Commit 5784ad8a8636392efc081a78e04ae7d897f28f79 - openssl

+108

-0

CHANGES.md less more

26	26	breaking changes, and mappings for the large list of deprecated functions.
27	27
28	28	[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
	29
	30	### Changes between 3.0.2 and 3.0.3 [3 May 2022]
	31
	32	* Fixed a bug in the c_rehash script which was not properly sanitising shell
	33	metacharacters to prevent command injection. This script is distributed by
	34	some operating systems in a manner where it is automatically executed. On
	35	such operating systems, an attacker could execute arbitrary commands with the
	36	privileges of the script.
	37
	38	Use of the c_rehash script is considered obsolete and should be replaced
	39	by the OpenSSL rehash command line tool.
	40	(CVE-2022-1292)
	41
	42	Tomáš Mráz
	43
	44	* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
	45	certificate on an OCSP response. The bug caused the function in the case
	46	where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
	47	response (meaning a successful verification) even in the case where the
	48	response signing certificate fails to verify.
	49
	50	It is anticipated that most users of `OCSP_basic_verify` will not use the
	51	OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
	52	a negative value (indicating a fatal error) in the case of a certificate
	53	verification failure. The normal expected return value in this case would be
	54	0.
	55
	56	This issue also impacts the command line OpenSSL "ocsp" application. When
	57	verifying an ocsp response with the "-no_cert_checks" option the command line
	58	application will report that the verification is successful even though it
	59	has in fact failed. In this case the incorrect successful response will also
	60	be accompanied by error messages showing the failure and contradicting the
	61	apparently successful result.
	62	([CVE-2022-1343])
	63
	64	Matt Caswell
	65
	66	* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
	67	AAD data as the MAC key. This made the MAC key trivially predictable.
	68
	69	An attacker could exploit this issue by performing a man-in-the-middle attack
	70	to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
	71	that the modified data would still pass the MAC integrity check.
	72
	73	Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
	74	endpoint will always be rejected by the recipient and the connection will
	75	fail at that point. Many application protocols require data to be sent from
	76	the client to the server first. Therefore, in such a case, only an OpenSSL
	77	3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
	78
	79	If both endpoints are OpenSSL 3.0 then the attacker could modify data being
	80	sent in both directions. In this case both clients and servers could be
	81	affected, regardless of the application protocol.
	82
	83	Note that in the absence of an attacker this bug means that an OpenSSL 3.0
	84	endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete
	85	the handshake when using this ciphersuite.
	86
	87	The confidentiality of data is not impacted by this issue, i.e. an attacker
	88	cannot decrypt data that has been encrypted using this ciphersuite - they can
	89	only modify it.
	90
	91	In order for this attack to work both endpoints must legitimately negotiate
	92	the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in
	93	OpenSSL 3.0, and is not available within the default provider or the default
	94	ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been
	95	negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the
	96	following must have occurred:
	97
	98	1) OpenSSL must have been compiled with the (non-default) compile time option
	99	enable-weak-ssl-ciphers
	100
	101	2) OpenSSL must have had the legacy provider explicitly loaded (either
	102	through application code or via configuration)
	103
	104	3) The ciphersuite must have been explicitly added to the ciphersuite list
	105
	106	4) The libssl security level must have been set to 0 (default is 1)
	107
	108	5) A version of SSL/TLS below TLSv1.3 must have been negotiated
	109
	110	6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
	111	others that both endpoints have in common
	112	(CVE-2022-1434)
	113
	114	Matt Caswell
	115
	116	* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
	117	occuppied by the removed hash table entries.
	118
	119	This function is used when decoding certificates or keys. If a long lived
	120	process periodically decodes certificates or keys its memory usage will
	121	expand without bounds and the process might be terminated by the operating
	122	system causing a denial of service. Also traversing the empty hash table
	123	entries will take increasingly more time.
	124
	125	Typically such long lived processes might be TLS clients or TLS servers
	126	configured to accept client certificate authentication.
	127	(CVE-2022-1473)
	128
	129	Hugo Landau, Aliaksei Levin
	130
	131	* The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
	132	the `num_items`, `num_nodes` and `num_alloc_nodes` statistics. All other
	133	statistics are no longer supported. For compatibility, these statistics are
	134	still listed in the output but are now always reported as zero.
	135
	136	Hugo Landau
29	137
30	138	### Changes between 3.0.1 and 3.0.2 [15 Mar 2022]
31	139

+1

-1

CONTRIBUTING.md less more

59	59	GitHub Actions and AppVeyor are required, and they are started automatically
60	60	whenever a PR is created or updated.
61	61
62		[coding style]: https://www.openssl.org/policies/codingstyle.html
	62	[coding style]: https://www.openssl.org/policies/technical/coding-style.html
63	63
64	64	5. When at all possible, patches should include tests. These can
65	65	either be added to an existing test, or completely new. Please see

+1

-1

Configurations/platform/AIX.pm less more

24	24	return $in_libname
25	25	if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
26	26
27		return platform::BASE->staticname($_[1]) . '_a';
	27	return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
28	28	}

+11

-0

NEWS.md less more

16	16
17	17	OpenSSL 3.0
18	18	-----------
	19
	20	### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]
	21
	22	* Fixed a bug in the c_rehash script which was not properly sanitising shell
	23	metacharacters to prevent command injection ([CVE-2022-1292])
	24	* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
	25	certificate on an OCSP response ([CVE-2022-1343])
	26	* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
	27	AAD data as the MAC key ([CVE-2022-1434])
	28	* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
	29	occuppied by the removed hash table entries ([CVE-2022-1473])
19	30
20	31	### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]
21	32

+54

-44

NOTES-WINDOWS.md less more

27	27	Native builds using Visual C++
28	28	==============================
29	29
30		The native builds using Visual C++ have a VC-* prefix.
	30	The native builds using Visual C++ have a `VC-*` prefix.
31	31
32	32	Requirement details
33	33	-------------------
34	34
35		In addition to the requirements and instructions listed in INSTALL.md,
	35	In addition to the requirements and instructions listed in `INSTALL.md`,
36	36	these are required as well:
37	37
38	38	### Perl

63	63
64	64	4. Use Visual Studio Developer Command Prompt with administrative privileges,
65	65	choosing one of its variants depending on the intended architecture.
66		Or run "cmd" and execute "vcvarsall.bat" with one of the options x86,
67		x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64.
68		This sets up the environment variables needed for nmake.exe, cl.exe, etc.
	66	Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`,
	67	`x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`,
	68	or `amd64_arm64`.
	69	This sets up the environment variables needed for `nmake.exe`, `cl.exe`,
	70	etc.
69	71	See also
70	72	<https://docs.microsoft.com/cpp/build/building-on-the-command-line>
71	73
72	74	5. From the root of the OpenSSL source directory enter
73		perl Configure VC-WIN32 if you want 32-bit OpenSSL or
74		perl Configure VC-WIN64A if you want 64-bit OpenSSL or
75		perl Configure to let Configure figure out the platform
76
77		6. nmake
78
79		7. nmake test
80
81		8. nmake install
	75	- `perl Configure VC-WIN32` if you want 32-bit OpenSSL or
	76	- `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or
	77	- `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64)
	78	OpenSSL or
	79	- `perl Configure` to let Configure figure out the platform
	80
	81	6. `nmake`
	82
	83	7. `nmake test`
	84
	85	8. `nmake install`
82	86
83	87	For the full installation instructions, or if anything goes wrong at any stage,
84	88	check the INSTALL.md file.

108	112	ALSO NOTE that those directories are usually write protected, even if
109	113	your account is in the Administrators group. To work around that,
110	114	start the command prompt by right-clicking on it and choosing "Run as
111		Administrator" before running 'nmake install'. The other solution
	115	Administrator" before running `nmake install`. The other solution
112	116	is, of course, to choose a different set of directories by using
113		--prefix and --openssldir when configuring.
114
115		Special notes for Universal Windows Platform builds, aka VC-*-UWP
116		--------------------------------------------------------------------
	117	`--prefix` and `--openssldir` when configuring.
	118
	119	Special notes for Universal Windows Platform builds, aka `VC-*-UWP`
	120	-------------------------------------------------------------------
117	121
118	122	- UWP targets only support building the static and dynamic libraries.
119	123
120		- You should define the platform type to "uwp" and the target arch via
121		"vcvarsall.bat" before you compile. For example, if you want to build
122		"arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp".
	124	- You should define the platform type to `uwp` and the target arch via
	125	`vcvarsall.bat` before you compile. For example, if you want to build
	126	`arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`.
123	127
124	128	Native builds using Embarcadero C++Builder
125	129	=========================================
126	130
127	131	This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC.
128	132	OpenSSL currently includes an experimental 32-bit configuration targeting the
129		Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition.
	133	Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition.
130	134	<https://www.embarcadero.com/products/cbuilder/starter>
131	135
132	136	1. Install Perl.

134	138	2. Open the RAD Studio Command Prompt.
135	139
136	140	3. Go to the root of the OpenSSL source directory and run:
137		perl Configure BC-32 --prefix=%CD%
138
139		4. make -N
140
141		5. make -N test
	141	`perl Configure BC-32 --prefix=%CD%`
	142
	143	4. `make -N`
	144
	145	5. `make -N test`
142	146
143	147	6. Build your program against this OpenSSL:
144	148	* Set your include search path to the "include" subdirectory of OpenSSL.

165	169
166	170	- Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2
167	171
168		- make, installed using "pacman -S make" into the MSYS2 environment
169
170		- MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc.
	172	- make, installed using `pacman -S make` into the MSYS2 environment
	173
	174	- MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`.
171	175	These compilers must be on your MSYS2 $PATH.
172	176	A common error is to not have these on your $PATH.
173	177	The MSYS2 version of gcc will not work correctly here.

175	179	In the MSYS2 shell do the configuration depending on the target architecture:
176	180
177	181	./Configure mingw ...
	182
178	183	or
	184
179	185	./Configure mingw64 ...
	186
180	187	or
	188
181	189	./Configure ...
182	190
183	191	for the default architecture.
184	192
185		Apart from that, follow the Unix / Linux instructions in INSTALL.md.
	193	Apart from that, follow the Unix / Linux instructions in `INSTALL.md`.
186	194
187	195	* It is also possible to build mingw[64] on Linux or Cygwin.
188	196
189		In this case configure with the corresponding --cross-compile-prefix= option.
190		For example
	197	In this case configure with the corresponding `--cross-compile-prefix=`
	198	option. For example
191	199
192	200	./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
	201
193	202	or
	203
194	204	./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
195	205
196	206	This requires that you've installed the necessary add-on packages for

202	212	This section applies to all native builds.
203	213
204	214	If you link with static OpenSSL libraries then you're expected to
205		additionally link your application with WS2_32.LIB, GDI32.LIB,
206		ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
	215	additionally link your application with `WS2_32.LIB`, `GDI32.LIB`,
	216	`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing
207	217	non-interactive service applications might feel concerned about
208		linking with GDI32.LIB and USER32.LIB, as they are justly associated
	218	linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated
209	219	with interactive desktop, which is not available to service
210	220	processes. The toolkit is designed to detect in which context it's
211	221	currently executed, GUI, console app or service, and act accordingly,
212	222	namely whether or not to actually make GUI calls. Additionally those
213		who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
	223	who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and
214	224	actually keep them off service process should consider implementing
215		and exporting from .exe image in question own _OPENSSL_isservice not
216		relying on USER32.DLL. E.g., on Windows Vista and later you could:
	225	and exporting from .exe image in question own `_OPENSSL_isservice` not
	226	relying on `USER32.DLL`. E.g., on Windows Vista and later you could:
217	227
218	228	__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
219	229	{

232	242	Hosted builds using Cygwin
233	243	==========================
234	244
235		Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the
	245	Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the
236	246	Windows subsystem and provides a Bash shell and GNU tools environment.
237	247	Consequently, a build of OpenSSL with Cygwin is virtually identical to the
238	248	Unix procedure.

248	258
249	259	Apart from that, follow the Unix / Linux instructions in INSTALL.md.
250	260
251		NOTE: "make test" and normal file operations may fail in directories
252		mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
	261	NOTE: `make test` and normal file operations may fail in directories
	262	mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin
253	263	stripping of carriage returns. To avoid this ensure that a binary
254		mount is used, e.g. mount -b c:\somewhere /home.
	264	mount is used, e.g. `mount -b c:\somewhere /home`.

+2

-2

VERSION.dat less more

0	0	MAJOR=3
1	1	MINOR=0
2		PATCH=2
	2	PATCH=3
3	3	PRE_RELEASE_TAG=
4	4	BUILD_METADATA=
5		RELEASE_DATE="15 Mar 2022"
	5	RELEASE_DATE="3 May 2022"
6	6	SHLIB_VERSION=3

+3

-3

apps/ca.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

2366	2366
2367	2367	case REV_CRL_REASON:
2368	2368	for (i = 0; i < 8; i++) {
2369		if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
	2369	if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) {
2370	2370	reason = crl_reasons[i];
2371	2371	break;
2372	2372	}

2583	2583	}
2584	2584	if (reason_str) {
2585	2585	for (i = 0; i < NUM_REASONS; i++) {
2586		if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
	2586	if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) {
2587	2587	reason_code = i;
2588	2588	break;
2589	2589	}

+1

-1

apps/cmp.c less more

1744	1744	valptr[0] = '\0';
1745	1745	valptr++;
1746	1746
1747		if (strncasecmp(valptr, "int:", 4) != 0) {
	1747	if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) {
1748	1748	CMP_err("missing 'int:' in -geninfo option");
1749	1749	return 0;
1750	1750	}

+2

-2

apps/ecparam.c less more

0	0	/*
1		* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

228	228	point_format, 0);
229	229	*p = OSSL_PARAM_construct_end();
230	230
231		if (strcasecmp(curve_name, "SM2") == 0)
	231	if (OPENSSL_strcasecmp(curve_name, "SM2") == 0)
232	232	gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL);
233	233	else
234	234	gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);

+8

-8

apps/lib/apps.c less more

687	687	int ret = 0;
688	688	char *pass_string;
689	689
690		if (exclude_http && (strncasecmp(uri, "http://", 7) == 0
691		\|\| strncasecmp(uri, "https://", 8) == 0)) {
	690	if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0
	691	\|\| OPENSSL_strncasecmp(uri, "https://", 8) == 0)) {
692	692	BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc);
693	693	return ret;
694	694	}

1181	1181
1182	1182	int set_dateopt(unsigned long dateopt, const char arg)
1183	1183	{
1184		if (strcasecmp(arg, "rfc_822") == 0)
	1184	if (OPENSSL_strcasecmp(arg, "rfc_822") == 0)
1185	1185	*dateopt = ASN1_DTFLGS_RFC822;
1186		else if (strcasecmp(arg, "iso_8601") == 0)
	1186	else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0)
1187	1187	*dateopt = ASN1_DTFLGS_ISO8601;
1188	1188	return 0;
1189	1189	}
1190	1190
1191	1191	int set_ext_copy(int copy_type, const char arg)
1192	1192	{
1193		if (strcasecmp(arg, "none") == 0)
	1193	if (OPENSSL_strcasecmp(arg, "none") == 0)
1194	1194	*copy_type = EXT_COPY_NONE;
1195		else if (strcasecmp(arg, "copy") == 0)
	1195	else if (OPENSSL_strcasecmp(arg, "copy") == 0)
1196	1196	*copy_type = EXT_COPY_ADD;
1197		else if (strcasecmp(arg, "copyall") == 0)
	1197	else if (OPENSSL_strcasecmp(arg, "copyall") == 0)
1198	1198	*copy_type = EXT_COPY_ALL;
1199	1199	else
1200	1200	return 0;

1274	1274	}
1275	1275
1276	1276	for (ptbl = in_tbl; ptbl->name; ptbl++) {
1277		if (strcasecmp(arg, ptbl->name) == 0) {
	1277	if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) {
1278	1278	*flags &= ~ptbl->mask;
1279	1279	if (c)
1280	1280	*flags \|= ptbl->flag;

+1

-1

apps/lib/engine_loader.c less more

70	70	char *keyid = NULL;
71	71	OSSL_STORE_LOADER_CTX *ctx = NULL;
72	72
73		if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
	73	if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1)
74	74	!= 0)
75	75	return NULL;
76	76	p += sizeof(ENGINE_SCHEME_COLON) - 1;

+5

-4

apps/lib/http_server.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

452	452	}
453	453	*line_end = '\0';
454	454	/* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
455		if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) {
456		if (strcasecmp(value, "keep-alive") == 0)
	455	if (found_keep_alive != NULL
	456	&& OPENSSL_strcasecmp(key, "Connection") == 0) {
	457	if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
457	458	*found_keep_alive = 1;
458		else if (strcasecmp(value, "close") == 0)
	459	else if (OPENSSL_strcasecmp(value, "close") == 0)
459	460	*found_keep_alive = 0;
460	461	}
461	462	}

+3

-6

apps/lib/names.c less more

0	0	/*
1		* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

10	10	#include <openssl/bio.h>
11	11	#include <openssl/safestack.h>
12	12	#include "names.h"
13
14		#ifdef _WIN32
15		# define strcasecmp _stricmp
16		#endif
	13	#include "openssl/crypto.h"
17	14
18	15	int name_cmp(const char * const a, const char const *b)
19	16	{
20		return strcasecmp(a, b);
	17	return OPENSSL_strcasecmp(a, b);
21	18	}
22	19
23	20	void collect_names(const char name, void vdata)

+2

-2

apps/lib/vms_term_sock.c less more

0	0	/*
1		* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2016 VMS Software, Inc. All Rights Reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

131	131	len;
132	132
133	133	LogMessage ("Enter 'q' or 'Q' to quit ...");
134		while (strcasecmp (TermBuff, "Q")) {
	134	while (OPENSSL_strcasecmp (TermBuff, "Q")) {
135	135	/*
136	136	** Create the terminal socket
137	137	*/

+5

-5

apps/list.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

70	70	{
71	71	if (select_name != NULL
72	72	&& (c == NULL
73		\|\| strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
	73	\|\| OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
74	74	return;
75	75	if (c != NULL) {
76	76	BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c));

369	369
370	370	static int rand_cmp(const EVP_RAND * const a, const EVP_RAND const *b)
371	371	{
372		int ret = strcasecmp(EVP_RAND_get0_name(a), EVP_RAND_get0_name(b));
	372	int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(a), EVP_RAND_get0_name(b));
373	373
374	374	if (ret == 0)
375	375	ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)),

403	403	const EVP_RAND *m = sk_EVP_RAND_value(rands, i);
404	404
405	405	if (select_name != NULL
406		&& strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
	406	&& OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
407	407	continue;
408	408	BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m));
409	409	BIO_printf(bio_out, " @ %s\n",

462	462	if (gettables != NULL)
463	463	for (; gettables->key != NULL; gettables++) {
464	464	/* State has been dealt with already, so ignore */
465		if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
	465	if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
466	466	continue;
467	467	/* Outside of verbose mode, we skip non-string values */
468	468	if (gettables->data_type != OSSL_PARAM_UTF8_STRING

+5

-0

apps/ocsp.c less more

1114	1114	single = OCSP_basic_add1_status(bs, cid,
1115	1115	V_OCSP_CERTSTATUS_REVOKED,
1116	1116	reason, revtm, thisupd, nextupd);
	1117	if (single == NULL) {
	1118	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
	1119	NULL);
	1120	goto end;
	1121	}
1117	1122	if (invtm != NULL)
1118	1123	OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
1119	1124	invtm, 0, 0);

+2

-2

apps/rehash.c less more

213	213	return -1;
214	214	for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
215	215	const char *suffix = suffixes[type];
216		if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
	216	if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
217	217	break;
218	218	}
219	219	i += strlen(suffixes[type]);

248	248	if ((ext = strrchr(filename, '.')) == NULL)
249	249	goto end;
250	250	for (i = 0; i < OSSL_NELEM(extensions); i++) {
251		if (strcasecmp(extensions[i], ext + 1) == 0)
	251	if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0)
252	252	break;
253	253	}
254	254	if (i >= OSSL_NELEM(extensions))

+1

-1

apps/req.c less more

991	991	goto end;
992	992	}
993	993	fprintf(stdout, "Modulus=");
994		if (EVP_PKEY_is_a(tpubkey, "RSA")) {
	994	if (EVP_PKEY_is_a(tpubkey, "RSA") \|\| EVP_PKEY_is_a(tpubkey, "RSA-PSS")) {
995	995	BIGNUM *n = NULL;
996	996
997	997	if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n))

+2

-2

apps/rsa.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

256	256	ERR_print_errors(bio_err);
257	257	goto end;
258	258	}
259		if (!EVP_PKEY_is_a(pkey, "RSA")) {
	259	if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) {
260	260	BIO_printf(bio_err, "Not an RSA key\n");
261	261	goto end;
262	262	}

+1

-1

apps/s_server.c less more

431	431	return SSL_TLSEXT_ERR_NOACK;
432	432
433	433	if (servername != NULL) {
434		if (strcasecmp(servername, p->servername))
	434	if (OPENSSL_strcasecmp(servername, p->servername))
435	435	return p->extension_error;
436	436	if (ctx2 != NULL) {
437	437	BIO_printf(p->biodebug, "Switching server context.\n");

+5

-1

apps/ts.c less more

0	0	/*
1		* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

975	975	const char *propq = app_get0_propq();
976	976
977	977	cert_ctx = X509_STORE_new();
	978	if (cert_ctx == NULL) {
	979	BIO_printf(bio_err, "memory allocation failure\n");
	980	return NULL;
	981	}
978	982	X509_STORE_set_verify_cb(cert_ctx, verify_cb);
979	983	if (CApath != NULL) {
980	984	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());

+1

-1

apps/x509.c less more

953	953	purpose_print(out, x, X509_PURPOSE_get0(j));
954	954	} else if (i == modulus) {
955	955	BIO_printf(out, "Modulus=");
956		if (EVP_PKEY_is_a(pkey, "RSA")) {
	956	if (EVP_PKEY_is_a(pkey, "RSA") \|\| EVP_PKEY_is_a(pkey, "RSA-PSS")) {
957	957	BIGNUM *n = NULL;
958	958
959	959	/* Every RSA key has an 'n' */

+3

-2

crypto/LPdir_unix.c less more

0	0	/*
1		* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

140	140	p--;
141	141	if (p > (*ctx)->entry_name && p[-1] == ';')
142	142	p[-1] = '\0';
143		if (strcasecmp((ctx)->entry_name, (ctx)->previous_entry_name) == 0)
	143	if (OPENSSL_strcasecmp((*ctx)->entry_name,
	144	(*ctx)->previous_entry_name) == 0)
144	145	goto again;
145	146	}
146	147	#endif

+2

-3

crypto/asn1/ameth_lib.c less more

0	0	/*
1		* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	/* We need to use some engine deprecated APIs */
10	10	#define OPENSSL_SUPPRESS_DEPRECATED
11	11
12		#include "e_os.h" /* for strncasecmp */
13	12	#include "internal/cryptlib.h"
14	13	#include <stdio.h>
15	14	#include <openssl/asn1t.h>

133	132	if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
134	133	continue;
135	134	if ((int)strlen(ameth->pem_str) == len
136		&& strncasecmp(ameth->pem_str, str, len) == 0)
	135	&& OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
137	136	return ameth;
138	137	}
139	138	return NULL;

+3

-3

crypto/asn1/asn1_gen.c less more

0	0	/*
1		* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	#include "internal/cryptlib.h"
10	10	#include <openssl/asn1.h>
11	11	#include <openssl/x509v3.h>
12		#include "e_os.h" /* strncasecmp() */
13	12
14	13	#define ASN1_GEN_FLAG 0x10000
15	14	#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG\|1)

564	563
565	564	tntmp = tnst;
566	565	for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
567		if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0))
	566	if ((len == tntmp->len)
	567	&& (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0))
568	568	return tntmp->tag;
569	569	}
570	570

+5

-3

crypto/bn/bn_div.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

445	445	snum->neg = num_neg;
446	446	snum->top = div_n;
447	447	snum->flags \|= BN_FLG_FIXED_TOP;
448		if (rm != NULL)
449		bn_rshift_fixed_top(rm, snum, norm_shift);
	448
	449	if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
	450	goto err;
	451
450	452	BN_CTX_end(ctx);
451	453	return 1;
452	454	err:

+3

-2

crypto/bn/bn_exp.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

186	186	return ret;
187	187	}
188	188
	189	BN_RECP_CTX_init(&recp);
	190
189	191	BN_CTX_start(ctx);
190	192	aa = BN_CTX_get(ctx);
191	193	val[0] = BN_CTX_get(ctx);
192	194	if (val[0] == NULL)
193	195	goto err;
194	196
195		BN_RECP_CTX_init(&recp);
196	197	if (m->neg) {
197	198	/* ignore sign of 'm' */
198	199	if (!BN_copy(aa, m))

+4

-4

crypto/camellia/camellia.c less more

0	0	/*
1		* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

498	498	PUTU32(plaintext + 12, s1);
499	499	}
500	500
501		void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
502		const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
	501	void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
	502	const KEY_TABLE_TYPE keyTable, u8 plaintext[])
503	503	{
504	504	Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
505		plaintext, keyTable, ciphertext);
	505	ciphertext, keyTable, plaintext);
506	506	}

+2

-2

crypto/chacha/build.info less more

4	4	$CHACHAASM_x86=chacha-x86.s
5	5	$CHACHAASM_x86_64=chacha-x86_64.s
6	6
7		$CHACHAASM_ia64=chacha-ia64.S
	7	$CHACHAASM_ia64=chacha-ia64.s
8	8
9	9	$CHACHAASM_s390x=chacha-s390x.S
10	10

35	35	INCLUDE[chacha-s390x.o]=..
36	36	GENERATE[chacha-c64xplus.S]=asm/chacha-c64xplus.pl
37	37	GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl
38		GENERATE[chacha-ia64.S]=asm/chacha-ia64.pl
	38	GENERATE[chacha-ia64.s]=asm/chacha-ia64.pl

+9

-3

crypto/cms/cms_io.c less more

0	0	/*
1		* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

40	40	ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms,
41	41	ossl_cms_ctx_get0_libctx(ctx),
42	42	ossl_cms_ctx_get0_propq(ctx));
43		if (ci != NULL)
	43	if (ci != NULL) {
	44	ERR_set_mark();
44	45	ossl_cms_resolve_libctx(ci);
	46	ERR_pop_to_mark();
	47	}
45	48	return ci;
46	49	}
47	50

103	106	(ASN1_VALUE **)cms,
104	107	ossl_cms_ctx_get0_libctx(ctx),
105	108	ossl_cms_ctx_get0_propq(ctx));
106		if (ci != NULL)
	109	if (ci != NULL) {
	110	ERR_set_mark();
107	111	ossl_cms_resolve_libctx(ci);
	112	ERR_pop_to_mark();
	113	}
108	114	return ci;
109	115	}
110	116

+10

-8

crypto/conf/conf_def.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

10	10
11	11	#include <stdio.h>
12	12	#include <string.h>
13		#include "e_os.h" /* strcasecmp and struct stat */
	13	#include "e_os.h" /* struct stat */
14	14	#ifdef __TANDEM
15	15	# include <sys/types.h> /* needed for stat.h */
16	16	# include <sys/stat.h> /* struct stat */

191	191	/* Parse a boolean value and fill in flag. Return 0 on error. /
192	192	static int parsebool(const char pval, int flag)
193	193	{
194		if (strcasecmp(pval, "on") == 0
195		\|\| strcasecmp(pval, "true") == 0) {
	194	if (OPENSSL_strcasecmp(pval, "on") == 0
	195	\|\| OPENSSL_strcasecmp(pval, "true") == 0) {
196	196	*flag = 1;
197		} else if (strcasecmp(pval, "off") == 0
198		\|\| strcasecmp(pval, "false") == 0) {
	197	} else if (OPENSSL_strcasecmp(pval, "off") == 0
	198	\|\| OPENSSL_strcasecmp(pval, "false") == 0) {
199	199	*flag = 0;
200	200	} else {
201	201	ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);

838	838	namelen = strlen(filename);
839	839
840	840
841		if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
842		\|\| (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
	841	if ((namelen > 5
	842	&& OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0)
	843	\|\| (namelen > 4
	844	&& OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
843	845	size_t newlen;
844	846	char *newpath;
845	847	BIO *bio;

+3

-1

crypto/context.c less more

13	13	#include "internal/core.h"
14	14	#include "internal/bio.h"
15	15	#include "internal/provider.h"
	16	#include "crypto/ctype.h"
16	17
17	18	struct ossl_lib_ctx_onfree_list_st {
18	19	ossl_lib_ctx_onfree_fn *fn;

149	150	DEFINE_RUN_ONCE_STATIC(default_context_do_init)
150	151	{
151	152	return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
152		&& context_init(&default_context_int);
	153	&& context_init(&default_context_int)
	154	&& ossl_init_casecmp();
153	155	}
154	156
155	157	void ossl_lib_ctx_default_deinit(void)

+1

-2

crypto/core_namemap.c less more

6	6	* https://www.openssl.org/source/license.html
7	7	*/
8	8
9		#include "e_os.h" /* strcasecmp */
10	9	#include "internal/namemap.h"
11	10	#include <openssl/lhash.h>
12	11	#include "crypto/lhash.h" /* ossl_lh_strcasehash */

48	47
49	48	static int namenum_cmp(const NAMENUM_ENTRY a, const NAMENUM_ENTRY b)
50	49	{
51		return strcasecmp(a->name, b->name);
	50	return OPENSSL_strcasecmp(a->name, b->name);
52	51	}
53	52
54	53	static void namenum_free(NAMENUM_ENTRY *n)

+101

-1

crypto/ctype.c less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

10	10	#include <stdio.h>
11	11	#include "crypto/ctype.h"
12	12	#include <openssl/ebcdic.h>
	13
	14	#include <openssl/crypto.h>
	15	#include "internal/core.h"
	16	#include "internal/thread_once.h"
	17
	18	#ifndef OPENSSL_SYS_WINDOWS
	19	#include <strings.h>
	20	#endif
	21	#include <locale.h>
	22
	23	#ifdef OPENSSL_SYS_MACOSX
	24	#include <xlocale.h>
	25	#endif
13	26
14	27	/*
15	28	* Define the character classes for each character in the seven bit ASCII

277	290	return 1;
278	291	return 0;
279	292	}
	293
	294	/* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly
	295	* https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */
	296
	297	#if (defined OPENSSL_SYS_WINDOWS) \|\| (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L)
	298
	299	# if defined OPENSSL_SYS_WINDOWS
	300	# define locale_t _locale_t
	301	# define freelocale _free_locale
	302	# define strcasecmp_l _stricmp_l
	303	# define strncasecmp_l _strnicmp_l
	304	# endif
	305
	306	# ifndef FIPS_MODULE
	307	static locale_t loc;
	308
	309	static int locale_base_inited = 0;
	310	static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT;
	311	static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT;
	312
	313	void *ossl_c_locale() {
	314	return (void *)loc;
	315	}
	316
	317	DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base)
	318	{
	319	# ifdef OPENSSL_SYS_WINDOWS
	320	loc = _create_locale(LC_COLLATE, "C");
	321	# else
	322	loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0);
	323	# endif
	324	locale_base_inited = 1;
	325	return (loc == (locale_t) 0) ? 0 : 1;
	326	}
	327
	328	DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base)
	329	{
	330	if (locale_base_inited && loc) {
	331	freelocale(loc);
	332	loc = NULL;
	333	}
	334	return 1;
	335	}
	336
	337	int ossl_init_casecmp()
	338	{
	339	return RUN_ONCE(&locale_base, ossl_init_locale_base);
	340	}
	341
	342	void ossl_deinit_casecmp() {
	343	(void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base);
	344	}
	345	# endif
	346
	347	int OPENSSL_strcasecmp(const char s1, const char s2)
	348	{
	349	return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale());
	350	}
	351
	352	int OPENSSL_strncasecmp(const char s1, const char s2, size_t n)
	353	{
	354	return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale());
	355	}
	356	#else
	357	# ifndef FIPS_MODULE
	358	void *ossl_c_locale() {
	359	return NULL;
	360	}
	361	# endif
	362
	363	int ossl_init_casecmp() {
	364	return 1;
	365	}
	366
	367	void ossl_deinit_casecmp() {
	368	}
	369
	370	int OPENSSL_strcasecmp(const char s1, const char s2)
	371	{
	372	return strcasecmp(s1, s2);
	373	}
	374
	375	int OPENSSL_strncasecmp(const char s1, const char s2, size_t n)
	376	{
	377	return strncasecmp(s1, s2, n);
	378	}
	379	#endif

+1

-2

crypto/dh/dh_group_params.c less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

22	22	#include <openssl/objects.h>
23	23	#include "internal/nelem.h"
24	24	#include "crypto/dh.h"
25		#include "e_os.h" /* strcasecmp */
26	25
27	26	static DH dh_param_init(OSSL_LIB_CTX libctx, const DH_NAMED_GROUP *group)
28	27	{

+3

-1

crypto/dh/dh_kdf.c less more

0	0	/*
1		* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

38	38	const char *mdname = EVP_MD_get0_name(md);
39	39
40	40	kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq);
	41	if (kdf == NULL)
	42	return 0;
41	43	kctx = EVP_KDF_CTX_new(kdf);
42	44	if (kctx == NULL)
43	45	goto err;

+2

-1

crypto/ec/curve448/curve448.c less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2015-2016 Cryptography Research, Inc.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

585	585	int32_t delta = odd & mask;
586	586
587	587	assert(position >= 0);
	588	assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */
588	589	if (odd & (1 << (table_bits + 1)))
589	590	delta -= (1 << (table_bits + 1));
590	591	current -= delta * (1 << pos);

+4

-4

crypto/ec/ec_backend.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

53	53	return OPENSSL_EC_NAMED_CURVE;
54	54
55	55	for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) {
56		if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0)
	56	if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0)
57	57	return encoding_nameid_map[i].id;
58	58	}
59	59	return -1;

90	90	return 0;
91	91
92	92	for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
93		if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
	93	if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
94	94	return check_group_type_nameid_map[i].id;
95	95	}
96	96	return -1;

135	135	return (int)POINT_CONVERSION_UNCOMPRESSED;
136	136
137	137	for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
138		if (strcasecmp(name, format_nameid_map[i].ptr) == 0)
	138	if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0)
139	139	return format_nameid_map[i].id;
140	140	}
141	141	return -1;

+3

-1

crypto/ec/ec_err.c less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

34	34	"discriminant is zero"},
35	35	{ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
36	36	"ec group new by name failure"},
	37	{ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED),
	38	"explicit params not supported"},
37	39	{ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY),
38	40	"failed making public key"},
39	41	{ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},

+23

-11

crypto/ec/ec_lib.c less more

21	21	#include "crypto/ec.h"
22	22	#include "internal/nelem.h"
23	23	#include "ec_local.h"
24		#include "e_os.h" /* strcasecmp */
25	24
26	25	/* functions for EC_GROUP objects */
27	26

1386	1385	}
1387	1386	#endif
1388	1387
	1388	#ifndef FIPS_MODULE
1389	1389	/*
1390	1390	* Check if the explicit parameters group matches any built-in curves.
1391	1391	*

1423	1423	* parameters with one created from a named group.
1424	1424	*/
1425	1425
1426		#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
	1426	# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
1427	1427	/*
1428	1428	* NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
1429	1429	* the same curve, we prefer the SECP nid when matching explicit

