New upstream version 1.1.1l
Sebastian Andrzej Siewior
2 years ago
5 | 5 | For a full list of changes, see the git commit log; for example, |
6 | 6 | https://github.com/openssl/openssl/commits/ and pick the appropriate |
7 | 7 | release branch. |
8 | ||
9 | Changes between 1.1.1k and 1.1.1l [24 Aug 2021] | |
10 | ||
11 | *) Fixed an SM2 Decryption Buffer Overflow. | |
12 | ||
13 | In order to decrypt SM2 encrypted data an application is expected to call the | |
14 | API function EVP_PKEY_decrypt(). Typically an application will call this | |
15 | function twice. The first time, on entry, the "out" parameter can be NULL and, | |
16 | on exit, the "outlen" parameter is populated with the buffer size required to | |
17 | hold the decrypted plaintext. The application can then allocate a sufficiently | |
18 | sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL | |
19 | value for the "out" parameter. | |
20 | ||
21 | A bug in the implementation of the SM2 decryption code means that the | |
22 | calculation of the buffer size required to hold the plaintext returned by the | |
23 | first call to EVP_PKEY_decrypt() can be smaller than the actual size required by | |
24 | the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is | |
25 | called by the application a second time with a buffer that is too small. | |
26 | ||
27 | A malicious attacker who is able present SM2 content for decryption to an | |
28 | application could cause attacker chosen data to overflow the buffer by up to a | |
29 | maximum of 62 bytes altering the contents of other data held after the | |
30 | buffer, possibly changing application behaviour or causing the application to | |
31 | crash. The location of the buffer is application dependent but is typically | |
32 | heap allocated. | |
33 | (CVE-2021-3711) | |
34 | [Matt Caswell] | |
35 | ||
36 | *) Fixed various read buffer overruns processing ASN.1 strings | |
37 | ||
38 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING | |
39 | structure which contains a buffer holding the string data and a field holding | |
40 | the buffer length. This contrasts with normal C strings which are repesented as | |
41 | a buffer for the string data which is terminated with a NUL (0) byte. | |
42 | ||
43 | Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's | |
44 | own "d2i" functions (and other similar parsing functions) as well as any string | |
45 | whose value has been set with the ASN1_STRING_set() function will additionally | |
46 | NUL terminate the byte array in the ASN1_STRING structure. | |
47 | ||
48 | However, it is possible for applications to directly construct valid ASN1_STRING | |
49 | structures which do not NUL terminate the byte array by directly setting the | |
50 | "data" and "length" fields in the ASN1_STRING array. This can also happen by | |
51 | using the ASN1_STRING_set0() function. | |
52 | ||
53 | Numerous OpenSSL functions that print ASN.1 data have been found to assume that | |
54 | the ASN1_STRING byte array will be NUL terminated, even though this is not | |
55 | guaranteed for strings that have been directly constructed. Where an application | |
56 | requests an ASN.1 structure to be printed, and where that ASN.1 structure | |
57 | contains ASN1_STRINGs that have been directly constructed by the application | |
58 | without NUL terminating the "data" field, then a read buffer overrun can occur. | |
59 | ||
60 | The same thing can also occur during name constraints processing of certificates | |
61 | (for example if a certificate has been directly constructed by the application | |
62 | instead of loading it via the OpenSSL parsing functions, and the certificate | |
63 | contains non NUL terminated ASN1_STRING structures). It can also occur in the | |
64 | X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. | |
65 | ||
66 | If a malicious actor can cause an application to directly construct an | |
67 | ASN1_STRING and then process it through one of the affected OpenSSL functions | |
68 | then this issue could be hit. This might result in a crash (causing a Denial of | |
69 | Service attack). It could also result in the disclosure of private memory | |
70 | contents (such as private keys, or sensitive plaintext). | |
71 | (CVE-2021-3712) | |
72 | [Matt Caswell] | |
8 | 73 | |
9 | 74 | Changes between 1.1.1j and 1.1.1k [25 Mar 2021] |
10 | 75 |
751 | 751 | cxxflags => add("-mabi=64"), |
752 | 752 | perlasm_scheme => "64", |
753 | 753 | multilib => "64", |
754 | }, | |
755 | ||
756 | # riscv64 below refers to contemporary RISCV Architecture | |
757 | # specifications, | |
758 | "linux64-riscv64" => { | |
759 | inherit_from => [ "linux-generic64"], | |
760 | perlasm_scheme => "linux64", | |
754 | 761 | }, |
755 | 762 | |
756 | 763 | #### IA-32 targets... |
28 | 28 | $ndk = $ENV{$ndk_var}; |
29 | 29 | last if defined $ndk; |
30 | 30 | } |
31 | die "\$ANDROID_NDK_HOME is not defined" if (!$ndk); | |
32 | if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") { | |
33 | # $ndk/platforms is traditional "all-inclusive" NDK, while | |
34 | # $ndk/AndroidVersion.txt is so-called standalone toolchain | |
35 | # tailored for specific target down to API level. | |
31 | die "\$ANDROID_NDK_HOME is not defined" if (!$ndk); | |
32 | my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt"; | |
33 | my $ndk_src_props = "$ndk/source.properties"; | |
34 | my $is_ndk = -f $ndk_src_props; | |
35 | if ($is_ndk == $is_standalone_toolchain) { | |
36 | 36 | die "\$ANDROID_NDK_HOME=$ndk is invalid"; |
37 | 37 | } |
38 | 38 | $ndk = canonpath($ndk); |
39 | 39 | |
40 | 40 | my $ndkver = undef; |
41 | 41 | |
42 | if (open my $fh, "<$ndk/source.properties") { | |
42 | if (open my $fh, "<$ndk_src_props") { | |
43 | 43 | local $_; |
44 | 44 | while(<$fh>) { |
45 | 45 | if (m|Pkg\.Revision\s*=\s*([0-9]+)|) { |
58 | 58 | if ($sysroot = $ENV{CROSS_SYSROOT}) { |
59 | 59 | $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|; |
60 | 60 | ($api, $arch) = ($1, $2); |
61 | } elsif (-f "$ndk/AndroidVersion.txt") { | |
61 | } elsif ($is_standalone_toolchain) { | |
62 | 62 | $sysroot = "$ndk/sysroot"; |
63 | 63 | } else { |
64 | 64 | $api = "*"; |
71 | 71 | } |
72 | 72 | } |
73 | 73 | |
74 | # list available platforms (numerically) | |
75 | my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; | |
76 | $b =~ m/-([0-9]+)$/; $aa <=> $1; | |
77 | } glob("$ndk/platforms/android-$api"); | |
78 | die "no $ndk/platforms/android-$api" if ($#platforms < 0); | |
79 | ||
80 | $sysroot = "@platforms[$#platforms]/arch-$arch"; | |
81 | $sysroot =~ m|/android-([0-9]+)/arch-$arch|; | |
82 | $api = $1; | |
83 | } | |
84 | die "no sysroot=$sysroot" if (!-d $sysroot); | |
74 | if (-d "$ndk/platforms") { | |
75 | # list available platforms (numerically) | |
76 | my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; | |
77 | $b =~ m/-([0-9]+)$/; $aa <=> $1; | |
78 | } glob("$ndk/platforms/android-$api"); | |
79 | die "no $ndk/platforms/android-$api" if ($#platforms < 0); | |
80 | ||
81 | $sysroot = "@platforms[$#platforms]/arch-$arch"; | |
82 | $sysroot =~ m|/android-([0-9]+)/arch-$arch|; | |
83 | $api = $1; | |
84 | } elsif ($api eq "*") { | |
85 | # r22 Removed platforms dir, use this JSON file | |
86 | my $path = "$ndk/meta/platforms.json"; | |
87 | open my $fh, $path or die "Could not open '$path' $!"; | |
88 | while (<$fh>) { | |
89 | if (/"max": (\d+),/) { | |
90 | $api = $1; | |
91 | last; | |
92 | } | |
93 | } | |
94 | close $fh; | |
95 | } | |
96 | die "Could not get default API Level" if ($api eq "*"); | |
97 | } | |
98 | die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot); | |
85 | 99 | |
86 | 100 | my $triarch = $triplet{$arch}; |
87 | 101 | my $cflags; |
94 | 108 | my $arm = $ndkver > 16 ? "armv7a" : "armv5te"; |
95 | 109 | (my $tridefault = $triarch) =~ s/^arm-/$arm-/; |
96 | 110 | (my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/; |
97 | $cflags .= " -target $tridefault " | |
98 | . "-gcc-toolchain \$($ndk_var)/toolchains" | |
99 | . "/$tritools-4.9/prebuilt/$host"; | |
100 | $user{CC} = "clang" if ($user{CC} !~ m|clang|); | |
111 | if (length $sysroot) { | |
112 | $cflags .= " -target $tridefault " | |
113 | . "-gcc-toolchain \$($ndk_var)/toolchains" | |
114 | . "/$tritools-4.9/prebuilt/$host"; | |
115 | $user{CC} = "clang" if ($user{CC} !~ m|clang|); | |
116 | } else { | |
117 | $user{CC} = "$tridefault$api-clang"; | |
118 | } | |
101 | 119 | $user{CROSS_COMPILE} = undef; |
102 | 120 | if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { |
103 | 121 | $user{AR} = "llvm-ar"; |
104 | 122 | $user{ARFLAGS} = [ "rs" ]; |
105 | 123 | $user{RANLIB} = ":"; |
106 | 124 | } |
107 | } elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain" | |
125 | } elsif ($is_standalone_toolchain) { | |
108 | 126 | my $cc = $user{CC} // "clang"; |
109 | 127 | # One can probably argue that both clang and gcc should be |
110 | 128 | # probed, but support for "standalone toolchain" was added |
126 | 144 | $user{CROSS_COMPILE} = "$triarch-"; |
127 | 145 | } |
128 | 146 | |
129 | if (!-d "$sysroot/usr/include") { | |
130 | my $incroot = "$ndk/sysroot/usr/include"; | |
131 | die "no $incroot" if (!-d $incroot); | |
132 | die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); | |
133 | $incroot =~ s|^$ndk/||; | |
134 | $cppflags = "-D__ANDROID_API__=$api"; | |
135 | $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch"; | |
136 | $cppflags .= " -isystem \$($ndk_var)/$incroot"; | |
137 | } | |
138 | ||
139 | $sysroot =~ s|^$ndk/||; | |
147 | if (length $sysroot) { | |
148 | if (!-d "$sysroot/usr/include") { | |
149 | my $incroot = "$ndk/sysroot/usr/include"; | |
150 | die "no $incroot" if (!-d $incroot); | |
151 | die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); | |
152 | $incroot =~ s|^$ndk/||; | |
153 | $cppflags = "-D__ANDROID_API__=$api"; | |
154 | $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch"; | |
155 | $cppflags .= " -isystem \$($ndk_var)/$incroot"; | |
156 | } | |
157 | $sysroot =~ s|^$ndk/||; | |
158 | $sysroot = " --sysroot=\$($ndk_var)/$sysroot"; | |
159 | } | |
140 | 160 | $android_ndk = { |
141 | cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot", | |
161 | cflags => $cflags . $sysroot, | |
142 | 162 | cppflags => $cppflags, |
143 | 163 | bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG" |
144 | 164 | : "BN_LLONG", |
522 | 522 | $(RM) -r test/test-runs |
523 | 523 | $(RM) openssl.pc libcrypto.pc libssl.pc |
524 | 524 | -$(RM) `find . -type l \! -name '.*' -print` |
525 | $(RM) $(TARFILE) | |
526 | 525 | |
527 | 526 | distclean: clean |
528 | 527 | $(RM) configdata.pm |
323 | 323 | # Convenience target to prebuild all generated files, not just the mandatory |
324 | 324 | # ones |
325 | 325 | build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) |
326 | @{- output_off() if $disabled{makedepend}; "" -} | |
326 | @{- output_off() if $disabled{makedepend}; "\@rem" -} | |
327 | 327 | @$(ECHO) "Warning: consider configuring with no-makedepend, because if" |
328 | 328 | @$(ECHO) " target system doesn't have $(PERL)," |
329 | 329 | @$(ECHO) " then make will fail..." |
330 | @{- output_on() if $disabled{makedepend}; "" -} | |
330 | @{- output_on() if $disabled{makedepend}; "\@rem" -} | |
331 | 331 | |
332 | 332 | test: tests |
333 | 333 | {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep |
334 | @{- output_off() if $disabled{tests}; "" -} | |
334 | @{- output_off() if $disabled{tests}; "\@rem" -} | |
335 | 335 | -mkdir $(BLDDIR)\test\test-runs |
336 | 336 | set SRCTOP=$(SRCDIR) |
337 | 337 | set BLDTOP=$(BLDDIR) |
340 | 340 | set OPENSSL_ENGINES=$(MAKEDIR)\engines |
341 | 341 | set OPENSSL_DEBUG_MEMORY=on |
342 | 342 | "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) |
343 | @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} | |
343 | @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -} | |
344 | 344 | @$(ECHO) "Tests are not supported with your chosen Configure options" |
345 | @{- output_on() if !$disabled{tests}; "" -} | |
345 | @{- output_on() if !$disabled{tests}; "\@rem" -} | |
346 | 346 | |
347 | 347 | list-tests: |
348 | @{- output_off() if $disabled{tests}; "" -} | |
348 | @{- output_off() if $disabled{tests}; "\@rem" -} | |
349 | 349 | @set SRCTOP=$(SRCDIR) |
350 | 350 | @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list |
351 | @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} | |
351 | @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -} | |
352 | 352 | @$(ECHO) "Tests are not supported with your chosen Configure options" |
353 | @{- output_on() if !$disabled{tests}; "" -} | |
353 | @{- output_on() if !$disabled{tests}; "\@rem" -} | |
354 | 354 | |
355 | 355 | install: install_sw install_ssldirs install_docs |
356 | 356 | |
361 | 361 | -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb |
362 | 362 | |
363 | 363 | clean: libclean |
364 | {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} | |
364 | {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -} | |
365 | 365 | -del /Q /F $(ENGINES) |
366 | 366 | -del /Q /F $(SCRIPTS) |
367 | 367 | -del /Q /F $(GENERATED_MANDATORY) |
377 | 377 | -del /Q /F makefile |
378 | 378 | |
379 | 379 | depend: |
380 | @ {- output_off() if $disabled{makedepend}; "" -} | |
380 | @ {- output_off() if $disabled{makedepend}; "\@rem" -} | |
381 | 381 | @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC" |
382 | @ {- output_on() if $disabled{makedepend}; "" -} | |
382 | @ {- output_on() if $disabled{makedepend}; "\@rem" -} | |
383 | 383 | |
384 | 384 | # Install helper targets ############################################# |
385 | 385 | |
412 | 412 | @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) |
413 | 413 | @$(ECHO) "*** Installing development files" |
414 | 414 | @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" |
415 | @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} | |
415 | @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -} | |
416 | 416 | @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ |
417 | 417 | "$(INSTALLTOP)\include\openssl" |
418 | @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -} | |
418 | @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -} | |
419 | 419 | @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ |
420 | 420 | "$(SRCDIR)\include\openssl\*.h" \ |
421 | 421 | "$(INSTALLTOP)\include\openssl" |
3 | 3 | |
4 | 4 | This file gives a brief overview of the major changes between each OpenSSL |
5 | 5 | release. For more details please read the CHANGES file. |
6 | ||
7 | Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021] | |
8 | ||
9 | o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711) | |
10 | o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712) | |
6 | 11 | |
7 | 12 | Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021] |
8 | 13 |
0 | 0 | |
1 | OpenSSL 1.1.1k 25 Mar 2021 | |
1 | OpenSSL 1.1.1l 24 Aug 2021 | |
2 | 2 | |
3 | 3 | Copyright (c) 1998-2021 The OpenSSL Project |
4 | 4 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
0 | 0 | /* |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
119 | 119 | |
120 | 120 | if (!ASN1_INTEGER_set(p7s->version, 1)) |
121 | 121 | goto end; |
122 | if ((crl_stack = sk_X509_CRL_new_null()) == NULL) | |
123 | goto end; | |
124 | p7s->crl = crl_stack; | |
122 | ||
125 | 123 | if (crl != NULL) { |
124 | if ((crl_stack = sk_X509_CRL_new_null()) == NULL) | |
125 | goto end; | |
126 | p7s->crl = crl_stack; | |
126 | 127 | sk_X509_CRL_push(crl_stack, crl); |
127 | 128 | crl = NULL; /* now part of p7 for OPENSSL_freeing */ |
128 | 129 | } |
129 | 130 | |
130 | if ((cert_stack = sk_X509_new_null()) == NULL) | |
131 | goto end; | |
132 | p7s->cert = cert_stack; | |
133 | ||
134 | if (certflst != NULL) | |
131 | if (certflst != NULL) { | |
132 | if ((cert_stack = sk_X509_new_null()) == NULL) | |
133 | goto end; | |
134 | p7s->cert = cert_stack; | |
135 | ||
135 | 136 | for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { |
136 | 137 | certfile = sk_OPENSSL_STRING_value(certflst, i); |
137 | 138 | if (add_certs_from_file(cert_stack, certfile) < 0) { |
140 | 141 | goto end; |
141 | 142 | } |
142 | 143 | } |
144 | } | |
143 | 145 | |
144 | 146 | out = bio_open_default(outfile, 'w', outformat); |
145 | 147 | if (out == NULL) |
0 | 0 | /* |
1 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
80 | 80 | {"", OPT_CIPHER, '-', "Any supported cipher"}, |
81 | 81 | OPT_R_OPTIONS, |
82 | 82 | #ifdef ZLIB |
83 | {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, | |
83 | {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"}, | |
84 | 84 | #endif |
85 | 85 | #ifndef OPENSSL_NO_ENGINE |
