kmeth.o crypto/ec/ec_lib.o crypto/ec/ec_mult.o crypto/ec/ec_oct.o crypto/ec/ec_pmeth.o crypto/ec/ec_print.o crypto/ec/ecdh_kdf.o crypto/ec/ecdh_ossl.o crypto/ec/ecdsa_ossl.o crypto/ec/ecdsa_sign.o crypto/ec/ecdsa_vrf.o crypto/ec/eck_prn.o crypto/ec/ecp_mont.o crypto/ec/ecp_nist.o crypto/ec/ecp_nistp224.o crypto/ec/ecp_nistp256.o crypto/ec/ecp_nistp521.o crypto/ec/ecp_nistputil.o crypto/ec/ecp_oct.o crypto/ec/ecp_smpl.o crypto/ec/ecx_meth.o crypto/engine/eng_all.o crypto/engine/eng_cnf.o crypto/engine/eng_ctrl.o crypto/engine/eng_dyn.o crypto/engine/eng_err.o crypto/engine/eng_fat.o crypto/engine/eng_init.o crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_openssl.o crypto/engine/eng_pkey.o crypto/engine/eng_rdrand.o crypto/engine/eng_table.o crypto/engine/tb_asnmth.o crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o crypto/engine/tb_dsa.o crypto/engine/tb_eckey.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o crypto/evp/bio_md.o crypto/evp/bio_ok.o crypto/evp/c_allc.o crypto/evp/c_alld.o crypto/evp/cmeth_lib.o crypto/evp/digest.o crypto/evp/e_aes.o crypto/evp/e_aes_cbc_hmac_sha1.o crypto/evp/e_aes_cbc_hmac_sha256.o crypto/evp/e_aria.o crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_cast.o crypto/evp/e_chacha20_poly1305.o crypto/evp/e_des.o crypto/evp/e_des3.o crypto/evp/e_idea.o crypto/evp/e_null.o crypto/evp/e_old.o crypto/evp/e_rc2.o crypto/evp/e_rc4.o crypto/evp/e_rc4_hmac_md5.o crypto/evp/e_rc5.o crypto/evp/e_seed.o crypto/evp/e_sm4.o crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_cnf.o crypto/evp/evp_enc.o crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_md2.o crypto/evp/m_md4.o crypto/evp/m_md5.o crypto/evp/m_md5_sha1.o crypto/evp/m_mdc2.o crypto/evp/m_null.o crypto/evp/m_ripemd.o crypto/evp/m_sha1.o crypto/evp/m_sha3.o crypto/evp/m_sigver.o crypto/evp/m_wp.o crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o crypto/evp/p_dec.o crypto/evp/p_enc.o crypto/evp/p_lib.o crypto/evp/p_open.o crypto/evp/p_seal.o crypto/evp/p_sign.o crypto/evp/p_verify.o crypto/evp/pbe_scrypt.o crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o crypto/hmac/hmac.o crypto/idea/i_cbc.o crypto/idea/i_cfb64.o crypto/idea/i_ecb.o crypto/idea/i_ofb64.o crypto/idea/i_skey.o crypto/init.o crypto/kdf/hkdf.o crypto/kdf/kdf_err.o crypto/kdf/scrypt.o crypto/kdf/tls1_prf.o crypto/lhash/lh_stats.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o crypto/md4/md4_one.o crypto/md5/md5_dgst.o crypto/md5/md5_one.o crypto/mdc2/mdc2_one.o crypto/mdc2/mdc2dgst.o crypto/mem.o crypto/mem_clr.o crypto/mem_dbg.o crypto/mem_sec.o crypto/modes/cbc128.o crypto/modes/ccm128.o crypto/modes/cfb128.o crypto/modes/ctr128.o crypto/modes/cts128.o crypto/modes/gcm128.o crypto/modes/ocb128.o crypto/modes/ofb128.o crypto/modes/wrap128.o crypto/modes/xts128.o crypto/o_dir.o crypto/o_fips.o crypto/o_fopen.o crypto/o_init.o crypto/o_str.o crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o crypto/objects/obj_err.o crypto/objects/obj_lib.o crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_cl.o crypto/ocsp/ocsp_err.o crypto/ocsp/ocsp_ext.o crypto/ocsp/ocsp_ht.o crypto/ocsp/ocsp_lib.o crypto/ocsp/ocsp_prn.o crypto/ocsp/ocsp_srv.o crypto/ocsp/ocsp_vfy.o crypto/ocsp/v3_ocsp.o crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o crypto/pem/pem_pkey.o crypto/pem/pem_sign.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o crypto/pem/pvkfmt.o crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_crt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_init.o crypto/pkcs12/p12_key.o crypto/pkcs12/p12_kiss.o crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_npas.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o crypto/pkcs12/p12_sbag.o crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/bio_pk7.o crypto/pkcs7/pk7_asn1.o crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o crypto/pkcs7/pk7_mime.o crypto/pkcs7/pk7_smime.o crypto/pkcs7/pkcs7err.o crypto/poly1305/poly1305.o crypto/poly1305/poly1305_ameth.o crypto/poly1305/poly1305_pmeth.o crypto/rand/drbg_ctr.o crypto/rand/drbg_lib.o crypto/rand/rand_egd.o crypto/rand/rand_err.o crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/rand_vms.o crypto/rand/rand_win.o crypto/rand/randfile.o crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rc4/rc4_enc.o crypto/rc4/rc4_skey.o crypto/ripemd/rmd_dgst.o crypto/ripemd/rmd_one.o crypto/rsa/rsa_ameth.o crypto/rsa/rsa_asn1.o crypto/rsa/rsa_chk.o crypto/rsa/rsa_crpt.o crypto/rsa/rsa_depr.o crypto/rsa/rsa_err.o crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_meth.o crypto/rsa/rsa_mp.o crypto/rsa/rsa_none.o crypto/rsa/rsa_oaep.o crypto/rsa/rsa_ossl.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o crypto/rsa/rsa_prn.o crypto/rsa/rsa_pss.o crypto/rsa/rsa_saos.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o crypto/rsa/rsa_x931.o crypto/rsa/rsa_x931g.o crypto/seed/seed.o crypto/seed/seed_cbc.o crypto/seed/seed_cfb.o crypto/seed/seed_ecb.o crypto/seed/seed_ofb.o crypto/sha/keccak1600.o crypto/sha/sha1_one.o crypto/sha/sha1dgst.o crypto/sha/sha256.o crypto/sha/sha512.o crypto/siphash/siphash.o crypto/siphash/siphash_ameth.o crypto/siphash/siphash_pmeth.o crypto/sm2/sm2_crypt.o crypto/sm2/sm2_err.o crypto/sm2/sm2_sign.o crypto/sm2/sm2_za.o crypto/sm3/m_sm3.o crypto/sm3/sm3.o crypto/sm4/sm4.o crypto/srp/srp_lib.o crypto/srp/srp_vfy.o crypto/stack/stack.o crypto/store/loader_file.o crypto/store/store_err.o crypto/store/store_init.o crypto/store/store_lib.o crypto/store/store_register.o crypto/store/store_strings.o crypto/threads_none.o crypto/threads_pthread.o crypto/threads_win.o crypto/ts/ts_asn1.o crypto/ts/ts_conf.o crypto/ts/ts_err.o crypto/ts/ts_lib.o crypto/ts/ts_req_print.o crypto/ts/ts_req_utils.o crypto/ts/ts_rsp_print.o crypto/ts/ts_rsp_sign.o crypto/ts/ts_rsp_utils.o crypto/ts/ts_rsp_verify.o crypto/ts/ts_verify_ctx.o crypto/txt_db/txt_db.o crypto/ui/ui_err.o crypto/ui/ui_lib.o crypto/ui/ui_null.o crypto/ui/ui_openssl.o crypto/ui/ui_util.o crypto/uid.o crypto/whrlpool/wp_block.o crypto/whrlpool/wp_dgst.o crypto/x509/by_dir.o crypto/x509/by_file.o crypto/x509/t_crl.o crypto/x509/t_req.o crypto/x509/t_x509.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o crypto/x509/x509_r2x.o crypto/x509/x509_req.o crypto/x509/x509_set.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o crypto/x509/x509cset.o crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509spki.o crypto/x509/x509type.o crypto/x509/x_all.o crypto/x509/x_attrib.o crypto/x509/x_crl.o crypto/x509/x_exten.o crypto/x509/x_name.o crypto/x509/x_pubkey.o crypto/x509/x_req.o crypto/x509/x_x509.o crypto/x509/x_x509a.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o crypto/x509v3/pcy_tree.o crypto/x509v3/v3_addr.o crypto/x509v3/v3_admis.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o crypto/x509v3/v3_alt.o crypto/x509v3/v3_asid.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o crypto/x509v3/v3_tlsf.o crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o engines/e_capi.o engines/e_padlock.o | |
| 728 | libcrypto.a: crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ige.o crypto/aes/aes_misc.o crypto/aes/aes_ofb.o crypto/aes/aes_wrap.o crypto/aria/aria.o crypto/asn1/a_bitstr.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o crypto/asn1/a_dup.o crypto/asn1/a_gentm.o crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o crypto/asn1/asn1_item_list.o crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o crypto/asn1/asn_moid.o crypto/asn1/asn_mstbl.o crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o crypto/asn1/d2i_pr.o crypto/asn1/d2i_pu.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/i2d_pu.o crypto/asn1/n_pkey.o crypto/asn1/nsseq.o crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p5_scrypt.o crypto/asn1/p8_pkey.o crypto/asn1/t_bitst.o crypto/asn1/t_pkey.o crypto/asn1/t_spki.o crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_scn.o crypto/asn1/tasn_typ.o crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_bignum.o crypto/asn1/x_info.o crypto/asn1/x_int64.o crypto/asn1/x_long.o crypto/asn1/x_pkey.o crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o crypto/async/arch/async_null.o crypto/async/arch/async_posix.o crypto/async/arch/async_win.o crypto/async/async.o crypto/async/async_err.o crypto/async/async_wait.o crypto/bf/bf_cfb64.o crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o crypto/bf/bf_skey.o crypto/bio/b_addr.o crypto/bio/b_dump.o crypto/bio/b_print.o crypto/bio/b_sock.o crypto/bio/b_sock2.o crypto/bio/bf_buff.o crypto/bio/bf_lbuf.o crypto/bio/bf_nbio.o crypto/bio/bf_null.o crypto/bio/bio_cb.o crypto/bio/bio_err.o crypto/bio/bio_lib.o crypto/bio/bio_meth.o crypto/bio/bss_acpt.o crypto/bio/bss_bio.o crypto/bio/bss_conn.o crypto/bio/bss_dgram.o crypto/bio/bss_fd.o crypto/bio/bss_file.o crypto/bio/bss_log.o crypto/bio/bss_mem.o crypto/bio/bss_null.o crypto/bio/bss_sock.o crypto/blake2/blake2b.o crypto/blake2/blake2s.o crypto/blake2/m_blake2b.o crypto/blake2/m_blake2s.o crypto/bn/bn_add.o crypto/bn/bn_asm.o crypto/bn/bn_blind.o crypto/bn/bn_const.o crypto/bn/bn_ctx.o crypto/bn/bn_depr.o crypto/bn/bn_dh.o crypto/bn/bn_div.o crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o crypto/bn/bn_gcd.o crypto/bn/bn_gf2m.o crypto/bn/bn_intern.o crypto/bn/bn_kron.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o crypto/bn/bn_mont.o crypto/bn/bn_mpi.o crypto/bn/bn_mul.o crypto/bn/bn_nist.o crypto/bn/bn_prime.o crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_sqrt.o crypto/bn/bn_srp.o crypto/bn/bn_word.o crypto/bn/bn_x931p.o crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o crypto/camellia/cmll_ctr.o crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o crypto/camellia/cmll_ofb.o crypto/cast/c_cfb64.o crypto/cast/c_ecb.o crypto/cast/c_enc.o crypto/cast/c_ofb64.o crypto/cast/c_skey.o crypto/chacha/chacha_enc.o crypto/cmac/cm_ameth.o crypto/cmac/cm_pmeth.o crypto/cmac/cmac.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o crypto/cms/cms_cd.o crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o crypto/cms/cms_err.o crypto/cms/cms_ess.o crypto/cms/cms_io.o crypto/cms/cms_kari.o crypto/cms/cms_lib.o crypto/cms/cms_pwri.o crypto/cms/cms_sd.o crypto/cms/cms_smime.o crypto/comp/c_zlib.o crypto/comp/comp_err.o crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mall.o crypto/conf/conf_mod.o crypto/conf/conf_sap.o crypto/conf/conf_ssl.o crypto/cpt_err.o crypto/cryptlib.o crypto/ct/ct_b64.o crypto/ct/ct_err.o crypto/ct/ct_log.o crypto/ct/ct_oct.o crypto/ct/ct_policy.o crypto/ct/ct_prn.o crypto/ct/ct_sct.o crypto/ct/ct_sct_ctx.o crypto/ct/ct_vfy.o crypto/ct/ct_x509v3.o crypto/ctype.o crypto/cversion.o crypto/des/cbc_cksm.o crypto/des/cbc_enc.o crypto/des/cfb64ede.o crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc.o crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/fcrypt.o crypto/des/fcrypt_b.o crypto/des/ofb64ede.o crypto/des/ofb64enc.o crypto/des/ofb_enc.o crypto/des/pcbc_enc.o crypto/des/qud_cksm.o crypto/des/rand_key.o crypto/des/set_key.o crypto/des/str2key.o crypto/des/xcbc_enc.o crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o crypto/dh/dh_depr.o crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_kdf.o crypto/dh/dh_key.o crypto/dh/dh_lib.o crypto/dh/dh_meth.o crypto/dh/dh_pmeth.o crypto/dh/dh_prn.o crypto/dh/dh_rfc5114.o crypto/dh/dh_rfc7919.o crypto/dsa/dsa_ameth.o crypto/dsa/dsa_asn1.o crypto/dsa/dsa_depr.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_meth.o crypto/dsa/dsa_ossl.o crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_prn.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o crypto/dso/dso_dl.o crypto/dso/dso_dlfcn.o crypto/dso/dso_err.o crypto/dso/dso_lib.o crypto/dso/dso_openssl.o crypto/dso/dso_vms.o crypto/dso/dso_win32.o crypto/ebcdic.o crypto/ec/curve25519.o crypto/ec/curve448/arch_32/f_impl.o crypto/ec/curve448/curve448.o crypto/ec/curve448/curve448_tables.o crypto/ec/curve448/eddsa.o crypto/ec/curve448/f_generic.o crypto/ec/curve448/scalar.o crypto/ec/ec2_mult.o crypto/ec/ec2_oct.o crypto/ec/ec2_smpl.o crypto/ec/ec_ameth.o crypto/ec/ec_asn1.o crypto/ec/ec_check.o crypto/ec/ec_curve.o crypto/ec/ec_cvt.o crypto/ec/ec_err.o crypto/ec/ec_key.o crypto/ec/ec_kmeth.o crypto/ec/ec_lib.o crypto/ec/ec_mult.o crypto/ec/ec_oct.o crypto/ec/ec_pmeth.o crypto/ec/ec_print.o crypto/ec/ecdh_kdf.o crypto/ec/ecdh_ossl.o crypto/ec/ecdsa_ossl.o crypto/ec/ecdsa_sign.o crypto/ec/ecdsa_vrf.o crypto/ec/eck_prn.o crypto/ec/ecp_mont.o crypto/ec/ecp_nist.o crypto/ec/ecp_nistp224.o crypto/ec/ecp_nistp256.o crypto/ec/ecp_nistp521.o crypto/ec/ecp_nistputil.o crypto/ec/ecp_oct.o crypto/ec/ecp_smpl.o crypto/ec/ecx_meth.o crypto/engine/eng_all.o crypto/engine/eng_cnf.o crypto/engine/eng_ctrl.o crypto/engine/eng_dyn.o crypto/engine/eng_err.o crypto/engine/eng_fat.o crypto/engine/eng_init.o crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_openssl.o crypto/engine/eng_pkey.o crypto/engine/eng_rdrand.o crypto/engine/eng_table.o crypto/engine/tb_asnmth.o crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o crypto/engine/tb_dsa.o crypto/engine/tb_eckey.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o crypto/evp/bio_md.o crypto/evp/bio_ok.o crypto/evp/c_allc.o crypto/evp/c_alld.o crypto/evp/cmeth_lib.o crypto/evp/digest.o crypto/evp/e_aes.o crypto/evp/e_aes_cbc_hmac_sha1.o crypto/evp/e_aes_cbc_hmac_sha256.o crypto/evp/e_aria.o crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_cast.o crypto/evp/e_chacha20_poly1305.o crypto/evp/e_des.o crypto/evp/e_des3.o crypto/evp/e_idea.o crypto/evp/e_null.o crypto/evp/e_old.o crypto/evp/e_rc2.o crypto/evp/e_rc4.o crypto/evp/e_rc4_hmac_md5.o crypto/evp/e_rc5.o crypto/evp/e_seed.o crypto/evp/e_sm4.o crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_cnf.o crypto/evp/evp_enc.o crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_md2.o crypto/evp/m_md4.o crypto/evp/m_md5.o crypto/evp/m_md5_sha1.o crypto/evp/m_mdc2.o crypto/evp/m_null.o crypto/evp/m_ripemd.o crypto/evp/m_sha1.o crypto/evp/m_sha3.o crypto/evp/m_sigver.o crypto/evp/m_wp.o crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o crypto/evp/p_dec.o crypto/evp/p_enc.o crypto/evp/p_lib.o crypto/evp/p_open.o crypto/evp/p_seal.o crypto/evp/p_sign.o crypto/evp/p_verify.o crypto/evp/pbe_scrypt.o crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o crypto/hmac/hmac.o crypto/idea/i_cbc.o crypto/idea/i_cfb64.o crypto/idea/i_ecb.o crypto/idea/i_ofb64.o crypto/idea/i_skey.o crypto/init.o crypto/kdf/hkdf.o crypto/kdf/kdf_err.o crypto/kdf/scrypt.o crypto/kdf/tls1_prf.o crypto/lhash/lh_stats.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o crypto/md4/md4_one.o crypto/md5/md5_dgst.o crypto/md5/md5_one.o crypto/mdc2/mdc2_one.o crypto/mdc2/mdc2dgst.o crypto/mem.o crypto/mem_clr.o crypto/mem_dbg.o crypto/mem_sec.o crypto/modes/cbc128.o crypto/modes/ccm128.o crypto/modes/cfb128.o crypto/modes/ctr128.o crypto/modes/cts128.o crypto/modes/gcm128.o crypto/modes/ocb128.o crypto/modes/ofb128.o crypto/modes/wrap128.o crypto/modes/xts128.o crypto/o_dir.o crypto/o_fips.o crypto/o_fopen.o crypto/o_init.o crypto/o_str.o crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o crypto/objects/obj_err.o crypto/objects/obj_lib.o crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_cl.o crypto/ocsp/ocsp_err.o crypto/ocsp/ocsp_ext.o crypto/ocsp/ocsp_ht.o crypto/ocsp/ocsp_lib.o crypto/ocsp/ocsp_prn.o crypto/ocsp/ocsp_srv.o crypto/ocsp/ocsp_vfy.o crypto/ocsp/v3_ocsp.o crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o crypto/pem/pem_pkey.o crypto/pem/pem_sign.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o crypto/pem/pvkfmt.o crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_crt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_init.o crypto/pkcs12/p12_key.o crypto/pkcs12/p12_kiss.o crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_npas.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o crypto/pkcs12/p12_sbag.o crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/bio_pk7.o crypto/pkcs7/pk7_asn1.o crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o crypto/pkcs7/pk7_mime.o crypto/pkcs7/pk7_smime.o crypto/pkcs7/pkcs7err.o crypto/poly1305/poly1305.o crypto/poly1305/poly1305_ameth.o crypto/poly1305/poly1305_pmeth.o crypto/rand/drbg_ctr.o crypto/rand/drbg_lib.o crypto/rand/rand_egd.o crypto/rand/rand_err.o crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/rand_vms.o crypto/rand/rand_win.o crypto/rand/randfile.o crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rc4/rc4_enc.o crypto/rc4/rc4_skey.o crypto/ripemd/rmd_dgst.o crypto/ripemd/rmd_one.o crypto/rsa/rsa_ameth.o crypto/rsa/rsa_asn1.o crypto/rsa/rsa_chk.o crypto/rsa/rsa_crpt.o crypto/rsa/rsa_depr.o crypto/rsa/rsa_err.o crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_meth.o crypto/rsa/rsa_mp.o crypto/rsa/rsa_none.o crypto/rsa/rsa_oaep.o crypto/rsa/rsa_ossl.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o crypto/rsa/rsa_prn.o crypto/rsa/rsa_pss.o crypto/rsa/rsa_saos.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o crypto/rsa/rsa_x931.o crypto/rsa/rsa_x931g.o crypto/seed/seed.o crypto/seed/seed_cbc.o crypto/seed/seed_cfb.o crypto/seed/seed_ecb.o crypto/seed/seed_ofb.o crypto/sha/keccak1600.o crypto/sha/sha1_one.o crypto/sha/sha1dgst.o crypto/sha/sha256.o crypto/sha/sha512.o crypto/siphash/siphash.o crypto/siphash/siphash_ameth.o crypto/siphash/siphash_pmeth.o crypto/sm2/sm2_crypt.o crypto/sm2/sm2_err.o crypto/sm2/sm2_sign.o crypto/sm2/sm2_za.o crypto/sm3/m_sm3.o crypto/sm3/sm3.o crypto/sm4/sm4.o crypto/srp/srp_lib.o crypto/srp/srp_vfy.o crypto/stack/stack.o crypto/store/loader_file.o crypto/store/store_err.o crypto/store/store_init.o crypto/store/store_lib.o crypto/store/store_register.o crypto/store/store_strings.o crypto/threads_none.o crypto/threads_pthread.o crypto/threads_win.o crypto/ts/ts_asn1.o crypto/ts/ts_conf.o crypto/ts/ts_err.o crypto/ts/ts_lib.o crypto/ts/ts_req_print.o crypto/ts/ts_req_utils.o crypto/ts/ts_rsp_print.o crypto/ts/ts_rsp_sign.o crypto/ts/ts_rsp_utils.o crypto/ts/ts_rsp_verify.o crypto/ts/ts_verify_ctx.o crypto/txt_db/txt_db.o crypto/ui/ui_err.o crypto/ui/ui_lib.o crypto/ui/ui_null.o crypto/ui/ui_openssl.o crypto/ui/ui_util.o crypto/uid.o crypto/whrlpool/wp_block.o crypto/whrlpool/wp_dgst.o crypto/x509/by_dir.o crypto/x509/by_file.o crypto/x509/t_crl.o crypto/x509/t_req.o crypto/x509/t_x509.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o crypto/x509/x509_r2x.o crypto/x509/x509_req.o crypto/x509/x509_set.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o crypto/x509/x509cset.o crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509spki.o crypto/x509/x509type.o crypto/x509/x_all.o crypto/x509/x_attrib.o crypto/x509/x_crl.o crypto/x509/x_exten.o crypto/x509/x_name.o crypto/x509/x_pubkey.o crypto/x509/x_req.o crypto/x509/x_x509.o crypto/x509/x_x509a.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o crypto/x509v3/pcy_tree.o crypto/x509v3/v3_addr.o crypto/x509v3/v3_admis.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o crypto/x509v3/v3_alt.o crypto/x509v3/v3_asid.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o crypto/x509v3/v3_tlsf.o crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o engines/e_capi.o engines/e_padlock.o | |
| 722 | 729 | $(AR) $(ARFLAGS) $@ $? |
| 723 | 730 | $(RANLIB) $@ || echo Never mind. |
| 724 | 731 | crypto/aes/aes_cbc.o: crypto/aes/aes_cbc.c |
| 2192 | 2199 | rm -f crypto/conf/conf_sap.d.tmp; \ |
| 2193 | 2200 | else \ |
| 2194 | 2201 | mv crypto/conf/conf_sap.d.tmp crypto/conf/conf_sap.d; \ |
| 2202 | fi | |
| 2203 | crypto/conf/conf_ssl.o: crypto/conf/conf_ssl.c | |
| 2204 | $(CC) -I. -Icrypto/include -Iinclude $(LIB_CFLAGS) $(LIB_CPPFLAGS) -MMD -MF crypto/conf/conf_ssl.d.tmp -MT $@ -c -o $@ crypto/conf/conf_ssl.c | |
| 2205 | @touch crypto/conf/conf_ssl.d.tmp | |
| 2206 | @if cmp crypto/conf/conf_ssl.d.tmp crypto/conf/conf_ssl.d > /dev/null 2> /dev/null; then \ | |
| 2207 | rm -f crypto/conf/conf_ssl.d.tmp; \ | |
| 2208 | else \ | |
| 2209 | mv crypto/conf/conf_ssl.d.tmp crypto/conf/conf_ssl.d; \ | |
| 2195 | 2210 | fi |
| 2196 | 2211 | crypto/cpt_err.o: crypto/cpt_err.c |
| 2197 | 2212 | $(CC) -I. -Icrypto/include -Iinclude $(LIB_CFLAGS) $(LIB_CPPFLAGS) -MMD -MF crypto/cpt_err.d.tmp -MT $@ -c -o $@ crypto/cpt_err.c |
| 9254 | 9269 | crypto/cmac crypto/cmac/: crypto/cmac/cm_ameth.o crypto/cmac/cm_pmeth.o crypto/cmac/cmac.o |
| 9255 | 9270 | crypto/cms crypto/cms/: crypto/cms/cms_asn1.o crypto/cms/cms_att.o crypto/cms/cms_cd.o crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o crypto/cms/cms_err.o crypto/cms/cms_ess.o crypto/cms/cms_io.o crypto/cms/cms_kari.o crypto/cms/cms_lib.o crypto/cms/cms_pwri.o crypto/cms/cms_sd.o crypto/cms/cms_smime.o |
| 9256 | 9271 | crypto/comp crypto/comp/: crypto/comp/c_zlib.o crypto/comp/comp_err.o crypto/comp/comp_lib.o |
| 9257 | crypto/conf crypto/conf/: crypto/conf/conf_api.o crypto/conf/conf_def.o crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mall.o crypto/conf/conf_mod.o crypto/conf/conf_sap.o | |
| 9272 | crypto/conf crypto/conf/: crypto/conf/conf_api.o crypto/conf/conf_def.o crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mall.o crypto/conf/conf_mod.o crypto/conf/conf_sap.o crypto/conf/conf_ssl.o | |
| 9258 | 9273 | crypto/ct crypto/ct/: crypto/ct/ct_b64.o crypto/ct/ct_err.o crypto/ct/ct_log.o crypto/ct/ct_oct.o crypto/ct/ct_policy.o crypto/ct/ct_prn.o crypto/ct/ct_sct.o crypto/ct/ct_sct_ctx.o crypto/ct/ct_vfy.o crypto/ct/ct_x509v3.o |
| 9259 | 9274 | crypto/des crypto/des/: crypto/des/cbc_cksm.o crypto/des/cbc_enc.o crypto/des/cfb64ede.o crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc.o crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/fcrypt.o crypto/des/fcrypt_b.o crypto/des/ofb64ede.o crypto/des/ofb64enc.o crypto/des/ofb_enc.o crypto/des/pcbc_enc.o crypto/des/qud_cksm.o crypto/des/rand_key.o crypto/des/set_key.o crypto/des/str2key.o crypto/des/xcbc_enc.o |
| 9260 | 9275 | crypto/dh crypto/dh/: crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o crypto/dh/dh_depr.o crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_kdf.o crypto/dh/dh_key.o crypto/dh/dh_lib.o crypto/dh/dh_meth.o crypto/dh/dh_pmeth.o crypto/dh/dh_prn.o crypto/dh/dh_rfc5114.o crypto/dh/dh_rfc7919.o |
| 0 | 0 | |
| 1 | OpenSSL 1.1.1-pre4 (beta) 3 Apr 2018 | |
| 1 | OpenSSL 1.1.1-pre6 (beta) 1 May 2018 | |
| 2 | 2 | |
| 3 | 3 | Copyright (c) 1998-2018 The OpenSSL Project |
| 4 | 4 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
| 24 | 24 | #endif |
| 25 | 25 | #include <ctype.h> |
| 26 | 26 | #include <errno.h> |
| 27 | #ifdef __VMS | |
| 28 | # include <descrip.h> | |
| 29 | # include <iledef.h> | |
| 30 | # include <fscndef.h> | |
| 31 | # include <starlet.h> | |
| 32 | #endif | |
| 33 | 27 | #include <openssl/err.h> |
| 34 | 28 | #include <openssl/x509.h> |
| 35 | 29 | #include <openssl/x509v3.h> |
| 1596 | 1590 | return retdb; |
| 1597 | 1591 | } |
| 1598 | 1592 | |
| 1593 | /* | |
| 1594 | * Returns > 0 on success, <= 0 on error | |
| 1595 | */ | |
| 1599 | 1596 | int index_index(CA_DB *db) |
| 1600 | 1597 | { |
| 1601 | 1598 | if (!TXT_DB_create_index(db->db, DB_serial, NULL, |
| 2366 | 2363 | } |
| 2367 | 2364 | #endif |
| 2368 | 2365 | |
| 2369 | /* app_dirname section */ | |
| 2370 | ||
| 2371 | /* | |
| 2372 | * This exactly follows what POSIX's | |
| 2373 | * dirname does, but is implemented | |
| 2374 | * in a more platform independent way. | |
| 2375 | * | |
| 2376 | * path dirname | |
| 2377 | * /usr/lib /usr | |
| 2378 | * /usr/ / | |
| 2379 | * usr . | |
| 2380 | * / / | |
| 2381 | * . . | |
| 2382 | * .. . | |
| 2383 | * "" . | |
| 2384 | * | |
| 2385 | * Note: this function also keeps the | |
| 2386 | * possibility of modifying the 'path' | |
| 2387 | * string same as POSIX dirname. | |
| 2388 | */ | |
| 2389 | static char *posix_dirname(char *path) | |
| 2390 | { | |
| 2391 | size_t l; | |
| 2392 | char *ret = "."; | |
| 2393 | ||
| 2394 | l = strlen(path); | |
| 2395 | if (l == 0) | |
| 2396 | goto out; | |
| 2397 | if (strcmp(path, ".") == 0) | |
| 2398 | goto out; | |
| 2399 | if (strcmp(path, "..") == 0) | |
| 2400 | goto out; | |
| 2401 | if (strcmp(path, "/") == 0) { | |
| 2402 | ret = "/"; | |
| 2403 | goto out; | |
| 2404 | } | |
| 2405 | if (path[l - 1] == '/') { | |
| 2406 | /* /usr/ */ | |
| 2407 | path[l - 1] = '\0'; | |
| 2408 | } | |
| 2409 | if ((ret = strrchr(path, '/')) == NULL) { | |
| 2410 | /* usr */ | |
| 2411 | ret = "."; | |
| 2412 | } else if (ret == path) { | |
| 2413 | /* /usr */ | |
| 2414 | *++ret = '\0'; | |
| 2415 | ret = path; | |
| 2416 | } else { | |
| 2417 | /* /usr/lib */ | |
| 2418 | *ret = '\0'; | |
| 2419 | ret = path; | |
| 2420 | } | |
| 2421 | out: | |
| 2422 | return ret; | |
| 2423 | } | |
| 2424 | ||
| 2425 | /* | |
| 2426 | * TODO: implement app_dirname for Windows. | |
| 2427 | */ | |
| 2428 | #if !defined(_WIN32) | |
| 2429 | char *app_dirname(char *path) | |
| 2430 | { | |
| 2431 | return posix_dirname(path); | |
| 2432 | } | |
| 2433 | #elif defined(__VMS) | |
| 2434 | /* | |
| 2435 | * sys$filescan fills the given item list with pointers into the original | |
| 2436 | * path string, so all we need to do is to find the file name and simply | |
| 2437 | * put a NUL byte wherever the FSCN$_NAME pointer points. If there is no | |
| 2438 | * file name part and the path string isn't the empty string, we know for | |
| 2439 | * a fact that the whole string is a directory spec and return it as is. | |
| 2440 | * Otherwise or if that pointer is the starting address of the original | |
| 2441 | * path string, we know to return "sys$disk:[]", which corresponds to the | |
| 2442 | * Unixly ".". | |
| 2443 | * | |
| 2444 | * If sys$filescan returns an error status, we know that this is not | |
| 2445 | * parsable as a VMS file spec, and then use the fallback, in case we | |
| 2446 | * have a Unix type path. | |
| 2447 | */ | |
| 2448 | char *app_dirname(char *path) | |
| 2449 | { | |
| 2450 | char *ret = "sys$disk:[]"; | |
| 2451 | struct dsc$descriptor_s dsc_path = { 0 }; | |
| 2452 | ile2 itemlist[] = { | |
| 2453 | {0, FSCN$_NAME, 0}, | |
| 2454 | {0, 0, 0} | |
| 2455 | }; | |
| 2456 | int fields; | |
| 2457 | int status; | |
| 2458 | ||
| 2459 | dsc_path.dsc$a_pointer = path; | |
| 2460 | dsc_path.dsc$w_length = strlen(path); | |
| 2461 | status = sys$filescan(&dsc_path, itemlist, &fields, 0, 0); | |
| 2462 | ||
| 2463 | if (!(status & 1)) | |
| 2464 | return posix_dirname(path); | |
| 2465 | ||
| 2466 | if ((fields & (1 << FSCN$_NAME)) == 0) { | |
| 2467 | if (dsc_path.dsc$w_length != 0) | |
| 2468 | ret = path; | |
| 2469 | } else if (itemlist[0].ile2$ps_bufaddr != path) { | |
| 2470 | if (itemlist[0].ile2$ps_bufaddr != path) { | |
| 2471 | *itemlist[0].ile2$ps_bufaddr = '\0'; | |
| 2472 | ret = path; | |
| 2473 | } | |
| 2474 | } | |
| 2475 | return ret; | |
| 2476 | } | |
| 2477 | #endif | |
| 2478 | ||
| 2479 | 2366 | /* raw_read|write section */ |
| 2480 | 2367 | #if defined(__VMS) |
| 2481 | 2368 | # include "vms_term_sock.h" |
| 610 | 610 | |
| 611 | 611 | int app_isdir(const char *); |
| 612 | 612 | int app_access(const char *, int flag); |
| 613 | char *app_dirname(char *path); | |
| 614 | 613 | int fileno_stdin(void); |
| 615 | 614 | int fileno_stdout(void); |
| 616 | 615 | int raw_read_stdin(void *, int); |
| 38 | 38 | {"dump", OPT_DUMP, 0, "unknown data in hex form"}, |
| 39 | 39 | {"dlimit", OPT_DLIMIT, 'p', |
| 40 | 40 | "dump the first arg bytes of unknown data in hex form"}, |
| 41 | {"strparse", OPT_STRPARSE, 's', | |
| 41 | {"strparse", OPT_STRPARSE, 'p', | |
| 42 | 42 | "offset; a series of these can be used to 'dig'"}, |
| 43 | 43 | {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, |
| 44 | 44 | {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, |
| 112 | 112 | offset = strtol(opt_arg(), NULL, 0); |
| 113 | 113 | break; |
| 114 | 114 | case OPT_LENGTH: |
| 115 | length = atoi(opt_arg()); | |
| 115 | length = strtol(opt_arg(), NULL, 0); | |
| 116 | 116 | break; |
| 117 | 117 | case OPT_DUMP: |
| 118 | 118 | dump = -1; |
| 119 | 119 | break; |
| 120 | 120 | case OPT_DLIMIT: |
| 121 | dump = atoi(opt_arg()); | |
| 121 | dump = strtol(opt_arg(), NULL, 0); | |
| 122 | 122 | break; |
| 123 | 123 | case OPT_STRPARSE: |
| 124 | 124 | sk_OPENSSL_STRING_push(osk, opt_arg()); |
| 204 | 204 | |
| 205 | 205 | num = 0; |
| 206 | 206 | for (;;) { |
| 207 | if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) | |
| 207 | if (!BUF_MEM_grow(buf, num + BUFSIZ)) | |
| 208 | 208 | goto end; |
| 209 | 209 | i = BIO_read(in, &(buf->data[num]), BUFSIZ); |
| 210 | 210 | if (i <= 0) |
| 224 | 224 | for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { |
| 225 | 225 | ASN1_TYPE *atmp; |
| 226 | 226 | int typ; |
| 227 | j = atoi(sk_OPENSSL_STRING_value(osk, i)); | |
| 228 | if (j == 0) { | |
| 229 | BIO_printf(bio_err, "'%s' is an invalid number\n", | |
| 227 | j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0); | |
| 228 | if (j <= 0 || j >= tmplen) { | |
| 229 | BIO_printf(bio_err, "'%s' is out of range\n", | |
| 230 | 230 | sk_OPENSSL_STRING_value(osk, i)); |
| 231 | 231 | continue; |
| 232 | 232 | } |
| 257 | 257 | num = tmplen; |
| 258 | 258 | } |
| 259 | 259 | |
| 260 | if (offset >= num) { | |
| 261 | BIO_printf(bio_err, "Error: offset too large\n"); | |
| 260 | if (offset < 0 || offset >= num) { | |
| 261 | BIO_printf(bio_err, "Error: offset out of range\n"); | |
| 262 | 262 | goto end; |
| 263 | 263 | } |
| 264 | 264 | |
| 265 | 265 | num -= offset; |
| 266 | 266 | |
| 267 | if ((length == 0) || ((long)length > num)) | |
| 267 | if (length == 0 || length > (unsigned int)num) | |
| 268 | 268 | length = (unsigned int)num; |
| 269 | 269 | if (derout != NULL) { |
| 270 | 270 | if (BIO_write(derout, str + offset, length) != (int)length) { |
| 497 | 497 | if (db == NULL) |
| 498 | 498 | goto end; |
| 499 | 499 | |
| 500 | if (!index_index(db)) | |
| 500 | if (index_index(db) <= 0) | |
| 501 | 501 | goto end; |
| 502 | 502 | |
| 503 | 503 | if (get_certificate_status(ser_status, db) != 1) |
| 671 | 671 | BIO_printf(bio_err, "generating index\n"); |
| 672 | 672 | } |
| 673 | 673 | |
| 674 | if (!index_index(db)) | |
| 674 | if (index_index(db) <= 0) | |
| 675 | 675 | goto end; |
| 676 | 676 | |
| 677 | 677 | /*****************************************************************/ |
| 721 | 721 | |
| 722 | 722 | /*****************************************************************/ |
| 723 | 723 | if (req || gencrl) { |
| 724 | /* FIXME: Is it really always text? */ | |
| 725 | Sout = bio_open_default(outfile, 'w', FORMAT_TEXT); | |
| 724 | if (spkac_file != NULL) { | |
| 725 | output_der = 1; | |
| 726 | batch = 1; | |
| 727 | } | |
| 728 | Sout = bio_open_default(outfile, 'w', | |
| 729 | output_der ? FORMAT_ASN1 : FORMAT_TEXT); | |
| 726 | 730 | if (Sout == NULL) |
| 727 | 731 | goto end; |
| 728 | 732 | } |
| 875 | 879 | if (!sk_X509_push(cert_sk, x)) { |
| 876 | 880 | BIO_printf(bio_err, "Memory allocation failure\n"); |
| 877 | 881 | goto end; |
| 878 | } | |
| 879 | if (outfile) { | |
| 880 | output_der = 1; | |
| 881 | batch = 1; | |
| 882 | 882 | } |
| 883 | 883 | } |
| 884 | 884 | } |
| 234 | 234 | } |
| 235 | 235 | |
| 236 | 236 | if (keyfile != NULL) { |
| 237 | int type; | |
| 238 | ||
| 237 | 239 | if (want_pub) |
| 238 | 240 | sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file"); |
| 239 | 241 | else |
| 242 | 244 | /* |
| 243 | 245 | * load_[pub]key() has already printed an appropriate message |
| 244 | 246 | */ |
| 247 | goto end; | |
| 248 | } | |
| 249 | type = EVP_PKEY_id(sigkey); | |
| 250 | if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) { | |
| 251 | /* | |
| 252 | * We implement PureEdDSA for these which doesn't have a separate | |
| 253 | * digest, and only supports one shot. | |
| 254 | */ | |
| 255 | BIO_printf(bio_err, "Key type not supported for this operation\n"); | |
| 245 | 256 | goto end; |
| 246 | 257 | } |
| 247 | 258 | } |
| 152 | 152 | goto end; |
| 153 | 153 | } |
| 154 | 154 | # endif |
| 155 | ||
| 156 | out = bio_open_default(outfile, 'w', outformat); | |
| 157 | if (out == NULL) | |
| 158 | goto end; | |
| 159 | ||
| 155 | 160 | /* DH parameters */ |
| 156 | 161 | if (num && !g) |
| 157 | 162 | g = 2; |
| 258 | 263 | |
| 259 | 264 | /* dh != NULL */ |
| 260 | 265 | } |
| 261 | ||
| 262 | out = bio_open_default(outfile, 'w', outformat); | |
| 263 | if (out == NULL) | |
| 264 | goto end; | |
| 265 | 266 | |
| 266 | 267 | if (text) { |
| 267 | 268 | DHparams_print(out, dh); |
| 558 | 558 | |
| 559 | 559 | if (ridx_filename != NULL) { |
| 560 | 560 | rdb = load_index(ridx_filename, NULL); |
| 561 | if (rdb == NULL || !index_index(rdb)) { | |
| 561 | if (rdb == NULL || index_index(rdb) <= 0) { | |
| 562 | 562 | ret = 1; |
| 563 | 563 | goto end; |
| 564 | 564 | } |
| 581 | 581 | if (index_changed(rdb)) { |
| 582 | 582 | CA_DB *newrdb = load_index(ridx_filename, NULL); |
| 583 | 583 | |
| 584 | if (newrdb != NULL) { | |
| 584 | if (newrdb != NULL && index_index(newrdb) > 0) { | |
| 585 | 585 | free_index(rdb); |
| 586 | 586 | rdb = newrdb; |
| 587 | 587 | } else { |
| 588 | free_index(newrdb); | |
| 588 | 589 | log_message(LOG_ERR, "error reloading updated index: %s", |
| 589 | 590 | ridx_filename); |
| 590 | 591 | } |
| 695 | 696 | if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { |
| 696 | 697 | BIO_printf(out, "Responder Error: %s (%d)\n", |
| 697 | 698 | OCSP_response_status_str(i), i); |
| 698 | if (!ignore_err) { | |
| 699 | ret = 0; | |
| 699 | if (!ignore_err) | |
| 700 | 700 | goto end; |
| 701 | } | |
| 702 | 701 | } |
| 703 | 702 | |
| 704 | 703 | if (resp_text) |
| 612 | 612 | */ |
| 613 | 613 | int opt_next(void) |
| 614 | 614 | { |
| 615 | char *p, *estr; | |
| 615 | char *p; | |
| 616 | 616 | const OPTIONS *o; |
| 617 | 617 | int ival; |
| 618 | 618 | long lval; |
| 619 | 619 | unsigned long ulval; |
| 620 | 620 | ossl_intmax_t imval; |
| 621 | 621 | ossl_uintmax_t umval; |
| 622 | #if !defined(_WIN32) | |
| 623 | char *c; | |
| 624 | int oerrno; | |
| 625 | #endif | |
| 626 | 622 | |
| 627 | 623 | /* Look at current arg; at end of the list? */ |
| 628 | 624 | arg = NULL; |
| 685 | 681 | return -1; |
| 686 | 682 | case '<': |
| 687 | 683 | /* Input file. */ |
| 688 | if (strcmp(arg, "-") == 0 || app_access(arg, R_OK) == 0) | |
| 689 | break; | |
| 690 | BIO_printf(bio_err, | |
| 691 | "%s: Cannot open input file %s, %s\n", | |
| 692 | prog, arg, strerror(errno)); | |
| 693 | return -1; | |
| 684 | break; | |
| 694 | 685 | case '>': |
| 695 | 686 | /* Output file. */ |
| 696 | #if !defined(_WIN32) | |
| 697 | c = OPENSSL_strdup(arg); | |
| 698 | if (c == NULL) { | |
| 699 | BIO_printf(bio_err, | |
| 700 | "%s: Memory allocation failure\n", prog); | |
| 701 | return -1; | |
| 702 | } | |
| 703 | oerrno = errno; | |
| 704 | errno = 0; | |
| 705 | if (strcmp(arg, "-") == 0 | |
| 706 | || (app_access(app_dirname(c), W_OK) == 0 | |
| 707 | && app_isdir(arg) <= 0 | |
| 708 | && (app_access(arg, W_OK) == 0 || errno == ENOENT))) { | |
| 709 | OPENSSL_free(c); | |
| 710 | break; | |
| 711 | } | |
| 712 | OPENSSL_free(c); | |
| 713 | if (errno == 0) | |
| 714 | /* only possible if 'arg' is a directory */ | |
| 715 | estr = "is a directory"; | |
| 716 | else | |
| 717 | estr = strerror(errno); | |
| 718 | errno = oerrno; | |
| 719 | #else | |
| 720 | if (strcmp(arg, "-") == 0 || app_access(arg, W_OK) == 0 | |
| 721 | || errno == ENOENT) | |
| 722 | break; | |
| 723 | estr = strerror(errno); | |
| 724 | #endif | |
| 725 | BIO_printf(bio_err, | |
| 726 | "%s: Cannot open output file %s, %s\n", | |
| 727 | prog, arg, estr); | |
| 728 | return -1; | |
| 687 | break; | |
| 729 | 688 | case 'p': |
| 730 | 689 | case 'n': |
| 731 | 690 | if (!opt_int(arg, &ival) |
| 110 | 110 | foreach my $cmd ( |
| 111 | 111 | "md2", "md4", "md5", |
| 112 | 112 | "gost", |
| 113 | "sha1", "sha224", "sha256", "sha384", "sha512", | |
| 113 | "sha1", "sha224", "sha256", "sha384", | |
| 114 | "sha512", "sha512-224", "sha512-256", | |
| 115 | "sha3-224", "sha3-256", "sha3-384", "sha3-512", | |
| 116 | "shake128", "shake256", | |
| 114 | 117 | "mdc2", "rmd160", "blake2b512", "blake2s256", |
| 115 | 118 | "sm3" |
| 116 | 119 | ) { |
| 125 | 125 | for (ep = bp->first_entry; ep; ep = ep->next) { |
| 126 | 126 | if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { |
| 127 | 127 | BIO_printf(bio_err, |
| 128 | "%s: skipping duplicate %s in %s\n", opt_getprog(), | |
| 128 | "%s: warning: skipping duplicate %s in %s\n", | |
| 129 | opt_getprog(), | |
| 129 | 130 | type == TYPE_CERT ? "certificate" : "CRL", filename); |
| 130 | return 1; | |
| 131 | return 0; | |
| 131 | 132 | } |
| 132 | 133 | if (strcmp(filename, ep->filename) == 0) { |
| 133 | 134 | found = ep; |
| 139 | 140 | if (ep == NULL) { |
| 140 | 141 | if (bp->num_needed >= MAX_COLLISIONS) { |
| 141 | 142 | BIO_printf(bio_err, |
| 142 | "%s: hash table overflow for %s\n", | |
| 143 | "%s: error: hash table overflow for %s\n", | |
| 143 | 144 | opt_getprog(), filename); |
| 144 | 145 | return 1; |
| 145 | 146 | } |
| 230 | 231 | |
| 231 | 232 | /* Does it have X.509 data in it? */ |
| 232 | 233 | if ((b = BIO_new_file(fullpath, "r")) == NULL) { |
| 233 | BIO_printf(bio_err, "%s: skipping %s, cannot open file\n", | |
| 234 | BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", | |
| 234 | 235 | opt_getprog(), filename); |
| 235 | 236 | errs++; |
| 236 | 237 | goto end; |
| 242 | 243 | |
| 243 | 244 | if (sk_X509_INFO_num(inf) != 1) { |
| 244 | 245 | BIO_printf(bio_err, |
| 245 | "%s: skipping %s," | |
| 246 | "%s: warning: skipping %s," | |
| 246 | 247 | "it does not contain exactly one certificate or CRL\n", |
| 247 | 248 | opt_getprog(), filename); |
| 248 | 249 | /* This is not an error. */ |
| 478 | 479 | if (*argv != NULL) { |
| 479 | 480 | while (*argv != NULL) |
| 480 | 481 | errs += do_dir(*argv++, h); |
| 481 | } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { | |
| 482 | } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { | |
| 483 | char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; | |
| 482 | 484 | m = OPENSSL_strdup(env); |
| 483 | for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) | |
| 485 | for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) | |
| 484 | 486 | errs += do_dir(e, h); |
| 485 | 487 | OPENSSL_free(m); |
| 486 | 488 | } else { |
| 487 | errs += do_dir("/etc/ssl/certs", h); | |
| 489 | errs += do_dir(X509_get_default_cert_dir(), h); | |
| 488 | 490 | } |
| 489 | 491 | |
| 490 | 492 | end: |
| 62 | 62 | char *value, int nid, int n_min, int n_max, |
| 63 | 63 | unsigned long chtype, int mval); |
| 64 | 64 | static int genpkey_cb(EVP_PKEY_CTX *ctx); |
| 65 | static int build_data(char *text, const char *def, | |
| 66 | char *value, int n_min, int n_max, | |
| 67 | char *buf, const int buf_size, | |
| 68 | const char *desc1, const char *desc2 | |
| 69 | ); | |
| 65 | 70 | static int req_check_len(int len, int n_min, int n_max); |
| 66 | 71 | static int check_end(const char *str, const char *end); |
| 67 | 72 | static int join(char buf[], size_t buf_size, const char *name, |
| 364 | 369 | if (addext_bio) { |
| 365 | 370 | if (verbose) |
| 366 | 371 | BIO_printf(bio_err, |
| 367 | "Using additional configuraton from command line\n"); | |
| 372 | "Using additional configuration from command line\n"); | |
| 368 | 373 | addext_conf = app_load_config_bio(addext_bio, NULL); |
| 369 | 374 | } |
| 370 | 375 | if (template != default_config_file && !app_load_modules(req_conf)) |
| 1201 | 1206 | char *value, int nid, int n_min, int n_max, |
| 1202 | 1207 | unsigned long chtype, int mval) |
| 1203 | 1208 | { |
| 1204 | int i, ret = 0; | |
| 1209 | int ret = 0; | |
| 1205 | 1210 | char buf[1024]; |
| 1211 | ||
| 1212 | ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), | |
| 1213 | "DN value", "DN default"); | |
| 1214 | if ((ret == 0) || (ret == 1)) | |
| 1215 | return ret; | |
| 1216 | ret = 1; | |
| 1217 | ||
| 1218 | if (!X509_NAME_add_entry_by_NID(n, nid, chtype, | |
| 1219 | (unsigned char *)buf, -1, -1, mval)) | |
| 1220 | ret = 0; | |
| 1221 | ||
| 1222 | return ret; | |
| 1223 | } | |
| 1224 | ||
| 1225 | static int add_attribute_object(X509_REQ *req, char *text, const char *def, | |
| 1226 | char *value, int nid, int n_min, | |
| 1227 | int n_max, unsigned long chtype) | |
| 1228 | { | |
| 1229 | int ret = 0; | |
| 1230 | char buf[1024]; | |
| 1231 | ||
| 1232 | ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), | |
| 1233 | "Attribute value", "Attribute default"); | |
| 1234 | if ((ret == 0) || (ret == 1)) | |
| 1235 | return ret; | |
| 1236 | ret = 1; | |
| 1237 | ||
| 1238 | if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, | |
| 1239 | (unsigned char *)buf, -1)) { | |
| 1240 | BIO_printf(bio_err, "Error adding attribute\n"); | |
| 1241 | ERR_print_errors(bio_err); | |
| 1242 | ret = 0; | |
| 1243 | } | |
| 1244 | ||
| 1245 | return ret; | |
| 1246 | } | |
| 1247 | ||
| 1248 | ||
| 1249 | static int build_data(char *text, const char *def, | |
| 1250 | char *value, int n_min, int n_max, | |
| 1251 | char *buf, const int buf_size, | |
| 1252 | const char *desc1, const char *desc2 | |
| 1253 | ) | |
| 1254 | { | |
| 1255 | int i; | |
| 1206 | 1256 | start: |
| 1207 | 1257 | if (!batch) |
| 1208 | 1258 | BIO_printf(bio_err, "%s [%s]:", text, def); |
| 1209 | 1259 | (void)BIO_flush(bio_err); |
| 1210 | 1260 | if (value != NULL) { |
| 1211 | if (!join(buf, sizeof(buf), value, "\n", "DN value")) | |
| 1261 | if (!join(buf, buf_size, value, "\n", desc1)) | |
| 1212 | 1262 | return 0; |
| 1213 | 1263 | BIO_printf(bio_err, "%s\n", value); |
| 1214 | 1264 | } else { |
| 1215 | 1265 | buf[0] = '\0'; |
| 1216 | 1266 | if (!batch) { |
| 1217 | if (!fgets(buf, sizeof(buf), stdin)) | |
| 1267 | if (!fgets(buf, buf_size, stdin)) | |
| 1218 | 1268 | return 0; |
| 1219 | 1269 | } else { |
| 1220 | 1270 | buf[0] = '\n'; |
| 1227 | 1277 | if (buf[0] == '\n') { |
| 1228 | 1278 | if ((def == NULL) || (def[0] == '\0')) |
| 1229 | 1279 | return 1; |
| 1230 | if (!join(buf, sizeof(buf), def, "\n", "DN default")) | |
| 1280 | if (!join(buf, buf_size, def, "\n", desc2)) | |
| 1231 | 1281 | return 0; |
| 1232 | 1282 | } else if ((buf[0] == '.') && (buf[1] == '\n')) { |
| 1233 | 1283 | return 1; |
| 1247 | 1297 | return 0; |
| 1248 | 1298 | goto start; |
| 1249 | 1299 | } |
| 1250 | ||
| 1251 | if (!X509_NAME_add_entry_by_NID(n, nid, chtype, | |
| 1252 | (unsigned char *)buf, -1, -1, mval)) | |
| 1253 | goto err; | |
| 1254 | ret = 1; | |
| 1255 | err: | |
| 1256 | return ret; | |
| 1257 | } | |
| 1258 | ||
| 1259 | static int add_attribute_object(X509_REQ *req, char *text, const char *def, | |
| 1260 | char *value, int nid, int n_min, | |
| 1261 | int n_max, unsigned long chtype) | |
| 1262 | { | |
| 1263 | int i; | |
| 1264 | static char buf[1024]; | |
| 1265 | ||
| 1266 | start: | |
| 1267 | if (!batch) | |
| 1268 | BIO_printf(bio_err, "%s [%s]:", text, def); | |
| 1269 | (void)BIO_flush(bio_err); | |
| 1270 | if (value != NULL) { | |
| 1271 | if (!join(buf, sizeof(buf), value, "\n", "Attribute value")) | |
| 1272 | return 0; | |
| 1273 | BIO_printf(bio_err, "%s\n", value); | |
| 1274 | } else { | |
| 1275 | buf[0] = '\0'; | |
| 1276 | if (!batch) { | |
| 1277 | if (!fgets(buf, sizeof(buf), stdin)) | |
| 1278 | return 0; | |
| 1279 | } else { | |
| 1280 | buf[0] = '\n'; | |
| 1281 | buf[1] = '\0'; | |
| 1282 | } | |
| 1283 | } | |
| 1284 | ||
| 1285 | if (buf[0] == '\0') | |
| 1286 | return 0; | |
| 1287 | if (buf[0] == '\n') { | |
| 1288 | if ((def == NULL) || (def[0] == '\0')) | |
| 1289 | return 1; | |
| 1290 | if (!join(buf, sizeof(buf), def, "\n", "Attribute default")) | |
| 1291 | return 0; | |
| 1292 | } else if ((buf[0] == '.') && (buf[1] == '\n')) { | |
| 1293 | return 1; | |
| 1294 | } | |
| 1295 | ||
| 1296 | i = strlen(buf); | |
| 1297 | if (buf[i - 1] != '\n') { | |
| 1298 | BIO_printf(bio_err, "weird input :-(\n"); | |
| 1299 | return 0; | |
| 1300 | } | |
| 1301 | buf[--i] = '\0'; | |
| 1302 | #ifdef CHARSET_EBCDIC | |
| 1303 | ebcdic2ascii(buf, buf, i); | |
| 1304 | #endif | |
| 1305 | if (!req_check_len(i, n_min, n_max)) { | |
| 1306 | if (batch || value) | |
| 1307 | return 0; | |
| 1308 | goto start; | |
| 1309 | } | |
| 1310 | ||
| 1311 | if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, | |
| 1312 | (unsigned char *)buf, -1)) { | |
| 1313 | BIO_printf(bio_err, "Error adding attribute\n"); | |
| 1314 | ERR_print_errors(bio_err); | |
| 1315 | goto err; | |
| 1316 | } | |
| 1317 | ||
| 1318 | return 1; | |
| 1319 | err: | |
| 1320 | return 0; | |
| 1300 | return 2; | |
| 1321 | 1301 | } |
| 1322 | 1302 | |
| 1323 | 1303 | static int req_check_len(int len, int n_min, int n_max) |
| 21 | 21 | |
| 22 | 22 | typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); |
| 23 | 23 | int do_server(int *accept_sock, const char *host, const char *port, |
| 24 | int family, int type, int protocol, | |
| 25 | do_server_cb cb, | |
| 26 | unsigned char *context, int naccept); | |
| 24 | int family, int type, int protocol, do_server_cb cb, | |
| 25 | unsigned char *context, int naccept, BIO *bio_s_out); | |
| 27 | 26 | #ifdef HEADER_X509_H |
| 28 | 27 | int verify_callback(int ok, X509_STORE_CTX *ctx); |
| 29 | 28 | #endif |
| 636 | 636 | "Disable name checks when matching DANE-EE(3) TLSA records"}, |
| 637 | 637 | {"reconnect", OPT_RECONNECT, '-', |
| 638 | 638 | "Drop and re-make the connection with the same Session-ID"}, |
| 639 | {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"}, | |
| 639 | {"showcerts", OPT_SHOWCERTS, '-', | |
| 640 | "Show all certificates sent by the server"}, | |
| 640 | 641 | {"debug", OPT_DEBUG, '-', "Extra output"}, |
| 641 | 642 | {"msg", OPT_MSG, '-', "Show protocol messages"}, |
| 642 | 643 | {"msgfile", OPT_MSGFILE, '>', |
| 3050 | 3051 | do_ssl_shutdown(con); |
| 3051 | 3052 | |
| 3052 | 3053 | /* |
| 3053 | * Give the socket time to send its last data before we close it. | |
| 3054 | * No amount of setting SO_LINGER etc on the socket seems to persuade | |
| 3055 | * Windows to send the data before closing the socket...but sleeping | |
| 3056 | * for a short time seems to do it (units in ms) | |
| 3057 | * TODO: Find a better way to do this | |
| 3058 | */ | |
| 3059 | #if defined(OPENSSL_SYS_WINDOWS) | |
| 3060 | Sleep(50); | |
| 3061 | #elif defined(OPENSSL_SYS_CYGWIN) | |
| 3062 | usleep(50000); | |
| 3063 | #endif | |
| 3064 | ||
| 3065 | /* | |
| 3066 | 3054 | * If we ended with an alert being sent, but still with data in the |
| 3067 | 3055 | * network buffer to be read, then calling BIO_closesocket() will |
| 3068 | 3056 | * result in a TCP-RST being sent. On some platforms (notably |
| 3073 | 3061 | * TCP-RST. This seems to allow the peer to read the alert data. |
| 3074 | 3062 | */ |
| 3075 | 3063 | shutdown(SSL_get_fd(con), 1); /* SHUT_WR */ |
| 3064 | /* | |
| 3065 | * We just said we have nothing else to say, but it doesn't mean that | |
| 3066 | * the other side has nothing. It's even recommended to consume incoming | |
| 3067 | * data. [In testing context this ensures that alerts are passed on...] | |
| 3068 | */ | |
| 3069 | timeout.tv_sec = 0; | |
| 3070 | timeout.tv_usec = 500000; /* some extreme round-trip */ | |
| 3071 | do { | |
| 3072 | FD_ZERO(&readfds); | |
| 3073 | openssl_fdset(s, &readfds); | |
| 3074 | } while (select(s + 1, &readfds, NULL, NULL, &timeout) > 0 | |
| 3075 | && BIO_read(sbio, sbuf, BUFSIZZ) > 0); | |
| 3076 | ||
| 3076 | 3077 | BIO_closesocket(SSL_get_fd(con)); |
| 3077 | 3078 | end: |
| 3078 | 3079 | if (con != NULL) { |
| 2094 | 2094 | if (max_early_data >= 0) |
| 2095 | 2095 | SSL_CTX_set_max_early_data(ctx, max_early_data); |
| 2096 | 2096 | |
| 2097 | BIO_printf(bio_s_out, "ACCEPT\n"); | |
| 2098 | (void)BIO_flush(bio_s_out); | |
| 2099 | 2097 | if (rev) |
| 2100 | 2098 | server_cb = rev_body; |
| 2101 | 2099 | else if (www) |
| 2108 | 2106 | unlink(host); |
| 2109 | 2107 | #endif |
| 2110 | 2108 | do_server(&accept_socket, host, port, socket_family, socket_type, protocol, |
| 2111 | server_cb, context, naccept); | |
| 2109 | server_cb, context, naccept, bio_s_out); | |
| 2112 | 2110 | print_stats(bio_s_out, ctx); |
| 2113 | 2111 | ret = 0; |
| 2114 | 2112 | end: |
| 2190 | 2188 | SSL *con = NULL; |
| 2191 | 2189 | BIO *sbio; |
| 2192 | 2190 | struct timeval timeout; |
| 2193 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) | |
| 2194 | struct timeval tv; | |
| 2195 | #else | |
| 2191 | #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) | |
| 2196 | 2192 | struct timeval *timeoutp; |
| 2197 | 2193 | #endif |
| 2198 | 2194 | #ifndef OPENSSL_NO_DTLS |
| 2393 | 2389 | * second and check for any keypress. In a proper Windows |
| 2394 | 2390 | * application we wouldn't do this because it is inefficient. |
| 2395 | 2391 | */ |
| 2396 | tv.tv_sec = 1; | |
| 2397 | tv.tv_usec = 0; | |
| 2398 | i = select(width, (void *)&readfds, NULL, NULL, &tv); | |
| 2392 | timeout.tv_sec = 1; | |
| 2393 | timeout.tv_usec = 0; | |
| 2394 | i = select(width, (void *)&readfds, NULL, NULL, &timeout); | |
| 2399 | 2395 | if (has_stdin_waiting()) |
| 2400 | 2396 | read_from_terminal = 1; |
| 2401 | 2397 | if ((i < 0) || (!i && !read_from_terminal)) |
| 2672 | 2668 | } |
| 2673 | 2669 | BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); |
| 2674 | 2670 | OPENSSL_clear_free(buf, bufsize); |
| 2675 | if (ret >= 0) | |
| 2676 | BIO_printf(bio_s_out, "ACCEPT\n"); | |
| 2677 | (void)BIO_flush(bio_s_out); | |
| 2678 | 2671 | return ret; |
| 2679 | 2672 | } |
| 2680 | 2673 | |
| 3283 | 3276 | SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); |
| 3284 | 3277 | |
| 3285 | 3278 | err: |
| 3286 | if (ret >= 0) | |
| 3287 | BIO_printf(bio_s_out, "ACCEPT\n"); | |
| 3288 | 3279 | OPENSSL_free(buf); |
| 3289 | 3280 | BIO_free_all(io); |
| 3290 | 3281 | return ret; |
| 145 | 145 | } |
| 146 | 146 | #endif |
| 147 | 147 | |
| 148 | if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), 0)) { | |
| 148 | if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), BIO_SOCK_NODELAY)) { | |
| 149 | 149 | BIO_closesocket(*sock); |
| 150 | 150 | *sock = INVALID_SOCKET; |
| 151 | 151 | continue; |
| 203 | 203 | */ |
| 204 | 204 | int do_server(int *accept_sock, const char *host, const char *port, |
| 205 | 205 | int family, int type, int protocol, do_server_cb cb, |
| 206 | unsigned char *context, int naccept) | |
| 206 | unsigned char *context, int naccept, BIO *bio_s_out) | |
| 207 | 207 | { |
| 208 | 208 | int asock = 0; |
| 209 | 209 | int sock; |
| 210 | 210 | int i; |
| 211 | 211 | BIO_ADDRINFO *res = NULL; |
| 212 | 212 | const BIO_ADDRINFO *next; |
| 213 | int sock_family, sock_type, sock_protocol; | |
| 213 | int sock_family, sock_type, sock_protocol, sock_port; | |
| 214 | 214 | const BIO_ADDR *sock_address; |
| 215 | 215 | int sock_options = BIO_SOCK_REUSEADDR; |
| 216 | 216 | int ret = 0; |
| 279 | 279 | } |
| 280 | 280 | #endif |
| 281 | 281 | |
| 282 | sock_port = BIO_ADDR_rawport(sock_address); | |
| 283 | ||
| 282 | 284 | BIO_ADDRINFO_free(res); |
| 283 | 285 | res = NULL; |
| 286 | ||
| 287 | if (sock_port == 0) { | |
| 288 | /* dynamically allocated port, report which one */ | |
| 289 | union BIO_sock_info_u info; | |
| 290 | char *hostname = NULL; | |
| 291 | char *service = NULL; | |
| 292 | int success = 0; | |
| 293 | ||
| 294 | if ((info.addr = BIO_ADDR_new()) != NULL | |
| 295 | && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) | |
| 296 | && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL | |
| 297 | && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL | |
| 298 | && BIO_printf(bio_s_out, | |
| 299 | strchr(hostname, ':') == NULL | |
| 300 | ? /* IPv4 */ "ACCEPT %s:%s\n" | |
| 301 | : /* IPv6 */ "ACCEPT [%s]:%s\n", | |
| 302 | hostname, service) > 0) | |
| 303 | success = 1; | |
| 304 | ||
| 305 | (void)BIO_flush(bio_s_out); | |
| 306 | OPENSSL_free(hostname); | |
| 307 | OPENSSL_free(service); | |
| 308 | BIO_ADDR_free(info.addr); | |
| 309 | if (!success) { | |
| 310 | BIO_closesocket(asock); | |
| 311 | ERR_print_errors(bio_err); | |
| 312 | goto end; | |
| 313 | } | |
| 314 | } else { | |
| 315 | (void)BIO_printf(bio_s_out, "ACCEPT\n"); | |
| 316 | (void)BIO_flush(bio_s_out); | |
| 317 | } | |
| 284 | 318 | |
| 285 | 319 | if (accept_sock != NULL) |
| 286 | 320 | *accept_sock = asock; |
| 301 | 335 | BIO_closesocket(asock); |
| 302 | 336 | break; |
| 303 | 337 | } |
| 338 | BIO_set_tcp_ndelay(sock, 1); | |
| 304 | 339 | i = (*cb)(sock, type, protocol, context); |
| 305 | ||
| 306 | /* | |
| 307 | * Give the socket time to send its last data before we close it. | |
| 308 | * No amount of setting SO_LINGER etc on the socket seems to | |
| 309 | * persuade Windows to send the data before closing the socket... | |
| 310 | * but sleeping for a short time seems to do it (units in ms) | |
| 311 | * TODO: Find a better way to do this | |
| 312 | */ | |
| 313 | #if defined(OPENSSL_SYS_WINDOWS) | |
| 314 | Sleep(50); | |
| 315 | #elif defined(OPENSSL_SYS_CYGWIN) | |
| 316 | usleep(50000); | |
| 317 | #endif | |
| 318 | 340 | |
| 319 | 341 | /* |
| 320 | 342 | * If we ended with an alert being sent, but still with data in the |
| 97 | 97 | case OPT_KEYFORM: |
| 98 | 98 | if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) |
| 99 | 99 | goto opthelp; |
| 100 | break; | |
| 100 | break; | |
| 101 | 101 | case OPT_CHALLENGE: |
| 102 | 102 | challenge = opt_arg(); |
| 103 | 103 | break; |
| 42 | 42 | - cd _build |
| 43 | 43 | - ps: >- |
| 44 | 44 | If ($env:Configuration -Match "shared" -or $env:EXTENDED_TESTS) { |
| 45 | cmd /c "nmake 2>&1" | |
| 45 | cmd /c "nmake build_all_generated 2>&1" | |
| 46 | cmd /c "nmake PERL=no-perl 2>&1" | |
| 46 | 47 | } |
| 47 | 48 | - cd .. |
| 48 | 49 |
| 759 | 759 | OUT="hpux-ia64-cc" |
| 760 | 760 | fi |
| 761 | 761 | elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU |
| 762 | OUT=${OUT:-"hpux-parisc2-${CC}"} | |
| 762 | # PA-RISC 2.0 is no longer supported as separate 32-bit | |
| 763 | # target. This is compensated for by run-time detection | |
| 764 | # in most critical assembly modules and taking advantage | |
| 765 | # of 2.0 architecture in PA-RISC 1.1 build. | |
| 766 | OUT=${OUT:-"hpux-parisc1_1-${CC}"} | |
| 763 | 767 | if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then |
| 764 | 768 | echo "WARNING! If you wish to build 64-bit library then you have to" |
| 765 | 769 | echo " invoke '$THERE/Configure hpux64-parisc2-cc' *manually*." |
| 768 | 772 | (trap "stty `stty -g`; exit 0" 2 0; stty -icanon min 0 time 50; read waste) <&1 |
| 769 | 773 | fi |
| 770 | 774 | fi |
| 771 | # PA-RISC 2.0 is no longer supported as separate 32-bit | |
| 772 | # target. This is compensated for by run-time detection | |
| 773 | # in most critical assembly modules and taking advantage | |
| 774 | # of 2.0 architecture in PA-RISC 1.1 build. | |
| 775 | OUT="hpux-parisc1_1-${CC}" | |
| 776 | 775 | elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU |
| 777 | 776 | OUT="hpux-parisc1_1-${CC}" |
| 778 | 777 | elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU |
| 29 | 29 | b64l => "0", |
| 30 | 30 | bn_ll => "0", |
| 31 | 31 | build_file => "Makefile", |
| 32 | build_file_templates => [ "Configurations/unix-Makefile.tmpl", "Configurations/common.tmpl" ], | |
| 32 | build_file_templates => [ "Configurations/common0.tmpl", "Configurations/unix-Makefile.tmpl", "Configurations/common.tmpl" ], | |
| 33 | 33 | build_infos => [ "./build.info", "crypto/build.info", "ssl/build.info", "engines/build.info", "apps/build.info", "test/build.info", "util/build.info", "tools/build.info", "fuzz/build.info", "crypto/objects/build.info", "crypto/md4/build.info", "crypto/md5/build.info", "crypto/sha/build.info", "crypto/mdc2/build.info", "crypto/hmac/build.info", "crypto/ripemd/build.info", "crypto/whrlpool/build.info", "crypto/poly1305/build.info", "crypto/blake2/build.info", "crypto/siphash/build.info", "crypto/sm3/build.info", "crypto/des/build.info", "crypto/aes/build.info", "crypto/rc2/build.info", "crypto/rc4/build.info", "crypto/idea/build.info", "crypto/aria/build.info", "crypto/bf/build.info", "crypto/cast/build.info", "crypto/camellia/build.info", "crypto/seed/build.info", "crypto/sm4/build.info", "crypto/chacha/build.info", "crypto/modes/build.info", "crypto/bn/build.info", "crypto/ec/build.info", "crypto/rsa/build.info", "crypto/dsa/build.info", "crypto/dh/build.info", "crypto/sm2/build.info", "crypto/dso/build.info", "crypto/engine/build.info", "crypto/buffer/build.info", "crypto/bio/build.info", "crypto/stack/build.info", "crypto/lhash/build.info", "crypto/rand/build.info", "crypto/err/build.info", "crypto/evp/build.info", "crypto/asn1/build.info", "crypto/pem/build.info", "crypto/x509/build.info", "crypto/x509v3/build.info", "crypto/conf/build.info", "crypto/txt_db/build.info", "crypto/pkcs7/build.info", "crypto/pkcs12/build.info", "crypto/comp/build.info", "crypto/ocsp/build.info", "crypto/ui/build.info", "crypto/cms/build.info", "crypto/ts/build.info", "crypto/srp/build.info", "crypto/cmac/build.info", "crypto/ct/build.info", "crypto/async/build.info", "crypto/kdf/build.info", "crypto/store/build.info", "test/ossl_shim/build.info" ], |
| 34 | 34 | build_type => "release", |
| 35 | 35 | builddir => ".", |
| 36 | 36 | cflags => [ ], |
| 37 | conf_files => [ "Configurations/00-base-templates.conf", "Configurations/90-team.conf", "Configurations/shared-info.pl" ], | |
| 37 | conf_files => [ "Configurations/00-base-templates.conf", "Configurations/dist.conf", "Configurations/shared-info.pl" ], | |
| 38 | 38 | cppflags => [ ], |
| 39 | 39 | cxxflags => [ ], |
| 40 | 40 | defines => [ "NDEBUG" ], |
| 108 | 108 | sourcedir => ".", |
| 109 | 109 | target => "dist", |
| 110 | 110 | tdirs => [ "ossl_shim" ], |
| 111 | version => "1.1.1-pre4", | |
| 112 | version_num => "0x10101004L", | |
| 111 | version => "1.1.1-pre6", | |
| 112 | version_num => "0x10101006L", | |
| 113 | 113 | ); |
| 114 | 114 | |
| 115 | 115 | our %target = ( |
| 120 | 120 | HASHBANGPERL => "/usr/bin/env perl", |
| 121 | 121 | RANLIB => "ranlib", |
| 122 | 122 | RC => "windres", |
| 123 | _conf_fname_int => [ "Configurations/00-base-templates.conf", "Configurations/00-base-templates.conf", "Configurations/90-team.conf", "Configurations/shared-info.pl" ], | |
| 123 | _conf_fname_int => [ "Configurations/00-base-templates.conf", "Configurations/00-base-templates.conf", "Configurations/dist.conf", "Configurations/shared-info.pl" ], | |
| 124 | 124 | aes_asm_src => "aes_core.c aes_cbc.c", |
| 125 | 125 | aes_obj => "aes_core.o aes_cbc.o", |
| 126 | 126 | apps_aux_src => "", |
| 152 | 152 | enable => [ ], |
| 153 | 153 | exe_extension => "", |
| 154 | 154 | includes => [ ], |
| 155 | keccak1600_asm_src => "keccak1600.c", | |
| 156 | keccak1600_obj => "keccak1600.o", | |
| 155 | 157 | lflags => "", |
| 156 | 158 | lib_cflags => "", |
| 157 | 159 | lib_cppflags => "", |
| 210 | 212 | "async", |
| 211 | 213 | "autoalginit", |
| 212 | 214 | "autoerrinit", |
| 215 | "autoload-config", | |
| 213 | 216 | "bf", |
| 214 | 217 | "blake2", |
| 215 | 218 | "camellia", |
| 2229 | 2232 | "crypto/s390xcpuid.pl", |
| 2230 | 2233 | "\$(PERLASM_SCHEME)", |
| 2231 | 2234 | ], |
| 2235 | "crypto/sha/keccak1600-armv4.S" => | |
| 2236 | [ | |
| 2237 | "crypto/sha/asm/keccak1600-armv4.pl", | |
| 2238 | "\$(PERLASM_SCHEME)", | |
| 2239 | ], | |
| 2240 | "crypto/sha/keccak1600-armv8.S" => | |
| 2241 | [ | |
| 2242 | "crypto/sha/asm/keccak1600-armv8.pl", | |
| 2243 | "\$(PERLASM_SCHEME)", | |
| 2244 | ], | |
| 2245 | "crypto/sha/keccak1600-ppc64.s" => | |
| 2246 | [ | |
| 2247 | "crypto/sha/asm/keccak1600-ppc64.pl", | |
| 2248 | "\$(PERLASM_SCHEME)", | |
| 2249 | ], | |
| 2250 | "crypto/sha/keccak1600-s390x.S" => | |
| 2251 | [ | |
| 2252 | "crypto/sha/asm/keccak1600-s390x.pl", | |
| 2253 | "\$(PERLASM_SCHEME)", | |
| 2254 | ], | |
| 2255 | "crypto/sha/keccak1600-x86_64.s" => | |
| 2256 | [ | |
| 2257 | "crypto/sha/asm/keccak1600-x86_64.pl", | |
| 2258 | "\$(PERLASM_SCHEME)", | |
| 2259 | ], | |
| 2232 | 2260 | "crypto/sha/sha1-586.s" => |
| 2233 | 2261 | [ |
| 2234 | 2262 | "crypto/sha/asm/sha1-586.pl", |
| 4340 | 4368 | "crypto/include", |
| 4341 | 4369 | "include", |
| 4342 | 4370 | ], |
| 4371 | "crypto/conf/conf_ssl.o" => | |
| 4372 | [ | |
| 4373 | ".", | |
| 4374 | "crypto/include", | |
| 4375 | "include", | |
| 4376 | ], | |
| 4343 | 4377 | "crypto/cpt_err.o" => |
| 4344 | 4378 | [ |
| 4345 | 4379 | ".", |
| 6421 | 6455 | ".", |
| 6422 | 6456 | "crypto/include", |
| 6423 | 6457 | "include", |
| 6458 | ], | |
| 6459 | "crypto/sha/keccak1600-armv4.o" => | |
| 6460 | [ | |
| 6461 | "crypto", | |
| 6424 | 6462 | ], |
| 6425 | 6463 | "crypto/sha/keccak1600.o" => |
| 6426 | 6464 | [ |
| 10115 | 10153 | [ |
| 10116 | 10154 | "crypto/conf/conf_sap.c", |
| 10117 | 10155 | ], |
| 10156 | "crypto/conf/conf_ssl.o" => | |
| 10157 | [ | |
| 10158 | "crypto/conf/conf_ssl.c", | |
| 10159 | ], | |
| 10118 | 10160 | "crypto/cpt_err.o" => |
| 10119 | 10161 | [ |
| 10120 | 10162 | "crypto/cpt_err.c", |
| 12216 | 12258 | "crypto/conf/conf_mall.o", |
| 12217 | 12259 | "crypto/conf/conf_mod.o", |
| 12218 | 12260 | "crypto/conf/conf_sap.o", |
| 12261 | "crypto/conf/conf_ssl.o", | |
| 12219 | 12262 | "crypto/cpt_err.o", |
| 12220 | 12263 | "crypto/cryptlib.o", |
| 12221 | 12264 | "crypto/ct/ct_b64.o", |
| 68 | 68 | # endif |
| 69 | 69 | # endif |
| 70 | 70 | |
| 71 | # if !__ASSEMBLER__ | |
| 71 | # ifndef __ASSEMBLER__ | |
| 72 | 72 | extern unsigned int OPENSSL_armcap_P; |
| 73 | 73 | # endif |
| 74 | 74 |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 124 | 124 | |
| 125 | 125 | ldmia sp!,{r4,r5} |
| 126 | 126 | .Lno_data: |
| 127 | neg r0,ip | |
| 127 | rsb r0,ip,#0 | |
| 128 | 128 | mov r0,r0,lsr#31 |
| 129 | 129 | #if __ARM_ARCH__>=5 |
| 130 | 130 | bx lr |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 179 | 179 | return BIO_write(bp, "NULL", 4); |
| 180 | 180 | i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); |
| 181 | 181 | if (i > (int)(sizeof(buf) - 1)) { |
| 182 | p = OPENSSL_malloc(i + 1); | |
| 183 | if (p == NULL) | |
| 182 | if ((p = OPENSSL_malloc(i + 1)) == NULL) { | |
| 183 | ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); | |
| 184 | 184 | return -1; |
| 185 | } | |
| 185 | 186 | i2t_ASN1_OBJECT(p, i + 1, a); |
| 186 | 187 | } |
| 187 | 188 | if (i <= 0) { |
| 0 | 0 | /* |
| 1 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 258 | 258 | t.type = str->type; |
| 259 | 259 | t.value.ptr = (char *)str; |
| 260 | 260 | der_len = i2d_ASN1_TYPE(&t, NULL); |
| 261 | der_buf = OPENSSL_malloc(der_len); | |
| 262 | if (der_buf == NULL) | |
| 263 | return -1; | |
| 261 | if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { | |
| 262 | ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); | |
| 263 | return -1; | |
| 264 | } | |
| 264 | 265 | p = der_buf; |
| 265 | 266 | i2d_ASN1_TYPE(&t, &p); |
| 266 | 267 | outlen = do_hex_dump(io_ch, arg, der_buf, der_len); |
| 279 | 280 | static const signed char tag2nbyte[] = { |
| 280 | 281 | -1, -1, -1, -1, -1, /* 0-4 */ |
| 281 | 282 | -1, -1, -1, -1, -1, /* 5-9 */ |
| 282 | -1, -1, 0, -1, /* 10-13 */ | |
| 283 | -1, -1, -1, -1, /* 15-17 */ | |
| 284 | 1, 1, 1, /* 18-20 */ | |
| 285 | -1, 1, 1, 1, /* 21-24 */ | |
| 286 | -1, 1, -1, /* 25-27 */ | |
| 287 | 4, -1, 2 /* 28-30 */ | |
| 283 | -1, -1, /* 10-11 */ | |
| 284 | 0, /* 12 V_ASN1_UTF8STRING */ | |
| 285 | -1, -1, -1, -1, -1, /* 13-17 */ | |
| 286 | 1, /* 18 V_ASN1_NUMERICSTRING */ | |
| 287 | 1, /* 19 V_ASN1_PRINTABLESTRING */ | |
| 288 | 1, /* 20 V_ASN1_T61STRING */ | |
| 289 | -1, /* 21 */ | |
| 290 | 1, /* 22 V_ASN1_IA5STRING */ | |
| 291 | 1, /* 23 V_ASN1_UTCTIME */ | |
| 292 | 1, /* 24 V_ASN1_GENERALIZEDTIME */ | |
| 293 | -1, /* 25 */ | |
| 294 | 1, /* 26 V_ASN1_ISO64STRING */ | |
| 295 | -1, /* 27 */ | |
| 296 | 4, /* 28 V_ASN1_UNIVERSALSTRING */ | |
| 297 | -1, /* 29 */ | |
| 298 | 2 /* 30 V_ASN1_BMPSTRING */ | |
| 288 | 299 | }; |
| 289 | 300 | |
| 290 | 301 | /* |
| 0 | 0 | /* |
| 1 | * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 155 | 155 | tmp = ASN1_STRING_TABLE_get(nid); |
| 156 | 156 | if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) |
| 157 | 157 | return tmp; |
| 158 | rv = OPENSSL_zalloc(sizeof(*rv)); | |
| 159 | if (rv == NULL) | |
| 158 | if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { | |
| 159 | ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE); | |
| 160 | 160 | return NULL; |
| 161 | } | |
| 161 | 162 | if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { |
| 162 | 163 | OPENSSL_free(rv); |
| 163 | 164 | return NULL; |
| 17 | 17 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"}, |
| 18 | 18 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"}, |
| 19 | 19 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"}, |
| 20 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"}, | |
| 20 | 21 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0), |
| 21 | 22 | "ASN1_BIT_STRING_set_bit"}, |
| 22 | 23 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"}, |
| 30 | 31 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"}, |
| 31 | 32 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"}, |
| 32 | 33 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"}, |
| 34 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"}, | |
| 33 | 35 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"}, |
| 34 | 36 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"}, |
| 35 | 37 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0), |
| 46 | 48 | "asn1_item_embed_d2i"}, |
| 47 | 49 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), |
| 48 | 50 | "asn1_item_embed_new"}, |
| 51 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), | |
| 52 | "asn1_item_flags_i2d"}, | |
| 49 | 53 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, |
| 50 | 54 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"}, |
| 51 | 55 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"}, |
| 59 | 63 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"}, |
| 60 | 64 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"}, |
| 61 | 65 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"}, |
| 66 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0), | |
| 67 | "asn1_primitive_new"}, | |
| 62 | 68 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"}, |
| 63 | 69 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"}, |
| 64 | 70 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"}, |
| 102 | 108 | "d2i_AutoPrivateKey"}, |
| 103 | 109 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"}, |
| 104 | 110 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"}, |
| 111 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"}, | |
| 112 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"}, | |
| 105 | 113 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"}, |
| 114 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"}, | |
| 106 | 115 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0), |
| 107 | 116 | "i2d_ASN1_bio_stream"}, |
| 108 | 117 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"}, |
| 111 | 120 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"}, |
| 112 | 121 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"}, |
| 113 | 122 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"}, |
| 123 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"}, | |
| 124 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"}, | |
| 114 | 125 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"}, |
| 115 | 126 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"}, |
| 116 | 127 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"}, |
| 123 | 134 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"}, |
| 124 | 135 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"}, |
| 125 | 136 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"}, |
| 137 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"}, | |
| 126 | 138 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"}, |
| 127 | 139 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"}, |
| 140 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"}, | |
| 128 | 141 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"}, |
| 142 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"}, | |
| 129 | 143 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0), |
| 130 | 144 | "X509_CRL_add0_revoked"}, |
| 131 | 145 | {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"}, |
| 952 | 952 | |
| 953 | 953 | for (p = linebuf + len - 1; len > 0; len--, p--) { |
| 954 | 954 | c = *p; |
| 955 | if (c == '\n') | |
| 955 | if (c == '\n') { | |
| 956 | 956 | is_eol = 1; |
| 957 | else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) | |
| 957 | } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) { | |
| 958 | /* Strip trailing space on a line; 32 == ASCII for ' ' */ | |
| 958 | 959 | continue; |
| 959 | else if (c != '\r') | |
| 960 | } else if (c != '\r') { | |
| 960 | 961 | break; |
| 962 | } | |
| 961 | 963 | } |
| 962 | 964 | *plen = len; |
| 963 | 965 | return is_eol; |
| 0 | 0 | /* |
| 1 | * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 91 | 91 | p--; |
| 92 | 92 | } |
| 93 | 93 | p++; |
| 94 | lntmp = OPENSSL_malloc((p - ln) + 1); | |
| 95 | if (lntmp == NULL) | |
| 94 | if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) { | |
| 95 | ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE); | |
| 96 | 96 | return 0; |
| 97 | } | |
| 97 | 98 | memcpy(lntmp, ln, p - ln); |
| 98 | 99 | lntmp[p - ln] = 0; |
| 99 | 100 | oid = OBJ_nid2obj(nid); |
| 0 | 0 | /* |
| 1 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 115 | 115 | |
| 116 | 116 | static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) |
| 117 | 117 | { |
| 118 | ctx->buf = OPENSSL_malloc(size); | |
| 119 | if (ctx->buf == NULL) | |
| 120 | return 0; | |
| 118 | if ((ctx->buf = OPENSSL_malloc(size)) == NULL) { | |
| 119 | ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE); | |
| 120 | return 0; | |
| 121 | } | |
| 121 | 122 | ctx->bufsize = size; |
| 122 | 123 | ctx->asn1_class = V_ASN1_UNIVERSAL; |
| 123 | 124 | ctx->asn1_tag = V_ASN1_OCTET_STRING; |
| 0 | 0 | /* |
| 1 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 112 | 112 | ndef_aux = *(NDEF_SUPPORT **)parg; |
| 113 | 113 | |
| 114 | 114 | derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); |
| 115 | p = OPENSSL_malloc(derlen); | |
| 116 | if (p == NULL) | |
| 117 | return 0; | |
| 115 | if ((p = OPENSSL_malloc(derlen)) == NULL) { | |
| 116 | ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); | |
| 117 | return 0; | |
| 118 | } | |
| 118 | 119 | |
| 119 | 120 | ndef_aux->derbuf = p; |
| 120 | 121 | *pbuf = p; |
| 181 | 182 | return 0; |
| 182 | 183 | |
| 183 | 184 | derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); |
| 184 | p = OPENSSL_malloc(derlen); | |
| 185 | if (p == NULL) | |
| 186 | return 0; | |
| 185 | if ((p = OPENSSL_malloc(derlen)) == NULL) { | |
| 186 | ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE); | |
| 187 | return 0; | |
| 188 | } | |
| 187 | 189 | |
| 188 | 190 | ndef_aux->derbuf = p; |
| 189 | 191 | *pbuf = p; |
| 0 | 0 | /* |
| 1 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 81 | 81 | if (EVP_CIPHER_iv_length(cipher)) { |
| 82 | 82 | if (aiv) |
| 83 | 83 | memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); |
| 84 | else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) | |
| 84 | else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) | |
| 85 | 85 | goto err; |
| 86 | 86 | } |
| 87 | 87 | |
| 56 | 56 | if (out && !*out) { |
| 57 | 57 | unsigned char *p, *buf; |
| 58 | 58 | int len; |
| 59 | ||
| 59 | 60 | len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); |
| 60 | 61 | if (len <= 0) |
| 61 | 62 | return len; |
| 62 | buf = OPENSSL_malloc(len); | |
| 63 | if (buf == NULL) | |
| 63 | if ((buf = OPENSSL_malloc(len)) == NULL) { | |
| 64 | ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE); | |
| 64 | 65 | return -1; |
| 66 | } | |
| 65 | 67 | p = buf; |
| 66 | 68 | ASN1_item_ex_i2d(&val, &p, it, -1, flags); |
| 67 | 69 | *out = buf; |
| 0 | 0 | /* |
| 1 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 298 | 298 | return 1; |
| 299 | 299 | |
| 300 | 300 | case V_ASN1_ANY: |
| 301 | typ = OPENSSL_malloc(sizeof(*typ)); | |
| 302 | if (typ == NULL) | |
| 301 | if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) { | |
| 302 | ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE); | |
| 303 | 303 | return 0; |
| 304 | } | |
| 304 | 305 | typ->value.ptr = NULL; |
| 305 | 306 | typ->type = -1; |
| 306 | 307 | *pval = (ASN1_VALUE *)typ; |
| 0 | 0 | /* |
| 1 | * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 132 | 132 | return 1; |
| 133 | 133 | |
| 134 | 134 | OPENSSL_free(enc->enc); |
| 135 | enc->enc = OPENSSL_malloc(inlen); | |
| 136 | if (enc->enc == NULL) | |
| 137 | return 0; | |
| 135 | if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) { | |
| 136 | ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE); | |
| 137 | return 0; | |
| 138 | } | |
| 138 | 139 | memcpy(enc->enc, in, inlen); |
| 139 | 140 | enc->len = inlen; |
| 140 | 141 | enc->modified = 0; |
| 0 | 0 | /* |
| 1 | * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 27 | 27 | |
| 28 | 28 | static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 29 | 29 | { |
| 30 | *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t)); | |
| 31 | if (*pval == NULL) | |
| 32 | return 0; | |
| 30 | if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) { | |
| 31 | ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE); | |
| 32 | return 0; | |
| 33 | } | |
| 33 | 34 | return 1; |
| 34 | 35 | } |
| 35 | 36 | |
| 109 | 110 | |
| 110 | 111 | static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 111 | 112 | { |
| 112 | *pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t)); | |
| 113 | if (*pval == NULL) | |
| 114 | return 0; | |
| 113 | if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) { | |
| 114 | ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE); | |
| 115 | return 0; | |
| 116 | } | |
| 115 | 117 | return 1; |
| 116 | 118 | } |
| 117 | 119 | |
| 0 | 0 | /* |
| 1 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 29 | 29 | static CRYPTO_THREAD_LOCAL ctxkey; |
| 30 | 30 | static CRYPTO_THREAD_LOCAL poolkey; |
| 31 | 31 | |
| 32 | static void async_free_pool_internal(async_pool *pool); | |
| 33 | ||
| 34 | 32 | static async_ctx *async_ctx_new(void) |
| 35 | 33 | { |
| 36 | async_ctx *nctx = NULL; | |
| 34 | async_ctx *nctx; | |
| 35 | ||
| 36 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) | |
| 37 | return NULL; | |
| 37 | 38 | |
| 38 | 39 | nctx = OPENSSL_malloc(sizeof(*nctx)); |
| 39 | 40 | if (nctx == NULL) { |
| 56 | 57 | |
| 57 | 58 | async_ctx *async_get_ctx(void) |
| 58 | 59 | { |
| 59 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 60 | return NULL; | |
| 61 | ||
| 62 | 60 | return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); |
| 63 | 61 | } |
| 64 | 62 | |
| 168 | 166 | int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, |
| 169 | 167 | int (*func)(void *), void *args, size_t size) |
| 170 | 168 | { |
| 171 | async_ctx *ctx = async_get_ctx(); | |
| 169 | async_ctx *ctx; | |
| 170 | ||
| 171 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 172 | return ASYNC_ERR; | |
| 173 | ||
| 174 | ctx = async_get_ctx(); | |
| 172 | 175 | if (ctx == NULL) |
| 173 | 176 | ctx = async_ctx_new(); |
| 174 | if (ctx == NULL) { | |
| 177 | if (ctx == NULL) | |
| 175 | 178 | return ASYNC_ERR; |
| 176 | } | |
| 177 | ||
| 178 | if (*job) { | |
| 179 | ||
| 180 | if (*job) | |
| 179 | 181 | ctx->currjob = *job; |
| 180 | } | |
| 181 | 182 | |
| 182 | 183 | for (;;) { |
| 183 | 184 | if (ctx->currjob != NULL) { |
| 218 | 219 | } |
| 219 | 220 | |
| 220 | 221 | /* Start a new job */ |
| 221 | if ((ctx->currjob = async_get_pool_job()) == NULL) { | |
| 222 | if ((ctx->currjob = async_get_pool_job()) == NULL) | |
| 222 | 223 | return ASYNC_NO_JOBS; |
| 223 | } | |
| 224 | 224 | |
| 225 | 225 | if (args != NULL) { |
| 226 | 226 | ctx->currjob->funcargs = OPENSSL_malloc(size); |
| 322 | 322 | return 0; |
| 323 | 323 | } |
| 324 | 324 | |
| 325 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { | |
| 326 | return 0; | |
| 327 | } | |
| 328 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { | |
| 329 | return 0; | |
| 330 | } | |
| 325 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 326 | return 0; | |
| 327 | ||
| 328 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) | |
| 329 | return 0; | |
| 331 | 330 | |
| 332 | 331 | pool = OPENSSL_zalloc(sizeof(*pool)); |
| 333 | 332 | if (pool == NULL) { |
| 368 | 367 | |
| 369 | 368 | return 1; |
| 370 | 369 | err: |
| 371 | async_free_pool_internal(pool); | |
| 372 | return 0; | |
| 373 | } | |