1431	1431	*/
1432	1432	if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12)
1433	1433	curve_name_nid = NID_secp224r1;
1434		#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
	1434	# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
1435	1435
1436	1436	ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
1437	1437	if (ret_group == NULL)

1466	1466	EC_GROUP_free(ret_group);
1467	1467	return NULL;
1468	1468	}
	1469	#endif /* FIPS_MODULE */
1469	1470
1470	1471	static EC_GROUP group_new_from_name(const OSSL_PARAM p,
1471	1472	OSSL_LIB_CTX libctx, const char propq)

1535	1536	EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
1536	1537	OSSL_LIB_CTX libctx, const char propq)
1537	1538	{
1538		const OSSL_PARAM ptmp, pa, *pb;
	1539	const OSSL_PARAM *ptmp;
	1540	EC_GROUP *group = NULL;
	1541
	1542	#ifndef FIPS_MODULE
	1543	const OSSL_PARAM pa, pb;
1539	1544	int ok = 0;
1540		EC_GROUP group = NULL, named_group = NULL;
	1545	EC_GROUP *named_group = NULL;
1541	1546	BIGNUM p = NULL, a = NULL, b = NULL, order = NULL, *cofactor = NULL;
1542	1547	EC_POINT *point = NULL;
1543	1548	int field_bits = 0;

1545	1550	BN_CTX *bnctx = NULL;
1546	1551	const unsigned char *buf = NULL;
1547	1552	int encoding_flag = -1;
	1553	#endif
1548	1554
1549	1555	/* This is the simple named group case */
1550	1556	ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);

1558	1564	}
1559	1565	return group;
1560	1566	}
	1567	#ifdef FIPS_MODULE
	1568	ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED);
	1569	return NULL;
	1570	#else
1561	1571	/* If it gets here then we are trying explicit parameters */
1562	1572	bnctx = BN_CTX_new_ex(libctx);
1563	1573	if (bnctx == NULL) {

1580	1590	ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD);
1581	1591	goto err;
1582	1592	}
1583		if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) {
	1593	if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) {
1584	1594	is_prime_field = 1;
1585		} else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) {
	1595	} else if (OPENSSL_strcasecmp(ptmp->data,
	1596	SN_X9_62_characteristic_two_field) == 0) {
1586	1597	is_prime_field = 0;
1587	1598	} else {
1588	1599	/* Invalid field */

1622	1633	/* create the EC_GROUP structure */
1623	1634	group = EC_GROUP_new_curve_GFp(p, a, b, bnctx);
1624	1635	} else {
1625		#ifdef OPENSSL_NO_EC2M
	1636	# ifdef OPENSSL_NO_EC2M
1626	1637	ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED);
1627	1638	goto err;
1628		#else
	1639	# else
1629	1640	/* create the EC_GROUP structure */
1630	1641	group = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
1631	1642	if (group != NULL) {

1635	1646	goto err;
1636	1647	}
1637	1648	}
1638		#endif /* OPENSSL_NO_EC2M */
	1649	# endif /* OPENSSL_NO_EC2M */
1639	1650	}
1640	1651
1641	1652	if (group == NULL) {

1732	1743	BN_CTX_free(bnctx);
1733	1744
1734	1745	return group;
1735		}
	1746	#endif /* FIPS_MODULE */
	1747	}

+2

-1

crypto/ec/ecp_nistz256.c less more

0	0	/*
1		* Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2014, Intel Corporation. All Rights Reserved.
3	3	* Copyright (c) 2015, CloudFlare, Inc.
4	4	*

977	977	return 0;
978	978	}
979	979
	980	memset(&p, 0, sizeof(p));
980	981	BN_CTX_start(ctx);
981	982
982	983	if (scalar) {

+7

-5

crypto/encode_decode/decoder_lib.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

788	788	*/
789	789	trace_data_structure = data_structure;
790	790	if (data_type != NULL && data_structure != NULL
791		&& strcasecmp(data_structure, "type-specific") == 0)
	791	&& OPENSSL_strcasecmp(data_structure, "type-specific") == 0)
792	792	data_structure = NULL;
793	793
794	794	OSSL_TRACE_BEGIN(DECODER) {

849	849	* that's the case, we do this extra check.
850	850	*/
851	851	if (decoder == NULL && ctx->start_input_type != NULL
852		&& strcasecmp(ctx->start_input_type, new_input_type) != 0) {
	852	&& OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) {
853	853	OSSL_TRACE_BEGIN(DECODER) {
854	854	BIO_printf(trc_out,
855	855	"(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n",

895	895	*/
896	896	if (data_structure != NULL
897	897	&& (new_input_structure == NULL
898		\|\| strcasecmp(data_structure, new_input_structure) != 0)) {
	898	\|\| OPENSSL_strcasecmp(data_structure,
	899	new_input_structure) != 0)) {
899	900	OSSL_TRACE_BEGIN(DECODER) {
900	901	BIO_printf(trc_out,
901	902	"(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n",

914	915	&& ctx->input_structure != NULL
915	916	&& new_input_structure != NULL) {
916	917	data->flag_input_structure_checked = 1;
917		if (strcasecmp(new_input_structure, ctx->input_structure) != 0) {
	918	if (OPENSSL_strcasecmp(new_input_structure,
	919	ctx->input_structure) != 0) {
918	920	OSSL_TRACE_BEGIN(DECODER) {
919	921	BIO_printf(trc_out,
920	922	"(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n",

+1

-2

crypto/encode_decode/decoder_pkey.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

17	17	#include "crypto/evp.h"
18	18	#include "crypto/decoder.h"
19	19	#include "encoder_local.h"
20		#include "e_os.h" /* strcasecmp on Windows */
21	20
22	21	int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
23	22	const unsigned char *kstr,

+5

-6

crypto/encode_decode/encoder_lib.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

6	6	* https://www.openssl.org/source/license.html
7	7	*/
8	8
9		#include "e_os.h" /* strcasecmp on Windows */
10	9	#include <openssl/core_names.h>
11	10	#include <openssl/bio.h>
12	11	#include <openssl/encoder.h>

452	451	*/
453	452	if (top) {
454	453	if (data->ctx->output_type != NULL
455		&& strcasecmp(current_output_type,
456		data->ctx->output_type) != 0) {
	454	&& OPENSSL_strcasecmp(current_output_type,
	455	data->ctx->output_type) != 0) {
457	456	OSSL_TRACE_BEGIN(ENCODER) {
458	457	BIO_printf(trc_out,
459	458	"[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n",

481	480	*/
482	481	if (data->ctx->output_structure != NULL
483	482	&& current_output_structure != NULL) {
484		if (strcasecmp(data->ctx->output_structure,
485		current_output_structure) != 0) {
	483	if (OPENSSL_strcasecmp(data->ctx->output_structure,
	484	current_output_structure) != 0) {
486	485	OSSL_TRACE_BEGIN(ENCODER) {
487	486	BIO_printf(trc_out,
488	487	"[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n",

+0

-1

crypto/encode_decode/encoder_pkey.c less more

6	6	* https://www.openssl.org/source/license.html
7	7	*/
8	8
9		#include "e_os.h" /* strcasecmp on Windows */
10	9	#include <openssl/err.h>
11	10	#include <openssl/ui.h>
12	11	#include <openssl/params.h>

+22

-11

crypto/engine/eng_dyn.c less more

400	400	return 0;
401	401	}
402	402
	403	/*
	404	* Unfortunately the version checker does not distinguish between
	405	* engines built for openssl 1.1.x and openssl 3.x, but loading
	406	* an engine that is built for openssl 1.1.x will cause a fatal
	407	* error. Detect such engines, since EVP_PKEY_base_id is exported
	408	* as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id
	409	* in openssl 3.x. Therefore we take the presence of that symbol
	410	* as an indication that the engine will be incompatible.
	411	*/
	412	static int using_libcrypto_11(dynamic_data_ctx *ctx)
	413	{
	414	int ret;
	415
	416	ERR_set_mark();
	417	ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL;
	418	ERR_pop_to_mark();
	419
	420	return ret;
	421	}
	422
403	423	static int dynamic_load(ENGINE e, dynamic_data_ctx ctx)
404	424	{
405	425	ENGINE cpy;

449	469	/*
450	470	* We fail if the version checker veto'd the load or if it is
451	471	* deferring to us (by returning its version) and we think it is too
452		* old.
453		* Unfortunately the version checker does not distinguish between
454		* engines built for openssl 1.1.x and openssl 3.x, but loading
455		* an engine that is built for openssl 1.1.x will cause a fatal
456		* error. Detect such engines, since EVP_PKEY_base_id is exported
457		* as a function in openssl 1.1.x, while it is a macro in openssl 3.x,
458		* and therefore only the symbol EVP_PKEY_get_base_id is available
459		* in openssl 3.x.
	472	* old. Also fail if this is engine for openssl 1.1.x.
460	473	*/
461		if (vcheck_res < OSSL_DYNAMIC_OLDEST
462		\|\| DSO_bind_func(ctx->dynamic_dso,
463		"EVP_PKEY_base_id") != NULL) {
	474	if (vcheck_res < OSSL_DYNAMIC_OLDEST \|\| using_libcrypto_11(ctx)) {
464	475	/* Fail */
465	476	ctx->bind_engine = NULL;
466	477	ctx->v_check = NULL;

+3

-3

crypto/engine/tb_asnmth.c less more

0	0	/*
1		* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

151	151	e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
152	152	if (ameth != NULL
153	153	&& ((int)strlen(ameth->pem_str) == len)
154		&& strncasecmp(ameth->pem_str, str, len) == 0)
	154	&& OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
155	155	return ameth;
156	156	}
157	157	return NULL;

176	176	e->pkey_asn1_meths(e, &ameth, NULL, nid);
177	177	if (ameth != NULL
178	178	&& ((int)strlen(ameth->pem_str) == lk->len)
179		&& strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
	179	&& OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
180	180	lk->e = e;
181	181	lk->ameth = ameth;
182	182	return;

+2

-1

crypto/err/openssl.txt less more

0		# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
	0	# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
1	1	#
2	2	# Licensed under the Apache License 2.0 (the "License"). You may not use
3	3	# this file except in compliance with the License. You can obtain a copy

536	536	EC_R_DECODE_ERROR:142:decode error
537	537	EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero
538	538	EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure
	539	EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported
539	540	EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key
540	541	EC_R_FIELD_TOO_LARGE:143:field too large
541	542	EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported

+11

-7

crypto/evp/ctrl_params_translate.c less more

35	35	#include "crypto/evp.h"
36	36	#include "crypto/dh.h"
37	37	#include "crypto/ec.h"
38
39		#include "e_os.h" /* strcasecmp() for Windows */
40	38
41	39	struct translation_ctx_st; /* Forwarding */
42	40	struct translation_st; /* Forwarding */

904	902
905	903	/* Convert KDF type strings to numbers */
906	904	for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++)
907		if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) {
	905	if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) {
908	906	ctx->p1 = kdf_type_map->kdf_type_num;
909	907	ret = 1;
910	908	break;

1073	1071	return 0;
1074	1072
1075	1073	if (state == PRE_CTRL_STR_TO_PARAMS) {
1076		ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2));
	1074	if ((ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2)))
	1075	== NULL) {
	1076	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
	1077	return 0;
	1078	}
1077	1079	ctx->p1 = strlen(ctx->p2);
1078	1080	}
1079	1081

2468	2470	* cmd name in the template.
2469	2471	*/
2470	2472	if (item->ctrl_str != NULL
2471		&& strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0)
	2473	&& OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0)
2472	2474	ctrl_str = tmpl->ctrl_str;
2473	2475	else if (item->ctrl_hexstr != NULL
2474		&& strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0)
	2476	&& OPENSSL_strcasecmp(tmpl->ctrl_hexstr,
	2477	item->ctrl_hexstr) == 0)
2475	2478	ctrl_hexstr = tmpl->ctrl_hexstr;
2476	2479	else
2477	2480	continue;

2499	2502	if ((item->action_type != NONE
2500	2503	&& tmpl->action_type != item->action_type)
2501	2504	\|\| (item->param_key != NULL
2502		&& strcasecmp(tmpl->param_key, item->param_key) != 0))
	2505	&& OPENSSL_strcasecmp(tmpl->param_key,
	2506	item->param_key) != 0))
2503	2507	continue;
2504	2508	} else {
2505	2509	return NULL;

+3

-3

crypto/evp/ec_support.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	#include <string.h>
10	10	#include <openssl/ec.h>
11	11	#include "crypto/ec.h"
12		#include "e_os.h" /* strcasecmp required by windows */
	12	#include "internal/nelem.h"
13	13
14	14	typedef struct ec_name2nid_st {
15	15	const char *name;

138	138	return nid;
139	139
140	140	for (i = 0; i < OSSL_NELEM(curve_list); i++) {
141		if (strcasecmp(curve_list[i].name, name) == 0)
	141	if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0)
142	142	return curve_list[i].nid;
143	143	}
144	144	}

+8

-3

crypto/evp/evp_enc.c less more

343	343
344	344	case EVP_CIPH_CBC_MODE:
345	345	n = EVP_CIPHER_CTX_get_iv_length(ctx);
346		if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
347		return 0;
	346	if (n < 0 \|\| n > (int)sizeof(ctx->iv)) {
	347	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
	348	return 0;
	349	}
348	350	if (iv != NULL)
349	351	memcpy(ctx->oiv, iv, n);
350	352	memcpy(ctx->iv, ctx->oiv, n);

354	356	ctx->num = 0;
355	357	/* Don't reuse IV for CTR mode */
356	358	if (iv != NULL) {
357		if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0)
	359	n = EVP_CIPHER_CTX_get_iv_length(ctx);
	360	if (n <= 0 \|\| n > (int)sizeof(ctx->iv)) {
	361	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
358	362	return 0;
	363	}
359	364	memcpy(ctx->iv, iv, n);
360	365	}
361	366	break;

+7

-8

crypto/evp/evp_lib.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

14	14
15	15	#include <stdio.h>
16	16	#include <string.h>
17		#include "e_os.h" /* strcasecmp */
18	17	#include "internal/cryptlib.h"
19	18	#include <openssl/evp.h>
20	19	#include <openssl/objects.h>

1169	1168
1170	1169	va_start(args, type);
1171	1170
1172		if (strcasecmp(type, "RSA") == 0) {
	1171	if (OPENSSL_strcasecmp(type, "RSA") == 0) {
1173	1172	bits = va_arg(args, size_t);
1174	1173	params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
1175		} else if (strcasecmp(type, "EC") == 0) {
	1174	} else if (OPENSSL_strcasecmp(type, "EC") == 0) {
1176	1175	name = va_arg(args, char *);
1177	1176	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
1178	1177	name, 0);
1179		} else if (strcasecmp(type, "ED25519") != 0
1180		&& strcasecmp(type, "X25519") != 0
1181		&& strcasecmp(type, "ED448") != 0
1182		&& strcasecmp(type, "X448") != 0) {
	1178	} else if (OPENSSL_strcasecmp(type, "ED25519") != 0
	1179	&& OPENSSL_strcasecmp(type, "X25519") != 0
	1180	&& OPENSSL_strcasecmp(type, "ED448") != 0
	1181	&& OPENSSL_strcasecmp(type, "X448") != 0) {
1183	1182	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
1184	1183	goto end;
1185	1184	}

+3

-1

crypto/evp/p5_crpt2.c less more

0	0	/*
1		* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

41	41	salt = (unsigned char *)empty;
42	42
43	43	kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq);
	44	if (kdf == NULL)
	45	return 0;
44	46	kctx = EVP_KDF_CTX_new(kdf);
45	47	EVP_KDF_free(kdf);
46	48	if (kctx == NULL)

+2

-4

crypto/evp/p_lib.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

48	48	#endif
49	49	#include "internal/provider.h"
50	50	#include "evp_local.h"
51
52		#include "e_os.h" /* strcasecmp on Windows */
53	51
54	52	static int pkey_set_type(EVP_PKEY pkey, ENGINE e, int type, const char *str,
55	53	int len, EVP_KEYMGMT *keymgmt);

1017	1015	size_t i;
1018	1016
1019	1017	for (i = 0; i < OSSL_NELEM(standard_name2type); i++) {
1020		if (strcasecmp(name, standard_name2type[i].ptr) == 0)
	1018	if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0)
1021	1019	return (int)standard_name2type[i].id;
1022	1020	}
1023	1021

+3

-1

crypto/evp/pmeth_lib.c less more

0	0	/*
1		* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

26	26	#ifndef FIPS_MODULE
27	27	# include "crypto/asn1.h"
28	28	#endif
	29	#include "crypto/ctype.h"
29	30	#include "crypto/evp.h"
30	31	#include "crypto/dh.h"
31	32	#include "crypto/ec.h"

198	199	}
199	200	#ifndef FIPS_MODULE
200	201	if (keytype != NULL) {
	202	ossl_init_casecmp();
201	203	id = evp_pkey_name2type(keytype);
202	204	if (id == NID_undef)
203	205	id = -1;

+2

-3

crypto/ffc/ffc_dh.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	#include "internal/ffc.h"
10	10	#include "internal/nelem.h"
11	11	#include "crypto/bn_dh.h"
12		#include "e_os.h" /* strcasecmp */
13	12
14	13	#ifndef OPENSSL_NO_DH
15	14

83	82	size_t i;
84	83
85	84	for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) {
86		if (strcasecmp(dh_named_groups[i].name, name) == 0)
	85	if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0)
87	86	return &dh_named_groups[i];
88	87	}
89	88	return NULL;

+1

-2

crypto/ffc/ffc_params.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

11	11	#include "internal/ffc.h"
12	12	#include "internal/param_build_set.h"
13	13	#include "internal/nelem.h"
14		#include "e_os.h" /* strcasecmp */
15	14
16	15	#ifndef FIPS_MODULE
17	16	# include <openssl/asn1.h> /* ossl_ffc_params_print */

+9

-9

crypto/http/http_client.c less more

321	321
322	322	for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
323	323	hdr = sk_CONF_VALUE_value(headers, i);
324		if (add_host && strcasecmp("host", hdr->name) == 0)
	324	if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0)
325	325	add_host = 0;
326	326	if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value))
327	327	return 0;

665	665	}
666	666	if (value != NULL && line_end != NULL) {
667	667	if (rctx->state == OHS_REDIRECT
668		&& strcasecmp(key, "Location") == 0) {
	668	&& OPENSSL_strcasecmp(key, "Location") == 0) {
669	669	rctx->redirection_url = value;
670	670	return 0;
671	671	}
672		if (rctx->expected_ct != NULL
673		&& strcasecmp(key, "Content-Type") == 0) {
674		if (strcasecmp(rctx->expected_ct, value) != 0) {
	672	if (rctx->state == OHS_HEADERS && rctx->expected_ct != NULL
	673	&& OPENSSL_strcasecmp(key, "Content-Type") == 0) {
	674	if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) {
675	675	ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE,
676	676	"expected=%s, actual=%s",
677	677	rctx->expected_ct, value);

681	681	}
682	682
683	683	/* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
684		if (strcasecmp(key, "Connection") == 0) {
685		if (strcasecmp(value, "keep-alive") == 0)
	684	if (OPENSSL_strcasecmp(key, "Connection") == 0) {
	685	if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
686	686	found_keep_alive = 1;
687		else if (strcasecmp(value, "close") == 0)
	687	else if (OPENSSL_strcasecmp(value, "close") == 0)
688	688	found_keep_alive = 0;
689		} else if (strcasecmp(key, "Content-Length") == 0) {
	689	} else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) {
690	690	resp_len = (size_t)strtoul(value, &line_end, 10);
691	691	if (line_end == value \|\| *line_end != '\0') {
692	692	ERR_raise_data(ERR_LIB_HTTP,

+8

-1

crypto/init.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

31	31	#include "crypto/store.h"
32	32	#include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */
33	33	#include <openssl/trace.h>
	34	#include "crypto/ctype.h"
34	35
35	36	static int stopped = 0;
36	37	static uint64_t optsdone = 0;

446	447	OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n");
447	448	ossl_trace_cleanup();
448	449
	450	OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n");
	451	ossl_deinit_casecmp();
	452
449	453	base_inited = 0;
450	454	}
451	455

458	462	{
459	463	uint64_t tmp;
460	464	int aloaddone = 0;
	465
	466	if (!ossl_init_casecmp())
	467	return 0;
461	468
462	469	/* Applications depend on 0 being returned when cleanup was already done */
463	470	if (stopped) {

+13

-28

crypto/lhash/lh_stats.c less more

60	60
61	61	void OPENSSL_LH_stats_bio(const OPENSSL_LHASH lh, BIO out)
62	62	{
63		int omit_tsan = 0;
64
65		#ifdef TSAN_REQUIRES_LOCKING
66		if (!CRYPTO_THREAD_read_lock(lh->tsan_lock)) {
67		BIO_printf(out, "unable to lock table, omitting TSAN counters\n");
68		omit_tsan = 1;
69		}
70		#endif
71	63	BIO_printf(out, "num_items = %lu\n", lh->num_items);
72	64	BIO_printf(out, "num_nodes = %u\n", lh->num_nodes);
73	65	BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes);
74		BIO_printf(out, "num_expands = %lu\n", lh->num_expands);
75		BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs);
76		BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts);
77		BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
78		if (!omit_tsan) {
79		BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls);
80		BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls);
81		}
82		BIO_printf(out, "num_insert = %lu\n", lh->num_insert);
83		BIO_printf(out, "num_replace = %lu\n", lh->num_replace);
84		BIO_printf(out, "num_delete = %lu\n", lh->num_delete);
85		BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete);
86		if (!omit_tsan) {
87		BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve);
88		BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss);
89		BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
90		#ifdef TSAN_REQUIRES_LOCKING
91		CRYPTO_THREAD_unlock(lh->tsan_lock);
92		#endif
93		}
	66	BIO_printf(out, "num_expands = 0\n");
	67	BIO_printf(out, "num_expand_reallocs = 0\n");
	68	BIO_printf(out, "num_contracts = 0\n");
	69	BIO_printf(out, "num_contract_reallocs = 0\n");
	70	BIO_printf(out, "num_hash_calls = 0\n");
	71	BIO_printf(out, "num_comp_calls = 0\n");
	72	BIO_printf(out, "num_insert = 0\n");
	73	BIO_printf(out, "num_replace = 0\n");
	74	BIO_printf(out, "num_delete = 0\n");
	75	BIO_printf(out, "num_no_delete = 0\n");
	76	BIO_printf(out, "num_retrieve = 0\n");
	77	BIO_printf(out, "num_retrieve_miss = 0\n");
	78	BIO_printf(out, "num_hash_comps = 0\n");
94	79	}
95	80
96	81	void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH lh, BIO out)

+5

-53

crypto/lhash/lhash.c less more

43	43	static void contract(OPENSSL_LHASH *lh);
44	44	static OPENSSL_LH_NODE *getrn(OPENSSL_LHASH lh, const void data, unsigned long rhash);
45	45
46		static ossl_inline int tsan_lock(const OPENSSL_LHASH *lh)
47		{
48		#ifdef TSAN_REQUIRES_LOCKING
49		if (!CRYPTO_THREAD_write_lock(lh->tsan_lock))
50		return 0;
51		#endif
52		return 1;
53		}
54
55		static ossl_inline void tsan_unlock(const OPENSSL_LHASH *lh)
56		{
57		#ifdef TSAN_REQUIRES_LOCKING
58		CRYPTO_THREAD_unlock(lh->tsan_lock);
59		#endif
60		}
61
62	46	OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
63	47	{
64	48	OPENSSL_LHASH *ret;

73	57	}
74	58	if ((ret->b = OPENSSL_zalloc(sizeof(ret->b) MIN_NODES)) == NULL)
75	59	goto err;
76		#ifdef TSAN_REQUIRES_LOCKING
77		if ((ret->tsan_lock = CRYPTO_THREAD_lock_new()) == NULL)
78		goto err;
79		#endif
80	60	ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
81	61	ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
82	62	ret->num_nodes = MIN_NODES / 2;

98	78	return;
99	79
100	80	OPENSSL_LH_flush(lh);
101		#ifdef TSAN_REQUIRES_LOCKING
102		CRYPTO_THREAD_lock_free(lh->tsan_lock);
103		#endif
104	81	OPENSSL_free(lh->b);
105	82	OPENSSL_free(lh);
106	83	}

122	99	}
123	100	lh->b[i] = NULL;
124	101	}
	102
	103	lh->num_items = 0;
125	104	}
126	105
127	106	void OPENSSL_LH_insert(OPENSSL_LHASH lh, void *data)

146	125	nn->hash = hash;
147	126	*rn = nn;
148	127	ret = NULL;
149		lh->num_insert++;
150	128	lh->num_items++;
151	129	} else { /* replace same key */
152	130	ret = (*rn)->data;
153	131	(*rn)->data = data;
154		lh->num_replace++;
155	132	}
156	133	return ret;
157	134	}

166	143	rn = getrn(lh, data, &hash);
167	144
168	145	if (*rn == NULL) {
169		lh->num_no_delete++;
170	146	return NULL;
171	147	} else {
172	148	nn = *rn;
173	149	*rn = nn->next;
174	150	ret = nn->data;
175	151	OPENSSL_free(nn);
176		lh->num_delete++;
177	152	}
178	153
179	154	lh->num_items--;

189	164	unsigned long hash;
190	165	OPENSSL_LH_NODE **rn;
191	166
192		/*-
193		* This should be atomic without tsan.
194		* It's not clear why it was done this way and not elsewhere.
195		*/
196		tsan_store((TSAN_QUALIFIER int *)&lh->error, 0);
	167	if (lh->error != 0)
	168	lh->error = 0;
197	169
198	170	rn = getrn(lh, data, &hash);
199	171
200		if (tsan_lock(lh)) {
201		tsan_counter(*rn == NULL ? &lh->num_retrieve_miss : &lh->num_retrieve);
202		tsan_unlock(lh);
203		}
204	172	return rn == NULL ? NULL : (rn)->data;
205	173	}
206	174

261	229	memset(n + nni, 0, sizeof(n) (j - nni));
262	230	lh->pmax = nni;
263	231	lh->num_alloc_nodes = j;
264		lh->num_expand_reallocs++;
265	232	lh->p = 0;
266	233	} else {
267	234	lh->p++;
268	235	}
269	236
270	237	lh->num_nodes++;
271		lh->num_expands++;
272	238	n1 = &(lh->b[p]);
273	239	n2 = &(lh->b[p + pmax]);
274	240	*n2 = NULL;

301	267	lh->error++;
302	268	return;
303	269	}
304		lh->num_contract_reallocs++;
305	270	lh->num_alloc_nodes /= 2;
306	271	lh->pmax /= 2;
307	272	lh->p = lh->pmax - 1;

310	275	lh->p--;
311	276
312	277	lh->num_nodes--;
313		lh->num_contracts++;
314	278
315	279	n1 = lh->b[(int)lh->p];
316	280	if (n1 == NULL)

328	292	OPENSSL_LH_NODE *ret, n1;
329	293	unsigned long hash, nn;
330	294	OPENSSL_LH_COMPFUNC cf;
331		int do_tsan = 1;
332
333		#ifdef TSAN_REQUIRES_LOCKING
334		do_tsan = tsan_lock(lh);
335		#endif
	295
336	296	hash = (*(lh->hash)) (data);
337		if (do_tsan)
338		tsan_counter(&lh->num_hash_calls);
339	297	*rhash = hash;
340	298
341	299	nn = hash % lh->pmax;

345	303	cf = lh->comp;
346	304	ret = &(lh->b[(int)nn]);
347	305	for (n1 = *ret; n1 != NULL; n1 = n1->next) {
348		if (do_tsan)
349		tsan_counter(&lh->num_hash_comps);
350	306	if (n1->hash != hash) {
351	307	ret = &(n1->next);
352	308	continue;
353	309	}
354		if (do_tsan)
355		tsan_counter(&lh->num_comp_calls);
356	310	if (cf(n1->data, data) == 0)
357	311	break;
358	312	ret = &(n1->next);
359	313	}
360		if (do_tsan)
361		tsan_unlock(lh);
362	314	return ret;
363	315	}
364	316

+0

-16

crypto/lhash/lhash_local.h less more

26	26	unsigned long up_load; /* load times 256 */
27	27	unsigned long down_load; /* load times 256 */
28	28	unsigned long num_items;
29		unsigned long num_expands;
30		unsigned long num_expand_reallocs;
31		unsigned long num_contracts;
32		unsigned long num_contract_reallocs;
33		TSAN_QUALIFIER unsigned long num_hash_calls;
34		TSAN_QUALIFIER unsigned long num_comp_calls;
35		unsigned long num_insert;
36		unsigned long num_replace;
37		unsigned long num_delete;
38		unsigned long num_no_delete;
39		TSAN_QUALIFIER unsigned long num_retrieve;
40		TSAN_QUALIFIER unsigned long num_retrieve_miss;
41		TSAN_QUALIFIER unsigned long num_hash_comps;
42	29	int error;
43		#ifdef TSAN_REQUIRES_LOCKING
44		CRYPTO_RWLOCK *tsan_lock;
45		#endif
46	30	};

+3

-20

crypto/objects/o_names.c less more

0	0	/*
1		* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

21	21	#include "e_os.h"
22	22
23	23	/*
24		* We define this wrapper for two reasons. Firstly, later versions of
25		* DEC C add linkage information to certain functions, which makes it
26		* tricky to use them as values to regular function pointers.
27		* Secondly, in the EDK2 build environment, the strcasecmp function is
28		* actually an external function with the Microsoft ABI, so we can't
29		* transparently assign function pointers to it.
30		*/
31		#if defined(OPENSSL_SYS_VMS_DECC) \|\| defined(OPENSSL_SYS_UEFI)
32		static int obj_strcasecmp(const char a, const char b)
33		{
34		return strcasecmp(a, b);
35		}
36		#else
37		#define obj_strcasecmp strcasecmp
38		#endif
39
40		/*
41	24	* I use the ex_data stuff to manage the identifiers for the obj_name_types
42	25	* that applications may define. I only really use the free function field.
43	26	*/

110	93	goto out;
111	94	}
112	95	name_funcs->hash_func = ossl_lh_strcasehash;
113		name_funcs->cmp_func = obj_strcasecmp;
	96	name_funcs->cmp_func = OPENSSL_strcasecmp;
114	97	push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
115	98
116	99	if (!push) {

144	127	ret = sk_NAME_FUNCS_value(name_funcs_stack,
145	128	a->type)->cmp_func(a->name, b->name);
146	129	} else
147		ret = strcasecmp(a->name, b->name);
	130	ret = OPENSSL_strcasecmp(a->name, b->name);
148	131	}
149	132	return ret;
150	133	}

+4

-3

crypto/ocsp/ocsp_vfy.c less more

0	0	/*
1		* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

58	58
59	59	ret = X509_verify_cert(ctx);
60	60	if (ret <= 0) {
61		ret = X509_STORE_CTX_get_error(ctx);
	61	int err = X509_STORE_CTX_get_error(ctx);
	62
62	63	ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR,
63		"Verify error: %s", X509_verify_cert_error_string(ret));
	64	"Verify error: %s", X509_verify_cert_error_string(err));
64	65	goto end;
65	66	}
66	67	if (chain != NULL)

+3

-4

crypto/params_dup.c less more

0	0	/*
1		* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

10	10	#include <openssl/params.h>
11	11	#include <openssl/param_build.h>
12	12	#include "internal/param_build_set.h"
13		#include "e_os.h" /* strcasecmp */
14	13
15	14	#define OSSL_PARAM_ALLOCATED_END 127
16	15	#define OSSL_PARAM_MERGE_LIST_MAX 128

141	140	const OSSL_PARAM l = (const OSSL_PARAM **)left;
142	141	const OSSL_PARAM r = (const OSSL_PARAM **)right;
143	142
144		return strcasecmp(l->key, r->key);
	143	return OPENSSL_strcasecmp(l->key, r->key);
145	144	}
146	145
147	146	OSSL_PARAM OSSL_PARAM_merge(const OSSL_PARAM p1, const OSSL_PARAM *p2)

204	203	break;
205	204	}
206	205	/* consume the list element with the smaller key */
207		diff = strcasecmp((p1cur)->key, (p2cur)->key);
	206	diff = OPENSSL_strcasecmp((p1cur)->key, (p2cur)->key);
208	207	if (diff == 0) {
209	208	/* If the keys are the same then throw away the list1 element */
210	209	dst++ = *p2cur;