86 | 86 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * Copyright 2005 Nokia. All rights reserved. |
4 | 4 | * |
132 | 132 | |
133 | 133 | if (s_debug) |
134 | 134 | BIO_printf(bio_s_out, "psk_server_cb\n"); |
135 | ||
136 | if (SSL_version(ssl) >= TLS1_3_VERSION) { | |
137 | /* | |
138 | * This callback is designed for use in TLSv1.2. It is possible to use | |
139 | * a single callback for all protocol versions - but it is preferred to | |
140 | * use a dedicated callback for TLSv1.3. For TLSv1.3 we have | |
141 | * psk_find_session_cb. | |
142 | */ | |
143 | return 0; | |
144 | } | |
145 | ||
135 | 146 | if (identity == NULL) { |
136 | 147 | BIO_printf(bio_err, "Error: client did not send PSK identity\n"); |
137 | 148 | goto out_err; |
0 | 0 | /* |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
213 | 213 | const BIO_ADDRINFO *next; |
214 | 214 | int sock_family, sock_type, sock_protocol, sock_port; |
215 | 215 | const BIO_ADDR *sock_address; |
216 | int sock_family_fallback = AF_UNSPEC; | |
217 | const BIO_ADDR *sock_address_fallback = NULL; | |
216 | 218 | int sock_options = BIO_SOCK_REUSEADDR; |
217 | 219 | int ret = 0; |
218 | 220 | |
243 | 245 | && BIO_ADDRINFO_protocol(next) == sock_protocol) { |
244 | 246 | if (sock_family == AF_INET |
245 | 247 | && BIO_ADDRINFO_family(next) == AF_INET6) { |
248 | /* In case AF_INET6 is returned but not supported by the | |
249 | * kernel, retry with the first detected address family */ | |
250 | sock_family_fallback = sock_family; | |
251 | sock_address_fallback = sock_address; | |
246 | 252 | sock_family = AF_INET6; |
247 | 253 | sock_address = BIO_ADDRINFO_address(next); |
248 | 254 | } else if (sock_family == AF_INET6 |
252 | 258 | } |
253 | 259 | |
254 | 260 | asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); |
261 | if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) { | |
262 | asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0); | |
263 | sock_address = sock_address_fallback; | |
264 | } | |
255 | 265 | if (asock == INVALID_SOCKET |
256 | 266 | || !BIO_listen(asock, sock_address, sock_options)) { |
257 | 267 | BIO_ADDRINFO_free(res); |
67 | 67 | # include <sys/auxv.h> |
68 | 68 | # define OSSL_IMPLEMENT_GETAUXVAL |
69 | 69 | # endif |
70 | # elif defined(__ANDROID_API__) | |
71 | /* see https://developer.android.google.cn/ndk/guides/cpu-features */ | |
72 | # if __ANDROID_API__ >= 18 | |
73 | # include <sys/auxv.h> | |
74 | # define OSSL_IMPLEMENT_GETAUXVAL | |
75 | # endif | |
70 | 76 | # endif |
71 | 77 | # if defined(__FreeBSD__) |
72 | 78 | # include <sys/param.h> |
85 | 91 | } |
86 | 92 | # endif |
87 | 93 | # endif |
94 | ||
95 | /* | |
96 | * Android: according to https://developer.android.com/ndk/guides/cpu-features, | |
97 | * getauxval is supported starting with API level 18 | |
98 | */ | |
99 | # if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18 | |
100 | # include <sys/auxv.h> | |
101 | # define OSSL_IMPLEMENT_GETAUXVAL | |
102 | # endif | |
88 | 103 | |
89 | 104 | /* |
90 | 105 | * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas |
0 | 0 | /* |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
285 | 285 | } |
286 | 286 | } |
287 | 287 | |
288 | /* | |
289 | * only the ASN1_OBJECTs from the 'table' will have values for ->sn or | |
290 | * ->ln | |
291 | */ | |
292 | 288 | if ((a == NULL) || ((*a) == NULL) || |
293 | 289 | !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { |
294 | 290 | if ((ret = ASN1_OBJECT_new()) == NULL) |
295 | 291 | return NULL; |
296 | } else | |
292 | } else { | |
297 | 293 | ret = (*a); |
294 | } | |
298 | 295 | |
299 | 296 | p = *pp; |
300 | 297 | /* detach data from object */ |
312 | 309 | ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; |
313 | 310 | } |
314 | 311 | memcpy(data, p, length); |
312 | /* If there are dynamic strings, free them here, and clear the flag */ | |
313 | if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) { | |
314 | OPENSSL_free((char *)ret->sn); | |
315 | OPENSSL_free((char *)ret->ln); | |
316 | ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; | |
317 | } | |
315 | 318 | /* reattach data to object, after which it remains const */ |
316 | 319 | ret->data = data; |
317 | 320 | ret->length = length; |
0 | 0 | /* |
1 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
279 | 279 | t.type = str->type; |
280 | 280 | t.value.ptr = (char *)str; |
281 | 281 | der_len = i2d_ASN1_TYPE(&t, NULL); |
282 | if (der_len <= 0) | |
283 | return -1; | |
282 | 284 | if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { |
283 | 285 | ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); |
284 | 286 | return -1; |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
291 | 291 | } |
292 | 292 | if ((size_t)str->length <= len || str->data == NULL) { |
293 | 293 | c = str->data; |
294 | #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
295 | /* No NUL terminator in fuzzing builds */ | |
296 | str->data = OPENSSL_realloc(c, len); | |
297 | #else | |
294 | 298 | str->data = OPENSSL_realloc(c, len + 1); |
299 | #endif | |
295 | 300 | if (str->data == NULL) { |
296 | 301 | ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); |
297 | 302 | str->data = c; |
301 | 306 | str->length = len; |
302 | 307 | if (data != NULL) { |
303 | 308 | memcpy(str->data, data, len); |
304 | /* an allowance for strings :-) */ | |
309 | #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION | |
310 | /* | |
311 | * Add a NUL terminator. This should not be necessary - but we add it as | |
312 | * a safety precaution | |
313 | */ | |
305 | 314 | str->data[len] = '\0'; |
315 | #endif | |
306 | 316 | } |
307 | 317 | return 1; |
308 | 318 | } |
0 | 0 | /* |
1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
137 | 137 | if (ctx == NULL) |
138 | 138 | return 0; |
139 | 139 | |
140 | if (ctx->prefix_free != NULL) | |
141 | ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); | |
142 | if (ctx->suffix_free != NULL) | |
143 | ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); | |
144 | ||
140 | 145 | OPENSSL_free(ctx->buf); |
141 | 146 | OPENSSL_free(ctx); |
142 | 147 | BIO_set_data(b, NULL); |
141 | 141 | |
142 | 142 | ndef_aux = *(NDEF_SUPPORT **)parg; |
143 | 143 | |
144 | if (ndef_aux == NULL) | |
145 | return 0; | |
146 | ||
144 | 147 | OPENSSL_free(ndef_aux->derbuf); |
145 | 148 | |
146 | 149 | ndef_aux->derbuf = NULL; |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
77 | 77 | * type |
78 | 78 | */ |
79 | 79 | |
80 | static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on) | |
81 | { | |
82 | const unsigned char *p = *pp; | |
83 | PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); | |
84 | EVP_PKEY *ret; | |
85 | ||
86 | if (p8 == NULL) | |
87 | return NULL; | |
88 | ||
89 | ret = EVP_PKCS82PKEY(p8); | |
90 | if (ret == NULL) | |
91 | *carry_on = 0; | |
92 | ||
93 | PKCS8_PRIV_KEY_INFO_free(p8); | |
94 | ||
95 | if (ret != NULL) | |
96 | *pp = p; | |
97 | ||
98 | return ret; | |
99 | } | |
100 | ||
80 | 101 | EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, |
81 | 102 | long length) |
82 | 103 | { |
83 | 104 | STACK_OF(ASN1_TYPE) *inkey; |
84 | 105 | const unsigned char *p; |
85 | 106 | int keytype; |
107 | EVP_PKEY *ret = NULL; | |
108 | int carry_on = 1; | |
109 | ||
110 | ERR_set_mark(); | |
111 | ret = key_as_pkcs8(pp, length, &carry_on); | |
112 | if (ret != NULL) { | |
113 | ERR_clear_last_mark(); | |
114 | if (a != NULL) | |
115 | *a = ret; | |
116 | return ret; | |
117 | } | |
118 | ||
119 | if (carry_on == 0) { | |
120 | ERR_clear_last_mark(); | |
121 | ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, | |
122 | ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); | |
123 | return NULL; | |
124 | } | |
86 | 125 | p = *pp; |
126 | ||
87 | 127 | /* |
88 | 128 | * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by |
89 | 129 | * analyzing it we can determine the passed structure: this assumes the |
99 | 139 | keytype = EVP_PKEY_DSA; |
100 | 140 | else if (sk_ASN1_TYPE_num(inkey) == 4) |
101 | 141 | keytype = EVP_PKEY_EC; |
102 | else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not | |
103 | * traditional format */ | |
104 | PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); | |
105 | EVP_PKEY *ret; | |
106 | ||
107 | sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); | |
108 | if (!p8) { | |
109 | ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, | |
110 | ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); | |
111 | return NULL; | |
112 | } | |
113 | ret = EVP_PKCS82PKEY(p8); | |
114 | PKCS8_PRIV_KEY_INFO_free(p8); | |
115 | if (ret == NULL) | |
116 | return NULL; | |
117 | *pp = p; | |
118 | if (a) { | |
119 | *a = ret; | |
120 | } | |
121 | return ret; | |
122 | } else | |
142 | else | |
123 | 143 | keytype = EVP_PKEY_RSA; |
124 | 144 | sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); |
125 | return d2i_PrivateKey(keytype, a, pp, length); | |
145 | ||
146 | ret = d2i_PrivateKey(keytype, a, pp, length); | |
147 | if (ret != NULL) | |
148 | ERR_pop_to_mark(); | |
149 | else | |
150 | ERR_clear_last_mark(); | |
151 | ||
152 | return ret; | |
126 | 153 | } |
0 | 0 | /* |
1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
37 | 37 | } |
38 | 38 | chal = spki->spkac->challenge; |
39 | 39 | if (chal->length) |
40 | BIO_printf(out, " Challenge String: %s\n", chal->data); | |
40 | BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); | |
41 | 41 | i = OBJ_obj2nid(spki->sig_algor.algorithm); |
42 | 42 | BIO_printf(out, " Signature Algorithm: %s", |
43 | 43 | (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); |
0 | 0 | /* |
1 | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
688 | 688 | hints.ai_protocol = protocol; |
689 | 689 | # ifdef AI_ADDRCONFIG |
690 | 690 | # ifdef AF_UNSPEC |
691 | if (family == AF_UNSPEC) | |
691 | if (host != NULL && family == AF_UNSPEC) | |
692 | 692 | # endif |
693 | 693 | hints.ai_flags |= AI_ADDRCONFIG; |
694 | 694 | # endif |
0 | 0 | /* |
1 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
242 | 242 | } |
243 | 243 | } |
244 | 244 | |
245 | # ifdef IPV6_V6ONLY | |
245 | /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */ | |
246 | # if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) | |
246 | 247 | if (BIO_ADDR_family(addr) == AF_INET6) { |
247 | 248 | /* |
248 | 249 | * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF. |
0 | 0 | /* |
1 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
267 | 267 | BIGNUM *tmp, *snum, *sdiv, *res; |
268 | 268 | BN_ULONG *resp, *wnum, *wnumtop; |
269 | 269 | BN_ULONG d0, d1; |
270 | int num_n, div_n; | |
270 | int num_n, div_n, num_neg; | |
271 | 271 | |
272 | 272 | assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); |
273 | 273 | |
325 | 325 | /* Setup quotient */ |
326 | 326 | if (!bn_wexpand(res, loop)) |
327 | 327 | goto err; |
328 | res->neg = (num->neg ^ divisor->neg); | |
328 | num_neg = num->neg; | |
329 | res->neg = (num_neg ^ divisor->neg); | |
329 | 330 | res->top = loop; |
330 | 331 | res->flags |= BN_FLG_FIXED_TOP; |
331 | 332 | resp = &(res->d[loop]); |
441 | 442 | *--resp = q; |
442 | 443 | } |
443 | 444 | /* snum holds remainder, it's as wide as divisor */ |
444 | snum->neg = num->neg; | |
445 | snum->neg = num_neg; | |
445 | 446 | snum->top = div_n; |
446 | 447 | snum->flags |= BN_FLG_FIXED_TOP; |
447 | 448 | if (rm != NULL) |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
470 | 470 | &por ($b,$t); |
471 | 471 | } |
472 | 472 | |
473 | my $xframe = $win64 ? 32+8 : 8; | |
473 | my $xframe = $win64 ? 160+8 : 8; | |
474 | 474 | |
475 | 475 | $code.=<<___; |
476 | 476 | .type ChaCha20_ssse3,\@function,5 |
2498 | 2498 | &vprold ($b,$b,7); |
2499 | 2499 | } |
2500 | 2500 | |
2501 | my $xframe = $win64 ? 32+8 : 8; | |
2501 | my $xframe = $win64 ? 160+8 : 8; | |
2502 | 2502 | |
2503 | 2503 | $code.=<<___; |
2504 | 2504 | .type ChaCha20_avx512,\@function,5 |
2514 | 2514 | sub \$64+$xframe,%rsp |
2515 | 2515 | ___ |
2516 | 2516 | $code.=<<___ if ($win64); |
2517 | movaps %xmm6,-0x28(%r9) | |
2518 | movaps %xmm7,-0x18(%r9) | |
2517 | movaps %xmm6,-0xa8(%r9) | |
2518 | movaps %xmm7,-0x98(%r9) | |
2519 | movaps %xmm8,-0x88(%r9) | |
2520 | movaps %xmm9,-0x78(%r9) | |
2521 | movaps %xmm10,-0x68(%r9) | |
2522 | movaps %xmm11,-0x58(%r9) | |
2523 | movaps %xmm12,-0x48(%r9) | |
2524 | movaps %xmm13,-0x38(%r9) | |
2525 | movaps %xmm14,-0x28(%r9) | |
2526 | movaps %xmm15,-0x18(%r9) | |
2519 | 2527 | .Lavx512_body: |
2520 | 2528 | ___ |
2521 | 2529 | $code.=<<___; |
2682 | 2690 | vzeroall |
2683 | 2691 | ___ |
2684 | 2692 | $code.=<<___ if ($win64); |
2685 | movaps -0x28(%r9),%xmm6 | |
2686 | movaps -0x18(%r9),%xmm7 | |
2693 | movaps -0xa8(%r9),%xmm6 | |
2694 | movaps -0x98(%r9),%xmm7 | |
2695 | movaps -0x88(%r9),%xmm8 | |
2696 | movaps -0x78(%r9),%xmm9 | |
2697 | movaps -0x68(%r9),%xmm10 | |
2698 | movaps -0x58(%r9),%xmm11 | |
2699 | movaps -0x48(%r9),%xmm12 | |
2700 | movaps -0x38(%r9),%xmm13 | |
2701 | movaps -0x28(%r9),%xmm14 | |
2702 | movaps -0x18(%r9),%xmm15 | |
2687 | 2703 | ___ |
2688 | 2704 | $code.=<<___; |
2689 | 2705 | lea (%r9),%rsp |
2710 | 2726 | sub \$64+$xframe,%rsp |
2711 | 2727 | ___ |
2712 | 2728 | $code.=<<___ if ($win64); |
2713 | movaps %xmm6,-0x28(%r9) | |
2714 | movaps %xmm7,-0x18(%r9) | |
2729 | movaps %xmm6,-0xa8(%r9) | |
2730 | movaps %xmm7,-0x98(%r9) | |
2731 | movaps %xmm8,-0x88(%r9) | |
2732 | movaps %xmm9,-0x78(%r9) | |
2733 | movaps %xmm10,-0x68(%r9) | |
2734 | movaps %xmm11,-0x58(%r9) | |
2735 | movaps %xmm12,-0x48(%r9) | |
2736 | movaps %xmm13,-0x38(%r9) | |
2737 | movaps %xmm14,-0x28(%r9) | |
2738 | movaps %xmm15,-0x18(%r9) | |
2715 | 2739 | .Lavx512vl_body: |
2716 | 2740 | ___ |
2717 | 2741 | $code.=<<___; |
2835 | 2859 | vzeroall |
2836 | 2860 | ___ |
2837 | 2861 | $code.=<<___ if ($win64); |
2838 | movaps -0x28(%r9),%xmm6 | |
2839 | movaps -0x18(%r9),%xmm7 | |
2862 | movaps -0xa8(%r9),%xmm6 | |
2863 | movaps -0x98(%r9),%xmm7 | |
2864 | movaps -0x88(%r9),%xmm8 | |
2865 | movaps -0x78(%r9),%xmm9 | |
2866 | movaps -0x68(%r9),%xmm10 | |
2867 | movaps -0x58(%r9),%xmm11 | |
2868 | movaps -0x48(%r9),%xmm12 | |
2869 | movaps -0x38(%r9),%xmm13 | |
2870 | movaps -0x28(%r9),%xmm14 | |
2871 | movaps -0x18(%r9),%xmm15 | |
2840 | 2872 | ___ |
2841 | 2873 | $code.=<<___; |
2842 | 2874 | lea (%r9),%rsp |
0 | 0 | /* |
1 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
48 | 48 | EVP_PKEY *pk; |
49 | 49 | int ret; |
50 | 50 | pk = EVP_PKEY_new(); |
51 | if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) | |
51 | if (pk == NULL) | |
52 | 52 | return 0; |
53 | ret = EVP_PKEY_print_private(bp, pk, off, NULL); | |
53 | ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); | |
54 | if (ret) | |
55 | ret = EVP_PKEY_print_private(bp, pk, off, NULL); | |
54 | 56 | EVP_PKEY_free(pk); |
55 | 57 | return ret; |
56 | 58 | } |
60 | 62 | EVP_PKEY *pk; |
61 | 63 | int ret; |
62 | 64 | pk = EVP_PKEY_new(); |
63 | if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) | |
65 | if (pk == NULL) | |
64 | 66 | return 0; |
65 | ret = EVP_PKEY_print_params(bp, pk, 4, NULL); | |
67 | ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); | |
68 | if (ret) | |
69 | ret = EVP_PKEY_print_params(bp, pk, 4, NULL); | |
66 | 70 | EVP_PKEY_free(pk); |
67 | 71 | return ret; |
68 | 72 | } |
0 | 0 | /* |
1 | * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
246 | 246 | ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); |
247 | 247 | return 0; |
248 | 248 | } |
249 | form = buf[0]; | |
250 | y_bit = form & 1; | |
251 | form = form & ~1U; | |
249 | ||
250 | /* | |
251 | * The first octet is the point converison octet PC, see X9.62, page 4 | |
252 | * and section 4.4.2. It must be: | |
253 | * 0x00 for the point at infinity | |
254 | * 0x02 or 0x03 for compressed form | |
255 | * 0x04 for uncompressed form | |
256 | * 0x06 or 0x07 for hybrid form. | |
257 | * For compressed or hybrid forms, we store the last bit of buf[0] as | |
258 | * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*. | |
259 | * We error if buf[0] contains any but the above values. | |
260 | */ | |
261 | y_bit = buf[0] & 1; | |
262 | form = buf[0] & ~1U; | |
263 | ||
252 | 264 | if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) |
253 | 265 | && (form != POINT_CONVERSION_UNCOMPRESSED) |
254 | 266 | && (form != POINT_CONVERSION_HYBRID)) { |
260 | 272 | return 0; |
261 | 273 | } |
262 | 274 | |
275 | /* The point at infinity is represented by a single zero octet. */ | |
263 | 276 | if (form == 0) { |
264 | 277 | if (len != 1) { |
265 | 278 | ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); |
311 | 324 | goto err; |
312 | 325 | } |
313 | 326 | if (form == POINT_CONVERSION_HYBRID) { |
