New upstream version 3.0.3
Sebastian Andrzej Siewior
2 years ago
26 | 26 | breaking changes, and mappings for the large list of deprecated functions. |
27 | 27 | |
28 | 28 | [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod |
29 | ||
30 | ### Changes between 3.0.2 and 3.0.3 [3 May 2022] | |
31 | ||
32 | * Fixed a bug in the c_rehash script which was not properly sanitising shell | |
33 | metacharacters to prevent command injection. This script is distributed by | |
34 | some operating systems in a manner where it is automatically executed. On | |
35 | such operating systems, an attacker could execute arbitrary commands with the | |
36 | privileges of the script. | |
37 | ||
38 | Use of the c_rehash script is considered obsolete and should be replaced | |
39 | by the OpenSSL rehash command line tool. | |
40 | (CVE-2022-1292) | |
41 | ||
42 | *Tomáš Mráz* | |
43 | ||
44 | * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer | |
45 | certificate on an OCSP response. The bug caused the function in the case | |
46 | where the (non-default) flag OCSP_NOCHECKS is used to return a postivie | |
47 | response (meaning a successful verification) even in the case where the | |
48 | response signing certificate fails to verify. | |
49 | ||
50 | It is anticipated that most users of `OCSP_basic_verify` will not use the | |
51 | OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return | |
52 | a negative value (indicating a fatal error) in the case of a certificate | |
53 | verification failure. The normal expected return value in this case would be | |
54 | 0. | |
55 | ||
56 | This issue also impacts the command line OpenSSL "ocsp" application. When | |
57 | verifying an ocsp response with the "-no_cert_checks" option the command line | |
58 | application will report that the verification is successful even though it | |
59 | has in fact failed. In this case the incorrect successful response will also | |
60 | be accompanied by error messages showing the failure and contradicting the | |
61 | apparently successful result. | |
62 | ([CVE-2022-1343]) | |
63 | ||
64 | *Matt Caswell* | |
65 | ||
66 | * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the | |
67 | AAD data as the MAC key. This made the MAC key trivially predictable. | |
68 | ||
69 | An attacker could exploit this issue by performing a man-in-the-middle attack | |
70 | to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such | |
71 | that the modified data would still pass the MAC integrity check. | |
72 | ||
73 | Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 | |
74 | endpoint will always be rejected by the recipient and the connection will | |
75 | fail at that point. Many application protocols require data to be sent from | |
76 | the client to the server first. Therefore, in such a case, only an OpenSSL | |
77 | 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. | |
78 | ||
79 | If both endpoints are OpenSSL 3.0 then the attacker could modify data being | |
80 | sent in both directions. In this case both clients and servers could be | |
81 | affected, regardless of the application protocol. | |
82 | ||
83 | Note that in the absence of an attacker this bug means that an OpenSSL 3.0 | |
84 | endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete | |
85 | the handshake when using this ciphersuite. | |
86 | ||
87 | The confidentiality of data is not impacted by this issue, i.e. an attacker | |
88 | cannot decrypt data that has been encrypted using this ciphersuite - they can | |
89 | only modify it. | |
90 | ||
91 | In order for this attack to work both endpoints must legitimately negotiate | |
92 | the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in | |
93 | OpenSSL 3.0, and is not available within the default provider or the default | |
94 | ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been | |
95 | negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the | |
96 | following must have occurred: | |
97 | ||
98 | 1) OpenSSL must have been compiled with the (non-default) compile time option | |
99 | enable-weak-ssl-ciphers | |
100 | ||
101 | 2) OpenSSL must have had the legacy provider explicitly loaded (either | |
102 | through application code or via configuration) | |
103 | ||
104 | 3) The ciphersuite must have been explicitly added to the ciphersuite list | |
105 | ||
106 | 4) The libssl security level must have been set to 0 (default is 1) | |
107 | ||
108 | 5) A version of SSL/TLS below TLSv1.3 must have been negotiated | |
109 | ||
110 | 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any | |
111 | others that both endpoints have in common | |
112 | (CVE-2022-1434) | |
113 | ||
114 | *Matt Caswell* | |
115 | ||
116 | * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory | |
117 | occuppied by the removed hash table entries. | |
118 | ||
119 | This function is used when decoding certificates or keys. If a long lived | |
120 | process periodically decodes certificates or keys its memory usage will | |
121 | expand without bounds and the process might be terminated by the operating | |
122 | system causing a denial of service. Also traversing the empty hash table | |
123 | entries will take increasingly more time. | |
124 | ||
125 | Typically such long lived processes might be TLS clients or TLS servers | |
126 | configured to accept client certificate authentication. | |
127 | (CVE-2022-1473) | |
128 | ||
129 | *Hugo Landau, Aliaksei Levin* | |
130 | ||
131 | * The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report | |
132 | the `num_items`, `num_nodes` and `num_alloc_nodes` statistics. All other | |
133 | statistics are no longer supported. For compatibility, these statistics are | |
134 | still listed in the output but are now always reported as zero. | |
135 | ||
136 | *Hugo Landau* | |
29 | 137 | |
30 | 138 | ### Changes between 3.0.1 and 3.0.2 [15 Mar 2022] |
31 | 139 |
59 | 59 | GitHub Actions and AppVeyor are required, and they are started automatically |
60 | 60 | whenever a PR is created or updated. |
61 | 61 | |
62 | [coding style]: https://www.openssl.org/policies/codingstyle.html | |
62 | [coding style]: https://www.openssl.org/policies/technical/coding-style.html | |
63 | 63 | |
64 | 64 | 5. When at all possible, patches should include tests. These can |
65 | 65 | either be added to an existing test, or completely new. Please see |
24 | 24 | return $in_libname |
25 | 25 | if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst}; |
26 | 26 | |
27 | return platform::BASE->staticname($_[1]) . '_a'; | |
27 | return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a'); | |
28 | 28 | } |
16 | 16 | |
17 | 17 | OpenSSL 3.0 |
18 | 18 | ----------- |
19 | ||
20 | ### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022] | |
21 | ||
22 | * Fixed a bug in the c_rehash script which was not properly sanitising shell | |
23 | metacharacters to prevent command injection ([CVE-2022-1292]) | |
24 | * Fixed a bug in the function `OCSP_basic_verify` that verifies the signer | |
25 | certificate on an OCSP response ([CVE-2022-1343]) | |
26 | * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the | |
27 | AAD data as the MAC key ([CVE-2022-1434]) | |
28 | * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory | |
29 | occuppied by the removed hash table entries ([CVE-2022-1473]) | |
19 | 30 | |
20 | 31 | ### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] |
21 | 32 |
27 | 27 | Native builds using Visual C++ |
28 | 28 | ============================== |
29 | 29 | |
30 | The native builds using Visual C++ have a VC-* prefix. | |
30 | The native builds using Visual C++ have a `VC-*` prefix. | |
31 | 31 | |
32 | 32 | Requirement details |
33 | 33 | ------------------- |
34 | 34 | |
35 | In addition to the requirements and instructions listed in INSTALL.md, | |
35 | In addition to the requirements and instructions listed in `INSTALL.md`, | |
36 | 36 | these are required as well: |
37 | 37 | |
38 | 38 | ### Perl |
63 | 63 | |
64 | 64 | 4. Use Visual Studio Developer Command Prompt with administrative privileges, |
65 | 65 | choosing one of its variants depending on the intended architecture. |
66 | Or run "cmd" and execute "vcvarsall.bat" with one of the options x86, | |
67 | x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64. | |
68 | This sets up the environment variables needed for nmake.exe, cl.exe, etc. | |
66 | Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`, | |
67 | `x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`, | |
68 | or `amd64_arm64`. | |
69 | This sets up the environment variables needed for `nmake.exe`, `cl.exe`, | |
70 | etc. | |
69 | 71 | See also |
70 | 72 | <https://docs.microsoft.com/cpp/build/building-on-the-command-line> |
71 | 73 | |
72 | 74 | 5. From the root of the OpenSSL source directory enter |
73 | perl Configure VC-WIN32 if you want 32-bit OpenSSL or | |
74 | perl Configure VC-WIN64A if you want 64-bit OpenSSL or | |
75 | perl Configure to let Configure figure out the platform | |
76 | ||
77 | 6. nmake | |
78 | ||
79 | 7. nmake test | |
80 | ||
81 | 8. nmake install | |
75 | - `perl Configure VC-WIN32` if you want 32-bit OpenSSL or | |
76 | - `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or | |
77 | - `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64) | |
78 | OpenSSL or | |
79 | - `perl Configure` to let Configure figure out the platform | |
80 | ||
81 | 6. `nmake` | |
82 | ||
83 | 7. `nmake test` | |
84 | ||
85 | 8. `nmake install` | |
82 | 86 | |
83 | 87 | For the full installation instructions, or if anything goes wrong at any stage, |
84 | 88 | check the INSTALL.md file. |
108 | 112 | ALSO NOTE that those directories are usually write protected, even if |
109 | 113 | your account is in the Administrators group. To work around that, |
110 | 114 | start the command prompt by right-clicking on it and choosing "Run as |
111 | Administrator" before running 'nmake install'. The other solution | |
115 | Administrator" before running `nmake install`. The other solution | |
112 | 116 | is, of course, to choose a different set of directories by using |
113 | --prefix and --openssldir when configuring. | |
114 | ||
115 | Special notes for Universal Windows Platform builds, aka VC-*-UWP | |
116 | -------------------------------------------------------------------- | |
117 | `--prefix` and `--openssldir` when configuring. | |
118 | ||
119 | Special notes for Universal Windows Platform builds, aka `VC-*-UWP` | |
120 | ------------------------------------------------------------------- | |
117 | 121 | |
118 | 122 | - UWP targets only support building the static and dynamic libraries. |
119 | 123 | |
120 | - You should define the platform type to "uwp" and the target arch via | |
121 | "vcvarsall.bat" before you compile. For example, if you want to build | |
122 | "arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp". | |
124 | - You should define the platform type to `uwp` and the target arch via | |
125 | `vcvarsall.bat` before you compile. For example, if you want to build | |
126 | `arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`. | |
123 | 127 | |
124 | 128 | Native builds using Embarcadero C++Builder |
125 | 129 | ========================================= |
126 | 130 | |
127 | 131 | This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC. |
128 | 132 | OpenSSL currently includes an experimental 32-bit configuration targeting the |
129 | Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition. | |
133 | Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition. | |
130 | 134 | <https://www.embarcadero.com/products/cbuilder/starter> |
131 | 135 | |
132 | 136 | 1. Install Perl. |
134 | 138 | 2. Open the RAD Studio Command Prompt. |
135 | 139 | |
136 | 140 | 3. Go to the root of the OpenSSL source directory and run: |
137 | perl Configure BC-32 --prefix=%CD% | |
138 | ||
139 | 4. make -N | |
140 | ||
141 | 5. make -N test | |
141 | `perl Configure BC-32 --prefix=%CD%` | |
142 | ||
143 | 4. `make -N` | |
144 | ||
145 | 5. `make -N test` | |
142 | 146 | |
143 | 147 | 6. Build your program against this OpenSSL: |
144 | 148 | * Set your include search path to the "include" subdirectory of OpenSSL. |
165 | 169 | |
166 | 170 | - Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2 |
167 | 171 | |
168 | - make, installed using "pacman -S make" into the MSYS2 environment | |
169 | ||
170 | - MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. | |
172 | - make, installed using `pacman -S make` into the MSYS2 environment | |
173 | ||
174 | - MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`. | |
171 | 175 | These compilers must be on your MSYS2 $PATH. |
172 | 176 | A common error is to not have these on your $PATH. |
173 | 177 | The MSYS2 version of gcc will not work correctly here. |
175 | 179 | In the MSYS2 shell do the configuration depending on the target architecture: |
176 | 180 | |
177 | 181 | ./Configure mingw ... |
182 | ||
178 | 183 | or |
184 | ||
179 | 185 | ./Configure mingw64 ... |
186 | ||
180 | 187 | or |
188 | ||
181 | 189 | ./Configure ... |
182 | 190 | |
183 | 191 | for the default architecture. |
184 | 192 | |
185 | Apart from that, follow the Unix / Linux instructions in INSTALL.md. | |
193 | Apart from that, follow the Unix / Linux instructions in `INSTALL.md`. | |
186 | 194 | |
187 | 195 | * It is also possible to build mingw[64] on Linux or Cygwin. |
188 | 196 | |
189 | In this case configure with the corresponding --cross-compile-prefix= option. | |
190 | For example | |
197 | In this case configure with the corresponding `--cross-compile-prefix=` | |
198 | option. For example | |
191 | 199 | |
192 | 200 | ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ... |
201 | ||
193 | 202 | or |
203 | ||
194 | 204 | ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ... |
195 | 205 | |
196 | 206 | This requires that you've installed the necessary add-on packages for |
202 | 212 | This section applies to all native builds. |
203 | 213 | |
204 | 214 | If you link with static OpenSSL libraries then you're expected to |
205 | additionally link your application with WS2_32.LIB, GDI32.LIB, | |
206 | ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing | |
215 | additionally link your application with `WS2_32.LIB`, `GDI32.LIB`, | |
216 | `ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing | |
207 | 217 | non-interactive service applications might feel concerned about |
208 | linking with GDI32.LIB and USER32.LIB, as they are justly associated | |
218 | linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated | |
209 | 219 | with interactive desktop, which is not available to service |
210 | 220 | processes. The toolkit is designed to detect in which context it's |
211 | 221 | currently executed, GUI, console app or service, and act accordingly, |
212 | 222 | namely whether or not to actually make GUI calls. Additionally those |
213 | who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and | |
223 | who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and | |
214 | 224 | actually keep them off service process should consider implementing |
215 | and exporting from .exe image in question own _OPENSSL_isservice not | |
216 | relying on USER32.DLL. E.g., on Windows Vista and later you could: | |
225 | and exporting from .exe image in question own `_OPENSSL_isservice` not | |
226 | relying on `USER32.DLL`. E.g., on Windows Vista and later you could: | |
217 | 227 | |
218 | 228 | __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) |
219 | 229 | { |
232 | 242 | Hosted builds using Cygwin |
233 | 243 | ========================== |
234 | 244 | |
235 | Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the | |
245 | Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the | |
236 | 246 | Windows subsystem and provides a Bash shell and GNU tools environment. |
237 | 247 | Consequently, a build of OpenSSL with Cygwin is virtually identical to the |
238 | 248 | Unix procedure. |
248 | 258 | |
249 | 259 | Apart from that, follow the Unix / Linux instructions in INSTALL.md. |
250 | 260 | |
251 | NOTE: "make test" and normal file operations may fail in directories | |
252 | mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin | |
261 | NOTE: `make test` and normal file operations may fail in directories | |
262 | mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin | |
253 | 263 | stripping of carriage returns. To avoid this ensure that a binary |
254 | mount is used, e.g. mount -b c:\somewhere /home. | |
264 | mount is used, e.g. `mount -b c:\somewhere /home`. |
0 | 0 | MAJOR=3 |
1 | 1 | MINOR=0 |
2 | PATCH=2 | |
2 | PATCH=3 | |
3 | 3 | PRE_RELEASE_TAG= |
4 | 4 | BUILD_METADATA= |
5 | RELEASE_DATE="15 Mar 2022" | |
5 | RELEASE_DATE="3 May 2022" | |
6 | 6 | SHLIB_VERSION=3 |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
2366 | 2366 | |
2367 | 2367 | case REV_CRL_REASON: |
2368 | 2368 | for (i = 0; i < 8; i++) { |
2369 | if (strcasecmp(rev_arg, crl_reasons[i]) == 0) { | |
2369 | if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) { | |
2370 | 2370 | reason = crl_reasons[i]; |
2371 | 2371 | break; |
2372 | 2372 | } |
2583 | 2583 | } |
2584 | 2584 | if (reason_str) { |
2585 | 2585 | for (i = 0; i < NUM_REASONS; i++) { |
2586 | if (strcasecmp(reason_str, crl_reasons[i]) == 0) { | |
2586 | if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) { | |
2587 | 2587 | reason_code = i; |
2588 | 2588 | break; |
2589 | 2589 | } |
1744 | 1744 | valptr[0] = '\0'; |
1745 | 1745 | valptr++; |
1746 | 1746 | |
1747 | if (strncasecmp(valptr, "int:", 4) != 0) { | |
1747 | if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) { | |
1748 | 1748 | CMP_err("missing 'int:' in -geninfo option"); |
1749 | 1749 | return 0; |
1750 | 1750 | } |
0 | 0 | /* |
1 | * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
228 | 228 | point_format, 0); |
229 | 229 | *p = OSSL_PARAM_construct_end(); |
230 | 230 | |
231 | if (strcasecmp(curve_name, "SM2") == 0) | |
231 | if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) | |
232 | 232 | gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL); |
233 | 233 | else |
234 | 234 | gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); |
687 | 687 | int ret = 0; |
688 | 688 | char *pass_string; |
689 | 689 | |
690 | if (exclude_http && (strncasecmp(uri, "http://", 7) == 0 | |
691 | || strncasecmp(uri, "https://", 8) == 0)) { | |
690 | if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 | |
691 | || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { | |
692 | 692 | BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); |
693 | 693 | return ret; |
694 | 694 | } |
1181 | 1181 | |
1182 | 1182 | int set_dateopt(unsigned long *dateopt, const char *arg) |
1183 | 1183 | { |
1184 | if (strcasecmp(arg, "rfc_822") == 0) | |
1184 | if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) | |
1185 | 1185 | *dateopt = ASN1_DTFLGS_RFC822; |
1186 | else if (strcasecmp(arg, "iso_8601") == 0) | |
1186 | else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) | |
1187 | 1187 | *dateopt = ASN1_DTFLGS_ISO8601; |
1188 | 1188 | return 0; |
1189 | 1189 | } |
1190 | 1190 | |
1191 | 1191 | int set_ext_copy(int *copy_type, const char *arg) |
1192 | 1192 | { |
1193 | if (strcasecmp(arg, "none") == 0) | |
1193 | if (OPENSSL_strcasecmp(arg, "none") == 0) | |
1194 | 1194 | *copy_type = EXT_COPY_NONE; |
1195 | else if (strcasecmp(arg, "copy") == 0) | |
1195 | else if (OPENSSL_strcasecmp(arg, "copy") == 0) | |
1196 | 1196 | *copy_type = EXT_COPY_ADD; |
1197 | else if (strcasecmp(arg, "copyall") == 0) | |
1197 | else if (OPENSSL_strcasecmp(arg, "copyall") == 0) | |
1198 | 1198 | *copy_type = EXT_COPY_ALL; |
1199 | 1199 | else |
1200 | 1200 | return 0; |
1274 | 1274 | } |
1275 | 1275 | |
1276 | 1276 | for (ptbl = in_tbl; ptbl->name; ptbl++) { |
1277 | if (strcasecmp(arg, ptbl->name) == 0) { | |
1277 | if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { | |
1278 | 1278 | *flags &= ~ptbl->mask; |
1279 | 1279 | if (c) |
1280 | 1280 | *flags |= ptbl->flag; |
70 | 70 | char *keyid = NULL; |
71 | 71 | OSSL_STORE_LOADER_CTX *ctx = NULL; |
72 | 72 | |
73 | if (strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) | |
73 | if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) | |
74 | 74 | != 0) |
75 | 75 | return NULL; |
76 | 76 | p += sizeof(ENGINE_SCHEME_COLON) - 1; |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
452 | 452 | } |
453 | 453 | *line_end = '\0'; |
454 | 454 | /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ |
455 | if (found_keep_alive != NULL && strcasecmp(key, "Connection") == 0) { | |
456 | if (strcasecmp(value, "keep-alive") == 0) | |
455 | if (found_keep_alive != NULL | |
456 | && OPENSSL_strcasecmp(key, "Connection") == 0) { | |
457 | if (OPENSSL_strcasecmp(value, "keep-alive") == 0) | |
457 | 458 | *found_keep_alive = 1; |
458 | else if (strcasecmp(value, "close") == 0) | |
459 | else if (OPENSSL_strcasecmp(value, "close") == 0) | |
459 | 460 | *found_keep_alive = 0; |
460 | 461 | } |
461 | 462 | } |
0 | 0 | /* |
1 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
10 | 10 | #include <openssl/bio.h> |
11 | 11 | #include <openssl/safestack.h> |
12 | 12 | #include "names.h" |
13 | ||
14 | #ifdef _WIN32 | |
15 | # define strcasecmp _stricmp | |
16 | #endif | |
13 | #include "openssl/crypto.h" | |
17 | 14 | |
18 | 15 | int name_cmp(const char * const *a, const char * const *b) |
19 | 16 | { |
20 | return strcasecmp(*a, *b); | |
17 | return OPENSSL_strcasecmp(*a, *b); | |
21 | 18 | } |
22 | 19 | |
23 | 20 | void collect_names(const char *name, void *vdata) |
0 | 0 | /* |
1 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2016 VMS Software, Inc. All Rights Reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
131 | 131 | len; |
132 | 132 | |
133 | 133 | LogMessage ("Enter 'q' or 'Q' to quit ..."); |
134 | while (strcasecmp (TermBuff, "Q")) { | |
134 | while (OPENSSL_strcasecmp (TermBuff, "Q")) { | |
135 | 135 | /* |
136 | 136 | ** Create the terminal socket |
137 | 137 | */ |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
70 | 70 | { |
71 | 71 | if (select_name != NULL |
72 | 72 | && (c == NULL |
73 | || strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) | |
73 | || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) | |
74 | 74 | return; |
75 | 75 | if (c != NULL) { |
76 | 76 | BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); |
369 | 369 | |
370 | 370 | static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) |
371 | 371 | { |
372 | int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); | |
372 | int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); | |
373 | 373 | |
374 | 374 | if (ret == 0) |
375 | 375 | ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), |
403 | 403 | const EVP_RAND *m = sk_EVP_RAND_value(rands, i); |
404 | 404 | |
405 | 405 | if (select_name != NULL |
406 | && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) | |
406 | && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) | |
407 | 407 | continue; |
408 | 408 | BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); |
409 | 409 | BIO_printf(bio_out, " @ %s\n", |
462 | 462 | if (gettables != NULL) |
463 | 463 | for (; gettables->key != NULL; gettables++) { |
464 | 464 | /* State has been dealt with already, so ignore */ |
465 | if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) | |
465 | if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) | |
466 | 466 | continue; |
467 | 467 | /* Outside of verbose mode, we skip non-string values */ |
468 | 468 | if (gettables->data_type != OSSL_PARAM_UTF8_STRING |
1114 | 1114 | single = OCSP_basic_add1_status(bs, cid, |
1115 | 1115 | V_OCSP_CERTSTATUS_REVOKED, |
1116 | 1116 | reason, revtm, thisupd, nextupd); |
1117 | if (single == NULL) { | |
1118 | *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, | |
1119 | NULL); | |
1120 | goto end; | |
1121 | } | |
1117 | 1122 | if (invtm != NULL) |
1118 | 1123 | OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, |
1119 | 1124 | invtm, 0, 0); |
213 | 213 | return -1; |
214 | 214 | for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { |
215 | 215 | const char *suffix = suffixes[type]; |
216 | if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) | |
216 | if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) | |
217 | 217 | break; |
218 | 218 | } |
219 | 219 | i += strlen(suffixes[type]); |
248 | 248 | if ((ext = strrchr(filename, '.')) == NULL) |
249 | 249 | goto end; |
250 | 250 | for (i = 0; i < OSSL_NELEM(extensions); i++) { |
251 | if (strcasecmp(extensions[i], ext + 1) == 0) | |
251 | if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0) | |
252 | 252 | break; |
253 | 253 | } |
254 | 254 | if (i >= OSSL_NELEM(extensions)) |
991 | 991 | goto end; |
992 | 992 | } |
993 | 993 | fprintf(stdout, "Modulus="); |
994 | if (EVP_PKEY_is_a(tpubkey, "RSA")) { | |
994 | if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) { | |
995 | 995 | BIGNUM *n = NULL; |
996 | 996 | |
997 | 997 | if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n)) |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
256 | 256 | ERR_print_errors(bio_err); |
257 | 257 | goto end; |
258 | 258 | } |
259 | if (!EVP_PKEY_is_a(pkey, "RSA")) { | |
259 | if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) { | |
260 | 260 | BIO_printf(bio_err, "Not an RSA key\n"); |
261 | 261 | goto end; |
262 | 262 | } |
431 | 431 | return SSL_TLSEXT_ERR_NOACK; |
432 | 432 | |
433 | 433 | if (servername != NULL) { |
434 | if (strcasecmp(servername, p->servername)) | |
434 | if (OPENSSL_strcasecmp(servername, p->servername)) | |
435 | 435 | return p->extension_error; |
436 | 436 | if (ctx2 != NULL) { |
437 | 437 | BIO_printf(p->biodebug, "Switching server context.\n"); |
0 | 0 | /* |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
975 | 975 | const char *propq = app_get0_propq(); |
976 | 976 | |
977 | 977 | cert_ctx = X509_STORE_new(); |
978 | if (cert_ctx == NULL) { | |
979 | BIO_printf(bio_err, "memory allocation failure\n"); | |
980 | return NULL; | |
981 | } | |
978 | 982 | X509_STORE_set_verify_cb(cert_ctx, verify_cb); |
979 | 983 | if (CApath != NULL) { |
980 | 984 | lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); |
953 | 953 | purpose_print(out, x, X509_PURPOSE_get0(j)); |
954 | 954 | } else if (i == modulus) { |
955 | 955 | BIO_printf(out, "Modulus="); |
956 | if (EVP_PKEY_is_a(pkey, "RSA")) { | |
956 | if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) { | |
957 | 957 | BIGNUM *n = NULL; |
958 | 958 | |
959 | 959 | /* Every RSA key has an 'n' */ |
0 | 0 | /* |
1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
140 | 140 | p--; |
141 | 141 | if (p > (*ctx)->entry_name && p[-1] == ';') |
142 | 142 | p[-1] = '\0'; |
143 | if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0) | |
143 | if (OPENSSL_strcasecmp((*ctx)->entry_name, | |
144 | (*ctx)->previous_entry_name) == 0) | |
144 | 145 | goto again; |
145 | 146 | } |
146 | 147 | #endif |
0 | 0 | /* |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | /* We need to use some engine deprecated APIs */ |
10 | 10 | #define OPENSSL_SUPPRESS_DEPRECATED |
11 | 11 | |
12 | #include "e_os.h" /* for strncasecmp */ | |
13 | 12 | #include "internal/cryptlib.h" |
14 | 13 | #include <stdio.h> |
15 | 14 | #include <openssl/asn1t.h> |
133 | 132 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
134 | 133 | continue; |
135 | 134 | if ((int)strlen(ameth->pem_str) == len |
136 | && strncasecmp(ameth->pem_str, str, len) == 0) | |
135 | && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) | |
137 | 136 | return ameth; |
138 | 137 | } |
139 | 138 | return NULL; |
0 | 0 | /* |
1 | * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | #include "internal/cryptlib.h" |
10 | 10 | #include <openssl/asn1.h> |
11 | 11 | #include <openssl/x509v3.h> |
12 | #include "e_os.h" /* strncasecmp() */ | |
13 | 12 | |
14 | 13 | #define ASN1_GEN_FLAG 0x10000 |
15 | 14 | #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) |
564 | 563 | |
565 | 564 | tntmp = tnst; |
566 | 565 | for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { |
567 | if ((len == tntmp->len) && (strncasecmp(tntmp->strnam, tagstr, len) == 0)) | |
566 | if ((len == tntmp->len) | |
567 | && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) | |
568 | 568 | return tntmp->tag; |
569 | 569 | } |
570 | 570 |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
445 | 445 | snum->neg = num_neg; |
446 | 446 | snum->top = div_n; |
447 | 447 | snum->flags |= BN_FLG_FIXED_TOP; |
448 | if (rm != NULL) | |
449 | bn_rshift_fixed_top(rm, snum, norm_shift); | |
448 | ||
449 | if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0) | |
450 | goto err; | |
451 | ||
450 | 452 | BN_CTX_end(ctx); |
451 | 453 | return 1; |
452 | 454 | err: |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
186 | 186 | return ret; |
187 | 187 | } |
188 | 188 | |
189 | BN_RECP_CTX_init(&recp); | |
190 | ||
189 | 191 | BN_CTX_start(ctx); |
190 | 192 | aa = BN_CTX_get(ctx); |
191 | 193 | val[0] = BN_CTX_get(ctx); |
192 | 194 | if (val[0] == NULL) |
193 | 195 | goto err; |
194 | 196 | |
195 | BN_RECP_CTX_init(&recp); | |
196 | 197 | if (m->neg) { |
197 | 198 | /* ignore sign of 'm' */ |
198 | 199 | if (!BN_copy(aa, m)) |
0 | 0 | /* |
1 | * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
498 | 498 | PUTU32(plaintext + 12, s1); |
499 | 499 | } |
500 | 500 | |
501 | void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], | |
502 | const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) | |
501 | void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], | |
502 | const KEY_TABLE_TYPE keyTable, u8 plaintext[]) | |
503 | 503 | { |
504 | 504 | Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, |
505 | plaintext, keyTable, ciphertext); | |
505 | ciphertext, keyTable, plaintext); | |
506 | 506 | } |
4 | 4 | $CHACHAASM_x86=chacha-x86.s |
5 | 5 | $CHACHAASM_x86_64=chacha-x86_64.s |
6 | 6 | |
7 | $CHACHAASM_ia64=chacha-ia64.S | |
7 | $CHACHAASM_ia64=chacha-ia64.s | |
8 | 8 | |
9 | 9 | $CHACHAASM_s390x=chacha-s390x.S |
10 | 10 | |
35 | 35 | INCLUDE[chacha-s390x.o]=.. |
36 | 36 | GENERATE[chacha-c64xplus.S]=asm/chacha-c64xplus.pl |
37 | 37 | GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl |
38 | GENERATE[chacha-ia64.S]=asm/chacha-ia64.pl | |
38 | GENERATE[chacha-ia64.s]=asm/chacha-ia64.pl |
0 | 0 | /* |
1 | * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
40 | 40 | ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms, |
41 | 41 | ossl_cms_ctx_get0_libctx(ctx), |
42 | 42 | ossl_cms_ctx_get0_propq(ctx)); |
43 | if (ci != NULL) | |
43 | if (ci != NULL) { | |
44 | ERR_set_mark(); | |
44 | 45 | ossl_cms_resolve_libctx(ci); |
46 | ERR_pop_to_mark(); | |
47 | } | |
45 | 48 | return ci; |
46 | 49 | } |
47 | 50 | |
103 | 106 | (ASN1_VALUE **)cms, |
104 | 107 | ossl_cms_ctx_get0_libctx(ctx), |
105 | 108 | ossl_cms_ctx_get0_propq(ctx)); |
106 | if (ci != NULL) | |
109 | if (ci != NULL) { | |
110 | ERR_set_mark(); | |
107 | 111 | ossl_cms_resolve_libctx(ci); |
112 | ERR_pop_to_mark(); | |
113 | } | |
108 | 114 | return ci; |
109 | 115 | } |
110 | 116 |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
10 | 10 | |
11 | 11 | #include <stdio.h> |
12 | 12 | #include <string.h> |
13 | #include "e_os.h" /* strcasecmp and struct stat */ | |
13 | #include "e_os.h" /* struct stat */ | |
14 | 14 | #ifdef __TANDEM |
15 | 15 | # include <sys/types.h> /* needed for stat.h */ |
16 | 16 | # include <sys/stat.h> /* struct stat */ |
191 | 191 | /* Parse a boolean value and fill in *flag. Return 0 on error. */ |
192 | 192 | static int parsebool(const char *pval, int *flag) |
193 | 193 | { |
194 | if (strcasecmp(pval, "on") == 0 | |
195 | || strcasecmp(pval, "true") == 0) { | |
194 | if (OPENSSL_strcasecmp(pval, "on") == 0 | |
195 | || OPENSSL_strcasecmp(pval, "true") == 0) { | |
196 | 196 | *flag = 1; |
197 | } else if (strcasecmp(pval, "off") == 0 | |
198 | || strcasecmp(pval, "false") == 0) { | |
197 | } else if (OPENSSL_strcasecmp(pval, "off") == 0 | |
198 | || OPENSSL_strcasecmp(pval, "false") == 0) { | |
199 | 199 | *flag = 0; |
200 | 200 | } else { |
201 | 201 | ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); |
838 | 838 | namelen = strlen(filename); |
839 | 839 | |
840 | 840 | |
841 | if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0) | |
842 | || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) { | |
841 | if ((namelen > 5 | |
842 | && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) | |
843 | || (namelen > 4 | |
844 | && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { | |
843 | 845 | size_t newlen; |
844 | 846 | char *newpath; |
845 | 847 | BIO *bio; |
13 | 13 | #include "internal/core.h" |
14 | 14 | #include "internal/bio.h" |
15 | 15 | #include "internal/provider.h" |
16 | #include "crypto/ctype.h" | |
16 | 17 | |
17 | 18 | struct ossl_lib_ctx_onfree_list_st { |
18 | 19 | ossl_lib_ctx_onfree_fn *fn; |
149 | 150 | DEFINE_RUN_ONCE_STATIC(default_context_do_init) |
150 | 151 | { |
151 | 152 | return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) |
152 | && context_init(&default_context_int); | |
153 | && context_init(&default_context_int) | |
154 | && ossl_init_casecmp(); | |
153 | 155 | } |
154 | 156 | |
155 | 157 | void ossl_lib_ctx_default_deinit(void) |
6 | 6 | * https://www.openssl.org/source/license.html |
7 | 7 | */ |
8 | 8 | |
9 | #include "e_os.h" /* strcasecmp */ | |
10 | 9 | #include "internal/namemap.h" |
11 | 10 | #include <openssl/lhash.h> |
12 | 11 | #include "crypto/lhash.h" /* ossl_lh_strcasehash */ |
48 | 47 | |
49 | 48 | static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) |
50 | 49 | { |
51 | return strcasecmp(a->name, b->name); | |
50 | return OPENSSL_strcasecmp(a->name, b->name); | |
52 | 51 | } |
53 | 52 | |
54 | 53 | static void namenum_free(NAMENUM_ENTRY *n) |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
10 | 10 | #include <stdio.h> |
11 | 11 | #include "crypto/ctype.h" |
12 | 12 | #include <openssl/ebcdic.h> |
13 | ||
14 | #include <openssl/crypto.h> | |
15 | #include "internal/core.h" | |
16 | #include "internal/thread_once.h" | |
17 | ||
18 | #ifndef OPENSSL_SYS_WINDOWS | |
19 | #include <strings.h> | |
20 | #endif | |
21 | #include <locale.h> | |
22 | ||
23 | #ifdef OPENSSL_SYS_MACOSX | |
24 | #include <xlocale.h> | |
25 | #endif | |
13 | 26 | |
14 | 27 | /* |
15 | 28 | * Define the character classes for each character in the seven bit ASCII |
277 | 290 | return 1; |
278 | 291 | return 0; |
279 | 292 | } |
293 | ||
294 | /* str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly | |
295 | * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html */ | |
296 | ||
297 | #if (defined OPENSSL_SYS_WINDOWS) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200809L) | |
298 | ||
299 | # if defined OPENSSL_SYS_WINDOWS | |
300 | # define locale_t _locale_t | |
301 | # define freelocale _free_locale | |
302 | # define strcasecmp_l _stricmp_l | |
303 | # define strncasecmp_l _strnicmp_l | |
304 | # endif | |
305 | ||
306 | # ifndef FIPS_MODULE | |
307 | static locale_t loc; | |
308 | ||
309 | static int locale_base_inited = 0; | |
310 | static CRYPTO_ONCE locale_base = CRYPTO_ONCE_STATIC_INIT; | |
311 | static CRYPTO_ONCE locale_base_deinit = CRYPTO_ONCE_STATIC_INIT; | |
312 | ||
313 | void *ossl_c_locale() { | |
314 | return (void *)loc; | |
315 | } | |
316 | ||
317 | DEFINE_RUN_ONCE_STATIC(ossl_init_locale_base) | |
318 | { | |
319 | # ifdef OPENSSL_SYS_WINDOWS | |
320 | loc = _create_locale(LC_COLLATE, "C"); | |
321 | # else | |
322 | loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); | |
323 | # endif | |
324 | locale_base_inited = 1; | |
325 | return (loc == (locale_t) 0) ? 0 : 1; | |
326 | } | |
327 | ||
328 | DEFINE_RUN_ONCE_STATIC(ossl_deinit_locale_base) | |
329 | { | |
330 | if (locale_base_inited && loc) { | |
331 | freelocale(loc); | |
332 | loc = NULL; | |
333 | } | |
334 | return 1; | |
335 | } | |
336 | ||
337 | int ossl_init_casecmp() | |
338 | { | |
339 | return RUN_ONCE(&locale_base, ossl_init_locale_base); | |
340 | } | |
341 | ||
342 | void ossl_deinit_casecmp() { | |
343 | (void)RUN_ONCE(&locale_base_deinit, ossl_deinit_locale_base); | |
344 | } | |
345 | # endif | |
346 | ||
347 | int OPENSSL_strcasecmp(const char *s1, const char *s2) | |
348 | { | |
349 | return strcasecmp_l(s1, s2, (locale_t)ossl_c_locale()); | |
350 | } | |
351 | ||
352 | int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) | |
353 | { | |
354 | return strncasecmp_l(s1, s2, n, (locale_t)ossl_c_locale()); | |
355 | } | |
356 | #else | |
357 | # ifndef FIPS_MODULE | |
358 | void *ossl_c_locale() { | |
359 | return NULL; | |
360 | } | |
361 | # endif | |
362 | ||
363 | int ossl_init_casecmp() { | |
364 | return 1; | |
365 | } | |
366 | ||
367 | void ossl_deinit_casecmp() { | |
368 | } | |
369 | ||
370 | int OPENSSL_strcasecmp(const char *s1, const char *s2) | |
371 | { | |
372 | return strcasecmp(s1, s2); | |
373 | } | |
374 | ||
375 | int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) | |
376 | { | |
377 | return strncasecmp(s1, s2, n); | |
378 | } | |
379 | #endif |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
22 | 22 | #include <openssl/objects.h> |
23 | 23 | #include "internal/nelem.h" |
24 | 24 | #include "crypto/dh.h" |
25 | #include "e_os.h" /* strcasecmp */ | |
26 | 25 | |
27 | 26 | static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) |
28 | 27 | { |
0 | 0 | /* |
1 | * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
38 | 38 | const char *mdname = EVP_MD_get0_name(md); |
39 | 39 | |
40 | 40 | kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq); |
41 | if (kdf == NULL) | |
42 | return 0; | |
41 | 43 | kctx = EVP_KDF_CTX_new(kdf); |
42 | 44 | if (kctx == NULL) |
43 | 45 | goto err; |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2015-2016 Cryptography Research, Inc. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
585 | 585 | int32_t delta = odd & mask; |
586 | 586 | |
587 | 587 | assert(position >= 0); |
588 | assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */ | |
588 | 589 | if (odd & (1 << (table_bits + 1))) |
589 | 590 | delta -= (1 << (table_bits + 1)); |
590 | 591 | current -= delta * (1 << pos); |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
53 | 53 | return OPENSSL_EC_NAMED_CURVE; |
54 | 54 | |
55 | 55 | for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { |
56 | if (strcasecmp(name, encoding_nameid_map[i].ptr) == 0) | |
56 | if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0) | |
57 | 57 | return encoding_nameid_map[i].id; |
58 | 58 | } |
59 | 59 | return -1; |
90 | 90 | return 0; |
91 | 91 | |