+0

-365

~~crypto/poly1305/asm/poly1305-ia64.S~~ less more

0		// ====================================================================
1		// Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL
2		// project.
3		// ====================================================================
4		//
5		// Poly1305 for Itanium.
6		//
7		// January 2019
8		//
9		// Performance was reported to be ~2.1 cycles per byte on Itanium 2.
10		// With exception for processors in 95xx family, which have higher
11		// floating-point instructions' latencies and deliver ~2.6 cpb.
12		// Comparison to compiler-generated code is not exactly fair, because
13		// of different radixes. But just for reference, it was observed to be
14		// >3x faster. Originally it was argued that floating-point base 2^32
15		// implementation would be optimal. Upon closer look estimate for below
16		// integer base 2^64 implementation turned to be approximately same on
17		// Itanium 2. But floating-point code would be larger, and have higher
18		// overhead, which would negatively affect small-block performance...
19
20		#if defined(_HPUX_SOURCE)
21		# if !defined(_LP64)
22		# define ADDP addp4
23		# else
24		# define ADDP add
25		# endif
26		# define RUM rum
27		# define SUM sum
28		#else
29		# define ADDP add
30		# define RUM nop
31		# define SUM nop
32		#endif
33
34		.text
35		.explicit
36
37		.global poly1305_init#
38		.proc poly1305_init#
39		.align 64
40		poly1305_init:
41		.prologue
42		.save ar.pfs,r2
43		{ .mmi; alloc r2=ar.pfs,2,0,0,0
44		cmp.eq p6,p7=0,r33 } // key == NULL?
45		{ .mmi; ADDP r9=8,r32
46		ADDP r10=16,r32
47		ADDP r32=0,r32 };;
48		.body
49		{ .mmi; st8 [r32]=r0,24 // ctx->h0 = 0
50		st8 [r9]=r0 // ctx->h1 = 0
51		(p7) ADDP r8=0,r33 }
52		{ .mib; st8 [r10]=r0 // ctx->h2 = 0
53		(p6) mov r8=0
54		(p6) br.ret.spnt b0 };;
55
56		{ .mmi; ADDP r9=1,r33
57		ADDP r10=2,r33
58		ADDP r11=3,r33 };;
59		{ .mmi; ld1 r16=[r8],4 // load key, little-endian
60		ld1 r17=[r9],4 }
61		{ .mmi; ld1 r18=[r10],4
62		ld1 r19=[r11],4 };;
63		{ .mmi; ld1 r20=[r8],4
64		ld1 r21=[r9],4 }
65		{ .mmi; ld1 r22=[r10],4
66		ld1 r23=[r11],4
67		and r19=15,r19 };;
68		{ .mmi; ld1 r24=[r8],4
69		ld1 r25=[r9],4
70		and r20=-4,r20 }
71		{ .mmi; ld1 r26=[r10],4
72		ld1 r27=[r11],4
73		and r23=15,r23 };;
74		{ .mmi; ld1 r28=[r8],4
75		ld1 r29=[r9],4
76		and r24=-4,r24 }
77		{ .mmi; ld1 r30=[r10],4
78		ld1 r31=[r11],4
79		and r27=15,r27 };;
80
81		{ .mii; and r28=-4,r28
82		dep r16=r17,r16,8,8
83		dep r18=r19,r18,8,8 };;
84		{ .mii; and r31=15,r31
85		dep r16=r18,r16,16,16
86		dep r20=r21,r20,8,8 };;
87		{ .mii; dep r16=r20,r16,32,16
88		dep r22=r23,r22,8,8 };;
89		{ .mii; dep r16=r22,r16,48,16
90		dep r24=r25,r24,8,8 };;
91		{ .mii; dep r26=r27,r26,8,8
92		dep r28=r29,r28,8,8 };;
93		{ .mii; dep r24=r26,r24,16,16
94		dep r30=r31,r30,8,8 };;
95		{ .mii; st8 [r32]=r16,8 // ctx->r0
96		dep r24=r28,r24,32,16;;
97		dep r24=r30,r24,48,16 };;
98		{ .mii; st8 [r32]=r24,8 // ctx->r1
99		shr.u r25=r24,2;;
100		add r25=r25,r24 };;
101		{ .mib; st8 [r32]=r25 // ctx->s1
102		mov r8=0
103		br.ret.sptk b0 };;
104		.endp poly1305_init#
105
106		h0=r17; h1=r18; h2=r19;
107		i0=r20; i1=r21;
108		HF0=f8; HF1=f9; HF2=f10;
109		RF0=f11; RF1=f12; SF1=f13;
110
111		.global poly1305_blocks#
112		.proc poly1305_blocks#
113		.align 64
114		poly1305_blocks:
115		.prologue
116		.save ar.pfs,r2
117		{ .mii; alloc r2=ar.pfs,4,1,0,0
118		.save ar.lc,r3
119		mov r3=ar.lc
120		.save pr,r36
121		mov r36=pr }
122
123		.body
124		{ .mmi; ADDP r8=0,r32
125		ADDP r9=8,r32
126		and r29=7,r33 };;
127		{ .mmi; ld8 h0=[r8],16
128		ld8 h1=[r9],16
129		and r33=-8,r33 };;
130		{ .mmi; ld8 h2=[r8],16
131		ldf8 RF0=[r9],16
132		shr.u r34=r34,4 };;
133		{ .mmi; ldf8 RF1=[r8],-32
134		ldf8 SF1=[r9],-32
135		cmp.ltu p16,p17=1,r34 };;
136		{ .mmi;
137		(p16) add r34=-2,r34
138		(p17) mov r34=0
139		ADDP r10=0,r33 }
140		{ .mii; ADDP r11=8,r33
141		(p16) mov ar.ec=2
142		(p17) mov ar.ec=1 };;
143		{ .mib; RUM 1<<1 // go little-endian
144		mov ar.lc=r34
145		brp.loop.imp .Loop,.Lcend-16 }
146
147		{ .mmi; cmp.eq p8,p7=0,r29
148		cmp.eq p9,p0=1,r29
149		cmp.eq p10,p0=2,r29 }
150		{ .mmi; cmp.eq p11,p0=3,r29
151		cmp.eq p12,p0=4,r29
152		cmp.eq p13,p0=5,r29 }
153		{ .mmi; cmp.eq p14,p0=6,r29
154		cmp.eq p15,p0=7,r29
155		add r16=16,r10 };;
156
157		{ .mmb;
158		(p8) ld8 i0=[r10],16 // aligned input
159		(p8) ld8 i1=[r11],16
160		(p8) br.cond.sptk .Loop };;
161
162		// align first block
163		.pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15
164		{ .mmi; (p7) ld8 r14=[r10],24
165		(p7) ld8 r15=[r11],24 }
166
167		{ .mii; (p7) ld8 r16=[r16]
168		nop.i 0;;
169		(p15) shrp i0=r15,r14,56 }
170		{ .mii; (p15) shrp i1=r16,r15,56
171		(p14) shrp i0=r15,r14,48 }
172		{ .mii; (p14) shrp i1=r16,r15,48
173		(p13) shrp i0=r15,r14,40 }
174		{ .mii; (p13) shrp i1=r16,r15,40
175		(p12) shrp i0=r15,r14,32 }
176		{ .mii; (p12) shrp i1=r16,r15,32
177		(p11) shrp i0=r15,r14,24 }
178		{ .mii; (p11) shrp i1=r16,r15,24
179		(p10) shrp i0=r15,r14,16 }
180		{ .mii; (p10) shrp i1=r16,r15,16
181		(p9) shrp i0=r15,r14,8 }
182		{ .mii; (p9) shrp i1=r16,r15,8
183		mov r14=r16 };;
184
185		.Loop:
186		.pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15
187		{ .mmi; add h0=h0,i0
188		add h1=h1,i1
189		add h2=h2,r35 };;
190		{ .mmi; setf.sig HF0=h0
191		cmp.ltu p6,p0=h0,i0
192		cmp.ltu p7,p0=h1,i1 };;
193		{ .mmi; (p6) add h1=1,h1;;
194		setf.sig HF1=h1
195		(p6) cmp.eq.or p7,p0=0,h1 };;
196		{ .mmi; (p7) add h2=1,h2;;
197		setf.sig HF2=h2 };;
198
199		{ .mfi; (p16) ld8 r15=[r10],16
200		xmpy.lu f32=HF0,RF0 }
201		{ .mfi; (p16) ld8 r16=[r11],16
202		xmpy.hu f33=HF0,RF0 }
203		{ .mfi; xmpy.lu f36=HF0,RF1 }
204		{ .mfi; xmpy.hu f37=HF0,RF1 };;
205		{ .mfi; xmpy.lu f34=HF1,SF1
206		(p15) shrp i0=r15,r14,56 }
207		{ .mfi; xmpy.hu f35=HF1,SF1 }
208		{ .mfi; xmpy.lu f38=HF1,RF0
209		(p15) shrp i1=r16,r15,56 }
210		{ .mfi; xmpy.hu f39=HF1,RF0 }
211		{ .mfi; xmpy.lu f40=HF2,SF1
212		(p14) shrp i0=r15,r14,48 }
213		{ .mfi; xmpy.lu f41=HF2,RF0 };;
214
215		{ .mmi; getf.sig r22=f32
216		getf.sig r23=f33
217		(p14) shrp i1=r16,r15,48 }
218		{ .mmi; getf.sig r24=f34
219		getf.sig r25=f35
220		(p13) shrp i0=r15,r14,40 }
221		{ .mmi; getf.sig r26=f36
222		getf.sig r27=f37
223		(p13) shrp i1=r16,r15,40 }
224		{ .mmi; getf.sig r28=f38
225		getf.sig r29=f39
226		(p12) shrp i0=r15,r14,32 }
227		{ .mmi; getf.sig r30=f40
228		getf.sig r31=f41 };;
229
230		{ .mmi; add h0=r22,r24
231		add r23=r23,r25
232		(p12) shrp i1=r16,r15,32 }
233		{ .mmi; add h1=r26,r28
234		add r27=r27,r29
235		(p11) shrp i0=r15,r14,24 };;
236		{ .mmi; cmp.ltu p6,p0=h0,r24
237		cmp.ltu p7,p0=h1,r28
238		add r23=r23,r30 };;
239		{ .mmi; (p6) add r23=1,r23
240		(p7) add r27=1,r27
241		(p11) shrp i1=r16,r15,24 };;
242		{ .mmi; add h1=h1,r23;;
243		cmp.ltu p6,p7=h1,r23
244		(p10) shrp i0=r15,r14,16 };;
245		{ .mmi; (p6) add h2=r31,r27,1
246		(p7) add h2=r31,r27
247		(p10) shrp i1=r16,r15,16 };;
248
249		{ .mmi; (p8) mov i0=r15
250		and r22=-4,h2
251		shr.u r23=h2,2 };;
252		{ .mmi; add r22=r22,r23
253		and h2=3,h2
254		(p9) shrp i0=r15,r14,8 };;
255
256		{ .mmi; add h0=h0,r22;;
257		cmp.ltu p6,p0=h0,r22
258		(p9) shrp i1=r16,r15,8 };;
259		{ .mmi; (p8) mov i1=r16
260		(p6) cmp.eq.unc p7,p0=-1,h1
261		(p6) add h1=1,h1 };;
262		{ .mmb; (p7) add h2=1,h2
263		mov r14=r16
264		br.ctop.sptk .Loop };;
265		.Lcend:
266
267		{ .mii; SUM 1<<1 // back to big-endian
268		mov ar.lc=r3 };;
269
270		{ .mmi; st8 [r8]=h0,16
271		st8 [r9]=h1
272		mov pr=r36,0x1ffff };;
273		{ .mmb; st8 [r8]=h2
274		rum 1<<5
275		br.ret.sptk b0 };;
276		.endp poly1305_blocks#
277
278		.global poly1305_emit#
279		.proc poly1305_emit#
280		.align 64
281		poly1305_emit:
282		.prologue
283		.save ar.pfs,r2
284		{ .mmi; alloc r2=ar.pfs,3,0,0,0
285		ADDP r8=0,r32
286		ADDP r9=8,r32 };;
287
288		.body
289		{ .mmi; ld8 r16=[r8],16 // load hash
290		ld8 r17=[r9]
291		ADDP r10=0,r34 };;
292		{ .mmi; ld8 r18=[r8]
293		ld4 r24=[r10],8 // load nonce
294		ADDP r11=4,r34 };;
295
296		{ .mmi; ld4 r25=[r11],8
297		ld4 r26=[r10]
298		add r20=5,r16 };;
299
300		{ .mmi; ld4 r27=[r11]
301		cmp.ltu p6,p7=r20,r16
302		shl r25=r25,32 };;
303		{ .mmi;
304		(p6) add r21=1,r17
305		(p7) add r21=0,r17
306		(p6) cmp.eq.or.andcm p6,p7=-1,r17 };;
307		{ .mmi;
308		(p6) add r22=1,r18
309		(p7) add r22=0,r18
310		shl r27=r27,32 };;
311		{ .mmi; or r24=r24,r25
312		or r26=r26,r27
313		cmp.leu p6,p7=4,r22 };;
314		{ .mmi;
315		(p6) add r16=r20,r24
316		(p7) add r16=r16,r24
317		(p6) add r17=r21,r26 };;
318		{ .mii;
319		(p7) add r17=r17,r26
320		cmp.ltu p6,p7=r16,r24;;
321		(p6) add r17=1,r17 };;
322
323		{ .mmi; ADDP r8=0,r33
324		ADDP r9=4,r33
325		shr.u r20=r16,32 }
326		{ .mmi; ADDP r10=8,r33
327		ADDP r11=12,r33
328		shr.u r21=r17,32 };;
329
330		{ .mmi; st1 [r8]=r16,1 // write mac, little-endian
331		st1 [r9]=r20,1
332		shr.u r16=r16,8 }
333		{ .mii; st1 [r10]=r17,1
334		shr.u r20=r20,8
335		shr.u r17=r17,8 }
336		{ .mmi; st1 [r11]=r21,1
337		shr.u r21=r21,8 };;
338
339		{ .mmi; st1 [r8]=r16,1
340		st1 [r9]=r20,1
341		shr.u r16=r16,8 }
342		{ .mii; st1 [r10]=r17,1
343		shr.u r20=r20,8
344		shr.u r17=r17,8 }
345		{ .mmi; st1 [r11]=r21,1
346		shr.u r21=r21,8 };;
347
348		{ .mmi; st1 [r8]=r16,1
349		st1 [r9]=r20,1
350		shr.u r16=r16,8 }
351		{ .mii; st1 [r10]=r17,1
352		shr.u r20=r20,8
353		shr.u r17=r17,8 }
354		{ .mmi; st1 [r11]=r21,1
355		shr.u r21=r21,8 };;
356
357		{ .mmi; st1 [r8]=r16
358		st1 [r9]=r20 }
359		{ .mmb; st1 [r10]=r17
360		st1 [r11]=r21
361		br.ret.sptk b0 };;
362		.endp poly1305_emit#
363
364		stringz "Poly1305 for IA64, CRYPTOGAMS by \@dot-asm"

+365

-0

crypto/poly1305/asm/poly1305-ia64.s less more

	0	// ====================================================================
	1	// Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL
	2	// project.
	3	// ====================================================================
	4	//
	5	// Poly1305 for Itanium.
	6	//
	7	// January 2019
	8	//
	9	// Performance was reported to be ~2.1 cycles per byte on Itanium 2.
	10	// With exception for processors in 95xx family, which have higher
	11	// floating-point instructions' latencies and deliver ~2.6 cpb.
	12	// Comparison to compiler-generated code is not exactly fair, because
	13	// of different radixes. But just for reference, it was observed to be
	14	// >3x faster. Originally it was argued that floating-point base 2^32
	15	// implementation would be optimal. Upon closer look estimate for below
	16	// integer base 2^64 implementation turned to be approximately same on
	17	// Itanium 2. But floating-point code would be larger, and have higher
	18	// overhead, which would negatively affect small-block performance...
	19
	20	#if defined(_HPUX_SOURCE)
	21	# if !defined(_LP64)
	22	# define ADDP addp4
	23	# else
	24	# define ADDP add
	25	# endif
	26	# define RUM rum
	27	# define SUM sum
	28	#else
	29	# define ADDP add
	30	# define RUM nop
	31	# define SUM nop
	32	#endif
	33
	34	.text
	35	.explicit
	36
	37	.global poly1305_init#
	38	.proc poly1305_init#
	39	.align 64
	40	poly1305_init:
	41	.prologue
	42	.save ar.pfs,r2
	43	{ .mmi; alloc r2=ar.pfs,2,0,0,0
	44	cmp.eq p6,p7=0,r33 } // key == NULL?
	45	{ .mmi; ADDP r9=8,r32
	46	ADDP r10=16,r32
	47	ADDP r32=0,r32 };;
	48	.body
	49	{ .mmi; st8 [r32]=r0,24 // ctx->h0 = 0
	50	st8 [r9]=r0 // ctx->h1 = 0
	51	(p7) ADDP r8=0,r33 }
	52	{ .mib; st8 [r10]=r0 // ctx->h2 = 0
	53	(p6) mov r8=0
	54	(p6) br.ret.spnt b0 };;
	55
	56	{ .mmi; ADDP r9=1,r33
	57	ADDP r10=2,r33
	58	ADDP r11=3,r33 };;
	59	{ .mmi; ld1 r16=[r8],4 // load key, little-endian
	60	ld1 r17=[r9],4 }
	61	{ .mmi; ld1 r18=[r10],4
	62	ld1 r19=[r11],4 };;
	63	{ .mmi; ld1 r20=[r8],4
	64	ld1 r21=[r9],4 }
	65	{ .mmi; ld1 r22=[r10],4
	66	ld1 r23=[r11],4
	67	and r19=15,r19 };;
	68	{ .mmi; ld1 r24=[r8],4
	69	ld1 r25=[r9],4
	70	and r20=-4,r20 }
	71	{ .mmi; ld1 r26=[r10],4
	72	ld1 r27=[r11],4
	73	and r23=15,r23 };;
	74	{ .mmi; ld1 r28=[r8],4
	75	ld1 r29=[r9],4
	76	and r24=-4,r24 }
	77	{ .mmi; ld1 r30=[r10],4
	78	ld1 r31=[r11],4
	79	and r27=15,r27 };;
	80
	81	{ .mii; and r28=-4,r28
	82	dep r16=r17,r16,8,8
	83	dep r18=r19,r18,8,8 };;
	84	{ .mii; and r31=15,r31
	85	dep r16=r18,r16,16,16
	86	dep r20=r21,r20,8,8 };;
	87	{ .mii; dep r16=r20,r16,32,16
	88	dep r22=r23,r22,8,8 };;
	89	{ .mii; dep r16=r22,r16,48,16
	90	dep r24=r25,r24,8,8 };;
	91	{ .mii; dep r26=r27,r26,8,8
	92	dep r28=r29,r28,8,8 };;
	93	{ .mii; dep r24=r26,r24,16,16
	94	dep r30=r31,r30,8,8 };;
	95	{ .mii; st8 [r32]=r16,8 // ctx->r0
	96	dep r24=r28,r24,32,16;;
	97	dep r24=r30,r24,48,16 };;
	98	{ .mii; st8 [r32]=r24,8 // ctx->r1
	99	shr.u r25=r24,2;;
	100	add r25=r25,r24 };;
	101	{ .mib; st8 [r32]=r25 // ctx->s1
	102	mov r8=0
	103	br.ret.sptk b0 };;
	104	.endp poly1305_init#
	105
	106	h0=r17; h1=r18; h2=r19;
	107	i0=r20; i1=r21;
	108	HF0=f8; HF1=f9; HF2=f10;
	109	RF0=f11; RF1=f12; SF1=f13;
	110
	111	.global poly1305_blocks#
	112	.proc poly1305_blocks#
	113	.align 64
	114	poly1305_blocks:
	115	.prologue
	116	.save ar.pfs,r2
	117	{ .mii; alloc r2=ar.pfs,4,1,0,0
	118	.save ar.lc,r3
	119	mov r3=ar.lc
	120	.save pr,r36
	121	mov r36=pr }
	122
	123	.body
	124	{ .mmi; ADDP r8=0,r32
	125	ADDP r9=8,r32
	126	and r29=7,r33 };;
	127	{ .mmi; ld8 h0=[r8],16
	128	ld8 h1=[r9],16
	129	and r33=-8,r33 };;
	130	{ .mmi; ld8 h2=[r8],16
	131	ldf8 RF0=[r9],16
	132	shr.u r34=r34,4 };;
	133	{ .mmi; ldf8 RF1=[r8],-32
	134	ldf8 SF1=[r9],-32
	135	cmp.ltu p16,p17=1,r34 };;
	136	{ .mmi;
	137	(p16) add r34=-2,r34
	138	(p17) mov r34=0
	139	ADDP r10=0,r33 }
	140	{ .mii; ADDP r11=8,r33
	141	(p16) mov ar.ec=2
	142	(p17) mov ar.ec=1 };;
	143	{ .mib; RUM 1<<1 // go little-endian
	144	mov ar.lc=r34
	145	brp.loop.imp .Loop,.Lcend-16 }
	146
	147	{ .mmi; cmp.eq p8,p7=0,r29
	148	cmp.eq p9,p0=1,r29
	149	cmp.eq p10,p0=2,r29 }
	150	{ .mmi; cmp.eq p11,p0=3,r29
	151	cmp.eq p12,p0=4,r29
	152	cmp.eq p13,p0=5,r29 }
	153	{ .mmi; cmp.eq p14,p0=6,r29
	154	cmp.eq p15,p0=7,r29
	155	add r16=16,r10 };;
	156
	157	{ .mmb;
	158	(p8) ld8 i0=[r10],16 // aligned input
	159	(p8) ld8 i1=[r11],16
	160	(p8) br.cond.sptk .Loop };;
	161
	162	// align first block
	163	.pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15
	164	{ .mmi; (p7) ld8 r14=[r10],24
	165	(p7) ld8 r15=[r11],24 }
	166
	167	{ .mii; (p7) ld8 r16=[r16]
	168	nop.i 0;;
	169	(p15) shrp i0=r15,r14,56 }
	170	{ .mii; (p15) shrp i1=r16,r15,56
	171	(p14) shrp i0=r15,r14,48 }
	172	{ .mii; (p14) shrp i1=r16,r15,48
	173	(p13) shrp i0=r15,r14,40 }
	174	{ .mii; (p13) shrp i1=r16,r15,40
	175	(p12) shrp i0=r15,r14,32 }
	176	{ .mii; (p12) shrp i1=r16,r15,32
	177	(p11) shrp i0=r15,r14,24 }
	178	{ .mii; (p11) shrp i1=r16,r15,24
	179	(p10) shrp i0=r15,r14,16 }
	180	{ .mii; (p10) shrp i1=r16,r15,16
	181	(p9) shrp i0=r15,r14,8 }
	182	{ .mii; (p9) shrp i1=r16,r15,8
	183	mov r14=r16 };;
	184
	185	.Loop:
	186	.pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15
	187	{ .mmi; add h0=h0,i0
	188	add h1=h1,i1
	189	add h2=h2,r35 };;
	190	{ .mmi; setf.sig HF0=h0
	191	cmp.ltu p6,p0=h0,i0
	192	cmp.ltu p7,p0=h1,i1 };;
	193	{ .mmi; (p6) add h1=1,h1;;
	194	setf.sig HF1=h1
	195	(p6) cmp.eq.or p7,p0=0,h1 };;
	196	{ .mmi; (p7) add h2=1,h2;;
	197	setf.sig HF2=h2 };;
	198
	199	{ .mfi; (p16) ld8 r15=[r10],16
	200	xmpy.lu f32=HF0,RF0 }
	201	{ .mfi; (p16) ld8 r16=[r11],16
	202	xmpy.hu f33=HF0,RF0 }
	203	{ .mfi; xmpy.lu f36=HF0,RF1 }
	204	{ .mfi; xmpy.hu f37=HF0,RF1 };;
	205	{ .mfi; xmpy.lu f34=HF1,SF1
	206	(p15) shrp i0=r15,r14,56 }
	207	{ .mfi; xmpy.hu f35=HF1,SF1 }
	208	{ .mfi; xmpy.lu f38=HF1,RF0
	209	(p15) shrp i1=r16,r15,56 }
	210	{ .mfi; xmpy.hu f39=HF1,RF0 }
	211	{ .mfi; xmpy.lu f40=HF2,SF1
	212	(p14) shrp i0=r15,r14,48 }
	213	{ .mfi; xmpy.lu f41=HF2,RF0 };;
	214
	215	{ .mmi; getf.sig r22=f32
	216	getf.sig r23=f33
	217	(p14) shrp i1=r16,r15,48 }
	218	{ .mmi; getf.sig r24=f34
	219	getf.sig r25=f35
	220	(p13) shrp i0=r15,r14,40 }
	221	{ .mmi; getf.sig r26=f36
	222	getf.sig r27=f37
	223	(p13) shrp i1=r16,r15,40 }
	224	{ .mmi; getf.sig r28=f38
	225	getf.sig r29=f39
	226	(p12) shrp i0=r15,r14,32 }
	227	{ .mmi; getf.sig r30=f40
	228	getf.sig r31=f41 };;
	229
	230	{ .mmi; add h0=r22,r24
	231	add r23=r23,r25
	232	(p12) shrp i1=r16,r15,32 }
	233	{ .mmi; add h1=r26,r28
	234	add r27=r27,r29
	235	(p11) shrp i0=r15,r14,24 };;
	236	{ .mmi; cmp.ltu p6,p0=h0,r24
	237	cmp.ltu p7,p0=h1,r28
	238	add r23=r23,r30 };;
	239	{ .mmi; (p6) add r23=1,r23
	240	(p7) add r27=1,r27
	241	(p11) shrp i1=r16,r15,24 };;
	242	{ .mmi; add h1=h1,r23;;
	243	cmp.ltu p6,p7=h1,r23
	244	(p10) shrp i0=r15,r14,16 };;
	245	{ .mmi; (p6) add h2=r31,r27,1
	246	(p7) add h2=r31,r27
	247	(p10) shrp i1=r16,r15,16 };;
	248
	249	{ .mmi; (p8) mov i0=r15
	250	and r22=-4,h2
	251	shr.u r23=h2,2 };;
	252	{ .mmi; add r22=r22,r23
	253	and h2=3,h2
	254	(p9) shrp i0=r15,r14,8 };;
	255
	256	{ .mmi; add h0=h0,r22;;
	257	cmp.ltu p6,p0=h0,r22
	258	(p9) shrp i1=r16,r15,8 };;
	259	{ .mmi; (p8) mov i1=r16
	260	(p6) cmp.eq.unc p7,p0=-1,h1
	261	(p6) add h1=1,h1 };;
	262	{ .mmb; (p7) add h2=1,h2
	263	mov r14=r16
	264	br.ctop.sptk .Loop };;
	265	.Lcend:
	266
	267	{ .mii; SUM 1<<1 // back to big-endian
	268	mov ar.lc=r3 };;
	269
	270	{ .mmi; st8 [r8]=h0,16
	271	st8 [r9]=h1
	272	mov pr=r36,0x1ffff };;
	273	{ .mmb; st8 [r8]=h2
	274	rum 1<<5
	275	br.ret.sptk b0 };;
	276	.endp poly1305_blocks#
	277
	278	.global poly1305_emit#
	279	.proc poly1305_emit#
	280	.align 64
	281	poly1305_emit:
	282	.prologue
	283	.save ar.pfs,r2
	284	{ .mmi; alloc r2=ar.pfs,3,0,0,0
	285	ADDP r8=0,r32
	286	ADDP r9=8,r32 };;
	287
	288	.body
	289	{ .mmi; ld8 r16=[r8],16 // load hash
	290	ld8 r17=[r9]
	291	ADDP r10=0,r34 };;
	292	{ .mmi; ld8 r18=[r8]
	293	ld4 r24=[r10],8 // load nonce
	294	ADDP r11=4,r34 };;
	295
	296	{ .mmi; ld4 r25=[r11],8
	297	ld4 r26=[r10]
	298	add r20=5,r16 };;
	299
	300	{ .mmi; ld4 r27=[r11]
	301	cmp.ltu p6,p7=r20,r16
	302	shl r25=r25,32 };;
	303	{ .mmi;
	304	(p6) add r21=1,r17
	305	(p7) add r21=0,r17
	306	(p6) cmp.eq.or.andcm p6,p7=-1,r17 };;
	307	{ .mmi;
	308	(p6) add r22=1,r18
	309	(p7) add r22=0,r18
	310	shl r27=r27,32 };;
	311	{ .mmi; or r24=r24,r25
	312	or r26=r26,r27
	313	cmp.leu p6,p7=4,r22 };;
	314	{ .mmi;
	315	(p6) add r16=r20,r24
	316	(p7) add r16=r16,r24
	317	(p6) add r17=r21,r26 };;
	318	{ .mii;
	319	(p7) add r17=r17,r26
	320	cmp.ltu p6,p7=r16,r24;;
	321	(p6) add r17=1,r17 };;
	322
	323	{ .mmi; ADDP r8=0,r33
	324	ADDP r9=4,r33
	325	shr.u r20=r16,32 }
	326	{ .mmi; ADDP r10=8,r33
	327	ADDP r11=12,r33
	328	shr.u r21=r17,32 };;
	329
	330	{ .mmi; st1 [r8]=r16,1 // write mac, little-endian
	331	st1 [r9]=r20,1
	332	shr.u r16=r16,8 }
	333	{ .mii; st1 [r10]=r17,1
	334	shr.u r20=r20,8
	335	shr.u r17=r17,8 }
	336	{ .mmi; st1 [r11]=r21,1
	337	shr.u r21=r21,8 };;
	338
	339	{ .mmi; st1 [r8]=r16,1
	340	st1 [r9]=r20,1
	341	shr.u r16=r16,8 }
	342	{ .mii; st1 [r10]=r17,1
	343	shr.u r20=r20,8
	344	shr.u r17=r17,8 }
	345	{ .mmi; st1 [r11]=r21,1
	346	shr.u r21=r21,8 };;
	347
	348	{ .mmi; st1 [r8]=r16,1
	349	st1 [r9]=r20,1
	350	shr.u r16=r16,8 }
	351	{ .mii; st1 [r10]=r17,1
	352	shr.u r20=r20,8
	353	shr.u r17=r17,8 }
	354	{ .mmi; st1 [r11]=r21,1
	355	shr.u r21=r21,8 };;
	356
	357	{ .mmi; st1 [r8]=r16
	358	st1 [r9]=r20 }
	359	{ .mmb; st1 [r10]=r17
	360	st1 [r11]=r21
	361	br.ret.sptk b0 };;
	362	.endp poly1305_emit#
	363
	364	stringz "Poly1305 for IA64, CRYPTOGAMS by \@dot-asm"

+1

-1

crypto/poly1305/build.info less more

4	4	$POLY1305ASM_x86=poly1305-x86.s
5	5	$POLY1305ASM_x86_64=poly1305-x86_64.s
6	6
7		$POLY1305ASM_ia64=asm/poly1305-ia64.S
	7	$POLY1305ASM_ia64=asm/poly1305-ia64.s
8	8
9	9	$POLY1305ASM_sparcv9=poly1305-sparcv9.S
10	10

+2

-2

crypto/property/property_parse.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

44	44	{
45	45	const char s = t;
46	46
47		if (strncasecmp(s, m, m_len) == 0) {
	47	if (OPENSSL_strncasecmp(s, m, m_len) == 0) {
48	48	*t = skip_space(s + m_len);
49	49	return 1;
50	50	}

+6

-6

crypto/rand/rand_lib.c less more

767	767
768	768	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
769	769	cval = sk_CONF_VALUE_value(elist, i);
770		if (strcasecmp(cval->name, "random") == 0) {
	770	if (OPENSSL_strcasecmp(cval->name, "random") == 0) {
771	771	if (!random_set_string(&dgbl->rng_name, cval->value))
772	772	return 0;
773		} else if (strcasecmp(cval->name, "cipher") == 0) {
	773	} else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) {
774	774	if (!random_set_string(&dgbl->rng_cipher, cval->value))
775	775	return 0;
776		} else if (strcasecmp(cval->name, "digest") == 0) {
	776	} else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) {
777	777	if (!random_set_string(&dgbl->rng_digest, cval->value))
778	778	return 0;
779		} else if (strcasecmp(cval->name, "properties") == 0) {
	779	} else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) {
780	780	if (!random_set_string(&dgbl->rng_propq, cval->value))
781	781	return 0;
782		} else if (strcasecmp(cval->name, "seed") == 0) {
	782	} else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) {
783	783	if (!random_set_string(&dgbl->seed_name, cval->value))
784	784	return 0;
785		} else if (strcasecmp(cval->name, "seed_properties") == 0) {
	785	} else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) {
786	786	if (!random_set_string(&dgbl->seed_propq, cval->value))
787	787	return 0;
788	788	} else {

+2

-4

crypto/rsa/rsa_backend.c less more

25	25	#include "internal/param_build_set.h"
26	26	#include "crypto/rsa.h"
27	27	#include "rsa_local.h"
28
29		#include "e_os.h" /* strcasecmp for Windows() */
30	28
31	29	/*
32	30	* The intention with the "backend" source file is to offer backend support

274	272	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
275	273	return 0;
276	274
277		if (strcasecmp(param_mgf->data,
278		ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
	275	if (OPENSSL_strcasecmp(param_mgf->data,
	276	ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
279	277	return 0;
280	278	}
281	279

+4

-1

crypto/s390x_arch.h less more

0	0	/*
1		* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

71	71	unsigned long long kdsa[2];
72	72	};
73	73
	74	#if defined(__GNUC__) && defined(__linux)
	75	__attribute__ ((visibility("hidden")))
	76	#endif
74	77	extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
75	78
76	79	/* Max number of 64-bit words currently returned by STFLE */

+4

-1

crypto/s390xcap.c less more

0	0	/*
1		* Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

73	73
74	74	struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
75	75
	76	#if defined(__GNUC__) && defined(__linux)
	77	__attribute__ ((visibility("hidden")))
	78	#endif
76	79	void OPENSSL_cpuid_setup(void)
77	80	{
78	81	struct OPENSSL_s390xcap_st cap;

+2

-2

crypto/siphash/siphash.c less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

203	203	uint64_t v2 = ctx->v2;
204	204	uint64_t v3 = ctx->v3;
205	205
206		if (outlen != (size_t)ctx->hash_size)
	206	if (ctx->crounds == 0 \|\| outlen == 0 \|\| outlen != (size_t)ctx->hash_size)
207	207	return 0;
208	208
209	209	switch (ctx->len) {

+10

-15

crypto/sparse_array.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

18	18	* depth of the tree but potentially wastes more memory. That is, this is a
19	19	* direct space versus time tradeoff.
20	20	*
21		* The large memory model uses twelve bits which means that the are 4096
22		* pointers in each tree node. This is more than sufficient to hold the
23		* largest defined NID (as of Feb 2019). This means that using a NID to
24		* index a sparse array becomes a constant time single array look up.
25		*
26		* The small memory model uses four bits which means the tree nodes contain
27		* sixteen pointers. This reduces the amount of unused space significantly
28		* at a cost in time.
	21	* The default is to use four bits which means that the are 16
	22	* pointers in each tree node.
29	23	*
30	24	* The library builder is also permitted to define other sizes in the closed
31		* interval [2, sizeof(ossl_uintmax_t) * 8].
	25	* interval [2, sizeof(ossl_uintmax_t) * 8]. Space use generally scales
	26	* exponentially with the block size, although the implementation only
	27	* creates enough blocks to support the largest used index. The depth is:
	28	* ceil(log_2(largest index) / 2^{block size})
	29	* E.g. with a block size of 4, and a largest index of 1000, the depth
	30	* will be three.
32	31	*/
33	32	#ifndef OPENSSL_SA_BLOCK_BITS
34		# ifdef OPENSSL_SMALL_FOOTPRINT
35		# define OPENSSL_SA_BLOCK_BITS 4
36		# else
37		# define OPENSSL_SA_BLOCK_BITS 12
38		# endif
	33	# define OPENSSL_SA_BLOCK_BITS 4
39	34	#elif OPENSSL_SA_BLOCK_BITS < 2 \|\| OPENSSL_SA_BLOCK_BITS > (BN_BITS2 - 1)
40	35	# error OPENSSL_SA_BLOCK_BITS is out of range
41	36	#endif

+2

-2

crypto/store/store_lib.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

92	92	OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
93	93	if ((p = strchr(scheme_copy, ':')) != NULL) {
94	94	*p++ = '\0';
95		if (strcasecmp(scheme_copy, "file") != 0) {
	95	if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
96	96	if (strncmp(p, "//", 2) == 0)
97	97	schemes_n--; /* Invalidate the file scheme */
98	98	schemes[schemes_n++] = scheme_copy;

+1

-1

crypto/store/store_result.c less more

456	456
457	457	/* If we have a data type, it should be a PEM name */
458	458	if (data->data_type != NULL
459		&& (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
	459	&& (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0))
460	460	ignore_trusted = 0;
461	461
462	462	if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data,

+15

-3

crypto/threads_pthread.c less more

14	14
15	15	#if defined(__sun)
16	16	# include <atomic.h>
	17	#endif
	18
	19	#if defined(__apple_build_version__) && __apple_build_version__ < 6000000
	20	/*
	21	* OS/X 10.7 and 10.8 had a weird version of clang which has __ATOMIC_ACQUIRE and
	22	* __ATOMIC_ACQ_REL but which expects only one parameter for __atomic_is_lock_free()
	23	* rather than two which has signature __atomic_is_lock_free(sizeof(_Atomic(T))).
	24	* All of this makes impossible to use __atomic_is_lock_free here.
	25	*
	26	* See: https://github.com/llvm/llvm-project/commit/a4c2602b714e6c6edb98164550a5ae829b2de760
	27	*/
	28	#define BROKEN_CLANG_ATOMICS
17	29	#endif
18	30
19	31	#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)

187	199
188	200	int CRYPTO_atomic_add(int val, int amount, int ret, CRYPTO_RWLOCK *lock)
189	201	{
190		# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
	202	# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
191	203	if (__atomic_is_lock_free(sizeof(*val), val)) {
192	204	*ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
193	205	return 1;

214	226	int CRYPTO_atomic_or(uint64_t val, uint64_t op, uint64_t ret,
215	227	CRYPTO_RWLOCK *lock)
216	228	{
217		# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
	229	# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
218	230	if (__atomic_is_lock_free(sizeof(*val), val)) {
219	231	*ret = __atomic_or_fetch(val, op, __ATOMIC_ACQ_REL);
220	232	return 1;