314 | if (!group->meth->field_div(group, yxi, y, x, ctx)) | |
315 | goto err; | |
316 | if (y_bit != BN_is_odd(yxi)) { | |
317 | ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); | |
318 | goto err; | |
327 | /* | |
328 | * Check that the form in the encoding was set correctly | |
329 | * according to X9.62 4.4.2.a, 4(c), see also first paragraph | |
330 | * of X9.62, 4.4.1.b. | |
331 | */ | |
332 | if (BN_is_zero(x)) { | |
333 | if (y_bit != 0) { | |
334 | ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING); | |
335 | goto err; | |
336 | } | |
337 | } else { | |
338 | if (!group->meth->field_div(group, yxi, y, x, ctx)) | |
339 | goto err; | |
340 | if (y_bit != BN_is_odd(yxi)) { | |
341 | ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING); | |
342 | goto err; | |
343 | } | |
319 | 344 | } |
320 | 345 | } |
321 | 346 |
0 | 0 | /* |
1 | * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
760 | 760 | ret->seed_len = params->curve->seed->length; |
761 | 761 | } |
762 | 762 | |
763 | if (!params->order || !params->base || !params->base->data) { | |
763 | if (params->order == NULL | |
764 | || params->base == NULL | |
765 | || params->base->data == NULL | |
766 | || params->base->length == 0) { | |
764 | 767 | ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); |
765 | 768 | goto err; |
766 | 769 | } |
1159 | 1159 | SSL_F_FINAL_EMS:486:final_ems |
1160 | 1160 | SSL_F_FINAL_KEY_SHARE:503:final_key_share |
1161 | 1161 | SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen |
1162 | SSL_F_FINAL_PSK:639:final_psk | |
1162 | 1163 | SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate |
1163 | 1164 | SSL_F_FINAL_SERVER_NAME:558:final_server_name |
1164 | 1165 | SSL_F_FINAL_SIG_ALGS:497:final_sig_algs |
1651 | 1652 | X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING |
1652 | 1653 | X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER |
1653 | 1654 | X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS |
1655 | X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID | |
1654 | 1656 | X509V3_F_LEVEL_ADD_NODE:168:level_add_node |
1655 | 1657 | X509V3_F_NOTICE_SECTION:132:notice_section |
1656 | 1658 | X509V3_F_NREF_NOS:133:nref_nos |
1691 | 1693 | X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE |
1692 | 1694 | X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension |
1693 | 1695 | X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d |
1696 | X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value | |
1694 | 1697 | X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value |
1695 | 1698 | X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add |
1696 | 1699 | X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias |
2740 | 2743 | SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert |
2741 | 2744 | SSL_R_MISSING_FATAL:256:missing fatal |
2742 | 2745 | SSL_R_MISSING_PARAMETERS:290:missing parameters |
2746 | SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension | |
2743 | 2747 | SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate |
2744 | 2748 | SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert |
2745 | 2749 | SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert |
2783 | 2787 | SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback |
2784 | 2788 | SSL_R_NULL_SSL_CTX:195:null ssl ctx |
2785 | 2789 | SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed |
2790 | SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure | |
2786 | 2791 | SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned |
2787 | 2792 | SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ |
2788 | 2793 | old session compression algorithm not returned |
0 | 0 | /* |
1 | * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
610 | 610 | */ |
611 | 611 | void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, |
612 | 612 | size_t len, const AES_KEY *key, |
613 | unsigned char *ivec); | |
613 | unsigned char *ivec, int /*unused*/); | |
614 | 614 | void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, |
615 | 615 | size_t len, const AES_KEY *key, |
616 | unsigned char *ivec); | |
616 | unsigned char *ivec, int /*unused*/); | |
617 | 617 | void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, |
618 | 618 | size_t len, const AES_KEY *key, |
619 | unsigned char *ivec); | |
619 | unsigned char *ivec, int /*unused*/); | |
620 | 620 | void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, |
621 | 621 | size_t len, const AES_KEY *key, |
622 | unsigned char *ivec); | |
622 | unsigned char *ivec, int /*unused*/); | |
623 | 623 | void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, |
624 | 624 | size_t len, const AES_KEY *key, |
625 | unsigned char *ivec); | |
625 | unsigned char *ivec, int /*unused*/); | |
626 | 626 | void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, |
627 | 627 | size_t len, const AES_KEY *key, |
628 | unsigned char *ivec); | |
628 | unsigned char *ivec, int /*unused*/); | |
629 | 629 | void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, |
630 | 630 | size_t blocks, const AES_KEY *key, |
631 | 631 | unsigned char *ivec); |
1167 | 1167 | static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
1168 | 1168 | const unsigned char *iv, int enc); |
1169 | 1169 | |
1170 | # define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */ | |
1171 | # define S390X_aes_192_cbc_CAPABLE 1 | |
1172 | # define S390X_aes_256_cbc_CAPABLE 1 | |
1170 | # define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */ | |
1171 | # define S390X_aes_192_cbc_CAPABLE 0 | |
1172 | # define S390X_aes_256_cbc_CAPABLE 0 | |
1173 | 1173 | # define S390X_AES_CBC_CTX EVP_AES_KEY |
1174 | 1174 | |
1175 | 1175 | # define s390x_aes_cbc_init_key aes_init_key |
1189 | 1189 | S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); |
1190 | 1190 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); |
1191 | 1191 | |
1192 | cctx->fc = S390X_AES_FC(keylen); | |
1193 | if (!enc) | |
1194 | cctx->fc |= S390X_DECRYPT; | |
1195 | ||
1196 | memcpy(cctx->km.param.k, key, keylen); | |
1192 | cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); | |
1193 | ||
1194 | if (key != NULL) | |
1195 | memcpy(cctx->km.param.k, key, keylen); | |
1196 | ||
1197 | 1197 | return 1; |
1198 | 1198 | } |
1199 | 1199 | |
1221 | 1221 | const unsigned char *ivec, int enc) |
1222 | 1222 | { |
1223 | 1223 | S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); |
1224 | const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); | |
1224 | const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); | |
1225 | 1225 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); |
1226 | 1226 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); |
1227 | 1227 | |
1228 | memcpy(cctx->kmo.param.cv, iv, ivlen); | |
1229 | memcpy(cctx->kmo.param.k, key, keylen); | |
1230 | 1228 | cctx->fc = S390X_AES_FC(keylen); |
1229 | ||
1230 | if (key != NULL) | |
1231 | memcpy(cctx->kmo.param.k, key, keylen); | |
1232 | ||
1231 | 1233 | cctx->res = 0; |
1234 | memcpy(cctx->kmo.param.cv, oiv, ivlen); | |
1232 | 1235 | return 1; |
1233 | 1236 | } |
1234 | 1237 | |
1236 | 1239 | const unsigned char *in, size_t len) |
1237 | 1240 | { |
1238 | 1241 | S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); |
1242 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); | |
1243 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1239 | 1244 | int n = cctx->res; |
1240 | 1245 | int rem; |
1241 | 1246 | |
1247 | memcpy(cctx->kmo.param.cv, iv, ivlen); | |
1242 | 1248 | while (n && len) { |
1243 | 1249 | *out = *in ^ cctx->kmo.param.cv[n]; |
1244 | 1250 | n = (n + 1) & 0xf; |
1267 | 1273 | } |
1268 | 1274 | } |
1269 | 1275 | |
1276 | memcpy(iv, cctx->kmo.param.cv, ivlen); | |
1270 | 1277 | cctx->res = n; |
1271 | 1278 | return 1; |
1272 | 1279 | } |
1286 | 1293 | const unsigned char *ivec, int enc) |
1287 | 1294 | { |
1288 | 1295 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1289 | const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); | |
1296 | const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); | |
1290 | 1297 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); |
1291 | 1298 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); |
1292 | 1299 | |
1293 | cctx->fc = S390X_AES_FC(keylen); | |
1294 | cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ | |
1295 | if (!enc) | |
1296 | cctx->fc |= S390X_DECRYPT; | |
1300 | cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) | |
1301 | | (16 << 24); /* 16 bytes cipher feedback */ | |
1302 | ||
1303 | if (key != NULL) | |
1304 | memcpy(cctx->kmf.param.k, key, keylen); | |
1297 | 1305 | |
1298 | 1306 | cctx->res = 0; |
1299 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1300 | memcpy(cctx->kmf.param.k, key, keylen); | |
1307 | memcpy(cctx->kmf.param.cv, oiv, ivlen); | |
1301 | 1308 | return 1; |
1302 | 1309 | } |
1303 | 1310 | |
1307 | 1314 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1308 | 1315 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); |
1309 | 1316 | const int enc = EVP_CIPHER_CTX_encrypting(ctx); |
1317 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); | |
1318 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1310 | 1319 | int n = cctx->res; |
1311 | 1320 | int rem; |
1312 | 1321 | unsigned char tmp; |
1313 | 1322 | |
1323 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1314 | 1324 | while (n && len) { |
1315 | 1325 | tmp = *in; |
1316 | 1326 | *out = cctx->kmf.param.cv[n] ^ tmp; |
1343 | 1353 | } |
1344 | 1354 | } |
1345 | 1355 | |
1356 | memcpy(iv, cctx->kmf.param.cv, ivlen); | |
1346 | 1357 | cctx->res = n; |
1347 | 1358 | return 1; |
1348 | 1359 | } |
1359 | 1370 | const unsigned char *ivec, int enc) |
1360 | 1371 | { |
1361 | 1372 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1362 | const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx); | |
1373 | const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx); | |
1363 | 1374 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); |
1364 | 1375 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); |
1365 | 1376 | |
1366 | cctx->fc = S390X_AES_FC(keylen); | |
1367 | cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ | |
1368 | if (!enc) | |
1369 | cctx->fc |= S390X_DECRYPT; | |
1370 | ||
1371 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1372 | memcpy(cctx->kmf.param.k, key, keylen); | |
1377 | cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT) | |
1378 | | (1 << 24); /* 1 byte cipher feedback flag */ | |
1379 | ||
1380 | if (key != NULL) | |
1381 | memcpy(cctx->kmf.param.k, key, keylen); | |
1382 | ||
1383 | cctx->res = 0; | |
1384 | memcpy(cctx->kmf.param.cv, oiv, ivlen); | |
1373 | 1385 | return 1; |
1374 | 1386 | } |
1375 | 1387 | |
1377 | 1389 | const unsigned char *in, size_t len) |
1378 | 1390 | { |
1379 | 1391 | S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); |
1380 | ||
1392 | const int ivlen = EVP_CIPHER_CTX_iv_length(ctx); | |
1393 | unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); | |
1394 | ||
1395 | memcpy(cctx->kmf.param.cv, iv, ivlen); | |
1381 | 1396 | s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); |
1397 | memcpy(iv, cctx->kmf.param.cv, ivlen); | |
1382 | 1398 | return 1; |
1383 | 1399 | } |
1384 | 1400 | |
1392 | 1408 | static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
1393 | 1409 | const unsigned char *in, size_t len); |
1394 | 1410 | |
1395 | # define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */ | |
1396 | # define S390X_aes_192_ctr_CAPABLE 1 | |
1397 | # define S390X_aes_256_ctr_CAPABLE 1 | |
1411 | # define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */ | |
1412 | # define S390X_aes_192_ctr_CAPABLE 0 | |
1413 | # define S390X_aes_256_ctr_CAPABLE 0 | |
1398 | 1414 | # define S390X_AES_CTR_CTX EVP_AES_KEY |
1399 | 1415 | |
1400 | 1416 | # define s390x_aes_ctr_init_key aes_init_key |
1562 | 1578 | /*- |
1563 | 1579 | * Initialize context structure. Code is big-endian. |
1564 | 1580 | */ |
1565 | static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, | |
1566 | const unsigned char *iv) | |
1581 | static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx) | |
1567 | 1582 | { |
1568 | 1583 | ctx->kma.param.t.g[0] = 0; |
1569 | 1584 | ctx->kma.param.t.g[1] = 0; |
1574 | 1589 | ctx->kreslen = 0; |
1575 | 1590 | |
1576 | 1591 | if (ctx->ivlen == 12) { |
1577 | memcpy(&ctx->kma.param.j0, iv, ctx->ivlen); | |
1592 | memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen); | |
1578 | 1593 | ctx->kma.param.j0.w[3] = 1; |
1579 | 1594 | ctx->kma.param.cv.w = 1; |
1580 | 1595 | } else { |
1581 | 1596 | /* ctx->iv has the right size and is already padded. */ |
1582 | memcpy(ctx->iv, iv, ctx->ivlen); | |
1583 | 1597 | s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, |
1584 | 1598 | ctx->fc, &ctx->kma.param); |
1585 | 1599 | ctx->fc |= S390X_KMA_HS; |
1693 | 1707 | if (gctx->iv_gen == 0 || gctx->key_set == 0) |
1694 | 1708 | return 0; |
1695 | 1709 | |
1696 | s390x_aes_gcm_setiv(gctx, gctx->iv); | |
1710 | s390x_aes_gcm_setiv(gctx); | |
1697 | 1711 | |
1698 | 1712 | if (arg <= 0 || arg > gctx->ivlen) |
1699 | 1713 | arg = gctx->ivlen; |
1713 | 1727 | return 0; |
1714 | 1728 | |
1715 | 1729 | memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); |
1716 | s390x_aes_gcm_setiv(gctx, gctx->iv); | |
1730 | s390x_aes_gcm_setiv(gctx); | |
1717 | 1731 | gctx->iv_set = 1; |
1718 | 1732 | return 1; |
1719 | 1733 | |
1769 | 1783 | } |
1770 | 1784 | |
1771 | 1785 | /*- |
1772 | * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. | |
1786 | * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned. | |
1773 | 1787 | */ |
1774 | 1788 | static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, |
1775 | 1789 | const unsigned char *key, |
1776 | 1790 | const unsigned char *iv, int enc) |
1777 | 1791 | { |
1778 | 1792 | S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); |
1779 | int keylen; | |
1780 | ||
1781 | if (iv == NULL && key == NULL) | |
1782 | return 1; | |
1793 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); | |
1794 | ||
1795 | gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT); | |
1783 | 1796 | |
1784 | 1797 | if (key != NULL) { |
1785 | keylen = EVP_CIPHER_CTX_key_length(ctx); | |
1798 | gctx->fc &= ~S390X_KMA_HS; | |
1786 | 1799 | memcpy(&gctx->kma.param.k, key, keylen); |
1787 | ||
1788 | gctx->fc = S390X_AES_FC(keylen); | |
1789 | if (!enc) | |
1790 | gctx->fc |= S390X_DECRYPT; | |
1791 | ||
1792 | if (iv == NULL && gctx->iv_set) | |
1793 | iv = gctx->iv; | |
1794 | ||
1795 | if (iv != NULL) { | |
1796 | s390x_aes_gcm_setiv(gctx, iv); | |
1797 | gctx->iv_set = 1; | |
1798 | } | |
1799 | 1800 | gctx->key_set = 1; |
1800 | } else { | |
1801 | if (gctx->key_set) | |
1802 | s390x_aes_gcm_setiv(gctx, iv); | |
1803 | else | |
1804 | memcpy(gctx->iv, iv, gctx->ivlen); | |
1805 | ||
1801 | } | |
1802 | ||
1803 | if (iv != NULL) { | |
1804 | memcpy(gctx->iv, iv, gctx->ivlen); | |
1805 | gctx->iv_gen = 0; | |
1806 | 1806 | gctx->iv_set = 1; |
1807 | gctx->iv_gen = 0; | |
1808 | } | |
1807 | } | |
1808 | ||
1809 | if (gctx->key_set && gctx->iv_set) | |
1810 | s390x_aes_gcm_setiv(gctx); | |
1811 | ||
1812 | gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD); | |
1813 | gctx->areslen = 0; | |
1814 | gctx->mreslen = 0; | |
1815 | gctx->kreslen = 0; | |
1809 | 1816 | return 1; |
1810 | 1817 | } |
1811 | 1818 | |
1894 | 1901 | /* recall that we already did en-/decrypt gctx->mres |
1895 | 1902 | * and returned it to caller... */ |
1896 | 1903 | OPENSSL_cleanse(tmp, gctx->mreslen); |
1897 | gctx->iv_set = 0; | |
1898 | 1904 | |
1899 | 1905 | enc = EVP_CIPHER_CTX_encrypting(ctx); |
1900 | 1906 | if (enc) { |
1928 | 1934 | } |
1929 | 1935 | |
1930 | 1936 | # define S390X_AES_XTS_CTX EVP_AES_XTS_CTX |
1931 | # define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */ | |
1932 | # define S390X_aes_256_xts_CAPABLE 1 | |
1937 | # define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */ | |
1938 | # define S390X_aes_256_xts_CAPABLE 0 | |
1933 | 1939 | |
1934 | 1940 | # define s390x_aes_xts_init_key aes_xts_init_key |
1935 | 1941 | static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, |
2133 | 2139 | const unsigned char *in, size_t len) |
2134 | 2140 | { |
2135 | 2141 | S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); |
2136 | unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); | |
2142 | const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); | |
2137 | 2143 | unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); |
2138 | 2144 | const int enc = EVP_CIPHER_CTX_encrypting(ctx); |
2145 | unsigned char iv[EVP_MAX_IV_LENGTH]; | |
2139 | 2146 | |
2140 | 2147 | if (out != in |