92 | 92 | for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { |
93 | if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) | |
93 | if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) | |
94 | 94 | return check_group_type_nameid_map[i].id; |
95 | 95 | } |
96 | 96 | return -1; |
135 | 135 | return (int)POINT_CONVERSION_UNCOMPRESSED; |
136 | 136 | |
137 | 137 | for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { |
138 | if (strcasecmp(name, format_nameid_map[i].ptr) == 0) | |
138 | if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0) | |
139 | 139 | return format_nameid_map[i].id; |
140 | 140 | } |
141 | 141 | return -1; |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
34 | 34 | "discriminant is zero"}, |
35 | 35 | {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), |
36 | 36 | "ec group new by name failure"}, |
37 | {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), | |
38 | "explicit params not supported"}, | |
37 | 39 | {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), |
38 | 40 | "failed making public key"}, |
39 | 41 | {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, |
21 | 21 | #include "crypto/ec.h" |
22 | 22 | #include "internal/nelem.h" |
23 | 23 | #include "ec_local.h" |
24 | #include "e_os.h" /* strcasecmp */ | |
25 | 24 | |
26 | 25 | /* functions for EC_GROUP objects */ |
27 | 26 | |
1386 | 1385 | } |
1387 | 1386 | #endif |
1388 | 1387 | |
1388 | #ifndef FIPS_MODULE | |
1389 | 1389 | /* |
1390 | 1390 | * Check if the explicit parameters group matches any built-in curves. |
1391 | 1391 | * |
1423 | 1423 | * parameters with one created from a named group. |
1424 | 1424 | */ |
1425 | 1425 | |
1426 | #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 | |
1426 | # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 | |
1427 | 1427 | /* |
1428 | 1428 | * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for |
1429 | 1429 | * the same curve, we prefer the SECP nid when matching explicit |
1431 | 1431 | */ |
1432 | 1432 | if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) |
1433 | 1433 | curve_name_nid = NID_secp224r1; |
1434 | #endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ | |
1434 | # endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ | |
1435 | 1435 | |
1436 | 1436 | ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); |
1437 | 1437 | if (ret_group == NULL) |
1466 | 1466 | EC_GROUP_free(ret_group); |
1467 | 1467 | return NULL; |
1468 | 1468 | } |
1469 | #endif /* FIPS_MODULE */ | |
1469 | 1470 | |
1470 | 1471 | static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, |
1471 | 1472 | OSSL_LIB_CTX *libctx, const char *propq) |
1535 | 1536 | EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], |
1536 | 1537 | OSSL_LIB_CTX *libctx, const char *propq) |
1537 | 1538 | { |
1538 | const OSSL_PARAM *ptmp, *pa, *pb; | |
1539 | const OSSL_PARAM *ptmp; | |
1540 | EC_GROUP *group = NULL; | |
1541 | ||
1542 | #ifndef FIPS_MODULE | |
1543 | const OSSL_PARAM *pa, *pb; | |
1539 | 1544 | int ok = 0; |
1540 | EC_GROUP *group = NULL, *named_group = NULL; | |
1545 | EC_GROUP *named_group = NULL; | |
1541 | 1546 | BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; |
1542 | 1547 | EC_POINT *point = NULL; |
1543 | 1548 | int field_bits = 0; |
1545 | 1550 | BN_CTX *bnctx = NULL; |
1546 | 1551 | const unsigned char *buf = NULL; |
1547 | 1552 | int encoding_flag = -1; |
1553 | #endif | |
1548 | 1554 | |
1549 | 1555 | /* This is the simple named group case */ |
1550 | 1556 | ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); |
1558 | 1564 | } |
1559 | 1565 | return group; |
1560 | 1566 | } |
1567 | #ifdef FIPS_MODULE | |
1568 | ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED); | |
1569 | return NULL; | |
1570 | #else | |
1561 | 1571 | /* If it gets here then we are trying explicit parameters */ |
1562 | 1572 | bnctx = BN_CTX_new_ex(libctx); |
1563 | 1573 | if (bnctx == NULL) { |
1580 | 1590 | ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); |
1581 | 1591 | goto err; |
1582 | 1592 | } |
1583 | if (strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { | |
1593 | if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { | |
1584 | 1594 | is_prime_field = 1; |
1585 | } else if (strcasecmp(ptmp->data, SN_X9_62_characteristic_two_field) == 0) { | |
1595 | } else if (OPENSSL_strcasecmp(ptmp->data, | |
1596 | SN_X9_62_characteristic_two_field) == 0) { | |
1586 | 1597 | is_prime_field = 0; |
1587 | 1598 | } else { |
1588 | 1599 | /* Invalid field */ |
1622 | 1633 | /* create the EC_GROUP structure */ |
1623 | 1634 | group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); |
1624 | 1635 | } else { |
1625 | #ifdef OPENSSL_NO_EC2M | |
1636 | # ifdef OPENSSL_NO_EC2M | |
1626 | 1637 | ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); |
1627 | 1638 | goto err; |
1628 | #else | |
1639 | # else | |
1629 | 1640 | /* create the EC_GROUP structure */ |
1630 | 1641 | group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); |
1631 | 1642 | if (group != NULL) { |
1635 | 1646 | goto err; |
1636 | 1647 | } |
1637 | 1648 | } |
1638 | #endif /* OPENSSL_NO_EC2M */ | |
1649 | # endif /* OPENSSL_NO_EC2M */ | |
1639 | 1650 | } |
1640 | 1651 | |
1641 | 1652 | if (group == NULL) { |
1732 | 1743 | BN_CTX_free(bnctx); |
1733 | 1744 | |
1734 | 1745 | return group; |
1735 | } | |
1746 | #endif /* FIPS_MODULE */ | |
1747 | } |
0 | 0 | /* |
1 | * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2014, Intel Corporation. All Rights Reserved. |
3 | 3 | * Copyright (c) 2015, CloudFlare, Inc. |
4 | 4 | * |
977 | 977 | return 0; |
978 | 978 | } |
979 | 979 | |
980 | memset(&p, 0, sizeof(p)); | |
980 | 981 | BN_CTX_start(ctx); |
981 | 982 | |
982 | 983 | if (scalar) { |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
788 | 788 | */ |
789 | 789 | trace_data_structure = data_structure; |
790 | 790 | if (data_type != NULL && data_structure != NULL |
791 | && strcasecmp(data_structure, "type-specific") == 0) | |
791 | && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) | |
792 | 792 | data_structure = NULL; |
793 | 793 | |
794 | 794 | OSSL_TRACE_BEGIN(DECODER) { |
849 | 849 | * that's the case, we do this extra check. |
850 | 850 | */ |
851 | 851 | if (decoder == NULL && ctx->start_input_type != NULL |
852 | && strcasecmp(ctx->start_input_type, new_input_type) != 0) { | |
852 | && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { | |
853 | 853 | OSSL_TRACE_BEGIN(DECODER) { |
854 | 854 | BIO_printf(trc_out, |
855 | 855 | "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", |
895 | 895 | */ |
896 | 896 | if (data_structure != NULL |
897 | 897 | && (new_input_structure == NULL |
898 | || strcasecmp(data_structure, new_input_structure) != 0)) { | |
898 | || OPENSSL_strcasecmp(data_structure, | |
899 | new_input_structure) != 0)) { | |
899 | 900 | OSSL_TRACE_BEGIN(DECODER) { |
900 | 901 | BIO_printf(trc_out, |
901 | 902 | "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", |
914 | 915 | && ctx->input_structure != NULL |
915 | 916 | && new_input_structure != NULL) { |
916 | 917 | data->flag_input_structure_checked = 1; |
917 | if (strcasecmp(new_input_structure, ctx->input_structure) != 0) { | |
918 | if (OPENSSL_strcasecmp(new_input_structure, | |
919 | ctx->input_structure) != 0) { | |
918 | 920 | OSSL_TRACE_BEGIN(DECODER) { |
919 | 921 | BIO_printf(trc_out, |
920 | 922 | "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
17 | 17 | #include "crypto/evp.h" |
18 | 18 | #include "crypto/decoder.h" |
19 | 19 | #include "encoder_local.h" |
20 | #include "e_os.h" /* strcasecmp on Windows */ | |
21 | 20 | |
22 | 21 | int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, |
23 | 22 | const unsigned char *kstr, |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
6 | 6 | * https://www.openssl.org/source/license.html |
7 | 7 | */ |
8 | 8 | |
9 | #include "e_os.h" /* strcasecmp on Windows */ | |
10 | 9 | #include <openssl/core_names.h> |
11 | 10 | #include <openssl/bio.h> |
12 | 11 | #include <openssl/encoder.h> |
452 | 451 | */ |
453 | 452 | if (top) { |
454 | 453 | if (data->ctx->output_type != NULL |
455 | && strcasecmp(current_output_type, | |
456 | data->ctx->output_type) != 0) { | |
454 | && OPENSSL_strcasecmp(current_output_type, | |
455 | data->ctx->output_type) != 0) { | |
457 | 456 | OSSL_TRACE_BEGIN(ENCODER) { |
458 | 457 | BIO_printf(trc_out, |
459 | 458 | "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", |
481 | 480 | */ |
482 | 481 | if (data->ctx->output_structure != NULL |
483 | 482 | && current_output_structure != NULL) { |
484 | if (strcasecmp(data->ctx->output_structure, | |
485 | current_output_structure) != 0) { | |
483 | if (OPENSSL_strcasecmp(data->ctx->output_structure, | |
484 | current_output_structure) != 0) { | |
486 | 485 | OSSL_TRACE_BEGIN(ENCODER) { |
487 | 486 | BIO_printf(trc_out, |
488 | 487 | "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", |
6 | 6 | * https://www.openssl.org/source/license.html |
7 | 7 | */ |
8 | 8 | |
9 | #include "e_os.h" /* strcasecmp on Windows */ | |
10 | 9 | #include <openssl/err.h> |
11 | 10 | #include <openssl/ui.h> |
12 | 11 | #include <openssl/params.h> |
400 | 400 | return 0; |
401 | 401 | } |
402 | 402 | |
403 | /* | |
404 | * Unfortunately the version checker does not distinguish between | |
405 | * engines built for openssl 1.1.x and openssl 3.x, but loading | |
406 | * an engine that is built for openssl 1.1.x will cause a fatal | |
407 | * error. Detect such engines, since EVP_PKEY_base_id is exported | |
408 | * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id | |
409 | * in openssl 3.x. Therefore we take the presence of that symbol | |
410 | * as an indication that the engine will be incompatible. | |
411 | */ | |
412 | static int using_libcrypto_11(dynamic_data_ctx *ctx) | |
413 | { | |
414 | int ret; | |
415 | ||
416 | ERR_set_mark(); | |
417 | ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL; | |
418 | ERR_pop_to_mark(); | |
419 | ||
420 | return ret; | |
421 | } | |
422 | ||
403 | 423 | static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) |
404 | 424 | { |
405 | 425 | ENGINE cpy; |
449 | 469 | /* |
450 | 470 | * We fail if the version checker veto'd the load *or* if it is |
451 | 471 | * deferring to us (by returning its version) and we think it is too |
452 | * old. | |
453 | * Unfortunately the version checker does not distinguish between | |
454 | * engines built for openssl 1.1.x and openssl 3.x, but loading | |
455 | * an engine that is built for openssl 1.1.x will cause a fatal | |
456 | * error. Detect such engines, since EVP_PKEY_base_id is exported | |
457 | * as a function in openssl 1.1.x, while it is a macro in openssl 3.x, | |
458 | * and therefore only the symbol EVP_PKEY_get_base_id is available | |
459 | * in openssl 3.x. | |
472 | * old. Also fail if this is engine for openssl 1.1.x. | |
460 | 473 | */ |
461 | if (vcheck_res < OSSL_DYNAMIC_OLDEST | |
462 | || DSO_bind_func(ctx->dynamic_dso, | |
463 | "EVP_PKEY_base_id") != NULL) { | |
474 | if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) { | |
464 | 475 | /* Fail */ |
465 | 476 | ctx->bind_engine = NULL; |
466 | 477 | ctx->v_check = NULL; |
0 | 0 | /* |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
151 | 151 | e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); |
152 | 152 | if (ameth != NULL |
153 | 153 | && ((int)strlen(ameth->pem_str) == len) |
154 | && strncasecmp(ameth->pem_str, str, len) == 0) | |
154 | && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) | |
155 | 155 | return ameth; |
156 | 156 | } |
157 | 157 | return NULL; |
176 | 176 | e->pkey_asn1_meths(e, &ameth, NULL, nid); |
177 | 177 | if (ameth != NULL |
178 | 178 | && ((int)strlen(ameth->pem_str) == lk->len) |
179 | && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { | |
179 | && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { | |
180 | 180 | lk->e = e; |
181 | 181 | lk->ameth = ameth; |
182 | 182 | return; |
0 | # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
0 | # Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. | |
1 | 1 | # |
2 | 2 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
3 | 3 | # this file except in compliance with the License. You can obtain a copy |
536 | 536 | EC_R_DECODE_ERROR:142:decode error |
537 | 537 | EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero |
538 | 538 | EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure |
539 | EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported | |
539 | 540 | EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key |
540 | 541 | EC_R_FIELD_TOO_LARGE:143:field too large |
541 | 542 | EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported |
35 | 35 | #include "crypto/evp.h" |
36 | 36 | #include "crypto/dh.h" |
37 | 37 | #include "crypto/ec.h" |
38 | ||
39 | #include "e_os.h" /* strcasecmp() for Windows */ | |
40 | 38 | |
41 | 39 | struct translation_ctx_st; /* Forwarding */ |
42 | 40 | struct translation_st; /* Forwarding */ |
904 | 902 | |
905 | 903 | /* Convert KDF type strings to numbers */ |
906 | 904 | for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) |
907 | if (strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { | |
905 | if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { | |
908 | 906 | ctx->p1 = kdf_type_map->kdf_type_num; |
909 | 907 | ret = 1; |
910 | 908 | break; |
1073 | 1071 | return 0; |
1074 | 1072 | |
1075 | 1073 | if (state == PRE_CTRL_STR_TO_PARAMS) { |
1076 | ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2)); | |
1074 | if ((ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2))) | |
1075 | == NULL) { | |
1076 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); | |
1077 | return 0; | |
1078 | } | |
1077 | 1079 | ctx->p1 = strlen(ctx->p2); |
1078 | 1080 | } |
1079 | 1081 | |
2468 | 2470 | * cmd name in the template. |
2469 | 2471 | */ |
2470 | 2472 | if (item->ctrl_str != NULL |
2471 | && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) | |
2473 | && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) | |
2472 | 2474 | ctrl_str = tmpl->ctrl_str; |
2473 | 2475 | else if (item->ctrl_hexstr != NULL |
2474 | && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0) | |
2476 | && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, | |
2477 | item->ctrl_hexstr) == 0) | |
2475 | 2478 | ctrl_hexstr = tmpl->ctrl_hexstr; |
2476 | 2479 | else |
2477 | 2480 | continue; |
2499 | 2502 | if ((item->action_type != NONE |
2500 | 2503 | && tmpl->action_type != item->action_type) |
2501 | 2504 | || (item->param_key != NULL |
2502 | && strcasecmp(tmpl->param_key, item->param_key) != 0)) | |
2505 | && OPENSSL_strcasecmp(tmpl->param_key, | |
2506 | item->param_key) != 0)) | |
2503 | 2507 | continue; |
2504 | 2508 | } else { |
2505 | 2509 | return NULL; |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | #include <string.h> |
10 | 10 | #include <openssl/ec.h> |
11 | 11 | #include "crypto/ec.h" |
12 | #include "e_os.h" /* strcasecmp required by windows */ | |
12 | #include "internal/nelem.h" | |
13 | 13 | |
14 | 14 | typedef struct ec_name2nid_st { |
15 | 15 | const char *name; |
138 | 138 | return nid; |
139 | 139 | |
140 | 140 | for (i = 0; i < OSSL_NELEM(curve_list); i++) { |
141 | if (strcasecmp(curve_list[i].name, name) == 0) | |
141 | if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0) | |
142 | 142 | return curve_list[i].nid; |
143 | 143 | } |
144 | 144 | } |
343 | 343 | |
344 | 344 | case EVP_CIPH_CBC_MODE: |
345 | 345 | n = EVP_CIPHER_CTX_get_iv_length(ctx); |
346 | if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv))) | |
347 | return 0; | |
346 | if (n < 0 || n > (int)sizeof(ctx->iv)) { | |
347 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); | |
348 | return 0; | |
349 | } | |
348 | 350 | if (iv != NULL) |
349 | 351 | memcpy(ctx->oiv, iv, n); |
350 | 352 | memcpy(ctx->iv, ctx->oiv, n); |
354 | 356 | ctx->num = 0; |
355 | 357 | /* Don't reuse IV for CTR mode */ |
356 | 358 | if (iv != NULL) { |
357 | if ((n = EVP_CIPHER_CTX_get_iv_length(ctx)) <= 0) | |
359 | n = EVP_CIPHER_CTX_get_iv_length(ctx); | |
360 | if (n <= 0 || n > (int)sizeof(ctx->iv)) { | |
361 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); | |
358 | 362 | return 0; |
363 | } | |
359 | 364 | memcpy(ctx->iv, iv, n); |
360 | 365 | } |
361 | 366 | break; |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
14 | 14 | |
15 | 15 | #include <stdio.h> |
16 | 16 | #include <string.h> |
17 | #include "e_os.h" /* strcasecmp */ | |
18 | 17 | #include "internal/cryptlib.h" |
19 | 18 | #include <openssl/evp.h> |
20 | 19 | #include <openssl/objects.h> |
1169 | 1168 | |
1170 | 1169 | va_start(args, type); |
1171 | 1170 | |
1172 | if (strcasecmp(type, "RSA") == 0) { | |
1171 | if (OPENSSL_strcasecmp(type, "RSA") == 0) { | |
1173 | 1172 | bits = va_arg(args, size_t); |
1174 | 1173 | params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); |
1175 | } else if (strcasecmp(type, "EC") == 0) { | |
1174 | } else if (OPENSSL_strcasecmp(type, "EC") == 0) { | |
1176 | 1175 | name = va_arg(args, char *); |
1177 | 1176 | params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, |
1178 | 1177 | name, 0); |
1179 | } else if (strcasecmp(type, "ED25519") != 0 | |
1180 | && strcasecmp(type, "X25519") != 0 | |
1181 | && strcasecmp(type, "ED448") != 0 | |
1182 | && strcasecmp(type, "X448") != 0) { | |
1178 | } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 | |
1179 | && OPENSSL_strcasecmp(type, "X25519") != 0 | |
1180 | && OPENSSL_strcasecmp(type, "ED448") != 0 | |
1181 | && OPENSSL_strcasecmp(type, "X448") != 0) { | |
1183 | 1182 | ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); |
1184 | 1183 | goto end; |
1185 | 1184 | } |
0 | 0 | /* |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
41 | 41 | salt = (unsigned char *)empty; |
42 | 42 | |
43 | 43 | kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq); |
44 | if (kdf == NULL) | |
45 | return 0; | |
44 | 46 | kctx = EVP_KDF_CTX_new(kdf); |
45 | 47 | EVP_KDF_free(kdf); |
46 | 48 | if (kctx == NULL) |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
48 | 48 | #endif |
49 | 49 | #include "internal/provider.h" |
50 | 50 | #include "evp_local.h" |
51 | ||
52 | #include "e_os.h" /* strcasecmp on Windows */ | |
53 | 51 | |
54 | 52 | static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, |
55 | 53 | int len, EVP_KEYMGMT *keymgmt); |
1017 | 1015 | size_t i; |
1018 | 1016 | |
1019 | 1017 | for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { |
1020 | if (strcasecmp(name, standard_name2type[i].ptr) == 0) | |
1018 | if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0) | |
1021 | 1019 | return (int)standard_name2type[i].id; |
1022 | 1020 | } |
1023 | 1021 |
0 | 0 | /* |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
26 | 26 | #ifndef FIPS_MODULE |
27 | 27 | # include "crypto/asn1.h" |
28 | 28 | #endif |
29 | #include "crypto/ctype.h" | |
29 | 30 | #include "crypto/evp.h" |
30 | 31 | #include "crypto/dh.h" |
31 | 32 | #include "crypto/ec.h" |
198 | 199 | } |
199 | 200 | #ifndef FIPS_MODULE |
200 | 201 | if (keytype != NULL) { |
202 | ossl_init_casecmp(); | |
201 | 203 | id = evp_pkey_name2type(keytype); |
202 | 204 | if (id == NID_undef) |
203 | 205 | id = -1; |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | #include "internal/ffc.h" |
10 | 10 | #include "internal/nelem.h" |
11 | 11 | #include "crypto/bn_dh.h" |
12 | #include "e_os.h" /* strcasecmp */ | |
13 | 12 | |
14 | 13 | #ifndef OPENSSL_NO_DH |
15 | 14 | |
83 | 82 | size_t i; |
84 | 83 | |
85 | 84 | for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { |
86 | if (strcasecmp(dh_named_groups[i].name, name) == 0) | |
85 | if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0) | |
87 | 86 | return &dh_named_groups[i]; |
88 | 87 | } |
89 | 88 | return NULL; |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
11 | 11 | #include "internal/ffc.h" |
12 | 12 | #include "internal/param_build_set.h" |
13 | 13 | #include "internal/nelem.h" |
14 | #include "e_os.h" /* strcasecmp */ | |
15 | 14 | |
16 | 15 | #ifndef FIPS_MODULE |
17 | 16 | # include <openssl/asn1.h> /* ossl_ffc_params_print */ |
321 | 321 | |
322 | 322 | for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { |
323 | 323 | hdr = sk_CONF_VALUE_value(headers, i); |
324 | if (add_host && strcasecmp("host", hdr->name) == 0) | |
324 | if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0) | |
325 | 325 | add_host = 0; |
326 | 326 | if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value)) |
327 | 327 | return 0; |
665 | 665 | } |
666 | 666 | if (value != NULL && line_end != NULL) { |
667 | 667 | if (rctx->state == OHS_REDIRECT |
668 | && strcasecmp(key, "Location") == 0) { | |
668 | && OPENSSL_strcasecmp(key, "Location") == 0) { | |
669 | 669 | rctx->redirection_url = value; |
670 | 670 | return 0; |
671 | 671 | } |
672 | if (rctx->expected_ct != NULL | |
673 | && strcasecmp(key, "Content-Type") == 0) { | |
674 | if (strcasecmp(rctx->expected_ct, value) != 0) { | |
672 | if (rctx->state == OHS_HEADERS && rctx->expected_ct != NULL | |
673 | && OPENSSL_strcasecmp(key, "Content-Type") == 0) { | |
674 | if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { | |
675 | 675 | ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, |
676 | 676 | "expected=%s, actual=%s", |
677 | 677 | rctx->expected_ct, value); |
681 | 681 | } |
682 | 682 | |
683 | 683 | /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ |
684 | if (strcasecmp(key, "Connection") == 0) { | |
685 | if (strcasecmp(value, "keep-alive") == 0) | |
684 | if (OPENSSL_strcasecmp(key, "Connection") == 0) { | |
685 | if (OPENSSL_strcasecmp(value, "keep-alive") == 0) | |
686 | 686 | found_keep_alive = 1; |
687 | else if (strcasecmp(value, "close") == 0) | |
687 | else if (OPENSSL_strcasecmp(value, "close") == 0) | |
688 | 688 | found_keep_alive = 0; |
689 | } else if (strcasecmp(key, "Content-Length") == 0) { | |
689 | } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) { | |
690 | 690 | resp_len = (size_t)strtoul(value, &line_end, 10); |
691 | 691 | if (line_end == value || *line_end != '\0') { |
692 | 692 | ERR_raise_data(ERR_LIB_HTTP, |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
31 | 31 | #include "crypto/store.h" |
32 | 32 | #include <openssl/cmp_util.h> /* for OSSL_CMP_log_close() */ |
33 | 33 | #include <openssl/trace.h> |
34 | #include "crypto/ctype.h" | |
34 | 35 | |
35 | 36 | static int stopped = 0; |
36 | 37 | static uint64_t optsdone = 0; |
446 | 447 | OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); |
447 | 448 | ossl_trace_cleanup(); |
448 | 449 | |
450 | OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_deinit_casecmp()\n"); | |
451 | ossl_deinit_casecmp(); | |
452 | ||
449 | 453 | base_inited = 0; |
450 | 454 | } |
451 | 455 | |
458 | 462 | { |
459 | 463 | uint64_t tmp; |
460 | 464 | int aloaddone = 0; |
465 | ||
466 | if (!ossl_init_casecmp()) | |
467 | return 0; | |
461 | 468 | |
462 | 469 | /* Applications depend on 0 being returned when cleanup was already done */ |
463 | 470 | if (stopped) { |
60 | 60 | |
61 | 61 | void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) |
62 | 62 | { |
63 | int omit_tsan = 0; | |
64 | ||
65 | #ifdef TSAN_REQUIRES_LOCKING | |
66 | if (!CRYPTO_THREAD_read_lock(lh->tsan_lock)) { | |
67 | BIO_printf(out, "unable to lock table, omitting TSAN counters\n"); | |
68 | omit_tsan = 1; | |
69 | } | |
70 | #endif | |
71 | 63 | BIO_printf(out, "num_items = %lu\n", lh->num_items); |
72 | 64 | BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); |
73 | 65 | BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); |
74 | BIO_printf(out, "num_expands = %lu\n", lh->num_expands); | |
75 | BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); | |
76 | BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); | |
77 | BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); | |
78 | if (!omit_tsan) { | |
79 | BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); | |
80 | BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); | |
81 | } | |
82 | BIO_printf(out, "num_insert = %lu\n", lh->num_insert); | |
83 | BIO_printf(out, "num_replace = %lu\n", lh->num_replace); | |
84 | BIO_printf(out, "num_delete = %lu\n", lh->num_delete); | |
85 | BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); | |
86 | if (!omit_tsan) { | |
87 | BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); | |
88 | BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); | |
89 | BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); | |
90 | #ifdef TSAN_REQUIRES_LOCKING | |
91 | CRYPTO_THREAD_unlock(lh->tsan_lock); | |
92 | #endif | |
93 | } | |
66 | BIO_printf(out, "num_expands = 0\n"); | |
67 | BIO_printf(out, "num_expand_reallocs = 0\n"); | |
68 | BIO_printf(out, "num_contracts = 0\n"); | |
69 | BIO_printf(out, "num_contract_reallocs = 0\n"); | |
70 | BIO_printf(out, "num_hash_calls = 0\n"); | |
71 | BIO_printf(out, "num_comp_calls = 0\n"); | |
72 | BIO_printf(out, "num_insert = 0\n"); | |
73 | BIO_printf(out, "num_replace = 0\n"); | |
74 | BIO_printf(out, "num_delete = 0\n"); | |
75 | BIO_printf(out, "num_no_delete = 0\n"); | |
76 | BIO_printf(out, "num_retrieve = 0\n"); | |
77 | BIO_printf(out, "num_retrieve_miss = 0\n"); | |
78 | BIO_printf(out, "num_hash_comps = 0\n"); | |
94 | 79 | } |
95 | 80 | |
96 | 81 | void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) |
43 | 43 | static void contract(OPENSSL_LHASH *lh); |
44 | 44 | static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash); |
45 | 45 | |
46 | static ossl_inline int tsan_lock(const OPENSSL_LHASH *lh) | |
47 | { | |
48 | #ifdef TSAN_REQUIRES_LOCKING | |
49 | if (!CRYPTO_THREAD_write_lock(lh->tsan_lock)) | |
50 | return 0; | |
51 | #endif | |
52 | return 1; | |
53 | } | |
54 | ||
55 | static ossl_inline void tsan_unlock(const OPENSSL_LHASH *lh) | |
56 | { | |
57 | #ifdef TSAN_REQUIRES_LOCKING | |
58 | CRYPTO_THREAD_unlock(lh->tsan_lock); | |
59 | #endif | |
60 | } | |
61 | ||
62 | 46 | OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) |
63 | 47 | { |
64 | 48 | OPENSSL_LHASH *ret; |
73 | 57 | } |
74 | 58 | if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) |
75 | 59 | goto err; |
76 | #ifdef TSAN_REQUIRES_LOCKING | |
77 | if ((ret->tsan_lock = CRYPTO_THREAD_lock_new()) == NULL) | |
78 | goto err; | |
79 | #endif | |
80 | 60 | ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); |
81 | 61 | ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); |
82 | 62 | ret->num_nodes = MIN_NODES / 2; |
98 | 78 | return; |
99 | 79 | |
100 | 80 | OPENSSL_LH_flush(lh); |
101 | #ifdef TSAN_REQUIRES_LOCKING | |
102 | CRYPTO_THREAD_lock_free(lh->tsan_lock); | |
103 | #endif | |
104 | 81 | OPENSSL_free(lh->b); |
105 | 82 | OPENSSL_free(lh); |
106 | 83 | } |
122 | 99 | } |
123 | 100 | lh->b[i] = NULL; |
124 | 101 | } |
102 | ||
103 | lh->num_items = 0; | |
125 | 104 | } |
126 | 105 | |
127 | 106 | void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) |
146 | 125 | nn->hash = hash; |
147 | 126 | *rn = nn; |
148 | 127 | ret = NULL; |
149 | lh->num_insert++; | |
150 | 128 | lh->num_items++; |
151 | 129 | } else { /* replace same key */ |
152 | 130 | ret = (*rn)->data; |
153 | 131 | (*rn)->data = data; |
154 | lh->num_replace++; | |
155 | 132 | } |
156 | 133 | return ret; |
157 | 134 | } |
166 | 143 | rn = getrn(lh, data, &hash); |
167 | 144 | |
168 | 145 | if (*rn == NULL) { |
169 | lh->num_no_delete++; | |
170 | 146 | return NULL; |
171 | 147 | } else { |
172 | 148 | nn = *rn; |
173 | 149 | *rn = nn->next; |
174 | 150 | ret = nn->data; |
175 | 151 | OPENSSL_free(nn); |
176 | lh->num_delete++; | |
177 | 152 | } |
178 | 153 | |
179 | 154 | lh->num_items--; |
189 | 164 | unsigned long hash; |
190 | 165 | OPENSSL_LH_NODE **rn; |
191 | 166 | |
192 | /*- | |
193 | * This should be atomic without tsan. | |
194 | * It's not clear why it was done this way and not elsewhere. | |
195 | */ | |
196 | tsan_store((TSAN_QUALIFIER int *)&lh->error, 0); | |
167 | if (lh->error != 0) | |
168 | lh->error = 0; | |
197 | 169 | |
198 | 170 | rn = getrn(lh, data, &hash); |
199 | 171 | |
200 | if (tsan_lock(lh)) { | |
201 | tsan_counter(*rn == NULL ? &lh->num_retrieve_miss : &lh->num_retrieve); | |
202 | tsan_unlock(lh); | |
203 | } | |
204 | 172 | return *rn == NULL ? NULL : (*rn)->data; |
205 | 173 | } |
206 | 174 | |
261 | 229 | memset(n + nni, 0, sizeof(*n) * (j - nni)); |
262 | 230 | lh->pmax = nni; |
263 | 231 | lh->num_alloc_nodes = j; |
264 | lh->num_expand_reallocs++; | |
265 | 232 | lh->p = 0; |
266 | 233 | } else { |
267 | 234 | lh->p++; |
268 | 235 | } |
269 | 236 | |
270 | 237 | lh->num_nodes++; |
271 | lh->num_expands++; | |
272 | 238 | n1 = &(lh->b[p]); |
273 | 239 | n2 = &(lh->b[p + pmax]); |
274 | 240 | *n2 = NULL; |
301 | 267 | lh->error++; |
302 | 268 | return; |
303 | 269 | } |
304 | lh->num_contract_reallocs++; | |
305 | 270 | lh->num_alloc_nodes /= 2; |
306 | 271 | lh->pmax /= 2; |
307 | 272 | lh->p = lh->pmax - 1; |
310 | 275 | lh->p--; |
311 | 276 | |
312 | 277 | lh->num_nodes--; |
313 | lh->num_contracts++; | |
314 | 278 | |
315 | 279 | n1 = lh->b[(int)lh->p]; |
316 | 280 | if (n1 == NULL) |
328 | 292 | OPENSSL_LH_NODE **ret, *n1; |
329 | 293 | unsigned long hash, nn; |
330 | 294 | OPENSSL_LH_COMPFUNC cf; |
331 | int do_tsan = 1; | |
332 | ||
333 | #ifdef TSAN_REQUIRES_LOCKING | |
334 | do_tsan = tsan_lock(lh); | |
335 | #endif | |
295 | ||
336 | 296 | hash = (*(lh->hash)) (data); |
337 | if (do_tsan) | |
338 | tsan_counter(&lh->num_hash_calls); | |
339 | 297 | *rhash = hash; |
340 | 298 | |
341 | 299 | nn = hash % lh->pmax; |
345 | 303 | cf = lh->comp; |
346 | 304 | ret = &(lh->b[(int)nn]); |
347 | 305 | for (n1 = *ret; n1 != NULL; n1 = n1->next) { |
348 | if (do_tsan) | |
349 | tsan_counter(&lh->num_hash_comps); | |
350 | 306 | if (n1->hash != hash) { |
351 | 307 | ret = &(n1->next); |
352 | 308 | continue; |
353 | 309 | } |
354 | if (do_tsan) | |
355 | tsan_counter(&lh->num_comp_calls); | |
356 | 310 | if (cf(n1->data, data) == 0) |
357 | 311 | break; |
358 | 312 | ret = &(n1->next); |
359 | 313 | } |
360 | if (do_tsan) | |
361 | tsan_unlock(lh); | |
362 | 314 | return ret; |
363 | 315 | } |
364 | 316 |
26 | 26 | unsigned long up_load; /* load times 256 */ |
27 | 27 | unsigned long down_load; /* load times 256 */ |
28 | 28 | unsigned long num_items; |
29 | unsigned long num_expands; | |
30 | unsigned long num_expand_reallocs; | |
31 | unsigned long num_contracts; | |
32 | unsigned long num_contract_reallocs; | |
33 | TSAN_QUALIFIER unsigned long num_hash_calls; | |
34 | TSAN_QUALIFIER unsigned long num_comp_calls; | |
35 | unsigned long num_insert; | |
36 | unsigned long num_replace; | |
37 | unsigned long num_delete; | |
38 | unsigned long num_no_delete; | |
39 | TSAN_QUALIFIER unsigned long num_retrieve; | |
40 | TSAN_QUALIFIER unsigned long num_retrieve_miss; | |
41 | TSAN_QUALIFIER unsigned long num_hash_comps; | |
42 | 29 | int error; |
43 | #ifdef TSAN_REQUIRES_LOCKING | |
44 | CRYPTO_RWLOCK *tsan_lock; | |
45 | #endif | |
46 | 30 | }; |
0 | 0 | /* |
1 | * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
21 | 21 | #include "e_os.h" |
22 | 22 | |
23 | 23 | /* |
24 | * We define this wrapper for two reasons. Firstly, later versions of | |
25 | * DEC C add linkage information to certain functions, which makes it | |
26 | * tricky to use them as values to regular function pointers. | |
27 | * Secondly, in the EDK2 build environment, the strcasecmp function is | |
28 | * actually an external function with the Microsoft ABI, so we can't | |
29 | * transparently assign function pointers to it. | |
30 | */ | |
31 | #if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) | |
32 | static int obj_strcasecmp(const char *a, const char *b) | |
33 | { | |
34 | return strcasecmp(a, b); | |
35 | } | |
36 | #else | |
37 | #define obj_strcasecmp strcasecmp | |
38 | #endif | |
39 | ||
40 | /* | |
41 | 24 | * I use the ex_data stuff to manage the identifiers for the obj_name_types |
42 | 25 | * that applications may define. I only really use the free function field. |
43 | 26 | */ |
110 | 93 | goto out; |
111 | 94 | } |
112 | 95 | name_funcs->hash_func = ossl_lh_strcasehash; |
113 | name_funcs->cmp_func = obj_strcasecmp; | |
96 | name_funcs->cmp_func = OPENSSL_strcasecmp; | |
114 | 97 | push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); |
115 | 98 | |
116 | 99 | if (!push) { |
144 | 127 | ret = sk_NAME_FUNCS_value(name_funcs_stack, |
145 | 128 | a->type)->cmp_func(a->name, b->name); |
146 | 129 | } else |
147 | ret = strcasecmp(a->name, b->name); | |
130 | ret = OPENSSL_strcasecmp(a->name, b->name); | |
148 | 131 | } |
149 | 132 | return ret; |
150 | 133 | } |
0 | 0 | /* |
1 | * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
58 | 58 | |
59 | 59 | ret = X509_verify_cert(ctx); |
60 | 60 | if (ret <= 0) { |
61 | ret = X509_STORE_CTX_get_error(ctx); | |
61 | int err = X509_STORE_CTX_get_error(ctx); | |
62 | ||
62 | 63 | ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, |
63 | "Verify error: %s", X509_verify_cert_error_string(ret)); | |
64 | "Verify error: %s", X509_verify_cert_error_string(err)); | |
64 | 65 | goto end; |
65 | 66 | } |
66 | 67 | if (chain != NULL) |
0 | 0 | /* |
1 | * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
10 | 10 | #include <openssl/params.h> |
11 | 11 | #include <openssl/param_build.h> |
12 | 12 | #include "internal/param_build_set.h" |
13 | #include "e_os.h" /* strcasecmp */ | |
14 | 13 | |
15 | 14 | #define OSSL_PARAM_ALLOCATED_END 127 |
16 | 15 | #define OSSL_PARAM_MERGE_LIST_MAX 128 |
141 | 140 | const OSSL_PARAM *l = *(const OSSL_PARAM **)left; |
142 | 141 | const OSSL_PARAM *r = *(const OSSL_PARAM **)right; |
143 | 142 | |
144 | return strcasecmp(l->key, r->key); | |
143 | return OPENSSL_strcasecmp(l->key, r->key); | |
145 | 144 | } |
146 | 145 | |
147 | 146 | OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) |
204 | 203 | break; |
205 | 204 | } |
206 | 205 | /* consume the list element with the smaller key */ |
207 | diff = strcasecmp((*p1cur)->key, (*p2cur)->key); | |
206 | diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key); | |
208 | 207 | if (diff == 0) { |
209 | 208 | /* If the keys are the same then throw away the list1 element */ |
210 | 209 | *dst++ = **p2cur; |
0 | // ==================================================================== | |
1 | // Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL | |
2 | // project. | |
3 | // ==================================================================== | |
4 | // | |
5 | // Poly1305 for Itanium. | |
6 | // | |
7 | // January 2019 | |
8 | // | |
9 | // Performance was reported to be ~2.1 cycles per byte on Itanium 2. | |
10 | // With exception for processors in 95xx family, which have higher | |
11 | // floating-point instructions' latencies and deliver ~2.6 cpb. | |
12 | // Comparison to compiler-generated code is not exactly fair, because | |
13 | // of different radixes. But just for reference, it was observed to be | |
14 | // >3x faster. Originally it was argued that floating-point base 2^32 | |
15 | // implementation would be optimal. Upon closer look estimate for below | |
16 | // integer base 2^64 implementation turned to be approximately same on | |
17 | // Itanium 2. But floating-point code would be larger, and have higher | |
18 | // overhead, which would negatively affect small-block performance... | |
19 | ||
20 | #if defined(_HPUX_SOURCE) | |
21 | # if !defined(_LP64) | |
22 | # define ADDP addp4 | |
23 | # else | |
24 | # define ADDP add | |
25 | # endif | |
26 | # define RUM rum | |
27 | # define SUM sum | |
28 | #else | |
29 | # define ADDP add | |
30 | # define RUM nop | |
31 | # define SUM nop | |
32 | #endif | |
33 | ||
34 | .text | |
35 | .explicit | |
36 | ||
37 | .global poly1305_init# | |
38 | .proc poly1305_init# | |
39 | .align 64 | |
40 | poly1305_init: | |
41 | .prologue | |
42 | .save ar.pfs,r2 | |
43 | { .mmi; alloc r2=ar.pfs,2,0,0,0 | |
44 | cmp.eq p6,p7=0,r33 } // key == NULL? | |
45 | { .mmi; ADDP r9=8,r32 | |
46 | ADDP r10=16,r32 | |
47 | ADDP r32=0,r32 };; | |
48 | .body | |
49 | { .mmi; st8 [r32]=r0,24 // ctx->h0 = 0 | |
50 | st8 [r9]=r0 // ctx->h1 = 0 | |
51 | (p7) ADDP r8=0,r33 } | |
52 | { .mib; st8 [r10]=r0 // ctx->h2 = 0 | |
53 | (p6) mov r8=0 | |
54 | (p6) br.ret.spnt b0 };; | |
55 | ||
56 | { .mmi; ADDP r9=1,r33 | |
57 | ADDP r10=2,r33 | |
58 | ADDP r11=3,r33 };; | |
59 | { .mmi; ld1 r16=[r8],4 // load key, little-endian | |
60 | ld1 r17=[r9],4 } | |
61 | { .mmi; ld1 r18=[r10],4 | |
62 | ld1 r19=[r11],4 };; | |
63 | { .mmi; ld1 r20=[r8],4 | |
64 | ld1 r21=[r9],4 } | |
65 | { .mmi; ld1 r22=[r10],4 | |
66 | ld1 r23=[r11],4 | |
67 | and r19=15,r19 };; | |
68 | { .mmi; ld1 r24=[r8],4 | |
69 | ld1 r25=[r9],4 | |
70 | and r20=-4,r20 } | |
71 | { .mmi; ld1 r26=[r10],4 | |
72 | ld1 r27=[r11],4 | |
73 | and r23=15,r23 };; | |
74 | { .mmi; ld1 r28=[r8],4 | |
75 | ld1 r29=[r9],4 | |
76 | and r24=-4,r24 } | |
77 | { .mmi; ld1 r30=[r10],4 | |
78 | ld1 r31=[r11],4 | |
79 | and r27=15,r27 };; | |
80 | ||
81 | { .mii; and r28=-4,r28 | |
82 | dep r16=r17,r16,8,8 | |
83 | dep r18=r19,r18,8,8 };; | |
84 | { .mii; and r31=15,r31 | |
85 | dep r16=r18,r16,16,16 | |
86 | dep r20=r21,r20,8,8 };; | |
87 | { .mii; dep r16=r20,r16,32,16 | |
88 | dep r22=r23,r22,8,8 };; | |
89 | { .mii; dep r16=r22,r16,48,16 | |
90 | dep r24=r25,r24,8,8 };; | |
91 | { .mii; dep r26=r27,r26,8,8 | |
92 | dep r28=r29,r28,8,8 };; | |
93 | { .mii; dep r24=r26,r24,16,16 | |
94 | dep r30=r31,r30,8,8 };; | |
95 | { .mii; st8 [r32]=r16,8 // ctx->r0 | |
96 | dep r24=r28,r24,32,16;; | |
97 | dep r24=r30,r24,48,16 };; | |
98 | { .mii; st8 [r32]=r24,8 // ctx->r1 | |
99 | shr.u r25=r24,2;; | |
100 | add r25=r25,r24 };; | |
101 | { .mib; st8 [r32]=r25 // ctx->s1 | |
102 | mov r8=0 | |
103 | br.ret.sptk b0 };; | |
104 | .endp poly1305_init# | |
105 | ||
106 | h0=r17; h1=r18; h2=r19; | |
107 | i0=r20; i1=r21; | |
108 | HF0=f8; HF1=f9; HF2=f10; | |
109 | RF0=f11; RF1=f12; SF1=f13; | |
110 | ||
111 | .global poly1305_blocks# | |
112 | .proc poly1305_blocks# | |
113 | .align 64 | |
114 | poly1305_blocks: | |
115 | .prologue | |
116 | .save ar.pfs,r2 | |
117 | { .mii; alloc r2=ar.pfs,4,1,0,0 | |
118 | .save ar.lc,r3 | |
119 | mov r3=ar.lc | |
120 | .save pr,r36 | |
121 | mov r36=pr } | |
122 | ||
123 | .body | |
124 | { .mmi; ADDP r8=0,r32 | |
125 | ADDP r9=8,r32 | |
126 | and r29=7,r33 };; | |
127 | { .mmi; ld8 h0=[r8],16 | |
128 | ld8 h1=[r9],16 | |
129 | and r33=-8,r33 };; | |
130 | { .mmi; ld8 h2=[r8],16 | |
131 | ldf8 RF0=[r9],16 | |
132 | shr.u r34=r34,4 };; | |
133 | { .mmi; ldf8 RF1=[r8],-32 | |
134 | ldf8 SF1=[r9],-32 | |
135 | cmp.ltu p16,p17=1,r34 };; | |