239	251
240	252	int CRYPTO_atomic_load(uint64_t val, uint64_t ret, CRYPTO_RWLOCK *lock)
241	253	{
242		# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE)
	254	# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
243	255	if (__atomic_is_lock_free(sizeof(*val), val)) {
244	256	__atomic_load(val, ret, __ATOMIC_ACQUIRE);
245	257	return 1;

+1

-3

crypto/trace.c less more

17	17	#include "internal/nelem.h"
18	18	#include "internal/refcount.h"
19	19	#include "crypto/cryptlib.h"
20
21		#include "e_os.h" /* strcasecmp for Windows */
22	20
23	21	#ifndef OPENSSL_NO_TRACE
24	22

157	155	size_t i;
158	156
159	157	for (i = 0; i < OSSL_NELEM(trace_categories); i++)
160		if (strcasecmp(name, trace_categories[i].name) == 0)
	158	if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0)
161	159	return trace_categories[i].num;
162	160	return -1; /* not found */
163	161	}

+2

-2

crypto/x509/v3_tlsf.c less more

0	0	/*
1		* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

107	107	extval = val->name;
108	108
109	109	for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
110		if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
	110	if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0)
111	111	break;
112	112	if (j < OSSL_NELEM(tls_feature_tbl))
113	113	tlsextid = tls_feature_tbl[j].num;

+14

-6

crypto/x509/v3_utl.c less more

348	348	ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME);
349	349	goto err;
350	350	}
351		X509V3_add_value(ntmp, NULL, &values);
	351	if (!X509V3_add_value(ntmp, NULL, &values)) {
	352	goto err;
	353	}
352	354	}
353	355	break;
354	356

361	363	ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE);
362	364	goto err;
363	365	}
364		X509V3_add_value(ntmp, vtmp, &values);
	366	if (!X509V3_add_value(ntmp, vtmp, &values)) {
	367	goto err;
	368	}
365	369	ntmp = NULL;
366	370	q = p + 1;
367	371	}

375	379	ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE);
376	380	goto err;
377	381	}
378		X509V3_add_value(ntmp, vtmp, &values);
	382	if (!X509V3_add_value(ntmp, vtmp, &values)) {
	383	goto err;
	384	}
379	385	} else {
380	386	ntmp = strip_spaces(q);
381	387	if (!ntmp) {
382	388	ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME);
383	389	goto err;
384	390	}
385		X509V3_add_value(ntmp, NULL, &values);
	391	if (!X509V3_add_value(ntmp, NULL, &values)) {
	392	goto err;
	393	}
386	394	}
387	395	OPENSSL_free(linebuf);
388	396	return values;

706	714	}
707	715	/* IDNA labels cannot match partial wildcards */
708	716	if (!allow_idna &&
709		subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
	717	subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0)
710	718	return 0;
711	719	/* The wildcard may match a literal '' /
712	720	if (wildcard_end == wildcard_start + 1 && wildcard_start == '')

766	774	\|\| ('A' <= p[i] && p[i] <= 'Z')
767	775	\|\| ('0' <= p[i] && p[i] <= '9')) {
768	776	if ((state & LABEL_START) != 0
769		&& len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
	777	&& len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0)
770	778	state \|= LABEL_IDNA;
771	779	state &= ~(LABEL_HYPHEN \| LABEL_START);
772	780	} else if (p[i] == '.') {

+6

-0

doc/build.info less more

1530	1530	GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod
1531	1531	DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod
1532	1532	GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod
	1533	DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod
	1534	GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod
	1535	DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod
	1536	GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod
1533	1537	DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod
1534	1538	GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod
1535	1539	DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod

3109	3113	html/man3/OPENSSL_malloc.html \
3110	3114	html/man3/OPENSSL_s390xcap.html \
3111	3115	html/man3/OPENSSL_secure_malloc.html \
	3116	html/man3/OPENSSL_strcasecmp.html \
3112	3117	html/man3/OSSL_CMP_CTX_new.html \
3113	3118	html/man3/OSSL_CMP_HDR_get0_transactionID.html \
3114	3119	html/man3/OSSL_CMP_ITAV_set0.html \

3703	3708	man/man3/OPENSSL_malloc.3 \
3704	3709	man/man3/OPENSSL_s390xcap.3 \
3705	3710	man/man3/OPENSSL_secure_malloc.3 \
	3711	man/man3/OPENSSL_strcasecmp.3 \
3706	3712	man/man3/OSSL_CMP_CTX_new.3 \
3707	3713	man/man3/OSSL_CMP_HDR_get0_transactionID.3 \
3708	3714	man/man3/OSSL_CMP_ITAV_set0.3 \

+4

-1

doc/fingerprints.txt less more

18	18	8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
19	19
20	20	Paul Dale:
21		1B72 6772 1033 CC88 A531 5EF5 5359 C4D8 443B 383B
	21	B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45
	22
	23	Tomáš Mráz:
	24	A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C

+5

-2

doc/man3/BIO_meth_new.pod less more

117	117	called in response to the application calling BIO_new() and passing
118	118	in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the
119	119	memory for the new BIO, and a pointer to this newly allocated structure will
120		be passed as a parameter to the function.
	120	be passed as a parameter to the function. If a create function is set,
	121	BIO_new() will not mark the BIO as initialised on allocation.
	122	L<BIO_set_init(3)> must then be called either by the create function, or later,
	123	by a BIO ctrl function, once BIO initialisation is complete.
121	124
122	125	BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used
123	126	for destroying an instance of a BIO respectively. This function will be

153	156
154	157	=head1 COPYRIGHT
155	158
156		Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	159	Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
157	160
158	161	Licensed under the Apache License 2.0 (the "License"). You may not use
159	162	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_blake2b512.pod less more

33	33	=head1 RETURN VALUES
34	34
35	35	These functions return a B<EVP_MD> structure that contains the
36		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	36	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
37	37	details of the B<EVP_MD> structure.
38	38
39	39	=head1 CONFORMING TO

53	53
54	54	=head1 COPYRIGHT
55	55
56		Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
	56	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
57	57
58	58	Licensed under the Apache License 2.0 (the "License"). You may not use
59	59	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_md2.pod less more

27	27	=head1 RETURN VALUES
28	28
29	29	These functions return a B<EVP_MD> structure that contains the
30		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	30	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
31	31	details of the B<EVP_MD> structure.
32	32
33	33	=head1 CONFORMING TO

42	42
43	43	=head1 COPYRIGHT
44	44
45		Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	45	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
46	46
47	47	Licensed under the Apache License 2.0 (the "License"). You may not use
48	48	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_md4.pod less more

28	28	=head1 RETURN VALUES
29	29
30	30	These functions return a B<EVP_MD> structure that contains the
31		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	31	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
32	32	details of the B<EVP_MD> structure.
33	33
34	34	=head1 CONFORMING TO

43	43
44	44	=head1 COPYRIGHT
45	45
46		Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	46	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
47	47
48	48	Licensed under the Apache License 2.0 (the "License"). You may not use
49	49	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_md5.pod less more

39	39	=head1 RETURN VALUES
40	40
41	41	These functions return a B<EVP_MD> structure that contains the
42		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	42	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
43	43	details of the B<EVP_MD> structure.
44	44
45	45	=head1 CONFORMING TO

53	53
54	54	=head1 COPYRIGHT
55	55
56		Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	56	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
57	57
58	58	Licensed under the Apache License 2.0 (the "License"). You may not use
59	59	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_mdc2.pod less more

28	28	=head1 RETURN VALUES
29	29
30	30	These functions return a B<EVP_MD> structure that contains the
31		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	31	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
32	32	details of the B<EVP_MD> structure.
33	33
34	34	=head1 CONFORMING TO

43	43
44	44	=head1 COPYRIGHT
45	45
46		Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	46	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
47	47
48	48	Licensed under the Apache License 2.0 (the "License"). You may not use
49	49	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_ripemd160.pod less more

27	27	=head1 RETURN VALUES
28	28
29	29	These functions return a B<EVP_MD> structure that contains the
30		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	30	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
31	31	details of the B<EVP_MD> structure.
32	32
33	33	=head1 CONFORMING TO

42	42
43	43	=head1 COPYRIGHT
44	44
45		Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	45	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
46	46
47	47	Licensed under the Apache License 2.0 (the "License"). You may not use
48	48	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_sha1.pod less more

28	28	=head1 RETURN VALUES
29	29
30	30	These functions return a B<EVP_MD> structure that contains the
31		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	31	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
32	32	details of the B<EVP_MD> structure.
33	33
34	34	=head1 CONFORMING TO

42	42
43	43	=head1 COPYRIGHT
44	44
45		Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
	45	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
46	46
47	47	Licensed under the Apache License 2.0 (the "License"). You may not use
48	48	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_sha224.pod less more

48	48	=head1 RETURN VALUES
49	49
50	50	These functions return a B<EVP_MD> structure that contains the
51		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	51	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
52	52	details of the B<EVP_MD> structure.
53	53
54	54	=head1 CONFORMING TO

62	62
63	63	=head1 COPYRIGHT
64	64
65		Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	65	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
66	66
67	67	Licensed under the Apache License 2.0 (the "License"). You may not use
68	68	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_sha3_224.pod less more

53	53	=head1 RETURN VALUES
54	54
55	55	These functions return a B<EVP_MD> structure that contains the
56		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	56	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
57	57	details of the B<EVP_MD> structure.
58	58
59	59	=head1 CONFORMING TO

67	67
68	68	=head1 COPYRIGHT
69	69
70		Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
	70	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
71	71
72	72	Licensed under the Apache License 2.0 (the "License"). You may not use
73	73	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/EVP_sm3.pod less more

27	27	=head1 RETURN VALUES
28	28
29	29	These functions return a B<EVP_MD> structure that contains the
30		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	30	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
31	31	details of the B<EVP_MD> structure.
32	32
33	33	=head1 CONFORMING TO

41	41
42	42	=head1 COPYRIGHT
43	43
44		Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	44	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
45	45	Copyright 2017 Ribose Inc. All Rights Reserved.
46	46
47	47	Licensed under the Apache License 2.0 (the "License"). You may not use

+2

-2

doc/man3/EVP_whirlpool.pod less more

29	29	=head1 RETURN VALUES
30	30
31	31	These functions return a B<EVP_MD> structure that contains the
32		implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for
	32	implementation of the message digest. See L<EVP_MD_meth_new(3)> for
33	33	details of the B<EVP_MD> structure.
34	34
35	35	=head1 CONFORMING TO

44	44
45	45	=head1 COPYRIGHT
46	46
47		Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	47	Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
48	48
49	49	Licensed under the Apache License 2.0 (the "License"). You may not use
50	50	this file except in compliance with the License. You can obtain a copy

+5

-4

doc/man3/OPENSSL_LH_stats.pod less more

22	22	The B<LHASH> structure records statistics about most aspects of
23	23	accessing the hash table.
24	24
25		OPENSSL_LH_stats() prints out statistics on the size of the hash table, how
26		many entries are in it, and the number and result of calls to the
27		routines in this library.
	25	OPENSSL_LH_stats() prints out statistics on the size of the hash table and how
	26	many entries are in it. For historical reasons, this function also outputs a
	27	number of additional statistics, but the tracking of these statistics is no
	28	longer supported and these statistics are always reported as zero.
28	29
29	30	OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the
30	31	hash table.

57	58
58	59	=head1 COPYRIGHT
59	60
60		Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
	61	Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
61	62
62	63	Licensed under the Apache License 2.0 (the "License"). You may not use
63	64	this file except in compliance with the License. You can obtain a copy

+47

-0

doc/man3/OPENSSL_strcasecmp.pod less more

	0	=pod
	1
	2	=head1 NAME
	3
	4	OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case
	5
	6	=head1 SYNOPSIS
	7
	8	#include <openssl/crypto.h>
	9
	10	int OPENSSL_strcasecmp(const char s1, const char s2);
	11	int OPENSSL_strncasecmp(const char s1, const char s2, size_t n);
	12
	13	=head1 DESCRIPTION
	14
	15	The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings
	16	B<s1> and B<s2>, ignoring the case of the characters.
	17
	18	The OPENSSL_strncasecmp function is similar, except that it compares no more than
	19	B<n> bytes of B<s1> and B<s2>.
	20
	21	In POSIX-compatible system and on Windows these functions use "C" locale for
	22	case insensitive. Otherwise the comparison is done in current locale.
	23
	24	=head1 RETURN VALUES
	25
	26	Both functions return an integer less than, equal to, or greater than zero if
	27	s1 is found, respectively, to be less than, to match, or be greater than s2.
	28
	29	=head1 NOTES
	30
	31	OpenSSL extensively uses case insensitive comparison of ASCII strings. Though
	32	OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may
	33	unpredictably suffer when they use localization (e.g. Turkish locale is
	34	well-known with a specific I/i cases). These functions use C locale for string
	35	comparison.
	36
	37	=head1 COPYRIGHT
	38
	39	Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
	40
	41	Licensed under the Apache License 2.0 (the "License"). You may not use
	42	this file except in compliance with the License. You can obtain a copy
	43	in the file LICENSE in the source distribution or at
	44	L<https://www.openssl.org/source/license.html>.
	45
	46	=cut

+4

-4

doc/man3/OSSL_CMP_CTX_new.pod less more

243	243	("indirect method")
244	244
245	245	Note that a signature-based POPO can only be produced if a private key
246		is provided as the newPkey or client pkey component of the CMP context.
	246	is provided as the newPkey or client's pkey component of the CMP context.
247	247
248	248	=item B<OSSL_CMP_OPT_DIGEST_ALGNID>
249	249

440	440	OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the
441	441	list of untrusted certs, which may be empty if unset.
442	442
443		OSSL_CMP_CTX_set1_cert() sets the certificate related to the private key
	443	OSSL_CMP_CTX_set1_cert() sets the certificate related to the client's private key
444	444	used for CMP message protection.
445	445	Therefore the public key of this I<cert> must correspond to
446	446	the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey().

467	467	is performed on demand that is equivalent to calling this function
468	468	with the I<candidates> and I<own_trusted> arguments being NULL.
469	469
470		OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the
	470	OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the
471	471	CMP signer certificate set via OSSL_CMP_CTX_set1_cert().
472	472	This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG)
473	473	of outgoing messages

518	518	OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment
519	519	dependent on fields of the CMP context structure:
520	520	the newPkey (which may be a private or public key) if present,
521		else the public key in the p10CSR if present, else the client private key.
	521	else the public key in the p10CSR if present, else the client's private key.
522	522	If the I<priv> parameter is not 0 and the selected key does not have a
523	523	private component then NULL is returned.
524	524

+28

-12

doc/man3/OSSL_CMP_MSG_get0_header.pod less more

39	39	for inclusion in a CMP request message based on details contained in I<ctx>.
40	40	The I<rid> argument defines the request identifier to use, which typically is 0.
41	41
42		The subject DN to include in the certificate template is determined as follows.
43		If I<ctx> includes a subject name set via L<OSSL_CMP_CTX_set1_subjectName(3)>,
44		this name is used.
45		Otherwise, if a PKCS#10 CSR is given in I<ctx>, its subject is used.
46		Otherwise, if a reference certificate is given in I<ctx>
47		(see L<OSSL_CMP_CTX_set1_oldCert(3)>), its subject is used if I<for_KUR>
48		is nonzero or the I<ctx> does not include a Subject Alternative Name.
	42	The subject DN included in the certificate template is
	43	the first available value of these:
49	44
50		The public key to include is taken from any value set via
51		L<OSSL_CMP_CTX_set0_newPkey(3)>,
52		otherwise the public key of any PKCS#10 CSR is given in I<ctx>,
53		otherwise the public key of any reference certificate given in I<ctx>,
54		otherwise it is derived from the client private key if given in I<ctx>.
	45	=over 4
	46
	47	=item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)>,
	48
	49	=item the subject field of any PKCS#10 CSR is given in I<ctx>, or
	50
	51	=item the subject field of any reference certificate given in I<ctx>
	52	(see L<OSSL_CMP_CTX_set1_oldCert(3)>), if I<for_KUR> is nonzero
	53	or the I<ctx> does not include a Subject Alternative Name.
	54
	55	=back
	56
	57	The public key included is the first available value of these:
	58
	59	=over 4
	60
	61	=item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>,
	62
	63	=item the public key of any PKCS#10 CSR is given in I<ctx>,
	64
	65	=item the public key of any reference certificate given in I<ctx>, or
	66
	67	=item the public key derived from any client's private key
	68	set via L<OSSL_CMP_CTX_set1_pkey(3)>.
	69
	70	=back
55	71
56	72	The set of X.509 extensions to include is computed as follows.
57	73	If a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there,

+2

-2

doc/man3/PEM_read_bio_PrivateKey.pod less more

192	192	=head1 DESCRIPTION
193	193
194	194	All of the functions described on this page that have a I<TYPE> of B<DH>, B<DSA>
195		and B<RSA> are deprecated. Applications should use OSSL_ENCODER_to_bio() and
196		OSSL_DECODER_from_bio() instead.
	195	and B<RSA> are deprecated. Applications should use L<OSSL_ENCODER_to_bio(3)> and
	196	L<OSSL_DECODER_from_bio(3)> instead.
197	197
198	198	The PEM functions read or write structures in PEM format. In
199	199	this sense PEM format is simply base64 encoded data surrounded

+1

-1

doc/man3/SSL_CONF_cmd.pod less more

63	63	setting B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION>.
64	64	Only used by servers.
65	65
66		=item B<-legacyrenegotiation>
	66	=item B<-legacy_renegotiation>
67	67
68	68	Permits the use of unsafe legacy renegotiation. Equivalent to setting
69	69	B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.

+20

-4

doc/man3/SSL_CTX_get0_param.pod less more

1	1
2	2	=head1 NAME
3	3
4		SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param -
	4	SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param,
	5	SSL_CTX_set_purpose, SSL_CTX_set_trust, SSL_set_purpose, SSL_set_trust -
5	6	get and set verification parameters
6	7
7	8	=head1 SYNOPSIS

13	14	int SSL_CTX_set1_param(SSL_CTX ctx, X509_VERIFY_PARAM vpm);
14	15	int SSL_set1_param(SSL ssl, X509_VERIFY_PARAM vpm);
15	16
	17	int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose);
	18	int SSL_set_purpose(SSL *ssl, int purpose);
	19
	20	int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
	21	int SSL_set_trust(SSL *ssl, int trust);
	22
16	23	=head1 DESCRIPTION
17	24
18	25	SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to

21	28
22	29	SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters
23	30	to B<vpm> for B<ctx> or B<ssl>.
	31
	32	The functions SSL_CTX_set_purpose() and SSL_set_purpose() are shorthands which
	33	set the purpose parameter on the verification parameters object. These functions
	34	are equivalent to calling X509_VERIFY_PARAM_set_purpose() directly.
	35
	36	The functions SSL_CTX_set_trust() and SSL_set_trust() are similarly shorthands
	37	which set the trust parameter on the verification parameters object. These
	38	functions are equivalent to calling X509_VERIFY_PARAM_set_trust() directly.
24	39
25	40	=head1 NOTES
26	41

33	48	SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an
34	49	B<X509_VERIFY_PARAM> structure.
35	50
36		SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0
37		for failure.
	51	SSL_CTX_set1_param(), SSL_set1_param(), SSL_CTX_set_purpose(),
	52	SSL_set_purpose(), SSL_CTX_set_trust() and SSL_set_trust() return 1 for success
	53	and 0 for failure.
38	54
39	55	=head1 EXAMPLES
40	56

54	70
55	71	=head1 COPYRIGHT
56	72
57		Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
	73	Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
58	74
59	75	Licensed under the Apache License 2.0 (the "License"). You may not use
60	76	this file except in compliance with the License. You can obtain a copy

+13

-2

doc/man3/SSL_CTX_set1_verify_cert_store.pod less more

4	4	SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store,
5	5	SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store,
6	6	SSL_set0_verify_cert_store, SSL_set1_verify_cert_store,
7		SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate
	7	SSL_set0_chain_cert_store, SSL_set1_chain_cert_store,
	8	SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store,
	9	SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate
8	10	verification or chain store
9	11
10	12	=head1 SYNOPSIS

15	17	int SSL_CTX_set1_verify_cert_store(SSL_CTX ctx, X509_STORE st);
16	18	int SSL_CTX_set0_chain_cert_store(SSL_CTX ctx, X509_STORE st);
17	19	int SSL_CTX_set1_chain_cert_store(SSL_CTX ctx, X509_STORE st);
	20	int SSL_CTX_get0_verify_cert_store(SSL_CTX ctx, X509_STORE *st);
	21	int SSL_CTX_get0_chain_cert_store(SSL_CTX ctx, X509_STORE *st);
18	22
19	23	int SSL_set0_verify_cert_store(SSL ctx, X509_STORE st);
20	24	int SSL_set1_verify_cert_store(SSL ctx, X509_STORE st);
21	25	int SSL_set0_chain_cert_store(SSL ctx, X509_STORE st);
22	26	int SSL_set1_chain_cert_store(SSL ctx, X509_STORE st);
	27	int SSL_get0_verify_cert_store(SSL ctx, X509_STORE *st);
	28	int SSL_get0_chain_cert_store(SSL ctx, X509_STORE *st);
23	29
24	30	=head1 DESCRIPTION
25	31

32	38	SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(),
33	39	SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar
34	40	except they apply to SSL structure B<ssl>.
	41
	42	SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(),
	43	SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the
	44	objects previously set via the above calls. A pointer to the object (or NULL if
	45	no such object has been set) is written to B<*st>.
35	46
36	47	All these functions are implemented as macros. Those containing a B<1>
37	48	increment the reference count of the supplied store so it must

93	104
94	105	=head1 COPYRIGHT
95	106
96		Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
	107	Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
97	108
98	109	Licensed under the Apache License 2.0 (the "License"). You may not use
99	110	this file except in compliance with the License. You can obtain a copy

+11

-3

doc/man3/SSL_CTX_set_ssl_version.pod less more

1	1
2	2	=head1 NAME
3	3
4		SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
	4	SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method
5	5	- choose a new TLS/SSL method
6	6
7	7	=head1 SYNOPSIS

9	9	#include <openssl/ssl.h>
10	10
11	11	int SSL_CTX_set_ssl_version(SSL_CTX ctx, const SSL_METHOD method);
	12	const SSL_METHOD SSL_CTX_get_ssl_method(const SSL_CTX ctx);
	13
12	14	int SSL_set_ssl_method(SSL s, const SSL_METHOD method);
13	15	const SSL_METHOD SSL_get_ssl_method(const SSL ssl);
14	16

21	23	SSL_CTX with L<SSL_new(3)> are not affected, except when L<SSL_clear(3)> is
22	24	being called, as described below.
23	25
	26	SSL_CTX_get_ssl_method() returns the SSL_METHOD which was used to construct the
	27	SSL_CTX.
	28
24	29	SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
25	30	object. It may be reset, when SSL_clear() is called.
26	31
27		SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
	32	SSL_get_ssl_method() returns a pointer to the TLS/SSL method
28	33	set in B<ssl>.
29	34
30	35	=head1 NOTES

58	63
59	64	=back
60	65
	66	SSL_CTX_get_ssl_method() and SSL_get_ssl_method() always return non-NULL
	67	pointers.
	68
61	69	=head1 SEE ALSO
62	70
63	71	L<SSL_CTX_new(3)>, L<SSL_new(3)>,

70	78
71	79	=head1 COPYRIGHT
72	80
73		Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
	81	Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
74	82
75	83	Licensed under the Apache License 2.0 (the "License"). You may not use
76	84	this file except in compliance with the License. You can obtain a copy

+11

-1

doc/man3/SSL_CTX_set_timeout.pod less more

41	41	All currently supported protocols have the same default timeout value
42	42	of 300 seconds.
43	43
	44	This timeout value is used as the ticket lifetime hint for stateless session
	45	tickets. It is also used as the timeout value within the ticket itself.
	46
	47	For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
	48	seconds).
	49
	50	For TLSv1.2, tickets generated during an initial handshake use the value
	51	as specified. Tickets generated during a resumed handshake have a value
	52	of 0 for the ticket lifetime hint.
	53
44	54	=head1 RETURN VALUES
45	55
46	56	SSL_CTX_set_timeout() returns the previously set timeout value.

57	67
58	68	=head1 COPYRIGHT
59	69
60		Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
	70	Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
61	71
62	72	Licensed under the Apache License 2.0 (the "License"). You may not use
63	73	this file except in compliance with the License. You can obtain a copy

+2

-2

doc/man3/SSL_CTX_set_verify.pod less more

52	52	with B<SSL_ERROR_WANT_RETRY_VERIFY>.
53	53	The application can for instance fetch further certificates or cert status
54	54	information needed for the verification.
55		Note that the handshake may still be aborted if a subsequent invocation of the
56		callback (e.g. at a lower depth, or for a separate error condition) returns 0.
57	55	Calling L<SSL_connect(3)> again resumes the connection attempt by retrying the
58	56	server certificate verification step.
59	57	This process may even be repeated if need be.
	58	Note that the handshake may still be aborted if a subsequent invocation of the
	59	callback (e.g., at a lower depth, or for a separate error condition) returns 0.
60	60
61	61	SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
62	62	verification that shall be allowed for B<ctx>.

+3

-2

doc/man3/SSL_set_session.pod less more

20	20
21	21	If there is already a session set inside B<ssl> (because it was set with
22	22	SSL_set_session() before or because the same B<ssl> was already used for
23		a connection), SSL_SESSION_free() will be called for that session. If that old
	23	a connection), SSL_SESSION_free() will be called for that session.
	24	This is also the case when B<session> is a NULL pointer. If that old
24	25	session is still B<open>, it is considered bad and will be removed from the
25	26	session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was
26	27	not called for the connection (or at least L<SSL_set_shutdown(3)> was used to

59	60
60	61	=head1 COPYRIGHT
61	62
62		Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	63	Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
63	64
64	65	Licensed under the Apache License 2.0 (the "License"). You may not use
65	66	this file except in compliance with the License. You can obtain a copy

+3

-3

doc/man7/EVP_KDF-SSHKDF.pod less more

102	102
103	103	EVP_KDF *kdf;
104	104	EVP_KDF_CTX *kctx;
105		const char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
	105	char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
106	106	unsigned char key[1024] = "01234...";
107	107	unsigned char xcghash[32] = "012345...";
108	108	unsigned char session_id[32] = "012345...";

125	125	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
126	126	&type, sizeof(type));
127	127	*p = OSSL_PARAM_construct_end();
128		if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0)
	128	if (EVP_KDF_derive(kctx, out, outlen, params) <= 0)
129	129	/* Error */
130	130
131	131

145	145
146	146	=head1 COPYRIGHT
147	147
148		Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	148	Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
149	149
150	150	Licensed under the Apache License 2.0 (the "License"). You may not use
151	151	this file except in compliance with the License. You can obtain a copy

+5

-9

doc/man7/provider-signature.pod less more

42	42
43	43	/* Digest Sign */
44	44	int OSSL_FUNC_signature_digest_sign_init(void ctx, const char mdname,
45		const char props, void provkey,
	45	void *provkey,
46	46	const OSSL_PARAM params[]);
47	47	int OSSL_FUNC_signature_digest_sign_update(void ctx, const unsigned char data,
48	48	size_t datalen);

55	55
56	56	/* Digest Verify */
57	57	int OSSL_FUNC_signature_digest_verify_init(void ctx, const char mdname,
58		const char props, void provkey,
	58	void *provkey,
59	59	const OSSL_PARAM params[]);
60	60	int OSSL_FUNC_signature_digest_verify_update(void *ctx,
61	61	const unsigned char *data,

265	265	The key object should have been
266	266	previously generated, loaded or imported into the provider using the
267	267	key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
268		The name of the digest to be used will be in the I<mdname> parameter. There may
269		also be properties to be used in fetching the digest in the I<props> parameter,
270		although this may be ignored by providers.
	268	The name of the digest to be used will be in the I<mdname> parameter.
271	269
272	270	OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data>
273	271	parameter which should be of length I<datalen>. A previously initialised

304	302	The key object should have been
305	303	previously generated, loaded or imported into the provider using the
306	304	key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
307		The name of the digest to be used will be in the I<mdname> parameter. There may
308		also be properties to be used in fetching the digest in the I<props> parameter,
309		although this may be ignored by providers.
	305	The name of the digest to be used will be in the I<mdname> parameter.
310	306
311	307	OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data>
312	308	parameter which should be of length I<datalen>. A previously initialised

434	430
435	431	=head1 COPYRIGHT
436	432
437		Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	433	Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
438	434
439	435	Licensed under the Apache License 2.0 (the "License"). You may not use
440	436	this file except in compliance with the License. You can obtain a copy

+41

-9

doc/man7/provider.pod less more

114	114	B<EVP_MD>.
115	115	The number for this operation is B<OSSL_OP_DIGEST>.
116	116	The functions the provider can offer are described in
117		L<provider-digest(7)>
	117	L<provider-digest(7)>.
118	118
119	119	=item Symmetric ciphers
120	120

122	122	B<EVP_CIPHER>.
123	123	The number for this operation is B<OSSL_OP_CIPHER>.
124	124	The functions the provider can offer are described in
125		L<provider-cipher(7)>
	125	L<provider-cipher(7)>.
126	126
127	127	=item Message Authentication Code (MAC)
128	128

130	130	B<EVP_MAC>.
131	131	The number for this operation is B<OSSL_OP_MAC>.
132	132	The functions the provider can offer are described in
133		L<provider-mac(7)>
	133	L<provider-mac(7)>.
134	134
135	135	=item Key Derivation Function (KDF)
136	136

138	138	B<EVP_KDF>.
139	139	The number for this operation is B<OSSL_OP_KDF>.
140	140	The functions the provider can offer are described in
141		L<provider-kdf(7)>
	141	L<provider-kdf(7)>.
142	142
143	143	=item Key Exchange
144	144

146	146	B<EVP_KEYEXCH>.
147	147	The number for this operation is B<OSSL_OP_KEYEXCH>.
148	148	The functions the provider can offer are described in
149		L<provider-keyexch(7)>
	149	L<provider-keyexch(7)>.
150	150
151	151	=item Asymmetric Ciphers
152	152

154	154	B<EVP_ASYM_CIPHER>.
155	155	The number for this operation is B<OSSL_OP_ASYM_CIPHER>.
156	156	The functions the provider can offer are described in
157		L<provider-asym_cipher(7)>
	157	L<provider-asym_cipher(7)>.
158	158
159	159	=item Asymmetric Key Encapsulation
160	160
161	161	In the OpenSSL libraries, the corresponding method object is B<EVP_KEM>.
162	162	The number for this operation is B<OSSL_OP_KEM>.
163		The functions the provider can offer are described in L<provider-kem(7)>
	163	The functions the provider can offer are described in L<provider-kem(7)>.
164	164
165	165	=item Encoding
166	166

168	168	B<OSSL_ENCODER>.
169	169	The number for this operation is B<OSSL_OP_ENCODER>.
170	170	The functions the provider can offer are described in
171		L<provider-encoder(7)>
	171	L<provider-encoder(7)>.
	172
	173	=item Decoding
	174
	175	In the OpenSSL libraries, the corresponding method object is
	176	B<OSSL_DECODER>.
	177	The number for this operation is B<OSSL_OP_DECODER>.
	178	The functions the provider can offer are described in
	179	L<provider-decoder(7)>.
	180
	181	=item Random Number Generation
	182
	183	The number for this operation is B<OSSL_OP_RAND>.
	184	The functions the provider can offer for random number generation are described
	185	in L<provider-rand(7)>.
	186
	187	=item Key Management
	188
	189	The number for this operation is B<OSSL_OP_KEYMGMT>.
	190	The functions the provider can offer for key management are described in
	191	L<provider-keymgmt(7)>.
	192
	193	=item Signing and Signature Verification
	194
	195	The number for this operation is B<OSSL_OP_SIGNATURE>.
	196	The functions the provider can offer for digital signatures are described in
	197	L<provider-signature(7)>.
	198
	199	=item Store Management
	200
	201	The number for this operation is B<OSSL_OP_STORE>.
	202	The functions the provider can offer for store management are described in
	203	L<provider-storemgmt(7)>.
172	204
173	205	=back
174	206

221	253
222	254	=head1 COPYRIGHT
223	255
224		Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	256	Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
225	257
226	258	Licensed under the Apache License 2.0 (the "License"). You may not use
227	259	this file except in compliance with the License. You can obtain a copy

+1

-3

e_os.h less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

248	248	/***********************************************/
249	249
250	250	# if defined(OPENSSL_SYS_WINDOWS)
251		# define strcasecmp _stricmp
252		# define strncasecmp _strnicmp
253	251	# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
254	252	# define open _open
255	253	# define fdopen _fdopen

+5

-5

engines/e_devcrypto.c less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

1158	1158	case DEVCRYPTO_CMD_CIPHERS:
1159	1159	if (p == NULL)
1160	1160	return 1;
1161		if (strcasecmp((const char *)p, "ALL") == 0) {
	1161	if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) {
1162	1162	devcrypto_select_all_ciphers(selected_ciphers);
1163		} else if (strcasecmp((const char*)p, "NONE") == 0) {
	1163	} else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) {
1164	1164	memset(selected_ciphers, 0, sizeof(selected_ciphers));
1165	1165	} else {
1166	1166	new_list=OPENSSL_zalloc(sizeof(selected_ciphers));

1178	1178	case DEVCRYPTO_CMD_DIGESTS:
1179	1179	if (p == NULL)
1180	1180	return 1;
1181		if (strcasecmp((const char *)p, "ALL") == 0) {
	1181	if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) {
1182	1182	devcrypto_select_all_digests(selected_digests);
1183		} else if (strcasecmp((const char*)p, "NONE") == 0) {
	1183	} else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) {
1184	1184	memset(selected_digests, 0, sizeof(selected_digests));
1185	1185	} else {
1186	1186	new_list=OPENSSL_zalloc(sizeof(selected_digests));

+5

-6

engines/e_loader_attic.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

13	13	/* We need to use some engine deprecated APIs */
14	14	#define OPENSSL_SUPPRESS_DEPRECATED
15	15
16		/* #include "e_os.h" */
17	16	#include <string.h>
18	17	#include <sys/stat.h>
19	18	#include <ctype.h>

43	42
44	43	#ifdef _WIN32
45	44	# define stat _stat
46		# define strncasecmp _strnicmp
47	45	#endif
48	46
49	47	#ifndef S_ISDIR

970	968	* There's a special case if the URI also contains an authority, then
971	969	* the full URI shouldn't be used as a path anywhere.
972	970	*/
973		if (strncasecmp(uri, "file:", 5) == 0) {
	971	if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) {
974	972	const char *p = &uri[5];
975	973
976	974	if (strncmp(&uri[5], "//", 2) == 0) {
977	975	path_data_n--; /* Invalidate using the full URI */
978		if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
	976	if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) {
979	977	p = &uri[16];
980	978	} else if (uri[7] == '/') {
981	979	p = &uri[7];

1465	1463	/*
1466	1464	* First, check the basename
1467	1465	*/
1468		if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 \|\| name[len] != '.')
	1466	if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
	1467	\|\| name[len] != '.')
1469	1468	return 0;
1470	1469	p = &name[len + 1];
1471	1470

+2

-6

engines/e_ossltest.c less more

0	0	/*
1		* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

40	40	#include <crypto/evp.h>
41	41
42	42	#include "e_ossltest_err.c"
43
44		#ifdef _WIN32
45		# define strncasecmp _strnicmp
46		#endif
47	43
48	44	/* Engine Id and Name */
49	45	static const char *engine_ossltest_id = "ossltest";

382	378	BIO *in;
383	379	EVP_PKEY *key;
384	380
385		if (strncasecmp(key_id, "ot:", 3) != 0)
	381	if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0)
386	382	return NULL;
387	383	key_id += 3;
388	384

+13

-2

fuzz/client.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License");
4	4	* you may not use this file except in compliance with the License.