2141 | 2148 | || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) |
2151 | 2158 | * Get explicit iv (sequence number). We already have fixed iv |
2152 | 2159 | * (server/client_write_iv) here. |
2153 | 2160 | */ |
2154 | memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); | |
2155 | s390x_aes_ccm_setiv(cctx, ivec, len); | |
2161 | memcpy(iv, ivec, sizeof(iv)); | |
2162 | memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); | |
2163 | s390x_aes_ccm_setiv(cctx, iv, len); | |
2156 | 2164 | |
2157 | 2165 | /* Process aad (sequence number|type|version|length) */ |
2158 | 2166 | s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); |
2179 | 2187 | } |
2180 | 2188 | |
2181 | 2189 | /*- |
2182 | * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is | |
2183 | * returned. | |
2190 | * Set key or iv or enc/dec. Returns 1 if successful. | |
2191 | * Otherwise 0 is returned. | |
2184 | 2192 | */ |
2185 | 2193 | static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, |
2186 | 2194 | const unsigned char *key, |
2187 | 2195 | const unsigned char *iv, int enc) |
2188 | 2196 | { |
2189 | 2197 | S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); |
2190 | unsigned char *ivec; | |
2191 | int keylen; | |
2192 | ||
2193 | if (iv == NULL && key == NULL) | |
2194 | return 1; | |
2198 | const int keylen = EVP_CIPHER_CTX_key_length(ctx); | |
2199 | unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx); | |
2200 | ||
2201 | cctx->aes.ccm.fc = S390X_AES_FC(keylen); | |
2195 | 2202 | |
2196 | 2203 | if (key != NULL) { |
2197 | keylen = EVP_CIPHER_CTX_key_length(ctx); | |
2198 | cctx->aes.ccm.fc = S390X_AES_FC(keylen); | |
2199 | 2204 | memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); |
2200 | ||
2201 | /* Store encoded m and l. */ | |
2202 | cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) | |
2203 | | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; | |
2204 | memset(cctx->aes.ccm.nonce.b + 1, 0, | |
2205 | sizeof(cctx->aes.ccm.nonce.b)); | |
2206 | cctx->aes.ccm.blocks = 0; | |
2207 | ||
2208 | 2205 | cctx->aes.ccm.key_set = 1; |
2209 | 2206 | } |
2210 | ||
2211 | 2207 | if (iv != NULL) { |
2212 | ivec = EVP_CIPHER_CTX_iv_noconst(ctx); | |
2213 | 2208 | memcpy(ivec, iv, 15 - cctx->aes.ccm.l); |
2214 | ||
2215 | 2209 | cctx->aes.ccm.iv_set = 1; |
2216 | 2210 | } |
2217 | 2211 | |
2212 | /* Store encoded m and l. */ | |
2213 | cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) | |
2214 | | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; | |
2215 | memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1); | |
2216 | ||
2217 | cctx->aes.ccm.blocks = 0; | |
2218 | cctx->aes.ccm.len_set = 0; | |
2218 | 2219 | return 1; |
2219 | 2220 | } |
2220 | 2221 | |
2229 | 2230 | { |
2230 | 2231 | S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); |
2231 | 2232 | const int enc = EVP_CIPHER_CTX_encrypting(ctx); |
2233 | const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx); | |
2234 | unsigned char *buf; | |
2232 | 2235 | int rv; |
2233 | unsigned char *buf, *ivec; | |
2234 | 2236 | |
2235 | 2237 | if (!cctx->aes.ccm.key_set) |
2236 | 2238 | return -1; |
2252 | 2254 | if (out == NULL) { |
2253 | 2255 | /* Update(): Pass message length. */ |
2254 | 2256 | if (in == NULL) { |
2255 | ivec = EVP_CIPHER_CTX_iv_noconst(ctx); | |
2256 | 2257 | s390x_aes_ccm_setiv(cctx, ivec, len); |
2257 | 2258 | |
2258 | 2259 | cctx->aes.ccm.len_set = 1; |
2278 | 2279 | * In case message length was not previously set explicitly via |
2279 | 2280 | * Update(), set it now. |
2280 | 2281 | */ |
2281 | ivec = EVP_CIPHER_CTX_iv_noconst(ctx); | |
2282 | 2282 | s390x_aes_ccm_setiv(cctx, ivec, len); |
2283 | 2283 | |
2284 | 2284 | cctx->aes.ccm.len_set = 1; |
2303 | 2303 | if (rv == -1) |
2304 | 2304 | OPENSSL_cleanse(out, len); |
2305 | 2305 | |
2306 | cctx->aes.ccm.iv_set = 0; | |
2307 | cctx->aes.ccm.tag_set = 0; | |
2308 | cctx->aes.ccm.len_set = 0; | |
2309 | 2306 | return rv; |
2310 | 2307 | } |
2311 | 2308 | } |
2413 | 2410 | return 0; |
2414 | 2411 | |
2415 | 2412 | memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); |
2416 | cctx->aes.ccm.tag_set = 0; | |
2417 | cctx->aes.ccm.iv_set = 0; | |
2418 | cctx->aes.ccm.len_set = 0; | |
2419 | 2413 | return 1; |
2420 | 2414 | |
2421 | 2415 | case EVP_CTRL_COPY: |
2452 | 2446 | nid##_##keylen##_##nmode,blocksize, \ |
2453 | 2447 | keylen / 8, \ |
2454 | 2448 | ivlen, \ |
2455 | flags | EVP_CIPH_##MODE##_MODE, \ | |
2449 | flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ | |
2456 | 2450 | s390x_aes_##mode##_init_key, \ |
2457 | 2451 | s390x_aes_##mode##_cipher, \ |
2458 | 2452 | NULL, \ |
2489 | 2483 | blocksize, \ |
2490 | 2484 | (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \ |
2491 | 2485 | ivlen, \ |
2492 | flags | EVP_CIPH_##MODE##_MODE, \ | |
2486 | flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \ | |
2493 | 2487 | s390x_aes_##mode##_init_key, \ |
2494 | 2488 | s390x_aes_##mode##_cipher, \ |
2495 | 2489 | s390x_aes_##mode##_cleanup, \ |
0 | 0 | /* |
1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
54 | 54 | |
55 | 55 | void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, |
56 | 56 | size_t len, const CAMELLIA_KEY *key, |
57 | unsigned char *ivec); | |
57 | unsigned char *ivec, int /*unused*/); | |
58 | 58 | void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, |
59 | 59 | size_t len, const CAMELLIA_KEY *key, |
60 | unsigned char *ivec); | |
60 | unsigned char *ivec, int /*unused*/); | |
61 | 61 | void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, |
62 | 62 | size_t len, const CAMELLIA_KEY *key, |
63 | unsigned char *ivec); | |
63 | unsigned char *ivec, int /*unused*/); | |
64 | 64 | void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out, |
65 | 65 | size_t len, const CAMELLIA_KEY *key, |
66 | unsigned char *ivec); | |
66 | unsigned char *ivec, int /*unused*/); | |
67 | 67 | void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out, |
68 | 68 | size_t blocks, const CAMELLIA_KEY *key, |
69 | 69 | unsigned char *ivec); |
0 | 0 | /* |
1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
46 | 46 | |
47 | 47 | static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
48 | 48 | { |
49 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); | |
49 | /* the ameth pub_cmp must return 1 on match, 0 on mismatch */ | |
50 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; | |
50 | 51 | } |
51 | 52 | |
52 | 53 | static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, |
0 | 0 | /* |
1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
100 | 100 | #endif |
101 | 101 | v = EVP_MD_block_size(md_type); |
102 | 102 | u = EVP_MD_size(md_type); |
103 | if (u < 0 || v <= 0) | |
103 | if (u <= 0 || v <= 0) | |
104 | 104 | goto err; |
105 | 105 | D = OPENSSL_malloc(v); |
106 | 106 | Ai = OPENSSL_malloc(u); |
0 | 0 | /* |
1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
42 | 42 | |
43 | 43 | static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
44 | 44 | { |
45 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); | |
45 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; | |
46 | 46 | } |
47 | 47 | |
48 | 48 | static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, |
210 | 210 | # if __GLIBC_PREREQ(2, 16) |
211 | 211 | # include <sys/auxv.h> |
212 | 212 | # define OSSL_IMPLEMENT_GETAUXVAL |
213 | # elif defined(__ANDROID_API__) | |
214 | /* see https://developer.android.google.cn/ndk/guides/cpu-features */ | |
215 | # if __ANDROID_API__ >= 18 | |
216 | # include <sys/auxv.h> | |
217 | # define OSSL_IMPLEMENT_GETAUXVAL | |
218 | # endif | |
213 | 219 | # endif |
214 | 220 | #endif |
215 | 221 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
32 | 32 | #endif |
33 | 33 | #if defined(__OpenBSD__) |
34 | 34 | # include <sys/param.h> |
35 | #endif | |
36 | #if defined(__APPLE__) | |
37 | # include <CommonCrypto/CommonRandom.h> | |
35 | 38 | #endif |
36 | 39 | |
37 | 40 | #if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) |
377 | 380 | if (errno != ENOSYS) |
378 | 381 | return -1; |
379 | 382 | } |
383 | # elif defined(__APPLE__) | |
384 | if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess) | |
385 | return (ssize_t)buflen; | |
386 | ||
387 | return -1; | |
380 | 388 | # else |
381 | 389 | union { |
382 | 390 | void *p; |
0 | 0 | /* |
1 | * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
33 | 33 | EVP_PKEY *pk; |
34 | 34 | int ret; |
35 | 35 | pk = EVP_PKEY_new(); |
36 | if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) | |
36 | if (pk == NULL) | |
37 | 37 | return 0; |
38 | ret = EVP_PKEY_print_private(bp, pk, off, NULL); | |
38 | ret = EVP_PKEY_set1_RSA(pk, (RSA *)x); | |
39 | if (ret) | |
40 | ret = EVP_PKEY_print_private(bp, pk, off, NULL); | |
39 | 41 | EVP_PKEY_free(pk); |
40 | 42 | return ret; |
41 | 43 | } |
0 | 0 | /* |
1 | * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
43 | 43 | |
44 | 44 | static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
45 | 45 | { |
46 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); | |
46 | return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0; | |
47 | 47 | } |
48 | 48 | |
49 | 49 | static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, |
0 | 0 | /* |
1 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2017 Ribose Inc. All Rights Reserved. |
3 | 3 | * Ported from Ribose contributions from Botan. |
4 | 4 | * |
60 | 60 | return field_size; |
61 | 61 | } |
62 | 62 | |
63 | int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, | |
64 | size_t *pt_size) | |
65 | { | |
66 | const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); | |
67 | const int md_size = EVP_MD_size(digest); | |
68 | size_t overhead; | |
69 | ||
70 | if (md_size < 0) { | |
71 | SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); | |
72 | return 0; | |
73 | } | |
74 | if (field_size == 0) { | |
75 | SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); | |
76 | return 0; | |
77 | } | |
78 | ||
79 | overhead = 10 + 2 * field_size + (size_t)md_size; | |
80 | if (msg_len <= overhead) { | |
63 | int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) | |
64 | { | |
65 | struct SM2_Ciphertext_st *sm2_ctext = NULL; | |
66 | ||
67 | sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); | |
68 | ||
69 | if (sm2_ctext == NULL) { | |
81 | 70 | SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); |
82 | 71 | return 0; |
83 | 72 | } |
84 | 73 | |
85 | *pt_size = msg_len - overhead; | |
74 | *pt_size = sm2_ctext->C2->length; | |
75 | SM2_Ciphertext_free(sm2_ctext); | |
76 | ||
86 | 77 | return 1; |
87 | 78 | } |
88 | 79 | |
302 | 293 | C2 = sm2_ctext->C2->data; |
303 | 294 | C3 = sm2_ctext->C3->data; |
304 | 295 | msg_len = sm2_ctext->C2->length; |
296 | if (*ptext_len < (size_t)msg_len) { | |
297 | SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL); | |
298 | goto done; | |
299 | } | |
305 | 300 | |
306 | 301 | ctx = BN_CTX_new(); |
307 | 302 | if (ctx == NULL) { |
0 | 0 | /* |
1 | * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
150 | 150 | const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; |
151 | 151 | |
152 | 152 | if (out == NULL) { |
153 | if (!sm2_plaintext_size(ec, md, inlen, outlen)) | |
153 | if (!sm2_plaintext_size(in, inlen, outlen)) | |
154 | 154 | return -1; |
155 | 155 | else |
156 | 156 | return 1; |
0 | 0 | /* |
1 | * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
15 | 15 | #include <unistd.h> |
16 | 16 | #include <openssl/bn.h> |
17 | 17 | #include "internal/cryptlib.h" |
18 | #include "bn/bn_local.h" /* for definition of bn_mul_mont */ | |
18 | 19 | |
19 | 20 | #include "sparc_arch.h" |
20 | 21 |
0 | 0 | /* |
1 | * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2004, EdelKey Project. All Rights Reserved. |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
683 | 683 | BIGNUM *x = NULL; |
684 | 684 | BN_CTX *bn_ctx = BN_CTX_new(); |
685 | 685 | unsigned char tmp2[MAX_LEN]; |
686 | BIGNUM *salttmp = NULL; | |
686 | BIGNUM *salttmp = NULL, *verif; | |
687 | 687 | |
688 | 688 | if ((user == NULL) || |
689 | 689 | (pass == NULL) || |
706 | 706 | if (x == NULL) |
707 | 707 | goto err; |
708 | 708 | |
709 | *verifier = BN_new(); | |
710 | if (*verifier == NULL) | |
711 | goto err; | |
712 | ||
713 | if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) { | |
714 | BN_clear_free(*verifier); | |
709 | verif = BN_new(); | |
710 | if (verif == NULL) | |
711 | goto err; | |
712 | ||
713 | if (!BN_mod_exp(verif, g, x, N, bn_ctx)) { | |
714 | BN_clear_free(verif); | |
715 | 715 | goto err; |
716 | 716 | } |
717 | 717 | |
718 | 718 | result = 1; |
719 | 719 | *salt = salttmp; |
720 | *verifier = verif; | |
720 | 721 | |
721 | 722 | err: |
722 | 723 | if (salt != NULL && *salt != salttmp) |
0 | 0 | /* |
1 | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
369 | 369 | mem->data = (char *)new_data; |
370 | 370 | mem->max = mem->length = (size_t)new_data_len; |
371 | 371 | X509_SIG_free(p8); |
372 | p8 = NULL; | |
372 | 373 | |
373 | 374 | store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); |
374 | 375 | if (store_info == NULL) { |
0 | 0 | /* |
1 | * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
611 | 611 | err: |
612 | 612 | EVP_MD_CTX_free(md_ctx); |
613 | 613 | X509_ALGOR_free(*md_alg); |
614 | *md_alg = NULL; | |
614 | 615 | OPENSSL_free(*imprint); |
615 | 616 | *imprint_len = 0; |
616 | 617 | *imprint = 0; |
0 | 0 | /* |
1 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
125 | 125 | goto err; |
126 | 126 | msg = imprint->hashed_msg; |
127 | 127 | ret->imprint_len = ASN1_STRING_length(msg); |
128 | if (ret->imprint_len <= 0) | |
129 | goto err; | |
128 | 130 | if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) |
129 | 131 | goto err; |
130 | 132 | memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); |
0 | 0 | /* |
1 | * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
35 | 35 | # include <sys/auxv.h> |
36 | 36 | # define OSSL_IMPLEMENT_GETAUXVAL |
37 | 37 | # endif |
38 | # elif defined(__ANDROID_API__) | |
39 | /* see https://developer.android.google.cn/ndk/guides/cpu-features */ | |
40 | # if __ANDROID_API__ >= 18 | |
41 | # include <sys/auxv.h> | |
42 | # define OSSL_IMPLEMENT_GETAUXVAL | |
43 | # endif | |
38 | 44 | # endif |
39 | 45 | |
40 | 46 | int OPENSSL_issetugid(void) |
0 | 0 | /* |
1 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
364 | 364 | BIO_puts(out, "\n"); |
365 | 365 | } else |
366 | 366 | BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); |
367 | alias = X509_alias_get0(x, NULL); | |
367 | alias = X509_alias_get0(x, &i); | |
368 | 368 | if (alias) |
369 | BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); | |
369 | BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias); | |
370 | 370 | keyid = X509_keyid_get0(x, &keyidlen); |
371 | 371 | if (keyid) { |
372 | 372 | BIO_printf(out, "%*sKey Id: ", indent, ""); |
0 | 0 | /* |
1 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
198 | 198 | return 0; |
199 | 199 | } |
200 | 200 | |
201 | /* Copy the host flags if and only if we're copying the host list */ | |
201 | x509_verify_param_copy(hostflags, 0); | |
202 | ||
202 | 203 | if (test_x509_verify_param_copy(hosts, NULL)) { |
203 | 204 | sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); |
204 | 205 | dest->hosts = NULL; |
207 | 208 | sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); |
208 | 209 | if (dest->hosts == NULL) |
209 | 210 | return 0; |
210 | dest->hostflags = src->hostflags; | |
211 | 211 | } |
212 | 212 | } |
213 | 213 |
0 | 0 | /* |
1 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
38 | 38 | STACK_OF(CONF_VALUE) |
39 | 39 | *extlist) |
40 | 40 | { |
41 | char *tmp; | |
41 | char *tmp = NULL; | |
42 | STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; | |
43 | ||
42 | 44 | if (akeyid->keyid) { |
43 | 45 | tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); |
44 | X509V3_add_value("keyid", tmp, &extlist); | |
46 | if (tmp == NULL) { | |
47 | X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); | |
48 | return NULL; | |
49 | } | |
50 | if (!X509V3_add_value("keyid", tmp, &extlist)) { | |
51 | OPENSSL_free(tmp); | |
52 | X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); | |
53 | goto err; | |
54 | } | |
45 | 55 | OPENSSL_free(tmp); |
46 | 56 | } |
47 | if (akeyid->issuer) | |
48 | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | |
57 | if (akeyid->issuer) { | |
58 | tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | |
59 | if (tmpextlist == NULL) { | |
60 | X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); | |
61 | goto err; | |
62 | } | |
63 | extlist = tmpextlist; | |
64 | } | |