136 | { .mmi; | |
137 | (p16) add r34=-2,r34 | |
138 | (p17) mov r34=0 | |
139 | ADDP r10=0,r33 } | |
140 | { .mii; ADDP r11=8,r33 | |
141 | (p16) mov ar.ec=2 | |
142 | (p17) mov ar.ec=1 };; | |
143 | { .mib; RUM 1<<1 // go little-endian | |
144 | mov ar.lc=r34 | |
145 | brp.loop.imp .Loop,.Lcend-16 } | |
146 | ||
147 | { .mmi; cmp.eq p8,p7=0,r29 | |
148 | cmp.eq p9,p0=1,r29 | |
149 | cmp.eq p10,p0=2,r29 } | |
150 | { .mmi; cmp.eq p11,p0=3,r29 | |
151 | cmp.eq p12,p0=4,r29 | |
152 | cmp.eq p13,p0=5,r29 } | |
153 | { .mmi; cmp.eq p14,p0=6,r29 | |
154 | cmp.eq p15,p0=7,r29 | |
155 | add r16=16,r10 };; | |
156 | ||
157 | { .mmb; | |
158 | (p8) ld8 i0=[r10],16 // aligned input | |
159 | (p8) ld8 i1=[r11],16 | |
160 | (p8) br.cond.sptk .Loop };; | |
161 | ||
162 | // align first block | |
163 | .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 | |
164 | { .mmi; (p7) ld8 r14=[r10],24 | |
165 | (p7) ld8 r15=[r11],24 } | |
166 | ||
167 | { .mii; (p7) ld8 r16=[r16] | |
168 | nop.i 0;; | |
169 | (p15) shrp i0=r15,r14,56 } | |
170 | { .mii; (p15) shrp i1=r16,r15,56 | |
171 | (p14) shrp i0=r15,r14,48 } | |
172 | { .mii; (p14) shrp i1=r16,r15,48 | |
173 | (p13) shrp i0=r15,r14,40 } | |
174 | { .mii; (p13) shrp i1=r16,r15,40 | |
175 | (p12) shrp i0=r15,r14,32 } | |
176 | { .mii; (p12) shrp i1=r16,r15,32 | |
177 | (p11) shrp i0=r15,r14,24 } | |
178 | { .mii; (p11) shrp i1=r16,r15,24 | |
179 | (p10) shrp i0=r15,r14,16 } | |
180 | { .mii; (p10) shrp i1=r16,r15,16 | |
181 | (p9) shrp i0=r15,r14,8 } | |
182 | { .mii; (p9) shrp i1=r16,r15,8 | |
183 | mov r14=r16 };; | |
184 | ||
185 | .Loop: | |
186 | .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 | |
187 | { .mmi; add h0=h0,i0 | |
188 | add h1=h1,i1 | |
189 | add h2=h2,r35 };; | |
190 | { .mmi; setf.sig HF0=h0 | |
191 | cmp.ltu p6,p0=h0,i0 | |
192 | cmp.ltu p7,p0=h1,i1 };; | |
193 | { .mmi; (p6) add h1=1,h1;; | |
194 | setf.sig HF1=h1 | |
195 | (p6) cmp.eq.or p7,p0=0,h1 };; | |
196 | { .mmi; (p7) add h2=1,h2;; | |
197 | setf.sig HF2=h2 };; | |
198 | ||
199 | { .mfi; (p16) ld8 r15=[r10],16 | |
200 | xmpy.lu f32=HF0,RF0 } | |
201 | { .mfi; (p16) ld8 r16=[r11],16 | |
202 | xmpy.hu f33=HF0,RF0 } | |
203 | { .mfi; xmpy.lu f36=HF0,RF1 } | |
204 | { .mfi; xmpy.hu f37=HF0,RF1 };; | |
205 | { .mfi; xmpy.lu f34=HF1,SF1 | |
206 | (p15) shrp i0=r15,r14,56 } | |
207 | { .mfi; xmpy.hu f35=HF1,SF1 } | |
208 | { .mfi; xmpy.lu f38=HF1,RF0 | |
209 | (p15) shrp i1=r16,r15,56 } | |
210 | { .mfi; xmpy.hu f39=HF1,RF0 } | |
211 | { .mfi; xmpy.lu f40=HF2,SF1 | |
212 | (p14) shrp i0=r15,r14,48 } | |
213 | { .mfi; xmpy.lu f41=HF2,RF0 };; | |
214 | ||
215 | { .mmi; getf.sig r22=f32 | |
216 | getf.sig r23=f33 | |
217 | (p14) shrp i1=r16,r15,48 } | |
218 | { .mmi; getf.sig r24=f34 | |
219 | getf.sig r25=f35 | |
220 | (p13) shrp i0=r15,r14,40 } | |
221 | { .mmi; getf.sig r26=f36 | |
222 | getf.sig r27=f37 | |
223 | (p13) shrp i1=r16,r15,40 } | |
224 | { .mmi; getf.sig r28=f38 | |
225 | getf.sig r29=f39 | |
226 | (p12) shrp i0=r15,r14,32 } | |
227 | { .mmi; getf.sig r30=f40 | |
228 | getf.sig r31=f41 };; | |
229 | ||
230 | { .mmi; add h0=r22,r24 | |
231 | add r23=r23,r25 | |
232 | (p12) shrp i1=r16,r15,32 } | |
233 | { .mmi; add h1=r26,r28 | |
234 | add r27=r27,r29 | |
235 | (p11) shrp i0=r15,r14,24 };; | |
236 | { .mmi; cmp.ltu p6,p0=h0,r24 | |
237 | cmp.ltu p7,p0=h1,r28 | |
238 | add r23=r23,r30 };; | |
239 | { .mmi; (p6) add r23=1,r23 | |
240 | (p7) add r27=1,r27 | |
241 | (p11) shrp i1=r16,r15,24 };; | |
242 | { .mmi; add h1=h1,r23;; | |
243 | cmp.ltu p6,p7=h1,r23 | |
244 | (p10) shrp i0=r15,r14,16 };; | |
245 | { .mmi; (p6) add h2=r31,r27,1 | |
246 | (p7) add h2=r31,r27 | |
247 | (p10) shrp i1=r16,r15,16 };; | |
248 | ||
249 | { .mmi; (p8) mov i0=r15 | |
250 | and r22=-4,h2 | |
251 | shr.u r23=h2,2 };; | |
252 | { .mmi; add r22=r22,r23 | |
253 | and h2=3,h2 | |
254 | (p9) shrp i0=r15,r14,8 };; | |
255 | ||
256 | { .mmi; add h0=h0,r22;; | |
257 | cmp.ltu p6,p0=h0,r22 | |
258 | (p9) shrp i1=r16,r15,8 };; | |
259 | { .mmi; (p8) mov i1=r16 | |
260 | (p6) cmp.eq.unc p7,p0=-1,h1 | |
261 | (p6) add h1=1,h1 };; | |
262 | { .mmb; (p7) add h2=1,h2 | |
263 | mov r14=r16 | |
264 | br.ctop.sptk .Loop };; | |
265 | .Lcend: | |
266 | ||
267 | { .mii; SUM 1<<1 // back to big-endian | |
268 | mov ar.lc=r3 };; | |
269 | ||
270 | { .mmi; st8 [r8]=h0,16 | |
271 | st8 [r9]=h1 | |
272 | mov pr=r36,0x1ffff };; | |
273 | { .mmb; st8 [r8]=h2 | |
274 | rum 1<<5 | |
275 | br.ret.sptk b0 };; | |
276 | .endp poly1305_blocks# | |
277 | ||
278 | .global poly1305_emit# | |
279 | .proc poly1305_emit# | |
280 | .align 64 | |
281 | poly1305_emit: | |
282 | .prologue | |
283 | .save ar.pfs,r2 | |
284 | { .mmi; alloc r2=ar.pfs,3,0,0,0 | |
285 | ADDP r8=0,r32 | |
286 | ADDP r9=8,r32 };; | |
287 | ||
288 | .body | |
289 | { .mmi; ld8 r16=[r8],16 // load hash | |
290 | ld8 r17=[r9] | |
291 | ADDP r10=0,r34 };; | |
292 | { .mmi; ld8 r18=[r8] | |
293 | ld4 r24=[r10],8 // load nonce | |
294 | ADDP r11=4,r34 };; | |
295 | ||
296 | { .mmi; ld4 r25=[r11],8 | |
297 | ld4 r26=[r10] | |
298 | add r20=5,r16 };; | |
299 | ||
300 | { .mmi; ld4 r27=[r11] | |
301 | cmp.ltu p6,p7=r20,r16 | |
302 | shl r25=r25,32 };; | |
303 | { .mmi; | |
304 | (p6) add r21=1,r17 | |
305 | (p7) add r21=0,r17 | |
306 | (p6) cmp.eq.or.andcm p6,p7=-1,r17 };; | |
307 | { .mmi; | |
308 | (p6) add r22=1,r18 | |
309 | (p7) add r22=0,r18 | |
310 | shl r27=r27,32 };; | |
311 | { .mmi; or r24=r24,r25 | |
312 | or r26=r26,r27 | |
313 | cmp.leu p6,p7=4,r22 };; | |
314 | { .mmi; | |
315 | (p6) add r16=r20,r24 | |
316 | (p7) add r16=r16,r24 | |
317 | (p6) add r17=r21,r26 };; | |
318 | { .mii; | |
319 | (p7) add r17=r17,r26 | |
320 | cmp.ltu p6,p7=r16,r24;; | |
321 | (p6) add r17=1,r17 };; | |
322 | ||
323 | { .mmi; ADDP r8=0,r33 | |
324 | ADDP r9=4,r33 | |
325 | shr.u r20=r16,32 } | |
326 | { .mmi; ADDP r10=8,r33 | |
327 | ADDP r11=12,r33 | |
328 | shr.u r21=r17,32 };; | |
329 | ||
330 | { .mmi; st1 [r8]=r16,1 // write mac, little-endian | |
331 | st1 [r9]=r20,1 | |
332 | shr.u r16=r16,8 } | |
333 | { .mii; st1 [r10]=r17,1 | |
334 | shr.u r20=r20,8 | |
335 | shr.u r17=r17,8 } | |
336 | { .mmi; st1 [r11]=r21,1 | |
337 | shr.u r21=r21,8 };; | |
338 | ||
339 | { .mmi; st1 [r8]=r16,1 | |
340 | st1 [r9]=r20,1 | |
341 | shr.u r16=r16,8 } | |
342 | { .mii; st1 [r10]=r17,1 | |
343 | shr.u r20=r20,8 | |
344 | shr.u r17=r17,8 } | |
345 | { .mmi; st1 [r11]=r21,1 | |
346 | shr.u r21=r21,8 };; | |
347 | ||
348 | { .mmi; st1 [r8]=r16,1 | |
349 | st1 [r9]=r20,1 | |
350 | shr.u r16=r16,8 } | |
351 | { .mii; st1 [r10]=r17,1 | |
352 | shr.u r20=r20,8 | |
353 | shr.u r17=r17,8 } | |
354 | { .mmi; st1 [r11]=r21,1 | |
355 | shr.u r21=r21,8 };; | |
356 | ||
357 | { .mmi; st1 [r8]=r16 | |
358 | st1 [r9]=r20 } | |
359 | { .mmb; st1 [r10]=r17 | |
360 | st1 [r11]=r21 | |
361 | br.ret.sptk b0 };; | |
362 | .endp poly1305_emit# | |
363 | ||
364 | stringz "Poly1305 for IA64, CRYPTOGAMS by \@dot-asm" |
0 | // ==================================================================== | |
1 | // Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL | |
2 | // project. | |
3 | // ==================================================================== | |
4 | // | |
5 | // Poly1305 for Itanium. | |
6 | // | |
7 | // January 2019 | |
8 | // | |
9 | // Performance was reported to be ~2.1 cycles per byte on Itanium 2. | |
10 | // With exception for processors in 95xx family, which have higher | |
11 | // floating-point instructions' latencies and deliver ~2.6 cpb. | |
12 | // Comparison to compiler-generated code is not exactly fair, because | |
13 | // of different radixes. But just for reference, it was observed to be | |
14 | // >3x faster. Originally it was argued that floating-point base 2^32 | |
15 | // implementation would be optimal. Upon closer look estimate for below | |
16 | // integer base 2^64 implementation turned to be approximately same on | |
17 | // Itanium 2. But floating-point code would be larger, and have higher | |
18 | // overhead, which would negatively affect small-block performance... | |
19 | ||
20 | #if defined(_HPUX_SOURCE) | |
21 | # if !defined(_LP64) | |
22 | # define ADDP addp4 | |
23 | # else | |
24 | # define ADDP add | |
25 | # endif | |
26 | # define RUM rum | |
27 | # define SUM sum | |
28 | #else | |
29 | # define ADDP add | |
30 | # define RUM nop | |
31 | # define SUM nop | |
32 | #endif | |
33 | ||
34 | .text | |
35 | .explicit | |
36 | ||
37 | .global poly1305_init# | |
38 | .proc poly1305_init# | |
39 | .align 64 | |
40 | poly1305_init: | |
41 | .prologue | |
42 | .save ar.pfs,r2 | |
43 | { .mmi; alloc r2=ar.pfs,2,0,0,0 | |
44 | cmp.eq p6,p7=0,r33 } // key == NULL? | |
45 | { .mmi; ADDP r9=8,r32 | |
46 | ADDP r10=16,r32 | |
47 | ADDP r32=0,r32 };; | |
48 | .body | |
49 | { .mmi; st8 [r32]=r0,24 // ctx->h0 = 0 | |
50 | st8 [r9]=r0 // ctx->h1 = 0 | |
51 | (p7) ADDP r8=0,r33 } | |
52 | { .mib; st8 [r10]=r0 // ctx->h2 = 0 | |
53 | (p6) mov r8=0 | |
54 | (p6) br.ret.spnt b0 };; | |
55 | ||
56 | { .mmi; ADDP r9=1,r33 | |
57 | ADDP r10=2,r33 | |
58 | ADDP r11=3,r33 };; | |
59 | { .mmi; ld1 r16=[r8],4 // load key, little-endian | |
60 | ld1 r17=[r9],4 } | |
61 | { .mmi; ld1 r18=[r10],4 | |
62 | ld1 r19=[r11],4 };; | |
63 | { .mmi; ld1 r20=[r8],4 | |
64 | ld1 r21=[r9],4 } | |
65 | { .mmi; ld1 r22=[r10],4 | |
66 | ld1 r23=[r11],4 | |
67 | and r19=15,r19 };; | |
68 | { .mmi; ld1 r24=[r8],4 | |
69 | ld1 r25=[r9],4 | |
70 | and r20=-4,r20 } | |
71 | { .mmi; ld1 r26=[r10],4 | |
72 | ld1 r27=[r11],4 | |
73 | and r23=15,r23 };; | |
74 | { .mmi; ld1 r28=[r8],4 | |
75 | ld1 r29=[r9],4 | |
76 | and r24=-4,r24 } | |
77 | { .mmi; ld1 r30=[r10],4 | |
78 | ld1 r31=[r11],4 | |
79 | and r27=15,r27 };; | |
80 | ||
81 | { .mii; and r28=-4,r28 | |
82 | dep r16=r17,r16,8,8 | |
83 | dep r18=r19,r18,8,8 };; | |
84 | { .mii; and r31=15,r31 | |
85 | dep r16=r18,r16,16,16 | |
86 | dep r20=r21,r20,8,8 };; | |
87 | { .mii; dep r16=r20,r16,32,16 | |
88 | dep r22=r23,r22,8,8 };; | |
89 | { .mii; dep r16=r22,r16,48,16 | |
90 | dep r24=r25,r24,8,8 };; | |
91 | { .mii; dep r26=r27,r26,8,8 | |
92 | dep r28=r29,r28,8,8 };; | |
93 | { .mii; dep r24=r26,r24,16,16 | |
94 | dep r30=r31,r30,8,8 };; | |
95 | { .mii; st8 [r32]=r16,8 // ctx->r0 | |
96 | dep r24=r28,r24,32,16;; | |
97 | dep r24=r30,r24,48,16 };; | |
98 | { .mii; st8 [r32]=r24,8 // ctx->r1 | |
99 | shr.u r25=r24,2;; | |
100 | add r25=r25,r24 };; | |
101 | { .mib; st8 [r32]=r25 // ctx->s1 | |
102 | mov r8=0 | |
103 | br.ret.sptk b0 };; | |
104 | .endp poly1305_init# | |
105 | ||
106 | h0=r17; h1=r18; h2=r19; | |
107 | i0=r20; i1=r21; | |
108 | HF0=f8; HF1=f9; HF2=f10; | |
109 | RF0=f11; RF1=f12; SF1=f13; | |
110 | ||
111 | .global poly1305_blocks# | |
112 | .proc poly1305_blocks# | |
113 | .align 64 | |
114 | poly1305_blocks: | |
115 | .prologue | |
116 | .save ar.pfs,r2 | |
117 | { .mii; alloc r2=ar.pfs,4,1,0,0 | |
118 | .save ar.lc,r3 | |
119 | mov r3=ar.lc | |
120 | .save pr,r36 | |
121 | mov r36=pr } | |
122 | ||
123 | .body | |
124 | { .mmi; ADDP r8=0,r32 | |
125 | ADDP r9=8,r32 | |
126 | and r29=7,r33 };; | |
127 | { .mmi; ld8 h0=[r8],16 | |
128 | ld8 h1=[r9],16 | |
129 | and r33=-8,r33 };; | |
130 | { .mmi; ld8 h2=[r8],16 | |
131 | ldf8 RF0=[r9],16 | |
132 | shr.u r34=r34,4 };; | |
133 | { .mmi; ldf8 RF1=[r8],-32 | |
134 | ldf8 SF1=[r9],-32 | |
135 | cmp.ltu p16,p17=1,r34 };; | |
136 | { .mmi; | |
137 | (p16) add r34=-2,r34 | |
138 | (p17) mov r34=0 | |
139 | ADDP r10=0,r33 } | |
140 | { .mii; ADDP r11=8,r33 | |
141 | (p16) mov ar.ec=2 | |
142 | (p17) mov ar.ec=1 };; | |
143 | { .mib; RUM 1<<1 // go little-endian | |
144 | mov ar.lc=r34 | |
145 | brp.loop.imp .Loop,.Lcend-16 } | |
146 | ||
147 | { .mmi; cmp.eq p8,p7=0,r29 | |
148 | cmp.eq p9,p0=1,r29 | |
149 | cmp.eq p10,p0=2,r29 } | |
150 | { .mmi; cmp.eq p11,p0=3,r29 | |
151 | cmp.eq p12,p0=4,r29 | |
152 | cmp.eq p13,p0=5,r29 } | |
153 | { .mmi; cmp.eq p14,p0=6,r29 | |
154 | cmp.eq p15,p0=7,r29 | |
155 | add r16=16,r10 };; | |
156 | ||
157 | { .mmb; | |
158 | (p8) ld8 i0=[r10],16 // aligned input | |
159 | (p8) ld8 i1=[r11],16 | |
160 | (p8) br.cond.sptk .Loop };; | |
161 | ||
162 | // align first block | |
163 | .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 | |
164 | { .mmi; (p7) ld8 r14=[r10],24 | |
165 | (p7) ld8 r15=[r11],24 } | |
166 | ||
167 | { .mii; (p7) ld8 r16=[r16] | |
168 | nop.i 0;; | |
169 | (p15) shrp i0=r15,r14,56 } | |
170 | { .mii; (p15) shrp i1=r16,r15,56 | |
171 | (p14) shrp i0=r15,r14,48 } | |
172 | { .mii; (p14) shrp i1=r16,r15,48 | |
173 | (p13) shrp i0=r15,r14,40 } | |
174 | { .mii; (p13) shrp i1=r16,r15,40 | |
175 | (p12) shrp i0=r15,r14,32 } | |
176 | { .mii; (p12) shrp i1=r16,r15,32 | |
177 | (p11) shrp i0=r15,r14,24 } | |
178 | { .mii; (p11) shrp i1=r16,r15,24 | |
179 | (p10) shrp i0=r15,r14,16 } | |
180 | { .mii; (p10) shrp i1=r16,r15,16 | |
181 | (p9) shrp i0=r15,r14,8 } | |
182 | { .mii; (p9) shrp i1=r16,r15,8 | |
183 | mov r14=r16 };; | |
184 | ||
185 | .Loop: | |
186 | .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 | |
187 | { .mmi; add h0=h0,i0 | |
188 | add h1=h1,i1 | |
189 | add h2=h2,r35 };; | |
190 | { .mmi; setf.sig HF0=h0 | |
191 | cmp.ltu p6,p0=h0,i0 | |
192 | cmp.ltu p7,p0=h1,i1 };; | |
193 | { .mmi; (p6) add h1=1,h1;; | |
194 | setf.sig HF1=h1 | |
195 | (p6) cmp.eq.or p7,p0=0,h1 };; | |
196 | { .mmi; (p7) add h2=1,h2;; | |
197 | setf.sig HF2=h2 };; | |
198 | ||
199 | { .mfi; (p16) ld8 r15=[r10],16 | |
200 | xmpy.lu f32=HF0,RF0 } | |
201 | { .mfi; (p16) ld8 r16=[r11],16 | |
202 | xmpy.hu f33=HF0,RF0 } | |
203 | { .mfi; xmpy.lu f36=HF0,RF1 } | |
204 | { .mfi; xmpy.hu f37=HF0,RF1 };; | |
205 | { .mfi; xmpy.lu f34=HF1,SF1 | |
206 | (p15) shrp i0=r15,r14,56 } | |
207 | { .mfi; xmpy.hu f35=HF1,SF1 } | |
208 | { .mfi; xmpy.lu f38=HF1,RF0 | |
209 | (p15) shrp i1=r16,r15,56 } | |
210 | { .mfi; xmpy.hu f39=HF1,RF0 } | |
211 | { .mfi; xmpy.lu f40=HF2,SF1 | |
212 | (p14) shrp i0=r15,r14,48 } | |
213 | { .mfi; xmpy.lu f41=HF2,RF0 };; | |
214 | ||
215 | { .mmi; getf.sig r22=f32 | |
216 | getf.sig r23=f33 | |
217 | (p14) shrp i1=r16,r15,48 } | |
218 | { .mmi; getf.sig r24=f34 | |
219 | getf.sig r25=f35 | |
220 | (p13) shrp i0=r15,r14,40 } | |
221 | { .mmi; getf.sig r26=f36 | |
222 | getf.sig r27=f37 | |
223 | (p13) shrp i1=r16,r15,40 } | |
224 | { .mmi; getf.sig r28=f38 | |
225 | getf.sig r29=f39 | |
226 | (p12) shrp i0=r15,r14,32 } | |
227 | { .mmi; getf.sig r30=f40 | |
228 | getf.sig r31=f41 };; | |
229 | ||
230 | { .mmi; add h0=r22,r24 | |
231 | add r23=r23,r25 | |
232 | (p12) shrp i1=r16,r15,32 } | |
233 | { .mmi; add h1=r26,r28 | |
234 | add r27=r27,r29 | |
235 | (p11) shrp i0=r15,r14,24 };; | |
236 | { .mmi; cmp.ltu p6,p0=h0,r24 | |
237 | cmp.ltu p7,p0=h1,r28 | |
238 | add r23=r23,r30 };; | |
239 | { .mmi; (p6) add r23=1,r23 | |
240 | (p7) add r27=1,r27 | |
241 | (p11) shrp i1=r16,r15,24 };; | |
242 | { .mmi; add h1=h1,r23;; | |
243 | cmp.ltu p6,p7=h1,r23 | |
244 | (p10) shrp i0=r15,r14,16 };; | |
245 | { .mmi; (p6) add h2=r31,r27,1 | |
246 | (p7) add h2=r31,r27 | |
247 | (p10) shrp i1=r16,r15,16 };; | |
248 | ||
249 | { .mmi; (p8) mov i0=r15 | |
250 | and r22=-4,h2 | |
251 | shr.u r23=h2,2 };; | |
252 | { .mmi; add r22=r22,r23 | |
253 | and h2=3,h2 | |
254 | (p9) shrp i0=r15,r14,8 };; | |
255 | ||
256 | { .mmi; add h0=h0,r22;; | |
257 | cmp.ltu p6,p0=h0,r22 | |
258 | (p9) shrp i1=r16,r15,8 };; | |
259 | { .mmi; (p8) mov i1=r16 | |
260 | (p6) cmp.eq.unc p7,p0=-1,h1 | |
261 | (p6) add h1=1,h1 };; | |
262 | { .mmb; (p7) add h2=1,h2 | |
263 | mov r14=r16 | |
264 | br.ctop.sptk .Loop };; | |
265 | .Lcend: | |
266 | ||
267 | { .mii; SUM 1<<1 // back to big-endian | |
268 | mov ar.lc=r3 };; | |
269 | ||
270 | { .mmi; st8 [r8]=h0,16 | |
271 | st8 [r9]=h1 | |
272 | mov pr=r36,0x1ffff };; | |
273 | { .mmb; st8 [r8]=h2 | |
274 | rum 1<<5 | |
275 | br.ret.sptk b0 };; | |
276 | .endp poly1305_blocks# | |
277 | ||
278 | .global poly1305_emit# | |
279 | .proc poly1305_emit# | |
280 | .align 64 | |
281 | poly1305_emit: | |
282 | .prologue | |
283 | .save ar.pfs,r2 | |
284 | { .mmi; alloc r2=ar.pfs,3,0,0,0 | |
285 | ADDP r8=0,r32 | |
286 | ADDP r9=8,r32 };; | |
287 | ||
288 | .body | |
289 | { .mmi; ld8 r16=[r8],16 // load hash | |
290 | ld8 r17=[r9] | |
291 | ADDP r10=0,r34 };; | |
292 | { .mmi; ld8 r18=[r8] | |
293 | ld4 r24=[r10],8 // load nonce | |
294 | ADDP r11=4,r34 };; | |
295 | ||
296 | { .mmi; ld4 r25=[r11],8 | |
297 | ld4 r26=[r10] | |
298 | add r20=5,r16 };; | |
299 | ||
300 | { .mmi; ld4 r27=[r11] | |
301 | cmp.ltu p6,p7=r20,r16 | |
302 | shl r25=r25,32 };; | |
303 | { .mmi; | |
304 | (p6) add r21=1,r17 | |
305 | (p7) add r21=0,r17 | |
306 | (p6) cmp.eq.or.andcm p6,p7=-1,r17 };; | |
307 | { .mmi; | |
308 | (p6) add r22=1,r18 | |
309 | (p7) add r22=0,r18 | |
310 | shl r27=r27,32 };; | |
311 | { .mmi; or r24=r24,r25 | |
312 | or r26=r26,r27 | |
313 | cmp.leu p6,p7=4,r22 };; | |
314 | { .mmi; | |
315 | (p6) add r16=r20,r24 | |
316 | (p7) add r16=r16,r24 | |
317 | (p6) add r17=r21,r26 };; | |
318 | { .mii; | |
319 | (p7) add r17=r17,r26 | |
320 | cmp.ltu p6,p7=r16,r24;; | |
321 | (p6) add r17=1,r17 };; | |
322 | ||
323 | { .mmi; ADDP r8=0,r33 | |
324 | ADDP r9=4,r33 | |
325 | shr.u r20=r16,32 } | |
326 | { .mmi; ADDP r10=8,r33 | |
327 | ADDP r11=12,r33 | |
328 | shr.u r21=r17,32 };; | |
329 | ||
330 | { .mmi; st1 [r8]=r16,1 // write mac, little-endian | |
331 | st1 [r9]=r20,1 | |
332 | shr.u r16=r16,8 } | |
333 | { .mii; st1 [r10]=r17,1 | |
334 | shr.u r20=r20,8 | |
335 | shr.u r17=r17,8 } | |
336 | { .mmi; st1 [r11]=r21,1 | |
337 | shr.u r21=r21,8 };; | |
338 | ||
339 | { .mmi; st1 [r8]=r16,1 | |
340 | st1 [r9]=r20,1 | |
341 | shr.u r16=r16,8 } | |
342 | { .mii; st1 [r10]=r17,1 | |
343 | shr.u r20=r20,8 | |
344 | shr.u r17=r17,8 } | |
345 | { .mmi; st1 [r11]=r21,1 | |
346 | shr.u r21=r21,8 };; | |
347 | ||
348 | { .mmi; st1 [r8]=r16,1 | |
349 | st1 [r9]=r20,1 | |
350 | shr.u r16=r16,8 } | |
351 | { .mii; st1 [r10]=r17,1 | |
352 | shr.u r20=r20,8 | |
353 | shr.u r17=r17,8 } | |
354 | { .mmi; st1 [r11]=r21,1 | |
355 | shr.u r21=r21,8 };; | |
356 | ||
357 | { .mmi; st1 [r8]=r16 | |
358 | st1 [r9]=r20 } | |
359 | { .mmb; st1 [r10]=r17 | |
360 | st1 [r11]=r21 | |
361 | br.ret.sptk b0 };; | |
362 | .endp poly1305_emit# | |
363 | ||
364 | stringz "Poly1305 for IA64, CRYPTOGAMS by \@dot-asm" |
4 | 4 | $POLY1305ASM_x86=poly1305-x86.s |
5 | 5 | $POLY1305ASM_x86_64=poly1305-x86_64.s |
6 | 6 | |
7 | $POLY1305ASM_ia64=asm/poly1305-ia64.S | |
7 | $POLY1305ASM_ia64=asm/poly1305-ia64.s | |
8 | 8 | |
9 | 9 | $POLY1305ASM_sparcv9=poly1305-sparcv9.S |
10 | 10 |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
44 | 44 | { |
45 | 45 | const char *s = *t; |
46 | 46 | |
47 | if (strncasecmp(s, m, m_len) == 0) { | |
47 | if (OPENSSL_strncasecmp(s, m, m_len) == 0) { | |
48 | 48 | *t = skip_space(s + m_len); |
49 | 49 | return 1; |
50 | 50 | } |
767 | 767 | |
768 | 768 | for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { |
769 | 769 | cval = sk_CONF_VALUE_value(elist, i); |
770 | if (strcasecmp(cval->name, "random") == 0) { | |
770 | if (OPENSSL_strcasecmp(cval->name, "random") == 0) { | |
771 | 771 | if (!random_set_string(&dgbl->rng_name, cval->value)) |
772 | 772 | return 0; |
773 | } else if (strcasecmp(cval->name, "cipher") == 0) { | |
773 | } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) { | |
774 | 774 | if (!random_set_string(&dgbl->rng_cipher, cval->value)) |
775 | 775 | return 0; |
776 | } else if (strcasecmp(cval->name, "digest") == 0) { | |
776 | } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) { | |
777 | 777 | if (!random_set_string(&dgbl->rng_digest, cval->value)) |
778 | 778 | return 0; |
779 | } else if (strcasecmp(cval->name, "properties") == 0) { | |
779 | } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) { | |
780 | 780 | if (!random_set_string(&dgbl->rng_propq, cval->value)) |
781 | 781 | return 0; |
782 | } else if (strcasecmp(cval->name, "seed") == 0) { | |
782 | } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) { | |
783 | 783 | if (!random_set_string(&dgbl->seed_name, cval->value)) |
784 | 784 | return 0; |
785 | } else if (strcasecmp(cval->name, "seed_properties") == 0) { | |
785 | } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) { | |
786 | 786 | if (!random_set_string(&dgbl->seed_propq, cval->value)) |
787 | 787 | return 0; |
788 | 788 | } else { |
25 | 25 | #include "internal/param_build_set.h" |
26 | 26 | #include "crypto/rsa.h" |
27 | 27 | #include "rsa_local.h" |
28 | ||
29 | #include "e_os.h" /* strcasecmp for Windows() */ | |
30 | 28 | |
31 | 29 | /* |
32 | 30 | * The intention with the "backend" source file is to offer backend support |
274 | 272 | else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) |
275 | 273 | return 0; |
276 | 274 | |
277 | if (strcasecmp(param_mgf->data, | |
278 | ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) | |
275 | if (OPENSSL_strcasecmp(param_mgf->data, | |
276 | ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) | |
279 | 277 | return 0; |
280 | 278 | } |
281 | 279 |
0 | 0 | /* |
1 | * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
71 | 71 | unsigned long long kdsa[2]; |
72 | 72 | }; |
73 | 73 | |
74 | #if defined(__GNUC__) && defined(__linux) | |
75 | __attribute__ ((visibility("hidden"))) | |
76 | #endif | |
74 | 77 | extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; |
75 | 78 | |
76 | 79 | /* Max number of 64-bit words currently returned by STFLE */ |
0 | 0 | /* |
1 | * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
73 | 73 | |
74 | 74 | struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; |
75 | 75 | |
76 | #if defined(__GNUC__) && defined(__linux) | |
77 | __attribute__ ((visibility("hidden"))) | |
78 | #endif | |
76 | 79 | void OPENSSL_cpuid_setup(void) |
77 | 80 | { |
78 | 81 | struct OPENSSL_s390xcap_st cap; |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
203 | 203 | uint64_t v2 = ctx->v2; |
204 | 204 | uint64_t v3 = ctx->v3; |
205 | 205 | |
206 | if (outlen != (size_t)ctx->hash_size) | |
206 | if (ctx->crounds == 0 || outlen == 0 || outlen != (size_t)ctx->hash_size) | |
207 | 207 | return 0; |
208 | 208 | |
209 | 209 | switch (ctx->len) { |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
18 | 18 | * depth of the tree but potentially wastes more memory. That is, this is a |
19 | 19 | * direct space versus time tradeoff. |
20 | 20 | * |
21 | * The large memory model uses twelve bits which means that the are 4096 | |
22 | * pointers in each tree node. This is more than sufficient to hold the | |
23 | * largest defined NID (as of Feb 2019). This means that using a NID to | |
24 | * index a sparse array becomes a constant time single array look up. | |
25 | * | |
26 | * The small memory model uses four bits which means the tree nodes contain | |
27 | * sixteen pointers. This reduces the amount of unused space significantly | |
28 | * at a cost in time. | |
21 | * The default is to use four bits which means that the are 16 | |
22 | * pointers in each tree node. | |
29 | 23 | * |
30 | 24 | * The library builder is also permitted to define other sizes in the closed |
31 | * interval [2, sizeof(ossl_uintmax_t) * 8]. | |
25 | * interval [2, sizeof(ossl_uintmax_t) * 8]. Space use generally scales | |
26 | * exponentially with the block size, although the implementation only | |
27 | * creates enough blocks to support the largest used index. The depth is: | |
28 | * ceil(log_2(largest index) / 2^{block size}) | |
29 | * E.g. with a block size of 4, and a largest index of 1000, the depth | |
30 | * will be three. | |
32 | 31 | */ |
33 | 32 | #ifndef OPENSSL_SA_BLOCK_BITS |
34 | # ifdef OPENSSL_SMALL_FOOTPRINT | |
35 | # define OPENSSL_SA_BLOCK_BITS 4 | |
36 | # else | |
37 | # define OPENSSL_SA_BLOCK_BITS 12 | |
38 | # endif | |
33 | # define OPENSSL_SA_BLOCK_BITS 4 | |
39 | 34 | #elif OPENSSL_SA_BLOCK_BITS < 2 || OPENSSL_SA_BLOCK_BITS > (BN_BITS2 - 1) |
40 | 35 | # error OPENSSL_SA_BLOCK_BITS is out of range |
41 | 36 | #endif |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
92 | 92 | OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); |
93 | 93 | if ((p = strchr(scheme_copy, ':')) != NULL) { |
94 | 94 | *p++ = '\0'; |
95 | if (strcasecmp(scheme_copy, "file") != 0) { | |
95 | if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { | |
96 | 96 | if (strncmp(p, "//", 2) == 0) |
97 | 97 | schemes_n--; /* Invalidate the file scheme */ |
98 | 98 | schemes[schemes_n++] = scheme_copy; |
456 | 456 | |
457 | 457 | /* If we have a data type, it should be a PEM name */ |
458 | 458 | if (data->data_type != NULL |
459 | && (strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) | |
459 | && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) | |
460 | 460 | ignore_trusted = 0; |
461 | 461 | |
462 | 462 | if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, |
14 | 14 | |
15 | 15 | #if defined(__sun) |
16 | 16 | # include <atomic.h> |
17 | #endif | |
18 | ||
19 | #if defined(__apple_build_version__) && __apple_build_version__ < 6000000 | |
20 | /* | |
21 | * OS/X 10.7 and 10.8 had a weird version of clang which has __ATOMIC_ACQUIRE and | |
22 | * __ATOMIC_ACQ_REL but which expects only one parameter for __atomic_is_lock_free() | |
23 | * rather than two which has signature __atomic_is_lock_free(sizeof(_Atomic(T))). | |
24 | * All of this makes impossible to use __atomic_is_lock_free here. | |
25 | * | |
26 | * See: https://github.com/llvm/llvm-project/commit/a4c2602b714e6c6edb98164550a5ae829b2de760 | |
27 | */ | |
28 | #define BROKEN_CLANG_ATOMICS | |
17 | 29 | #endif |
18 | 30 | |
19 | 31 | #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) |
187 | 199 | |
188 | 200 | int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) |
189 | 201 | { |
190 | # if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) | |
202 | # if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) | |
191 | 203 | if (__atomic_is_lock_free(sizeof(*val), val)) { |
192 | 204 | *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); |
193 | 205 | return 1; |
214 | 226 | int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, |
215 | 227 | CRYPTO_RWLOCK *lock) |
216 | 228 | { |
217 | # if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) | |
229 | # if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) | |
218 | 230 | if (__atomic_is_lock_free(sizeof(*val), val)) { |
219 | 231 | *ret = __atomic_or_fetch(val, op, __ATOMIC_ACQ_REL); |
220 | 232 | return 1; |
239 | 251 | |
240 | 252 | int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) |
241 | 253 | { |
242 | # if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) | |
254 | # if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) | |
243 | 255 | if (__atomic_is_lock_free(sizeof(*val), val)) { |
244 | 256 | __atomic_load(val, ret, __ATOMIC_ACQUIRE); |
245 | 257 | return 1; |
17 | 17 | #include "internal/nelem.h" |
18 | 18 | #include "internal/refcount.h" |
19 | 19 | #include "crypto/cryptlib.h" |
20 | ||
21 | #include "e_os.h" /* strcasecmp for Windows */ | |
22 | 20 | |
23 | 21 | #ifndef OPENSSL_NO_TRACE |
24 | 22 | |
157 | 155 | size_t i; |
158 | 156 | |
159 | 157 | for (i = 0; i < OSSL_NELEM(trace_categories); i++) |
160 | if (strcasecmp(name, trace_categories[i].name) == 0) | |
158 | if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) | |
161 | 159 | return trace_categories[i].num; |
162 | 160 | return -1; /* not found */ |
163 | 161 | } |
0 | 0 | /* |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
107 | 107 | extval = val->name; |
108 | 108 | |
109 | 109 | for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) |
110 | if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) | |
110 | if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) | |
111 | 111 | break; |
112 | 112 | if (j < OSSL_NELEM(tls_feature_tbl)) |
113 | 113 | tlsextid = tls_feature_tbl[j].num; |
348 | 348 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME); |
349 | 349 | goto err; |
350 | 350 | } |
351 | X509V3_add_value(ntmp, NULL, &values); | |
351 | if (!X509V3_add_value(ntmp, NULL, &values)) { | |
352 | goto err; | |
353 | } | |
352 | 354 | } |
353 | 355 | break; |
354 | 356 | |
361 | 363 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE); |
362 | 364 | goto err; |
363 | 365 | } |
364 | X509V3_add_value(ntmp, vtmp, &values); | |
366 | if (!X509V3_add_value(ntmp, vtmp, &values)) { | |
367 | goto err; | |
368 | } | |
365 | 369 | ntmp = NULL; |
366 | 370 | q = p + 1; |
367 | 371 | } |
375 | 379 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE); |
376 | 380 | goto err; |
377 | 381 | } |
378 | X509V3_add_value(ntmp, vtmp, &values); | |
382 | if (!X509V3_add_value(ntmp, vtmp, &values)) { | |
383 | goto err; | |
384 | } | |
379 | 385 | } else { |
380 | 386 | ntmp = strip_spaces(q); |
381 | 387 | if (!ntmp) { |
382 | 388 | ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME); |
383 | 389 | goto err; |
384 | 390 | } |
385 | X509V3_add_value(ntmp, NULL, &values); | |
391 | if (!X509V3_add_value(ntmp, NULL, &values)) { | |
392 | goto err; | |
393 | } | |
386 | 394 | } |
387 | 395 | OPENSSL_free(linebuf); |
388 | 396 | return values; |
706 | 714 | } |
707 | 715 | /* IDNA labels cannot match partial wildcards */ |
708 | 716 | if (!allow_idna && |
709 | subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0) | |
717 | subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) | |
710 | 718 | return 0; |
711 | 719 | /* The wildcard may match a literal '*' */ |
712 | 720 | if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') |
766 | 774 | || ('A' <= p[i] && p[i] <= 'Z') |
767 | 775 | || ('0' <= p[i] && p[i] <= '9')) { |
768 | 776 | if ((state & LABEL_START) != 0 |
769 | && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0) | |
777 | && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) | |
770 | 778 | state |= LABEL_IDNA; |
771 | 779 | state &= ~(LABEL_HYPHEN | LABEL_START); |
772 | 780 | } else if (p[i] == '.') { |
1530 | 1530 | GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod |
1531 | 1531 | DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod |
1532 | 1532 | GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod |
1533 | DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod | |
1534 | GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod | |
1535 | DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod | |
1536 | GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod | |
1533 | 1537 | DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod |
1534 | 1538 | GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod |
1535 | 1539 | DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod |
3109 | 3113 | html/man3/OPENSSL_malloc.html \ |
3110 | 3114 | html/man3/OPENSSL_s390xcap.html \ |
3111 | 3115 | html/man3/OPENSSL_secure_malloc.html \ |
3116 | html/man3/OPENSSL_strcasecmp.html \ | |
3112 | 3117 | html/man3/OSSL_CMP_CTX_new.html \ |
3113 | 3118 | html/man3/OSSL_CMP_HDR_get0_transactionID.html \ |
3114 | 3119 | html/man3/OSSL_CMP_ITAV_set0.html \ |
3703 | 3708 | man/man3/OPENSSL_malloc.3 \ |
3704 | 3709 | man/man3/OPENSSL_s390xcap.3 \ |
3705 | 3710 | man/man3/OPENSSL_secure_malloc.3 \ |
3711 | man/man3/OPENSSL_strcasecmp.3 \ | |
3706 | 3712 | man/man3/OSSL_CMP_CTX_new.3 \ |
3707 | 3713 | man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ |
3708 | 3714 | man/man3/OSSL_CMP_ITAV_set0.3 \ |
18 | 18 | 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 |
19 | 19 | |
20 | 20 | Paul Dale: |
21 | 1B72 6772 1033 CC88 A531 5EF5 5359 C4D8 443B 383B | |
21 | B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45 | |
22 | ||
23 | Tomáš Mráz: | |
24 | A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C |
117 | 117 | called in response to the application calling BIO_new() and passing |
118 | 118 | in a pointer to the current BIO_METHOD. The BIO_new() function will allocate the |
119 | 119 | memory for the new BIO, and a pointer to this newly allocated structure will |
120 | be passed as a parameter to the function. | |
120 | be passed as a parameter to the function. If a create function is set, | |
121 | BIO_new() will not mark the BIO as initialised on allocation. | |
122 | L<BIO_set_init(3)> must then be called either by the create function, or later, | |
123 | by a BIO ctrl function, once BIO initialisation is complete. | |
121 | 124 | |
122 | 125 | BIO_meth_get_destroy() and BIO_meth_set_destroy() get and set the function used |
123 | 126 | for destroying an instance of a BIO respectively. This function will be |
153 | 156 | |
154 | 157 | =head1 COPYRIGHT |
155 | 158 | |
156 | Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
159 | Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
157 | 160 | |
158 | 161 | Licensed under the Apache License 2.0 (the "License"). You may not use |
159 | 162 | this file except in compliance with the License. You can obtain a copy |
33 | 33 | =head1 RETURN VALUES |
34 | 34 | |
35 | 35 | These functions return a B<EVP_MD> structure that contains the |
36 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
36 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
37 | 37 | details of the B<EVP_MD> structure. |
38 | 38 | |
39 | 39 | =head1 CONFORMING TO |
53 | 53 | |
54 | 54 | =head1 COPYRIGHT |
55 | 55 | |
56 | Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
56 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
57 | 57 | |
58 | 58 | Licensed under the Apache License 2.0 (the "License"). You may not use |
59 | 59 | this file except in compliance with the License. You can obtain a copy |
27 | 27 | =head1 RETURN VALUES |
28 | 28 | |
29 | 29 | These functions return a B<EVP_MD> structure that contains the |
30 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
30 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
31 | 31 | details of the B<EVP_MD> structure. |
32 | 32 | |
33 | 33 | =head1 CONFORMING TO |
42 | 42 | |
43 | 43 | =head1 COPYRIGHT |
44 | 44 | |
45 | Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
45 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
46 | 46 | |
47 | 47 | Licensed under the Apache License 2.0 (the "License"). You may not use |
48 | 48 | this file except in compliance with the License. You can obtain a copy |
28 | 28 | =head1 RETURN VALUES |
29 | 29 | |
30 | 30 | These functions return a B<EVP_MD> structure that contains the |
31 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
31 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
32 | 32 | details of the B<EVP_MD> structure. |
33 | 33 | |
34 | 34 | =head1 CONFORMING TO |
43 | 43 | |
44 | 44 | =head1 COPYRIGHT |
45 | 45 | |
46 | Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
46 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
47 | 47 | |
48 | 48 | Licensed under the Apache License 2.0 (the "License"). You may not use |
49 | 49 | this file except in compliance with the License. You can obtain a copy |
39 | 39 | =head1 RETURN VALUES |
40 | 40 | |
41 | 41 | These functions return a B<EVP_MD> structure that contains the |
42 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
42 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
43 | 43 | details of the B<EVP_MD> structure. |
44 | 44 | |
45 | 45 | =head1 CONFORMING TO |
53 | 53 | |
54 | 54 | =head1 COPYRIGHT |
55 | 55 | |
56 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
56 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
57 | 57 | |
58 | 58 | Licensed under the Apache License 2.0 (the "License"). You may not use |
59 | 59 | this file except in compliance with the License. You can obtain a copy |
28 | 28 | =head1 RETURN VALUES |
29 | 29 | |
30 | 30 | These functions return a B<EVP_MD> structure that contains the |
31 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
31 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
32 | 32 | details of the B<EVP_MD> structure. |
33 | 33 | |
34 | 34 | =head1 CONFORMING TO |
43 | 43 | |
44 | 44 | =head1 COPYRIGHT |
45 | 45 | |
46 | Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
46 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
47 | 47 | |
48 | 48 | Licensed under the Apache License 2.0 (the "License"). You may not use |
49 | 49 | this file except in compliance with the License. You can obtain a copy |
27 | 27 | =head1 RETURN VALUES |
28 | 28 | |
29 | 29 | These functions return a B<EVP_MD> structure that contains the |
30 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
30 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
31 | 31 | details of the B<EVP_MD> structure. |
32 | 32 | |
33 | 33 | =head1 CONFORMING TO |
42 | 42 | |
43 | 43 | =head1 COPYRIGHT |
44 | 44 | |
45 | Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
45 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
46 | 46 | |
47 | 47 | Licensed under the Apache License 2.0 (the "License"). You may not use |
48 | 48 | this file except in compliance with the License. You can obtain a copy |
28 | 28 | =head1 RETURN VALUES |
29 | 29 | |
30 | 30 | These functions return a B<EVP_MD> structure that contains the |
31 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
31 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
32 | 32 | details of the B<EVP_MD> structure. |
33 | 33 | |
34 | 34 | =head1 CONFORMING TO |
42 | 42 | |
43 | 43 | =head1 COPYRIGHT |
44 | 44 | |
45 | Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
45 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
46 | 46 | |
47 | 47 | Licensed under the Apache License 2.0 (the "License"). You may not use |
48 | 48 | this file except in compliance with the License. You can obtain a copy |
48 | 48 | =head1 RETURN VALUES |
49 | 49 | |
50 | 50 | These functions return a B<EVP_MD> structure that contains the |
51 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
51 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
52 | 52 | details of the B<EVP_MD> structure. |
53 | 53 | |
54 | 54 | =head1 CONFORMING TO |
62 | 62 | |
63 | 63 | =head1 COPYRIGHT |
64 | 64 | |
65 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
65 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
66 | 66 | |
67 | 67 | Licensed under the Apache License 2.0 (the "License"). You may not use |
68 | 68 | this file except in compliance with the License. You can obtain a copy |
53 | 53 | =head1 RETURN VALUES |
54 | 54 | |
55 | 55 | These functions return a B<EVP_MD> structure that contains the |
56 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
56 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
57 | 57 | details of the B<EVP_MD> structure. |
58 | 58 | |
59 | 59 | =head1 CONFORMING TO |
67 | 67 | |
68 | 68 | =head1 COPYRIGHT |
69 | 69 | |
70 | Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | |
70 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