54	54
55	55	int FuzzerTestOneInput(const uint8_t *buf, size_t len)
56	56	{
57		SSL *client;
	57	SSL *client = NULL;
58	58	BIO *in;
59	59	BIO *out;
60	60	SSL_CTX *ctx;

64	64
65	65	/* This only fuzzes the initial flow from the client so far. */
66	66	ctx = SSL_CTX_new(SSLv23_method());
	67	if (ctx == NULL)
	68	goto end;
67	69
68	70	client = SSL_new(ctx);
	71	if (client == NULL)
	72	goto end;
69	73	OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
70	74	OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
71	75	SSL_set_tlsext_host_name(client, "localhost");
72	76	in = BIO_new(BIO_s_mem());
	77	if (in == NULL)
	78	goto end;
73	79	out = BIO_new(BIO_s_mem());
	80	if (out == NULL) {
	81	BIO_free(in);
	82	goto end;
	83	}
74	84	SSL_set_bio(client, in, out);
75	85	SSL_set_connect_state(client);
76	86	OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);

83	93	}
84	94	}
85	95	}
	96	end:
86	97	SSL_free(client);
87	98	ERR_clear_error();
88	99	SSL_CTX_free(ctx);

+3

-1

include/crypto/ctype.h less more

0	0	/*
1		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

79	79	# define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64))
80	80	# define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print))
81	81
	82	int ossl_init_casecmp(void);
	83	void ossl_deinit_casecmp(void);
82	84	#endif

+1

-1

include/crypto/ecerr.h less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

+3

-1

include/internal/core.h less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

62	62	int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx);
63	63	int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx);
64	64
	65	void *ossl_c_locale(void);
	66
65	67	#endif

+2

-0

include/openssl/crypto.h.in less more

132	132	const char *str, const char sep);
133	133	unsigned char OPENSSL_hexstr2buf(const char str, long *buflen);
134	134	int OPENSSL_hexchar2int(unsigned char c);
	135	int OPENSSL_strcasecmp(const char s1, const char s2);
	136	int OPENSSL_strncasecmp(const char s1, const char s2, size_t n);
135	137
136	138	# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
137	139

+2

-1

include/openssl/ecerr.h less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

34	34	# define EC_R_DECODE_ERROR 142
35	35	# define EC_R_DISCRIMINANT_IS_ZERO 118
36	36	# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
	37	# define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127
37	38	# define EC_R_FAILED_MAKING_PUBLIC_KEY 166
38	39	# define EC_R_FIELD_TOO_LARGE 143
39	40	# define EC_R_GF2M_NOT_SUPPORTED 147

+11

-0

include/openssl/ssl.h.in less more

1308	1308	# define SSL_CTRL_GET_TMP_KEY 133
1309	1309	# define SSL_CTRL_GET_NEGOTIATED_GROUP 134
1310	1310	# define SSL_CTRL_SET_RETRY_VERIFY 136
	1311	# define SSL_CTRL_GET_VERIFY_CERT_STORE 137
	1312	# define SSL_CTRL_GET_CHAIN_CERT_STORE 138
1311	1313	# define SSL_CERT_SET_FIRST 1
1312	1314	# define SSL_CERT_SET_NEXT 2
1313	1315	# define SSL_CERT_SET_SERVER 3

1369	1371	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
1370	1372	# define SSL_CTX_set1_verify_cert_store(ctx,st) \
1371	1373	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
	1374	# define SSL_CTX_get0_verify_cert_store(ctx,st) \
	1375	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
1372	1376	# define SSL_CTX_set0_chain_cert_store(ctx,st) \
1373	1377	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
1374	1378	# define SSL_CTX_set1_chain_cert_store(ctx,st) \
1375	1379	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
	1380	# define SSL_CTX_get0_chain_cert_store(ctx,st) \
	1381	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
1376	1382	# define SSL_set0_chain(s,sk) \
1377	1383	SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk))
1378	1384	# define SSL_set1_chain(s,sk) \

1395	1401	SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
1396	1402	# define SSL_set1_verify_cert_store(s,st) \
1397	1403	SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
	1404	#define SSL_get0_verify_cert_store(s,st) \
	1405	SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
1398	1406	# define SSL_set0_chain_cert_store(s,st) \
1399	1407	SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
1400	1408	# define SSL_set1_chain_cert_store(s,st) \
1401	1409	SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
	1410	#define SSL_get0_chain_cert_store(s,st) \
	1411	SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
	1412
1402	1413	# define SSL_get1_groups(s, glist) \
1403	1414	SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
1404	1415	# define SSL_CTX_set1_groups(ctx, glist, glistlen) \

+4

-4

include/openssl/x509.h.in less more

0	0	/*
1	1	* {- join("\n * ", @autowarntext) -}
2	2	*
3		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	3	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
4	4	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5	5	*
6	6	* Licensed under the Apache License 2.0 (the "License"). You may not use

357	357	X509 X509_load_http(const char url, BIO bio, BIO rbio, int timeout);
358	358	X509_CRL X509_CRL_load_http(const char url, BIO bio, BIO rbio, int timeout);
359	359	# ifndef OPENSSL_NO_DEPRECATED_3_0
360		# include <openssl/ocsp.h> /* OCSP_REQ_CTX_nbio_d2i */
	360	# include <openssl/http.h> /* OSSL_HTTP_REQ_CTX_nbio_d2i */
361	361	# define X509_http_nbio(rctx, pcert) \
362		OCSP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509))
	362	OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509))
363	363	# define X509_CRL_http_nbio(rctx, pcrl) \
364		OCSP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL))
	364	OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL))
365	365	# endif
366	366
367	367	# ifndef OPENSSL_NO_STDIO

+2

-2

providers/common/capabilities.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

216	216	int ossl_prov_get_capabilities(void provctx, const char capability,
217	217	OSSL_CALLBACK cb, void arg)
218	218	{
219		if (strcasecmp(capability, "TLS-GROUP") == 0)
	219	if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0)
220	220	return tls_group_capability(cb, arg);
221	221
222	222	/* We don't support this capability */

+38

-1

providers/fips/fipsprov.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

21	21	#include "prov/provider_util.h"
22	22	#include "prov/seeding.h"
23	23	#include "self_test.h"
	24	#include "internal/core.h"
24	25
25	26	static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
26	27	static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";

33	34	static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params;
34	35	static OSSL_FUNC_provider_get_params_fn fips_get_params;
35	36	static OSSL_FUNC_provider_query_operation_fn fips_query;
	37
	38	/* Locale object accessor functions */
	39	#ifdef OPENSSL_SYS_MACOSX
	40	# include <xlocale.h>
	41	#else
	42	# include <locale.h>
	43	#endif
	44
	45	#if defined OPENSSL_SYS_WINDOWS
	46	# define locale_t _locale_t
	47	# define freelocale _free_locale
	48	#endif
	49	static locale_t loc;
	50
	51	static int fips_init_casecmp(void);
	52	static void fips_deinit_casecmp(void);
36	53
37	54	#define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
38	55	#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)

485	502	return NULL;
486	503	}
487	504
	505	void *ossl_c_locale() {
	506	return (void *)loc;
	507	}
	508
	509	static int fips_init_casecmp(void) {
	510	# ifdef OPENSSL_SYS_WINDOWS
	511	loc = _create_locale(LC_COLLATE, "C");
	512	# else
	513	loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0);
	514	# endif
	515	return (loc == (locale_t) 0) ? 0 : 1;
	516	}
	517
	518	static void fips_deinit_casecmp(void) {
	519	freelocale(loc);
	520	}
	521
488	522	static void fips_teardown(void *provctx)
489	523	{
490	524	OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));

497	531	* We know that the library context is the same as for the outer provider,
498	532	* so no need to destroy it here.
499	533	*/
	534	fips_deinit_casecmp();
500	535	ossl_prov_ctx_free(provctx);
501	536	}
502	537

546	581
547	582	memset(&selftest_params, 0, sizeof(selftest_params));
548	583
	584	if (!fips_init_casecmp())
	585	return 0;
549	586	if (!ossl_prov_seeding_from_dispatch(in))
550	587	return 0;
551	588	for (; in->function_id != 0; in++) {

+8

-7

providers/fips/self_test.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

102	102	}
103	103	return TRUE;
104	104	}
	105
	106	#elif defined(__GNUC__)
	107	# undef DEP_INIT_ATTRIBUTE
	108	# undef DEP_FINI_ATTRIBUTE
	109	# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
	110	# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
	111
105	112	#elif defined(__sun)
106	113	# pragma init(init)
107	114	# pragma fini(cleanup)

123	130	#elif defined(__hpux)
124	131	# pragma init "init"
125	132	# pragma fini "cleanup"
126
127		#elif defined(__GNUC__)
128		# undef DEP_INIT_ATTRIBUTE
129		# undef DEP_FINI_ATTRIBUTE
130		# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
131		# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
132	133
133	134	#elif defined(__TANDEM)
134	135	/* Method automatically called by the NonStop OS when the DLL loads */

+48

-48

providers/fips-sources.checksums less more

71	71	58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81 crypto/bn/bn_conv.c
72	72	2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c
73	73	d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c
74		a837ba52750ab30a57b6dd2fd4cf901e18a891a189b089f83add2f5dc8138eb7 crypto/bn/bn_div.c
75		160ea2c916774d6a7f8130e0a05cad7c0a954b4726c15017b3df67e3285231f3 crypto/bn/bn_exp.c
	74	74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c
	75	692e200e66389991eb2e6fe9d9a62eda5fe9005cda834b8af1a435a811b6b3c9 crypto/bn/bn_exp.c
76	76	ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c
77	77	b32d83cee8c00d837a7e4fb8af3f5cf17cb8d2419302e8f5fbcf62119092e874 crypto/bn/bn_gcd.c
78	78	4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c

100	100	834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c
101	101	c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c
102	102	23d46ae37a8d9452c0c88418d2cb8350153f8c2c6060234130a2e429da2370e0 crypto/cmac/cmac.c
103		7f24e4937e0af857e233afbb6a7f25b09b1e5674185242a5cc8f579a45bbf1da crypto/context.c
	103	58068d6533fed9359b164ddc9711b2dd7b2a76f32ad94103d91dbe3462ac95d8 crypto/context.c
104	104	83b8912fb01bacfe0b5269c7afa69db7e1718530cce1ed27870abef1407951d6 crypto/core_algorithm.c
105	105	60321d1af7bf9697d969438f6b319fbcb4fdc1a47a0b056d02b971973a8550ca crypto/core_fetch.c
106		7d090f71175f28fdc400455fdbc68340a545556d16cb1f6251ac92ebb63a38c1 crypto/core_namemap.c
	106	02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c
107	107	469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c
108	108	71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c
109		a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db crypto/ctype.c
	109	7e8c8c0b43af045fb31c38a0eb643d5db1316fb832b3b0494809f7c288630ec8 crypto/ctype.c
110	110	8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335 crypto/der_writer.c
111	111	fea3ba4225df97aee90690adf387625b746d8edfdc5af2357ee65151a3d236ac crypto/des/des_enc.c
112	112	4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd crypto/des/des_local.h

118	118	816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c
119	119	832e5a1caf9cb0dacfd937fc59252aaac7c5c1bf0ae1a9ebf3c3af6e59dcf4c0 crypto/dh/dh_check.c
120	120	7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c
121		70f4cf3485a38cd7d22aa3e965bfe950905f8efec1622e832592a6728498fd78 crypto/dh/dh_group_params.c
122		7809cbfd5570db17dcb4bd8f0cf9c5f94337096d39da453d0624c08f071e809f crypto/dh/dh_kdf.c
	121	129ee295875e68ad444070b0676f1021eb254cbd87ab22d6baaf7e4e6e59a40b crypto/dh/dh_group_params.c
	122	a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c
123	123	0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c
124	124	b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c
125	125	8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h

146	146	063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h
147	147	43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h
148	148	1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962 crypto/ec/curve448/arch_64/f_impl64.c
149		b35976955a49414313e3823144a898bc58873b755f4e3a772d520cdd63099581 crypto/ec/curve448/curve448.c
	149	9b408ec0d43f3b6d714ef5963147e2c2abaddc88633db7dd759193d3c56ed727 crypto/ec/curve448/curve448.c
150	150	3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780 crypto/ec/curve448/curve448_local.h
151	151	178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c
152	152	f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curve448/curve448utils.h

160	160	ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c
161	161	6bbbf570ce31f5b579f7e03ec9f8a774663c7c1eb5e475bd31f8fee94a021ffc crypto/ec/ec2_smpl.c
162	162	2a71bd8dbe4f427c117d990581709a4ddce07fa8e530794b5a9574fef7c48a0c crypto/ec/ec_asn1.c
163		c07fa05c6885e59913e2ce345ff52ef9dfb0418842de3affa6163ad3e71f9c1b crypto/ec/ec_backend.c
	163	88e19ca6b892a3afefb25dab0f9cf8796e2eb8504022dcc10b29d5d3923ce73d crypto/ec/ec_backend.c
164	164	86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c
165	165	265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655 crypto/ec/ec_curve.c
166	166	8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c
167	167	28726bc957ea821639b1023e5bff0e77ced61bae31f96c165e33aadfe0bc5c9a crypto/ec/ec_key.c
168	168	7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700 crypto/ec/ec_kmeth.c
169		074a5345ea71ff3fdfb8e0be360391a7640719f1a8a4eae8580c8f02e57af880 crypto/ec/ec_lib.c
	169	f520a41732e4ca96a74d047b6e8bdca8bdfdc4517c18d27410de33969646abef crypto/ec/ec_lib.c
170	170	a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27 crypto/ec/ec_local.h
171	171	fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_mult.c
172	172	129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c

177	177	f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c
178	178	141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c
179	179	13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c
180		c016eb9412aad8cd1213a2f5b1083df1a1a9cb734dc6cc19d99e706935c81ef2 crypto/ec/ecp_nistz256.c
	180	f288c23b6f83740956886b2303c64d5a3098c98b530859c3bb4b698c01c1643b crypto/ec/ecp_nistz256.c
181	181	51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c
182	182	b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_smpl.c
183	183	2096e13aa2fbcb0d4b10faca3e3f5359cf66098b0397a6d74c6fca14f5dee659 crypto/ec/ecx_backend.c

186	186	28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c
187	187	0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
188	188	7fca5ec7c5723b799a7d84d5803071b8f495511e1baf89d430e6800a5228cdad crypto/evp/digest.c
189		5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c
190		2724dc804304135bc874bd305e14b811169a9e4a62176220a0d5e83f152c2546 crypto/evp/evp_enc.c
	189	838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c
	190	cfccc525e3806d0932254a94ca1a895fe086da84ae8ad2bf2972e96a12d649d2 crypto/evp/evp_enc.c
191	191	0cd2765bf33d998f96d6e8193b2bf27293bcc6a37b7bef7dfd6ec54952ad3c8f crypto/evp/evp_fetch.c
192		029df8bb80a2fb45c22765234b9041ffce82735108e0b11580fd3fbd805362dd crypto/evp/evp_lib.c
	192	c9c399b7848f64832deb6e1704e957423ea93827edb4917fafbb0ff911892a2b crypto/evp/evp_lib.c
193	193	9ac3d97d756ec008db16dd1952115b551f32b2d0590d9a85e1c87d1c78620257 crypto/evp/evp_local.h
194	194	e822c16fc4dc30f2c86e8598c721a9ddfe46d318ce78f4e8e883cdcf8b936221 crypto/evp/evp_rand.c
195	195	2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c

202	202	e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c
203	203	5b8b0bcd4b720b66ce6bc54090ec333891126bb7f6cce4502daf2333668c3db9 crypto/evp/mac_lib.c
204	204	e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c
205		b976077a1f880768f2f0a1c996a53dfdd363605e4977c56fb37e9c1f84f35aa6 crypto/evp/p_lib.c
	205	ee87cce7ee44b6f3121d21fd20f00d0c91c494a1a9804319981987f3d093923d crypto/evp/p_lib.c
206	206	3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c
207	207	1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c
208		76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c
	208	ef2f789091e4e3f77fea3b4643ff36d9659b18bf7a8c59929ce3305480a3baef crypto/evp/pmeth_lib.c
209	209	f3a5cbbccb1078cf1fafd74c4caa9f30827081832fbe6dfa5579b17ef809776c crypto/evp/signature.c
210	210	b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c
211	211	324feb067d0f8deb4334f3e6518f570114cb388c85b24f9232bd931a64ff0a9e crypto/ffc/ffc_backend.c
212		ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc_dh.c
	212	5fe89ce2ce34848b832a2b5a7ac42c161d7ec214a641b7fb11fb1153f2186f74 crypto/ffc/ffc_dh.c
213	213	82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c
214	214	084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c
215		67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c
	215	ecc0d737ccece492f86262dd45f8f03eef2beacafce8022f91939a372f68ac90 crypto/ffc/ffc_params.c
216	216	5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c
217	217	73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c
218	218	0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c
219	219	0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h
220	220	f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c
221		f0782ee92b6ebf5a0e66b970ecfbd9c9c6fc4a35ccd055967fbb402577c234ab crypto/lhash/lhash.c
222		73d63f91fbaba47649231636c5afdf76d049a46436fde9fbb2e107cf16bb879e crypto/lhash/lhash_local.h
	221	5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c
	222	5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h
223	223	f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c
224	224	183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d crypto/modes/asm/aes-gcm-armv8_64.pl
225	225	1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl

247	247	cc4483ec9ba7a30908e3a433a6817e2f211d4c1f69c206e6bae24bbd39a68281 crypto/param_build.c
248	248	c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c
249	249	02dfeb286c85567bb1b6323a53c089ba66447db97695cc78eceb6677fbc76bf9 crypto/params.c
250		4f2a8c9acf5898fdc1e4bf98813049947221cd9a1db04faaa490250591f54cb4 crypto/params_dup.c
	250	4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
251	251	a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c
252	252	2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3 crypto/property/defn_cache.c
253	253	9153343b26e5c2c4f6009d37a12d6af85681ed0c7d3f58de2ace44dfd789a59b crypto/property/property.c
254	254	a2c69527b60692a8b07cfdfe7e75f654daa092411d5de5e02b446a4ef3752855 crypto/property/property_local.h
255		c3217b73871d93d81ab9f15e9f1fc37ea609bbe4bbc0c1b84ec62a99c91f6756 crypto/property/property_parse.c
	255	b87bfb053457cbe1cedad3a53cce044375d2f429c75d0c97c2a61def59080644 crypto/property/property_parse.c
256	256	a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
257	257	065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
258	258	01d2e5be52d94efdff4329281b3609c7fa57162ab6143492c380c96952df1396 crypto/provider_core.c

261	261	4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c
262	262	fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h
263	263	f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c
264		054f8e32eabb218d219a5fa8cb40f6e76bc5a395d03e4f83c5f2b703a5a476b9 crypto/rsa/rsa_backend.c
	264	b89d28722134386072670ddc4d5cbff736d1649c114f38d964892f21420c13bf crypto/rsa/rsa_backend.c
265	265	38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c
266	266	e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c
267	267	21794dcb6bfebcf9a14d4f8aa7fab8f745b595433b388b55f46ba6e615d90f98 crypto/rsa/rsa_gen.c

327	327	3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c
328	328	8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c
329	329	6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h
330		86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c
	330	4f6b66f811144648d6cb6bc26e08779529acbbd563519590c726d0e51699fe96 crypto/sparse_array.c
331	331	b39e5ba863af36e455cc5864fe8c5d0fc05a6aaef0d528a115951d1248e8fa8b crypto/stack/stack.c
332	332	7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c
333	333	a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c
334		ebb210a22c280839853920bee245eb769c713ab99cb35a468ed2b1df0d112a7f crypto/threads_pthread.c
	334	2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe crypto/threads_pthread.c
335	335	68e1cdeb948d3a106b5a27b76bcddbae6bb053b2bdc4a21a1fec9797a00cd904 crypto/threads_win.c
336	336	fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl
337		d13560a5f8a66d7b956d54cd6bf24eade529d686992d243bfb312376a57b475e e_os.h
	337	84c4331bbe99471706fadf97299c660dca46f663c2526f33c3424656215aa0c5 e_os.h
338	338	6f353dc7c8c4d8f24f7ffbf920668ccb224ebb5810805a7c80d96770cd858005 include/crypto/aes_platform.h
339	339	8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h
340	340	8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h
341	341	1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in
342	342	7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h
343	343	e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h
344		5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103 include/crypto/ctype.h
	344	cf1d91147fb3f6cd02387c7fe219ff2efd8c060e9a8501d1c2245fbdb21bf7a6 include/crypto/ctype.h
345	345	89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h
346	346	daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h
347	347	20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h

360	360	5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h
361	361	782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h
362	362	92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h
363		71ddae419297069056065ab71f32fe88b09ddbe4db2200a759fedd8ad4349628 include/internal/core.h
	363	1f92626d81730616fb459849c1c7fb0ec105f2ffb0e51edaa0a64307bc1e1027 include/internal/core.h
364	364	d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h
365	365	9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h
366	366	8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da include/internal/der.h

401	401	df5e60af861665675e4a00d40d15e36884f940e3379c7b45c9f717eaf1942697 include/openssl/core.h
402	402	00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h
403	403	cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h
404		8880892256a4d2dd7a9be91f23518f71e5037dbd377cd41bdb4c1f3cb3c7ee2d include/openssl/crypto.h.in
	404	194f96a30bdc4dab3f65693c09326ef53c54ebfd613c2513d8258a0aa35a6996 include/openssl/crypto.h.in
405	405	1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h
406	406	bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h
407	407	fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h

412	412	41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h
413	413	bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h
414	414	33b6321d1c6b7b1621198346946401bb81472054aa236b03c6f22f247248d2ad include/openssl/ec.h
415		cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h
	415	dad1943d309aaadb800be4a3056096abec611d81982b83c601b482405e11d5c0 include/openssl/ecerr.h
416	416	61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h
417	417	69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
418	418	0bb50eda4fe2600c20779d5e3c49668cf2dd8f295104549a33e57bc95a9219eb include/openssl/err.h.in

447	447	410c6eb3ffadcbee13d511d6b8ee576db75b35b324cb394b5e05dbd4a17fb92e include/openssl/trace.h
448	448	873d2ec2054ec24c52df4abe830cb2b9666fe4e75cc62b4de0f50ef9d20c5812 include/openssl/types.h
449	449	c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c
450		e7c39ef7b76668dae1470ce0edd7254da2937569762cebbf20e08fb97cb3324c providers/common/capabilities.c
	450	4546387d6642603c81ec4cd8d5fc4af8ba60ac7359eb6f31e7d24827031e68ad providers/common/capabilities.c
451	451	f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8 providers/common/der/der_digests_gen.c.in
452	452	424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e providers/common/der/der_dsa_gen.c.in
453	453	27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae providers/common/der/der_dsa_key.c

481	481	ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c
482	482	527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c
483	483	abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c
484		a4dc9bf2d77e34175737b7b8d28fbe90815ac0e2904e3ac2d9e2a271f345ef20 providers/fips/fipsprov.c
485		fdbaf748044ce54f13e673b92db876e32436e4d5644f443cc43d063112a89676 providers/fips/self_test.c
	484	c458e4830c0cd31e4aabef0e33c2011079f201c6bbaee59b59cefab70eb9c7b4 providers/fips/fipsprov.c
	485	24a2e1a855de57b9d970727fcc11ebe7e06c0d4884d3cedbacf59fa471f91e72 providers/fips/self_test.c
486	486	f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h
487	487	5b3379a3d382c4dad37841dbd58b77ed5ff712b0a37c485771b828fa9b39c351 providers/fips/self_test_data.inc
488	488	2f4f23ebc2c7ed5ef71c98ca71f06b639112a1dea04784c46af58083482c150f providers/fips/self_test_kats.c

512	512	c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h
513	513	281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c
514	514	f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c
515		f2e7404005e0602c4cc90b49b7af7453aa5b8644720ca1028d93e78bc28a7c09 providers/implementations/ciphers/cipher_cts.c
	515	46ba8271917b53fd8fdf77aee19cc326a219c950b94e043d6d118dcac25ad7ad providers/implementations/ciphers/cipher_cts.c
516	516	74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h
517	517	fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c
518	518	77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h

543	543	c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h
544	544	29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h
545	545	2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h
546		432e2d5e467a50bd031a6b94b27072f5d66f4fadb6d62c9bfd9453d444c2aedf providers/implementations/kdfs/hkdf.c
547		06c93b62806819ee51f69c899413fda5be2435d43a70ef467b77a7296cd9528a providers/implementations/kdfs/kbkdf.c
	546	86026710ea733f0dd44e400c43e7dab745526f2255816f48a6b00dd8b8009879 providers/implementations/kdfs/hkdf.c
	547	a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c
548	548	e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c
549	549	c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h
550	550	abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c
551		66d30c754c1e16d97a8e989f7f2e89eab59ec40ca3731dea664ba56ec38c4002 providers/implementations/kdfs/sshkdf.c
	551	9cc42a4b0a8089e6d1be64637dbb9e41bd21ae5e3386022a27a8f29308ad25c9 providers/implementations/kdfs/sshkdf.c
552	552	7c692170729ab1d648564abdbf9bcbba5071f9a81a25fab9eae66899316bcd4a providers/implementations/kdfs/sskdf.c
553		3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a providers/implementations/kdfs/tls1_prf.c
	553	7d258a469fac4d5ae99c785bae5f490044c593ed13a02a861b1d33339ee167e0 providers/implementations/kdfs/tls1_prf.c
554	554	27bb6ee5e2d00c545635c0c29402b10e74a1831adbc9800c159cbe04f2bfa2f7 providers/implementations/kdfs/x942kdf.c
555		f419a9f6b17cfba1543a3690326188ac8335db66807c58de211a3d69e18f7d4d providers/implementations/kem/rsa_kem.c
	555	6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c
556	556	7628cfd7c88f37faa557c671a78ff56266691d64075104a514a28cb6fb9a6816 providers/implementations/keymgmt/dh_kmgmt.c
557		68d5cad49334ad0ee6948329b3784bb43eede84c3bc59ff22cbbe7aed9292672 providers/implementations/keymgmt/dsa_kmgmt.c
558		3e2798d299d6571c973fc75468e2ac025b7c893ae2f15f14e057430325622a69 providers/implementations/keymgmt/ec_kmgmt.c
	557	9dc19fb4e9775e93b233fa93212e60f0959faa61248f853db75f3281e2535e95 providers/implementations/keymgmt/dsa_kmgmt.c
	558	c68b2331f2863d0d92725367c16a6a68b1243c672c14dde13768ed4afd9c7418 providers/implementations/keymgmt/ec_kmgmt.c
559	559	258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc
560		8871260c1b05832efa8363e5546210004da1683fee74da6c749ebba802b40f2b providers/implementations/keymgmt/ecx_kmgmt.c
	560	d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1 providers/implementations/keymgmt/ecx_kmgmt.c
561	561	053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c
562		260c560930c5aca61225a40ed49dfbb905f2b1fa50728d1388e946358f9d5e18 providers/implementations/keymgmt/mac_legacy_kmgmt.c
	562	e30357311e4a3e1c78266af6315fd1fc99584bfb09f4a7cd0ddc7261cf1e17e1 providers/implementations/keymgmt/mac_legacy_kmgmt.c
563	563	d469be20a6d1a3744c1a2d5c26cb3b8ff6339a2242d4ef6e5ed9531551f717c1 providers/implementations/keymgmt/rsa_kmgmt.c
564		79da66d4b696388d7eab6b2126bccc88908915813d79c4305b8b4d545a500469 providers/implementations/macs/cmac_prov.c
565		41464d1e640434bb3ff9998f093829d5e2c1963d68033dca7d31e5ab75365fb1 providers/implementations/macs/gmac_prov.c
566		282c1065f18c87073529ed1bdc2c0b3a1967701728084de6632ddc72c671d209 providers/implementations/macs/hmac_prov.c
	564	aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c
	565	93fa712c692bd5c93d3802b2554d5df33ea9d0b8987f9c92aa88358089a4bdfa providers/implementations/macs/gmac_prov.c
	566	400a054d449cdee1f308644f1314bdc044fd0fdf793ae58ffa4e4aac6c0498d3 providers/implementations/macs/hmac_prov.c
567	567	aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c
568	568	bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c
569	569	c7236e6e2e8adce14f8206da0ceef63c7974d4ba1a7dd71b94fa100cac6b46ba providers/implementations/rands/drbg.c
570		b1e7a0b2610aaab5800af7ede0df13a184f4a321a4084652cdb509357c55783b providers/implementations/rands/drbg_ctr.c
	570	bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c
571	571	a05adc3f6d9d6f948e5ead75f0522ed3164cb5b2d301169242f3cb97c4a7fac3 providers/implementations/rands/drbg_hash.c
572	572	0876dfae991028c569631938946e458e6829cacf4cfb673d2b144ae50a3160bb providers/implementations/rands/drbg_hmac.c
573	573	fc43558964bdf12442d3f6ab6cc3e6849f7adb42f4d0123a1279819befcf71cb providers/implementations/rands/drbg_local.h

576	576	a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c
577	577	b057870cf8be1fd28834670fb092f0e6f202424c7ae19282fe9df4e52c9ce036 providers/implementations/signature/eddsa_sig.c
578	578	3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c
579		cee0e3304cc365ef76b422363ef12affc4d03670fd2ab2c8f3babc38f9d5db37 providers/implementations/signature/rsa_sig.c
	579	2334c8bba705032b8c1db5dd28e024a45a73b72cae82a2d815fe855445a49d10 providers/implementations/signature/rsa_sig.c
580	580	c8df17850314b145ca83d4037207d6bf0994f9c34e6e55116860cf575df58e81 ssl/record/tls_pad.c
581	581	3f2e01a98d9e3fda6cc5cb4b44dd43f6cae4ec34994e8f734d11b1e643e58636 ssl/s3_cbc.c

+1

-1

providers/fips.checksum less more

0		0223646a9f0ba5ca3bd4dc320fe5a647c8b4d48cc1e273b09acceeabc035c19e providers/fips-sources.checksums
	0	d0e2cb7b2818aed1f4d89da6323f20372c8834c3f57f9dfd1c5e9f908d7e420a providers/fips-sources.checksums

+2

-3

providers/implementations/ciphers/cipher_cts.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

45	45	* Otherwise it is the same as CS2.
46	46	*/
47	47
48		#include "e_os.h" /* strcasecmp */
49	48	#include <openssl/core_names.h>
50	49	#include "prov/ciphercommon.h"
51	50	#include "internal/nelem.h"

91	90	size_t i;
92	91
93	92	for (i = 0; i < OSSL_NELEM(cts_modes); ++i) {
94		if (strcasecmp(name, cts_modes[i].name) == 0)
	93	if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0)
95	94	return (int)cts_modes[i].id;
96	95	}
97	96	return -1;

+2

-2

providers/implementations/ciphers/cipher_rc4_hmac_md5.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

182	182	}
183	183	ctx->tls_aad_pad_sz = sz;
184	184	}
185		p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
	185	p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY);
186	186	if (p != NULL) {
187	187	if (p->data_type != OSSL_PARAM_OCTET_STRING) {
188	188	ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);

+4

-4

providers/implementations/kdfs/hkdf.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

198	198
199	199	if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) {
200	200	if (p->data_type == OSSL_PARAM_UTF8_STRING) {
201		if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) {
	201	if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) {
202	202	ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND;
203		} else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) {
	203	} else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) {
204	204	ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
205		} else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) {
	205	} else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) {
206	206	ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY;
207	207	} else {
208	208	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);

+4

-3

providers/implementations/kdfs/kbkdf.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2019 Red Hat, Inc.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

297	297	}
298	298
299	299	p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
300		if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) {
	300	if (p != NULL
	301	&& OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
301	302	ctx->mode = COUNTER;
302	303	} else if (p != NULL
303		&& strncasecmp("feedback", p->data, p->data_size) == 0) {
	304	&& OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) {
304	305	ctx->mode = FEEDBACK;
305	306	} else if (p != NULL) {
306	307	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);

+3

-2

providers/implementations/kdfs/sshkdf.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

58	58
59	59	if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
60	60	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
61		ctx->provctx = provctx;
	61	else
	62	ctx->provctx = provctx;
62	63	return ctx;
63	64	}
64	65

+2

-2

providers/implementations/kdfs/tls1_prf.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

171	171	return 1;
172	172
173	173	if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) {
174		if (strcasecmp(p->data, SN_md5_sha1) == 0) {
	174	if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) {
175	175	if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
176	176	OSSL_MAC_NAME_HMAC,
177	177	NULL, SN_md5, libctx)

+4

-4

providers/implementations/kem/rsa_kem.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

11	11	* internal use.
12	12	*/
13	13	#include "internal/deprecated.h"
14
15		#include "e_os.h" /* strcasecmp */
	14	#include "internal/nelem.h"
	15
16	16	#include <openssl/crypto.h>
17	17	#include <openssl/evp.h>
18	18	#include <openssl/core_dispatch.h>

68	68	return -1;
69	69
70	70	for (i = 0; i < sz; ++i) {
71		if (strcasecmp(map[i].ptr, name) == 0)
	71	if (OPENSSL_strcasecmp(map[i].ptr, name) == 0)
72	72	return map[i].id;
73	73	}
74	74	return -1;

+1

-2

providers/implementations/keymgmt/dsa_kmgmt.c less more

12	12	*/
13	13	#include "internal/deprecated.h"
14	14
15		#include "e_os.h" /* strcasecmp */
16	15	#include <openssl/core_dispatch.h>
17	16	#include <openssl/core_names.h>
18	17	#include <openssl/bn.h>

89	88	size_t i;
90	89
91	90	for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) {
92		if (strcasecmp(dsatype2id[i].name, name) == 0)
	91	if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0)
93	92	return dsatype2id[i].id;
94	93	}
95	94	return -1;

+1

-5

providers/implementations/keymgmt/ec_kmgmt.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

12	12	*/
13	13	#include "internal/deprecated.h"
14	14
15		#include "e_os.h" /* strcasecmp */
16	15	#include <string.h>
17	16	#include <openssl/core_dispatch.h>
18	17	#include <openssl/core_names.h>

469	468	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
470	469	&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
471	470	return 0;
472		if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
473		&& (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
474		return 0;
475	471
476	472	tmpl = OSSL_PARAM_BLD_new();
477	473	if (tmpl == NULL)

+1

-3

providers/implementations/keymgmt/ecx_kmgmt.c less more

8	8
9	9	#include <assert.h>
10	10	#include <string.h>
11		/* For strcasecmp on Windows */
12		#include "e_os.h"
13	11	#include <openssl/core_dispatch.h>
14	12	#include <openssl/core_names.h>
15	13	#include <openssl/params.h>