| 374 | ||
| 375 | static void async_free_pool_internal(async_pool *pool) | |
| 376 | { | |
| 377 | if (pool == NULL) | |
| 378 | return; | |
| 379 | ||
| 380 | 370 | async_empty_pool(pool); |
| 381 | 371 | sk_ASYNC_JOB_free(pool->jobs); |
| 382 | 372 | OPENSSL_free(pool); |
| 383 | CRYPTO_THREAD_set_local(&poolkey, NULL); | |
| 373 | return 0; | |
| 374 | } | |
| 375 | ||
| 376 | void async_delete_thread_state(void) | |
| 377 | { | |
| 378 | async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); | |
| 379 | ||
| 380 | if (pool != NULL) { | |
| 381 | async_empty_pool(pool); | |
| 382 | sk_ASYNC_JOB_free(pool->jobs); | |
| 383 | OPENSSL_free(pool); | |
| 384 | CRYPTO_THREAD_set_local(&poolkey, NULL); | |
| 385 | } | |
| 384 | 386 | async_local_cleanup(); |
| 385 | 387 | async_ctx_free(); |
| 386 | 388 | } |
| 387 | 389 | |
| 388 | 390 | void ASYNC_cleanup_thread(void) |
| 389 | 391 | { |
| 390 | async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); | |
| 392 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 393 | return; | |
| 394 | ||
| 395 | async_delete_thread_state(); | |
| 391 | 396 | } |
| 392 | 397 | |
| 393 | 398 | ASYNC_JOB *ASYNC_get_current_job(void) |
| 394 | 399 | { |
| 395 | 400 | async_ctx *ctx; |
| 401 | ||
| 402 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 403 | return NULL; | |
| 396 | 404 | |
| 397 | 405 | ctx = async_get_ctx(); |
| 398 | 406 | if (ctx == NULL) |
| 408 | 416 | |
| 409 | 417 | void ASYNC_block_pause(void) |
| 410 | 418 | { |
| 411 | async_ctx *ctx = async_get_ctx(); | |
| 419 | async_ctx *ctx; | |
| 420 | ||
| 421 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 422 | return; | |
| 423 | ||
| 424 | ctx = async_get_ctx(); | |
| 412 | 425 | if (ctx == NULL || ctx->currjob == NULL) { |
| 413 | 426 | /* |
| 414 | 427 | * We're not in a job anyway so ignore this |
| 420 | 433 | |
| 421 | 434 | void ASYNC_unblock_pause(void) |
| 422 | 435 | { |
| 423 | async_ctx *ctx = async_get_ctx(); | |
| 436 | async_ctx *ctx; | |
| 437 | ||
| 438 | if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) | |
| 439 | return; | |
| 440 | ||
| 441 | ctx = async_get_ctx(); | |
| 424 | 442 | if (ctx == NULL || ctx->currjob == NULL) { |
| 425 | 443 | /* |
| 426 | 444 | * We're not in a job anyway so ignore this |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 20 | 20 | {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"}, |
| 21 | 21 | {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"}, |
| 22 | 22 | {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"}, |
| 23 | {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0), | |
| 24 | "ASYNC_WAIT_CTX_set_wait_fd"}, | |
| 23 | 25 | {0, NULL} |
| 24 | 26 | }; |
| 25 | 27 | |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 46 | 46 | { |
| 47 | 47 | struct fd_lookup_st *fdlookup; |
| 48 | 48 | |
| 49 | fdlookup = OPENSSL_zalloc(sizeof(*fdlookup)); | |
| 50 | if (fdlookup == NULL) | |
| 49 | if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) { | |
| 50 | ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE); | |
| 51 | 51 | return 0; |
| 52 | } | |
| 52 | 53 | |
| 53 | 54 | fdlookup->key = key; |
| 54 | 55 | fdlookup->fd = fd; |
| 65 | 65 | int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) |
| 66 | 66 | { |
| 67 | 67 | if (sa->sa_family == AF_INET) { |
| 68 | ap->s_in = *(const struct sockaddr_in *)sa; | |
| 68 | memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in)); | |
| 69 | 69 | return 1; |
| 70 | 70 | } |
| 71 | 71 | #ifdef AF_INET6 |
| 72 | 72 | if (sa->sa_family == AF_INET6) { |
| 73 | ap->s_in6 = *(const struct sockaddr_in6 *)sa; | |
| 73 | memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6)); | |
| 74 | 74 | return 1; |
| 75 | 75 | } |
| 76 | 76 | #endif |
| 77 | 77 | #ifdef AF_UNIX |
| 78 | 78 | if (sa->sa_family == AF_UNIX) { |
| 79 | ap->s_un = *(const struct sockaddr_un *)sa; | |
| 79 | memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un)); | |
| 80 | 80 | return 1; |
| 81 | 81 | } |
| 82 | 82 | #endif |
| 564 | 564 | unsigned short port, |
| 565 | 565 | BIO_ADDRINFO **bai) |
| 566 | 566 | { |
| 567 | *bai = OPENSSL_zalloc(sizeof(**bai)); | |
| 568 | if (*bai == NULL) | |
| 567 | if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) { | |
| 568 | BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE); | |
| 569 | 569 | return 0; |
| 570 | } | |
| 570 | 571 | |
| 571 | 572 | (*bai)->bai_family = family; |
| 572 | 573 | (*bai)->bai_socktype = socktype; |
| 601 | 602 | |
| 602 | 603 | DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) |
| 603 | 604 | { |
| 604 | OPENSSL_init_crypto(0, NULL); | |
| 605 | if (!OPENSSL_init_crypto(0, NULL)) | |
| 606 | return 0; | |
| 605 | 607 | bio_lookup_lock = CRYPTO_THREAD_lock_new(); |
| 606 | 608 | return bio_lookup_lock != NULL; |
| 607 | 609 | } |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 818 | 818 | |
| 819 | 819 | *maxlen += BUFFER_INC; |
| 820 | 820 | if (*buffer == NULL) { |
| 821 | *buffer = OPENSSL_malloc(*maxlen); | |
| 822 | if (*buffer == NULL) | |
| 821 | if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) { | |
| 822 | BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE); | |
| 823 | 823 | return 0; |
| 824 | } | |
| 824 | 825 | if (*currlen > 0) { |
| 825 | 826 | if (!ossl_assert(*sbuffer != NULL)) |
| 826 | 827 | return 0; |
| 307 | 307 | |
| 308 | 308 | l = fcntl(s, F_GETFL, 0); |
| 309 | 309 | if (l == -1) { |
| 310 | SYSerr(SYS_F_FCNTL, get_last_rtl_error()); | |
| 310 | SYSerr(SYS_F_FCNTL, get_last_sys_error()); | |
| 311 | 311 | ret = -1; |
| 312 | 312 | } else { |
| 313 | 313 | # if defined(O_NONBLOCK) |
| 325 | 325 | ret = fcntl(s, F_SETFL, l); |
| 326 | 326 | |
| 327 | 327 | if (ret < 0) { |
| 328 | SYSerr(SYS_F_FCNTL, get_last_rtl_error()); | |
| 328 | SYSerr(SYS_F_FCNTL, get_last_sys_error()); | |
| 329 | 329 | } |
| 330 | 330 | } |
| 331 | 331 | # else |
| 58 | 58 | { |
| 59 | 59 | BIO_LINEBUFFER_CTX *ctx; |
| 60 | 60 | |
| 61 | ctx = OPENSSL_malloc(sizeof(*ctx)); | |
| 62 | if (ctx == NULL) | |
| 63 | return 0; | |
| 61 | if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { | |
| 62 | BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE); | |
| 63 | return 0; | |
| 64 | } | |
| 64 | 65 | ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); |
| 65 | 66 | if (ctx->obuf == NULL) { |
| 67 | BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE); | |
| 66 | 68 | OPENSSL_free(ctx); |
| 67 | 69 | return 0; |
| 68 | 70 | } |
| 56 | 56 | { |
| 57 | 57 | NBIO_TEST *nt; |
| 58 | 58 | |
| 59 | if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) | |
| 60 | return 0; | |
| 59 | if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) { | |
| 60 | BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE); | |
| 61 | return 0; | |
| 62 | } | |
| 61 | 63 | nt->lrn = -1; |
| 62 | 64 | nt->lwn = -1; |
| 63 | 65 | bi->ptr = (char *)nt; |
| 14 | 14 | |
| 15 | 15 | static const ERR_STRING_DATA BIO_str_functs[] = { |
| 16 | 16 | {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"}, |
| 17 | {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"}, | |
| 17 | 18 | {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"}, |
| 18 | 19 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"}, |
| 19 | 20 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"}, |
| 21 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"}, | |
| 20 | 22 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"}, |
| 21 | 23 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"}, |
| 22 | 24 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"}, |
| 23 | 25 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"}, |
| 26 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"}, | |
| 24 | 27 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"}, |
| 25 | 28 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"}, |
| 26 | 29 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"}, |
| 54 | 57 | {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"}, |
| 55 | 58 | {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"}, |
| 56 | 59 | {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"}, |
| 60 | {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"}, | |
| 57 | 61 | {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"}, |
| 58 | 62 | {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"}, |
| 63 | {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"}, | |
| 59 | 64 | {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"}, |
| 60 | 65 | {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"}, |
| 61 | 66 | {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"}, |
| 67 | {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"}, | |
| 62 | 68 | {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"}, |
| 69 | {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"}, | |
| 70 | {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"}, | |
| 63 | 71 | {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"}, |
| 64 | 72 | {0, NULL} |
| 65 | 73 | }; |
| 91 | 91 | { |
| 92 | 92 | BIO_ACCEPT *ret; |
| 93 | 93 | |
| 94 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 94 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { | |
| 95 | BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE); | |
| 95 | 96 | return NULL; |
| 97 | } | |
| 96 | 98 | ret->accept_family = BIO_FAMILY_IPANY; |
| 97 | 99 | ret->accept_sock = (int)INVALID_SOCKET; |
| 98 | 100 | return ret; |
| 222 | 222 | { |
| 223 | 223 | BIO_CONNECT *ret; |
| 224 | 224 | |
| 225 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 225 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { | |
| 226 | BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE); | |
| 226 | 227 | return NULL; |
| 228 | } | |
| 227 | 229 | ret->state = BIO_CONN_S_BEFORE; |
| 228 | 230 | ret->connect_family = BIO_FAMILY_IPANY; |
| 229 | 231 | return ret; |
| 954 | 954 | |
| 955 | 955 | bi->init = 0; |
| 956 | 956 | bi->num = 0; |
| 957 | data = OPENSSL_zalloc(sizeof(*data)); | |
| 958 | if (data == NULL) | |
| 957 | if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) { | |
| 958 | BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE); | |
| 959 | 959 | return 0; |
| 960 | } | |
| 960 | 961 | # ifdef SCTP_PR_SCTP_NONE |
| 961 | 962 | data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; |
| 962 | 963 | # endif |
| 196 | 196 | }; |
| 197 | 197 | |
| 198 | 198 | if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { |
| 199 | BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE); | |
| 199 | 200 | return 0; |
| 200 | 201 | } |
| 201 | 202 | strncpy(buf, in, inl); |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 9 | 9 | #include "internal/cryptlib.h" |
| 10 | 10 | #include "bn_lcl.h" |
| 11 | 11 | |
| 12 | /* r can == a or b */ | |
| 12 | /* signed add of b to a. */ | |
| 13 | 13 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 14 | 14 | { |
| 15 | int a_neg = a->neg, ret; | |
| 15 | int ret, r_neg, cmp_res; | |
| 16 | 16 | |
| 17 | 17 | bn_check_top(a); |
| 18 | 18 | bn_check_top(b); |
| 19 | 19 | |
| 20 | /*- | |
| 21 | * a + b a+b | |
| 22 | * a + -b a-b | |
| 23 | * -a + b b-a | |
| 24 | * -a + -b -(a+b) | |
| 25 | */ | |
| 26 | if (a_neg ^ b->neg) { | |
| 27 | /* only one is negative */ | |
| 28 | if (a_neg) { | |
| 29 | const BIGNUM *tmp; | |
| 30 | ||
| 31 | tmp = a; | |
| 32 | a = b; | |
| 33 | b = tmp; | |
| 20 | if (a->neg == b->neg) { | |
| 21 | r_neg = a->neg; | |
| 22 | ret = BN_uadd(r, a, b); | |
| 23 | } else { | |
| 24 | cmp_res = BN_ucmp(a, b); | |
| 25 | if (cmp_res > 0) { | |
| 26 | r_neg = a->neg; | |
| 27 | ret = BN_usub(r, a, b); | |
| 28 | } else if (cmp_res < 0) { | |
| 29 | r_neg = b->neg; | |
| 30 | ret = BN_usub(r, b, a); | |
| 31 | } else { | |
| 32 | r_neg = 0; | |
| 33 | BN_zero(r); | |
| 34 | ret = 1; | |
| 34 | 35 | } |
| 35 | ||
| 36 | /* we are now a - b */ | |
| 37 | ||
| 38 | if (BN_ucmp(a, b) < 0) { | |
| 39 | if (!BN_usub(r, b, a)) | |
| 40 | return 0; | |
| 41 | r->neg = 1; | |
| 42 | } else { | |
| 43 | if (!BN_usub(r, a, b)) | |
| 44 | return 0; | |
| 45 | r->neg = 0; | |
| 46 | } | |
| 47 | return 1; | |
| 48 | 36 | } |
| 49 | 37 | |
| 50 | ret = BN_uadd(r, a, b); | |
| 51 | r->neg = a_neg; | |
| 38 | r->neg = r_neg; | |
| 52 | 39 | bn_check_top(r); |
| 53 | 40 | return ret; |
| 54 | 41 | } |
| 55 | 42 | |
| 56 | /* unsigned add of b to a */ | |
| 43 | /* signed sub of b from a. */ | |
| 44 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |
| 45 | { | |
| 46 | int ret, r_neg, cmp_res; | |
| 47 | ||
| 48 | bn_check_top(a); | |
| 49 | bn_check_top(b); | |
| 50 | ||
| 51 | if (a->neg != b->neg) { | |
| 52 | r_neg = a->neg; | |
| 53 | ret = BN_uadd(r, a, b); | |
| 54 | } else { | |
| 55 | cmp_res = BN_ucmp(a, b); | |
| 56 | if (cmp_res > 0) { | |
| 57 | r_neg = a->neg; | |
| 58 | ret = BN_usub(r, a, b); | |
| 59 | } else if (cmp_res < 0) { | |
| 60 | r_neg = !b->neg; | |
| 61 | ret = BN_usub(r, b, a); | |
| 62 | } else { | |
| 63 | r_neg = 0; | |
| 64 | BN_zero(r); | |
| 65 | ret = 1; | |
| 66 | } | |
| 67 | } | |
| 68 | ||
| 69 | r->neg = r_neg; | |
| 70 | bn_check_top(r); | |
| 71 | return ret; | |
| 72 | } | |
| 73 | ||
| 74 | /* unsigned add of b to a, r can be equal to a or b. */ | |
| 57 | 75 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 58 | 76 | { |
| 59 | 77 | int max, min, dif; |
| 150 | 168 | return 1; |
| 151 | 169 | } |
| 152 | 170 | |
| 153 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | |
| 154 | { | |
| 155 | int max; | |
| 156 | int add = 0, neg = 0; | |
| 157 | ||
| 158 | bn_check_top(a); | |
| 159 | bn_check_top(b); | |
| 160 | ||
| 161 | /*- | |
| 162 | * a - b a-b | |
| 163 | * a - -b a+b | |
| 164 | * -a - b -(a+b) | |
| 165 | * -a - -b b-a | |
| 166 | */ | |
| 167 | if (a->neg) { | |
| 168 | if (b->neg) { | |
| 169 | const BIGNUM *tmp; | |
| 170 | ||
| 171 | tmp = a; | |
| 172 | a = b; | |
| 173 | b = tmp; | |
| 174 | } else { | |
| 175 | add = 1; | |
| 176 | neg = 1; | |
| 177 | } | |
| 178 | } else { | |
| 179 | if (b->neg) { | |
| 180 | add = 1; | |
| 181 | neg = 0; | |
| 182 | } | |
| 183 | } | |
| 184 | ||
| 185 | if (add) { | |
| 186 | if (!BN_uadd(r, a, b)) | |
| 187 | return 0; | |
| 188 | r->neg = neg; | |
| 189 | return 1; | |
| 190 | } | |
| 191 | ||
| 192 | /* We are actually doing a - b :-) */ | |
| 193 | ||
| 194 | max = (a->top > b->top) ? a->top : b->top; | |
| 195 | if (bn_wexpand(r, max) == NULL) | |
| 196 | return 0; | |
| 197 | if (BN_ucmp(a, b) < 0) { | |
| 198 | if (!BN_usub(r, b, a)) | |
| 199 | return 0; | |
| 200 | r->neg = 1; | |
| 201 | } else { | |
| 202 | if (!BN_usub(r, a, b)) | |
| 203 | return 0; | |
| 204 | r->neg = 0; | |
| 205 | } | |
| 206 | bn_check_top(r); | |
| 207 | return 1; | |
| 208 | } | |
| 0 | 0 | /* |
| 1 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 254 | 254 | /* Need to expand */ |
| 255 | 255 | unsigned int newsize = |
| 256 | 256 | st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; |
| 257 | unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); | |
| 258 | if (newitems == NULL) | |
| 257 | unsigned int *newitems; | |
| 258 | ||
| 259 | if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { | |
| 260 | BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE); | |
| 259 | 261 | return 0; |
| 262 | } | |
| 260 | 263 | if (st->depth) |
| 261 | 264 | memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); |
| 262 | 265 | OPENSSL_free(st->indexes); |
| 305 | 308 | |
| 306 | 309 | /* Full; allocate a new pool item and link it in. */ |
| 307 | 310 | if (p->used == p->size) { |
| 308 | BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); | |
| 309 | if (item == NULL) | |
| 311 | BN_POOL_ITEM *item; | |
| 312 | ||
| 313 | if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { | |
| 314 | BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE); | |
| 310 | 315 | return NULL; |
| 316 | } | |
| 311 | 317 | for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { |
| 312 | 318 | bn_init(bn); |
| 313 | 319 | if ((flag & BN_FLG_SECURE) != 0) |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 61 | 61 | "BN_mod_inverse_no_branch"}, |
| 62 | 62 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"}, |
| 63 | 63 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"}, |
| 64 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"}, | |
| 64 | 65 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"}, |
| 65 | 66 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"}, |
| 67 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"}, | |
| 66 | 68 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"}, |
| 67 | 69 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"}, |
| 70 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"}, | |
| 68 | 71 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"}, |
| 69 | 72 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"}, |
| 73 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"}, | |
| 70 | 74 | {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"}, |
| 71 | 75 | {0, NULL} |
| 72 | 76 | }; |
| 299 | 299 | return a; |
| 300 | 300 | } |
| 301 | 301 | |
| 302 | #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ | |
| 303 | | BN_FLG_CONSTTIME \ | |
| 304 | | BN_FLG_SECURE)) | |
| 305 | #define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) | |
| 306 | ||
| 302 | 307 | void BN_swap(BIGNUM *a, BIGNUM *b) |
| 303 | 308 | { |
| 304 | 309 | int flags_old_a, flags_old_b; |
| 326 | 331 | b->dmax = tmp_dmax; |
| 327 | 332 | b->neg = tmp_neg; |
| 328 | 333 | |
| 329 | a->flags = | |
| 330 | (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); | |
| 331 | b->flags = | |
| 332 | (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); | |
| 334 | a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b); | |
| 335 | b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a); | |
| 333 | 336 | bn_check_top(a); |
| 334 | 337 | bn_check_top(b); |
| 335 | 338 | } |
| 737 | 740 | t = (a->top ^ b->top) & condition; |
| 738 | 741 | a->top ^= t; |
| 739 | 742 | b->top ^= t; |
| 743 | ||
| 744 | t = (a->neg ^ b->neg) & condition; | |
| 745 | a->neg ^= t; | |
| 746 | b->neg ^= t; | |
| 747 | ||
| 748 | /*- | |
| 749 | * Idea behind BN_FLG_STATIC_DATA is actually to | |
| 750 | * indicate that data may not be written to. | |
| 751 | * Intention is actually to treat it as it's | |
| 752 | * read-only data, and some (if not most) of it does | |
| 753 | * reside in read-only segment. In other words | |
| 754 | * observation of BN_FLG_STATIC_DATA in | |
| 755 | * BN_consttime_swap should be treated as fatal | |
| 756 | * condition. It would either cause SEGV or | |
| 757 | * effectively cause data corruption. | |
| 758 | * BN_FLG_MALLOCED refers to BN structure itself, | |
| 759 | * and hence must be preserved. Remaining flags are | |
| 760 | * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be | |
| 761 | * preserved, because it determines how x->d was | |
| 762 | * allocated and hence how to free it. This leaves | |
| 763 | * BN_FLG_CONSTTIME that one can do something about. | |
| 764 | * To summarize it's sufficient to mask and swap | |
| 765 | * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should | |
| 766 | * be treated as fatal. | |
| 767 | */ | |
| 768 | t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; | |
| 769 | a->flags ^= t; | |
| 770 | b->flags ^= t; | |
| 740 | 771 | |
| 741 | 772 | #define BN_CONSTTIME_SWAP(ind) \ |
| 742 | 773 | do { \ |
| 198 | 198 | { |
| 199 | 199 | BN_MONT_CTX *ret; |
| 200 | 200 | |
| 201 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) | |
| 202 | return NULL; | |
| 201 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { | |
| 202 | BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE); | |
| 203 | return NULL; | |
| 204 | } | |
| 203 | 205 | |
| 204 | 206 | BN_MONT_CTX_init(ret); |
| 205 | 207 | ret->flags = BN_FLG_MALLOCED; |
| 20 | 20 | { |
| 21 | 21 | BN_RECP_CTX *ret; |
| 22 | 22 | |
| 23 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 23 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { | |
| 24 | BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE); | |
| 24 | 25 | return NULL; |
| 26 | } | |
| 25 | 27 | |
| 26 | 28 | bn_init(&(ret->N)); |
| 27 | 29 | bn_init(&(ret->Nr)); |
| 0 | 0 | /* |
| 1 | * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 11 | 11 | #include <string.h> |
| 12 | 12 | #include "internal/cryptlib.h" |
| 13 | 13 | #include <openssl/cmac.h> |
| 14 | #include <openssl/err.h> | |
| 14 | 15 | |
| 15 | 16 | struct CMAC_CTX_st { |
| 16 | 17 | /* Cipher context to use */ |
| 45 | 46 | { |
| 46 | 47 | CMAC_CTX *ctx; |
| 47 | 48 | |
| 48 | ctx = OPENSSL_malloc(sizeof(*ctx)); | |
| 49 | if (ctx == NULL) | |
| 49 | if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { | |
| 50 | CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE); | |
| 50 | 51 | return NULL; |
| 52 | } | |
| 51 | 53 | ctx->cctx = EVP_CIPHER_CTX_new(); |
| 52 | 54 | if (ctx->cctx == NULL) { |
| 53 | 55 | OPENSSL_free(ctx); |
| 0 | 0 | /* |
| 1 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 167 | 167 | { |
| 168 | 168 | ec->cipher = cipher; |
| 169 | 169 | if (key) { |
| 170 | ec->key = OPENSSL_malloc(keylen); | |
| 171 | if (ec->key == NULL) | |
| 170 | if ((ec->key = OPENSSL_malloc(keylen)) == NULL) { | |
| 171 | CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE); | |
| 172 | 172 | return 0; |
| 173 | } | |
| 173 | 174 | memcpy(ec->key, key, keylen); |
| 174 | 175 | } |
| 175 | 176 | ec->keylen = keylen; |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 53 | 53 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"}, |
| 54 | 54 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"}, |
| 55 | 55 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"}, |
| 56 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0), | |
| 57 | "cms_EncryptedContent_init"}, | |
| 56 | 58 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0), |
| 57 | 59 | "cms_EncryptedContent_init_bio"}, |
| 58 | 60 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0), |
| 146 | 148 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"}, |
| 147 | 149 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"}, |
| 148 | 150 | {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"}, |
| 151 | {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"}, | |
| 149 | 152 | {0, NULL} |
| 150 | 153 | }; |
| 151 | 154 | |
| 0 | 0 | /* |
| 1 | * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 187 | 187 | /* Invalid size */ |
| 188 | 188 | return 0; |
| 189 | 189 | } |
| 190 | tmp = OPENSSL_malloc(inlen); | |
| 191 | if (tmp == NULL) | |
| 192 | return 0; | |
| 190 | if ((tmp = OPENSSL_malloc(inlen)) == NULL) { | |
| 191 | CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE); | |
| 192 | return 0; | |
| 193 | } | |
| 193 | 194 | /* setup IV by decrypting last two blocks */ |
| 194 | 195 | if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, |
| 195 | 196 | in + inlen - 2 * blocklen, blocklen * 2) |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 17 | 17 | {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"}, |
| 18 | 18 | {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"}, |
| 19 | 19 | {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"}, |
| 20 | {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"}, | |
| 20 | 21 | {0, NULL} |
| 21 | 22 | }; |
| 22 | 23 | |
| 11 | 11 | #include <string.h> |
| 12 | 12 | #include <openssl/objects.h> |
| 13 | 13 | #include <openssl/comp.h> |
| 14 | #include <openssl/err.h> | |
| 14 | 15 | #include "comp_lcl.h" |
| 15 | 16 | |
| 16 | 17 | COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) |
| 17 | 18 | { |
| 18 | 19 | COMP_CTX *ret; |
| 19 | 20 | |
| 20 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 21 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { | |
| 22 | COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE); | |
| 21 | 23 | return NULL; |
| 24 | } | |
| 22 | 25 | ret->meth = meth; |
| 23 | 26 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { |
| 24 | 27 | OPENSSL_free(ret); |
| 0 | 0 | LIBS=../../libcrypto |
| 1 | 1 | SOURCE[../../libcrypto]= \ |
| 2 | 2 | conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ |
| 3 | conf_mall.c conf_sap.c | |
| 3 | conf_mall.c conf_sap.c conf_ssl.c |
| 32 | 32 | */ |
| 33 | 33 | #define MAX_CONF_VALUE_LENGTH 65536 |
| 34 | 34 | |
| 35 | static int is_keytype(const CONF *conf, char c, unsigned short type); | |
| 35 | 36 | static char *eat_ws(CONF *conf, char *p); |
| 36 | 37 | static void trim_ws(CONF *conf, char *start); |
| 37 | 38 | static char *eat_alpha_numeric(CONF *conf, char *p); |
| 731 | 732 | } |
| 732 | 733 | #endif |
| 733 | 734 | |
| 735 | static int is_keytype(const CONF *conf, char c, unsigned short type) | |
| 736 | { | |
| 737 | const unsigned short * keytypes = (const unsigned short *) conf->meth_data; | |
| 738 | unsigned char key = (unsigned char)c; | |
| 739 | ||
| 740 | #ifdef CHARSET_EBCDIC | |
| 741 | # if CHAR_BIT > 8 | |
| 742 | if (key > 255) { | |
| 743 | /* key is out of range for os_toascii table */ | |
| 744 | return 0; | |
| 745 | } | |
| 746 | # endif | |
| 747 | /* convert key from ebcdic to ascii */ | |
| 748 | key = os_toascii[key]; | |
| 749 | #endif | |
| 750 | ||
| 751 | if (key > 127) { | |
| 752 | /* key is not a seven bit ascii character */ | |
| 753 | return 0; | |
| 754 | } | |
| 755 | ||
| 756 | return (keytypes[key] & type) ? 1 : 0; | |
| 757 | } | |
| 758 | ||
| 734 | 759 | static char *eat_ws(CONF *conf, char *p) |
| 735 | 760 | { |
| 736 | 761 | while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) |
| 24 | 24 | #define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) |
| 25 | 25 | #define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) |
| 26 | 26 | |
| 27 | #define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) | |
| 28 | 27 | |
| 29 | #ifndef CHARSET_EBCDIC | |
| 30 | # define CVT(a) ((a) & 0x7F) | |
| 31 | #else | |
| 32 | # define CVT(a) os_toascci[(a) & 0x7F] | |
| 33 | #endif | |
| 34 | ||
| 35 | #define IS_COMMENT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_COMMENT) | |
| 36 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_FCOMMENT) | |
| 37 | #define IS_EOF(c,a) (KEYTYPES(c)[CVT(a)] & CONF_EOF) | |
| 38 | #define IS_ESC(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ESC) | |
| 39 | #define IS_NUMBER(c,a) (KEYTYPES(c)[CVT(a)] & CONF_NUMBER) | |
| 40 | #define IS_WS(c,a) (KEYTYPES(c)[CVT(a)] & CONF_WS) | |
| 41 | #define IS_ALNUM(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ALNUM) | |
| 42 | #define IS_ALNUM_PUNCT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ALNUM_PUNCT) | |
| 43 | #define IS_QUOTE(c,a) (KEYTYPES(c)[CVT(a)] & CONF_QUOTE) | |
| 44 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[CVT(a)] & CONF_DQUOTE) | |
| 28 | #define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) | |
| 29 | #define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) | |
| 30 | #define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) | |
| 31 | #define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) | |
| 32 | #define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) | |
| 33 | #define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) | |
| 34 | #define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) | |
| 35 | #define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) | |
| 36 | #define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) | |
| 37 | #define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) | |
| 45 | 38 | |
| 46 | 39 | static const unsigned short CONF_type_default[128] = { |
| 47 | 40 | 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, |
| 20 | 20 | {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"}, |
| 21 | 21 | {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"}, |
| 22 | 22 | {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"}, |
| 23 | {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"}, | |
| 23 | 24 | {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"}, |
| 24 | 25 | {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"}, |
| 25 | 26 | {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"}, |
| 34 | 35 | {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"}, |
| 35 | 36 | {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"}, |
| 36 | 37 | {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"}, |
| 38 | {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"}, | |
| 37 | 39 | {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"}, |
| 38 | 40 | {0, NULL} |
| 39 | 41 | }; |
| 59 | 61 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"}, |
| 60 | 62 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), |
| 61 | 63 | "recursive directory include"}, |
| 64 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), | |
| 65 | "ssl command section empty"}, | |
| 66 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), | |
| 67 | "ssl command section not found"}, | |
| 68 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, | |
| 69 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND), | |
| 70 | "ssl section not found"}, | |
| 62 | 71 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), |
| 63 | 72 | "unable to create new section"}, |
| 64 | 73 | {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME), |
| 0 | /* | |
| 1 | * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * | |
| 3 | * Licensed under the OpenSSL license (the "License"). You may not use | |
| 4 | * this file except in compliance with the License. You can obtain a copy | |
| 5 | * in the file LICENSE in the source distribution or at | |
| 6 | * https://www.openssl.org/source/license.html | |
| 7 | */ | |
| 8 | ||
| 9 | void conf_add_ssl_module(void); | |
| 10 |
| 0 | 0 | /* |
| 1 | * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 13 | 13 | #include <openssl/x509.h> |
| 14 | 14 | #include <openssl/asn1.h> |
| 15 | 15 | #include <openssl/engine.h> |
| 16 | #include "conf_lcl.h" | |
| 16 | 17 | |
| 17 | 18 | /* Load all OpenSSL builtin modules */ |
| 18 | 19 | |
| 25 | 26 | ENGINE_add_conf_module(); |
| 26 | 27 | #endif |
| 27 | 28 | EVP_add_alg_module(); |
| 29 | conf_add_ssl_module(); | |
| 28 | 30 | } |
| 0 | 0 | /* |
| 1 | * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 231 | 231 | supported_modules = sk_CONF_MODULE_new_null(); |
| 232 | 232 | if (supported_modules == NULL) |
| 233 | 233 | return NULL; |
| 234 | tmod = OPENSSL_zalloc(sizeof(*tmod)); | |
| 235 | if (tmod == NULL) | |
| 234 | if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) { | |
| 235 | CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE); | |
| 236 | 236 | return NULL; |
| 237 | } | |
| 237 | 238 | |
| 238 | 239 | tmod->dso = dso; |
| 239 | 240 | tmod->name = OPENSSL_strdup(name); |
| 478 | 479 | char *file, *sep = ""; |
| 479 | 480 | int len; |
| 480 | 481 | |
| 481 | file = getenv("OPENSSL_CONF"); | |
| 482 | if (file) | |
| 483 | return OPENSSL_strdup(file); | |
| 482 | if (!OPENSSL_issetugid()) { | |
| 483 | file = getenv("OPENSSL_CONF"); | |
| 484 | if (file) | |
| 485 | return OPENSSL_strdup(file); | |
| 486 | } | |
| 484 | 487 | |
| 485 | 488 | len = strlen(X509_get_default_cert_area()); |
| 486 | 489 | #ifndef OPENSSL_SYS_VMS |
| 0 | /* | |
| 1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * | |
| 3 | * Licensed under the OpenSSL license (the "License"). You may not use | |
| 4 | * this file except in compliance with the License. You can obtain a copy | |
| 5 | * in the file LICENSE in the source distribution or at | |
| 6 | * https://www.openssl.org/source/license.html | |
| 7 | */ | |
| 8 | ||
| 9 | #include <stdio.h> | |
| 10 | #include <string.h> | |
| 11 | #include <openssl/conf.h> | |
| 12 | #include <openssl/err.h> | |
| 13 | #include "internal/sslconf.h" | |
| 14 | #include "conf_lcl.h" | |
| 15 | ||
| 16 | /* | |
| 17 | * SSL library configuration module placeholder. We load it here but defer | |
| 18 | * all decisions about its contents to libssl. | |
| 19 | */ | |
| 20 | ||
| 21 | struct ssl_conf_name_st { | |
| 22 | /* Name of this set of commands */ | |
| 23 | char *name; | |
| 24 | /* List of commands */ | |
| 25 | SSL_CONF_CMD *cmds; | |
| 26 | /* Number of commands */ | |
| 27 | size_t cmd_count; | |
| 28 | }; | |
| 29 | ||
| 30 | struct ssl_conf_cmd_st { | |
| 31 | /* Command */ | |
| 32 | char *cmd; | |
| 33 | /* Argument */ | |
| 34 | char *arg; | |
| 35 | }; | |
| 36 | ||
| 37 | static struct ssl_conf_name_st *ssl_names; | |
| 38 | static size_t ssl_names_count; | |
| 39 | ||
| 40 | static void ssl_module_free(CONF_IMODULE *md) | |
| 41 | { | |
| 42 | size_t i, j; | |
| 43 | if (ssl_names == NULL) | |
| 44 | return; | |
| 45 | for (i = 0; i < ssl_names_count; i++) { | |
| 46 | struct ssl_conf_name_st *tname = ssl_names + i; | |
| 47 | ||
| 48 | OPENSSL_free(tname->name); | |
| 49 | for (j = 0; j < tname->cmd_count; j++) { | |
| 50 | OPENSSL_free(tname->cmds[j].cmd); | |
| 51 | OPENSSL_free(tname->cmds[j].arg); | |
| 52 | } | |
| 53 | OPENSSL_free(tname->cmds); | |
| 54 | } | |
| 55 | OPENSSL_free(ssl_names); | |
| 56 | ssl_names = NULL; | |
| 57 | ssl_names_count = 0; | |
| 58 | } | |
| 59 | ||
| 60 | static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) | |
| 61 | { | |
| 62 | size_t i, j, cnt; | |
| 63 | int rv = 0; | |
| 64 | const char *ssl_conf_section; | |
| 65 | STACK_OF(CONF_VALUE) *cmd_lists; | |
| 66 | ||
| 67 | ssl_conf_section = CONF_imodule_get_value(md); | |
| 68 | cmd_lists = NCONF_get_section(cnf, ssl_conf_section); | |
| 69 | if (sk_CONF_VALUE_num(cmd_lists) <= 0) { | |
| 70 | if (cmd_lists == NULL) | |
| 71 | CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND); | |
| 72 | else | |
| 73 | CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY); | |
| 74 | ERR_add_error_data(2, "section=", ssl_conf_section); | |
| 75 | goto err; | |
| 76 | } | |
| 77 | cnt = sk_CONF_VALUE_num(cmd_lists); | |
| 78 | ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); | |
| 79 | ssl_names_count = cnt; | |
| 80 | for (i = 0; i < ssl_names_count; i++) { | |
| 81 | struct ssl_conf_name_st *ssl_name = ssl_names + i; | |
| 82 | CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); | |
| 83 | STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); | |
| 84 | ||
| 85 | if (sk_CONF_VALUE_num(cmds) <= 0) { | |
| 86 | if (cmds == NULL) | |
| 87 | CONFerr(CONF_F_SSL_MODULE_INIT, | |
| 88 | CONF_R_SSL_COMMAND_SECTION_NOT_FOUND); | |
| 89 | else | |
| 90 | CONFerr(CONF_F_SSL_MODULE_INIT, | |
| 91 | CONF_R_SSL_COMMAND_SECTION_EMPTY); | |
| 92 | ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); | |
| 93 | goto err; | |
| 94 | } | |
| 95 | ssl_name->name = OPENSSL_strdup(sect->name); | |
| 96 | if (ssl_name->name == NULL) | |
| 97 | goto err; | |
| 98 | cnt = sk_CONF_VALUE_num(cmds); | |
| 99 | ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st)); | |
| 100 | if (ssl_name->cmds == NULL) | |
| 101 | goto err; | |
| 102 | ssl_name->cmd_count = cnt; | |
| 103 | for (j = 0; j < cnt; j++) { | |
| 104 | const char *name; | |
| 105 | CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); | |
| 106 | struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j; | |
| 107 | ||
| 108 | /* Skip any initial dot in name */ | |
| 109 | name = strchr(cmd_conf->name, '.'); | |
| 110 | if (name != NULL) | |
| 111 | name++; | |
| 112 | else | |
| 113 | name = cmd_conf->name; | |
| 114 | cmd->cmd = OPENSSL_strdup(name); | |
| 115 | cmd->arg = OPENSSL_strdup(cmd_conf->value); | |
| 116 | if (cmd->cmd == NULL || cmd->arg == NULL) | |
| 117 | goto err; | |
| 118 | } | |
| 119 | ||
| 120 | } | |
| 121 | rv = 1; | |
| 122 | err: | |
| 123 | if (rv == 0) | |
| 124 | ssl_module_free(md); | |
| 125 | return rv; | |
| 126 | } | |
| 127 | ||
| 128 | /* | |
| 129 | * Returns the set of commands with index |idx| previously searched for via | |
| 130 | * conf_ssl_name_find. Also stores the name of the set of commands in |*name| | |
| 131 | * and the number of commands in the set in |*cnt|. | |
| 132 | */ | |
| 133 | const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt) | |
| 134 | { | |
| 135 | *name = ssl_names[idx].name; | |
| 136 | *cnt = ssl_names[idx].cmd_count; | |
| 137 | return ssl_names[idx].cmds; | |
| 138 | } | |
| 139 | ||
| 140 | /* | |
| 141 | * Search for the named set of commands given in |name|. On success return the | |
| 142 | * index for the command set in |*idx|. | |
| 143 | * Returns 1 on success or 0 on failure. | |
| 144 | */ | |
| 145 | int conf_ssl_name_find(const char *name, size_t *idx) | |
| 146 | { | |
| 147 | size_t i; | |
| 148 | const struct ssl_conf_name_st *nm; | |
| 149 | ||
| 150 | if (name == NULL) | |
| 151 | return 0; | |
| 152 | for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { | |
| 153 | if (strcmp(nm->name, name) == 0) { | |
| 154 | *idx = i; | |
| 155 | return 1; | |
| 156 | } | |
| 157 | } | |
| 158 | return 0; | |
| 159 | } | |
| 160 | ||
| 161 | /* | |
| 162 | * Given a command set |cmd|, return details on the command at index |idx| which | |
| 163 | * must be less than the number of commands in the set (as returned by | |
| 164 | * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the | |
| 165 | * argument is returned in |*arg|. | |
| 166 | */ | |
| 167 | void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, | |
| 168 | char **arg) | |
| 169 | { | |
| 170 | *cmdstr = cmd[idx].cmd; | |
| 171 | *arg = cmd[idx].arg; | |
| 172 | } | |
| 173 | ||
| 174 | void conf_add_ssl_module(void) | |
| 175 | { | |
| 176 | CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free); | |
| 177 | } |
| 84 | 84 | #define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) |
| 85 | 85 | #define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) |
| 86 | 86 | |
| 87 | #define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) | |
| 88 | 87 | |
| 89 | #ifndef CHARSET_EBCDIC | |
| 90 | # define CVT(a) ((a) & 0x7F) | |
| 91 | #else | |
| 92 | # define CVT(a) os_toascci[(a) & 0x7F] | |
| 93 | #endif | |
| 94 | ||
| 95 | #define IS_COMMENT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_COMMENT) | |
| 96 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_FCOMMENT) | |
| 97 | #define IS_EOF(c,a) (KEYTYPES(c)[CVT(a)] & CONF_EOF) | |
| 98 | #define IS_ESC(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ESC) | |
| 99 | #define IS_NUMBER(c,a) (KEYTYPES(c)[CVT(a)] & CONF_NUMBER) | |
| 100 | #define IS_WS(c,a) (KEYTYPES(c)[CVT(a)] & CONF_WS) | |
| 101 | #define IS_ALNUM(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ALNUM) | |
| 102 | #define IS_ALNUM_PUNCT(c,a) (KEYTYPES(c)[CVT(a)] & CONF_ALNUM_PUNCT) | |
| 103 | #define IS_QUOTE(c,a) (KEYTYPES(c)[CVT(a)] & CONF_QUOTE) | |
| 104 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[CVT(a)] & CONF_DQUOTE) | |
| 88 | #define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) | |
| 89 | #define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) | |
| 90 | #define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) | |
| 91 | #define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) | |
| 92 | #define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) | |
| 93 | #define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) | |
| 94 | #define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) | |
| 95 | #define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) | |
| 96 | #define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) | |
| 97 | #define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) | |
| 105 | 98 | |
| 106 | 99 | EOF |
| 107 | 100 |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 13 | 13 | #ifndef OPENSSL_NO_ERR |
| 14 | 14 | |
| 15 | 15 | static const ERR_STRING_DATA CRYPTO_str_functs[] = { |
| 16 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"}, | |
| 16 | 17 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0), |
| 17 | 18 | "CRYPTO_dup_ex_data"}, |
| 18 | 19 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0), |
| 22 | 23 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"}, |
| 23 | 24 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0), |
| 24 | 25 | "CRYPTO_new_ex_data"}, |
| 26 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0), | |
| 27 | "CRYPTO_ocb128_copy_ctx"}, | |
| 28 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0), | |
| 29 | "CRYPTO_ocb128_init"}, | |
| 25 | 30 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0), |
| 26 | 31 | "CRYPTO_set_ex_data"}, |
| 27 | 32 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"}, |
| 28 | 33 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"}, |
| 34 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"}, | |
| 29 | 35 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0), |
| 30 | 36 | "OPENSSL_buf2hexstr"}, |
| 37 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"}, | |
| 31 | 38 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0), |
| 32 | 39 | "OPENSSL_hexstr2buf"}, |
| 33 | 40 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0), |
| 34 | 41 | "OPENSSL_init_crypto"}, |
| 42 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"}, | |
| 43 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0), | |
| 44 | "OPENSSL_sk_deep_copy"}, | |
| 45 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"}, | |
| 46 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"}, | |
| 47 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0), | |
| 48 | "pkey_poly1305_init"}, | |
| 49 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0), | |
| 50 | "pkey_siphash_init"}, | |
| 51 | {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"}, | |
| 35 | 52 | {0, NULL} |
| 36 | 53 | }; |
| 37 | 54 | |
| 119 | 119 | # endif |
| 120 | 120 | |
| 121 | 121 | # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 |
| 122 | # ifdef OPENSSL_SYS_WIN_CORE | |
| 123 | ||
| 124 | int OPENSSL_isservice(void) | |
| 125 | { | |
| 126 | /* OneCore API cannot interact with GUI */ | |
| 127 | return 1; | |
| 128 | } | |
| 129 | # else | |
| 122 | 130 | int OPENSSL_isservice(void) |
| 123 | 131 | { |
| 124 | 132 | HWINSTA h; |
| 159 | 167 | |
| 160 | 168 | len++, len &= ~1; /* paranoia */ |
| 161 | 169 | name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ |
| 162 | # if 1 | |
| 170 | # if 1 | |
| 163 | 171 | /* |
| 164 | 172 | * This doesn't cover "interactive" services [working with real |
| 165 | 173 | * WinSta0's] nor programs started non-interactively by Task Scheduler |
| 167 | 175 | */ |
| 168 | 176 | if (wcsstr(name, L"Service-0x")) |
| 169 | 177 | return 1; |
| 170 | # else | |
| 178 | # else | |
| 171 | 179 | /* This covers all non-interactive programs such as services. */ |
| 172 | 180 | if (!wcsstr(name, L"WinSta0")) |
| 173 | 181 | return 1; |
| 174 | # endif | |
| 182 | # endif | |
| 175 | 183 | else |
| 176 | 184 | return 0; |
| 177 | 185 | } |
| 186 | # endif | |
| 178 | 187 | # else |
| 179 | 188 | int OPENSSL_isservice(void) |
| 180 | 189 | { |
| 271 | 280 | va_end(ap); |
| 272 | 281 | |
| 273 | 282 | # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 |
| 283 | # ifdef OPENSSL_SYS_WIN_CORE | |
| 284 | /* ONECORE is always NONGUI and NT >= 0x0601 */ | |
| 285 | ||
| 286 | /* | |
| 287 | * TODO: (For non GUI and no std error cases) | |
| 288 | * Add event logging feature here. | |
| 289 | */ | |
| 290 | ||
| 291 | # if !defined(NDEBUG) | |
| 292 | /* | |
| 293 | * We are in a situation where we tried to report a critical | |
| 294 | * error and this failed for some reason. As a last resort, | |
| 295 | * in debug builds, send output to the debugger or any other | |
| 296 | * tool like DebugView which can monitor the output. | |
| 297 | */ | |
| 298 | OutputDebugString(buf); | |
| 299 | # endif | |
| 300 | # else | |
| 274 | 301 | /* this -------------v--- guards NT-specific calls */ |
| 275 | 302 | if (check_winnt() && OPENSSL_isservice() > 0) { |
| 276 | 303 | HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); |
| 280 | 307 | |
| 281 | 308 | if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, |
| 282 | 309 | 1, 0, &pmsg, NULL)) { |
| 283 | #if defined(DEBUG) | |
| 310 | # if !defined(NDEBUG) | |
| 284 | 311 | /* |
| 285 | 312 | * We are in a situation where we tried to report a critical |
| 286 | 313 | * error and this failed for some reason. As a last resort, |
| 288 | 315 | * tool like DebugView which can monitor the output. |
| 289 | 316 | */ |
| 290 | 317 | OutputDebugString(pmsg); |
| 291 | #endif | |
| 318 | # endif | |
| 292 | 319 | } |
| 293 | 320 | |
| 294 | 321 | (void)DeregisterEventSource(hEventLog); |
| 295 | 322 | } |
| 296 | } else | |
| 297 | # endif | |
| 323 | } else { | |
| 298 | 324 | MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); |
| 325 | } | |
| 326 | # endif | |
| 327 | # else | |
| 328 | MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); | |
| 329 | # endif | |
| 299 | 330 | } |
| 300 | 331 | #else |
| 301 | 332 | void OPENSSL_showfatal(const char *fmta, ...) |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 40 | 40 | {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"}, |
| 41 | 41 | {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"}, |
| 42 | 42 | {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"}, |
| 43 | {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"}, | |
| 43 | 44 | {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"}, |
| 44 | 45 | {0, NULL} |
| 45 | 46 | }; |
| 0 | 0 | /* |
| 1 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 49 | 49 | { |
| 50 | 50 | DH_PKEY_CTX *dctx; |
| 51 | 51 | |
| 52 | dctx = OPENSSL_zalloc(sizeof(*dctx)); | |
| 53 | if (dctx == NULL) | |
| 54 | return 0; | |
| 52 | if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { | |
| 53 | DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE); | |
| 54 | return 0; | |
| 55 | } | |
| 55 | 56 | dctx->prime_len = 1024; |
| 56 | 57 | dctx->subprime_len = -1; |
| 57 | 58 | dctx->generator = 2; |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 37 | 37 | {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0), |
| 38 | 38 | "old_dsa_priv_decode"}, |
| 39 | 39 | {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"}, |
| 40 | {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"}, | |
| 40 | 41 | {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"}, |
| 41 | 42 | {0, NULL} |
| 42 | 43 | }; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 63 | 63 | /* invalid q size */ |
| 64 | 64 | return 0; |
| 65 | 65 | |
| 66 | if (evpmd == NULL) | |
| 67 | /* use SHA1 as default */ | |
| 68 | evpmd = EVP_sha1(); | |
| 66 | if (evpmd == NULL) { | |
| 67 | if (qsize == SHA_DIGEST_LENGTH) | |
| 68 | evpmd = EVP_sha1(); | |
| 69 | else if (qsize == SHA224_DIGEST_LENGTH) | |
| 70 | evpmd = EVP_sha224(); | |
| 71 | else | |
| 72 | evpmd = EVP_sha256(); | |
| 73 | } else { | |
| 74 | qsize = EVP_MD_size(evpmd); | |
| 75 | } | |
| 69 | 76 | |
| 70 | 77 | if (bits < 512) |
| 71 | 78 | bits = 512; |
| 0 | 0 | /* |
| 1 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 188 | 188 | NULL); |
| 189 | 189 | } |
| 190 | 190 | if (strcmp(type, "dsa_paramgen_md") == 0) { |
| 191 | const EVP_MD *md = EVP_get_digestbyname(value); | |
| 192 | ||
| 193 | if (md == NULL) { | |
| 194 | DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); | |
| 195 | return 0; | |
| 196 | } | |
| 191 | 197 | return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, |
| 192 | 198 | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, |
| 193 | (void *)EVP_get_digestbyname(value)); | |
| 199 | (void *)md); | |
| 194 | 200 | } |
| 195 | 201 | return -2; |
| 196 | 202 | } |
| 325 | 325 | * address of a function, which is just located in the DATA segment instead of |
| 326 | 326 | * the TEXT segment. |
| 327 | 327 | */ |
| 328 | static int dladdr(void *addr, Dl_info *dl) | |
| 329 | { | |
| 328 | static int dladdr(void *ptr, Dl_info *dl) | |
| 329 | { | |
| 330 | uintptr_t addr = (uintptr_t)ptr; | |
| 330 | 331 | unsigned int found = 0; |
| 331 | 332 | struct ld_info *ldinfos, *next_ldi, *this_ldi; |
| 332 | 333 | |
| 351 | 352 | |
| 352 | 353 | do { |
| 353 | 354 | this_ldi = next_ldi; |
| 354 | if (((addr >= this_ldi->ldinfo_textorg) | |
| 355 | && (addr < (this_ldi->ldinfo_textorg + this_ldi->ldinfo_textsize))) | |
| 356 | || ((addr >= this_ldi->ldinfo_dataorg) | |
| 357 | && (addr < | |
| 358 | (this_ldi->ldinfo_dataorg + this_ldi->ldinfo_datasize)))) { | |
| 355 | if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg) | |
| 356 | && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + | |
| 357 | this_ldi->ldinfo_textsize))) | |
| 358 | || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) | |
| 359 | && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + | |
| 360 | this_ldi->ldinfo_datasize)))) { | |
| 359 | 361 | found = 1; |
| 360 | 362 | /* |
| 361 | 363 | * Ignoring the possibility of a member name and just returning |
| 366 | 368 | OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL) |
| 367 | 369 | errno = ENOMEM; |
| 368 | 370 | } else { |
| 369 | next_ldi = (char *)this_ldi + this_ldi->ldinfo_next; | |
| 371 | next_ldi = | |
| 372 | (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next); | |
| 370 | 373 | } |
| 371 | 374 | } while (this_ldi->ldinfo_next && !found); |
| 372 | 375 | OPENSSL_free((void *)ldinfos); |
| 394 | 397 | len = (int)strlen(dli.dli_fname); |
| 395 | 398 | if (sz <= 0) { |
| 396 | 399 | # ifdef _AIX |
| 397 | OPENSSL_free(dli.dli_fname); | |
| 400 | OPENSSL_free((void *)dli.dli_fname); | |
| 398 | 401 | # endif |
| 399 | 402 | return len + 1; |
| 400 | 403 | } |
| 403 | 406 | memcpy(path, dli.dli_fname, len); |
| 404 | 407 | path[len++] = 0; |
| 405 | 408 | # ifdef _AIX |
| 406 | OPENSSL_free(dli.dli_fname); | |
| 409 | OPENSSL_free((void *)dli.dli_fname); | |
| 407 | 410 | # endif |
| 408 | 411 | return len; |
| 409 | 412 | } |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 1632 | 1632 | $code.=<<___; |
| 1633 | 1633 | .Ladd_done: |
| 1634 | 1634 | add sp,sp,#32*18+16+16 @ +16 means "skip even over saved r0-r3" |
| 1635 | #if __ARM_ARCH__>=5 || defined(__thumb__) | |
| 1635 | #if __ARM_ARCH__>=5 || !defined(__thumb__) | |
| 1636 | 1636 | ldmia sp!,{r4-r12,pc} |
| 1637 | 1637 | #else |
| 1638 | 1638 | ldmia sp!,{r4-r12,lr} |
| 165 | 165 | "EC_GROUP_set_curve_GFp"}, |
| 166 | 166 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0), |
| 167 | 167 | "EC_GROUP_set_generator"}, |
| 168 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"}, | |
| 168 | 169 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"}, |
| 169 | 170 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"}, |
| 170 | 171 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"}, |
| 173 | 174 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"}, |
| 174 | 175 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"}, |
| 175 | 176 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"}, |
| 177 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"}, | |
| 176 | 178 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"}, |
| 177 | 179 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0), |
| 178 | 180 | "EC_KEY_set_public_key_affine_coordinates"}, |
| 187 | 189 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0), |
| 188 | 190 | "EC_POINTs_make_affine"}, |
| 189 | 191 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"}, |
| 192 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"}, | |
| 190 | 193 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, |
| 191 | 194 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"}, |
| 192 | 195 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"}, |
| 205 | 208 | "EC_POINT_make_affine"}, |
| 206 | 209 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"}, |
| 207 | 210 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"}, |
| 211 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"}, | |
| 208 | 212 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"}, |
| 209 | 213 | {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0), |
| 210 | 214 | "EC_POINT_set_affine_coordinates_GF2m"}, |
| 245 | 249 | "pkey_ecd_digestsign25519"}, |
| 246 | 250 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0), |
| 247 | 251 | "pkey_ecd_digestsign448"}, |
| 252 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN25519, 0), "pkey_ecd_sign25519"}, | |
| 253 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_SIGN448, 0), "pkey_ecd_sign448"}, | |
| 248 | 254 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"}, |
| 249 | 255 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"}, |
| 250 | 256 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"}, |
| 251 | 257 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"}, |
| 258 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"}, | |
| 259 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"}, | |
| 252 | 260 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, |
| 253 | 261 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, |
| 254 | 262 | {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, |
| 0 | 0 | /* |
| 1 | * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 612 | 612 | { |
| 613 | 613 | size_t len; |
| 614 | 614 | unsigned char *buf; |
| 615 | ||
| 615 | 616 | len = EC_KEY_priv2oct(eckey, NULL, 0); |
| 616 | 617 | if (len == 0) |
| 617 | 618 | return 0; |
| 618 | buf = OPENSSL_malloc(len); | |
| 619 | if (buf == NULL) | |
| 620 | return 0; | |
| 619 | if ((buf = OPENSSL_malloc(len)) == NULL) { | |
| 620 | ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE); | |
| 621 | return 0; | |
| 622 | } | |
| 621 | 623 | len = EC_KEY_priv2oct(eckey, buf, len); |
| 622 | 624 | if (len == 0) { |
| 623 | 625 | OPENSSL_free(buf); |
| 212 | 212 | |
| 213 | 213 | if (src->seed) { |
| 214 | 214 | OPENSSL_free(dest->seed); |
| 215 | dest->seed = OPENSSL_malloc(src->seed_len); | |
| 216 | if (dest->seed == NULL) | |
| 215 | if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) { | |
| 216 | ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE); | |
| 217 | 217 | return 0; |
| 218 | } | |
| 218 | 219 | if (!memcpy(dest->seed, src->seed, src->seed_len)) |
| 219 | 220 | return 0; |
| 220 | 221 | dest->seed_len = src->seed_len; |
| 392 | 393 | if (!len || !p) |
| 393 | 394 | return 1; |
| 394 | 395 | |
| 395 | if ((group->seed = OPENSSL_malloc(len)) == NULL) | |
| 396 | return 0; | |
| 396 | if ((group->seed = OPENSSL_malloc(len)) == NULL) { | |
| 397 | ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE); | |
| 398 | return 0; | |
| 399 | } | |
| 397 | 400 | memcpy(group->seed, p, len); |
| 398 | 401 | group->seed_len = len; |
| 399 | 402 | |
| 556 | 559 | ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); |
| 557 | 560 | return NULL; |
| 558 | 561 | } |
| 559 | if (group->meth->point_init == 0) { | |
| 562 | if (group->meth->point_init == NULL) { | |
| 560 | 563 | ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 561 | 564 | return NULL; |
| 562 | 565 | } |
| 0 | 0 | /* |
| 1 | * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 99 | 99 | CRYPTO_THREAD_lock_free(pre->lock); |
| 100 | 100 | OPENSSL_free(pre); |
| 101 | 101 | } |
| 102 | ||
| 103 | #define EC_POINT_BN_set_flags(P, flags) do { \ | |
| 104 | BN_set_flags((P)->X, (flags)); \ | |
| 105 | BN_set_flags((P)->Y, (flags)); \ | |
| 106 | BN_set_flags((P)->Z, (flags)); \ | |
| 107 | } while(0) | |
| 108 | ||
| 109 | /*- | |
| 110 | * This functions computes (in constant time) a point multiplication over the | |
| 111 | * EC group. | |
| 112 | * | |
| 113 | * At a high level, it is Montgomery ladder with conditional swaps. | |
| 114 | * | |
| 115 | * It performs either a fixed scalar point multiplication | |
| 116 | * (scalar * generator) | |
| 117 | * when point is NULL, or a generic scalar point multiplication | |
| 118 | * (scalar * point) | |
| 119 | * when point is not NULL. | |
| 120 | * | |
| 121 | * scalar should be in the range [0,n) otherwise all constant time bets are off. | |
| 122 | * | |
| 123 | * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, | |
| 124 | * which of course are not constant time themselves. | |
| 125 | * | |
| 126 | * The product is stored in r. | |
| 127 | * | |
| 128 | * Returns 1 on success, 0 otherwise. | |
| 129 | */ | |
| 130 | static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, | |
| 131 | const BIGNUM *scalar, const EC_POINT *point, | |
| 132 | BN_CTX *ctx) | |
| 133 | { | |
| 134 | int i, order_bits, group_top, kbit, pbit, Z_is_one; | |
| 135 | EC_POINT *s = NULL; | |
| 136 | BIGNUM *k = NULL; | |
| 137 | BIGNUM *lambda = NULL; | |
| 138 | BN_CTX *new_ctx = NULL; | |
| 139 | int ret = 0; | |
| 140 | ||
| 141 | if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) | |
| 142 | goto err; | |
| 143 | ||
| 144 | order_bits = BN_num_bits(group->order); | |
| 145 | ||
| 146 | s = EC_POINT_new(group); | |
| 147 | if (s == NULL) | |
| 148 | goto err; | |
| 149 | ||
| 150 | if (point == NULL) { | |
| 151 | if (!EC_POINT_copy(s, group->generator)) | |
| 152 | goto err; | |
| 153 | } else { | |
| 154 | if (!EC_POINT_copy(s, point)) | |
| 155 | goto err; | |
| 156 | } | |
| 157 | ||
| 158 | EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); | |
| 159 | ||
| 160 | BN_CTX_start(ctx); | |
| 161 | lambda = BN_CTX_get(ctx); | |
| 162 | k = BN_CTX_get(ctx); | |
| 163 | if (k == NULL) | |
| 164 | goto err; | |
| 165 | ||
| 166 | /* | |
| 167 | * Group orders are often on a word boundary. | |
| 168 | * So when we pad the scalar, some timing diff might | |
| 169 | * pop if it needs to be expanded due to carries. | |
| 170 | * So expand ahead of time. | |
| 171 | */ | |
| 172 | group_top = bn_get_top(group->order); | |
| 173 | if ((bn_wexpand(k, group_top + 1) == NULL) | |
| 174 | || (bn_wexpand(lambda, group_top + 1) == NULL)) | |
| 175 | goto err; | |
| 176 | ||
| 177 | if (!BN_copy(k, scalar)) | |
| 178 | goto err; | |
| 179 | ||
| 180 | BN_set_flags(k, BN_FLG_CONSTTIME); | |
| 181 | ||
| 182 | if ((BN_num_bits(k) > order_bits) || (BN_is_negative(k))) { | |
| 183 | /*- | |
| 184 | * this is an unusual input, and we don't guarantee | |
| 185 | * constant-timeness | |
| 186 | */ | |
| 187 | if (!BN_nnmod(k, k, group->order, ctx)) | |
| 188 | goto err; | |
| 189 | } | |
| 190 | ||
| 191 | if (!BN_add(lambda, k, group->order)) | |
| 192 | goto err; | |
| 193 | BN_set_flags(lambda, BN_FLG_CONSTTIME); | |
| 194 | if (!BN_add(k, lambda, group->order)) | |
| 195 | goto err; | |
| 196 | /* | |
| 197 | * lambda := scalar + order | |
| 198 | * k := scalar + 2*order | |
| 199 | */ | |
| 200 | kbit = BN_is_bit_set(lambda, order_bits); | |
| 201 | BN_consttime_swap(kbit, k, lambda, group_top + 1); | |
| 202 | ||
| 203 | group_top = bn_get_top(group->field); | |
| 204 | if ((bn_wexpand(s->X, group_top) == NULL) | |
| 205 | || (bn_wexpand(s->Y, group_top) == NULL) | |
| 206 | || (bn_wexpand(s->Z, group_top) == NULL) | |
| 207 | || (bn_wexpand(r->X, group_top) == NULL) | |
| 208 | || (bn_wexpand(r->Y, group_top) == NULL) | |
| 209 | || (bn_wexpand(r->Z, group_top) == NULL)) | |
| 210 | goto err; | |
| 211 | ||
| 212 | /* top bit is a 1, in a fixed pos */ | |
| 213 | if (!EC_POINT_copy(r, s)) | |
| 214 | goto err; | |
| 215 | ||
| 216 | EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); | |
| 217 | ||
| 218 | if (!EC_POINT_dbl(group, s, s, ctx)) | |
| 219 | goto err; | |
| 220 | ||
| 221 | pbit = 0; | |
| 222 | ||
| 223 | #define EC_POINT_CSWAP(c, a, b, w, t) do { \ | |
| 224 | BN_consttime_swap(c, (a)->X, (b)->X, w); \ | |
| 225 | BN_consttime_swap(c, (a)->Y, (b)->Y, w); \ | |
| 226 | BN_consttime_swap(c, (a)->Z, (b)->Z, w); \ | |
| 227 | t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ | |
| 228 | (a)->Z_is_one ^= (t); \ | |
| 229 | (b)->Z_is_one ^= (t); \ | |
| 230 | } while(0) | |
| 231 | ||
| 232 | /*- | |
| 233 | * The ladder step, with branches, is | |
| 234 | * | |
| 235 | * k[i] == 0: S = add(R, S), R = dbl(R) | |
| 236 | * k[i] == 1: R = add(S, R), S = dbl(S) | |
| 237 | * | |
| 238 | * Swapping R, S conditionally on k[i] leaves you with state | |
| 239 | * | |
| 240 | * k[i] == 0: T, U = R, S | |
| 241 | * k[i] == 1: T, U = S, R | |
| 242 | * | |
| 243 | * Then perform the ECC ops. | |
| 244 | * | |
| 245 | * U = add(T, U) | |
| 246 | * T = dbl(T) | |
| 247 | * | |
| 248 | * Which leaves you with state | |
| 249 | * | |
| 250 | * k[i] == 0: U = add(R, S), T = dbl(R) | |
| 251 | * k[i] == 1: U = add(S, R), T = dbl(S) | |
| 252 | * | |
| 253 | * Swapping T, U conditionally on k[i] leaves you with state | |
| 254 | * | |
| 255 | * k[i] == 0: R, S = T, U | |
| 256 | * k[i] == 1: R, S = U, T | |
| 257 | * | |
| 258 | * Which leaves you with state | |
| 259 | * | |
| 260 | * k[i] == 0: S = add(R, S), R = dbl(R) | |
| 261 | * k[i] == 1: R = add(S, R), S = dbl(S) | |
| 262 | * | |
| 263 | * So we get the same logic, but instead of a branch it's a | |
| 264 | * conditional swap, followed by ECC ops, then another conditional swap. | |
| 265 | * | |
| 266 | * Optimization: The end of iteration i and start of i-1 looks like | |
| 267 | * | |
| 268 | * ... | |
| 269 | * CSWAP(k[i], R, S) | |
| 270 | * ECC | |
| 271 | * CSWAP(k[i], R, S) | |
| 272 | * (next iteration) | |
| 273 | * CSWAP(k[i-1], R, S) | |
| 274 | * ECC | |
| 275 | * CSWAP(k[i-1], R, S) | |
| 276 | * ... | |
| 277 | * | |
| 278 | * So instead of two contiguous swaps, you can merge the condition | |
| 279 | * bits and do a single swap. | |
| 280 | * | |
| 281 | * k[i] k[i-1] Outcome | |
| 282 | * 0 0 No Swap | |
| 283 | * 0 1 Swap | |
| 284 | * 1 0 Swap | |
| 285 | * 1 1 No Swap | |
| 286 | * | |
| 287 | * This is XOR. pbit tracks the previous bit of k. | |
| 288 | */ | |
| 289 | ||
| 290 | for (i = order_bits - 1; i >= 0; i--) { | |
| 291 | kbit = BN_is_bit_set(k, i) ^ pbit; | |
| 292 | EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); | |
| 293 | if (!EC_POINT_add(group, s, r, s, ctx)) | |
| 294 | goto err; | |
| 295 | if (!EC_POINT_dbl(group, r, r, ctx)) | |
| 296 | goto err; | |
| 297 | /* | |
| 298 | * pbit logic merges this cswap with that of the | |
| 299 | * next iteration | |
| 300 | */ | |
| 301 | pbit ^= kbit; | |
| 302 | } | |
| 303 | /* one final cswap to move the right value into r */ | |
| 304 | EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); | |
| 305 | #undef EC_POINT_CSWAP | |
| 306 | ||
| 307 | ret = 1; | |
| 308 | ||
| 309 | err: | |
| 310 | EC_POINT_free(s); | |
| 311 | BN_CTX_end(ctx); | |
| 312 | BN_CTX_free(new_ctx); | |
| 313 | ||
| 314 | return ret; | |
| 315 | } | |
| 316 | ||
| 317 | #undef EC_POINT_BN_set_flags | |
| 102 | 318 | |
| 103 | 319 | /* |
| 104 | 320 | * TODO: table should be optimised for the wNAF-based implementation, |
| 159 | 375 | return EC_POINT_set_to_infinity(group, r); |
| 160 | 376 | } |
| 161 | 377 | |
| 378 | /*- | |
| 379 | * Handle the common cases where the scalar is secret, enforcing a constant | |
| 380 | * time scalar multiplication algorithm. | |
| 381 | */ | |
| 382 | if ((scalar != NULL) && (num == 0)) { | |
| 383 | /*- | |
| 384 | * In this case we want to compute scalar * GeneratorPoint: this | |
| 385 | * codepath is reached most prominently by (ephemeral) key generation | |
| 386 | * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH | |
| 387 | * keygen/first half), where the scalar is always secret. This is why | |
| 388 | * we ignore if BN_FLG_CONSTTIME is actually set and we always call the | |
| 389 | * constant time version. | |
| 390 | */ | |
| 391 | return ec_mul_consttime(group, r, scalar, NULL, ctx); | |
| 392 | } | |
| 393 | if ((scalar == NULL) && (num == 1)) { | |
| 394 | /*- | |
| 395 | * In this case we want to compute scalar * GenericPoint: this codepath | |
| 396 | * is reached most prominently by the second half of ECDH, where the | |
| 397 | * secret scalar is multiplied by the peer's public point. To protect | |
| 398 | * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and | |
| 399 | * we always call the constant time version. | |
| 400 | */ | |
| 401 | return ec_mul_consttime(group, r, scalars[0], points[0], ctx); | |
| 402 | } | |
| 403 | ||
| 162 | 404 | for (i = 0; i < num; i++) { |
| 163 | 405 | if (group->meth != points[i]->meth) { |
| 164 | 406 | ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); |
| 0 | 0 | /* |
| 1 | * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 143 | 143 | { |
| 144 | 144 | size_t len; |
| 145 | 145 | unsigned char *buf; |
| 146 | ||
| 146 | 147 | len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL); |
| 147 | 148 | if (len == 0) |
| 148 | 149 | return 0; |
| 149 | buf = OPENSSL_malloc(len); | |
| 150 | if (buf == NULL) | |
| 150 | if ((buf = OPENSSL_malloc(len)) == NULL) { | |
| 151 | ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE); | |
| 151 | 152 | return 0; |
| 153 | } | |
| 152 | 154 | len = EC_POINT_point2oct(group, point, form, buf, len, ctx); |
| 153 | 155 | if (len == 0) { |
| 154 | 156 | OPENSSL_free(buf); |
| 45 | 45 | { |
| 46 | 46 | EC_PKEY_CTX *dctx; |
| 47 | 47 | |
| 48 | dctx = OPENSSL_zalloc(sizeof(*dctx)); | |
| 49 | if (dctx == NULL) | |
| 50 | return 0; | |
| 48 | if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { | |
| 49 | ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE); | |
| 50 | return 0; | |
| 51 | } | |
| 51 | 52 | |
| 52 | 53 | dctx->cofactor_mode = -1; |
| 53 | 54 | dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; |
| 296 | 297 | return 0; |
| 297 | 298 | if (!pkey_ec_derive(ctx, NULL, &ktmplen)) |
| 298 | 299 | return 0; |
| 299 | ktmp = OPENSSL_malloc(ktmplen); | |
| 300 | if (ktmp == NULL) | |
| 301 | return 0; | |
| 300 | if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) { | |
| 301 | ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE); | |
| 302 | return 0; | |
| 303 | } | |
| 302 | 304 | if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) |
| 303 | 305 | goto err; |
| 304 | 306 | /* Do KDF stuff */ |
| 0 | 0 | /* |
| 1 | * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | 9 | #include <openssl/crypto.h> |
| 10 | #include <openssl/err.h> | |
| 10 | 11 | #include "ec_lcl.h" |
| 11 | 12 | |
| 12 | 13 | BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, |
| 38 | 39 | |
| 39 | 40 | if ((buf_len = BN_num_bytes(bn)) == 0) |
| 40 | 41 | return NULL; |
| 41 | buf = OPENSSL_malloc(buf_len); | |
| 42 | if (buf == NULL) | |
| 42 | if ((buf = OPENSSL_malloc(buf_len)) == NULL) { | |
| 43 | ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); | |
| 43 | 44 | return NULL; |
| 45 | } | |
| 44 | 46 | |
| 45 | 47 | if (!BN_bn2bin(bn, buf)) { |
| 46 | 48 | OPENSSL_free(buf); |
| 394 | 394 | out[3] += in[3]; |
| 395 | 395 | } |
| 396 | 396 | |
| 397 | /* Get negative value: out = -in */ | |
| 398 | /* Assumes in[i] < 2^57 */ | |
| 399 | static void felem_neg(felem out, const felem in) | |
| 400 | { | |
| 401 | static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); | |
| 402 | static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); | |
| 403 | static const limb two58m42m2 = (((limb) 1) << 58) - | |
| 404 | (((limb) 1) << 42) - (((limb) 1) << 2); | |
| 405 | ||
| 406 | /* Set to 0 mod 2^224-2^96+1 to ensure out > in */ | |
| 407 | out[0] = two58p2 - in[0]; | |
| 408 | out[1] = two58m42m2 - in[1]; | |
| 409 | out[2] = two58m2 - in[2]; | |
| 410 | out[3] = two58m2 - in[3]; | |
| 411 | } | |
| 412 | ||
| 413 | 397 | /* Subtract field elements: out -= in */ |
| 414 | 398 | /* Assumes in[i] < 2^57 */ |
| 415 | 399 | static void felem_diff(felem out, const felem in) |
| 679 | 663 | } |
| 680 | 664 | |
| 681 | 665 | /* |
| 666 | * Get negative value: out = -in | |
| 667 | * Requires in[i] < 2^63, | |
| 668 | * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 | |
| 669 | */ | |
| 670 | static void felem_neg(felem out, const felem in) | |
| 671 | { | |
| 672 | widefelem tmp = {0}; | |
| 673 | felem_diff_128_64(tmp, in); | |
| 674 | felem_reduce(out, tmp); | |
| 675 | } | |
| 676 | ||
| 677 | /* | |
| 682 | 678 | * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field |
| 683 | 679 | * elements are reduced to in < 2^225, so we only need to check three cases: |
| 684 | 680 | * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2 |
| 816 | 812 | * Double an elliptic curve point: |
| 817 | 813 | * (X', Y', Z') = 2 * (X, Y, Z), where |
| 818 | 814 | * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 |
| 819 | * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2 | |
| 815 | * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4 | |
| 820 | 816 | * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z |
| 821 | 817 | * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, |
| 822 | 818 | * while x_out == y_in is not (maybe this works, but it's not tested). |
| 674 | 674 | 0 |
| 675 | 675 | }; |
| 676 | 676 | |
| 677 | static int pkey_ecd_sign25519(EVP_PKEY_CTX *ctx, unsigned char *sig, | |
| 678 | size_t *siglen, const unsigned char *tbs, | |
| 679 | size_t tbslen) | |
| 680 | { | |
| 681 | const ECX_KEY *edkey = ctx->pkey->pkey.ecx; | |
| 682 | ||
| 683 | if (sig == NULL) { | |
| 684 | *siglen = ED25519_SIGSIZE; | |
| 685 | return 1; | |
| 686 | } | |
| 687 | if (*siglen < ED25519_SIGSIZE) { | |
| 688 | ECerr(EC_F_PKEY_ECD_SIGN25519, EC_R_BUFFER_TOO_SMALL); | |
| 689 | return 0; | |
| 690 | } | |
| 691 | ||
| 692 | if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0) | |
| 693 | return 0; | |
| 694 | *siglen = ED25519_SIGSIZE; | |
| 695 | return 1; | |
| 696 | } | |
| 697 | ||
| 677 | 698 | static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, |
| 678 | 699 | size_t *siglen, const unsigned char *tbs, |
| 679 | 700 | size_t tbslen) |
| 680 | 701 | { |
| 681 | const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; | |
| 702 | return pkey_ecd_sign25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, | |
| 703 | tbslen); | |
| 704 | } | |
| 705 | ||
| 706 | static int pkey_ecd_sign448(EVP_PKEY_CTX *ctx, unsigned char *sig, | |
| 707 | size_t *siglen, const unsigned char *tbs, | |
| 708 | size_t tbslen) | |
| 709 | { | |
| 710 | const ECX_KEY *edkey = ctx->pkey->pkey.ecx; | |
| 682 | 711 | |
| 683 | 712 | if (sig == NULL) { |
| 684 | *siglen = ED25519_SIGSIZE; | |
| 713 | *siglen = ED448_SIGSIZE; | |
| 685 | 714 | return 1; |
| 686 | 715 | } |
| 687 | if (*siglen < ED25519_SIGSIZE) { | |
| 688 | ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL); | |
| 689 | return 0; | |
| 690 | } | |
| 691 | ||
| 692 | if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0) | |
| 693 | return 0; | |
| 694 | *siglen = ED25519_SIGSIZE; | |
| 716 | if (*siglen < ED448_SIGSIZE) { | |
| 717 | ECerr(EC_F_PKEY_ECD_SIGN448, EC_R_BUFFER_TOO_SMALL); | |
| 718 | return 0; | |
| 719 | } | |
| 720 | ||
| 721 | if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, | |
| 722 | 0) == 0) | |
| 723 | return 0; | |
| 724 | *siglen = ED448_SIGSIZE; | |
| 695 | 725 | return 1; |
| 696 | 726 | } |
| 697 | 727 | |
| 699 | 729 | size_t *siglen, const unsigned char *tbs, |
| 700 | 730 | size_t tbslen) |
| 701 | 731 | { |
| 702 | const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; | |
| 703 | ||
| 704 | if (sig == NULL) { | |
| 705 | *siglen = ED448_SIGSIZE; | |
| 706 | return 1; | |
| 707 | } | |
| 708 | if (*siglen < ED448_SIGSIZE) { | |
| 709 | ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL); | |
| 710 | return 0; | |
| 711 | } | |
| 712 | ||
| 713 | if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, | |
| 714 | 0) == 0) | |
| 715 | return 0; | |
| 716 | *siglen = ED448_SIGSIZE; | |
| 717 | return 1; | |
| 732 | return pkey_ecd_sign448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, tbslen); | |
| 733 | } | |
| 734 | ||
| 735 | static int pkey_ecd_verify25519(EVP_PKEY_CTX *ctx, const unsigned char *sig, | |
| 736 | size_t siglen, const unsigned char *tbs, | |
| 737 | size_t tbslen) | |
| 738 | { | |
| 739 | const ECX_KEY *edkey = ctx->pkey->pkey.ecx; | |
| 740 | ||
| 741 | if (siglen != ED25519_SIGSIZE) | |
| 742 | return 0; | |
| 743 | ||
| 744 | return ED25519_verify(tbs, tbslen, sig, edkey->pubkey); | |
| 718 | 745 | } |
| 719 | 746 | |
| 720 | 747 | static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, |
| 721 | 748 | size_t siglen, const unsigned char *tbs, |
| 722 | 749 | size_t tbslen) |
| 723 | 750 | { |
| 724 | const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; | |
| 725 | ||
| 726 | if (siglen != ED25519_SIGSIZE) | |
| 727 | return 0; | |
| 728 | ||
| 729 | return ED25519_verify(tbs, tbslen, sig, edkey->pubkey); | |
| 751 | return pkey_ecd_verify25519(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, | |
| 752 | tbslen); | |
| 753 | } | |
| 754 | ||
| 755 | static int pkey_ecd_verify448(EVP_PKEY_CTX *ctx, const unsigned char *sig, | |
| 756 | size_t siglen, const unsigned char *tbs, | |
| 757 | size_t tbslen) | |
| 758 | { | |
| 759 | const ECX_KEY *edkey = ctx->pkey->pkey.ecx; | |
| 760 | ||
| 761 | if (siglen != ED448_SIGSIZE) | |
| 762 | return 0; | |
| 763 | ||
| 764 | return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0); | |
| 730 | 765 | } |
| 731 | 766 | |
| 732 | 767 | static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, |
| 733 | 768 | size_t siglen, const unsigned char *tbs, |
| 734 | 769 | size_t tbslen) |
| 735 | 770 | { |
| 736 | const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx; | |
| 737 | ||
| 738 | if (siglen != ED448_SIGSIZE) | |
| 739 | return 0; | |
| 740 | ||
| 741 | return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0); | |
| 771 | return pkey_ecd_verify448(EVP_MD_CTX_pkey_ctx(ctx), sig, siglen, tbs, | |
| 772 | tbslen); | |
| 742 | 773 | } |
| 743 | 774 | |
| 744 | 775 | static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) |
| 761 | 792 | EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, |
| 762 | 793 | 0, 0, 0, 0, 0, 0, |
| 763 | 794 | pkey_ecx_keygen, |
| 764 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 795 | 0, | |
| 796 | pkey_ecd_sign25519, | |
| 797 | 0, | |
| 798 | pkey_ecd_verify25519, | |
| 799 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 765 | 800 | pkey_ecd_ctrl, |
| 766 | 801 | 0, |
| 767 | 802 | pkey_ecd_digestsign25519, |
| 772 | 807 | EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, |
| 773 | 808 | 0, 0, 0, 0, 0, 0, |
| 774 | 809 | pkey_ecx_keygen, |
| 775 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 810 | 0, | |
| 811 | pkey_ecd_sign448, | |
| 812 | 0, | |
| 813 | pkey_ecd_verify448, | |
| 814 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, | |
| 776 | 815 | pkey_ecd_ctrl, |
| 777 | 816 | 0, |
| 778 | 817 | pkey_ecd_digestsign448, |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 65 | 65 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0), |
| 66 | 66 | "engine_unlocked_finish"}, |
| 67 | 67 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"}, |
| 68 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0), | |
| 69 | "int_cleanup_item"}, | |
| 68 | 70 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"}, |
| 69 | 71 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0), |
| 70 | 72 | "int_engine_configure"}, |
| 71 | 73 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0), |
| 72 | 74 | "int_engine_module_init"}, |
| 75 | {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"}, | |
| 73 | 76 | {0, NULL} |
| 74 | 77 | }; |
| 75 | 78 | |
| 19 | 19 | |
| 20 | 20 | DEFINE_RUN_ONCE(do_engine_lock_init) |
| 21 | 21 | { |
| 22 | OPENSSL_init_crypto(0, NULL); | |
| 22 | if (!OPENSSL_init_crypto(0, NULL)) | |
| 23 | return 0; | |
| 23 | 24 | global_engine_lock = CRYPTO_THREAD_lock_new(); |
| 24 | 25 | return global_engine_lock != NULL; |
| 25 | 26 | } |
| 125 | 126 | |
| 126 | 127 | static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) |
| 127 | 128 | { |
| 128 | ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item)); | |
| 129 | if (item == NULL) | |
| 129 | ENGINE_CLEANUP_ITEM *item; | |
| 130 | ||
| 131 | if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { | |
| 132 | ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE); | |
| 130 | 133 | return NULL; |
| 134 | } | |
| 131 | 135 | item->cb = cb; |
| 132 | 136 | return item; |
| 133 | 137 | } |
| 135 | 139 | void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) |
| 136 | 140 | { |
| 137 | 141 | ENGINE_CLEANUP_ITEM *item; |
| 142 | ||
| 138 | 143 | if (!int_cleanup_check(1)) |
| 139 | 144 | return; |
| 140 | 145 | item = int_cleanup_item(cb); |
| 316 | 316 | * Prevent infinite recursion if we're looking for the dynamic engine. |
| 317 | 317 | */ |
| 318 | 318 | if (strcmp(id, "dynamic")) { |
| 319 | if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL) | |
| 319 | if (OPENSSL_issetugid() | |
| 320 | || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) | |
| 320 | 321 | load_dir = ENGINESDIR; |
| 321 | 322 | iterator = ENGINE_by_id("dynamic"); |
| 322 | 323 | if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || |
| 0 | 0 | /* |
| 1 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 430 | 430 | { |
| 431 | 431 | OSSL_HMAC_PKEY_CTX *hctx; |
| 432 | 432 | |
| 433 | hctx = OPENSSL_zalloc(sizeof(*hctx)); | |
| 434 | if (hctx == NULL) | |
| 435 | return 0; | |
| 433 | if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { | |
| 434 | ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE); | |
| 435 | return 0; | |
| 436 | } | |
| 436 | 437 | hctx->ktmp.type = V_ASN1_OCTET_STRING; |
| 437 | 438 | hctx->ctx = HMAC_CTX_new(); |
| 438 | 439 | if (hctx->ctx == NULL) { |
| 264 | 264 | |
| 265 | 265 | DEFINE_RUN_ONCE_STATIC(do_err_strings_init) |
| 266 | 266 | { |
| 267 | OPENSSL_init_crypto(0, NULL); | |
| 267 | if (!OPENSSL_init_crypto(0, NULL)) | |
| 268 | return 0; | |
| 268 | 269 | err_string_lock = CRYPTO_THREAD_lock_new(); |
| 270 | if (err_string_lock == NULL) | |
| 271 | return 0; | |
| 269 | 272 | int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, |
| 270 | 273 | err_string_data_cmp); |
| 271 | return err_string_lock != NULL && int_error_hash != NULL; | |
| 274 | if (int_error_hash == NULL) { | |
| 275 | CRYPTO_THREAD_lock_free(err_string_lock); | |
| 276 | err_string_lock = NULL; | |
| 277 | return 0; | |
| 278 | } | |
| 279 | return 1; | |
| 272 | 280 | } |
| 273 | 281 | |
| 274 | 282 | void err_cleanup(void) |
| 661 | 669 | |
| 662 | 670 | ERR_STATE *ERR_get_state(void) |
| 663 | 671 | { |
| 664 | ERR_STATE *state = NULL; | |
| 672 | ERR_STATE *state; | |
| 673 | ||
| 674 | if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) | |
| 675 | return NULL; | |
| 665 | 676 | |
| 666 | 677 | if (!RUN_ONCE(&err_init, err_do_init)) |
| 667 | 678 | return NULL; |
| 668 | 679 | |
| 669 | /* | |
| 670 | * If base OPENSSL_init_crypto() hasn't been called yet, be sure to call | |
| 671 | * it now to avoid state to be doubly allocated and thereby leak memory. | |
| 672 | * Needed on any platform that doesn't define OPENSSL_USE_NODELETE. | |
| 673 | */ | |
| 674 | if (!OPENSSL_init_crypto(0, NULL)) | |
| 680 | state = CRYPTO_THREAD_get_local(&err_thread_local); | |
| 681 | if (state == (ERR_STATE*)-1) | |
| 675 | 682 | return NULL; |
| 676 | 683 | |
| 677 | state = CRYPTO_THREAD_get_local(&err_thread_local); | |
| 678 | ||
| 679 | 684 | if (state == NULL) { |
| 680 | state = OPENSSL_zalloc(sizeof(*state)); | |
| 681 | if (state == NULL) | |
| 685 | if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) | |
| 682 | 686 | return NULL; |
| 683 | 687 | |
| 684 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) | |
| 685 | || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { | |
| 686 | ERR_STATE_free(state); | |
| 688 | if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { | |
| 689 | CRYPTO_THREAD_set_local(&err_thread_local, NULL); | |
| 687 | 690 | return NULL; |
| 688 | 691 | } |
| 689 | 692 | |
| 693 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) | |
| 694 | || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { | |
| 695 | ERR_STATE_free(state); | |
| 696 | CRYPTO_THREAD_set_local(&err_thread_local, NULL); | |
| 697 | return NULL; | |
| 698 | } | |
| 699 | ||
| 690 | 700 | /* Ignore failures from these */ |
| 691 | 701 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); |
| 692 | 702 | } |
| 694 | 704 | return state; |
| 695 | 705 | } |
| 696 | 706 | |
| 707 | /* | |
| 708 | * err_shelve_state returns the current thread local error state | |
| 709 | * and freezes the error module until err_unshelve_state is called. | |
| 710 | */ | |
| 711 | int err_shelve_state(void **state) | |
| 712 | { | |
| 713 | if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) | |
| 714 | return 0; | |
| 715 | ||
| 716 | if (!RUN_ONCE(&err_init, err_do_init)) | |
| 717 | return 0; | |
| 718 | ||
| 719 | *state = CRYPTO_THREAD_get_local(&err_thread_local); | |
| 720 | if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) | |
| 721 | return 0; | |
| 722 | ||
| 723 | return 1; | |
| 724 | } | |
| 725 | ||
| 726 | /* | |
| 727 | * err_unshelve_state restores the error state that was returned | |
| 728 | * by err_shelve_state previously. | |
| 729 | */ | |
| 730 | void err_unshelve_state(void* state) | |
| 731 | { | |
| 732 | if (state != (void*)-1) | |
| 733 | CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state); | |
| 734 | } | |
| 735 | ||
| 697 | 736 | int ERR_get_next_error_library(void) |
| 698 | 737 | { |
| 699 | 738 | int ret; |
| 700 | 739 | |
| 701 | if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { | |
| 702 | return 0; | |
| 703 | } | |
| 740 | if (!RUN_ONCE(&err_string_init, do_err_strings_init)) | |
| 741 | return 0; | |
| 704 | 742 | |
| 705 | 743 | CRYPTO_THREAD_write_lock(err_string_lock); |
| 706 | 744 | ret = int_err_library_number++; |
| 738 | 776 | char *str, *p, *a; |
| 739 | 777 | |
| 740 | 778 | s = 80; |
| 741 | str = OPENSSL_malloc(s + 1); | |
| 742 | if (str == NULL) | |
| 779 | if ((str = OPENSSL_malloc(s + 1)) == NULL) { | |
| 780 | /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */ | |
| 743 | 781 | return; |
| 782 | } | |
| 744 | 783 | str[0] = '\0'; |
| 745 | 784 | |
| 746 | 785 | n = 0; |
| 9 | 9 | ASN1_F_A2I_ASN1_INTEGER:102:a2i_ASN1_INTEGER |
| 10 | 10 | ASN1_F_A2I_ASN1_STRING:103:a2i_ASN1_STRING |
| 11 | 11 | ASN1_F_APPEND_EXP:176:append_exp |
| 12 | ASN1_F_ASN1_BIO_INIT:113:asn1_bio_init | |
| 12 | 13 | ASN1_F_ASN1_BIT_STRING_SET_BIT:183:ASN1_BIT_STRING_set_bit |
| 13 | 14 | ASN1_F_ASN1_CB:177:asn1_cb |
| 14 | 15 | ASN1_F_ASN1_CHECK_TLEN:104:asn1_check_tlen |
| 20 | 21 | ASN1_F_ASN1_DO_ADB:110:asn1_do_adb |
| 21 | 22 | ASN1_F_ASN1_DO_LOCK:233:asn1_do_lock |
| 22 | 23 | ASN1_F_ASN1_DUP:111:ASN1_dup |
| 24 | ASN1_F_ASN1_ENC_SAVE:115:asn1_enc_save | |
| 23 | 25 | ASN1_F_ASN1_EX_C2I:204:asn1_ex_c2i |
| 24 | 26 | ASN1_F_ASN1_FIND_END:190:asn1_find_end |
| 25 | 27 | ASN1_F_ASN1_GENERALIZEDTIME_ADJ:216:ASN1_GENERALIZEDTIME_adj |
| 33 | 35 | ASN1_F_ASN1_ITEM_DUP:191:ASN1_item_dup |
| 34 | 36 | ASN1_F_ASN1_ITEM_EMBED_D2I:120:asn1_item_embed_d2i |
| 35 | 37 | ASN1_F_ASN1_ITEM_EMBED_NEW:121:asn1_item_embed_new |
| 38 | ASN1_F_ASN1_ITEM_FLAGS_I2D:118:asn1_item_flags_i2d | |
| 36 | 39 | ASN1_F_ASN1_ITEM_I2D_BIO:192:ASN1_item_i2d_bio |
| 37 | 40 | ASN1_F_ASN1_ITEM_I2D_FP:193:ASN1_item_i2d_fp |
| 38 | 41 | ASN1_F_ASN1_ITEM_PACK:198:ASN1_item_pack |
| 44 | 47 | ASN1_F_ASN1_OBJECT_NEW:123:ASN1_OBJECT_new |
| 45 | 48 | ASN1_F_ASN1_OUTPUT_DATA:214:asn1_output_data |
| 46 | 49 | ASN1_F_ASN1_PCTX_NEW:205:ASN1_PCTX_new |
| 50 | ASN1_F_ASN1_PRIMITIVE_NEW:119:asn1_primitive_new | |
| 47 | 51 | ASN1_F_ASN1_SCTX_NEW:221:ASN1_SCTX_new |
| 48 | 52 | ASN1_F_ASN1_SIGN:128:ASN1_sign |
| 49 | 53 | ASN1_F_ASN1_STR2TYPE:179:asn1_str2type |
| 77 | 81 | ASN1_F_D2I_AUTOPRIVATEKEY:207:d2i_AutoPrivateKey |
| 78 | 82 | ASN1_F_D2I_PRIVATEKEY:154:d2i_PrivateKey |
| 79 | 83 | ASN1_F_D2I_PUBLICKEY:155:d2i_PublicKey |
| 84 | ASN1_F_DO_CREATE:124:do_create | |
| 85 | ASN1_F_DO_DUMP:125:do_dump | |
| 80 | 86 | ASN1_F_DO_TCREATE:222:do_tcreate |
| 87 | ASN1_F_I2A_ASN1_OBJECT:126:i2a_ASN1_OBJECT | |
| 81 | 88 | ASN1_F_I2D_ASN1_BIO_STREAM:211:i2d_ASN1_bio_stream |
| 82 | 89 | ASN1_F_I2D_DSA_PUBKEY:161:i2d_DSA_PUBKEY |
| 83 | 90 | ASN1_F_I2D_EC_PUBKEY:181:i2d_EC_PUBKEY |
| 85 | 92 | ASN1_F_I2D_PUBLICKEY:164:i2d_PublicKey |
| 86 | 93 | ASN1_F_I2D_RSA_PUBKEY:165:i2d_RSA_PUBKEY |
| 87 | 94 | ASN1_F_LONG_C2I:166:long_c2i |
| 95 | ASN1_F_NDEF_PREFIX:127:ndef_prefix | |
| 96 | ASN1_F_NDEF_SUFFIX:136:ndef_suffix | |
| 88 | 97 | ASN1_F_OID_MODULE_INIT:174:oid_module_init |
| 89 | 98 | ASN1_F_PARSE_TAGGING:182:parse_tagging |
| 90 | 99 | ASN1_F_PKCS5_PBE2_SET_IV:167:PKCS5_pbe2_set_iv |
| 95 | 104 | ASN1_F_PKCS5_SCRYPT_SET:232:pkcs5_scrypt_set |
| 96 | 105 | ASN1_F_SMIME_READ_ASN1:212:SMIME_read_ASN1 |
| 97 | 106 | ASN1_F_SMIME_TEXT:213:SMIME_text |
| 107 | ASN1_F_STABLE_GET:138:stable_get | |
| 98 | 108 | ASN1_F_STBL_MODULE_INIT:223:stbl_module_init |
| 99 | 109 | ASN1_F_UINT32_C2I:105:uint32_c2i |
| 110 | ASN1_F_UINT32_NEW:139:uint32_new | |
| 100 | 111 | ASN1_F_UINT64_C2I:112:uint64_c2i |
| 112 | ASN1_F_UINT64_NEW:141:uint64_new | |
| 101 | 113 | ASN1_F_X509_CRL_ADD0_REVOKED:169:X509_CRL_add0_revoked |
| 102 | 114 | ASN1_F_X509_INFO_NEW:170:X509_INFO_new |
| 103 | 115 | ASN1_F_X509_NAME_ENCODE:203:x509_name_encode |
| 110 | 122 | ASYNC_F_ASYNC_PAUSE_JOB:103:ASYNC_pause_job |
| 111 | 123 | ASYNC_F_ASYNC_START_FUNC:104:async_start_func |
| 112 | 124 | ASYNC_F_ASYNC_START_JOB:105:ASYNC_start_job |
| 125 | ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD:106:ASYNC_WAIT_CTX_set_wait_fd | |
| 113 | 126 | BIO_F_ACPT_STATE:100:acpt_state |
| 127 | BIO_F_ADDRINFO_WRAP:148:addrinfo_wrap | |
| 114 | 128 | BIO_F_ADDR_STRINGS:134:addr_strings |
| 115 | 129 | BIO_F_BIO_ACCEPT:101:BIO_accept |
| 116 | 130 | BIO_F_BIO_ACCEPT_EX:137:BIO_accept_ex |
| 131 | BIO_F_BIO_ACCEPT_NEW:152:BIO_ACCEPT_new | |
| 117 | 132 | BIO_F_BIO_ADDR_NEW:144:BIO_ADDR_new |
| 118 | 133 | BIO_F_BIO_BIND:147:BIO_bind |
| 119 | 134 | BIO_F_BIO_CALLBACK_CTRL:131:BIO_callback_ctrl |
| 120 | 135 | BIO_F_BIO_CONNECT:138:BIO_connect |
| 136 | BIO_F_BIO_CONNECT_NEW:153:BIO_CONNECT_new | |
| 121 | 137 | BIO_F_BIO_CTRL:103:BIO_ctrl |
| 122 | 138 | BIO_F_BIO_GETS:104:BIO_gets |
| 123 | 139 | BIO_F_BIO_GET_HOST_IP:106:BIO_get_host_ip |
| 151 | 167 | BIO_F_BUFFER_CTRL:114:buffer_ctrl |
| 152 | 168 | BIO_F_CONN_CTRL:127:conn_ctrl |
| 153 | 169 | BIO_F_CONN_STATE:115:conn_state |
| 170 | BIO_F_DGRAM_SCTP_NEW:149:dgram_sctp_new | |
| 154 | 171 | BIO_F_DGRAM_SCTP_READ:132:dgram_sctp_read |
| 155 | 172 | BIO_F_DGRAM_SCTP_WRITE:133:dgram_sctp_write |
| 173 | BIO_F_DOAPR_OUTCH:150:doapr_outch | |
| 156 | 174 | BIO_F_FILE_CTRL:116:file_ctrl |
| 157 | 175 | BIO_F_FILE_READ:130:file_read |
| 158 | 176 | BIO_F_LINEBUFFER_CTRL:129:linebuffer_ctrl |
| 177 | BIO_F_LINEBUFFER_NEW:151:linebuffer_new | |
| 159 | 178 | BIO_F_MEM_WRITE:117:mem_write |
| 179 | BIO_F_NBIOF_NEW:154:nbiof_new | |
| 180 | BIO_F_SLG_WRITE:155:slg_write | |
| 160 | 181 | BIO_F_SSL_NEW:118:SSL_new |
| 161 | 182 | BN_F_BNRAND:127:bnrand |
| 162 | 183 | BN_F_BNRAND_RANGE:138:bnrand_range |
| 196 | 217 | BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch |
| 197 | 218 | BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick |
| 198 | 219 | BN_F_BN_MOD_SQRT:121:BN_mod_sqrt |
| 220 | BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new | |
| 199 | 221 | BN_F_BN_MPI2BN:112:BN_mpi2bn |
| 200 | 222 | BN_F_BN_NEW:113:BN_new |
| 223 | BN_F_BN_POOL_GET:147:BN_POOL_get | |
| 201 | 224 | BN_F_BN_RAND:114:BN_rand |
| 202 | 225 | BN_F_BN_RAND_RANGE:122:BN_rand_range |
| 226 | BN_F_BN_RECP_CTX_NEW:150:BN_RECP_CTX_new | |
| 203 | 227 | BN_F_BN_RSHIFT:146:BN_rshift |
| 204 | 228 | BN_F_BN_SET_WORDS:144:bn_set_words |
| 229 | BN_F_BN_STACK_PUSH:148:BN_STACK_push | |
| 205 | 230 | BN_F_BN_USUB:115:BN_usub |
| 206 | 231 | BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow |
| 207 | 232 | BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean |
| 232 | 257 | CMS_F_CMS_DIGEST_VERIFY:118:CMS_digest_verify |
| 233 | 258 | CMS_F_CMS_ENCODE_RECEIPT:161:cms_encode_Receipt |
| 234 | 259 | CMS_F_CMS_ENCRYPT:119:CMS_encrypt |
| 260 | CMS_F_CMS_ENCRYPTEDCONTENT_INIT:179:cms_EncryptedContent_init | |
| 235 | 261 | CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO:120:cms_EncryptedContent_init_bio |
| 236 | 262 | CMS_F_CMS_ENCRYPTEDDATA_DECRYPT:121:CMS_EncryptedData_decrypt |
| 237 | 263 | CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT:122:CMS_EncryptedData_encrypt |
| 288 | 314 | CMS_F_CMS_STREAM:155:CMS_stream |
| 289 | 315 | CMS_F_CMS_UNCOMPRESS:156:CMS_uncompress |
| 290 | 316 | CMS_F_CMS_VERIFY:157:CMS_verify |
| 317 | CMS_F_KEK_UNWRAP_KEY:180:kek_unwrap_key | |
| 291 | 318 | COMP_F_BIO_ZLIB_FLUSH:99:bio_zlib_flush |
| 292 | 319 | COMP_F_BIO_ZLIB_NEW:100:bio_zlib_new |
| 293 | 320 | COMP_F_BIO_ZLIB_READ:101:bio_zlib_read |
| 294 | 321 | COMP_F_BIO_ZLIB_WRITE:102:bio_zlib_write |
| 322 | COMP_F_COMP_CTX_NEW:103:COMP_CTX_new | |
| 295 | 323 | CONF_F_CONF_DUMP_FP:104:CONF_dump_fp |
| 296 | 324 | CONF_F_CONF_LOAD:100:CONF_load |
| 297 | 325 | CONF_F_CONF_LOAD_FP:103:CONF_load_fp |
| 299 | 327 | CONF_F_DEF_LOAD:120:def_load |
| 300 | 328 | CONF_F_DEF_LOAD_BIO:121:def_load_bio |
| 301 | 329 | CONF_F_GET_NEXT_FILE:107:get_next_file |
| 330 | CONF_F_MODULE_ADD:122:module_add | |
| 302 | 331 | CONF_F_MODULE_INIT:115:module_init |
| 303 | 332 | CONF_F_MODULE_LOAD_DSO:117:module_load_dso |
| 304 | 333 | CONF_F_MODULE_RUN:118:module_run |
| 312 | 341 | CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp |
| 313 | 342 | CONF_F_NCONF_NEW:111:NCONF_new |
| 314 | 343 | CONF_F_PROCESS_INCLUDE:116:process_include |
| 344 | CONF_F_SSL_MODULE_INIT:123:ssl_module_init | |
| 315 | 345 | CONF_F_STR_COPY:101:str_copy |
| 346 | CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new | |
| 316 | 347 | CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data |
| 317 | 348 | CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data |
| 318 | 349 | CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index |
| 319 | 350 | CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup |
| 320 | 351 | CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data |
| 352 | CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx | |
| 353 | CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init | |
| 321 | 354 | CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data |
| 322 | 355 | CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set |
| 323 | 356 | CRYPTO_F_GET_AND_LOCK:113:get_and_lock |
| 357 | CRYPTO_F_OPENSSL_ATEXIT:114:OPENSSL_atexit | |
| 324 | 358 | CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr |
| 359 | CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen | |
| 325 | 360 | CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf |
| 326 | 361 | CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto |
| 362 | CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new | |
| 363 | CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy | |
| 364 | CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup | |
| 365 | CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init | |
| 366 | CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init | |
| 367 | CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init | |
| 368 | CRYPTO_F_SK_RESERVE:129:sk_reserve | |
| 327 | 369 | CT_F_CTLOG_NEW:117:CTLOG_new |
| 328 | 370 | CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64 |
| 329 | 371 | CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf |
| 375 | 417 | DH_F_GENERATE_KEY:103:generate_key |
| 376 | 418 | DH_F_PKEY_DH_CTRL_STR:120:pkey_dh_ctrl_str |
| 377 | 419 | DH_F_PKEY_DH_DERIVE:112:pkey_dh_derive |
| 420 | DH_F_PKEY_DH_INIT:125:pkey_dh_init | |
| 378 | 421 | DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen |
| 379 | 422 | DSA_F_DSAPARAMS_PRINT:100:DSAparams_print |
| 380 | 423 | DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp |
| 397 | 440 | DSA_F_DSA_SIG_NEW:102:DSA_SIG_new |
| 398 | 441 | DSA_F_OLD_DSA_PRIV_DECODE:122:old_dsa_priv_decode |
| 399 | 442 | DSA_F_PKEY_DSA_CTRL:120:pkey_dsa_ctrl |
| 443 | DSA_F_PKEY_DSA_CTRL_STR:104:pkey_dsa_ctrl_str | |
| 400 | 444 | DSA_F_PKEY_DSA_KEYGEN:121:pkey_dsa_keygen |
| 401 | 445 | DSO_F_DLFCN_BIND_FUNC:100:dlfcn_bind_func |
| 402 | 446 | DSO_F_DLFCN_LOAD:102:dlfcn_load |
| 535 | 579 | EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m |
| 536 | 580 | EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp |
| 537 | 581 | EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator |
| 582 | EC_F_EC_GROUP_SET_SEED:286:EC_GROUP_set_seed | |
| 538 | 583 | EC_F_EC_KEY_CHECK_KEY:177:EC_KEY_check_key |
| 539 | 584 | EC_F_EC_KEY_COPY:178:EC_KEY_copy |
| 540 | 585 | EC_F_EC_KEY_GENERATE_KEY:179:EC_KEY_generate_key |
| 543 | 588 | EC_F_EC_KEY_OCT2PRIV:255:EC_KEY_oct2priv |
| 544 | 589 | EC_F_EC_KEY_PRINT:180:EC_KEY_print |
| 545 | 590 | EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp |
| 591 | EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf | |
| 546 | 592 | EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct |
| 547 | 593 | EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\ |
| 548 | 594 | EC_KEY_set_public_key_affine_coordinates |
| 553 | 599 | EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check |
| 554 | 600 | EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine |
| 555 | 601 | EC_F_EC_POINT_ADD:112:EC_POINT_add |
| 602 | EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point | |
| 556 | 603 | EC_F_EC_POINT_CMP:113:EC_POINT_cmp |
| 557 | 604 | EC_F_EC_POINT_COPY:114:EC_POINT_copy |
| 558 | 605 | EC_F_EC_POINT_DBL:115:EC_POINT_dbl |
| 567 | 614 | EC_F_EC_POINT_MAKE_AFFINE:120:EC_POINT_make_affine |
| 568 | 615 | EC_F_EC_POINT_NEW:121:EC_POINT_new |
| 569 | 616 | EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point |
| 617 | EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf | |
| 570 | 618 | EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct |
| 571 | 619 | EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\ |
| 572 | 620 | EC_POINT_set_affine_coordinates_GF2m |
| 597 | 645 | EC_F_PKEY_ECD_DIGESTSIGN:272:pkey_ecd_digestsign |
| 598 | 646 | EC_F_PKEY_ECD_DIGESTSIGN25519:276:pkey_ecd_digestsign25519 |
| 599 | 647 | EC_F_PKEY_ECD_DIGESTSIGN448:277:pkey_ecd_digestsign448 |
| 648 | EC_F_PKEY_ECD_SIGN25519:284:pkey_ecd_sign25519 | |
| 649 | EC_F_PKEY_ECD_SIGN448:285:pkey_ecd_sign448 | |
| 600 | 650 | EC_F_PKEY_ECX_DERIVE:269:pkey_ecx_derive |
| 601 | 651 | EC_F_PKEY_EC_CTRL:197:pkey_ec_ctrl |
| 602 | 652 | EC_F_PKEY_EC_CTRL_STR:198:pkey_ec_ctrl_str |
| 603 | 653 | EC_F_PKEY_EC_DERIVE:217:pkey_ec_derive |
| 654 | EC_F_PKEY_EC_INIT:282:pkey_ec_init | |
| 655 | EC_F_PKEY_EC_KDF_DERIVE:283:pkey_ec_kdf_derive | |
| 604 | 656 | EC_F_PKEY_EC_KEYGEN:199:pkey_ec_keygen |
| 605 | 657 | EC_F_PKEY_EC_PARAMGEN:219:pkey_ec_paramgen |
| 606 | 658 | EC_F_PKEY_EC_SIGN:218:pkey_ec_sign |
| 640 | 692 | ENGINE_F_ENGINE_TABLE_REGISTER:184:engine_table_register |
| 641 | 693 | ENGINE_F_ENGINE_UNLOCKED_FINISH:191:engine_unlocked_finish |
| 642 | 694 | ENGINE_F_ENGINE_UP_REF:190:ENGINE_up_ref |
| 695 | ENGINE_F_INT_CLEANUP_ITEM:199:int_cleanup_item | |
| 643 | 696 | ENGINE_F_INT_CTRL_HELPER:172:int_ctrl_helper |
| 644 | 697 | ENGINE_F_INT_ENGINE_CONFIGURE:188:int_engine_configure |
| 645 | 698 | ENGINE_F_INT_ENGINE_MODULE_INIT:187:int_engine_module_init |
| 699 | ENGINE_F_OSSL_HMAC_INIT:200:ossl_hmac_init | |
| 646 | 700 | EVP_F_AESNI_INIT_KEY:165:aesni_init_key |
| 701 | EVP_F_AES_GCM_CTRL:196:aes_gcm_ctrl | |
| 647 | 702 | EVP_F_AES_INIT_KEY:133:aes_init_key |
| 648 | 703 | EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher |
| 649 | 704 | EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key |
| 650 | 705 | EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher |
| 651 | 706 | EVP_F_ALG_MODULE_INIT:177:alg_module_init |
| 652 | 707 | EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key |
| 708 | EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl | |
| 653 | 709 | EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key |
| 654 | 710 | EVP_F_ARIA_INIT_KEY:185:aria_init_key |
| 711 | EVP_F_B64_NEW:198:b64_new | |
| 655 | 712 | EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key |
| 656 | 713 | EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl |
| 657 | 714 | EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key |
| 658 | 715 | EVP_F_DES_EDE3_WRAP_CIPHER:171:des_ede3_wrap_cipher |
| 659 | 716 | EVP_F_DO_SIGVER_INIT:161:do_sigver_init |
| 717 | EVP_F_ENC_NEW:199:enc_new | |
| 660 | 718 | EVP_F_EVP_CIPHERINIT_EX:123:EVP_CipherInit_ex |
| 661 | 719 | EVP_F_EVP_CIPHER_CTX_COPY:163:EVP_CIPHER_CTX_copy |
| 662 | 720 | EVP_F_EVP_CIPHER_CTX_CTRL:124:EVP_CIPHER_CTX_ctrl |
| 721 | 779 | EVP_F_EVP_SIGNFINAL:107:EVP_SignFinal |
| 722 | 780 | EVP_F_EVP_VERIFYFINAL:108:EVP_VerifyFinal |
| 723 | 781 | EVP_F_INT_CTX_NEW:157:int_ctx_new |
| 782 | EVP_F_OK_NEW:200:ok_new | |
| 724 | 783 | EVP_F_PKCS5_PBE_KEYIVGEN:117:PKCS5_PBE_keyivgen |
| 725 | 784 | EVP_F_PKCS5_V2_PBE_KEYIVGEN:118:PKCS5_v2_PBE_keyivgen |
| 726 | 785 | EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN:164:PKCS5_v2_PBKDF2_keyivgen |
| 728 | 787 | EVP_F_PKEY_SET_TYPE:158:pkey_set_type |
| 729 | 788 | EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth |
| 730 | 789 | EVP_F_RC5_CTRL:125:rc5_ctrl |
| 790 | EVP_F_S390X_AES_GCM_CTRL:201:s390x_aes_gcm_ctrl | |
| 731 | 791 | EVP_F_UPDATE:173:update |
| 732 | 792 | KDF_F_PKEY_HKDF_CTRL_STR:103:pkey_hkdf_ctrl_str |
| 733 | 793 | KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive |
| 794 | KDF_F_PKEY_HKDF_INIT:108:pkey_hkdf_init | |
| 734 | 795 | KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str |
| 735 | 796 | KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64 |
| 736 | 797 | KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive |
| 738 | 799 | KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf |
| 739 | 800 | KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str |
| 740 | 801 | KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive |
| 802 | KDF_F_PKEY_TLS1_PRF_INIT:110:pkey_tls1_prf_init | |
| 803 | KDF_F_TLS1_PRF_ALG:111:tls1_prf_alg | |
| 741 | 804 | OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object |
| 805 | OBJ_F_OBJ_ADD_SIGID:107:OBJ_add_sigid | |
| 742 | 806 | OBJ_F_OBJ_CREATE:100:OBJ_create |
| 743 | 807 | OBJ_F_OBJ_DUP:101:OBJ_dup |
| 744 | 808 | OBJ_F_OBJ_NAME_NEW_INDEX:106:OBJ_NAME_new_index |
| 745 | 809 | OBJ_F_OBJ_NID2LN:102:OBJ_nid2ln |
| 746 | 810 | OBJ_F_OBJ_NID2OBJ:103:OBJ_nid2obj |
| 747 | 811 | OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn |
| 812 | OBJ_F_OBJ_TXT2OBJ:108:OBJ_txt2obj | |
| 748 | 813 | OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce |
| 749 | 814 | OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status |
| 750 | 815 | OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign |
| 815 | 880 | PEM_F_DO_B2I:132:do_b2i |
| 816 | 881 | PEM_F_DO_B2I_BIO:133:do_b2i_bio |
| 817 | 882 | PEM_F_DO_BLOB_HEADER:134:do_blob_header |
| 883 | PEM_F_DO_I2B:146:do_i2b | |
| 818 | 884 | PEM_F_DO_PK8PKEY:126:do_pk8pkey |
| 819 | 885 | PEM_F_DO_PK8PKEY_FP:125:do_pk8pkey_fp |
| 820 | 886 | PEM_F_DO_PVK_BODY:135:do_PVK_body |
| 846 | 912 | PEM_F_PEM_X509_INFO_READ:115:PEM_X509_INFO_read |
| 847 | 913 | PEM_F_PEM_X509_INFO_READ_BIO:116:PEM_X509_INFO_read_bio |
| 848 | 914 | PEM_F_PEM_X509_INFO_WRITE_BIO:117:PEM_X509_INFO_write_bio |
| 915 | PKCS12_F_OPENSSL_ASC2UNI:121:OPENSSL_asc2uni | |
| 916 | PKCS12_F_OPENSSL_UNI2ASC:124:OPENSSL_uni2asc | |
| 917 | PKCS12_F_OPENSSL_UNI2UTF8:127:OPENSSL_uni2utf8 | |
| 918 | PKCS12_F_OPENSSL_UTF82UNI:129:OPENSSL_utf82uni | |
| 849 | 919 | PKCS12_F_PKCS12_CREATE:105:PKCS12_create |
| 850 | 920 | PKCS12_F_PKCS12_GEN_MAC:107:PKCS12_gen_mac |
| 851 | 921 | PKCS12_F_PKCS12_INIT:109:PKCS12_init |
| 914 | 984 | RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking |
| 915 | 985 | RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate |
| 916 | 986 | RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy |
| 987 | RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce | |
| 917 | 988 | RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate |
| 918 | 989 | RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new |
| 919 | 990 | RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed |
| 922 | 993 | RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults |
| 923 | 994 | RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate |
| 924 | 995 | RAND_F_RAND_LOAD_FILE:111:RAND_load_file |
| 996 | RAND_F_RAND_POOL_ACQUIRE_ENTROPY:122:rand_pool_acquire_entropy | |
| 925 | 997 | RAND_F_RAND_POOL_ADD:103:rand_pool_add |
| 926 | 998 | RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin |
| 927 | 999 | RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end |
| 949 | 1021 | RSA_F_RSA_METH_NEW:162:RSA_meth_new |
| 950 | 1022 | RSA_F_RSA_METH_SET1_NAME:163:RSA_meth_set1_name |
| 951 | 1023 | RSA_F_RSA_MGF1_TO_MD:157:* |
| 1024 | RSA_F_RSA_MULTIP_INFO_NEW:166:rsa_multip_info_new | |
| 952 | 1025 | RSA_F_RSA_NEW_METHOD:106:RSA_new_method |
| 953 | 1026 | RSA_F_RSA_NULL:124:* |
| 954 | 1027 | RSA_F_RSA_NULL_PRIVATE_DECRYPT:132:* |
| 989 | 1062 | RSA_F_RSA_VERIFY:119:RSA_verify |
| 990 | 1063 | RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING |
| 991 | 1064 | RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1 |
| 1065 | RSA_F_SETUP_TBUF:167:setup_tbuf | |
| 992 | 1066 | SM2_F_PKEY_SM2_CTRL:274:pkey_sm2_ctrl |
| 993 | 1067 | SM2_F_PKEY_SM2_CTRL_STR:275:pkey_sm2_ctrl_str |
| 994 | 1068 | SM2_F_PKEY_SM2_KEYGEN:276:pkey_sm2_keygen |
| 1016 | 1090 | SSL_F_DTLS1_BUFFER_RECORD:247:dtls1_buffer_record |
| 1017 | 1091 | SSL_F_DTLS1_CHECK_TIMEOUT_NUM:318:dtls1_check_timeout_num |
| 1018 | 1092 | SSL_F_DTLS1_HEARTBEAT:305:* |
| 1093 | SSL_F_DTLS1_HM_FRAGMENT_NEW:623:dtls1_hm_fragment_new | |
| 1019 | 1094 | SSL_F_DTLS1_PREPROCESS_FRAGMENT:288:dtls1_preprocess_fragment |
| 1020 | 1095 | SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS:424:dtls1_process_buffered_records |
| 1021 | 1096 | SSL_F_DTLS1_PROCESS_RECORD:257:dtls1_process_record |
| 1030 | 1105 | dtls_construct_hello_verify_request |
| 1031 | 1106 | SSL_F_DTLS_GET_REASSEMBLED_MESSAGE:370:dtls_get_reassembled_message |
| 1032 | 1107 | SSL_F_DTLS_PROCESS_HELLO_VERIFY:386:dtls_process_hello_verify |
| 1108 | SSL_F_DTLS_RECORD_LAYER_NEW:635:DTLS_RECORD_LAYER_new | |
| 1033 | 1109 | SSL_F_DTLS_WAIT_FOR_DRY:592:dtls_wait_for_dry |
| 1034 | 1110 | SSL_F_EARLY_DATA_COUNT_OK:532:early_data_count_ok |
| 1035 | 1111 | SSL_F_FINAL_EARLY_DATA:556:final_early_data |
| 1065 | 1141 | SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ |
| 1066 | 1142 | ossl_statem_server_write_transition |
| 1067 | 1143 | SSL_F_PARSE_CA_NAMES:541:parse_ca_names |
| 1144 | SSL_F_PITEM_NEW:624:pitem_new | |
| 1145 | SSL_F_PQUEUE_NEW:625:pqueue_new | |
| 1068 | 1146 | SSL_F_PROCESS_KEY_SHARE_EXT:439:* |
| 1069 | 1147 | SSL_F_READ_STATE_MACHINE:352:read_state_machine |
| 1070 | 1148 | SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite |
| 1117 | 1195 | SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO:606:ssl_check_srp_ext_ClientHello |
| 1118 | 1196 | SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG:279:ssl_check_srvr_ecc_cert_and_alg |
| 1119 | 1197 | SSL_F_SSL_CHOOSE_CLIENT_VERSION:607:ssl_choose_client_version |
| 1198 | SSL_F_SSL_CIPHER_DESCRIPTION:626:SSL_CIPHER_description | |
| 1120 | 1199 | SSL_F_SSL_CIPHER_LIST_TO_BYTES:425:ssl_cipher_list_to_bytes |
| 1121 | 1200 | SSL_F_SSL_CIPHER_PROCESS_RULESTR:230:ssl_cipher_process_rulestr |
| 1122 | 1201 | SSL_F_SSL_CIPHER_STRENGTH_SORT:231:ssl_cipher_strength_sort |
| 1123 | 1202 | SSL_F_SSL_CLEAR:164:SSL_clear |
| 1203 | SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT:627:\ | |
| 1204 | SSL_client_hello_get1_extensions_present | |
| 1124 | 1205 | SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD:165:SSL_COMP_add_compression_method |
| 1125 | 1206 | SSL_F_SSL_CONF_CMD:334:SSL_CONF_cmd |
| 1126 | 1207 | SSL_F_SSL_CREATE_CIPHER_LIST:166:ssl_create_cipher_list |
| 1249 | 1330 | SSL_F_TLS1_EXPORT_KEYING_MATERIAL:314:tls1_export_keying_material |
| 1250 | 1331 | SSL_F_TLS1_GET_CURVELIST:338:tls1_get_curvelist |
| 1251 | 1332 | SSL_F_TLS1_PRF:284:tls1_PRF |
| 1333 | SSL_F_TLS1_SAVE_U16:628:tls1_save_u16 | |
| 1252 | 1334 | SSL_F_TLS1_SETUP_KEY_BLOCK:211:tls1_setup_key_block |
| 1335 | SSL_F_TLS1_SET_GROUPS:629:tls1_set_groups | |
| 1336 | SSL_F_TLS1_SET_RAW_SIGALGS:630:tls1_set_raw_sigalgs | |
| 1253 | 1337 | SSL_F_TLS1_SET_SERVER_SIGALGS:335:tls1_set_server_sigalgs |
| 1338 | SSL_F_TLS1_SET_SHARED_SIGALGS:631:tls1_set_shared_sigalgs | |
| 1339 | SSL_F_TLS1_SET_SIGALGS:632:tls1_set_sigalgs | |
| 1254 | 1340 | SSL_F_TLS_CHOOSE_SIGALG:513:tls_choose_sigalg |
| 1255 | 1341 | SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK:354:tls_client_key_exchange_post_work |
| 1256 | 1342 | SSL_F_TLS_COLLECT_EXTENSIONS:435:tls_collect_extensions |
| 1422 | 1508 | SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT:450:* |
| 1423 | 1509 | SSL_F_TLS_SETUP_HANDSHAKE:508:tls_setup_handshake |
| 1424 | 1510 | SSL_F_USE_CERTIFICATE_CHAIN_FILE:220:use_certificate_chain_file |
| 1511 | SSL_F_WPACKET_INTERN_INIT_LEN:633:wpacket_intern_init_len | |
| 1512 | SSL_F_WPACKET_START_SUB_PACKET_LEN__:634:WPACKET_start_sub_packet_len__ | |
| 1425 | 1513 | SSL_F_WRITE_STATE_MACHINE:586:write_state_machine |
| 1426 | 1514 | TS_F_DEF_SERIAL_CB:110:def_serial_cb |
| 1427 | 1515 | TS_F_DEF_TIME_CB:111:def_time_cb |
| 1486 | 1574 | UI_F_GENERAL_ALLOCATE_PROMPT:109:general_allocate_prompt |
| 1487 | 1575 | UI_F_NOECHO_CONSOLE:117:noecho_console |
| 1488 | 1576 | UI_F_OPEN_CONSOLE:114:open_console |
| 1577 | UI_F_UI_CONSTRUCT_PROMPT:121:UI_construct_prompt | |
| 1489 | 1578 | UI_F_UI_CREATE_METHOD:112:UI_create_method |
| 1490 | 1579 | UI_F_UI_CTRL:111:UI_ctrl |
| 1491 | 1580 | UI_F_UI_DUP_ERROR_STRING:101:UI_dup_error_string |
| 1515 | 1604 | X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING |
| 1516 | 1605 | X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER |
| 1517 | 1606 | X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS |
| 1607 | X509V3_F_LEVEL_ADD_NODE:168:level_add_node | |
| 1518 | 1608 | X509V3_F_NOTICE_SECTION:132:notice_section |
| 1519 | 1609 | X509V3_F_NREF_NOS:133:nref_nos |
| 1610 | X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create | |
| 1611 | X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new | |
| 1612 | X509V3_F_POLICY_DATA_NEW:171:policy_data_new | |
| 1520 | 1613 | X509V3_F_POLICY_SECTION:131:policy_section |
| 1521 | 1614 | X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value |
| 1522 | 1615 | X509V3_F_R2I_CERTPOL:130:r2i_certpol |
| 1531 | 1624 | X509V3_F_SXNET_ADD_ID_ULONG:127:SXNET_add_id_ulong |
| 1532 | 1625 | X509V3_F_SXNET_GET_ID_ASC:128:SXNET_get_id_asc |
| 1533 | 1626 | X509V3_F_SXNET_GET_ID_ULONG:129:SXNET_get_id_ulong |
| 1627 | X509V3_F_TREE_INIT:172:tree_init | |
| 1534 | 1628 | X509V3_F_V2I_ASIDENTIFIERS:163:v2i_ASIdentifiers |
| 1535 | 1629 | X509V3_F_V2I_ASN1_BIT_STRING:101:v2i_ASN1_BIT_STRING |
| 1536 | 1630 | X509V3_F_V2I_AUTHORITY_INFO_ACCESS:139:v2i_AUTHORITY_INFO_ACCESS |
| 1569 | 1663 | X509_F_DANE_I2D:107:dane_i2d |
| 1570 | 1664 | X509_F_DIR_CTRL:102:dir_ctrl |
| 1571 | 1665 | X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject |
| 1666 | X509_F_I2D_X509_AUX:151:i2d_X509_AUX | |
| 1667 | X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk | |
| 1572 | 1668 | X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode |
| 1573 | 1669 | X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode |
| 1670 | X509_F_NEW_DIR:153:new_dir | |
| 1574 | 1671 | X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr |
| 1575 | 1672 | X509_F_X509V3_ADD_EXT:104:X509v3_add_ext |
| 1576 | 1673 | X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID |
| 1580 | 1677 | X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data |
| 1581 | 1678 | X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key |
| 1582 | 1679 | X509_F_X509_CRL_DIFF:105:X509_CRL_diff |
| 1680 | X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new | |
| 1583 | 1681 | X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp |
| 1584 | 1682 | X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID |
| 1585 | 1683 | X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ |
| 1587 | 1685 | X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file |
| 1588 | 1686 | X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file |
| 1589 | 1687 | X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file |
| 1688 | X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new | |
| 1590 | 1689 | X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry |
| 1690 | X509_F_X509_NAME_CANON:156:x509_name_canon | |
| 1591 | 1691 | X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID |
| 1592 | 1692 | X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt |
| 1593 | 1693 | X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object |
| 1604 | 1704 | X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509 |
| 1605 | 1705 | X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert |
| 1606 | 1706 | X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl |
| 1707 | X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup | |
| 1607 | 1708 | X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer |
| 1608 | 1709 | X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init |
| 1609 | 1710 | X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new |
| 1610 | 1711 | X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit |
| 1712 | X509_F_X509_STORE_NEW:158:X509_STORE_new | |
| 1611 | 1713 | X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ |
| 1612 | 1714 | X509_F_X509_TRUST_ADD:133:X509_TRUST_add |
| 1613 | 1715 | X509_F_X509_TRUST_SET:141:X509_TRUST_set |
| 1614 | 1716 | X509_F_X509_VERIFY_CERT:127:X509_verify_cert |
| 1717 | X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new | |
| 1615 | 1718 | |
| 1616 | 1719 | #Reason codes |
| 1617 | 1720 | ASN1_R_ADDING_OBJECT:171:adding object |
| 1891 | 1994 | CONF_R_NO_SUCH_FILE:114:no such file |
| 1892 | 1995 | CONF_R_NO_VALUE:108:no value |
| 1893 | 1996 | CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include |
| 1997 | CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty | |
| 1998 | CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found | |
| 1999 | CONF_R_SSL_SECTION_EMPTY:119:ssl section empty | |
| 2000 | CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found | |
| 1894 | 2001 | CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section |
| 1895 | 2002 | CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name |
| 1896 | 2003 | CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long |
| 2324 | 2431 | prediction resistance not supported |
| 2325 | 2432 | RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded |
| 2326 | 2433 | RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow |
| 2434 | RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow | |
| 2327 | 2435 | RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg |
| 2328 | 2436 | RAND_R_RESEED_ERROR:118:reseed error |
| 2329 | 2437 | RAND_R_SELFTEST_FAILURE:119:selftest failure |
| 2438 | RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested | |
| 2439 | RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested | |
| 2330 | 2440 | RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags |
| 2331 | 2441 | RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type |
| 2332 | 2442 | RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch |
| 69 | 69 | { |
| 70 | 70 | BIO_B64_CTX *ctx; |
| 71 | 71 | |
| 72 | ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
| 73 | if (ctx == NULL) | |
| 74 | return 0; | |
| 72 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { | |
| 73 | EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE); | |
| 74 | return 0; | |
| 75 | } | |
| 75 | 76 | |
| 76 | 77 | ctx->cont = 1; |
| 77 | 78 | ctx->start = 1; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 64 | 64 | { |
| 65 | 65 | BIO_ENC_CTX *ctx; |
| 66 | 66 | |
| 67 | ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
| 68 | if (ctx == NULL) | |
| 69 | return 0; | |
| 67 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { | |
| 68 | EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE); | |
| 69 | return 0; | |
| 70 | } | |
| 70 | 71 | |
| 71 | 72 | ctx->cipher = EVP_CIPHER_CTX_new(); |
| 72 | 73 | if (ctx->cipher == NULL) { |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 132 | 132 | { |
| 133 | 133 | BIO_OK_CTX *ctx; |
| 134 | 134 | |
| 135 | ctx = OPENSSL_zalloc(sizeof(*ctx)); | |
| 136 | if (ctx == NULL) | |
| 137 | return 0; | |
| 135 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { | |
| 136 | EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE); | |
| 137 | return 0; | |
| 138 | } | |
| 138 | 139 | |
| 139 | 140 | ctx->cont = 1; |
| 140 | 141 | ctx->sigio = 1; |
| 1585 | 1585 | if (gctx->iv != iv) |
| 1586 | 1586 | OPENSSL_free(gctx->iv); |
| 1587 | 1587 | |
| 1588 | gctx->iv = OPENSSL_malloc(len); | |
| 1589 | if (gctx->iv == NULL) | |
| 1588 | if ((gctx->iv = OPENSSL_malloc(len)) == NULL) { | |
| 1589 | EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 1590 | 1590 | return 0; |
| 1591 | } | |
| 1591 | 1592 | } |
| 1592 | 1593 | /* Add padding. */ |
| 1593 | 1594 | memset(gctx->iv + arg, 0, len - arg - 8); |
| 1703 | 1704 | } else { |
| 1704 | 1705 | len = S390X_gcm_ivpadlen(gctx->ivlen); |
| 1705 | 1706 | |
| 1706 | gctx_out->iv = OPENSSL_malloc(len); | |
| 1707 | if (gctx_out->iv == NULL) | |
| 1707 | if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) { | |
| 1708 | EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 1708 | 1709 | return 0; |
| 1710 | } | |
| 1709 | 1711 | |
| 1710 | 1712 | memcpy(gctx_out->iv, gctx->iv, len); |
| 1711 | 1713 | } |
| 2825 | 2827 | if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { |
| 2826 | 2828 | if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) |
| 2827 | 2829 | OPENSSL_free(gctx->iv); |
| 2828 | gctx->iv = OPENSSL_malloc(arg); | |
| 2829 | if (gctx->iv == NULL) | |
| 2830 | if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { | |
| 2831 | EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 2830 | 2832 | return 0; |
| 2833 | } | |
| 2831 | 2834 | } |
| 2832 | 2835 | gctx->ivlen = arg; |
| 2833 | 2836 | return 1; |
| 2929 | 2932 | if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) |
| 2930 | 2933 | gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); |
| 2931 | 2934 | else { |
| 2932 | gctx_out->iv = OPENSSL_malloc(gctx->ivlen); | |
| 2933 | if (gctx_out->iv == NULL) | |
| 2935 | if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { | |
| 2936 | EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 2934 | 2937 | return 0; |
| 2938 | } | |
| 2935 | 2939 | memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); |
| 2936 | 2940 | } |
| 2937 | 2941 | return 1; |
| 265 | 265 | if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { |
| 266 | 266 | if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) |
| 267 | 267 | OPENSSL_free(gctx->iv); |
| 268 | gctx->iv = OPENSSL_malloc(arg); | |
| 269 | if (gctx->iv == NULL) | |
| 268 | if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { | |
| 269 | EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 270 | 270 | return 0; |
| 271 | } | |
| 271 | 272 | } |
| 272 | 273 | gctx->ivlen = arg; |
| 273 | 274 | return 1; |
| 369 | 370 | if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) |
| 370 | 371 | gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); |
| 371 | 372 | else { |
| 372 | gctx_out->iv = OPENSSL_malloc(gctx->ivlen); | |
| 373 | if (gctx_out->iv == NULL) | |
| 373 | if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { | |
| 374 | EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE); | |
| 374 | 375 | return 0; |
| 376 | } | |
| 375 | 377 | memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); |
| 376 | 378 | } |
| 377 | 379 | return 1; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 11 | 11 | #include "internal/cryptlib.h" |
| 12 | 12 | #include <openssl/evp.h> |
| 13 | 13 | #include "evp_locl.h" |
| 14 | ||
| 15 | static unsigned char conv_ascii2bin(unsigned char a); | |
| 14 | #include "internal/evp_int.h" | |
| 15 | ||
| 16 | static unsigned char conv_ascii2bin(unsigned char a, | |
| 17 | const unsigned char *table); | |
| 18 | static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, | |
| 19 | const unsigned char *f, int dlen); | |
| 20 | static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, | |
| 21 | const unsigned char *f, int n); | |
| 22 | ||
| 16 | 23 | #ifndef CHARSET_EBCDIC |
| 17 | # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) | |
| 24 | # define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) | |
| 18 | 25 | #else |
| 19 | 26 | /* |
| 20 | 27 | * We assume that PEM encoded files are EBCDIC files (i.e., printable text |
| 22 | 29 | * (text) format again. (No need for conversion in the conv_bin2ascii macro, |
| 23 | 30 | * as the underlying textstring data_bin2ascii[] is already EBCDIC) |
| 24 | 31 | */ |
| 25 | # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) | |
| 32 | # define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) | |
| 26 | 33 | #endif |
| 27 | 34 | |
| 28 | 35 | /*- |
| 37 | 44 | #define CHUNKS_PER_LINE (64/4) |
| 38 | 45 | #define CHAR_PER_LINE (64+1) |
| 39 | 46 | |
| 40 | static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ | |
| 41 | abcdefghijklmnopqrstuvwxyz0123456789+/"; | |
| 47 | static const unsigned char data_bin2ascii[65] = | |
| 48 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
| 49 | ||
| 50 | /* SRP uses a different base64 alphabet */ | |
| 51 | static const unsigned char srpdata_bin2ascii[65] = | |
| 52 | "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; | |
| 53 | ||
| 42 | 54 | |
| 43 | 55 | /*- |
| 44 | 56 | * 0xF0 is a EOLN |
| 75 | 87 | 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, |
| 76 | 88 | }; |
| 77 | 89 | |
| 90 | static const unsigned char srpdata_ascii2bin[128] = { | |
| 91 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 92 | 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, | |
| 93 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 94 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 95 | 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 96 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F, | |
| 97 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 98 | 0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, | |
| 99 | 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, | |
| 100 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, | |
| 101 | 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, | |
| 102 | 0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 103 | 0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, | |
| 104 | 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, | |
| 105 | 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, | |
| 106 | 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, | |
| 107 | }; | |
| 108 | ||
| 78 | 109 | #ifndef CHARSET_EBCDIC |
| 79 | static unsigned char conv_ascii2bin(unsigned char a) | |
| 110 | static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) | |
| 80 | 111 | { |
| 81 | 112 | if (a & 0x80) |
| 82 | 113 | return B64_ERROR; |
| 83 | return data_ascii2bin[a]; | |
| 114 | return table[a]; | |
| 84 | 115 | } |
| 85 | 116 | #else |
| 86 | static unsigned char conv_ascii2bin(unsigned char a) | |
| 117 | static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) | |
| 87 | 118 | { |
| 88 | 119 | a = os_toascii[a]; |
| 89 | 120 | if (a & 0x80) |
| 90 | 121 | return B64_ERROR; |
| 91 | return data_ascii2bin[a]; | |
| 122 | return table[a]; | |
| 92 | 123 | } |
| 93 | 124 | #endif |
| 94 | 125 | |
| 112 | 143 | int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) |
| 113 | 144 | { |
| 114 | 145 | return ctx->num; |
| 146 | } | |
| 147 | ||
| 148 | void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags) | |
| 149 | { | |
| 150 | ctx->flags = flags; | |
| 115 | 151 | } |
| 116 | 152 | |
| 117 | 153 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) |
| 119 | 155 | ctx->length = 48; |
| 120 | 156 | ctx->num = 0; |
| 121 | 157 | ctx->line_num = 0; |
| 158 | ctx->flags = 0; | |
| 122 | 159 | } |
| 123 | 160 | |
| 124 | 161 | int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
| 141 | 178 | memcpy(&(ctx->enc_data[ctx->num]), in, i); |
| 142 | 179 | in += i; |
| 143 | 180 | inl -= i; |
| 144 | j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); | |
| 181 | j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length); | |
| 145 | 182 | ctx->num = 0; |
| 146 | 183 | out += j; |
| 147 | *(out++) = '\n'; | |
| 184 | total = j; | |
| 185 | if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { | |
| 186 | *(out++) = '\n'; | |
| 187 | total++; | |
| 188 | } | |
| 148 | 189 | *out = '\0'; |
| 149 | total = j + 1; | |
| 150 | 190 | } |
| 151 | 191 | while (inl >= ctx->length && total <= INT_MAX) { |
| 152 | j = EVP_EncodeBlock(out, in, ctx->length); | |
| 192 | j = evp_encodeblock_int(ctx, out, in, ctx->length); | |
| 153 | 193 | in += ctx->length; |
| 154 | 194 | inl -= ctx->length; |
| 155 | 195 | out += j; |
| 156 | *(out++) = '\n'; | |
| 196 | total += j; | |
| 197 | if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { | |
| 198 | *(out++) = '\n'; | |
| 199 | total++; | |
| 200 | } | |
| 157 | 201 | *out = '\0'; |
| 158 | total += j + 1; | |
| 159 | 202 | } |
| 160 | 203 | if (total > INT_MAX) { |
| 161 | 204 | /* Too much output data! */ |
| 175 | 218 | unsigned int ret = 0; |
| 176 | 219 | |
| 177 | 220 | if (ctx->num != 0) { |
| 178 | ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); | |
| 179 | out[ret++] = '\n'; | |
| 221 | ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num); | |
| 222 | if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) | |
| 223 | out[ret++] = '\n'; | |
| 180 | 224 | out[ret] = '\0'; |
| 181 | 225 | ctx->num = 0; |
| 182 | 226 | } |
| 183 | 227 | *outl = ret; |
| 184 | 228 | } |
| 185 | 229 | |
| 186 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) | |
| 230 | static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, | |
| 231 | const unsigned char *f, int dlen) | |
| 187 | 232 | { |
| 188 | 233 | int i, ret = 0; |
| 189 | 234 | unsigned long l; |
| 235 | const unsigned char *table; | |
| 236 | ||
| 237 | if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) | |
| 238 | table = srpdata_bin2ascii; | |
| 239 | else | |
| 240 | table = data_bin2ascii; | |
| 190 | 241 | |
| 191 | 242 | for (i = dlen; i > 0; i -= 3) { |
| 192 | 243 | if (i >= 3) { |
| 193 | 244 | l = (((unsigned long)f[0]) << 16L) | |
| 194 | 245 | (((unsigned long)f[1]) << 8L) | f[2]; |
| 195 | *(t++) = conv_bin2ascii(l >> 18L); | |
| 196 | *(t++) = conv_bin2ascii(l >> 12L); | |
| 197 | *(t++) = conv_bin2ascii(l >> 6L); | |
| 198 | *(t++) = conv_bin2ascii(l); | |
| 246 | *(t++) = conv_bin2ascii(l >> 18L, table); | |
| 247 | *(t++) = conv_bin2ascii(l >> 12L, table); | |
| 248 | *(t++) = conv_bin2ascii(l >> 6L, table); | |
| 249 | *(t++) = conv_bin2ascii(l, table); | |
| 199 | 250 | } else { |
| 200 | 251 | l = ((unsigned long)f[0]) << 16L; |
| 201 | 252 | if (i == 2) |
| 202 | 253 | l |= ((unsigned long)f[1] << 8L); |
| 203 | 254 | |
| 204 | *(t++) = conv_bin2ascii(l >> 18L); | |
| 205 | *(t++) = conv_bin2ascii(l >> 12L); | |
| 206 | *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); | |
| 255 | *(t++) = conv_bin2ascii(l >> 18L, table); | |
| 256 | *(t++) = conv_bin2ascii(l >> 12L, table); | |
| 257 | *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table); | |
| 207 | 258 | *(t++) = '='; |
| 208 | 259 | } |
| 209 | 260 | ret += 4; |
| 214 | 265 | return ret; |
| 215 | 266 | } |
| 216 | 267 | |
| 268 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) | |
| 269 | { | |
| 270 | return evp_encodeblock_int(NULL, t, f, dlen); | |
| 271 | } | |
| 272 | ||
| 217 | 273 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) |
| 218 | 274 | { |
| 219 | /* Only ctx->num is used during decoding. */ | |
| 275 | /* Only ctx->num and ctx->flags are used during decoding. */ | |
| 220 | 276 | ctx->num = 0; |
| 221 | 277 | ctx->length = 0; |
| 222 | 278 | ctx->line_num = 0; |
| 223 | ctx->expect_nl = 0; | |
| 279 | ctx->flags = 0; | |
| 224 | 280 | } |
| 225 | 281 | |
| 226 | 282 | /*- |
| 248 | 304 | { |
| 249 | 305 | int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; |
| 250 | 306 | unsigned char *d; |
| 307 | const unsigned char *table; | |
| 251 | 308 | |
| 252 | 309 | n = ctx->num; |
| 253 | 310 | d = ctx->enc_data; |
| 264 | 321 | goto end; |
| 265 | 322 | } |
| 266 | 323 | |
| 324 | if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) | |
| 325 | table = srpdata_ascii2bin; | |
| 326 | else | |
| 327 | table = data_ascii2bin; | |
| 328 | ||
| 267 | 329 | for (i = 0; i < inl; i++) { |
| 268 | 330 | tmp = *(in++); |
| 269 | v = conv_ascii2bin(tmp); | |
| 331 | v = conv_ascii2bin(tmp, table); | |
| 270 | 332 | if (v == B64_ERROR) { |
| 271 | 333 | rv = -1; |
| 272 | 334 | goto end; |
| 306 | 368 | } |
| 307 | 369 | |
| 308 | 370 | if (n == 64) { |
| 309 | decoded_len = EVP_DecodeBlock(out, d, n); | |
| 371 | decoded_len = evp_decodeblock_int(ctx, out, d, n); | |
| 310 | 372 | n = 0; |
| 311 | 373 | if (decoded_len < 0 || eof > decoded_len) { |
| 312 | 374 | rv = -1; |
| 325 | 387 | tail: |
| 326 | 388 | if (n > 0) { |
| 327 | 389 | if ((n & 3) == 0) { |
| 328 | decoded_len = EVP_DecodeBlock(out, d, n); | |
| 390 | decoded_len = evp_decodeblock_int(ctx, out, d, n); | |
| 329 | 391 | n = 0; |
| 330 | 392 | if (decoded_len < 0 || eof > decoded_len) { |
| 331 | 393 | rv = -1; |
| 347 | 409 | return rv; |
| 348 | 410 | } |
| 349 | 411 | |
| 350 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) | |
| 412 | static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, | |
| 413 | const unsigned char *f, int n) | |
| 351 | 414 | { |
| 352 | 415 | int i, ret = 0, a, b, c, d; |
| 353 | 416 | unsigned long l; |
| 417 | const unsigned char *table; | |
| 418 | ||
| 419 | if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) | |
| 420 | table = srpdata_ascii2bin; | |
| 421 | else | |
| 422 | table = data_ascii2bin; | |
| 354 | 423 | |
| 355 | 424 | /* trim white space from the start of the line. */ |
| 356 | while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { | |
| 425 | while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { | |
| 357 | 426 | f++; |
| 358 | 427 | n--; |
| 359 | 428 | } |
| 362 | 431 | * strip off stuff at the end of the line ascii2bin values B64_WS, |
| 363 | 432 | * B64_EOLN, B64_EOLN and B64_EOF |
| 364 | 433 | */ |
| 365 | while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) | |
| 434 | while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table)))) | |
| 366 | 435 | n--; |
| 367 | 436 | |
| 368 | 437 | if (n % 4 != 0) |
| 369 | 438 | return -1; |
| 370 | 439 | |
| 371 | 440 | for (i = 0; i < n; i += 4) { |
| 372 | a = conv_ascii2bin(*(f++)); | |
| 373 | b = conv_ascii2bin(*(f++)); | |
| 374 | c = conv_ascii2bin(*(f++)); | |
| 375 | d = conv_ascii2bin(*(f++)); | |
| 441 | a = conv_ascii2bin(*(f++), table); | |
| 442 | b = conv_ascii2bin(*(f++), table); | |
| 443 | c = conv_ascii2bin(*(f++), table); | |
| 444 | d = conv_ascii2bin(*(f++), table); | |
| 376 | 445 | if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) |
| 377 | 446 | return -1; |
| 378 | 447 | l = ((((unsigned long)a) << 18L) | |
| 386 | 455 | return ret; |
| 387 | 456 | } |
| 388 | 457 | |
| 458 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) | |
| 459 | { | |
| 460 | return evp_decodeblock_int(NULL, t, f, n); | |
| 461 | } | |
| 462 | ||
| 389 | 463 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) |
| 390 | 464 | { |
| 391 | 465 | int i; |
| 392 | 466 | |
| 393 | 467 | *outl = 0; |
| 394 | 468 | if (ctx->num != 0) { |
| 395 | i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); | |
| 469 | i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num); | |
| 396 | 470 | if (i < 0) |
| 397 | 471 | return -1; |
| 398 | 472 | ctx->num = 0; |
| 14 | 14 | |
| 15 | 15 | static const ERR_STRING_DATA EVP_str_functs[] = { |
| 16 | 16 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, |
| 17 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"}, | |
| 17 | 18 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"}, |
| 18 | 19 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"}, |
| 19 | 20 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, |
| 20 | 21 | {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"}, |
| 21 | 22 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"}, |
| 22 | 23 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"}, |
| 24 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"}, | |
| 23 | 25 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"}, |
| 24 | 26 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"}, |
| 27 | {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"}, | |
| 25 | 28 | {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"}, |
| 26 | 29 | {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0), |
| 27 | 30 | "chacha20_poly1305_ctrl"}, |
| 29 | 32 | {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0), |
| 30 | 33 | "des_ede3_wrap_cipher"}, |
| 31 | 34 | {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"}, |
| 35 | {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"}, | |
| 32 | 36 | {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"}, |
| 33 | 37 | {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0), |
| 34 | 38 | "EVP_CIPHER_CTX_copy"}, |
| 121 | 125 | {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"}, |
| 122 | 126 | {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"}, |
| 123 | 127 | {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"}, |
| 128 | {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"}, | |
| 124 | 129 | {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"}, |
| 125 | 130 | {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0), |
| 126 | 131 | "PKCS5_v2_PBE_keyivgen"}, |
| 131 | 136 | {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"}, |
| 132 | 137 | {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"}, |
| 133 | 138 | {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"}, |
| 139 | {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"}, | |
| 134 | 140 | {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"}, |
| 135 | 141 | {0, NULL} |
| 136 | 142 | }; |
| 0 | 0 | /* |
| 1 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 58 | 58 | unsigned char enc_data[80]; |
| 59 | 59 | /* number read on current line */ |
| 60 | 60 | int line_num; |
| 61 | int expect_nl; | |
| 61 | unsigned int flags; | |
| 62 | 62 | }; |
| 63 | 63 | |
| 64 | 64 | typedef struct evp_pbe_st EVP_PBE_CTL; |
| 36 | 36 | |
| 37 | 37 | DEFINE_RUN_ONCE_STATIC(do_ex_data_init) |
| 38 | 38 | { |
| 39 | OPENSSL_init_crypto(0, NULL); | |
| 39 | if (!OPENSSL_init_crypto(0, NULL)) | |
| 40 | return 0; | |
| 40 | 41 | ex_data_lock = CRYPTO_THREAD_lock_new(); |
| 41 | 42 | return ex_data_lock != NULL; |
| 42 | 43 | } |
| 0 | 0 | /* |
| 1 | * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 12 | 12 | #include <openssl/x509v3.h> |
| 13 | 13 | #include <openssl/evp.h> |
| 14 | 14 | #include <openssl/hmac.h> |
| 15 | #include <openssl/err.h> | |
| 15 | 16 | #include "internal/evp_int.h" |
| 16 | 17 | |
| 17 | 18 | /* HMAC pkey context structure */ |
| 26 | 27 | { |
| 27 | 28 | HMAC_PKEY_CTX *hctx; |
| 28 | 29 | |
| 29 | hctx = OPENSSL_zalloc(sizeof(*hctx)); | |
| 30 | if (hctx == NULL) | |
| 31 | return 0; | |
| 30 | if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { | |
| 31 | CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE); | |
| 32 | return 0; | |
| 33 | } | |
| 32 | 34 | hctx->ktmp.type = V_ASN1_OCTET_STRING; |
| 33 | 35 | hctx->ctx = HMAC_CTX_new(); |
| 34 | 36 | if (hctx->ctx == NULL) { |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 10 | 10 | |
| 11 | 11 | int async_init(void); |
| 12 | 12 | void async_deinit(void); |
| 13 | void async_delete_thread_state(void); | |
| 13 | 14 | |
| 24 | 24 | * use". |
| 25 | 25 | */ |
| 26 | 26 | # define OPENSSL_INIT_ZLIB 0x00010000L |
| 27 | # define OPENSSL_INIT_BASE_ONLY 0x00040000L | |
| 27 | 28 | |
| 28 | 29 | /* OPENSSL_INIT_THREAD flags */ |
| 29 | 30 | # define OPENSSL_INIT_THREAD_ASYNC 0x01 |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 12 | 12 | int err_load_crypto_strings_int(void); |
| 13 | 13 | void err_cleanup(void); |
| 14 | 14 | void err_delete_thread_state(void); |
| 15 | int err_shelve_state(void **); | |
| 16 | void err_unshelve_state(void *); | |
| 15 | 17 | |
| 16 | 18 | #endif |
| 6 | 6 | * https://www.openssl.org/source/license.html |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | #include <openssl/evp.h> | |
| 9 | 10 | #include "internal/refcount.h" |
| 10 | 11 | |
| 11 | 12 | struct evp_pkey_ctx_st { |
| 421 | 422 | #ifndef TLS1_1_VERSION |
| 422 | 423 | # define TLS1_1_VERSION 0x0302 |
| 423 | 424 | #endif |
| 425 | ||
| 426 | void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); | |
| 427 | ||
| 428 | /* EVP_ENCODE_CTX flags */ | |
| 429 | /* Don't generate new lines when encoding */ | |
| 430 | #define EVP_ENCODE_CTX_NO_NEWLINES 1 | |
| 431 | /* Use the SRP base64 alphabet instead of the standard one */ | |
| 432 | #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 | |
| 38 | 38 | int prediction_resistance); |
| 39 | 39 | void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, |
| 40 | 40 | unsigned char *out, size_t outlen); |
| 41 | size_t rand_drbg_get_nonce(RAND_DRBG *drbg, | |
| 42 | unsigned char **pout, | |
| 43 | int entropy, size_t min_len, size_t max_len); | |
| 44 | void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, | |
| 45 | unsigned char *out, size_t outlen); | |
| 46 | ||
| 41 | 47 | size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); |
| 42 | 48 | |
| 49 | void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen); | |
| 43 | 50 | |
| 44 | 51 | /* |
| 45 | 52 | * RAND_POOL functions |
| 58 | 65 | size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte); |
| 59 | 66 | size_t rand_pool_bytes_remaining(RAND_POOL *pool); |
| 60 | 67 | |
| 61 | size_t rand_pool_add(RAND_POOL *pool, | |
| 62 | const unsigned char *buffer, size_t len, size_t entropy); | |
| 68 | int rand_pool_add(RAND_POOL *pool, | |
| 69 | const unsigned char *buffer, size_t len, size_t entropy); | |
| 63 | 70 | unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len); |
| 64 | size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); | |
| 71 | int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy); | |
| 65 | 72 | |
| 66 | 73 | |
| 67 | 74 | /* |
| 76 | 83 | */ |
| 77 | 84 | size_t rand_pool_acquire_entropy(RAND_POOL *pool); |
| 78 | 85 | |
| 86 | /* | |
| 87 | * Add some application specific nonce data | |
| 88 | * | |
| 89 | * This function is platform specific and adds some application specific | |
| 90 | * data to the nonce used for instantiating the drbg. | |
| 91 | * | |
| 92 | * This data currently consists of the process and thread id, and a high | |
| 93 | * resolution timestamp. The data does not include an atomic counter, | |
| 94 | * because that is added by the calling function rand_drbg_get_nonce(). | |
| 95 | * | |
| 96 | * Returns 1 on success and 0 on failure. | |
| 97 | */ | |
| 98 | int rand_pool_add_nonce_data(RAND_POOL *pool); | |
| 99 | ||
| 100 | ||
| 101 | /* | |
| 102 | * Add some platform specific additional data | |
| 103 | * | |
| 104 | * This function is platform specific and adds some random noise to the | |
| 105 | * additional data used for generating random bytes and for reseeding | |
| 106 | * the drbg. | |
| 107 | * | |
| 108 | * Returns 1 on success and 0 on failure. | |
| 109 | */ | |
| 110 | int rand_pool_add_additional_data(RAND_POOL *pool); | |
| 111 | ||
| 79 | 112 | #endif |
| 80 | 80 | * We use a dummy thread local key here. We use the destructor to detect |
| 81 | 81 | * when the thread is going to stop (where that feature is available) |
| 82 | 82 | */ |
| 83 | CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); | |
| 83 | if (!CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap)) | |
| 84 | return 0; | |
| 85 | if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) | |
| 86 | goto err; | |
| 84 | 87 | #ifndef OPENSSL_SYS_UEFI |
| 85 | atexit(OPENSSL_cleanup); | |
| 86 | #endif | |
| 87 | if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) | |
| 88 | return 0; | |
| 88 | if (atexit(OPENSSL_cleanup) != 0) | |
| 89 | goto err; | |
| 90 | #endif | |
| 89 | 91 | OPENSSL_cpuid_setup(); |
| 90 | 92 | |
| 91 | /* | |
| 92 | * BIG FAT WARNING! | |
| 93 | * Everything needed to be initialized in this function before threads | |
| 94 | * come along MUST happen before base_inited is set to 1, or we will | |
| 95 | * see race conditions. | |
| 96 | */ | |
| 97 | 93 | base_inited = 1; |
| 98 | ||
| 94 | return 1; | |
| 95 | ||
| 96 | err: | |
| 97 | #ifdef OPENSSL_INIT_DEBUG | |
| 98 | fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n"); | |
| 99 | #endif | |
| 100 | CRYPTO_THREAD_lock_free(init_lock); | |
| 101 | init_lock = NULL; | |
| 102 | ||
| 103 | CRYPTO_THREAD_cleanup_local(&threadstopkey); | |
| 104 | return 0; | |
| 105 | } | |
| 106 | ||
| 107 | static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; | |
| 108 | DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) | |
| 109 | { | |
| 110 | #ifdef OPENSSL_INIT_DEBUG | |
| 111 | fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); | |
| 112 | #endif | |
| 99 | 113 | #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) |
| 100 | 114 | # ifdef DSO_WIN32 |
| 101 | 115 | { |
| 107 | 121 | | GET_MODULE_HANDLE_EX_FLAG_PIN, |
| 108 | 122 | (void *)&base_inited, &handle); |
| 109 | 123 | |
| 124 | # ifdef OPENSSL_INIT_DEBUG | |
| 125 | fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", | |
| 126 | (ret == TRUE ? "No!" : "Yes.")); | |
| 127 | # endif | |
| 110 | 128 | return (ret == TRUE) ? 1 : 0; |
| 111 | 129 | } |
| 112 | 130 | # else |
| 115 | 133 | * to remain loaded until the atexit() handler is run at process exit. |
| 116 | 134 | */ |
| 117 | 135 | { |
| 118 | DSO *dso = NULL; | |
| 119 | ||
| 120 | ERR_set_mark(); | |
| 136 | DSO *dso; | |
| 137 | void *err; | |
| 138 | ||
| 139 | if (!err_shelve_state(&err)) | |
| 140 | return 0; | |
| 141 | ||
| 121 | 142 | dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); |
| 122 | 143 | # ifdef OPENSSL_INIT_DEBUG |
| 123 | 144 | fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", |
| 129 | 150 | */ |
| 130 | 151 | # endif |
| 131 | 152 | DSO_free(dso); |
| 132 | ERR_pop_to_mark(); | |
| 153 | err_unshelve_state(err); | |
| 133 | 154 | } |
| 134 | 155 | # endif |
| 135 | 156 | #endif |
| 348 | 369 | if (locals->async) { |
| 349 | 370 | #ifdef OPENSSL_INIT_DEBUG |
| 350 | 371 | fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " |
| 351 | "ASYNC_cleanup_thread()\n"); | |
| 352 | #endif | |
| 353 | ASYNC_cleanup_thread(); | |
| 372 | "async_delete_thread_state()\n"); | |
| 373 | #endif | |
| 374 | async_delete_thread_state(); | |
| 354 | 375 | } |
| 355 | 376 | |
| 356 | 377 | if (locals->err_state) { |
| 539 | 560 | */ |
| 540 | 561 | int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) |
| 541 | 562 | { |
| 542 | static int stoperrset = 0; | |
| 543 | ||
| 544 | 563 | if (stopped) { |
| 545 | if (!stoperrset) { | |
| 546 | /* | |
| 547 | * We only ever set this once to avoid getting into an infinite | |
| 548 | * loop where the error system keeps trying to init and fails so | |
| 549 | * sets an error etc | |
| 550 | */ | |
| 551 | stoperrset = 1; | |
| 564 | if (!(opts & OPENSSL_INIT_BASE_ONLY)) | |
| 552 | 565 | CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); |
| 553 | } | |
| 554 | return 0; | |
| 555 | } | |
| 556 | ||
| 557 | if (!base_inited && !RUN_ONCE(&base, ossl_init_base)) | |
| 566 | return 0; | |
| 567 | } | |
| 568 | ||
| 569 | if (!RUN_ONCE(&base, ossl_init_base)) | |
| 570 | return 0; | |
| 571 | ||
| 572 | if (!(opts & OPENSSL_INIT_BASE_ONLY) | |
| 573 | && !RUN_ONCE(&load_crypto_nodelete, | |
| 574 | ossl_init_load_crypto_nodelete)) | |
| 558 | 575 | return 0; |
| 559 | 576 | |
| 560 | 577 | if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) |
| 707 | 724 | } |
| 708 | 725 | #endif |
| 709 | 726 | |
| 710 | newhand = OPENSSL_malloc(sizeof(*newhand)); | |
| 711 | if (newhand == NULL) | |
| 712 | return 0; | |
| 727 | if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { | |
| 728 | CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE); | |
| 729 | return 0; | |
| 730 | } | |
| 713 | 731 | |
| 714 | 732 | newhand->handler = handler; |
| 715 | 733 | newhand->next = stop_handlers; |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 47 | 47 | { |
| 48 | 48 | HKDF_PKEY_CTX *kctx; |
| 49 | 49 | |
| 50 | kctx = OPENSSL_zalloc(sizeof(*kctx)); | |
| 51 | if (kctx == NULL) | |
| 50 | if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { | |
| 51 | KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE); | |
| 52 | 52 | return 0; |
| 53 | } | |
| 53 | 54 | |
| 54 | 55 | ctx->data = kctx; |
| 55 | 56 | |
| 15 | 15 | static const ERR_STRING_DATA KDF_str_functs[] = { |
| 16 | 16 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"}, |
| 17 | 17 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, |
| 18 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"}, | |
| 18 | 19 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0), |
| 19 | 20 | "pkey_scrypt_ctrl_str"}, |
| 20 | 21 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0), |
| 27 | 28 | "pkey_tls1_prf_ctrl_str"}, |
| 28 | 29 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), |
| 29 | 30 | "pkey_tls1_prf_derive"}, |
| 31 | {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"}, | |
| 32 | {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"}, | |
| 30 | 33 | {0, NULL} |
| 31 | 34 | }; |
| 32 | 35 | |
| 36 | 36 | { |
| 37 | 37 | TLS1_PRF_PKEY_CTX *kctx; |
| 38 | 38 | |
| 39 | kctx = OPENSSL_zalloc(sizeof(*kctx)); | |
| 40 | if (kctx == NULL) | |
| 41 | return 0; | |
| 39 | if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) { | |
| 40 | KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE); | |
| 41 | return 0; | |
| 42 | } | |
| 42 | 43 | ctx->data = kctx; |
| 43 | 44 | |
| 44 | 45 | return 1; |
| 255 | 256 | seed, seed_len, out, olen)) |
| 256 | 257 | return 0; |
| 257 | 258 | |
| 258 | tmp = OPENSSL_malloc(olen); | |
| 259 | if (tmp == NULL) | |
| 260 | return 0; | |
| 259 | if ((tmp = OPENSSL_malloc(olen)) == NULL) { | |
| 260 | KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE); | |
| 261 | return 0; | |
| 262 | } | |
| 261 | 263 | if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), |
| 262 | 264 | seed, seed_len, tmp, olen)) { |
| 263 | 265 | OPENSSL_clear_free(tmp, olen); |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 11 | 11 | #include <stdlib.h> |
| 12 | 12 | #include <openssl/crypto.h> |
| 13 | 13 | #include <openssl/lhash.h> |
| 14 | #include <openssl/err.h> | |
| 14 | 15 | #include "lhash_lcl.h" |
| 15 | 16 | |
| 16 | 17 | /* |
| 44 | 45 | { |
| 45 | 46 | OPENSSL_LHASH *ret; |
| 46 | 47 | |
| 47 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 48 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { | |
| 49 | /* | |
| 50 | * Do not set the error code, because the ERR code uses LHASH | |
| 51 | * and we want to avoid possible endless error loop. | |
| 52 | * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE); | |
| 53 | */ | |
| 48 | 54 | return NULL; |
| 55 | } | |
| 49 | 56 | if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) |
| 50 | 57 | goto err; |
| 51 | 58 | ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 69 | 69 | $code=<<___; |
| 70 | 70 | #include "arm_arch.h" |
| 71 | 71 | |
| 72 | #if __ARM_MAX_ARCH__>=7 | |
| 72 | 73 | .text |
| 73 | 74 | ___ |
| 74 | 75 | $code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); |
| 698 | 699 | $code.=<<___; |
| 699 | 700 | .asciz "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>" |
| 700 | 701 | .align 2 |
| 702 | #endif | |
| 701 | 703 | ___ |
| 702 | 704 | |
| 703 | 705 | if ($flavour =~ /64/) { ######## 64-bit code |
| 0 | 0 | /* |
| 1 | * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 8 | 8 | |
| 9 | 9 | #include <string.h> |
| 10 | 10 | #include <openssl/crypto.h> |
| 11 | #include <openssl/err.h> | |
| 11 | 12 | #include "modes_lcl.h" |
| 12 | 13 | |
| 13 | 14 | #ifndef OPENSSL_NO_OCB |
| 163 | 164 | memset(ctx, 0, sizeof(*ctx)); |
| 164 | 165 | ctx->l_index = 0; |
| 165 | 166 | ctx->max_l_index = 5; |
| 166 | ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); | |
| 167 | if (ctx->l == NULL) | |
| 167 | if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) { | |
| 168 | CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE); | |
| 168 | 169 | return 0; |
| 170 | } | |
| 169 | 171 | |
| 170 | 172 | /* |
| 171 | 173 | * We set both the encryption and decryption key schedules - decryption |
| 209 | 211 | if (keydec) |
| 210 | 212 | dest->keydec = keydec; |
| 211 | 213 | if (src->l) { |
| 212 | dest->l = OPENSSL_malloc(src->max_l_index * 16); | |
| 213 | if (dest->l == NULL) | |
| 214 | if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) { | |
| 215 | CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE); | |
| 214 | 216 | return 0; |
| 217 | } | |
| 215 | 218 | memcpy(dest->l, src->l, (src->l_index + 1) * 16); |
| 216 | 219 | } |
| 217 | 220 | return 1; |
| 70 | 70 | char *iterator; |
| 71 | 71 | char lastchar; |
| 72 | 72 | |
| 73 | newname = OPENSSL_malloc(strlen(filename) + 1); | |
| 74 | if (newname == NULL) | |
| 73 | if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) { | |
| 74 | CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE); | |
| 75 | 75 | return NULL; |
| 76 | } | |
| 76 | 77 | |
| 77 | 78 | for (iterator = newname, lastchar = '\0'; |
| 78 | 79 | *filename; filename++, iterator++) { |
| 349 | 349 | ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) |
| 350 | 350 | { |
| 351 | 351 | int nid = NID_undef; |
| 352 | ASN1_OBJECT *op = NULL; | |
| 352 | ASN1_OBJECT *op; | |
| 353 | 353 | unsigned char *buf; |
| 354 | 354 | unsigned char *p; |
| 355 | 355 | const unsigned char *cp; |
| 375 | 375 | if (j < 0) |
| 376 | 376 | return NULL; |
| 377 | 377 | |
| 378 | if ((buf = OPENSSL_malloc(j)) == NULL) | |
| 378 | if ((buf = OPENSSL_malloc(j)) == NULL) { | |
| 379 | OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE); | |
| 379 | 380 | return NULL; |
| 381 | } | |
| 380 | 382 | |
| 381 | 383 | p = buf; |
| 382 | 384 | /* Write out tag+length */ |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 14 | 14 | |
| 15 | 15 | static const ERR_STRING_DATA OBJ_str_functs[] = { |
| 16 | 16 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"}, |
| 17 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"}, | |
| 17 | 18 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"}, |
| 18 | 19 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"}, |
| 19 | 20 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"}, |
| 20 | 21 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"}, |
| 21 | 22 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"}, |
| 22 | 23 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"}, |
| 24 | {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"}, | |
| 23 | 25 | {0, NULL} |
| 24 | 26 | }; |
| 25 | 27 | |
| 0 | 0 | /* |
| 1 | * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 9 | 9 | #include <openssl/objects.h> |
| 10 | 10 | #include "obj_xref.h" |
| 11 | 11 | #include "internal/nelem.h" |
| 12 | #include <openssl/err.h> | |
| 12 | 13 | |
| 13 | 14 | static STACK_OF(nid_triple) *sig_app, *sigx_app; |
| 14 | 15 | |
| 102 | 103 | sigx_app = sk_nid_triple_new(sigx_cmp); |
| 103 | 104 | if (sigx_app == NULL) |
| 104 | 105 | return 0; |
| 105 | ntr = OPENSSL_malloc(sizeof(*ntr)); | |
| 106 | if (ntr == NULL) | |
| 106 | if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) { | |
| 107 | OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE); | |
| 107 | 108 | return 0; |
| 109 | } | |
| 108 | 110 | ntr->sign_id = signid; |
| 109 | 111 | ntr->hash_id = dig_id; |
| 110 | 112 | ntr->pkey_id = pkey_id; |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 25 | 25 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"}, |
| 26 | 26 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"}, |
| 27 | 27 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"}, |
| 28 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"}, | |
| 28 | 29 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"}, |
| 29 | 30 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"}, |
| 30 | 31 | {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"}, |
| 27 | 27 | static int check_pem(const char *nm, const char *name); |
| 28 | 28 | int pem_check_suffix(const char *pem_str, const char *suffix); |
| 29 | 29 | |
| 30 | int PEM_def_callback(char *buf, int num, int w, void *key) | |
| 31 | { | |
| 32 | int i, j; | |
| 30 | int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) | |
| 31 | { | |
| 32 | int i, min_len; | |
| 33 | 33 | const char *prompt; |
| 34 | 34 | |
| 35 | if (key) { | |
| 36 | i = strlen(key); | |
| 35 | /* We assume that the user passes a default password as userdata */ | |
| 36 | if (userdata) { | |
| 37 | i = strlen(userdata); | |
| 37 | 38 | i = (i > num) ? num : i; |
| 38 | memcpy(buf, key, i); | |
| 39 | memcpy(buf, userdata, i); | |
| 39 | 40 | return i; |
| 40 | 41 | } |
| 41 | 42 | |
| 43 | 44 | if (prompt == NULL) |
| 44 | 45 | prompt = "Enter PEM pass phrase:"; |
| 45 | 46 | |
| 46 | for (;;) { | |
| 47 | /* | |
| 48 | * We assume that w == 0 means decryption, | |
| 49 | * while w == 1 means encryption | |
| 50 | */ | |
| 51 | int min_len = w ? MIN_LENGTH : 0; | |
| 52 | ||
| 53 | i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); | |
| 54 | if (i != 0) { | |
| 55 | PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); | |
| 56 | memset(buf, 0, (unsigned int)num); | |
| 57 | return -1; | |
| 58 | } | |
| 59 | j = strlen(buf); | |
| 60 | if (min_len && j < min_len) { | |
| 61 | fprintf(stderr, | |
| 62 | "phrase is too short, needs to be at least %d chars\n", | |
| 63 | min_len); | |
| 64 | } else | |
| 65 | break; | |
| 66 | } | |
| 67 | return j; | |
| 47 | /* | |
| 48 | * rwflag == 0 means decryption | |
| 49 | * rwflag == 1 means encryption | |
| 50 | * | |
| 51 | * We assume that for encryption, we want a minimum length, while for | |
| 52 | * decryption, we cannot know any minimum length, so we assume zero. | |
| 53 | */ | |
| 54 | min_len = rwflag ? MIN_LENGTH : 0; | |
| 55 | ||
| 56 | i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag); | |
| 57 | if (i != 0) { | |
| 58 | PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); | |
| 59 | memset(buf, 0, (unsigned int)num); | |
| 60 | return -1; | |
| 61 | } | |
| 62 | return strlen(buf); | |
| 68 | 63 | } |
| 69 | 64 | |
| 70 | 65 | void PEM_proc_type(char *buf, int type) |
| 660 | 655 | if (retval == 0) |
| 661 | 656 | PEMerr(PEM_F_PEM_WRITE_BIO, reason); |
| 662 | 657 | EVP_ENCODE_CTX_free(ctx); |
| 663 | OPENSSL_free(buf); | |
| 658 | OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); | |
| 664 | 659 | return retval; |
| 665 | 660 | } |
| 666 | 661 | |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 32 | 32 | EVP_PKEY *ret = NULL; |
| 33 | 33 | |
| 34 | 34 | if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, |
| 35 | cb, u)) | |
| 35 | cb, u)) | |
| 36 | 36 | return NULL; |
| 37 | 37 | p = data; |
| 38 | 38 | |
| 443 | 443 | if (*out) |
| 444 | 444 | p = *out; |
| 445 | 445 | else { |
| 446 | p = OPENSSL_malloc(outlen); | |
| 447 | if (p == NULL) | |
| 446 | if ((p = OPENSSL_malloc(outlen)) == NULL) { | |
| 447 | PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE); | |
| 448 | 448 | return -1; |
| 449 | } | |
| 449 | 450 | *out = p; |
| 450 | 451 | noinc = 1; |
| 451 | 452 | } |
| 0 | 0 | /* |
| 1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 21 | 21 | if (asclen == -1) |
| 22 | 22 | asclen = strlen(asc); |
| 23 | 23 | ulen = asclen * 2 + 2; |
| 24 | if ((unitmp = OPENSSL_malloc(ulen)) == NULL) | |
| 25 | return NULL; | |
| 24 | if ((unitmp = OPENSSL_malloc(ulen)) == NULL) { | |
| 25 | PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE); | |
| 26 | return NULL; | |
| 27 | } | |
| 26 | 28 | for (i = 0; i < ulen - 2; i += 2) { |
| 27 | 29 | unitmp[i] = 0; |
| 28 | 30 | unitmp[i + 1] = asc[i >> 1]; |
| 49 | 51 | if (!unilen || uni[unilen - 1]) |
| 50 | 52 | asclen++; |
| 51 | 53 | uni++; |
| 52 | if ((asctmp = OPENSSL_malloc(asclen)) == NULL) | |
| 53 | return NULL; | |
| 54 | if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { | |
| 55 | PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE); | |
| 56 | return NULL; | |
| 57 | } | |
| 54 | 58 | for (i = 0; i < unilen; i += 2) |
| 55 | 59 | asctmp[i >> 1] = uni[i]; |
| 56 | 60 | asctmp[asclen - 1] = 0; |
| 96 | 100 | * decoding failure... |
| 97 | 101 | */ |
| 98 | 102 | if (j < 0) |
| 99 | return OPENSSL_asc2uni(asc, asclen, uni, unilen); | |
| 103 | return OPENSSL_asc2uni(asc, asclen, uni, unilen); | |
| 100 | 104 | |
| 101 | 105 | if (utf32chr > 0x10FFFF) /* UTF-16 cap */ |
| 102 | return NULL; | |
| 106 | return NULL; | |
| 103 | 107 | |
| 104 | 108 | if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ |
| 105 | 109 | ulen += 2*2; |
| 109 | 113 | |
| 110 | 114 | ulen += 2; /* for trailing UTF16 zero */ |
| 111 | 115 | |
| 112 | if ((ret = OPENSSL_malloc(ulen)) == NULL) | |