71 | 71 | |
72 | 72 | Licensed under the Apache License 2.0 (the "License"). You may not use |
73 | 73 | this file except in compliance with the License. You can obtain a copy |
27 | 27 | =head1 RETURN VALUES |
28 | 28 | |
29 | 29 | These functions return a B<EVP_MD> structure that contains the |
30 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
30 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
31 | 31 | details of the B<EVP_MD> structure. |
32 | 32 | |
33 | 33 | =head1 CONFORMING TO |
41 | 41 | |
42 | 42 | =head1 COPYRIGHT |
43 | 43 | |
44 | Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
44 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
45 | 45 | Copyright 2017 Ribose Inc. All Rights Reserved. |
46 | 46 | |
47 | 47 | Licensed under the Apache License 2.0 (the "License"). You may not use |
29 | 29 | =head1 RETURN VALUES |
30 | 30 | |
31 | 31 | These functions return a B<EVP_MD> structure that contains the |
32 | implementation of the symmetric cipher. See L<EVP_MD_meth_new(3)> for | |
32 | implementation of the message digest. See L<EVP_MD_meth_new(3)> for | |
33 | 33 | details of the B<EVP_MD> structure. |
34 | 34 | |
35 | 35 | =head1 CONFORMING TO |
44 | 44 | |
45 | 45 | =head1 COPYRIGHT |
46 | 46 | |
47 | Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
47 | Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
48 | 48 | |
49 | 49 | Licensed under the Apache License 2.0 (the "License"). You may not use |
50 | 50 | this file except in compliance with the License. You can obtain a copy |
22 | 22 | The B<LHASH> structure records statistics about most aspects of |
23 | 23 | accessing the hash table. |
24 | 24 | |
25 | OPENSSL_LH_stats() prints out statistics on the size of the hash table, how | |
26 | many entries are in it, and the number and result of calls to the | |
27 | routines in this library. | |
25 | OPENSSL_LH_stats() prints out statistics on the size of the hash table and how | |
26 | many entries are in it. For historical reasons, this function also outputs a | |
27 | number of additional statistics, but the tracking of these statistics is no | |
28 | longer supported and these statistics are always reported as zero. | |
28 | 29 | |
29 | 30 | OPENSSL_LH_node_stats() prints the number of entries for each 'bucket' in the |
30 | 31 | hash table. |
57 | 58 | |
58 | 59 | =head1 COPYRIGHT |
59 | 60 | |
60 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. | |
61 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. | |
61 | 62 | |
62 | 63 | Licensed under the Apache License 2.0 (the "License"). You may not use |
63 | 64 | this file except in compliance with the License. You can obtain a copy |
0 | =pod | |
1 | ||
2 | =head1 NAME | |
3 | ||
4 | OPENSSL_strcasecmp, OPENSSL_strncasecmp - compare two strings ignoring case | |
5 | ||
6 | =head1 SYNOPSIS | |
7 | ||
8 | #include <openssl/crypto.h> | |
9 | ||
10 | int OPENSSL_strcasecmp(const char *s1, const char *s2); | |
11 | int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); | |
12 | ||
13 | =head1 DESCRIPTION | |
14 | ||
15 | The OPENSSL_strcasecmp function performs a byte-by-byte comparison of the strings | |
16 | B<s1> and B<s2>, ignoring the case of the characters. | |
17 | ||
18 | The OPENSSL_strncasecmp function is similar, except that it compares no more than | |
19 | B<n> bytes of B<s1> and B<s2>. | |
20 | ||
21 | In POSIX-compatible system and on Windows these functions use "C" locale for | |
22 | case insensitive. Otherwise the comparison is done in current locale. | |
23 | ||
24 | =head1 RETURN VALUES | |
25 | ||
26 | Both functions return an integer less than, equal to, or greater than zero if | |
27 | s1 is found, respectively, to be less than, to match, or be greater than s2. | |
28 | ||
29 | =head1 NOTES | |
30 | ||
31 | OpenSSL extensively uses case insensitive comparison of ASCII strings. Though | |
32 | OpenSSL itself is locale-agnostic, the applications using OpenSSL libraries may | |
33 | unpredictably suffer when they use localization (e.g. Turkish locale is | |
34 | well-known with a specific I/i cases). These functions use C locale for string | |
35 | comparison. | |
36 | ||
37 | =head1 COPYRIGHT | |
38 | ||
39 | Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. | |
40 | ||
41 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
42 | this file except in compliance with the License. You can obtain a copy | |
43 | in the file LICENSE in the source distribution or at | |
44 | L<https://www.openssl.org/source/license.html>. | |
45 | ||
46 | =cut |
243 | 243 | ("indirect method") |
244 | 244 | |
245 | 245 | Note that a signature-based POPO can only be produced if a private key |
246 | is provided as the newPkey or client pkey component of the CMP context. | |
246 | is provided as the newPkey or client's pkey component of the CMP context. | |
247 | 247 | |
248 | 248 | =item B<OSSL_CMP_OPT_DIGEST_ALGNID> |
249 | 249 | |
440 | 440 | OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the |
441 | 441 | list of untrusted certs, which may be empty if unset. |
442 | 442 | |
443 | OSSL_CMP_CTX_set1_cert() sets the certificate related to the private key | |
443 | OSSL_CMP_CTX_set1_cert() sets the certificate related to the client's private key | |
444 | 444 | used for CMP message protection. |
445 | 445 | Therefore the public key of this I<cert> must correspond to |
446 | 446 | the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey(). |
467 | 467 | is performed on demand that is equivalent to calling this function |
468 | 468 | with the I<candidates> and I<own_trusted> arguments being NULL. |
469 | 469 | |
470 | OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the | |
470 | OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the | |
471 | 471 | CMP signer certificate set via OSSL_CMP_CTX_set1_cert(). |
472 | 472 | This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) |
473 | 473 | of outgoing messages |
518 | 518 | OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment |
519 | 519 | dependent on fields of the CMP context structure: |
520 | 520 | the newPkey (which may be a private or public key) if present, |
521 | else the public key in the p10CSR if present, else the client private key. | |
521 | else the public key in the p10CSR if present, else the client's private key. | |
522 | 522 | If the I<priv> parameter is not 0 and the selected key does not have a |
523 | 523 | private component then NULL is returned. |
524 | 524 |
39 | 39 | for inclusion in a CMP request message based on details contained in I<ctx>. |
40 | 40 | The I<rid> argument defines the request identifier to use, which typically is 0. |
41 | 41 | |
42 | The subject DN to include in the certificate template is determined as follows. | |
43 | If I<ctx> includes a subject name set via L<OSSL_CMP_CTX_set1_subjectName(3)>, | |
44 | this name is used. | |
45 | Otherwise, if a PKCS#10 CSR is given in I<ctx>, its subject is used. | |
46 | Otherwise, if a reference certificate is given in I<ctx> | |
47 | (see L<OSSL_CMP_CTX_set1_oldCert(3)>), its subject is used if I<for_KUR> | |
48 | is nonzero or the I<ctx> does not include a Subject Alternative Name. | |
42 | The subject DN included in the certificate template is | |
43 | the first available value of these: | |
49 | 44 | |
50 | The public key to include is taken from any value set via | |
51 | L<OSSL_CMP_CTX_set0_newPkey(3)>, | |
52 | otherwise the public key of any PKCS#10 CSR is given in I<ctx>, | |
53 | otherwise the public key of any reference certificate given in I<ctx>, | |
54 | otherwise it is derived from the client private key if given in I<ctx>. | |
45 | =over 4 | |
46 | ||
47 | =item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)>, | |
48 | ||
49 | =item the subject field of any PKCS#10 CSR is given in I<ctx>, or | |
50 | ||
51 | =item the subject field of any reference certificate given in I<ctx> | |
52 | (see L<OSSL_CMP_CTX_set1_oldCert(3)>), if I<for_KUR> is nonzero | |
53 | or the I<ctx> does not include a Subject Alternative Name. | |
54 | ||
55 | =back | |
56 | ||
57 | The public key included is the first available value of these: | |
58 | ||
59 | =over 4 | |
60 | ||
61 | =item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>, | |
62 | ||
63 | =item the public key of any PKCS#10 CSR is given in I<ctx>, | |
64 | ||
65 | =item the public key of any reference certificate given in I<ctx>, or | |
66 | ||
67 | =item the public key derived from any client's private key | |
68 | set via L<OSSL_CMP_CTX_set1_pkey(3)>. | |
69 | ||
70 | =back | |
55 | 71 | |
56 | 72 | The set of X.509 extensions to include is computed as follows. |
57 | 73 | If a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there, |
192 | 192 | =head1 DESCRIPTION |
193 | 193 | |
194 | 194 | All of the functions described on this page that have a I<TYPE> of B<DH>, B<DSA> |
195 | and B<RSA> are deprecated. Applications should use OSSL_ENCODER_to_bio() and | |
196 | OSSL_DECODER_from_bio() instead. | |
195 | and B<RSA> are deprecated. Applications should use L<OSSL_ENCODER_to_bio(3)> and | |
196 | L<OSSL_DECODER_from_bio(3)> instead. | |
197 | 197 | |
198 | 198 | The PEM functions read or write structures in PEM format. In |
199 | 199 | this sense PEM format is simply base64 encoded data surrounded |
63 | 63 | setting B<SSL_OP_ALLOW_CLIENT_RENEGOTIATION>. |
64 | 64 | Only used by servers. |
65 | 65 | |
66 | =item B<-legacyrenegotiation> | |
66 | =item B<-legacy_renegotiation> | |
67 | 67 | |
68 | 68 | Permits the use of unsafe legacy renegotiation. Equivalent to setting |
69 | 69 | B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. |
1 | 1 | |
2 | 2 | =head1 NAME |
3 | 3 | |
4 | SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - | |
4 | SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param, | |
5 | SSL_CTX_set_purpose, SSL_CTX_set_trust, SSL_set_purpose, SSL_set_trust - | |
5 | 6 | get and set verification parameters |
6 | 7 | |
7 | 8 | =head1 SYNOPSIS |
13 | 14 | int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); |
14 | 15 | int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); |
15 | 16 | |
17 | int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); | |
18 | int SSL_set_purpose(SSL *ssl, int purpose); | |
19 | ||
20 | int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); | |
21 | int SSL_set_trust(SSL *ssl, int trust); | |
22 | ||
16 | 23 | =head1 DESCRIPTION |
17 | 24 | |
18 | 25 | SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to |
21 | 28 | |
22 | 29 | SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters |
23 | 30 | to B<vpm> for B<ctx> or B<ssl>. |
31 | ||
32 | The functions SSL_CTX_set_purpose() and SSL_set_purpose() are shorthands which | |
33 | set the purpose parameter on the verification parameters object. These functions | |
34 | are equivalent to calling X509_VERIFY_PARAM_set_purpose() directly. | |
35 | ||
36 | The functions SSL_CTX_set_trust() and SSL_set_trust() are similarly shorthands | |
37 | which set the trust parameter on the verification parameters object. These | |
38 | functions are equivalent to calling X509_VERIFY_PARAM_set_trust() directly. | |
24 | 39 | |
25 | 40 | =head1 NOTES |
26 | 41 | |
33 | 48 | SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an |
34 | 49 | B<X509_VERIFY_PARAM> structure. |
35 | 50 | |
36 | SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 | |
37 | for failure. | |
51 | SSL_CTX_set1_param(), SSL_set1_param(), SSL_CTX_set_purpose(), | |
52 | SSL_set_purpose(), SSL_CTX_set_trust() and SSL_set_trust() return 1 for success | |
53 | and 0 for failure. | |
38 | 54 | |
39 | 55 | =head1 EXAMPLES |
40 | 56 | |
54 | 70 | |
55 | 71 | =head1 COPYRIGHT |
56 | 72 | |
57 | Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. | |
73 | Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. | |
58 | 74 | |
59 | 75 | Licensed under the Apache License 2.0 (the "License"). You may not use |
60 | 76 | this file except in compliance with the License. You can obtain a copy |
4 | 4 | SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, |
5 | 5 | SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, |
6 | 6 | SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, |
7 | SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate | |
7 | SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, | |
8 | SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, | |
9 | SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate | |
8 | 10 | verification or chain store |
9 | 11 | |
10 | 12 | =head1 SYNOPSIS |
15 | 17 | int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); |
16 | 18 | int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); |
17 | 19 | int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); |
20 | int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); | |
21 | int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); | |
18 | 22 | |
19 | 23 | int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); |
20 | 24 | int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); |
21 | 25 | int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); |
22 | 26 | int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); |
27 | int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); | |
28 | int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); | |
23 | 29 | |
24 | 30 | =head1 DESCRIPTION |
25 | 31 | |
32 | 38 | SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), |
33 | 39 | SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar |
34 | 40 | except they apply to SSL structure B<ssl>. |
41 | ||
42 | SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), | |
43 | SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the | |
44 | objects previously set via the above calls. A pointer to the object (or NULL if | |
45 | no such object has been set) is written to B<*st>. | |
35 | 46 | |
36 | 47 | All these functions are implemented as macros. Those containing a B<1> |
37 | 48 | increment the reference count of the supplied store so it must |
93 | 104 | |
94 | 105 | =head1 COPYRIGHT |
95 | 106 | |
96 | Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. | |
107 | Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. | |
97 | 108 | |
98 | 109 | Licensed under the Apache License 2.0 (the "License"). You may not use |
99 | 110 | this file except in compliance with the License. You can obtain a copy |
1 | 1 | |
2 | 2 | =head1 NAME |
3 | 3 | |
4 | SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method | |
4 | SSL_CTX_set_ssl_version, SSL_CTX_get_ssl_method, SSL_set_ssl_method, SSL_get_ssl_method | |
5 | 5 | - choose a new TLS/SSL method |
6 | 6 | |
7 | 7 | =head1 SYNOPSIS |
9 | 9 | #include <openssl/ssl.h> |
10 | 10 | |
11 | 11 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); |
12 | const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); | |
13 | ||
12 | 14 | int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); |
13 | 15 | const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); |
14 | 16 | |
21 | 23 | SSL_CTX with L<SSL_new(3)> are not affected, except when L<SSL_clear(3)> is |
22 | 24 | being called, as described below. |
23 | 25 | |
26 | SSL_CTX_get_ssl_method() returns the SSL_METHOD which was used to construct the | |
27 | SSL_CTX. | |
28 | ||
24 | 29 | SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl> |
25 | 30 | object. It may be reset, when SSL_clear() is called. |
26 | 31 | |
27 | SSL_get_ssl_method() returns a function pointer to the TLS/SSL method | |
32 | SSL_get_ssl_method() returns a pointer to the TLS/SSL method | |
28 | 33 | set in B<ssl>. |
29 | 34 | |
30 | 35 | =head1 NOTES |
58 | 63 | |
59 | 64 | =back |
60 | 65 | |
66 | SSL_CTX_get_ssl_method() and SSL_get_ssl_method() always return non-NULL | |
67 | pointers. | |
68 | ||
61 | 69 | =head1 SEE ALSO |
62 | 70 | |
63 | 71 | L<SSL_CTX_new(3)>, L<SSL_new(3)>, |
70 | 78 | |
71 | 79 | =head1 COPYRIGHT |
72 | 80 | |
73 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. | |
81 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. | |
74 | 82 | |
75 | 83 | Licensed under the Apache License 2.0 (the "License"). You may not use |
76 | 84 | this file except in compliance with the License. You can obtain a copy |
41 | 41 | All currently supported protocols have the same default timeout value |
42 | 42 | of 300 seconds. |
43 | 43 | |
44 | This timeout value is used as the ticket lifetime hint for stateless session | |
45 | tickets. It is also used as the timeout value within the ticket itself. | |
46 | ||
47 | For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800 | |
48 | seconds). | |
49 | ||
50 | For TLSv1.2, tickets generated during an initial handshake use the value | |
51 | as specified. Tickets generated during a resumed handshake have a value | |
52 | of 0 for the ticket lifetime hint. | |
53 | ||
44 | 54 | =head1 RETURN VALUES |
45 | 55 | |
46 | 56 | SSL_CTX_set_timeout() returns the previously set timeout value. |
57 | 67 | |
58 | 68 | =head1 COPYRIGHT |
59 | 69 | |
60 | Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. | |
70 | Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. | |
61 | 71 | |
62 | 72 | Licensed under the Apache License 2.0 (the "License"). You may not use |
63 | 73 | this file except in compliance with the License. You can obtain a copy |
52 | 52 | with B<SSL_ERROR_WANT_RETRY_VERIFY>. |
53 | 53 | The application can for instance fetch further certificates or cert status |
54 | 54 | information needed for the verification. |
55 | Note that the handshake may still be aborted if a subsequent invocation of the | |
56 | callback (e.g. at a lower depth, or for a separate error condition) returns 0. | |
57 | 55 | Calling L<SSL_connect(3)> again resumes the connection attempt by retrying the |
58 | 56 | server certificate verification step. |
59 | 57 | This process may even be repeated if need be. |
58 | Note that the handshake may still be aborted if a subsequent invocation of the | |
59 | callback (e.g., at a lower depth, or for a separate error condition) returns 0. | |
60 | 60 | |
61 | 61 | SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain |
62 | 62 | verification that shall be allowed for B<ctx>. |
20 | 20 | |
21 | 21 | If there is already a session set inside B<ssl> (because it was set with |
22 | 22 | SSL_set_session() before or because the same B<ssl> was already used for |
23 | a connection), SSL_SESSION_free() will be called for that session. If that old | |
23 | a connection), SSL_SESSION_free() will be called for that session. | |
24 | This is also the case when B<session> is a NULL pointer. If that old | |
24 | 25 | session is still B<open>, it is considered bad and will be removed from the |
25 | 26 | session cache (if used). A session is considered open, if L<SSL_shutdown(3)> was |
26 | 27 | not called for the connection (or at least L<SSL_set_shutdown(3)> was used to |
59 | 60 | |
60 | 61 | =head1 COPYRIGHT |
61 | 62 | |
62 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
63 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. | |
63 | 64 | |
64 | 65 | Licensed under the Apache License 2.0 (the "License"). You may not use |
65 | 66 | this file except in compliance with the License. You can obtain a copy |
102 | 102 | |
103 | 103 | EVP_KDF *kdf; |
104 | 104 | EVP_KDF_CTX *kctx; |
105 | const char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; | |
105 | char type = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; | |
106 | 106 | unsigned char key[1024] = "01234..."; |
107 | 107 | unsigned char xcghash[32] = "012345..."; |
108 | 108 | unsigned char session_id[32] = "012345..."; |
125 | 125 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, |
126 | 126 | &type, sizeof(type)); |
127 | 127 | *p = OSSL_PARAM_construct_end(); |
128 | if (EVP_KDF_derive(kctx, out, &outlen, params) <= 0) | |
128 | if (EVP_KDF_derive(kctx, out, outlen, params) <= 0) | |
129 | 129 | /* Error */ |
130 | 130 | |
131 | 131 | |
145 | 145 | |
146 | 146 | =head1 COPYRIGHT |
147 | 147 | |
148 | Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
148 | Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
149 | 149 | |
150 | 150 | Licensed under the Apache License 2.0 (the "License"). You may not use |
151 | 151 | this file except in compliance with the License. You can obtain a copy |
42 | 42 | |
43 | 43 | /* Digest Sign */ |
44 | 44 | int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname, |
45 | const char *props, void *provkey, | |
45 | void *provkey, | |
46 | 46 | const OSSL_PARAM params[]); |
47 | 47 | int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data, |
48 | 48 | size_t datalen); |
55 | 55 | |
56 | 56 | /* Digest Verify */ |
57 | 57 | int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname, |
58 | const char *props, void *provkey, | |
58 | void *provkey, | |
59 | 59 | const OSSL_PARAM params[]); |
60 | 60 | int OSSL_FUNC_signature_digest_verify_update(void *ctx, |
61 | 61 | const unsigned char *data, |
265 | 265 | The key object should have been |
266 | 266 | previously generated, loaded or imported into the provider using the |
267 | 267 | key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. |
268 | The name of the digest to be used will be in the I<mdname> parameter. There may | |
269 | also be properties to be used in fetching the digest in the I<props> parameter, | |
270 | although this may be ignored by providers. | |
268 | The name of the digest to be used will be in the I<mdname> parameter. | |
271 | 269 | |
272 | 270 | OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data> |
273 | 271 | parameter which should be of length I<datalen>. A previously initialised |
304 | 302 | The key object should have been |
305 | 303 | previously generated, loaded or imported into the provider using the |
306 | 304 | key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. |
307 | The name of the digest to be used will be in the I<mdname> parameter. There may | |
308 | also be properties to be used in fetching the digest in the I<props> parameter, | |
309 | although this may be ignored by providers. | |
305 | The name of the digest to be used will be in the I<mdname> parameter. | |
310 | 306 | |
311 | 307 | OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data> |
312 | 308 | parameter which should be of length I<datalen>. A previously initialised |
434 | 430 | |
435 | 431 | =head1 COPYRIGHT |
436 | 432 | |
437 | Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
433 | Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
438 | 434 | |
439 | 435 | Licensed under the Apache License 2.0 (the "License"). You may not use |
440 | 436 | this file except in compliance with the License. You can obtain a copy |
114 | 114 | B<EVP_MD>. |
115 | 115 | The number for this operation is B<OSSL_OP_DIGEST>. |
116 | 116 | The functions the provider can offer are described in |
117 | L<provider-digest(7)> | |
117 | L<provider-digest(7)>. | |
118 | 118 | |
119 | 119 | =item Symmetric ciphers |
120 | 120 | |
122 | 122 | B<EVP_CIPHER>. |
123 | 123 | The number for this operation is B<OSSL_OP_CIPHER>. |
124 | 124 | The functions the provider can offer are described in |
125 | L<provider-cipher(7)> | |
125 | L<provider-cipher(7)>. | |
126 | 126 | |
127 | 127 | =item Message Authentication Code (MAC) |
128 | 128 | |
130 | 130 | B<EVP_MAC>. |
131 | 131 | The number for this operation is B<OSSL_OP_MAC>. |
132 | 132 | The functions the provider can offer are described in |
133 | L<provider-mac(7)> | |
133 | L<provider-mac(7)>. | |
134 | 134 | |
135 | 135 | =item Key Derivation Function (KDF) |
136 | 136 | |
138 | 138 | B<EVP_KDF>. |
139 | 139 | The number for this operation is B<OSSL_OP_KDF>. |
140 | 140 | The functions the provider can offer are described in |
141 | L<provider-kdf(7)> | |
141 | L<provider-kdf(7)>. | |
142 | 142 | |
143 | 143 | =item Key Exchange |
144 | 144 | |
146 | 146 | B<EVP_KEYEXCH>. |
147 | 147 | The number for this operation is B<OSSL_OP_KEYEXCH>. |
148 | 148 | The functions the provider can offer are described in |
149 | L<provider-keyexch(7)> | |
149 | L<provider-keyexch(7)>. | |
150 | 150 | |
151 | 151 | =item Asymmetric Ciphers |
152 | 152 | |
154 | 154 | B<EVP_ASYM_CIPHER>. |
155 | 155 | The number for this operation is B<OSSL_OP_ASYM_CIPHER>. |
156 | 156 | The functions the provider can offer are described in |
157 | L<provider-asym_cipher(7)> | |
157 | L<provider-asym_cipher(7)>. | |
158 | 158 | |
159 | 159 | =item Asymmetric Key Encapsulation |
160 | 160 | |
161 | 161 | In the OpenSSL libraries, the corresponding method object is B<EVP_KEM>. |
162 | 162 | The number for this operation is B<OSSL_OP_KEM>. |
163 | The functions the provider can offer are described in L<provider-kem(7)> | |
163 | The functions the provider can offer are described in L<provider-kem(7)>. | |
164 | 164 | |
165 | 165 | =item Encoding |
166 | 166 | |
168 | 168 | B<OSSL_ENCODER>. |
169 | 169 | The number for this operation is B<OSSL_OP_ENCODER>. |
170 | 170 | The functions the provider can offer are described in |
171 | L<provider-encoder(7)> | |
171 | L<provider-encoder(7)>. | |
172 | ||
173 | =item Decoding | |
174 | ||
175 | In the OpenSSL libraries, the corresponding method object is | |
176 | B<OSSL_DECODER>. | |
177 | The number for this operation is B<OSSL_OP_DECODER>. | |
178 | The functions the provider can offer are described in | |
179 | L<provider-decoder(7)>. | |
180 | ||
181 | =item Random Number Generation | |
182 | ||
183 | The number for this operation is B<OSSL_OP_RAND>. | |
184 | The functions the provider can offer for random number generation are described | |
185 | in L<provider-rand(7)>. | |
186 | ||
187 | =item Key Management | |
188 | ||
189 | The number for this operation is B<OSSL_OP_KEYMGMT>. | |
190 | The functions the provider can offer for key management are described in | |
191 | L<provider-keymgmt(7)>. | |
192 | ||
193 | =item Signing and Signature Verification | |
194 | ||
195 | The number for this operation is B<OSSL_OP_SIGNATURE>. | |
196 | The functions the provider can offer for digital signatures are described in | |
197 | L<provider-signature(7)>. | |
198 | ||
199 | =item Store Management | |
200 | ||
201 | The number for this operation is B<OSSL_OP_STORE>. | |
202 | The functions the provider can offer for store management are described in | |
203 | L<provider-storemgmt(7)>. | |
172 | 204 | |
173 | 205 | =back |
174 | 206 | |
221 | 253 | |
222 | 254 | =head1 COPYRIGHT |
223 | 255 | |
224 | Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
256 | Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
225 | 257 | |
226 | 258 | Licensed under the Apache License 2.0 (the "License"). You may not use |
227 | 259 | this file except in compliance with the License. You can obtain a copy |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
248 | 248 | /***********************************************/ |
249 | 249 | |
250 | 250 | # if defined(OPENSSL_SYS_WINDOWS) |
251 | # define strcasecmp _stricmp | |
252 | # define strncasecmp _strnicmp | |
253 | 251 | # if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) |
254 | 252 | # define open _open |
255 | 253 | # define fdopen _fdopen |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
1158 | 1158 | case DEVCRYPTO_CMD_CIPHERS: |
1159 | 1159 | if (p == NULL) |
1160 | 1160 | return 1; |
1161 | if (strcasecmp((const char *)p, "ALL") == 0) { | |
1161 | if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { | |
1162 | 1162 | devcrypto_select_all_ciphers(selected_ciphers); |
1163 | } else if (strcasecmp((const char*)p, "NONE") == 0) { | |
1163 | } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { | |
1164 | 1164 | memset(selected_ciphers, 0, sizeof(selected_ciphers)); |
1165 | 1165 | } else { |
1166 | 1166 | new_list=OPENSSL_zalloc(sizeof(selected_ciphers)); |
1178 | 1178 | case DEVCRYPTO_CMD_DIGESTS: |
1179 | 1179 | if (p == NULL) |
1180 | 1180 | return 1; |
1181 | if (strcasecmp((const char *)p, "ALL") == 0) { | |
1181 | if (OPENSSL_strcasecmp((const char *)p, "ALL") == 0) { | |
1182 | 1182 | devcrypto_select_all_digests(selected_digests); |
1183 | } else if (strcasecmp((const char*)p, "NONE") == 0) { | |
1183 | } else if (OPENSSL_strcasecmp((const char*)p, "NONE") == 0) { | |
1184 | 1184 | memset(selected_digests, 0, sizeof(selected_digests)); |
1185 | 1185 | } else { |
1186 | 1186 | new_list=OPENSSL_zalloc(sizeof(selected_digests)); |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
13 | 13 | /* We need to use some engine deprecated APIs */ |
14 | 14 | #define OPENSSL_SUPPRESS_DEPRECATED |
15 | 15 | |
16 | /* #include "e_os.h" */ | |
17 | 16 | #include <string.h> |
18 | 17 | #include <sys/stat.h> |
19 | 18 | #include <ctype.h> |
43 | 42 | |
44 | 43 | #ifdef _WIN32 |
45 | 44 | # define stat _stat |
46 | # define strncasecmp _strnicmp | |
47 | 45 | #endif |
48 | 46 | |
49 | 47 | #ifndef S_ISDIR |
970 | 968 | * There's a special case if the URI also contains an authority, then |
971 | 969 | * the full URI shouldn't be used as a path anywhere. |
972 | 970 | */ |
973 | if (strncasecmp(uri, "file:", 5) == 0) { | |
971 | if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { | |
974 | 972 | const char *p = &uri[5]; |
975 | 973 | |
976 | 974 | if (strncmp(&uri[5], "//", 2) == 0) { |
977 | 975 | path_data_n--; /* Invalidate using the full URI */ |
978 | if (strncasecmp(&uri[7], "localhost/", 10) == 0) { | |
976 | if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { | |
979 | 977 | p = &uri[16]; |
980 | 978 | } else if (uri[7] == '/') { |
981 | 979 | p = &uri[7]; |
1465 | 1463 | /* |
1466 | 1464 | * First, check the basename |
1467 | 1465 | */ |
1468 | if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') | |
1466 | if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 | |
1467 | || name[len] != '.') | |
1469 | 1468 | return 0; |
1470 | 1469 | p = &name[len + 1]; |
1471 | 1470 |
0 | 0 | /* |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
40 | 40 | #include <crypto/evp.h> |
41 | 41 | |
42 | 42 | #include "e_ossltest_err.c" |
43 | ||
44 | #ifdef _WIN32 | |
45 | # define strncasecmp _strnicmp | |
46 | #endif | |
47 | 43 | |
48 | 44 | /* Engine Id and Name */ |
49 | 45 | static const char *engine_ossltest_id = "ossltest"; |
382 | 378 | BIO *in; |
383 | 379 | EVP_PKEY *key; |
384 | 380 | |
385 | if (strncasecmp(key_id, "ot:", 3) != 0) | |
381 | if (OPENSSL_strncasecmp(key_id, "ot:", 3) != 0) | |
386 | 382 | return NULL; |
387 | 383 | key_id += 3; |
388 | 384 |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"); |
4 | 4 | * you may not use this file except in compliance with the License. |
54 | 54 | |
55 | 55 | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
56 | 56 | { |
57 | SSL *client; | |
57 | SSL *client = NULL; | |
58 | 58 | BIO *in; |
59 | 59 | BIO *out; |
60 | 60 | SSL_CTX *ctx; |
64 | 64 | |
65 | 65 | /* This only fuzzes the initial flow from the client so far. */ |
66 | 66 | ctx = SSL_CTX_new(SSLv23_method()); |
67 | if (ctx == NULL) | |
68 | goto end; | |
67 | 69 | |
68 | 70 | client = SSL_new(ctx); |
71 | if (client == NULL) | |
72 | goto end; | |
69 | 73 | OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); |
70 | 74 | OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); |
71 | 75 | SSL_set_tlsext_host_name(client, "localhost"); |
72 | 76 | in = BIO_new(BIO_s_mem()); |
77 | if (in == NULL) | |
78 | goto end; | |
73 | 79 | out = BIO_new(BIO_s_mem()); |
80 | if (out == NULL) { | |
81 | BIO_free(in); | |
82 | goto end; | |
83 | } | |
74 | 84 | SSL_set_bio(client, in, out); |
75 | 85 | SSL_set_connect_state(client); |
76 | 86 | OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); |
83 | 93 | } |
84 | 94 | } |
85 | 95 | } |
96 | end: | |
86 | 97 | SSL_free(client); |
87 | 98 | ERR_clear_error(); |
88 | 99 | SSL_CTX_free(ctx); |
0 | 0 | /* |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
79 | 79 | # define ossl_isbase64(c) (ossl_ctype_check((c), CTYPE_MASK_base64)) |
80 | 80 | # define ossl_isasn1print(c) (ossl_ctype_check((c), CTYPE_MASK_asn1print)) |
81 | 81 | |
82 | int ossl_init_casecmp(void); | |
83 | void ossl_deinit_casecmp(void); | |
82 | 84 | #endif |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
62 | 62 | int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); |
63 | 63 | int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); |
64 | 64 | |
65 | void *ossl_c_locale(void); | |
66 | ||
65 | 67 | #endif |
132 | 132 | const char *str, const char sep); |
133 | 133 | unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen); |
134 | 134 | int OPENSSL_hexchar2int(unsigned char c); |
135 | int OPENSSL_strcasecmp(const char *s1, const char *s2); | |
136 | int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n); | |
135 | 137 | |
136 | 138 | # define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) |
137 | 139 |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
34 | 34 | # define EC_R_DECODE_ERROR 142 |
35 | 35 | # define EC_R_DISCRIMINANT_IS_ZERO 118 |
36 | 36 | # define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 |
37 | # define EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED 127 | |
37 | 38 | # define EC_R_FAILED_MAKING_PUBLIC_KEY 166 |
38 | 39 | # define EC_R_FIELD_TOO_LARGE 143 |
39 | 40 | # define EC_R_GF2M_NOT_SUPPORTED 147 |
1308 | 1308 | # define SSL_CTRL_GET_TMP_KEY 133 |
1309 | 1309 | # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 |
1310 | 1310 | # define SSL_CTRL_SET_RETRY_VERIFY 136 |
1311 | # define SSL_CTRL_GET_VERIFY_CERT_STORE 137 | |
1312 | # define SSL_CTRL_GET_CHAIN_CERT_STORE 138 | |
1311 | 1313 | # define SSL_CERT_SET_FIRST 1 |
1312 | 1314 | # define SSL_CERT_SET_NEXT 2 |
1313 | 1315 | # define SSL_CERT_SET_SERVER 3 |
1369 | 1371 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) |
1370 | 1372 | # define SSL_CTX_set1_verify_cert_store(ctx,st) \ |
1371 | 1373 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) |
1374 | # define SSL_CTX_get0_verify_cert_store(ctx,st) \ | |
1375 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) | |
1372 | 1376 | # define SSL_CTX_set0_chain_cert_store(ctx,st) \ |
1373 | 1377 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) |
1374 | 1378 | # define SSL_CTX_set1_chain_cert_store(ctx,st) \ |
1375 | 1379 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) |
1380 | # define SSL_CTX_get0_chain_cert_store(ctx,st) \ | |
1381 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) | |
1376 | 1382 | # define SSL_set0_chain(s,sk) \ |
1377 | 1383 | SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) |
1378 | 1384 | # define SSL_set1_chain(s,sk) \ |
1395 | 1401 | SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) |
1396 | 1402 | # define SSL_set1_verify_cert_store(s,st) \ |
1397 | 1403 | SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) |
1404 | #define SSL_get0_verify_cert_store(s,st) \ | |
1405 | SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) | |
1398 | 1406 | # define SSL_set0_chain_cert_store(s,st) \ |
1399 | 1407 | SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) |
1400 | 1408 | # define SSL_set1_chain_cert_store(s,st) \ |
1401 | 1409 | SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) |
1410 | #define SSL_get0_chain_cert_store(s,st) \ | |
1411 | SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) | |
1412 | ||
1402 | 1413 | # define SSL_get1_groups(s, glist) \ |
1403 | 1414 | SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) |
1404 | 1415 | # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ |
0 | 0 | /* |
1 | 1 | * {- join("\n * ", @autowarntext) -} |
2 | 2 | * |
3 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
4 | 4 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
5 | 5 | * |
6 | 6 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
357 | 357 | X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); |
358 | 358 | X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout); |
359 | 359 | # ifndef OPENSSL_NO_DEPRECATED_3_0 |
360 | # include <openssl/ocsp.h> /* OCSP_REQ_CTX_nbio_d2i */ | |
360 | # include <openssl/http.h> /* OSSL_HTTP_REQ_CTX_nbio_d2i */ | |
361 | 361 | # define X509_http_nbio(rctx, pcert) \ |
362 | OCSP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) | |
362 | OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509)) | |
363 | 363 | # define X509_CRL_http_nbio(rctx, pcrl) \ |
364 | OCSP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) | |
364 | OSSL_HTTP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL)) | |
365 | 365 | # endif |
366 | 366 | |
367 | 367 | # ifndef OPENSSL_NO_STDIO |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
216 | 216 | int ossl_prov_get_capabilities(void *provctx, const char *capability, |
217 | 217 | OSSL_CALLBACK *cb, void *arg) |
218 | 218 | { |
219 | if (strcasecmp(capability, "TLS-GROUP") == 0) | |
219 | if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0) | |
220 | 220 | return tls_group_capability(cb, arg); |
221 | 221 | |
222 | 222 | /* We don't support this capability */ |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
21 | 21 | #include "prov/provider_util.h" |
22 | 22 | #include "prov/seeding.h" |
23 | 23 | #include "self_test.h" |
24 | #include "internal/core.h" | |
24 | 25 | |
25 | 26 | static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; |
26 | 27 | static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; |
33 | 34 | static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; |
34 | 35 | static OSSL_FUNC_provider_get_params_fn fips_get_params; |
35 | 36 | static OSSL_FUNC_provider_query_operation_fn fips_query; |
37 | ||
38 | /* Locale object accessor functions */ | |
39 | #ifdef OPENSSL_SYS_MACOSX | |
40 | # include <xlocale.h> | |
41 | #else | |
42 | # include <locale.h> | |
43 | #endif | |
44 | ||
45 | #if defined OPENSSL_SYS_WINDOWS | |
46 | # define locale_t _locale_t | |
47 | # define freelocale _free_locale | |
48 | #endif | |
49 | static locale_t loc; | |
50 | ||
51 | static int fips_init_casecmp(void); | |
52 | static void fips_deinit_casecmp(void); | |
36 | 53 | |
37 | 54 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } |
38 | 55 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) |
485 | 502 | return NULL; |
486 | 503 | } |
487 | 504 | |
505 | void *ossl_c_locale() { | |
506 | return (void *)loc; | |
507 | } | |
508 | ||
509 | static int fips_init_casecmp(void) { | |
510 | # ifdef OPENSSL_SYS_WINDOWS | |
511 | loc = _create_locale(LC_COLLATE, "C"); | |
512 | # else | |
513 | loc = newlocale(LC_COLLATE_MASK, "C", (locale_t) 0); | |
514 | # endif | |
515 | return (loc == (locale_t) 0) ? 0 : 1; | |
516 | } | |
517 | ||
518 | static void fips_deinit_casecmp(void) { | |
519 | freelocale(loc); | |
520 | } | |