545	543	}
546	544	if (p->data_type != OSSL_PARAM_UTF8_STRING
547	545	\|\| groupname == NULL
548		\|\| strcasecmp(p->data, groupname) != 0) {
	546	\|\| OPENSSL_strcasecmp(p->data, groupname) != 0) {
549	547	ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
550	548	return 0;
551	549	}

+1

-2

providers/implementations/keymgmt/mac_legacy_kmgmt.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

25	25	#include "prov/providercommon.h"
26	26	#include "prov/provider_ctx.h"
27	27	#include "prov/macsignature.h"
28		#include "e_os.h" /* strcasecmp */
29	28
30	29	static OSSL_FUNC_keymgmt_new_fn mac_new;
31	30	static OSSL_FUNC_keymgmt_free_fn mac_free;

+3

-2

providers/implementations/macs/cmac_prov.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

121	121	return 0;
122	122	if (key != NULL)
123	123	return cmac_setkey(macctx, key, keylen);
124		return 1;
	124	/* Reinitialize the CMAC context */
	125	return CMAC_Init(macctx->ctx, NULL, 0, NULL, NULL);
125	126	}
126	127
127	128	static int cmac_update(void vmacctx, const unsigned char data,

+18

-15

providers/implementations/macs/gmac_prov.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

119	119	return 0;
120	120	if (key != NULL)
121	121	return gmac_setkey(macctx, key, keylen);
122		return 1;
	122	return EVP_EncryptInit_ex(macctx->ctx, NULL, NULL, NULL, NULL);
123	123	}
124	124
125	125	static int gmac_update(void vmacctx, const unsigned char data,

208	208
209	209	if (params == NULL)
210	210	return 1;
211		if (ctx == NULL
212		\|\| !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
213		return 0;
214
215		if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
216		!= EVP_CIPH_GCM_MODE) {
217		ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
218		return 0;
219		}
220		if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
221		ossl_prov_cipher_engine(&macctx->cipher), NULL,
222		NULL))
223		return 0;
	211	if (ctx == NULL)
	212	return 0;
	213
	214	if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) {
	215	if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
	216	return 0;
	217	if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
	218	!= EVP_CIPH_GCM_MODE) {
	219	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
	220	return 0;
	221	}
	222	if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher),
	223	ossl_prov_cipher_engine(&macctx->cipher), NULL,
	224	NULL))
	225	return 0;
	226	}
224	227
225	228	if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL)
226	229	if (p->data_type != OSSL_PARAM_OCTET_STRING

+11

-21

providers/implementations/macs/hmac_prov.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

151	151	{
152	152	const EVP_MD *digest;
153	153
154		if (macctx->keylen > 0)
	154	if (macctx->key != NULL)
155	155	OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
156	156	/* Keep a copy of the key in case we need it for TLS HMAC */
157	157	macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1);

176	176	if (!ossl_prov_is_running() \|\| !hmac_set_ctx_params(macctx, params))
177	177	return 0;
178	178
179		if (key != NULL && !hmac_setkey(macctx, key, keylen))
180		return 0;
181		return 1;
	179	if (key != NULL)
	180	return hmac_setkey(macctx, key, keylen);
	181
	182	/* Just reinit the HMAC context */
	183	return HMAC_Init_ex(macctx->ctx, NULL, 0, NULL, NULL);
182	184	}
183	185
184	186	static int hmac_update(void vmacctx, const unsigned char data,

324	326	if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
325	327	if (p->data_type != OSSL_PARAM_OCTET_STRING)
326	328	return 0;
327
328		if (macctx->keylen > 0)
329		OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
330		/* Keep a copy of the key if we need it for TLS HMAC */
331		macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
332		if (macctx->key == NULL)
333		return 0;
334		memcpy(macctx->key, p->data, p->data_size);
335		macctx->keylen = p->data_size;
336
337		if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size,
338		ossl_prov_digest_md(&macctx->digest),
339		NULL /* ENGINE */))
340		return 0;
341
342		}
	329	if (!hmac_setkey(macctx, p->data, p->data_size))
	330	return 0;
	331	}
	332
343	333	if ((p = OSSL_PARAM_locate_const(params,
344	334	OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) {
345	335	if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size))

+9

-4

providers/implementations/macs/poly1305_prov.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

36	36
37	37	struct poly1305_data_st {
38	38	void *provctx;
	39	int updated;
39	40	POLY1305 poly1305; /* Poly1305 data */
40	41	};
41	42

63	64
64	65	if (!ossl_prov_is_running())
65	66	return NULL;
66		dst = poly1305_new(src->provctx);
	67	dst = OPENSSL_malloc(sizeof(*dst));
67	68	if (dst == NULL)
68	69	return NULL;
69	70
70		dst->poly1305 = src->poly1305;
	71	dst = src;
71	72	return dst;
72	73	}
73	74

84	85	return 0;
85	86	}
86	87	Poly1305_Init(&ctx->poly1305, key);
	88	ctx->updated = 0;
87	89	return 1;
88	90	}
89	91

97	99	return 0;
98	100	if (key != NULL)
99	101	return poly1305_setkey(ctx, key, keylen);
100		return 1;
	102	/* no reinitialization of context with the same key is allowed */
	103	return ctx->updated == 0;
101	104	}
102	105
103	106	static int poly1305_update(void vmacctx, const unsigned char data,

105	108	{
106	109	struct poly1305_data_st *ctx = vmacctx;
107	110
	111	ctx->updated = 1;
108	112	if (datalen == 0)
109	113	return 1;
110	114

120	124
121	125	if (!ossl_prov_is_running())
122	126	return 0;
	127	ctx->updated = 1;
123	128	Poly1305_Final(&ctx->poly1305, out);
124	129	*outl = poly1305_size();
125	130	return 1;

+17

-7

providers/implementations/macs/siphash_prov.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

38	38	struct siphash_data_st {
39	39	void *provctx;
40	40	SIPHASH siphash; /* Siphash data */
	41	SIPHASH sipcopy; /* Siphash data copy for reinitialization */
41	42	unsigned int crounds, drounds;
42	43	};
43	44

75	76
76	77	if (!ossl_prov_is_running())
77	78	return NULL;
78		sdst = siphash_new(ssrc->provctx);
	79	sdst = OPENSSL_malloc(sizeof(*sdst));
79	80	if (sdst == NULL)
80	81	return NULL;
81	82
82		sdst->siphash = ssrc->siphash;
	83	sdst = ssrc;
83	84	return sdst;
84	85	}
85	86

93	94	static int siphash_setkey(struct siphash_data_st *ctx,
94	95	const unsigned char *key, size_t keylen)
95	96	{
	97	int ret;
	98
96	99	if (keylen != SIPHASH_KEY_SIZE)
97	100	return 0;
98		return SipHash_Init(&ctx->siphash, key, crounds(ctx), drounds(ctx));
	101	ret = SipHash_Init(&ctx->siphash, key, crounds(ctx), drounds(ctx));
	102	if (ret)
	103	ctx->sipcopy = ctx->siphash;
	104	return ret;
99	105	}
100	106
101	107	static int siphash_init(void vmacctx, const unsigned char key, size_t keylen,

105	111
106	112	if (!ossl_prov_is_running() \|\| !siphash_set_params(ctx, params))
107	113	return 0;
108		/* Without a key, there is not much to do here,
	114	/*
	115	* Without a key, there is not much to do here,
109	116	* The actual initialization happens through controls.
110	117	*/
111		if (key == NULL)
	118	if (key == NULL) {
	119	ctx->siphash = ctx->sipcopy;
112	120	return 1;
	121	}
113	122	return siphash_setkey(ctx, key, keylen);
114	123	}
115	124

193	202
194	203	if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) {
195	204	if (!OSSL_PARAM_get_size_t(p, &size)
196		\|\| !SipHash_set_hash_size(&ctx->siphash, size))
	205	\|\| !SipHash_set_hash_size(&ctx->siphash, size)
	206	\|\| !SipHash_set_hash_size(&ctx->sipcopy, size))
197	207	return 0;
198	208	}
199	209	if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_C_ROUNDS)) != NULL

+2

-3

providers/implementations/rands/drbg_ctr.c less more

0	0	/*
1		* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

13	13	#include <openssl/rand.h>
14	14	#include <openssl/aes.h>
15	15	#include <openssl/proverr.h>
16		#include "e_os.h" /* strcasecmp */
17	16	#include "crypto/modes.h"
18	17	#include "internal/thread_once.h"
19	18	#include "prov/implementations.h"

689	688	if (p->data_type != OSSL_PARAM_UTF8_STRING
690	689	\|\| p->data_size < ctr_str_len)
691	690	return 0;
692		if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
	691	if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
693	692	ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER);
694	693	return 0;
695	694	}

+2

-3

providers/implementations/signature/rsa_sig.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

12	12	*/
13	13	#include "internal/deprecated.h"
14	14
15		#include "e_os.h" /* strcasecmp */
16	15	#include <string.h>
17	16	#include <openssl/crypto.h>
18	17	#include <openssl/core_dispatch.h>

853	852
854	853	if (mdname != NULL
855	854	/* was rsa_setup_md already called in rsa_signverify_init()? */
856		&& (mdname[0] == '\0' \|\| strcasecmp(prsactx->mdname, mdname) != 0)
	855	&& (mdname[0] == '\0' \|\| OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0)
857	856	&& !rsa_setup_md(prsactx, mdname, prsactx->propq))
858	857	return 0;
859	858

+4

-3

providers/implementations/signature/sm2_sig.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

429	429	p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DIST_ID);
430	430	if (p != NULL) {
431	431	void *tmp_id = NULL;
432		size_t tmp_idlen;
	432	size_t tmp_idlen = 0;
433	433
434	434	/*
435	435	* If the 'z' digest has already been computed, the ID is set too late

437	437	if (!psm2ctx->flag_compute_z_digest)
438	438	return 0;
439	439
440		if (!OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen))
	440	if (p->data_size != 0
	441	&& !OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen))
441	442	return 0;
442	443	OPENSSL_free(psm2ctx->id);
443	444	psm2ctx->id = tmp_id;

+5

-6

providers/implementations/storemgmt/file_store.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

7	7	*/
8	8
9	9	/* This file has quite some overlap with engines/e_loader_attic.c */
10
11		#include "e_os.h" /* To get strncasecmp() on Windows */
12	10
13	11	#include <string.h>
14	12	#include <sys/stat.h>

219	217	* There's a special case if the URI also contains an authority, then
220	218	* the full URI shouldn't be used as a path anywhere.
221	219	*/
222		if (strncasecmp(uri, "file:", 5) == 0) {
	220	if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) {
223	221	const char *p = &uri[5];
224	222
225	223	if (strncmp(&uri[5], "//", 2) == 0) {
226	224	path_data_n--; /* Invalidate using the full URI */
227		if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
	225	if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) {
228	226	p = &uri[16];
229	227	} else if (uri[7] == '/') {
230	228	p = &uri[7];

591	589	/*
592	590	* First, check the basename
593	591	*/
594		if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 \|\| name[len] != '.')
	592	if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
	593	\|\| name[len] != '.')
595	594	return 0;
596	595	p = &name[len + 1];
597	596

+12

-0

ssl/s3_lib.c less more

3684	3684
3685	3685	case SSL_CTRL_SET_CHAIN_CERT_STORE:
3686	3686	return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
	3687
	3688	case SSL_CTRL_GET_VERIFY_CERT_STORE:
	3689	return ssl_cert_get_cert_store(s->cert, parg, 0);
	3690
	3691	case SSL_CTRL_GET_CHAIN_CERT_STORE:
	3692	return ssl_cert_get_cert_store(s->cert, parg, 1);
3687	3693
3688	3694	case SSL_CTRL_GET_PEER_SIGNATURE_NID:
3689	3695	if (s->s3.tmp.peer_sigalg == NULL)

3930	3936	case SSL_CTRL_SET_CHAIN_CERT_STORE:
3931	3937	return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
3932	3938
	3939	case SSL_CTRL_GET_VERIFY_CERT_STORE:
	3940	return ssl_cert_get_cert_store(ctx->cert, parg, 0);
	3941
	3942	case SSL_CTRL_GET_CHAIN_CERT_STORE:
	3943	return ssl_cert_get_cert_store(ctx->cert, parg, 1);
	3944
3933	3945	/* A Thawte special :-) */
3934	3946	case SSL_CTRL_EXTRA_CHAIN_CERT:
3935	3947	if (ctx->extra_certs == NULL) {

+6

-0

ssl/ssl_cert.c less more

967	967	*pstore = store;
968	968	if (ref && store)
969	969	X509_STORE_up_ref(store);
	970	return 1;
	971	}
	972
	973	int ssl_cert_get_cert_store(CERT c, X509_STORE *pstore, int chain)
	974	{
	975	*pstore = (chain ? c->chain_store : c->verify_store);
970	976	return 1;
971	977	}
972	978

+18

-13

ssl/ssl_conf.c less more

0	0	/*
1		* Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

147	147	if (namelen == -1) {
148	148	if (strcmp(tbl->name, name))
149	149	return 0;
150		} else if (tbl->namelen != namelen \|\| strncasecmp(tbl->name, name, namelen))
	150	} else if (tbl->namelen != namelen
	151	\|\| OPENSSL_strncasecmp(tbl->name, name, namelen))
151	152	return 0;
152	153	ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
153	154	return 1;

231	232
232	233	/* Ignore values supported by 1.0.2 for the automatic selection */
233	234	if ((cctx->flags & SSL_CONF_FLAG_FILE)
234		&& (strcasecmp(value, "+automatic") == 0
235		\|\| strcasecmp(value, "automatic") == 0))
	235	&& (OPENSSL_strcasecmp(value, "+automatic") == 0
	236	\|\| OPENSSL_strcasecmp(value, "automatic") == 0))
236	237	return 1;
237	238	if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
238	239	strcmp(value, "auto") == 0)

596	597	= OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH",
597	598	OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
598	599	sslctx->libctx, sslctx->propq);
599		if (decoderctx == NULL
600		\|\| !OSSL_DECODER_from_bio(decoderctx, in)) {
601		OSSL_DECODER_CTX_free(decoderctx);
	600	if (decoderctx == NULL)
	601	goto end;
	602	ERR_set_mark();
	603	while (!OSSL_DECODER_from_bio(decoderctx, in)
	604	&& dhpkey == NULL
	605	&& !BIO_eof(in));
	606	OSSL_DECODER_CTX_free(decoderctx);
	607
	608	if (dhpkey == NULL) {
	609	ERR_clear_last_mark();
602	610	goto end;
603	611	}
604		OSSL_DECODER_CTX_free(decoderctx);
605
606		if (dhpkey == NULL)
607		goto end;
	612	ERR_pop_to_mark();
608	613	} else {
609	614	return 1;
610	615	}

807	812	strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
808	813	return 0;
809	814	if (cctx->flags & SSL_CONF_FLAG_FILE &&
810		strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
	815	OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
811	816	return 0;
812	817	*pcmd += cctx->prefixlen;
813	818	} else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {

849	854	return t;
850	855	}
851	856	if (cctx->flags & SSL_CONF_FLAG_FILE) {
852		if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
	857	if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0)
853	858	return t;
854	859	}
855	860	}

+2

-0

ssl/ssl_lib.c less more

2231	2231	if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
2232	2232	struct ssl_async_args args;
2233	2233
	2234	memset(&args, 0, sizeof(args));
2234	2235	args.s = s;
2235	2236	args.type = OTHERFUNC;
2236	2237	args.f.func_other = s->method->ssl_shutdown;

3913	3914	if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
3914	3915	struct ssl_async_args args;
3915	3916
	3917	memset(&args, 0, sizeof(args));
3916	3918	args.s = s;
3917	3919
3918	3920	ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);

+1

-0

ssl/ssl_local.h less more

2429	2429	__owur int ssl_build_cert_chain(SSL s, SSL_CTX ctx, int flags);
2430	2430	__owur int ssl_cert_set_cert_store(CERT c, X509_STORE store, int chain,
2431	2431	int ref);
	2432	__owur int ssl_cert_get_cert_store(CERT c, X509_STORE *pstore, int chain);
2432	2433
2433	2434	__owur int ssl_security(const SSL s, int op, int bits, int nid, void other);
2434	2435	__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,

+3

-3

ssl/ssl_txt.c less more

0	0	/*
1		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2005 Nokia. All rights reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

128	128	}
129	129	#endif
130	130	if (x->time != 0L) {
131		if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0)
	131	if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
132	132	goto err;
133	133	}
134	134	if (x->timeout != 0L) {
135		if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
	135	if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0)
136	136	goto err;
137	137	}
138	138	if (BIO_puts(bp, "\n") <= 0)

+4

-0

ssl/statem/statem_clnt.c less more

1394	1394	&& sversion == TLS1_2_VERSION
1395	1395	&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
1396	1396	&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
	1397	if (s->hello_retry_request != SSL_HRR_NONE) {
	1398	SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
	1399	goto err;
	1400	}
1397	1401	s->hello_retry_request = SSL_HRR_PENDING;
1398	1402	hrr = 1;
1399	1403	if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {

+4

-4

ssl/statem/statem_dtls.c less more

0	0	/*
1		* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

217	217	else
218	218	len = s->init_num;
219	219
220		if (len > s->max_send_fragment)
221		len = s->max_send_fragment;
	220	if (len > ssl_get_max_send_fragment(s))
	221	len = ssl_get_max_send_fragment(s);
222	222
223	223	/*
224	224	* XDTLS: this function is too long. split out the CCS part

240	240
241	241	ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
242	242	&written);
243		if (ret < 0) {
	243	if (ret <= 0) {
244	244	/*
245	245	* might need to update MTU here, but we don't know which
246	246	* previous packet caused the failure -- so can't really

+15

-6

ssl/statem/statem_srvr.c less more

3620	3620	static int create_ticket_prequel(SSL s, WPACKET pkt, uint32_t age_add,
3621	3621	unsigned char *tick_nonce)
3622	3622	{
	3623	uint32_t timeout = (uint32_t)s->session->timeout;
	3624
3623	3625	/*
3624		* Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
3625		* unspecified for resumed session (for simplicity).
	3626	* Ticket lifetime hint:
3626	3627	* In TLSv1.3 we reset the "time" field above, and always specify the
3627		* timeout.
	3628	* timeout, limited to a 1 week period per RFC8446.
	3629	* For TLSv1.2 this is advisory only and we leave this unspecified for
	3630	* resumed session (for simplicity).
3628	3631	*/
3629		if (!WPACKET_put_bytes_u32(pkt,
3630		(s->hit && !SSL_IS_TLS13(s))
3631		? 0 : (uint32_t)s->session->timeout)) {
	3632	#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
	3633
	3634	if (SSL_IS_TLS13(s)) {
	3635	if (s->session->timeout > ONE_WEEK_SEC)
	3636	timeout = ONE_WEEK_SEC;
	3637	} else if (s->hit)
	3638	timeout = 0;
	3639
	3640	if (!WPACKET_put_bytes_u32(pkt, timeout)) {
3632	3641	SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
3633	3642	return 0;
3634	3643	}

+1

-8

test/bntest.c less more

9	9	#include <errno.h>
10	10	#include <stdio.h>
11	11	#include <string.h>
12		#ifdef __TANDEM
13		# include <strings.h> /* strcasecmp */
14		#endif
15	12	#include <ctype.h>
16	13
17	14	#include <openssl/bn.h>

22	19	#include "internal/numbers.h"
23	20	#include "testutil.h"
24	21
25		#ifdef OPENSSL_SYS_WINDOWS
26		# define strcasecmp _stricmp
27		#endif
28
29	22	/*
30	23	* Things in boring, not in openssl.
31	24	*/

63	56	PAIR *pp = s->pairs;
64	57
65	58	for ( ; --i >= 0; pp++)
66		if (strcasecmp(pp->key, key) == 0)
	59	if (OPENSSL_strcasecmp(pp->key, key) == 0)
67	60	return pp->value;
68	61	return NULL;
69	62	}

+9

-1

test/build.info less more

36	36	sanitytest rsa_complex exdatatest bntest \
37	37	ecstresstest gmdifftest pbelutest \
38	38	destest mdc2test sha_test \
39		exptest pbetest \
	39	exptest pbetest localetest evp_pkey_ctx_new_from_name\
40	40	evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
41	41	evp_fetch_prov_test evp_libctx_test ossl_store_test \
42	42	v3nametest v3ext \

134	134	INCLUDE[exptest]=../include ../apps/include
135	135	DEPEND[exptest]=../libcrypto libtestutil.a
136	136
	137	SOURCE[localetest]=localetest.c
	138	INCLUDE[localetest]=../include ../apps/include
	139	DEPEND[localetest]=../libcrypto libtestutil.a
	140
	141	SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c
	142	INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include
	143	DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto
	144
137	145	SOURCE[pbetest]=pbetest.c
138	146	INCLUDE[pbetest]=../include ../apps/include
139	147	DEPEND[pbetest]=../libcrypto libtestutil.a

+29

-3

test/cmsapitest.c less more

0	0	/*
1		* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

17	17
18	18	static X509 *cert = NULL;
19	19	static EVP_PKEY *privkey = NULL;
	20	static char *derin = NULL;
20	21
21	22	static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
22	23	{

287	288	return ret;
288	289	}
289	290
290		OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
	291	static int test_d2i_CMS_bio_file_encrypted_data(void)
	292	{
	293	BIO *bio = NULL;
	294	CMS_ContentInfo *cms = NULL;
	295	int ret = 0;
	296
	297	ERR_clear_error();
	298
	299	if (!TEST_ptr(bio = BIO_new_file(derin, "r"))
	300	\|\| !TEST_ptr(cms = d2i_CMS_bio(bio, NULL)))
	301	goto end;
	302
	303	if (!TEST_int_eq(ERR_peek_error(), 0))
	304	goto end;
	305
	306	ret = 1;
	307	end:
	308	CMS_ContentInfo_free(cms);
	309	BIO_free(bio);
	310
	311	return ret;
	312	}
	313
	314	OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
291	315
292	316	int setup_tests(void)
293	317	{

300	324	}
301	325
302	326	if (!TEST_ptr(certin = test_get_argument(0))
303		\|\| !TEST_ptr(privkeyin = test_get_argument(1)))
	327	\|\| !TEST_ptr(privkeyin = test_get_argument(1))
	328	\|\| !TEST_ptr(derin = test_get_argument(2)))
304	329	return 0;
305	330
306	331	certbio = BIO_new_file(certin, "r");

331	356	ADD_TEST(test_encrypt_decrypt_aes_192_gcm);
332	357	ADD_TEST(test_encrypt_decrypt_aes_256_gcm);
333	358	ADD_TEST(test_d2i_CMS_bio_NULL);
	359	ADD_TEST(test_d2i_CMS_bio_file_encrypted_data);
334	360	return 1;
335	361	}
336	362

+55

-9

test/dtls_mtu_test.c less more

0	0	/*
1		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

184	184
185	185	end:
186	186	SSL_CTX_free(ctx);
	187	return ret;
	188	}
	189
	190	static int test_server_mtu_larger_than_max_fragment_length(void)
	191	{
	192	SSL_CTX *ctx = NULL;
	193	SSL srvr_ssl = NULL, clnt_ssl = NULL;
	194	int rv = 0;
	195
	196	if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))
	197	goto end;
	198
	199	SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);
	200	SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);
	201
	202	#ifndef OPENSSL_NO_DH
	203	if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1)))
	204	goto end;
	205	#endif
	206
	207	if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,
	208	NULL, NULL)))
	209	goto end;
	210
	211	SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU);
	212	if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500)))
	213	goto end;
	214
	215	SSL_set_tlsext_max_fragment_length(clnt_ssl,
	216	TLSEXT_max_fragment_length_512);
	217
	218	if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl,
	219	SSL_ERROR_NONE)))
	220	goto end;
	221
	222	rv = 1;
	223
	224	end:
	225	SSL_free(clnt_ssl);
	226	SSL_free(srvr_ssl);
	227	SSL_CTX_free(ctx);
	228	return rv;
	229	}
	230
	231	int setup_tests(void)
	232	{
	233	ADD_TEST(run_mtu_tests);
	234	ADD_TEST(test_server_mtu_larger_than_max_fragment_length);
	235	return 1;
	236	}
	237
	238	void cleanup_tests(void)
	239	{
187	240	bio_s_mempacket_test_free();
188		return ret;
189		}
190
191		int setup_tests(void)
192		{
193		ADD_TEST(run_mtu_tests);
194		return 1;
195		}
	241	}

+50

-36

test/endecode_test.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

142	142	typedef void (dumper)(const char label, const void data, size_t data_len);
143	143
144	144	#define FLAG_DECODE_WITH_TYPE 0x0001
	145	#define FLAG_FAIL_IF_FIPS 0x0002
145	146
146	147	static int test_encode_decode(const char *file, const int line,
147	148	const char type, EVP_PKEY pkey,

165	166	* dumping purposes.
166	167	*/
167	168	if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection,
168		output_type, output_structure, pass, pcipher))
169		\|\| !TEST_true(check_cb(file, line, type, encoded, encoded_len))
	169	output_type, output_structure, pass, pcipher)))
	170	goto end;
	171
	172	if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) {
	173	if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded,
	174	encoded_len, output_type, output_structure,
	175	(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),
	176	selection, pass)))
	177	ok = 1;
	178	goto end;
	179	}
	180
	181	if (!TEST_true(check_cb(file, line, type, encoded, encoded_len))
170	182	\|\| !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len,
171	183	output_type, output_structure,
172	184	(flags & FLAG_DECODE_WITH_TYPE ? type : NULL),

520	532	return ok;
521	533	}
522	534
523		static int test_unprotected_via_DER(const char type, EVP_PKEY key)
	535	static int test_unprotected_via_DER(const char type, EVP_PKEY key, int fips)
524	536	{
525	537	return test_encode_decode(__FILE__, __LINE__, type, key,
526	538	OSSL_KEYMGMT_SELECT_KEYPAIR

528	540	"DER", "PrivateKeyInfo", NULL, NULL,
529	541	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
530	542	test_mem, check_unprotected_PKCS8_DER,
531		dump_der, 0);
	543	dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
532	544	}
533	545
534	546	static int check_unprotected_PKCS8_PEM(const char *file, const int line,

542	554	sizeof(expected_pem_header) - 1);
543	555	}
544	556
545		static int test_unprotected_via_PEM(const char type, EVP_PKEY key)
	557	static int test_unprotected_via_PEM(const char type, EVP_PKEY key, int fips)
546	558	{
547	559	return test_encode_decode(__FILE__, __LINE__, type, key,
548	560	OSSL_KEYMGMT_SELECT_KEYPAIR

550	562	"PEM", "PrivateKeyInfo", NULL, NULL,
551	563	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
552	564	test_text, check_unprotected_PKCS8_PEM,
553		dump_pem, 0);
	565	dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
554	566	}
555	567
556	568	#ifndef OPENSSL_NO_KEYPARAMS

697	709	return ok;
698	710	}
699	711
700		static int test_protected_via_DER(const char type, EVP_PKEY key)
	712	static int test_protected_via_DER(const char type, EVP_PKEY key, int fips)
701	713	{
702	714	return test_encode_decode(__FILE__, __LINE__, type, key,
703	715	OSSL_KEYMGMT_SELECT_KEYPAIR

706	718	pass, pass_cipher,
707	719	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
708	720	test_mem, check_protected_PKCS8_DER,
709		dump_der, 0);
	721	dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS);
710	722	}
711	723
712	724	static int check_protected_PKCS8_PEM(const char *file, const int line,

720	732	sizeof(expected_pem_header) - 1);
721	733	}
722	734
723		static int test_protected_via_PEM(const char type, EVP_PKEY key)
	735	static int test_protected_via_PEM(const char type, EVP_PKEY key, int fips)
724	736	{
725	737	return test_encode_decode(__FILE__, __LINE__, type, key,
726	738	OSSL_KEYMGMT_SELECT_KEYPAIR

729	741	pass, pass_cipher,
730	742	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
731	743	test_text, check_protected_PKCS8_PEM,
732		dump_pem, 0);
	744	dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS);
733	745	}
734	746
735	747	static int check_protected_legacy_PEM(const char *file, const int line,

790	802	return ok;
791	803	}
792	804
793		static int test_public_via_DER(const char type, EVP_PKEY key)
	805	static int test_public_via_DER(const char type, EVP_PKEY key, int fips)
794	806	{
795	807	return test_encode_decode(__FILE__, __LINE__, type, key,
796	808	OSSL_KEYMGMT_SELECT_PUBLIC_KEY
797	809	\| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
798	810	"DER", "SubjectPublicKeyInfo", NULL, NULL,
799	811	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
800		test_mem, check_public_DER, dump_der, 0);
	812	test_mem, check_public_DER, dump_der,
	813	fips ? 0 : FLAG_FAIL_IF_FIPS);
801	814	}
802	815
803	816	static int check_public_PEM(const char *file, const int line,

811	824	sizeof(expected_pem_header) - 1);
812	825	}
813	826
814		static int test_public_via_PEM(const char type, EVP_PKEY key)
	827	static int test_public_via_PEM(const char type, EVP_PKEY key, int fips)
815	828	{
816	829	return test_encode_decode(__FILE__, __LINE__, type, key,
817	830	OSSL_KEYMGMT_SELECT_PUBLIC_KEY
818	831	\| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
819	832	"PEM", "SubjectPublicKeyInfo", NULL, NULL,
820	833	encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
821		test_text, check_public_PEM, dump_pem, 0);
	834	test_text, check_public_PEM, dump_pem,
	835	fips ? 0 : FLAG_FAIL_IF_FIPS);
822	836	}
823	837
824	838	static int check_public_MSBLOB(const char *file, const int line,

863	877	EVP_PKEY_free(template_##KEYTYPE); \
864	878	EVP_PKEY_free(key_##KEYTYPE)
865	879
866		#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \
	880	#define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \
867	881	static int test_unprotected_##KEYTYPE##_via_DER(void) \
868	882	{ \
869		return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
	883	return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
870	884	} \
871	885	static int test_unprotected_##KEYTYPE##_via_PEM(void) \
872	886	{ \
873		return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
	887	return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
874	888	} \
875	889	static int test_protected_##KEYTYPE##_via_DER(void) \
876	890	{ \
877		return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \
	891	return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
878	892	} \
879	893	static int test_protected_##KEYTYPE##_via_PEM(void) \
880	894	{ \
881		return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
	895	return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
882	896	} \
883	897	static int test_public_##KEYTYPE##_via_DER(void) \
884	898	{ \
885		return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \
	899	return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \
886	900	} \
887	901	static int test_public_##KEYTYPE##_via_PEM(void) \
888	902	{ \
889		return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \
	903	return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \
890	904	}
891	905
892	906	#define ADD_TEST_SUITE(KEYTYPE) \

960	974
961	975	#ifndef OPENSSL_NO_DH
962	976	DOMAIN_KEYS(DH);
963		IMPLEMENT_TEST_SUITE(DH, "DH")
	977	IMPLEMENT_TEST_SUITE(DH, "DH", 1)
964	978	IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH")
965	979	DOMAIN_KEYS(DHX);
966		IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH")
	980	IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1)
967	981	IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH")
968	982	/*
969	983	* DH has no support for PEM_write_bio_PrivateKey_traditional(),

972	986	#endif
973	987	#ifndef OPENSSL_NO_DSA
974	988	DOMAIN_KEYS(DSA);
975		IMPLEMENT_TEST_SUITE(DSA, "DSA")
	989	IMPLEMENT_TEST_SUITE(DSA, "DSA", 1)
976	990	IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA")
977	991	IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
978	992	IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")

983	997	#endif
984	998	#ifndef OPENSSL_NO_EC
985	999	DOMAIN_KEYS(EC);
986		IMPLEMENT_TEST_SUITE(EC, "EC")
	1000	IMPLEMENT_TEST_SUITE(EC, "EC", 1)
987	1001	IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC")
988	1002	IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
989	1003	DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
990		IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC")
	1004	IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
991	1005	IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
992	1006	DOMAIN_KEYS(ECExplicitPrime2G);
993		IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC")
	1007	IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
994	1008	IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
995	1009	# ifndef OPENSSL_NO_EC2M
996	1010	DOMAIN_KEYS(ECExplicitTriNamedCurve);
997		IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC")
	1011	IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
998	1012	IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC")
999	1013	DOMAIN_KEYS(ECExplicitTri2G);
1000		IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC")
	1014	IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0)
1001	1015	IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC")
1002	1016	# endif
1003	1017	KEYS(ED25519);
1004		IMPLEMENT_TEST_SUITE(ED25519, "ED25519")
	1018	IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1)
1005	1019	KEYS(ED448);
1006		IMPLEMENT_TEST_SUITE(ED448, "ED448")
	1020	IMPLEMENT_TEST_SUITE(ED448, "ED448", 1)
1007	1021	KEYS(X25519);
1008		IMPLEMENT_TEST_SUITE(X25519, "X25519")
	1022	IMPLEMENT_TEST_SUITE(X25519, "X25519", 1)
1009	1023	KEYS(X448);
1010		IMPLEMENT_TEST_SUITE(X448, "X448")
	1024	IMPLEMENT_TEST_SUITE(X448, "X448", 1)
1011	1025	/*
1012	1026	* ED25519, ED448, X25519 and X448 have no support for
1013	1027	* PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
1014	1028	*/
1015	1029	#endif
1016	1030	KEYS(RSA);
1017		IMPLEMENT_TEST_SUITE(RSA, "RSA")
	1031	IMPLEMENT_TEST_SUITE(RSA, "RSA", 1)
1018	1032	IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA")
1019	1033	KEYS(RSA_PSS);
1020		IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS")
	1034	IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1)
1021	1035	/*
1022	1036	* RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(),
1023	1037	* so no legacy tests.