| 113 | return NULL; | |
| 114 | ||
| 116 | if ((ret = OPENSSL_malloc(ulen)) == NULL) { | |
| 117 | PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE); | |
| 118 | return NULL; | |
| 119 | } | |
| 115 | 120 | /* re-run the loop writing down UTF-16 characters in big-endian order */ |
| 116 | 121 | for (unitmp = ret, i = 0; i < asclen; i += j) { |
| 117 | 122 | j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); |
| 193 | 198 | if (!unilen || (uni[unilen-2]||uni[unilen - 1])) |
| 194 | 199 | asclen++; |
| 195 | 200 | |
| 196 | if ((asctmp = OPENSSL_malloc(asclen)) == NULL) | |
| 197 | return NULL; | |
| 201 | if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { | |
| 202 | PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE); | |
| 203 | return NULL; | |
| 204 | } | |
| 198 | 205 | |
| 199 | 206 | /* re-run the loop emitting UTF-8 string */ |
| 200 | 207 | for (asclen = 0, i = 0; i < unilen; ) { |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 13 | 13 | #ifndef OPENSSL_NO_ERR |
| 14 | 14 | |
| 15 | 15 | static const ERR_STRING_DATA PKCS12_str_functs[] = { |
| 16 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"}, | |
| 17 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"}, | |
| 18 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0), | |
| 19 | "OPENSSL_uni2utf8"}, | |
| 20 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0), | |
| 21 | "OPENSSL_utf82uni"}, | |
| 16 | 22 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"}, |
| 17 | 23 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"}, |
| 18 | 24 | {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"}, |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 185 | 185 | .type poly1305_blocks,%function |
| 186 | 186 | .align 5 |
| 187 | 187 | poly1305_blocks: |
| 188 | .Lpoly1305_blocks: | |
| 188 | 189 | stmdb sp!,{r3-r11,lr} |
| 189 | 190 | |
| 190 | 191 | ands $len,$len,#-16 |
| 676 | 677 | cmp $len,#64 |
| 677 | 678 | bhs .Lenter_neon |
| 678 | 679 | tst ip,ip @ is_base2_26? |
| 679 | beq poly1305_blocks | |
| 680 | beq .Lpoly1305_blocks | |
| 680 | 681 | |
| 681 | 682 | .Lenter_neon: |
| 682 | 683 | stmdb sp!,{r4-r7} |
| 19 | 19 | * for x86_64 code. And since we are at it, just for sense of it, |
| 20 | 20 | * large-block performance in cycles per processed byte for *this* code |
| 21 | 21 | * is: |
| 22 | * gcc-4.8 icc-15.0 clang-3.4(*) | |
| 23 | * | |
| 24 | * Westmere 4.96 5.09 4.37 | |
| 25 | * Sandy Bridge 4.95 4.90 4.17 | |
| 26 | * Haswell 4.92 4.87 3.78 | |
| 27 | * Bulldozer 4.67 4.49 4.68 | |
| 28 | * VIA Nano 7.07 7.05 5.98 | |
| 29 | * Silvermont 10.6 9.61 12.6 | |
| 30 | * | |
| 31 | * (*) clang managed to discover parallelism and deployed SIMD; | |
| 22 | * gcc-4.8 icc-15.0 clang-3.4(*) | |
| 23 | * | |
| 24 | * Westmere 4.96 5.09 4.37 | |
| 25 | * Sandy Bridge 4.95 4.90 4.17 | |
| 26 | * Haswell 4.92 4.87 3.78 | |
| 27 | * Bulldozer 4.67 4.49 4.68 | |
| 28 | * VIA Nano 7.07 7.05 5.98 | |
| 29 | * Silvermont 10.6 9.61 12.6 | |
| 30 | * | |
| 31 | * (*) clang managed to discover parallelism and deployed SIMD; | |
| 32 | 32 | * |
| 33 | 33 | * And for range of other platforms with unspecified gcc versions: |
| 34 | 34 | * |
| 35 | * Freescale e300 12.5 | |
| 36 | * PPC74x0 10.8 | |
| 37 | * POWER6 4.92 | |
| 38 | * POWER7 4.50 | |
| 39 | * POWER8 4.10 | |
| 40 | * | |
| 41 | * z10 11.2 | |
| 42 | * z196+ 7.30 | |
| 43 | * | |
| 44 | * UltraSPARC III 16.0 | |
| 45 | * SPARC T4 16.1 | |
| 35 | * Freescale e300 12.5 | |
| 36 | * PPC74x0 10.8 | |
| 37 | * POWER6 4.92 | |
| 38 | * POWER7 4.50 | |
| 39 | * POWER8 4.10 | |
| 40 | * | |
| 41 | * z10 11.2 | |
| 42 | * z196+ 7.30 | |
| 43 | * | |
| 44 | * UltraSPARC III 16.0 | |
| 45 | * SPARC T4 16.1 | |
| 46 | 46 | */ |
| 47 | 47 | |
| 48 | 48 | #if !(defined(__GNUC__) && __GNUC__>=2) |
| 56 | 56 | typedef unsigned long long u64; |
| 57 | 57 | typedef union { double d; u64 u; } elem64; |
| 58 | 58 | |
| 59 | #define TWO(p) ((double)(1ULL<<(p))) | |
| 60 | #define TWO0 TWO(0) | |
| 61 | #define TWO32 TWO(32) | |
| 62 | #define TWO64 (TWO32*TWO(32)) | |
| 63 | #define TWO96 (TWO64*TWO(32)) | |
| 64 | #define TWO130 (TWO96*TWO(34)) | |
| 65 | ||
| 66 | #define EXP(p) ((1023ULL+(p))<<52) | |
| 59 | #define TWO(p) ((double)(1ULL<<(p))) | |
| 60 | #define TWO0 TWO(0) | |
| 61 | #define TWO32 TWO(32) | |
| 62 | #define TWO64 (TWO32*TWO(32)) | |
| 63 | #define TWO96 (TWO64*TWO(32)) | |
| 64 | #define TWO130 (TWO96*TWO(34)) | |
| 65 | ||
| 66 | #define EXP(p) ((1023ULL+(p))<<52) | |
| 67 | 67 | |
| 68 | 68 | #if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__)) |
| 69 | # define U8TOU32(p) (*(const u32 *)(p)) | |
| 70 | # define U32TO8(p,v) (*(u32 *)(p) = (v)) | |
| 71 | #elif defined(__PPC__) | |
| 72 | # define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) | |
| 73 | # define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") | |
| 74 | #elif defined(__s390x__) | |
| 75 | # define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) | |
| 76 | # define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) | |
| 69 | # define U8TOU32(p) (*(const u32 *)(p)) | |
| 70 | # define U32TO8(p,v) (*(u32 *)(p) = (v)) | |
| 71 | #elif defined(__PPC__) | |
| 72 | # define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) | |
| 73 | # define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") | |
| 74 | #elif defined(__s390x__) | |
| 75 | # define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) | |
| 76 | # define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) | |
| 77 | 77 | #endif |
| 78 | 78 | |
| 79 | 79 | #ifndef U8TOU32 |
| 80 | # define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ | |
| 81 | (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) | |
| 80 | # define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ | |
| 81 | (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) | |
| 82 | 82 | #endif |
| 83 | 83 | #ifndef U32TO8 |
| 84 | # define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ | |
| 85 | (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) | |
| 84 | # define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ | |
| 85 | (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) | |
| 86 | 86 | #endif |
| 87 | 87 | |
| 88 | 88 | typedef struct { |
| 358 | 358 | #ifndef __clang__ |
| 359 | 359 | fast_entry: |
| 360 | 360 | #endif |
| 361 | /* | |
| 362 | * base 2^32 * base 2^16 = base 2^48 | |
| 363 | */ | |
| 361 | /* | |
| 362 | * base 2^32 * base 2^16 = base 2^48 | |
| 363 | */ | |
| 364 | 364 | h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0; |
| 365 | 365 | h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0; |
| 366 | 366 | h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0; |
| 0 | 0 | /* |
| 1 | * Copyright 2007-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 11 | 11 | #include <openssl/x509.h> |
| 12 | 12 | #include <openssl/x509v3.h> |
| 13 | 13 | #include <openssl/evp.h> |
| 14 | #include <openssl/err.h> | |
| 14 | 15 | #include "internal/poly1305.h" |
| 15 | 16 | #include "poly1305_local.h" |
| 16 | 17 | #include "internal/evp_int.h" |
| 26 | 27 | { |
| 27 | 28 | POLY1305_PKEY_CTX *pctx; |
| 28 | 29 | |
| 29 | pctx = OPENSSL_zalloc(sizeof(*pctx)); | |
| 30 | if (pctx == NULL) | |
| 30 | if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { | |
| 31 | CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE); | |
| 31 | 32 | return 0; |
| 33 | } | |
| 32 | 34 | pctx->ktmp.type = V_ASN1_OCTET_STRING; |
| 33 | 35 | |
| 34 | 36 | EVP_PKEY_CTX_set_data(ctx, pctx); |
| 183 | 183 | drbg->parent = parent; |
| 184 | 184 | |
| 185 | 185 | if (parent == NULL) { |
| 186 | drbg->get_entropy = rand_drbg_get_entropy; | |
| 187 | drbg->cleanup_entropy = rand_drbg_cleanup_entropy; | |
| 188 | #ifndef RAND_DRBG_GET_RANDOM_NONCE | |
| 189 | drbg->get_nonce = rand_drbg_get_nonce; | |
| 190 | drbg->cleanup_nonce = rand_drbg_cleanup_nonce; | |
| 191 | #endif | |
| 192 | ||
| 186 | 193 | drbg->reseed_interval = master_reseed_interval; |
| 187 | 194 | drbg->reseed_time_interval = master_reseed_time_interval; |
| 188 | 195 | } else { |
| 196 | drbg->get_entropy = rand_drbg_get_entropy; | |
| 197 | drbg->cleanup_entropy = rand_drbg_cleanup_entropy; | |
| 198 | /* | |
| 199 | * Do not provide nonce callbacks, the child DRBGs will | |
| 200 | * obtain their nonce using random bits from the parent. | |
| 201 | */ | |
| 202 | ||
| 189 | 203 | drbg->reseed_interval = slave_reseed_interval; |
| 190 | 204 | drbg->reseed_time_interval = slave_reseed_time_interval; |
| 191 | 205 | } |
| 207 | 221 | rand_drbg_unlock(parent); |
| 208 | 222 | } |
| 209 | 223 | |
| 210 | if (!RAND_DRBG_set_callbacks(drbg, rand_drbg_get_entropy, | |
| 211 | rand_drbg_cleanup_entropy, | |
| 212 | NULL, NULL)) | |
| 213 | goto err; | |
| 214 | ||
| 215 | 224 | return drbg; |
| 216 | 225 | |
| 217 | 226 | err: |
| 275 | 284 | goto end; |
| 276 | 285 | } |
| 277 | 286 | |
| 278 | if (drbg->meth == NULL) | |
| 279 | { | |
| 287 | if (drbg->meth == NULL) { | |
| 280 | 288 | RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, |
| 281 | 289 | RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); |
| 282 | 290 | goto end; |
| 365 | 373 | */ |
| 366 | 374 | int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) |
| 367 | 375 | { |
| 368 | if (drbg->meth == NULL) | |
| 369 | { | |
| 376 | if (drbg->meth == NULL) { | |
| 370 | 377 | RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE, |
| 371 | 378 | RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED); |
| 372 | 379 | return 0; |
| 403 | 410 | return 0; |
| 404 | 411 | } |
| 405 | 412 | |
| 406 | if (adin == NULL) | |
| 413 | if (adin == NULL) { | |
| 407 | 414 | adinlen = 0; |
| 408 | else if (adinlen > drbg->max_adinlen) { | |
| 415 | } else if (adinlen > drbg->max_adinlen) { | |
| 409 | 416 | RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG); |
| 410 | 417 | return 0; |
| 411 | 418 | } |
| 854 | 861 | drbg->reseed_counter = 1; |
| 855 | 862 | |
| 856 | 863 | /* |
| 857 | * Ignore instantiation error so support just-in-time instantiation. | |
| 864 | * Ignore instantiation error to support just-in-time instantiation. | |
| 858 | 865 | * |
| 859 | 866 | * The state of the drbg will be checked in RAND_DRBG_generate() and |
| 860 | 867 | * an automatic recovery is attempted. |
| 861 | 868 | */ |
| 862 | RAND_DRBG_instantiate(drbg, | |
| 863 | (const unsigned char *) ossl_pers_string, | |
| 864 | sizeof(ossl_pers_string) - 1); | |
| 869 | (void)RAND_DRBG_instantiate(drbg, | |
| 870 | (const unsigned char *) ossl_pers_string, | |
| 871 | sizeof(ossl_pers_string) - 1); | |
| 865 | 872 | return drbg; |
| 866 | 873 | |
| 867 | 874 | err: |
| 875 | 882 | */ |
| 876 | 883 | DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init) |
| 877 | 884 | { |
| 878 | int ret = 1; | |
| 879 | ||
| 880 | 885 | /* |
| 881 | 886 | * ensure that libcrypto is initialized, otherwise the |
| 882 | 887 | * DRBG locks are not cleaned up properly |
| 884 | 889 | if (!OPENSSL_init_crypto(0, NULL)) |
| 885 | 890 | return 0; |
| 886 | 891 | |
| 887 | ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND); | |
| 892 | if (!CRYPTO_THREAD_init_local(&private_drbg, NULL)) | |
| 893 | return 0; | |
| 894 | ||
| 895 | if (!CRYPTO_THREAD_init_local(&public_drbg, NULL)) | |
| 896 | goto err1; | |
| 888 | 897 | |
| 889 | 898 | master_drbg = drbg_setup(NULL); |
| 890 | ||
| 891 | ret &= CRYPTO_THREAD_init_local(&private_drbg, NULL); | |
| 892 | ret &= CRYPTO_THREAD_init_local(&public_drbg, NULL); | |
| 893 | ||
| 894 | if (master_drbg == NULL || ret == 0) | |
| 895 | return 0; | |
| 899 | if (master_drbg == NULL) | |
| 900 | goto err2; | |
| 896 | 901 | |
| 897 | 902 | return 1; |
| 903 | ||
| 904 | err2: | |
| 905 | CRYPTO_THREAD_cleanup_local(&public_drbg); | |
| 906 | err1: | |
| 907 | CRYPTO_THREAD_cleanup_local(&private_drbg); | |
| 908 | return 0; | |
| 898 | 909 | } |
| 899 | 910 | |
| 900 | 911 | /* Clean up the global DRBGs before exit */ |
| 901 | 912 | void rand_drbg_cleanup_int(void) |
| 902 | 913 | { |
| 903 | RAND_DRBG_free(master_drbg); | |
| 904 | master_drbg = NULL; | |
| 905 | ||
| 906 | CRYPTO_THREAD_cleanup_local(&private_drbg); | |
| 907 | CRYPTO_THREAD_cleanup_local(&public_drbg); | |
| 914 | if (master_drbg != NULL) { | |
| 915 | RAND_DRBG_free(master_drbg); | |
| 916 | master_drbg = NULL; | |
| 917 | ||
| 918 | CRYPTO_THREAD_cleanup_local(&private_drbg); | |
| 919 | CRYPTO_THREAD_cleanup_local(&public_drbg); | |
| 920 | } | |
| 908 | 921 | } |
| 909 | 922 | |
| 910 | 923 | void drbg_delete_thread_state() |
| 912 | 925 | RAND_DRBG *drbg; |
| 913 | 926 | |
| 914 | 927 | drbg = CRYPTO_THREAD_get_local(&public_drbg); |
| 928 | CRYPTO_THREAD_set_local(&public_drbg, NULL); | |
| 915 | 929 | RAND_DRBG_free(drbg); |
| 916 | 930 | |
| 917 | 931 | drbg = CRYPTO_THREAD_get_local(&private_drbg); |
| 932 | CRYPTO_THREAD_set_local(&private_drbg, NULL); | |
| 918 | 933 | RAND_DRBG_free(drbg); |
| 919 | 934 | } |
| 920 | 935 | |
| 1010 | 1025 | |
| 1011 | 1026 | drbg = CRYPTO_THREAD_get_local(&public_drbg); |
| 1012 | 1027 | if (drbg == NULL) { |
| 1013 | ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND); | |
| 1028 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND)) | |
| 1029 | return NULL; | |
| 1014 | 1030 | drbg = drbg_setup(master_drbg); |
| 1015 | 1031 | CRYPTO_THREAD_set_local(&public_drbg, drbg); |
| 1016 | 1032 | } |
| 1030 | 1046 | |
| 1031 | 1047 | drbg = CRYPTO_THREAD_get_local(&private_drbg); |
| 1032 | 1048 | if (drbg == NULL) { |
| 1033 | ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND); | |
| 1049 | if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND)) | |
| 1050 | return NULL; | |
| 1034 | 1051 | drbg = drbg_setup(master_drbg); |
| 1035 | 1052 | CRYPTO_THREAD_set_local(&private_drbg, drbg); |
| 1036 | 1053 | } |
| 24 | 24 | "RAND_DRBG_generate"}, |
| 25 | 25 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0), |
| 26 | 26 | "rand_drbg_get_entropy"}, |
| 27 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0), | |
| 28 | "rand_drbg_get_nonce"}, | |
| 27 | 29 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0), |
| 28 | 30 | "RAND_DRBG_instantiate"}, |
| 29 | 31 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"}, |
| 35 | 37 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0), |
| 36 | 38 | "RAND_DRBG_uninstantiate"}, |
| 37 | 39 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"}, |
| 40 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0), | |
| 41 | "rand_pool_acquire_entropy"}, | |
| 38 | 42 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"}, |
| 39 | 43 | {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0), |
| 40 | 44 | "rand_pool_add_begin"}, |
| 98 | 102 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, |
| 99 | 103 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW), |
| 100 | 104 | "random pool overflow"}, |
| 105 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW), | |
| 106 | "random pool underflow"}, | |
| 101 | 107 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG), |
| 102 | 108 | "request too large for drbg"}, |
| 103 | 109 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"}, |
| 104 | 110 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"}, |
| 111 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED), | |
| 112 | "too little nonce requested"}, | |
| 113 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED), | |
| 114 | "too much nonce requested"}, | |
| 105 | 115 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS), |
| 106 | 116 | "unsupported drbg flags"}, |
| 107 | 117 | {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE), |
| 14 | 14 | #include <openssl/engine.h> |
| 15 | 15 | #include "internal/thread_once.h" |
| 16 | 16 | #include "rand_lcl.h" |
| 17 | #ifdef OPENSSL_SYS_UNIX | |
| 18 | # include <sys/types.h> | |
| 19 | # include <unistd.h> | |
| 20 | # include <sys/time.h> | |
| 21 | #endif | |
| 22 | 17 | #include "e_os.h" |
| 23 | ||
| 24 | /* Macro to convert two thirty two bit values into a sixty four bit one */ | |
| 25 | #define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) | |
| 26 | ||
| 27 | /* | |
| 28 | * Check for the existence and support of POSIX timers. The standard | |
| 29 | * says that the _POSIX_TIMERS macro will have a positive value if they | |
| 30 | * are available. | |
| 31 | * | |
| 32 | * However, we want an additional constraint: that the timer support does | |
| 33 | * not require an extra library dependency. Early versions of glibc | |
| 34 | * require -lrt to be specified on the link line to access the timers, | |
| 35 | * so this needs to be checked for. | |
| 36 | * | |
| 37 | * It is worse because some libraries define __GLIBC__ but don't | |
| 38 | * support the version testing macro (e.g. uClibc). This means | |
| 39 | * an extra check is needed. | |
| 40 | * | |
| 41 | * The final condition is: | |
| 42 | * "have posix timers and either not glibc or glibc without -lrt" | |
| 43 | * | |
| 44 | * The nested #if sequences are required to avoid using a parameterised | |
| 45 | * macro that might be undefined. | |
| 46 | */ | |
| 47 | #undef OSSL_POSIX_TIMER_OKAY | |
| 48 | #if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0 | |
| 49 | # if defined(__GLIBC__) | |
| 50 | # if defined(__GLIBC_PREREQ) | |
| 51 | # if __GLIBC_PREREQ(2, 17) | |
| 52 | # define OSSL_POSIX_TIMER_OKAY | |
| 53 | # endif | |
| 54 | # endif | |
| 55 | # else | |
| 56 | # define OSSL_POSIX_TIMER_OKAY | |
| 57 | # endif | |
| 58 | #endif | |
| 59 | 18 | |
| 60 | 19 | #ifndef OPENSSL_NO_ENGINE |
| 61 | 20 | /* non-NULL if default_RAND_meth is ENGINE-provided */ |
| 67 | 26 | static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; |
| 68 | 27 | |
| 69 | 28 | int rand_fork_count; |
| 29 | ||
| 30 | static CRYPTO_RWLOCK *rand_nonce_lock; | |
| 31 | static int rand_nonce_count; | |
| 70 | 32 | |
| 71 | 33 | #ifdef OPENSSL_RAND_SEED_RDTSC |
| 72 | 34 | /* |
| 129 | 91 | buffer = rand_pool_add_begin(pool, bytes_needed); |
| 130 | 92 | |
| 131 | 93 | if (buffer != NULL) { |
| 132 | ||
| 133 | /* If RDSEED is available, use that. */ | |
| 94 | /* Whichever comes first, use RDSEED, RDRAND or nothing */ | |
| 134 | 95 | if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) { |
| 135 | 96 | if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed) |
| 136 | == bytes_needed) | |
| 137 | return rand_pool_add_end(pool, | |
| 138 | bytes_needed, | |
| 139 | 8 * bytes_needed); | |
| 97 | == bytes_needed) { | |
| 98 | rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); | |
| 99 | } | |
| 100 | } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { | |
| 101 | if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) | |
| 102 | == bytes_needed) { | |
| 103 | rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed); | |
| 104 | } | |
| 105 | } else { | |
| 106 | rand_pool_add_end(pool, 0, 0); | |
| 140 | 107 | } |
| 141 | ||
| 142 | /* Second choice is RDRAND. */ | |
| 143 | if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) { | |
| 144 | if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed) | |
| 145 | == bytes_needed) | |
| 146 | return rand_pool_add_end(pool, | |
| 147 | bytes_needed, | |
| 148 | 8 * bytes_needed); | |
| 149 | } | |
| 150 | ||
| 151 | return rand_pool_add_end(pool, 0, 0); | |
| 152 | 108 | } |
| 153 | 109 | } |
| 154 | 110 | |
| 221 | 177 | bytes = bytes_needed; |
| 222 | 178 | rand_drbg_unlock(drbg->parent); |
| 223 | 179 | |
| 224 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 180 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 181 | entropy_available = rand_pool_entropy_available(pool); | |
| 225 | 182 | } |
| 226 | 183 | |
| 227 | 184 | } else { |
| 233 | 190 | */ |
| 234 | 191 | RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, |
| 235 | 192 | RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED); |
| 236 | return 0; | |
| 193 | goto err; | |
| 237 | 194 | } |
| 238 | 195 | |
| 239 | 196 | /* Get entropy by polling system entropy sources. */ |
| 245 | 202 | *pout = rand_pool_detach(pool); |
| 246 | 203 | } |
| 247 | 204 | |
| 205 | err: | |
| 248 | 206 | rand_pool_free(pool); |
| 249 | 207 | return ret; |
| 250 | 208 | } |
| 251 | 209 | |
| 252 | 210 | /* |
| 253 | * Find a suitable source of time. Start with the highest resolution source | |
| 254 | * and work down to the slower ones. This is added as additional data and | |
| 255 | * isn't counted as randomness, so any result is acceptable. | |
| 256 | * | |
| 257 | * Returns 0 when we weren't able to find any time source | |
| 258 | */ | |
| 259 | static uint64_t get_timer_bits(void) | |
| 260 | { | |
| 261 | uint64_t res = OPENSSL_rdtsc(); | |
| 262 | ||
| 263 | if (res != 0) | |
| 264 | return res; | |
| 265 | #if defined(_WIN32) | |
| 266 | { | |
| 267 | LARGE_INTEGER t; | |
| 268 | FILETIME ft; | |
| 269 | ||
| 270 | if (QueryPerformanceCounter(&t) != 0) | |
| 271 | return t.QuadPart; | |
| 272 | GetSystemTimeAsFileTime(&ft); | |
| 273 | return TWO32TO64(ft.dwHighDateTime, ft.dwLowDateTime); | |
| 274 | } | |
| 275 | #elif defined(__sun) || defined(__hpux) | |
| 276 | return gethrtime(); | |
| 277 | #elif defined(_AIX) | |
| 278 | { | |
| 279 | timebasestruct_t t; | |
| 280 | ||
| 281 | read_wall_time(&t, TIMEBASE_SZ); | |
| 282 | return TWO32TO64(t.tb_high, t.tb_low); | |
| 283 | } | |
| 284 | #else | |
| 285 | ||
| 286 | # if defined(OSSL_POSIX_TIMER_OKAY) | |
| 287 | { | |
| 288 | struct timespec ts; | |
| 289 | clockid_t cid; | |
| 290 | ||
| 291 | # ifdef CLOCK_BOOTTIME | |
| 292 | cid = CLOCK_BOOTTIME; | |
| 293 | # elif defined(_POSIX_MONOTONIC_CLOCK) | |
| 294 | cid = CLOCK_MONOTONIC; | |
| 295 | # else | |
| 296 | cid = CLOCK_REALTIME; | |
| 297 | # endif | |
| 298 | ||
| 299 | if (clock_gettime(cid, &ts) == 0) | |
| 300 | return TWO32TO64(ts.tv_sec, ts.tv_nsec); | |
| 301 | } | |
| 302 | # endif | |
| 303 | # if defined(__unix__) \ | |
| 304 | || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) | |
| 305 | { | |
| 306 | struct timeval tv; | |
| 307 | ||
| 308 | if (gettimeofday(&tv, NULL) == 0) | |
| 309 | return TWO32TO64(tv.tv_sec, tv.tv_usec); | |
| 310 | } | |
| 311 | # endif | |
| 312 | { | |
| 313 | time_t t = time(NULL); | |
| 314 | if (t == (time_t)-1) | |
| 315 | return 0; | |
| 316 | return t; | |
| 317 | } | |
| 318 | #endif | |
| 211 | * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks()) | |
| 212 | * | |
| 213 | */ | |
| 214 | void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, | |
| 215 | unsigned char *out, size_t outlen) | |
| 216 | { | |
| 217 | OPENSSL_secure_clear_free(out, outlen); | |
| 218 | } | |
| 219 | ||
| 220 | ||
| 221 | /* | |
| 222 | * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks()) | |
| 223 | * | |
| 224 | */ | |
| 225 | size_t rand_drbg_get_nonce(RAND_DRBG *drbg, | |
| 226 | unsigned char **pout, | |
| 227 | int entropy, size_t min_len, size_t max_len) | |
| 228 | { | |
| 229 | size_t ret = 0; | |
| 230 | RAND_POOL *pool; | |
| 231 | ||
| 232 | struct { | |
| 233 | void * instance; | |
| 234 | int count; | |
| 235 | } data = { 0 }; | |
| 236 | ||
| 237 | pool = rand_pool_new(0, min_len, max_len); | |
| 238 | if (pool == NULL) | |
| 239 | return 0; | |
| 240 | ||
| 241 | if (rand_pool_add_nonce_data(pool) == 0) | |
| 242 | goto err; | |
| 243 | ||
| 244 | data.instance = drbg; | |
| 245 | CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock); | |
| 246 | ||
| 247 | if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0) | |
| 248 | goto err; | |
| 249 | ||
| 250 | ret = rand_pool_length(pool); | |
| 251 | *pout = rand_pool_detach(pool); | |
| 252 | ||
| 253 | err: | |
| 254 | rand_pool_free(pool); | |
| 255 | ||
| 256 | return ret; | |
| 257 | } | |
| 258 | ||
| 259 | /* | |
| 260 | * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks()) | |
| 261 | * | |
| 262 | */ | |
| 263 | void rand_drbg_cleanup_nonce(RAND_DRBG *drbg, | |
| 264 | unsigned char *out, size_t outlen) | |
| 265 | { | |
| 266 | OPENSSL_secure_clear_free(out, outlen); | |
| 319 | 267 | } |
| 320 | 268 | |
| 321 | 269 | /* |
| 330 | 278 | */ |
| 331 | 279 | size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len) |
| 332 | 280 | { |
| 281 | size_t ret = 0; | |
| 333 | 282 | RAND_POOL *pool; |
| 334 | CRYPTO_THREAD_ID thread_id; | |
| 335 | size_t len; | |
| 336 | #ifdef OPENSSL_SYS_UNIX | |
| 337 | pid_t pid; | |
| 338 | #elif defined(OPENSSL_SYS_WIN32) | |
| 339 | DWORD pid; | |
| 340 | #endif | |
| 341 | uint64_t tbits; | |
| 342 | 283 | |
| 343 | 284 | pool = rand_pool_new(0, 0, max_len); |
| 344 | 285 | if (pool == NULL) |
| 345 | 286 | return 0; |
| 346 | 287 | |
| 347 | #ifdef OPENSSL_SYS_UNIX | |
| 348 | pid = getpid(); | |
| 349 | rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0); | |
| 350 | #elif defined(OPENSSL_SYS_WIN32) | |
| 351 | pid = GetCurrentProcessId(); | |
| 352 | rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0); | |
| 353 | #endif | |
| 354 | ||
| 355 | thread_id = CRYPTO_THREAD_get_current_id(); | |
| 356 | if (thread_id != 0) | |
| 357 | rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0); | |
| 358 | ||
| 359 | tbits = get_timer_bits(); | |
| 360 | if (tbits != 0) | |
| 361 | rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0); | |
| 362 | ||
| 363 | /* TODO: Use RDSEED? */ | |
| 364 | ||
| 365 | len = rand_pool_length(pool); | |
| 366 | if (len != 0) | |
| 367 | *pout = rand_pool_detach(pool); | |
| 288 | if (rand_pool_add_additional_data(pool) == 0) | |
| 289 | goto err; | |
| 290 | ||
| 291 | ret = rand_pool_length(pool); | |
| 292 | *pout = rand_pool_detach(pool); | |
| 293 | ||
| 294 | err: | |
| 368 | 295 | rand_pool_free(pool); |
| 369 | 296 | |
| 370 | return len; | |
| 371 | } | |
| 372 | ||
| 373 | /* | |
| 374 | * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks()) | |
| 375 | * | |
| 376 | */ | |
| 377 | void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, | |
| 378 | unsigned char *out, size_t outlen) | |
| 297 | return ret; | |
| 298 | } | |
| 299 | ||
| 300 | void rand_drbg_cleanup_additional_data(unsigned char *out, size_t outlen) | |
| 379 | 301 | { |
| 380 | 302 | OPENSSL_secure_clear_free(out, outlen); |
| 381 | 303 | } |
| 394 | 316 | ret &= rand_engine_lock != NULL; |
| 395 | 317 | #endif |
| 396 | 318 | rand_meth_lock = CRYPTO_THREAD_lock_new(); |
| 319 | ret &= rand_meth_lock != NULL; | |
| 320 | ||
| 321 | rand_nonce_lock = CRYPTO_THREAD_lock_new(); | |
| 397 | 322 | ret &= rand_meth_lock != NULL; |
| 398 | 323 | |
| 399 | 324 | return ret; |
| 410 | 335 | CRYPTO_THREAD_lock_free(rand_engine_lock); |
| 411 | 336 | #endif |
| 412 | 337 | CRYPTO_THREAD_lock_free(rand_meth_lock); |
| 338 | CRYPTO_THREAD_lock_free(rand_nonce_lock); | |
| 413 | 339 | } |
| 414 | 340 | |
| 415 | 341 | /* |
| 630 | 556 | * random input which contains at least |entropy| bits of |
| 631 | 557 | * randomness. |
| 632 | 558 | * |
| 633 | * Return available amount of entropy after this operation. | |
| 634 | * (see rand_pool_entropy_available(pool)) | |
| 635 | */ | |
| 636 | size_t rand_pool_add(RAND_POOL *pool, | |
| 637 | const unsigned char *buffer, size_t len, size_t entropy) | |
| 559 | * Returns 1 if the added amount is adequate, otherwise 0 | |
| 560 | */ | |
| 561 | int rand_pool_add(RAND_POOL *pool, | |
| 562 | const unsigned char *buffer, size_t len, size_t entropy) | |
| 638 | 563 | { |
| 639 | 564 | if (len > pool->max_len - pool->len) { |
| 640 | 565 | RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG); |
| 647 | 572 | pool->entropy += entropy; |
| 648 | 573 | } |
| 649 | 574 | |
| 650 | return rand_pool_entropy_available(pool); | |
| 575 | return 1; | |
| 651 | 576 | } |
| 652 | 577 | |
| 653 | 578 | /* |
| 684 | 609 | * to the buffer which contain at least |entropy| bits of randomness. |
| 685 | 610 | * It is allowed to add less bytes than originally reserved. |
| 686 | 611 | */ |
| 687 | size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) | |
| 612 | int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) | |
| 688 | 613 | { |
| 689 | 614 | if (len > pool->max_len - pool->len) { |
| 690 | 615 | RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW); |
| 696 | 621 | pool->entropy += entropy; |
| 697 | 622 | } |
| 698 | 623 | |
| 699 | return rand_pool_entropy_available(pool); | |
| 624 | return 1; | |
| 700 | 625 | } |
| 701 | 626 | |
| 702 | 627 | int RAND_set_rand_method(const RAND_METHOD *meth) |
| 6 | 6 | * https://www.openssl.org/source/license.html |
| 7 | 7 | */ |
| 8 | 8 | |
| 9 | #define _GNU_SOURCE | |
| 9 | 10 | #include "e_os.h" |
| 10 | 11 | #include <stdio.h> |
| 11 | 12 | #include "internal/cryptlib.h" |
| 13 | 14 | #include "rand_lcl.h" |
| 14 | 15 | #include "internal/rand_int.h" |
| 15 | 16 | #include <stdio.h> |
| 17 | #if defined(__linux) | |
| 18 | # include <sys/syscall.h> | |
| 19 | #endif | |
| 20 | #if defined(__FreeBSD__) | |
| 21 | # include <sys/types.h> | |
| 22 | # include <sys/sysctl.h> | |
| 23 | # include <sys/param.h> | |
| 24 | #endif | |
| 25 | #if defined(__OpenBSD__) | |
| 26 | # include <sys/param.h> | |
| 27 | #endif | |
| 28 | #ifdef OPENSSL_SYS_UNIX | |
| 29 | # include <sys/types.h> | |
| 30 | # include <unistd.h> | |
| 31 | # include <sys/time.h> | |
| 32 | ||
| 33 | static uint64_t get_time_stamp(void); | |
| 34 | static uint64_t get_timer_bits(void); | |
| 35 | ||
| 36 | /* Macro to convert two thirty two bit values into a sixty four bit one */ | |
| 37 | # define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b)) | |
| 38 | ||
| 39 | /* | |
| 40 | * Check for the existence and support of POSIX timers. The standard | |
| 41 | * says that the _POSIX_TIMERS macro will have a positive value if they | |
| 42 | * are available. | |
| 43 | * | |
| 44 | * However, we want an additional constraint: that the timer support does | |
| 45 | * not require an extra library dependency. Early versions of glibc | |
| 46 | * require -lrt to be specified on the link line to access the timers, | |
| 47 | * so this needs to be checked for. | |
| 48 | * | |
| 49 | * It is worse because some libraries define __GLIBC__ but don't | |
| 50 | * support the version testing macro (e.g. uClibc). This means | |
| 51 | * an extra check is needed. | |
| 52 | * | |
| 53 | * The final condition is: | |
| 54 | * "have posix timers and either not glibc or glibc without -lrt" | |
| 55 | * | |
| 56 | * The nested #if sequences are required to avoid using a parameterised | |
| 57 | * macro that might be undefined. | |
| 58 | */ | |
| 59 | # undef OSSL_POSIX_TIMER_OKAY | |
| 60 | # if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0 | |
| 61 | # if defined(__GLIBC__) | |
| 62 | # if defined(__GLIBC_PREREQ) | |
| 63 | # if __GLIBC_PREREQ(2, 17) | |
| 64 | # define OSSL_POSIX_TIMER_OKAY | |
| 65 | # endif | |
| 66 | # endif | |
| 67 | # else | |
| 68 | # define OSSL_POSIX_TIMER_OKAY | |
| 69 | # endif | |
| 70 | # endif | |
| 71 | #endif | |
| 72 | ||
| 73 | int syscall_random(void *buf, size_t buflen); | |
| 16 | 74 | |
| 17 | 75 | #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \ |
| 18 | 76 | !defined(OPENSSL_RAND_SEED_NONE) |
| 53 | 111 | size_t rand_pool_acquire_entropy(RAND_POOL *pool) |
| 54 | 112 | { |
| 55 | 113 | short int code; |
| 56 | gid_t curr_gid; | |
| 57 | pid_t curr_pid; | |
| 58 | uid_t curr_uid; | |
| 59 | 114 | int i, k; |
| 60 | 115 | size_t bytes_needed; |
| 61 | 116 | struct timespec ts; |
| 68 | 123 | extern void s$sleep2(long long *_duration, short int *_code); |
| 69 | 124 | # endif |
| 70 | 125 | |
| 71 | /* | |
| 72 | * Seed with the gid, pid, and uid, to ensure *some* variation between | |
| 73 | * different processes. | |
| 74 | */ | |
| 75 | curr_gid = getgid(); | |
| 76 | rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0); | |
| 77 | curr_pid = getpid(); | |
| 78 | rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0); | |
| 79 | curr_uid = getuid(); | |
| 80 | rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0); | |
| 81 | ||
| 82 | 126 | bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/); |
| 83 | 127 | |
| 84 | 128 | for (i = 0; i < bytes_needed; i++) { |
| 118 | 162 | # error "Seeding uses urandom but DEVRANDOM is not configured" |
| 119 | 163 | # endif |
| 120 | 164 | |
| 165 | # if defined(__GLIBC__) && defined(__GLIBC_PREREQ) | |
| 166 | # if __GLIBC_PREREQ(2, 25) | |
| 167 | # define OPENSSL_HAVE_GETRANDOM | |
| 168 | # endif | |
| 169 | # endif | |
| 170 | ||
| 171 | # if (defined(__FreeBSD__) && __FreeBSD_version >= 1200061) | |
| 172 | # define OPENSSL_HAVE_GETRANDOM | |
| 173 | # endif | |
| 174 | ||
| 175 | # if defined(OPENSSL_HAVE_GETRANDOM) | |
| 176 | # include <sys/random.h> | |
| 177 | # endif | |
| 178 | ||
| 121 | 179 | # if defined(OPENSSL_RAND_SEED_OS) |
| 122 | 180 | # if !defined(DEVRANDOM) |
| 123 | 181 | # error "OS seeding requires DEVRANDOM to be configured" |
| 124 | 182 | # endif |
| 183 | # define OPENSSL_RAND_SEED_GETRANDOM | |
| 125 | 184 | # define OPENSSL_RAND_SEED_DEVRANDOM |
| 126 | # if defined(__GLIBC__) && defined(__GLIBC_PREREQ) | |
| 127 | # if __GLIBC_PREREQ(2, 25) | |
| 128 | # define OPENSSL_RAND_SEED_GETRANDOM | |
| 129 | # endif | |
| 130 | # endif | |
| 131 | # endif | |
| 132 | ||
| 133 | # ifdef OPENSSL_RAND_SEED_GETRANDOM | |
| 134 | # include <sys/random.h> | |
| 135 | 185 | # endif |
| 136 | 186 | |
| 137 | 187 | # if defined(OPENSSL_RAND_SEED_LIBRANDOM) |
| 138 | 188 | # error "librandom not (yet) supported" |
| 139 | 189 | # endif |
| 190 | ||
| 191 | # if defined(__FreeBSD__) && defined(KERN_ARND) | |
| 192 | /* | |
| 193 | * sysctl_random(): Use sysctl() to read a random number from the kernel | |
| 194 | * Returns the size on success, 0 on failure. | |
| 195 | */ | |
| 196 | static size_t sysctl_random(char *buf, size_t buflen) | |
| 197 | { | |
| 198 | int mib[2]; | |
| 199 | size_t done = 0; | |
| 200 | size_t len; | |
| 201 | ||
| 202 | /* | |
| 203 | * Old implementations returned longs, newer versions support variable | |
| 204 | * sizes up to 256 byte. The code below would not work properly when | |
| 205 | * the sysctl returns long and we want to request something not a multiple | |
| 206 | * of longs, which should never be the case. | |
| 207 | */ | |
| 208 | if (!ossl_assert(buflen % sizeof(long) == 0)) | |
| 209 | return 0; | |
| 210 | ||
| 211 | mib[0] = CTL_KERN; | |
| 212 | mib[1] = KERN_ARND; | |
| 213 | ||
| 214 | do { | |
| 215 | len = buflen; | |
| 216 | if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) | |
| 217 | return done; | |
| 218 | done += len; | |
| 219 | buf += len; | |
| 220 | buflen -= len; | |
| 221 | } while (buflen > 0); | |
| 222 | ||
| 223 | return done; | |
| 224 | } | |
| 225 | # endif | |
| 226 | ||
| 227 | /* | |
| 228 | * syscall_random(): Try to get random data using a system call | |
| 229 | * returns the number of bytes returned in buf, or <= 0 on error. | |
| 230 | */ | |
| 231 | int syscall_random(void *buf, size_t buflen) | |
| 232 | { | |
| 233 | # if defined(OPENSSL_HAVE_GETRANDOM) | |
| 234 | return (int)getrandom(buf, buflen, 0); | |
| 235 | # endif | |
| 236 | ||
| 237 | # if defined(__linux) && defined(SYS_getrandom) | |
| 238 | return (int)syscall(SYS_getrandom, buf, buflen, 0); | |
| 239 | # endif | |
| 240 | ||
| 241 | # if defined(__FreeBSD__) && defined(KERN_ARND) | |
| 242 | return (int)sysctl_random(buf, buflen); | |
| 243 | # endif | |
| 244 | ||
| 245 | /* Supported since OpenBSD 5.6 */ | |
| 246 | # if defined(__OpenBSD__) && OpenBSD >= 201411 | |
| 247 | return getentropy(buf, buflen); | |
| 248 | # endif | |
| 249 | ||
| 250 | return -1; | |
| 251 | } | |
| 140 | 252 | |
| 141 | 253 | /* |
| 142 | 254 | * Try the various seeding methods in turn, exit when successful. |
| 170 | 282 | if (buffer != NULL) { |
| 171 | 283 | size_t bytes = 0; |
| 172 | 284 | |
| 173 | if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed) | |
| 285 | if (syscall_random(buffer, bytes_needed) == (int)bytes_needed) | |
| 174 | 286 | bytes = bytes_needed; |
| 175 | 287 | |
| 176 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 288 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 289 | entropy_available = rand_pool_entropy_available(pool); | |
| 177 | 290 | } |
| 178 | 291 | if (entropy_available > 0) |
| 179 | 292 | return entropy_available; |
| 202 | 315 | if (fread(buffer, 1, bytes_needed, fp) == bytes_needed) |
| 203 | 316 | bytes = bytes_needed; |
| 204 | 317 | |
| 205 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 318 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 319 | entropy_available = rand_pool_entropy_available(pool); | |
| 206 | 320 | } |
| 207 | 321 | fclose(fp); |
| 208 | 322 | if (entropy_available > 0) |
| 240 | 354 | if (num == (int)bytes_needed) |
| 241 | 355 | bytes = bytes_needed; |
| 242 | 356 | |
| 243 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 357 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 358 | entropy_available = rand_pool_entropy_available(pool); | |
| 244 | 359 | } |
| 245 | 360 | if (entropy_available > 0) |
| 246 | 361 | return entropy_available; |
| 252 | 367 | # endif |
| 253 | 368 | } |
| 254 | 369 | # endif |
| 255 | ||
| 256 | #endif | |
| 370 | #endif | |
| 371 | ||
| 372 | #ifdef OPENSSL_SYS_UNIX | |
| 373 | int rand_pool_add_nonce_data(RAND_POOL *pool) | |
| 374 | { | |
| 375 | struct { | |
| 376 | pid_t pid; | |
| 377 | CRYPTO_THREAD_ID tid; | |
| 378 | uint64_t time; | |
| 379 | } data = { 0 }; | |
| 380 | ||
| 381 | /* | |
| 382 | * Add process id, thread id, and a high resolution timestamp to | |
| 383 | * ensure that the nonce is unique whith high probability for | |
| 384 | * different process instances. | |
| 385 | */ | |
| 386 | data.pid = getpid(); | |
| 387 | data.tid = CRYPTO_THREAD_get_current_id(); | |
| 388 | data.time = get_time_stamp(); | |
| 389 | ||
| 390 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 391 | } | |
| 392 | ||
| 393 | int rand_pool_add_additional_data(RAND_POOL *pool) | |
| 394 | { | |
| 395 | struct { | |
| 396 | CRYPTO_THREAD_ID tid; | |
| 397 | uint64_t time; | |
| 398 | } data = { 0 }; | |
| 399 | ||
| 400 | /* | |
| 401 | * Add some noise from the thread id and a high resolution timer. | |
| 402 | * The thread id adds a little randomness if the drbg is accessed | |
| 403 | * concurrently (which is the case for the <master> drbg). | |
| 404 | */ | |
| 405 | data.tid = CRYPTO_THREAD_get_current_id(); | |
| 406 | data.time = get_timer_bits(); | |
| 407 | ||
| 408 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 409 | } | |
| 410 | ||
| 411 | ||
| 412 | ||
| 413 | /* | |
| 414 | * Get the current time with the highest possible resolution | |
| 415 | * | |
| 416 | * The time stamp is added to the nonce, so it is optimized for not repeating. | |
| 417 | * The current time is ideal for this purpose, provided the computer's clock | |
| 418 | * is synchronized. | |
| 419 | */ | |
| 420 | static uint64_t get_time_stamp(void) | |
| 421 | { | |
| 422 | # if defined(OSSL_POSIX_TIMER_OKAY) | |
| 423 | { | |
| 424 | struct timespec ts; | |
| 425 | ||
| 426 | if (clock_gettime(CLOCK_REALTIME, &ts) == 0) | |
| 427 | return TWO32TO64(ts.tv_sec, ts.tv_nsec); | |
| 428 | } | |
| 429 | # endif | |
| 430 | # if defined(__unix__) \ | |
| 431 | || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) | |
| 432 | { | |
| 433 | struct timeval tv; | |
| 434 | ||
| 435 | if (gettimeofday(&tv, NULL) == 0) | |
| 436 | return TWO32TO64(tv.tv_sec, tv.tv_usec); | |
| 437 | } | |
| 438 | # endif | |
| 439 | return time(NULL); | |
| 440 | } | |
| 441 | ||
| 442 | /* | |
| 443 | * Get an arbitrary timer value of the highest possible resolution | |
| 444 | * | |
| 445 | * The timer value is added as random noise to the additional data, | |
| 446 | * which is not considered a trusted entropy sourec, so any result | |
| 447 | * is acceptable. | |
| 448 | */ | |
| 449 | static uint64_t get_timer_bits(void) | |
| 450 | { | |
| 451 | uint64_t res = OPENSSL_rdtsc(); | |
| 452 | ||
| 453 | if (res != 0) | |
| 454 | return res; | |
| 455 | ||
| 456 | # if defined(__sun) || defined(__hpux) | |
| 457 | return gethrtime(); | |
| 458 | # elif defined(_AIX) | |
| 459 | { | |
| 460 | timebasestruct_t t; | |
| 461 | ||
| 462 | read_wall_time(&t, TIMEBASE_SZ); | |
| 463 | return TWO32TO64(t.tb_high, t.tb_low); | |
| 464 | } | |
| 465 | # elif defined(OSSL_POSIX_TIMER_OKAY) | |
| 466 | { | |
| 467 | struct timespec ts; | |
| 468 | ||
| 469 | # ifdef CLOCK_BOOTTIME | |
| 470 | # define CLOCK_TYPE CLOCK_BOOTTIME | |
| 471 | # elif defined(_POSIX_MONOTONIC_CLOCK) | |
| 472 | # define CLOCK_TYPE CLOCK_MONOTONIC | |
| 473 | # else | |
| 474 | # define CLOCK_TYPE CLOCK_REALTIME | |
| 475 | # endif | |
| 476 | ||
| 477 | if (clock_gettime(CLOCK_TYPE, &ts) == 0) | |
| 478 | return TWO32TO64(ts.tv_sec, ts.tv_nsec); | |
| 479 | } | |
| 480 | # endif | |
| 481 | # if defined(__unix__) \ | |
| 482 | || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) | |
| 483 | { | |
| 484 | struct timeval tv; | |
| 485 | ||
| 486 | if (gettimeofday(&tv, NULL) == 0) | |
| 487 | return TWO32TO64(tv.tv_sec, tv.tv_usec); | |
| 488 | } | |
| 489 | # endif | |
| 490 | return time(NULL); | |
| 491 | } | |
| 492 | #endif | |
| 9 | 9 | #include "e_os.h" |
| 10 | 10 | |
| 11 | 11 | #if defined(OPENSSL_SYS_VMS) |
| 12 | # include <unistd.h> | |
| 13 | # include "internal/cryptlib.h" | |
| 12 | 14 | # include <openssl/rand.h> |
| 13 | 15 | # include "internal/rand_int.h" |
| 14 | 16 | # include "rand_lcl.h" |
| 54 | 56 | {0, 0} |
| 55 | 57 | }; |
| 56 | 58 | |
| 59 | /* | |
| 60 | * We assume there we get about 4 bits of entropy per byte from the items | |
| 61 | * above, with a bit of scrambling added rand_pool_acquire_entropy() | |
| 62 | */ | |
| 63 | #define ENTROPY_BITS_PER_BYTE 4 | |
| 64 | ||
| 57 | 65 | size_t rand_pool_acquire_entropy(RAND_POOL *pool) |
| 58 | 66 | { |
| 59 | 67 | /* determine the number of items in the JPI array */ |
| 60 | 68 | struct items_data_st item_entry; |
| 61 | int item_entry_count = OSSL_NELEM(items_data); | |
| 62 | /* Create the JPI itemlist array to hold item_data content */ | |
| 69 | size_t item_entry_count = OSSL_NELEM(items_data); | |
| 70 | /* Create the 32-bit JPI itemlist array to hold item_data content */ | |
| 63 | 71 | struct { |
| 64 | short length, code; | |
| 65 | int *buffer; | |
| 66 | int *retlen; | |
| 72 | uint16_t length, code; | |
| 73 | uint32_t *buffer; | |
| 74 | uint32_t *retlen; | |
| 67 | 75 | } item[item_entry_count], *pitem; |
| 68 | 76 | struct items_data_st *pitems_data; |
| 69 | int data_buffer[(item_entry_count * 2) + 4]; /* 8 bytes per entry max */ | |
| 70 | int iosb[2]; | |
| 71 | int sys_time[2]; | |
| 72 | int *ptr; | |
| 73 | int i, j ; | |
| 74 | int tmp_length = 0; | |
| 75 | int total_length = 0; | |
| 77 | /* 8 bytes (two longs) per entry max */ | |
| 78 | uint32_t data_buffer[(item_entry_count * 2) + 4]; | |
| 79 | uint32_t iosb[2]; | |
| 80 | uint32_t sys_time[2]; | |
| 81 | uint32_t *ptr; | |
| 82 | size_t i, j ; | |
| 83 | size_t tmp_length = 0; | |
| 84 | size_t total_length = 0; | |
| 85 | size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_BITS_PER_BYTE); | |
| 86 | size_t bytes_remaining = rand_pool_bytes_remaining(pool); | |
| 76 | 87 | |
| 77 | 88 | /* Setup itemlist for GETJPI */ |
| 78 | 89 | pitems_data = items_data; |
| 112 | 123 | |
| 113 | 124 | total_length += (tmp_length - 1); |
| 114 | 125 | |
| 126 | /* Change the total length to number of bytes */ | |
| 127 | total_length *= 4; | |
| 128 | ||
| 115 | 129 | /* |
| 116 | * Size of seed is total_length*4 bytes (64bytes). The original assumption | |
| 117 | * was that it contains 4 bits of entropy per byte. This makes a total | |
| 118 | * amount of total_length*16 bits (256bits). | |
| 130 | * If we can't feed the requirements from the caller, we're in deep trouble. | |
| 119 | 131 | */ |
| 120 | return rand_pool_add(pool, | |
| 121 | (PTR_T)data_buffer, total_length * 4, | |
| 122 | total_length * 16); | |
| 132 | if (!ossl_assert(total_length >= bytes_needed)) { | |
| 133 | char neededstr[20]; | |
| 134 | char availablestr[20]; | |
| 135 | ||
| 136 | BIO_snprintf(neededstr, sizeof(neededstr), "%zu", bytes_needed); | |
| 137 | BIO_snprintf(availablestr, sizeof(availablestr), "%zu", total_length); | |
| 138 | RANDerr(RAND_F_RAND_POOL_ACQUIRE_ENTROPY, | |
| 139 | RAND_R_RANDOM_POOL_UNDERFLOW); | |
| 140 | ERR_add_error_data(4, "Needed: ", neededstr, ", Available: ", | |
| 141 | availablestr); | |
| 142 | return 0; | |
| 143 | } | |
| 144 | ||
| 145 | /* | |
| 146 | * Try not to overfeed the pool | |
| 147 | */ | |
| 148 | if (total_length > bytes_remaining) | |
| 149 | total_length = bytes_remaining; | |
| 150 | ||
| 151 | rand_pool_add(pool, (PTR_T)data_buffer, total_length, | |
| 152 | total_length * ENTROPY_BITS_PER_BYTE); | |
| 153 | return rand_pool_entropy_available(pool); | |
| 154 | } | |
| 155 | ||
| 156 | int rand_pool_add_nonce_data(RAND_POOL *pool) | |
| 157 | { | |
| 158 | struct { | |
| 159 | pid_t pid; | |
| 160 | CRYPTO_THREAD_ID tid; | |
| 161 | uint64_t time; | |
| 162 | } data = { 0 }; | |
| 163 | ||
| 164 | /* | |
| 165 | * Add process id, thread id, and a high resolution timestamp to | |
| 166 | * ensure that the nonce is unique whith high probability for | |
| 167 | * different process instances. | |
| 168 | */ | |
| 169 | data.pid = getpid(); | |
| 170 | data.tid = CRYPTO_THREAD_get_current_id(); | |
| 171 | sys$gettim_prec((struct _generic_64 *)&data.time); | |
| 172 | ||
| 173 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 174 | } | |
| 175 | ||
| 176 | int rand_pool_add_additional_data(RAND_POOL *pool) | |
| 177 | { | |
| 178 | struct { | |
| 179 | CRYPTO_THREAD_ID tid; | |
| 180 | uint64_t time; | |
| 181 | } data = { 0 }; | |
| 182 | ||
| 183 | /* | |
| 184 | * Add some noise from the thread id and a high resolution timer. | |
| 185 | * The thread id adds a little randomness if the drbg is accessed | |
| 186 | * concurrently (which is the case for the <master> drbg). | |
| 187 | */ | |
| 188 | data.tid = CRYPTO_THREAD_get_current_id(); | |
| 189 | sys$gettim_prec((struct _generic_64 *)&data.time); | |
| 190 | ||
| 191 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 123 | 192 | } |
| 124 | 193 | |
| 125 | 194 | #endif |
| 69 | 69 | BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) |
| 70 | 70 | bytes = bytes_needed; |
| 71 | 71 | |
| 72 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 72 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 73 | entropy_available = rand_pool_entropy_available(pool); | |
| 73 | 74 | } |
| 74 | 75 | if (entropy_available > 0) |
| 75 | 76 | return entropy_available; |
| 87 | 88 | CryptReleaseContext(hProvider, 0); |
| 88 | 89 | } |
| 89 | 90 | |
| 90 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 91 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 92 | entropy_available = rand_pool_entropy_available(pool); | |
| 91 | 93 | } |
| 92 | 94 | if (entropy_available > 0) |
| 93 | 95 | return entropy_available; |
| 105 | 107 | |
| 106 | 108 | CryptReleaseContext(hProvider, 0); |
| 107 | 109 | } |
| 108 | entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 110 | rand_pool_add_end(pool, bytes, 8 * bytes); | |
| 111 | entropy_available = rand_pool_entropy_available(pool); | |
| 109 | 112 | } |
| 110 | 113 | if (entropy_available > 0) |
| 111 | 114 | return entropy_available; |
| 112 | 115 | # endif |
| 113 | 116 | |
| 114 | 117 | return rand_pool_entropy_available(pool); |
| 118 | } | |
| 119 | ||
| 120 | ||
| 121 | int rand_pool_add_nonce_data(RAND_POOL *pool) | |
| 122 | { | |
| 123 | struct { | |
| 124 | DWORD pid; | |
| 125 | DWORD tid; | |
| 126 | FILETIME time; | |
| 127 | } data = { 0 }; | |
| 128 | ||
| 129 | /* | |
| 130 | * Add process id, thread id, and a high resolution timestamp to | |
| 131 | * ensure that the nonce is unique whith high probability for | |
| 132 | * different process instances. | |
| 133 | */ | |
| 134 | data.pid = GetCurrentProcessId(); | |
| 135 | data.tid = GetCurrentThreadId(); | |
| 136 | GetSystemTimeAsFileTime(&data.time); | |
| 137 | ||
| 138 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 139 | } | |
| 140 | ||
| 141 | int rand_pool_add_additional_data(RAND_POOL *pool) | |
| 142 | { | |
| 143 | struct { | |
| 144 | DWORD tid; | |
| 145 | LARGE_INTEGER time; | |
| 146 | } data = { 0 }; | |
| 147 | ||
| 148 | /* | |
| 149 | * Add some noise from the thread id and a high resolution timer. | |
| 150 | * The thread id adds a little randomness if the drbg is accessed | |
| 151 | * concurrently (which is the case for the <master> drbg). | |
| 152 | */ | |
| 153 | data.tid = GetCurrentThreadId(); | |
| 154 | QueryPerformanceCounter(&data.time); | |
| 155 | return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); | |
| 115 | 156 | } |
| 116 | 157 | |
| 117 | 158 | # if OPENSSL_API_COMPAT < 0x10100000L |
| 93 | 93 | if (fstat(fileno(in), &sb) < 0) { |
| 94 | 94 | RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR); |
| 95 | 95 | ERR_add_error_data(2, "Filename=", file); |
| 96 | fclose(in); | |
| 96 | 97 | return -1; |
| 97 | 98 | } |
| 98 | 99 |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 36 | 36 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"}, |
| 37 | 37 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"}, |
| 38 | 38 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""}, |
| 39 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0), | |
| 40 | "rsa_multip_info_new"}, | |
| 39 | 41 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"}, |
| 40 | 42 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""}, |
| 41 | 43 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""}, |
| 99 | 101 | "RSA_verify_ASN1_OCTET_STRING"}, |
| 100 | 102 | {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0), |
| 101 | 103 | "RSA_verify_PKCS1_PSS_mgf1"}, |
| 104 | {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"}, | |
| 102 | 105 | {0, NULL} |
| 103 | 106 | }; |
| 104 | 107 | |
| 156 | 156 | pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); |
| 157 | 157 | prime = pinfo->r; |
| 158 | 158 | } |
| 159 | BN_set_flags(prime, BN_FLG_CONSTTIME); | |
| 159 | 160 | |
| 160 | 161 | for (;;) { |
| 161 | 162 | redo: |
| 8 | 8 | */ |
| 9 | 9 | |
| 10 | 10 | #include <openssl/bn.h> |
| 11 | #include <openssl/err.h> | |
| 11 | 12 | #include "rsa_locl.h" |
| 12 | 13 | |
| 13 | 14 | void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) |
| 31 | 32 | RSA_PRIME_INFO *pinfo; |
| 32 | 33 | |
| 33 | 34 | /* create a RSA_PRIME_INFO structure */ |
| 34 | pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO)); | |
| 35 | if (pinfo == NULL) | |
| 35 | if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) { | |
| 36 | RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE); | |
| 36 | 37 | return NULL; |
| 38 | } | |
| 37 | 39 | if ((pinfo->r = BN_secure_new()) == NULL) |
| 38 | 40 | goto err; |
| 39 | 41 | if ((pinfo->d = BN_secure_new()) == NULL) |
| 0 | 0 | /* |
| 1 | * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 100 | 100 | { |
| 101 | 101 | if (ctx->tbuf != NULL) |
| 102 | 102 | return 1; |
| 103 | ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); | |
| 104 | if (ctx->tbuf == NULL) | |
| 105 | return 0; | |
| 103 | if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) { | |
| 104 | RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE); | |
| 105 | return 0; | |
| 106 | } | |
| 106 | 107 | return 1; |
| 107 | 108 | } |
| 108 | 109 | |
| 69 | 69 | # Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable |
| 70 | 70 | # processors are presented mostly for reference purposes. |
| 71 | 71 | |
| 72 | $flavour = shift; | |
| 73 | if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } | |
| 74 | else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } | |
| 75 | ||
| 76 | if ($flavour && $flavour ne "void") { | |
| 77 | $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; | |
| 78 | ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or | |
| 79 | ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or | |
| 80 | die "can't locate arm-xlate.pl"; | |
| 81 | ||
| 82 | open STDOUT,"| \"$^X\" $xlate $flavour $output"; | |
| 83 | } else { | |
| 84 | open STDOUT,">$output"; | |
| 85 | } | |
| 86 | ||
| 72 | 87 | my @C = map("r$_",(0..9)); |
| 73 | 88 | my @E = map("r$_",(10..12,14)); |
| 74 | 89 | |
| 95 | 110 | my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35,40,45,50)); |
| 96 | 111 | |
| 97 | 112 | $code.=<<___; |
| 113 | #include "arm_arch.h" | |
| 114 | ||
| 98 | 115 | .text |
| 99 | 116 | |
| 100 | 117 | #if defined(__thumb2__) |
| 1043 | 1060 | } |
| 1044 | 1061 | |
| 1045 | 1062 | $code.=<<___; |
| 1063 | #if __ARM_MAX_ARCH__>=7 | |
| 1046 | 1064 | .fpu neon |
| 1047 | 1065 | |
| 1048 | 1066 | .type iotas64, %object |
| 1544 | 1562 | .Lsqueeze_neon_done: |
| 1545 | 1563 | ldmia sp!, {r4-r6,pc} |
| 1546 | 1564 | .size SHA3_squeeze_neon,.-SHA3_squeeze_neon |
| 1565 | #endif | |
| 1547 | 1566 | .asciz "Keccak-1600 absorb and squeeze for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>" |
| 1548 | 1567 | .align 2 |
| 1549 | 1568 | ___ |
| 1572 | 1591 | } |
| 1573 | 1592 | } |
| 1574 | 1593 | |
| 1575 | $output=pop; | |
| 1576 | open STDOUT,">$output"; | |
| 1577 | ||
| 1578 | 1594 | foreach (split($/,$code)) { |
| 1579 | 1595 | s/\`([^\`]*)\`/eval $1/ge; |
| 1580 | 1596 | |
| 1581 | 1597 | s/^\s+(ldr|str)\.([lh])\s+(r[0-9]+),\s*(\[.*)/ldrd($1,$2,$3,$4)/ge or |
| 1598 | s/\b(ror|ls[rl])\s+(r[0-9]+.*)#/mov $2$1#/g or | |
| 1582 | 1599 | s/\bret\b/bx lr/g or |
| 1583 | 1600 | s/\bbx\s+lr\b/.word\t0xe12fff1e/g; # make it possible to compile with -march=armv4 |
| 1584 | 1601 | |
| 537 | 537 | .type KeccakF1600_ce,%function |
| 538 | 538 | .align 5 |
| 539 | 539 | KeccakF1600_ce: |
| 540 | mov x9,#6 | |
| 540 | mov x9,#12 | |
| 541 | 541 | adr x10,iotas |
| 542 | 542 | b .Loop_ce |
| 543 | 543 | .align 4 |
| 544 | 544 | .Loop_ce: |
| 545 | 545 | ___ |
| 546 | for($i=0; $i<4; $i++) { | |
| 546 | for($i=0; $i<2; $i++) { | |
| 547 | 547 | $code.=<<___; |
| 548 | 548 | ////////////////////////////////////////////////// Theta |
| 549 | 549 | eor3 $C[0],$A[0][0],$A[1][0],$A[2][0] |
| 583 | 583 | eor $A[0][0],$A[0][0],$C[4] |
| 584 | 584 | ldr x11,[x10],#8 |
| 585 | 585 | |
| 586 | xar $C[1] ,$A[3][3],$C[2],#64-$rhotates[3][3] // C[1]=A[0][3] | |
| 586 | xar $C[1], $A[3][3],$C[2],#64-$rhotates[3][3] // C[1]=A[0][3] | |
| 587 | 587 | xar $A[3][3],$A[3][2],$C[6],#64-$rhotates[3][2] |
| 588 | 588 | xar $A[3][2],$A[2][1],$C[5],#64-$rhotates[2][1] |
| 589 | 589 | xar $A[2][1],$A[1][2],$C[6],#64-$rhotates[1][2] |
| 597 | 597 | xar $A[1][3],$A[3][1],$C[5],#64-$rhotates[3][1] |
| 598 | 598 | xar $A[3][1],$A[1][0],$C[4],#64-$rhotates[1][0] |
| 599 | 599 | |
| 600 | xar $A[1][0],$A[0][3],$C[2],#64-$rhotates[0][3] // * | |
| 600 | xar $C[2], $A[0][3],$C[2],#64-$rhotates[0][3] // C[2]=A[1][0] | |
| 601 | 601 | |
| 602 | 602 | ////////////////////////////////////////////////// Chi+Iota |
| 603 | 603 | dup $C[6],x11 // borrow C[6] |
| 607 | 607 | bcax $A[0][3],$C[1], $A[0][0],$A[0][4] |
| 608 | 608 | bcax $A[0][4],$A[0][4],$C[0], $A[0][0] |
| 609 | 609 | |
| 610 | bcax $C[0], $A[1][0],$A[1][2],$A[1][1] // * | |
| 611 | bcax $C[1], $A[1][1],$A[1][3],$A[1][2] // * | |
| 610 | bcax $A[1][0],$C[2], $A[1][2],$A[1][1] // * | |
| 611 | bcax $C[0], $A[1][1],$A[1][3],$A[1][2] // * | |
| 612 | 612 | bcax $A[1][2],$A[1][2],$A[1][4],$A[1][3] |
| 613 | bcax $A[1][3],$A[1][3],$A[1][0],$A[1][4] | |
| 614 | bcax $A[1][4],$A[1][4],$A[1][1],$A[1][0] | |
| 613 | bcax $A[1][3],$A[1][3],$C[2], $A[1][4] | |
| 614 | bcax $A[1][4],$A[1][4],$A[1][1],$C[2] | |
| 615 | 615 | |
| 616 | 616 | eor $A[0][0],$C[3],$C[6] // Iota |
| 617 | 617 | |
| 618 | bcax $C[2], $A[2][0],$A[2][2],$A[2][1] // * | |
| 619 | bcax $C[3], $A[2][1],$A[2][3],$A[2][2] // * | |
| 618 | bcax $C[1], $A[2][0],$A[2][2],$A[2][1] // * | |
| 619 | bcax $C[2], $A[2][1],$A[2][3],$A[2][2] // * | |
| 620 | 620 | bcax $A[2][2],$A[2][2],$A[2][4],$A[2][3] |
| 621 | 621 | bcax $A[2][3],$A[2][3],$A[2][0],$A[2][4] |
| 622 | 622 | bcax $A[2][4],$A[2][4],$A[2][1],$A[2][0] |
| 623 | 623 | |
| 624 | bcax $A[2][0],$A[3][0],$A[3][2],$A[3][1] // * | |
| 625 | bcax $A[2][1],$A[3][1],$A[3][3],$A[3][2] // * | |
| 624 | bcax $C[3], $A[3][0],$A[3][2],$A[3][1] // * | |
| 625 | bcax $C[4], $A[3][1],$A[3][3],$A[3][2] // * | |
| 626 | 626 | bcax $A[3][2],$A[3][2],$A[3][4],$A[3][3] |
| 627 | 627 | bcax $A[3][3],$A[3][3],$A[3][0],$A[3][4] |
| 628 | 628 | bcax $A[3][4],$A[3][4],$A[3][1],$A[3][0] |
| 629 | 629 | |
| 630 | bcax $A[3][0],$A[4][0],$A[4][2],$A[4][1] // * | |
| 631 | bcax $A[3][1],$A[4][1],$A[4][3],$A[4][2] // * | |
| 630 | bcax $C[5], $A[4][0],$A[4][2],$A[4][1] // * | |
| 631 | bcax $C[6], $A[4][1],$A[4][3],$A[4][2] // * | |
| 632 | 632 | bcax $A[4][2],$A[4][2],$A[4][4],$A[4][3] |
| 633 | 633 | bcax $A[4][3],$A[4][3],$A[4][0],$A[4][4] |
| 634 | 634 | bcax $A[4][4],$A[4][4],$A[4][1],$A[4][0] |
| 635 | 635 | ___ |
| 636 | ($A[1][0],$A[1][1], $C[0],$C[1]) | |
| 637 | = ($C[0],$C[1], $A[1][0],$A[1][1]); | |
| 638 | ($A[2][0],$A[2][1], $A[3][0],$A[3][1], $A[4][0],$A[4][1], $C[2],$C[3]) | |
| 639 | = ($C[2],$C[3], $A[2][0],$A[2][1], $A[3][0],$A[3][1], $A[4][0],$A[4][1]); | |
| 636 | ( $A[1][1], $C[0]) = ( $C[0], $A[1][1]); | |
| 637 | ($A[2][0],$A[2][1], $C[1],$C[2]) = ($C[1],$C[2], $A[2][0],$A[2][1]); | |
| 638 | ($A[3][0],$A[3][1], $C[3],$C[4]) = ($C[3],$C[4], $A[3][0],$A[3][1]); | |
| 639 | ($A[4][0],$A[4][1], $C[5],$C[6]) = ($C[5],$C[6], $A[4][0],$A[4][1]); | |
| 640 | 640 | } |
| 641 | 641 | $code.=<<___; |
| 642 | 642 | subs x9,x9,#1 |
| 0 | 0 | #!/usr/bin/env perl |
| 1 | # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 80 | 80 | $code.=<<___; |
| 81 | 81 | .text |
| 82 | 82 | |
| 83 | .type __KeccakF1600,\@function | |
| 83 | .type __KeccakF1600,\@abi-omnipotent | |
| 84 | 84 | .align 32 |
| 85 | 85 | __KeccakF1600: |
| 86 | 86 | mov $A[4][0](%rdi),@C[0] |
| 344 | 344 | .size __KeccakF1600,.-__KeccakF1600 |
| 345 | 345 | |
| 346 | 346 | .globl KeccakF1600 |
| 347 | .type KeccakF1600,\@function | |
| 347 | .type KeccakF1600,\@abi-omnipotent | |
| 348 | 348 | .align 32 |
| 349 | 349 | KeccakF1600: |
| 350 | 350 | .cfi_startproc |
| 409 | 409 | ($A_flat,$inp) = ("%r8","%r9"); |
| 410 | 410 | $code.=<<___; |
| 411 | 411 | .globl SHA3_absorb |
| 412 | .type SHA3_absorb,\@function | |
| 412 | .type SHA3_absorb,\@function,4 | |
| 413 | 413 | .align 32 |
| 414 | 414 | SHA3_absorb: |
| 415 | 415 | .cfi_startproc |
| 504 | 504 | |
| 505 | 505 | $code.=<<___; |
| 506 | 506 | .globl SHA3_squeeze |
| 507 | .type SHA3_squeeze,\@function | |
| 507 | .type SHA3_squeeze,\@function,4 | |
| 508 | 508 | .align 32 |
| 509 | 509 | SHA3_squeeze: |
| 510 | 510 | .cfi_startproc |
| 0 | 0 | LIBS=../../libcrypto |
| 1 | 1 | SOURCE[../../libcrypto]=\ |
| 2 | 2 | sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \ |
| 3 | keccak1600.c | |
| 3 | {- $target{keccak1600_asm_src} -} | |
| 4 | 4 | |
| 5 | 5 | GENERATE[sha1-586.s]=asm/sha1-586.pl \ |
| 6 | 6 | $(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR) |
| 23 | 23 | GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME) |
| 24 | 24 | GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl $(PERLASM_SCHEME) |
| 25 | 25 | GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl $(PERLASM_SCHEME) |
| 26 | GENERATE[keccak1600-x86_64.s]=asm/keccak1600-x86_64.pl $(PERLASM_SCHEME) | |
| 26 | 27 | |
| 27 | 28 | GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl $(PERLASM_SCHEME) |
| 28 | 29 | INCLUDE[sha1-sparcv9.o]=.. |
| 36 | 37 | GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl $(PERLASM_SCHEME) |
| 37 | 38 | GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME) |
| 38 | 39 | GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl $(PERLASM_SCHEME) |
| 40 | GENERATE[keccak1600-ppc64.s]=asm/keccak1600-ppc64.pl $(PERLASM_SCHEME) | |
| 39 | 41 | |
| 40 | 42 | GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl $(PERLASM_SCHEME) |
| 41 | 43 | GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl $(PERLASM_SCHEME) |
| 54 | 56 | INCLUDE[sha256-armv4.o]=.. |
| 55 | 57 | GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl $(PERLASM_SCHEME) |
| 56 | 58 | INCLUDE[sha512-armv4.o]=.. |
| 59 | GENERATE[keccak1600-armv4.S]=asm/keccak1600-armv4.pl $(PERLASM_SCHEME) | |
| 60 | INCLUDE[keccak1600-armv4.o]=.. | |
| 57 | 61 | |
| 58 | 62 | GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl $(PERLASM_SCHEME) |
| 59 | 63 | INCLUDE[sha1-armv8.o]=.. |
| 61 | 65 | INCLUDE[sha256-armv8.o]=.. |
| 62 | 66 | GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME) |
| 63 | 67 | INCLUDE[sha512-armv8.o]=.. |
| 68 | GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl $(PERLASM_SCHEME) | |
| 64 | 69 | |
| 65 | 70 | GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl $(PERLASM_SCHEME) |
| 66 | 71 | INCLUDE[sha1-s390x.o]=.. |
| 68 | 73 | INCLUDE[sha256-s390x.o]=.. |
| 69 | 74 | GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME) |
| 70 | 75 | INCLUDE[sha512-s390x.o]=.. |
| 76 | GENERATE[keccak1600-s390x.S]=asm/keccak1600-s390x.pl $(PERLASM_SCHEME) | |
| 71 | 77 | |
| 72 | 78 | BEGINRAW[Makefile(unix)] |
| 73 | 79 | ##### SHA assembler implementations |
| 0 | 0 | /* |
| 1 | * Copyright 2007-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 11 | 11 | #include <openssl/x509.h> |
| 12 | 12 | #include <openssl/x509v3.h> |
| 13 | 13 | #include <openssl/evp.h> |
| 14 | #include <openssl/err.h> | |
| 14 | 15 | #include "internal/siphash.h" |
| 15 | 16 | #include "siphash_local.h" |
| 16 | 17 | #include "internal/evp_int.h" |
| 26 | 27 | { |
| 27 | 28 | SIPHASH_PKEY_CTX *pctx; |
| 28 | 29 | |
| 29 | pctx = OPENSSL_zalloc(sizeof(*pctx)); | |
| 30 | if (pctx == NULL) | |
| 31 | return 0; | |
| 30 | if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { | |
| 31 | CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE); | |
| 32 | return 0; | |
| 33 | } | |
| 32 | 34 | pctx->ktmp.type = V_ASN1_OCTET_STRING; |
| 33 | 35 | |
| 34 | 36 | EVP_PKEY_CTX_set_data(ctx, pctx); |
| 278 | 278 | |
| 279 | 279 | *siglen = i2d_ECDSA_SIG(s, &sig); |
| 280 | 280 | |
| 281 | ECDSA_SIG_free(s); | |
| 282 | ||
| 283 | ret = 0; | |
| 281 | ret = 1; | |
| 284 | 282 | |
| 285 | 283 | done: |
| 286 | 284 | ECDSA_SIG_free(s); |
| 12 | 12 | |
| 13 | 13 | #ifndef OPENSSL_NO_SRP |
| 14 | 14 | # include "internal/cryptlib.h" |
| 15 | # include "internal/evp_int.h" | |
| 15 | 16 | # include <openssl/sha.h> |
| 16 | 17 | # include <openssl/srp.h> |
| 17 | 18 | # include <openssl/evp.h> |
| 18 | 19 | # include <openssl/buffer.h> |
| 19 | 20 | # include <openssl/rand.h> |
| 20 | 21 | # include <openssl/txt_db.h> |
| 22 | # include <openssl/err.h> | |
| 21 | 23 | |
| 22 | 24 | # define SRP_RANDOM_SALT_LEN 20 |
| 23 | 25 | # define MAX_LEN 2500 |
| 24 | 26 | |
| 25 | 27 | /* |
| 28 | * Note that SRP uses its own variant of base 64 encoding. A different base64 | |
| 29 | * alphabet is used and no padding '=' characters are added. Instead we pad to | |
| 30 | * the front with 0 bytes and subsequently strip off leading encoded padding. | |
| 31 | * This variant is used for compatibility with other SRP implementations - | |
| 32 | * notably libsrp, but also others. It is also required for backwards | |
| 33 | * compatibility in order to load verifier files from other OpenSSL versions. | |
| 34 | */ | |
| 35 | ||
| 36 | /* | |
| 26 | 37 | * Convert a base64 string into raw byte array representation. |
| 38 | * Returns the length of the decoded data, or -1 on error. | |
| 27 | 39 | */ |
| 28 | 40 | static int t_fromb64(unsigned char *a, size_t alen, const char *src) |
| 29 | 41 | { |
| 30 | size_t size = strlen(src); | |
| 42 | EVP_ENCODE_CTX *ctx; | |
| 43 | int outl = 0, outl2 = 0; | |
| 44 | size_t size, padsize; | |
| 45 | const unsigned char *pad = (const unsigned char *)"00"; | |
| 46 | ||
| 47 | while (*src == ' ' || *src == '\t' || *src == '\n') | |
| 48 | ++src; | |
| 49 | size = strlen(src); | |
| 50 | padsize = 4 - (size & 3); | |
| 51 | padsize &= 3; | |
| 31 | 52 | |
| 32 | 53 | /* Four bytes in src become three bytes output. */ |
| 33 | if (size > INT_MAX || (size / 4) * 3 > alen) | |
| 54 | if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) | |
| 34 | 55 | return -1; |
| 35 | 56 | |
| 36 | return EVP_DecodeBlock(a, (unsigned char *)src, (int)size); | |
| 57 | ctx = EVP_ENCODE_CTX_new(); | |
| 58 | if (ctx == NULL) | |
| 59 | return -1; | |
| 60 | ||
| 61 | /* | |
| 62 | * This should never occur because 1 byte of data always requires 2 bytes of | |
| 63 | * encoding, i.e. | |
| 64 | * 0 bytes unencoded = 0 bytes encoded | |
| 65 | * 1 byte unencoded = 2 bytes encoded | |
| 66 | * 2 bytes unencoded = 3 bytes encoded | |
| 67 | * 3 bytes unencoded = 4 bytes encoded | |
| 68 | * 4 bytes unencoded = 6 bytes encoded | |
| 69 | * etc | |
| 70 | */ | |
| 71 | if (padsize == 3) { | |
| 72 | outl = -1; | |
| 73 | goto err; | |
| 74 | } | |
| 75 | ||
| 76 | /* Valid padsize values are now 0, 1 or 2 */ | |
| 77 | ||
| 78 | EVP_DecodeInit(ctx); | |
| 79 | evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); | |
| 80 | ||
| 81 | /* Add any encoded padding that is required */ | |
| 82 | if (padsize != 0 | |
| 83 | && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { | |
| 84 | outl = -1; | |
| 85 | goto err; | |
| 86 | } | |
| 87 | if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { | |
| 88 | outl = -1; | |
| 89 | goto err; | |
| 90 | } | |
| 91 | outl += outl2; | |
| 92 | EVP_DecodeFinal(ctx, a + outl, &outl2); | |
| 93 | outl += outl2; | |
| 94 | ||
| 95 | /* Strip off the leading padding */ | |
| 96 | if (padsize != 0) { | |
| 97 | if ((int)padsize >= outl) { | |
| 98 | outl = -1; | |
| 99 | goto err; | |
| 100 | } | |
| 101 | ||
| 102 | /* | |
| 103 | * If we added 1 byte of padding prior to encoding then we have 2 bytes | |
| 104 | * of "real" data which gets spread across 4 encoded bytes like this: | |
| 105 | * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) | |
| 106 | * So 1 byte of pre-encoding padding results in 1 full byte of encoded | |
| 107 | * padding. | |
| 108 | * If we added 2 bytes of padding prior to encoding this gets encoded | |
| 109 | * as: | |
| 110 | * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) | |
| 111 | * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded | |
| 112 | * padding, i.e. we have to strip the same number of bytes of padding | |
| 113 | * from the encoded data as we added to the pre-encoded data. | |
| 114 | */ | |
| 115 | memmove(a, a + padsize, outl - padsize); | |
| 116 | outl -= padsize; | |
| 117 | } | |
| 118 | ||
| 119 | err: | |
| 120 | EVP_ENCODE_CTX_free(ctx); | |
| 121 | ||
| 122 | return outl; | |
| 37 | 123 | } |
| 38 | 124 | |
| 39 | 125 | /* |
| 40 | 126 | * Convert a raw byte string into a null-terminated base64 ASCII string. |
| 41 | */ | |
| 42 | static void t_tob64(char *dst, const unsigned char *src, int size) | |
| 43 | { | |
| 44 | EVP_EncodeBlock((unsigned char *)dst, src, size); | |
| 127 | * Returns 1 on success or 0 on error. | |
| 128 | */ | |
| 129 | static int t_tob64(char *dst, const unsigned char *src, int size) | |
| 130 | { | |
| 131 | EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); | |
| 132 | int outl = 0, outl2 = 0; | |
| 133 | unsigned char pad[2] = {0, 0}; | |
| 134 | size_t leadz = 0; | |
| 135 | ||
| 136 | if (ctx == NULL) | |
| 137 | return 0; | |
| 138 | ||
| 139 | EVP_EncodeInit(ctx); | |
| 140 | evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES | |
| 141 | | EVP_ENCODE_CTX_USE_SRP_ALPHABET); | |
| 142 | ||
| 143 | /* | |
| 144 | * We pad at the front with zero bytes until the length is a multiple of 3 | |
| 145 | * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" | |
| 146 | * padding | |
| 147 | */ | |
| 148 | leadz = 3 - (size % 3); | |
| 149 | if (leadz != 3 | |
| 150 | && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, | |
| 151 | leadz)) { | |
| 152 | EVP_ENCODE_CTX_free(ctx); | |
| 153 | return 0; | |
| 154 | } | |
| 155 | ||
| 156 | if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, | |
| 157 | size)) { | |
| 158 | EVP_ENCODE_CTX_free(ctx); | |
| 159 | return 0; | |
| 160 | } | |
| 161 | outl += outl2; | |
| 162 | EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); | |
| 163 | outl += outl2; | |
| 164 | ||
| 165 | /* Strip the encoded padding at the front */ | |
| 166 | if (leadz != 3) { | |
| 167 | memmove(dst, dst + leadz, outl - leadz); | |
| 168 | dst[outl - leadz] = '\0'; | |
| 169 | } | |
| 170 | ||
| 171 | EVP_ENCODE_CTX_free(ctx); | |
| 172 | return 1; | |
| 45 | 173 | } |
| 46 | 174 | |
| 47 | 175 | void SRP_user_pwd_free(SRP_user_pwd *user_pwd) |
| 57 | 185 | |
| 58 | 186 | static SRP_user_pwd *SRP_user_pwd_new(void) |
| 59 | 187 | { |
| 60 | SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret)); | |
| 61 | if (ret == NULL) | |
| 62 | return NULL; | |
| 188 | SRP_user_pwd *ret; | |
| 189 | ||
| 190 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { | |
| 191 | /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ | |
| 192 | return NULL; | |
| 193 | } | |
| 63 | 194 | ret->N = NULL; |
| 64 | 195 | ret->g = NULL; |
| 65 | 196 | ret->s = NULL; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 45 | 45 | { |
| 46 | 46 | OPENSSL_STACK *ret; |
| 47 | 47 | |
| 48 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) | |
| 49 | return NULL; | |
| 48 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { | |
| 49 | CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE); | |
| 50 | return NULL; | |
| 51 | } | |
| 50 | 52 | |
| 51 | 53 | /* direct structure assignment */ |
| 52 | 54 | *ret = *sk; |
| 74 | 76 | OPENSSL_STACK *ret; |
| 75 | 77 | int i; |
| 76 | 78 | |
| 77 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) | |
| 78 | return NULL; | |
| 79 | if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { | |
| 80 | CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE); | |
| 81 | return NULL; | |
| 82 | } | |
| 79 | 83 | |
| 80 | 84 | /* direct structure assignment */ |
| 81 | 85 | *ret = *sk; |
| 172 | 176 | * At this point, |st->num_alloc| and |st->num| are 0; |
| 173 | 177 | * so |num_alloc| value is |n| or |min_nodes| if greater than |n|. |
| 174 | 178 | */ |
| 175 | st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc); | |
| 176 | if (st->data == NULL) | |
| 179 | if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) { | |
| 180 | CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE); | |
| 177 | 181 | return 0; |
| 182 | } | |
| 178 | 183 | st->num_alloc = num_alloc; |
| 179 | 184 | return 1; |
| 180 | 185 | } |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 13 | 13 | |
| 14 | 14 | CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) |
| 15 | 15 | { |
| 16 | CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int)); | |
| 17 | if (lock == NULL) | |
| 16 | CRYPTO_RWLOCK *lock; | |
| 17 | ||
| 18 | if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) { | |
| 19 | /* Don't set error, to avoid recursion blowup. */ | |
| 18 | 20 | return NULL; |
| 21 | } | |
| 19 | 22 | |
| 20 | 23 | *(unsigned int *)lock = 1; |
| 21 | 24 | |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 18 | 18 | CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) |
| 19 | 19 | { |
| 20 | 20 | # ifdef USE_RWLOCK |
| 21 | CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t)); | |
| 22 | if (lock == NULL) | |
| 23 | return NULL; | |
| 21 | CRYPTO_RWLOCK *lock; | |
| 22 | ||
| 23 | if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) { | |
| 24 | /* Don't set error, to avoid recursion blowup. */ | |
| 25 | return NULL; | |
| 26 | } | |
| 24 | 27 | |
| 25 | 28 | if (pthread_rwlock_init(lock, NULL) != 0) { |
| 26 | 29 | OPENSSL_free(lock); |
| 28 | 31 | } |
| 29 | 32 | # else |
| 30 | 33 | pthread_mutexattr_t attr; |
| 31 | CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t)); | |
| 32 | if (lock == NULL) | |
| 33 | return NULL; | |
| 34 | CRYPTO_RWLOCK *lock; | |
| 35 | ||
| 36 | if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) { | |
| 37 | /* Don't set error, to avoid recursion blowup. */ | |
| 38 | return NULL; | |
| 39 | } | |
| 34 | 40 | |
| 35 | 41 | pthread_mutexattr_init(&attr); |
| 36 | 42 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 16 | 16 | |
| 17 | 17 | CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) |
| 18 | 18 | { |
| 19 | CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION)); | |
| 20 | if (lock == NULL) | |
| 19 | CRYPTO_RWLOCK *lock; | |
| 20 | ||
| 21 | if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { | |
| 22 | /* Don't set error, to avoid recursion blowup. */ | |
| 21 | 23 | return NULL; |
| 24 | } | |
| 22 | 25 | |
| 23 | 26 | /* 0x400 is the spin count value suggested in the documentation */ |
| 24 | 27 | if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 21 | 21 | "general_allocate_prompt"}, |
| 22 | 22 | {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"}, |
| 23 | 23 | {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"}, |
| 24 | {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"}, | |
| 24 | 25 | {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"}, |
| 25 | 26 | {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"}, |
| 26 | 27 | {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"}, |
| 0 | 0 | /* |
| 1 | * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 373 | 373 | len += sizeof(prompt2) - 1 + strlen(object_name); |
| 374 | 374 | len += sizeof(prompt3) - 1; |
| 375 | 375 | |
| 376 | prompt = OPENSSL_malloc(len + 1); | |
| 377 | if (prompt == NULL) | |
| 376 | if ((prompt = OPENSSL_malloc(len + 1)) == NULL) { | |
| 377 | UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE); | |
| 378 | 378 | return NULL; |
| 379 | } | |
| 379 | 380 | OPENSSL_strlcpy(prompt, prompt1, len + 1); |
| 380 | 381 | OPENSSL_strlcat(prompt, object_desc, len + 1); |
| 381 | 382 | if (object_name != NULL) { |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 47 | 47 | X509_NAME *name, X509_OBJECT *ret); |
| 48 | 48 | static X509_LOOKUP_METHOD x509_dir_lookup = { |
| 49 | 49 | "Load certs from files in a directory", |
| 50 | new_dir, /* new */ | |
| 50 | new_dir, /* new_item */ | |
| 51 | 51 | free_dir, /* free */ |
| 52 | 52 | NULL, /* init */ |
| 53 | 53 | NULL, /* shutdown */ |
| 67 | 67 | char **retp) |
| 68 | 68 | { |
| 69 | 69 | int ret = 0; |
| 70 | BY_DIR *ld; | |
| 71 | char *dir = NULL; | |
| 72 | ||
| 73 | ld = (BY_DIR *)ctx->method_data; | |
| 70 | BY_DIR *ld = (BY_DIR *)ctx->method_data; | |
| 74 | 71 | |
| 75 | 72 | switch (cmd) { |
| 76 | 73 | case X509_L_ADD_DIR: |
| 77 | 74 | if (argl == X509_FILETYPE_DEFAULT) { |
| 78 | dir = (char *)getenv(X509_get_default_cert_dir_env()); | |
| 75 | const char *dir = getenv(X509_get_default_cert_dir_env()); | |
| 76 | ||
| 79 | 77 | if (dir) |
| 80 | 78 | ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); |
| 81 | 79 | else |
| 93 | 91 | |
| 94 | 92 | static int new_dir(X509_LOOKUP *lu) |
| 95 | 93 | { |
| 96 | BY_DIR *a; | |
| 97 | ||
| 98 | if ((a = OPENSSL_malloc(sizeof(*a))) == NULL) | |
| 94 | BY_DIR *a = OPENSSL_malloc(sizeof(*a)); | |
| 95 | ||
| 96 | if (a == NULL) { | |
| 97 | X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); | |
| 99 | 98 | return 0; |
| 99 | } | |
| 100 | ||
| 100 | 101 | if ((a->buffer = BUF_MEM_new()) == NULL) { |
| 101 | OPENSSL_free(a); | |
| 102 | return 0; | |
| 102 | X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); | |
| 103 | goto err; | |
| 103 | 104 | } |
| 104 | 105 | a->dirs = NULL; |
| 105 | 106 | a->lock = CRYPTO_THREAD_lock_new(); |
| 106 | 107 | if (a->lock == NULL) { |
| 107 | 108 | BUF_MEM_free(a->buffer); |
| 108 | OPENSSL_free(a); | |
| 109 | return 0; | |
| 109 | X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE); | |
| 110 | goto err; | |
| 110 | 111 | } |
| 111 | 112 | lu->method_data = (char *)a; |
| 112 | 113 | return 1; |
| 114 | ||
| 115 | err: | |
| 116 | OPENSSL_free(a); | |
| 117 | return 0; | |
| 113 | 118 | } |
| 114 | 119 | |
| 115 | 120 | static void by_dir_hash_free(BY_DIR_HASH *hash) |
| 136 | 141 | |
| 137 | 142 | static void free_dir(X509_LOOKUP *lu) |
| 138 | 143 | { |
| 139 | BY_DIR *a; | |
| 140 | ||
| 141 | a = (BY_DIR *)lu->method_data; | |
| 144 | BY_DIR *a = (BY_DIR *)lu->method_data; | |
| 145 | ||
| 142 | 146 | sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); |
| 143 | 147 | BUF_MEM_free(a->buffer); |
| 144 | 148 | CRYPTO_THREAD_lock_free(a->lock); |
| 161 | 165 | do { |
| 162 | 166 | if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { |
| 163 | 167 | BY_DIR_ENTRY *ent; |
| 168 | ||
| 164 | 169 | ss = s; |
| 165 | 170 | s = p + 1; |
| 166 | 171 | len = p - ss; |
| 181 | 186 | } |
| 182 | 187 | } |
| 183 | 188 | ent = OPENSSL_malloc(sizeof(*ent)); |
| 184 | if (ent == NULL) | |
| 189 | if (ent == NULL) { | |