49 | 65 | if (akeyid->serial) { |
50 | 66 | tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); |
51 | X509V3_add_value("serial", tmp, &extlist); | |
67 | if (tmp == NULL) { | |
68 | X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); | |
69 | goto err; | |
70 | } | |
71 | if (!X509V3_add_value("serial", tmp, &extlist)) { | |
72 | OPENSSL_free(tmp); | |
73 | X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB); | |
74 | goto err; | |
75 | } | |
52 | 76 | OPENSSL_free(tmp); |
53 | 77 | } |
54 | 78 | return extlist; |
79 | err: | |
80 | if (origextlist == NULL) | |
81 | sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); | |
82 | return NULL; | |
55 | 83 | } |
56 | 84 | |
57 | 85 | /*- |
0 | 0 | /* |
1 | * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
8 | 8 | |
9 | 9 | #include <stdio.h> |
10 | 10 | #include "internal/cryptlib.h" |
11 | #include "crypto/x509.h" | |
11 | 12 | #include <openssl/conf.h> |
12 | 13 | #include <openssl/x509v3.h> |
13 | 14 | #include "ext_dat.h" |
98 | 99 | break; |
99 | 100 | |
100 | 101 | case GEN_EMAIL: |
101 | if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) | |
102 | if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, | |
103 | gen->d.ia5->length, &ret)) | |
102 | 104 | return NULL; |
103 | 105 | break; |
104 | 106 | |
105 | 107 | case GEN_DNS: |
106 | if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) | |
108 | if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, | |
109 | gen->d.ia5->length, &ret)) | |
107 | 110 | return NULL; |
108 | 111 | break; |
109 | 112 | |
110 | 113 | case GEN_URI: |
111 | if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) | |
114 | if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, | |
115 | gen->d.ia5->length, &ret)) | |
112 | 116 | return NULL; |
113 | 117 | break; |
114 | 118 |
0 | 0 | /* |
1 | * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
421 | 421 | qualinfo = sk_POLICYQUALINFO_value(quals, i); |
422 | 422 | switch (OBJ_obj2nid(qualinfo->pqualid)) { |
423 | 423 | case NID_id_qt_cps: |
424 | BIO_printf(out, "%*sCPS: %s\n", indent, "", | |
424 | BIO_printf(out, "%*sCPS: %.*s\n", indent, "", | |
425 | qualinfo->d.cpsuri->length, | |
425 | 426 | qualinfo->d.cpsuri->data); |
426 | 427 | break; |
427 | 428 | |
446 | 447 | if (notice->noticeref) { |
447 | 448 | NOTICEREF *ref; |
448 | 449 | ref = notice->noticeref; |
449 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | |
450 | BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", | |
451 | ref->organization->length, | |
450 | 452 | ref->organization->data); |
451 | 453 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
452 | 454 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
469 | 471 | BIO_puts(out, "\n"); |
470 | 472 | } |
471 | 473 | if (notice->exptext) |
472 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", | |
474 | BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", | |
475 | notice->exptext->length, | |
473 | 476 | notice->exptext->data); |
474 | 477 | } |
475 | 478 |
0 | 0 | /* |
1 | * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
62 | 62 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) |
63 | 63 | IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) |
64 | 64 | |
65 | ||
66 | #define IA5_OFFSET_LEN(ia5base, offset) \ | |
67 | ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) | |
68 | ||
69 | /* Like memchr but for ASN1_IA5STRING. Additionally you can specify the | |
70 | * starting point to search from | |
71 | */ | |
72 | # define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) | |
73 | ||
74 | /* Like memrrchr but for ASN1_IA5STRING */ | |
75 | static char *ia5memrchr(ASN1_IA5STRING *str, int c) | |
76 | { | |
77 | int i; | |
78 | ||
79 | for (i = str->length; i > 0 && str->data[i - 1] != c; i--); | |
80 | ||
81 | if (i == 0) | |
82 | return NULL; | |
83 | ||
84 | return (char *)&str->data[i - 1]; | |
85 | } | |
86 | ||
65 | 87 | /* |
66 | * We cannot use strncasecmp here because that applies locale specific rules. | |
88 | * We cannot use strncasecmp here because that applies locale specific rules. It | |
89 | * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. | |
67 | 90 | * For example in Turkish 'I' is not the uppercase character for 'i'. We need to |
68 | 91 | * do a simple ASCII case comparison ignoring the locale (that is why we use |
69 | 92 | * numeric constants below). |
88 | 111 | |
89 | 112 | /* c1 > c2 */ |
90 | 113 | return 1; |
91 | } else if (*s1 == 0) { | |
92 | /* If we get here we know that *s2 == 0 too */ | |
93 | return 0; | |
94 | 114 | } |
95 | 115 | } |
96 | 116 | |
97 | 117 | return 0; |
98 | } | |
99 | ||
100 | static int ia5casecmp(const char *s1, const char *s2) | |
101 | { | |
102 | return ia5ncasecmp(s1, s2, SIZE_MAX); | |
103 | 118 | } |
104 | 119 | |
105 | 120 | static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, |
336 | 351 | --utf8_length; |
337 | 352 | |
338 | 353 | /* Reject *embedded* NULs */ |
339 | if ((size_t)utf8_length != strlen((char *)utf8_value)) { | |
354 | if (memchr(utf8_value, 0, utf8_length) != NULL) { | |
340 | 355 | OPENSSL_free(utf8_value); |
341 | 356 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
342 | 357 | } |
535 | 550 | { |
536 | 551 | char *baseptr = (char *)base->data; |
537 | 552 | char *dnsptr = (char *)dns->data; |
553 | ||
538 | 554 | /* Empty matches everything */ |
539 | if (!*baseptr) | |
555 | if (base->length == 0) | |
540 | 556 | return X509_V_OK; |
557 | ||
558 | if (dns->length < base->length) | |
559 | return X509_V_ERR_PERMITTED_VIOLATION; | |
560 | ||
541 | 561 | /* |
542 | 562 | * Otherwise can add zero or more components on the left so compare RHS |
543 | 563 | * and if dns is longer and expect '.' as preceding character. |
548 | 568 | return X509_V_ERR_PERMITTED_VIOLATION; |
549 | 569 | } |
550 | 570 | |
551 | if (ia5casecmp(baseptr, dnsptr)) | |
571 | if (ia5ncasecmp(baseptr, dnsptr, base->length)) | |
552 | 572 | return X509_V_ERR_PERMITTED_VIOLATION; |
553 | 573 | |
554 | 574 | return X509_V_OK; |
559 | 579 | { |
560 | 580 | const char *baseptr = (char *)base->data; |
561 | 581 | const char *emlptr = (char *)eml->data; |
562 | ||
563 | const char *baseat = strchr(baseptr, '@'); | |
564 | const char *emlat = strchr(emlptr, '@'); | |
582 | const char *baseat = ia5memrchr(base, '@'); | |
583 | const char *emlat = ia5memrchr(eml, '@'); | |
584 | size_t basehostlen, emlhostlen; | |
585 | ||
565 | 586 | if (!emlat) |
566 | 587 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
567 | 588 | /* Special case: initial '.' is RHS match */ |
568 | if (!baseat && (*baseptr == '.')) { | |
589 | if (!baseat && base->length > 0 && (*baseptr == '.')) { | |
569 | 590 | if (eml->length > base->length) { |
570 | 591 | emlptr += eml->length - base->length; |
571 | if (ia5casecmp(baseptr, emlptr) == 0) | |
592 | if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) | |
572 | 593 | return X509_V_OK; |
573 | 594 | } |
574 | 595 | return X509_V_ERR_PERMITTED_VIOLATION; |
588 | 609 | baseptr = baseat + 1; |
589 | 610 | } |
590 | 611 | emlptr = emlat + 1; |
612 | basehostlen = IA5_OFFSET_LEN(base, baseptr); | |
613 | emlhostlen = IA5_OFFSET_LEN(eml, emlptr); | |
591 | 614 | /* Just have hostname left to match: case insensitive */ |
592 | if (ia5casecmp(baseptr, emlptr)) | |
615 | if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) | |
593 | 616 | return X509_V_ERR_PERMITTED_VIOLATION; |
594 | 617 | |
595 | 618 | return X509_V_OK; |
600 | 623 | { |
601 | 624 | const char *baseptr = (char *)base->data; |
602 | 625 | const char *hostptr = (char *)uri->data; |
603 | const char *p = strchr(hostptr, ':'); | |
626 | const char *p = ia5memchr(uri, (char *)uri->data, ':'); | |
604 | 627 | int hostlen; |
628 | ||
605 | 629 | /* Check for foo:// and skip past it */ |
606 | if (!p || (p[1] != '/') || (p[2] != '/')) | |
630 | if (p == NULL | |
631 | || IA5_OFFSET_LEN(uri, p) < 3 | |
632 | || p[1] != '/' | |
633 | || p[2] != '/') | |
607 | 634 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
608 | 635 | hostptr = p + 3; |
609 | 636 | |
611 | 638 | |
612 | 639 | /* Look for a port indicator as end of hostname first */ |
613 | 640 | |
614 | p = strchr(hostptr, ':'); | |
641 | p = ia5memchr(uri, hostptr, ':'); | |
615 | 642 | /* Otherwise look for trailing slash */ |
616 | if (!p) | |
617 | p = strchr(hostptr, '/'); | |
618 | ||
619 | if (!p) | |
620 | hostlen = strlen(hostptr); | |
643 | if (p == NULL) | |
644 | p = ia5memchr(uri, hostptr, '/'); | |
645 | ||
646 | if (p == NULL) | |
647 | hostlen = IA5_OFFSET_LEN(uri, hostptr); | |
621 | 648 | else |
622 | 649 | hostlen = p - hostptr; |
623 | 650 | |
625 | 652 | return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; |
626 | 653 | |
627 | 654 | /* Special case: initial '.' is RHS match */ |
628 | if (*baseptr == '.') { | |
655 | if (base->length > 0 && *baseptr == '.') { | |
629 | 656 | if (hostlen > base->length) { |
630 | 657 | p = hostptr + hostlen - base->length; |
631 | 658 | if (ia5ncasecmp(p, baseptr, base->length) == 0) |
0 | 0 | /* |
1 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
76 | 76 | i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); |
77 | 77 | BIO_puts(out, "\n"); |
78 | 78 | if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) |
79 | BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", | |
79 | BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", | |
80 | pci->proxyPolicy->policy->length, | |
80 | 81 | pci->proxyPolicy->policy->data); |
81 | 82 | return 1; |
82 | 83 | } |
0 | 0 | /* |
1 | * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
11 | 11 | #include "e_os.h" |
12 | 12 | #include "internal/cryptlib.h" |
13 | 13 | #include <stdio.h> |
14 | #include <string.h> | |
14 | 15 | #include "crypto/ctype.h" |
15 | 16 | #include <openssl/conf.h> |
16 | 17 | #include <openssl/crypto.h> |
33 | 34 | |
34 | 35 | /* Add a CONF_VALUE name value pair to stack */ |
35 | 36 | |
36 | int X509V3_add_value(const char *name, const char *value, | |
37 | STACK_OF(CONF_VALUE) **extlist) | |
37 | static int x509v3_add_len_value(const char *name, const char *value, | |
38 | size_t vallen, STACK_OF(CONF_VALUE) **extlist) | |
38 | 39 | { |
39 | 40 | CONF_VALUE *vtmp = NULL; |
40 | 41 | char *tname = NULL, *tvalue = NULL; |
41 | 42 | int sk_allocated = (*extlist == NULL); |
42 | 43 | |
43 | if (name && (tname = OPENSSL_strdup(name)) == NULL) | |
44 | if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) | |
44 | 45 | goto err; |
45 | if (value && (tvalue = OPENSSL_strdup(value)) == NULL) | |
46 | goto err; | |
46 | if (value != NULL && vallen > 0) { | |
47 | /* | |
48 | * We tolerate a single trailing NUL character, but otherwise no | |
49 | * embedded NULs | |
50 | */ | |
51 | if (memchr(value, 0, vallen - 1) != NULL) | |
52 | goto err; | |
53 | tvalue = OPENSSL_strndup(value, vallen); | |
54 | if (tvalue == NULL) | |
55 | goto err; | |
56 | } | |
47 | 57 | if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) |
48 | 58 | goto err; |
49 | 59 | if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) |
55 | 65 | goto err; |
56 | 66 | return 1; |
57 | 67 | err: |
58 | X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); | |
68 | X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE); | |
59 | 69 | if (sk_allocated) { |
60 | 70 | sk_CONF_VALUE_free(*extlist); |
61 | 71 | *extlist = NULL; |
66 | 76 | return 0; |
67 | 77 | } |
68 | 78 | |
79 | int X509V3_add_value(const char *name, const char *value, | |
80 | STACK_OF(CONF_VALUE) **extlist) | |
81 | { | |
82 | return x509v3_add_len_value(name, value, | |
83 | value != NULL ? strlen((const char *)value) : 0, | |
84 | extlist); | |
85 | } | |
86 | ||
69 | 87 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, |
70 | 88 | STACK_OF(CONF_VALUE) **extlist) |
71 | 89 | { |
72 | return X509V3_add_value(name, (const char *)value, extlist); | |
90 | return x509v3_add_len_value(name, (const char *)value, | |
91 | value != NULL ? strlen((const char *)value) : 0, | |
92 | extlist); | |
93 | } | |
94 | ||
95 | int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, | |
96 | size_t vallen, STACK_OF(CONF_VALUE) **extlist) | |
97 | { | |
98 | return x509v3_add_len_value(name, (const char *)value, vallen, extlist); | |
73 | 99 | } |
74 | 100 | |
75 | 101 | /* Free function for STACK_OF(CONF_VALUE) */ |
501 | 527 | /* First some sanity checks */ |
502 | 528 | if (email->type != V_ASN1_IA5STRING) |
503 | 529 | return 1; |
504 | if (!email->data || !email->length) | |
530 | if (email->data == NULL || email->length == 0) | |
531 | return 1; | |
532 | if (memchr(email->data, 0, email->length) != NULL) | |
505 | 533 | return 1; |
506 | 534 | if (*sk == NULL) |
507 | 535 | *sk = sk_OPENSSL_STRING_new(sk_strcmp); |
508 | 536 | if (*sk == NULL) |
509 | 537 | return 0; |
538 | ||
539 | emtmp = OPENSSL_strndup((char *)email->data, email->length); | |
540 | if (emtmp == NULL) | |
541 | return 0; | |
542 | ||
510 | 543 | /* Don't add duplicates */ |
511 | if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) | |
544 | if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { | |
545 | OPENSSL_free(emtmp); | |
512 | 546 | return 1; |
513 | emtmp = OPENSSL_strdup((char *)email->data); | |
514 | if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { | |
515 | OPENSSL_free(emtmp); /* free on push failure */ | |
547 | } | |
548 | if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { | |
549 | OPENSSL_free(emtmp); /* free on push failure */ | |
516 | 550 | X509_email_free(*sk); |
517 | 551 | *sk = NULL; |
518 | 552 | return 0; |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
38 | 38 | "i2s_ASN1_INTEGER"}, |
39 | 39 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0), |
40 | 40 | "i2v_AUTHORITY_INFO_ACCESS"}, |
41 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0), | |
42 | "i2v_AUTHORITY_KEYID"}, | |
41 | 43 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"}, |
42 | 44 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"}, |
43 | 45 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"}, |
103 | 105 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0), |
104 | 106 | "v3_generic_extension"}, |
105 | 107 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"}, |
108 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0), | |
109 | "x509v3_add_len_value"}, | |
106 | 110 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0), |
107 | 111 | "X509V3_add_value"}, |
108 | 112 | {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"}, |
0 | 0 | /* |
1 | * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
93 | 93 | goto end; |
94 | 94 | } |
95 | 95 | |
96 | if (BIO_do_handshake(sbio) <= 0) { | |
97 | fprintf(stderr, "Error establishing SSL connection\n"); | |
98 | ERR_print_errors_fp(stderr); | |
99 | goto end; | |
100 | } | |
101 | ||
102 | 96 | /* Could examine ssl here to get connection info */ |
103 | 97 | |
104 | 98 | BIO_puts(sbio, "GET / HTTP/1.0\n\n"); |
0 | 0 | /* |
1 | * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
101 | 101 | goto end; |
102 | 102 | } |
103 | 103 | |
104 | if (BIO_do_handshake(sbio) <= 0) { | |
105 | fprintf(stderr, "Error establishing SSL connection\n"); | |
106 | ERR_print_errors_fp(stderr); | |
107 | goto end; | |
108 | } | |
109 | ||
110 | 104 | /* Could examine ssl here to get connection info */ |
111 | 105 | |
112 | 106 | BIO_puts(sbio, "GET / HTTP/1.0\n\n"); |
179 | 179 | |
180 | 180 | =item B<-z> |
181 | 181 | |
182 | Compress or decompress clear text using zlib before encryption or after | |
183 | decryption. This option exists only if OpenSSL with compiled with zlib | |
182 | Compress or decompress encrypted data using zlib after encryption or before | |
183 | decryption. This option exists only if OpenSSL was compiled with the zlib | |
184 | 184 | or zlib-dynamic option. |
185 | 185 | |
186 | 186 | =item B<-none> |
796 | 796 | |
797 | 797 | The B<s_client> utility is a test tool and is designed to continue the |
798 | 798 | handshake after any certificate verification errors. As a result it will |
799 | accept any certificate chain (trusted or not) sent by the peer. None test | |
799 | accept any certificate chain (trusted or not) sent by the peer. Non-test | |
800 | 800 | applications should B<not> do this as it makes them vulnerable to a MITM |
801 | 801 | attack. This behaviour can be changed by with the B<-verify_return_error> |
802 | 802 | option: any verify errors are then returned aborting the handshake. |
700 | 700 | |
701 | 701 | =item B<-alpn val>, B<-nextprotoneg val> |
702 | 702 | |
703 | These flags enable the Enable the Application-Layer Protocol Negotiation | |