+19

-2

test/evp_extra_test.c less more

34	34	#include "internal/nelem.h"
35	35	#include "internal/sizes.h"
36	36	#include "crypto/evp.h"
37		#include "../e_os.h" /* strcasecmp */
38	37
39	38	static OSSL_LIB_CTX *testctx = NULL;
40	39	static char *testpropq = NULL;

1738	1737	return 0;
1739	1738
1740	1739	for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1741		if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
	1740	if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1742	1741	*enc = ec_encodings[i].encoding;
1743	1742	break;
1744	1743	}

1960	1959	goto done;
1961	1960
1962	1961	if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
	1962	goto done;
	1963
	1964	/*
	1965	* Try verify again with non-matching 0 length id but ensure that it can
	1966	* be set on the context and overrides the previous value.
	1967	*/
	1968
	1969	if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
	1970	pkey)))
	1971	goto done;
	1972
	1973	if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
	1974	goto done;
	1975
	1976	if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
	1977	goto done;
	1978
	1979	if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1963	1980	goto done;
1964	1981
1965	1982	/* now check encryption/decryption */

+2

-3

test/evp_libctx_test.c less more

0	0	/*
1		* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

32	32	#include "testutil.h"
33	33	#include "internal/nelem.h"
34	34	#include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */
35		#include "../e_os.h" /* strcasecmp */
36	35
37	36	static OSSL_LIB_CTX *libctx = NULL;
38	37	static OSSL_PROVIDER *nullprov = NULL;

477	476
478	477	static int name_cmp(const char * const a, const char const *b)
479	478	{
480		return strcasecmp(a, b);
	479	return OPENSSL_strcasecmp(a, b);
481	480	}
482	481
483	482	static void collect_cipher_names(EVP_CIPHER cipher, void cipher_names_list)

+14

-0

test/evp_pkey_ctx_new_from_name.c less more

	0	#include <stdio.h>
	1	#include <openssl/ec.h>
	2	#include <openssl/evp.h>
	3	#include <openssl/err.h>
	4
	5	int main(int argc, char *argv[])
	6	{
	7	EVP_PKEY_CTX *pctx = NULL;
	8
	9	pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL);
	10	EVP_PKEY_CTX_free(pctx);
	11
	12	return 0;
	13	}

+48

-10

test/evp_test.c less more

11	11	#include <string.h>
12	12	#include <stdlib.h>
13	13	#include <ctype.h>
14		#include "../e_os.h" /* strcasecmp */
15	14	#include <openssl/evp.h>
16	15	#include <openssl/pem.h>
17	16	#include <openssl/err.h>

1132	1131	size_t salt_len;
1133	1132	/* XOF mode? */
1134	1133	int xof;
	1134	/* Reinitialization fails */
	1135	int no_reinit;
1135	1136	/* Collection of controls */
1136	1137	STACK_OF(OPENSSL_STRING) *controls;
1137	1138	/* Output size */

1244	1245	return parse_bin(value, &mdata->output, &mdata->output_len);
1245	1246	if (strcmp(keyword, "XOF") == 0)
1246	1247	return mdata->xof = 1;
	1248	if (strcmp(keyword, "NoReinit") == 0)
	1249	return mdata->no_reinit = 1;
1247	1250	if (strcmp(keyword, "Ctrl") == 0)
1248	1251	return sk_OPENSSL_STRING_push(mdata->controls,
1249	1252	OPENSSL_strdup(value)) != 0;

1407	1410	const OSSL_PARAM *defined_params =
1408	1411	EVP_MAC_settable_ctx_params(expected->mac);
1409	1412	int xof;
	1413	int reinit = 1;
1410	1414
1411	1415	if (expected->alg == NULL)
1412	1416	TEST_info("Trying the EVP_MAC %s test", expected->mac_name);

1517	1521	goto err;
1518	1522	}
1519	1523	}
	1524	retry:
1520	1525	if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) {
1521	1526	t->err = "MAC_UPDATE_ERROR";
1522	1527	goto err;

1550	1555	t->err = "TEST_MAC_ERR";
1551	1556	goto err;
1552	1557	}
	1558	}
	1559	if (reinit--) {
	1560	OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
	1561	int ret;
	1562
	1563	/* If the MAC uses IV, we have to set it again */
	1564	if (expected->iv != NULL) {
	1565	ivparams[0] =
	1566	OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
	1567	expected->iv,
	1568	expected->iv_len);
	1569	ivparams[1] = OSSL_PARAM_construct_end();
	1570	}
	1571	ERR_set_mark();
	1572	ret = EVP_MAC_init(ctx, NULL, 0, ivparams);
	1573	if (expected->no_reinit) {
	1574	if (ret) {
	1575	ERR_clear_last_mark();
	1576	t->err = "MAC_REINIT_SHOULD_FAIL";
	1577	goto err;
	1578	}
	1579	} else if (ret) {
	1580	ERR_clear_last_mark();
	1581	OPENSSL_free(got);
	1582	got = NULL;
	1583	goto retry;
	1584	} else {
	1585	ERR_clear_last_mark();
	1586	t->err = "MAC_REINIT_ERROR";
	1587	goto err;
	1588	}
	1589	/* If reinitialization fails, it is unsupported by the algorithm */
	1590	ERR_pop_to_mark();
1553	1591	}
1554	1592	t->err = NULL;
1555	1593

3885	3923	OSSL_LIB_CTX_free(libctx);
3886	3924	}
3887	3925
3888		#define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0
	3926	#define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0
3889	3927	#define STR_ENDS_WITH(str, pre) \
3890		strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
	3928	strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0)
3891	3929
3892	3930	static int is_digest_disabled(const char *name)
3893	3931	{

3896	3934	return 1;
3897	3935	#endif
3898	3936	#ifdef OPENSSL_NO_MD2
3899		if (strcasecmp(name, "MD2") == 0)
	3937	if (OPENSSL_strcasecmp(name, "MD2") == 0)
3900	3938	return 1;
3901	3939	#endif
3902	3940	#ifdef OPENSSL_NO_MDC2
3903		if (strcasecmp(name, "MDC2") == 0)
	3941	if (OPENSSL_strcasecmp(name, "MDC2") == 0)
3904	3942	return 1;
3905	3943	#endif
3906	3944	#ifdef OPENSSL_NO_MD4
3907		if (strcasecmp(name, "MD4") == 0)
	3945	if (OPENSSL_strcasecmp(name, "MD4") == 0)
3908	3946	return 1;
3909	3947	#endif
3910	3948	#ifdef OPENSSL_NO_MD5
3911		if (strcasecmp(name, "MD5") == 0)
	3949	if (OPENSSL_strcasecmp(name, "MD5") == 0)
3912	3950	return 1;
3913	3951	#endif
3914	3952	#ifdef OPENSSL_NO_RMD160
3915		if (strcasecmp(name, "RIPEMD160") == 0)
	3953	if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0)
3916	3954	return 1;
3917	3955	#endif
3918	3956	#ifdef OPENSSL_NO_SM3
3919		if (strcasecmp(name, "SM3") == 0)
	3957	if (OPENSSL_strcasecmp(name, "SM3") == 0)
3920	3958	return 1;
3921	3959	#endif
3922	3960	#ifdef OPENSSL_NO_WHIRLPOOL
3923		if (strcasecmp(name, "WHIRLPOOL") == 0)
	3961	if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0)
3924	3962	return 1;
3925	3963	#endif
3926	3964	return 0;

+1

-0

test/helpers/handshake.c less more

1431	1431	test_ctx, extra, &server_ctx_data,
1432	1432	&server2_ctx_data, &client_ctx_data)) {
1433	1433	TEST_note("configure_handshake_ctx");
	1434	HANDSHAKE_RESULT_free(ret);
1434	1435	return NULL;
1435	1436	}
1436	1437

+3

-7

test/helpers/ssl_test_ctx.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

15	15	#include "ssl_test_ctx.h"
16	16	#include "../testutil.h"
17	17
18		#ifdef OPENSSL_SYS_WINDOWS
19		# define strcasecmp _stricmp
20		#endif
21
22	18	static const int default_app_data_size = 256;
23	19	/* Default set to be as small as possible to exercise fragmentation. */
24	20	static const int default_max_fragment_size = 512;
25	21
26	22	static int parse_boolean(const char value, int result)
27	23	{
28		if (strcasecmp(value, "Yes") == 0) {
	24	if (OPENSSL_strcasecmp(value, "Yes") == 0) {
29	25	*result = 1;
30	26	return 1;
31	27	}
32		else if (strcasecmp(value, "No") == 0) {
	28	else if (OPENSSL_strcasecmp(value, "No") == 0) {
33	29	*result = 0;
34	30	return 1;
35	31	}

+124

-0

test/localetest.c less more

	0
	1	#include <stdio.h>
	2	#include <string.h>
	3	#include <openssl/x509.h>
	4	#include "testutil.h"
	5	#include "testutil/output.h"
	6
	7	#include <stdio.h>
	8	#include <stdlib.h>
	9	#include <locale.h>
	10	#ifdef OPENSSL_SYS_WINDOWS
	11	# define strcasecmp _stricmp
	12	#else
	13	# include <strings.h>
	14	#endif
	15
	16	int setup_tests(void)
	17	{
	18	const unsigned char der_bytes[] = {
	19	0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01,
	20	0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d,
	21	0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30,
	22	0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
	23	0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
	24	0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
	25	0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34,
	26	0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31,
	27	0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12,
	28	0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63,
	29	0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
	30	0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
	31	0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
	32	0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48,
	33	0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8,
	34	0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab,
	35	0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a,
	36	0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06,
	37	0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1,
	38	0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc,
	39	0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1,
	40	0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda,
	41	0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59,
	42	0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a,
	43	0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36,
	44	0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3,
	45	0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe,
	46	0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed,
	47	0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3,
	48	0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57,
	49	0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05,
	50	0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe,
	51	0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f,
	52	0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff,
	53	0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01,
	54	0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
	55	0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf,
	56	0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30,
	57	0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
	58	0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f,
	59	0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03,
	60	0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
	61	0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
	62	0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e,
	63	0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa,
	64	0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88,
	65	0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e,
	66	0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a,
	67	0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f,
	68	0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22,
	69	0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9,
	70	0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e,
	71	0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c,
	72	0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54,
	73	0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7,
	74	0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb,
	75	0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e,
	76	0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15,
	77	0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0,
	78	0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2,
	79	0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d,
	80	0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0,
	81	0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6,
	82	0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45,
	83	0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73,
	84	0x5f
	85	};
	86
	87	char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo";
	88	int res;
	89	X509 *cert = NULL;
	90	X509_PUBKEY *cert_pubkey = NULL;
	91	const unsigned char *p = der_bytes;
	92
	93	if (setlocale(LC_ALL, "") == NULL)
	94	return TEST_skip("Cannot set the locale necessary for test");
	95
	96	res = strcasecmp(str1, str2);
	97	TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded");
	98
	99	if (!TEST_false(OPENSSL_strcasecmp(str1, str2)))
	100	return 0;
	101
	102	cert = d2i_X509(NULL, &p, sizeof(der_bytes));
	103	if (!TEST_ptr(cert))
	104	return 0;
	105
	106	cert_pubkey = X509_get_X509_PUBKEY(cert);
	107	if (!TEST_ptr(cert_pubkey)) {
	108	X509_free(cert);
	109	return 0;
	110	}
	111
	112	if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) {
	113	X509_free(cert);
	114	return 0;
	115	}
	116
	117	X509_free(cert);
	118	return 1;
	119	}
	120
	121	void cleanup_tests(void)
	122	{
	123	}

+17

-21

test/params_conversion_test.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
3	3	*
4	4	* Licensed under the Apache License 2.0 (the "License"). You may not use

13	13
14	14	/* On machines that dont support <inttypes.h> just disable the tests */
15	15	#if !defined(OPENSSL_NO_INTTYPES_H)
16
17		# ifdef OPENSSL_SYS_WINDOWS
18		# define strcasecmp _stricmp
19		# endif
20	16
21	17	# ifdef OPENSSL_SYS_VMS
22	18	# define strtoumax strtoull

61	57
62	58	for (i = 0; i < s->numpairs; i++, pp++) {
63	59	p = "";
64		if (strcasecmp(pp->key, "type") == 0) {
	60	if (OPENSSL_strcasecmp(pp->key, "type") == 0) {
65	61	if (type != NULL) {
66	62	TEST_info("Line %d: multiple type lines", s->curr);
67	63	return 0;

71	67	TEST_info("Line %d: unknown type line", s->curr);
72	68	return 0;
73	69	}
74		} else if (strcasecmp(pp->key, "int32") == 0) {
	70	} else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) {
75	71	if (def_i32++) {
76	72	TEST_info("Line %d: multiple int32 lines", s->curr);
77	73	return 0;
78	74	}
79		if (strcasecmp(pp->value, "invalid") != 0) {
	75	if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
80	76	pc->valid_i32 = 1;
81	77	pc->i32 = (int32_t)strtoimax(pp->value, &p, 10);
82	78	}
83		} else if (strcasecmp(pp->key, "int64") == 0) {
	79	} else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) {
84	80	if (def_i64++) {
85	81	TEST_info("Line %d: multiple int64 lines", s->curr);
86	82	return 0;
87	83	}
88		if (strcasecmp(pp->value, "invalid") != 0) {
	84	if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
89	85	pc->valid_i64 = 1;
90	86	pc->i64 = (int64_t)strtoimax(pp->value, &p, 10);
91	87	}
92		} else if (strcasecmp(pp->key, "uint32") == 0) {
	88	} else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) {
93	89	if (def_u32++) {
94	90	TEST_info("Line %d: multiple uint32 lines", s->curr);
95	91	return 0;
96	92	}
97		if (strcasecmp(pp->value, "invalid") != 0) {
	93	if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
98	94	pc->valid_u32 = 1;
99	95	pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10);
100	96	}
101		} else if (strcasecmp(pp->key, "uint64") == 0) {
	97	} else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) {
102	98	if (def_u64++) {
103	99	TEST_info("Line %d: multiple uint64 lines", s->curr);
104	100	return 0;
105	101	}
106		if (strcasecmp(pp->value, "invalid") != 0) {
	102	if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
107	103	pc->valid_u64 = 1;
108	104	pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10);
109	105	}
110		} else if (strcasecmp(pp->key, "double") == 0) {
	106	} else if (OPENSSL_strcasecmp(pp->key, "double") == 0) {
111	107	if (def_d++) {
112	108	TEST_info("Line %d: multiple double lines", s->curr);
113	109	return 0;
114	110	}
115		if (strcasecmp(pp->value, "invalid") != 0) {
	111	if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) {
116	112	pc->valid_d = 1;
117	113	pc->d = strtod(pp->value, &p);
118	114	}

132	128	return 0;
133	129	}
134	130
135		if (strcasecmp(type, "int32") == 0) {
	131	if (OPENSSL_strcasecmp(type, "int32") == 0) {
136	132	if (!TEST_true(def_i32) \|\| !TEST_true(pc->valid_i32)) {
137	133	TEST_note("errant int32 on line %d", s->curr);
138	134	return 0;

141	137	pc->datum = &datum_i32;
142	138	pc->ref = &ref_i32;
143	139	pc->size = sizeof(ref_i32);
144		} else if (strcasecmp(type, "int64") == 0) {
	140	} else if (OPENSSL_strcasecmp(type, "int64") == 0) {
145	141	if (!TEST_true(def_i64) \|\| !TEST_true(pc->valid_i64)) {
146	142	TEST_note("errant int64 on line %d", s->curr);
147	143	return 0;

150	146	pc->datum = &datum_i64;
151	147	pc->ref = &ref_i64;
152	148	pc->size = sizeof(ref_i64);
153		} else if (strcasecmp(type, "uint32") == 0) {
	149	} else if (OPENSSL_strcasecmp(type, "uint32") == 0) {
154	150	if (!TEST_true(def_u32) \|\| !TEST_true(pc->valid_u32)) {
155	151	TEST_note("errant uint32 on line %d", s->curr);
156	152	return 0;

159	155	pc->datum = &datum_u32;
160	156	pc->ref = &ref_u32;
161	157	pc->size = sizeof(ref_u32);
162		} else if (strcasecmp(type, "uint64") == 0) {
	158	} else if (OPENSSL_strcasecmp(type, "uint64") == 0) {
163	159	if (!TEST_true(def_u64) \|\| !TEST_true(pc->valid_u64)) {
164	160	TEST_note("errant uint64 on line %d", s->curr);
165	161	return 0;

168	164	pc->datum = &datum_u64;
169	165	pc->ref = &ref_u64;
170	166	pc->size = sizeof(ref_u64);
171		} else if (strcasecmp(type, "double") == 0) {
	167	} else if (OPENSSL_strcasecmp(type, "double") == 0) {
172	168	if (!TEST_true(def_d) \|\| !TEST_true(pc->valid_d)) {
173	169	TEST_note("errant double on line %d", s->curr);
174	170	return 0;

+5

-2

test/provider_test.c less more

0	0	/*
1		* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

190	190	* In this case we assume we've been built with "no-legacy" and skip
191	191	* this test (there is no OPENSSL_NO_LEGACY)
192	192	*/
	193	OSSL_LIB_CTX_free(libctx);
193	194	return 1;
194	195	}
195	196
196	197	if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name,
197		PROVIDER_INIT_FUNCTION_NAME)))
	198	PROVIDER_INIT_FUNCTION_NAME))) {
	199	OSSL_LIB_CTX_free(libctx);
198	200	return 0;
	201	}
199	202
200	203	/* test_provider will free libctx and unload legacy as part of the test */
201	204	return test_provider(&libctx, name, legacy);

+26

-0

test/recipes/02-test_localetest.t less more

	0	#! /usr/bin/env perl
	1	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
	2	# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use OpenSSL::Test;
	10	use OpenSSL::Test::Utils;
	11
	12	setup("locale tests");
	13
	14	plan skip_all => "Locale tests not available on Windows or VMS"
	15	if $^O =~ /^(VMS\|MSWin32)$/;
	16
	17	plan tests => 3;
	18
	19	ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init");
	20
	21	$ENV{LANG} = "C";
	22	ok(run(test(["localetest"])), "running localetest");
	23
	24	$ENV{LANG} = "tr_TR.UTF-8";
	25	ok(run(test(["localetest"])), "running localetest with Turkish locale");

+2

-2

test/recipes/03-test_fipsinstall.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

26	26	plan tests => 29;
27	27
28	28	my $infile = bldtop_file('providers', platform->dso('fips'));
29		my $fipskey = $ENV{FIPSKEY} // '00';
	29	my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00';
30	30
31	31	# Read in a text $infile and replace the regular expression in $srch with the
32	32	# value in $repl and output to a new file $outfile.

+33

-3

test/recipes/15-test_ecparam.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

12	12	use File::Spec;
13	13	use File::Compare qw/compare_text/;
14	14	use OpenSSL::Glob;
15		use OpenSSL::Test qw/:DEFAULT data_file/;
	15	use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
16	16	use OpenSSL::Test::Utils;
17	17
18	18	setup("test_ecparam");

24	24	my @noncanon = glob(data_file("noncanon", "*.pem"));
25	25	my @invalid = glob(data_file("invalid", "*.pem"));
26	26
27		plan tests => 11;
	27	plan tests => 12;
28	28
29	29	sub checkload {
30	30	my $files = shift; # List of files

57	57	$in1 ne $in2}), "Original file $_ is the same as new one");
58	58	}
59	59	}
	60
	61	my $no_fips = disabled('fips') \|\| ($ENV{NO_FIPS} // 0);
60	62
61	63	subtest "Check loading valid parameters by ecparam with -check" => sub {
62	64	plan tests => scalar(@valid);

112	114	plan tests => 2 * scalar(@valid);
113	115	checkcompare(\@valid, "pkeyparam");
114	116	};
	117
	118	subtest "Check loading of fips and non-fips params" => sub {
	119	plan skip_all => "FIPS is disabled"
	120	if $no_fips;
	121	plan tests => 3;
	122
	123	my $fipsconf = srctop_file("test", "fips-and-base.cnf");
	124	my $defaultconf = srctop_file("test", "default.cnf");
	125
	126	$ENV{OPENSSL_CONF} = $fipsconf;
	127
	128	ok(run(app(['openssl', 'ecparam',
	129	'-in', data_file('valid', 'secp384r1-explicit.pem'),
	130	'-check'])),
	131	"Loading explicitly encoded valid curve");
	132
	133	ok(run(app(['openssl', 'ecparam',
	134	'-in', data_file('valid', 'secp384r1-named.pem'),
	135	'-check'])),
	136	"Loading named valid curve");
	137
	138	ok(!run(app(['openssl', 'ecparam',
	139	'-in', data_file('valid', 'secp112r1-named.pem'),
	140	'-check'])),
	141	"Fail loading named non-fips curve");
	142
	143	$ENV{OPENSSL_CONF} = $defaultconf;
	144	};

+12

-2

test/recipes/15-test_rsapss.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

15	15
16	16	setup("test_rsapss");
17	17
18		plan tests => 7;
	18	plan tests => 9;
19	19
20	20	#using test/testrsa.pem which happens to be a 512 bit RSA
21	21	ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1',

63	63	'-signature', 'testrsapss-unrestricted.sig',
64	64	srctop_file('test', 'testrsa.pem')])),
65	65	"openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]");
	66
	67	# Test that RSA-PSS keys are supported by genpkey and rsa commands.
	68	{
	69	my $rsapss = "rsapss.key";
	70	ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS',
	71	'-pkeyopt', 'rsa_keygen_bits:1024',
	72	'--out', $rsapss])));
	73	ok(run(app(['openssl', 'rsa', '-check',
	74	'-in', $rsapss])));
	75	}

+0

-22

test/recipes/30-test_evp_data/evpciph_aes_stitched.txt less more

123	123	Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f
124	124	Ciphertext = 261cd0c88a4d4e6db7fc263257a9f6d0ce83c1ff5f2680dc57ffd8eefdbb9c00d3d507672d105a990b2b78509978625b9d93c2bd41e3fb721abd1496553c583c67dad9b662b3d58c8540e10ed9c5ed1a7f33ce9e9a41c30836651d73ee2c003af03a919eb41a6d70ef814e184e740f8a96221b924d9d025ef5e7150d4ca76921a025dd146fef87da738877313f11ec8f4c558b878c28ce6a9a5011d70f58c5dbd3412cf0a32154f5a4286958a5a50a86f15119835ceccf432601e4cc688cdd682ac9620500b60c0760bb93209859823778a7f2b5bab1af259bda13d84f952af9d2f07f500dadedc41a2b6a737a1296e0b2fb96ac4da4bf71fe2f0c4a1b6fc4dd251087e4c03d2e28c85a9b4a835ef166b48e5b7690f332a1d8db7bd9380221891f31ee82f4b8dd9ebf540cab583a0f33
125	125	NextIV = 1f31ee82f4b8dd9ebf540cab583a0f33
126
127		Title = RC4-HMAC-MD5 test vectors
128
129		Availablein = legacy
130		Cipher = RC4-HMAC-MD5
131		Key = d48ecc0a163a06626bd1b7e172dfb5b3
132		MACKey = 5973581f63768353af37d3f51ec9f6ef
133		TLSAAD = 90a1b2c3e4f506172803010050
134		TLSVersion = 0x0301
135		Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
136		Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
137		Operation = ENCRYPT
138
139		Availablein = legacy
140		Cipher = RC4-HMAC-MD5
141		Key = d48ecc0a163a06626bd1b7e172dfb5b3
142		MACKey = 5973581f63768353af37d3f51ec9f6ef
143		TLSAAD = 90a1b2c3e4f506172803010060
144		TLSVersion = 0x0301
145		Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
146		Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
147		Operation = DECRYPT

+2

-2

test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt less more

6	6	TLSAAD = 90a1b2c3e4f506172803010050
7	7	TLSVersion = 0x0301
8	8	Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
9		Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
	9	Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716
10	10	# DECRYPT must be a separate entry due to change in TLSAAD value
11	11	Operation = ENCRYPT
12	12

17	17	TLSAAD = 90a1b2c3e4f506172803010060
18	18	TLSVersion = 0x0301
19	19	Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
20		Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c
	20	Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716
21	21	Operation = DECRYPT

+45

-1

test/recipes/30-test_evp_data/evpmac_poly1305.txt less more

0	0	#
1		# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

16	16	Key = 0000000000000000000000000000000000000000000000000000000000000000
17	17	Input = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
18	18	Output = 00000000000000000000000000000000
	19	NoReinit = 1
19	20
20	21	MAC = Poly1305
21	22	Key = 0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e
22	23	Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f
23	24	Output = 36e5f6b5c5e06070f0efca96227a863e
	25	NoReinit = 1
24	26
25	27	MAC = Poly1305
26	28	Key = 36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000
27	29	Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f
28	30	Output = f3477e7cd95417af89a6b8794c310cf0
	31	NoReinit = 1
29	32
30	33	MAC = Poly1305
31	34	Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0
32	35	Input = 2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e
33	36	Output = 4541669a7eaaee61e708dc7cbcc5eb62
	37	NoReinit = 1
34	38
35	39	# If one uses 130-bit partial reduction, does the code handle the case where partially reduced final result is not fully reduced?
36	40	MAC = Poly1305
37	41	Key = 0200000000000000000000000000000000000000000000000000000000000000
38	42	Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
39	43	Output = 03000000000000000000000000000000
	44	NoReinit = 1
40	45
41	46	# What happens if addition of s overflows modulo 2^128?
42	47	MAC = Poly1305
43	48	Key = 02000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
44	49	Input = 02000000000000000000000000000000
45	50	Output = 03000000000000000000000000000000
	51	NoReinit = 1
46	52
47	53	# What happens if data limb is all ones and there is carry from lower limb?
48	54	MAC = Poly1305
49	55	Key = 0100000000000000000000000000000000000000000000000000000000000000
50	56	Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF11000000000000000000000000000000
51	57	Output = 05000000000000000000000000000000
	58	NoReinit = 1
52	59
53	60	# What happens if final result from polynomial part is exactly 2^130-5?
54	61	MAC = Poly1305
55	62	Key = 0100000000000000000000000000000000000000000000000000000000000000
56	63	Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE01010101010101010101010101010101
57	64	Output = 00000000000000000000000000000000
	65	NoReinit = 1
58	66
59	67	# What happens if final result from polynomial part is exactly 2^130-6?
60	68	MAC = Poly1305
61	69	Key = 0200000000000000000000000000000000000000000000000000000000000000
62	70	Input = FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
63	71	Output = FAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
	72	NoReinit = 1
64	73
65	74	# Taken from poly1305_internal_test.c
66	75	# More RFC7539

69	78	Input = 43727970746f6772617068696320466f72756d2052657365617263682047726f7570
70	79	Key = 85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b
71	80	Output = a8061dc1305136c6c22b8baf0c0127a9
	81	NoReinit = 1
72	82
73	83	# test vectors from "The Poly1305-AES message-authentication code"
74	84

76	86	Input = f3f6
77	87	Key = 851fc40c3467ac0be05cc20404f3f700580b3b0f9447bb1e69d095b5928b6dbc
78	88	Output = f4c633c3044fc145f84f335cb81953de
	89	NoReinit = 1
79	90
80	91	# No input?
81	92	# # MAC = Poly1305
82	93	# Input =
83	94	# Key = a0f3080000f46400d0c7e9076c834403dd3fab2251f11ac759f0887129cc2ee7
84	95	# Output = dd3fab2251f11ac759f0887129cc2ee7
	96	# NoReinit = 1
85	97
86	98	MAC = Poly1305
87	99	Input = 663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136
88	100	Key = 48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef
89	101	Output = 0ee1c16bb73f0f4fd19881753c01cdbe
	102	NoReinit = 1
90	103
91	104	MAC = Poly1305
92	105	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9
93	106	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
94	107	Output = 5154ad0d2cb26e01274fc51148491f1b
	108	NoReinit = 1
95	109
96	110	# self-generated vectors exercise "significant" length such that* are handled by different code paths
97	111

99	113	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af
100	114	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
101	115	Output = 812059a5da198637cac7c4a631bee466
	116	NoReinit = 1
102	117
103	118	MAC = Poly1305
104	119	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67
105	120	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
106	121	Output = 5b88d7f6228b11e2e28579a5c0c1f761
	122	NoReinit = 1
107	123
108	124	MAC = Poly1305
109	125	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136
110	126	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
111	127	Output = bbb613b2b6d753ba07395b916aaece15
	128	NoReinit = 1
112	129
113	130	MAC = Poly1305
114	131	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24
115	132	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
116	133	Output = c794d7057d1778c4bbee0a39b3d97342
	134	NoReinit = 1
117	135
118	136	MAC = Poly1305
119	137	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136
120	138	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
121	139	Output = ffbcb9b371423152d7fca5ad042fbaa9
	140	NoReinit = 1
122	141
123	142	MAC = Poly1305
124	143	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee466
125	144	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
126	145	Output = 069ed6b8ef0f207b3e243bb1019fe632
	146	NoReinit = 1
127	147
128	148	MAC = Poly1305
129	149	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761
130	150	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
131	151	Output = cca339d9a45fa2368c2c68b3a4179133
	152	NoReinit = 1
132	153
133	154	MAC = Poly1305
134	155	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136
135	156	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
136	157	Output = 53f6e828a2f0fe0ee815bf0bd5841a34
	158	NoReinit = 1
137	159
138	160	MAC = Poly1305
139	161	Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761
140	162	Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57
141	163	Output = b846d44e9bbd53cedffbfbb6b7fa4933
	164	NoReinit = 1
142	165
143	166	# 4th power of the key spills to 131th bit in SIMD key setup
144	167

146	169	Input = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
147	170	Key = ad628107e8351d0f2c231a05dc4a410600000000000000000000000000000000
148	171	Output = 07145a4c02fe5fa32036de68fabe9066
	172	NoReinit = 1
149	173
150	174	# poly1305_ieee754.c failed this in final stage
151	175

153	177	Input = 842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e63635641d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff44c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccdda94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74
154	178	Key = 95d5c005503e510d8cd0aa072c4a4d066eabc52d11653df47fbf63ab198bcc26
155	179	Output = f248312e578d9d58f8b7bb4d19105431
	180	NoReinit = 1
156	181
157	182	# AVX2 in poly1305-x86.pl failed this with 176+32 split
158	183

160	185	Input = 248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e874cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936aff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a3709894e4eb0a4eedc4ae19468e66b81f271351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb
161	186	Key = 000102030405060708090a0b0c0d0e0f00000000000000000000000000000000
162	187	Output = bc939bc5281480fa99c6d68c258ec42f
	188	NoReinit = 1
163	189
164	190	# test vectors from Google
165	191

168	194	# Input =
169	195	# Key = c8afaac331ee372cd6082de134943b174710130e9f6fea8d72293850a667d86c
170	196	# Output = 4710130e9f6fea8d72293850a667d86c
	197	# NoReinit = 1
171	198
172	199	MAC = Poly1305
173	200	Input = 48656c6c6f20776f726c6421
174	201	Key = 746869732069732033322d62797465206b657920666f7220506f6c7931333035
175	202	Output = a6f745008f81c916a20dcc74eef2b2f0
	203	NoReinit = 1
176	204
177	205	MAC = Poly1305
178	206	Input = 0000000000000000000000000000000000000000000000000000000000000000
179	207	Key = 746869732069732033322d62797465206b657920666f7220506f6c7931333035
180	208	Output = 49ec78090e481ec6c26b33b91ccc0307
	209	NoReinit = 1
181	210
182	211	MAC = Poly1305
183	212	Input = 89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a91c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a620334270372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f141300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595
184	213	Key = 2d773be37adb1e4d683bf0075e79c4ee037918535a7f99ccb7040fb5f5f43aea
185	214	Output = c85d15ed44c378d6b00e23064c7bcd51
	215	NoReinit = 1
186	216
187	217	MAC = Poly1305
188	218	Input = 000000000000000b170303020000000006db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a85266a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b967b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076ad54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc4810886bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a24ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d71351bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a47116d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0
189	219	Key = 99e5822dd4173c995e3dae0ddefb97743fde3b080134b39f76e9bf8d0e88d546
190	220	Output = 2637408fe13086ea73f971e3425e2820
	221	NoReinit = 1
191	222
192	223	# test vectors from Hanno Bock
193	224

195	226	Input = cccccccccccccccccccccccccccccccccccccccccccccccccc80ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccceccccccccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccccccccccccce3ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccaccccccccccccccccccccce6cccccccccc000000afccccccccccccccccccfffffff5000000000000000000000000000000000000000000000000000000ffffffe70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000719205a8521dfc
196	227	Key = 7f1b02640000000000000000000000000000000000000000cccccccccccccccc
197	228	Output = 8559b876eceed66eb37798c0457baff9
	229	NoReinit = 1
198	230
199	231	MAC = Poly1305
200	232	Input = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa000000000000000000800264
201	233	Key = e00016000000000000000000000000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaa
202	234	Output = 00bd1258978e205444c9aaaa82006fed
	235	NoReinit = 1
203	236
204	237	MAC = Poly1305
205	238	Input = 02fc
206	239	Key = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
207	240	Output = 06120c0c0c0c0c0c0c0c0c0c0c0c0c0c
	241	NoReinit = 1
208	242
209	243	MAC = Poly1305
210	244	Input = 7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b001300000000b300000000000000000000000000000000000000000000f20000000000000000000000000000000000002000efff0009000000000000000000000000100000000009000000640000000000000000000000001300000000b300000000000000000000000000000000000000000000f20000000000000000000000000000000000002000efff00090000000000000000007a000010000000000900000064000000000000000000000000000000000000000000000000fc
211	245	Key = 00ff000000000000000000000000000000000000001e00000000000000007b7b
212	246	Output = 33205bbf9e9f8f7212ab9e2ab9b7e4a5
	247	NoReinit = 1
213	248
214	249	MAC = Poly1305
215	250	Input = 77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acacec0100acacac2caca2acacacacacacacacacacac64f2
216	251	Key = 0000007f0000007f01000020000000000000cf77777777777777777777777777
217	252	Output = 02ee7c8c546ddeb1a467e4c3981158b9
	253	NoReinit = 1
218	254
219	255	# test vectors from Andrew Moon - nacl
220	256

222	258	Input = 8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186ac0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74e355a5
223	259	Key = eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880
224	260	Output = f3ffc7703f9400e52a7dfb4b3d3305d9
	261	NoReinit = 1
225	262
226	263	# wrap 2^130-5
227	264	MAC = Poly1305
228	265	Input = ffffffffffffffffffffffffffffffff
229	266	Key = 0200000000000000000000000000000000000000000000000000000000000000
230	267	Output = 03000000000000000000000000000000
	268	NoReinit = 1
231	269
232	270	# wrap 2^128
233	271	MAC = Poly1305
234	272	Input = 02000000000000000000000000000000
235	273	Key = 02000000000000000000000000000000ffffffffffffffffffffffffffffffff
236	274	Output = 03000000000000000000000000000000
	275	NoReinit = 1
237	276
238	277	# limb carry
239	278	MAC = Poly1305
240	279	Input = fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff11000000000000000000000000000000
241	280	Key = 0100000000000000000000000000000000000000000000000000000000000000
242	281	Output = 05000000000000000000000000000000
	282	NoReinit = 1
243	283
244	284	# 2^130-5
245	285	MAC = Poly1305
246	286	Input = fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe01010101010101010101010101010101
247	287	Key = 0100000000000000000000000000000000000000000000000000000000000000
248	288	Output = 00000000000000000000000000000000
	289	NoReinit = 1
249	290
250	291	# 2^130-6
251	292	MAC = Poly1305
252	293	Input = fdffffffffffffffffffffffffffffff
253	294	Key = 0200000000000000000000000000000000000000000000000000000000000000
254	295	Output = faffffffffffffffffffffffffffffff
	296	NoReinit = 1
255	297
256	298	# 5*H+L reduction intermediate
257	299	MAC = Poly1305
258	300	Input = e33594d7505e43b900000000000000003394d7505e4379cd01000000000000000000000000000000000000000000000001000000000000000000000000000000
259	301	Key = 0100000000000000040000000000000000000000000000000000000000000000
260	302	Output = 14000000000000005500000000000000
	303	NoReinit = 1
261	304
262	305	# 5*H+L reduction final
263	306	MAC = Poly1305
264	307	Input = e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000
265	308	Key = 0100000000000000040000000000000000000000000000000000000000000000
266	309	Output = 13000000000000000000000000000000
	310	NoReinit = 1
267	311
268	312	# Here are 4 duplicated cases for Poly1305 by EVP_PKEY
269	313	MAC = Poly1305 by EVP_PKEY

+50

-3

test/recipes/70-test_tls13hrr.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

36	36
37	37	use constant {
38	38	CHANGE_HRR_CIPHERSUITE => 0,
39		CHANGE_CH1_CIPHERSUITE => 1
	39	CHANGE_CH1_CIPHERSUITE => 1,
	40	DUPLICATE_HRR => 2
40	41	};
41	42
42	43	#Test 1: A client should fail if the server changes the ciphersuite between the

49	50	}
50	51	my $testtype = CHANGE_HRR_CIPHERSUITE;
51	52	$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
52		plan tests => 2;
	53	plan tests => 3;
53	54	ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
54	55
55	56	#Test 2: It is an error if the client changes the offered ciphersuites so that