| 190 | X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); | |
| 185 | 191 | return 0; |
| 192 | } | |
| 186 | 193 | ent->dir_type = type; |
| 187 | 194 | ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); |
| 188 | 195 | ent->dir = OPENSSL_strndup(ss, len); |
| 192 | 199 | } |
| 193 | 200 | if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { |
| 194 | 201 | by_dir_entry_free(ent); |
| 202 | X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); | |
| 195 | 203 | return 0; |
| 196 | 204 | } |
| 197 | 205 | } |
| 243 | 251 | BY_DIR_ENTRY *ent; |
| 244 | 252 | int idx; |
| 245 | 253 | BY_DIR_HASH htmp, *hent; |
| 254 | ||
| 246 | 255 | ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); |
| 247 | 256 | j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; |
| 248 | 257 | if (!BUF_MEM_grow(b, j)) { |
| 339 | 348 | if (idx >= 0) |
| 340 | 349 | hent = sk_BY_DIR_HASH_value(ent->hashes, idx); |
| 341 | 350 | } |
| 342 | if (!hent) { | |
| 351 | if (hent == NULL) { | |
| 343 | 352 | hent = OPENSSL_malloc(sizeof(*hent)); |
| 344 | 353 | if (hent == NULL) { |
| 345 | 354 | CRYPTO_THREAD_unlock(ctx->lock); |
| 352 | 361 | if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { |
| 353 | 362 | CRYPTO_THREAD_unlock(ctx->lock); |
| 354 | 363 | OPENSSL_free(hent); |
| 364 | X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); | |
| 355 | 365 | ok = 0; |
| 356 | 366 | goto finish; |
| 357 | 367 | } |
| 374 | 384 | */ |
| 375 | 385 | ERR_clear_error(); |
| 376 | 386 | |
| 377 | /* | |
| 378 | * If we were going to up the reference count, we would need to | |
| 379 | * do it on a perl 'type' basis | |
| 380 | */ | |
| 381 | /*- CRYPTO_add(&tmp->data.x509->references,1, | |
| 382 | CRYPTO_LOCK_X509);*/ | |
| 383 | 387 | goto finish; |
| 384 | 388 | } |
| 385 | 389 | } |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 20 | 20 | long argl, char **ret); |
| 21 | 21 | static X509_LOOKUP_METHOD x509_file_lookup = { |
| 22 | 22 | "Load file into cache", |
| 23 | NULL, /* new */ | |
| 23 | NULL, /* new_item */ | |
| 24 | 24 | NULL, /* free */ |
| 25 | 25 | NULL, /* init */ |
| 26 | 26 | NULL, /* shutdown */ |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 23 | 23 | {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"}, |
| 24 | 24 | {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0), |
| 25 | 25 | "get_cert_by_subject"}, |
| 26 | {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"}, | |
| 27 | {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"}, | |
| 26 | 28 | {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0), |
| 27 | 29 | "NETSCAPE_SPKI_b64_decode"}, |
| 28 | 30 | {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0), |
| 29 | 31 | "NETSCAPE_SPKI_b64_encode"}, |
| 32 | {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"}, | |
| 30 | 33 | {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"}, |
| 31 | 34 | {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"}, |
| 32 | 35 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0), |
| 42 | 45 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0), |
| 43 | 46 | "X509_check_private_key"}, |
| 44 | 47 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"}, |
| 48 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0), | |
| 49 | "X509_CRL_METHOD_new"}, | |
| 45 | 50 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"}, |
| 46 | 51 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0), |
| 47 | 52 | "X509_EXTENSION_create_by_NID"}, |
| 55 | 60 | "X509_load_cert_file"}, |
| 56 | 61 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0), |
| 57 | 62 | "X509_load_crl_file"}, |
| 63 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"}, | |
| 58 | 64 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0), |
| 59 | 65 | "X509_NAME_add_entry"}, |
| 66 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"}, | |
| 60 | 67 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0), |
| 61 | 68 | "X509_NAME_ENTRY_create_by_NID"}, |
| 62 | 69 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0), |
| 80 | 87 | "X509_STORE_add_cert"}, |
| 81 | 88 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0), |
| 82 | 89 | "X509_STORE_add_crl"}, |
| 90 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0), | |
| 91 | "X509_STORE_add_lookup"}, | |
| 83 | 92 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0), |
| 84 | 93 | "X509_STORE_CTX_get1_issuer"}, |
| 85 | 94 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0), |
| 88 | 97 | "X509_STORE_CTX_new"}, |
| 89 | 98 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0), |
| 90 | 99 | "X509_STORE_CTX_purpose_inherit"}, |
| 100 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"}, | |
| 91 | 101 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"}, |
| 92 | 102 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"}, |
| 93 | 103 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"}, |
| 94 | 104 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"}, |
| 105 | {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0), | |
| 106 | "X509_VERIFY_PARAM_new"}, | |
| 95 | 107 | {0, NULL} |
| 96 | 108 | }; |
| 97 | 109 | |
| 16 | 16 | |
| 17 | 17 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) |
| 18 | 18 | { |
| 19 | X509_LOOKUP *ret; | |
| 20 | ||
| 21 | ret = OPENSSL_zalloc(sizeof(*ret)); | |
| 22 | if (ret == NULL) | |
| 23 | return NULL; | |
| 19 | X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret)); | |
| 20 | ||
| 21 | if (ret == NULL) { | |
| 22 | X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE); | |
| 23 | return NULL; | |
| 24 | } | |
| 24 | 25 | |
| 25 | 26 | ret->method = method; |
| 26 | if ((method->new_item != NULL) && !method->new_item(ret)) { | |
| 27 | if (method->new_item != NULL && method->new_item(ret) == 0) { | |
| 27 | 28 | OPENSSL_free(ret); |
| 28 | 29 | return NULL; |
| 29 | 30 | } |
| 140 | 141 | |
| 141 | 142 | X509_STORE *X509_STORE_new(void) |
| 142 | 143 | { |
| 143 | X509_STORE *ret; | |
| 144 | ||
| 145 | if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) | |
| 146 | return NULL; | |
| 147 | if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) | |
| 144 | X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); | |
| 145 | ||
| 146 | if (ret == NULL) { | |
| 147 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 148 | return NULL; | |
| 149 | } | |
| 150 | if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { | |
| 151 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 148 | 152 | goto err; |
| 153 | } | |
| 149 | 154 | ret->cache = 1; |
| 150 | if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) | |
| 155 | if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) { | |
| 156 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 151 | 157 | goto err; |
| 152 | ||
| 153 | if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) | |
| 158 | } | |
| 159 | ||
| 160 | if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { | |
| 161 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 154 | 162 | goto err; |
| 155 | ||
| 156 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) | |
| 163 | } | |
| 164 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { | |
| 165 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 157 | 166 | goto err; |
| 167 | } | |
| 158 | 168 | |
| 159 | 169 | ret->lock = CRYPTO_THREAD_lock_new(); |
| 160 | if (ret->lock == NULL) | |
| 170 | if (ret->lock == NULL) { | |
| 171 | X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE); | |
| 161 | 172 | goto err; |
| 173 | } | |
| 162 | 174 | |
| 163 | 175 | ret->references = 1; |
| 164 | 176 | return ret; |
| 227 | 239 | } |
| 228 | 240 | /* a new one */ |
| 229 | 241 | lu = X509_LOOKUP_new(m); |
| 230 | if (lu == NULL) | |
| 231 | return NULL; | |
| 232 | else { | |
| 233 | lu->store_ctx = v; | |
| 234 | if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) | |
| 235 | return lu; | |
| 236 | else { | |
| 237 | X509_LOOKUP_free(lu); | |
| 238 | return NULL; | |
| 239 | } | |
| 240 | } | |
| 242 | if (lu == NULL) { | |
| 243 | X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); | |
| 244 | return NULL; | |
| 245 | } | |
| 246 | ||
| 247 | lu->store_ctx = v; | |
| 248 | if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) | |
| 249 | return lu; | |
| 250 | /* malloc failed */ | |
| 251 | X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE); | |
| 252 | X509_LOOKUP_free(lu); | |
| 253 | return NULL; | |
| 241 | 254 | } |
| 242 | 255 | |
| 243 | 256 | X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, |
| 262 | 275 | X509_LOOKUP *lu; |
| 263 | 276 | X509_OBJECT stmp, *tmp; |
| 264 | 277 | int i, j; |
| 278 | ||
| 279 | if (ctx == NULL) | |
| 280 | return 0; | |
| 265 | 281 | |
| 266 | 282 | CRYPTO_THREAD_write_lock(ctx->lock); |
| 267 | 283 | tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); |
| 471 | 487 | STACK_OF(X509) *sk = NULL; |
| 472 | 488 | X509 *x; |
| 473 | 489 | X509_OBJECT *obj; |
| 490 | ||
| 491 | if (ctx->ctx == NULL) | |
| 492 | return NULL; | |
| 474 | 493 | |
| 475 | 494 | CRYPTO_THREAD_write_lock(ctx->ctx->lock); |
| 476 | 495 | idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); |
| 521 | 540 | X509_OBJECT *obj, *xobj = X509_OBJECT_new(); |
| 522 | 541 | |
| 523 | 542 | /* Always do lookup to possibly add new CRLs to cache */ |
| 524 | if (sk == NULL || xobj == NULL || | |
| 525 | !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { | |
| 543 | if (sk == NULL | |
| 544 | || xobj == NULL | |
| 545 | || ctx->ctx == NULL | |
| 546 | || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { | |
| 526 | 547 | X509_OBJECT_free(xobj); |
| 527 | 548 | sk_X509_CRL_free(sk); |
| 528 | 549 | return NULL; |
| 615 | 636 | } |
| 616 | 637 | } |
| 617 | 638 | X509_OBJECT_free(obj); |
| 639 | ||
| 640 | if (ctx->ctx == NULL) | |
| 641 | return 0; | |
| 618 | 642 | |
| 619 | 643 | /* Else find index of first cert accepted by 'check_issued' */ |
| 620 | 644 | ret = 0; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 365 | 365 | STACK_OF(X509) *sk = NULL; |
| 366 | 366 | X509 *x; |
| 367 | 367 | int i; |
| 368 | ||
| 368 | 369 | for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { |
| 369 | 370 | x = sk_X509_value(ctx->other_ctx, i); |
| 370 | 371 | if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { |
| 372 | 373 | sk = sk_X509_new_null(); |
| 373 | 374 | if (sk == NULL || sk_X509_push(sk, x) == 0) { |
| 374 | 375 | sk_X509_pop_free(sk, X509_free); |
| 376 | X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE); | |
| 377 | ctx->error = X509_V_ERR_OUT_OF_MEM; | |
| 375 | 378 | return NULL; |
| 376 | 379 | } |
| 377 | 380 | X509_up_ref(x); |
| 0 | 0 | /* |
| 1 | * Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 83 | 83 | X509_VERIFY_PARAM *param; |
| 84 | 84 | |
| 85 | 85 | param = OPENSSL_zalloc(sizeof(*param)); |
| 86 | if (param == NULL) | |
| 86 | if (param == NULL) { | |
| 87 | X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE); | |
| 87 | 88 | return NULL; |
| 89 | } | |
| 88 | 90 | param->trust = X509_TRUST_DEFAULT; |
| 89 | /* | |
| 90 | * param->inh_flags = X509_VP_FLAG_DEFAULT; | |
| 91 | */ | |
| 92 | param->inh_flags = 0; | |
| 91 | /* param->inh_flags = X509_VP_FLAG_DEFAULT; */ | |
| 93 | 92 | param->depth = -1; |
| 94 | 93 | param->auth_level = -1; /* -1 means unset, 0 is explicit */ |
| 95 | 94 | return param; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 192 | 192 | loc = n; |
| 193 | 193 | else if (loc < 0) |
| 194 | 194 | loc = n; |
| 195 | ||
| 195 | inc = (set == 0); | |
| 196 | 196 | name->modified = 1; |
| 197 | 197 | |
| 198 | 198 | if (set == -1) { |
| 201 | 201 | inc = 1; |
| 202 | 202 | } else { |
| 203 | 203 | set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; |
| 204 | inc = 0; | |
| 205 | 204 | } |
| 206 | 205 | } else { /* if (set >= 0) */ |
| 207 | 206 | |
| 212 | 211 | set = 0; |
| 213 | 212 | } else |
| 214 | 213 | set = sk_X509_NAME_ENTRY_value(sk, loc)->set; |
| 215 | inc = (set == 0) ? 1 : 0; | |
| 216 | 214 | } |
| 217 | 215 | |
| 218 | 216 | /* |
| 219 | 217 | * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily |
| 220 | * const'ified; harmless cast as dup() don't modify its input. | |
| 218 | * const'ified; harmless cast since dup() don't modify its input. | |
| 221 | 219 | */ |
| 222 | 220 | if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) |
| 223 | 221 | goto err; |
| 229 | 227 | if (inc) { |
| 230 | 228 | n = sk_X509_NAME_ENTRY_num(sk); |
| 231 | 229 | for (i = loc + 1; i < n; i++) |
| 232 | sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; | |
| 230 | sk_X509_NAME_ENTRY_value(sk, i)->set += 1; | |
| 233 | 231 | } |
| 234 | 232 | return 1; |
| 235 | 233 | err: |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 308 | 308 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) |
| 309 | 309 | { |
| 310 | 310 | X509_CRL_INFO *inf; |
| 311 | ||
| 311 | 312 | inf = &crl->crl; |
| 312 | 313 | if (inf->revoked == NULL) |
| 313 | 314 | inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); |
| 428 | 429 | int (*crl_verify) (X509_CRL *crl, |
| 429 | 430 | EVP_PKEY *pk)) |
| 430 | 431 | { |
| 431 | X509_CRL_METHOD *m; | |
| 432 | m = OPENSSL_malloc(sizeof(*m)); | |
| 433 | if (m == NULL) | |
| 432 | X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m)); | |
| 433 | ||
| 434 | if (m == NULL) { | |
| 435 | X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE); | |
| 434 | 436 | return NULL; |
| 437 | } | |
| 435 | 438 | m->crl_init = crl_init; |
| 436 | 439 | m->crl_free = crl_free; |
| 437 | 440 | m->crl_lookup = crl_lookup; |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 299 | 299 | static int x509_name_canon(X509_NAME *a) |
| 300 | 300 | { |
| 301 | 301 | unsigned char *p; |
| 302 | STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; | |
| 302 | STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname; | |
| 303 | 303 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; |
| 304 | 304 | X509_NAME_ENTRY *entry, *tmpentry = NULL; |
| 305 | 305 | int i, set = -1, ret = 0, len; |
| 312 | 312 | return 1; |
| 313 | 313 | } |
| 314 | 314 | intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); |
| 315 | if (!intname) | |
| 315 | if (intname == NULL) { | |
| 316 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 316 | 317 | goto err; |
| 318 | } | |
| 317 | 319 | for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { |
| 318 | 320 | entry = sk_X509_NAME_ENTRY_value(a->entries, i); |
| 319 | 321 | if (entry->set != set) { |
| 320 | 322 | entries = sk_X509_NAME_ENTRY_new_null(); |
| 321 | if (!entries) | |
| 323 | if (entries == NULL) | |
| 322 | 324 | goto err; |
| 323 | 325 | if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { |
| 324 | 326 | sk_X509_NAME_ENTRY_free(entries); |
| 327 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 325 | 328 | goto err; |
| 326 | 329 | } |
| 327 | 330 | set = entry->set; |
| 328 | 331 | } |
| 329 | 332 | tmpentry = X509_NAME_ENTRY_new(); |
| 330 | if (tmpentry == NULL) | |
| 333 | if (tmpentry == NULL) { | |
| 334 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 331 | 335 | goto err; |
| 336 | } | |
| 332 | 337 | tmpentry->object = OBJ_dup(entry->object); |
| 333 | if (tmpentry->object == NULL) | |
| 338 | if (tmpentry->object == NULL) { | |
| 339 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 334 | 340 | goto err; |
| 341 | } | |
| 335 | 342 | if (!asn1_string_canon(tmpentry->value, entry->value)) |
| 336 | 343 | goto err; |
| 337 | if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) | |
| 344 | if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) { | |
| 345 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 338 | 346 | goto err; |
| 347 | } | |
| 339 | 348 | tmpentry = NULL; |
| 340 | 349 | } |
| 341 | 350 | |
| 342 | 351 | /* Finally generate encoding */ |
| 343 | ||
| 344 | 352 | len = i2d_name_canon(intname, NULL); |
| 345 | 353 | if (len < 0) |
| 346 | 354 | goto err; |
| 347 | 355 | a->canon_enclen = len; |
| 348 | 356 | |
| 349 | 357 | p = OPENSSL_malloc(a->canon_enclen); |
| 350 | ||
| 351 | if (p == NULL) | |
| 358 | if (p == NULL) { | |
| 359 | X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE); | |
| 352 | 360 | goto err; |
| 361 | } | |
| 353 | 362 | |
| 354 | 363 | a->canon_enc = p; |
| 355 | 364 | |
| 358 | 367 | ret = 1; |
| 359 | 368 | |
| 360 | 369 | err: |
| 361 | ||
| 362 | 370 | X509_NAME_ENTRY_free(tmpentry); |
| 363 | 371 | sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, |
| 364 | 372 | local_sk_X509_NAME_ENTRY_pop_free); |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 100 | 100 | |
| 101 | 101 | |
| 102 | 102 | static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) |
| 103 | { | |
| 103 | { | |
| 104 | 104 | EVP_PKEY *pkey = EVP_PKEY_new(); |
| 105 | 105 | |
| 106 | 106 | if (pkey == NULL) { |
| 0 | 0 | /* |
| 1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 188 | 188 | |
| 189 | 189 | /* Allocate requisite combined storage */ |
| 190 | 190 | *pp = tmp = OPENSSL_malloc(length); |
| 191 | if (tmp == NULL) | |
| 192 | return -1; /* Push error onto error stack? */ | |
| 191 | if (tmp == NULL) { | |
| 192 | X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE); | |
| 193 | return -1; | |
| 194 | } | |
| 193 | 195 | |
| 194 | 196 | /* Encode, but keep *pp at the originally malloced pointer */ |
| 195 | 197 | length = i2d_x509_aux_internal(a, &tmp); |
| 0 | 0 | /* |
| 1 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 25 | 25 | static int policy_cache_create(X509 *x, |
| 26 | 26 | CERTIFICATEPOLICIES *policies, int crit) |
| 27 | 27 | { |
| 28 | int i; | |
| 29 | int ret = 0; | |
| 28 | int i, ret = 0; | |
| 30 | 29 | X509_POLICY_CACHE *cache = x->policy_cache; |
| 31 | 30 | X509_POLICY_DATA *data = NULL; |
| 32 | 31 | POLICYINFO *policy; |
| 32 | ||
| 33 | 33 | if (sk_POLICYINFO_num(policies) == 0) |
| 34 | 34 | goto bad_policy; |
| 35 | 35 | cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); |
| 36 | if (cache->data == NULL) | |
| 37 | goto bad_policy; | |
| 36 | if (cache->data == NULL) { | |
| 37 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | |
| 38 | goto just_cleanup; | |
| 39 | } | |
| 38 | 40 | for (i = 0; i < sk_POLICYINFO_num(policies); i++) { |
| 39 | 41 | policy = sk_POLICYINFO_value(policies, i); |
| 40 | 42 | data = policy_data_new(policy, NULL, crit); |
| 41 | if (data == NULL) | |
| 42 | goto bad_policy; | |
| 43 | if (data == NULL) { | |
| 44 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | |
| 45 | goto just_cleanup; | |
| 46 | } | |
| 43 | 47 | /* |
| 44 | 48 | * Duplicate policy OIDs are illegal: reject if matches found. |
| 45 | 49 | */ |
| 52 | 56 | } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { |
| 53 | 57 | ret = -1; |
| 54 | 58 | goto bad_policy; |
| 55 | } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) | |
| 59 | } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) { | |
| 60 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | |
| 56 | 61 | goto bad_policy; |
| 62 | } | |
| 57 | 63 | data = NULL; |
| 58 | 64 | } |
| 59 | 65 | ret = 1; |
| 66 | ||
| 60 | 67 | bad_policy: |
| 61 | 68 | if (ret == -1) |
| 62 | 69 | x->ex_flags |= EXFLAG_INVALID_POLICY; |
| 63 | 70 | policy_data_free(data); |
| 71 | just_cleanup: | |
| 64 | 72 | sk_POLICYINFO_pop_free(policies, POLICYINFO_free); |
| 65 | 73 | if (ret <= 0) { |
| 66 | 74 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); |
| 81 | 89 | if (x->policy_cache != NULL) |
| 82 | 90 | return 1; |
| 83 | 91 | cache = OPENSSL_malloc(sizeof(*cache)); |
| 84 | if (cache == NULL) | |
| 92 | if (cache == NULL) { | |
| 93 | X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE); | |
| 85 | 94 | return 0; |
| 95 | } | |
| 86 | 96 | cache->anyPolicy = NULL; |
| 87 | 97 | cache->data = NULL; |
| 88 | 98 | cache->any_skip = -1; |
| 0 | 0 | /* |
| 1 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 39 | 39 | { |
| 40 | 40 | X509_POLICY_DATA *ret; |
| 41 | 41 | ASN1_OBJECT *id; |
| 42 | ||
| 42 | 43 | if (policy == NULL && cid == NULL) |
| 43 | 44 | return NULL; |
| 44 | 45 | if (cid) { |
| 48 | 49 | } else |
| 49 | 50 | id = NULL; |
| 50 | 51 | ret = OPENSSL_zalloc(sizeof(*ret)); |
| 51 | if (ret == NULL) | |
| 52 | if (ret == NULL) { | |
| 53 | X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); | |
| 52 | 54 | return NULL; |
| 55 | } | |
| 53 | 56 | ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); |
| 54 | 57 | if (ret->expected_policy_set == NULL) { |
| 55 | 58 | OPENSSL_free(ret); |
| 56 | 59 | ASN1_OBJECT_free(id); |
| 60 | X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE); | |
| 57 | 61 | return NULL; |
| 58 | 62 | } |
| 59 | 63 | |
| 0 | 0 | /* |
| 1 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 9 | 9 | #include <openssl/asn1.h> |
| 10 | 10 | #include <openssl/x509.h> |
| 11 | 11 | #include <openssl/x509v3.h> |
| 12 | #include <openssl/err.h> | |
| 12 | 13 | |
| 13 | 14 | #include "pcy_int.h" |
| 14 | 15 | |
| 65 | 66 | X509_POLICY_NODE *node; |
| 66 | 67 | |
| 67 | 68 | node = OPENSSL_zalloc(sizeof(*node)); |
| 68 | if (node == NULL) | |
| 69 | if (node == NULL) { | |
| 70 | X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); | |
| 69 | 71 | return NULL; |
| 72 | } | |
| 70 | 73 | node->data = data; |
| 71 | 74 | node->parent = parent; |
| 72 | 75 | if (level) { |
| 78 | 81 | |
| 79 | 82 | if (level->nodes == NULL) |
| 80 | 83 | level->nodes = policy_node_cmp_new(); |
| 81 | if (level->nodes == NULL) | |
| 84 | if (level->nodes == NULL) { | |
| 85 | X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); | |
| 82 | 86 | goto node_error; |
| 83 | if (!sk_X509_POLICY_NODE_push(level->nodes, node)) | |
| 87 | } | |
| 88 | if (!sk_X509_POLICY_NODE_push(level->nodes, node)) { | |
| 89 | X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); | |
| 84 | 90 | goto node_error; |
| 91 | } | |
| 85 | 92 | } |
| 86 | 93 | } |
| 87 | 94 | |
| 88 | 95 | if (tree) { |
| 89 | 96 | if (tree->extra_data == NULL) |
| 90 | 97 | tree->extra_data = sk_X509_POLICY_DATA_new_null(); |
| 91 | if (tree->extra_data == NULL) | |
| 98 | if (tree->extra_data == NULL){ | |
| 99 | X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); | |
| 92 | 100 | goto node_error; |
| 93 | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) | |
| 101 | } | |
| 102 | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { | |
| 103 | X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); | |
| 94 | 104 | goto node_error; |
| 105 | } | |
| 95 | 106 | } |
| 96 | 107 | |
| 97 | 108 | if (parent) |
| 0 | 0 | /* |
| 1 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 162 | 162 | return ret; |
| 163 | 163 | |
| 164 | 164 | /* If we get this far initialize the tree */ |
| 165 | if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) | |
| 165 | if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) { | |
| 166 | X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE); | |
| 166 | 167 | return X509_PCY_TREE_INTERNAL; |
| 168 | } | |
| 167 | 169 | |
| 168 | 170 | /* |
| 169 | 171 | * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. |
| 174 | 176 | */ |
| 175 | 177 | if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { |
| 176 | 178 | OPENSSL_free(tree); |
| 179 | X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE); | |
| 177 | 180 | return X509_PCY_TREE_INTERNAL; |
| 178 | 181 | } |
| 179 | 182 | tree->nlevel = n+1; |
| 0 | 0 | /* |
| 1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 143 | 143 | } |
| 144 | 144 | pol = POLICYINFO_new(); |
| 145 | 145 | if (pol == NULL) { |
| 146 | ASN1_OBJECT_free(pobj); | |
| 146 | 147 | X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); |
| 147 | ASN1_OBJECT_free(pobj); | |
| 148 | 148 | goto err; |
| 149 | 149 | } |
| 150 | 150 | pol->policyid = pobj; |
| 0 | 0 | /* |
| 1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
| 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | 3 | * |
| 4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 5 | 5 | * this file except in compliance with the License. You can obtain a copy |
| 38 | 38 | "i2s_ASN1_INTEGER"}, |
| 39 | 39 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), |
| 40 | 40 | "i2v_AUTHORITY_INFO_ACCESS"}, |
| 41 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, | |
| 41 | 42 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, |
| 42 | 43 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, |
| 44 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0), | |
| 45 | "policy_cache_create"}, | |
| 46 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0), | |
| 47 | "policy_cache_new"}, | |
| 48 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"}, | |
| 43 | 49 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"}, |
| 44 | 50 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0), |
| 45 | 51 | "process_pci_value"}, |
| 64 | 70 | "SXNET_get_id_asc"}, |
| 65 | 71 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0), |
| 66 | 72 | "SXNET_get_id_ulong"}, |
| 73 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"}, | |
| 67 | 74 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0), |
| 68 | 75 | "v2i_ASIdentifiers"}, |
| 69 | 76 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0), |
| 17 | 17 | uid Richard Levitte <levitte@openssl.org> |
| 18 | 18 | uid Richard Levitte <richard@openssl.com> |
| 19 | 19 | |
| 20 | pub 4096R/FA40E9E2 2005-03-19 | |
| 21 | Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2 | |
| 22 | uid Dr Stephen N Henson <steve@openssl.org> | |
| 23 | ||
| 24 | 20 | pub 2048R/0E604491 2013-04-30 |
| 25 | 21 | Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 |
| 22 | uid Matt Caswell <matt@openssl.org> | |
| 26 | 23 | uid Matt Caswell <frodo@baggins.org> |
| 167 | 167 | level to B<n>, which should be a number between zero and five, inclusive. |
| 168 | 168 | See L<SSL_CTX_set_security_level> for a description of what each level means. |
| 169 | 169 | |
| 170 | The cipher list can be prefixed with the B<DEFAULT> keyword, which enables | |
| 171 | the default cipher list as defined below. Unlike cipher strings, | |
| 172 | this prefix may not be combined with other strings using B<+> character. | |
| 173 | For example, B<DEFAULT+DES> is not valid. | |
| 174 | ||
| 175 | The content of the default list is determined at compile time and normally | |
| 176 | corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. | |
| 177 | ||
| 170 | 178 | =head1 CIPHER STRINGS |
| 171 | 179 | |
| 172 | 180 | The following is a list of all permitted cipher strings and their meanings. |
| 173 | 181 | |
| 174 | 182 | =over 4 |
| 175 | ||
| 176 | =item B<DEFAULT> | |
| 177 | ||
| 178 | The default cipher list. | |
| 179 | This is determined at compile time and is normally | |
| 180 | B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. | |
| 181 | When used, this must be the first cipherstring specified. | |
| 182 | 183 | |
| 183 | 184 | =item B<COMPLEMENTOFDEFAULT> |
| 184 | 185 |
| 85 | 85 | |
| 86 | 86 | =item B<-sign filename> |
| 87 | 87 | |
| 88 | Digitally sign the digest using the private key in "filename". | |
| 88 | Digitally sign the digest using the private key in "filename". Note this option | |
| 89 | does not support Ed25519 or Ed448 private keys. Use the B<pkeyutl> command | |
| 90 | instead for this. | |
| 89 | 91 | |
| 90 | 92 | =item B<-keyform arg> |
| 91 | 93 | |
| 232 | 234 | |
| 233 | 235 | =head1 COPYRIGHT |
| 234 | 236 | |
| 235 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 237 | Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 236 | 238 | |
| 237 | 239 | Licensed under the OpenSSL license (the "License"). You may not use |
| 238 | 240 | this file except in compliance with the License. You can obtain a copy |
| 62 | 62 | |
| 63 | 63 | Public key algorithm to use such as RSA, DSA or DH. If used this option must |
| 64 | 64 | precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> |
| 65 | are mutually exclusive. | |
| 65 | are mutually exclusive. Engines may add algorithms in addition to the standard | |
| 66 | built-in ones. | |
| 67 | ||
| 68 | Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, | |
| 69 | X25519, X448, ED25519 and ED448. | |
| 70 | ||
| 71 | Valid built-in algorithm names for parameter generation (see the B<-genparam> | |
| 72 | option) are DH, DSA and EC. | |
| 73 | ||
| 74 | Note that the algorithm name X9.42 DH may be used as a synonym for the DH | |
| 75 | algorithm. These are identical and do not indicate the type of parameters that | |
| 76 | will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3 | |
| 77 | or X9.42 DH parameters are required. See L<DH Parameter Generation Options> | |
| 78 | below for more details. | |
| 66 | 79 | |
| 67 | 80 | =item B<-pkeyopt opt:value> |
| 68 | 81 | |
| 69 | 82 | Set the public key algorithm option B<opt> to B<value>. The precise set of |
| 70 | 83 | options supported depends on the public key algorithm used and its |
| 71 | implementation. See B<KEY GENERATION OPTIONS> below for more details. | |
| 84 | implementation. See L<KEY GENERATION OPTIONS> and | |
| 85 | L<PARAMETER GENERATION OPTIONS> below for more details. | |
| 72 | 86 | |
| 73 | 87 | =item B<-genparam> |
| 74 | 88 | |
| 94 | 108 | |
| 95 | 109 | The options supported by each algorithm and indeed each implementation of an |
| 96 | 110 | algorithm can vary. The options for the OpenSSL implementations are detailed |
| 97 | below. | |
| 98 | ||
| 99 | =head1 RSA KEY GENERATION OPTIONS | |
| 111 | below. There are no key generation options defined for the X25519, X448, ED25519 | |
| 112 | or ED448 algorithms. | |
| 113 | ||
| 114 | =head2 RSA Key Generation Options | |
| 100 | 115 | |
| 101 | 116 | =over 4 |
| 102 | 117 | |
| 115 | 130 | |
| 116 | 131 | =back |
| 117 | 132 | |
| 118 | =head1 RSA-PSS KEY GENERATION OPTIONS | |
| 133 | =head2 RSA-PSS Key Generation Options | |
| 119 | 134 | |
| 120 | 135 | Note: by default an B<RSA-PSS> key has no parameter restrictions. |
| 121 | 136 | |
| 122 | 137 | =over 4 |
| 123 | 138 | |
| 124 | =item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value> | |
| 125 | ||
| 126 | These options have the same meaning as the B<RSA> algorithm. | |
| 127 | ||
| 128 | =item B<rsa_pss_keygen_md:digest> | |
| 129 | ||
| 130 | =item B<rsa_keygen_pubexp:value> | |
| 131 | ||
| 132 | The RSA public exponent value. This can be a large decimal or | |
| 133 | hexadecimal value if preceded by B<0x>. Default value is 65537. | |
| 134 | ||
| 135 | =back | |
| 136 | ||
| 137 | =head1 RSA-PSS KEY GENERATION OPTIONS | |
| 138 | ||
| 139 | Note: by default an B<RSA-PSS> key has no parameter restrictions. | |
| 140 | ||
| 141 | =over 4 | |
| 142 | ||
| 143 | =item B<rsa_keygen_bits:numbits>, B<rsa_keygen_pubexp:value> | |
| 139 | =item B<rsa_keygen_bits:numbits>, B<rsa_keygen_primes:numprimes>, B<rsa_keygen_pubexp:value> | |
| 144 | 140 | |
| 145 | 141 | These options have the same meaning as the B<RSA> algorithm. |
| 146 | 142 | |
| 159 | 155 | |
| 160 | 156 | =back |
| 161 | 157 | |
| 162 | =head1 DSA PARAMETER GENERATION OPTIONS | |
| 158 | =head2 EC Key Generation Options | |
| 159 | ||
| 160 | The EC key generation options can also be used for parameter generation. | |
| 161 | ||
| 162 | =over 4 | |
| 163 | ||
| 164 | =item B<ec_paramgen_curve:curve> | |
| 165 | ||
| 166 | The EC curve to use. OpenSSL supports NIST curve names such as "P-256". | |
| 167 | ||
| 168 | =item B<ec_param_enc:encoding> | |
| 169 | ||
| 170 | The encoding to use for parameters. The "encoding" parameter must be either | |
| 171 | "named_curve" or "explicit". The default value is "named_curve". | |
| 172 | ||
| 173 | =back | |
| 174 | ||
| 175 | =head1 PARAMETER GENERATION OPTIONS | |
| 176 | ||
| 177 | The options supported by each algorithm and indeed each implementation of an | |
| 178 | algorithm can vary. The options for the OpenSSL implementations are detailed | |
| 179 | below. | |
| 180 | ||
| 181 | =head2 DSA Parameter Generation Options | |
| 163 | 182 | |
| 164 | 183 | =over 4 |
| 165 | 184 | |
| 166 | 185 | =item B<dsa_paramgen_bits:numbits> |
| 167 | 186 | |
| 168 | The number of bits in the generated parameters. If not specified 1024 is used. | |
| 169 | ||
| 170 | =back | |
| 171 | ||
| 172 | =head1 DH PARAMETER GENERATION OPTIONS | |
| 187 | The number of bits in the generated prime. If not specified 1024 is used. | |
| 188 | ||
| 189 | =item B<dsa_paramgen_q_bits:numbits> | |
| 190 | ||
| 191 | The number of bits in the q parameter. Must be one of 160, 224 or 256. If not | |
| 192 | specified 160 is used. | |
| 193 | ||
| 194 | =item B<dsa_paramgen_md:digest> | |
| 195 | ||
| 196 | The digest to use during parameter generation. Must be one of B<sha1>, B<sha224> | |
| 197 | or B<sha256>. If set, then the number of bits in B<q> will match the output size | |
| 198 | of the specified digest and the B<dsa_paramgen_q_bits> parameter will be | |
| 199 | ignored. If not set, then a digest will be used that gives an output matching | |
| 200 | the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224 | |
| 201 | or B<sha256> if it is 256. | |
| 202 | ||
| 203 | =back | |
| 204 | ||
| 205 | =head2 DH Parameter Generation Options | |
| 173 | 206 | |
| 174 | 207 | =over 4 |
| 175 | 208 | |
| 176 | 209 | =item B<dh_paramgen_prime_len:numbits> |
| 177 | 210 | |
| 178 | The number of bits in the prime parameter B<p>. | |
| 211 | The number of bits in the prime parameter B<p>. The default is 1024. | |
| 212 | ||
| 213 | =item B<dh_paramgen_subprime_len:numbits> | |
| 214 | ||
| 215 | The number of bits in the sub prime parameter B<q>. The default is 256 if the | |
| 216 | prime is at least 2048 bits long or 160 otherwise. Only relevant if used in | |
| 217 | conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters. | |
| 179 | 218 | |
| 180 | 219 | =item B<dh_paramgen_generator:value> |
| 181 | 220 | |
| 182 | The value to use for the generator B<g>. | |
| 221 | The value to use for the generator B<g>. The default is 2. | |
| 222 | ||
| 223 | =item B<dh_paramgen_type:value> | |
| 224 | ||
| 225 | The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. | |
| 226 | The default is 0. | |
| 183 | 227 | |
| 184 | 228 | =item B<dh_rfc5114:num> |
| 185 | 229 | |
| 186 | If this option is set then the appropriate RFC5114 parameters are used | |
| 230 | If this option is set, then the appropriate RFC5114 parameters are used | |
| 187 | 231 | instead of generating new parameters. The value B<num> can take the |
| 188 | 232 | values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of |
| 189 | 233 | 1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup |
| 190 | 234 | and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections |
| 191 | 2.1, 2.2 and 2.3 respectively. | |
| 192 | ||
| 193 | =back | |
| 194 | ||
| 195 | =head1 EC PARAMETER GENERATION OPTIONS | |
| 196 | ||
| 197 | The EC parameter generation options below can also | |
| 198 | be supplied as EC key generation options. This can (for example) generate a | |
| 199 | key from a named curve without the need to use an explicit parameter file. | |
| 200 | ||
| 201 | =over 4 | |
| 202 | ||
| 203 | =item B<ec_paramgen_curve:curve> | |
| 204 | ||
| 205 | The EC curve to use. OpenSSL supports NIST curve names such as "P-256". | |
| 206 | ||
| 207 | =item B<ec_param_enc:encoding> | |
| 208 | ||
| 209 | The encoding to use for parameters. The "encoding" parameter must be either | |
| 210 | "named_curve" or "explicit". | |
| 211 | ||
| 212 | =back | |
| 213 | ||
| 214 | =head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS | |
| 215 | ||
| 216 | Gost 2001 support is not enabled by default. To enable this algorithm, | |
| 217 | one should load the ccgost engine in the OpenSSL configuration file. | |
| 218 | See README.gost file in the engines/ccgost directory of the source | |
| 219 | distribution for more details. | |
| 220 | ||
| 221 | Use of a parameter file for the GOST R 34.10 algorithm is optional. | |
| 222 | Parameters can be specified during key generation directly as well as | |
| 223 | during generation of parameter file. | |
| 224 | ||
| 225 | =over 4 | |
| 226 | ||
| 227 | =item B<paramset:name> | |
| 228 | ||
| 229 | Specifies GOST R 34.10-2001 parameter set according to RFC 4357. | |
| 230 | Parameter set can be specified using abbreviated name, object short name or | |
| 231 | numeric OID. Following parameter sets are supported: | |
| 232 | ||
| 233 | paramset OID Usage | |
| 234 | A 1.2.643.2.2.35.1 Signature | |
| 235 | B 1.2.643.2.2.35.2 Signature | |
| 236 | C 1.2.643.2.2.35.3 Signature | |
| 237 | XA 1.2.643.2.2.36.0 Key exchange | |
| 238 | XB 1.2.643.2.2.36.1 Key exchange | |
| 239 | test 1.2.643.2.2.35.0 Test purposes | |
| 240 | ||
| 241 | =back | |
| 242 | ||
| 243 | =head1 X25519 and X448 KEY GENERATION OPTIONS | |
| 244 | ||
| 245 | The X25519 and X448 algorithms do not currently support any key generation | |
| 235 | 2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter | |
| 246 | 236 | options. |
| 237 | ||
| 238 | =back | |
| 239 | ||
| 240 | =head2 EC Parameter Generation Options | |
| 241 | ||
| 242 | The EC parameter generation options are the same as for key generation. See | |
| 243 | L<EC Key Generation Options> above. | |
| 247 | 244 | |
| 248 | 245 | =head1 NOTES |
| 249 | 246 | |
| 266 | 263 | openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ |
| 267 | 264 | -pkeyopt rsa_keygen_pubexp:3 |
| 268 | 265 | |
| 269 | Generate 1024 bit DSA parameters: | |
| 266 | Generate 2048 bit DSA parameters: | |
| 270 | 267 | |
| 271 | 268 | openssl genpkey -genparam -algorithm DSA -out dsap.pem \ |
| 272 | -pkeyopt dsa_paramgen_bits:1024 | |
| 269 | -pkeyopt dsa_paramgen_bits:2048 | |
| 273 | 270 | |
| 274 | 271 | Generate DSA key from parameters: |
| 275 | 272 | |
| 276 | 273 | openssl genpkey -paramfile dsap.pem -out dsakey.pem |
| 277 | 274 | |
| 278 | Generate 1024 bit DH parameters: | |
| 275 | Generate 2048 bit DH parameters: | |
| 279 | 276 | |
| 280 | 277 | openssl genpkey -genparam -algorithm DH -out dhp.pem \ |
| 281 | -pkeyopt dh_paramgen_prime_len:1024 | |
| 278 | -pkeyopt dh_paramgen_prime_len:2048 | |
| 279 | ||
| 280 | Generate 2048 bit X9.42 DH parameters: | |
| 281 | ||
| 282 | openssl genpkey -genparam -algorithm DH -out dhpx.pem \ | |
| 283 | -pkeyopt dh_paramgen_prime_len:2048 \ | |
| 284 | -pkeyopt dh_paramgen_type:1 | |
| 282 | 285 | |
| 283 | 286 | Output RFC5114 2048 bit DH parameters with 224 bit subgroup: |
| 284 | 287 | |
| 308 | 311 | |
| 309 | 312 | openssl genpkey -algorithm X25519 -out xkey.pem |
| 310 | 313 | |
| 314 | Generate an ED448 private key: | |
| 315 | ||
| 316 | openssl genpkey -algorithm ED448 -out xkey.pem | |
| 317 | ||
| 311 | 318 | =head1 HISTORY |
| 312 | 319 | |
| 313 | 320 | The ability to use NIST curve names, and to generate an EC key directly, |
| 314 | were added in OpenSSL 1.0.2. | |
| 321 | were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in | |
| 322 | OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in | |
| 323 | OpenSSL 1.1.1. | |
| 315 | 324 | |
| 316 | 325 | =head1 COPYRIGHT |
| 317 | 326 | |
| 289 | 289 | |
| 290 | 290 | =over 4 |
| 291 | 291 | |
| 292 | =item B<blake2b512> | |
| 293 | ||
| 294 | BLAKE2b-512 Digest | |
| 295 | ||
| 296 | =item B<blake2s256> | |
| 297 | ||
| 298 | BLAKE2s-256 Digest | |
| 299 | ||
| 292 | 300 | =item B<md2> |
| 293 | 301 | |
| 294 | 302 | MD2 Digest |
| 295 | 303 | |
| 304 | =item B<md4> | |
| 305 | ||
| 306 | MD4 Digest | |
| 307 | ||
| 296 | 308 | =item B<md5> |
| 297 | 309 | |
| 298 | 310 | MD5 Digest |
| 305 | 317 | |
| 306 | 318 | RMD-160 Digest |
| 307 | 319 | |
| 308 | =item B<sha> | |
| 309 | ||
| 310 | SHA Digest | |
| 311 | ||
| 312 | 320 | =item B<sha1> |
| 313 | 321 | |
| 314 | 322 | SHA-1 Digest |
| 315 | 323 | |
| 316 | 324 | =item B<sha224> |
| 317 | 325 | |
| 318 | SHA-224 Digest | |
| 326 | SHA-2 224 Digest | |
| 319 | 327 | |
| 320 | 328 | =item B<sha256> |
| 321 | 329 | |
| 322 | SHA-256 Digest | |
| 330 | SHA-2 256 Digest | |
| 323 | 331 | |
| 324 | 332 | =item B<sha384> |
| 325 | 333 | |
| 326 | SHA-384 Digest | |
| 334 | SHA-2 384 Digest | |
| 327 | 335 | |
| 328 | 336 | =item B<sha512> |
| 329 | 337 | |
| 330 | SHA-512 Digest | |
| 338 | SHA-2 512 Digest | |
| 339 | ||
| 340 | =item B<sha3-224> | |
| 341 | ||
| 342 | SHA-3 224 Digest | |
| 343 | ||
| 344 | =item B<sha3-256> | |
| 345 | ||
| 346 | SHA-3 256 Digest | |
| 347 | ||
| 348 | =item B<sha3-384> | |
| 349 | ||
| 350 | SHA-3 384 Digest | |
| 351 | ||
| 352 | =item B<sha3-512> | |
| 353 | ||
| 354 | SHA-3 512 Digest | |
| 355 | ||
| 356 | =item B<shake128> | |
| 357 | ||
| 358 | SHA-3 SHAKE128 Digest | |
| 359 | ||
| 360 | =item B<shake256> | |
| 361 | ||
| 362 | SHA-3 SHAKE256 Digest | |
| 363 | ||
| 364 | =item B<sm3> | |
| 365 | ||
| 366 | SM3 Digest | |
| 331 | 367 | |
| 332 | 368 | =back |
| 333 | 369 | |
| 98 | 98 | Do not remove existing links. |
| 99 | 99 | This is needed when keeping new and old-style links in the same directory. |
| 100 | 100 | |
| 101 | =item B<-compat> | |
| 102 | ||
| 103 | Generate links for both old-style (MD5) and new-style (SHA1) hashing. | |
| 104 | This allows releases before 1.0.0 to use these links along-side newer | |
| 105 | releases. | |
| 106 | ||
| 101 | 107 | =item B<-v> |
| 102 | 108 | |
| 103 | 109 | Print messages about old links removed and new links created. |
| 129 | 135 | |
| 130 | 136 | =head1 COPYRIGHT |
| 131 | 137 | |
| 132 | Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 138 | Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 133 | 139 | |
| 134 | 140 | Licensed under the OpenSSL license (the "License"). You may not use |
| 135 | 141 | this file except in compliance with the License. You can obtain a copy |
| 332 | 332 | |
| 333 | 333 | =item B<-showcerts> |
| 334 | 334 | |
| 335 | Display the whole server certificate chain: normally only the server | |
| 336 | certificate itself is displayed. | |
| 335 | Displays the server certificate list as sent by the server: it only consists of | |
| 336 | certificates the server has sent (in the order the server has sent them). It is | |
| 337 | B<not> a verified chain. | |
| 337 | 338 | |
| 338 | 339 | =item B<-prexit> |
| 339 | 340 | |
| 694 | 695 | on the command line is no guarantee that the certificate works. |
| 695 | 696 | |
| 696 | 697 | If there are problems verifying a server certificate then the |
| 697 | B<-showcerts> option can be used to show the whole chain. | |
| 698 | B<-showcerts> option can be used to show all the certificates sent by the | |
| 699 | server. | |
| 698 | 700 | |
| 699 | 701 | The B<s_client> utility is a test tool and is designed to continue the |
| 700 | 702 | handshake after any certificate verification errors. As a result it will |
| 567 | 567 | =item B<OPENSSL_ENGINES> |
| 568 | 568 | |
| 569 | 569 | The path to the engines directory. |
| 570 | Ignored in set-user-ID and set-group-ID programs. | |
| 570 | 571 | |
| 571 | 572 | =back |
| 572 | 573 |
| 25 | 25 | ENGINE B<e> and private key B<pkey>. B<ctx> must be created with |
| 26 | 26 | EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the |
| 27 | 27 | EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can |
| 28 | be used to set alternative signing options. | |
| 28 | be used to set alternative signing options. The digest B<type> may be NULL if | |
| 29 | the signing algorithm supports it. | |
| 30 | ||
| 31 | Only EVP_PKEY types that support signing can be used with these functions. This | |
| 32 | includes MAC algorithms where the MAC generation is considered as a form of | |
| 33 | "signing." Built-in EVP_PKEY types supported by these functions are CMAC, | |
| 34 | Poly1305, DSA, ECDSA, HMAC, RSA, SipHash, Ed25519 and Ed448. | |
| 35 | ||
| 36 | Not all digests can be used for all key types. The following combinations apply. | |
| 37 | ||
| 38 | =over 4 | |
| 39 | ||
| 40 | =item DSA | |
| 41 | ||
| 42 | Supports SHA1, SHA224, SHA256, SHA384 and SHA512 | |
| 43 | ||
| 44 | =item ECDSA | |
| 45 | ||
| 46 | Supports SHA1, SHA224, SHA256, SHA384, SHA512 and SM3 | |
| 47 | ||
| 48 | =item RSA with no padding | |
| 49 | ||
| 50 | Supports no digests (the digest B<type> must be NULL) | |
| 51 | ||
| 52 | =item RSA with X931 padding | |
| 53 | ||
| 54 | Supports SHA1, SHA256, SHA384 and SHA512 | |
| 55 | ||
| 56 | =item All other RSA padding types | |
| 57 | ||
| 58 | Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, | |
| 59 | SHA3-224, SHA3-256, SHA3-384, SHA3-512 | |
| 60 | ||
| 61 | =item Ed25519 and Ed448 | |
| 62 | ||
| 63 | Support no digests (the digest B<type> must be NULL) | |
| 64 | ||
| 65 | =item HMAC | |
| 66 | ||
| 67 | Supports any digest | |
| 68 | ||
| 69 | =item CMAC, Poly1305 and SipHash | |
| 70 | ||
| 71 | Will ignore any digest provided. | |
| 72 | ||
| 73 | =back | |
| 74 | ||
| 75 | If RSA-PSS is used and restrictions apply then the digest must match. | |
| 29 | 76 | |
| 30 | 77 | EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the |
| 31 | 78 | signature context B<ctx>. This function can be called several times on the |
| 76 | 123 | EVP_DigestSignFinal() can be called later to digest and sign additional data. |
| 77 | 124 | |
| 78 | 125 | Since only a copy of the digest context is ever finalized the context must |
| 79 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | |
| 126 | be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak | |
| 80 | 127 | will occur. |
| 81 | 128 | |
| 82 | 129 | The use of EVP_PKEY_size() with these functions is discouraged because some |
| 99 | 146 | |
| 100 | 147 | =head1 COPYRIGHT |
| 101 | 148 | |
| 102 | Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 149 | Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 103 | 150 | |
| 104 | 151 | Licensed under the OpenSSL license (the "License"). You may not use |
| 105 | 152 | this file except in compliance with the License. You can obtain a copy |
| 75 | 75 | be called later to digest and verify additional data. |
| 76 | 76 | |
| 77 | 77 | Since only a copy of the digest context is ever finalized the context must |
| 78 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | |
| 78 | be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak | |
| 79 | 79 | will occur. |
| 80 | 80 | |
| 81 | 81 | =head1 SEE ALSO |
| 93 | 93 | |
| 94 | 94 | =head1 COPYRIGHT |
| 95 | 95 | |
| 96 | Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 96 | Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 97 | 97 | |
| 98 | 98 | Licensed under the OpenSSL license (the "License"). You may not use |
| 99 | 99 | this file except in compliance with the License. You can obtain a copy |
| 0 | =pod | |
| 1 | ||
| 2 | =head1 NAME | |
| 3 | ||
| 4 | EVP_PKEY_CTX_set1_pbe_pass | |
| 5 | - generic KDF support functions | |
| 6 | ||
| 7 | =head1 SYNOPSIS | |
| 8 | ||
| 9 | #include <openssl/kdf.h> | |
| 10 | ||
| 11 | int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, | |
| 12 | int passlen); | |
| 13 | ||
| 14 | =head1 DESCRIPTION | |
| 15 | ||
| 16 | These functions are generic support functions for all KDF algorithms. | |
| 17 | ||
| 18 | EVP_PKEY_CTX_set1_pbe_pass() sets the password to the B<passlen> first | |
| 19 | bytes from B<pass>. | |
| 20 | ||
| 21 | =begin comment | |
| 22 | ||
| 23 | We really should have a few more, such as EVP_PKEY_CTX_set1_kdf_salt, | |
| 24 | EVP_PKEY_CTX_set1_kdf_key (to be used by the algorithms that use a | |
| 25 | key, such as hkdf), EVP_PKEY_CTX_set1_kdf_md (same thing here). | |
| 26 | ||
| 27 | =end comment | |
| 28 | ||
| 29 | =head1 STRING CTRLS | |
| 30 | ||
| 31 | There is also support for string based control operations via | |
| 32 | L<EVP_PKEY_CTX_ctrl_str(3)>. | |
| 33 | The B<password> can be directly specified using the B<type> parameter | |
| 34 | "pass" or given in hex encoding using the "hexpass" parameter. | |
| 35 | ||
| 36 | =begin comment | |
| 37 | ||
| 38 | Just as for the function description, the strings "salt", "hexsalt", | |
| 39 | "key", "hexkey" and "md" should be generically specified, and | |
| 40 | supported by the algorithms that use them. | |
| 41 | ||
| 42 | =end comment | |
| 43 | ||
| 44 | =head1 NOTES | |
| 45 | ||
| 46 | All these functions are implemented as macros. | |
| 47 | ||
| 48 | =head1 RETURN VALUES | |
| 49 | ||
| 50 | All these functions return 1 for success and 0 or a negative value for failure. | |
| 51 | In particular a return value of -2 indicates the operation is not supported by | |
| 52 | the public key algorithm. | |
| 53 | ||
| 54 | =head1 SEE ALSO | |
| 55 | ||
| 56 | L<EVP_PKEY_CTX_new(3)>, | |
| 57 | L<EVP_PKEY_CTX_ctrl_str(3)>, | |
| 58 | L<EVP_PKEY_derive(3)> | |
| 59 | ||
| 60 | =head1 COPYRIGHT | |
| 61 | ||
| 62 | Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 63 | ||
| 64 | Licensed under the OpenSSL license (the "License"). You may not use | |
| 65 | this file except in compliance with the License. You can obtain a copy | |
| 66 | in the file LICENSE in the source distribution or at | |
| 67 | L<https://www.openssl.org/source/license.html>. | |
| 68 | ||
| 69 | =cut |
| 0 | =pod | |
| 1 | ||
| 2 | =head1 NAME | |
| 3 | ||
| 4 | EVP_PKEY_CTX_set_rsa_pss_keygen_md, | |
| 5 | EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, | |
| 6 | EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen | |
| 7 | - EVP_PKEY RSA-PSS algorithm support functions | |
| 8 | ||
| 9 | =head1 SYNOPSIS | |
| 10 | ||
| 11 | #include <openssl/rsa.h> | |
| 12 | ||
| 13 | int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, | |
| 14 | const EVP_MD *md); | |
| 15 | int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, | |
| 16 | const EVP_MD *md); | |
| 17 | int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, | |
| 18 | int saltlen); | |
| 19 | ||
| 20 | =head1 DESCRIPTION | |
| 21 | ||
| 22 | These are the functions that implement L<RSA-PSS(7)>. | |
| 23 | ||
| 24 | =head2 Signing and Verification | |
| 25 | ||
| 26 | The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is | |
| 27 | returned if an attempt is made to set the padding mode to anything other | |
| 28 | than B<PSS>. It is otherwise similar to the B<RSA> version. | |
| 29 | ||
| 30 | The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. | |
| 31 | If the key has usage restrictions then an error is returned if an attempt is | |
| 32 | made to set the salt length below the minimum value. It is otherwise similar | |
| 33 | to the B<RSA> operation except detection of the salt length (using | |
| 34 | RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has | |
| 35 | usage restrictions. | |
| 36 | ||
| 37 | The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros | |
| 38 | are used to set the digest and MGF1 algorithms respectively. If the key has | |
| 39 | usage restrictions then an error is returned if an attempt is made to set the | |
| 40 | digest to anything other than the restricted value. Otherwise these are | |
| 41 | similar to the B<RSA> versions. | |
| 42 | ||
| 43 | =head2 Key Generation | |
| 44 | ||
| 45 | As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() | |
| 46 | and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: | |
| 47 | they have exactly the same meaning as for the RSA algorithm. | |
| 48 | ||
| 49 | Optional parameter restrictions can be specified when generating a PSS key. | |
| 50 | If any restrictions are set (using the macros described below) then B<all> | |
| 51 | parameters are restricted. For example, setting a minimum salt length also | |
| 52 | restricts the digest and MGF1 algorithms. If any restrictions are in place | |
| 53 | then they are reflected in the corresponding parameters of the public key | |
| 54 | when (for example) a certificate request is signed. | |
| 55 | ||
| 56 | EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the | |
| 57 | generated key can use to B<md>. | |
| 58 | ||
| 59 | EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the | |
| 60 | generated key can use to B<md>. | |
| 61 | ||
| 62 | EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length | |
| 63 | to B<saltlen>. | |
| 64 | ||
| 65 | =head1 NOTES | |
| 66 | ||
| 67 | A context for the B<RSA-PSS> algorithm can be obtained by calling: | |
| 68 | ||
| 69 | EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); | |
| 70 | ||
| 71 | =head1 RETURN VALUES | |
| 72 | ||
| 73 | All these functions return 1 for success and 0 or a negative value for failure. | |
| 74 | In particular a return value of -2 indicates the operation is not supported by | |
| 75 | the public key algorithm. | |
| 76 | ||
| 77 | =head1 SEE ALSO | |
| 78 | ||
| 79 | L<RSA-PSS(7)>, | |
| 80 | L<EVP_PKEY_CTX_new(3)>, | |
| 81 | L<EVP_PKEY_CTX_ctrl_str(3)>, | |
| 82 | L<EVP_PKEY_derive(3)> | |
| 83 | ||
| 84 | =head1 COPYRIGHT | |
| 85 | ||
| 86 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 87 | ||
| 88 | Licensed under the OpenSSL license (the "License"). You may not use | |
| 89 | this file except in compliance with the License. You can obtain a copy | |
| 90 | in the file LICENSE in the source distribution or at | |
| 91 | L<https://www.openssl.org/source/license.html>. | |
| 92 | ||
| 93 | =cut |
| 0 | =pod | |
| 1 | ||
| 2 | =head1 NAME | |
| 3 | ||
| 4 | EVP_PKEY_CTX_set1_scrypt_salt, | |
| 5 | EVP_PKEY_CTX_set_scrypt_N, | |
| 6 | EVP_PKEY_CTX_set_scrypt_r, | |
| 7 | EVP_PKEY_CTX_set_scrypt_p, | |
| 8 | EVP_PKEY_CTX_set_scrypt_maxmem_bytes | |
| 9 | - EVP_PKEY scrypt KDF support functions | |
| 10 | ||
| 11 | =head1 SYNOPSIS | |
| 12 | ||
| 13 | #include <openssl/kdf.h> | |
| 14 | ||
| 15 | int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, | |
| 16 | int saltlen); | |
| 17 | ||
| 18 | int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); | |
| 19 | ||
| 20 | int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); | |
| 21 | ||
| 22 | int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); | |
| 23 | ||
| 24 | int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, | |
| 25 | uint64_t maxmem); | |
| 26 | ||
| 27 | =head1 DESCRIPTION | |
| 28 | ||
| 29 | These functions are used to set up the necessary data to use the | |
| 30 | scrypt KDF. | |
| 31 | For more information on scrypt, see L<scrypt(7)>. | |
| 32 | ||
| 33 | EVP_PKEY_CTX_set1_scrypt_salt() sets the B<saltlen> bytes long salt | |
| 34 | value. | |
| 35 | ||
| 36 | EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and | |
| 37 | EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p. | |
| 38 | ||
| 39 | EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key | |
| 40 | derivation may maximally use, given in bytes. | |
| 41 | If RAM is exceeded because the load factors are chosen too high, the | |
| 42 | key derivation will fail. | |
| 43 | ||
| 44 | =head1 STRING CTRLS | |
| 45 | ||
| 46 | scrypt also supports string based control operations via | |
| 47 | L<EVP_PKEY_CTX_ctrl_str(3)>. | |
| 48 | Similarly, the B<salt> can either be specified using the B<type> | |
| 49 | parameter "salt" or in hex encoding by using the "hexsalt" parameter. | |
| 50 | The work factors B<N>, B<r> and B<p> as well as B<maxmem_bytes> can be | |
| 51 | set by using the parameters "N", "r", "p" and "maxmem_bytes", | |
| 52 | respectively. | |
| 53 | ||
| 54 | =head1 NOTES | |
| 55 | ||
| 56 | The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as | |
| 57 | the value from the string controls "pass" and "hexpass". | |
| 58 | See L<EVP_PKEY_CTX_set1_pbe_pass(3)>. | |
| 59 | ||
| 60 | All the functions described here are implemented as macros. | |
| 61 | ||
| 62 | =head1 RETURN VALUES | |
| 63 | ||
| 64 | All these functions return 1 for success and 0 or a negative value for | |
| 65 | failure. | |
| 66 | In particular a return value of -2 indicates the operation is not | |
| 67 | supported by the public key algorithm. | |
| 68 | ||
| 69 | =head1 SEE ALSO | |
| 70 | ||
| 71 | L<scrypt(7)>, | |
| 72 | L<EVP_PKEY_CTX_new(3)>, | |
| 73 | L<EVP_PKEY_CTX_ctrl_str(3)>, | |
| 74 | L<EVP_PKEY_derive(3)> | |
| 75 | ||
| 76 | =head1 COPYRIGHT | |
| 77 | ||
| 78 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 79 | ||
| 80 | Licensed under the OpenSSL license (the "License"). You may not use | |
| 81 | this file except in compliance with the License. You can obtain a copy | |
| 82 | in the file LICENSE in the source distribution or at | |
| 83 | L<https://www.openssl.org/source/license.html>. | |
| 84 | ||
| 85 | =cut |
| 74 | 74 | later to digest and sign additional data. |
| 75 | 75 | |
| 76 | 76 | Since only a copy of the digest context is ever finalized the context must |
| 77 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | |
| 77 | be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak | |
| 78 | 78 | will occur. |
| 79 | 79 | |
| 80 | 80 | =head1 BUGS |
| 56 | 56 | later to digest and verify additional data. |
| 57 | 57 | |
| 58 | 58 | Since only a copy of the digest context is ever finalized the context must |
| 59 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | |
| 59 | be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak | |
| 60 | 60 | will occur. |
| 61 | 61 | |
| 62 | 62 | =head1 BUGS |
| 45 | 45 | number was therefore 0x0090581f. |
| 46 | 46 | |
| 47 | 47 | OpenSSL_version_num() returns the version number. |
| 48 | ||
| 49 | The macro OPENSSL_VERSION_AT_LEAST(major,minor) can be used at compile | |
| 50 | time test if the current version is at least as new as the version provided. | |
| 51 | The arguments major, minor and fix correspond to the version information | |
| 52 | as given above. | |
| 53 | 48 | |
| 54 | 49 | OpenSSL_version() returns different strings depending on B<t>: |
| 55 | 50 |
| 47 | 47 | ENGINE control operations because they can be performed by editing a |
| 48 | 48 | configuration file. |
| 49 | 49 | |
| 50 | =head1 ENVIRONMENT | |
| 51 | ||
| 52 | =over 4 | |
| 53 | ||
| 54 | =item B<OPENSSL_CONF> | |
| 55 | ||
| 56 | The path to the config file. | |
| 57 | Ignored in set-user-ID and set-group-ID programs. | |
| 58 | ||
| 59 | =back | |
| 60 | ||
| 50 | 61 | =head1 RETURN VALUES |
| 51 | 62 | |
| 52 | 63 | Neither OPENSSL_config() nor OPENSSL_no_config() return a value. |
| 63 | 74 | |
| 64 | 75 | =head1 COPYRIGHT |
| 65 | 76 | |
| 66 | Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 77 | Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 67 | 78 | |
| 68 | 79 | Licensed under the OpenSSL license (the "License"). You may not use |
| 69 | 80 | this file except in compliance with the License. You can obtain a copy |
| 29 | 29 | functions as the OpenSSL library will do so automatically. |
| 30 | 30 | |
| 31 | 31 | L<OPENSSL_init_crypto(3)> will register these functions with the appropriate |
| 32 | hander, when the B<OPENSSL_INIT_ATFORK> flag is used. For other | |
| 32 | handler, when the B<OPENSSL_INIT_ATFORK> flag is used. For other | |
| 33 | 33 | applications, these functions can be called directly. They should be used |
| 34 | 34 | according to the calling sequence described by the pthreads_atfork(3) |
| 35 | 35 | documentation, which is summarized here. OPENSSL_fork_prepare() should |
| 94 | 94 | =item OPENSSL_INIT_LOAD_CONFIG |
| 95 | 95 | |
| 96 | 96 | With this option an OpenSSL configuration file will be automatically loaded and |
| 97 | used by calling OPENSSL_config(). This is not a default option. | |
| 98 | See the description of OPENSSL_INIT_new(), below. | |
| 97 | used by calling OPENSSL_config(). This is not a default option for libcrypto. | |
| 98 | From OpenSSL 1.1.1 this is a default option for libssl (see | |
| 99 | L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the | |
| 100 | description of OPENSSL_INIT_new(), below. | |
| 99 | 101 | |
| 100 | 102 | =item OPENSSL_INIT_NO_LOAD_CONFIG |
| 101 | 103 | |
| 138 | 140 | With this option the library will automatically load and initialise the |
| 139 | 141 | padlock engine (if available). This not a default option. |
| 140 | 142 | |
| 141 | =item OPENSSL_INIT_ENGINE_DASYNC | |
| 142 | ||
| 143 | With this option the library will automatically load and initialise the | |
| 144 | DASYNC engine. This not a default option. | |
| 143 | =item OPENSSL_INIT_ENGINE_AFALG | |
| 144 | ||
| 145 | With this option the library will automatically load and initialise the | |
| 146 | AFALG engine. This not a default option. | |
| 145 | 147 | |
| 146 | 148 | =item OPENSSL_INIT_ENGINE_ALL_BUILTIN |
| 147 | 149 | |
| 148 | 150 | With this option the library will automatically load and initialise all the |
| 149 | built in engines listed above with the exception of the openssl and dasync | |
| 151 | built in engines listed above with the exception of the openssl and afalg | |
| 150 | 152 | engines. This not a default option. |
| 151 | 153 | |
| 152 | 154 | =item OPENSSL_INIT_ATFORK |
| 194 | 196 | described in the NOTES section below. |
| 195 | 197 | |
| 196 | 198 | The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration |
| 197 | file. To specify a different file, an B<OPENSSL_INIT_SETTINGS> must | |
| 198 | be created and used. The routines | |
| 199 | OPENSSL_INIT_new() and OPENSSL_INIT_set_config_appname() can be used to | |
| 200 | allocate the object and set the application name, and then the | |
| 199 | file. For optional configuration file settings, an B<OPENSSL_INIT_SETTINGS> | |
| 200 | must be created and used. | |
| 201 | The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can | |
| 202 | be used to allocate the object and set the application name, and then the | |
| 201 | 203 | object can be released with OPENSSL_INIT_free() when done. |
| 202 | 204 | |
| 203 | 205 | =head1 NOTES |
| 239 | 241 | |
| 240 | 242 | =head1 COPYRIGHT |
| 241 | 243 | |
| 242 | Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 244 | Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 243 | 245 | |
| 244 | 246 | Licensed under the OpenSSL license (the "License"). You may not use |
| 245 | 247 | this file except in compliance with the License. You can obtain a copy |
| 77 | 77 | int CRYPTO_mem_debug_push(const char *info, const char *file, int line); |
| 78 | 78 | int CRYPTO_mem_debug_pop(void); |
| 79 | 79 | |
| 80 | void CRYPTO_mem_leaks(BIO *b); | |
| 81 | void CRYPTO_mem_leaks_fp(FILE *fp); | |
| 82 | void CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), | |
| 83 | void *u); | |
| 80 | int CRYPTO_mem_leaks(BIO *b); | |
| 81 | int CRYPTO_mem_leaks_fp(FILE *fp); | |
| 82 | int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), | |
| 83 | void *u); | |
| 84 | 84 | |
| 85 | 85 | =head1 DESCRIPTION |
| 86 | 86 | |
| 215 | 215 | CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() |
| 216 | 216 | return no value. |
| 217 | 217 | |
| 218 | CRYPTO_mem_leaks() and CRYPTO_mem_leaks_fp() return 1 if there | |
| 219 | are no leaks, 0 if there are leaks and -1 if an error occurred. | |
| 218 | CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if | |
| 219 | there are no leaks, 0 if there are leaks and -1 if an error occurred. | |
| 220 | 220 | |
| 221 | 221 | OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), |
| 222 | 222 | OPENSSL_clear_realloc(), |
| 246 | 246 | |
| 247 | 247 | =head1 COPYRIGHT |
| 248 | 248 | |
| 249 | Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 249 | Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 250 | 250 | |
| 251 | 251 | Licensed under the OpenSSL license (the "License"). You may not use |
| 252 | 252 | this file except in compliance with the License. You can obtain a copy |
| 78 | 78 | |
| 79 | 79 | The B<cleanup_entropy>() callback is called from the B<drbg> to to clear and |
| 80 | 80 | free the buffer allocated previously by get_entropy(). |
| 81 | The values B<out> and B<outlen> are the random buffer's address and length, | |
| 81 | The values B<out> and B<outlen> are the random buffer's address and length, | |
| 82 | 82 | as returned by the get_entropy() callback. |
| 83 | 83 | |
| 84 | 84 | The B<get_nonce>() and B<cleanup_nonce>() callbacks are used to obtain a nonce |
| 596 | 596 | |
| 597 | 597 | SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); |
| 598 | 598 | |
| 599 | Set automatic support for any elliptic curve for key exchange: | |
| 600 | ||
| 601 | SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); | |
| 602 | ||
| 603 | 599 | =head1 RETURN VALUES |
| 604 | 600 | |
| 605 | 601 | SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is |
| 1 | 1 | |
| 2 | 2 | =head1 NAME |
| 3 | 3 | |
| 4 | SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections | |
| 4 | SSL_CTX_set_info_callback, | |
| 5 | SSL_CTX_get_info_callback, | |
| 6 | SSL_set_info_callback, | |
| 7 | SSL_get_info_callback | |
| 8 | - handle information callback for SSL connections | |
| 5 | 9 | |
| 6 | 10 | =head1 SYNOPSIS |
| 7 | 11 | |
| 36 | 40 | |
| 37 | 41 | When setting up a connection and during use, it is possible to obtain state |
| 38 | 42 | information from the SSL/TLS engine. When set, an information callback function |
| 39 | is called whenever the state changes, an alert appears, or an error occurs. | |
| 43 | is called whenever a significant event occurs such as: the state changes, | |
| 44 | an alert appears, or an error occurs. | |
| 40 | 45 | |
| 41 | 46 | The callback function is called as B<callback(SSL *ssl, int where, int ret)>. |
| 42 | 47 | The B<where> argument specifies information about where (in which context) |
| 50 | 55 | |
| 51 | 56 | =item SSL_CB_LOOP |
| 52 | 57 | |
| 53 | Callback has been called to indicate state change inside a loop. | |
| 58 | Callback has been called to indicate state change or some other significant | |
| 59 | state machine event. This may mean that the callback gets invoked more than once | |
| 60 | per state in some situations. | |
| 54 | 61 | |
| 55 | 62 | =item SSL_CB_EXIT |
| 56 | 63 | |
| 57 | Callback has been called to indicate error exit of a handshake function. | |
| 58 | (May be soft error with retry option for non-blocking setups.) | |
| 64 | Callback has been called to indicate exit of a handshake function. This will | |
| 65 | happen after the end of a handshake, but may happen at other times too such as | |
| 66 | on error or when IO might otherwise block and non-blocking is being used. | |
| 59 | 67 | |
| 60 | 68 | =item SSL_CB_READ |
| 61 | 69 | |
| 83 | 91 | |
| 84 | 92 | =item SSL_CB_HANDSHAKE_START |
| 85 | 93 | |
| 86 | Callback has been called because a new handshake is started. | |
| 94 | Callback has been called because a new handshake is started. In TLSv1.3 this is | |
| 95 | also used for the start of post-handshake message exchanges such as for the | |
| 96 | exchange of session tickets, or for key updates. It also occurs when resuming a | |
| 97 | handshake following a pause to handle early data. | |
| 87 | 98 | |
| 88 | 99 | =item SSL_CB_HANDSHAKE_DONE 0x20 |
| 89 | 100 | |
| 90 | Callback has been called because a handshake is finished. | |
| 101 | Callback has been called because a handshake is finished. In TLSv1.3 this is | |
| 102 | also used at the end of an exchange of post-handshake messages such as for | |
| 103 | session tickets or key updates. It also occurs if the handshake is paused to | |
| 104 | allow the exchange of early data. | |
| 91 | 105 | |
| 92 | 106 | =back |
| 93 | 107 | |
| 145 | 159 | |
| 146 | 160 | =head1 COPYRIGHT |
| 147 | 161 | |
| 148 | Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 162 | Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 149 | 163 | |
| 150 | 164 | Licensed under the OpenSSL license (the "License"). You may not use |
| 151 | 165 | this file except in compliance with the License. You can obtain a copy |
| 41 | 41 | decryption has been attempted and any session ticket application data is available. |
| 42 | 42 | The application can call SSL_SESSION_get_ticket_appdata() at this time to retrieve |
| 43 | 43 | the application data. The value of B<arg> is the same as that given to |
| 44 | SSL_CTX_set_session_ticket_cb(). The B<retv> arguement is the result of the ticket | |
| 44 | SSL_CTX_set_session_ticket_cb(). The B<retv> argument is the result of the ticket | |
| 45 | 45 | decryption. The B<keyname> and B<keyname_len> identify the key used to decrypt the |
| 46 | 46 | session ticket. The B<dec_cb> callback is defined as type |
| 47 | 47 | B<SSL_CTX_decrypt_session_ticket_fn>. |
| 132 | 132 | HMAC_CTX *hctx, int enc) |
| 133 | 133 | { |
| 134 | 134 | if (enc) { /* create new session */ |
| 135 | if (RAND_bytes(iv, EVP_MAX_IV_LENGTH)) | |
| 135 | if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) | |
| 136 | 136 | return -1; /* insufficient random */ |
| 137 | 137 | |
| 138 | 138 | key = currentkey(); /* something that you need to implement */ |
| 189 | 189 | |
| 190 | 190 | =head1 COPYRIGHT |
| 191 | 191 | |
| 192 | Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 192 | Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 193 | 193 | |
| 194 | 194 | Licensed under the OpenSSL license (the "License"). You may not use |
| 195 | 195 | this file except in compliance with the License. You can obtain a copy |
| 105 | 105 | If B<override> is non-0, then the certificate, private key and chain certs |
| 106 | 106 | are always set. If B<pkey> is NULL, then the public key of B<x> is used as |
| 107 | 107 | the private key. This is intended to be used with hardware (via the ENGINE |
| 108 | inteface) that stores the private key securely, such that it cannot be | |
| 108 | interface) that stores the private key securely, such that it cannot be | |
| 109 | 109 | accessed by OpenSSL. The reference count of the public key is incremented |
| 110 | 110 | (twice if there is no private key); it is not copied nor duplicated. This |
| 111 | 111 | allows all private key validations checks to succeed without an actual |
| 169 | 169 | of view, it however does not make sense as the data in the certificate |
| 170 | 170 | is considered public anyway.) |
| 171 | 171 | |
| 172 | All of the functions to set a new certificate will replace any existing | |
| 173 | certificate of the same type that has already been set. Similarly all of the | |
| 174 | functions to set a new private key will replace any private key that has already | |
| 175 | been set. Applications should call L<SSL_CTX_check_private_key(3)> or | |
| 176 | L<SSL_check_private_key(3)> as appropriate after loading a new certificate and | |
| 177 | private key to confirm that the certificate and key match. | |
| 178 | ||
| 172 | 179 | =head1 RETURN VALUES |
| 173 | 180 | |
| 174 | 181 | On success, the functions return 1. |
| 47 | 47 | enables applications to obtain information about all sessions sent by the |
| 48 | 48 | server. |
| 49 | 49 | |
| 50 | A session will be automatically removed from the session cache and marked as | |
| 51 | non-resumable if the connection is not closed down cleanly, e.g. if a fatal | |
| 52 | error occurs on the connection or L<SSL_shutdown(3)> is not called prior to | |
| 53 | L<SSL_free(3)>. | |
| 54 | ||
| 50 | 55 | In TLSv1.3 it is recommended that each SSL_SESSION object is only used for |
| 51 | 56 | resumption once. |
| 52 | 57 | |
| 94 | 99 | |
| 95 | 100 | =head1 COPYRIGHT |
| 96 | 101 | |
| 97 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 102 | Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 98 | 103 | |
| 99 | 104 | Licensed under the OpenSSL license (the "License"). You may not use |
| 100 | 105 | this file except in compliance with the License. You can obtain a copy |
| 19 | 19 | =head1 DESCRIPTION |
| 20 | 20 | |
| 21 | 21 | SSL_client_version() returns the protocol version used by the client when |
| 22 | initiating the connection. | |
| 23 | ||
| 24 | SSL_get_version() returns the name of the protocol used for the | |
| 25 | connection. | |
| 22 | initiating the connection. SSL_get_version() returns the name of the protocol | |
| 23 | used for the connection. SSL_version() returns the protocol version used for the | |
| 24 | connection. They should only be called after the initial handshake has been | |
| 25 | completed. Prior to that the results returned from these functions may be | |
| 26 | unreliable. | |
| 26 | 27 | |
| 27 | 28 | SSL_is_dtls() returns one if the connection is using DTLS, zero if not. |
| 28 | ||
| 29 | SSL_version() returns the protocol version used for the connection. | |
| 30 | 29 | |
| 31 | 30 | =head1 RETURN VALUES |
| 32 | 31 | |
| 56 | 55 | |
| 57 | 56 | =item unknown |
| 58 | 57 | |
| 59 | This indicates that no version has been set (no connection established). | |
| 58 | This indicates an unknown protocol version. | |
| 60 | 59 | |
| 61 | 60 | =back |
| 62 | 61 | |
| 97 | 96 | |
| 98 | 97 | =head1 COPYRIGHT |
| 99 | 98 | |
| 100 | Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 99 | Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 101 | 100 | |
| 102 | 101 | Licensed under the OpenSSL license (the "License"). You may not use |
| 103 | 102 | this file except in compliance with the License. You can obtain a copy |
| 17 | 17 | alphanumeric characters and underscores. |
| 18 | 18 | |
| 19 | 19 | The first section of a configuration file is special and is referred |
| 20 | to as the B<default> section this is usually unnamed and is from the | |
| 20 | to as the B<default> section. This section is usually unnamed and spans from the | |
| 21 | 21 | start of file until the first named section. When a name is being looked up |
| 22 | 22 | it is first looked up in a named section (if any) and then the |
| 23 | 23 | default section. |
| 87 | 87 | |
| 88 | 88 | The configuration section should consist of a set of name value pairs which |
| 89 | 89 | contain specific module configuration information. The B<name> represents |
| 90 | the name of the I<configuration module> the meaning of the B<value> is | |
| 90 | the name of the I<configuration module>. The meaning of the B<value> is | |
| 91 | 91 | module specific: it may, for example, represent a further configuration |
| 92 | section containing configuration module specific information. E.g. | |
| 92 | section containing configuration module specific information. E.g.: | |
| 93 | 93 | |
| 94 | 94 | # This must be in the default section |
| 95 | 95 | openssl_conf = openssl_init |
| 383 | 383 | |
| 384 | 384 | showing that the OID "newoid1" has been added as "1.2.3.4.1". |
| 385 | 385 | |
| 386 | =head1 ENVIRONMENT | |
| 387 | ||
| 388 | =over 4 | |
| 389 | ||
| 390 | =item B<OPENSSL_CONF> | |
| 391 | ||
| 392 | The path to the config file. | |
| 393 | Ignored in set-user-ID and set-group-ID programs. | |
| 394 | ||
| 395 | =item B<OPENSSL_ENGINES> | |
| 396 | ||
| 397 | The path to the engines directory. | |
| 398 | Ignored in set-user-ID and set-group-ID programs. | |
| 399 | ||
| 400 | =back | |
| 401 | ||
| 386 | 402 | =head1 BUGS |
| 387 | 403 | |
| 388 | 404 | Currently there is no way to include characters using the octal B<\nnn> |
| 31 | 31 | For long-term secrets, you can use L<RAND_priv_bytes(3)> instead. |
| 32 | 32 | This method does not provide 'better' randomness, it uses the same type of CSPRNG. |
| 33 | 33 | The intention behind using a dedicated CSPRNG exclusively for long-term secrets is |
| 34 | that none of its output should be visible to an attacker (e.g used as salt value), | |
| 35 | in order to reveal as little information as possible about its internal state. | |
| 34 | that none of its output should be visible to an attacker (e.g used as salt value), | |
| 35 | in order to reveal as little information as possible about its internal state. | |
| 36 | 36 | |
| 37 | 37 | In the rare case where the default implementation does not satisfy your special |
| 38 | 38 | requirements, there are two options: |
| 36 | 36 | |
| 37 | 37 | =item * |
| 38 | 38 | |
| 39 | You want to use your own private DRBG instances, similar to how it | |
| 40 | is currently done in the ssl library. | |
| 39 | You want to use your own private DRBG instances. | |
| 41 | 40 | Multiple DRBG instances which are accessed only by a single thread provide |
| 42 | 41 | additional security (because their internal states are independent) and |
| 43 | 42 | better scalability in multithreaded applications (because they don't need |
| 79 | 78 | =head2 The <master> DRBG instance |
| 80 | 79 | |
| 81 | 80 | The <master> DRBG is not used directly by the application, only for reseeding |
| 82 | the two other two DRBG instances. It reseeds itself by obtaining randomness | |
| 83 | either from os entropy sources or by consuming randomness which was added | |
| 81 | the two other two DRBG instances. It reseeds itself by obtaining randomness | |
| 82 | either from os entropy sources or by consuming randomness which was added | |
| 84 | 83 | previously by L<RAND_add(3)>. |
| 85 | 84 | |
| 86 | 85 | =head2 The <public> DRBG instance |
| 143 | 142 | +------------------+ +------------------------------------+ |
| 144 | 143 | |
| 145 | 144 | |
| 146 | ||
| 147 | The method L<RAND_DRBG_bytes(3)> is a convenience method wrapping the | |