703 | These flags enable the Application-Layer Protocol Negotiation | |
704 | 704 | or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the |
705 | 705 | IETF standard and replaces NPN. |
706 | 706 | The B<val> list is a comma-separated list of supported protocol |
181 | 181 | out = BIO_new_fp(stdout, BIO_NOCLOSE); |
182 | 182 | if (BIO_do_connect(sbio) <= 0) { |
183 | 183 | fprintf(stderr, "Error connecting to server\n"); |
184 | ERR_print_errors_fp(stderr); | |
185 | exit(1); | |
186 | } | |
187 | if (BIO_do_handshake(sbio) <= 0) { | |
188 | fprintf(stderr, "Error establishing SSL connection\n"); | |
189 | 184 | ERR_print_errors_fp(stderr); |
190 | 185 | exit(1); |
191 | 186 | } |
297 | 292 | |
298 | 293 | =head1 COPYRIGHT |
299 | 294 | |
300 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. | |
295 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. | |
301 | 296 | |
302 | 297 | Licensed under the OpenSSL license (the "License"). You may not use |
303 | 298 | this file except in compliance with the License. You can obtain a copy |
60 | 60 | by B<md1> and B<md2>, B<base64> encoded and written to B<f>. |
61 | 61 | |
62 | 62 | It should be noted that reading causes data to pass in the reverse |
63 | direction, that is data is read from B<f>, base64 B<decoded> and digested | |
64 | by B<md1> and B<md2>. If the call: | |
63 | direction, that is data is read from B<f>, B<base64> decoded and digested | |
64 | by B<md2> and B<md1>. If the call: | |
65 | 65 | |
66 | 66 | BIO_pop(md2); |
67 | 67 | |
78 | 78 | |
79 | 79 | =head1 COPYRIGHT |
80 | 80 | |
81 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. | |
81 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. | |
82 | 82 | |
83 | 83 | Licensed under the OpenSSL license (the "License"). You may not use |
84 | 84 | this file except in compliance with the License. You can obtain a copy |
1 | 1 | |
2 | 2 | =head1 NAME |
3 | 3 | |
4 | BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions | |
4 | BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions | |
5 | 5 | |
6 | 6 | =head1 SYNOPSIS |
7 | 7 | |
8 | 8 | #include <openssl/bn.h> |
9 | 9 | |
10 | int BN_cmp(BIGNUM *a, BIGNUM *b); | |
11 | int BN_ucmp(BIGNUM *a, BIGNUM *b); | |
10 | int BN_cmp(const BIGNUM *a, const BIGNUM *b); | |
11 | int BN_ucmp(const BIGNUM *a, const BIGNUM *b); | |
12 | 12 | |
13 | int BN_is_zero(BIGNUM *a); | |
14 | int BN_is_one(BIGNUM *a); | |
15 | int BN_is_word(BIGNUM *a, BN_ULONG w); | |
16 | int BN_is_odd(BIGNUM *a); | |
13 | int BN_is_zero(const BIGNUM *a); | |
14 | int BN_is_one(const BIGNUM *a); | |
15 | int BN_is_word(const BIGNUM *a, const BN_ULONG w); | |
16 | int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); | |
17 | int BN_is_odd(const BIGNUM *a); | |
17 | 18 | |
18 | 19 | =head1 DESCRIPTION |
19 | 20 | |
20 | BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their | |
21 | BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their | |
21 | 22 | absolute values. |
22 | 23 | |
23 | BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1, | |
24 | or B<w> respectively. BN_is_odd() tests if a is odd. | |
25 | ||
26 | BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros. | |
24 | BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if | |
25 | I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively. | |
26 | BN_is_odd() tests if I<a> is odd. | |
27 | 27 | |
28 | 28 | =head1 RETURN VALUES |
29 | 29 | |
30 | BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if | |
31 | B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values | |
32 | of B<a> and B<b>. | |
30 | BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if | |
31 | I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values | |
32 | of I<a> and I<b>. | |
33 | 33 | |
34 | BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if | |
35 | the condition is true, 0 otherwise. | |
34 | BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and | |
35 | BN_is_odd() return 1 if the condition is true, 0 otherwise. | |
36 | ||
37 | =head1 HISTORY | |
38 | ||
39 | Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(), | |
40 | BN_abs_is_word() and BN_is_odd() were macros. | |
36 | 41 | |
37 | 42 | =head1 COPYRIGHT |
38 | 43 | |
39 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. | |
44 | Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. | |
40 | 45 | |
41 | 46 | Licensed under the OpenSSL license (the "License"). You may not use |
42 | 47 | this file except in compliance with the License. You can obtain a copy |
41 | 41 | |
42 | 42 | =head1 NOTES |
43 | 43 | |
44 | All the functions that operate on data in memory update the data pointer I<*pp> | |
45 | after a successful operation, just like the other d2i and i2d functions; | |
46 | see L<d2i_X509(3)>. | |
47 | ||
44 | 48 | All these functions use DER format and unencrypted keys. Applications wishing |
45 | 49 | to encrypt or decrypt private keys should use other functions such as |
46 | 50 | d2i_PKCS8PrivateKey() instead. |
70 | 74 | |
71 | 75 | =head1 COPYRIGHT |
72 | 76 | |
73 | Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. | |
77 | Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
74 | 78 | |
75 | 79 | Licensed under the OpenSSL license (the "License"). You may not use |
76 | 80 | this file except in compliance with the License. You can obtain a copy |
10 | 10 | =head1 DESCRIPTION |
11 | 11 | |
12 | 12 | An X.509 certificate is a structured grouping of information about |
13 | an individual, a device, or anything one can imagine. A X.509 CRL | |
13 | an individual, a device, or anything one can imagine. An X.509 CRL | |
14 | 14 | (certificate revocation list) is a tool to help determine if a |
15 | 15 | certificate is still valid. The exact definition of those can be |
16 | 16 | found in the X.509 document from ITU-T, or in RFC3280 from PKIX. |
23 | 23 | |
24 | 24 | To handle some complex parts of a certificate, there are the types |
25 | 25 | X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express |
26 | a certificate attributes), X509_EXTENSION (to express a certificate | |
26 | a certificate attribute), X509_EXTENSION (to express a certificate | |
27 | 27 | extension) and a few more. |
28 | 28 | |
29 | 29 | Finally, there's the supertype X509_INFO, which can contain a CRL, a |
62 | 62 | |
63 | 63 | =head1 COPYRIGHT |
64 | 64 | |
65 | Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. | |
65 | Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. | |
66 | 66 | |
67 | 67 | Licensed under the OpenSSL license (the "License"). You may not use |
68 | 68 | this file except in compliance with the License. You can obtain a copy |
0 | 0 | /* |
1 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright 2017 Ribose Inc. All Rights Reserved. |
3 | 3 | * Ported from Ribose contributions from Botan. |
4 | 4 | * |
59 | 59 | int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, |
60 | 60 | size_t *ct_size); |
61 | 61 | |
62 | int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, | |
63 | size_t *pt_size); | |
62 | int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); | |
64 | 63 | |
65 | 64 | int sm2_encrypt(const EC_KEY *key, |
66 | 65 | const EVP_MD *digest, |
0 | 0 | /* |
1 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
7 | 7 | */ |
8 | 8 | |
9 | 9 | #include "internal/refcount.h" |
10 | #include <openssl/x509.h> | |
11 | #include <openssl/conf.h> | |
10 | 12 | |
11 | 13 | /* Internal X509 structures and functions: not for application use */ |
12 | 14 | |
283 | 285 | int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); |
284 | 286 | |
285 | 287 | void x509_init_sig_info(X509 *x); |
288 | ||
289 | int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, | |
290 | size_t vallen, STACK_OF(CONF_VALUE) **extlist); |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
278 | 278 | # define ossl_inline inline |
279 | 279 | # endif |
280 | 280 | |
281 | # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L | |
281 | # if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \ | |
282 | !defined(__cplusplus) | |
282 | 283 | # define ossl_noreturn _Noreturn |
283 | 284 | # elif defined(__GNUC__) && __GNUC__ >= 2 |
284 | 285 | # define ossl_noreturn __attribute__((noreturn)) |
38 | 38 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for |
39 | 39 | * major minor fix final patch/beta) |
40 | 40 | */ |
41 | # define OPENSSL_VERSION_NUMBER 0x101010bfL | |
42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021" | |
41 | # define OPENSSL_VERSION_NUMBER 0x101010cfL | |
42 | # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021" | |
43 | 43 | |
44 | 44 | /*- |
45 | 45 | * The macros below are to be used for shared library (.so, .dll, ...) |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
69 | 69 | # define SSL_F_FINAL_EMS 486 |
70 | 70 | # define SSL_F_FINAL_KEY_SHARE 503 |
71 | 71 | # define SSL_F_FINAL_MAXFRAGMENTLEN 557 |
72 | # define SSL_F_FINAL_PSK 639 | |
72 | 73 | # define SSL_F_FINAL_RENEGOTIATE 483 |
73 | 74 | # define SSL_F_FINAL_SERVER_NAME 558 |
74 | 75 | # define SSL_F_FINAL_SIG_ALGS 497 |
591 | 592 | # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 |
592 | 593 | # define SSL_R_MISSING_FATAL 256 |
593 | 594 | # define SSL_R_MISSING_PARAMETERS 290 |
595 | # define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 | |
594 | 596 | # define SSL_R_MISSING_RSA_CERTIFICATE 168 |
595 | 597 | # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 |
596 | 598 | # define SSL_R_MISSING_RSA_SIGNING_CERT 170 |
632 | 634 | # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 |
633 | 635 | # define SSL_R_NULL_SSL_CTX 195 |
634 | 636 | # define SSL_R_NULL_SSL_METHOD_PASSED 196 |
637 | # define SSL_R_OCSP_CALLBACK_FAILURE 294 | |
635 | 638 | # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 |
636 | 639 | # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 |
637 | 640 | # define SSL_R_OVERFLOW_ERROR 237 |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
37 | 37 | # define X509V3_F_I2S_ASN1_IA5STRING 149 |
38 | 38 | # define X509V3_F_I2S_ASN1_INTEGER 120 |
39 | 39 | # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 |
40 | # define X509V3_F_I2V_AUTHORITY_KEYID 173 | |
40 | 41 | # define X509V3_F_LEVEL_ADD_NODE 168 |
41 | 42 | # define X509V3_F_NOTICE_SECTION 132 |
42 | 43 | # define X509V3_F_NREF_NOS 133 |
77 | 78 | # define X509V3_F_V2I_TLS_FEATURE 165 |
78 | 79 | # define X509V3_F_V3_GENERIC_EXTENSION 116 |
79 | 80 | # define X509V3_F_X509V3_ADD1_I2D 140 |
81 | # define X509V3_F_X509V3_ADD_LEN_VALUE 174 | |
80 | 82 | # define X509V3_F_X509V3_ADD_VALUE 105 |
81 | 83 | # define X509V3_F_X509V3_EXT_ADD 104 |
82 | 84 | # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
450 | 450 | goto err; |
451 | 451 | return ret; |
452 | 452 | err: |
453 | BIO_free(ssl); | |
453 | 454 | BIO_free(con); |
454 | 455 | #endif |
455 | 456 | return NULL; |
341 | 341 | return 1; |
342 | 342 | } |
343 | 343 | |
344 | void dtls1_double_timeout(SSL *s) | |
344 | static void dtls1_double_timeout(SSL *s) | |
345 | 345 | { |
346 | 346 | s->d1->timeout_duration_us *= 2; |
347 | 347 | if (s->d1->timeout_duration_us > 60000000) |
348 | 348 | s->d1->timeout_duration_us = 60000000; |
349 | dtls1_start_timer(s); | |
350 | 349 | } |
351 | 350 | |
352 | 351 | void dtls1_stop_timer(SSL *s) |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
171 | 171 | /* |
172 | 172 | * If extend == 0, obtain new n-byte packet; if extend == 1, increase |
173 | 173 | * packet by another n bytes. The packet will be in the sub-array of |
174 | * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If | |
175 | * s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus | |
176 | * s->packet_length bytes if extend == 1].) | |
174 | * s->rlayer.rbuf.buf specified by s->rlayer.packet and | |
175 | * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may | |
176 | * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].) | |
177 | 177 | * if clearold == 1, move the packet to the start of the buffer; if |
178 | 178 | * clearold == 0 then leave any old packets where they were |
179 | 179 | */ |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
73 | 73 | b->len = len; |
74 | 74 | } |
75 | 75 | |
76 | RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0])); | |
77 | 76 | return 1; |
78 | 77 | } |
79 | 78 |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
404 | 404 | more = thisrr->length; |
405 | 405 | } |
406 | 406 | if (more > 0) { |
407 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ | |
407 | /* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */ | |
408 | 408 | |
409 | 409 | rret = ssl3_read_n(s, more, more, 1, 0, &n); |
410 | 410 | if (rret <= 0) |
415 | 415 | RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER); |
416 | 416 | |
417 | 417 | /* |
418 | * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH | |
419 | * + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH | |
420 | * + thisrr->length and we have that many bytes in s->packet | |
418 | * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH | |
419 | * + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH | |
420 | * + thisrr->length and we have that many bytes in s->rlayer.packet | |
421 | 421 | */ |
422 | 422 | if (thisrr->rec_version == SSL2_VERSION) { |
423 | 423 | thisrr->input = |
428 | 428 | } |
429 | 429 | |
430 | 430 | /* |
431 | * ok, we can now read from 's->packet' data into 'thisrr' thisrr->input | |
432 | * points at thisrr->length bytes, which need to be copied into | |
433 | * thisrr->data by either the decryption or by the decompression When | |
434 | * the data is 'copied' into the thisrr->data buffer, thisrr->input will | |
435 | * be pointed at the new buffer | |
431 | * ok, we can now read from 's->rlayer.packet' data into 'thisrr'. | |
432 | * thisrr->input points at thisrr->length bytes, which need to be copied | |
433 | * into thisrr->data by either the decryption or by the decompression. | |
434 | * When the data is 'copied' into the thisrr->data buffer, | |
435 | * thisrr->input will be updated to point at the new buffer | |
436 | 436 | */ |
437 | 437 | |
438 | 438 | /* |
1615 | 1615 | sess = s->session; |
1616 | 1616 | |
1617 | 1617 | /* |
1618 | * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | |
1619 | * and we have that many bytes in s->packet | |
1618 | * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | |
1619 | * and we have that many bytes in s->rlayer.packet | |
1620 | 1620 | */ |
1621 | 1621 | rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]); |
1622 | 1622 | |
1623 | 1623 | /* |
1624 | * ok, we can now read from 's->packet' data into 'rr' rr->input points | |
1625 | * at rr->length bytes, which need to be copied into rr->data by either | |
1626 | * the decryption or by the decompression When the data is 'copied' into | |
1627 | * the rr->data buffer, rr->input will be pointed at the new buffer | |
1624 | * ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input | |
1625 | * points at rr->length bytes, which need to be copied into rr->data by | |
1626 | * either the decryption or by the decompression. When the data is 'copied' | |
1627 | * into the rr->data buffer, rr->input will be pointed at the new buffer | |
1628 | 1628 | */ |
1629 | 1629 | |
1630 | 1630 | /* |
1946 | 1946 | |
1947 | 1947 | if (rr->length > |
1948 | 1948 | RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) { |
1949 | /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ | |
1949 | /* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */ | |
1950 | 1950 | more = rr->length; |
1951 | 1951 | rret = ssl3_read_n(s, more, more, 1, 1, &n); |
1952 | 1952 | /* this packet contained a partial record, dump it */ |
1962 | 1962 | } |
1963 | 1963 | |
1964 | 1964 | /* |
1965 | * now n == rr->length, and s->packet_length == | |
1965 | * now n == rr->length, and s->rlayer.packet_length == | |
1966 | 1966 | * DTLS1_RT_HEADER_LENGTH + rr->length |
1967 | 1967 | */ |
1968 | 1968 | } |
0 | 0 | /* |
1 | * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
46 | 46 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have |
47 | 47 | * protocol_version alerts */ |
48 | 48 | if (desc < 0) |
49 | return -1; | |
50 | if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) | |
49 | 51 | return -1; |
50 | 52 | /* If a fatal one, remove from cache */ |
51 | 53 | if ((level == SSL3_AL_FATAL) && (s->session != NULL)) |
0 | 0 | /* |
1 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
875 | 875 | return 1; |
876 | 876 | } |
877 | 877 | |
878 | int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp) | |
879 | { | |
880 | int level; | |
881 | static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 }; | |
882 | ||