64	65	$testtype = CHANGE_CH1_CIPHERSUITE;
65	66	$proxy->start();
66	67	ok(TLSProxy::Message->fail(), "Client ciphersuite changes");
	68
	69	#Test 3: A client should fail with unexpected_message alert if the server
	70	# sends more than 1 HRR
	71	my $fatal_alert = 0;
	72	$proxy->clear();
	73	if (disabled("ec")) {
	74	$proxy->serverflags("-curves ffdhe3072");
	75	} else {
	76	$proxy->serverflags("-curves P-256");
	77	}
	78	$testtype = DUPLICATE_HRR;
	79	$proxy->start();
	80	ok($fatal_alert, "Server duplicated HRR");
67	81
68	82	sub hrr_filter
69	83	{

85	99	return;
86	100	}
87	101
	102	if ($testtype == DUPLICATE_HRR) {
	103	# We're only interested in the HRR
	104	# and the unexpected_message alert from client
	105	if ($proxy->flight == 4) {
	106	$fatal_alert = 1
	107	if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10;
	108	return;
	109	}
	110	if ($proxy->flight != 3) {
	111	return;
	112	}
	113
	114	# Find ServerHello record (HRR actually) and insert after that
	115	my $i;
	116	for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
	117	next;
	118	}
	119	my $hrr_record = ${$proxy->record_list}[$i];
	120	my $dup_hrr = TLSProxy::Record->new(3,
	121	$hrr_record->content_type(),
	122	$hrr_record->version(),
	123	$hrr_record->len(),
	124	$hrr_record->sslv2(),
	125	$hrr_record->len_real(),
	126	$hrr_record->decrypt_len(),
	127	$hrr_record->data(),
	128	$hrr_record->decrypt_data());
	129
	130	$i++;
	131	splice @{$proxy->record_list}, $i, 0, $dup_hrr;
	132	return;
	133	}
	134
88	135	# CHANGE_CH1_CIPHERSUITE
89	136	if ($proxy->flight != 0) {
90	137	return;

+3

-2

test/recipes/80-test_cmsapi.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

16	16	plan tests => 1;
17	17
18	18	ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
19		srctop_file("test", "certs", "serverkey.pem")])),
	19	srctop_file("test", "certs", "serverkey.pem"),
	20	srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
20	21	"running cmsapitest");

test/recipes/80-test_cmsapi_data/encryptedData.der less more

Binary diff not shown

+112

-104

test/recipes/80-test_ocsp.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

34	34	$untrusted = $CAfile;
35	35	}
36	36	my $expected_exit = shift;
	37	my $nochecks = shift;
37	38	my $outputfile = basename($inputfile, '.ors') . '.dat';
38	39
39	40	run(app(["openssl", "base64", "-d",

44	45	"-partial_chain", @check_time,
45	46	"-CAfile", catfile($ocspdir, $CAfile),
46	47	"-verify_other", catfile($ocspdir, $untrusted),
47		"-no-CApath", "-no-CAstore"])),
	48	"-no-CApath", "-no-CAstore",
	49	$nochecks ? "-no_cert_checks" : ()])),
48	50	$title); });
49	51	}
50	52

54	56	plan tests => 7;
55	57
56	58	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
57		"ND1.ors", "ND1_Issuer_ICA.pem", "", 0);
58		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
59		"ND2.ors", "ND2_Issuer_Root.pem", "", 0);
60		test_ocsp("NON-DELEGATED; Root CA -> EE",
61		"ND3.ors", "ND3_Issuer_Root.pem", "", 0);
	59	"ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0);
	60	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	61	"ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0);
	62	test_ocsp("NON-DELEGATED; Root CA -> EE",
	63	"ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0);
62	64	test_ocsp("NON-DELEGATED; 3-level CA hierarchy",
63		"ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0);
64		test_ocsp("DELEGATED; Intermediate CA -> EE",
65		"D1.ors", "D1_Issuer_ICA.pem", "", 0);
66		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
67		"D2.ors", "D2_Issuer_Root.pem", "", 0);
68		test_ocsp("DELEGATED; Root CA -> EE",
69		"D3.ors", "D3_Issuer_Root.pem", "", 0);
	65	"ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0);
	66	test_ocsp("DELEGATED; Intermediate CA -> EE",
	67	"D1.ors", "D1_Issuer_ICA.pem", "", 0, 0);
	68	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	69	"D2.ors", "D2_Issuer_Root.pem", "", 0, 0);
	70	test_ocsp("DELEGATED; Root CA -> EE",
	71	"D3.ors", "D3_Issuer_Root.pem", "", 0, 0);
70	72	};
71	73
72	74	subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub {
73	75	plan tests => 6;
74	76
75	77	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
76		"ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
77		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
78		"ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
79		test_ocsp("NON-DELEGATED; Root CA -> EE",
80		"ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
81		test_ocsp("DELEGATED; Intermediate CA -> EE",
82		"ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1);
83		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
84		"ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1);
85		test_ocsp("DELEGATED; Root CA -> EE",
86		"ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1);
	78	"ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
	79	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	80	"ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
	81	test_ocsp("NON-DELEGATED; Root CA -> EE",
	82	"ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
	83	test_ocsp("DELEGATED; Intermediate CA -> EE",
	84	"ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	85	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	86	"ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	87	test_ocsp("DELEGATED; Root CA -> EE",
	88	"ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
87	89	};
88	90
89	91	subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub {
90	92	plan tests => 6;
91	93
92	94	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
93		"WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
94		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
95		"WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
96		test_ocsp("NON-DELEGATED; Root CA -> EE",
97		"WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
98		test_ocsp("DELEGATED; Intermediate CA -> EE",
99		"WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1);
100		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
101		"WRID_D2.ors", "D2_Issuer_Root.pem", "", 1);
102		test_ocsp("DELEGATED; Root CA -> EE",
103		"WRID_D3.ors", "D3_Issuer_Root.pem", "", 1);
	95	"WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
	96	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	97	"WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
	98	test_ocsp("NON-DELEGATED; Root CA -> EE",
	99	"WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
	100	test_ocsp("DELEGATED; Intermediate CA -> EE",
	101	"WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	102	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	103	"WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	104	test_ocsp("DELEGATED; Root CA -> EE",
	105	"WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
104	106	};
105	107
106	108	subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub {
107	109	plan tests => 6;
108	110
109	111	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
110		"WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
111		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
112		"WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
113		test_ocsp("NON-DELEGATED; Root CA -> EE",
114		"WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
115		test_ocsp("DELEGATED; Intermediate CA -> EE",
116		"WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
117		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
118		"WINH_D2.ors", "D2_Issuer_Root.pem", "", 1);
119		test_ocsp("DELEGATED; Root CA -> EE",
120		"WINH_D3.ors", "D3_Issuer_Root.pem", "", 1);
	112	"WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
	113	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	114	"WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
	115	test_ocsp("NON-DELEGATED; Root CA -> EE",
	116	"WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
	117	test_ocsp("DELEGATED; Intermediate CA -> EE",
	118	"WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	119	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	120	"WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	121	test_ocsp("DELEGATED; Root CA -> EE",
	122	"WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
121	123	};
122	124
123	125	subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub {
124	126	plan tests => 6;
125	127
126	128	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
127		"WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1);
128		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
129		"WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1);
130		test_ocsp("NON-DELEGATED; Root CA -> EE",
131		"WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1);
132		test_ocsp("DELEGATED; Intermediate CA -> EE",
133		"WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1);
134		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
135		"WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1);
136		test_ocsp("DELEGATED; Root CA -> EE",
137		"WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1);
	129	"WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0);
	130	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	131	"WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0);
	132	test_ocsp("NON-DELEGATED; Root CA -> EE",
	133	"WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0);
	134	test_ocsp("DELEGATED; Intermediate CA -> EE",
	135	"WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	136	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	137	"WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	138	test_ocsp("DELEGATED; Root CA -> EE",
	139	"WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
138	140	};
139	141
140	142	subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
141	143	plan tests => 3;
142	144
143	145	test_ocsp("DELEGATED; Intermediate CA -> EE",
144		"WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
145		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
146		"WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
147		test_ocsp("DELEGATED; Root CA -> EE",
148		"WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
	146	"WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	147	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	148	"WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	149	test_ocsp("DELEGATED; Root CA -> EE",
	150	"WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
149	151	};
150	152
151	153	subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub {
152		plan tests => 3;
153
154		test_ocsp("DELEGATED; Intermediate CA -> EE",
155		"ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1);
156		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
157		"ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1);
158		test_ocsp("DELEGATED; Root CA -> EE",
159		"ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1);
	154	plan tests => 6;
	155
	156	test_ocsp("DELEGATED; Intermediate CA -> EE",
	157	"ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0);
	158	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	159	"ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0);
	160	test_ocsp("DELEGATED; Root CA -> EE",
	161	"ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0);
	162	test_ocsp("DELEGATED; Intermediate CA -> EE",
	163	"ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1);
	164	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	165	"ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1);
	166	test_ocsp("DELEGATED; Root CA -> EE",
	167	"ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1);
160	168	};
161	169
162	170	subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub {
163	171	plan tests => 6;
164	172
165	173	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
166		"ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1);
167		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
168		"ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1);
169		test_ocsp("NON-DELEGATED; Root CA -> EE",
170		"ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1);
171		test_ocsp("DELEGATED; Intermediate CA -> EE",
172		"D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1);
173		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
174		"D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1);
175		test_ocsp("DELEGATED; Root CA -> EE",
176		"D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1);
	174	"ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0);
	175	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	176	"ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0);
	177	test_ocsp("NON-DELEGATED; Root CA -> EE",
	178	"ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0);
	179	test_ocsp("DELEGATED; Intermediate CA -> EE",
	180	"D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0);
	181	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	182	"D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0);
	183	test_ocsp("DELEGATED; Root CA -> EE",
	184	"D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0);
177	185	};
178	186
179	187	subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub {
180	188	plan tests => 6;
181	189
182	190	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
183		"ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1);
184		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
185		"ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1);
186		test_ocsp("NON-DELEGATED; Root CA -> EE",
187		"ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1);
188		test_ocsp("DELEGATED; Intermediate CA -> EE",
189		"D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1);
190		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
191		"D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1);
192		test_ocsp("DELEGATED; Root CA -> EE",
193		"D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1);
	191	"ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0);
	192	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	193	"ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0);
	194	test_ocsp("NON-DELEGATED; Root CA -> EE",
	195	"ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0);
	196	test_ocsp("DELEGATED; Intermediate CA -> EE",
	197	"D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0);
	198	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	199	"D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0);
	200	test_ocsp("DELEGATED; Root CA -> EE",
	201	"D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0);
194	202	};
195	203
196	204	subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub {

198	206
199	207	# Expect success, because we're explicitly trusting the issuer certificate.
200	208	test_ocsp("NON-DELEGATED; Intermediate CA -> EE",
201		"ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0);
202		test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
203		"ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0);
204		test_ocsp("NON-DELEGATED; Root CA -> EE",
205		"ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0);
206		test_ocsp("DELEGATED; Intermediate CA -> EE",
207		"D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0);
208		test_ocsp("DELEGATED; Root CA -> Intermediate CA",
209		"D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0);
210		test_ocsp("DELEGATED; Root CA -> EE",
211		"D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0);
	209	"ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0);
	210	test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA",
	211	"ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0);
	212	test_ocsp("NON-DELEGATED; Root CA -> EE",
	213	"ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0);
	214	test_ocsp("DELEGATED; Intermediate CA -> EE",
	215	"D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0);
	216	test_ocsp("DELEGATED; Root CA -> Intermediate CA",
	217	"D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0);
	218	test_ocsp("DELEGATED; Root CA -> EE",
	219	"D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0);
212	220	};
213	221
214	222	subtest "=== OCSP API TESTS===" => sub {

+11

-3

test/recipes/90-test_sslapi.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

31	31	ok(run(test(["sslapitest", srctop_dir("test", "certs"),
32	32	srctop_file("test", "recipes", "90-test_sslapi_data",
33	33	"passwd.txt"), $tmpfilename, "default",
34		srctop_file("test", "default.cnf")])),
	34	srctop_file("test", "default.cnf"),
	35	srctop_file("test",
	36	"recipes",
	37	"90-test_sslapi_data",
	38	"dhparams.pem")])),
35	39	"running sslapitest");
36	40
37	41	unless ($no_fips) {
38	42	ok(run(test(["sslapitest", srctop_dir("test", "certs"),
39	43	srctop_file("test", "recipes", "90-test_sslapi_data",
40	44	"passwd.txt"), $tmpfilename, "fips",
41		srctop_file("test", "fips-and-base.cnf")])),
	45	srctop_file("test", "fips-and-base.cnf"),
	46	srctop_file("test",
	47	"recipes",
	48	"90-test_sslapi_data",
	49	"dhparams.pem")])),
42	50	"running sslapitest");
43	51	}
44	52

+122

-0

test/recipes/90-test_sslapi_data/dhparams.pem less more

	0	-----BEGIN PKCS7-----
	1	MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
	2	cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
	3	DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
	4	BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
	5	HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
	6	ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
	7	biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
	8	aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
	9	aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
	10	VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
	11	UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
	12	AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
	13	BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
	14	ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
	15	IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
	16	bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
	17	L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
	18	OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
	19	IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
	20	ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
	21	cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
	22	QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
	23	MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
	24	AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
	25	cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
	26	AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
	27	MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
	28	QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
	29	dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
	30	Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
	31	DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
	32	TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
	33	AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
	34	2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
	35	47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
	36	MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
	37	QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
	38	AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
	39	ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
	40	BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
	41	ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
	42	MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
	43	sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
	44	XfZsaiiIgotQHjEA
	45	-----END PKCS7-----
	46	-----BEGIN CERTIFICATE-----
	47	MIIHBzCCBO+gAwIBAgIRAIx3oACP9NGwxj2fOkiDjWswDQYJKoZIhvcNAQEMBQAw
	48	fTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
	49	A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQD
	50	ExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4XDTIwMTAyMzAwMDAwMFoX
	51	DTMyMDEyMjIzNTk1OVowgYQxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy
	52	IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28g
	53	TGltaXRlZDEsMCoGA1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBTaWdu
	54	ZXIgIzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCRh0ssi8HxHqCe
	55	0wfGAcpSsL55eV0JZgYtLzV9u8D7J9pCalkbJUzq70DWmn4yyGqBfbRcPlYQgTU6
	56	IjaM+/ggKYesdNAbYrw/ZIcCX+/FgO8GHNxeTpOHuJreTAdOhcxwxQ177MPZ45fp
	57	yxnbVkVs7ksgbMk+bP3wm/Eo+JGZqvxawZqCIDq37+fWuCVJwjkbh4E5y8O3Os2f
	58	UAQfGpmkgAJNHQWoVdNtUoCD5m5IpV/BiVhgiu/xrM2HYxiOdMuEh0FpY4G89h+q
	59	fNfBQc6tq3aLIIDULZUHjcf1CxcemuXWmWlRx06mnSlv53mTDTJjU67MximKIMFg
	60	xvICLMT5yCLf+SeCoYNRwrzJghohhLKXvNSvRByWgiKVKoVUrvH9Pkl0dPyOrj+l
	61	cvTDWgGqUKWLdpUbZuvv2t+ULtka60wnfUwF9/gjXcRXyCYFevyBI19UCTgqYtWq
	62	yt/tz1OrH/ZEnNWZWcVWZFv3jlIPZvyYP0QGE2Ru6eEVYFClsezPuOjJC77FhPfd
	63	Cp3avClsPVbtv3hntlvIXhQcua+ELXei9zmVN29OfxzGPATWMcV+7z3oUX5xrSR0
	64	Gyzc+Xyq78J2SWhi1Yv1A9++fY4PNnVGW5N2xIPugr4srjcS8bxWw+StQ8O3ZpZe
	65	lDL6oPariVD6zqDzCIEa0USnzPe4MQIDAQABo4IBeDCCAXQwHwYDVR0jBBgwFoAU
	66	GqH4YRkgD8NBd0UojtE1XwYSBFUwHQYDVR0OBBYEFGl1N3u7nTVCTr9X05rbnwHR
	67	rt7QMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoG
	68	CCsGAQUFBwMIMEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUH
	69	AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMEQGA1UdHwQ9MDswOaA3oDWGM2h0
	70	dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNy
	71	bDB0BggrBgEFBQcBAQRoMGYwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGln
	72	by5jb20vU2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNydDAjBggrBgEFBQcwAYYX
	73	aHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggIBAEoDeJBC
	74	M+x7GoMJNjOYVbudQAYwa0Vq8ZQOGVD/WyVeO+E5xFu66ZWQNze93/tk7OWCt5XM
	75	V1VwS070qIfdIoWmV7u4ISfUoCoxlIoHIZ6Kvaca9QIVy0RQmYzsProDd6aCApDC
	76	LpOpviE0dWO54C0PzwE3y42i+rhamq6hep4TkxlVjwmQLt/qiBcW62nW4SW9RQiX
	77	gNdUIChPynuzs6XSALBgNGXE48XDpeS6hap6adt1pD55aJo2i0OuNtRhcjwOhWIN
	78	oF5w22QvAcfBoccklKOyPG6yXqLQ+qjRuCUcFubA1X9oGsRlKTUqLYi86q501oLn
	79	wIi44U948FzKwEBcwp/VMhws2jysNvcGUpqjQDAXsCkWmcmqt4hJ9+gLJTO1P22v
	80	n18KVt8SscPuzpF36CAT6Vwkx+pEC0rmE4QcTesNtbiGoDCni6GftCzMwBYjyZHl
	81	QgNLgM7kTeYqAT7AXoWgJKEXQNXb2+eYEKTx6hkbgFT6R4nomIGpdcAO39BolHmh
	82	oJ6OtrdCZsvZ2WsvTdjePjIeIOTsnE1CjZ3HM5mCN0TUJikmQI54L7nu+i/x8Y/+
	83	ULh43RSW3hwOcLAqhWqxbGjpKuQQK24h/dN8nTfkKgbWw/HXaONPB3mBCBP+smRe
	84	6bE85tB4I7IJLOImYr87qZdRzMdEMoGyr8/f
	85	-----END CERTIFICATE-----
	86	-----BEGIN DH PARAMETERS-----
	87	MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
	88	+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
	89	87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
	90	YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
	91	7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
	92	ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICB/8=
	93	-----END DH PARAMETERS-----
	94	-----BEGIN PRIVATE KEY-----
	95	MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV
	96	n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW
	97	B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP
	98	6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr
	99	LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7
	100	yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt
	101	A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X
	102	ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS
	103	IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W
	104	glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo
	105	qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC
	106	XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe
	107	hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv
	108	6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK
	109	hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY
	110	eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A
	111	RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg
	112	T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR
	113	2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK
	114	HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ
	115	qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg
	116	esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq
	117	IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7
	118	aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu
	119	SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH
	120	fMkTd7GabVourqIZdgvu1Q==
	121	-----END PRIVATE KEY-----

+3

-1

test/siphash_internal_test.c less more

0	0	/*
1		* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

261	261
262	262	/* Use invalid hash size */
263	263	return TEST_int_eq(SipHash_set_hash_size(&siphash, 4), 0)
	264	&& TEST_false(SipHash_Final(&siphash, output, 0))
264	265	/* Use hash size = 8 */
265	266	&& TEST_true(SipHash_set_hash_size(&siphash, 8))
	267	&& TEST_false(SipHash_Final(&siphash, output, 8))
266	268	&& TEST_true(SipHash_Init(&siphash, key, 0, 0))
267	269	&& TEST_true(SipHash_Final(&siphash, output, 8))
268	270	&& TEST_int_eq(SipHash_Final(&siphash, output, 16), 0)

+1

-1

test/ssl_old_test.c less more

215	215
216	216	if (servername) {
217	217	if (s_ctx2 != NULL && sn_server2 != NULL &&
218		!strcasecmp(servername, sn_server2)) {
	218	!OPENSSL_strcasecmp(servername, sn_server2)) {
219	219	BIO_printf(bio_stdout, "Switching server context.\n");
220	220	SSL_set_SSL_CTX(s, s_ctx2);
221	221	}

+271

-2

test/sslapitest.c less more

93	93	static char *privkey8192 = NULL;
94	94	static char *srpvfile = NULL;
95	95	static char *tmpfilename = NULL;
	96	static char *dhfile = NULL;
96	97
97	98	static int is_fips = 0;
98	99

9383	9384	SSL_CTX_free(cctx);
9384	9385	return testresult;
9385	9386	}
	9387
	9388	/*
	9389	* Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
	9390	* 0 = TLSv1.2
	9391	* 1 = TLSv1.3
	9392	*/
	9393	static int test_ticket_lifetime(int idx)
	9394	{
	9395	SSL_CTX cctx = NULL, sctx = NULL;
	9396	SSL clientssl = NULL, serverssl = NULL;
	9397	int testresult = 0;
	9398	int version = TLS1_3_VERSION;
	9399
	9400	#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
	9401	#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
	9402
	9403	if (idx == 0) {
	9404	#ifdef OPENSSL_NO_TLS1_2
	9405	return TEST_skip("TLS 1.2 is disabled.");
	9406	#else
	9407	version = TLS1_2_VERSION;
	9408	#endif
	9409	}
	9410
	9411	if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
	9412	TLS_client_method(), version, version,
	9413	&sctx, &cctx, cert, privkey)))
	9414	goto end;
	9415
	9416	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
	9417	&clientssl, NULL, NULL)))
	9418	goto end;
	9419
	9420	/*
	9421	* Set the timeout to be more than 1 week
	9422	* make sure the returned value is the default
	9423	*/
	9424	if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
	9425	SSL_get_default_timeout(serverssl)))
	9426	goto end;
	9427
	9428	if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
	9429	goto end;
	9430
	9431	if (idx == 0) {
	9432	/* TLSv1.2 uses the set value */
	9433	if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
	9434	goto end;
	9435	} else {
	9436	/* TLSv1.3 uses the limited value */
	9437	if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
	9438	goto end;
	9439	}
	9440	testresult = 1;
	9441
	9442	end:
	9443	SSL_free(serverssl);
	9444	SSL_free(clientssl);
	9445	SSL_CTX_free(sctx);
	9446	SSL_CTX_free(cctx);
	9447	return testresult;
	9448	}
9386	9449	#endif
9387	9450	/*
9388	9451	* Test that setting an ALPN does not violate RFC

9456	9519	return testresult;
9457	9520	}
9458	9521
	9522	/*
	9523	* Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store.
	9524	*/
	9525	static int test_set_verify_cert_store_ssl_ctx(void)
	9526	{
	9527	SSL_CTX *ctx = NULL;
	9528	int testresult = 0;
	9529	X509_STORE store = NULL, new_store = NULL,
	9530	cstore = NULL, new_cstore = NULL;
	9531
	9532	/* Create an initial SSL_CTX. */
	9533	ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
	9534	if (!TEST_ptr(ctx))
	9535	goto end;
	9536
	9537	/* Retrieve verify store pointer. */
	9538	if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
	9539	goto end;
	9540
	9541	/* Retrieve chain store pointer. */
	9542	if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
	9543	goto end;
	9544
	9545	/* We haven't set any yet, so this should be NULL. */
	9546	if (!TEST_ptr_null(store) \|\| !TEST_ptr_null(cstore))
	9547	goto end;
	9548
	9549	/* Create stores. We use separate stores so pointers are different. */
	9550	new_store = X509_STORE_new();
	9551	if (!TEST_ptr(new_store))
	9552	goto end;
	9553
	9554	new_cstore = X509_STORE_new();
	9555	if (!TEST_ptr(new_cstore))
	9556	goto end;
	9557
	9558	/* Set stores. */
	9559	if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store)))
	9560	goto end;
	9561
	9562	if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore)))
	9563	goto end;
	9564
	9565	/* Should be able to retrieve the same pointer. */
	9566	if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
	9567	goto end;
	9568
	9569	if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
	9570	goto end;
	9571
	9572	if (!TEST_ptr_eq(store, new_store) \|\| !TEST_ptr_eq(cstore, new_cstore))
	9573	goto end;
	9574
	9575	/* Should be able to unset again. */
	9576	if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL)))
	9577	goto end;
	9578
	9579	if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL)))
	9580	goto end;
	9581
	9582	/* Should now be NULL. */
	9583	if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store)))
	9584	goto end;
	9585
	9586	if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore)))
	9587	goto end;
	9588
	9589	if (!TEST_ptr_null(store) \|\| !TEST_ptr_null(cstore))
	9590	goto end;
	9591
	9592	testresult = 1;
	9593
	9594	end:
	9595	X509_STORE_free(new_store);
	9596	X509_STORE_free(new_cstore);
	9597	SSL_CTX_free(ctx);
	9598	return testresult;
	9599	}
	9600
	9601	/*
	9602	* Test SSL_set1_verify/chain_cert_store and SSL_get_verify/chain_cert_store.
	9603	*/
	9604	static int test_set_verify_cert_store_ssl(void)
	9605	{
	9606	SSL_CTX *ctx = NULL;
	9607	SSL *ssl = NULL;
	9608	int testresult = 0;
	9609	X509_STORE store = NULL, new_store = NULL,
	9610	cstore = NULL, new_cstore = NULL;
	9611
	9612	/* Create an initial SSL_CTX. */
	9613	ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
	9614	if (!TEST_ptr(ctx))
	9615	goto end;
	9616
	9617	/* Create an SSL object. */
	9618	ssl = SSL_new(ctx);
	9619	if (!TEST_ptr(ssl))
	9620	goto end;
	9621
	9622	/* Retrieve verify store pointer. */
	9623	if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
	9624	goto end;
	9625
	9626	/* Retrieve chain store pointer. */
	9627	if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
	9628	goto end;
	9629
	9630	/* We haven't set any yet, so this should be NULL. */
	9631	if (!TEST_ptr_null(store) \|\| !TEST_ptr_null(cstore))
	9632	goto end;
	9633
	9634	/* Create stores. We use separate stores so pointers are different. */
	9635	new_store = X509_STORE_new();
	9636	if (!TEST_ptr(new_store))
	9637	goto end;
	9638
	9639	new_cstore = X509_STORE_new();
	9640	if (!TEST_ptr(new_cstore))
	9641	goto end;
	9642
	9643	/* Set stores. */
	9644	if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store)))
	9645	goto end;
	9646
	9647	if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore)))
	9648	goto end;
	9649
	9650	/* Should be able to retrieve the same pointer. */
	9651	if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
	9652	goto end;
	9653
	9654	if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
	9655	goto end;
	9656
	9657	if (!TEST_ptr_eq(store, new_store) \|\| !TEST_ptr_eq(cstore, new_cstore))
	9658	goto end;
	9659
	9660	/* Should be able to unset again. */
	9661	if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL)))
	9662	goto end;
	9663
	9664	if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL)))
	9665	goto end;
	9666
	9667	/* Should now be NULL. */
	9668	if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store)))
	9669	goto end;
	9670
	9671	if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore)))
	9672	goto end;
	9673
	9674	if (!TEST_ptr_null(store) \|\| !TEST_ptr_null(cstore))
	9675	goto end;
	9676
	9677	testresult = 1;
	9678
	9679	end:
	9680	X509_STORE_free(new_store);
	9681	X509_STORE_free(new_cstore);
	9682	SSL_free(ssl);
	9683	SSL_CTX_free(ctx);
	9684	return testresult;
	9685	}
	9686
	9687
9459	9688	static int test_inherit_verify_param(void)
9460	9689	{
9461	9690	int testresult = 0;

9497	9726	return testresult;
9498	9727	}
9499	9728
9500		OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n")
	9729	static int test_load_dhfile(void)
	9730	{
	9731	#ifndef OPENSSL_NO_DH
	9732	int testresult = 0;
	9733
	9734	SSL_CTX *ctx = NULL;
	9735	SSL_CONF_CTX *cctx = NULL;
	9736
	9737	if (dhfile == NULL)
	9738	return 1;
	9739
	9740	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()))
	9741	\|\| !TEST_ptr(cctx = SSL_CONF_CTX_new()))
	9742	goto end;
	9743
	9744	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
	9745	SSL_CONF_CTX_set_flags(cctx,
	9746	SSL_CONF_FLAG_CERTIFICATE
	9747	\| SSL_CONF_FLAG_SERVER
	9748	\| SSL_CONF_FLAG_FILE);
	9749
	9750	if (!TEST_int_eq(SSL_CONF_cmd(cctx, "DHParameters", dhfile), 2))
	9751	goto end;
	9752
	9753	testresult = 1;
	9754	end:
	9755	SSL_CONF_CTX_free(cctx);
	9756	SSL_CTX_free(ctx);
	9757
	9758	return testresult;
	9759	#else
	9760	return TEST_skip("DH not supported by this build");
	9761	#endif
	9762	}
	9763
	9764	OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
9501	9765
9502	9766	int setup_tests(void)
9503	9767	{

9527	9791	\|\| !TEST_ptr(srpvfile = test_get_argument(1))
9528	9792	\|\| !TEST_ptr(tmpfilename = test_get_argument(2))
9529	9793	\|\| !TEST_ptr(modulename = test_get_argument(3))
9530		\|\| !TEST_ptr(configfile = test_get_argument(4)))
	9794	\|\| !TEST_ptr(configfile = test_get_argument(4))
	9795	\|\| !TEST_ptr(dhfile = test_get_argument(5)))
9531	9796	return 0;
9532	9797
9533	9798	if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))

9753	10018	#endif
9754	10019	#ifndef OSSL_NO_USABLE_TLS1_3
9755	10020	ADD_TEST(test_sni_tls13);
	10021	ADD_ALL_TESTS(test_ticket_lifetime, 2);
9756	10022	#endif
9757	10023	ADD_TEST(test_inherit_verify_param);
9758	10024	ADD_TEST(test_set_alpn);
	10025	ADD_TEST(test_set_verify_cert_store_ssl_ctx);
	10026	ADD_TEST(test_set_verify_cert_store_ssl);
9759	10027	ADD_ALL_TESTS(test_session_timeout, 1);
	10028	ADD_TEST(test_load_dhfile);
9760	10029	return 1;
9761	10030
9762	10031	err:

+2

-6

test/v3nametest.c less more

0	0	/*
1		* Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the Apache License 2.0 (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

13	13	#include <openssl/x509v3.h>
14	14	#include "internal/nelem.h"
15	15	#include "testutil.h"
16
17		#ifdef OPENSSL_SYS_WINDOWS
18		# define strcasecmp _stricmp
19		#endif
20	16
21	17	static const char *const names[] = {
22	18	"a", "b", ".", "*", "@",

286	282	int failed = 0;
287	283
288	284	for (; *pname != NULL; ++pname) {
289		int samename = strcasecmp(nameincert, *pname) == 0;
	285	int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0;
290	286	size_t namelen = strlen(*pname);
291	287	char *name = OPENSSL_malloc(namelen + 1);
292	288	int match, ret;

+26

-5

tools/c_rehash.in less more

0	0	#!{- $config{HASHBANGPERL} -}
1	1	{- use OpenSSL::Util; -}
2	2	# {- join("\n# ", @autowarntext) -}
3		# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
	3	# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
4	4	#
5	5	# Licensed under the Apache License 2.0 (the "License"). You may not use
6	6	# this file except in compliance with the License. You can obtain a copy

151	151	return ($is_cert, $is_crl);
152	152	}
153	153
	154	sub compute_hash {
	155	my $fh;
	156	if ( $^O eq "VMS" ) {
	157	# VMS uses the open through shell
	158	# The file names are safe there and list form is unsupported
	159	if (!open($fh, "-\|", join(' ', @_))) {
	160	print STDERR "Cannot compute hash on '$fname'\n";
	161	return;
	162	}
	163	} else {
	164	if (!open($fh, "-\|", @_)) {
	165	print STDERR "Cannot compute hash on '$fname'\n";
	166	return;
	167	}
	168	}
	169	return (<$fh>, <$fh>);
	170	}
154	171
155	172	# Link a certificate to its subject name hash value, each hash is of
156	173	# the form <hash>.<n> where n is an integer. If the hash value already exists

160	177
161	178	sub link_hash_cert {
162	179	my $fname = $_[0];
163		$fname =~ s/\"/\\\"/g;
164		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
	180	my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
	181	"-fingerprint", "-noout",
	182	"-in", $fname);
165	183	chomp $hash;
166	184	chomp $fprint;
	185	return if !$hash;
167	186	$fprint =~ s/^.*=//;
168	187	$fprint =~ tr/://d;
169	188	my $suffix = 0;

201	220
202	221	sub link_hash_crl {
203	222	my $fname = $_[0];
204		$fname =~ s/'/'\\''/g;
205		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
	223	my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
	224	"-fingerprint", "-noout",
	225	"-in", $fname);
206	226	chomp $hash;
207	227	chomp $fprint;
	228	return if !$hash;
208	229	$fprint =~ s/^.*=//;
209	230	$fprint =~ tr/://d;
210	231	my $suffix = 0;

+2

-0

util/libcrypto.num less more

5424	5424	ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
5425	5425	EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
5426	5426	EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
	5427	OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
	5428	OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:

+3

-2

util/markdownlint.rb less more

4	4
5	5	# Use --- and === for H1 and H2.
6	6	rule 'MD003', :style => :setext_with_atx
7		# Code blocks are indented
8		rule 'MD046', :style => :indented
	7	# Code blocks may be fenced or indented, both are OK...
	8	# but they must be consistent throughout each file.
	9	rule 'MD046', :style => :consistent
9	10
10	11	# Bug in mdl, https://github.com/markdownlint/markdownlint/issues/313
11	12	exclude_rule 'MD007'

+0

-5

util/missingssl.txt less more

8	8	SSL_CTX_get0_certificate(3)
9	9	SSL_CTX_get0_ctlog_store(3)
10	10	SSL_CTX_get0_privatekey(3)
11		SSL_CTX_get_ssl_method(3)
12	11	SSL_CTX_set0_ctlog_store(3)
13	12	SSL_CTX_set_client_cert_engine(3)
14	13	SSL_CTX_set_not_resumable_session_callback(3)
15		SSL_CTX_set_purpose(3)
16		SSL_CTX_set_trust(3)
17	14	SSL_SRP_CTX_free(3)
18	15	SSL_SRP_CTX_init(3)
19	16	SSL_add_ssl_module(3)

28	25	SSL_set_SSL_CTX(3)
29	26	SSL_set_debug(3)
30	27	SSL_set_not_resumable_session_callback(3)
31		SSL_set_purpose(3)
32	28	SSL_set_session_secret_cb(3)
33	29	SSL_set_session_ticket_ext(3)
34	30	SSL_set_session_ticket_ext_cb(3)
35		SSL_set_trust(3)
36	31	SSL_srp_server_param_with_username(3)
37	32	SSL_test_functions(3)
38	33	SSL_trace(3)

+4

-0

util/other.syms less more

458	458	SSL_CTX_disable_ct define
459	459	SSL_CTX_generate_session_ticket_fn define
460	460	SSL_CTX_get0_chain_certs define
	461	SSL_CTX_get0_chain_cert_store define
	462	SSL_CTX_get0_verify_cert_store define
461	463	SSL_CTX_get_default_read_ahead define
462	464	SSL_CTX_get_extra_chain_certs define
463	465	SSL_CTX_get_extra_chain_certs_only define

530	532	SSL_disable_ct define
531	533	SSL_get0_chain_certs define
532	534	SSL_get0_session define
	535	SSL_get0_chain_cert_store define
	536	SSL_get0_verify_cert_store define
533	537	SSL_get1_curves define
534	538	SSL_get1_groups define
535	539	SSL_get_cipher define