| 148 | L<RAND_DRBG_generate(3)> function, which serves the actual request for | |
| 149 | random data. | |
| 145 | The usual way to obtain random bytes is to call RAND_bytes(...) or | |
| 146 | RAND_priv_bytes(...). These calls are roughly equivalent to calling | |
| 147 | RAND_DRBG_bytes(<public>, ...) and RAND_DRBG_bytes(<private>, ...), | |
| 148 | respectively. The method L<RAND_DRBG_bytes(3)> is a convenience method | |
| 149 | wrapping the L<RAND_DRBG_generate(3)> function, which serves the actual | |
| 150 | request for random data. | |
| 150 | 151 | |
| 151 | 152 | =head1 RESEEDING |
| 152 | 153 | |
| 2 | 2 | =head1 NAME |
| 3 | 3 | |
| 4 | 4 | RSA-PSS - EVP_PKEY RSA-PSS algorithm support |
| 5 | ||
| 6 | =head1 SYNOPSIS | |
| 7 | ||
| 8 | #include <openssl/rsa.h> | |
| 9 | ||
| 10 | int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, | |
| 11 | const EVP_MD *md); | |
| 12 | int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, | |
| 13 | const EVP_MD *md); | |
| 14 | int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, | |
| 15 | int saltlen); | |
| 16 | 5 | |
| 17 | 6 | =head1 DESCRIPTION |
| 18 | 7 | |
| 25 | 14 | This algorithm shares several control operations with the B<RSA> algorithm |
| 26 | 15 | but with some restrictions described below. |
| 27 | 16 | |
| 28 | =head1 SIGNING AND VERIFICATION | |
| 17 | =head2 Signing and Verification | |
| 29 | 18 | |
| 30 | 19 | Signing and verification is similar to the B<RSA> algorithm except the |
| 31 | 20 | padding mode is always PSS. If the key in use has parameter restrictions then |
| 34 | 23 | and minimum salt length 32 then the digest, MGF1 digest and salt length |
| 35 | 24 | will be set to SHA256, SHA256 and 32 respectively. |
| 36 | 25 | |
| 37 | The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is | |
| 38 | returned if an attempt is made to set the padding mode to anything other | |
| 39 | than B<PSS>. It is otherwise similar to the B<RSA> version. | |
| 26 | =head2 Key Generation | |
| 40 | 27 | |
| 41 | The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt length. | |
| 42 | If the key has usage restrictions then an error is returned if an attempt is | |
| 43 | made to set the salt length below the minimum value. It is otherwise similar | |
| 44 | to the B<RSA> operation except detection of the salt length (using | |
| 45 | RSA_PSS_SALTLEN_AUTO is not supported for verification if the key has | |
| 46 | usage restrictions. | |
| 47 | ||
| 48 | The EVP_PKEY_CTX_set_signature_md() and EVP_PKEY_CTX_set_rsa_mgf1_md() macros | |
| 49 | are used to set the digest and MGF1 algorithms respectively. If the key has | |
| 50 | usage restrictions then an error is returned if an attempt is made to set the | |
| 51 | digest to anything other than the restricted value. Otherwise these are | |
| 52 | similar to the B<RSA> versions. | |
| 53 | ||
| 54 | =head1 KEY GENERATION | |
| 55 | ||
| 56 | As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() | |
| 57 | and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: | |
| 58 | they have exactly the same meaning as for the RSA algorithm. | |
| 59 | ||
| 60 | Optional parameter restrictions can be specified when generating a PSS key. By | |
| 61 | default no parameter restrictions are placed on the generated key. If any | |
| 62 | restrictions are set (using the macros described below) then B<all> parameters | |
| 63 | are restricted. For example, setting a minimum salt length also restricts the | |
| 64 | digest and MGF1 algorithms. If any restrictions are in place then they are | |
| 65 | reflected in the corresponding parameters of the public key when (for example) | |
| 66 | a certificate request is signed. | |
| 67 | ||
| 68 | EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the | |
| 69 | generated key can use to B<md>. | |
| 70 | ||
| 71 | EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the | |
| 72 | generated key can use to B<md>. | |
| 73 | ||
| 74 | EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length | |
| 75 | to B<saltlen>. | |
| 28 | By default no parameter restrictions are placed on the generated key. | |
| 76 | 29 | |
| 77 | 30 | =head1 NOTES |
| 78 | ||
| 79 | A context for the B<RSA-PSS> algorithm can be obtained by calling: | |
| 80 | ||
| 81 | EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); | |
| 82 | 31 | |
| 83 | 32 | The public key format is documented in RFC4055. |
| 84 | 33 | |
| 86 | 35 | format except it uses the B<id-RSASSA-PSS> OID and the parameters field, if |
| 87 | 36 | present, restricts the key parameters in the same way as the public key. |
| 88 | 37 | |
| 89 | =head1 RETURN VALUES | |
| 38 | =head1 CONFORMING TO | |
| 90 | 39 | |
| 91 | All these functions return 1 for success and 0 or a negative value for failure. | |
| 92 | In particular a return value of -2 indicates the operation is not supported by | |
| 93 | the public key algorithm. | |
| 40 | RFC 4055 | |
| 94 | 41 | |
| 95 | 42 | =head1 SEE ALSO |
| 96 | 43 | |
| 44 | L<EVP_PKEY_CTX_set_rsa_pss_keygen_md(3)>, | |
| 45 | L<EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(3)>, | |
| 46 | L<EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(3)>, | |
| 97 | 47 | L<EVP_PKEY_CTX_new(3)>, |
| 98 | 48 | L<EVP_PKEY_CTX_ctrl_str(3)>, |
| 99 | 49 | L<EVP_PKEY_derive(3)> |
| 100 | 50 | |
| 101 | 51 | =head1 COPYRIGHT |
| 102 | 52 | |
| 103 | Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 53 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 104 | 54 | |
| 105 | 55 | Licensed under the OpenSSL license (the "License"). You may not use |
| 106 | 56 | this file except in compliance with the License. You can obtain a copy |
| 2 | 2 | =head1 NAME |
| 3 | 3 | |
| 4 | 4 | scrypt - EVP_PKEY scrypt KDF support |
| 5 | ||
| 6 | =head1 SYNOPSIS | |
| 7 | ||
| 8 | #include <openssl/kdf.h> | |
| 9 | ||
| 10 | int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, | |
| 11 | int passlen); | |
| 12 | ||
| 13 | int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, | |
| 14 | int saltlen); | |
| 15 | ||
| 16 | int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); | |
| 17 | ||
| 18 | int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); | |
| 19 | ||
| 20 | int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); | |
| 21 | ||
| 22 | int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, uint64_t maxmem); | |
| 23 | 5 | |
| 24 | 6 | =head1 DESCRIPTION |
| 25 | 7 | |
| 46 | 28 | they default to 1048576, 8, and 1, respectively. The default amount of RAM that |
| 47 | 29 | may be used by scrypt defaults to 1025 MiB. |
| 48 | 30 | |
| 49 | EVP_PKEY_CTX_set1_pbe_pass() sets the B<passlen> bytes long password. | |
| 50 | ||
| 51 | EVP_PKEY_CTX_set1_scrypt_salt() sets the B<saltlen> bytes long salt value. | |
| 52 | ||
| 53 | EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and | |
| 54 | EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p. | |
| 55 | ||
| 56 | EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key derivation may | |
| 57 | maximally use, given in bytes. If RAM is exceeded because the load factors are | |
| 58 | chosen too high, the key derivation will fail. | |
| 59 | ||
| 60 | =head1 STRING CTRLS | |
| 61 | ||
| 62 | scrypt also supports string based control operations via | |
| 63 | L<EVP_PKEY_CTX_ctrl_str(3)>. | |
| 64 | The B<password> can be directly specified using the B<type> parameter "pass" or | |
| 65 | given in hex encoding using the "hexpass" parameter. Similarly, the B<salt> can | |
| 66 | either be specified using the B<type> parameter "salt" or in hex encoding by | |
| 67 | using the "hexsalt" parameter. The work factors B<N>, B<r> and B<p> as well as | |
| 68 | B<maxmem_bytes> can be set by using the parameters "N", "r", "p" and | |
| 69 | "maxmem_bytes", respectively. | |
| 70 | ||
| 71 | 31 | =head1 NOTES |
| 72 | ||
| 73 | All these functions are implemented as macros. | |
| 74 | 32 | |
| 75 | 33 | A context for scrypt can be obtained by calling: |
| 76 | 34 | |
| 77 | 35 | EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_SCRYPT, NULL); |
| 78 | 36 | |
| 79 | The output length of an scrypt key derivation is specified via the length | |
| 80 | parameter to the L<EVP_PKEY_derive(3)> function. | |
| 81 | ||
| 82 | =head1 RETURN VALUES | |
| 83 | ||
| 84 | All these functions return 1 for success and 0 or a negative value for failure. | |
| 85 | In particular a return value of -2 indicates the operation is not supported by | |
| 86 | the public key algorithm. | |
| 37 | The output length of an scrypt key derivation is specified via the | |
| 38 | length parameter to the L<EVP_PKEY_derive(3)> function. | |
| 87 | 39 | |
| 88 | 40 | =head1 EXAMPLE |
| 89 | 41 | |
| 141 | 93 | |
| 142 | 94 | =head1 SEE ALSO |
| 143 | 95 | |
| 96 | L<EVP_PKEY_CTX_set1_scrypt_salt(3)>, | |
| 97 | L<EVP_PKEY_CTX_set_scrypt_N(3)>, | |
| 98 | L<EVP_PKEY_CTX_set_scrypt_r(3)>, | |
| 99 | L<EVP_PKEY_CTX_set_scrypt_p(3)>, | |
| 100 | L<EVP_PKEY_CTX_set_scrypt_maxmem_bytes(3)>, | |
| 144 | 101 | L<EVP_PKEY_CTX_new(3)>, |
| 145 | 102 | L<EVP_PKEY_CTX_ctrl_str(3)>, |
| 146 | 103 | L<EVP_PKEY_derive(3)> |
| 147 | 104 | |
| 148 | 105 | =head1 COPYRIGHT |
| 149 | 106 | |
| 150 | Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 107 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 151 | 108 | |
| 152 | 109 | Licensed under the OpenSSL license (the "License"). You may not use |
| 153 | 110 | this file except in compliance with the License. You can obtain a copy |
| 87 | 87 | includes both more private SSL headers and headers from the B<crypto> library. |
| 88 | 88 | Whenever you need hard-core details on the internals of the SSL API, look |
| 89 | 89 | inside this header file. |
| 90 | ||
| 91 | OPENSSL_VERSION_AT_LEAST(major,minor) can be | |
| 92 | used in C<#if> statements in order to determine which version of the library is | |
| 93 | being used. This can be used to either enable optional features at compile | |
| 94 | time, or work around issues with a previous version. | |
| 95 | See L<OPENSSL_VERSION_NUMBER(3)>. | |
| 96 | 90 | |
| 97 | 91 | =item B<ssl2.h> |
| 98 | 92 |
| 0 | 0 | /* |
| 1 | * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 576 | 576 | } |
| 577 | 577 | |
| 578 | 578 | IMPLEMENT_DYNAMIC_CHECK_FN() |
| 579 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
| 579 | IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) | |
| 580 | 580 | # else |
| 581 | 581 | static ENGINE *engine_capi(void) |
| 582 | 582 | { |
| 834 | 834 | CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); |
| 835 | 835 | return -1; |
| 836 | 836 | } |
| 837 | /* Convert the signature type to a CryptoAPI algorithm ID */ | |
| 837 | /* Convert the signature type to a CryptoAPI algorithm ID */ | |
| 838 | 838 | switch (dtype) { |
| 839 | 839 | case NID_sha256: |
| 840 | 840 | alg = CALG_SHA_256; |
| 869 | 869 | } |
| 870 | 870 | } |
| 871 | 871 | |
| 872 | /* Create the hash object */ | |
| 872 | /* Create the hash object */ | |
| 873 | 873 | if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) { |
| 874 | 874 | CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); |
| 875 | 875 | capi_addlasterror(); |
| 876 | 876 | return -1; |
| 877 | 877 | } |
| 878 | /* Set the hash value to the value passed */ | |
| 878 | /* Set the hash value to the value passed */ | |
| 879 | 879 | |
| 880 | 880 | if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) { |
| 881 | 881 | CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); |
| 883 | 883 | goto err; |
| 884 | 884 | } |
| 885 | 885 | |
| 886 | /* Finally sign it */ | |
| 886 | /* Finally sign it */ | |
| 887 | 887 | slen = RSA_size(rsa); |
| 888 | 888 | if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { |
| 889 | 889 | CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); |
| 1476 | 1476 | ptype = PROV_RSA_AES; |
| 1477 | 1477 | } |
| 1478 | 1478 | if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { |
| 1479 | /* above 'if' is [complementary] copy from CAPI_trace and serves | |
| 1480 | * as optimization to minimize [below] malloc-ations */ | |
| 1479 | /* | |
| 1480 | * above 'if' is [complementary] copy from CAPI_trace and serves | |
| 1481 | * as optimization to minimize [below] malloc-ations | |
| 1482 | */ | |
| 1481 | 1483 | char *_contname = wide_to_asc(contname); |
| 1482 | 1484 | char *_provname = wide_to_asc(provname); |
| 1483 | 1485 | |
| 0 | /* | |
| 1 | * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | * | |
| 3 | * Licensed under the OpenSSL license (the "License"). You may not use | |
| 4 | * this file except in compliance with the License. You can obtain a copy | |
| 5 | * in the file LICENSE in the source distribution or at | |
| 6 | * https://www.openssl.org/source/license.html | |
| 7 | */ | |
| 8 | ||
| 9 | #ifndef HEADER_SSLCONF_H | |
| 10 | # define HEADER_SSLCONF_H | |
| 11 | ||
| 12 | typedef struct ssl_conf_cmd_st SSL_CONF_CMD; | |
| 13 | ||
| 14 | const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt); | |
| 15 | int conf_ssl_name_find(const char *name, size_t *idx); | |
| 16 | void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, | |
| 17 | char **arg); | |
| 18 | ||
| 19 | #endif |
| 22 | 22 | # define ASN1_F_A2I_ASN1_INTEGER 102 |
| 23 | 23 | # define ASN1_F_A2I_ASN1_STRING 103 |
| 24 | 24 | # define ASN1_F_APPEND_EXP 176 |
| 25 | # define ASN1_F_ASN1_BIO_INIT 113 | |
| 25 | 26 | # define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 |
| 26 | 27 | # define ASN1_F_ASN1_CB 177 |
| 27 | 28 | # define ASN1_F_ASN1_CHECK_TLEN 104 |
| 33 | 34 | # define ASN1_F_ASN1_DO_ADB 110 |
| 34 | 35 | # define ASN1_F_ASN1_DO_LOCK 233 |
| 35 | 36 | # define ASN1_F_ASN1_DUP 111 |
| 37 | # define ASN1_F_ASN1_ENC_SAVE 115 | |
| 36 | 38 | # define ASN1_F_ASN1_EX_C2I 204 |
| 37 | 39 | # define ASN1_F_ASN1_FIND_END 190 |
| 38 | 40 | # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 |
| 46 | 48 | # define ASN1_F_ASN1_ITEM_DUP 191 |
| 47 | 49 | # define ASN1_F_ASN1_ITEM_EMBED_D2I 120 |
| 48 | 50 | # define ASN1_F_ASN1_ITEM_EMBED_NEW 121 |
| 51 | # define ASN1_F_ASN1_ITEM_FLAGS_I2D 118 | |
| 49 | 52 | # define ASN1_F_ASN1_ITEM_I2D_BIO 192 |
| 50 | 53 | # define ASN1_F_ASN1_ITEM_I2D_FP 193 |
| 51 | 54 | # define ASN1_F_ASN1_ITEM_PACK 198 |
| 57 | 60 | # define ASN1_F_ASN1_OBJECT_NEW 123 |
| 58 | 61 | # define ASN1_F_ASN1_OUTPUT_DATA 214 |
| 59 | 62 | # define ASN1_F_ASN1_PCTX_NEW 205 |
| 63 | # define ASN1_F_ASN1_PRIMITIVE_NEW 119 | |
| 60 | 64 | # define ASN1_F_ASN1_SCTX_NEW 221 |
| 61 | 65 | # define ASN1_F_ASN1_SIGN 128 |
| 62 | 66 | # define ASN1_F_ASN1_STR2TYPE 179 |
| 90 | 94 | # define ASN1_F_D2I_AUTOPRIVATEKEY 207 |
| 91 | 95 | # define ASN1_F_D2I_PRIVATEKEY 154 |
| 92 | 96 | # define ASN1_F_D2I_PUBLICKEY 155 |
| 97 | # define ASN1_F_DO_CREATE 124 | |
| 98 | # define ASN1_F_DO_DUMP 125 | |
| 93 | 99 | # define ASN1_F_DO_TCREATE 222 |
| 100 | # define ASN1_F_I2A_ASN1_OBJECT 126 | |
| 94 | 101 | # define ASN1_F_I2D_ASN1_BIO_STREAM 211 |
| 95 | 102 | # define ASN1_F_I2D_DSA_PUBKEY 161 |
| 96 | 103 | # define ASN1_F_I2D_EC_PUBKEY 181 |
| 98 | 105 | # define ASN1_F_I2D_PUBLICKEY 164 |
| 99 | 106 | # define ASN1_F_I2D_RSA_PUBKEY 165 |
| 100 | 107 | # define ASN1_F_LONG_C2I 166 |
| 108 | # define ASN1_F_NDEF_PREFIX 127 | |
| 109 | # define ASN1_F_NDEF_SUFFIX 136 | |
| 101 | 110 | # define ASN1_F_OID_MODULE_INIT 174 |
| 102 | 111 | # define ASN1_F_PARSE_TAGGING 182 |
| 103 | 112 | # define ASN1_F_PKCS5_PBE2_SET_IV 167 |
| 108 | 117 | # define ASN1_F_PKCS5_SCRYPT_SET 232 |
| 109 | 118 | # define ASN1_F_SMIME_READ_ASN1 212 |
| 110 | 119 | # define ASN1_F_SMIME_TEXT 213 |
| 120 | # define ASN1_F_STABLE_GET 138 | |
| 111 | 121 | # define ASN1_F_STBL_MODULE_INIT 223 |
| 112 | 122 | # define ASN1_F_UINT32_C2I 105 |
| 123 | # define ASN1_F_UINT32_NEW 139 | |
| 113 | 124 | # define ASN1_F_UINT64_C2I 112 |
| 125 | # define ASN1_F_UINT64_NEW 141 | |
| 114 | 126 | # define ASN1_F_X509_CRL_ADD0_REVOKED 169 |
| 115 | 127 | # define ASN1_F_X509_INFO_NEW 170 |
| 116 | 128 | # define ASN1_F_X509_NAME_ENCODE 203 |
| 24 | 24 | # define ASYNC_F_ASYNC_PAUSE_JOB 103 |
| 25 | 25 | # define ASYNC_F_ASYNC_START_FUNC 104 |
| 26 | 26 | # define ASYNC_F_ASYNC_START_JOB 105 |
| 27 | # define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD 106 | |
| 27 | 28 | |
| 28 | 29 | /* |
| 29 | 30 | * ASYNC reason codes. |
| 734 | 734 | * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); |
| 735 | 735 | */ |
| 736 | 736 | |
| 737 | # define __bio_h__attr__(x) | |
| 737 | # define ossl_bio__attr__(x) | |
| 738 | 738 | # if defined(__GNUC__) && defined(__STDC_VERSION__) \ |
| 739 | 739 | && !defined(__APPLE__) |
| 740 | 740 | /* |
| 742 | 742 | * we can't use __attribute__ with pre C99 dialects. |
| 743 | 743 | */ |
| 744 | 744 | # if __STDC_VERSION__ >= 199901L |
| 745 | # undef __bio_h__attr__ | |
| 746 | # define __bio_h__attr__ __attribute__ | |
| 745 | # undef ossl_bio__attr__ | |
| 746 | # define ossl_bio__attr__ __attribute__ | |
| 747 | # if __GNUC__*10 + __GNUC_MINOR__ >= 44 | |
| 748 | # define ossl_bio__printf__ __gnu_printf__ | |
| 749 | # else | |
| 750 | # define ossl_bio__printf__ __printf__ | |
| 751 | # endif | |
| 747 | 752 | # endif |
| 748 | 753 | # endif |
| 749 | 754 | int BIO_printf(BIO *bio, const char *format, ...) |
| 750 | __bio_h__attr__((__format__(__printf__, 2, 3))); | |
| 755 | ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3))); | |
| 751 | 756 | int BIO_vprintf(BIO *bio, const char *format, va_list args) |
| 752 | __bio_h__attr__((__format__(__printf__, 2, 0))); | |
| 757 | ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0))); | |
| 753 | 758 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) |
| 754 | __bio_h__attr__((__format__(__printf__, 3, 4))); | |
| 759 | ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4))); | |
| 755 | 760 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) |
| 756 | __bio_h__attr__((__format__(__printf__, 3, 0))); | |
| 757 | # undef __bio_h__attr__ | |
| 761 | ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0))); | |
| 762 | # undef ossl_bio__attr__ | |
| 763 | # undef ossl_bio__printf__ | |
| 758 | 764 | |
| 759 | 765 | |
| 760 | 766 | BIO_METHOD *BIO_meth_new(int type, const char *name); |
| 19 | 19 | * BIO function codes. |
| 20 | 20 | */ |
| 21 | 21 | # define BIO_F_ACPT_STATE 100 |
| 22 | # define BIO_F_ADDRINFO_WRAP 148 | |
| 22 | 23 | # define BIO_F_ADDR_STRINGS 134 |
| 23 | 24 | # define BIO_F_BIO_ACCEPT 101 |
| 24 | 25 | # define BIO_F_BIO_ACCEPT_EX 137 |
| 26 | # define BIO_F_BIO_ACCEPT_NEW 152 | |
| 25 | 27 | # define BIO_F_BIO_ADDR_NEW 144 |
| 26 | 28 | # define BIO_F_BIO_BIND 147 |
| 27 | 29 | # define BIO_F_BIO_CALLBACK_CTRL 131 |
| 28 | 30 | # define BIO_F_BIO_CONNECT 138 |
| 31 | # define BIO_F_BIO_CONNECT_NEW 153 | |
| 29 | 32 | # define BIO_F_BIO_CTRL 103 |
| 30 | 33 | # define BIO_F_BIO_GETS 104 |
| 31 | 34 | # define BIO_F_BIO_GET_HOST_IP 106 |
| 59 | 62 | # define BIO_F_BUFFER_CTRL 114 |
| 60 | 63 | # define BIO_F_CONN_CTRL 127 |
| 61 | 64 | # define BIO_F_CONN_STATE 115 |
| 65 | # define BIO_F_DGRAM_SCTP_NEW 149 | |
| 62 | 66 | # define BIO_F_DGRAM_SCTP_READ 132 |
| 63 | 67 | # define BIO_F_DGRAM_SCTP_WRITE 133 |
| 68 | # define BIO_F_DOAPR_OUTCH 150 | |
| 64 | 69 | # define BIO_F_FILE_CTRL 116 |
| 65 | 70 | # define BIO_F_FILE_READ 130 |
| 66 | 71 | # define BIO_F_LINEBUFFER_CTRL 129 |
| 72 | # define BIO_F_LINEBUFFER_NEW 151 | |
| 67 | 73 | # define BIO_F_MEM_WRITE 117 |
| 74 | # define BIO_F_NBIOF_NEW 154 | |
| 75 | # define BIO_F_SLG_WRITE 155 | |
| 68 | 76 | # define BIO_F_SSL_NEW 118 |
| 69 | 77 | |
| 70 | 78 | /* |
| 56 | 56 | # define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 |
| 57 | 57 | # define BN_F_BN_MOD_LSHIFT_QUICK 119 |
| 58 | 58 | # define BN_F_BN_MOD_SQRT 121 |
| 59 | # define BN_F_BN_MONT_CTX_NEW 149 | |
| 59 | 60 | # define BN_F_BN_MPI2BN 112 |
| 60 | 61 | # define BN_F_BN_NEW 113 |
| 62 | # define BN_F_BN_POOL_GET 147 | |
| 61 | 63 | # define BN_F_BN_RAND 114 |
| 62 | 64 | # define BN_F_BN_RAND_RANGE 122 |
| 65 | # define BN_F_BN_RECP_CTX_NEW 150 | |
| 63 | 66 | # define BN_F_BN_RSHIFT 146 |
| 64 | 67 | # define BN_F_BN_SET_WORDS 144 |
| 68 | # define BN_F_BN_STACK_PUSH 148 | |
| 65 | 69 | # define BN_F_BN_USUB 115 |
| 66 | 70 | |
| 67 | 71 | /* |
| 48 | 48 | # define CMS_F_CMS_DIGEST_VERIFY 118 |
| 49 | 49 | # define CMS_F_CMS_ENCODE_RECEIPT 161 |
| 50 | 50 | # define CMS_F_CMS_ENCRYPT 119 |
| 51 | # define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 | |
| 51 | 52 | # define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 |
| 52 | 53 | # define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 |
| 53 | 54 | # define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 |
| 102 | 103 | # define CMS_F_CMS_STREAM 155 |
| 103 | 104 | # define CMS_F_CMS_UNCOMPRESS 156 |
| 104 | 105 | # define CMS_F_CMS_VERIFY 157 |
| 106 | # define CMS_F_KEK_UNWRAP_KEY 180 | |
| 105 | 107 | |
| 106 | 108 | /* |
| 107 | 109 | * CMS reason codes. |
| 26 | 26 | # define COMP_F_BIO_ZLIB_NEW 100 |
| 27 | 27 | # define COMP_F_BIO_ZLIB_READ 101 |
| 28 | 28 | # define COMP_F_BIO_ZLIB_WRITE 102 |
| 29 | # define COMP_F_COMP_CTX_NEW 103 | |
| 29 | 30 | |
| 30 | 31 | /* |
| 31 | 32 | * COMP reason codes. |
| 25 | 25 | # define CONF_F_DEF_LOAD 120 |
| 26 | 26 | # define CONF_F_DEF_LOAD_BIO 121 |
| 27 | 27 | # define CONF_F_GET_NEXT_FILE 107 |
| 28 | # define CONF_F_MODULE_ADD 122 | |
| 28 | 29 | # define CONF_F_MODULE_INIT 115 |
| 29 | 30 | # define CONF_F_MODULE_LOAD_DSO 117 |
| 30 | 31 | # define CONF_F_MODULE_RUN 118 |
| 38 | 39 | # define CONF_F_NCONF_LOAD_FP 114 |
| 39 | 40 | # define CONF_F_NCONF_NEW 111 |
| 40 | 41 | # define CONF_F_PROCESS_INCLUDE 116 |
| 42 | # define CONF_F_SSL_MODULE_INIT 123 | |
| 41 | 43 | # define CONF_F_STR_COPY 101 |
| 42 | 44 | |
| 43 | 45 | /* |
| 56 | 58 | # define CONF_R_NO_SUCH_FILE 114 |
| 57 | 59 | # define CONF_R_NO_VALUE 108 |
| 58 | 60 | # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 |
| 61 | # define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 | |
| 62 | # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 | |
| 63 | # define CONF_R_SSL_SECTION_EMPTY 119 | |
| 64 | # define CONF_R_SSL_SECTION_NOT_FOUND 120 | |
| 59 | 65 | # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 |
| 60 | 66 | # define CONF_R_UNKNOWN_MODULE_NAME 113 |
| 61 | 67 | # define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 |
| 375 | 375 | # define OPENSSL_INIT_ENGINE_CAPI 0x00002000L |
| 376 | 376 | # define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L |
| 377 | 377 | # define OPENSSL_INIT_ENGINE_AFALG 0x00008000L |
| 378 | # define OPENSSL_INIT_reserved_internal 0x00010000L | |
| 378 | /* OPENSSL_INIT_ZLIB 0x00010000L */ | |
| 379 | 379 | # define OPENSSL_INIT_ATFORK 0x00020000L |
| 380 | /* OPENSSL_INIT_BASE_ONLY 0x00040000L */ | |
| 380 | 381 | /* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ |
| 381 | 382 | /* Max OPENSSL_INIT flag value is 0x80000000 */ |
| 382 | 383 |
| 18 | 18 | /* |
| 19 | 19 | * CRYPTO function codes. |
| 20 | 20 | */ |
| 21 | # define CRYPTO_F_CMAC_CTX_NEW 120 | |
| 21 | 22 | # define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 |
| 22 | 23 | # define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 |
| 23 | 24 | # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 |
| 24 | 25 | # define CRYPTO_F_CRYPTO_MEMDUP 115 |
| 25 | 26 | # define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 |
| 27 | # define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 | |
| 28 | # define CRYPTO_F_CRYPTO_OCB128_INIT 122 | |
| 26 | 29 | # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 |
| 27 | 30 | # define CRYPTO_F_FIPS_MODE_SET 109 |
| 28 | 31 | # define CRYPTO_F_GET_AND_LOCK 113 |
| 32 | # define CRYPTO_F_OPENSSL_ATEXIT 114 | |
| 29 | 33 | # define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 |
| 34 | # define CRYPTO_F_OPENSSL_FOPEN 119 | |
| 30 | 35 | # define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 |
| 31 | 36 | # define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 |
| 37 | # define CRYPTO_F_OPENSSL_LH_NEW 126 | |
| 38 | # define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 | |
| 39 | # define CRYPTO_F_OPENSSL_SK_DUP 128 | |
| 40 | # define CRYPTO_F_PKEY_HMAC_INIT 123 | |
| 41 | # define CRYPTO_F_PKEY_POLY1305_INIT 124 | |
| 42 | # define CRYPTO_F_PKEY_SIPHASH_INIT 125 | |
| 43 | # define CRYPTO_F_SK_RESERVE 129 | |
| 32 | 44 | |
| 33 | 45 | /* |
| 34 | 46 | * CRYPTO reason codes. |
| 46 | 46 | # define DH_F_GENERATE_KEY 103 |
| 47 | 47 | # define DH_F_PKEY_DH_CTRL_STR 120 |
| 48 | 48 | # define DH_F_PKEY_DH_DERIVE 112 |
| 49 | # define DH_F_PKEY_DH_INIT 125 | |
| 49 | 50 | # define DH_F_PKEY_DH_KEYGEN 113 |
| 50 | 51 | |
| 51 | 52 | /* |
| 43 | 43 | # define DSA_F_DSA_SIG_NEW 102 |
| 44 | 44 | # define DSA_F_OLD_DSA_PRIV_DECODE 122 |
| 45 | 45 | # define DSA_F_PKEY_DSA_CTRL 120 |
| 46 | # define DSA_F_PKEY_DSA_CTRL_STR 104 | |
| 46 | 47 | # define DSA_F_PKEY_DSA_KEYGEN 121 |
| 47 | 48 | |
| 48 | 49 | /* |
| 113 | 113 | # define EC_F_EC_GROUP_SET_CURVE_GF2M 176 |
| 114 | 114 | # define EC_F_EC_GROUP_SET_CURVE_GFP 109 |
| 115 | 115 | # define EC_F_EC_GROUP_SET_GENERATOR 111 |
| 116 | # define EC_F_EC_GROUP_SET_SEED 286 | |
| 116 | 117 | # define EC_F_EC_KEY_CHECK_KEY 177 |
| 117 | 118 | # define EC_F_EC_KEY_COPY 178 |
| 118 | 119 | # define EC_F_EC_KEY_GENERATE_KEY 179 |
| 121 | 122 | # define EC_F_EC_KEY_OCT2PRIV 255 |
| 122 | 123 | # define EC_F_EC_KEY_PRINT 180 |
| 123 | 124 | # define EC_F_EC_KEY_PRINT_FP 181 |
| 125 | # define EC_F_EC_KEY_PRIV2BUF 279 | |
| 124 | 126 | # define EC_F_EC_KEY_PRIV2OCT 256 |
| 125 | 127 | # define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 |
| 126 | 128 | # define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 |
| 130 | 132 | # define EC_F_EC_PKEY_PARAM_CHECK 274 |
| 131 | 133 | # define EC_F_EC_POINTS_MAKE_AFFINE 136 |
| 132 | 134 | # define EC_F_EC_POINT_ADD 112 |
| 135 | # define EC_F_EC_POINT_BN2POINT 280 | |
| 133 | 136 | # define EC_F_EC_POINT_CMP 113 |
| 134 | 137 | # define EC_F_EC_POINT_COPY 114 |
| 135 | 138 | # define EC_F_EC_POINT_DBL 115 |
| 142 | 145 | # define EC_F_EC_POINT_MAKE_AFFINE 120 |
| 143 | 146 | # define EC_F_EC_POINT_NEW 121 |
| 144 | 147 | # define EC_F_EC_POINT_OCT2POINT 122 |
| 148 | # define EC_F_EC_POINT_POINT2BUF 281 | |
| 145 | 149 | # define EC_F_EC_POINT_POINT2OCT 123 |
| 146 | 150 | # define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 |
| 147 | 151 | # define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 |
| 168 | 172 | # define EC_F_PKEY_ECD_DIGESTSIGN 272 |
| 169 | 173 | # define EC_F_PKEY_ECD_DIGESTSIGN25519 276 |
| 170 | 174 | # define EC_F_PKEY_ECD_DIGESTSIGN448 277 |
| 175 | # define EC_F_PKEY_ECD_SIGN25519 284 | |
| 176 | # define EC_F_PKEY_ECD_SIGN448 285 | |
| 171 | 177 | # define EC_F_PKEY_ECX_DERIVE 269 |
| 172 | 178 | # define EC_F_PKEY_EC_CTRL 197 |
| 173 | 179 | # define EC_F_PKEY_EC_CTRL_STR 198 |
| 174 | 180 | # define EC_F_PKEY_EC_DERIVE 217 |
| 181 | # define EC_F_PKEY_EC_INIT 282 | |
| 182 | # define EC_F_PKEY_EC_KDF_DERIVE 283 | |
| 175 | 183 | # define EC_F_PKEY_EC_KEYGEN 199 |
| 176 | 184 | # define EC_F_PKEY_EC_PARAMGEN 219 |
| 177 | 185 | # define EC_F_PKEY_EC_SIGN 218 |
| 57 | 57 | # define ENGINE_F_ENGINE_TABLE_REGISTER 184 |
| 58 | 58 | # define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 |
| 59 | 59 | # define ENGINE_F_ENGINE_UP_REF 190 |
| 60 | # define ENGINE_F_INT_CLEANUP_ITEM 199 | |
| 60 | 61 | # define ENGINE_F_INT_CTRL_HELPER 172 |
| 61 | 62 | # define ENGINE_F_INT_ENGINE_CONFIGURE 188 |
| 62 | 63 | # define ENGINE_F_INT_ENGINE_MODULE_INIT 187 |
| 64 | # define ENGINE_F_OSSL_HMAC_INIT 200 | |
| 63 | 65 | |
| 64 | 66 | /* |
| 65 | 67 | * ENGINE reason codes. |
| 132 | 132 | # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) |
| 133 | 133 | # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) |
| 134 | 134 | # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) |
| 135 | # define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) | |
| 136 | 135 | |
| 137 | 136 | # define ERR_PACK(l,f,r) ( \ |
| 138 | 137 | (((unsigned int)(l) & 0x0FF) << 24L) | \ |
| 19 | 19 | * EVP function codes. |
| 20 | 20 | */ |
| 21 | 21 | # define EVP_F_AESNI_INIT_KEY 165 |
| 22 | # define EVP_F_AES_GCM_CTRL 196 | |
| 22 | 23 | # define EVP_F_AES_INIT_KEY 133 |
| 23 | 24 | # define EVP_F_AES_OCB_CIPHER 169 |
| 24 | 25 | # define EVP_F_AES_T4_INIT_KEY 178 |
| 25 | 26 | # define EVP_F_AES_WRAP_CIPHER 170 |
| 26 | 27 | # define EVP_F_ALG_MODULE_INIT 177 |
| 27 | 28 | # define EVP_F_ARIA_CCM_INIT_KEY 175 |
| 29 | # define EVP_F_ARIA_GCM_CTRL 197 | |
| 28 | 30 | # define EVP_F_ARIA_GCM_INIT_KEY 176 |
| 29 | 31 | # define EVP_F_ARIA_INIT_KEY 185 |
| 32 | # define EVP_F_B64_NEW 198 | |
| 30 | 33 | # define EVP_F_CAMELLIA_INIT_KEY 159 |
| 31 | 34 | # define EVP_F_CHACHA20_POLY1305_CTRL 182 |
| 32 | 35 | # define EVP_F_CMLL_T4_INIT_KEY 179 |
| 33 | 36 | # define EVP_F_DES_EDE3_WRAP_CIPHER 171 |
| 34 | 37 | # define EVP_F_DO_SIGVER_INIT 161 |
| 38 | # define EVP_F_ENC_NEW 199 | |
| 35 | 39 | # define EVP_F_EVP_CIPHERINIT_EX 123 |
| 36 | 40 | # define EVP_F_EVP_CIPHER_CTX_COPY 163 |
| 37 | 41 | # define EVP_F_EVP_CIPHER_CTX_CTRL 124 |
| 96 | 100 | # define EVP_F_EVP_SIGNFINAL 107 |
| 97 | 101 | # define EVP_F_EVP_VERIFYFINAL 108 |
| 98 | 102 | # define EVP_F_INT_CTX_NEW 157 |
| 103 | # define EVP_F_OK_NEW 200 | |
| 99 | 104 | # define EVP_F_PKCS5_PBE_KEYIVGEN 117 |
| 100 | 105 | # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 |
| 101 | 106 | # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 |
| 103 | 108 | # define EVP_F_PKEY_SET_TYPE 158 |
| 104 | 109 | # define EVP_F_RC2_MAGIC_TO_METH 109 |
| 105 | 110 | # define EVP_F_RC5_CTRL 125 |
| 111 | # define EVP_F_S390X_AES_GCM_CTRL 201 | |
| 106 | 112 | # define EVP_F_UPDATE 173 |
| 107 | 113 | |
| 108 | 114 | /* |
| 20 | 20 | */ |
| 21 | 21 | # define KDF_F_PKEY_HKDF_CTRL_STR 103 |
| 22 | 22 | # define KDF_F_PKEY_HKDF_DERIVE 102 |
| 23 | # define KDF_F_PKEY_HKDF_INIT 108 | |
| 23 | 24 | # define KDF_F_PKEY_SCRYPT_CTRL_STR 104 |
| 24 | 25 | # define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 |
| 25 | 26 | # define KDF_F_PKEY_SCRYPT_DERIVE 109 |
| 27 | 28 | # define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 |
| 28 | 29 | # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 |
| 29 | 30 | # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 |
| 31 | # define KDF_F_PKEY_TLS1_PRF_INIT 110 | |
| 32 | # define KDF_F_TLS1_PRF_ALG 111 | |
| 30 | 33 | |
| 31 | 34 | /* |
| 32 | 35 | * KDF reason codes. |
| 19 | 19 | * OBJ function codes. |
| 20 | 20 | */ |
| 21 | 21 | # define OBJ_F_OBJ_ADD_OBJECT 105 |
| 22 | # define OBJ_F_OBJ_ADD_SIGID 107 | |
| 22 | 23 | # define OBJ_F_OBJ_CREATE 100 |
| 23 | 24 | # define OBJ_F_OBJ_DUP 101 |
| 24 | 25 | # define OBJ_F_OBJ_NAME_NEW_INDEX 106 |
| 25 | 26 | # define OBJ_F_OBJ_NID2LN 102 |
| 26 | 27 | # define OBJ_F_OBJ_NID2OBJ 103 |
| 27 | 28 | # define OBJ_F_OBJ_NID2SN 104 |
| 29 | # define OBJ_F_OBJ_TXT2OBJ 108 | |
| 28 | 30 | |
| 29 | 31 | /* |
| 30 | 32 | * OBJ reason codes. |
| 38 | 38 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
| 39 | 39 | * major minor fix final patch/beta) |
| 40 | 40 | */ |
| 41 | # define OPENSSL_VERSION_NUMBER 0x10101004L | |
| 42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre4 (beta) 3 Apr 2018" | |
| 43 | ||
| 44 | #define OPENSSL_MAKE_VERSION(maj,min,fix,patch) ((0x10000000L)+((maj&0xff)<<20)+((min&0xff)<<12)+((fix&0xff)<<4)+patch) | |
| 45 | ||
| 46 | /* use this for #if tests, should never depend upon fix/patch */ | |
| 47 | #define OPENSSL_VERSION_AT_LEAST(maj,min) (OPENSSL_MAKE_VERSION(maj,min, 0, 0) >= OPENSSL_VERSION_NUMBER) | |
| 41 | # define OPENSSL_VERSION_NUMBER 0x10101006L | |
| 42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1-pre6 (beta) 1 May 2018" | |
| 48 | 43 | |
| 49 | 44 | /*- |
| 50 | 45 | * The macros below are to be used for shared library (.so, .dll, ...) |
| 279 | 279 | int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, |
| 280 | 280 | unsigned int *siglen, EVP_PKEY *pkey); |
| 281 | 281 | |
| 282 | int PEM_def_callback(char *buf, int num, int w, void *key); | |
| 282 | /* The default pem_password_cb that's used internally */ | |
| 283 | int PEM_def_callback(char *buf, int num, int rwflag, void *userdata); | |
| 283 | 284 | void PEM_proc_type(char *buf, int type); |
| 284 | 285 | void PEM_dek_info(char *buf, const char *type, int len, char *str); |
| 285 | 286 |
| 28 | 28 | # define PEM_F_DO_B2I 132 |
| 29 | 29 | # define PEM_F_DO_B2I_BIO 133 |
| 30 | 30 | # define PEM_F_DO_BLOB_HEADER 134 |
| 31 | # define PEM_F_DO_I2B 146 | |
| 31 | 32 | # define PEM_F_DO_PK8PKEY 126 |
| 32 | 33 | # define PEM_F_DO_PK8PKEY_FP 125 |
| 33 | 34 | # define PEM_F_DO_PVK_BODY 135 |
| 18 | 18 | /* |
| 19 | 19 | * PKCS12 function codes. |
| 20 | 20 | */ |
| 21 | # define PKCS12_F_OPENSSL_ASC2UNI 121 | |
| 22 | # define PKCS12_F_OPENSSL_UNI2ASC 124 | |
| 23 | # define PKCS12_F_OPENSSL_UNI2UTF8 127 | |
| 24 | # define PKCS12_F_OPENSSL_UTF82UNI 129 | |
| 21 | 25 | # define PKCS12_F_PKCS12_CREATE 105 |
| 22 | 26 | # define PKCS12_F_PKCS12_GEN_MAC 107 |
| 23 | 27 | # define PKCS12_F_PKCS12_INIT 109 |
| 26 | 26 | # define RAND_F_RAND_DRBG_ENABLE_LOCKING 119 |
| 27 | 27 | # define RAND_F_RAND_DRBG_GENERATE 107 |
| 28 | 28 | # define RAND_F_RAND_DRBG_GET_ENTROPY 120 |
| 29 | # define RAND_F_RAND_DRBG_GET_NONCE 123 | |
| 29 | 30 | # define RAND_F_RAND_DRBG_INSTANTIATE 108 |
| 30 | 31 | # define RAND_F_RAND_DRBG_NEW 109 |
| 31 | 32 | # define RAND_F_RAND_DRBG_RESEED 110 |
| 34 | 35 | # define RAND_F_RAND_DRBG_SET_DEFAULTS 121 |
| 35 | 36 | # define RAND_F_RAND_DRBG_UNINSTANTIATE 118 |
| 36 | 37 | # define RAND_F_RAND_LOAD_FILE 111 |
| 38 | # define RAND_F_RAND_POOL_ACQUIRE_ENTROPY 122 | |
| 37 | 39 | # define RAND_F_RAND_POOL_ADD 103 |
| 38 | 40 | # define RAND_F_RAND_POOL_ADD_BEGIN 113 |
| 39 | 41 | # define RAND_F_RAND_POOL_ADD_END 114 |
| 73 | 75 | # define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED 133 |
| 74 | 76 | # define RAND_R_PRNG_NOT_SEEDED 100 |
| 75 | 77 | # define RAND_R_RANDOM_POOL_OVERFLOW 125 |
| 78 | # define RAND_R_RANDOM_POOL_UNDERFLOW 134 | |
| 76 | 79 | # define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 |
| 77 | 80 | # define RAND_R_RESEED_ERROR 118 |
| 78 | 81 | # define RAND_R_SELFTEST_FAILURE 119 |
| 82 | # define RAND_R_TOO_LITTLE_NONCE_REQUESTED 135 | |
| 83 | # define RAND_R_TOO_MUCH_NONCE_REQUESTED 136 | |
| 79 | 84 | # define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 |
| 80 | 85 | # define RAND_R_UNSUPPORTED_DRBG_TYPE 120 |
| 81 | 86 | |
| 39 | 39 | # define RSA_F_RSA_METH_NEW 162 |
| 40 | 40 | # define RSA_F_RSA_METH_SET1_NAME 163 |
| 41 | 41 | # define RSA_F_RSA_MGF1_TO_MD 157 |
| 42 | # define RSA_F_RSA_MULTIP_INFO_NEW 166 | |
| 42 | 43 | # define RSA_F_RSA_NEW_METHOD 106 |
| 43 | 44 | # define RSA_F_RSA_NULL 124 |
| 44 | 45 | # define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 |
| 79 | 80 | # define RSA_F_RSA_VERIFY 119 |
| 80 | 81 | # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 |
| 81 | 82 | # define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 |
| 83 | # define RSA_F_SETUP_TBUF 167 | |
| 82 | 84 | |
| 83 | 85 | /* |
| 84 | 86 | * RSA reason codes. |
| 226 | 226 | |
| 227 | 227 | DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) |
| 228 | 228 | |
| 229 | typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, | |
| 230 | const unsigned char *data, | |
| 231 | int len, void *arg); | |
| 232 | typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, | |
| 233 | int *secret_len, | |
| 234 | STACK_OF(SSL_CIPHER) *peer_ciphers, | |
| 235 | const SSL_CIPHER **cipher, void *arg); | |
| 229 | typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, | |
| 230 | int len, void *arg); | |
| 231 | typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, | |
| 232 | STACK_OF(SSL_CIPHER) *peer_ciphers, | |
| 233 | const SSL_CIPHER **cipher, void *arg); | |
| 236 | 234 | |
| 237 | 235 | /* Extension context codes */ |
| 238 | 236 | /* This extension is only allowed in TLS */ |
| 261 | 259 | |
| 262 | 260 | /* Typedefs for handling custom extensions */ |
| 263 | 261 | |
| 264 | typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, | |
| 265 | const unsigned char **out, | |
| 266 | size_t *outlen, int *al, void *add_arg); | |
| 267 | ||
| 268 | typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, | |
| 269 | const unsigned char *out, void *add_arg); | |
| 270 | ||
| 271 | typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, | |
| 272 | const unsigned char *in, | |
| 273 | size_t inlen, int *al, void *parse_arg); | |
| 274 | ||
| 275 | ||
| 276 | typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, | |
| 277 | unsigned int context, | |
| 278 | const unsigned char **out, | |
| 279 | size_t *outlen, X509 *x, | |
| 280 | size_t chainidx, | |
| 281 | int *al, void *add_arg); | |
| 282 | ||
| 283 | typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, | |
| 284 | unsigned int context, | |
| 285 | const unsigned char *out, | |
| 286 | void *add_arg); | |
| 287 | ||
| 288 | typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, | |
| 289 | unsigned int context, | |
| 290 | const unsigned char *in, | |
| 291 | size_t inlen, X509 *x, | |
| 292 | size_t chainidx, | |
| 293 | int *al, void *parse_arg); | |
| 262 | typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, | |
| 263 | const unsigned char **out, size_t *outlen, | |
| 264 | int *al, void *add_arg); | |
| 265 | ||
| 266 | typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, | |
| 267 | const unsigned char *out, void *add_arg); | |
| 268 | ||
| 269 | typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, | |
| 270 | const unsigned char *in, size_t inlen, | |
| 271 | int *al, void *parse_arg); | |
| 272 | ||
| 273 | ||
| 274 | typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type, | |
| 275 | unsigned int context, | |
| 276 | const unsigned char **out, | |
| 277 | size_t *outlen, X509 *x, | |
| 278 | size_t chainidx, | |
| 279 | int *al, void *add_arg); | |
| 280 | ||
| 281 | typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type, | |
| 282 | unsigned int context, | |
| 283 | const unsigned char *out, | |
| 284 | void *add_arg); | |
| 285 | ||
| 286 | typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type, | |
| 287 | unsigned int context, | |
| 288 | const unsigned char *in, | |
| 289 | size_t inlen, X509 *x, | |
| 290 | size_t chainidx, | |
| 291 | int *al, void *parse_arg); | |
| 294 | 292 | |
| 295 | 293 | /* Typedef for verification callback */ |
| 296 | 294 | typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); |
| 564 | 562 | */ |
| 565 | 563 | |
| 566 | 564 | unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); |
| 567 | unsigned long SSL_get_options(const SSL* s); | |
| 565 | unsigned long SSL_get_options(const SSL *s); | |
| 568 | 566 | unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); |
| 569 | 567 | unsigned long SSL_clear_options(SSL *s, unsigned long op); |
| 570 | 568 | unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); |
| 697 | 695 | void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, |
| 698 | 696 | void (*remove_session_cb) (struct ssl_ctx_st |
| 699 | 697 | *ctx, |
| 700 | SSL_SESSION | |
| 701 | *sess)); | |
| 698 | SSL_SESSION *sess)); | |
| 702 | 699 | void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, |
| 703 | 700 | SSL_SESSION *sess); |
| 704 | 701 | void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, |
| 711 | 708 | const unsigned char *data, |
| 712 | 709 | int len, int *copy); |
| 713 | 710 | void SSL_CTX_set_info_callback(SSL_CTX *ctx, |
| 714 | void (*cb) (const SSL *ssl, int type, | |
| 715 | int val)); | |
| 711 | void (*cb) (const SSL *ssl, int type, int val)); | |
| 716 | 712 | void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, |
| 717 | 713 | int val); |
| 718 | 714 | void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, |
| 731 | 727 | *cookie_len)); |
| 732 | 728 | void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, |
| 733 | 729 | int (*app_verify_cookie_cb) (SSL *ssl, |
| 734 | const unsigned char | |
| 735 | *cookie, | |
| 730 | const unsigned | |
| 731 | char *cookie, | |
| 736 | 732 | unsigned int |
| 737 | 733 | cookie_len)); |
| 738 | 734 | |
| 753 | 749 | unsigned int *outlen, |
| 754 | 750 | void *arg); |
| 755 | 751 | void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, |
| 756 | SSL_CTX_npn_advertised_cb_func cb, | |
| 757 | void *arg); | |
| 752 | SSL_CTX_npn_advertised_cb_func cb, | |
| 753 | void *arg); | |
| 758 | 754 | # define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb |
| 759 | 755 | |
| 760 | 756 | typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s, |
| 774 | 770 | # endif |
| 775 | 771 | |
| 776 | 772 | __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, |
| 777 | const unsigned char *in, unsigned int inlen, | |
| 778 | const unsigned char *client, | |
| 779 | unsigned int client_len); | |
| 773 | const unsigned char *in, unsigned int inlen, | |
| 774 | const unsigned char *client, | |
| 775 | unsigned int client_len); | |
| 780 | 776 | |
| 781 | 777 | # define OPENSSL_NPN_UNSUPPORTED 0 |
| 782 | 778 | # define OPENSSL_NPN_NEGOTIATED 1 |
| 848 | 844 | __owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, |
| 849 | 845 | unsigned int ext_type); |
| 850 | 846 | |
| 851 | __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, | |
| 852 | custom_ext_add_cb add_cb, | |
| 853 | custom_ext_free_cb free_cb, | |
| 854 | void *add_arg, | |
| 855 | custom_ext_parse_cb parse_cb, | |
| 856 | void *parse_arg); | |
| 857 | ||
| 858 | __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, | |
| 859 | custom_ext_add_cb add_cb, | |
| 860 | custom_ext_free_cb free_cb, | |
| 861 | void *add_arg, | |
| 862 | custom_ext_parse_cb parse_cb, | |
| 863 | void *parse_arg); | |
| 847 | __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, | |
| 848 | unsigned int ext_type, | |
| 849 | custom_ext_add_cb add_cb, | |
| 850 | custom_ext_free_cb free_cb, | |
| 851 | void *add_arg, | |
| 852 | custom_ext_parse_cb parse_cb, | |
| 853 | void *parse_arg); | |
| 854 | ||
| 855 | __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, | |
| 856 | unsigned int ext_type, | |
| 857 | custom_ext_add_cb add_cb, | |
| 858 | custom_ext_free_cb free_cb, | |
| 859 | void *add_arg, | |
| 860 | custom_ext_parse_cb parse_cb, | |
| 861 | void *parse_arg); | |
| 864 | 862 | |
| 865 | 863 | __owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, |
| 866 | 864 | unsigned int context, |
| 1369 | 1367 | SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) |
| 1370 | 1368 | # define SSL_get1_groups(ctx, s) \ |
| 1371 | 1369 | SSL_ctrl(ctx,SSL_CTRL_GET_GROUPS,0,(char *)(s)) |
| 1372 | # define SSL_get1_curves(ctx, s) \ | |
| 1373 | SSL_get1_groups((ctx), (s)) | |
| 1374 | 1370 | # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ |
| 1375 | 1371 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) |
| 1376 | 1372 | # define SSL_CTX_set1_groups_list(ctx, s) \ |
| 1377 | 1373 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) |
| 1378 | # define SSL_CTX_set1_curves(ctx, clist, clistlen) \ | |
| 1379 | SSL_CTX_set1_groups((ctx), (clist), (clistlen)) | |
| 1380 | # define SSL_CTX_set1_curves_list(ctx, s) \ | |
| 1381 | SSL_CTX_set1_groups_list((ctx), (s)) | |
| 1382 | 1374 | # define SSL_set1_groups(ctx, glist, glistlen) \ |
| 1383 | 1375 | SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist)) |
| 1384 | 1376 | # define SSL_set1_groups_list(ctx, s) \ |
| 1385 | 1377 | SSL_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s)) |
| 1386 | # define SSL_set1_curves(ctx, clist, clistlen) \ | |
| 1387 | SSL_set1_groups((ctx), (clist), (clistlen)) | |
| 1388 | # define SSL_set1_curves_list(ctx, s) \ | |
| 1389 | SSL_set1_groups_list((ctx), (s)) | |
| 1390 | 1378 | # define SSL_get_shared_group(s, n) \ |
| 1391 | 1379 | SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL) |
| 1392 | # define SSL_get_shared_curve(s, n) \ | |
| 1393 | SSL_get_shared_group((s), (n)) | |
| 1394 | 1380 | # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ |
| 1395 | 1381 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist)) |
| 1396 | 1382 | # define SSL_CTX_set1_sigalgs_list(ctx, s) \ |
| 1422 | 1408 | SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) |
| 1423 | 1409 | # define SSL_get0_ec_point_formats(s, plst) \ |
| 1424 | 1410 | SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) |
| 1425 | #define SSL_CTX_set_min_proto_version(ctx, version) \ | |
| 1411 | # define SSL_CTX_set_min_proto_version(ctx, version) \ | |
| 1426 | 1412 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
| 1427 | #define SSL_CTX_set_max_proto_version(ctx, version) \ | |
| 1413 | # define SSL_CTX_set_max_proto_version(ctx, version) \ | |
| 1428 | 1414 | SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
| 1429 | #define SSL_CTX_get_min_proto_version(ctx) \ | |
| 1415 | # define SSL_CTX_get_min_proto_version(ctx) \ | |
| 1430 | 1416 | SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) |
| 1431 | #define SSL_CTX_get_max_proto_version(ctx) \ | |
| 1417 | # define SSL_CTX_get_max_proto_version(ctx) \ | |
| 1432 | 1418 | SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) |
| 1433 | #define SSL_set_min_proto_version(s, version) \ | |
| 1419 | # define SSL_set_min_proto_version(s, version) \ | |
| 1434 | 1420 | SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) |
| 1435 | #define SSL_set_max_proto_version(s, version) \ | |
| 1421 | # define SSL_set_max_proto_version(s, version) \ | |
| 1436 | 1422 | SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) |
| 1437 | #define SSL_get_min_proto_version(s) \ | |
| 1423 | # define SSL_get_min_proto_version(s) \ | |
| 1438 | 1424 | SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL) |
| 1439 | #define SSL_get_max_proto_version(s) \ | |
| 1425 | # define SSL_get_max_proto_version(s) \ | |
| 1440 | 1426 | SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL) |
| 1441 | 1427 | |
| 1442 | #if OPENSSL_API_COMPAT < 0x10100000L | |
| 1428 | /* | |
| 1429 | * The following symbol names are old and obsolete. They are kept | |
| 1430 | * for compatibility reasons only and should not be used anymore. | |
| 1431 | */ | |
| 1432 | # define SSL_CTRL_GET_CURVES SSL_CTRL_GET_GROUPS | |
| 1433 | # define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS | |
| 1434 | # define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST | |
| 1435 | # define SSL_CTRL_GET_SHARED_CURVE SSL_CTRL_GET_SHARED_GROUP | |
| 1436 | ||
| 1437 | # define SSL_get1_curves SSL_get1_groups | |
| 1438 | # define SSL_CTX_set1_curves SSL_CTX_set1_groups | |
| 1439 | # define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list | |
| 1440 | # define SSL_set1_curves SSL_set1_groups | |
| 1441 | # define SSL_set1_curves_list SSL_set1_groups_list | |
| 1442 | # define SSL_get_shared_curve SSL_get_shared_group | |
| 1443 | ||
| 1444 | ||
| 1445 | # if OPENSSL_API_COMPAT < 0x10100000L | |
| 1443 | 1446 | /* Provide some compatibility macros for removed functionality. */ |
| 1444 | # define SSL_CTX_need_tmp_RSA(ctx) 0 | |
| 1445 | # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 | |
| 1446 | # define SSL_need_tmp_RSA(ssl) 0 | |
| 1447 | # define SSL_set_tmp_rsa(ssl,rsa) 1 | |
| 1448 | # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) | |
| 1449 | # define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) | |
| 1447 | # define SSL_CTX_need_tmp_RSA(ctx) 0 | |
| 1448 | # define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 | |
| 1449 | # define SSL_need_tmp_RSA(ssl) 0 | |
| 1450 | # define SSL_set_tmp_rsa(ssl,rsa) 1 | |
| 1451 | # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) | |
| 1452 | # define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) | |
| 1450 | 1453 | /* |
| 1451 | 1454 | * We "pretend" to call the callback to avoid warnings about unused static |
| 1452 | 1455 | * functions. |
| 1453 | 1456 | */ |
| 1454 | # define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) | |
| 1455 | # define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) | |
| 1456 | #endif | |
| 1457 | ||
| 1457 | # define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) | |
| 1458 | # define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) | |
| 1459 | # endif | |
| 1458 | 1460 | __owur const BIO_METHOD *BIO_f_ssl(void); |
| 1459 | 1461 | __owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); |
| 1460 | 1462 | __owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); |
| 1520 | 1522 | void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); |
| 1521 | 1523 | # ifndef OPENSSL_NO_RSA |
| 1522 | 1524 | __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); |
| 1523 | __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); | |
| 1525 | __owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, | |
| 1526 | long len); | |
| 1524 | 1527 | # endif |
| 1525 | 1528 | __owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
| 1526 | 1529 | __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, |
| 1527 | long len); | |
| 1530 | long len); | |
| 1528 | 1531 | __owur int SSL_use_certificate(SSL *ssl, X509 *x); |
| 1529 | 1532 | __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); |
| 1530 | 1533 | __owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey, |
| 1537 | 1540 | |
| 1538 | 1541 | /* Set serverinfo data for the current active cert. */ |
| 1539 | 1542 | __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, |
| 1540 | size_t serverinfo_length); | |
| 1543 | size_t serverinfo_length); | |
| 1541 | 1544 | __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, |
| 1542 | 1545 | const unsigned char *serverinfo, |
| 1543 | 1546 | size_t serverinfo_length); |
| 1551 | 1554 | __owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); |
| 1552 | 1555 | |
| 1553 | 1556 | #ifndef OPENSSL_NO_RSA |
| 1554 | __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); | |
| 1557 | __owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, | |
| 1558 | int type); | |
| 1555 | 1559 | #endif |
| 1556 | __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); | |
| 1557 | __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); | |
| 1560 | __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, | |
| 1561 | int type); | |
| 1562 | __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, | |
| 1563 | int type); | |
| 1558 | 1564 | /* PEM type */ |
| 1559 | 1565 | __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); |
| 1560 | 1566 | __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); |
| 1561 | 1567 | __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); |
| 1562 | 1568 | __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, |
| 1563 | const char *file); | |
| 1569 | const char *file); | |
| 1564 | 1570 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, |
| 1565 | 1571 | const char *dir); |
| 1566 | 1572 | |
| 1567 | #if OPENSSL_API_COMPAT < 0x10100000L | |
| 1568 | # define SSL_load_error_strings() \ | |
| 1573 | # if OPENSSL_API_COMPAT < 0x10100000L | |
| 1574 | # define SSL_load_error_strings() \ | |
| 1569 | 1575 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ |
| 1570 | 1576 | | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) |
| 1571 | #endif | |
| 1577 | # endif | |
| 1572 | 1578 | |
| 1573 | 1579 | __owur const char *SSL_state_string(const SSL *s); |
| 1574 | 1580 | __owur const char *SSL_rstate_string(const SSL *s); |
| 1594 | 1600 | __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); |
| 1595 | 1601 | __owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); |
| 1596 | 1602 | void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, |
| 1597 | size_t *len); | |
| 1603 | size_t *len); | |
| 1598 | 1604 | __owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); |
| 1599 | 1605 | __owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s, |
| 1600 | 1606 | uint32_t max_early_data); |
| 1601 | 1607 | __owur int SSL_copy_session_id(SSL *to, const SSL *from); |
| 1602 | 1608 | __owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); |
| 1603 | __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, | |
| 1604 | unsigned int sid_ctx_len); | |
| 1609 | __owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, | |
| 1610 | const unsigned char *sid_ctx, | |
| 1611 | unsigned int sid_ctx_len); | |
| 1605 | 1612 | __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, |
| 1606 | 1613 | unsigned int sid_len); |
| 1607 | 1614 | __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); |
| 1611 | 1618 | const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, |
| 1612 | 1619 | unsigned int *len); |
| 1613 | 1620 | const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, |
| 1614 | unsigned int *len); | |
| 1621 | unsigned int *len); | |
| 1615 | 1622 | __owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); |
| 1616 | 1623 | # ifndef OPENSSL_NO_STDIO |
| 1617 | 1624 | int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); |
| 1622 | 1629 | void SSL_SESSION_free(SSL_SESSION *ses); |
| 1623 | 1630 | __owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); |
| 1624 | 1631 | __owur int SSL_set_session(SSL *to, SSL_SESSION *session); |
| 1625 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | |
| 1626 | int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); | |
| 1627 | __owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | |
| 1628 | __owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | |
| 1629 | __owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | |
| 1630 | unsigned int id_len); | |
| 1632 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session); | |
| 1633 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session); | |
| 1634 | __owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); | |
| 1635 | __owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb); | |
| 1636 | __owur int SSL_has_matching_session_id(const SSL *s, | |
| 1637 | const unsigned char *id, | |
| 1638 | unsigned int id_len); | |
| 1631 | 1639 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, |
| 1632 | 1640 | long length); |
| 1633 | 1641 | |
| 1650 | 1658 | # ifndef OPENSSL_NO_RSA |
| 1651 | 1659 | __owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
| 1652 | 1660 | __owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, |
| 1653 | long len); | |
| 1661 | long len); | |
| 1654 | 1662 | # endif |
| 1655 | 1663 | __owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
| 1656 | 1664 | __owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, |
| 1657 | const unsigned char *d, long len); | |
| 1665 | const unsigned char *d, long len); | |
| 1658 | 1666 | __owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); |
| 1659 | 1667 | __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, |
| 1660 | const unsigned char *d); | |
| 1668 | const unsigned char *d); | |
| 1661 | 1669 | __owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey, |
| 1662 | 1670 | STACK_OF(X509) *chain, int override); |
| 1663 | 1671 | |
| 1673 | 1681 | __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); |
| 1674 | 1682 | __owur int SSL_check_private_key(const SSL *ctx); |
| 1675 | 1683 | |
| 1676 | __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, | |
| 1677 | unsigned int sid_ctx_len); | |
| 1684 | __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, | |
| 1685 | const unsigned char *sid_ctx, | |
| 1686 | unsigned int sid_ctx_len); | |
| 1678 | 1687 | |
| 1679 | 1688 | SSL *SSL_new(SSL_CTX *ctx); |
| 1680 | 1689 | int SSL_up_ref(SSL *s); |
| 1681 | 1690 | int SSL_is_dtls(const SSL *s); |
| 1682 | 1691 | __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, |
| 1683 | unsigned int sid_ctx_len); | |
| 1684 | ||
| 1685 | __owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); | |
| 1686 | __owur int SSL_set_purpose(SSL *s, int purpose); | |
| 1687 | __owur int SSL_CTX_set_trust(SSL_CTX *s, int trust); | |
| 1688 | __owur int SSL_set_trust(SSL *s, int trust); | |
| 1692 | unsigned int sid_ctx_len); | |
| 1693 | ||
| 1694 | __owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); | |
| 1695 | __owur int SSL_set_purpose(SSL *ssl, int purpose); | |
| 1696 | __owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); | |
| 1697 | __owur int SSL_set_trust(SSL *ssl, int trust); | |
| 1689 | 1698 | |
| 1690 | 1699 | __owur int SSL_set1_host(SSL *s, const char *hostname); |
| 1691 | 1700 | __owur int SSL_add1_host(SSL *s, const char *hostname); |
| 1816 | 1825 | |
| 1817 | 1826 | # ifndef OPENSSL_NO_SSL3_METHOD |
| 1818 | 1827 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ |
| 1819 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */ | |
| 1820 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ | |
| 1828 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) | |
| 1829 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) | |
| 1821 | 1830 | # endif |
| 1822 | 1831 | |
| 1823 | 1832 | #define SSLv23_method TLS_method |
| 1831 | 1840 | |
| 1832 | 1841 | # ifndef OPENSSL_NO_TLS1_METHOD |
| 1833 | 1842 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ |
| 1834 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ | |
| 1835 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ | |
| 1843 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) | |
| 1844 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) | |
| 1836 | 1845 | # endif |
| 1837 | 1846 | |
| 1838 | 1847 | # ifndef OPENSSL_NO_TLS1_1_METHOD |
| 1839 | 1848 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ |
| 1840 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ | |
| 1841 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ | |
| 1849 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) | |
| 1850 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) | |
| 1842 | 1851 | # endif |
| 1843 | 1852 | |
| 1844 | 1853 | # ifndef OPENSSL_NO_TLS1_2_METHOD |
| 1845 | 1854 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ |
| 1846 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ | |
| 1847 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ | |
| 1855 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) | |
| 1856 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) | |
| 1848 | 1857 | # endif |
| 1849 | 1858 | |
| 1850 | 1859 | # ifndef OPENSSL_NO_DTLS1_METHOD |
| 1851 | 1860 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ |
| 1852 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */ | |
| 1853 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */ | |
| 1861 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) | |
| 1862 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) | |
| 1854 | 1863 | # endif |
| 1855 | 1864 | |
| 1856 | 1865 | # ifndef OPENSSL_NO_DTLS1_2_METHOD |
| 1857 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */ | |
| 1858 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */ | |
| 1859 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */ | |
| 1860 | #endif | |
| 1866 | /* DTLSv1.2 */ | |
| 1867 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) | |
| 1868 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) | |
| 1869 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) | |
| 1870 | # endif | |
| 1861 | 1871 | |
| 1862 | 1872 | __owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ |
| 1863 | 1873 | __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ |
| 1908 | 1918 | |
| 1909 | 1919 | __owur long SSL_get_default_timeout(const SSL *s); |
| 1910 | 1920 | |
| 1911 | #if OPENSSL_API_COMPAT < 0x10100000L | |
| 1912 | # define SSL_library_init() OPENSSL_init_ssl(0, NULL) | |
| 1913 | #endif | |
| 1921 | # if OPENSSL_API_COMPAT < 0x10100000L | |
| 1922 | # define SSL_library_init() OPENSSL_init_ssl(0, NULL) | |
| 1923 | # endif | |
| 1914 | 1924 | |
| 1915 | 1925 | __owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); |
| 1916 | 1926 | __owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); |
| 1920 | 1930 | __owur X509 *SSL_get_certificate(const SSL *ssl); |
| 1921 | 1931 | /* |
| 1922 | 1932 | * EVP_PKEY |
| 1923 | */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); | |
| 1933 | */ | |
| 1934 | struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); | |
| 1924 | 1935 | |
| 1925 | 1936 | __owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); |
| 1926 | 1937 | __owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); |
| 1937 | 1948 | __owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); |
| 1938 | 1949 | __owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); |
| 1939 | 1950 | __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 1940 | const char *CApath); | |
| 1951 | const char *CApath); | |
| 1941 | 1952 | # define SSL_get0_session SSL_get_session/* just peek at pointer */ |
| 1942 | 1953 | __owur SSL_SESSION *SSL_get_session(const SSL *ssl); |
| 1943 | 1954 | __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ |
| 2035 | 2046 | __owur int SSL_COMP_get_id(const SSL_COMP *comp); |
| 2036 | 2047 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); |
| 2037 | 2048 | __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) |
| 2038 | *meths); | |
| 2039 | #if OPENSSL_API_COMPAT < 0x10100000L | |
| 2040 | # define SSL_COMP_free_compression_methods() while(0) continue | |
| 2041 | #endif | |
| 2049 | *meths); | |
| 2050 | # if OPENSSL_API_COMPAT < 0x10100000L | |
| 2051 | # define SSL_COMP_free_compression_methods() while(0) continue | |
| 2052 | # endif | |
| 2042 | 2053 | __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); |
| 2043 | 2054 | |
| 2044 | 2055 | const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); |
| 2051 | 2062 | /* TLS extensions functions */ |
| 2052 | 2063 | __owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); |
| 2053 | 2064 | |
| 2054 | __owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, | |
| 2055 | void *arg); | |
| 2065 | __owur int SSL_set_session_ticket_ext_cb(SSL *s, | |
| 2066 | tls_session_ticket_ext_cb_fn cb, | |
| 2067 | void *arg); | |
| 2056 | 2068 | |
| 2057 | 2069 | /* Pre-shared secret session resumption functions */ |
| 2058 | 2070 | __owur int SSL_set_session_secret_cb(SSL *s, |
| 2059 | tls_session_secret_cb_fn tls_session_secret_cb, | |
| 2060 | void *arg); | |
| 2071 | tls_session_secret_cb_fn session_secret_cb, | |
| 2072 | void *arg); | |
| 2061 | 2073 | |
| 2062 | 2074 | void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, |
| 2063 | 2075 | int (*cb) (SSL *ssl, |
| 2066 | 2078 | |
| 2067 | 2079 | void SSL_set_not_resumable_session_callback(SSL *ssl, |
| 2068 | 2080 | int (*cb) (SSL *ssl, |
| 2069 | int | |
| 2070 | is_forward_secure)); | |
| 2081 | int is_forward_secure)); | |
| 2071 | 2082 | |
| 2072 | 2083 | void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, |
| 2073 | 2084 | size_t (*cb) (SSL *ssl, int type, |
| 2094 | 2105 | int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); |
| 2095 | 2106 | void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); |
| 2096 | 2107 | unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); |
| 2097 | __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); | |
| 2108 | __owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, | |
| 2109 | unsigned int flags); | |
| 2098 | 2110 | __owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); |
| 2099 | 2111 | |
| 2100 | 2112 | void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); |
| 2125 | 2137 | * May return a negative integer if an error occurs. |
| 2126 | 2138 | * A connection should be aborted if the SCTs are deemed insufficient. |
| 2127 | 2139 | */ |
| 2128 | typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, | |
| 2129 | const STACK_OF(SCT) *scts, void *arg); | |
| 2140 | typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, | |
| 2141 | const STACK_OF(SCT) *scts, void *arg); | |
| 2130 | 2142 | |
| 2131 | 2143 | /* |
| 2132 | 2144 | * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate |
| 2276 | 2288 | void SSL_set_security_level(SSL *s, int level); |
| 2277 | 2289 | __owur int SSL_get_security_level(const SSL *s); |
| 2278 | 2290 | void SSL_set_security_callback(SSL *s, |
| 2279 | int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, | |
| 2280 | int bits, int nid, void *other, | |
| 2281 | void *ex)); | |
| 2282 | int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, | |
| 2283 | int bits, int nid, | |
| 2284 | void *other, void *ex); | |
| 2291 | int (*cb) (const SSL *s, const SSL_CTX *ctx, | |
| 2292 | int op, int bits, int nid, | |
| 2293 | void *other, void *ex)); | |
| 2294 | int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, | |
| 2295 | const SSL_CTX *ctx, int op, | |
| 2296 | int bits, int nid, void *other, | |
| 2297 | void *ex); | |
| 2285 | 2298 | void SSL_set0_security_ex_data(SSL *s, void *ex); |
| 2286 | 2299 | __owur void *SSL_get0_security_ex_data(const SSL *s); |
| 2287 | 2300 | |
| 2288 | 2301 | void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); |
| 2289 | 2302 | __owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); |
| 2290 | 2303 | void SSL_CTX_set_security_callback(SSL_CTX *ctx, |
| 2291 | int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, | |
| 2292 | int bits, int nid, void *other, | |
| 2293 | void *ex)); | |
| 2304 | int (*cb) (const SSL *s, const SSL_CTX *ctx, | |
| 2305 | int op, int bits, int nid, | |
| 2306 | void *other, void *ex)); | |
| 2294 | 2307 | int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, |
| 2295 | 2308 | const SSL_CTX *ctx, |
| 2296 | 2309 | int op, int bits, |
| 2301 | 2314 | __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); |
| 2302 | 2315 | |
| 2303 | 2316 | /* OPENSSL_INIT flag 0x010000 reserved for internal use */ |
| 2304 | #define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L | |
| 2305 | #define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L | |
| 2306 | ||
| 2307 | #define OPENSSL_INIT_SSL_DEFAULT \ | |
| 2317 | # define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L | |
| 2318 | # define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L | |
| 2319 | ||
| 2320 | # define OPENSSL_INIT_SSL_DEFAULT \ | |
| 2308 | 2321 | (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) |
| 2309 | 2322 | |
| 2310 | 2323 | int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); |
| 40 | 40 | # define SSL_F_DTLS1_BUFFER_RECORD 247 |
| 41 | 41 | # define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 |
| 42 | 42 | # define SSL_F_DTLS1_HEARTBEAT 305 |
| 43 | # define SSL_F_DTLS1_HM_FRAGMENT_NEW 623 | |
| 43 | 44 | # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 |
| 44 | 45 | # define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 |
| 45 | 46 | # define SSL_F_DTLS1_PROCESS_RECORD 257 |
| 53 | 54 | # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 |
| 54 | 55 | # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 |
| 55 | 56 | # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 |
| 57 | # define SSL_F_DTLS_RECORD_LAYER_NEW 635 | |
| 56 | 58 | # define SSL_F_DTLS_WAIT_FOR_DRY 592 |
| 57 | 59 | # define SSL_F_EARLY_DATA_COUNT_OK 532 |
| 58 | 60 | # define SSL_F_FINAL_EARLY_DATA 556 |
| 82 | 84 | # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 |
| 83 | 85 | # define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION 604 |
| 84 | 86 | # define SSL_F_PARSE_CA_NAMES 541 |
| 87 | # define SSL_F_PITEM_NEW 624 | |
| 88 | # define SSL_F_PQUEUE_NEW 625 | |
| 85 | 89 | # define SSL_F_PROCESS_KEY_SHARE_EXT 439 |
| 86 | 90 | # define SSL_F_READ_STATE_MACHINE 352 |
| 87 | 91 | # define SSL_F_SET_CLIENT_CIPHERSUITE 540 |
| 133 | 137 | # define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO 606 |
| 134 | 138 | # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 |
| 135 | 139 | # define SSL_F_SSL_CHOOSE_CLIENT_VERSION 607 |
| 140 | # define SSL_F_SSL_CIPHER_DESCRIPTION 626 | |
| 136 | 141 | # define SSL_F_SSL_CIPHER_LIST_TO_BYTES 425 |
| 137 | 142 | # define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 |
| 138 | 143 | # define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 |
| 139 | 144 | # define SSL_F_SSL_CLEAR 164 |
| 145 | # define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT 627 | |
| 140 | 146 | # define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 |
| 141 | 147 | # define SSL_F_SSL_CONF_CMD 334 |
| 142 | 148 | # define SSL_F_SSL_CREATE_CIPHER_LIST 166 |
| 262 | 268 | # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 |
| 263 | 269 | # define SSL_F_TLS1_GET_CURVELIST 338 |
| 264 | 270 | # define SSL_F_TLS1_PRF 284 |
| 271 | # define SSL_F_TLS1_SAVE_U16 628 | |
| 265 | 272 | # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 |
| 273 | # define SSL_F_TLS1_SET_GROUPS 629 | |
| 274 | # define SSL_F_TLS1_SET_RAW_SIGALGS 630 | |
| 266 | 275 | # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 |
| 276 | # define SSL_F_TLS1_SET_SHARED_SIGALGS 631 | |
| 277 | # define SSL_F_TLS1_SET_SIGALGS 632 | |
| 267 | 278 | # define SSL_F_TLS_CHOOSE_SIGALG 513 |
| 268 | 279 | # define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 |
| 269 | 280 | # define SSL_F_TLS_COLLECT_EXTENSIONS 435 |
| 427 | 438 | # define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450 |
| 428 | 439 | # define SSL_F_TLS_SETUP_HANDSHAKE 508 |
| 429 | 440 | # define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 |
| 441 | # define SSL_F_WPACKET_INTERN_INIT_LEN 633 | |
| 442 | # define SSL_F_WPACKET_START_SUB_PACKET_LEN__ 634 | |
| 430 | 443 | # define SSL_F_WRITE_STATE_MACHINE 586 |
| 431 | 444 | |
| 432 | 445 | /* |
| 24 | 24 | # define UI_F_GENERAL_ALLOCATE_PROMPT 109 |
| 25 | 25 | # define UI_F_NOECHO_CONSOLE 117 |
| 26 | 26 | # define UI_F_OPEN_CONSOLE 114 |
| 27 | # define UI_F_UI_CONSTRUCT_PROMPT 121 | |
| 27 | 28 | # define UI_F_UI_CREATE_METHOD 112 |
| 28 | 29 | # define UI_F_UI_CTRL 111 |
| 29 | 30 | # define UI_F_UI_DUP_ERROR_STRING 101 |
| 26 | 26 | # define X509_F_DANE_I2D 107 |
| 27 | 27 | # define X509_F_DIR_CTRL 102 |
| 28 | 28 | # define X509_F_GET_CERT_BY_SUBJECT 103 |
| 29 | # define X509_F_I2D_X509_AUX 151 | |
| 30 | # define X509_F_LOOKUP_CERTS_SK 152 | |
| 29 | 31 | # define X509_F_NETSCAPE_SPKI_B64_DECODE 129 |
| 30 | 32 | # define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 |
| 33 | # define X509_F_NEW_DIR 153 | |
| 31 | 34 | # define X509_F_X509AT_ADD1_ATTR 135 |
| 32 | 35 | # define X509_F_X509V3_ADD_EXT 104 |
| 33 | 36 | # define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 |
| 37 | 40 | # define X509_F_X509_ATTRIBUTE_SET1_DATA 138 |
| 38 | 41 | # define X509_F_X509_CHECK_PRIVATE_KEY 128 |
| 39 | 42 | # define X509_F_X509_CRL_DIFF 105 |
| 43 | # define X509_F_X509_CRL_METHOD_NEW 154 | |
| 40 | 44 | # define X509_F_X509_CRL_PRINT_FP 147 |
| 41 | 45 | # define X509_F_X509_EXTENSION_CREATE_BY_NID 108 |
| 42 | 46 | # define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 |
| 44 | 48 | # define X509_F_X509_LOAD_CERT_CRL_FILE 132 |
| 45 | 49 | # define X509_F_X509_LOAD_CERT_FILE 111 |
| 46 | 50 | # define X509_F_X509_LOAD_CRL_FILE 112 |
| 51 | # define X509_F_X509_LOOKUP_NEW 155 | |
| 47 | 52 | # define X509_F_X509_NAME_ADD_ENTRY 113 |
| 53 | # define X509_F_X509_NAME_CANON 156 | |
| 48 | 54 | # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 |
| 49 | 55 | # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 |
| 50 | 56 | # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 |
| 61 | 67 | # define X509_F_X509_REQ_TO_X509 123 |
| 62 | 68 | # define X509_F_X509_STORE_ADD_CERT 124 |
| 63 | 69 | # define X509_F_X509_STORE_ADD_CRL 125 |
| 70 | # define X509_F_X509_STORE_ADD_LOOKUP 157 | |
| 64 | 71 | # define X509_F_X509_STORE_CTX_GET1_ISSUER 146 |
| 65 | 72 | # define X509_F_X509_STORE_CTX_INIT 143 |
| 66 | 73 | # define X509_F_X509_STORE_CTX_NEW 142 |
| 67 | 74 | # define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 |
| 75 | # define X509_F_X509_STORE_NEW 158 | |
| 68 | 76 | # define X509_F_X509_TO_X509_REQ 126 |
| 69 | 77 | # define X509_F_X509_TRUST_ADD 133 |
| 70 | 78 | # define X509_F_X509_TRUST_SET 141 |
| 71 | 79 | # define X509_F_X509_VERIFY_CERT 127 |
| 80 | # define X509_F_X509_VERIFY_PARAM_NEW 159 | |
| 72 | 81 | |
| 73 | 82 | /* |
| 74 | 83 | * X509 reason codes. |
| 33 | 33 | # define X509V3_F_I2S_ASN1_IA5STRING 149 |
| 34 | 34 | # define X509V3_F_I2S_ASN1_INTEGER 120 |
| 35 | 35 | # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 |
| 36 | # define X509V3_F_LEVEL_ADD_NODE 168 | |
| 36 | 37 | # define X509V3_F_NOTICE_SECTION 132 |
| 37 | 38 | # define X509V3_F_NREF_NOS 133 |
| 39 | # define X509V3_F_POLICY_CACHE_CREATE 169 | |
| 40 | # define X509V3_F_POLICY_CACHE_NEW 170 | |
| 41 | # define X509V3_F_POLICY_DATA_NEW 171 | |
| 38 | 42 | # define X509V3_F_POLICY_SECTION 131 |
| 39 | 43 | # define X509V3_F_PROCESS_PCI_VALUE 150 |
| 40 | 44 | # define X509V3_F_R2I_CERTPOL 130 |
| 49 | 53 | # define X509V3_F_SXNET_ADD_ID_ULONG 127 |
| 50 | 54 | # define X509V3_F_SXNET_GET_ID_ASC 128 |
| 51 | 55 | # define X509V3_F_SXNET_GET_ID_ULONG 129 |
| 56 | # define X509V3_F_TREE_INIT 172 | |
| 52 | 57 | # define X509V3_F_V2I_ASIDENTIFIERS 163 |
| 53 | 58 | # define X509V3_F_V2I_ASN1_BIT_STRING 101 |
| 54 | 59 | # define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 40 | 40 | } |
| 41 | 41 | &asm_finish(); |
| 42 | 42 | |
| 43 | close OUTPUT; | |
| 43 | close STDOUT; | |
| 0 | 0 | /* |
| 1 | * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 8 | 8 | |
| 9 | 9 | #include "internal/cryptlib.h" |
| 10 | 10 | #include "packet_locl.h" |
| 11 | #include <openssl/sslerr.h> | |
| 11 | 12 | |
| 12 | 13 | #define DEFAULT_BUF_SIZE 256 |
| 13 | 14 | |
| 92 | 93 | pkt->curr = 0; |
| 93 | 94 | pkt->written = 0; |
| 94 | 95 | |
| 95 | pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs)); | |
| 96 | if (pkt->subs == NULL) | |
| 97 | return 0; | |
| 96 | if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { | |
| 97 | SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE); | |
| 98 | return 0; | |
| 99 | } | |
| 98 | 100 | |
| 99 | 101 | if (lenbytes == 0) |
| 100 | 102 | return 1; |
| 275 | 277 | if (!ossl_assert(pkt->subs != NULL)) |
| 276 | 278 | return 0; |
| 277 | 279 | |
| 278 | sub = OPENSSL_zalloc(sizeof(*sub)); | |
| 279 | if (sub == NULL) | |
| 280 | return 0; | |
| 280 | if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { | |
| 281 | SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE); | |
| 282 | return 0; | |
| 283 | } | |
| 281 | 284 | |
| 282 | 285 | sub->parent = pkt->subs; |
| 283 | 286 | pkt->subs = sub; |
| 0 | 0 | /* |
| 1 | * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 17 | 17 | pitem *pitem_new(unsigned char *prio64be, void *data) |
| 18 | 18 | { |
| 19 | 19 | pitem *item = OPENSSL_malloc(sizeof(*item)); |
| 20 | if (item == NULL) | |
| 20 | ||
| 21 | if (item == NULL) { | |
| 22 | SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE); | |
| 21 | 23 | return NULL; |
| 24 | } | |
| 22 | 25 | |
| 23 | 26 | memcpy(item->priority, prio64be, sizeof(item->priority)); |
| 24 | ||
| 25 | 27 | item->data = data; |
| 26 | 28 | item->next = NULL; |
| 27 | ||
| 28 | 29 | return item; |
| 29 | 30 | } |
| 30 | 31 | |
| 36 | 37 | pqueue *pqueue_new() |
| 37 | 38 | { |
| 38 | 39 | pqueue *pq = OPENSSL_zalloc(sizeof(*pq)); |
| 40 | ||
| 41 | if (pq == NULL) | |
| 42 | SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE); | |
| 39 | 43 | |
| 40 | 44 | return pq; |
| 41 | 45 | } |
| 0 | 0 | /* |
| 1 | * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 19 | 19 | { |
| 20 | 20 | DTLS_RECORD_LAYER *d; |
| 21 | 21 | |
| 22 | if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) | |
| 22 | if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) { | |
| 23 | SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE); | |
| 23 | 24 | return 0; |
| 25 | } | |
| 24 | 26 | |
| 25 | 27 | rl->d = d; |
| 26 | 28 | |
| 417 | 419 | /* get new packet if necessary */ |
| 418 | 420 | if ((SSL3_RECORD_get_length(rr) == 0) |
| 419 | 421 | || (s->rlayer.rstate == SSL_ST_READ_BODY)) { |
| 422 | RECORD_LAYER_set_numrpipes(&s->rlayer, 0); | |
| 420 | 423 | iret = dtls1_get_record(s); |
| 421 | 424 | if (iret <= 0) { |
| 422 | 425 | iret = dtls1_read_failed(s, iret); |
| 429 | 432 | else |
| 430 | 433 | goto start; |
| 431 | 434 | } |
| 435 | RECORD_LAYER_set_numrpipes(&s->rlayer, 1); | |
| 432 | 436 | } |
| 433 | 437 | |
| 434 | 438 | /* |
| 36 | 36 | TLS1_3_RFC_AES_128_GCM_SHA256, |
| 37 | 37 | TLS1_3_RFC_AES_128_GCM_SHA256, |
| 38 | 38 | TLS1_3_CK_AES_128_GCM_SHA256, |
| 39 | 0, 0, | |
| 39 | SSL_kANY, | |
| 40 | SSL_aANY, | |
| 40 | 41 | SSL_AES128GCM, |
| 41 | 42 | SSL_AEAD, |
| 42 | 43 | TLS1_3_VERSION, TLS1_3_VERSION, |
| 43 | SSL_kANY, | |