521 | ||
488 | 522 | static void fips_teardown(void *provctx) |
489 | 523 | { |
490 | 524 | OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); |
497 | 531 | * We know that the library context is the same as for the outer provider, |
498 | 532 | * so no need to destroy it here. |
499 | 533 | */ |
534 | fips_deinit_casecmp(); | |
500 | 535 | ossl_prov_ctx_free(provctx); |
501 | 536 | } |
502 | 537 | |
546 | 581 | |
547 | 582 | memset(&selftest_params, 0, sizeof(selftest_params)); |
548 | 583 | |
584 | if (!fips_init_casecmp()) | |
585 | return 0; | |
549 | 586 | if (!ossl_prov_seeding_from_dispatch(in)) |
550 | 587 | return 0; |
551 | 588 | for (; in->function_id != 0; in++) { |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
102 | 102 | } |
103 | 103 | return TRUE; |
104 | 104 | } |
105 | ||
106 | #elif defined(__GNUC__) | |
107 | # undef DEP_INIT_ATTRIBUTE | |
108 | # undef DEP_FINI_ATTRIBUTE | |
109 | # define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) | |
110 | # define DEP_FINI_ATTRIBUTE static __attribute__((destructor)) | |
111 | ||
105 | 112 | #elif defined(__sun) |
106 | 113 | # pragma init(init) |
107 | 114 | # pragma fini(cleanup) |
123 | 130 | #elif defined(__hpux) |
124 | 131 | # pragma init "init" |
125 | 132 | # pragma fini "cleanup" |
126 | ||
127 | #elif defined(__GNUC__) | |
128 | # undef DEP_INIT_ATTRIBUTE | |
129 | # undef DEP_FINI_ATTRIBUTE | |
130 | # define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) | |
131 | # define DEP_FINI_ATTRIBUTE static __attribute__((destructor)) | |
132 | 133 | |
133 | 134 | #elif defined(__TANDEM) |
134 | 135 | /* Method automatically called by the NonStop OS when the DLL loads */ |
71 | 71 | 58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81 crypto/bn/bn_conv.c |
72 | 72 | 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c |
73 | 73 | d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c |
74 | a837ba52750ab30a57b6dd2fd4cf901e18a891a189b089f83add2f5dc8138eb7 crypto/bn/bn_div.c | |
75 | 160ea2c916774d6a7f8130e0a05cad7c0a954b4726c15017b3df67e3285231f3 crypto/bn/bn_exp.c | |
74 | 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c | |
75 | 692e200e66389991eb2e6fe9d9a62eda5fe9005cda834b8af1a435a811b6b3c9 crypto/bn/bn_exp.c | |
76 | 76 | ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c |
77 | 77 | b32d83cee8c00d837a7e4fb8af3f5cf17cb8d2419302e8f5fbcf62119092e874 crypto/bn/bn_gcd.c |
78 | 78 | 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c |
100 | 100 | 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c |
101 | 101 | c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c |
102 | 102 | 23d46ae37a8d9452c0c88418d2cb8350153f8c2c6060234130a2e429da2370e0 crypto/cmac/cmac.c |
103 | 7f24e4937e0af857e233afbb6a7f25b09b1e5674185242a5cc8f579a45bbf1da crypto/context.c | |
103 | 58068d6533fed9359b164ddc9711b2dd7b2a76f32ad94103d91dbe3462ac95d8 crypto/context.c | |
104 | 104 | 83b8912fb01bacfe0b5269c7afa69db7e1718530cce1ed27870abef1407951d6 crypto/core_algorithm.c |
105 | 105 | 60321d1af7bf9697d969438f6b319fbcb4fdc1a47a0b056d02b971973a8550ca crypto/core_fetch.c |
106 | 7d090f71175f28fdc400455fdbc68340a545556d16cb1f6251ac92ebb63a38c1 crypto/core_namemap.c | |
106 | 02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c | |
107 | 107 | 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c |
108 | 108 | 71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c |
109 | a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db crypto/ctype.c | |
109 | 7e8c8c0b43af045fb31c38a0eb643d5db1316fb832b3b0494809f7c288630ec8 crypto/ctype.c | |
110 | 110 | 8e61d79299003917ac409d129d291f0a63e4ed417811a8b21169b2b918355335 crypto/der_writer.c |
111 | 111 | fea3ba4225df97aee90690adf387625b746d8edfdc5af2357ee65151a3d236ac crypto/des/des_enc.c |
112 | 112 | 4971cdc016ee262d81e31f96c1617a33a63c0d90139e440c2ff32a368ee07bbd crypto/des/des_local.h |
118 | 118 | 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c |
119 | 119 | 832e5a1caf9cb0dacfd937fc59252aaac7c5c1bf0ae1a9ebf3c3af6e59dcf4c0 crypto/dh/dh_check.c |
120 | 120 | 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c |
121 | 70f4cf3485a38cd7d22aa3e965bfe950905f8efec1622e832592a6728498fd78 crypto/dh/dh_group_params.c | |
122 | 7809cbfd5570db17dcb4bd8f0cf9c5f94337096d39da453d0624c08f071e809f crypto/dh/dh_kdf.c | |
121 | 129ee295875e68ad444070b0676f1021eb254cbd87ab22d6baaf7e4e6e59a40b crypto/dh/dh_group_params.c | |
122 | a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c | |
123 | 123 | 0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c |
124 | 124 | b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c |
125 | 125 | 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h |
146 | 146 | 063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h |
147 | 147 | 43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h |
148 | 148 | 1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962 crypto/ec/curve448/arch_64/f_impl64.c |
149 | b35976955a49414313e3823144a898bc58873b755f4e3a772d520cdd63099581 crypto/ec/curve448/curve448.c | |
149 | 9b408ec0d43f3b6d714ef5963147e2c2abaddc88633db7dd759193d3c56ed727 crypto/ec/curve448/curve448.c | |
150 | 150 | 3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780 crypto/ec/curve448/curve448_local.h |
151 | 151 | 178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c |
152 | 152 | f30e13bba5a136ab9ba5225c98b9b94c2cd73fb3aef60f9dcde3cd471cfa1ca4 crypto/ec/curve448/curve448utils.h |
160 | 160 | ae1637d89287c9d22a34bdc0d67f6e01262a2f8dcef9b61369dba8c334f5a80d crypto/ec/ec2_oct.c |
161 | 161 | 6bbbf570ce31f5b579f7e03ec9f8a774663c7c1eb5e475bd31f8fee94a021ffc crypto/ec/ec2_smpl.c |
162 | 162 | 2a71bd8dbe4f427c117d990581709a4ddce07fa8e530794b5a9574fef7c48a0c crypto/ec/ec_asn1.c |
163 | c07fa05c6885e59913e2ce345ff52ef9dfb0418842de3affa6163ad3e71f9c1b crypto/ec/ec_backend.c | |
163 | 88e19ca6b892a3afefb25dab0f9cf8796e2eb8504022dcc10b29d5d3923ce73d crypto/ec/ec_backend.c | |
164 | 164 | 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c |
165 | 165 | 265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655 crypto/ec/ec_curve.c |
166 | 166 | 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c |
167 | 167 | 28726bc957ea821639b1023e5bff0e77ced61bae31f96c165e33aadfe0bc5c9a crypto/ec/ec_key.c |
168 | 168 | 7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700 crypto/ec/ec_kmeth.c |
169 | 074a5345ea71ff3fdfb8e0be360391a7640719f1a8a4eae8580c8f02e57af880 crypto/ec/ec_lib.c | |
169 | f520a41732e4ca96a74d047b6e8bdca8bdfdc4517c18d27410de33969646abef crypto/ec/ec_lib.c | |
170 | 170 | a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27 crypto/ec/ec_local.h |
171 | 171 | fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_mult.c |
172 | 172 | 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c |
177 | 177 | f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c |
178 | 178 | 141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c |
179 | 179 | 13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c |
180 | c016eb9412aad8cd1213a2f5b1083df1a1a9cb734dc6cc19d99e706935c81ef2 crypto/ec/ecp_nistz256.c | |
180 | f288c23b6f83740956886b2303c64d5a3098c98b530859c3bb4b698c01c1643b crypto/ec/ecp_nistz256.c | |
181 | 181 | 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c |
182 | 182 | b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_smpl.c |
183 | 183 | 2096e13aa2fbcb0d4b10faca3e3f5359cf66098b0397a6d74c6fca14f5dee659 crypto/ec/ecx_backend.c |
186 | 186 | 28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c |
187 | 187 | 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c |
188 | 188 | 7fca5ec7c5723b799a7d84d5803071b8f495511e1baf89d430e6800a5228cdad crypto/evp/digest.c |
189 | 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c | |
190 | 2724dc804304135bc874bd305e14b811169a9e4a62176220a0d5e83f152c2546 crypto/evp/evp_enc.c | |
189 | 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c | |
190 | cfccc525e3806d0932254a94ca1a895fe086da84ae8ad2bf2972e96a12d649d2 crypto/evp/evp_enc.c | |
191 | 191 | 0cd2765bf33d998f96d6e8193b2bf27293bcc6a37b7bef7dfd6ec54952ad3c8f crypto/evp/evp_fetch.c |
192 | 029df8bb80a2fb45c22765234b9041ffce82735108e0b11580fd3fbd805362dd crypto/evp/evp_lib.c | |
192 | c9c399b7848f64832deb6e1704e957423ea93827edb4917fafbb0ff911892a2b crypto/evp/evp_lib.c | |
193 | 193 | 9ac3d97d756ec008db16dd1952115b551f32b2d0590d9a85e1c87d1c78620257 crypto/evp/evp_local.h |
194 | 194 | e822c16fc4dc30f2c86e8598c721a9ddfe46d318ce78f4e8e883cdcf8b936221 crypto/evp/evp_rand.c |
195 | 195 | 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c |
202 | 202 | e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c |
203 | 203 | 5b8b0bcd4b720b66ce6bc54090ec333891126bb7f6cce4502daf2333668c3db9 crypto/evp/mac_lib.c |
204 | 204 | e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c |
205 | b976077a1f880768f2f0a1c996a53dfdd363605e4977c56fb37e9c1f84f35aa6 crypto/evp/p_lib.c | |
205 | ee87cce7ee44b6f3121d21fd20f00d0c91c494a1a9804319981987f3d093923d crypto/evp/p_lib.c | |
206 | 206 | 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c |
207 | 207 | 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c |
208 | 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c | |
208 | ef2f789091e4e3f77fea3b4643ff36d9659b18bf7a8c59929ce3305480a3baef crypto/evp/pmeth_lib.c | |
209 | 209 | f3a5cbbccb1078cf1fafd74c4caa9f30827081832fbe6dfa5579b17ef809776c crypto/evp/signature.c |
210 | 210 | b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c |
211 | 211 | 324feb067d0f8deb4334f3e6518f570114cb388c85b24f9232bd931a64ff0a9e crypto/ffc/ffc_backend.c |
212 | ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc_dh.c | |
212 | 5fe89ce2ce34848b832a2b5a7ac42c161d7ec214a641b7fb11fb1153f2186f74 crypto/ffc/ffc_dh.c | |
213 | 213 | 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c |
214 | 214 | 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c |
215 | 67fdf1a07ea118963a55540be2ee21c98b7a5eb8149c8caa26e19d922bf60346 crypto/ffc/ffc_params.c | |
215 | ecc0d737ccece492f86262dd45f8f03eef2beacafce8022f91939a372f68ac90 crypto/ffc/ffc_params.c | |
216 | 216 | 5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c |
217 | 217 | 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c |
218 | 218 | 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c |
219 | 219 | 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h |
220 | 220 | f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c |
221 | f0782ee92b6ebf5a0e66b970ecfbd9c9c6fc4a35ccd055967fbb402577c234ab crypto/lhash/lhash.c | |
222 | 73d63f91fbaba47649231636c5afdf76d049a46436fde9fbb2e107cf16bb879e crypto/lhash/lhash_local.h | |
221 | 5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c | |
222 | 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h | |
223 | 223 | f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c |
224 | 224 | 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d crypto/modes/asm/aes-gcm-armv8_64.pl |
225 | 225 | 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl |
247 | 247 | cc4483ec9ba7a30908e3a433a6817e2f211d4c1f69c206e6bae24bbd39a68281 crypto/param_build.c |
248 | 248 | c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c |
249 | 249 | 02dfeb286c85567bb1b6323a53c089ba66447db97695cc78eceb6677fbc76bf9 crypto/params.c |
250 | 4f2a8c9acf5898fdc1e4bf98813049947221cd9a1db04faaa490250591f54cb4 crypto/params_dup.c | |
250 | 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c | |
251 | 251 | a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c |
252 | 252 | 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3 crypto/property/defn_cache.c |
253 | 253 | 9153343b26e5c2c4f6009d37a12d6af85681ed0c7d3f58de2ace44dfd789a59b crypto/property/property.c |
254 | 254 | a2c69527b60692a8b07cfdfe7e75f654daa092411d5de5e02b446a4ef3752855 crypto/property/property_local.h |
255 | c3217b73871d93d81ab9f15e9f1fc37ea609bbe4bbc0c1b84ec62a99c91f6756 crypto/property/property_parse.c | |
255 | b87bfb053457cbe1cedad3a53cce044375d2f429c75d0c97c2a61def59080644 crypto/property/property_parse.c | |
256 | 256 | a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c |
257 | 257 | 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c |
258 | 258 | 01d2e5be52d94efdff4329281b3609c7fa57162ab6143492c380c96952df1396 crypto/provider_core.c |
261 | 261 | 4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c |
262 | 262 | fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h |
263 | 263 | f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c |
264 | 054f8e32eabb218d219a5fa8cb40f6e76bc5a395d03e4f83c5f2b703a5a476b9 crypto/rsa/rsa_backend.c | |
264 | b89d28722134386072670ddc4d5cbff736d1649c114f38d964892f21420c13bf crypto/rsa/rsa_backend.c | |
265 | 265 | 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c |
266 | 266 | e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c |
267 | 267 | 21794dcb6bfebcf9a14d4f8aa7fab8f745b595433b388b55f46ba6e615d90f98 crypto/rsa/rsa_gen.c |
327 | 327 | 3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c |
328 | 328 | 8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c |
329 | 329 | 6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h |
330 | 86913a593b55c759a3824eeede398f966278d79c148bef41986c5ac4e48f0bd7 crypto/sparse_array.c | |
330 | 4f6b66f811144648d6cb6bc26e08779529acbbd563519590c726d0e51699fe96 crypto/sparse_array.c | |
331 | 331 | b39e5ba863af36e455cc5864fe8c5d0fc05a6aaef0d528a115951d1248e8fa8b crypto/stack/stack.c |
332 | 332 | 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c |
333 | 333 | a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c |
334 | ebb210a22c280839853920bee245eb769c713ab99cb35a468ed2b1df0d112a7f crypto/threads_pthread.c | |
334 | 2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe crypto/threads_pthread.c | |
335 | 335 | 68e1cdeb948d3a106b5a27b76bcddbae6bb053b2bdc4a21a1fec9797a00cd904 crypto/threads_win.c |
336 | 336 | fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl |
337 | d13560a5f8a66d7b956d54cd6bf24eade529d686992d243bfb312376a57b475e e_os.h | |
337 | 84c4331bbe99471706fadf97299c660dca46f663c2526f33c3424656215aa0c5 e_os.h | |
338 | 338 | 6f353dc7c8c4d8f24f7ffbf920668ccb224ebb5810805a7c80d96770cd858005 include/crypto/aes_platform.h |
339 | 339 | 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h |
340 | 340 | 8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h |
341 | 341 | 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in |
342 | 342 | 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h |
343 | 343 | e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h |
344 | 5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103 include/crypto/ctype.h | |
344 | cf1d91147fb3f6cd02387c7fe219ff2efd8c060e9a8501d1c2245fbdb21bf7a6 include/crypto/ctype.h | |
345 | 345 | 89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h |
346 | 346 | daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h |
347 | 347 | 20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h |
360 | 360 | 5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h |
361 | 361 | 782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h |
362 | 362 | 92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h |
363 | 71ddae419297069056065ab71f32fe88b09ddbe4db2200a759fedd8ad4349628 include/internal/core.h | |
363 | 1f92626d81730616fb459849c1c7fb0ec105f2ffb0e51edaa0a64307bc1e1027 include/internal/core.h | |
364 | 364 | d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h |
365 | 365 | 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h |
366 | 366 | 8a2371f964cbb7fc3916583d2a4cee5c56f98595dfa30bd60c71637811a6d9da include/internal/der.h |
401 | 401 | df5e60af861665675e4a00d40d15e36884f940e3379c7b45c9f717eaf1942697 include/openssl/core.h |
402 | 402 | 00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h |
403 | 403 | cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h |
404 | 8880892256a4d2dd7a9be91f23518f71e5037dbd377cd41bdb4c1f3cb3c7ee2d include/openssl/crypto.h.in | |
404 | 194f96a30bdc4dab3f65693c09326ef53c54ebfd613c2513d8258a0aa35a6996 include/openssl/crypto.h.in | |
405 | 405 | 1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h |
406 | 406 | bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h |
407 | 407 | fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h |
412 | 412 | 41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h |
413 | 413 | bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h |
414 | 414 | 33b6321d1c6b7b1621198346946401bb81472054aa236b03c6f22f247248d2ad include/openssl/ec.h |
415 | cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h | |
415 | dad1943d309aaadb800be4a3056096abec611d81982b83c601b482405e11d5c0 include/openssl/ecerr.h | |
416 | 416 | 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h |
417 | 417 | 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h |
418 | 418 | 0bb50eda4fe2600c20779d5e3c49668cf2dd8f295104549a33e57bc95a9219eb include/openssl/err.h.in |
447 | 447 | 410c6eb3ffadcbee13d511d6b8ee576db75b35b324cb394b5e05dbd4a17fb92e include/openssl/trace.h |
448 | 448 | 873d2ec2054ec24c52df4abe830cb2b9666fe4e75cc62b4de0f50ef9d20c5812 include/openssl/types.h |
449 | 449 | c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c |
450 | e7c39ef7b76668dae1470ce0edd7254da2937569762cebbf20e08fb97cb3324c providers/common/capabilities.c | |
450 | 4546387d6642603c81ec4cd8d5fc4af8ba60ac7359eb6f31e7d24827031e68ad providers/common/capabilities.c | |
451 | 451 | f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8 providers/common/der/der_digests_gen.c.in |
452 | 452 | 424d7b2ece984a0904b80c73e541400c6e2d50a285c397dd323b440a4f2a8d8e providers/common/der/der_dsa_gen.c.in |
453 | 453 | 27ff361a5fbfc97cd41690ab26639708961d0507b60912f55f5919649842c6ae providers/common/der/der_dsa_key.c |
481 | 481 | ba345b0d71f74c9e3d752579e16d11cc70b4b00faa329cc674bc43dd2620e044 providers/common/securitycheck.c |
482 | 482 | 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c |
483 | 483 | abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c |
484 | a4dc9bf2d77e34175737b7b8d28fbe90815ac0e2904e3ac2d9e2a271f345ef20 providers/fips/fipsprov.c | |
485 | fdbaf748044ce54f13e673b92db876e32436e4d5644f443cc43d063112a89676 providers/fips/self_test.c | |
484 | c458e4830c0cd31e4aabef0e33c2011079f201c6bbaee59b59cefab70eb9c7b4 providers/fips/fipsprov.c | |
485 | 24a2e1a855de57b9d970727fcc11ebe7e06c0d4884d3cedbacf59fa471f91e72 providers/fips/self_test.c | |
486 | 486 | f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h |
487 | 487 | 5b3379a3d382c4dad37841dbd58b77ed5ff712b0a37c485771b828fa9b39c351 providers/fips/self_test_data.inc |
488 | 488 | 2f4f23ebc2c7ed5ef71c98ca71f06b639112a1dea04784c46af58083482c150f providers/fips/self_test_kats.c |
512 | 512 | c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h |
513 | 513 | 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c |
514 | 514 | f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c |
515 | f2e7404005e0602c4cc90b49b7af7453aa5b8644720ca1028d93e78bc28a7c09 providers/implementations/ciphers/cipher_cts.c | |
515 | 46ba8271917b53fd8fdf77aee19cc326a219c950b94e043d6d118dcac25ad7ad providers/implementations/ciphers/cipher_cts.c | |
516 | 516 | 74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h |
517 | 517 | fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c |
518 | 518 | 77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h |
543 | 543 | c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h |
544 | 544 | 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h |
545 | 545 | 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h |
546 | 432e2d5e467a50bd031a6b94b27072f5d66f4fadb6d62c9bfd9453d444c2aedf providers/implementations/kdfs/hkdf.c | |
547 | 06c93b62806819ee51f69c899413fda5be2435d43a70ef467b77a7296cd9528a providers/implementations/kdfs/kbkdf.c | |
546 | 86026710ea733f0dd44e400c43e7dab745526f2255816f48a6b00dd8b8009879 providers/implementations/kdfs/hkdf.c | |
547 | a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c | |
548 | 548 | e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c |
549 | 549 | c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h |
550 | 550 | abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c |
551 | 66d30c754c1e16d97a8e989f7f2e89eab59ec40ca3731dea664ba56ec38c4002 providers/implementations/kdfs/sshkdf.c | |
551 | 9cc42a4b0a8089e6d1be64637dbb9e41bd21ae5e3386022a27a8f29308ad25c9 providers/implementations/kdfs/sshkdf.c | |
552 | 552 | 7c692170729ab1d648564abdbf9bcbba5071f9a81a25fab9eae66899316bcd4a providers/implementations/kdfs/sskdf.c |
553 | 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a providers/implementations/kdfs/tls1_prf.c | |
553 | 7d258a469fac4d5ae99c785bae5f490044c593ed13a02a861b1d33339ee167e0 providers/implementations/kdfs/tls1_prf.c | |
554 | 554 | 27bb6ee5e2d00c545635c0c29402b10e74a1831adbc9800c159cbe04f2bfa2f7 providers/implementations/kdfs/x942kdf.c |
555 | f419a9f6b17cfba1543a3690326188ac8335db66807c58de211a3d69e18f7d4d providers/implementations/kem/rsa_kem.c | |
555 | 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c | |
556 | 556 | 7628cfd7c88f37faa557c671a78ff56266691d64075104a514a28cb6fb9a6816 providers/implementations/keymgmt/dh_kmgmt.c |
557 | 68d5cad49334ad0ee6948329b3784bb43eede84c3bc59ff22cbbe7aed9292672 providers/implementations/keymgmt/dsa_kmgmt.c | |
558 | 3e2798d299d6571c973fc75468e2ac025b7c893ae2f15f14e057430325622a69 providers/implementations/keymgmt/ec_kmgmt.c | |
557 | 9dc19fb4e9775e93b233fa93212e60f0959faa61248f853db75f3281e2535e95 providers/implementations/keymgmt/dsa_kmgmt.c | |
558 | c68b2331f2863d0d92725367c16a6a68b1243c672c14dde13768ed4afd9c7418 providers/implementations/keymgmt/ec_kmgmt.c | |
559 | 559 | 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc |
560 | 8871260c1b05832efa8363e5546210004da1683fee74da6c749ebba802b40f2b providers/implementations/keymgmt/ecx_kmgmt.c | |
560 | d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1 providers/implementations/keymgmt/ecx_kmgmt.c | |
561 | 561 | 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c |
562 | 260c560930c5aca61225a40ed49dfbb905f2b1fa50728d1388e946358f9d5e18 providers/implementations/keymgmt/mac_legacy_kmgmt.c | |
562 | e30357311e4a3e1c78266af6315fd1fc99584bfb09f4a7cd0ddc7261cf1e17e1 providers/implementations/keymgmt/mac_legacy_kmgmt.c | |
563 | 563 | d469be20a6d1a3744c1a2d5c26cb3b8ff6339a2242d4ef6e5ed9531551f717c1 providers/implementations/keymgmt/rsa_kmgmt.c |
564 | 79da66d4b696388d7eab6b2126bccc88908915813d79c4305b8b4d545a500469 providers/implementations/macs/cmac_prov.c | |
565 | 41464d1e640434bb3ff9998f093829d5e2c1963d68033dca7d31e5ab75365fb1 providers/implementations/macs/gmac_prov.c | |
566 | 282c1065f18c87073529ed1bdc2c0b3a1967701728084de6632ddc72c671d209 providers/implementations/macs/hmac_prov.c | |
564 | aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c | |
565 | 93fa712c692bd5c93d3802b2554d5df33ea9d0b8987f9c92aa88358089a4bdfa providers/implementations/macs/gmac_prov.c | |
566 | 400a054d449cdee1f308644f1314bdc044fd0fdf793ae58ffa4e4aac6c0498d3 providers/implementations/macs/hmac_prov.c | |
567 | 567 | aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c |
568 | 568 | bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c |
569 | 569 | c7236e6e2e8adce14f8206da0ceef63c7974d4ba1a7dd71b94fa100cac6b46ba providers/implementations/rands/drbg.c |
570 | b1e7a0b2610aaab5800af7ede0df13a184f4a321a4084652cdb509357c55783b providers/implementations/rands/drbg_ctr.c | |
570 | bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c | |
571 | 571 | a05adc3f6d9d6f948e5ead75f0522ed3164cb5b2d301169242f3cb97c4a7fac3 providers/implementations/rands/drbg_hash.c |
572 | 572 | 0876dfae991028c569631938946e458e6829cacf4cfb673d2b144ae50a3160bb providers/implementations/rands/drbg_hmac.c |
573 | 573 | fc43558964bdf12442d3f6ab6cc3e6849f7adb42f4d0123a1279819befcf71cb providers/implementations/rands/drbg_local.h |
576 | 576 | a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c |
577 | 577 | b057870cf8be1fd28834670fb092f0e6f202424c7ae19282fe9df4e52c9ce036 providers/implementations/signature/eddsa_sig.c |
578 | 578 | 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c |
579 | cee0e3304cc365ef76b422363ef12affc4d03670fd2ab2c8f3babc38f9d5db37 providers/implementations/signature/rsa_sig.c | |
579 | 2334c8bba705032b8c1db5dd28e024a45a73b72cae82a2d815fe855445a49d10 providers/implementations/signature/rsa_sig.c | |
580 | 580 | c8df17850314b145ca83d4037207d6bf0994f9c34e6e55116860cf575df58e81 ssl/record/tls_pad.c |
581 | 581 | 3f2e01a98d9e3fda6cc5cb4b44dd43f6cae4ec34994e8f734d11b1e643e58636 ssl/s3_cbc.c |
0 | 0223646a9f0ba5ca3bd4dc320fe5a647c8b4d48cc1e273b09acceeabc035c19e providers/fips-sources.checksums | |
0 | d0e2cb7b2818aed1f4d89da6323f20372c8834c3f57f9dfd1c5e9f908d7e420a providers/fips-sources.checksums |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
45 | 45 | * Otherwise it is the same as CS2. |
46 | 46 | */ |
47 | 47 | |
48 | #include "e_os.h" /* strcasecmp */ | |
49 | 48 | #include <openssl/core_names.h> |
50 | 49 | #include "prov/ciphercommon.h" |
51 | 50 | #include "internal/nelem.h" |
91 | 90 | size_t i; |
92 | 91 | |
93 | 92 | for (i = 0; i < OSSL_NELEM(cts_modes); ++i) { |
94 | if (strcasecmp(name, cts_modes[i].name) == 0) | |
93 | if (OPENSSL_strcasecmp(name, cts_modes[i].name) == 0) | |
95 | 94 | return (int)cts_modes[i].id; |
96 | 95 | } |
97 | 96 | return -1; |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
182 | 182 | } |
183 | 183 | ctx->tls_aad_pad_sz = sz; |
184 | 184 | } |
185 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); | |
185 | p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_MAC_KEY); | |
186 | 186 | if (p != NULL) { |
187 | 187 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { |
188 | 188 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
198 | 198 | |
199 | 199 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { |
200 | 200 | if (p->data_type == OSSL_PARAM_UTF8_STRING) { |
201 | if (strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { | |
201 | if (OPENSSL_strcasecmp(p->data, "EXTRACT_AND_EXPAND") == 0) { | |
202 | 202 | ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND; |
203 | } else if (strcasecmp(p->data, "EXTRACT_ONLY") == 0) { | |
203 | } else if (OPENSSL_strcasecmp(p->data, "EXTRACT_ONLY") == 0) { | |
204 | 204 | ctx->mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY; |
205 | } else if (strcasecmp(p->data, "EXPAND_ONLY") == 0) { | |
205 | } else if (OPENSSL_strcasecmp(p->data, "EXPAND_ONLY") == 0) { | |
206 | 206 | ctx->mode = EVP_KDF_HKDF_MODE_EXPAND_ONLY; |
207 | 207 | } else { |
208 | 208 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2019 Red Hat, Inc. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
297 | 297 | } |
298 | 298 | |
299 | 299 | p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); |
300 | if (p != NULL && strncasecmp("counter", p->data, p->data_size) == 0) { | |
300 | if (p != NULL | |
301 | && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { | |
301 | 302 | ctx->mode = COUNTER; |
302 | 303 | } else if (p != NULL |
303 | && strncasecmp("feedback", p->data, p->data_size) == 0) { | |
304 | && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { | |
304 | 305 | ctx->mode = FEEDBACK; |
305 | 306 | } else if (p != NULL) { |
306 | 307 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
58 | 58 | |
59 | 59 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) |
60 | 60 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); |
61 | ctx->provctx = provctx; | |
61 | else | |
62 | ctx->provctx = provctx; | |
62 | 63 | return ctx; |
63 | 64 | } |
64 | 65 |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
171 | 171 | return 1; |
172 | 172 | |
173 | 173 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { |
174 | if (strcasecmp(p->data, SN_md5_sha1) == 0) { | |
174 | if (OPENSSL_strcasecmp(p->data, SN_md5_sha1) == 0) { | |
175 | 175 | if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, |
176 | 176 | OSSL_MAC_NAME_HMAC, |
177 | 177 | NULL, SN_md5, libctx) |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
11 | 11 | * internal use. |
12 | 12 | */ |
13 | 13 | #include "internal/deprecated.h" |
14 | ||
15 | #include "e_os.h" /* strcasecmp */ | |
14 | #include "internal/nelem.h" | |
15 | ||
16 | 16 | #include <openssl/crypto.h> |
17 | 17 | #include <openssl/evp.h> |
18 | 18 | #include <openssl/core_dispatch.h> |
68 | 68 | return -1; |
69 | 69 | |
70 | 70 | for (i = 0; i < sz; ++i) { |
71 | if (strcasecmp(map[i].ptr, name) == 0) | |
71 | if (OPENSSL_strcasecmp(map[i].ptr, name) == 0) | |
72 | 72 | return map[i].id; |
73 | 73 | } |
74 | 74 | return -1; |
12 | 12 | */ |
13 | 13 | #include "internal/deprecated.h" |
14 | 14 | |
15 | #include "e_os.h" /* strcasecmp */ | |
16 | 15 | #include <openssl/core_dispatch.h> |
17 | 16 | #include <openssl/core_names.h> |
18 | 17 | #include <openssl/bn.h> |
89 | 88 | size_t i; |
90 | 89 | |
91 | 90 | for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { |
92 | if (strcasecmp(dsatype2id[i].name, name) == 0) | |
91 | if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0) | |
93 | 92 | return dsatype2id[i].id; |
94 | 93 | } |
95 | 94 | return -1; |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
12 | 12 | */ |
13 | 13 | #include "internal/deprecated.h" |
14 | 14 | |
15 | #include "e_os.h" /* strcasecmp */ | |
16 | 15 | #include <string.h> |
17 | 16 | #include <openssl/core_dispatch.h> |
18 | 17 | #include <openssl/core_names.h> |
469 | 468 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 |
470 | 469 | && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) |
471 | 470 | return 0; |
472 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 | |
473 | && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) | |
474 | return 0; | |
475 | 471 | |
476 | 472 | tmpl = OSSL_PARAM_BLD_new(); |
477 | 473 | if (tmpl == NULL) |
8 | 8 | |
9 | 9 | #include <assert.h> |
10 | 10 | #include <string.h> |
11 | /* For strcasecmp on Windows */ | |
12 | #include "e_os.h" | |
13 | 11 | #include <openssl/core_dispatch.h> |
14 | 12 | #include <openssl/core_names.h> |
15 | 13 | #include <openssl/params.h> |
545 | 543 | } |
546 | 544 | if (p->data_type != OSSL_PARAM_UTF8_STRING |
547 | 545 | || groupname == NULL |
548 | || strcasecmp(p->data, groupname) != 0) { | |
546 | || OPENSSL_strcasecmp(p->data, groupname) != 0) { | |
549 | 547 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
550 | 548 | return 0; |
551 | 549 | } |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
25 | 25 | #include "prov/providercommon.h" |
26 | 26 | #include "prov/provider_ctx.h" |
27 | 27 | #include "prov/macsignature.h" |
28 | #include "e_os.h" /* strcasecmp */ | |
29 | 28 | |
30 | 29 | static OSSL_FUNC_keymgmt_new_fn mac_new; |
31 | 30 | static OSSL_FUNC_keymgmt_free_fn mac_free; |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
121 | 121 | return 0; |
122 | 122 | if (key != NULL) |
123 | 123 | return cmac_setkey(macctx, key, keylen); |
124 | return 1; | |
124 | /* Reinitialize the CMAC context */ | |
125 | return CMAC_Init(macctx->ctx, NULL, 0, NULL, NULL); | |
125 | 126 | } |
126 | 127 | |
127 | 128 | static int cmac_update(void *vmacctx, const unsigned char *data, |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
119 | 119 | return 0; |
120 | 120 | if (key != NULL) |
121 | 121 | return gmac_setkey(macctx, key, keylen); |
122 | return 1; | |
122 | return EVP_EncryptInit_ex(macctx->ctx, NULL, NULL, NULL, NULL); | |
123 | 123 | } |
124 | 124 | |
125 | 125 | static int gmac_update(void *vmacctx, const unsigned char *data, |
208 | 208 | |
209 | 209 | if (params == NULL) |
210 | 210 | return 1; |
211 | if (ctx == NULL | |
212 | || !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) | |
213 | return 0; | |
214 | ||
215 | if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) | |
216 | != EVP_CIPH_GCM_MODE) { | |
217 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); | |
218 | return 0; | |
219 | } | |
220 | if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher), | |
221 | ossl_prov_cipher_engine(&macctx->cipher), NULL, | |
222 | NULL)) | |
223 | return 0; | |
211 | if (ctx == NULL) | |
212 | return 0; | |
213 | ||
214 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { | |
215 | if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx)) | |
216 | return 0; | |
217 | if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher)) | |
218 | != EVP_CIPH_GCM_MODE) { | |
219 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); | |
220 | return 0; | |
221 | } | |
222 | if (!EVP_EncryptInit_ex(ctx, ossl_prov_cipher_cipher(&macctx->cipher), | |
223 | ossl_prov_cipher_engine(&macctx->cipher), NULL, | |
224 | NULL)) | |
225 | return 0; | |
226 | } | |
224 | 227 | |
225 | 228 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) |
226 | 229 | if (p->data_type != OSSL_PARAM_OCTET_STRING |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
151 | 151 | { |
152 | 152 | const EVP_MD *digest; |
153 | 153 | |
154 | if (macctx->keylen > 0) | |
154 | if (macctx->key != NULL) | |
155 | 155 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); |
156 | 156 | /* Keep a copy of the key in case we need it for TLS HMAC */ |
157 | 157 | macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1); |
176 | 176 | if (!ossl_prov_is_running() || !hmac_set_ctx_params(macctx, params)) |
177 | 177 | return 0; |
178 | 178 | |
179 | if (key != NULL && !hmac_setkey(macctx, key, keylen)) | |
180 | return 0; | |
181 | return 1; | |
179 | if (key != NULL) | |
180 | return hmac_setkey(macctx, key, keylen); | |
181 | ||
182 | /* Just reinit the HMAC context */ | |
183 | return HMAC_Init_ex(macctx->ctx, NULL, 0, NULL, NULL); | |
182 | 184 | } |
183 | 185 | |
184 | 186 | static int hmac_update(void *vmacctx, const unsigned char *data, |
324 | 326 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { |
325 | 327 | if (p->data_type != OSSL_PARAM_OCTET_STRING) |
326 | 328 | return 0; |
327 | ||
328 | if (macctx->keylen > 0) | |
329 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); | |
330 | /* Keep a copy of the key if we need it for TLS HMAC */ | |
331 | macctx->key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); | |
332 | if (macctx->key == NULL) | |
333 | return 0; | |
334 | memcpy(macctx->key, p->data, p->data_size); | |
335 | macctx->keylen = p->data_size; | |
336 | ||
337 | if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size, | |
338 | ossl_prov_digest_md(&macctx->digest), | |
339 | NULL /* ENGINE */)) | |
340 | return 0; | |
341 | ||
342 | } | |
329 | if (!hmac_setkey(macctx, p->data, p->data_size)) | |
330 | return 0; | |
331 | } | |
332 | ||
343 | 333 | if ((p = OSSL_PARAM_locate_const(params, |
344 | 334 | OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { |
345 | 335 | if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
36 | 36 | |
37 | 37 | struct poly1305_data_st { |
38 | 38 | void *provctx; |
39 | int updated; | |
39 | 40 | POLY1305 poly1305; /* Poly1305 data */ |
40 | 41 | }; |
41 | 42 | |
63 | 64 | |
64 | 65 | if (!ossl_prov_is_running()) |
65 | 66 | return NULL; |
66 | dst = poly1305_new(src->provctx); | |
67 | dst = OPENSSL_malloc(sizeof(*dst)); | |
67 | 68 | if (dst == NULL) |
68 | 69 | return NULL; |
69 | 70 | |
70 | dst->poly1305 = src->poly1305; | |
71 | *dst = *src; | |
71 | 72 | return dst; |
72 | 73 | } |
73 | 74 | |
84 | 85 | return 0; |
85 | 86 | } |
86 | 87 | Poly1305_Init(&ctx->poly1305, key); |
88 | ctx->updated = 0; | |
87 | 89 | return 1; |
88 | 90 | } |
89 | 91 | |
97 | 99 | return 0; |
98 | 100 | if (key != NULL) |
99 | 101 | return poly1305_setkey(ctx, key, keylen); |
100 | return 1; | |
102 | /* no reinitialization of context with the same key is allowed */ | |
103 | return ctx->updated == 0; | |
101 | 104 | } |
102 | 105 | |
103 | 106 | static int poly1305_update(void *vmacctx, const unsigned char *data, |
105 | 108 | { |
106 | 109 | struct poly1305_data_st *ctx = vmacctx; |
107 | 110 | |
111 | ctx->updated = 1; | |
108 | 112 | if (datalen == 0) |
109 | 113 | return 1; |
110 | 114 | |
120 | 124 | |
121 | 125 | if (!ossl_prov_is_running()) |
122 | 126 | return 0; |
127 | ctx->updated = 1; | |
123 | 128 | Poly1305_Final(&ctx->poly1305, out); |
124 | 129 | *outl = poly1305_size(); |
125 | 130 | return 1; |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
38 | 38 | struct siphash_data_st { |
39 | 39 | void *provctx; |
40 | 40 | SIPHASH siphash; /* Siphash data */ |
41 | SIPHASH sipcopy; /* Siphash data copy for reinitialization */ | |
41 | 42 | unsigned int crounds, drounds; |
42 | 43 | }; |
43 | 44 | |
75 | 76 | |
76 | 77 | if (!ossl_prov_is_running()) |
77 | 78 | return NULL; |
78 | sdst = siphash_new(ssrc->provctx); | |
79 | sdst = OPENSSL_malloc(sizeof(*sdst)); | |
79 | 80 | if (sdst == NULL) |
80 | 81 | return NULL; |
81 | 82 | |
82 | sdst->siphash = ssrc->siphash; | |
83 | *sdst = *ssrc; | |
83 | 84 | return sdst; |
84 | 85 | } |
85 | 86 | |
93 | 94 | static int siphash_setkey(struct siphash_data_st *ctx, |
94 | 95 | const unsigned char *key, size_t keylen) |
95 | 96 | { |
97 | int ret; | |
98 | ||
96 | 99 | if (keylen != SIPHASH_KEY_SIZE) |
97 | 100 | return 0; |
98 | return SipHash_Init(&ctx->siphash, key, crounds(ctx), drounds(ctx)); | |
101 | ret = SipHash_Init(&ctx->siphash, key, crounds(ctx), drounds(ctx)); | |
102 | if (ret) | |
103 | ctx->sipcopy = ctx->siphash; | |
104 | return ret; | |
99 | 105 | } |
100 | 106 | |
101 | 107 | static int siphash_init(void *vmacctx, const unsigned char *key, size_t keylen, |
105 | 111 | |
106 | 112 | if (!ossl_prov_is_running() || !siphash_set_params(ctx, params)) |
107 | 113 | return 0; |
108 | /* Without a key, there is not much to do here, | |
114 | /* | |
115 | * Without a key, there is not much to do here, | |
109 | 116 | * The actual initialization happens through controls. |
110 | 117 | */ |
111 | if (key == NULL) | |
118 | if (key == NULL) { | |
119 | ctx->siphash = ctx->sipcopy; | |
112 | 120 | return 1; |
121 | } | |
113 | 122 | return siphash_setkey(ctx, key, keylen); |
114 | 123 | } |
115 | 124 | |
193 | 202 | |
194 | 203 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) { |
195 | 204 | if (!OSSL_PARAM_get_size_t(p, &size) |
196 | || !SipHash_set_hash_size(&ctx->siphash, size)) | |
205 | || !SipHash_set_hash_size(&ctx->siphash, size) | |
206 | || !SipHash_set_hash_size(&ctx->sipcopy, size)) | |
197 | 207 | return 0; |
198 | 208 | } |
199 | 209 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_C_ROUNDS)) != NULL |
0 | 0 | /* |
1 | * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
13 | 13 | #include <openssl/rand.h> |
14 | 14 | #include <openssl/aes.h> |
15 | 15 | #include <openssl/proverr.h> |
16 | #include "e_os.h" /* strcasecmp */ | |