883 | if (ctx != NULL) | |
884 | level = SSL_CTX_get_security_level(ctx); | |
885 | else | |
886 | level = SSL_get_security_level(s); | |
887 | ||
888 | if (level > 5) | |
889 | level = 5; | |
890 | else if (level < 0) | |
891 | level = 0; | |
892 | ||
893 | if (levelp != NULL) | |
894 | *levelp = level; | |
895 | ||
896 | return minbits_table[level]; | |
897 | } | |
898 | ||
878 | 899 | static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, |
879 | 900 | int op, int bits, int nid, void *other, |
880 | 901 | void *ex) |
881 | 902 | { |
882 | 903 | int level, minbits; |
883 | static const int minbits_table[5] = { 80, 112, 128, 192, 256 }; | |
884 | if (ctx) | |
885 | level = SSL_CTX_get_security_level(ctx); | |
886 | else | |
887 | level = SSL_get_security_level(s); | |
888 | ||
889 | if (level <= 0) { | |
904 | ||
905 | minbits = ssl_get_security_level_bits(s, ctx, &level); | |
906 | ||
907 | if (level == 0) { | |
890 | 908 | /* |
891 | 909 | * No EDH keys weaker than 1024-bits even at level 0, otherwise, |
892 | 910 | * anything goes. |
895 | 913 | return 0; |
896 | 914 | return 1; |
897 | 915 | } |
898 | if (level > 5) | |
899 | level = 5; | |
900 | minbits = minbits_table[level - 1]; | |
901 | 916 | switch (op) { |
902 | 917 | case SSL_SECOP_CIPHER_SUPPORTED: |
903 | 918 | case SSL_SECOP_CIPHER_SHARED: |
0 | 0 | /* |
1 | 1 | * Generated by util/mkerr.pl DO NOT EDIT |
2 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | 5 | * this file except in compliance with the License. You can obtain a copy |
84 | 84 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"}, |
85 | 85 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0), |
86 | 86 | "final_maxfragmentlen"}, |
87 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"}, | |
87 | 88 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"}, |
88 | 89 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"}, |
89 | 90 | {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"}, |
947 | 948 | "missing ecdsa signing cert"}, |
948 | 949 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"}, |
949 | 950 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, |
951 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), | |
952 | "missing psk kex modes extension"}, | |
950 | 953 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), |
951 | 954 | "missing rsa certificate"}, |
952 | 955 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), |
1017 | 1020 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"}, |
1018 | 1021 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED), |
1019 | 1022 | "null ssl method passed"}, |
1023 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE), | |
1024 | "ocsp callback failure"}, | |
1020 | 1025 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), |
1021 | 1026 | "old session cipher not returned"}, |
1022 | 1027 | {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), |
2118 | 2118 | return 0; |
2119 | 2119 | } |
2120 | 2120 | |
2121 | if (RECORD_LAYER_write_pending(&s->rlayer)) { | |
2122 | SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY); | |
2123 | return 0; | |
2124 | } | |
2125 | ||
2121 | 2126 | ossl_statem_set_in_init(s, 1); |
2122 | 2127 | s->key_update = updatetype; |
2123 | 2128 | return 1; |
2828 | 2833 | } |
2829 | 2834 | #endif |
2830 | 2835 | |
2836 | static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len) | |
2837 | { | |
2838 | unsigned int idx; | |
2839 | ||
2840 | if (protos_len < 2 || protos == NULL) | |
2841 | return 0; | |
2842 | ||
2843 | for (idx = 0; idx < protos_len; idx += protos[idx] + 1) { | |
2844 | if (protos[idx] == 0) | |
2845 | return 0; | |
2846 | } | |
2847 | return idx == protos_len; | |
2848 | } | |
2831 | 2849 | /* |
2832 | 2850 | * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. |
2833 | 2851 | * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit |
2836 | 2854 | int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, |
2837 | 2855 | unsigned int protos_len) |
2838 | 2856 | { |
2839 | OPENSSL_free(ctx->ext.alpn); | |
2840 | ctx->ext.alpn = OPENSSL_memdup(protos, protos_len); | |
2841 | if (ctx->ext.alpn == NULL) { | |
2857 | unsigned char *alpn; | |
2858 | ||
2859 | if (protos_len == 0 || protos == NULL) { | |
2860 | OPENSSL_free(ctx->ext.alpn); | |
2861 | ctx->ext.alpn = NULL; | |
2842 | 2862 | ctx->ext.alpn_len = 0; |
2863 | return 0; | |
2864 | } | |
2865 | /* Not valid per RFC */ | |
2866 | if (!alpn_value_ok(protos, protos_len)) | |
2867 | return 1; | |
2868 | ||
2869 | alpn = OPENSSL_memdup(protos, protos_len); | |
2870 | if (alpn == NULL) { | |
2843 | 2871 | SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); |
2844 | 2872 | return 1; |
2845 | 2873 | } |
2874 | OPENSSL_free(ctx->ext.alpn); | |
2875 | ctx->ext.alpn = alpn; | |
2846 | 2876 | ctx->ext.alpn_len = protos_len; |
2847 | 2877 | |
2848 | 2878 | return 0; |
2856 | 2886 | int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, |
2857 | 2887 | unsigned int protos_len) |
2858 | 2888 | { |
2859 | OPENSSL_free(ssl->ext.alpn); | |
2860 | ssl->ext.alpn = OPENSSL_memdup(protos, protos_len); | |
2861 | if (ssl->ext.alpn == NULL) { | |
2889 | unsigned char *alpn; | |
2890 | ||
2891 | if (protos_len == 0 || protos == NULL) { | |
2892 | OPENSSL_free(ssl->ext.alpn); | |
2893 | ssl->ext.alpn = NULL; | |
2862 | 2894 | ssl->ext.alpn_len = 0; |
2895 | return 0; | |
2896 | } | |
2897 | /* Not valid per RFC */ | |
2898 | if (!alpn_value_ok(protos, protos_len)) | |
2899 | return 1; | |
2900 | ||
2901 | alpn = OPENSSL_memdup(protos, protos_len); | |
2902 | if (alpn == NULL) { | |
2863 | 2903 | SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE); |
2864 | 2904 | return 1; |
2865 | 2905 | } |
2906 | OPENSSL_free(ssl->ext.alpn); | |
2907 | ssl->ext.alpn = alpn; | |
2866 | 2908 | ssl->ext.alpn_len = protos_len; |
2867 | 2909 | |
2868 | 2910 | return 0; |
4519 | 4561 | } |
4520 | 4562 | |
4521 | 4563 | ctx = EVP_MD_CTX_new(); |
4522 | if (ctx == NULL) | |
4564 | if (ctx == NULL) { | |
4565 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH, | |
4566 | ERR_R_INTERNAL_ERROR); | |
4523 | 4567 | goto err; |
4568 | } | |
4524 | 4569 | |
4525 | 4570 | if (!EVP_MD_CTX_copy_ex(ctx, hdgst) |
4526 | 4571 | || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) { |
2304 | 2304 | __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); |
2305 | 2305 | __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, |
2306 | 2306 | void *other); |
2307 | int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp); | |
2307 | 2308 | |
2308 | 2309 | __owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); |
2309 | 2310 | __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, |
2425 | 2426 | void dtls1_start_timer(SSL *s); |
2426 | 2427 | void dtls1_stop_timer(SSL *s); |
2427 | 2428 | __owur int dtls1_is_timer_expired(SSL *s); |
2428 | void dtls1_double_timeout(SSL *s); | |
2429 | 2429 | __owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie, |
2430 | 2430 | size_t cookie_len); |
2431 | 2431 | __owur size_t dtls1_min_mtu(SSL *s); |
17 | 17 | static int init_server_name(SSL *s, unsigned int context); |
18 | 18 | static int final_server_name(SSL *s, unsigned int context, int sent); |
19 | 19 | #ifndef OPENSSL_NO_EC |
20 | static int init_ec_point_formats(SSL *s, unsigned int context); | |
20 | 21 | static int final_ec_pt_formats(SSL *s, unsigned int context, int sent); |
21 | 22 | #endif |
22 | 23 | static int init_session_ticket(SSL *s, unsigned int context); |
55 | 56 | static int final_early_data(SSL *s, unsigned int context, int sent); |
56 | 57 | static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); |
57 | 58 | static int init_post_handshake_auth(SSL *s, unsigned int context); |
59 | static int final_psk(SSL *s, unsigned int context, int sent); | |
58 | 60 | |
59 | 61 | /* Structure to define a built-in extension */ |
60 | 62 | typedef struct extensions_definition_st { |
157 | 159 | TLSEXT_TYPE_ec_point_formats, |
158 | 160 | SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO |
159 | 161 | | SSL_EXT_TLS1_2_AND_BELOW_ONLY, |
160 | NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, | |
162 | init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats, | |
161 | 163 | tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, |
162 | 164 | final_ec_pt_formats |
163 | 165 | }, |
388 | 390 | SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO |
389 | 391 | | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, |
390 | 392 | NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk, |
391 | tls_construct_ctos_psk, NULL | |
393 | tls_construct_ctos_psk, final_psk | |
392 | 394 | } |
393 | 395 | }; |
394 | 396 | |
1025 | 1027 | } |
1026 | 1028 | |
1027 | 1029 | #ifndef OPENSSL_NO_EC |
1030 | static int init_ec_point_formats(SSL *s, unsigned int context) | |
1031 | { | |
1032 | OPENSSL_free(s->ext.peer_ecpointformats); | |
1033 | s->ext.peer_ecpointformats = NULL; | |
1034 | s->ext.peer_ecpointformats_len = 0; | |
1035 | ||
1036 | return 1; | |
1037 | } | |
1038 | ||
1028 | 1039 | static int final_ec_pt_formats(SSL *s, unsigned int context, int sent) |
1029 | 1040 | { |
1030 | 1041 | unsigned long alg_k, alg_a; |
1717 | 1728 | |
1718 | 1729 | return 1; |
1719 | 1730 | } |
1731 | ||
1732 | /* | |
1733 | * If clients offer "pre_shared_key" without a "psk_key_exchange_modes" | |
1734 | * extension, servers MUST abort the handshake. | |
1735 | */ | |
1736 | static int final_psk(SSL *s, unsigned int context, int sent) | |
1737 | { | |
1738 | if (s->server && sent && s->clienthello != NULL | |
1739 | && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) { | |
1740 | SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK, | |
1741 | SSL_R_MISSING_PSK_KEX_MODES_EXTENSION); | |
1742 | return 0; | |
1743 | } | |
1744 | ||
1745 | return 1; | |
1746 | } |
0 | 0 | /* |
1 | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
1713 | 1713 | } |
1714 | 1714 | return EXT_RETURN_NOT_SENT; |
1715 | 1715 | } |
1716 | if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) { | |
1717 | /* | |
1718 | * PSK ('hit') and explicitly not doing DHE (if the client sent the | |
1719 | * DHE option we always take it); don't send key share. | |
1720 | */ | |
1721 | return EXT_RETURN_NOT_SENT; | |
1722 | } | |
1716 | 1723 | |
1717 | 1724 | if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share) |
1718 | 1725 | || !WPACKET_start_sub_packet_u16(pkt) |
1000 | 1000 | return CCS_MAX_LENGTH; |
1001 | 1001 | |
1002 | 1002 | case TLS_ST_CR_SESSION_TICKET: |
1003 | return SSL3_RT_MAX_PLAIN_LENGTH; | |
1003 | return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13 | |
1004 | : SESSION_TICKET_MAX_LENGTH_TLS12; | |
1004 | 1005 | |
1005 | 1006 | case TLS_ST_CR_FINISHED: |
1006 | 1007 | return FINISHED_MAX_LENGTH; |
2832 | 2833 | if (ret < 0) { |
2833 | 2834 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, |
2834 | 2835 | SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, |
2835 | ERR_R_MALLOC_FAILURE); | |
2836 | SSL_R_OCSP_CALLBACK_FAILURE); | |
2836 | 2837 | return 0; |
2837 | 2838 | } |
2838 | 2839 | } |
0 | 0 | /* |
1 | * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
21 | 21 | #define SERVER_HELLO_MAX_LENGTH 20000 |
22 | 22 | #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 |
23 | 23 | #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 |
24 | #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 | |
25 | #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 | |
24 | 26 | #define SERVER_KEY_EXCH_MAX_LENGTH 102400 |
25 | 27 | #define SERVER_HELLO_DONE_MAX_LENGTH 0 |
26 | 28 | #define KEY_UPDATE_MAX_LENGTH 1 |
3752 | 3752 | |
3753 | 3753 | sk_X509_pop_free(s->session->peer_chain, X509_free); |
3754 | 3754 | s->session->peer_chain = sk; |
3755 | sk = NULL; | |
3755 | 3756 | |
3756 | 3757 | /* |
3757 | 3758 | * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE |
3766 | 3767 | * Inconsistency alert: cert_chain does *not* include the peer's own |
3767 | 3768 | * certificate, while we do include it in statem_clnt.c |
3768 | 3769 | */ |
3769 | sk = NULL; | |
3770 | 3770 | |
3771 | 3771 | /* Save the current hash state for when we receive the CertificateVerify */ |
3772 | 3772 | if (SSL_IS_TLS13(s)) { |
4138 | 4138 | } |
4139 | 4139 | |
4140 | 4140 | if (tctx->generate_ticket_cb != NULL && |
4141 | tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) | |
4142 | goto err; | |
4143 | ||
4141 | tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) { | |
4142 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
4143 | SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, | |
4144 | ERR_R_INTERNAL_ERROR); | |
4145 | goto err; | |
4146 | } | |
4144 | 4147 | /* |
4145 | 4148 | * If we are using anti-replay protection then we behave as if |
4146 | 4149 | * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there |
0 | 0 | /* |
1 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
2440 | 2440 | { |
2441 | 2441 | DH *dhp = NULL; |
2442 | 2442 | BIGNUM *p = NULL, *g = NULL; |
2443 | int dh_secbits = 80; | |
2443 | int dh_secbits = 80, sec_level_bits; | |
2444 | ||
2444 | 2445 | if (s->cert->dh_tmp_auto != 2) { |
2445 | 2446 | if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { |
2446 | 2447 | if (s->s3->tmp.new_cipher->strength_bits == 256) |
2463 | 2464 | BN_free(g); |
2464 | 2465 | return NULL; |
2465 | 2466 | } |
2467 | ||
2468 | /* Do not pick a prime that is too weak for the current security level */ | |
2469 | sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL); | |
2470 | if (dh_secbits < sec_level_bits) | |
2471 | dh_secbits = sec_level_bits; | |
2472 | ||
2466 | 2473 | if (dh_secbits >= 192) |
2467 | 2474 | p = BN_get_rfc3526_prime_8192(NULL); |
2468 | 2475 | else if (dh_secbits >= 152) |
0 | 0 | /* |
1 | * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
11 | 11 | |
12 | 12 | #include <openssl/rand.h> |
13 | 13 | #include <openssl/asn1t.h> |
14 | #include <openssl/obj_mac.h> | |
14 | 15 | #include "internal/numbers.h" |
15 | 16 | #include "testutil.h" |
16 | 17 | |
194 | 195 | return 0; |
195 | 196 | } |
196 | 197 | |
198 | static int test_reuse_asn1_object(void) | |
199 | { | |
200 | static unsigned char cn_der[] = { 0x06, 0x03, 0x55, 0x04, 0x06 }; | |
201 | static unsigned char oid_der[] = { | |
202 | 0x06, 0x06, 0x2a, 0x03, 0x04, 0x05, 0x06, 0x07 | |
203 | }; | |
204 | int ret = 0; | |
205 | ASN1_OBJECT *obj; | |
206 | unsigned char const *p = oid_der; | |
207 | ||
208 | /* Create an object that owns dynamically allocated 'sn' and 'ln' fields */ | |
209 | ||
210 | if (!TEST_ptr(obj = ASN1_OBJECT_create(NID_undef, cn_der, sizeof(cn_der), | |
211 | "C", "countryName"))) | |
212 | goto err; | |
213 | /* reuse obj - this should not leak sn and ln */ | |
214 | if (!TEST_ptr(d2i_ASN1_OBJECT(&obj, &p, sizeof(oid_der)))) | |
215 | goto err; | |
216 | ret = 1; | |
217 | err: | |
218 | ASN1_OBJECT_free(obj); | |
219 | return ret; | |
220 | } | |
221 | ||
197 | 222 | int setup_tests(void) |
198 | 223 | { |
199 | 224 | #if OPENSSL_API_COMPAT < 0x10200000L |
204 | 229 | ADD_TEST(test_int64); |
205 | 230 | ADD_TEST(test_uint64); |
206 | 231 | ADD_TEST(test_invalid_template); |
207 | return 1; | |
208 | } | |
232 | ADD_TEST(test_reuse_asn1_object); | |
233 | return 1; | |
234 | } |
0 | 0 | /* |
1 | * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
9 | 9 | #include <string.h> |
10 | 10 | #include <openssl/buffer.h> |
11 | 11 | #include <openssl/bio.h> |
12 | #include <openssl/pkcs7.h> | |
13 | #include <openssl/obj_mac.h> | |
12 | 14 | |
13 | 15 | #include "testutil.h" |
14 | 16 | |
34 | 36 | goto finish; |
35 | 37 | ok = 1; |
36 | 38 | |
37 | finish: | |
39 | finish: | |
38 | 40 | BIO_free(bio); |
39 | 41 | return ok; |
40 | 42 | } |
61 | 63 | goto finish; |
62 | 64 | ok = 1; |
63 | 65 | |
64 | finish: | |
66 | finish: | |
65 | 67 | BIO_free(bio); |
66 | 68 | BUF_MEM_free(bufmem); |
67 | 69 | return ok; |
97 | 99 | goto finish; |
98 | 100 | ok = 1; |
99 | 101 | |
100 | finish: | |
102 | finish: | |
101 | 103 | BIO_free(bio); |
102 | 104 | return ok; |
103 | 105 | } |
138 | 140 | goto finish; |
139 | 141 | ok = 1; |
140 | 142 | |
141 | finish: | |
143 | finish: | |
142 | 144 | BIO_free(bio); |
143 | 145 | BIO_free(bio2); |
144 | 146 | return ok; |
175 | 177 | |
176 | 178 | ok = 1; |
177 | 179 | |
178 | finish: | |
180 | finish: | |
179 | 181 | BIO_free(bio); |
180 | 182 | return ok; |
181 | 183 | } |
215 | 217 | |
216 | 218 | ok = 1; |
217 | 219 | |
218 | finish: | |
219 | BIO_free(bio); | |
220 | finish: | |
221 | BIO_free(bio); | |
222 | return ok; | |
223 | } | |
224 | ||
225 | static int error_callback_fired; | |
226 | static long BIO_error_callback(BIO *bio, int cmd, const char *argp, | |