| 44 | SSL_aANY, | |
| 44 | 0, 0, | |
| 45 | 45 | SSL_HIGH, |
| 46 | 46 | SSL_HANDSHAKE_MAC_SHA256, |
| 47 | 47 | 128, |
| 14 | 14 | #include <openssl/comp.h> |
| 15 | 15 | #include <openssl/engine.h> |
| 16 | 16 | #include <openssl/crypto.h> |
| 17 | #include <openssl/conf.h> | |
| 17 | 18 | #include "internal/nelem.h" |
| 18 | 19 | #include "ssl_locl.h" |
| 19 | 20 | #include "internal/thread_once.h" |
| 1273 | 1274 | } |
| 1274 | 1275 | #endif |
| 1275 | 1276 | |
| 1277 | static int ciphersuite_cb(const char *elem, int len, void *arg) | |
| 1278 | { | |
| 1279 | STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg; | |
| 1280 | const SSL_CIPHER *cipher; | |
| 1281 | /* Arbitrary sized temp buffer for the cipher name. Should be big enough */ | |
| 1282 | char name[80]; | |
| 1283 | ||
| 1284 | if (len > (int)(sizeof(name) - 1)) { | |
| 1285 | SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); | |
| 1286 | return 0; | |
| 1287 | } | |
| 1288 | ||
| 1289 | memcpy(name, elem, len); | |
| 1290 | name[len] = '\0'; | |
| 1291 | ||
| 1292 | cipher = ssl3_get_cipher_by_std_name(name); | |
| 1293 | if (cipher == NULL) { | |
| 1294 | SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); | |
| 1295 | return 0; | |
| 1296 | } | |
| 1297 | ||
| 1298 | if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) { | |
| 1299 | SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR); | |
| 1300 | return 0; | |
| 1301 | } | |
| 1302 | ||
| 1303 | return 1; | |
| 1304 | } | |
| 1305 | ||
| 1306 | int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) | |
| 1307 | { | |
| 1308 | STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); | |
| 1309 | ||
| 1310 | if (newciphers == NULL) | |
| 1311 | return 0; | |
| 1312 | ||
| 1313 | /* Parse the list. We explicitly allow an empty list */ | |
| 1314 | if (*str != '\0' | |
| 1315 | && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) { | |
| 1316 | sk_SSL_CIPHER_free(newciphers); | |
| 1317 | return 0; | |
| 1318 | } | |
| 1319 | sk_SSL_CIPHER_free(*currciphers); | |
| 1320 | *currciphers = newciphers; | |
| 1321 | ||
| 1322 | return 1; | |
| 1323 | } | |
| 1324 | ||
| 1325 | static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id, | |
| 1326 | STACK_OF(SSL_CIPHER) *cipherstack) | |
| 1327 | { | |
| 1328 | STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | |
| 1329 | ||
| 1330 | if (tmp_cipher_list == NULL) { | |
| 1331 | return 0; | |
| 1332 | } | |
| 1333 | ||
| 1334 | sk_SSL_CIPHER_free(*cipher_list_by_id); | |
| 1335 | *cipher_list_by_id = tmp_cipher_list; | |
| 1336 | ||
| 1337 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); | |
| 1338 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | |
| 1339 | ||
| 1340 | return 1; | |
| 1341 | } | |
| 1342 | ||
| 1343 | static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list, | |
| 1344 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | |
| 1345 | STACK_OF(SSL_CIPHER) *tls13_ciphersuites) | |
| 1346 | { | |
| 1347 | int i; | |
| 1348 | STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list); | |
| 1349 | ||
| 1350 | if (tmp_cipher_list == NULL) | |
| 1351 | return 0; | |
| 1352 | ||
| 1353 | /* | |
| 1354 | * Delete any existing TLSv1.3 ciphersuites. These are always first in the | |
| 1355 | * list. | |
| 1356 | */ | |
| 1357 | while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0 | |
| 1358 | && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls | |
| 1359 | == TLS1_3_VERSION) | |
| 1360 | sk_SSL_CIPHER_delete(tmp_cipher_list, 0); | |
| 1361 | ||
| 1362 | /* Insert the new TLSv1.3 ciphersuites */ | |
| 1363 | for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) | |
| 1364 | sk_SSL_CIPHER_insert(tmp_cipher_list, | |
| 1365 | sk_SSL_CIPHER_value(tls13_ciphersuites, i), i); | |
| 1366 | ||
| 1367 | if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list)) | |
| 1368 | return 0; | |
| 1369 | ||
| 1370 | sk_SSL_CIPHER_free(*cipher_list); | |
| 1371 | *cipher_list = tmp_cipher_list; | |
| 1372 | ||
| 1373 | return 1; | |
| 1374 | } | |
| 1375 | ||
| 1376 | int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) | |
| 1377 | { | |
| 1378 | int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); | |
| 1379 | ||
| 1380 | if (ret && ctx->cipher_list != NULL) { | |
| 1381 | /* We already have a cipher_list, so we need to update it */ | |
| 1382 | return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id, | |
| 1383 | ctx->tls13_ciphersuites); | |
| 1384 | } | |
| 1385 | ||
| 1386 | return ret; | |
| 1387 | } | |
| 1388 | ||
| 1389 | int SSL_set_ciphersuites(SSL *s, const char *str) | |
| 1390 | { | |
| 1391 | int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); | |
| 1392 | ||
| 1393 | if (ret && s->cipher_list != NULL) { | |
| 1394 | /* We already have a cipher_list, so we need to update it */ | |
| 1395 | return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id, | |
| 1396 | s->tls13_ciphersuites); | |
| 1397 | } | |
| 1398 | ||
| 1399 | return ret; | |
| 1400 | } | |
| 1401 | ||
| 1276 | 1402 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 1277 | 1403 | STACK_OF(SSL_CIPHER) *tls13_ciphersuites, |
| 1278 | 1404 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 1282 | 1408 | { |
| 1283 | 1409 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i; |
| 1284 | 1410 | uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; |
| 1285 | STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; | |
| 1411 | STACK_OF(SSL_CIPHER) *cipherstack; | |
| 1286 | 1412 | const char *rule_p; |
| 1287 | 1413 | CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; |
| 1288 | 1414 | const SSL_CIPHER **ca_list = NULL; |
| 1497 | 1623 | } |
| 1498 | 1624 | OPENSSL_free(co_list); /* Not needed any longer */ |
| 1499 | 1625 | |
| 1500 | tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack); | |
| 1501 | if (tmp_cipher_list == NULL) { | |
| 1626 | if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { | |
| 1502 | 1627 | sk_SSL_CIPHER_free(cipherstack); |
| 1503 | 1628 | return NULL; |
| 1504 | 1629 | } |
| 1505 | 1630 | sk_SSL_CIPHER_free(*cipher_list); |
| 1506 | 1631 | *cipher_list = cipherstack; |
| 1507 | if (*cipher_list_by_id != NULL) | |
| 1508 | sk_SSL_CIPHER_free(*cipher_list_by_id); | |
| 1509 | *cipher_list_by_id = tmp_cipher_list; | |
| 1510 | (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp); | |
| 1511 | ||
| 1512 | sk_SSL_CIPHER_sort(*cipher_list_by_id); | |
| 1632 | ||
| 1513 | 1633 | return cipherstack; |
| 1514 | 1634 | } |
| 1515 | 1635 | |
| 1522 | 1642 | |
| 1523 | 1643 | if (buf == NULL) { |
| 1524 | 1644 | len = 128; |
| 1525 | buf = OPENSSL_malloc(len); | |
| 1526 | if (buf == NULL) | |
| 1645 | if ((buf = OPENSSL_malloc(len)) == NULL) { | |
| 1646 | SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE); | |
| 1527 | 1647 | return NULL; |
| 1648 | } | |
| 1528 | 1649 | } else if (len < 128) { |
| 1529 | 1650 | return NULL; |
| 1530 | 1651 | } |
| 228 | 228 | int nid; |
| 229 | 229 | |
| 230 | 230 | /* Ignore values supported by 1.0.2 for the automatic selection */ |
| 231 | if ((cctx->flags & SSL_CONF_FLAG_FILE) && | |
| 232 | strcasecmp(value, "+automatic") == 0) | |
| 231 | if ((cctx->flags & SSL_CONF_FLAG_FILE) | |
| 232 | && (strcasecmp(value, "+automatic") == 0 | |
| 233 | || strcasecmp(value, "automatic") == 0)) | |
| 233 | 234 | return 1; |
| 234 | 235 | if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && |
| 235 | 236 | strcmp(value, "auto") == 0) |
| 42 | 42 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0), |
| 43 | 43 | "dtls1_check_timeout_num"}, |
| 44 | 44 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""}, |
| 45 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0), | |
| 46 | "dtls1_hm_fragment_new"}, | |
| 45 | 47 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0), |
| 46 | 48 | "dtls1_preprocess_fragment"}, |
| 47 | 49 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0), |
| 64 | 66 | "dtls_get_reassembled_message"}, |
| 65 | 67 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0), |
| 66 | 68 | "dtls_process_hello_verify"}, |
| 69 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0), | |
| 70 | "DTLS_RECORD_LAYER_new"}, | |
| 67 | 71 | {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"}, |
| 68 | 72 | {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0), |
| 69 | 73 | "early_data_count_ok"}, |
| 108 | 112 | {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0), |
| 109 | 113 | "ossl_statem_server_write_transition"}, |
| 110 | 114 | {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"}, |
| 115 | {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, | |
| 116 | {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, | |
| 111 | 117 | {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, |
| 112 | 118 | {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, |
| 113 | 119 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), |
| 187 | 193 | "ssl_check_srvr_ecc_cert_and_alg"}, |
| 188 | 194 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0), |
| 189 | 195 | "ssl_choose_client_version"}, |
| 196 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0), | |
| 197 | "SSL_CIPHER_description"}, | |
| 190 | 198 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0), |
| 191 | 199 | "ssl_cipher_list_to_bytes"}, |
| 192 | 200 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0), |
| 194 | 202 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0), |
| 195 | 203 | "ssl_cipher_strength_sort"}, |
| 196 | 204 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"}, |
| 205 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0), | |
| 206 | "SSL_client_hello_get1_extensions_present"}, | |
| 197 | 207 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0), |
| 198 | 208 | "SSL_COMP_add_compression_method"}, |
| 199 | 209 | {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"}, |
| 387 | 397 | "tls1_export_keying_material"}, |
| 388 | 398 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"}, |
| 389 | 399 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"}, |
| 400 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"}, | |
| 390 | 401 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0), |
| 391 | 402 | "tls1_setup_key_block"}, |
| 403 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"}, | |
| 404 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0), | |
| 405 | "tls1_set_raw_sigalgs"}, | |
| 392 | 406 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0), |
| 393 | 407 | "tls1_set_server_sigalgs"}, |
| 408 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0), | |
| 409 | "tls1_set_shared_sigalgs"}, | |
| 410 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"}, | |
| 394 | 411 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"}, |
| 395 | 412 | {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0), |
| 396 | 413 | "tls_client_key_exchange_post_work"}, |
| 692 | 709 | "tls_setup_handshake"}, |
| 693 | 710 | {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0), |
| 694 | 711 | "use_certificate_chain_file"}, |
| 712 | {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0), | |
| 713 | "wpacket_intern_init_len"}, | |
| 714 | {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0), | |
| 715 | "WPACKET_start_sub_packet_len__"}, | |
| 695 | 716 | {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0), |
| 696 | 717 | "write_state_machine"}, |
| 697 | 718 | {0, NULL} |
| 0 | 0 | /* |
| 1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 105 | 105 | fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " |
| 106 | 106 | "SSL_add_ssl_module()\n"); |
| 107 | 107 | #endif |
| 108 | SSL_add_ssl_module(); | |
| 109 | 108 | /* |
| 110 | 109 | * We ignore an error return here. Not much we can do - but not that bad |
| 111 | 110 | * either. We can still safely continue. |
| 194 | 193 | return 0; |
| 195 | 194 | } |
| 196 | 195 | |
| 196 | if (!OPENSSL_init_crypto(opts | |
| 197 | #ifndef OPENSSL_NO_AUTOLOAD_CONFIG | |
| 198 | | OPENSSL_INIT_LOAD_CONFIG | |
| 199 | #endif | |
| 200 | | OPENSSL_INIT_ADD_ALL_CIPHERS | |
| 201 | | OPENSSL_INIT_ADD_ALL_DIGESTS, | |
| 202 | settings)) | |
| 203 | return 0; | |
| 204 | ||
| 197 | 205 | if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) |
| 198 | return 0; | |
| 199 | ||
| 200 | if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS | |
| 201 | | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) | |
| 202 | 206 | return 0; |
| 203 | 207 | |
| 204 | 208 | if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |
| 2548 | 2548 | return 1; |
| 2549 | 2549 | } |
| 2550 | 2550 | |
| 2551 | static int ciphersuite_cb(const char *elem, int len, void *arg) | |
| 2552 | { | |
| 2553 | STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg; | |
| 2554 | const SSL_CIPHER *cipher; | |
| 2555 | /* Arbitrary sized temp buffer for the cipher name. Should be big enough */ | |
| 2556 | char name[80]; | |
| 2557 | ||
| 2558 | if (len > (int)(sizeof(name) - 1)) { | |
| 2559 | SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); | |
| 2560 | return 0; | |
| 2561 | } | |
| 2562 | ||
| 2563 | memcpy(name, elem, len); | |
| 2564 | name[len] = '\0'; | |
| 2565 | ||
| 2566 | cipher = ssl3_get_cipher_by_std_name(name); | |
| 2567 | if (cipher == NULL) { | |
| 2568 | SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH); | |
| 2569 | return 0; | |
| 2570 | } | |
| 2571 | ||
| 2572 | if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) { | |
| 2573 | SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR); | |
| 2574 | return 0; | |
| 2575 | } | |
| 2576 | ||
| 2577 | return 1; | |
| 2578 | } | |
| 2579 | ||
| 2580 | static int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str) | |
| 2581 | { | |
| 2582 | STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null(); | |
| 2583 | ||
| 2584 | if (newciphers == NULL) | |
| 2585 | return 0; | |
| 2586 | ||
| 2587 | /* Parse the list. We explicitly allow an empty list */ | |
| 2588 | if (*str != '\0' | |
| 2589 | && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) { | |
| 2590 | sk_SSL_CIPHER_free(newciphers); | |
| 2591 | return 0; | |
| 2592 | } | |
| 2593 | sk_SSL_CIPHER_free(*currciphers); | |
| 2594 | *currciphers = newciphers; | |
| 2595 | ||
| 2596 | return 1; | |
| 2597 | } | |
| 2598 | ||
| 2599 | static int update_cipher_list(STACK_OF(SSL_CIPHER) *cipher_list, | |
| 2600 | STACK_OF(SSL_CIPHER) *tls13_ciphersuites) | |
| 2601 | { | |
| 2602 | int i; | |
| 2603 | ||
| 2604 | /* | |
| 2605 | * Delete any existing TLSv1.3 ciphersuites. These are always first in the | |
| 2606 | * list. | |
| 2607 | */ | |
| 2608 | while (sk_SSL_CIPHER_num(cipher_list) > 0 | |
| 2609 | && sk_SSL_CIPHER_value(cipher_list, 0)->min_tls == TLS1_3_VERSION) | |
| 2610 | sk_SSL_CIPHER_delete(cipher_list, 0); | |
| 2611 | ||
| 2612 | /* Insert the new TLSv1.3 ciphersuites */ | |
| 2613 | for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) | |
| 2614 | sk_SSL_CIPHER_insert(cipher_list, | |
| 2615 | sk_SSL_CIPHER_value(tls13_ciphersuites, i), i); | |
| 2616 | ||
| 2617 | return 1; | |
| 2618 | } | |
| 2619 | ||
| 2620 | int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) | |
| 2621 | { | |
| 2622 | int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str); | |
| 2623 | ||
| 2624 | if (ret && ctx->cipher_list != NULL) { | |
| 2625 | /* We already have a cipher_list, so we need to update it */ | |
| 2626 | return update_cipher_list(ctx->cipher_list, ctx->tls13_ciphersuites); | |
| 2627 | } | |
| 2628 | ||
| 2629 | return ret; | |
| 2630 | } | |
| 2631 | ||
| 2632 | int SSL_set_ciphersuites(SSL *s, const char *str) | |
| 2633 | { | |
| 2634 | int ret = set_ciphersuites(&(s->tls13_ciphersuites), str); | |
| 2635 | ||
| 2636 | if (ret && s->cipher_list != NULL) { | |
| 2637 | /* We already have a cipher_list, so we need to update it */ | |
| 2638 | return update_cipher_list(s->cipher_list, s->tls13_ciphersuites); | |
| 2639 | } | |
| 2640 | ||
| 2641 | return ret; | |
| 2642 | } | |
| 2643 | ||
| 2644 | 2551 | char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) |
| 2645 | 2552 | { |
| 2646 | 2553 | char *p; |
| 3936 | 3843 | return 1; |
| 3937 | 3844 | |
| 3938 | 3845 | s->wbio = BIO_pop(s->wbio); |
| 3939 | if (!ossl_assert(s->wbio != NULL)) | |
| 3940 | return 0; | |
| 3941 | 3846 | BIO_free(s->bbio); |
| 3942 | 3847 | s->bbio = NULL; |
| 3943 | 3848 | |
| 5047 | 4952 | if (ext->present) |
| 5048 | 4953 | num++; |
| 5049 | 4954 | } |
| 5050 | present = OPENSSL_malloc(sizeof(*present) * num); | |
| 5051 | if (present == NULL) | |
| 5052 | return 0; | |
| 4955 | if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { | |
| 4956 | SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, | |
| 4957 | ERR_R_MALLOC_FAILURE); | |
| 4958 | return 0; | |
| 4959 | } | |
| 5053 | 4960 | for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { |
| 5054 | 4961 | ext = s->clienthello->pre_proc_exts + i; |
| 5055 | 4962 | if (ext->present) { |
| 2209 | 2209 | DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); |
| 2210 | 2210 | __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, |
| 2211 | 2211 | const SSL_CIPHER *const *bp); |
| 2212 | __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); | |
| 2212 | 2213 | __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
| 2213 | 2214 | STACK_OF(SSL_CIPHER) *tls13_ciphersuites, |
| 2214 | 2215 | STACK_OF(SSL_CIPHER) **cipher_list, |
| 2552 | 2553 | #define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET" |
| 2553 | 2554 | #define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0" |
| 2554 | 2555 | #define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0" |
| 2556 | #define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" | |
| 2557 | #define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" | |
| 2555 | 2558 | |
| 2556 | 2559 | /* s3_cbc.c */ |
| 2557 | 2560 | __owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx); |
| 10 | 10 | #include <openssl/conf.h> |
| 11 | 11 | #include <openssl/ssl.h> |
| 12 | 12 | #include "ssl_locl.h" |
| 13 | #include "internal/sslconf.h" | |
| 13 | 14 | |
| 14 | 15 | /* SSL library configuration module. */ |
| 15 | 16 | |
| 16 | struct ssl_conf_name { | |
| 17 | /* Name of this set of commands */ | |
| 18 | char *name; | |
| 19 | /* List of commands */ | |
| 20 | struct ssl_conf_cmd *cmds; | |
| 21 | /* Number of commands */ | |
| 22 | size_t cmd_count; | |
| 23 | }; | |
| 24 | ||
| 25 | struct ssl_conf_cmd { | |
| 26 | /* Command */ | |
| 27 | char *cmd; | |
| 28 | /* Argument */ | |
| 29 | char *arg; | |
| 30 | }; | |
| 31 | ||
| 32 | static struct ssl_conf_name *ssl_names; | |
| 33 | static size_t ssl_names_count; | |
| 34 | ||
| 35 | static void ssl_module_free(CONF_IMODULE *md) | |
| 36 | { | |
| 37 | size_t i, j; | |
| 38 | if (ssl_names == NULL) | |
| 39 | return; | |
| 40 | for (i = 0; i < ssl_names_count; i++) { | |
| 41 | struct ssl_conf_name *tname = ssl_names + i; | |
| 42 | OPENSSL_free(tname->name); | |
| 43 | for (j = 0; j < tname->cmd_count; j++) { | |
| 44 | OPENSSL_free(tname->cmds[j].cmd); | |
| 45 | OPENSSL_free(tname->cmds[j].arg); | |
| 46 | } | |
| 47 | OPENSSL_free(tname->cmds); | |
| 48 | } | |
| 49 | OPENSSL_free(ssl_names); | |
| 50 | ssl_names = NULL; | |
| 51 | ssl_names_count = 0; | |
| 52 | } | |
| 53 | ||
| 54 | static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) | |
| 55 | { | |
| 56 | size_t i, j, cnt; | |
| 57 | int rv = 0; | |
| 58 | const char *ssl_conf_section; | |
| 59 | STACK_OF(CONF_VALUE) *cmd_lists; | |
| 60 | ssl_conf_section = CONF_imodule_get_value(md); | |
| 61 | cmd_lists = NCONF_get_section(cnf, ssl_conf_section); | |
| 62 | if (sk_CONF_VALUE_num(cmd_lists) <= 0) { | |
| 63 | if (cmd_lists == NULL) | |
| 64 | SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_NOT_FOUND); | |
| 65 | else | |
| 66 | SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_SECTION_EMPTY); | |
| 67 | ERR_add_error_data(2, "section=", ssl_conf_section); | |
| 68 | goto err; | |
| 69 | } | |
| 70 | cnt = sk_CONF_VALUE_num(cmd_lists); | |
| 71 | ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); | |
| 72 | ssl_names_count = cnt; | |
| 73 | for (i = 0; i < ssl_names_count; i++) { | |
| 74 | struct ssl_conf_name *ssl_name = ssl_names + i; | |
| 75 | CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); | |
| 76 | STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); | |
| 77 | if (sk_CONF_VALUE_num(cmds) <= 0) { | |
| 78 | if (cmds == NULL) | |
| 79 | SSLerr(SSL_F_SSL_MODULE_INIT, | |
| 80 | SSL_R_SSL_COMMAND_SECTION_NOT_FOUND); | |
| 81 | else | |
| 82 | SSLerr(SSL_F_SSL_MODULE_INIT, SSL_R_SSL_COMMAND_SECTION_EMPTY); | |
| 83 | ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); | |
| 84 | goto err; | |
| 85 | } | |
| 86 | ssl_name->name = BUF_strdup(sect->name); | |
| 87 | if (ssl_name->name == NULL) | |
| 88 | goto err; | |
| 89 | cnt = sk_CONF_VALUE_num(cmds); | |
| 90 | ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd)); | |
| 91 | if (ssl_name->cmds == NULL) | |
| 92 | goto err; | |
| 93 | ssl_name->cmd_count = cnt; | |
| 94 | for (j = 0; j < cnt; j++) { | |
| 95 | const char *name; | |
| 96 | CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); | |
| 97 | struct ssl_conf_cmd *cmd = ssl_name->cmds + j; | |
| 98 | /* Skip any initial dot in name */ | |
| 99 | name = strchr(cmd_conf->name, '.'); | |
| 100 | if (name != NULL) | |
| 101 | name++; | |
| 102 | else | |
| 103 | name = cmd_conf->name; | |
| 104 | cmd->cmd = BUF_strdup(name); | |
| 105 | cmd->arg = BUF_strdup(cmd_conf->value); | |
| 106 | if (cmd->cmd == NULL || cmd->arg == NULL) | |
| 107 | goto err; | |
| 108 | } | |
| 109 | ||
| 110 | } | |
| 111 | rv = 1; | |
| 112 | err: | |
| 113 | if (rv == 0) | |
| 114 | ssl_module_free(md); | |
| 115 | return rv; | |
| 116 | } | |
| 117 | ||
| 118 | 17 | void SSL_add_ssl_module(void) |
| 119 | 18 | { |
| 120 | CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free); | |
| 121 | } | |
| 122 | ||
| 123 | static const struct ssl_conf_name *ssl_name_find(const char *name) | |
| 124 | { | |
| 125 | size_t i; | |
| 126 | const struct ssl_conf_name *nm; | |
| 127 | ||
| 128 | if (name == NULL) | |
| 129 | return NULL; | |
| 130 | for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { | |
| 131 | if (strcmp(nm->name, name) == 0) | |
| 132 | return nm; | |
| 133 | } | |
| 134 | return NULL; | |
| 19 | /* Do nothing. This will be added automatically by libcrypto */ | |
| 135 | 20 | } |
| 136 | 21 | |
| 137 | 22 | static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) |
| 138 | 23 | { |
| 139 | 24 | SSL_CONF_CTX *cctx = NULL; |
| 140 | size_t i; | |
| 25 | size_t i, idx, cmd_count; | |
| 141 | 26 | int rv = 0; |
| 142 | 27 | unsigned int flags; |
| 143 | 28 | const SSL_METHOD *meth; |
| 144 | const struct ssl_conf_name *nm; | |
| 145 | struct ssl_conf_cmd *cmd; | |
| 29 | const SSL_CONF_CMD *cmds; | |
| 146 | 30 | |
| 147 | 31 | if (s == NULL && ctx == NULL) { |
| 148 | 32 | SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); |
| 151 | 35 | |
| 152 | 36 | if (name == NULL && system) |
| 153 | 37 | name = "system_default"; |
| 154 | nm = ssl_name_find(name); | |
| 155 | if (nm == NULL) { | |
| 38 | if (!conf_ssl_name_find(name, &idx)) { | |
| 156 | 39 | if (!system) { |
| 157 | 40 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); |
| 158 | 41 | ERR_add_error_data(2, "name=", name); |
| 159 | 42 | } |
| 160 | 43 | goto err; |
| 161 | 44 | } |
| 45 | cmds = conf_ssl_get(idx, &name, &cmd_count); | |
| 162 | 46 | cctx = SSL_CONF_CTX_new(); |
| 163 | 47 | if (cctx == NULL) |
| 164 | 48 | goto err; |
| 177 | 61 | if (meth->ssl_connect != ssl_undefined_function) |
| 178 | 62 | flags |= SSL_CONF_FLAG_CLIENT; |
| 179 | 63 | SSL_CONF_CTX_set_flags(cctx, flags); |
| 180 | for (i = 0, cmd = nm->cmds; i < nm->cmd_count; i++, cmd++) { | |
| 181 | rv = SSL_CONF_cmd(cctx, cmd->cmd, cmd->arg); | |
| 64 | for (i = 0; i < cmd_count; i++) { | |
| 65 | char *cmdstr, *arg; | |
| 66 | ||
| 67 | conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); | |
| 68 | rv = SSL_CONF_cmd(cctx, cmdstr, arg); | |
| 182 | 69 | if (rv <= 0) { |
| 183 | 70 | if (rv == -2) |
| 184 | 71 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND); |
| 185 | 72 | else |
| 186 | 73 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE); |
| 187 | ERR_add_error_data(6, "section=", name, ", cmd=", cmd->cmd, | |
| 188 | ", arg=", cmd->arg); | |
| 74 | ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr, | |
| 75 | ", arg=", arg); | |
| 189 | 76 | goto err; |
| 190 | 77 | } |
| 191 | 78 | } |
| 323 | 323 | { |
| 324 | 324 | PACKET responder_id_list, exts; |
| 325 | 325 | |
| 326 | /* We ignore this in a resumption handshake */ | |
| 327 | if (s->hit) | |
| 328 | return 1; | |
| 329 | ||
| 326 | 330 | /* Not defined if we get one of these in a client Certificate */ |
| 327 | 331 | if (x != NULL) |
| 328 | 332 | return 1; |
| 58 | 58 | unsigned char *buf = NULL; |
| 59 | 59 | unsigned char *bitmask = NULL; |
| 60 | 60 | |
| 61 | frag = OPENSSL_malloc(sizeof(*frag)); | |
| 62 | if (frag == NULL) | |
| 61 | if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) { | |
| 62 | SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); | |
| 63 | 63 | return NULL; |
| 64 | } | |
| 64 | 65 | |
| 65 | 66 | if (frag_len) { |
| 66 | buf = OPENSSL_malloc(frag_len); | |
| 67 | if (buf == NULL) { | |
| 67 | if ((buf = OPENSSL_malloc(frag_len)) == NULL) { | |
| 68 | SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); | |
| 68 | 69 | OPENSSL_free(frag); |
| 69 | 70 | return NULL; |
| 70 | 71 | } |
| 77 | 78 | if (reassembly) { |
| 78 | 79 | bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); |
| 79 | 80 | if (bitmask == NULL) { |
| 81 | SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE); | |
| 80 | 82 | OPENSSL_free(buf); |
| 81 | 83 | OPENSSL_free(frag); |
| 82 | 84 | return NULL; |
| 1032 | 1032 | && s->post_handshake_auth == SSL_PHA_REQUESTED) |
| 1033 | 1033 | s->post_handshake_auth = SSL_PHA_EXT_SENT; |
| 1034 | 1034 | |
| 1035 | /* | |
| 1036 | * Only set if there was a Finished message and this isn't after a TLSv1.3 | |
| 1037 | * post handshake exchange | |
| 1038 | */ | |
| 1035 | 1039 | if (s->statem.cleanuphand) { |
| 1036 | 1040 | /* skipped if we just sent a HelloRequest */ |
| 1037 | 1041 | s->renegotiate = 0; |
| 1068 | 1072 | &discard, s->session_ctx->lock); |
| 1069 | 1073 | } |
| 1070 | 1074 | |
| 1071 | if (s->info_callback != NULL) | |
| 1072 | cb = s->info_callback; | |
| 1073 | else if (s->ctx->info_callback != NULL) | |
| 1074 | cb = s->ctx->info_callback; | |
| 1075 | ||
| 1076 | if (cb != NULL) | |
| 1077 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | |
| 1078 | ||
| 1079 | 1075 | if (SSL_IS_DTLS(s)) { |
| 1080 | 1076 | /* done with handshaking */ |
| 1081 | 1077 | s->d1->handshake_read_seq = 0; |
| 1085 | 1081 | } |
| 1086 | 1082 | } |
| 1087 | 1083 | |
| 1088 | if (!stop) | |
| 1084 | if (s->info_callback != NULL) | |
| 1085 | cb = s->info_callback; | |
| 1086 | else if (s->ctx->info_callback != NULL) | |
| 1087 | cb = s->ctx->info_callback; | |
| 1088 | ||
| 1089 | /* The callback may expect us to not be in init at handshake done */ | |
| 1090 | ossl_statem_set_in_init(s, 0); | |
| 1091 | ||
| 1092 | if (cb != NULL) | |
| 1093 | cb(s, SSL_CB_HANDSHAKE_DONE, 1); | |
| 1094 | ||
| 1095 | if (!stop) { | |
| 1096 | /* If we've got more work to do we go back into init */ | |
| 1097 | ossl_statem_set_in_init(s, 1); | |
| 1089 | 1098 | return WORK_FINISHED_CONTINUE; |
| 1090 | ||
| 1091 | ossl_statem_set_in_init(s, 0); | |
| 1099 | } | |
| 1100 | ||
| 1092 | 1101 | return WORK_FINISHED_STOP; |
| 1093 | 1102 | } |
| 1094 | 1103 | |
| 1994 | 2003 | { |
| 1995 | 2004 | int ver_min, ver_max, ret; |
| 1996 | 2005 | |
| 2006 | /* | |
| 2007 | * In a renegotiation we always send the same client_version that we sent | |
| 2008 | * last time, regardless of which version we eventually negotiated. | |
| 2009 | */ | |
| 2010 | if (!SSL_IS_FIRST_HANDSHAKE(s)) | |
| 2011 | return 0; | |
| 2012 | ||
| 1997 | 2013 | ret = ssl_get_min_max_version(s, &ver_min, &ver_max); |
| 1998 | 2014 | |
| 1999 | 2015 | if (ret != 0) |
| 2480 | 2480 | } |
| 2481 | 2481 | |
| 2482 | 2482 | dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey); |
| 2483 | if (dh == NULL) { | |
| 2484 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
| 2485 | SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, | |
| 2486 | ERR_R_INTERNAL_ERROR); | |
| 2487 | goto err; | |
| 2488 | } | |
| 2483 | 2489 | |
| 2484 | 2490 | EVP_PKEY_free(pkdh); |
| 2485 | 2491 | pkdh = NULL; |
| 3715 | 3721 | } age_add_u; |
| 3716 | 3722 | |
| 3717 | 3723 | if (SSL_IS_TLS13(s)) { |
| 3724 | if (s->post_handshake_auth != SSL_PHA_EXT_RECEIVED) { | |
| 3725 | void (*cb) (const SSL *ssl, int type, int val) = NULL; | |
| 3726 | ||
| 3727 | /* | |
| 3728 | * This is the first session ticket we've sent. In the state | |
| 3729 | * machine we "cheated" and tacked this onto the end of the first | |
| 3730 | * handshake. From an info callback perspective this should appear | |
| 3731 | * like the start of a new handshake. | |
| 3732 | */ | |
| 3733 | if (s->info_callback != NULL) | |
| 3734 | cb = s->info_callback; | |
| 3735 | else if (s->ctx->info_callback != NULL) | |
| 3736 | cb = s->ctx->info_callback; | |
| 3737 | if (cb != NULL) | |
| 3738 | cb(s, SSL_CB_HANDSHAKE_START, 1); | |
| 3739 | } | |
| 3740 | ||
| 3718 | 3741 | if (!ssl_generate_session_id(s, s->session)) { |
| 3719 | 3742 | /* SSLfatal() already called */ |
| 3720 | 3743 | goto err; |
| 341 | 341 | * ids < 32 |
| 342 | 342 | */ |
| 343 | 343 | unsigned long dup_list = 0; |
| 344 | glist = OPENSSL_malloc(ngroups * sizeof(*glist)); | |
| 345 | if (glist == NULL) | |
| 346 | return 0; | |
| 344 | ||
| 345 | if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) { | |
| 346 | SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE); | |
| 347 | return 0; | |
| 348 | } | |
| 347 | 349 | for (i = 0; i < ngroups; i++) { |
| 348 | 350 | unsigned long idmask; |
| 349 | 351 | uint16_t id; |
| 363 | 365 | return 1; |
| 364 | 366 | } |
| 365 | 367 | |
| 366 | # define MAX_CURVELIST 28 | |
| 368 | # define MAX_CURVELIST OSSL_NELEM(nid_list) | |
| 367 | 369 | |
| 368 | 370 | typedef struct { |
| 369 | 371 | size_t nidcnt; |
| 439 | 441 | if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) { |
| 440 | 442 | comp_id = TLSEXT_ECPOINTFORMAT_uncompressed; |
| 441 | 443 | } else if (SSL_IS_TLS13(s)) { |
| 442 | /* Compression not allowed in TLS 1.3 */ | |
| 443 | return 0; | |
| 444 | /* | |
| 445 | * ec_point_formats extension is not used in TLSv1.3 so we ignore | |
| 446 | * this check. | |
| 447 | */ | |
| 448 | return 1; | |
| 444 | 449 | } else { |
| 445 | 450 | int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); |
| 446 | 451 | |
| 1599 | 1604 | } |
| 1600 | 1605 | nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); |
| 1601 | 1606 | if (nmatch) { |
| 1602 | salgs = OPENSSL_malloc(nmatch * sizeof(*salgs)); | |
| 1603 | if (salgs == NULL) | |
| 1607 | if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) { | |
| 1608 | SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE); | |
| 1604 | 1609 | return 0; |
| 1610 | } | |
| 1605 | 1611 | nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); |
| 1606 | 1612 | } else { |
| 1607 | 1613 | salgs = NULL; |
| 1625 | 1631 | |
| 1626 | 1632 | size >>= 1; |
| 1627 | 1633 | |
| 1628 | buf = OPENSSL_malloc(size * sizeof(*buf)); | |
| 1629 | if (buf == NULL) | |
| 1630 | return 0; | |
| 1634 | if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL) { | |
| 1635 | SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE); | |
| 1636 | return 0; | |
| 1637 | } | |
| 1631 | 1638 | for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++) |
| 1632 | 1639 | buf[i] = stmp; |
| 1633 | 1640 | |
| 1855 | 1862 | { |
| 1856 | 1863 | uint16_t *sigalgs; |
| 1857 | 1864 | |
| 1858 | sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs)); | |
| 1859 | if (sigalgs == NULL) | |
| 1860 | return 0; | |
| 1865 | if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) { | |
| 1866 | SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE); | |
| 1867 | return 0; | |
| 1868 | } | |
| 1861 | 1869 | memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs)); |
| 1862 | 1870 | |
| 1863 | 1871 | if (client) { |
| 1880 | 1888 | |
| 1881 | 1889 | if (salglen & 1) |
| 1882 | 1890 | return 0; |
| 1883 | sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs)); | |
| 1884 | if (sigalgs == NULL) | |
| 1885 | return 0; | |
| 1891 | if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) { | |
| 1892 | SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE); | |
| 1893 | return 0; | |
| 1894 | } | |
| 1886 | 1895 | for (i = 0, sptr = sigalgs; i < salglen; i += 2) { |
| 1887 | 1896 | size_t j; |
| 1888 | 1897 | const SIGALG_LOOKUP *curr; |
| 2428 | 2437 | if (SSL_IS_TLS13(s)) { |
| 2429 | 2438 | size_t i; |
| 2430 | 2439 | #ifndef OPENSSL_NO_EC |
| 2431 | int curve = -1, skip_ec = 0; | |
| 2440 | int curve = -1; | |
| 2432 | 2441 | #endif |
| 2433 | 2442 | |
| 2434 | 2443 | /* Look for a certificate matching shared sigalgs */ |
| 2451 | 2460 | EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey); |
| 2452 | 2461 | |
| 2453 | 2462 | curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); |
| 2454 | if (EC_KEY_get_conv_form(ec) | |
| 2455 | != POINT_CONVERSION_UNCOMPRESSED) | |
| 2456 | skip_ec = 1; | |
| 2457 | 2463 | } |
| 2458 | if (skip_ec || (lu->curve != NID_undef && curve != lu->curve)) | |
| 2464 | if (lu->curve != NID_undef && curve != lu->curve) | |
| 2459 | 2465 | continue; |
| 2460 | 2466 | #else |
| 2461 | 2467 | continue; |
| 18 | 18 | } ssl_trace_tbl; |
| 19 | 19 | |
| 20 | 20 | # define ssl_trace_str(val, tbl) \ |
| 21 | do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) | |
| 21 | do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) | |
| 22 | 22 | |
| 23 | 23 | # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ |
| 24 | do_ssl_trace_list(bio, indent, msg, msglen, value, \ | |
| 25 | table, OSSL_NELEM(table)) | |
| 24 | do_ssl_trace_list(bio, indent, msg, msglen, value, \ | |
| 25 | table, OSSL_NELEM(table)) | |
| 26 | 26 | |
| 27 | 27 | static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl, |
| 28 | 28 | size_t ntbl) |
| 1361 | 1361 | |
| 1362 | 1362 | if (msglen < 4) |
| 1363 | 1363 | return 0; |
| 1364 | ticket_age_add = (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | |
| 1365 | | msg[3]; | |
| 1364 | ticket_age_add = | |
| 1365 | (msg[0] << 24) | (msg[1] << 16) | (msg[2] << 8) | msg[3]; | |
| 1366 | 1366 | msglen -= 4; |
| 1367 | 1367 | msg += 4; |
| 1368 | 1368 | BIO_indent(bio, indent + 2, 80); |
| 1503 | 1503 | int hvers; |
| 1504 | 1504 | |
| 1505 | 1505 | /* avoid overlapping with length at the end of buffer */ |
| 1506 | if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) { | |
| 1506 | if (msglen < (size_t)(SSL_IS_DTLS(ssl) ? | |
| 1507 | DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) { | |
| 1507 | 1508 | BIO_puts(bio, write_p ? "Sent" : "Received"); |
| 1508 | 1509 | ssl_print_hex(bio, 0, " too short message", msg, msglen); |
| 1509 | 1510 | break; |
| 490 | 490 | s->early_exporter_master_secret, hashlen)) { |
| 491 | 491 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
| 492 | 492 | SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR); |
| 493 | goto err; | |
| 494 | } | |
| 495 | ||
| 496 | if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL, | |
| 497 | s->early_exporter_master_secret, hashlen)) { | |
| 498 | /* SSLfatal() already called */ | |
| 493 | 499 | goto err; |
| 494 | 500 | } |
| 495 | 501 | } else if (which & SSL3_CC_HANDSHAKE) { |
| 593 | 599 | /* SSLfatal() already called */ |
| 594 | 600 | goto err; |
| 595 | 601 | } |
| 602 | ||
| 603 | if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret, | |
| 604 | hashlen)) { | |
| 605 | /* SSLfatal() already called */ | |
| 606 | goto err; | |
| 607 | } | |
| 596 | 608 | } else if (label == client_application_traffic) |
| 597 | 609 | memcpy(s->client_app_traffic_secret, secret, hashlen); |
| 598 | 610 | |
| 345 | 345 | if (sizeof(time_t) > sizeof(uint32_t)) { |
| 346 | 346 | TEST_info("Adding 64-bit time_t tests"); |
| 347 | 347 | ADD_ALL_TESTS(test_table_pos_64bit, OSSL_NELEM(tbl_testdata_pos_64bit)); |
| 348 | #ifndef __hpux | |
| 348 | 349 | if (!(t > 0) && ptm != NULL) { |
| 349 | 350 | TEST_info("Adding negative-sign 64-bit time_t tests"); |
| 350 | 351 | ADD_ALL_TESTS(test_table_neg_64bit, OSSL_NELEM(tbl_testdata_neg_64bit)); |
| 351 | 352 | } |
| 353 | #endif | |
| 352 | 354 | } |
| 353 | 355 | ADD_ALL_TESTS(test_table_compare, OSSL_NELEM(tbl_compare_testdata)); |
| 354 | 356 | return 1; |
| 149 | 149 | return sign[(neg++) % 8]; |
| 150 | 150 | } |
| 151 | 151 | |
| 152 | ||
| 153 | static int test_swap(void) | |
| 154 | { | |
| 155 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
| 156 | int top, cond, st = 0; | |
| 157 | ||
| 158 | if (!TEST_ptr(a = BN_new()) | |
| 159 | || !TEST_ptr(b = BN_new()) | |
| 160 | || !TEST_ptr(c = BN_new()) | |
| 161 | || !TEST_ptr(d = BN_new())) | |
| 162 | goto err; | |
| 163 | ||
| 164 | BN_bntest_rand(a, 1024, 1, 0); | |
| 165 | BN_bntest_rand(b, 1024, 1, 0); | |
| 166 | BN_copy(c, a); | |
| 167 | BN_copy(d, b); | |
| 168 | top = BN_num_bits(a)/BN_BITS2; | |
| 169 | ||
| 170 | /* regular swap */ | |
| 171 | BN_swap(a, b); | |
| 172 | if (!equalBN("swap", a, d) | |
| 173 | || !equalBN("swap", b, c)) | |
| 174 | goto err; | |
| 175 | ||
| 176 | /* conditional swap: true */ | |
| 177 | cond = 1; | |
| 178 | BN_consttime_swap(cond, a, b, top); | |
| 179 | if (!equalBN("cswap true", a, c) | |
| 180 | || !equalBN("cswap true", b, d)) | |
| 181 | goto err; | |
| 182 | ||
| 183 | /* conditional swap: false */ | |
| 184 | cond = 0; | |
| 185 | BN_consttime_swap(cond, a, b, top); | |
| 186 | if (!equalBN("cswap false", a, c) | |
| 187 | || !equalBN("cswap false", b, d)) | |
| 188 | goto err; | |
| 189 | ||
| 190 | /* same tests but checking flag swap */ | |
| 191 | BN_set_flags(a, BN_FLG_CONSTTIME); | |
| 192 | ||
| 193 | BN_swap(a, b); | |
| 194 | if (!equalBN("swap, flags", a, d) | |
| 195 | || !equalBN("swap, flags", b, c) | |
| 196 | || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) | |
| 197 | || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) | |
| 198 | goto err; | |
| 199 | ||
| 200 | cond = 1; | |
| 201 | BN_consttime_swap(cond, a, b, top); | |
| 202 | if (!equalBN("cswap true, flags", a, c) | |
| 203 | || !equalBN("cswap true, flags", b, d) | |
| 204 | || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) | |
| 205 | || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) | |
| 206 | goto err; | |
| 207 | ||
| 208 | cond = 0; | |
| 209 | BN_consttime_swap(cond, a, b, top); | |
| 210 | if (!equalBN("cswap false, flags", a, c) | |
| 211 | || !equalBN("cswap false, flags", b, d) | |
| 212 | || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) | |
| 213 | || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) | |
| 214 | goto err; | |
| 215 | ||
| 216 | st = 1; | |
| 217 | err: | |
| 218 | BN_free(a); | |
| 219 | BN_free(b); | |
| 220 | BN_free(c); | |
| 221 | BN_free(d); | |
| 222 | return st; | |
| 223 | } | |
| 152 | 224 | |
| 153 | 225 | static int test_sub(void) |
| 154 | 226 | { |
| 2117 | 2189 | ADD_TEST(test_badmod); |
| 2118 | 2190 | ADD_TEST(test_expmodzero); |
| 2119 | 2191 | ADD_TEST(test_smallprime); |
| 2192 | ADD_TEST(test_swap); | |
| 2120 | 2193 | #ifndef OPENSSL_NO_EC2M |
| 2121 | 2194 | ADD_TEST(test_gf2m_add); |
| 2122 | 2195 | ADD_TEST(test_gf2m_mod); |
| 782 | 782 | } |
| 783 | 783 | |
| 784 | 784 | #if defined(OPENSSL_THREADS) |
| 785 | static int multi_thread_rand_bytes_succeeded = 1; | |
| 786 | static int multi_thread_rand_priv_bytes_succeeded = 1; | |
| 785 | 787 | |
| 786 | 788 | static void run_multi_thread_test(void) |
| 787 | 789 | { |
| 795 | 797 | RAND_DRBG_set_reseed_time_interval(private, 1); |
| 796 | 798 | |
| 797 | 799 | do { |
| 798 | RAND_bytes(buf, sizeof(buf)); | |
| 799 | RAND_priv_bytes(buf, sizeof(buf)); | |
| 800 | if (RAND_bytes(buf, sizeof(buf)) <= 0) | |
| 801 | multi_thread_rand_bytes_succeeded = 0; | |
| 802 | if (RAND_priv_bytes(buf, sizeof(buf)) <= 0) | |
| 803 | multi_thread_rand_priv_bytes_succeeded = 0; | |
| 800 | 804 | } |
| 801 | 805 | while(time(NULL) - start < 5); |
| 802 | 806 | } |
| 848 | 852 | * The main thread will also run the test, so we'll have THREADS+1 parallel |
| 849 | 853 | * tests running |
| 850 | 854 | */ |
| 851 | #define THREADS 3 | |
| 855 | # define THREADS 3 | |
| 852 | 856 | |
| 853 | 857 | static int test_multi_thread(void) |
| 854 | 858 | { |
| 860 | 864 | run_multi_thread_test(); |
| 861 | 865 | for (i = 0; i < THREADS; i++) |
| 862 | 866 | wait_for_thread(t[i]); |
| 867 | ||
| 868 | if (!TEST_true(multi_thread_rand_bytes_succeeded)) | |
| 869 | return 0; | |
| 870 | if (!TEST_true(multi_thread_rand_priv_bytes_succeeded)) | |
| 871 | return 0; | |
| 872 | ||
| 863 | 873 | return 1; |
| 864 | 874 | } |
| 865 | 875 | #endif |
| 1376 | 1376 | if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))) |
| 1377 | 1377 | goto err; |
| 1378 | 1378 | |
| 1379 | /* regression test for felem_neg bug */ | |
| 1380 | if (!TEST_true(BN_set_word(m, 32)) | |
| 1381 | || !TEST_true(BN_set_word(n, 31)) | |
| 1382 | || !TEST_true(EC_POINT_copy(P, G)) | |
| 1383 | || !TEST_true(EC_POINT_invert(NISTP, P, ctx)) | |
| 1384 | || !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx)) | |
| 1385 | || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) | |
| 1386 | goto err; | |
| 1387 | ||
| 1379 | 1388 | r = group_order_tests(NISTP); |
| 1380 | 1389 | err: |
| 1381 | 1390 | EC_GROUP_free(NISTP); |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 17 | 17 | |
| 18 | 18 | plan tests => 5; |
| 19 | 19 | |
| 20 | is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '256'])), 0, "genrsa -3 256"); | |
| 21 | ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '512'])), "genrsa -3 512"); | |
| 22 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); | |
| 23 | ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '512'])), "genrsa -f4 512"); | |
| 24 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check"); | |
| 25 | unlink 'genrsatest.pem'; | |
| 20 | # We want to know that an absurdly small number of bits isn't support | |
| 21 | is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); | |
| 22 | ||
| 23 | # Depending on the shared library, we might have different lower limits. | |
| 24 | # Let's find it! This is a simple binary search | |
| 25 | # ------------------------------------------------------------ | |
| 26 | # NOTE: $good may need an update in the future | |
| 27 | # ------------------------------------------------------------ | |
| 28 | note "Looking for lowest amount of bits"; | |
| 29 | my $bad = 3; # Log2 of number of bits (2 << 3 == 8) | |
| 30 | my $good = 11; # Log2 of number of bits (2 << 11 == 2048) | |
| 31 | while ($good > $bad + 1) { | |
| 32 | my $checked = int(($good + $bad + 1) / 2); | |
| 33 | if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', | |
| 34 | 2 ** $checked ], stderr => undef))) { | |
| 35 | note 2 ** $checked, " bits is good"; | |
| 36 | $good = $checked; | |
| 37 | } else { | |
| 38 | note 2 ** $checked, " bits is bad"; | |
| 39 | $bad = $checked; | |
| 40 | } | |
| 41 | } | |
| 42 | $good++ if $good == $bad; | |
| 43 | $good = 2 ** $good; | |
| 44 | note "Found lowest allowed amount of bits to be $good"; | |
| 45 | ||
| 46 | ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), | |
| 47 | "genrsa -3 $good"); | |
| 48 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), | |
| 49 | "rsa -check"); | |
| 50 | ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), | |
| 51 | "genrsa -f4 $good"); | |
| 52 | ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), | |
| 53 | "rsa -check"); | |
| 15 | 15 | |
| 16 | 16 | setup("test_out_option"); |
| 17 | 17 | |
| 18 | plan skip_all => "'-out' option tests are not available on Windows" | |
| 19 | if $^O eq 'MSWin32'; | |
| 18 | plan tests => 4; | |
| 20 | 19 | |
| 21 | plan tests => 11; | |
| 20 | # Test 1 | |
| 21 | SKIP: { | |
| 22 | # Paths that should generate failure when trying to write to them. | |
| 23 | # Directories are a safe bet for failure on most platforms. | |
| 24 | # Notably, this isn't true on OpenVMS, as a default file name is | |
| 25 | # appended under the hood when trying to "write" to a directory spec. | |
| 26 | # From observation, that file is '.' (i.e. a file with no file name | |
| 27 | # and no extension), so '[]' gets translated to '[].' | |
| 28 | skip 'Directories become writable files on OpenVMS', 1 if $^O eq 'VMS'; | |
| 22 | 29 | |
| 23 | # The following patterns should be tested: | |
| 24 | # | |
| 25 | # path dirname | |
| 26 | # /usr/ / | |
| 27 | # / / | |
| 28 | # . . | |
| 29 | # .. . | |
| 30 | ||
| 31 | test_illegal_path('/usr/'); | |
| 32 | test_illegal_path('/'); | |
| 33 | test_illegal_path('./'); | |
| 34 | test_illegal_path('../'); | |
| 35 | ||
| 36 | # Test for trying to create a file in a non-exist directory | |
| 37 | my @chars = ("A".."Z", "a".."z", "0".."9"); | |
| 38 | my $rand_path = ""; | |
| 39 | $rand_path .= $chars[rand @chars] for 1..32; | |
| 40 | $rand_path .= "/test.pem"; | |
| 41 | ||
| 42 | test_illegal_path($rand_path); | |
| 43 | test_legal_path('test.pem'); | |
| 44 | unlink 'test.pem'; | |
| 45 | ||
| 46 | sub test_illegal_path { | |
| 47 | my $path = File::Spec->canonpath($_[0]); | |
| 48 | ||
| 49 | my $start = time(); | |
| 50 | ok(!run(app([ 'openssl', 'genrsa', '-out', $path, '16384'])), "invalid output path: $path"); | |
| 51 | my $end = time(); | |
| 52 | # The above process should exit in 2 seconds if the path is not valid | |
| 53 | ok($end - $start < 2, "check time consumed"); | |
| 30 | # Note that directories must end with a slash here, because of how | |
| 31 | # File::Spec massages them into directory specs on some platforms. | |
| 32 | my $path = File::Spec->canonpath('./'); | |
| 33 | ok(!run(app([ 'openssl', 'rand', '-out', $path, '1'])), | |
| 34 | "invalid output path: $path"); | |
| 54 | 35 | } |
| 55 | 36 | |
| 56 | sub test_legal_path { | |
| 57 | my $path = File::Spec->canonpath($_[0]); | |
| 37 | # Test 2 | |
| 38 | { | |
| 39 | my $path = File::Spec->canonpath('randomname.bin'); | |
| 40 | ok(run(app([ 'openssl', 'rand', '-out', $path, '1'])), | |
| 41 | "valid output path: $path"); | |
| 42 | } | |
| 58 | 43 | |
| 59 | ok(run(app([ 'openssl', 'genrsa', '-out', $path, '2048'])), "valid output path: $path"); | |
| 44 | # Test 3 | |
| 45 | { | |
| 46 | # Test for trying to create a file in a non-exist directory | |
| 47 | my $rand_path = ""; | |
| 48 | do { | |
| 49 | my @chars = ("A".."Z", "a".."z", "0".."9"); | |
| 50 | $rand_path .= $chars[rand @chars] for 1..32; | |
| 51 | } while (-d File::Spec->catdir('.', $rand_path)); | |
| 52 | $rand_path .= "/randomname.bin"; | |
| 53 | ||
| 54 | my $path = File::Spec->canonpath($rand_path); | |
| 55 | ok(!run(app([ 'openssl', 'rand', '-out', $path, '1'])), | |
| 56 | "invalid output path: $path"); | |
| 60 | 57 | } |
| 58 | ||
| 59 | # Test 4 | |
| 60 | SKIP: { | |
| 61 | skip "It's not safe to use perl's idea of the NULL device in an explicitly cross compiled build", 1 | |
| 62 | unless (config('CROSS_COMPILE') // '') eq ''; | |
| 63 | ||
| 64 | my $path = File::Spec->canonpath(File::Spec->devnull()); | |
| 65 | ok(run(app([ 'openssl', 'rand', '-out', $path, '1'])), | |
| 66 | "valid output path: $path"); | |
| 67 | } | |
| 68 | ||
| 69 | # Cleanup | |
| 70 | END { | |
| 71 | unlink 'randomname.bin' if -f 'randomname.bin'; | |
| 72 | } |
| 18387 | 18387 | Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 |
| 18388 | 18388 | Output = "The floofy bunnies hop at midnight" |
| 18389 | 18389 | |
| 18390 | # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface | |
| 18391 | # is capable of creating a signature without failing, but it does not say | |
| 18392 | # anything about the generated signature being valid, nor does it test the | |
| 18393 | # correct implementation of the cryptosystem. | |
| 18394 | Sign = SM2_key1 | |
| 18395 | Ctrl = digest:SM3 | |
| 18396 | Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8 | |
| 18397 | Output = 3045022100f11bf36e75bb304f094fb42a4ca22377d0cc768637c5011cd59fb9ed4b130c98022035545ffe2c2efb3abee4fee661468946d886004fae8ea5311593e48f7fe21b91 | |
| 18398 | Result = KEYOP_MISMATCH |
| 37 | 37 | $proxy->clientflags("-no_tls1_3"); |
| 38 | 38 | $proxy->reneg(1); |
| 39 | 39 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
| 40 | plan tests => 2; | |
| 40 | plan tests => 3; | |
| 41 | 41 | ok(TLSProxy::Message->success(), "Basic renegotiation"); |
| 42 | 42 | |
| 43 | 43 | #Test 2: Client does not send the Reneg SCSV. Reneg should fail |
| 47 | 47 | $proxy->reneg(1); |
| 48 | 48 | $proxy->start(); |
| 49 | 49 | ok(TLSProxy::Message->fail(), "No client SCSV"); |
| 50 | ||
| 51 | SKIP: { | |
| 52 | skip "TLSv1.2 or TLSv1.1 disabled", 1 | |
| 53 | if disabled("tls1_2") || disabled("tls1_1"); | |
| 54 | #Test 3: Check that the ClientHello version remains the same in the reneg | |
| 55 | # handshake | |
| 56 | $proxy->clear(); | |
| 57 | $proxy->filter(undef); | |
| 58 | $proxy->clientflags("-no_tls1_3"); | |
| 59 | $proxy->serverflags("-no_tls1_3 -no_tls1_2"); | |
| 60 | $proxy->reneg(1); | |
| 61 | $proxy->start(); | |
| 62 | my $chversion; | |
| 63 | my $chmatch = 0; | |
| 64 | foreach my $message (@{$proxy->message_list}) { | |
| 65 | if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { | |
| 66 | if (!defined $chversion) { | |
| 67 | $chversion = $message->client_version; | |
| 68 | } else { | |
| 69 | if ($chversion == $message->client_version) { | |
| 70 | $chmatch = 1; | |
| 71 | } | |
| 72 | } | |
| 73 | } | |
| 74 | } | |
| 75 | ok(TLSProxy::Message->success() && $chmatch, | |
| 76 | "Check ClientHello version is the same"); | |
| 77 | } | |
| 50 | 78 | |
| 51 | 79 | sub reneg_filter |
| 52 | 80 | { |
| 6 | 6 | # https://www.openssl.org/source/license.html |
| 7 | 7 | |
| 8 | 8 | use strict; |
| 9 | use feature 'state'; | |
| 10 | ||
| 9 | 11 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
| 10 | 12 | use OpenSSL::Test::Utils; |
| 11 | 13 | use TLSProxy::Proxy; |
| 40 | 42 | # Test that maximally-padded records are accepted. |
| 41 | 43 | my $bad_padding_offset = -1; |
| 42 | 44 | $proxy->serverflags("-tls1_2"); |
| 45 | $proxy->serverconnects(1 + scalar(@test_offsets)); | |
| 43 | 46 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
| 44 | 47 | plan tests => 1 + scalar(@test_offsets); |
| 45 | 48 | ok(TLSProxy::Message->success(), "Maximally-padded record test"); |
| 46 | 49 | |
| 47 | 50 | # Test that invalid padding is rejected. |
| 51 | my $fatal_alert; # set by add_maximal_padding_filter on client's fatal alert | |
| 52 | ||
| 48 | 53 | foreach my $offset (@test_offsets) { |
| 49 | $proxy->clear(); | |
| 50 | $proxy->serverflags("-tls1_2"); | |
| 51 | 54 | $bad_padding_offset = $offset; |
| 52 | $proxy->start(); | |
| 53 | ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset"); | |
| 55 | $fatal_alert = 0; | |
| 56 | $proxy->clearClient(); | |
| 57 | $proxy->clientstart(); | |
| 58 | ok($fatal_alert, "Invalid padding byte $bad_padding_offset"); | |
| 54 | 59 | } |
| 55 | 60 | |
| 56 | 61 | sub add_maximal_padding_filter |
| 57 | 62 | { |
| 58 | 63 | my $proxy = shift; |
| 64 | my $messages = $proxy->message_list; | |
| 65 | state $sent_corrupted_payload; | |
| 59 | 66 | |
| 60 | 67 | if ($proxy->flight == 0) { |
| 61 | 68 | # Disable Encrypt-then-MAC. |
| 62 | foreach my $message (@{$proxy->message_list}) { | |
| 69 | foreach my $message (@{$messages}) { | |
| 63 | 70 | if ($message->mt != TLSProxy::Message::MT_CLIENT_HELLO) { |
| 64 | 71 | next; |
| 65 | 72 | } |
| 68 | 75 | $message->process_extensions(); |
| 69 | 76 | $message->repack(); |
| 70 | 77 | } |
| 78 | $sent_corrupted_payload = 0; | |
| 79 | return; | |
| 71 | 80 | } |
| 72 | 81 | |
| 73 | if ($proxy->flight == 3) { | |
| 82 | my $last_message = @{$messages}[-1]; | |
| 83 | if (defined($last_message) | |
| 84 | && $last_message->server | |
| 85 | && $last_message->mt == TLSProxy::Message::MT_FINISHED | |
| 86 | && !@{$last_message->records}[0]->{sent}) { | |
| 87 | ||
| 74 | 88 | # Insert a maximally-padded record. Assume a block size of 16 (AES) and |
| 75 | 89 | # a MAC length of 20 (SHA-1). |
| 76 | 90 | my $block_size = 16; |
| 87 | 101 | # Add padding. |
| 88 | 102 | for (my $i = 0; $i < 256; $i++) { |
| 89 | 103 | if ($i == $bad_padding_offset) { |
| 104 | $sent_corrupted_payload = 1; | |
| 90 | 105 | $data .= "\xfe"; |
| 91 | 106 | } else { |
| 92 | 107 | $data .= "\xff"; |
| 107 | 122 | |
| 108 | 123 | # Send the record immediately after the server Finished. |
| 109 | 124 | push @{$proxy->record_list}, $record; |
| 125 | } elsif ($sent_corrupted_payload) { | |
| 126 | # Check for bad_record_mac from client | |
| 127 | my $last_record = @{$proxy->record_list}[-1]; | |
| 128 | $fatal_alert = 1 if $last_record->is_fatal_alert(0) == 20; | |
| 110 | 129 | } |
| 111 | 130 | } |
| 6 | 6 | # https://www.openssl.org/source/license.html |
| 7 | 7 | |
| 8 | 8 | use strict; |
| 9 | use feature 'state'; | |
| 10 | ||
| 9 | 11 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
| 10 | 12 | use OpenSSL::Test::Utils; |
| 11 | 13 | use TLSProxy::Proxy; |
| 36 | 38 | }; |
| 37 | 39 | |
| 38 | 40 | my $testtype; |
| 41 | my $fatal_alert = 0; # set by filter on fatal alert | |
| 39 | 42 | |
| 40 | 43 | $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; |
| 41 | 44 | my $proxy = TLSProxy::Proxy->new( |
| 97 | 100 | my $proxy = shift; |
| 98 | 101 | |
| 99 | 102 | # We're only interested in the initial ClientHello |
| 100 | if ($proxy->flight != 0) { | |
| 101 | return; | |
| 102 | } | |
| 103 | ||
| 104 | inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO); | |
| 103 | if ($proxy->flight == 0) { | |
| 104 | inject_duplicate_extension($proxy, TLSProxy::Message::MT_CLIENT_HELLO); | |
| 105 | return; | |
| 106 | } | |
| 107 | ||
| 108 | my $last_record = @{$proxy->{record_list}}[-1]; | |
| 109 | $fatal_alert = 1 if $last_record->is_fatal_alert(1); | |
| 105 | 110 | } |
| 106 | 111 | |
| 107 | 112 | sub inject_duplicate_extension_serverhello |
| 109 | 114 | my $proxy = shift; |
| 110 | 115 | |
| 111 | 116 | # We're only interested in the initial ServerHello |
| 112 | if ($proxy->flight != 1) { | |
| 113 | return; | |
| 114 | } | |
| 115 | ||
| 116 | inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO); | |
| 117 | if ($proxy->flight == 0) { | |
| 118 | return; | |
| 119 | } elsif ($proxy->flight == 1) { | |
| 120 | inject_duplicate_extension($proxy, TLSProxy::Message::MT_SERVER_HELLO); | |
| 121 | return; | |
| 122 | } | |
| 123 | ||
| 124 | my $last_record = @{$proxy->{record_list}}[-1]; | |
| 125 | $fatal_alert = 1 if $last_record->is_fatal_alert(0); | |
| 117 | 126 | } |
| 118 | 127 | |
| 119 | 128 | sub inject_unsolicited_extension |
| 120 | 129 | { |
| 121 | 130 | my $proxy = shift; |
| 122 | 131 | my $message; |
| 132 | state $sent_unsolisited_extension; | |
| 133 | ||
| 134 | if ($proxy->flight == 0) { | |
| 135 | $sent_unsolisited_extension = 0; | |
| 136 | return; | |
| 137 | } | |
| 123 | 138 | |
| 124 | 139 | # We're only interested in the initial ServerHello/EncryptedExtensions |
| 125 | 140 | if ($proxy->flight != 1) { |
| 141 | if ($sent_unsolisited_extension) { | |
| 142 | my $last_record = @{$proxy->record_list}[-1]; | |
| 143 | $fatal_alert = 1 if $last_record->is_fatal_alert(0); | |
| 144 | } | |
| 126 | 145 | return; |
| 127 | 146 | } |
| 128 | 147 | |
| 129 | 148 | if ($testtype == UNSOLICITED_SERVER_NAME_TLS13) { |
| 130 | $message = ${$proxy->message_list}[2]; | |
| 131 | die "Expecting EE message ".($message->mt).", ".${$proxy->message_list}[1]->mt.", ".${$proxy->message_list}[3]->mt if $message->mt != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS; | |
| 149 | return if (!defined($message = ${$proxy->message_list}[2])); | |
| 150 | die "Expecting EE message ".($message->mt)."," | |
| 151 | .${$proxy->message_list}[1]->mt.", " | |
| 152 | .${$proxy->message_list}[3]->mt | |
| 153 | if $message->mt != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS; | |
| 132 | 154 | } else { |
| 133 | 155 | $message = ${$proxy->message_list}[1]; |
| 134 | 156 | } |
| 147 | 169 | } |
| 148 | 170 | $message->set_extension($type, $ext); |
| 149 | 171 | $message->repack(); |
| 172 | $sent_unsolisited_extension = 1; | |
| 150 | 173 | } |
| 151 | 174 | |
| 152 | 175 | # Test 1-2: Sending a duplicate extension should fail. |
| 153 | 176 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
| 154 | 177 | plan tests => 7; |
| 155 | ok(TLSProxy::Message->fail(), "Duplicate ClientHello extension"); | |
| 156 | ||
| 178 | ok($fatal_alert, "Duplicate ClientHello extension"); | |
| 179 | ||
| 180 | $fatal_alert = 0; | |
| 157 | 181 | $proxy->clear(); |
| 158 | 182 | $proxy->filter(\&inject_duplicate_extension_serverhello); |
| 159 | 183 | $proxy->start(); |
| 160 | ok(TLSProxy::Message->fail(), "Duplicate ServerHello extension"); | |
| 184 | ok($fatal_alert, "Duplicate ServerHello extension"); | |
| 161 | 185 | |
| 162 | 186 | SKIP: { |
| 163 | 187 | skip "TLS <= 1.2 disabled", 3 if $no_below_tls13; |
| 169 | 193 | ok(TLSProxy::Message->success, "Zero extension length test"); |
| 170 | 194 | |
| 171 | 195 | #Test 4: Inject an unsolicited extension (<= TLSv1.2) |
| 196 | $fatal_alert = 0; | |
| 172 | 197 | $proxy->clear(); |
| 173 | 198 | $proxy->filter(\&inject_unsolicited_extension); |
| 174 | 199 | $testtype = UNSOLICITED_SERVER_NAME; |
| 175 | 200 | $proxy->clientflags("-no_tls1_3 -noservername"); |
| 176 | 201 | $proxy->start(); |
| 177 | ok(TLSProxy::Message->fail(), "Unsolicited server name extension"); | |
| 202 | ok($fatal_alert, "Unsolicited server name extension"); | |
| 178 | 203 | |
| 179 | 204 | #Test 5: Inject a noncompliant supported_groups extension (<= TLSv1.2) |
| 180 | 205 | $proxy->clear(); |
| 189 | 214 | skip "TLS <= 1.2 or CT disabled", 1 |
| 190 | 215 | if $no_below_tls13 || disabled("ct"); |
| 191 | 216 | #Test 6: Same as above for the SCT extension which has special handling |
| 217 | $fatal_alert = 0; | |
| 192 | 218 | $proxy->clear(); |
| 193 | 219 | $testtype = UNSOLICITED_SCT; |
| 194 | 220 | $proxy->clientflags("-no_tls1_3"); |
| 195 | 221 | $proxy->start(); |
| 196 | ok(TLSProxy::Message->fail(), "Unsolicited sct extension"); | |
| 222 | ok($fatal_alert, "Unsolicited sct extension"); | |
| 197 | 223 | } |
| 198 | 224 | |
| 199 | 225 | SKIP: { |
| 200 | 226 | skip "TLS 1.3 disabled", 1 if disabled("tls1_3"); |
| 201 | 227 | #Test 7: Inject an unsolicited extension (TLSv1.3) |
| 228 | $fatal_alert = 0; | |
| 202 | 229 | $proxy->clear(); |
| 203 | 230 | $proxy->filter(\&inject_unsolicited_extension); |
| 204 | 231 | $testtype = UNSOLICITED_SERVER_NAME_TLS13; |
| 205 | 232 | $proxy->clientflags("-noservername"); |
| 206 | 233 | $proxy->start(); |
| 207 | ok(TLSProxy::Message->fail(), "Unsolicited server name extension (TLSv1.3)"); | |
| 208 | } | |
| 234 | ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)"); | |
| 235 | } | |
| 6 | 6 | # https://www.openssl.org/source/license.html |
| 7 | 7 | |
| 8 | 8 | use strict; |
| 9 | use feature 'state'; | |
| 10 | ||
| 9 | 11 | use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; |
| 10 | 12 | use OpenSSL::Test::Utils; |
| 11 | 13 | use TLSProxy::Proxy; |
| 34 | 36 | ); |
| 35 | 37 | |
| 36 | 38 | my $boundary_test_type; |
| 39 | my $fatal_alert = 0; # set by filters at expected fatal alerts | |
| 37 | 40 | |
| 38 | 41 | #Test 1: Injecting out of context empty records should fail |
| 39 | 42 | my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; |
| 41 | 44 | $proxy->serverflags("-tls1_2"); |
| 42 | 45 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
| 43 | 46 | plan tests => 18; |
| 44 | ok(TLSProxy::Message->fail(), "Out of context empty records test"); | |
| 47 | ok($fatal_alert, "Out of context empty records test"); | |
| 45 | 48 | |
| 46 | 49 | #Test 2: Injecting in context empty records should succeed |
| 47 | 50 | $proxy->clear(); |
| 51 | 54 | ok(TLSProxy::Message->success(), "In context empty records test"); |
| 52 | 55 | |
| 53 | 56 | #Test 3: Injecting too many in context empty records should fail |
| 57 | $fatal_alert = 0; | |
| 54 | 58 | $proxy->clear(); |
| 55 | 59 | #We allow 32 consecutive in context empty records |
| 56 | 60 | $inject_recs_num = 33; |
| 57 | 61 | $proxy->serverflags("-tls1_2"); |
| 58 | 62 | $proxy->start(); |
| 59 | ok(TLSProxy::Message->fail(), "Too many in context empty records test"); | |
| 63 | ok($fatal_alert, "Too many in context empty records test"); | |
| 60 | 64 | |
| 61 | 65 | #Test 4: Injecting a fragmented fatal alert should fail. We expect the server to |
| 62 | 66 | # send back an alert of its own because it cannot handle fragmented |
| 63 | 67 | # alerts |
| 68 | $fatal_alert = 0; | |
| 64 | 69 | $proxy->clear(); |
| 65 | 70 | $proxy->filter(\&add_frag_alert_filter); |
| 66 | 71 | $proxy->serverflags("-tls1_2"); |
| 67 | 72 | $proxy->start(); |
| 68 | ok(TLSProxy::Message->fail(), "Fragmented alert records test"); | |
| 73 | ok($fatal_alert, "Fragmented alert records test"); | |
| 69 | 74 | |
| 70 | 75 | #Run some SSLv2 ClientHello tests |
| 71 | 76 | |
| 121 | 126 | #Unrecognised record type tests |
| 122 | 127 | |
| 123 | 128 | #Test 10: Sending an unrecognised record type in TLS1.2 should fail |
| 129 | $fatal_alert = 0; | |
| 124 | 130 | $proxy->clear(); |
| 125 | 131 | $proxy->serverflags("-tls1_2"); |
| 126 | 132 | $proxy->filter(\&add_unknown_record_type); |
| 127 | 133 | $proxy->start(); |
| 128 | ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); | |
| 134 | ok($fatal_alert, "Unrecognised record type in TLS1.2"); | |
| 129 | 135 | |
| 130 | 136 | SKIP: { |
| 131 | 137 | skip "TLSv1.1 disabled", 1 if disabled("tls1_1"); |
| 132 | 138 | |
| 133 | 139 | #Test 11: Sending an unrecognised record type in TLS1.1 should fail |
| 140 | $fatal_alert = 0; | |
| 134 | 141 | $proxy->clear(); |
| 135 | 142 | $proxy->clientflags("-tls1_1"); |
| 136 | 143 | $proxy->start(); |
| 137 | ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); | |
| 144 | ok($fatal_alert, "Unrecognised record type in TLS1.1"); | |
| 138 | 145 | } |
| 139 | 146 | |
| 140 | 147 | #Test 12: Sending a different record version in TLS1.2 should fail |
| 148 | $fatal_alert = 0; | |
| 141 | 149 | $proxy->clear(); |
| 142 | 150 | $proxy->clientflags("-tls1_2"); |
| 143 | 151 | $proxy->filter(\&change_version); |
| 144 | 152 | $proxy->start(); |
| 145 | ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2"); | |
| 153 | ok($fatal_alert, "Changed record version in TLS1.2"); | |
| 146 | 154 | |
| 147 | 155 | #TLS1.3 specific tests |
| 148 | 156 | SKIP: { |
| 155 | 163 | ok(TLSProxy::Message->fail(), "Changed record version in TLS1.3"); |
| 156 | 164 | |
| 157 | 165 | #Test 14: Sending an unrecognised record type in TLS1.3 should fail |
| 166 | $fatal_alert = 0; | |
| 158 | 167 | $proxy->clear(); |
| 159 | 168 | $proxy->filter(\&add_unknown_record_type); |
| 160 | 169 | $proxy->start(); |
| 161 | ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3"); | |
| 170 | ok($fatal_alert, "Unrecognised record type in TLS1.3"); | |
| 162 | 171 | |
| 163 | 172 | #Test 15: Sending an outer record type other than app data once encrypted |
| 164 | 173 | #should fail |
| 174 | $fatal_alert = 0; | |
| 165 | 175 | $proxy->clear(); |
| 166 | 176 | $proxy->filter(\&change_outer_record_type); |
| 167 | 177 | $proxy->start(); |
| 168 | ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3"); | |
| 178 | ok($fatal_alert, "Wrong outer record type in TLS1.3"); | |
| 169 | 179 | |
| 170 | 180 | use constant { |
| 171 | 181 | DATA_AFTER_SERVER_HELLO => 0, |
| 175 | 185 | |
| 176 | 186 | #Test 16: Sending a ServerHello which doesn't end on a record boundary |
| 177 | 187 | # should fail |
| 188 | $fatal_alert = 0; | |
| 178 | 189 | $proxy->clear(); |
| 179 | 190 | $boundary_test_type = DATA_AFTER_SERVER_HELLO; |
| 180 | 191 | $proxy->filter(\¬_on_record_boundary); |
| 181 | 192 | $proxy->start(); |
| 182 | ok(TLSProxy::Message->fail(), "Record not on boundary in TLS1.3 (ServerHello)"); | |
| 193 | ok($fatal_alert, "Record not on boundary in TLS1.3 (ServerHello)"); | |
| 183 | 194 | |
| 184 | 195 | #Test 17: Sending a Finished which doesn't end on a record boundary |
| 185 | 196 | # should fail |
| 197 | $fatal_alert = 0; | |
| 186 | 198 | $proxy->clear(); |
| 187 | 199 | $boundary_test_type = DATA_AFTER_FINISHED; |
| 188 | 200 | $proxy->filter(\¬_on_record_boundary); |
| 189 | 201 | $proxy->start(); |
| 190 | ok(TLSProxy::Message->fail(), "Record not on boundary in TLS1.3 (Finished)"); | |
| 202 | ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)"); | |
| 191 | 203 | |
| 192 | 204 | #Test 18: Sending a KeyUpdate which doesn't end on a record boundary |
| 193 | 205 | # should fail |
| 206 | $fatal_alert = 0; | |
| 194 | 207 | $proxy->clear(); |
| 195 | 208 | $boundary_test_type = DATA_AFTER_KEY_UPDATE; |
| 196 | 209 | $proxy->filter(\¬_on_record_boundary); |
| 197 | 210 | $proxy->start(); |
| 198 | ok(TLSProxy::Message->fail(), "Record not on boundary in TLS1.3 (KeyUpdate)"); | |
| 211 | ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)"); | |
| 199 | 212 | } |
| 200 | 213 | |
| 201 | 214 | |
| 202 | 215 | sub add_empty_recs_filter |
| 203 | 216 | { |
| 204 | 217 | my $proxy = shift; |
| 218 | my $records = $proxy->record_list; | |
| 205 | 219 | |
| 206 | 220 | # We're only interested in the initial ClientHello |
| 207 | 221 | if ($proxy->flight != 0) { |
| 222 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; | |
| 208 | 223 | return; |
| 209 | 224 | } |
| 210 | 225 | |
| 220 | 235 | "", |
| 221 | 236 | "" |
| 222 | 237 | ); |
| 223 | ||
| 224 | push @{$proxy->record_list}, $record; | |
| 238 | push @{$records}, $record; | |
| 225 | 239 | } |
| 226 | 240 | } |
| 227 | 241 | |
| 228 | 242 | sub add_frag_alert_filter |
| 229 | 243 | { |
| 230 | 244 | my $proxy = shift; |
| 245 | my $records = $proxy->record_list; | |
| 231 | 246 | my $byte; |
| 232 | 247 | |
| 233 | 248 | # We're only interested in the initial ClientHello |
| 234 | 249 | if ($proxy->flight != 0) { |
| 250 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(1) == 10; | |
| 235 | 251 | return; |
| 236 | 252 | } |
| 237 | 253 | |
| 261 | 277 | $byte, |
| 262 | 278 | $byte |
| 263 | 279 | ); |
| 264 | push @{$proxy->record_list}, $record; | |
| 280 | push @{$records}, $record; | |
| 265 | 281 | |
| 266 | 282 | # And finally the description (Unexpected message) in a third record |
| 267 | 283 | $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE); |
| 276 | 292 | $byte, |
| 277 | 293 | $byte |
| 278 | 294 | ); |
| 279 | push @{$proxy->record_list}, $record; | |
| 295 | push @{$records}, $record; | |
| 280 | 296 | } |
| 281 | 297 | |
| 282 | 298 | sub add_sslv2_filter |
| 429 | 445 | sub add_unknown_record_type |
| 430 | 446 | { |
| 431 | 447 | my $proxy = shift; |
| 448 | my $records = $proxy->record_list; | |
| 449 | state $added_record; | |
| 432 | 450 | |
| 433 | 451 | # We'll change a record after the initial version neg has taken place |
| 434 | if ($proxy->flight != 1) { | |
| 435 | return; | |
| 436 | } | |
| 437 | ||
| 438 | my $lastrec = ${$proxy->record_list}[-1]; | |
| 452 | if ($proxy->flight == 0) { | |
| 453 | $added_record = 0; | |
| 454 | return; | |
| 455 | } elsif ($proxy->flight != 1 || $added_record) { | |
| 456 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; | |
| 457 | return; | |
| 458 | } | |
| 459 | ||
| 439 | 460 | my $record = TLSProxy::Record->new( |
| 440 | 461 | 1, |
| 441 | 462 | TLSProxy::Record::RT_UNKNOWN, |
| 442 | $lastrec->version(), | |
| 463 | @{$records}[-1]->version(), | |
| 443 | 464 | 1, |
| 444 | 465 | 0, |
| 445 | 466 | 1, |
| 456 | 477 | $i++; |
| 457 | 478 | |
| 458 | 479 | splice @{$proxy->record_list}, $i, 0, $record; |
| 480 | $added_record = 1; | |
| 459 | 481 | } |
| 460 | 482 | |
| 461 | 483 | sub change_version |
| 462 | 484 | { |
| 463 | 485 | my $proxy = shift; |
| 486 | my $records = $proxy->record_list; | |
| 464 | 487 | |
| 465 | 488 | # We'll change a version after the initial version neg has taken place |
| 466 | 489 | if ($proxy->flight != 1) { |
| 467 | return; | |
| 468 | } | |
| 469 | ||
| 470 | (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1); | |
| 490 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 70; | |
| 491 | return; | |
| 492 | } | |
| 493 | ||
| 494 | if ($#{$records} > 1) { | |
| 495 | # ... typically in ServerHelloDone | |
| 496 | @{$records}[-1]->version(TLSProxy::Record::VERS_TLS_1_1); | |
| 497 | } | |
| 471 | 498 | } |
| 472 | 499 | |
| 473 | 500 | sub change_outer_record_type |
| 474 | 501 | { |
| 475 | 502 | my $proxy = shift; |
| 503 | my $records = $proxy->record_list; | |
| 476 | 504 | |
| 477 | 505 | # We'll change a record after the initial version neg has taken place |
| 478 | 506 | if ($proxy->flight != 1) { |
| 479 | return; | |
| 480 | } | |
| 481 | ||
| 482 | #Find ServerHello record and change record after that | |
| 483 | my $i; | |
| 484 | for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { | |
| 485 | next; | |
| 486 | } | |
| 487 | #Skip CCS and ServerHello | |
| 488 | $i += 2; | |
| 489 | ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); | |
| 507 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; | |
| 508 | return; | |
| 509 | } | |
| 510 | ||
| 511 | # Find CCS record and change record after that | |
| 512 | my $i = 0; | |
| 513 | foreach my $record (@{$records}) { | |
| 514 | last if $record->content_type == TLSProxy::Record::RT_CCS; | |
| 515 | $i++; | |
| 516 | } | |
| 517 | if (defined(${$records}[++$i])) { | |
| 518 | ${$records}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); | |
| 519 | } | |
| 490 | 520 | } |
| 491 | 521 | |
| 492 | 522 | sub not_on_record_boundary |
| 493 | 523 | { |
| 494 | 524 | my $proxy = shift; |
| 525 | my $records = $proxy->record_list; | |
| 495 | 526 | my $data; |
| 496 | 527 | |
| 497 | 528 | #Find server's first flight |
| 498 | 529 | if ($proxy->flight != 1) { |
| 530 | $fatal_alert = 1 if @{$records}[-1]->is_fatal_alert(0) == 10; | |
| 499 | 531 | return; |
| 500 | 532 | } |
| 501 | 533 | |
| 502 | 534 | if ($boundary_test_type == DATA_AFTER_SERVER_HELLO) { |
| 503 | 535 | #Merge the ServerHello and EncryptedExtensions records into one |
| 504 | my $i; | |
| 505 | for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { | |
| 506 | next; | |
| 536 | my $i = 0; | |
| 537 | foreach my $record (@{$records}) { | |
| 538 | if ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) { | |
| 539 | $record->{sent} = 1; # pretend it's sent already | |
| 540 | last; | |
| 541 | } | |
| 542 | $i++; | |
| 507 | 543 | } |
| 508 | $data = ${$proxy->record_list}[$i]->data(); | |
| 509 | $data .= ${$proxy->record_list}[$i + 1]->decrypt_data(); | |
| 510 | ${$proxy->record_list}[$i]->data($data); | |
| 511 | ${$proxy->record_list}[$i]->len(length $data); | |
| 512 | ||
| 513 | #Delete the old EncryptedExtensions record | |
| 514 | splice @{$proxy->record_list}, $i + 1, 1; | |
| 544 | ||
| 545 | if (defined(${$records}[$i+1])) { | |
| 546 | $data = ${$records}[$i]->data(); | |
| 547 | $data .= ${$records}[$i+1]->decrypt_data(); | |
| 548 | ${$records}[$i+1]->data($data); | |
| 549 | ${$records}[$i+1]->len(length $data); | |
| 550 | ||
| 551 | #Delete the old ServerHello record | |
| 552 | splice @{$records}, $i, 1; | |
| 553 | } | |
| 515 | 554 | } elsif ($boundary_test_type == DATA_AFTER_FINISHED) { |
| 516 | $data = ${$proxy->record_list}[-1]->decrypt_data; | |
| 555 | return if @{$proxy->{message_list}}[-1]->{mt} | |
| 556 | != TLSProxy::Message::MT_FINISHED; | |
| 557 | ||
| 558 | my $last_record = @{$records}[-1]; | |
| 559 | $data = $last_record->decrypt_data; | |
| 517 | 560 | |
| 518 | 561 | #Add a KeyUpdate message onto the end of the Finished record |
| 519 | 562 | my $keyupdate = pack "C5", |
| 527 | 570 | $data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16); |
| 528 | 571 | |
| 529 | 572 | #Update the record |
| 530 | ${$proxy->record_list}[-1]->data($data); | |
| 531 | ${$proxy->record_list}[-1]->len(length $data); | |
| 573 | $last_record->data($data); | |
| 574 | $last_record->len(length $data); | |
| 532 | 575 | } else { |
| 576 | return if @{$proxy->{message_list}}[-1]->{mt} | |
| 577 | != TLSProxy::Message::MT_FINISHED; | |
| 578 | ||
| 533 | 579 | #KeyUpdates must end on a record boundary |
| 534 | 580 | |
| 535 | 581 | my $record = TLSProxy::Record->new( |
| 536 | 582 | 1, |
| 537 | 583 | TLSProxy::Record::RT_APPLICATION_DATA, |
| 538 | TLSProxy::Record::VERS_TLS_1_0, | |
| 584 | TLSProxy::Record::VERS_TLS_1_2, | |
| 539 | 585 | 0, |
| 540 | 586 | 0, |
| 541 | 587 | 0, |
| 557 | 603 | |
| 558 | 604 | $record->data($data); |
| 559 | 605 | $record->len(length $data); |
| 560 | push @{$proxy->record_list}, $record; | |
| 561 | } | |
| 562 | } | |
| 606 | push @{$records}, $record; | |
| 607 | } | |
| 608 | } | |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 8 | 8 | |
| 9 | 9 | use OpenSSL::Test::Utils; |
| 10 | 10 | use OpenSSL::Test qw/:DEFAULT srctop_file/; |
| 11 | use File::Temp qw(tempfile); | |
| 11 | 12 | |
| 12 | 13 | setup("test_sslapi"); |
| 13 | 14 | |
| 16 | 17 | |
| 17 | 18 | plan tests => 1; |
| 18 | 19 | |
| 20 | (undef, my $tmpfilename) = tempfile(); | |
| 21 | ||
| 19 | 22 | ok(run(test(["sslapitest", srctop_file("apps", "server.pem"), |
| 20 | srctop_file("apps", "server.pem")])), "running sslapitest"); | |
| 23 | srctop_file("apps", "server.pem"), | |
| 24 | srctop_file("test", "recipes", "90-test_sslapi_data", | |
| 25 | "passwd.txt"), $tmpfilename])), | |
| 26 | "running sslapitest"); | |
| 27 | ||
| 28 | unlink $tmpfilename; | |
| 0 | V 1auIY/NQXwKWVeWaYg.YV0AaU.mpHSsZw8PWfrYT0oMTPYekTqGXu6ElyTN64DmK03V3P2yVRdhN0UBxMBujLnTauROkuEep/vp7S5xhW1VK8zg1gtJslTqOp4l.GTJF9x0WYmS6VNRnj5AVi3mgfVJ3nmzlMJUMm7niQxm5awLZZ8xykox1j6MFRa80y02Ub87A88DwqA5wrIM/Uojx9VBxUhTHC.353aBA/rL4O/179rgIBbhID08RA6uLv7pIJQVl5OjYsRu/XzQsgFFW6Wog7PaB.AATqArzXZieZxs/teOiFKPSgKI.76vvVEMQIifSj3hRuVK/immK.9hBCTHYjAv96MUmitb0ErPYJRl2MeBC8M6aHJ8FaMmak.Qv.bwyiqpEjlX1a9KjdBAKIaAswECjeP6G0Gk5v1g5D7ZmP5JUK7Wp/X9sKuZZYOsDwEGfXNmmJG6Y3TETx105HT2QMJ5ti5QCbrd71VWABmVWpHJc03YLUExw6WtYdUW0YHTbRKVntgVe2hOQD.XPtFPn2SwxbGonq1bwEvdCp22uTb5HFSC3I7amCUTZteVmMgqJAcx.x.2yfliESVvpmG.dnDFkp6vsQxch6Q1dV5rDmR4GGSy8FoPSFXc7NS0kCSs.qsTqLSmHN1XMzwrwYuVbItXBwetwxcIcdi.sFG6OLuwRUGaNOXiMwhlDHyQtVfEm3L/KIjPpzLlYRAJWF9M40FIcNsI6xiMNhvUGNO7LaBHKSV3oHlwUWWUnL7Uo/ePH8lBpGadYPxObXZ1/wOcWdJ1Rb5dB9orSSTSvoNrZyALKO.swl7pP7beYq6bUx8qtBJLaqI2zQzr1tnmJi8azVicuFtsDs363ntCRtd1LLT3CX3EBVXMbEy6xgAKWI2GL3HO6v8k3Gv96UeGFN/w5yAz61mbajDrSeJekUaKgfucV8h9tgHNlTA1kGowd2Yn/EQdVc/qSETddySqNC0mXlPW1tgb2ixV6sWbYrb5TLBUdztdw5L2D62Aal.9IjpTEKc4F/gMjYsazIX6nzpXZtWnYP7dIOpSi4c.48B2RIeDrZVMzUF.9QOF9Dk1fy5Z2X91z8J2I0GuqIWKKfwnx4xA3RbGUds1Cv2XvUA1tP7eqtvs/mTsC8KWApNSpL6K.U.Pt0ee6F76CV.ZcBXTbXl9zJZ0H1peiehzZpbuIPLZPtzIHClRQovjqdrlEUzS5VdSgCfNhEUr3ZOpG3cCKO4Lk25jZuQtoFmyxUuRAIXejLizCd727hO7rHZoD.GGm4HiNaH2jgZaftoFhfSBXvPRGYfcj.ZkiLyurNlumMXTduHImB1ZMkZ1af5dggKaQG4bJe9WbF6KYxmeRwV 1oFJIzMwXA0RFKXCGcSV0nAToL5 test 8192 A test user |
| 0 | 0 | #! /usr/bin/env perl |
| 1 | # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | # |
| 3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | # this file except in compliance with the License. You can obtain a copy |
| 26 | 26 | my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; |
| 27 | 27 | my $recipesdir = catdir($srctop, "test", "recipes"); |
| 28 | 28 | my $libdir = rel2abs(catdir($srctop, "util", "perl")); |
| 29 | ||
| 30 | $ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf"); | |
| 29 | 31 | |
| 30 | 32 | my %tapargs = |
| 31 | 33 | ( verbosity => $ENV{VERBOSE} || $ENV{V} || $ENV{HARNESS_VERBOSE} ? 1 : 0, |
| 970 | 970 | VerifyMode = Peer |
| 971 | 971 | |
| 972 | 972 | [test-28] |
| 973 | ExpectedResult = ServerFail | |
| 973 | ExpectedResult = Success | |
| 974 | ExpectedServerCANames = empty | |
| 975 | ExpectedServerCertType = P-256 | |
| 976 | ExpectedServerSignHash = SHA256 | |
| 977 | ExpectedServerSignType = EC | |
| 974 | 978 | |
| 975 | 979 | |
| 976 | 980 | # =========================================================== |
| 510 | 510 | "SignatureAlgorithms" => "ECDSA+SHA256", |
| 511 | 511 | }, |
| 512 | 512 | test => { |
| 513 | "ExpectedResult" => "ServerFail" | |
| 513 | "ExpectedServerCertType" => "P-256", | |
| 514 | "ExpectedServerSignHash" => "SHA256", | |
| 515 | "ExpectedServerSignType" => "EC", | |