17 | 16 | #include "crypto/modes.h" |
18 | 17 | #include "internal/thread_once.h" |
19 | 18 | #include "prov/implementations.h" |
689 | 688 | if (p->data_type != OSSL_PARAM_UTF8_STRING |
690 | 689 | || p->data_size < ctr_str_len) |
691 | 690 | return 0; |
692 | if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { | |
691 | if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) { | |
693 | 692 | ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER); |
694 | 693 | return 0; |
695 | 694 | } |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
12 | 12 | */ |
13 | 13 | #include "internal/deprecated.h" |
14 | 14 | |
15 | #include "e_os.h" /* strcasecmp */ | |
16 | 15 | #include <string.h> |
17 | 16 | #include <openssl/crypto.h> |
18 | 17 | #include <openssl/core_dispatch.h> |
853 | 852 | |
854 | 853 | if (mdname != NULL |
855 | 854 | /* was rsa_setup_md already called in rsa_signverify_init()? */ |
856 | && (mdname[0] == '\0' || strcasecmp(prsactx->mdname, mdname) != 0) | |
855 | && (mdname[0] == '\0' || OPENSSL_strcasecmp(prsactx->mdname, mdname) != 0) | |
857 | 856 | && !rsa_setup_md(prsactx, mdname, prsactx->propq)) |
858 | 857 | return 0; |
859 | 858 |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
429 | 429 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DIST_ID); |
430 | 430 | if (p != NULL) { |
431 | 431 | void *tmp_id = NULL; |
432 | size_t tmp_idlen; | |
432 | size_t tmp_idlen = 0; | |
433 | 433 | |
434 | 434 | /* |
435 | 435 | * If the 'z' digest has already been computed, the ID is set too late |
437 | 437 | if (!psm2ctx->flag_compute_z_digest) |
438 | 438 | return 0; |
439 | 439 | |
440 | if (!OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen)) | |
440 | if (p->data_size != 0 | |
441 | && !OSSL_PARAM_get_octet_string(p, &tmp_id, 0, &tmp_idlen)) | |
441 | 442 | return 0; |
442 | 443 | OPENSSL_free(psm2ctx->id); |
443 | 444 | psm2ctx->id = tmp_id; |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
7 | 7 | */ |
8 | 8 | |
9 | 9 | /* This file has quite some overlap with engines/e_loader_attic.c */ |
10 | ||
11 | #include "e_os.h" /* To get strncasecmp() on Windows */ | |
12 | 10 | |
13 | 11 | #include <string.h> |
14 | 12 | #include <sys/stat.h> |
219 | 217 | * There's a special case if the URI also contains an authority, then |
220 | 218 | * the full URI shouldn't be used as a path anywhere. |
221 | 219 | */ |
222 | if (strncasecmp(uri, "file:", 5) == 0) { | |
220 | if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) { | |
223 | 221 | const char *p = &uri[5]; |
224 | 222 | |
225 | 223 | if (strncmp(&uri[5], "//", 2) == 0) { |
226 | 224 | path_data_n--; /* Invalidate using the full URI */ |
227 | if (strncasecmp(&uri[7], "localhost/", 10) == 0) { | |
225 | if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) { | |
228 | 226 | p = &uri[16]; |
229 | 227 | } else if (uri[7] == '/') { |
230 | 228 | p = &uri[7]; |
591 | 589 | /* |
592 | 590 | * First, check the basename |
593 | 591 | */ |
594 | if (strncasecmp(name, ctx->_.dir.search_name, len) != 0 || name[len] != '.') | |
592 | if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0 | |
593 | || name[len] != '.') | |
595 | 594 | return 0; |
596 | 595 | p = &name[len + 1]; |
597 | 596 |
3684 | 3684 | |
3685 | 3685 | case SSL_CTRL_SET_CHAIN_CERT_STORE: |
3686 | 3686 | return ssl_cert_set_cert_store(s->cert, parg, 1, larg); |
3687 | ||
3688 | case SSL_CTRL_GET_VERIFY_CERT_STORE: | |
3689 | return ssl_cert_get_cert_store(s->cert, parg, 0); | |
3690 | ||
3691 | case SSL_CTRL_GET_CHAIN_CERT_STORE: | |
3692 | return ssl_cert_get_cert_store(s->cert, parg, 1); | |
3687 | 3693 | |
3688 | 3694 | case SSL_CTRL_GET_PEER_SIGNATURE_NID: |
3689 | 3695 | if (s->s3.tmp.peer_sigalg == NULL) |
3930 | 3936 | case SSL_CTRL_SET_CHAIN_CERT_STORE: |
3931 | 3937 | return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); |
3932 | 3938 | |
3939 | case SSL_CTRL_GET_VERIFY_CERT_STORE: | |
3940 | return ssl_cert_get_cert_store(ctx->cert, parg, 0); | |
3941 | ||
3942 | case SSL_CTRL_GET_CHAIN_CERT_STORE: | |
3943 | return ssl_cert_get_cert_store(ctx->cert, parg, 1); | |
3944 | ||
3933 | 3945 | /* A Thawte special :-) */ |
3934 | 3946 | case SSL_CTRL_EXTRA_CHAIN_CERT: |
3935 | 3947 | if (ctx->extra_certs == NULL) { |
967 | 967 | *pstore = store; |
968 | 968 | if (ref && store) |
969 | 969 | X509_STORE_up_ref(store); |
970 | return 1; | |
971 | } | |
972 | ||
973 | int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain) | |
974 | { | |
975 | *pstore = (chain ? c->chain_store : c->verify_store); | |
970 | 976 | return 1; |
971 | 977 | } |
972 | 978 |
0 | 0 | /* |
1 | * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
147 | 147 | if (namelen == -1) { |
148 | 148 | if (strcmp(tbl->name, name)) |
149 | 149 | return 0; |
150 | } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen)) | |
150 | } else if (tbl->namelen != namelen | |
151 | || OPENSSL_strncasecmp(tbl->name, name, namelen)) | |
151 | 152 | return 0; |
152 | 153 | ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); |
153 | 154 | return 1; |
231 | 232 | |
232 | 233 | /* Ignore values supported by 1.0.2 for the automatic selection */ |
233 | 234 | if ((cctx->flags & SSL_CONF_FLAG_FILE) |
234 | && (strcasecmp(value, "+automatic") == 0 | |
235 | || strcasecmp(value, "automatic") == 0)) | |
235 | && (OPENSSL_strcasecmp(value, "+automatic") == 0 | |
236 | || OPENSSL_strcasecmp(value, "automatic") == 0)) | |
236 | 237 | return 1; |
237 | 238 | if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) && |
238 | 239 | strcmp(value, "auto") == 0) |
596 | 597 | = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH", |
597 | 598 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, |
598 | 599 | sslctx->libctx, sslctx->propq); |
599 | if (decoderctx == NULL | |
600 | || !OSSL_DECODER_from_bio(decoderctx, in)) { | |
601 | OSSL_DECODER_CTX_free(decoderctx); | |
600 | if (decoderctx == NULL) | |
601 | goto end; | |
602 | ERR_set_mark(); | |
603 | while (!OSSL_DECODER_from_bio(decoderctx, in) | |
604 | && dhpkey == NULL | |
605 | && !BIO_eof(in)); | |
606 | OSSL_DECODER_CTX_free(decoderctx); | |
607 | ||
608 | if (dhpkey == NULL) { | |
609 | ERR_clear_last_mark(); | |
602 | 610 | goto end; |
603 | 611 | } |
604 | OSSL_DECODER_CTX_free(decoderctx); | |
605 | ||
606 | if (dhpkey == NULL) | |
607 | goto end; | |
612 | ERR_pop_to_mark(); | |
608 | 613 | } else { |
609 | 614 | return 1; |
610 | 615 | } |
807 | 812 | strncmp(*pcmd, cctx->prefix, cctx->prefixlen)) |
808 | 813 | return 0; |
809 | 814 | if (cctx->flags & SSL_CONF_FLAG_FILE && |
810 | strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) | |
815 | OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen)) | |
811 | 816 | return 0; |
812 | 817 | *pcmd += cctx->prefixlen; |
813 | 818 | } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { |
849 | 854 | return t; |
850 | 855 | } |
851 | 856 | if (cctx->flags & SSL_CONF_FLAG_FILE) { |
852 | if (t->str_file && strcasecmp(t->str_file, cmd) == 0) | |
857 | if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0) | |
853 | 858 | return t; |
854 | 859 | } |
855 | 860 | } |
2231 | 2231 | if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { |
2232 | 2232 | struct ssl_async_args args; |
2233 | 2233 | |
2234 | memset(&args, 0, sizeof(args)); | |
2234 | 2235 | args.s = s; |
2235 | 2236 | args.type = OTHERFUNC; |
2236 | 2237 | args.f.func_other = s->method->ssl_shutdown; |
3913 | 3914 | if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { |
3914 | 3915 | struct ssl_async_args args; |
3915 | 3916 | |
3917 | memset(&args, 0, sizeof(args)); | |
3916 | 3918 | args.s = s; |
3917 | 3919 | |
3918 | 3920 | ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); |
2429 | 2429 | __owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags); |
2430 | 2430 | __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, |
2431 | 2431 | int ref); |
2432 | __owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain); | |
2432 | 2433 | |
2433 | 2434 | __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); |
2434 | 2435 | __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, |
0 | 0 | /* |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2005 Nokia. All rights reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
128 | 128 | } |
129 | 129 | #endif |
130 | 130 | if (x->time != 0L) { |
131 | if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0) | |
131 | if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) | |
132 | 132 | goto err; |
133 | 133 | } |
134 | 134 | if (x->timeout != 0L) { |
135 | if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) | |
135 | if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0) | |
136 | 136 | goto err; |
137 | 137 | } |
138 | 138 | if (BIO_puts(bp, "\n") <= 0) |
1394 | 1394 | && sversion == TLS1_2_VERSION |
1395 | 1395 | && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE |
1396 | 1396 | && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { |
1397 | if (s->hello_retry_request != SSL_HRR_NONE) { | |
1398 | SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); | |
1399 | goto err; | |
1400 | } | |
1397 | 1401 | s->hello_retry_request = SSL_HRR_PENDING; |
1398 | 1402 | hrr = 1; |
1399 | 1403 | if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) { |
0 | 0 | /* |
1 | * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
217 | 217 | else |
218 | 218 | len = s->init_num; |
219 | 219 | |
220 | if (len > s->max_send_fragment) | |
221 | len = s->max_send_fragment; | |
220 | if (len > ssl_get_max_send_fragment(s)) | |
221 | len = ssl_get_max_send_fragment(s); | |
222 | 222 | |
223 | 223 | /* |
224 | 224 | * XDTLS: this function is too long. split out the CCS part |
240 | 240 | |
241 | 241 | ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, |
242 | 242 | &written); |
243 | if (ret < 0) { | |
243 | if (ret <= 0) { | |
244 | 244 | /* |
245 | 245 | * might need to update MTU here, but we don't know which |
246 | 246 | * previous packet caused the failure -- so can't really |
3620 | 3620 | static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, |
3621 | 3621 | unsigned char *tick_nonce) |
3622 | 3622 | { |
3623 | uint32_t timeout = (uint32_t)s->session->timeout; | |
3624 | ||
3623 | 3625 | /* |
3624 | * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this | |
3625 | * unspecified for resumed session (for simplicity). | |
3626 | * Ticket lifetime hint: | |
3626 | 3627 | * In TLSv1.3 we reset the "time" field above, and always specify the |
3627 | * timeout. | |
3628 | * timeout, limited to a 1 week period per RFC8446. | |
3629 | * For TLSv1.2 this is advisory only and we leave this unspecified for | |
3630 | * resumed session (for simplicity). | |
3628 | 3631 | */ |
3629 | if (!WPACKET_put_bytes_u32(pkt, | |
3630 | (s->hit && !SSL_IS_TLS13(s)) | |
3631 | ? 0 : (uint32_t)s->session->timeout)) { | |
3632 | #define ONE_WEEK_SEC (7 * 24 * 60 * 60) | |
3633 | ||
3634 | if (SSL_IS_TLS13(s)) { | |
3635 | if (s->session->timeout > ONE_WEEK_SEC) | |
3636 | timeout = ONE_WEEK_SEC; | |
3637 | } else if (s->hit) | |
3638 | timeout = 0; | |
3639 | ||
3640 | if (!WPACKET_put_bytes_u32(pkt, timeout)) { | |
3632 | 3641 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); |
3633 | 3642 | return 0; |
3634 | 3643 | } |
9 | 9 | #include <errno.h> |
10 | 10 | #include <stdio.h> |
11 | 11 | #include <string.h> |
12 | #ifdef __TANDEM | |
13 | # include <strings.h> /* strcasecmp */ | |
14 | #endif | |
15 | 12 | #include <ctype.h> |
16 | 13 | |
17 | 14 | #include <openssl/bn.h> |
22 | 19 | #include "internal/numbers.h" |
23 | 20 | #include "testutil.h" |
24 | 21 | |
25 | #ifdef OPENSSL_SYS_WINDOWS | |
26 | # define strcasecmp _stricmp | |
27 | #endif | |
28 | ||
29 | 22 | /* |
30 | 23 | * Things in boring, not in openssl. |
31 | 24 | */ |
63 | 56 | PAIR *pp = s->pairs; |
64 | 57 | |
65 | 58 | for ( ; --i >= 0; pp++) |
66 | if (strcasecmp(pp->key, key) == 0) | |
59 | if (OPENSSL_strcasecmp(pp->key, key) == 0) | |
67 | 60 | return pp->value; |
68 | 61 | return NULL; |
69 | 62 | } |
36 | 36 | sanitytest rsa_complex exdatatest bntest \ |
37 | 37 | ecstresstest gmdifftest pbelutest \ |
38 | 38 | destest mdc2test sha_test \ |
39 | exptest pbetest \ | |
39 | exptest pbetest localetest evp_pkey_ctx_new_from_name\ | |
40 | 40 | evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ |
41 | 41 | evp_fetch_prov_test evp_libctx_test ossl_store_test \ |
42 | 42 | v3nametest v3ext \ |
134 | 134 | INCLUDE[exptest]=../include ../apps/include |
135 | 135 | DEPEND[exptest]=../libcrypto libtestutil.a |
136 | 136 | |
137 | SOURCE[localetest]=localetest.c | |
138 | INCLUDE[localetest]=../include ../apps/include | |
139 | DEPEND[localetest]=../libcrypto libtestutil.a | |
140 | ||
141 | SOURCE[evp_pkey_ctx_new_from_name]=evp_pkey_ctx_new_from_name.c | |
142 | INCLUDE[evp_pkey_ctx_new_from_name]=../include ../apps/include | |
143 | DEPEND[evp_pkey_ctx_new_from_name]=../libcrypto | |
144 | ||
137 | 145 | SOURCE[pbetest]=pbetest.c |
138 | 146 | INCLUDE[pbetest]=../include ../apps/include |
139 | 147 | DEPEND[pbetest]=../libcrypto libtestutil.a |
0 | 0 | /* |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
17 | 17 | |
18 | 18 | static X509 *cert = NULL; |
19 | 19 | static EVP_PKEY *privkey = NULL; |
20 | static char *derin = NULL; | |
20 | 21 | |
21 | 22 | static int test_encrypt_decrypt(const EVP_CIPHER *cipher) |
22 | 23 | { |
287 | 288 | return ret; |
288 | 289 | } |
289 | 290 | |
290 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") | |
291 | static int test_d2i_CMS_bio_file_encrypted_data(void) | |
292 | { | |
293 | BIO *bio = NULL; | |
294 | CMS_ContentInfo *cms = NULL; | |
295 | int ret = 0; | |
296 | ||
297 | ERR_clear_error(); | |
298 | ||
299 | if (!TEST_ptr(bio = BIO_new_file(derin, "r")) | |
300 | || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL))) | |
301 | goto end; | |
302 | ||
303 | if (!TEST_int_eq(ERR_peek_error(), 0)) | |
304 | goto end; | |
305 | ||
306 | ret = 1; | |
307 | end: | |
308 | CMS_ContentInfo_free(cms); | |
309 | BIO_free(bio); | |
310 | ||
311 | return ret; | |
312 | } | |
313 | ||
314 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n") | |
291 | 315 | |
292 | 316 | int setup_tests(void) |
293 | 317 | { |
300 | 324 | } |
301 | 325 | |
302 | 326 | if (!TEST_ptr(certin = test_get_argument(0)) |
303 | || !TEST_ptr(privkeyin = test_get_argument(1))) | |
327 | || !TEST_ptr(privkeyin = test_get_argument(1)) | |
328 | || !TEST_ptr(derin = test_get_argument(2))) | |
304 | 329 | return 0; |
305 | 330 | |
306 | 331 | certbio = BIO_new_file(certin, "r"); |
331 | 356 | ADD_TEST(test_encrypt_decrypt_aes_192_gcm); |
332 | 357 | ADD_TEST(test_encrypt_decrypt_aes_256_gcm); |
333 | 358 | ADD_TEST(test_d2i_CMS_bio_NULL); |
359 | ADD_TEST(test_d2i_CMS_bio_file_encrypted_data); | |
334 | 360 | return 1; |
335 | 361 | } |
336 | 362 |
0 | 0 | /* |
1 | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
184 | 184 | |
185 | 185 | end: |
186 | 186 | SSL_CTX_free(ctx); |
187 | return ret; | |
188 | } | |
189 | ||
190 | static int test_server_mtu_larger_than_max_fragment_length(void) | |
191 | { | |
192 | SSL_CTX *ctx = NULL; | |
193 | SSL *srvr_ssl = NULL, *clnt_ssl = NULL; | |
194 | int rv = 0; | |
195 | ||
196 | if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) | |
197 | goto end; | |
198 | ||
199 | SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); | |
200 | SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); | |
201 | ||
202 | #ifndef OPENSSL_NO_DH | |
203 | if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1))) | |
204 | goto end; | |
205 | #endif | |
206 | ||
207 | if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, | |
208 | NULL, NULL))) | |
209 | goto end; | |
210 | ||
211 | SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU); | |
212 | if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500))) | |
213 | goto end; | |
214 | ||
215 | SSL_set_tlsext_max_fragment_length(clnt_ssl, | |
216 | TLSEXT_max_fragment_length_512); | |
217 | ||
218 | if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl, | |
219 | SSL_ERROR_NONE))) | |
220 | goto end; | |
221 | ||
222 | rv = 1; | |
223 | ||
224 | end: | |
225 | SSL_free(clnt_ssl); | |
226 | SSL_free(srvr_ssl); | |
227 | SSL_CTX_free(ctx); | |
228 | return rv; | |
229 | } | |
230 | ||
231 | int setup_tests(void) | |
232 | { | |
233 | ADD_TEST(run_mtu_tests); | |
234 | ADD_TEST(test_server_mtu_larger_than_max_fragment_length); | |
235 | return 1; | |
236 | } | |
237 | ||
238 | void cleanup_tests(void) | |
239 | { | |
187 | 240 | bio_s_mempacket_test_free(); |
188 | return ret; | |
189 | } | |
190 | ||
191 | int setup_tests(void) | |
192 | { | |
193 | ADD_TEST(run_mtu_tests); | |
194 | return 1; | |
195 | } | |
241 | } |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
142 | 142 | typedef void (dumper)(const char *label, const void *data, size_t data_len); |
143 | 143 | |
144 | 144 | #define FLAG_DECODE_WITH_TYPE 0x0001 |
145 | #define FLAG_FAIL_IF_FIPS 0x0002 | |
145 | 146 | |
146 | 147 | static int test_encode_decode(const char *file, const int line, |
147 | 148 | const char *type, EVP_PKEY *pkey, |
165 | 166 | * dumping purposes. |
166 | 167 | */ |
167 | 168 | if (!TEST_true(encode_cb(file, line, &encoded, &encoded_len, pkey, selection, |
168 | output_type, output_structure, pass, pcipher)) | |
169 | || !TEST_true(check_cb(file, line, type, encoded, encoded_len)) | |
169 | output_type, output_structure, pass, pcipher))) | |
170 | goto end; | |
171 | ||
172 | if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { | |
173 | if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, | |
174 | encoded_len, output_type, output_structure, | |
175 | (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), | |
176 | selection, pass))) | |
177 | ok = 1; | |
178 | goto end; | |
179 | } | |
180 | ||
181 | if (!TEST_true(check_cb(file, line, type, encoded, encoded_len)) | |
170 | 182 | || !TEST_true(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, |
171 | 183 | output_type, output_structure, |
172 | 184 | (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), |
520 | 532 | return ok; |
521 | 533 | } |
522 | 534 | |
523 | static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) | |
535 | static int test_unprotected_via_DER(const char *type, EVP_PKEY *key, int fips) | |
524 | 536 | { |
525 | 537 | return test_encode_decode(__FILE__, __LINE__, type, key, |
526 | 538 | OSSL_KEYMGMT_SELECT_KEYPAIR |
528 | 540 | "DER", "PrivateKeyInfo", NULL, NULL, |
529 | 541 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
530 | 542 | test_mem, check_unprotected_PKCS8_DER, |
531 | dump_der, 0); | |
543 | dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); | |
532 | 544 | } |
533 | 545 | |
534 | 546 | static int check_unprotected_PKCS8_PEM(const char *file, const int line, |
542 | 554 | sizeof(expected_pem_header) - 1); |
543 | 555 | } |
544 | 556 | |
545 | static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) | |
557 | static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key, int fips) | |
546 | 558 | { |
547 | 559 | return test_encode_decode(__FILE__, __LINE__, type, key, |
548 | 560 | OSSL_KEYMGMT_SELECT_KEYPAIR |
550 | 562 | "PEM", "PrivateKeyInfo", NULL, NULL, |
551 | 563 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
552 | 564 | test_text, check_unprotected_PKCS8_PEM, |
553 | dump_pem, 0); | |
565 | dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); | |
554 | 566 | } |
555 | 567 | |
556 | 568 | #ifndef OPENSSL_NO_KEYPARAMS |
697 | 709 | return ok; |
698 | 710 | } |
699 | 711 | |
700 | static int test_protected_via_DER(const char *type, EVP_PKEY *key) | |
712 | static int test_protected_via_DER(const char *type, EVP_PKEY *key, int fips) | |
701 | 713 | { |
702 | 714 | return test_encode_decode(__FILE__, __LINE__, type, key, |
703 | 715 | OSSL_KEYMGMT_SELECT_KEYPAIR |
706 | 718 | pass, pass_cipher, |
707 | 719 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
708 | 720 | test_mem, check_protected_PKCS8_DER, |
709 | dump_der, 0); | |
721 | dump_der, fips ? 0 : FLAG_FAIL_IF_FIPS); | |
710 | 722 | } |
711 | 723 | |
712 | 724 | static int check_protected_PKCS8_PEM(const char *file, const int line, |
720 | 732 | sizeof(expected_pem_header) - 1); |
721 | 733 | } |
722 | 734 | |
723 | static int test_protected_via_PEM(const char *type, EVP_PKEY *key) | |
735 | static int test_protected_via_PEM(const char *type, EVP_PKEY *key, int fips) | |
724 | 736 | { |
725 | 737 | return test_encode_decode(__FILE__, __LINE__, type, key, |
726 | 738 | OSSL_KEYMGMT_SELECT_KEYPAIR |
729 | 741 | pass, pass_cipher, |
730 | 742 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
731 | 743 | test_text, check_protected_PKCS8_PEM, |
732 | dump_pem, 0); | |
744 | dump_pem, fips ? 0 : FLAG_FAIL_IF_FIPS); | |
733 | 745 | } |
734 | 746 | |
735 | 747 | static int check_protected_legacy_PEM(const char *file, const int line, |
790 | 802 | return ok; |
791 | 803 | } |
792 | 804 | |
793 | static int test_public_via_DER(const char *type, EVP_PKEY *key) | |
805 | static int test_public_via_DER(const char *type, EVP_PKEY *key, int fips) | |
794 | 806 | { |
795 | 807 | return test_encode_decode(__FILE__, __LINE__, type, key, |
796 | 808 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
797 | 809 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
798 | 810 | "DER", "SubjectPublicKeyInfo", NULL, NULL, |
799 | 811 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
800 | test_mem, check_public_DER, dump_der, 0); | |
812 | test_mem, check_public_DER, dump_der, | |
813 | fips ? 0 : FLAG_FAIL_IF_FIPS); | |
801 | 814 | } |
802 | 815 | |
803 | 816 | static int check_public_PEM(const char *file, const int line, |
811 | 824 | sizeof(expected_pem_header) - 1); |
812 | 825 | } |
813 | 826 | |
814 | static int test_public_via_PEM(const char *type, EVP_PKEY *key) | |
827 | static int test_public_via_PEM(const char *type, EVP_PKEY *key, int fips) | |
815 | 828 | { |
816 | 829 | return test_encode_decode(__FILE__, __LINE__, type, key, |
817 | 830 | OSSL_KEYMGMT_SELECT_PUBLIC_KEY |
818 | 831 | | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
819 | 832 | "PEM", "SubjectPublicKeyInfo", NULL, NULL, |
820 | 833 | encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, |
821 | test_text, check_public_PEM, dump_pem, 0); | |
834 | test_text, check_public_PEM, dump_pem, | |
835 | fips ? 0 : FLAG_FAIL_IF_FIPS); | |
822 | 836 | } |
823 | 837 | |
824 | 838 | static int check_public_MSBLOB(const char *file, const int line, |
863 | 877 | EVP_PKEY_free(template_##KEYTYPE); \ |
864 | 878 | EVP_PKEY_free(key_##KEYTYPE) |
865 | 879 | |
866 | #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr) \ | |
880 | #define IMPLEMENT_TEST_SUITE(KEYTYPE, KEYTYPEstr, fips) \ | |
867 | 881 | static int test_unprotected_##KEYTYPE##_via_DER(void) \ |
868 | 882 | { \ |
869 | return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ | |
883 | return test_unprotected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
870 | 884 | } \ |
871 | 885 | static int test_unprotected_##KEYTYPE##_via_PEM(void) \ |
872 | 886 | { \ |
873 | return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
887 | return test_unprotected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
874 | 888 | } \ |
875 | 889 | static int test_protected_##KEYTYPE##_via_DER(void) \ |
876 | 890 | { \ |
877 | return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE); \ | |
891 | return test_protected_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
878 | 892 | } \ |
879 | 893 | static int test_protected_##KEYTYPE##_via_PEM(void) \ |
880 | 894 | { \ |
881 | return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
895 | return test_protected_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
882 | 896 | } \ |
883 | 897 | static int test_public_##KEYTYPE##_via_DER(void) \ |
884 | 898 | { \ |
885 | return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE); \ | |
899 | return test_public_via_DER(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
886 | 900 | } \ |
887 | 901 | static int test_public_##KEYTYPE##_via_PEM(void) \ |
888 | 902 | { \ |
889 | return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE); \ | |
903 | return test_public_via_PEM(KEYTYPEstr, key_##KEYTYPE, fips); \ | |
890 | 904 | } |
891 | 905 | |
892 | 906 | #define ADD_TEST_SUITE(KEYTYPE) \ |
960 | 974 | |
961 | 975 | #ifndef OPENSSL_NO_DH |
962 | 976 | DOMAIN_KEYS(DH); |
963 | IMPLEMENT_TEST_SUITE(DH, "DH") | |
977 | IMPLEMENT_TEST_SUITE(DH, "DH", 1) | |
964 | 978 | IMPLEMENT_TEST_SUITE_PARAMS(DH, "DH") |
965 | 979 | DOMAIN_KEYS(DHX); |
966 | IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH") | |
980 | IMPLEMENT_TEST_SUITE(DHX, "X9.42 DH", 1) | |
967 | 981 | IMPLEMENT_TEST_SUITE_PARAMS(DHX, "X9.42 DH") |
968 | 982 | /* |
969 | 983 | * DH has no support for PEM_write_bio_PrivateKey_traditional(), |
972 | 986 | #endif |
973 | 987 | #ifndef OPENSSL_NO_DSA |
974 | 988 | DOMAIN_KEYS(DSA); |
975 | IMPLEMENT_TEST_SUITE(DSA, "DSA") | |
989 | IMPLEMENT_TEST_SUITE(DSA, "DSA", 1) | |
976 | 990 | IMPLEMENT_TEST_SUITE_PARAMS(DSA, "DSA") |
977 | 991 | IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA") |
978 | 992 | IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA") |
983 | 997 | #endif |
984 | 998 | #ifndef OPENSSL_NO_EC |
985 | 999 | DOMAIN_KEYS(EC); |
986 | IMPLEMENT_TEST_SUITE(EC, "EC") | |
1000 | IMPLEMENT_TEST_SUITE(EC, "EC", 1) | |
987 | 1001 | IMPLEMENT_TEST_SUITE_PARAMS(EC, "EC") |
988 | 1002 | IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC") |
989 | 1003 | DOMAIN_KEYS(ECExplicitPrimeNamedCurve); |
990 | IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC") | |
1004 | IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1) | |
991 | 1005 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC") |
992 | 1006 | DOMAIN_KEYS(ECExplicitPrime2G); |
993 | IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC") | |
1007 | IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0) | |
994 | 1008 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC") |
995 | 1009 | # ifndef OPENSSL_NO_EC2M |
996 | 1010 | DOMAIN_KEYS(ECExplicitTriNamedCurve); |
997 | IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC") | |
1011 | IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1) | |
998 | 1012 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve, "EC") |
999 | 1013 | DOMAIN_KEYS(ECExplicitTri2G); |
1000 | IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC") | |
1014 | IMPLEMENT_TEST_SUITE(ECExplicitTri2G, "EC", 0) | |
1001 | 1015 | IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") |
1002 | 1016 | # endif |
1003 | 1017 | KEYS(ED25519); |
1004 | IMPLEMENT_TEST_SUITE(ED25519, "ED25519") | |
1018 | IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) | |
1005 | 1019 | KEYS(ED448); |
1006 | IMPLEMENT_TEST_SUITE(ED448, "ED448") | |
1020 | IMPLEMENT_TEST_SUITE(ED448, "ED448", 1) | |
1007 | 1021 | KEYS(X25519); |
1008 | IMPLEMENT_TEST_SUITE(X25519, "X25519") | |
1022 | IMPLEMENT_TEST_SUITE(X25519, "X25519", 1) | |
1009 | 1023 | KEYS(X448); |
1010 | IMPLEMENT_TEST_SUITE(X448, "X448") | |
1024 | IMPLEMENT_TEST_SUITE(X448, "X448", 1) | |
1011 | 1025 | /* |
1012 | 1026 | * ED25519, ED448, X25519 and X448 have no support for |
1013 | 1027 | * PEM_write_bio_PrivateKey_traditional(), so no legacy tests. |
1014 | 1028 | */ |
1015 | 1029 | #endif |
1016 | 1030 | KEYS(RSA); |
1017 | IMPLEMENT_TEST_SUITE(RSA, "RSA") | |
1031 | IMPLEMENT_TEST_SUITE(RSA, "RSA", 1) | |
1018 | 1032 | IMPLEMENT_TEST_SUITE_LEGACY(RSA, "RSA") |
1019 | 1033 | KEYS(RSA_PSS); |
1020 | IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS") | |
1034 | IMPLEMENT_TEST_SUITE(RSA_PSS, "RSA-PSS", 1) | |
1021 | 1035 | /* |
1022 | 1036 | * RSA-PSS has no support for PEM_write_bio_PrivateKey_traditional(), |
1023 | 1037 | * so no legacy tests. |
34 | 34 | #include "internal/nelem.h" |
35 | 35 | #include "internal/sizes.h" |
36 | 36 | #include "crypto/evp.h" |
37 | #include "../e_os.h" /* strcasecmp */ | |
38 | 37 | |
39 | 38 | static OSSL_LIB_CTX *testctx = NULL; |
40 | 39 | static char *testpropq = NULL; |
1738 | 1737 | return 0; |
1739 | 1738 | |
1740 | 1739 | for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { |
1741 | if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { | |
1740 | if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { | |
1742 | 1741 | *enc = ec_encodings[i].encoding; |
1743 | 1742 | break; |
1744 | 1743 | } |
1960 | 1959 | goto done; |
1961 | 1960 | |
1962 | 1961 | if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) |
1962 | goto done; | |
1963 | ||
1964 | /* | |
1965 | * Try verify again with non-matching 0 length id but ensure that it can | |
1966 | * be set on the context and overrides the previous value. | |
1967 | */ | |
1968 | ||
1969 | if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, | |
1970 | pkey))) | |
1971 | goto done; | |
1972 | ||
1973 | if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) | |
1974 | goto done; | |
1975 | ||
1976 | if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) | |
1977 | goto done; | |
1978 | ||
1979 | if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) | |
1963 | 1980 | goto done; |
1964 | 1981 | |
1965 | 1982 | /* now check encryption/decryption */ |
0 | 0 | /* |
1 | * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
32 | 32 | #include "testutil.h" |
33 | 33 | #include "internal/nelem.h" |
34 | 34 | #include "crypto/bn_dh.h" /* _bignum_ffdhe2048_p */ |
35 | #include "../e_os.h" /* strcasecmp */ | |
36 | 35 | |
37 | 36 | static OSSL_LIB_CTX *libctx = NULL; |
38 | 37 | static OSSL_PROVIDER *nullprov = NULL; |
477 | 476 | |
478 | 477 | static int name_cmp(const char * const *a, const char * const *b) |
479 | 478 | { |
480 | return strcasecmp(*a, *b); | |
479 | return OPENSSL_strcasecmp(*a, *b); | |
481 | 480 | } |
482 | 481 | |
483 | 482 | static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list) |
0 | #include <stdio.h> | |
1 | #include <openssl/ec.h> | |
2 | #include <openssl/evp.h> | |
3 | #include <openssl/err.h> | |
4 | ||
5 | int main(int argc, char *argv[]) | |
6 | { | |
7 | EVP_PKEY_CTX *pctx = NULL; | |
8 | ||
9 | pctx = EVP_PKEY_CTX_new_from_name(NULL, "NO_SUCH_ALGORITHM", NULL); | |
10 | EVP_PKEY_CTX_free(pctx); | |
11 | ||
12 | return 0; | |
13 | } |
11 | 11 | #include <string.h> |
12 | 12 | #include <stdlib.h> |
13 | 13 | #include <ctype.h> |
14 | #include "../e_os.h" /* strcasecmp */ | |
15 | 14 | #include <openssl/evp.h> |
16 | 15 | #include <openssl/pem.h> |
17 | 16 | #include <openssl/err.h> |
1132 | 1131 | size_t salt_len; |
1133 | 1132 | /* XOF mode? */ |
1134 | 1133 | int xof; |
1134 | /* Reinitialization fails */ | |
1135 | int no_reinit; | |
1135 | 1136 | /* Collection of controls */ |
1136 | 1137 | STACK_OF(OPENSSL_STRING) *controls; |
1137 | 1138 | /* Output size */ |
1244 | 1245 | return parse_bin(value, &mdata->output, &mdata->output_len); |
1245 | 1246 | if (strcmp(keyword, "XOF") == 0) |
1246 | 1247 | return mdata->xof = 1; |
1248 | if (strcmp(keyword, "NoReinit") == 0) | |
1249 | return mdata->no_reinit = 1; | |
1247 | 1250 | if (strcmp(keyword, "Ctrl") == 0) |
1248 | 1251 | return sk_OPENSSL_STRING_push(mdata->controls, |
1249 | 1252 | OPENSSL_strdup(value)) != 0; |
1407 | 1410 | const OSSL_PARAM *defined_params = |
1408 | 1411 | EVP_MAC_settable_ctx_params(expected->mac); |
1409 | 1412 | int xof; |
1413 | int reinit = 1; | |
1410 | 1414 | |
1411 | 1415 | if (expected->alg == NULL) |
1412 | 1416 | TEST_info("Trying the EVP_MAC %s test", expected->mac_name); |
1517 | 1521 | goto err; |
1518 | 1522 | } |
1519 | 1523 | } |
1524 | retry: | |
1520 | 1525 | if (!EVP_MAC_update(ctx, expected->input, expected->input_len)) { |
1521 | 1526 | t->err = "MAC_UPDATE_ERROR"; |
1522 | 1527 | goto err; |
1550 | 1555 | t->err = "TEST_MAC_ERR"; |
1551 | 1556 | goto err; |
1552 | 1557 | } |
1558 | } | |
1559 | if (reinit--) { | |
1560 | OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; | |
1561 | int ret; | |
1562 | ||
1563 | /* If the MAC uses IV, we have to set it again */ | |
1564 | if (expected->iv != NULL) { | |
1565 | ivparams[0] = | |
1566 | OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, | |
1567 | expected->iv, | |
1568 | expected->iv_len); | |
1569 | ivparams[1] = OSSL_PARAM_construct_end(); | |
1570 | } | |
1571 | ERR_set_mark(); | |
1572 | ret = EVP_MAC_init(ctx, NULL, 0, ivparams); | |
1573 | if (expected->no_reinit) { | |
1574 | if (ret) { | |
1575 | ERR_clear_last_mark(); | |
1576 | t->err = "MAC_REINIT_SHOULD_FAIL"; | |
1577 | goto err; | |
1578 | } | |
1579 | } else if (ret) { | |
1580 | ERR_clear_last_mark(); | |
1581 | OPENSSL_free(got); | |
1582 | got = NULL; | |
1583 | goto retry; | |
1584 | } else { | |
1585 | ERR_clear_last_mark(); | |
1586 | t->err = "MAC_REINIT_ERROR"; | |
1587 | goto err; | |
1588 | } | |
1589 | /* If reinitialization fails, it is unsupported by the algorithm */ | |
1590 | ERR_pop_to_mark(); | |
1553 | 1591 | } |
1554 | 1592 | t->err = NULL; |
1555 | 1593 | |
3885 | 3923 | OSSL_LIB_CTX_free(libctx); |
3886 | 3924 | } |
3887 | 3925 | |
3888 | #define STR_STARTS_WITH(str, pre) strncasecmp(pre, str, strlen(pre)) == 0 | |
3926 | #define STR_STARTS_WITH(str, pre) OPENSSL_strncasecmp(pre, str, strlen(pre)) == 0 | |
3889 | 3927 | #define STR_ENDS_WITH(str, pre) \ |
3890 | strlen(str) < strlen(pre) ? 0 : (strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) | |
3928 | strlen(str) < strlen(pre) ? 0 : (OPENSSL_strcasecmp(pre, str + strlen(str) - strlen(pre)) == 0) | |
3891 | 3929 | |
3892 | 3930 | static int is_digest_disabled(const char *name) |
3893 | 3931 | { |
3896 | 3934 | return 1; |
3897 | 3935 | #endif |
3898 | 3936 | #ifdef OPENSSL_NO_MD2 |
3899 | if (strcasecmp(name, "MD2") == 0) | |
3937 | if (OPENSSL_strcasecmp(name, "MD2") == 0) | |
3900 | 3938 | return 1; |
3901 | 3939 | #endif |
3902 | 3940 | #ifdef OPENSSL_NO_MDC2 |
3903 | if (strcasecmp(name, "MDC2") == 0) | |
3941 | if (OPENSSL_strcasecmp(name, "MDC2") == 0) | |
3904 | 3942 | return 1; |
3905 | 3943 | #endif |
3906 | 3944 | #ifdef OPENSSL_NO_MD4 |
3907 | if (strcasecmp(name, "MD4") == 0) | |
3945 | if (OPENSSL_strcasecmp(name, "MD4") == 0) | |
3908 | 3946 | return 1; |
3909 | 3947 | #endif |
3910 | 3948 | #ifdef OPENSSL_NO_MD5 |
3911 | if (strcasecmp(name, "MD5") == 0) | |
3949 | if (OPENSSL_strcasecmp(name, "MD5") == 0) | |
3912 | 3950 | return 1; |
3913 | 3951 | #endif |
3914 | 3952 | #ifdef OPENSSL_NO_RMD160 |
3915 | if (strcasecmp(name, "RIPEMD160") == 0) | |
3953 | if (OPENSSL_strcasecmp(name, "RIPEMD160") == 0) | |
3916 | 3954 | return 1; |
3917 | 3955 | #endif |
3918 | 3956 | #ifdef OPENSSL_NO_SM3 |
3919 | if (strcasecmp(name, "SM3") == 0) | |
3957 | if (OPENSSL_strcasecmp(name, "SM3") == 0) | |
3920 | 3958 | return 1; |
3921 | 3959 | #endif |
3922 | 3960 | #ifdef OPENSSL_NO_WHIRLPOOL |
3923 | if (strcasecmp(name, "WHIRLPOOL") == 0) | |
3961 | if (OPENSSL_strcasecmp(name, "WHIRLPOOL") == 0) | |
3924 | 3962 | return 1; |
3925 | 3963 | #endif |
3926 | 3964 | return 0; |
1431 | 1431 | test_ctx, extra, &server_ctx_data, |
1432 | 1432 | &server2_ctx_data, &client_ctx_data)) { |
1433 | 1433 | TEST_note("configure_handshake_ctx"); |
1434 | HANDSHAKE_RESULT_free(ret); | |
1434 | 1435 | return NULL; |
1435 | 1436 | } |
1436 | 1437 |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
15 | 15 | #include "ssl_test_ctx.h" |
16 | 16 | #include "../testutil.h" |
17 | 17 | |
18 | #ifdef OPENSSL_SYS_WINDOWS | |
19 | # define strcasecmp _stricmp | |
20 | #endif | |
21 | ||
22 | 18 | static const int default_app_data_size = 256; |
23 | 19 | /* Default set to be as small as possible to exercise fragmentation. */ |
24 | 20 | static const int default_max_fragment_size = 512; |
25 | 21 | |
26 | 22 | static int parse_boolean(const char *value, int *result) |
27 | 23 | { |
28 | if (strcasecmp(value, "Yes") == 0) { | |
24 | if (OPENSSL_strcasecmp(value, "Yes") == 0) { | |
29 | 25 | *result = 1; |
30 | 26 | return 1; |
31 | 27 | } |
32 | else if (strcasecmp(value, "No") == 0) { | |
28 | else if (OPENSSL_strcasecmp(value, "No") == 0) { | |
33 | 29 | *result = 0; |
34 | 30 | return 1; |
35 | 31 | } |
0 | ||
1 | #include <stdio.h> | |
2 | #include <string.h> | |
3 | #include <openssl/x509.h> | |
4 | #include "testutil.h" | |
5 | #include "testutil/output.h" | |
6 | ||
7 | #include <stdio.h> | |
8 | #include <stdlib.h> | |
9 | #include <locale.h> | |
10 | #ifdef OPENSSL_SYS_WINDOWS | |
11 | # define strcasecmp _stricmp | |
12 | #else | |
13 | # include <strings.h> | |
14 | #endif | |
15 | ||
16 | int setup_tests(void) | |
17 | { | |
18 | const unsigned char der_bytes[] = { | |
19 | 0x30, 0x82, 0x03, 0x09, 0x30, 0x82, 0x01, 0xf1, 0xa0, 0x03, 0x02, 0x01, | |
20 | 0x02, 0x02, 0x14, 0x08, 0xe0, 0x8c, 0xd3, 0xf3, 0xbf, 0x2c, 0xf2, 0x0d, | |
21 | 0x0a, 0x75, 0xd1, 0xe8, 0xea, 0xbe, 0x70, 0x61, 0xd9, 0x67, 0xf9, 0x30, | |
22 | 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, | |
23 | 0x05, 0x00, 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, | |
24 | 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, | |
25 | 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x34, | |
26 | 0x31, 0x39, 0x35, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x31, | |
27 | 0x31, 0x31, 0x34, 0x31, 0x39, 0x35, 0x37, 0x5a, 0x30, 0x14, 0x31, 0x12, | |
28 | 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, | |
29 | 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, | |
30 | 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, | |
31 | 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, | |
32 | 0x01, 0x01, 0x00, 0xc3, 0x1f, 0x5c, 0x56, 0x46, 0x8d, 0x69, 0xb6, 0x48, | |
33 | 0x3c, 0xbf, 0xe2, 0x0f, 0xa7, 0x4a, 0x44, 0x72, 0x74, 0x36, 0xfe, 0xe8, | |
34 | 0x2f, 0x10, 0x4a, 0xe9, 0x46, 0x45, 0x72, 0x5e, 0x48, 0xdd, 0x75, 0xab, | |
35 | 0xd9, 0x63, 0x91, 0x37, 0x93, 0x46, 0x28, 0x7e, 0x45, 0x94, 0x4b, 0x8a, | |
36 | 0xd5, 0x05, 0x2b, 0x9a, 0x01, 0x96, 0x30, 0xde, 0xcc, 0x14, 0x2d, 0x06, | |
37 | 0x09, 0x1b, 0x7d, 0x50, 0x14, 0x99, 0x36, 0x6b, 0x97, 0x6e, 0xc9, 0xb1, | |
38 | 0x69, 0x70, 0xcd, 0x9b, 0x74, 0x24, 0x9a, 0xe2, 0xd4, 0xc0, 0x1e, 0xbc, | |
39 | 0xec, 0xf6, 0x7a, 0xbb, 0xa0, 0x53, 0x93, 0xf8, 0x68, 0x9a, 0x18, 0xa1, | |
40 | 0xa1, 0x5c, 0x47, 0x93, 0xd1, 0x4c, 0x36, 0x8c, 0x00, 0xb3, 0x66, 0xda, | |
41 | 0xf1, 0x05, 0xb2, 0x3a, 0xad, 0x7e, 0x4b, 0xf3, 0xd3, 0x93, 0xfa, 0x59, | |
42 | 0x09, 0x9c, 0x60, 0x37, 0x69, 0x61, 0xe8, 0x5a, 0x33, 0xc6, 0xb2, 0x1a, | |
43 | 0xba, 0x36, 0xe2, 0xb3, 0x58, 0xe9, 0x73, 0x01, 0x2d, 0x36, 0x48, 0x36, | |
44 | 0x94, 0xe4, 0xb2, 0xa4, 0x5b, 0xdf, 0x3d, 0x5f, 0x62, 0x9f, 0xd9, 0xf3, | |