| 516 | "ExpectedServerCANames" => "empty", | |
| 517 | "ExpectedResult" => "Success" | |
| 514 | 518 | }, |
| 515 | 519 | }, |
| 516 | 520 | { |
| 466 | 466 | } |
| 467 | 467 | } |
| 468 | 468 | |
| 469 | #ifdef OPENSSL_NO_AUTOLOAD_CONFIG | |
| 470 | if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))) | |
| 471 | goto err; | |
| 472 | #endif | |
| 473 | ||
| 469 | 474 | if (!TEST_ptr(server_ctx) |
| 470 | 475 | || !TEST_ptr(client_ctx) |
| 471 | 476 | || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) |
| 13 | 13 | #include <openssl/crypto.h> |
| 14 | 14 | #include <openssl/ssl.h> |
| 15 | 15 | #include <openssl/ocsp.h> |
| 16 | #include <openssl/srp.h> | |
| 17 | #include <openssl/txt_db.h> | |
| 16 | 18 | |
| 17 | 19 | #include "ssltestlib.h" |
| 18 | 20 | #include "testutil.h" |
| 22 | 24 | |
| 23 | 25 | static char *cert = NULL; |
| 24 | 26 | static char *privkey = NULL; |
| 25 | ||
| 26 | #define LOG_BUFFER_SIZE 1024 | |
| 27 | static char *srpvfile = NULL; | |
| 28 | static char *tmpfilename = NULL; | |
| 29 | ||
| 30 | #define LOG_BUFFER_SIZE 2048 | |
| 27 | 31 | static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; |
| 28 | 32 | static size_t server_log_buffer_index = 0; |
| 29 | 33 | static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0}; |
| 49 | 53 | struct sslapitest_log_counts { |
| 50 | 54 | unsigned int rsa_key_exchange_count; |
| 51 | 55 | unsigned int master_secret_count; |
| 56 | unsigned int client_early_secret_count; | |
| 52 | 57 | unsigned int client_handshake_secret_count; |
| 53 | 58 | unsigned int server_handshake_secret_count; |
| 54 | 59 | unsigned int client_application_secret_count; |
| 55 | 60 | unsigned int server_application_secret_count; |
| 61 | unsigned int early_exporter_secret_count; | |
| 62 | unsigned int exporter_secret_count; | |
| 56 | 63 | }; |
| 57 | 64 | |
| 58 | 65 | |
| 134 | 141 | size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH; |
| 135 | 142 | unsigned int rsa_key_exchange_count = 0; |
| 136 | 143 | unsigned int master_secret_count = 0; |
| 144 | unsigned int client_early_secret_count = 0; | |
| 137 | 145 | unsigned int client_handshake_secret_count = 0; |
| 138 | 146 | unsigned int server_handshake_secret_count = 0; |
| 139 | 147 | unsigned int client_application_secret_count = 0; |
| 140 | 148 | unsigned int server_application_secret_count = 0; |
| 149 | unsigned int early_exporter_secret_count = 0; | |
| 150 | unsigned int exporter_secret_count = 0; | |
| 141 | 151 | |
| 142 | 152 | for (token = strtok(buffer, " \n"); token != NULL; |
| 143 | 153 | token = strtok(NULL, " \n")) { |
| 191 | 201 | master_key_size))) |
| 192 | 202 | return 0; |
| 193 | 203 | master_secret_count++; |
| 194 | } else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 | |
| 204 | } else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0 | |
| 205 | || strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0 | |
| 195 | 206 | || strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0 |
| 196 | 207 | || strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0 |
| 197 | || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) { | |
| 208 | || strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0 | |
| 209 | || strcmp(token, "EARLY_EXPORTER_SECRET") == 0 | |
| 210 | || strcmp(token, "EXPORTER_SECRET") == 0) { | |
| 198 | 211 | /* |
| 199 | 212 | * TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded |
| 200 | 213 | * client random, and then the hex-encoded secret. In this case, |
| 201 | 214 | * we treat all of these secrets identically and then just |
| 202 | 215 | * distinguish between them when counting what we saw. |
| 203 | 216 | */ |
| 204 | if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0) | |
| 217 | if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0) | |
| 218 | client_early_secret_count++; | |
| 219 | else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0) | |
| 205 | 220 | client_handshake_secret_count++; |
| 206 | 221 | else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0) |
| 207 | 222 | server_handshake_secret_count++; |
| 209 | 224 | client_application_secret_count++; |
| 210 | 225 | else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0) |
| 211 | 226 | server_application_secret_count++; |
| 227 | else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0) | |
| 228 | early_exporter_secret_count++; | |
| 229 | else if (strcmp(token, "EXPORTER_SECRET") == 0) | |
| 230 | exporter_secret_count++; | |
| 212 | 231 | |
| 213 | 232 | client_random_size = SSL_get_client_random(ssl, |
| 214 | 233 | actual_client_random, |
| 242 | 261 | expected->rsa_key_exchange_count) |
| 243 | 262 | || !TEST_size_t_eq(master_secret_count, |
| 244 | 263 | expected->master_secret_count) |
| 264 | || !TEST_size_t_eq(client_early_secret_count, | |
| 265 | expected->client_early_secret_count) | |
| 245 | 266 | || !TEST_size_t_eq(client_handshake_secret_count, |
| 246 | 267 | expected->client_handshake_secret_count) |
| 247 | 268 | || !TEST_size_t_eq(server_handshake_secret_count, |
| 249 | 270 | || !TEST_size_t_eq(client_application_secret_count, |
| 250 | 271 | expected->client_application_secret_count) |
| 251 | 272 | || !TEST_size_t_eq(server_application_secret_count, |
| 252 | expected->server_application_secret_count)) | |
| 273 | expected->server_application_secret_count) | |
| 274 | || !TEST_size_t_eq(early_exporter_secret_count, | |
| 275 | expected->early_exporter_secret_count) | |
| 276 | || !TEST_size_t_eq(exporter_secret_count, | |
| 277 | expected->exporter_secret_count)) | |
| 253 | 278 | return 0; |
| 254 | 279 | return 1; |
| 255 | 280 | } |
| 339 | 364 | { |
| 340 | 365 | SSL_CTX *cctx = NULL, *sctx = NULL; |
| 341 | 366 | SSL *clientssl = NULL, *serverssl = NULL; |
| 367 | SSL_SESSION *sess = NULL; | |
| 342 | 368 | int testresult = 0; |
| 343 | 369 | struct sslapitest_log_counts expected = {0}; |
| 370 | unsigned char buf[1]; | |
| 371 | size_t readbytes, written; | |
| 344 | 372 | |
| 345 | 373 | /* Clean up logging space */ |
| 346 | 374 | memset(client_log_buffer, 0, sizeof(client_log_buffer)); |
| 351 | 379 | |
| 352 | 380 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), |
| 353 | 381 | TLS1_VERSION, TLS_MAX_VERSION, |
| 354 | &sctx, &cctx, cert, privkey))) | |
| 382 | &sctx, &cctx, cert, privkey)) | |
| 383 | || !TEST_true(SSL_CTX_set_max_early_data(sctx, | |
| 384 | SSL3_RT_MAX_PLAIN_LENGTH))) | |
| 355 | 385 | return 0; |
| 356 | 386 | |
| 357 | 387 | if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL) |
| 385 | 415 | expected.server_handshake_secret_count = 1; |
| 386 | 416 | expected.client_application_secret_count = 1; |
| 387 | 417 | expected.server_application_secret_count = 1; |
| 418 | expected.exporter_secret_count = 1; | |
| 388 | 419 | if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, |
| 389 | 420 | SSL_get_session(clientssl), &expected)) |
| 390 | 421 | || !TEST_true(test_keylog_output(server_log_buffer, serverssl, |
| 392 | 423 | &expected))) |
| 393 | 424 | goto end; |
| 394 | 425 | |
| 426 | /* Terminate old session and resume with early data. */ | |
| 427 | sess = SSL_get1_session(clientssl); | |
| 428 | SSL_shutdown(clientssl); | |
| 429 | SSL_shutdown(serverssl); | |
| 430 | SSL_free(serverssl); | |
| 431 | SSL_free(clientssl); | |
| 432 | serverssl = clientssl = NULL; | |
| 433 | ||
| 434 | /* Reset key log */ | |
| 435 | memset(client_log_buffer, 0, sizeof(client_log_buffer)); | |
| 436 | memset(server_log_buffer, 0, sizeof(server_log_buffer)); | |
| 437 | client_log_buffer_index = 0; | |
| 438 | server_log_buffer_index = 0; | |
| 439 | ||
| 440 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, | |
| 441 | &clientssl, NULL, NULL)) | |
| 442 | || !TEST_true(SSL_set_session(clientssl, sess)) | |
| 443 | /* Here writing 0 length early data is enough. */ | |
| 444 | || !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written)) | |
| 445 | || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), | |
| 446 | &readbytes), | |
| 447 | SSL_READ_EARLY_DATA_ERROR) | |
| 448 | || !TEST_int_eq(SSL_get_early_data_status(serverssl), | |
| 449 | SSL_EARLY_DATA_ACCEPTED) | |
| 450 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 451 | SSL_ERROR_NONE)) | |
| 452 | || !TEST_true(SSL_session_reused(clientssl))) | |
| 453 | goto end; | |
| 454 | ||
| 455 | /* In addition to the previous entries, expect early secrets. */ | |
| 456 | expected.client_early_secret_count = 1; | |
| 457 | expected.early_exporter_secret_count = 1; | |
| 458 | if (!TEST_true(test_keylog_output(client_log_buffer, clientssl, | |
| 459 | SSL_get_session(clientssl), &expected)) | |
| 460 | || !TEST_true(test_keylog_output(server_log_buffer, serverssl, | |
| 461 | SSL_get_session(serverssl), | |
| 462 | &expected))) | |
| 463 | goto end; | |
| 464 | ||
| 395 | 465 | testresult = 1; |
| 396 | 466 | |
| 397 | 467 | end: |
| 468 | SSL_SESSION_free(sess); | |
| 398 | 469 | SSL_free(serverssl); |
| 399 | 470 | SSL_free(clientssl); |
| 400 | 471 | SSL_CTX_free(sctx); |
| 1108 | 1179 | #endif |
| 1109 | 1180 | } |
| 1110 | 1181 | |
| 1111 | #define USE_NULL 0 | |
| 1112 | #define USE_BIO_1 1 | |
| 1113 | #define USE_BIO_2 2 | |
| 1114 | ||
| 1115 | #define TOTAL_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) | |
| 1182 | #define USE_NULL 0 | |
| 1183 | #define USE_BIO_1 1 | |
| 1184 | #define USE_BIO_2 2 | |
| 1185 | #define USE_DEFAULT 3 | |
| 1186 | ||
| 1187 | #define CONNTYPE_CONNECTION_SUCCESS 0 | |
| 1188 | #define CONNTYPE_CONNECTION_FAIL 1 | |
| 1189 | #define CONNTYPE_NO_CONNECTION 2 | |
| 1190 | ||
| 1191 | #define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3) | |
| 1192 | #define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2) | |
| 1193 | #if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) | |
| 1194 | # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2) | |
| 1195 | #else | |
| 1196 | # define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0 | |
| 1197 | #endif | |
| 1198 | ||
| 1199 | ||
| 1200 | #define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \ | |
| 1201 | + TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \ | |
| 1202 | + TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS | |
| 1116 | 1203 | |
| 1117 | 1204 | static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type) |
| 1118 | 1205 | { |
| 1129 | 1216 | } |
| 1130 | 1217 | } |
| 1131 | 1218 | |
| 1219 | ||
| 1220 | /* | |
| 1221 | * Tests calls to SSL_set_bio() under various conditions. | |
| 1222 | * | |
| 1223 | * For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with | |
| 1224 | * various combinations of valid BIOs or NULL being set for the rbio/wbio. We | |
| 1225 | * then do more tests where we create a successful connection first using our | |
| 1226 | * standard connection setup functions, and then call SSL_set_bio() with | |
| 1227 | * various combinations of valid BIOs or NULL. We then repeat these tests | |
| 1228 | * following a failed connection. In this last case we are looking to check that | |
| 1229 | * SSL_set_bio() functions correctly in the case where s->bbio is not NULL. | |
| 1230 | */ | |
| 1132 | 1231 | static int test_ssl_set_bio(int idx) |
| 1133 | 1232 | { |
| 1134 | SSL_CTX *ctx; | |
| 1233 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
| 1135 | 1234 | BIO *bio1 = NULL; |
| 1136 | 1235 | BIO *bio2 = NULL; |
| 1137 | 1236 | BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL; |
| 1138 | SSL *ssl = NULL; | |
| 1139 | int initrbio, initwbio, newrbio, newwbio; | |
| 1237 | SSL *serverssl = NULL, *clientssl = NULL; | |
| 1238 | int initrbio, initwbio, newrbio, newwbio, conntype; | |
| 1140 | 1239 | int testresult = 0; |
| 1141 | 1240 | |
| 1142 | initrbio = idx % 3; | |
| 1143 | idx /= 3; | |
| 1144 | initwbio = idx % 3; | |
| 1145 | idx /= 3; | |
| 1146 | newrbio = idx % 3; | |
| 1147 | idx /= 3; | |
| 1148 | newwbio = idx; | |
| 1149 | if (!TEST_int_le(newwbio, 2)) | |
| 1150 | return 0; | |
| 1151 | ||
| 1152 | if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method())) | |
| 1153 | || !TEST_ptr(ssl = SSL_new(ctx))) | |
| 1241 | if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) { | |
| 1242 | initrbio = idx % 3; | |
| 1243 | idx /= 3; | |
| 1244 | initwbio = idx % 3; | |
| 1245 | idx /= 3; | |
| 1246 | newrbio = idx % 3; | |
| 1247 | idx /= 3; | |
| 1248 | newwbio = idx % 3; | |
| 1249 | conntype = CONNTYPE_NO_CONNECTION; | |
| 1250 | } else { | |
| 1251 | idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS; | |
| 1252 | initrbio = initwbio = USE_DEFAULT; | |
| 1253 | newrbio = idx % 2; | |
| 1254 | idx /= 2; | |
| 1255 | newwbio = idx % 2; | |
| 1256 | idx /= 2; | |
| 1257 | conntype = idx % 2; | |
| 1258 | } | |
| 1259 | ||
| 1260 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), | |
| 1261 | TLS1_VERSION, TLS_MAX_VERSION, | |
| 1262 | &sctx, &cctx, cert, privkey))) | |
| 1263 | goto end; | |
| 1264 | ||
| 1265 | if (conntype == CONNTYPE_CONNECTION_FAIL) { | |
| 1266 | /* | |
| 1267 | * We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled | |
| 1268 | * because we reduced the number of tests in the definition of | |
| 1269 | * TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting | |
| 1270 | * mismatched protocol versions we will force a connection failure. | |
| 1271 | */ | |
| 1272 | SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION); | |
| 1273 | SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION); | |
| 1274 | } | |
| 1275 | ||
| 1276 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 1277 | NULL, NULL))) | |
| 1154 | 1278 | goto end; |
| 1155 | 1279 | |
| 1156 | 1280 | if (initrbio == USE_BIO_1 |
| 1169 | 1293 | goto end; |
| 1170 | 1294 | } |
| 1171 | 1295 | |
| 1172 | setupbio(&irbio, bio1, bio2, initrbio); | |
| 1173 | setupbio(&iwbio, bio1, bio2, initwbio); | |
| 1174 | ||
| 1175 | /* | |
| 1176 | * We want to maintain our own refs to these BIO, so do an up ref for each | |
| 1177 | * BIO that will have ownership transferred in the SSL_set_bio() call | |
| 1178 | */ | |
| 1179 | if (irbio != NULL) | |
| 1180 | BIO_up_ref(irbio); | |
| 1181 | if (iwbio != NULL && iwbio != irbio) | |
| 1182 | BIO_up_ref(iwbio); | |
| 1183 | ||
| 1184 | SSL_set_bio(ssl, irbio, iwbio); | |
| 1296 | if (initrbio != USE_DEFAULT) { | |
| 1297 | setupbio(&irbio, bio1, bio2, initrbio); | |
| 1298 | setupbio(&iwbio, bio1, bio2, initwbio); | |
| 1299 | SSL_set_bio(clientssl, irbio, iwbio); | |
| 1300 | ||
| 1301 | /* | |
| 1302 | * We want to maintain our own refs to these BIO, so do an up ref for | |
| 1303 | * each BIO that will have ownership transferred in the SSL_set_bio() | |
| 1304 | * call | |
| 1305 | */ | |
| 1306 | if (irbio != NULL) | |
| 1307 | BIO_up_ref(irbio); | |
| 1308 | if (iwbio != NULL && iwbio != irbio) | |
| 1309 | BIO_up_ref(iwbio); | |
| 1310 | } | |
| 1311 | ||
| 1312 | if (conntype != CONNTYPE_NO_CONNECTION | |
| 1313 | && !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 1314 | SSL_ERROR_NONE) | |
| 1315 | == (conntype == CONNTYPE_CONNECTION_SUCCESS))) | |
| 1316 | goto end; | |
| 1185 | 1317 | |
| 1186 | 1318 | setupbio(&nrbio, bio1, bio2, newrbio); |
| 1187 | 1319 | setupbio(&nwbio, bio1, bio2, newwbio); |
| 1200 | 1332 | && (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio))) |
| 1201 | 1333 | BIO_up_ref(nwbio); |
| 1202 | 1334 | |
| 1203 | SSL_set_bio(ssl, nrbio, nwbio); | |
| 1335 | SSL_set_bio(clientssl, nrbio, nwbio); | |
| 1204 | 1336 | |
| 1205 | 1337 | testresult = 1; |
| 1206 | 1338 | |
| 1207 | 1339 | end: |
| 1208 | SSL_free(ssl); | |
| 1209 | 1340 | BIO_free(bio1); |
| 1210 | 1341 | BIO_free(bio2); |
| 1211 | 1342 | |
| 1215 | 1346 | * functions. If we haven't done enough then this will only be detected in |
| 1216 | 1347 | * a crypto-mdebug build |
| 1217 | 1348 | */ |
| 1218 | SSL_CTX_free(ctx); | |
| 1349 | SSL_free(serverssl); | |
| 1350 | SSL_free(clientssl); | |
| 1351 | SSL_CTX_free(sctx); | |
| 1352 | SSL_CTX_free(cctx); | |
| 1219 | 1353 | return testresult; |
| 1220 | 1354 | } |
| 1221 | 1355 | |
| 1569 | 1703 | TLS1_VERSION, TLS_MAX_VERSION, |
| 1570 | 1704 | sctx, cctx, cert, privkey)) |
| 1571 | 1705 | || !TEST_true(SSL_CTX_set_max_early_data(*sctx, |
| 1572 | SSL3_RT_MAX_PLAIN_LENGTH)) | |
| 1573 | || !TEST_true(SSL_CTX_set_max_early_data(*cctx, | |
| 1574 | 1706 | SSL3_RT_MAX_PLAIN_LENGTH))) |
| 1575 | 1707 | return 0; |
| 1576 | 1708 | |
| 2437 | 2569 | return testresult; |
| 2438 | 2570 | } |
| 2439 | 2571 | # endif /* OPENSSL_NO_TLS1_2 */ |
| 2572 | ||
| 2573 | /* | |
| 2574 | * Test configuring the TLSv1.3 ciphersuites | |
| 2575 | * | |
| 2576 | * Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list) | |
| 2577 | * Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list) | |
| 2578 | * Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list) | |
| 2579 | * Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list) | |
| 2580 | * Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list) | |
| 2581 | * Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list) | |
| 2582 | * Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list) | |
| 2583 | * Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list) | |
| 2584 | * Test 8: Set a default ciphersuite in the SSL (SSL cipher_list) | |
| 2585 | * Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list) | |
| 2586 | */ | |
| 2587 | static int test_set_ciphersuite(int idx) | |
| 2588 | { | |
| 2589 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
| 2590 | SSL *clientssl = NULL, *serverssl = NULL; | |
| 2591 | int testresult = 0; | |
| 2592 | ||
| 2593 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), | |
| 2594 | TLS1_VERSION, TLS_MAX_VERSION, | |
| 2595 | &sctx, &cctx, cert, privkey)) | |
| 2596 | || !TEST_true(SSL_CTX_set_ciphersuites(sctx, | |
| 2597 | "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256"))) | |
| 2598 | goto end; | |
| 2599 | ||
| 2600 | if (idx >=4 && idx <= 7) { | |
| 2601 | /* SSL_CTX explicit cipher list */ | |
| 2602 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384"))) | |
| 2603 | goto end; | |
| 2604 | } | |
| 2605 | ||
| 2606 | if (idx == 0 || idx == 4) { | |
| 2607 | /* Default ciphersuite */ | |
| 2608 | if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, | |
| 2609 | "TLS_AES_128_GCM_SHA256"))) | |
| 2610 | goto end; | |
| 2611 | } else if (idx == 1 || idx == 5) { | |
| 2612 | /* Non default ciphersuite */ | |
| 2613 | if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, | |
| 2614 | "TLS_AES_128_CCM_SHA256"))) | |
| 2615 | goto end; | |
| 2616 | } | |
| 2617 | ||
| 2618 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, | |
| 2619 | &clientssl, NULL, NULL))) | |
| 2620 | goto end; | |
| 2621 | ||
| 2622 | if (idx == 8 || idx == 9) { | |
| 2623 | /* SSL explicit cipher list */ | |
| 2624 | if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))) | |
| 2625 | goto end; | |
| 2626 | } | |
| 2627 | ||
| 2628 | if (idx == 2 || idx == 6 || idx == 8) { | |
| 2629 | /* Default ciphersuite */ | |
| 2630 | if (!TEST_true(SSL_set_ciphersuites(clientssl, | |
| 2631 | "TLS_AES_128_GCM_SHA256"))) | |
| 2632 | goto end; | |
| 2633 | } else if (idx == 3 || idx == 7 || idx == 9) { | |
| 2634 | /* Non default ciphersuite */ | |
| 2635 | if (!TEST_true(SSL_set_ciphersuites(clientssl, | |
| 2636 | "TLS_AES_128_CCM_SHA256"))) | |
| 2637 | goto end; | |
| 2638 | } | |
| 2639 | ||
| 2640 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
| 2641 | goto end; | |
| 2642 | ||
| 2643 | testresult = 1; | |
| 2644 | ||
| 2645 | end: | |
| 2646 | SSL_free(serverssl); | |
| 2647 | SSL_free(clientssl); | |
| 2648 | SSL_CTX_free(sctx); | |
| 2649 | SSL_CTX_free(cctx); | |
| 2650 | ||
| 2651 | return testresult; | |
| 2652 | } | |
| 2440 | 2653 | |
| 2441 | 2654 | static int test_ciphersuite_change(void) |
| 2442 | 2655 | { |
| 3704 | 3917 | } |
| 3705 | 3918 | #endif |
| 3706 | 3919 | |
| 3920 | #if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) | |
| 3921 | ||
| 3922 | static SRP_VBASE *vbase = NULL; | |
| 3923 | ||
| 3924 | static int ssl_srp_cb(SSL *s, int *ad, void *arg) | |
| 3925 | { | |
| 3926 | int ret = SSL3_AL_FATAL; | |
| 3927 | char *username; | |
| 3928 | SRP_user_pwd *user = NULL; | |
| 3929 | ||
| 3930 | username = SSL_get_srp_username(s); | |
| 3931 | if (username == NULL) { | |
| 3932 | *ad = SSL_AD_INTERNAL_ERROR; | |
| 3933 | goto err; | |
| 3934 | } | |
| 3935 | ||
| 3936 | user = SRP_VBASE_get1_by_user(vbase, username); | |
| 3937 | if (user == NULL) { | |
| 3938 | *ad = SSL_AD_INTERNAL_ERROR; | |
| 3939 | goto err; | |
| 3940 | } | |
| 3941 | ||
| 3942 | if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v, | |
| 3943 | user->info) <= 0) { | |
| 3944 | *ad = SSL_AD_INTERNAL_ERROR; | |
| 3945 | goto err; | |
| 3946 | } | |
| 3947 | ||
| 3948 | ret = 0; | |
| 3949 | ||
| 3950 | err: | |
| 3951 | SRP_user_pwd_free(user); | |
| 3952 | return ret; | |
| 3953 | } | |
| 3954 | ||
| 3955 | static int create_new_vfile(char *userid, char *password, const char *filename) | |
| 3956 | { | |
| 3957 | char *gNid = NULL; | |
| 3958 | OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1)); | |
| 3959 | TXT_DB *db = NULL; | |
| 3960 | int ret = 0; | |
| 3961 | BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0); | |
| 3962 | size_t i; | |
| 3963 | ||
| 3964 | if (!TEST_ptr(dummy) || !TEST_ptr(row)) | |
| 3965 | goto end; | |
| 3966 | ||
| 3967 | gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt], | |
| 3968 | &row[DB_srpverifier], NULL, NULL); | |
| 3969 | if (!TEST_ptr(gNid)) | |
| 3970 | goto end; | |
| 3971 | ||
| 3972 | /* | |
| 3973 | * The only way to create an empty TXT_DB is to provide a BIO with no data | |
| 3974 | * in it! | |
| 3975 | */ | |
| 3976 | db = TXT_DB_read(dummy, DB_NUMBER); | |
| 3977 | if (!TEST_ptr(db)) | |
| 3978 | goto end; | |
| 3979 | ||
| 3980 | out = BIO_new_file(filename, "w"); | |
| 3981 | if (!TEST_ptr(out)) | |
| 3982 | goto end; | |
| 3983 | ||
| 3984 | row[DB_srpid] = OPENSSL_strdup(userid); | |
| 3985 | row[DB_srptype] = OPENSSL_strdup("V"); | |
| 3986 | row[DB_srpgN] = OPENSSL_strdup(gNid); | |
| 3987 | ||
| 3988 | if (!TEST_ptr(row[DB_srpid]) | |
| 3989 | || !TEST_ptr(row[DB_srptype]) | |
| 3990 | || !TEST_ptr(row[DB_srpgN]) | |
| 3991 | || !TEST_true(TXT_DB_insert(db, row))) | |
| 3992 | goto end; | |
| 3993 | ||
| 3994 | row = NULL; | |
| 3995 | ||
| 3996 | if (!TXT_DB_write(out, db)) | |
| 3997 | goto end; | |
| 3998 | ||
| 3999 | ret = 1; | |
| 4000 | end: | |
| 4001 | if (row != NULL) { | |
| 4002 | for (i = 0; i < DB_NUMBER; i++) | |
| 4003 | OPENSSL_free(row[i]); | |
| 4004 | } | |
| 4005 | OPENSSL_free(row); | |
| 4006 | BIO_free(dummy); | |
| 4007 | BIO_free(out); | |
| 4008 | TXT_DB_free(db); | |
| 4009 | ||
| 4010 | return ret; | |
| 4011 | } | |
| 4012 | ||
| 4013 | static int create_new_vbase(char *userid, char *password) | |
| 4014 | { | |
| 4015 | BIGNUM *verifier = NULL, *salt = NULL; | |
| 4016 | const SRP_gN *lgN = NULL; | |
| 4017 | SRP_user_pwd *user_pwd = NULL; | |
| 4018 | int ret = 0; | |
| 4019 | ||
| 4020 | lgN = SRP_get_default_gN(NULL); | |
| 4021 | if (!TEST_ptr(lgN)) | |
| 4022 | goto end; | |
| 4023 | ||
| 4024 | if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier, | |
| 4025 | lgN->N, lgN->g))) | |
| 4026 | goto end; | |
| 4027 | ||
| 4028 | user_pwd = OPENSSL_zalloc(sizeof(*user_pwd)); | |
| 4029 | if (!TEST_ptr(user_pwd)) | |
| 4030 | goto end; | |
| 4031 | ||
| 4032 | user_pwd->N = lgN->N; | |
| 4033 | user_pwd->g = lgN->g; | |
| 4034 | user_pwd->id = OPENSSL_strdup(userid); | |
| 4035 | if (!TEST_ptr(user_pwd->id)) | |
| 4036 | goto end; | |
| 4037 | ||
| 4038 | user_pwd->v = verifier; | |
| 4039 | user_pwd->s = salt; | |
| 4040 | verifier = salt = NULL; | |
| 4041 | ||
| 4042 | if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0) | |
| 4043 | goto end; | |
| 4044 | user_pwd = NULL; | |
| 4045 | ||
| 4046 | ret = 1; | |
| 4047 | end: | |
| 4048 | SRP_user_pwd_free(user_pwd); | |
| 4049 | BN_free(salt); | |
| 4050 | BN_free(verifier); | |
| 4051 | ||
| 4052 | return ret; | |
| 4053 | } | |
| 4054 | ||
| 4055 | /* | |
| 4056 | * SRP tests | |
| 4057 | * | |
| 4058 | * Test 0: Simple successful SRP connection, new vbase | |
| 4059 | * Test 1: Connection failure due to bad password, new vbase | |
| 4060 | * Test 2: Simple successful SRP connection, vbase loaded from existing file | |
| 4061 | * Test 3: Connection failure due to bad password, vbase loaded from existing | |
| 4062 | * file | |
| 4063 | * Test 4: Simple successful SRP connection, vbase loaded from new file | |
| 4064 | * Test 5: Connection failure due to bad password, vbase loaded from new file | |
| 4065 | */ | |
| 4066 | static int test_srp(int tst) | |
| 4067 | { | |
| 4068 | char *userid = "test", *password = "password", *tstsrpfile; | |
| 4069 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
| 4070 | SSL *clientssl = NULL, *serverssl = NULL; | |
| 4071 | int ret, testresult = 0; | |
| 4072 | ||
| 4073 | vbase = SRP_VBASE_new(NULL); | |
| 4074 | if (!TEST_ptr(vbase)) | |
| 4075 | goto end; | |
| 4076 | ||
| 4077 | if (tst == 0 || tst == 1) { | |
| 4078 | if (!TEST_true(create_new_vbase(userid, password))) | |
| 4079 | goto end; | |
| 4080 | } else { | |
| 4081 | if (tst == 4 || tst == 5) { | |
| 4082 | if (!TEST_true(create_new_vfile(userid, password, tmpfilename))) | |
| 4083 | goto end; | |
| 4084 | tstsrpfile = tmpfilename; | |
| 4085 | } else { | |
| 4086 | tstsrpfile = srpvfile; | |
| 4087 | } | |
| 4088 | if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR)) | |
| 4089 | goto end; | |
| 4090 | } | |
| 4091 | ||
| 4092 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), | |
| 4093 | TLS1_VERSION, TLS_MAX_VERSION, | |
| 4094 | &sctx, &cctx, cert, privkey))) | |
| 4095 | goto end; | |
| 4096 | ||
| 4097 | if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0) | |
| 4098 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA")) | |
| 4099 | || !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION)) | |
| 4100 | || !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) | |
| 4101 | || !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0)) | |
| 4102 | goto end; | |
| 4103 | ||
| 4104 | if (tst % 2 == 1) { | |
| 4105 | if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0)) | |
| 4106 | goto end; | |
| 4107 | } else { | |
| 4108 | if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0)) | |
| 4109 | goto end; | |
| 4110 | } | |
| 4111 | ||
| 4112 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 4113 | NULL, NULL))) | |
| 4114 | goto end; | |
| 4115 | ||
| 4116 | ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE); | |
| 4117 | if (ret) { | |
| 4118 | if (!TEST_true(tst % 2 == 0)) | |
| 4119 | goto end; | |
| 4120 | } else { | |
| 4121 | if (!TEST_true(tst % 2 == 1)) | |
| 4122 | goto end; | |
| 4123 | } | |
| 4124 | ||
| 4125 | testresult = 1; | |
| 4126 | ||
| 4127 | end: | |
| 4128 | SRP_VBASE_free(vbase); | |
| 4129 | vbase = NULL; | |
| 4130 | SSL_free(serverssl); | |
| 4131 | SSL_free(clientssl); | |
| 4132 | SSL_CTX_free(sctx); | |
| 4133 | SSL_CTX_free(cctx); | |
| 4134 | ||
| 4135 | return testresult; | |
| 4136 | } | |
| 4137 | #endif | |
| 4138 | ||
| 4139 | static int info_cb_failed = 0; | |
| 4140 | static int info_cb_offset = 0; | |
| 4141 | static int info_cb_this_state = -1; | |
| 4142 | ||
| 4143 | static struct info_cb_states_st { | |
| 4144 | int where; | |
| 4145 | const char *statestr; | |
| 4146 | } info_cb_states[][60] = { | |
| 4147 | { | |
| 4148 | /* TLSv1.2 server followed by resumption */ | |
| 4149 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4150 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
| 4151 | {SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"}, | |
| 4152 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"}, | |
| 4153 | {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"}, | |
| 4154 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4155 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, | |
| 4156 | {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4157 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, | |
| 4158 | {SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4159 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"}, | |
| 4160 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4161 | {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4162 | }, { | |
| 4163 | /* TLSv1.2 client followed by resumption */ | |
| 4164 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4165 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, | |
| 4166 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"}, | |
| 4167 | {SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"}, | |
| 4168 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4169 | {SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, | |
| 4170 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, | |
| 4171 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4172 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, | |
| 4173 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, | |
| 4174 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4175 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4176 | }, { | |
| 4177 | /* TLSv1.3 server followed by resumption */ | |
| 4178 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4179 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
| 4180 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"}, | |
| 4181 | {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, | |
| 4182 | {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"}, | |
| 4183 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4184 | {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4185 | {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL}, | |
| 4186 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4187 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
| 4188 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4189 | {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, | |
| 4190 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4191 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"}, | |
| 4192 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4193 | }, { | |
| 4194 | /* TLSv1.3 client followed by resumption */ | |
| 4195 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4196 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"}, | |
| 4197 | {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"}, | |
| 4198 | {SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, | |
| 4199 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4200 | {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4201 | {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, | |
| 4202 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, | |
| 4203 | {SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4204 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, | |
| 4205 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, | |
| 4206 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4207 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, | |
| 4208 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "}, | |
| 4209 | {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, | |
| 4210 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4211 | }, { | |
| 4212 | /* TLSv1.3 server, early_data */ | |
| 4213 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4214 | {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"}, | |
| 4215 | {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"}, | |
| 4216 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, | |
| 4217 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, | |
| 4218 | {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"}, | |
| 4219 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4220 | {SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4221 | {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4222 | }, { | |
| 4223 | /* TLSv1.3 client, early_data */ | |
| 4224 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "}, | |
| 4225 | {SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"}, | |
| 4226 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, | |
| 4227 | {SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"}, | |
| 4228 | {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, | |
| 4229 | {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"}, | |
| 4230 | {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL}, | |
| 4231 | {SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL}, | |
| 4232 | {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"}, | |
| 4233 | {SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL}, | |
| 4234 | }, { | |
| 4235 | {0, NULL}, | |
| 4236 | } | |
| 4237 | }; | |
| 4238 | ||
| 4239 | static void sslapi_info_callback(const SSL *s, int where, int ret) | |
| 4240 | { | |
| 4241 | struct info_cb_states_st *state = info_cb_states[info_cb_offset]; | |
| 4242 | ||
| 4243 | /* We do not ever expect a connection to fail in this test */ | |
| 4244 | if (!TEST_false(ret == 0)) { | |
| 4245 | info_cb_failed = 1; | |
| 4246 | return; | |
| 4247 | } | |
| 4248 | ||
| 4249 | /* | |
| 4250 | * Do some sanity checks. We never expect these things to happen in this | |
| 4251 | * test | |
| 4252 | */ | |
| 4253 | if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0)) | |
| 4254 | || !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0) | |
| 4255 | || !TEST_int_ne(state[++info_cb_this_state].where, 0)) { | |
| 4256 | info_cb_failed = 1; | |
| 4257 | return; | |
| 4258 | } | |
| 4259 | ||
| 4260 | /* Now check we're in the right state */ | |
| 4261 | if (!TEST_true((where & state[info_cb_this_state].where) != 0)) { | |
| 4262 | info_cb_failed = 1; | |
| 4263 | return; | |
| 4264 | } | |
| 4265 | if ((where & SSL_CB_LOOP) != 0 | |
| 4266 | && !TEST_int_eq(strcmp(SSL_state_string(s), | |
| 4267 | state[info_cb_this_state].statestr), 0)) { | |
| 4268 | info_cb_failed = 1; | |
| 4269 | return; | |
| 4270 | } | |
| 4271 | ||
| 4272 | /* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */ | |
| 4273 | if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) { | |
| 4274 | info_cb_failed = 1; | |
| 4275 | return; | |
| 4276 | } | |
| 4277 | } | |
| 4278 | ||
| 4279 | /* | |
| 4280 | * Test the info callback gets called when we expect it to. | |
| 4281 | * | |
| 4282 | * Test 0: TLSv1.2, server | |
| 4283 | * Test 1: TLSv1.2, client | |
| 4284 | * Test 2: TLSv1.3, server | |
| 4285 | * Test 3: TLSv1.3, client | |
| 4286 | * Test 4: TLSv1.3, server, early_data | |
| 4287 | * Test 5: TLSv1.3, client, early_data | |
| 4288 | */ | |
| 4289 | static int test_info_callback(int tst) | |
| 4290 | { | |
| 4291 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
| 4292 | SSL *clientssl = NULL, *serverssl = NULL; | |
| 4293 | SSL_SESSION *clntsess = NULL; | |
| 4294 | int testresult = 0; | |
| 4295 | int tlsvers; | |
| 4296 | ||
| 4297 | if (tst < 2) { | |
| 4298 | #ifndef OPENSSL_NO_TLS1_2 | |
| 4299 | tlsvers = TLS1_2_VERSION; | |
| 4300 | #else | |
| 4301 | return 1; | |
| 4302 | #endif | |
| 4303 | } else { | |
| 4304 | #ifndef OPENSSL_NO_TLS1_3 | |
| 4305 | tlsvers = TLS1_3_VERSION; | |
| 4306 | #else | |
| 4307 | return 1; | |
| 4308 | #endif | |
| 4309 | } | |
| 4310 | ||
| 4311 | /* Reset globals */ | |
| 4312 | info_cb_failed = 0; | |
| 4313 | info_cb_this_state = -1; | |
| 4314 | info_cb_offset = tst; | |
| 4315 | ||
| 4316 | #ifndef OPENSSL_NO_TLS1_3 | |
| 4317 | if (tst >= 4) { | |
| 4318 | SSL_SESSION *sess = NULL; | |
| 4319 | size_t written, readbytes; | |
| 4320 | unsigned char buf[80]; | |
| 4321 | ||
| 4322 | /* early_data tests */ | |
| 4323 | if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, | |
| 4324 | &serverssl, &sess, 0))) | |
| 4325 | goto end; | |
| 4326 | ||
| 4327 | /* We don't actually need this reference */ | |
| 4328 | SSL_SESSION_free(sess); | |
| 4329 | ||
| 4330 | SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl, | |
| 4331 | sslapi_info_callback); | |
| 4332 | ||
| 4333 | /* Write and read some early data and then complete the connection */ | |
| 4334 | if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), | |
| 4335 | &written)) | |
| 4336 | || !TEST_size_t_eq(written, strlen(MSG1)) | |
| 4337 | || !TEST_int_eq(SSL_read_early_data(serverssl, buf, | |
| 4338 | sizeof(buf), &readbytes), | |
| 4339 | SSL_READ_EARLY_DATA_SUCCESS) | |
| 4340 | || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) | |
| 4341 | || !TEST_int_eq(SSL_get_early_data_status(serverssl), | |
| 4342 | SSL_EARLY_DATA_ACCEPTED) | |
| 4343 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 4344 | SSL_ERROR_NONE)) | |
| 4345 | || !TEST_false(info_cb_failed)) | |
| 4346 | goto end; | |
| 4347 | ||
| 4348 | testresult = 1; | |
| 4349 | goto end; | |
| 4350 | } | |
| 4351 | #endif | |
| 4352 | ||
| 4353 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), | |
| 4354 | TLS_client_method(), | |
| 4355 | tlsvers, tlsvers, &sctx, &cctx, cert, | |
| 4356 | privkey))) | |
| 4357 | goto end; | |
| 4358 | ||
| 4359 | /* | |
| 4360 | * For even numbered tests we check the server callbacks. For odd numbers we | |
| 4361 | * check the client. | |
| 4362 | */ | |
| 4363 | SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx, | |
| 4364 | sslapi_info_callback); | |
| 4365 | ||
| 4366 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, | |
| 4367 | &clientssl, NULL, NULL)) | |
| 4368 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 4369 | SSL_ERROR_NONE)) | |
| 4370 | || !TEST_false(info_cb_failed)) | |
| 4371 | goto end; | |
| 4372 | ||
| 4373 | ||
| 4374 | ||
| 4375 | clntsess = SSL_get1_session(clientssl); | |
| 4376 | SSL_shutdown(clientssl); | |
| 4377 | SSL_shutdown(serverssl); | |
| 4378 | SSL_free(serverssl); | |
| 4379 | SSL_free(clientssl); | |
| 4380 | serverssl = clientssl = NULL; | |
| 4381 | ||
| 4382 | /* Now do a resumption */ | |
| 4383 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, | |
| 4384 | NULL)) | |
| 4385 | || !TEST_true(SSL_set_session(clientssl, clntsess)) | |
| 4386 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 4387 | SSL_ERROR_NONE)) | |
| 4388 | || !TEST_true(SSL_session_reused(clientssl)) | |
| 4389 | || !TEST_false(info_cb_failed)) | |
| 4390 | goto end; | |
| 4391 | ||
| 4392 | testresult = 1; | |
| 4393 | ||
| 4394 | end: | |
| 4395 | SSL_free(serverssl); | |
| 4396 | SSL_free(clientssl); | |
| 4397 | SSL_SESSION_free(clntsess); | |
| 4398 | SSL_CTX_free(sctx); | |
| 4399 | SSL_CTX_free(cctx); | |
| 4400 | return testresult; | |
| 4401 | } | |
| 4402 | ||
| 4403 | static int test_ssl_pending(int tst) | |
| 4404 | { | |
| 4405 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
| 4406 | SSL *clientssl = NULL, *serverssl = NULL; | |
| 4407 | int testresult = 0; | |
| 4408 | char msg[] = "A test message"; | |
| 4409 | char buf[5]; | |
| 4410 | size_t written, readbytes; | |
| 4411 | ||
| 4412 | if (tst == 0) { | |
| 4413 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), | |
| 4414 | TLS_client_method(), | |
| 4415 | TLS1_VERSION, TLS_MAX_VERSION, | |
| 4416 | &sctx, &cctx, cert, privkey))) | |
| 4417 | goto end; | |
| 4418 | } else { | |
| 4419 | #ifndef OPENSSL_NO_DTLS | |
| 4420 | if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), | |
| 4421 | DTLS_client_method(), | |
| 4422 | DTLS1_VERSION, DTLS_MAX_VERSION, | |
| 4423 | &sctx, &cctx, cert, privkey))) | |
| 4424 | goto end; | |
| 4425 | #else | |
| 4426 | return 1; | |
| 4427 | #endif | |
| 4428 | } | |
| 4429 | ||
| 4430 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
| 4431 | NULL, NULL)) | |
| 4432 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
| 4433 | SSL_ERROR_NONE))) | |
| 4434 | goto end; | |
| 4435 | ||
| 4436 | if (!TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) | |
| 4437 | || !TEST_size_t_eq(written, sizeof(msg)) | |
| 4438 | || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) | |
| 4439 | || !TEST_size_t_eq(readbytes, sizeof(buf)) | |
| 4440 | || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))) | |
| 4441 | goto end; | |
| 4442 | ||
| 4443 | testresult = 1; | |
| 4444 | ||
| 4445 | end: | |
| 4446 | SSL_free(serverssl); | |
| 4447 | SSL_free(clientssl); | |
| 4448 | SSL_CTX_free(sctx); | |
| 4449 | SSL_CTX_free(cctx); | |
| 4450 | ||
| 4451 | return testresult; | |
| 4452 | } | |
| 4453 | ||
| 3707 | 4454 | int setup_tests(void) |
| 3708 | 4455 | { |
| 3709 | 4456 | if (!TEST_ptr(cert = test_get_argument(0)) |
| 3710 | || !TEST_ptr(privkey = test_get_argument(1))) | |
| 4457 | || !TEST_ptr(privkey = test_get_argument(1)) | |
| 4458 | || !TEST_ptr(srpvfile = test_get_argument(2)) | |
| 4459 | || !TEST_ptr(tmpfilename = test_get_argument(3))) | |
| 3711 | 4460 | return 0; |
| 3712 | 4461 | |
| 3713 | 4462 | if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { |
| 3769 | 4518 | # endif |
| 3770 | 4519 | #endif |
| 3771 | 4520 | #ifndef OPENSSL_NO_TLS1_3 |
| 4521 | ADD_ALL_TESTS(test_set_ciphersuite, 10); | |
| 3772 | 4522 | ADD_TEST(test_ciphersuite_change); |
| 3773 | 4523 | #ifdef OPENSSL_NO_PSK |
| 3774 | 4524 | ADD_ALL_TESTS(test_tls13_psk, 1); |
| 3788 | 4538 | #endif |
| 3789 | 4539 | ADD_ALL_TESTS(test_ssl_clear, 2); |
| 3790 | 4540 | ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test)); |
| 4541 | #if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) | |
| 4542 | ADD_ALL_TESTS(test_srp, 6); | |
| 4543 | #endif | |
| 4544 | ADD_ALL_TESTS(test_info_callback, 6); | |
| 4545 | ADD_ALL_TESTS(test_ssl_pending, 2); | |
| 3791 | 4546 | return 1; |
| 3792 | 4547 | } |
| 3793 | 4548 | |
| 197 | 197 | &sctx, &cctx, cert, privkey))) |
| 198 | 198 | return 0; |
| 199 | 199 | |
| 200 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx]))) | |
| 201 | goto end; | |
| 202 | ||
| 203 | if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) | |
| 200 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) | |
| 204 | 201 | || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "")) |
| 202 | || !TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) | |
| 205 | 203 | || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) |
| 206 | 204 | || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) |
| 207 | 205 | goto end; |
| 1835 | 1835 | int err_in_client = 0; |
| 1836 | 1836 | int err_in_server = 0; |
| 1837 | 1837 | |
| 1838 | acpt = BIO_new_accept("0"); | |
| 1838 | acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0" | |
| 1839 | : "[::1]:0"); | |
| 1839 | 1840 | if (acpt == NULL) |
| 1840 | 1841 | goto err; |
| 1841 | 1842 | BIO_set_accept_ip_family(acpt, family); |
| 257 | 257 | TLS1_VERSION, TLS_MAX_VERSION, |
| 258 | 258 | &sctx, &cctx, cert, privkey)) |
| 259 | 259 | || !TEST_true(SSL_CTX_set_max_early_data(sctx, |
| 260 | SSL3_RT_MAX_PLAIN_LENGTH)) | |
| 261 | || !TEST_true(SSL_CTX_set_max_early_data(cctx, | |
| 262 | 260 | SSL3_RT_MAX_PLAIN_LENGTH))) |
| 263 | 261 | goto err; |
| 264 | 262 |
| 0 | 0 | /* |
| 1 | * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. | |
| 1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | 2 | * |
| 3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
| 4 | 4 | * this file except in compliance with the License. You can obtain a copy |
| 137 | 137 | return ret; |
| 138 | 138 | } |
| 139 | 139 | |
| 140 | static int test_store_ctx(void) | |
| 141 | { | |
| 142 | X509_STORE_CTX *sctx = NULL; | |
| 143 | X509 *x = NULL; | |
| 144 | BIO *bio = NULL; | |
| 145 | int testresult = 0, ret; | |
| 146 | ||
| 147 | bio = BIO_new_file(bad_f, "r"); | |
| 148 | if (bio == NULL) | |
| 149 | goto err; | |
| 150 | ||
| 151 | x = PEM_read_bio_X509(bio, NULL, 0, NULL); | |
| 152 | if (x == NULL) | |
| 153 | goto err; | |
| 154 | ||
| 155 | sctx = X509_STORE_CTX_new(); | |
| 156 | if (sctx == NULL) | |
| 157 | goto err; | |
| 158 | ||
| 159 | if (!X509_STORE_CTX_init(sctx, NULL, x, NULL)) | |
| 160 | goto err; | |
| 161 | ||
| 162 | /* Verifying a cert where we have no trusted certs should fail */ | |
| 163 | ret = X509_verify_cert(sctx); | |
| 164 | ||
| 165 | if (ret == 0) { | |
| 166 | /* This is the result we were expecting: Test passed */ | |
| 167 | testresult = 1; | |
| 168 | } | |
| 169 | ||
| 170 | err: | |
| 171 | X509_STORE_CTX_free(sctx); | |
| 172 | X509_free(x); | |
| 173 | BIO_free(bio); | |
| 174 | return testresult; | |
| 175 | } | |
| 176 | ||
| 140 | 177 | int setup_tests(void) |
| 141 | 178 | { |
| 142 | 179 | if (!TEST_ptr(roots_f = test_get_argument(0)) |
| 147 | 184 | } |
| 148 | 185 | |
| 149 | 186 | ADD_TEST(test_alt_chains_cert_forgery); |
| 187 | ADD_TEST(test_store_ctx); | |
| 150 | 188 | return 1; |
| 151 | 189 | } |
| 0 | #! /bin/sh | |
| 1 | # Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
| 2 | # | |
| 3 | # Licensed under the OpenSSL license (the "License"). You may not use | |
| 4 | # this file except in compliance with the License. You can obtain a copy | |
| 5 | # in the file LICENSE in the source distribution or at | |
| 6 | # https://www.openssl.org/source/license.html | |
| 7 | ||
| 8 | ( | |
| 9 | pcregrep -rnM 'OPENSSL_.?alloc.*\n.*if.*NULL.*\n.*return' crypto ssl | |
| 10 | pcregrep -rnM 'if.*OPENSSL_.?alloc.*NULL.*\n.*.*return' crypto ssl | |
| 11 | ) | tee /tmp/out$$ | |
| 12 | X=0 | |
| 13 | test -s /tmp/out$$ && X=1 | |
| 14 | rm /tmp/out$$ | |
| 15 | exit $X |
| 4523 | 4523 | SM2_sign 4466 1_1_1 EXIST::FUNCTION:SM2 |
| 4524 | 4524 | ERR_load_SM2_strings 4467 1_1_1 EXIST::FUNCTION:SM2 |
| 4525 | 4525 | SM2_plaintext_size 4468 1_1_1 EXIST::FUNCTION:SM2 |
| 4526 | conf_ssl_name_find 4469 1_1_0i EXIST::FUNCTION: | |
| 4527 | conf_ssl_get_cmd 4470 1_1_0i EXIST::FUNCTION: | |
| 4528 | conf_ssl_get 4471 1_1_0i EXIST::FUNCTION: |
| 240 | 240 | $crypto.=" include/internal/o_dir.h"; |
| 241 | 241 | $crypto.=" include/internal/o_str.h"; |
| 242 | 242 | $crypto.=" include/internal/err.h"; |
| 243 | $crypto.=" include/internal/sslconf.h"; | |
| 243 | 244 | foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) { |
| 244 | 245 | my $fn = "include/openssl/" . lc(basename($f)); |
| 245 | 246 | $crypto .= " $fn" if !defined $skipthese{$fn}; |
| 602 | 602 | |
| 603 | 603 | sub srctop_file { |
| 604 | 604 | return __srctop_file(@_); |
| 605 | } | |
| 606 | ||
| 607 | =over 4 | |
| 608 | ||
| 609 | =item B<data_dir LIST> | |
| 610 | ||
| 611 | LIST is a list of directories that make up a path from the data directory | |
| 612 | associated with the test (see L</DESCRIPTION> above). | |
| 613 | C<data_dir> returns the resulting directory as a string, adapted to the local | |
| 614 | operating system. | |
| 615 | ||
| 616 | =back | |
| 617 | ||
| 618 | =cut | |
| 619 | ||
| 620 | sub data_dir { | |
| 621 | return __data_dir(@_); | |
| 605 | 622 | } |
| 606 | 623 | |
| 607 | 624 | =over 4 |
| 966 | 983 | return catfile($directories{SRCDATA},@_,$f); |
| 967 | 984 | } |
| 968 | 985 | |
| 986 | sub __data_dir { | |
| 987 | BAIL_OUT("Must run setup() first") if (! $test_name); | |
| 988 | ||
| 989 | return catdir($directories{SRCDATA},@_); | |
| 990 | } | |
| 991 | ||
| 969 | 992 | sub __results_file { |
| 970 | 993 | BAIL_OUT("Must run setup() first") if (! $test_name); |
| 971 | 994 | |
| 266 | 266 | } |
| 267 | 267 | } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) { |
| 268 | 268 | my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data); |
| 269 | print " [$alertlev, $alertdesc]\n"; | |
| 269 | 270 | #A CloseNotify from the client indicates we have finished successfully |
| 270 | 271 | #(we assume) |
| 271 | 272 | if (!$end && !$server && $alertlev == AL_LEVEL_WARN |
| 272 | 273 | && $alertdesc == AL_DESC_CLOSE_NOTIFY) { |
| 273 | 274 | $success = 1; |
| 274 | 275 | } |
| 275 | #All alerts end the test | |
| 276 | $end = 1; | |
| 276 | #Fatal or close notify alerts end the test | |
| 277 | if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) { | |
| 278 | $end = 1; | |
| 279 | } | |
| 277 | 280 | } |
| 278 | 281 | |
| 279 | 282 | return @messages; |
| 21 | 21 | use TLSProxy::CertificateVerify; |
| 22 | 22 | use TLSProxy::ServerKeyExchange; |
| 23 | 23 | use TLSProxy::NewSessionTicket; |
| 24 | use Time::HiRes qw/usleep/; | |
| 25 | ||
| 26 | my $have_IPv6 = 0; | |
| 24 | ||
| 25 | my $have_IPv6; | |
| 27 | 26 | my $IP_factory; |
| 28 | 27 | |
| 29 | my $is_tls13 = 0; | |
| 30 | my $ciphersuite = undef; | |
| 31 | ||
| 32 | sub new | |
| 33 | { | |
| 34 | my $class = shift; | |
| 35 | my ($filter, | |
| 36 | $execute, | |
| 37 | $cert, | |
| 38 | $debug) = @_; | |
| 39 | ||
| 40 | my $self = { | |
| 41 | #Public read/write | |
| 42 | proxy_addr => "localhost", | |
| 43 | proxy_port => 4453, | |
| 44 | server_addr => "localhost", | |
| 45 | server_port => 4443, | |
| 46 | filter => $filter, | |
| 47 | serverflags => "", | |
| 48 | clientflags => "", | |
| 49 | serverconnects => 1, | |
| 50 | serverpid => 0, | |
| 51 | clientpid => 0, | |
| 52 | reneg => 0, | |
| 53 | sessionfile => undef, | |
| 54 | ||
| 55 | #Public read | |
| 56 | execute => $execute, | |
| 57 | cert => $cert, | |
| 58 | debug => $debug, | |
| 59 | cipherc => "", | |
| 60 | ciphersuitesc => "", | |
| 61 | ciphers => "AES128-SHA", | |
| 62 | ciphersuitess => "TLS_AES_128_GCM_SHA256", | |
| 63 | flight => -1, | |
| 64 | direction => -1, | |
| 65 | partial => ["", ""], | |
| 66 | record_list => [], | |
| 67 | message_list => [], | |
| 68 | }; | |
| 69 | ||
| 28 | BEGIN | |
| 29 | { | |
| 70 | 30 | # IO::Socket::IP is on the core module list, IO::Socket::INET6 isn't. |
| 71 | 31 | # However, IO::Socket::INET6 is older and is said to be more widely |
| 72 | 32 | # deployed for the moment, and may have less bugs, so we try the latter |
| 73 | # first, then fall back on the code modules. Worst case scenario, we | |
| 33 | # first, then fall back on the core modules. Worst case scenario, we | |
| 74 | 34 | # fall back to IO::Socket::INET, only supports IPv4. |
| 75 | 35 | eval { |
| 76 | 36 | require IO::Socket::INET6; |
| 101 | 61 | $have_IPv6 = 1; |
| 102 | 62 | } else { |
| 103 | 63 | $IP_factory = sub { IO::Socket::INET->new(@_); }; |
| 104 | } | |
| 105 | } | |
| 64 | $have_IPv6 = 0; | |
| 65 | } | |
| 66 | } | |
| 67 | } | |
| 68 | ||
| 69 | my $is_tls13 = 0; | |
| 70 | my $ciphersuite = undef; | |
| 71 | ||
| 72 | sub new | |
| 73 | { | |
| 74 | my $class = shift; | |
| 75 | my ($filter, | |
| 76 | $execute, | |
| 77 | $cert, | |
| 78 | $debug) = @_; | |
| 79 | ||
| 80 | my $self = { | |
| 81 | #Public read/write | |
| 82 | proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1", | |
| 83 | filter => $filter, | |
| 84 | serverflags => "", | |
| 85 | clientflags => "", | |
| 86 | serverconnects => 1, | |
| 87 | reneg => 0, | |
| 88 | sessionfile => undef, | |
| 89 | ||
| 90 | #Public read | |
| 91 | proxy_port => 0, | |
| 92 | server_port => 0, | |
| 93 | serverpid => 0, | |
| 94 | clientpid => 0, | |
| 95 | execute => $execute, | |
| 96 | cert => $cert, | |
| 97 | debug => $debug, | |
| 98 | cipherc => "", | |
| 99 | ciphersuitesc => "", | |
| 100 | ciphers => "AES128-SHA", | |
| 101 | ciphersuitess => "TLS_AES_128_GCM_SHA256", | |
| 102 | flight => -1, | |
| 103 | direction => -1, | |
| 104 | partial => ["", ""], | |
| 105 | record_list => [], | |
| 106 | message_list => [], | |
| 107 | }; | |
| 106 | 108 | |
| 107 | 109 | # Create the Proxy socket |
| 108 | 110 | my $proxaddr = $self->{proxy_addr}; |
| 109 | 111 | $proxaddr =~ s/[\[\]]//g; # Remove [ and ] |
| 110 | 112 | my @proxyargs = ( |
| 111 | 113 | LocalHost => $proxaddr, |
| 112 | LocalPort => $self->{proxy_port}, | |
| 114 | LocalPort => 0, | |
| 113 | 115 | Proto => "tcp", |
| 114 | 116 | Listen => SOMAXCONN, |
| 115 | 117 | ); |
| 116 | push @proxyargs, ReuseAddr => 1 | |
| 117 | unless $^O eq "MSWin32"; | |
| 118 | $self->{proxy_sock} = $IP_factory->(@proxyargs); | |
| 119 | ||
| 120 | if ($self->{proxy_sock}) { | |
| 121 | print "Proxy started on port ".$self->{proxy_port}."\n"; | |
| 118 | ||
| 119 | if (my $sock = $IP_factory->(@proxyargs)) { | |
| 120 | $self->{proxy_sock} = $sock; | |
| 121 | $self->{proxy_port} = $sock->sockport(); | |
| 122 | $self->{proxy_addr} = $sock->sockhost(); | |
| 123 | $self->{proxy_addr} =~ s/(.*:.*)/[$1]/; | |
| 124 | print "Proxy started on port ", | |
| 125 | "$self->{proxy_addr}:$self->{proxy_port}\n"; | |
| 126 | # use same address for s_server | |
| 127 | $self->{server_addr} = $self->{proxy_addr}; | |
| 122 | 128 | } else { |
| 123 | warn "Failed creating proxy socket (".$proxaddr.",".$self->{proxy_port}."): $!\n"; | |
| 129 | warn "Failed creating proxy socket (".$proxaddr.",0): $!\n"; | |
| 124 | 130 | } |
| 125 | 131 | |
| 126 | 132 | return bless $self, $class; |
| 183 | 189 | $self->clientstart; |
| 184 | 190 | } |
| 185 | 191 | |
| 192 | sub connect_to_server | |
| 193 | { | |
| 194 | my $self = shift; | |
| 195 | my $servaddr = $self->{server_addr}; | |
| 196 | ||
| 197 | $servaddr =~ s/[\[\]]//g; # Remove [ and ] | |
| 198 | ||
| 199 | my $sock = $IP_factory->(PeerAddr => $servaddr, | |
| 200 | PeerPort => $self->{server_port}, | |
| 201 | Proto => 'tcp'); | |
| 202 | if (!defined($sock)) { | |
| 203 | my $err = $!; | |
| 204 | kill(3, $self->{real_serverpid}); | |
| 205 | die "unable to connect: $err\n"; | |
| 206 | } | |
| 207 | ||
| 208 | $self->{server_sock} = $sock; | |
| 209 | } | |
| 210 | ||
| 186 | 211 | sub start |
| 187 | 212 | { |
| 188 | 213 | my ($self) = shift; |
| 192 | 217 | return 0; |
| 193 | 218 | } |
| 194 | 219 | |
| 195 | $pid = fork(); | |
| 196 | if ($pid == 0) { | |
| 220 | my $execcmd = $self->execute | |
| 221 | ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest" | |
| 222 | ." -accept $self->{server_addr}:0" | |
| 223 | ." -cert ".$self->cert." -cert2 ".$self->cert | |
| 224 | ." -naccept ".$self->serverconnects; | |
| 225 | if ($self->ciphers ne "") { | |
| 226 | $execcmd .= " -cipher ".$self->ciphers; | |
| 227 | } | |
| 228 | if ($self->ciphersuitess ne "") { | |
| 229 | $execcmd .= " -ciphersuites ".$self->ciphersuitess; | |
| 230 | } | |
| 231 | if ($self->serverflags ne "") { | |
| 232 | $execcmd .= " ".$self->serverflags; | |
| 233 | } | |
| 234 | if ($self->debug) { | |
| 235 | print STDERR "Server command: $execcmd\n"; | |
| 236 | } | |
| 237 | ||
| 238 | open(my $savedin, "<&STDIN"); | |
| 239 | ||
| 240 | # Temporarily replace STDIN so that sink process can inherit it... | |
| 241 | $pid = open(STDIN, "$execcmd 2>&1 |") or die "Failed to $execcmd: $!\n"; | |
| 242 | $self->{real_serverpid} = $pid; | |
| 243 | ||
| 244 | # Process the output from s_server until we find the ACCEPT line, which | |
| 245 | # tells us what the accepting address and port are. | |
| 246 | while (<>) { | |
| 247 | print; | |
| 248 | s/\R$//; # Better chomp | |
| 249 | next unless (/^ACCEPT\s.*:(\d+)$/); | |
| 250 | $self->{server_port} = $1; | |
| 251 | last; | |
| 252 | } | |
| 253 | ||
| 254 | if ($self->{server_port} == 0) { | |
| 255 | # This actually means that s_server exited, because otherwise | |
| 256 | # we would still searching for ACCEPT... | |
| 257 | waitpid($pid, 0); | |
| 258 | die "no ACCEPT detected in '$execcmd' output: $?\n"; | |
| 259 | } | |
| 260 | ||
| 261 | # Just make sure everything else is simply printed [as separate lines]. | |
| 262 | # The sub process simply inherits our STD* and will keep consuming | |
| 263 | # server's output and printing it as long as there is anything there, | |
| 264 | # out of our way. | |
| 265 | my $error; | |
| 266 | $pid = undef; | |
| 267 | if (eval { require Win32::Process; 1; }) { | |
| 268 | if (Win32::Process::Create(my $h, $^X, "perl -ne print", 0, 0, ".")) { | |
| 269 | $pid = $h->GetProcessID(); | |
| 270 | $self->{proc_handle} = $h; # hold handle till next round [or exit] | |
| 271 | } else { | |
| 272 | $error = Win32::FormatMessage(Win32::GetLastError()); | |
| 273 | } | |
| 274 | } else { | |
| 275 | if (defined($pid = fork)) { | |
| 276 | $pid or exec("$^X -ne print") or exit($!); | |
| 277 | } else { | |
| 278 | $error = $!; | |
| 279 | } | |
| 280 | } | |
| 281 | ||
| 282 | # Change back to original stdin | |
| 283 | open(STDIN, "<&", $savedin); | |
| 284 | close($savedin); | |
| 285 | ||
| 286 | if (!defined($pid)) { | |
| 287 | kill(3, $self->{real_serverpid}); | |
| 288 | die "Failed to capture s_server's output: $error\n"; | |
| 289 | } | |
| 290 | ||
| 291 | $self->{serverpid} = $pid; | |
| 292 | ||
| 293 | print STDERR "Server responds on ", | |
| 294 | "$self->{server_addr}:$self->{server_port}\n"; | |
| 295 | ||
| 296 | # Connect right away... | |
| 297 | $self->connect_to_server(); | |
| 298 | ||
| 299 | return $self->clientstart; | |
| 300 | } | |
| 301 | ||
| 302 | sub clientstart | |
| 303 | { | |
| 304 | my ($self) = shift; | |
| 305 | ||
| 306 | if ($self->execute) { | |
| 307 | my $pid; | |
| 197 | 308 | my $execcmd = $self->execute |
| 198 | ." s_server -max_protocol TLSv1.3 -no_comp -rev -engine ossltest -accept " | |
| 199 | .($self->server_port) | |
| 200 | ." -cert ".$self->cert." -cert2 ".$self->cert | |
| 201 | ." -naccept ".$self->serverconnects; | |
| 202 | unless ($self->supports_IPv6) { | |
| 203 | $execcmd .= " -4"; | |
| 204 | } | |
| 205 | if ($self->ciphers ne "") { | |
| 206 | $execcmd .= " -cipher ".$self->ciphers; | |
| 207 | } | |
| 208 | if ($self->ciphersuitess ne "") { | |
| 209 | $execcmd .= " -ciphersuites ".$self->ciphersuitess; | |
| 210 | } | |
| 211 | if ($self->serverflags ne "") { | |
| 212 | $execcmd .= " ".$self->serverflags; | |
| 309 | ." s_client -max_protocol TLSv1.3 -engine ossltest" | |
| 310 | ." -connect $self->{proxy_addr}:$self->{proxy_port}"; | |
| 311 | if ($self->cipherc ne "") { | |
| 312 | $execcmd .= " -cipher ".$self->cipherc; | |
| 313 | } | |
| 314 | if ($self->ciphersuitesc ne "") { | |
| 315 | $execcmd .= " -ciphersuites ".$self->ciphersuitesc; | |
| 316 | } | |
| 317 | if ($self->clientflags ne "") { | |
| 318 | $execcmd .= " ".$self->clientflags; | |
| 319 | } | |
| 320 | if ($self->clientflags !~ m/-(no)?servername/) { | |
| 321 | $execcmd .= " -servername localhost"; | |
| 322 | } | |
| 323 | if (defined $self->sessionfile) { | |
| 324 | $execcmd .= " -ign_eof"; | |
| 213 | 325 | } |
| 214 | 326 | if ($self->debug) { |
| 215 | print STDERR "Server command: $execcmd\n"; | |
| 216 | } | |
| 217 | exec($execcmd); | |
| 218 | } | |
| 219 | $self->serverpid($pid); | |
| 220 | ||
| 221 | return $self->clientstart; | |
| 222 | } | |
| 223 | ||
| 224 | sub clientstart | |
| 225 | { | |
| 226 | my ($self) = shift; | |
| 227 | my $oldstdout; | |
| 228 | ||
| 229 | if ($self->execute) { | |
| 230 | my $pid = fork(); | |
| 231 | if ($pid == 0) { | |
| 232 | my $echostr; | |
| 233 | if ($self->reneg()) { | |
| 234 | $echostr = "R"; | |
| 235 | } else { | |
| 236 | $echostr = "test"; | |
| 237 | } | |
| 238 | my $execcmd = "echo ".$echostr." | ".$self->execute | |
| 239 | ." s_client -max_protocol TLSv1.3 -engine ossltest -connect " | |
| 240 | .($self->proxy_addr).":".($self->proxy_port); | |
| 241 | unless ($self->supports_IPv6) { | |
| 242 | $execcmd .= " -4"; | |
| 243 | } | |
| 244 | if ($self->cipherc ne "") { | |
| 245 | $execcmd .= " -cipher ".$self->cipherc; | |
| 246 | } | |
| 247 | if ($self->ciphersuitesc ne "") { | |
| 248 | $execcmd .= " -ciphersuites ".$self->ciphersuitesc; | |
| 249 | } | |
| 250 | if ($self->clientflags ne "") { | |
| 251 | $execcmd .= " ".$self->clientflags; | |
| 252 | } | |
| 253 | if (defined $self->sessionfile) { | |
| 254 | $execcmd .= " -ign_eof"; | |
| 255 | } | |
| 256 | if ($self->debug) { | |
| 257 | print STDERR "Client command: $execcmd\n"; | |
| 258 | } | |
| 259 | exec($execcmd); | |
| 260 | } | |
| 261 | $self->clientpid($pid); | |
| 327 | print STDERR "Client command: $execcmd\n"; | |
| 328 | } | |
| 329 | ||
| 330 | open(my $savedout, ">&STDOUT"); | |
| 331 | # If we open pipe with new descriptor, attempt to close it, | |
| 332 | # explicitly or implicitly, would incur waitpid and effectively | |
| 333 | # dead-lock... | |
| 334 | if (!($pid = open(STDOUT, "| $execcmd"))) { | |
| 335 | my $err = $!; | |
| 336 | kill(3, $self->{real_serverpid}); | |
| 337 | die "Failed to $execcmd: $err\n"; | |
| 338 | } | |
| 339 | $self->{clientpid} = $pid; | |
| 340 | ||
| 341 | # queue [magic] input | |
| 342 | print $self->reneg ? "R" : "test"; | |
| 343 | ||
| 344 | # this closes client's stdin without waiting for its pid | |
| 345 | open(STDOUT, ">&", $savedout); | |
| 346 | close($savedout); | |
| 262 | 347 | } |
| 263 | 348 | |
| 264 | 349 | # Wait for incoming connection from client |
| 350 | my $fdset = IO::Select->new($self->{proxy_sock}); | |
| 351 | if (!$fdset->can_read(60)) { | |
| 352 | kill(3, $self->{real_serverpid}); | |
| 353 | die "s_client didn't try to connect\n"; | |
| 354 | } | |
| 355 | ||
| 265 | 356 | my $client_sock; |
| 266 | 357 | if(!($client_sock = $self->{proxy_sock}->accept())) { |
| 267 | 358 | warn "Failed accepting incoming connection: $!\n"; |
| 270 | 361 | |
| 271 | 362 | print "Connection opened\n"; |
| 272 | 363 | |
| 273 | # Now connect to the server | |
| 274 | my $retry = 50; | |
| 275 | my $server_sock; | |
| 276 | #We loop over this a few times because sometimes s_server can take a while | |
| 277 | #to start up | |
| 278 | do { | |
| 279 | my $servaddr = $self->server_addr; | |
| 280 | $servaddr =~ s/[\[\]]//g; # Remove [ and ] | |
| 281 | eval { | |
| 282 | $server_sock = $IP_factory->( | |
| 283 | PeerAddr => $servaddr, | |
| 284 | PeerPort => $self->server_port, | |
| 285 | MultiHomed => 1, | |
| 286 | Proto => 'tcp' | |
| 287 | ); | |
| 288 | }; | |
| 289 | ||
| 290 | $retry--; | |
| 291 | #Some buggy IP factories can return a defined server_sock that hasn't | |
| 292 | #actually connected, so we check peerport too | |
| 293 | if ($@ || !defined($server_sock) || !defined($server_sock->peerport)) { | |
| 294 | $server_sock->close() if defined($server_sock); | |
| 295 | undef $server_sock; | |
| 296 | if ($retry) { | |
| 297 | #Sleep for a short while | |
| 298 | select(undef, undef, undef, 0.1); | |
| 299 | } else { | |
| 300 | warn "Failed to start up server (".$servaddr.",".$self->server_port."): $!\n"; | |
| 301 | return 0; | |
| 302 | } | |
| 303 | } | |
| 304 | } while (!$server_sock); | |
| 305 | ||
| 306 | my $sel = IO::Select->new($server_sock, $client_sock); | |
| 364 | my $server_sock = $self->{server_sock}; | |
| 307 | 365 | my $indata; |
| 308 | my @handles = ($server_sock, $client_sock); | |
| 309 | 366 | |
| 310 | 367 | #Wait for either the server socket or the client socket to become readable |
| 368 | $fdset = IO::Select->new($server_sock, $client_sock); | |
| 311 | 369 | my @ready; |
| 312 | 370 | my $ctr = 0; |
| 313 | 371 | local $SIG{PIPE} = "IGNORE"; |
| 314 | while( (!(TLSProxy::Message->end) | |
| 315 | || (defined $self->sessionfile() | |
| 316 | && (-s $self->sessionfile()) == 0)) | |
| 317 | && $ctr < 10) { | |
| 318 | if (!(@ready = $sel->can_read(1))) { | |
| 372 | $self->{saw_session_ticket} = undef; | |
| 373 | while($fdset->count && $ctr < 10) { | |
| 374 | if (defined($self->{sessionfile})) { | |
| 375 | # s_client got -ign_eof and won't be exiting voluntarily, so we | |
| 376 | # look for data *and* session ticket... | |
| 377 | last if TLSProxy::Message->success() | |
| 378 | && $self->{saw_session_ticket}; | |
| 379 | } | |
| 380 | if (!(@ready = $fdset->can_read(1))) { | |
| 319 | 381 | $ctr++; |
| 320 | 382 | next; |
| 321 | 383 | } |
| 322 | 384 | foreach my $hand (@ready) { |
| 323 | 385 | if ($hand == $server_sock) { |
| 324 | $server_sock->sysread($indata, 16384) or goto END; | |
| 325 | $indata = $self->process_packet(1, $indata); | |
| 326 | $client_sock->syswrite($indata); | |
| 327 | $ctr = 0; | |
| 386 | if ($server_sock->sysread($indata, 16384)) { | |
| 387 | if ($indata = $self->process_packet(1, $indata)) { | |
| 388 | $client_sock->syswrite($indata) or goto END; | |
| 389 | } | |
| 390 | $ctr = 0; | |
| 391 | } else { | |
| 392 | $fdset->remove($server_sock); | |
| 393 | $client_sock->shutdown(SHUT_WR); | |
| 394 | } | |
| 328 | 395 | } elsif ($hand == $client_sock) { |
| 329 | $client_sock->sysread($indata, 16384) or goto END; | |
| 330 | $indata = $self->process_packet(0, $indata); | |
| 331 | $server_sock->syswrite($indata); | |
| 332 | $ctr = 0; | |
| 396 | if ($client_sock->sysread($indata, 16384)) { | |
| 397 | if ($indata = $self->process_packet(0, $indata)) { | |
| 398 | $server_sock->syswrite($indata) or goto END; | |
| 399 | } | |
| 400 | $ctr = 0; | |
| 401 | } else { | |
| 402 | $fdset->remove($client_sock); | |
| 403 | $server_sock->shutdown(SHUT_WR); | |
| 404 | } | |
| 333 | 405 | } else { |
| 406 | kill(3, $self->{real_serverpid}); | |
| 334 | 407 | die "Unexpected handle"; |
| 335 | 408 | } |
| 336 | 409 | } |
| 337 | 410 | } |
| 338 | 411 | |
| 339 | die "No progress made" if $ctr >= 10; | |
| 412 | if ($ctr >= 10) { | |
| 413 | kill(3, $self->{real_serverpid}); | |
| 414 | die "No progress made"; | |
| 415 | } | |
| 340 | 416 | |
| 341 | 417 | END: |
| 342 | 418 | print "Connection closed\n"; |
| 343 | 419 | if($server_sock) { |
| 344 | 420 | $server_sock->close(); |
| 421 | $self->{server_sock} = undef; | |
| 345 | 422 | } |
| 346 | 423 | if($client_sock) { |
| 347 | 424 | #Closing this also kills the child process |
| 348 | 425 | $client_sock->close(); |
| 349 | 426 | } |
| 350 | if(!$self->debug) { | |
| 351 | select($oldstdout); | |
| 352 | } | |
| 353 | $self->serverconnects($self->serverconnects - 1); | |
| 354 | if ($self->serverconnects == 0) { | |
| 355 | die "serverpid is zero\n" if $self->serverpid == 0; | |
| 356 | print "Waiting for server process to close: " | |
| 357 | .$self->serverpid."\n"; | |
| 358 | waitpid( $self->serverpid, 0); | |
| 359 | die "exit code $? from server process\n" if $? != 0; | |
| 427 | ||
| 428 | my $pid; | |
| 429 | if (--$self->{serverconnects} == 0) { | |
| 430 | $pid = $self->{serverpid}; | |
| 431 | print "Waiting for 'perl -ne print' process to close: $pid...\n"; | |
| 432 | $pid = waitpid($pid, 0); | |
| 433 | if ($pid > 0) { | |
| 434 | die "exit code $? from 'perl -ne print' process\n" if $? != 0; | |
| 435 | } elsif ($pid == 0) { | |
| 436 | kill(3, $self->{real_serverpid}); | |
| 437 | die "lost control over $self->{serverpid}?"; | |
| 438 | } | |
| 439 | $pid = $self->{real_serverpid}; | |
| 440 | print "Waiting for s_server process to close: $pid...\n"; | |
| 441 | # it's done already, just collect the exit code [and reap]... | |
| 442 | waitpid($pid, 0); | |
| 443 | die "exit code $? from s_server process\n" if $? != 0; | |
| 360 | 444 | } else { |
| 361 | # Give s_server sufficient time to finish what it was doing | |
| 362 | usleep(250000); | |
| 363 | } | |
| 364 | die "clientpid is zero\n" if $self->clientpid == 0; | |
| 365 | print "Waiting for client process to close: ".$self->clientpid."\n"; | |
| 366 | waitpid($self->clientpid, 0); | |
| 445 | # It's a bit counter-intuitive spot to make next connection to | |
| 446 | # the s_server. Rationale is that established connection works | |
| 447 | # as syncronization point, in sense that this way we know that | |
| 448 | # s_server is actually done with current session... | |
| 449 | $self->connect_to_server(); | |
| 450 | } | |
| 451 | $pid = $self->{clientpid}; | |
| 452 | print "Waiting for s_client process to close: $pid...\n"; | |
| 453 | waitpid($pid, 0); | |
| 367 | 454 | |
| 368 | 455 | return 1; |
| 369 | 456 | } |
| 392 | 479 | |
| 393 | 480 | #Return contains the list of record found in the packet followed by the |
| 394 | 481 | #list of messages in those records and any partial message |
| 395 | my @ret = TLSProxy::Record->get_records($server, $self->flight, $self->{partial}[$server].$packet); | |
| 482 | my @ret = TLSProxy::Record->get_records($server, $self->flight, | |
| 483 | $self->{partial}[$server].$packet); | |
| 396 | 484 | $self->{partial}[$server] = $ret[2]; |
| 397 | push @{$self->record_list}, @{$ret[0]}; | |
| 485 | push @{$self->{record_list}}, @{$ret[0]}; | |
| 398 | 486 | push @{$self->{message_list}}, @{$ret[1]}; |
| 399 | 487 | |
| 400 | 488 | print "\n"; |
| 406 | 494 | #Finished parsing. Call user provided filter here |
| 407 | 495 | if (defined $self->filter) { |
| 408 | 496 | $self->filter->($self); |
| 497 | } | |
| 498 | ||
| 499 | #Take a note on NewSessionTicket | |
| 500 | foreach my $message (reverse @{$self->{message_list}}) { | |
| 501 | if ($message->{mt} == TLSProxy::Message::MT_NEW_SESSION_TICKET) { | |
| 502 | $self->{saw_session_ticket} = 1; | |
| 503 | last; | |
| 504 | } | |
| 409 | 505 | } |
| 410 | 506 | |
| 411 | 507 | #Reconstruct the packet |
| 470 | 566 | my $self = shift; |
| 471 | 567 | return $self->{proxy_port}; |
| 472 | 568 | } |
| 569 | sub server_addr | |
| 570 | { | |
| 571 | my $self = shift; | |
| 572 | return $self->{server_addr}; | |
| 573 | } | |
| 574 | sub server_port | |
| 575 | { | |
| 576 | my $self = shift; | |
| 577 | return $self->{server_port}; | |
| 578 | } | |
| 579 | sub serverpid | |
| 580 | { | |
| 581 | my $self = shift; | |
| 582 | return $self->{serverpid}; | |
| 583 | } | |
| 584 | sub clientpid | |
| 585 | { | |
| 586 | my $self = shift; | |
| 587 | return $self->{clientpid}; | |
| 588 | } | |
| 473 | 589 | |
| 474 | 590 | #Read/write accessors |
| 475 | sub server_addr | |
| 476 | { | |
| 477 | my $self = shift; | |
| 478 | if (@_) { | |
| 479 | $self->{server_addr} = shift; | |
| 480 | } | |
| 481 | return $self->{server_addr}; | |
| 482 | } | |
| 483 | sub server_port | |
| 484 | { | |
| 485 | my $self = shift; | |
| 486 | if (@_) { | |
| 487 | $self->{server_port} = shift; | |
| 488 | } | |
| 489 | return $self->{server_port}; | |
| 490 | } | |
| 491 | 591 | sub filter |
| 492 | 592 | { |
| 493 | 593 | my $self = shift; |
| 563 | 663 | $self->{message_list} = shift; |
| 564 | 664 | } |
| 565 | 665 | return $self->{message_list}; |
| 566 | } | |
| 567 | sub serverpid | |
| 568 | { | |
| 569 | my $self = shift; | |
| 570 | if (@_) { | |
| 571 | $self->{serverpid} = shift; | |
| 572 | } | |
| 573 | return $self->{serverpid}; | |
| 574 | } | |
| 575 | sub clientpid | |
| 576 | { | |
| 577 | my $self = shift; | |
| 578 | if (@_) { | |
| 579 | $self->{clientpid} = shift; | |
| 580 | } | |
| 581 | return $self->{clientpid}; | |
| 582 | 666 | } |
| 583 | 667 | |
| 584 | 668 | sub fill_known_data |
| 63 | 63 | my $partial = ""; |
| 64 | 64 | my @record_list = (); |
| 65 | 65 | my @message_list = (); |
| 66 | my $data; | |
| 67 | my $content_type; | |
| 68 | my $version; | |
| 69 | my $len; | |
| 70 | my $len_real; | |
| 71 | my $decrypt_len; | |
| 72 | 66 | |
| 73 | 67 | my $recnum = 1; |
| 74 | 68 | while (length ($packet) > 0) { |
| 75 | print " Record $recnum"; | |
| 76 | if ($server) { | |
| 77 | print " (server -> client)\n"; | |
| 78 | } else { | |
| 79 | print " (client -> server)\n"; | |
| 80 | } | |
| 81 | #Get the record header | |
| 82 | if (length($packet) < TLS_RECORD_HEADER_LENGTH | |
| 83 | || length($packet) < 5 + unpack("n", substr($packet, 3, 2))) { | |
| 69 | print " Record $recnum ", $server ? "(server -> client)\n" | |
| 70 | : "(client -> server)\n"; | |
| 71 | ||
| 72 | #Get the record header (unpack can't fail if $packet is too short) | |
| 73 | my ($content_type, $version, $len) = unpack('Cnn', $packet); | |
| 74 | ||
| 75 | if (length($packet) < TLS_RECORD_HEADER_LENGTH + ($len // 0)) { | |
| 84 | 76 | print "Partial data : ".length($packet)." bytes\n"; |
| 85 | 77 | $partial = $packet; |
| 86 | $packet = ""; | |
| 87 | } else { | |
| 88 | ($content_type, $version, $len) = unpack('CnnC*', $packet); | |
| 89 | $data = substr($packet, 5, $len); | |
| 90 | ||
| 91 | print " Content type: ".$record_type{$content_type}."\n"; | |
| 92 | print " Version: $tls_version{$version}\n"; | |
| 93 | print " Length: $len"; | |
| 94 | if ($len == length($data)) { | |
| 95 | print "\n"; | |
| 96 | $decrypt_len = $len_real = $len; | |
| 97 | } else { | |
| 98 | print " (expected), ".length($data)." (actual)\n"; | |
| 99 | $decrypt_len = $len_real = length($data); | |
| 100 | } | |
| 101 | ||
| 102 | my $record = TLSProxy::Record->new( | |
| 103 | $flight, | |
| 104 | $content_type, | |
| 105 | $version, | |
| 106 | $len, | |
| 107 | 0, | |
| 108 | $len_real, | |
| 109 | $decrypt_len, | |
| 110 | substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real), | |
| 111 | substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real) | |
| 112 | ); | |
| 113 | ||
| 114 | if ($content_type != RT_CCS) { | |
| 115 | if (($server && $server_encrypting) | |
| 116 | || (!$server && $client_encrypting)) { | |
| 117 | if (!TLSProxy::Proxy->is_tls13() && $etm) { | |
| 118 | $record->decryptETM(); | |
| 119 | } else { | |
| 120 | $record->decrypt(); | |
| 121 | } | |
| 122 | $record->encrypted(1); | |
| 123 | ||
| 124 | if (TLSProxy::Proxy->is_tls13()) { | |
| 125 | print " Inner content type: " | |
| 126 | .$record_type{$record->content_type()}."\n"; | |
| 127 | } | |
| 78 | last; | |
| 79 | } | |
| 80 | ||
| 81 | my $data = substr($packet, TLS_RECORD_HEADER_LENGTH, $len); | |
| 82 | ||
| 83 | print " Content type: ".$record_type{$content_type}."\n"; | |
| 84 | print " Version: $tls_version{$version}\n"; | |
| 85 | print " Length: $len\n"; | |
| 86 | ||
| 87 | my $record = TLSProxy::Record->new( | |
| 88 | $flight, | |
| 89 | $content_type, | |
| 90 | $version, | |
| 91 | $len, | |
| 92 | 0, | |
| 93 | $len, # len_real | |
| 94 | $len, # decrypt_len | |
| 95 | $data, # data | |
| 96 | $data # decrypt_data | |
| 97 | ); | |
| 98 | ||
| 99 | if ($content_type != RT_CCS) { | |
| 100 | if (($server && $server_encrypting) | |
| 101 | || (!$server && $client_encrypting)) { | |
| 102 | if (!TLSProxy::Proxy->is_tls13() && $etm) { | |
| 103 | $record->decryptETM(); | |
| 104 | } else { | |
| 105 | $record->decrypt(); | |
| 106 | } | |
| 107 | $record->encrypted(1); | |
| 108 | ||
| 109 | if (TLSProxy::Proxy->is_tls13()) { | |
| 110 | print " Inner content type: " | |
| 111 | .$record_type{$record->content_type()}."\n"; | |
| 128 | 112 | } |
| 129 | 113 | } |
| 130 | ||
| 131 | push @record_list, $record; | |
| 132 | ||
| 133 | #Now figure out what messages are contained within this record | |
| 134 | my @messages = TLSProxy::Message->get_messages($server, $record); | |
| 135 | push @message_list, @messages; | |
| 136 | ||
| 137 | $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len_real); | |
| 138 | $recnum++; | |
| 139 | 114 | } |
| 115 | ||
| 116 | push @record_list, $record; | |
| 117 | ||
| 118 | #Now figure out what messages are contained within this record | |
| 119 | my @messages = TLSProxy::Message->get_messages($server, $record); | |
| 120 | push @message_list, @messages; | |
| 121 | ||
| 122 | $packet = substr($packet, TLS_RECORD_HEADER_LENGTH + $len); | |
| 123 | $recnum++; | |
| 140 | 124 | } |
| 141 | 125 | |
| 142 | 126 | return (\@record_list, \@message_list, $partial); |
| 290 | 274 | my $server = shift; |
| 291 | 275 | my $data; |
| 292 | 276 | |
| 293 | if ($self->{sent}) { | |
| 277 | #We only replay the records in the same direction | |
| 278 | if ($self->{sent} || ($self->flight & 1) != $server) { | |
| 294 | 279 | return ""; |
| 295 | 280 | } |
| 296 | 281 | $self->{sent} = 1; |
| 399 | 384 | } |
| 400 | 385 | return $self->{outer_content_type}; |
| 401 | 386 | } |
| 387 | sub is_fatal_alert | |
| 388 | { | |
| 389 | my $self = shift; | |
| 390 | my $server = shift; | |
| 391 | ||
| 392 | if (($self->{flight} & 1) == $server | |
| 393 | && $self->{content_type} == TLSProxy::Record::RT_ALERT) { | |
| 394 | my ($level, $alert) = unpack('CC', $self->decrypt_data); | |
| 395 | return $alert if ($level == 2); | |
| 396 | } | |
| 397 | return 0; | |
| 398 | } | |
| 402 | 399 | 1; |
| 186 | 186 | EVP_PKEY_CTX_hkdf_mode define |
| 187 | 187 | EVP_PKEY_CTX_set1_hkdf_key define |
| 188 | 188 | EVP_PKEY_CTX_set1_hkdf_salt define |
| 189 | EVP_PKEY_CTX_set1_pbe_pass define | |
| 190 | EVP_PKEY_CTX_set1_scrypt_salt define | |
| 189 | 191 | EVP_PKEY_CTX_set1_tls1_prf_secret define |
| 190 | 192 | EVP_PKEY_CTX_set_dh_paramgen_generator define |
| 191 | 193 | EVP_PKEY_CTX_set_dh_paramgen_prime_len define |
| 198 | 200 | EVP_PKEY_CTX_set_mac_key define |
| 199 | 201 | EVP_PKEY_CTX_set_rsa_keygen_pubexp define |
| 200 | 202 | EVP_PKEY_CTX_set_rsa_padding define |
| 203 | EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md define | |
| 204 | EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen define | |
| 205 | EVP_PKEY_CTX_set_rsa_pss_keygen_md define | |
| 201 | 206 | EVP_PKEY_CTX_set_rsa_pss_saltlen define |
| 207 | EVP_PKEY_CTX_set_scrypt_N define | |
| 208 | EVP_PKEY_CTX_set_scrypt_r define | |
| 209 | EVP_PKEY_CTX_set_scrypt_maxmem_bytes define | |
| 210 | EVP_PKEY_CTX_set_scrypt_p define | |
| 202 | 211 | EVP_PKEY_CTX_set_signature_md define |
| 203 | 212 | EVP_PKEY_CTX_set_tls1_prf_md define |
| 204 | 213 | EVP_PKEY_assign_DH define |