45 | 0x24, 0x0c, 0xf0, 0x2f, 0x71, 0x44, 0x79, 0x13, 0x70, 0x95, 0xa7, 0xbe, | |
46 | 0xea, 0x0a, 0x08, 0x0a, 0xa6, 0x4b, 0xe9, 0x58, 0x6b, 0xa4, 0xc2, 0xed, | |
47 | 0x74, 0x1e, 0xb0, 0x3b, 0x59, 0xd5, 0xe6, 0xdb, 0x8f, 0x58, 0x6a, 0xa3, | |
48 | 0x7d, 0x52, 0x40, 0xec, 0x72, 0xb7, 0xba, 0x7e, 0x30, 0x9d, 0x12, 0x57, | |
49 | 0xf2, 0x48, 0xae, 0x80, 0x0d, 0x0a, 0xf4, 0xfd, 0x24, 0xed, 0xd8, 0x05, | |
50 | 0xb2, 0x96, 0x44, 0x02, 0x3e, 0x6e, 0x25, 0xb0, 0xc4, 0x93, 0xda, 0xfe, | |
51 | 0x78, 0xd9, 0xbb, 0xd2, 0x71, 0x69, 0x70, 0x7f, 0xba, 0xf7, 0xb0, 0x4f, | |
52 | 0x14, 0xf7, 0x98, 0x71, 0x01, 0x6c, 0xec, 0x6f, 0x76, 0x03, 0x59, 0xff, | |
53 | 0xe2, 0xba, 0x8d, 0xd9, 0x21, 0x08, 0xb3, 0x02, 0x03, 0x01, 0x00, 0x01, | |
54 | 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, | |
55 | 0x16, 0x04, 0x14, 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, | |
56 | 0x80, 0x87, 0x0f, 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, | |
57 | 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, | |
58 | 0x59, 0xb8, 0x6e, 0x1a, 0x72, 0xe9, 0x27, 0x1e, 0xbf, 0x80, 0x87, 0x0f, | |
59 | 0xa9, 0xd0, 0x06, 0x6a, 0x11, 0x30, 0x77, 0x8e, 0x30, 0x0f, 0x06, 0x03, | |
60 | 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, | |
61 | 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, | |
62 | 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0x76, 0x9e, | |
63 | 0x3c, 0xfc, 0x3f, 0x58, 0xe8, 0xf2, 0x1f, 0x2e, 0x11, 0xa2, 0x59, 0xfa, | |
64 | 0x27, 0xb5, 0xec, 0x9d, 0x97, 0x05, 0x06, 0x2c, 0x95, 0xa5, 0x28, 0x88, | |
65 | 0x86, 0xeb, 0x4e, 0x8a, 0x62, 0xe9, 0x87, 0x78, 0xd8, 0x18, 0x22, 0x4e, | |
66 | 0xb1, 0x8d, 0x46, 0x4a, 0x4c, 0x6e, 0x7c, 0x53, 0x62, 0x2c, 0xf2, 0x7a, | |
67 | 0x95, 0xa0, 0x1a, 0x30, 0x18, 0x6a, 0x31, 0x6f, 0x3f, 0x55, 0x25, 0x9f, | |
68 | 0x67, 0x60, 0x68, 0x99, 0x0f, 0x41, 0x09, 0xc8, 0xe2, 0x04, 0x33, 0x22, | |
69 | 0x1a, 0xe9, 0xf3, 0xae, 0xce, 0xb6, 0x83, 0x64, 0x78, 0x66, 0x14, 0xc9, | |
70 | 0x54, 0xc8, 0x34, 0x70, 0x96, 0xaf, 0x16, 0xcd, 0xb8, 0xdf, 0x81, 0x7e, | |
71 | 0xf0, 0xa6, 0x7d, 0xc1, 0x13, 0xb2, 0x76, 0x3a, 0xd5, 0x7e, 0x68, 0x8c, | |
72 | 0xd5, 0x00, 0x70, 0x82, 0x23, 0x7e, 0x5e, 0xc9, 0x31, 0x2f, 0x33, 0x54, | |
73 | 0xaa, 0xaf, 0xcd, 0xe9, 0x38, 0x9a, 0x23, 0x53, 0xad, 0x4e, 0x72, 0xa7, | |
74 | 0x6f, 0x47, 0x60, 0xc9, 0xd3, 0x06, 0x9b, 0x7a, 0x21, 0xc6, 0xe9, 0xdb, | |
75 | 0x3c, 0xaa, 0xc0, 0x21, 0x29, 0x5f, 0x44, 0x6a, 0x45, 0x90, 0x73, 0x5e, | |
76 | 0x6d, 0x78, 0x82, 0xcb, 0x42, 0xe6, 0xba, 0x67, 0xb2, 0xe6, 0xa2, 0x15, | |
77 | 0x04, 0xea, 0x69, 0xae, 0x3e, 0xc0, 0x0c, 0x10, 0x99, 0xec, 0xa9, 0xb0, | |
78 | 0x7e, 0xe8, 0x94, 0xe2, 0xf3, 0xaf, 0xf7, 0x9f, 0x65, 0xe7, 0xd7, 0xe2, | |
79 | 0x49, 0xfa, 0x52, 0x7d, 0xb5, 0xfd, 0xa0, 0xa5, 0xe0, 0x49, 0xa7, 0x3d, | |
80 | 0x94, 0x20, 0x2d, 0xec, 0x8c, 0x22, 0xa5, 0xa4, 0x43, 0xfa, 0x7e, 0xd0, | |
81 | 0x50, 0x21, 0xb8, 0x67, 0x18, 0x44, 0x69, 0x8f, 0xdd, 0x47, 0x41, 0xc6, | |
82 | 0x35, 0xe0, 0xe9, 0x2e, 0x41, 0xa9, 0x6f, 0x41, 0xee, 0xb9, 0xbd, 0x45, | |
83 | 0xf3, 0x88, 0xc1, 0x23, 0x35, 0x96, 0xba, 0xf8, 0xcd, 0x4b, 0x83, 0x73, | |
84 | 0x5f | |
85 | }; | |
86 | ||
87 | char str1[] = "SubjectPublicKeyInfo", str2[] = "subjectpublickeyinfo"; | |
88 | int res; | |
89 | X509 *cert = NULL; | |
90 | X509_PUBKEY *cert_pubkey = NULL; | |
91 | const unsigned char *p = der_bytes; | |
92 | ||
93 | if (setlocale(LC_ALL, "") == NULL) | |
94 | return TEST_skip("Cannot set the locale necessary for test"); | |
95 | ||
96 | res = strcasecmp(str1, str2); | |
97 | TEST_note("Case-insensitive comparison via strcasecmp in current locale %s\n", res ? "failed" : "succeeded"); | |
98 | ||
99 | if (!TEST_false(OPENSSL_strcasecmp(str1, str2))) | |
100 | return 0; | |
101 | ||
102 | cert = d2i_X509(NULL, &p, sizeof(der_bytes)); | |
103 | if (!TEST_ptr(cert)) | |
104 | return 0; | |
105 | ||
106 | cert_pubkey = X509_get_X509_PUBKEY(cert); | |
107 | if (!TEST_ptr(cert_pubkey)) { | |
108 | X509_free(cert); | |
109 | return 0; | |
110 | } | |
111 | ||
112 | if (!TEST_ptr(X509_PUBKEY_get0(cert_pubkey))) { | |
113 | X509_free(cert); | |
114 | return 0; | |
115 | } | |
116 | ||
117 | X509_free(cert); | |
118 | return 1; | |
119 | } | |
120 | ||
121 | void cleanup_tests(void) | |
122 | { | |
123 | } |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
13 | 13 | |
14 | 14 | /* On machines that dont support <inttypes.h> just disable the tests */ |
15 | 15 | #if !defined(OPENSSL_NO_INTTYPES_H) |
16 | ||
17 | # ifdef OPENSSL_SYS_WINDOWS | |
18 | # define strcasecmp _stricmp | |
19 | # endif | |
20 | 16 | |
21 | 17 | # ifdef OPENSSL_SYS_VMS |
22 | 18 | # define strtoumax strtoull |
61 | 57 | |
62 | 58 | for (i = 0; i < s->numpairs; i++, pp++) { |
63 | 59 | p = ""; |
64 | if (strcasecmp(pp->key, "type") == 0) { | |
60 | if (OPENSSL_strcasecmp(pp->key, "type") == 0) { | |
65 | 61 | if (type != NULL) { |
66 | 62 | TEST_info("Line %d: multiple type lines", s->curr); |
67 | 63 | return 0; |
71 | 67 | TEST_info("Line %d: unknown type line", s->curr); |
72 | 68 | return 0; |
73 | 69 | } |
74 | } else if (strcasecmp(pp->key, "int32") == 0) { | |
70 | } else if (OPENSSL_strcasecmp(pp->key, "int32") == 0) { | |
75 | 71 | if (def_i32++) { |
76 | 72 | TEST_info("Line %d: multiple int32 lines", s->curr); |
77 | 73 | return 0; |
78 | 74 | } |
79 | if (strcasecmp(pp->value, "invalid") != 0) { | |
75 | if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { | |
80 | 76 | pc->valid_i32 = 1; |
81 | 77 | pc->i32 = (int32_t)strtoimax(pp->value, &p, 10); |
82 | 78 | } |
83 | } else if (strcasecmp(pp->key, "int64") == 0) { | |
79 | } else if (OPENSSL_strcasecmp(pp->key, "int64") == 0) { | |
84 | 80 | if (def_i64++) { |
85 | 81 | TEST_info("Line %d: multiple int64 lines", s->curr); |
86 | 82 | return 0; |
87 | 83 | } |
88 | if (strcasecmp(pp->value, "invalid") != 0) { | |
84 | if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { | |
89 | 85 | pc->valid_i64 = 1; |
90 | 86 | pc->i64 = (int64_t)strtoimax(pp->value, &p, 10); |
91 | 87 | } |
92 | } else if (strcasecmp(pp->key, "uint32") == 0) { | |
88 | } else if (OPENSSL_strcasecmp(pp->key, "uint32") == 0) { | |
93 | 89 | if (def_u32++) { |
94 | 90 | TEST_info("Line %d: multiple uint32 lines", s->curr); |
95 | 91 | return 0; |
96 | 92 | } |
97 | if (strcasecmp(pp->value, "invalid") != 0) { | |
93 | if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { | |
98 | 94 | pc->valid_u32 = 1; |
99 | 95 | pc->u32 = (uint32_t)strtoumax(pp->value, &p, 10); |
100 | 96 | } |
101 | } else if (strcasecmp(pp->key, "uint64") == 0) { | |
97 | } else if (OPENSSL_strcasecmp(pp->key, "uint64") == 0) { | |
102 | 98 | if (def_u64++) { |
103 | 99 | TEST_info("Line %d: multiple uint64 lines", s->curr); |
104 | 100 | return 0; |
105 | 101 | } |
106 | if (strcasecmp(pp->value, "invalid") != 0) { | |
102 | if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { | |
107 | 103 | pc->valid_u64 = 1; |
108 | 104 | pc->u64 = (uint64_t)strtoumax(pp->value, &p, 10); |
109 | 105 | } |
110 | } else if (strcasecmp(pp->key, "double") == 0) { | |
106 | } else if (OPENSSL_strcasecmp(pp->key, "double") == 0) { | |
111 | 107 | if (def_d++) { |
112 | 108 | TEST_info("Line %d: multiple double lines", s->curr); |
113 | 109 | return 0; |
114 | 110 | } |
115 | if (strcasecmp(pp->value, "invalid") != 0) { | |
111 | if (OPENSSL_strcasecmp(pp->value, "invalid") != 0) { | |
116 | 112 | pc->valid_d = 1; |
117 | 113 | pc->d = strtod(pp->value, &p); |
118 | 114 | } |
132 | 128 | return 0; |
133 | 129 | } |
134 | 130 | |
135 | if (strcasecmp(type, "int32") == 0) { | |
131 | if (OPENSSL_strcasecmp(type, "int32") == 0) { | |
136 | 132 | if (!TEST_true(def_i32) || !TEST_true(pc->valid_i32)) { |
137 | 133 | TEST_note("errant int32 on line %d", s->curr); |
138 | 134 | return 0; |
141 | 137 | pc->datum = &datum_i32; |
142 | 138 | pc->ref = &ref_i32; |
143 | 139 | pc->size = sizeof(ref_i32); |
144 | } else if (strcasecmp(type, "int64") == 0) { | |
140 | } else if (OPENSSL_strcasecmp(type, "int64") == 0) { | |
145 | 141 | if (!TEST_true(def_i64) || !TEST_true(pc->valid_i64)) { |
146 | 142 | TEST_note("errant int64 on line %d", s->curr); |
147 | 143 | return 0; |
150 | 146 | pc->datum = &datum_i64; |
151 | 147 | pc->ref = &ref_i64; |
152 | 148 | pc->size = sizeof(ref_i64); |
153 | } else if (strcasecmp(type, "uint32") == 0) { | |
149 | } else if (OPENSSL_strcasecmp(type, "uint32") == 0) { | |
154 | 150 | if (!TEST_true(def_u32) || !TEST_true(pc->valid_u32)) { |
155 | 151 | TEST_note("errant uint32 on line %d", s->curr); |
156 | 152 | return 0; |
159 | 155 | pc->datum = &datum_u32; |
160 | 156 | pc->ref = &ref_u32; |
161 | 157 | pc->size = sizeof(ref_u32); |
162 | } else if (strcasecmp(type, "uint64") == 0) { | |
158 | } else if (OPENSSL_strcasecmp(type, "uint64") == 0) { | |
163 | 159 | if (!TEST_true(def_u64) || !TEST_true(pc->valid_u64)) { |
164 | 160 | TEST_note("errant uint64 on line %d", s->curr); |
165 | 161 | return 0; |
168 | 164 | pc->datum = &datum_u64; |
169 | 165 | pc->ref = &ref_u64; |
170 | 166 | pc->size = sizeof(ref_u64); |
171 | } else if (strcasecmp(type, "double") == 0) { | |
167 | } else if (OPENSSL_strcasecmp(type, "double") == 0) { | |
172 | 168 | if (!TEST_true(def_d) || !TEST_true(pc->valid_d)) { |
173 | 169 | TEST_note("errant double on line %d", s->curr); |
174 | 170 | return 0; |
0 | 0 | /* |
1 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
190 | 190 | * In this case we assume we've been built with "no-legacy" and skip |
191 | 191 | * this test (there is no OPENSSL_NO_LEGACY) |
192 | 192 | */ |
193 | OSSL_LIB_CTX_free(libctx); | |
193 | 194 | return 1; |
194 | 195 | } |
195 | 196 | |
196 | 197 | if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name, |
197 | PROVIDER_INIT_FUNCTION_NAME))) | |
198 | PROVIDER_INIT_FUNCTION_NAME))) { | |
199 | OSSL_LIB_CTX_free(libctx); | |
198 | 200 | return 0; |
201 | } | |
199 | 202 | |
200 | 203 | /* test_provider will free libctx and unload legacy as part of the test */ |
201 | 204 | return test_provider(&libctx, name, legacy); |
0 | #! /usr/bin/env perl | |
1 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use OpenSSL::Test; | |
10 | use OpenSSL::Test::Utils; | |
11 | ||
12 | setup("locale tests"); | |
13 | ||
14 | plan skip_all => "Locale tests not available on Windows or VMS" | |
15 | if $^O =~ /^(VMS|MSWin32)$/; | |
16 | ||
17 | plan tests => 3; | |
18 | ||
19 | ok(run(test(["evp_pkey_ctx_new_from_name"])), "running evp_pkey_ctx_new_from_name without explicit context init"); | |
20 | ||
21 | $ENV{LANG} = "C"; | |
22 | ok(run(test(["localetest"])), "running localetest"); | |
23 | ||
24 | $ENV{LANG} = "tr_TR.UTF-8"; | |
25 | ok(run(test(["localetest"])), "running localetest with Turkish locale"); |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
26 | 26 | plan tests => 29; |
27 | 27 | |
28 | 28 | my $infile = bldtop_file('providers', platform->dso('fips')); |
29 | my $fipskey = $ENV{FIPSKEY} // '00'; | |
29 | my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; | |
30 | 30 | |
31 | 31 | # Read in a text $infile and replace the regular expression in $srch with the |
32 | 32 | # value in $repl and output to a new file $outfile. |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
12 | 12 | use File::Spec; |
13 | 13 | use File::Compare qw/compare_text/; |
14 | 14 | use OpenSSL::Glob; |
15 | use OpenSSL::Test qw/:DEFAULT data_file/; | |
15 | use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/; | |
16 | 16 | use OpenSSL::Test::Utils; |
17 | 17 | |
18 | 18 | setup("test_ecparam"); |
24 | 24 | my @noncanon = glob(data_file("noncanon", "*.pem")); |
25 | 25 | my @invalid = glob(data_file("invalid", "*.pem")); |
26 | 26 | |
27 | plan tests => 11; | |
27 | plan tests => 12; | |
28 | 28 | |
29 | 29 | sub checkload { |
30 | 30 | my $files = shift; # List of files |
57 | 57 | $in1 ne $in2}), "Original file $_ is the same as new one"); |
58 | 58 | } |
59 | 59 | } |
60 | ||
61 | my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); | |
60 | 62 | |
61 | 63 | subtest "Check loading valid parameters by ecparam with -check" => sub { |
62 | 64 | plan tests => scalar(@valid); |
112 | 114 | plan tests => 2 * scalar(@valid); |
113 | 115 | checkcompare(\@valid, "pkeyparam"); |
114 | 116 | }; |
117 | ||
118 | subtest "Check loading of fips and non-fips params" => sub { | |
119 | plan skip_all => "FIPS is disabled" | |
120 | if $no_fips; | |
121 | plan tests => 3; | |
122 | ||
123 | my $fipsconf = srctop_file("test", "fips-and-base.cnf"); | |
124 | my $defaultconf = srctop_file("test", "default.cnf"); | |
125 | ||
126 | $ENV{OPENSSL_CONF} = $fipsconf; | |
127 | ||
128 | ok(run(app(['openssl', 'ecparam', | |
129 | '-in', data_file('valid', 'secp384r1-explicit.pem'), | |
130 | '-check'])), | |
131 | "Loading explicitly encoded valid curve"); | |
132 | ||
133 | ok(run(app(['openssl', 'ecparam', | |
134 | '-in', data_file('valid', 'secp384r1-named.pem'), | |
135 | '-check'])), | |
136 | "Loading named valid curve"); | |
137 | ||
138 | ok(!run(app(['openssl', 'ecparam', | |
139 | '-in', data_file('valid', 'secp112r1-named.pem'), | |
140 | '-check'])), | |
141 | "Fail loading named non-fips curve"); | |
142 | ||
143 | $ENV{OPENSSL_CONF} = $defaultconf; | |
144 | }; |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
15 | 15 | |
16 | 16 | setup("test_rsapss"); |
17 | 17 | |
18 | plan tests => 7; | |
18 | plan tests => 9; | |
19 | 19 | |
20 | 20 | #using test/testrsa.pem which happens to be a 512 bit RSA |
21 | 21 | ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', |
63 | 63 | '-signature', 'testrsapss-unrestricted.sig', |
64 | 64 | srctop_file('test', 'testrsa.pem')])), |
65 | 65 | "openssl dgst -prverify [plain RSA key, PSS padding mode, no PSS restrictions]"); |
66 | ||
67 | # Test that RSA-PSS keys are supported by genpkey and rsa commands. | |
68 | { | |
69 | my $rsapss = "rsapss.key"; | |
70 | ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', | |
71 | '-pkeyopt', 'rsa_keygen_bits:1024', | |
72 | '--out', $rsapss]))); | |
73 | ok(run(app(['openssl', 'rsa', '-check', | |
74 | '-in', $rsapss]))); | |
75 | } |
123 | 123 | Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f |
124 | 124 | Ciphertext = 261cd0c88a4d4e6db7fc263257a9f6d0ce83c1ff5f2680dc57ffd8eefdbb9c00d3d507672d105a990b2b78509978625b9d93c2bd41e3fb721abd1496553c583c67dad9b662b3d58c8540e10ed9c5ed1a7f33ce9e9a41c30836651d73ee2c003af03a919eb41a6d70ef814e184e740f8a96221b924d9d025ef5e7150d4ca76921a025dd146fef87da738877313f11ec8f4c558b878c28ce6a9a5011d70f58c5dbd3412cf0a32154f5a4286958a5a50a86f15119835ceccf432601e4cc688cdd682ac9620500b60c0760bb93209859823778a7f2b5bab1af259bda13d84f952af9d2f07f500dadedc41a2b6a737a1296e0b2fb96ac4da4bf71fe2f0c4a1b6fc4dd251087e4c03d2e28c85a9b4a835ef166b48e5b7690f332a1d8db7bd9380221891f31ee82f4b8dd9ebf540cab583a0f33 |
125 | 125 | NextIV = 1f31ee82f4b8dd9ebf540cab583a0f33 |
126 | ||
127 | Title = RC4-HMAC-MD5 test vectors | |
128 | ||
129 | Availablein = legacy | |
130 | Cipher = RC4-HMAC-MD5 | |
131 | Key = d48ecc0a163a06626bd1b7e172dfb5b3 | |
132 | MACKey = 5973581f63768353af37d3f51ec9f6ef | |
133 | TLSAAD = 90a1b2c3e4f506172803010050 | |
134 | TLSVersion = 0x0301 | |
135 | Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f | |
136 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c | |
137 | Operation = ENCRYPT | |
138 | ||
139 | Availablein = legacy | |
140 | Cipher = RC4-HMAC-MD5 | |
141 | Key = d48ecc0a163a06626bd1b7e172dfb5b3 | |
142 | MACKey = 5973581f63768353af37d3f51ec9f6ef | |
143 | TLSAAD = 90a1b2c3e4f506172803010060 | |
144 | TLSVersion = 0x0301 | |
145 | Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f | |
146 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c | |
147 | Operation = DECRYPT |
6 | 6 | TLSAAD = 90a1b2c3e4f506172803010050 |
7 | 7 | TLSVersion = 0x0301 |
8 | 8 | Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f |
9 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c | |
9 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716 | |
10 | 10 | # DECRYPT must be a separate entry due to change in TLSAAD value |
11 | 11 | Operation = ENCRYPT |
12 | 12 | |
17 | 17 | TLSAAD = 90a1b2c3e4f506172803010060 |
18 | 18 | TLSVersion = 0x0301 |
19 | 19 | Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f |
20 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8d44460dfb9a0fce1faf00f1fc7159c3c | |
20 | Ciphertext = eea8eba927d9b16c640958f922b3ca43b197eea520674aa1d059156dfd4c12249e2890e8f3c72676e20fe4a30848c1cc6c12f4596d6e290b5f84745ac36959645ea4acabc84e748b2fd5e4228a2fe4f8c5792501fca9d8455160d626dc1a9716 | |
21 | 21 | Operation = DECRYPT |
0 | 0 | # |
1 | # Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
16 | 16 | Key = 0000000000000000000000000000000000000000000000000000000000000000 |
17 | 17 | Input = 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
18 | 18 | Output = 00000000000000000000000000000000 |
19 | NoReinit = 1 | |
19 | 20 | |
20 | 21 | MAC = Poly1305 |
21 | 22 | Key = 0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e |
22 | 23 | Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f |
23 | 24 | Output = 36e5f6b5c5e06070f0efca96227a863e |
25 | NoReinit = 1 | |
24 | 26 | |
25 | 27 | MAC = Poly1305 |
26 | 28 | Key = 36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000 |
27 | 29 | Input = 416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f |
28 | 30 | Output = f3477e7cd95417af89a6b8794c310cf0 |
31 | NoReinit = 1 | |
29 | 32 | |
30 | 33 | MAC = Poly1305 |
31 | 34 | Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 |
32 | 35 | Input = 2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e |
33 | 36 | Output = 4541669a7eaaee61e708dc7cbcc5eb62 |
37 | NoReinit = 1 | |
34 | 38 | |
35 | 39 | # If one uses 130-bit partial reduction, does the code handle the case where partially reduced final result is not fully reduced? |
36 | 40 | MAC = Poly1305 |
37 | 41 | Key = 0200000000000000000000000000000000000000000000000000000000000000 |
38 | 42 | Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
39 | 43 | Output = 03000000000000000000000000000000 |
44 | NoReinit = 1 | |
40 | 45 | |
41 | 46 | # What happens if addition of s overflows modulo 2^128? |
42 | 47 | MAC = Poly1305 |
43 | 48 | Key = 02000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
44 | 49 | Input = 02000000000000000000000000000000 |
45 | 50 | Output = 03000000000000000000000000000000 |
51 | NoReinit = 1 | |
46 | 52 | |
47 | 53 | # What happens if data limb is all ones and there is carry from lower limb? |
48 | 54 | MAC = Poly1305 |
49 | 55 | Key = 0100000000000000000000000000000000000000000000000000000000000000 |
50 | 56 | Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF11000000000000000000000000000000 |
51 | 57 | Output = 05000000000000000000000000000000 |
58 | NoReinit = 1 | |
52 | 59 | |
53 | 60 | # What happens if final result from polynomial part is exactly 2^130-5? |
54 | 61 | MAC = Poly1305 |
55 | 62 | Key = 0100000000000000000000000000000000000000000000000000000000000000 |
56 | 63 | Input = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFBFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE01010101010101010101010101010101 |
57 | 64 | Output = 00000000000000000000000000000000 |
65 | NoReinit = 1 | |
58 | 66 | |
59 | 67 | # What happens if final result from polynomial part is exactly 2^130-6? |
60 | 68 | MAC = Poly1305 |
61 | 69 | Key = 0200000000000000000000000000000000000000000000000000000000000000 |
62 | 70 | Input = FDFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
63 | 71 | Output = FAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF |
72 | NoReinit = 1 | |
64 | 73 | |
65 | 74 | # Taken from poly1305_internal_test.c |
66 | 75 | # More RFC7539 |
69 | 78 | Input = 43727970746f6772617068696320466f72756d2052657365617263682047726f7570 |
70 | 79 | Key = 85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b |
71 | 80 | Output = a8061dc1305136c6c22b8baf0c0127a9 |
81 | NoReinit = 1 | |
72 | 82 | |
73 | 83 | # test vectors from "The Poly1305-AES message-authentication code" |
74 | 84 | |
76 | 86 | Input = f3f6 |
77 | 87 | Key = 851fc40c3467ac0be05cc20404f3f700580b3b0f9447bb1e69d095b5928b6dbc |
78 | 88 | Output = f4c633c3044fc145f84f335cb81953de |
89 | NoReinit = 1 | |
79 | 90 | |
80 | 91 | # No input? |
81 | 92 | # # MAC = Poly1305 |
82 | 93 | # Input = |
83 | 94 | # Key = a0f3080000f46400d0c7e9076c834403dd3fab2251f11ac759f0887129cc2ee7 |
84 | 95 | # Output = dd3fab2251f11ac759f0887129cc2ee7 |
96 | # NoReinit = 1 | |
85 | 97 | |
86 | 98 | MAC = Poly1305 |
87 | 99 | Input = 663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136 |
88 | 100 | Key = 48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef |
89 | 101 | Output = 0ee1c16bb73f0f4fd19881753c01cdbe |
102 | NoReinit = 1 | |
90 | 103 | |
91 | 104 | MAC = Poly1305 |
92 | 105 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9 |
93 | 106 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
94 | 107 | Output = 5154ad0d2cb26e01274fc51148491f1b |
108 | NoReinit = 1 | |
95 | 109 | |
96 | 110 | # self-generated vectors exercise "significant" length such that* are handled by different code paths |
97 | 111 | |
99 | 113 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af |
100 | 114 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
101 | 115 | Output = 812059a5da198637cac7c4a631bee466 |
116 | NoReinit = 1 | |
102 | 117 | |
103 | 118 | MAC = Poly1305 |
104 | 119 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67 |
105 | 120 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
106 | 121 | Output = 5b88d7f6228b11e2e28579a5c0c1f761 |
122 | NoReinit = 1 | |
107 | 123 | |
108 | 124 | MAC = Poly1305 |
109 | 125 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136 |
110 | 126 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
111 | 127 | Output = bbb613b2b6d753ba07395b916aaece15 |
128 | NoReinit = 1 | |
112 | 129 | |
113 | 130 | MAC = Poly1305 |
114 | 131 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24 |
115 | 132 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
116 | 133 | Output = c794d7057d1778c4bbee0a39b3d97342 |
134 | NoReinit = 1 | |
117 | 135 | |
118 | 136 | MAC = Poly1305 |
119 | 137 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136 |
120 | 138 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
121 | 139 | Output = ffbcb9b371423152d7fca5ad042fbaa9 |
140 | NoReinit = 1 | |
122 | 141 | |
123 | 142 | MAC = Poly1305 |
124 | 143 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee466 |
125 | 144 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
126 | 145 | Output = 069ed6b8ef0f207b3e243bb1019fe632 |
146 | NoReinit = 1 | |
127 | 147 | |
128 | 148 | MAC = Poly1305 |
129 | 149 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761 |
130 | 150 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
131 | 151 | Output = cca339d9a45fa2368c2c68b3a4179133 |
152 | NoReinit = 1 | |
132 | 153 | |
133 | 154 | MAC = Poly1305 |
134 | 155 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136 |
135 | 156 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
136 | 157 | Output = 53f6e828a2f0fe0ee815bf0bd5841a34 |
158 | NoReinit = 1 | |
137 | 159 | |
138 | 160 | MAC = Poly1305 |
139 | 161 | Input = ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9af48443d0bb0d21109c89a100b5ce2c20883149c69b561dd88298a1798b10716ef663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136812059a5da198637cac7c4a631bee4665b88d7f6228b11e2e28579a5c0c1f761 |
140 | 162 | Key = 12976a08c4426d0ce8a82407c4f4820780f8c20aa71202d1e29179cbcb555a57 |
141 | 163 | Output = b846d44e9bbd53cedffbfbb6b7fa4933 |
164 | NoReinit = 1 | |
142 | 165 | |
143 | 166 | # 4th power of the key spills to 131th bit in SIMD key setup |
144 | 167 | |
146 | 169 | Input = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff |
147 | 170 | Key = ad628107e8351d0f2c231a05dc4a410600000000000000000000000000000000 |
148 | 171 | Output = 07145a4c02fe5fa32036de68fabe9066 |
172 | NoReinit = 1 | |
149 | 173 | |
150 | 174 | # poly1305_ieee754.c failed this in final stage |
151 | 175 | |
153 | 177 | Input = 842364e156336c0998b933a6237726180d9e3fdcbde4cd5d17080fc3beb49614d7122c037463ff104d73f19c12704628d417c4c54a3fe30d3c3d7714382d43b0382a50a5dee54be844b076e8df88201a1cd43b90eb21643fa96f39b518aa8340c942ff3c31baf7c9bdbf0f31ae3fa096bf8c63030609829fe72e179824890bc8e08c315c1cce2a83144dbbff09f74e3efc770b54d0984a8f19b14719e63635641d6b1eedf63efbf080e1783d32445412114c20de0b837a0dfa33d6b82825fff44c9a70ea54ce47f07df698e6b03323b53079364a5fc3e9dd034392bdde86dccdda94321c5e44060489336cb65bf3989c36f7282c2f5d2b882c171e74 |
154 | 178 | Key = 95d5c005503e510d8cd0aa072c4a4d066eabc52d11653df47fbf63ab198bcc26 |
155 | 179 | Output = f248312e578d9d58f8b7bb4d19105431 |
180 | NoReinit = 1 | |
156 | 181 | |
157 | 182 | # AVX2 in poly1305-x86.pl failed this with 176+32 split |
158 | 183 | |
160 | 185 | Input = 248ac31085b6c2adaaa38259a0d7192c5c35d1bb4ef39ad94c38d1c82479e2dd2159a077024b0589bc8a20101b506f0a1ad0bbab76e83a83f1b94be6beae74e874cab692c5963a75436b776121ec9f62399a3e66b2d22707dae81933b6277f3c8516bcbe26dbbd86f373103d7cf4cad1888c952118fbfbd0d7b4bedc4ae4936aff91157e7aa47c54442ea78d6ac251d324a0fbe49d89cc3521b66d16e9c66a3709894e4eb0a4eedc4ae19468e66b81f271351b1d921ea551047abcc6b87a901fde7db79fa1818c11336dbc07244a40eb |
161 | 186 | Key = 000102030405060708090a0b0c0d0e0f00000000000000000000000000000000 |
162 | 187 | Output = bc939bc5281480fa99c6d68c258ec42f |
188 | NoReinit = 1 | |
163 | 189 | |
164 | 190 | # test vectors from Google |
165 | 191 | |
168 | 194 | # Input = |
169 | 195 | # Key = c8afaac331ee372cd6082de134943b174710130e9f6fea8d72293850a667d86c |
170 | 196 | # Output = 4710130e9f6fea8d72293850a667d86c |
197 | # NoReinit = 1 | |
171 | 198 | |
172 | 199 | MAC = Poly1305 |
173 | 200 | Input = 48656c6c6f20776f726c6421 |
174 | 201 | Key = 746869732069732033322d62797465206b657920666f7220506f6c7931333035 |
175 | 202 | Output = a6f745008f81c916a20dcc74eef2b2f0 |
203 | NoReinit = 1 | |
176 | 204 | |
177 | 205 | MAC = Poly1305 |
178 | 206 | Input = 0000000000000000000000000000000000000000000000000000000000000000 |
179 | 207 | Key = 746869732069732033322d62797465206b657920666f7220506f6c7931333035 |
180 | 208 | Output = 49ec78090e481ec6c26b33b91ccc0307 |
209 | NoReinit = 1 | |
181 | 210 | |
182 | 211 | MAC = Poly1305 |
183 | 212 | Input = 89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a91c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a620334270372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f141300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595 |
184 | 213 | Key = 2d773be37adb1e4d683bf0075e79c4ee037918535a7f99ccb7040fb5f5f43aea |
185 | 214 | Output = c85d15ed44c378d6b00e23064c7bcd51 |
215 | NoReinit = 1 | |
186 | 216 | |
187 | 217 | MAC = Poly1305 |
188 | 218 | Input = 000000000000000b170303020000000006db1f1f368d696a810a349c0c714c9a5e7850c2407d721acded95e018d7a85266a6e1289cdb4aeb18da5ac8a2b0026d24a59ad485227f3eaedbb2e7e35e1c66cd60f9abf716dcc9ac42682dd7dab287a7024c4eefc321cc0574e16793e37cec03c5bda42b54c114a80b57af26416c7be742005e20855c73e21dc8e2edc9d435cb6f6059280011c270b71570051c1c9b3052126620bc1e2730fa066c7a509d53c60e5ae1b40aa6e39e49669228c90eecb4a50db32a50bc49e90b4f4b359a1dfd11749cd3867fcf2fb7bb6cd4738f6a4ad6f7ca5058f7618845af9f020f6c3b967b8f4cd4a91e2813b507ae66f2d35c18284f7292186062e10fd5510d18775351ef334e7634ab4743f5b68f49adcab384d3fd75f7390f4006ef2a295c8c7a076ad54546cd25d2107fbe1436c840924aaebe5b370893cd63d1325b8616fc4810886bc152c53221b6df373119393255ee72bcaa880174f1717f9184fa91646f17a24ac55d16bfddca9581a92eda479201f0edbf633600d6066d1ab36d5d2415d71351bbcd608a25108d25641992c1f26c531cf9f90203bc4cc19f5927d834b0a47116d3884bbb164b8ec883d1ac832e56b3918a98601a08d171881541d594db399c6ae6151221745aec814c45b0b05b565436fd6f137aa10a0c0b643761dbd6f9a9dcb99b1a6e690854ce0769cde39761d82fcdec15f0d92d7d8e94ade8eb83fbe0 |
189 | 219 | Key = 99e5822dd4173c995e3dae0ddefb97743fde3b080134b39f76e9bf8d0e88d546 |
190 | 220 | Output = 2637408fe13086ea73f971e3425e2820 |
221 | NoReinit = 1 | |
191 | 222 | |
192 | 223 | # test vectors from Hanno Bock |
193 | 224 | |
195 | 226 | Input = cccccccccccccccccccccccccccccccccccccccccccccccccc80ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccceccccccccccccccccccccccccccccccccccccc5cccccccccccccccccccccccccccccccccccccccccce3ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccaccccccccccccccccccccce6cccccccccc000000afccccccccccccccccccfffffff5000000000000000000000000000000000000000000000000000000ffffffe70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000719205a8521dfc |
196 | 227 | Key = 7f1b02640000000000000000000000000000000000000000cccccccccccccccc |
197 | 228 | Output = 8559b876eceed66eb37798c0457baff9 |
229 | NoReinit = 1 | |
198 | 230 | |
199 | 231 | MAC = Poly1305 |
200 | 232 | Input = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa000000000000000000800264 |
201 | 233 | Key = e00016000000000000000000000000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaa |
202 | 234 | Output = 00bd1258978e205444c9aaaa82006fed |
235 | NoReinit = 1 | |
203 | 236 | |
204 | 237 | MAC = Poly1305 |
205 | 238 | Input = 02fc |
206 | 239 | Key = 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c |
207 | 240 | Output = 06120c0c0c0c0c0c0c0c0c0c0c0c0c0c |
241 | NoReinit = 1 | |
208 | 242 | |
209 | 243 | MAC = Poly1305 |
210 | 244 | Input = 7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b007b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7a7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b5c7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b7b6e7b001300000000b300000000000000000000000000000000000000000000f20000000000000000000000000000000000002000efff0009000000000000000000000000100000000009000000640000000000000000000000001300000000b300000000000000000000000000000000000000000000f20000000000000000000000000000000000002000efff00090000000000000000007a000010000000000900000064000000000000000000000000000000000000000000000000fc |
211 | 245 | Key = 00ff000000000000000000000000000000000000001e00000000000000007b7b |
212 | 246 | Output = 33205bbf9e9f8f7212ab9e2ab9b7e4a5 |
247 | NoReinit = 1 | |
213 | 248 | |
214 | 249 | MAC = Poly1305 |
215 | 250 | Input = 77777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777777ffffffe9e9acacacacacacacacacacac0000acacec0100acacac2caca2acacacacacacacacacacac64f2 |
216 | 251 | Key = 0000007f0000007f01000020000000000000cf77777777777777777777777777 |
217 | 252 | Output = 02ee7c8c546ddeb1a467e4c3981158b9 |
253 | NoReinit = 1 | |
218 | 254 | |
219 | 255 | # test vectors from Andrew Moon - nacl |
220 | 256 | |
222 | 258 | Input = 8e993b9f48681273c29650ba32fc76ce48332ea7164d96a4476fb8c531a1186ac0dfc17c98dce87b4da7f011ec48c97271d2c20f9b928fe2270d6fb863d51738b48eeee314a7cc8ab932164548e526ae90224368517acfeabd6bb3732bc0e9da99832b61ca01b6de56244a9e88d5f9b37973f622a43d14a6599b1f654cb45a74e355a5 |
223 | 259 | Key = eea6a7251c1e72916d11c2cb214d3c252539121d8e234e652d651fa4c8cff880 |
224 | 260 | Output = f3ffc7703f9400e52a7dfb4b3d3305d9 |
261 | NoReinit = 1 | |
225 | 262 | |
226 | 263 | # wrap 2^130-5 |
227 | 264 | MAC = Poly1305 |
228 | 265 | Input = ffffffffffffffffffffffffffffffff |
229 | 266 | Key = 0200000000000000000000000000000000000000000000000000000000000000 |
230 | 267 | Output = 03000000000000000000000000000000 |
268 | NoReinit = 1 | |
231 | 269 | |
232 | 270 | # wrap 2^128 |
233 | 271 | MAC = Poly1305 |
234 | 272 | Input = 02000000000000000000000000000000 |
235 | 273 | Key = 02000000000000000000000000000000ffffffffffffffffffffffffffffffff |
236 | 274 | Output = 03000000000000000000000000000000 |
275 | NoReinit = 1 | |
237 | 276 | |
238 | 277 | # limb carry |
239 | 278 | MAC = Poly1305 |
240 | 279 | Input = fffffffffffffffffffffffffffffffff0ffffffffffffffffffffffffffffff11000000000000000000000000000000 |
241 | 280 | Key = 0100000000000000000000000000000000000000000000000000000000000000 |
242 | 281 | Output = 05000000000000000000000000000000 |
282 | NoReinit = 1 | |
243 | 283 | |
244 | 284 | # 2^130-5 |
245 | 285 | MAC = Poly1305 |
246 | 286 | Input = fffffffffffffffffffffffffffffffffbfefefefefefefefefefefefefefefe01010101010101010101010101010101 |
247 | 287 | Key = 0100000000000000000000000000000000000000000000000000000000000000 |
248 | 288 | Output = 00000000000000000000000000000000 |
289 | NoReinit = 1 | |
249 | 290 | |
250 | 291 | # 2^130-6 |
251 | 292 | MAC = Poly1305 |
252 | 293 | Input = fdffffffffffffffffffffffffffffff |
253 | 294 | Key = 0200000000000000000000000000000000000000000000000000000000000000 |
254 | 295 | Output = faffffffffffffffffffffffffffffff |
296 | NoReinit = 1 | |
255 | 297 | |
256 | 298 | # 5*H+L reduction intermediate |
257 | 299 | MAC = Poly1305 |
258 | 300 | Input = e33594d7505e43b900000000000000003394d7505e4379cd01000000000000000000000000000000000000000000000001000000000000000000000000000000 |
259 | 301 | Key = 0100000000000000040000000000000000000000000000000000000000000000 |
260 | 302 | Output = 14000000000000005500000000000000 |
303 | NoReinit = 1 | |
261 | 304 | |
262 | 305 | # 5*H+L reduction final |
263 | 306 | MAC = Poly1305 |
264 | 307 | Input = e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000 |
265 | 308 | Key = 0100000000000000040000000000000000000000000000000000000000000000 |
266 | 309 | Output = 13000000000000000000000000000000 |
310 | NoReinit = 1 | |
267 | 311 | |
268 | 312 | # Here are 4 duplicated cases for Poly1305 by EVP_PKEY |
269 | 313 | MAC = Poly1305 by EVP_PKEY |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
36 | 36 | |
37 | 37 | use constant { |
38 | 38 | CHANGE_HRR_CIPHERSUITE => 0, |
39 | CHANGE_CH1_CIPHERSUITE => 1 | |
39 | CHANGE_CH1_CIPHERSUITE => 1, | |
40 | DUPLICATE_HRR => 2 | |
40 | 41 | }; |
41 | 42 | |
42 | 43 | #Test 1: A client should fail if the server changes the ciphersuite between the |
49 | 50 | } |
50 | 51 | my $testtype = CHANGE_HRR_CIPHERSUITE; |
51 | 52 | $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; |
52 | plan tests => 2; | |
53 | plan tests => 3; | |
53 | 54 | ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); |
54 | 55 | |
55 | 56 | #Test 2: It is an error if the client changes the offered ciphersuites so that |
64 | 65 | $testtype = CHANGE_CH1_CIPHERSUITE; |
65 | 66 | $proxy->start(); |
66 | 67 | ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); |
68 | ||
69 | #Test 3: A client should fail with unexpected_message alert if the server | |
70 | # sends more than 1 HRR | |
71 | my $fatal_alert = 0; | |
72 | $proxy->clear(); | |
73 | if (disabled("ec")) { | |
74 | $proxy->serverflags("-curves ffdhe3072"); | |
75 | } else { | |
76 | $proxy->serverflags("-curves P-256"); | |
77 | } | |
78 | $testtype = DUPLICATE_HRR; | |
79 | $proxy->start(); | |
80 | ok($fatal_alert, "Server duplicated HRR"); | |
67 | 81 | |
68 | 82 | sub hrr_filter |
69 | 83 | { |
85 | 99 | return; |
86 | 100 | } |
87 | 101 | |
102 | if ($testtype == DUPLICATE_HRR) { | |
103 | # We're only interested in the HRR | |
104 | # and the unexpected_message alert from client | |
105 | if ($proxy->flight == 4) { | |
106 | $fatal_alert = 1 | |
107 | if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; | |
108 | return; | |
109 | } | |
110 | if ($proxy->flight != 3) { | |
111 | return; | |
112 | } | |
113 | ||
114 | # Find ServerHello record (HRR actually) and insert after that | |
115 | my $i; | |
116 | for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { | |
117 | next; | |
118 | } | |
119 | my $hrr_record = ${$proxy->record_list}[$i]; | |
120 | my $dup_hrr = TLSProxy::Record->new(3, | |
121 | $hrr_record->content_type(), | |
122 | $hrr_record->version(), | |
123 | $hrr_record->len(), | |
124 | $hrr_record->sslv2(), | |
125 | $hrr_record->len_real(), | |
126 | $hrr_record->decrypt_len(), | |
127 | $hrr_record->data(), | |
128 | $hrr_record->decrypt_data()); | |
129 | ||
130 | $i++; | |
131 | splice @{$proxy->record_list}, $i, 0, $dup_hrr; | |
132 | return; | |
133 | } | |
134 | ||
88 | 135 | # CHANGE_CH1_CIPHERSUITE |
89 | 136 | if ($proxy->flight != 0) { |
90 | 137 | return; |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
16 | 16 | plan tests => 1; |
17 | 17 | |
18 | 18 | ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), |
19 | srctop_file("test", "certs", "serverkey.pem")])), | |
19 | srctop_file("test", "certs", "serverkey.pem"), | |
20 | srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])), | |
20 | 21 | "running cmsapitest"); |
Binary diff not shown
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
34 | 34 | $untrusted = $CAfile; |
35 | 35 | } |
36 | 36 | my $expected_exit = shift; |
37 | my $nochecks = shift; | |
37 | 38 | my $outputfile = basename($inputfile, '.ors') . '.dat'; |
38 | 39 | |
39 | 40 | run(app(["openssl", "base64", "-d", |
44 | 45 | "-partial_chain", @check_time, |
45 | 46 | "-CAfile", catfile($ocspdir, $CAfile), |
46 | 47 | "-verify_other", catfile($ocspdir, $untrusted), |
47 | "-no-CApath", "-no-CAstore"])), | |
48 | "-no-CApath", "-no-CAstore", | |
49 | $nochecks ? "-no_cert_checks" : ()])), | |
48 | 50 | $title); }); |
49 | 51 | } |
50 | 52 | |
54 | 56 | plan tests => 7; |
55 | 57 | |
56 | 58 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
57 | "ND1.ors", "ND1_Issuer_ICA.pem", "", 0); | |
58 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
59 | "ND2.ors", "ND2_Issuer_Root.pem", "", 0); | |
60 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
61 | "ND3.ors", "ND3_Issuer_Root.pem", "", 0); | |
59 | "ND1.ors", "ND1_Issuer_ICA.pem", "", 0, 0); | |
60 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
61 | "ND2.ors", "ND2_Issuer_Root.pem", "", 0, 0); | |
62 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
63 | "ND3.ors", "ND3_Issuer_Root.pem", "", 0, 0); | |
62 | 64 | test_ocsp("NON-DELEGATED; 3-level CA hierarchy", |
63 | "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0); | |
64 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
65 | "D1.ors", "D1_Issuer_ICA.pem", "", 0); | |
66 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
67 | "D2.ors", "D2_Issuer_Root.pem", "", 0); | |
68 | test_ocsp("DELEGATED; Root CA -> EE", | |
69 | "D3.ors", "D3_Issuer_Root.pem", "", 0); | |
65 | "ND1.ors", "ND1_Cross_Root.pem", "ND1_Issuer_ICA-Cross.pem", 0, 0); | |
66 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
67 | "D1.ors", "D1_Issuer_ICA.pem", "", 0, 0); | |
68 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
69 | "D2.ors", "D2_Issuer_Root.pem", "", 0, 0); | |
70 | test_ocsp("DELEGATED; Root CA -> EE", | |
71 | "D3.ors", "D3_Issuer_Root.pem", "", 0, 0); | |
70 | 72 | }; |
71 | 73 | |
72 | 74 | subtest "=== INVALID SIGNATURE on the OCSP RESPONSE ===" => sub { |
73 | 75 | plan tests => 6; |
74 | 76 | |
75 | 77 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
76 | "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); | |
77 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
78 | "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1); | |
79 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
80 | "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1); | |
81 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
82 | "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
83 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
84 | "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
85 | test_ocsp("DELEGATED; Root CA -> EE", | |
86 | "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
78 | "ISOP_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); | |
79 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
80 | "ISOP_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); | |
81 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
82 | "ISOP_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); | |
83 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
84 | "ISOP_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
85 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
86 | "ISOP_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
87 | test_ocsp("DELEGATED; Root CA -> EE", | |
88 | "ISOP_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
87 | 89 | }; |
88 | 90 | |
89 | 91 | subtest "=== WRONG RESPONDERID in the OCSP RESPONSE ===" => sub { |
90 | 92 | plan tests => 6; |
91 | 93 | |
92 | 94 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
93 | "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); | |
94 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
95 | "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1); | |
96 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
97 | "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1); | |
98 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
99 | "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
100 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
101 | "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
102 | test_ocsp("DELEGATED; Root CA -> EE", | |
103 | "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
95 | "WRID_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); | |
96 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
97 | "WRID_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); | |
98 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
99 | "WRID_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); | |
100 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
101 | "WRID_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
102 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
103 | "WRID_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
104 | test_ocsp("DELEGATED; Root CA -> EE", | |
105 | "WRID_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
104 | 106 | }; |
105 | 107 | |
106 | 108 | subtest "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" => sub { |
107 | 109 | plan tests => 6; |
108 | 110 | |
109 | 111 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
110 | "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); | |
111 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
112 | "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); | |
113 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
114 | "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); | |
115 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
116 | "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
117 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
118 | "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
119 | test_ocsp("DELEGATED; Root CA -> EE", | |
120 | "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
112 | "WINH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); | |
113 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
114 | "WINH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); | |
115 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
116 | "WINH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); | |
117 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
118 | "WINH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
119 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
120 | "WINH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
121 | test_ocsp("DELEGATED; Root CA -> EE", | |
122 | "WINH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
121 | 123 | }; |
122 | 124 | |
123 | 125 | subtest "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" => sub { |
124 | 126 | plan tests => 6; |
125 | 127 | |
126 | 128 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
127 | "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1); | |
128 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
129 | "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1); | |
130 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
131 | "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1); | |
132 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
133 | "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
134 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
135 | "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
136 | test_ocsp("DELEGATED; Root CA -> EE", | |
137 | "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
129 | "WIKH_ND1.ors", "ND1_Issuer_ICA.pem", "", 1, 0); | |
130 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
131 | "WIKH_ND2.ors", "ND2_Issuer_Root.pem", "", 1, 0); | |
132 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
133 | "WIKH_ND3.ors", "ND3_Issuer_Root.pem", "", 1, 0); | |
134 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
135 | "WIKH_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
136 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
137 | "WIKH_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
138 | test_ocsp("DELEGATED; Root CA -> EE", | |
139 | "WIKH_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
138 | 140 | }; |
139 | 141 | |
140 | 142 | subtest "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { |
141 | 143 | plan tests => 3; |
142 | 144 | |
143 | 145 | test_ocsp("DELEGATED; Intermediate CA -> EE", |
144 | "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
145 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
146 | "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
147 | test_ocsp("DELEGATED; Root CA -> EE", | |
148 | "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
146 | "WKDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
147 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
148 | "WKDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
149 | test_ocsp("DELEGATED; Root CA -> EE", | |
150 | "WKDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
149 | 151 | }; |
150 | 152 | |
151 | 153 | subtest "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" => sub { |
152 | plan tests => 3; | |
153 | ||
154 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
155 | "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1); | |
156 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
157 | "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1); | |
158 | test_ocsp("DELEGATED; Root CA -> EE", | |
159 | "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1); | |
154 | plan tests => 6; | |
155 | ||
156 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
157 | "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 0); | |
158 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
159 | "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 0); | |
160 | test_ocsp("DELEGATED; Root CA -> EE", | |
161 | "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 0); | |
162 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
163 | "ISDOSC_D1.ors", "D1_Issuer_ICA.pem", "", 1, 1); | |
164 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
165 | "ISDOSC_D2.ors", "D2_Issuer_Root.pem", "", 1, 1); | |
166 | test_ocsp("DELEGATED; Root CA -> EE", | |
167 | "ISDOSC_D3.ors", "D3_Issuer_Root.pem", "", 1, 1); | |
160 | 168 | }; |
161 | 169 | |
162 | 170 | subtest "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" => sub { |
163 | 171 | plan tests => 6; |
164 | 172 | |
165 | 173 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
166 | "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1); | |
167 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
168 | "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1); | |
169 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
170 | "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1); | |
171 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
172 | "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1); | |
173 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
174 | "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1); | |
175 | test_ocsp("DELEGATED; Root CA -> EE", | |
176 | "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1); | |
174 | "ND1.ors", "WSNIC_ND1_Issuer_ICA.pem", "", 1, 0); | |
175 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
176 | "ND2.ors", "WSNIC_ND2_Issuer_Root.pem", "", 1, 0); | |
177 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
178 | "ND3.ors", "WSNIC_ND3_Issuer_Root.pem", "", 1, 0); | |
179 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
180 | "D1.ors", "WSNIC_D1_Issuer_ICA.pem", "", 1, 0); | |
181 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
182 | "D2.ors", "WSNIC_D2_Issuer_Root.pem", "", 1, 0); | |
183 | test_ocsp("DELEGATED; Root CA -> EE", | |
184 | "D3.ors", "WSNIC_D3_Issuer_Root.pem", "", 1, 0); | |
177 | 185 | }; |
178 | 186 | |
179 | 187 | subtest "=== WRONG KEY in the ISSUER CERTIFICATE ===" => sub { |
180 | 188 | plan tests => 6; |
181 | 189 | |
182 | 190 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
183 | "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1); | |
184 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
185 | "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1); | |
186 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
187 | "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1); | |
188 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
189 | "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1); | |
190 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
191 | "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1); | |
192 | test_ocsp("DELEGATED; Root CA -> EE", | |
193 | "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1); | |
191 | "ND1.ors", "WKIC_ND1_Issuer_ICA.pem", "", 1, 0); | |
192 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
193 | "ND2.ors", "WKIC_ND2_Issuer_Root.pem", "", 1, 0); | |
194 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
195 | "ND3.ors", "WKIC_ND3_Issuer_Root.pem", "", 1, 0); | |
196 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
197 | "D1.ors", "WKIC_D1_Issuer_ICA.pem", "", 1, 0); | |
198 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
199 | "D2.ors", "WKIC_D2_Issuer_Root.pem", "", 1, 0); | |
200 | test_ocsp("DELEGATED; Root CA -> EE", | |
201 | "D3.ors", "WKIC_D3_Issuer_Root.pem", "", 1, 0); | |
194 | 202 | }; |
195 | 203 | |
196 | 204 | subtest "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" => sub { |
198 | 206 | |
199 | 207 | # Expect success, because we're explicitly trusting the issuer certificate. |
200 | 208 | test_ocsp("NON-DELEGATED; Intermediate CA -> EE", |
201 | "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0); | |
202 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
203 | "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0); | |
204 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
205 | "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0); | |
206 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
207 | "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0); | |
208 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
209 | "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0); | |
210 | test_ocsp("DELEGATED; Root CA -> EE", | |
211 | "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0); | |
209 | "ND1.ors", "ISIC_ND1_Issuer_ICA.pem", "", 0, 0); | |
210 | test_ocsp("NON-DELEGATED; Root CA -> Intermediate CA", | |
211 | "ND2.ors", "ISIC_ND2_Issuer_Root.pem", "", 0, 0); | |
212 | test_ocsp("NON-DELEGATED; Root CA -> EE", | |
213 | "ND3.ors", "ISIC_ND3_Issuer_Root.pem", "", 0, 0); | |
214 | test_ocsp("DELEGATED; Intermediate CA -> EE", | |
215 | "D1.ors", "ISIC_D1_Issuer_ICA.pem", "", 0, 0); | |
216 | test_ocsp("DELEGATED; Root CA -> Intermediate CA", | |
217 | "D2.ors", "ISIC_D2_Issuer_Root.pem", "", 0, 0); | |
218 | test_ocsp("DELEGATED; Root CA -> EE", | |
219 | "D3.ors", "ISIC_D3_Issuer_Root.pem", "", 0, 0); | |
212 | 220 | }; |
213 | 221 | |
214 | 222 | subtest "=== OCSP API TESTS===" => sub { |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
31 | 31 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
32 | 32 | srctop_file("test", "recipes", "90-test_sslapi_data", |
33 | 33 | "passwd.txt"), $tmpfilename, "default", |
34 | srctop_file("test", "default.cnf")])), | |
34 | srctop_file("test", "default.cnf"), | |
35 | srctop_file("test", | |
36 | "recipes", | |
37 | "90-test_sslapi_data", | |
38 | "dhparams.pem")])), | |
35 | 39 | "running sslapitest"); |
36 | 40 | |
37 | 41 | unless ($no_fips) { |
38 | 42 | ok(run(test(["sslapitest", srctop_dir("test", "certs"), |
39 | 43 | srctop_file("test", "recipes", "90-test_sslapi_data", |
40 | 44 | "passwd.txt"), $tmpfilename, "fips", |
41 | srctop_file("test", "fips-and-base.cnf")])), | |
45 | srctop_file("test", "fips-and-base.cnf"), | |
46 | srctop_file("test", | |
47 | "recipes", | |
48 | "90-test_sslapi_data", | |
49 | "dhparams.pem")])), | |
42 | 50 | "running sslapitest"); |
43 | 51 | } |
44 | 52 |
0 | -----BEGIN PKCS7----- | |
1 | MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE | |
2 | cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw | |
3 | DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV | |
4 | BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw | |
5 | HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 | |
6 | ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln | |
7 | biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E | |
8 | aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy | |
9 | aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M | |
10 | VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq | |
11 | UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC | |
12 | AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR | |
13 | BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 | |
14 | ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 | |
15 | IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l | |
16 | bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | |
17 | L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t | |
18 | OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s | |
19 | IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 | |
20 | ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 | |
21 | cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ | |
22 | QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC | |
23 | MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu | |
24 | AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr | |
25 | cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC | |
26 | AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | |
27 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | |
28 | QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu | |
29 | dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp | |
30 | Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 | |
31 | DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES | |
32 | TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE | |
33 | AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD | |
34 | 2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU | |
35 | 47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | |
36 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | |
37 | QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB | |
38 | AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl | |
39 | ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE | |
40 | BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW | |
41 | ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 | |
42 | MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW | |
43 | sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 | |
44 | XfZsaiiIgotQHjEA | |
45 | -----END PKCS7----- | |
46 | -----BEGIN CERTIFICATE----- | |
47 | MIIHBzCCBO+gAwIBAgIRAIx3oACP9NGwxj2fOkiDjWswDQYJKoZIhvcNAQEMBQAw | |
48 | fTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G | |
49 | A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQD | |
50 | ExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4XDTIwMTAyMzAwMDAwMFoX | |
51 | DTMyMDEyMjIzNTk1OVowgYQxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy | |
52 | IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28g | |
53 | TGltaXRlZDEsMCoGA1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBTaWdu | |
54 | ZXIgIzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCRh0ssi8HxHqCe | |
55 | 0wfGAcpSsL55eV0JZgYtLzV9u8D7J9pCalkbJUzq70DWmn4yyGqBfbRcPlYQgTU6 | |
56 | IjaM+/ggKYesdNAbYrw/ZIcCX+/FgO8GHNxeTpOHuJreTAdOhcxwxQ177MPZ45fp | |
57 | yxnbVkVs7ksgbMk+bP3wm/Eo+JGZqvxawZqCIDq37+fWuCVJwjkbh4E5y8O3Os2f | |
58 | UAQfGpmkgAJNHQWoVdNtUoCD5m5IpV/BiVhgiu/xrM2HYxiOdMuEh0FpY4G89h+q | |
59 | fNfBQc6tq3aLIIDULZUHjcf1CxcemuXWmWlRx06mnSlv53mTDTJjU67MximKIMFg | |
60 | xvICLMT5yCLf+SeCoYNRwrzJghohhLKXvNSvRByWgiKVKoVUrvH9Pkl0dPyOrj+l | |
61 | cvTDWgGqUKWLdpUbZuvv2t+ULtka60wnfUwF9/gjXcRXyCYFevyBI19UCTgqYtWq | |
62 | yt/tz1OrH/ZEnNWZWcVWZFv3jlIPZvyYP0QGE2Ru6eEVYFClsezPuOjJC77FhPfd | |
63 | Cp3avClsPVbtv3hntlvIXhQcua+ELXei9zmVN29OfxzGPATWMcV+7z3oUX5xrSR0 | |
64 | Gyzc+Xyq78J2SWhi1Yv1A9++fY4PNnVGW5N2xIPugr4srjcS8bxWw+StQ8O3ZpZe | |
65 | lDL6oPariVD6zqDzCIEa0USnzPe4MQIDAQABo4IBeDCCAXQwHwYDVR0jBBgwFoAU | |
66 | GqH4YRkgD8NBd0UojtE1XwYSBFUwHQYDVR0OBBYEFGl1N3u7nTVCTr9X05rbnwHR | |
67 | rt7QMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoG | |
68 | CCsGAQUFBwMIMEAGA1UdIAQ5MDcwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUH | |
69 | AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMEQGA1UdHwQ9MDswOaA3oDWGM2h0 | |
70 | dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNy | |
71 | bDB0BggrBgEFBQcBAQRoMGYwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGln | |
72 | by5jb20vU2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNydDAjBggrBgEFBQcwAYYX | |
73 | aHR0cDovL29jc3Auc2VjdGlnby5jb20wDQYJKoZIhvcNAQEMBQADggIBAEoDeJBC | |
74 | M+x7GoMJNjOYVbudQAYwa0Vq8ZQOGVD/WyVeO+E5xFu66ZWQNze93/tk7OWCt5XM | |
75 | V1VwS070qIfdIoWmV7u4ISfUoCoxlIoHIZ6Kvaca9QIVy0RQmYzsProDd6aCApDC | |
76 | LpOpviE0dWO54C0PzwE3y42i+rhamq6hep4TkxlVjwmQLt/qiBcW62nW4SW9RQiX | |
77 | gNdUIChPynuzs6XSALBgNGXE48XDpeS6hap6adt1pD55aJo2i0OuNtRhcjwOhWIN | |
78 | oF5w22QvAcfBoccklKOyPG6yXqLQ+qjRuCUcFubA1X9oGsRlKTUqLYi86q501oLn | |
79 | wIi44U948FzKwEBcwp/VMhws2jysNvcGUpqjQDAXsCkWmcmqt4hJ9+gLJTO1P22v | |
80 | n18KVt8SscPuzpF36CAT6Vwkx+pEC0rmE4QcTesNtbiGoDCni6GftCzMwBYjyZHl | |
81 | QgNLgM7kTeYqAT7AXoWgJKEXQNXb2+eYEKTx6hkbgFT6R4nomIGpdcAO39BolHmh | |
82 | oJ6OtrdCZsvZ2WsvTdjePjIeIOTsnE1CjZ3HM5mCN0TUJikmQI54L7nu+i/x8Y/+ | |
83 | ULh43RSW3hwOcLAqhWqxbGjpKuQQK24h/dN8nTfkKgbWw/HXaONPB3mBCBP+smRe | |
84 | 6bE85tB4I7IJLOImYr87qZdRzMdEMoGyr8/f | |
85 | -----END CERTIFICATE----- | |
86 | -----BEGIN DH PARAMETERS----- | |
87 | MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz | |
88 | +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a | |
89 | 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 | |
90 | YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi | |
91 | 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD | |
92 | ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICB/8= | |
93 | -----END DH PARAMETERS----- | |
94 | -----BEGIN PRIVATE KEY----- | |
95 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDNAIHqeyrh6gbV | |
96 | n3xz2f+5SglhXC5Lp8Y2zvCN01M+wxhVJbAVx2m5mnfWclv5w1Mqm25fZifV+4UW | |
97 | B2jT3anL01l0URcX3D0wnS/EfuQfl+Mq23+d2GShxHZ6Zm7NcbwarPXnUX9LOFlP | |
98 | 6psF5C1a2pkSAIAT5FMWpNm7jtCGuI0odYusr5ItRqhotIXSOcm66w4rZFknEPQr | |
99 | LR6gpLSALAvsqzKPimiwBzvbVG/uqYCdKEmRKzkMFTK8finHZY+BdfrkbzQzL/h7 | |
100 | yrPkBkm5hXeGnaDqcYNT8HInVIhpE2SHYNEivmduD8SD3SD/wxvalqMZZsmqLnWt | |
101 | A95H4cRPAgMBAAECggEAYCl6x5kbFnoG1rJHWLjL4gi+ubLZ7Jc4vYD5Ci41AF3X | |
102 | ziktnim6iFvTFv7x8gkTvArJDWsICLJBTYIQREHYYkozzgIzyPeApIs3Wv8C12cS | |
103 | IopwJITbP56+zM+77hcJ26GCgA2Unp5CFuC/81WDiPi9kNo3Oh2CdD7D+90UJ/0W | |
104 | glplejFpEuhpU2URfKL4RckJQF/KxV+JX8FdIDhsJu54yemQdQKaF4psHkzwwgDo | |
105 | qc+yfp0Vb4bmwq3CKxqEoc1cpbJ5CHXXlAfISzUjlcuBzD/tW7BDtp7eDAcgRVAC | |
106 | XO6MX0QBcLYSC7SOD3R7zY9SIRCFDfBDxCjf0YcFMQKBgQD2+WG0fLwDXTrt68fe | |
107 | hQqVa2Xs25z2B2QGPxWqSFU8WNly/mZ1BW413f3De/O58vYi7icTNyVoScm+8hdv | |
108 | 6PfD+LuRujdN1TuvPeyBTSvewQwf3IjN0Wh28mse36PwlBl+301C/x+ylxEDuJjK | |
109 | hZxCcocIaoQqtBC7ac8tNa9r4wKBgQDUfnJKf/QQSLJwwlJKQQGHi3MVm7c9PbwY | |
110 | eyIOY1s1NPluJDoYTZP4YLa/u2txwe2aHh9FhYMCPDAelqaSwaCLU9DsnKkQEA2A | |
111 | RR47fcagG6xK7O+N95iEa8I1oIy7os9MBoBMwRIZ6VYIxxTj8UMNSR+tu6MqV1Gg | |
112 | T5d0WDTJpQKBgCHyRSu5uV39AoyRS/eZ8cp36JqV1Q08FtOE+EVfi9evnrPfo9WR | |
113 | 2YQt7yNfdjCo5IwIj/ZkLhAXlFNakz4el2+oUJ/HKLLaDEoaCNf883q6rh/zABrK | |
114 | HcG7sF2d/7qhoJ9/se7zgjfZ68zHIrkzhDbd5xGREnmMJoCcGo3sQyBhAoGAH3UQ | |
115 | qmLC2N5KPFMoJ4H0HgLQ6LQCrnhDLkScSBEBYaEUA/AtAYgKjcyTgVLXlyGkcRpg | |
116 | esRHHr+WSBD5W+R6ReYEmeKfTJdzyDdzQE9gZjdyjC0DUbsDwybIu3OnIef6VEDq | |
117 | IXK7oUZfzDDcsNn4mTDoFaoff5cpqFfgDgM43VkCgYBNHw11b+d+AQmaZS9QqIt7 | |
118 | aF3FvwCYHV0jdv0Mb+Kc1bY4c0R5MFpzrTwVmdOerjuuA1+9b+0Hwo3nBZM4eaBu | |
119 | SOamA2hu2OJWCl9q8fLCT69KqWDjghhvFe7c6aJJGucwaA3Uz3eLcPqoaCarMiNH | |
120 | fMkTd7GabVourqIZdgvu1Q== | |
121 | -----END PRIVATE KEY----- |
0 | 0 | /* |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
261 | 261 | |
262 | 262 | /* Use invalid hash size */ |
263 | 263 | return TEST_int_eq(SipHash_set_hash_size(&siphash, 4), 0) |
264 | && TEST_false(SipHash_Final(&siphash, output, 0)) | |
264 | 265 | /* Use hash size = 8 */ |
265 | 266 | && TEST_true(SipHash_set_hash_size(&siphash, 8)) |
267 | && TEST_false(SipHash_Final(&siphash, output, 8)) | |
266 | 268 | && TEST_true(SipHash_Init(&siphash, key, 0, 0)) |
267 | 269 | && TEST_true(SipHash_Final(&siphash, output, 8)) |
268 | 270 | && TEST_int_eq(SipHash_Final(&siphash, output, 16), 0) |
215 | 215 | |
216 | 216 | if (servername) { |
217 | 217 | if (s_ctx2 != NULL && sn_server2 != NULL && |
218 | !strcasecmp(servername, sn_server2)) { | |
218 | !OPENSSL_strcasecmp(servername, sn_server2)) { | |
219 | 219 | BIO_printf(bio_stdout, "Switching server context.\n"); |
220 | 220 | SSL_set_SSL_CTX(s, s_ctx2); |
221 | 221 | } |
93 | 93 | static char *privkey8192 = NULL; |
94 | 94 | static char *srpvfile = NULL; |
95 | 95 | static char *tmpfilename = NULL; |
96 | static char *dhfile = NULL; | |
96 | 97 | |
97 | 98 | static int is_fips = 0; |
98 | 99 | |
9383 | 9384 | SSL_CTX_free(cctx); |
9384 | 9385 | return testresult; |
9385 | 9386 | } |
9387 | ||
9388 | /* | |
9389 | * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week | |
9390 | * 0 = TLSv1.2 | |
9391 | * 1 = TLSv1.3 | |
9392 | */ | |
9393 | static int test_ticket_lifetime(int idx) | |
9394 | { | |
9395 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
9396 | SSL *clientssl = NULL, *serverssl = NULL; | |
9397 | int testresult = 0; | |
9398 | int version = TLS1_3_VERSION; | |
9399 | ||
9400 | #define ONE_WEEK_SEC (7 * 24 * 60 * 60) | |
9401 | #define TWO_WEEK_SEC (2 * ONE_WEEK_SEC) | |
9402 | ||
9403 | if (idx == 0) { | |
9404 | #ifdef OPENSSL_NO_TLS1_2 | |
9405 | return TEST_skip("TLS 1.2 is disabled."); | |
9406 | #else | |
9407 | version = TLS1_2_VERSION; | |
9408 | #endif | |
9409 | } | |
9410 | ||
9411 | if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), | |
9412 | TLS_client_method(), version, version, | |
9413 | &sctx, &cctx, cert, privkey))) | |
9414 | goto end; | |
9415 | ||
9416 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, | |
9417 | &clientssl, NULL, NULL))) | |
9418 | goto end; | |
9419 | ||
9420 | /* | |
9421 | * Set the timeout to be more than 1 week | |
9422 | * make sure the returned value is the default | |
9423 | */ | |
9424 | if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC), | |
9425 | SSL_get_default_timeout(serverssl))) | |
9426 | goto end; | |
9427 | ||
9428 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
9429 | goto end; | |
9430 | ||
9431 | if (idx == 0) { | |
9432 | /* TLSv1.2 uses the set value */ | |
9433 | if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC)) | |
9434 | goto end; | |
9435 | } else { | |
9436 | /* TLSv1.3 uses the limited value */ | |
9437 | if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC)) | |
9438 | goto end; | |
9439 | } | |
9440 | testresult = 1; | |
9441 | ||
9442 | end: | |
9443 | SSL_free(serverssl); | |
9444 | SSL_free(clientssl); | |
9445 | SSL_CTX_free(sctx); | |
9446 | SSL_CTX_free(cctx); | |
9447 | return testresult; | |
9448 | } | |
9386 | 9449 | #endif |
9387 | 9450 | /* |
9388 | 9451 | * Test that setting an ALPN does not violate RFC |
9456 | 9519 | return testresult; |
9457 | 9520 | } |
9458 | 9521 | |
9522 | /* | |
9523 | * Test SSL_CTX_set1_verify/chain_cert_store and SSL_CTX_get_verify/chain_cert_store. | |
9524 | */ | |
9525 | static int test_set_verify_cert_store_ssl_ctx(void) | |
9526 | { | |
9527 | SSL_CTX *ctx = NULL; | |
9528 | int testresult = 0; | |
9529 | X509_STORE *store = NULL, *new_store = NULL, | |
9530 | *cstore = NULL, *new_cstore = NULL; | |
9531 | ||
9532 | /* Create an initial SSL_CTX. */ | |
9533 | ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); | |
9534 | if (!TEST_ptr(ctx)) | |
9535 | goto end; | |
9536 | ||
9537 | /* Retrieve verify store pointer. */ | |
9538 | if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) | |
9539 | goto end; | |
9540 | ||
9541 | /* Retrieve chain store pointer. */ | |
9542 | if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) | |
9543 | goto end; | |
9544 | ||
9545 | /* We haven't set any yet, so this should be NULL. */ | |
9546 | if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) | |
9547 | goto end; | |
9548 | ||
9549 | /* Create stores. We use separate stores so pointers are different. */ | |
9550 | new_store = X509_STORE_new(); | |
9551 | if (!TEST_ptr(new_store)) | |
9552 | goto end; | |
9553 | ||
9554 | new_cstore = X509_STORE_new(); | |
9555 | if (!TEST_ptr(new_cstore)) | |
9556 | goto end; | |
9557 | ||
9558 | /* Set stores. */ | |
9559 | if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, new_store))) | |
9560 | goto end; | |
9561 | ||
9562 | if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, new_cstore))) | |
9563 | goto end; | |
9564 | ||
9565 | /* Should be able to retrieve the same pointer. */ | |
9566 | if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) | |
9567 | goto end; | |
9568 | ||
9569 | if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) | |
9570 | goto end; | |
9571 | ||
9572 | if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) | |
9573 | goto end; | |
9574 | ||
9575 | /* Should be able to unset again. */ | |
9576 | if (!TEST_true(SSL_CTX_set1_verify_cert_store(ctx, NULL))) | |
9577 | goto end; | |
9578 | ||
9579 | if (!TEST_true(SSL_CTX_set1_chain_cert_store(ctx, NULL))) | |
9580 | goto end; | |
9581 | ||
9582 | /* Should now be NULL. */ | |
9583 | if (!TEST_true(SSL_CTX_get0_verify_cert_store(ctx, &store))) | |
9584 | goto end; | |
9585 | ||
9586 | if (!TEST_true(SSL_CTX_get0_chain_cert_store(ctx, &cstore))) | |
9587 | goto end; | |
9588 | ||
9589 | if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) | |
9590 | goto end; | |
9591 | ||
9592 | testresult = 1; | |
9593 | ||
9594 | end: | |
9595 | X509_STORE_free(new_store); | |
9596 | X509_STORE_free(new_cstore); | |
9597 | SSL_CTX_free(ctx); | |
9598 | return testresult; | |
9599 | } | |
9600 | ||
9601 | /* | |
9602 | * Test SSL_set1_verify/chain_cert_store and SSL_get_verify/chain_cert_store. | |
9603 | */ | |
9604 | static int test_set_verify_cert_store_ssl(void) | |
9605 | { | |
9606 | SSL_CTX *ctx = NULL; | |
9607 | SSL *ssl = NULL; | |
9608 | int testresult = 0; | |
9609 | X509_STORE *store = NULL, *new_store = NULL, | |
9610 | *cstore = NULL, *new_cstore = NULL; | |
9611 | ||
9612 | /* Create an initial SSL_CTX. */ | |
9613 | ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); | |
9614 | if (!TEST_ptr(ctx)) | |
9615 | goto end; | |
9616 | ||
9617 | /* Create an SSL object. */ | |
9618 | ssl = SSL_new(ctx); | |
9619 | if (!TEST_ptr(ssl)) | |
9620 | goto end; | |
9621 | ||
9622 | /* Retrieve verify store pointer. */ | |
9623 | if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) | |
9624 | goto end; | |
9625 | ||
9626 | /* Retrieve chain store pointer. */ | |
9627 | if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) | |
9628 | goto end; | |
9629 | ||
9630 | /* We haven't set any yet, so this should be NULL. */ | |
9631 | if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) | |
9632 | goto end; | |
9633 | ||
9634 | /* Create stores. We use separate stores so pointers are different. */ | |
9635 | new_store = X509_STORE_new(); | |
9636 | if (!TEST_ptr(new_store)) | |
9637 | goto end; | |
9638 | ||
9639 | new_cstore = X509_STORE_new(); | |
9640 | if (!TEST_ptr(new_cstore)) | |
9641 | goto end; | |
9642 | ||
9643 | /* Set stores. */ | |
9644 | if (!TEST_true(SSL_set1_verify_cert_store(ssl, new_store))) | |
9645 | goto end; | |
9646 | ||
9647 | if (!TEST_true(SSL_set1_chain_cert_store(ssl, new_cstore))) | |
9648 | goto end; | |
9649 | ||
9650 | /* Should be able to retrieve the same pointer. */ | |
9651 | if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) | |
9652 | goto end; | |
9653 | ||
9654 | if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) | |
9655 | goto end; | |
9656 | ||
9657 | if (!TEST_ptr_eq(store, new_store) || !TEST_ptr_eq(cstore, new_cstore)) | |
9658 | goto end; | |
9659 | ||
9660 | /* Should be able to unset again. */ | |
9661 | if (!TEST_true(SSL_set1_verify_cert_store(ssl, NULL))) | |
9662 | goto end; | |
9663 | ||
9664 | if (!TEST_true(SSL_set1_chain_cert_store(ssl, NULL))) | |
9665 | goto end; | |
9666 | ||
9667 | /* Should now be NULL. */ | |
9668 | if (!TEST_true(SSL_get0_verify_cert_store(ssl, &store))) | |
9669 | goto end; | |
9670 | ||
9671 | if (!TEST_true(SSL_get0_chain_cert_store(ssl, &cstore))) | |
9672 | goto end; | |
9673 | ||
9674 | if (!TEST_ptr_null(store) || !TEST_ptr_null(cstore)) | |
9675 | goto end; | |
9676 | ||
9677 | testresult = 1; | |
9678 | ||
9679 | end: | |
9680 | X509_STORE_free(new_store); | |
9681 | X509_STORE_free(new_cstore); | |
9682 | SSL_free(ssl); | |
9683 | SSL_CTX_free(ctx); | |
9684 | return testresult; | |
9685 | } | |
9686 | ||
9687 | ||
9459 | 9688 | static int test_inherit_verify_param(void) |
9460 | 9689 | { |
9461 | 9690 | int testresult = 0; |
9497 | 9726 | return testresult; |
9498 | 9727 | } |
9499 | 9728 | |
9500 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n") | |
9729 | static int test_load_dhfile(void) | |
9730 | { | |
9731 | #ifndef OPENSSL_NO_DH | |
9732 | int testresult = 0; | |
9733 | ||
9734 | SSL_CTX *ctx = NULL; | |
9735 | SSL_CONF_CTX *cctx = NULL; | |
9736 | ||
9737 | if (dhfile == NULL) | |
9738 | return 1; | |
9739 | ||
9740 | if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method())) | |
9741 | || !TEST_ptr(cctx = SSL_CONF_CTX_new())) | |
9742 | goto end; | |
9743 | ||
9744 | SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); | |
9745 | SSL_CONF_CTX_set_flags(cctx, | |
9746 | SSL_CONF_FLAG_CERTIFICATE | |
9747 | | SSL_CONF_FLAG_SERVER | |
9748 | | SSL_CONF_FLAG_FILE); | |
9749 | ||
9750 | if (!TEST_int_eq(SSL_CONF_cmd(cctx, "DHParameters", dhfile), 2)) | |
9751 | goto end; | |
9752 | ||
9753 | testresult = 1; | |
9754 | end: | |
9755 | SSL_CONF_CTX_free(cctx); | |
9756 | SSL_CTX_free(ctx); | |
9757 | ||
9758 | return testresult; | |
9759 | #else | |
9760 | return TEST_skip("DH not supported by this build"); | |
9761 | #endif | |
9762 | } | |
9763 | ||
9764 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") | |
9501 | 9765 | |
9502 | 9766 | int setup_tests(void) |
9503 | 9767 | { |
9527 | 9791 | || !TEST_ptr(srpvfile = test_get_argument(1)) |
9528 | 9792 | || !TEST_ptr(tmpfilename = test_get_argument(2)) |
9529 | 9793 | || !TEST_ptr(modulename = test_get_argument(3)) |
9530 | || !TEST_ptr(configfile = test_get_argument(4))) | |
9794 | || !TEST_ptr(configfile = test_get_argument(4)) | |
9795 | || !TEST_ptr(dhfile = test_get_argument(5))) | |
9531 | 9796 | return 0; |
9532 | 9797 | |
9533 | 9798 | if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) |
9753 | 10018 | #endif |
9754 | 10019 | #ifndef OSSL_NO_USABLE_TLS1_3 |
9755 | 10020 | ADD_TEST(test_sni_tls13); |
10021 | ADD_ALL_TESTS(test_ticket_lifetime, 2); | |
9756 | 10022 | #endif |
9757 | 10023 | ADD_TEST(test_inherit_verify_param); |
9758 | 10024 | ADD_TEST(test_set_alpn); |
10025 | ADD_TEST(test_set_verify_cert_store_ssl_ctx); | |
10026 | ADD_TEST(test_set_verify_cert_store_ssl); | |
9759 | 10027 | ADD_ALL_TESTS(test_session_timeout, 1); |
10028 | ADD_TEST(test_load_dhfile); | |
9760 | 10029 | return 1; |
9761 | 10030 | |
9762 | 10031 | err: |
0 | 0 | /* |
1 | * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
13 | 13 | #include <openssl/x509v3.h> |
14 | 14 | #include "internal/nelem.h" |
15 | 15 | #include "testutil.h" |
16 | ||
17 | #ifdef OPENSSL_SYS_WINDOWS | |
18 | # define strcasecmp _stricmp | |
19 | #endif | |
20 | 16 | |
21 | 17 | static const char *const names[] = { |
22 | 18 | "a", "b", ".", "*", "@", |
286 | 282 | int failed = 0; |
287 | 283 | |
288 | 284 | for (; *pname != NULL; ++pname) { |
289 | int samename = strcasecmp(nameincert, *pname) == 0; | |
285 | int samename = OPENSSL_strcasecmp(nameincert, *pname) == 0; | |
290 | 286 | size_t namelen = strlen(*pname); |
291 | 287 | char *name = OPENSSL_malloc(namelen + 1); |
292 | 288 | int match, ret; |
0 | 0 | #!{- $config{HASHBANGPERL} -} |
1 | 1 | {- use OpenSSL::Util; -} |
2 | 2 | # {- join("\n# ", @autowarntext) -} |
3 | # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. | |
4 | 4 | # |
5 | 5 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
6 | 6 | # this file except in compliance with the License. You can obtain a copy |
151 | 151 | return ($is_cert, $is_crl); |
152 | 152 | } |
153 | 153 | |
154 | sub compute_hash { | |
155 | my $fh; | |
156 | if ( $^O eq "VMS" ) { | |
157 | # VMS uses the open through shell | |
158 | # The file names are safe there and list form is unsupported | |
159 | if (!open($fh, "-|", join(' ', @_))) { | |
160 | print STDERR "Cannot compute hash on '$fname'\n"; | |
161 | return; | |
162 | } | |
163 | } else { | |
164 | if (!open($fh, "-|", @_)) { | |
165 | print STDERR "Cannot compute hash on '$fname'\n"; | |
166 | return; | |
167 | } | |
168 | } | |
169 | return (<$fh>, <$fh>); | |
170 | } | |
154 | 171 | |
155 | 172 | # Link a certificate to its subject name hash value, each hash is of |
156 | 173 | # the form <hash>.<n> where n is an integer. If the hash value already exists |
160 | 177 | |
161 | 178 | sub link_hash_cert { |
162 | 179 | my $fname = $_[0]; |
163 | $fname =~ s/\"/\\\"/g; | |
164 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; | |
180 | my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, | |
181 | "-fingerprint", "-noout", | |
182 | "-in", $fname); | |
165 | 183 | chomp $hash; |
166 | 184 | chomp $fprint; |
185 | return if !$hash; | |
167 | 186 | $fprint =~ s/^.*=//; |
168 | 187 | $fprint =~ tr/://d; |
169 | 188 | my $suffix = 0; |
201 | 220 | |
202 | 221 | sub link_hash_crl { |
203 | 222 | my $fname = $_[0]; |
204 | $fname =~ s/'/'\\''/g; | |
205 | my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; | |
223 | my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, | |
224 | "-fingerprint", "-noout", | |
225 | "-in", $fname); | |
206 | 226 | chomp $hash; |
207 | 227 | chomp $fprint; |
228 | return if !$hash; | |
208 | 229 | $fprint =~ s/^.*=//; |
209 | 230 | $fprint =~ tr/://d; |
210 | 231 | my $suffix = 0; |
5424 | 5424 | ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: |
5425 | 5425 | EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: |
5426 | 5426 | EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: |
5427 | OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: | |
5428 | OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: |
4 | 4 | |
5 | 5 | # Use --- and === for H1 and H2. |
6 | 6 | rule 'MD003', :style => :setext_with_atx |
7 | # Code blocks are indented | |
8 | rule 'MD046', :style => :indented | |
7 | # Code blocks may be fenced or indented, both are OK... | |
8 | # but they must be consistent throughout each file. | |
9 | rule 'MD046', :style => :consistent | |
9 | 10 | |
10 | 11 | # Bug in mdl, https://github.com/markdownlint/markdownlint/issues/313 |
11 | 12 | exclude_rule 'MD007' |
8 | 8 | SSL_CTX_get0_certificate(3) |
9 | 9 | SSL_CTX_get0_ctlog_store(3) |
10 | 10 | SSL_CTX_get0_privatekey(3) |
11 | SSL_CTX_get_ssl_method(3) | |
12 | 11 | SSL_CTX_set0_ctlog_store(3) |
13 | 12 | SSL_CTX_set_client_cert_engine(3) |
14 | 13 | SSL_CTX_set_not_resumable_session_callback(3) |
15 | SSL_CTX_set_purpose(3) | |
16 | SSL_CTX_set_trust(3) | |
17 | 14 | SSL_SRP_CTX_free(3) |
18 | 15 | SSL_SRP_CTX_init(3) |
19 | 16 | SSL_add_ssl_module(3) |
28 | 25 | SSL_set_SSL_CTX(3) |
29 | 26 | SSL_set_debug(3) |
30 | 27 | SSL_set_not_resumable_session_callback(3) |
31 | SSL_set_purpose(3) | |
32 | 28 | SSL_set_session_secret_cb(3) |
33 | 29 | SSL_set_session_ticket_ext(3) |
34 | 30 | SSL_set_session_ticket_ext_cb(3) |
35 | SSL_set_trust(3) | |
36 | 31 | SSL_srp_server_param_with_username(3) |
37 | 32 | SSL_test_functions(3) |
38 | 33 | SSL_trace(3) |
458 | 458 | SSL_CTX_disable_ct define |
459 | 459 | SSL_CTX_generate_session_ticket_fn define |
460 | 460 | SSL_CTX_get0_chain_certs define |
461 | SSL_CTX_get0_chain_cert_store define | |
462 | SSL_CTX_get0_verify_cert_store define | |
461 | 463 | SSL_CTX_get_default_read_ahead define |
462 | 464 | SSL_CTX_get_extra_chain_certs define |
463 | 465 | SSL_CTX_get_extra_chain_certs_only define |
530 | 532 | SSL_disable_ct define |
531 | 533 | SSL_get0_chain_certs define |
532 | 534 | SSL_get0_session define |
535 | SSL_get0_chain_cert_store define | |
536 | SSL_get0_verify_cert_store define | |
533 | 537 | SSL_get1_curves define |
534 | 538 | SSL_get1_groups define |
535 | 539 | SSL_get_cipher define |