227 | size_t len, int argi, | |
228 | long argl, int ret, size_t *processed) | |
229 | { | |
230 | if ((cmd & (BIO_CB_READ | BIO_CB_RETURN)) != 0) { | |
231 | error_callback_fired = 1; | |
232 | ret = 0; /* fail for read operations to simulate error in input BIO */ | |
233 | } | |
234 | return ret; | |
235 | } | |
236 | ||
237 | /* Checks i2d_ASN1_bio_stream() is freeing all memory when input BIO ends unexpectedly. */ | |
238 | static int test_bio_i2d_ASN1_mime(void) | |
239 | { | |
240 | int ok = 0; | |
241 | BIO *bio = NULL, *out = NULL; | |
242 | BUF_MEM bufmem; | |
243 | static const char str[] = "BIO mime test\n"; | |
244 | PKCS7 *p7 = NULL; | |
245 | ||
246 | if (!TEST_ptr(bio = BIO_new(BIO_s_mem()))) | |
247 | goto finish; | |
248 | ||
249 | bufmem.length = sizeof(str); | |
250 | bufmem.data = (char *) str; | |
251 | bufmem.max = bufmem.length; | |
252 | BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE); | |
253 | BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY); | |
254 | BIO_set_callback_ex(bio, BIO_error_callback); | |
255 | ||
256 | if (!TEST_ptr(out = BIO_new(BIO_s_mem()))) | |
257 | goto finish; | |
258 | if (!TEST_ptr(p7 = PKCS7_new())) | |
259 | goto finish; | |
260 | if (!TEST_true(PKCS7_set_type(p7, NID_pkcs7_data))) | |
261 | goto finish; | |
262 | ||
263 | error_callback_fired = 0; | |
264 | ||
265 | /* | |
266 | * The call succeeds even if the input stream ends unexpectedly as | |
267 | * there is no handling for this case in SMIME_crlf_copy(). | |
268 | */ | |
269 | if (!TEST_true(i2d_ASN1_bio_stream(out, (ASN1_VALUE*) p7, bio, | |
270 | SMIME_STREAM | SMIME_BINARY, | |
271 | ASN1_ITEM_rptr(PKCS7)))) | |
272 | goto finish; | |
273 | ||
274 | if (!TEST_int_eq(error_callback_fired, 1)) | |
275 | goto finish; | |
276 | ||
277 | ok = 1; | |
278 | ||
279 | finish: | |
280 | BIO_free(bio); | |
281 | BIO_free(out); | |
282 | PKCS7_free(p7); | |
220 | 283 | return ok; |
221 | 284 | } |
222 | 285 | |
235 | 298 | ADD_TEST(test_bio_rdonly_mem_buf); |
236 | 299 | ADD_TEST(test_bio_rdwr_rdonly); |
237 | 300 | ADD_TEST(test_bio_nonclear_rst); |
301 | ADD_TEST(test_bio_i2d_ASN1_mime); | |
238 | 302 | return 1; |
239 | 303 | } |
0 | 0 | /* |
1 | * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
304 | 304 | return st; |
305 | 305 | } |
306 | 306 | |
307 | static struct { | |
308 | int n, divisor, result, remainder; | |
309 | } signed_mod_tests[] = { | |
310 | { 10, 3, 3, 1 }, | |
311 | { -10, 3, -3, -1 }, | |
312 | { 10, -3, -3, 1 }, | |
313 | { -10, -3, 3, -1 }, | |
314 | }; | |
315 | ||
316 | static BIGNUM *set_signed_bn(int value) | |
317 | { | |
318 | BIGNUM *bn = BN_new(); | |
319 | ||
320 | if (bn == NULL) | |
321 | return NULL; | |
322 | if (!BN_set_word(bn, value < 0 ? -value : value)) { | |
323 | BN_free(bn); | |
324 | return NULL; | |
325 | } | |
326 | BN_set_negative(bn, value < 0); | |
327 | return bn; | |
328 | } | |
329 | ||
330 | static int test_signed_mod_replace_ab(int n) | |
331 | { | |
332 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
333 | int st = 0; | |
334 | ||
335 | if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) | |
336 | || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) | |
337 | || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) | |
338 | || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) | |
339 | goto err; | |
340 | ||
341 | if (TEST_true(BN_div(a, b, a, b, ctx)) | |
342 | && TEST_BN_eq(a, c) | |
343 | && TEST_BN_eq(b, d)) | |
344 | st = 1; | |
345 | err: | |
346 | BN_free(a); | |
347 | BN_free(b); | |
348 | BN_free(c); | |
349 | BN_free(d); | |
350 | return st; | |
351 | } | |
352 | ||
353 | static int test_signed_mod_replace_ba(int n) | |
354 | { | |
355 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
356 | int st = 0; | |
357 | ||
358 | if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) | |
359 | || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) | |
360 | || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) | |
361 | || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) | |
362 | goto err; | |
363 | ||
364 | if (TEST_true(BN_div(b, a, a, b, ctx)) | |
365 | && TEST_BN_eq(b, c) | |
366 | && TEST_BN_eq(a, d)) | |
367 | st = 1; | |
368 | err: | |
369 | BN_free(a); | |
370 | BN_free(b); | |
371 | BN_free(c); | |
372 | BN_free(d); | |
373 | return st; | |
374 | } | |
375 | ||
307 | 376 | static int test_mod(void) |
308 | 377 | { |
309 | 378 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; |
325 | 394 | BN_set_negative(b, rand_neg()); |
326 | 395 | if (!(TEST_true(BN_mod(c, a, b, ctx)) |
327 | 396 | && TEST_true(BN_div(d, e, a, b, ctx)) |
328 | && TEST_true(BN_sub(e, e, c)) | |
329 | && TEST_BN_eq_zero(e))) | |
397 | && TEST_BN_eq(e, c) | |
398 | && TEST_true(BN_mul(c, d, b, ctx)) | |
399 | && TEST_true(BN_add(d, c, e)) | |
400 | && TEST_BN_eq(d, a))) | |
330 | 401 | goto err; |
331 | 402 | } |
332 | 403 | st = 1; |
2758 | 2829 | if (n == 0) { |
2759 | 2830 | ADD_TEST(test_sub); |
2760 | 2831 | ADD_TEST(test_div_recip); |
2832 | ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); | |
2833 | ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); | |
2761 | 2834 | ADD_TEST(test_mod); |
2762 | 2835 | ADD_TEST(test_modexp_mont5); |
2763 | 2836 | ADD_TEST(test_kronecker); |
0 | 0 | -----BEGIN CERTIFICATE----- |
1 | MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL | |
2 | BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP | |
3 | MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN | |
4 | BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg | |
5 | K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7 | |
6 | iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c | |
7 | QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS | |
8 | luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj | |
9 | 1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB | |
10 | o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU | |
11 | 55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC | |
12 | B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm | |
13 | WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO | |
14 | h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG | |
15 | G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf | |
16 | vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o | |
17 | ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM= | |
1 | MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL | |
2 | BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN | |
3 | MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ | |
4 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU | |
5 | fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC | |
6 | 76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz | |
7 | BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl | |
8 | V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv | |
9 | 0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP | |
10 | MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO | |
11 | lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G | |
12 | d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI | |
13 | ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5 | |
14 | CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK | |
15 | wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2 | |
16 | WHoc | |
18 | 17 | -----END CERTIFICATE----- |
0 | 0 | /* |
1 | * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
44 | 44 | |
45 | 45 | static const char *sessionfile = NULL; |
46 | 46 | /* Dummy ALPN protocols used to pad out the size of the ClientHello */ |
47 | /* ASCII 'O' = 79 = 0x4F = EBCDIC '|'*/ | |
48 | #ifdef CHARSET_EBCDIC | |
47 | 49 | static const char alpn_prots[] = |
48 | "0123456789012345678901234567890123456789012345678901234567890123456789" | |
49 | "0123456789012345678901234567890123456789012345678901234567890123456789" | |
50 | "01234567890123456789"; | |
50 | "|1234567890123456789012345678901234567890123456789012345678901234567890123456789" | |
51 | "|1234567890123456789012345678901234567890123456789012345678901234567890123456789"; | |
52 | #else | |
53 | static const char alpn_prots[] = | |
54 | "O1234567890123456789012345678901234567890123456789012345678901234567890123456789" | |
55 | "O1234567890123456789012345678901234567890123456789012345678901234567890123456789"; | |
56 | #endif | |
51 | 57 | |
52 | 58 | static int test_client_hello(int currtest) |
53 | 59 | { |
0 | 0 | /* |
1 | * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved |
3 | 3 | * |
4 | 4 | * Licensed under the OpenSSL license (the "License"). You may not use |
1123 | 1123 | BN_free(yplusone); |
1124 | 1124 | return r; |
1125 | 1125 | } |
1126 | # endif | |
1126 | ||
1127 | static int hybrid_point_encoding_test(void) | |
1128 | { | |
1129 | BIGNUM *x = NULL, *y = NULL; | |
1130 | EC_GROUP *group = NULL; | |
1131 | EC_POINT *point = NULL; | |
1132 | unsigned char *buf = NULL; | |
1133 | size_t len; | |
1134 | int r = 0; | |
1135 | ||
1136 | if (!TEST_true(BN_dec2bn(&x, "0")) | |
1137 | || !TEST_true(BN_dec2bn(&y, "1")) | |
1138 | || !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1)) | |
1139 | || !TEST_ptr(point = EC_POINT_new(group)) | |
1140 | || !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL)) | |
1141 | || !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group, | |
1142 | point, | |
1143 | POINT_CONVERSION_HYBRID, | |
1144 | NULL, | |
1145 | 0, | |
1146 | NULL))) | |
1147 | || !TEST_ptr(buf = OPENSSL_malloc(len)) | |
1148 | || !TEST_size_t_eq(len, EC_POINT_point2oct(group, | |
1149 | point, | |
1150 | POINT_CONVERSION_HYBRID, | |
1151 | buf, | |
1152 | len, | |
1153 | NULL))) | |
1154 | goto err; | |
1155 | ||
1156 | r = 1; | |
1157 | ||
1158 | /* buf contains a valid hybrid point, check that we can decode it. */ | |
1159 | if (!TEST_true(EC_POINT_oct2point(group, point, buf, len, NULL))) | |
1160 | r = 0; | |
1161 | ||
1162 | /* Flip the y_bit and verify that the invalid encoding is rejected. */ | |
1163 | buf[0] ^= 1; | |
1164 | if (!TEST_false(EC_POINT_oct2point(group, point, buf, len, NULL))) | |
1165 | r = 0; | |
1166 | ||
1167 | err: | |
1168 | BN_free(x); | |
1169 | BN_free(y); | |
1170 | EC_GROUP_free(group); | |
1171 | EC_POINT_free(point); | |
1172 | OPENSSL_free(buf); | |
1173 | return r; | |
1174 | } | |
1175 | #endif | |
1127 | 1176 | |
1128 | 1177 | static int internal_curve_test(int n) |
1129 | 1178 | { |
2194 | 2243 | ADD_ALL_TESTS(cardinality_test, crv_len); |
2195 | 2244 | ADD_TEST(prime_field_tests); |
2196 | 2245 | # ifndef OPENSSL_NO_EC2M |
2246 | ADD_TEST(hybrid_point_encoding_test); | |
2197 | 2247 | ADD_TEST(char2_field_tests); |
2198 | 2248 | ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); |
2199 | 2249 | # endif |
0 | 0 | /* |
1 | * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
319 | 319 | }; |
320 | 320 | #endif |
321 | 321 | |
322 | static const unsigned char kCFBDefaultKey[] = { | |
323 | 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, | |
324 | 0x09, 0xCF, 0x4F, 0x3C | |
325 | }; | |
326 | ||
327 | static const unsigned char kGCMDefaultKey[32] = { 0 }; | |
328 | ||
329 | static const unsigned char kGCMResetKey[] = { | |
330 | 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, | |
331 | 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, | |
332 | 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 | |
333 | }; | |
334 | ||
335 | static const unsigned char iCFBIV[] = { | |
336 | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, | |
337 | 0x0C, 0x0D, 0x0E, 0x0F | |
338 | }; | |
339 | ||
340 | static const unsigned char iGCMDefaultIV[12] = { 0 }; | |
341 | ||
342 | static const unsigned char iGCMResetIV1[] = { | |
343 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad | |
344 | }; | |
345 | ||
346 | static const unsigned char iGCMResetIV2[] = { | |
347 | 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 | |
348 | }; | |
349 | ||
350 | static const unsigned char cfbPlaintext[] = { | |
351 | 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, | |
352 | 0x73, 0x93, 0x17, 0x2A | |
353 | }; | |
354 | ||
355 | static const unsigned char gcmDefaultPlaintext[16] = { 0 }; | |
356 | ||
357 | static const unsigned char gcmResetPlaintext[] = { | |
358 | 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, | |
359 | 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, | |
360 | 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, | |
361 | 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, | |
362 | 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 | |
363 | }; | |
364 | ||
365 | static const unsigned char cfbCiphertext[] = { | |
366 | 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, | |
367 | 0xE8, 0x3C, 0xFB, 0x4A | |
368 | }; | |
369 | ||
370 | static const unsigned char gcmDefaultCiphertext[] = { | |
371 | 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, | |
372 | 0xba, 0xf3, 0x9d, 0x18 | |
373 | }; | |
374 | ||
375 | static const unsigned char gcmResetCiphertext1[] = { | |
376 | 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, | |
377 | 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, | |
378 | 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, | |
379 | 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, | |
380 | 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f | |
381 | }; | |
382 | ||
383 | static const unsigned char gcmResetCiphertext2[] = { | |
384 | 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, | |
385 | 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, | |
386 | 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, | |
387 | 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, | |
388 | 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 | |
389 | }; | |
390 | ||
391 | static const unsigned char gcmAAD[] = { | |
392 | 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, | |
393 | 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 | |
394 | }; | |
395 | ||
396 | static const unsigned char gcmDefaultTag[] = { | |
397 | 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, | |
398 | 0xd4, 0x8a, 0xb9, 0x19 | |
399 | }; | |
400 | ||
401 | static const unsigned char gcmResetTag1[] = { | |
402 | 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, | |
403 | 0xfe, 0x2e, 0xa8, 0xf2 | |
404 | }; | |
405 | ||
406 | static const unsigned char gcmResetTag2[] = { | |
407 | 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, | |
408 | 0xbb, 0x2d, 0x55, 0x1b | |
409 | }; | |
410 | ||
411 | ||
322 | 412 | typedef struct APK_DATA_st { |
323 | 413 | const unsigned char *kder; |
324 | 414 | size_t size; |
328 | 418 | int param_check; |
329 | 419 | int type; /* 0 for private, 1 for public, 2 for params */ |
330 | 420 | } APK_DATA; |
421 | ||
422 | typedef struct { | |
423 | const char *cipher; | |
424 | const unsigned char *key; | |
425 | const unsigned char *iv; | |
426 | const unsigned char *input; | |
427 | const unsigned char *expected; | |
428 | const unsigned char *tag; | |
429 | size_t ivlen; /* 0 if we do not need to set a specific IV len */ | |
430 | size_t inlen; | |
431 | size_t expectedlen; | |
432 | size_t taglen; | |
433 | int keyfirst; | |
434 | int initenc; | |
435 | int finalenc; | |
436 | } EVP_INIT_TEST_st; | |
437 | ||
438 | static const EVP_INIT_TEST_st evp_init_tests[] = { | |
439 | { | |
440 | "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, | |
441 | cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), | |
442 | 0, 1, 0, 1 | |
443 | }, | |
444 | { | |
445 | "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, | |
446 | gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), | |
447 | sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), | |
448 | sizeof(gcmDefaultTag), 1, 0, 1 | |
449 | }, | |
450 | { | |
451 | "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, | |
452 | cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), | |
453 | 0, 0, 0, 1 | |
454 | }, | |
455 | { | |
456 | "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, | |
457 | gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), | |
458 | sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), | |
459 | sizeof(gcmDefaultTag), 0, 0, 1 | |
460 | }, | |
461 | { | |
462 | "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, | |
463 | cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), | |
464 | 0, 1, 1, 0 | |
465 | }, | |
466 | { | |
467 | "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, | |
468 | gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), | |
469 | sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), | |
470 | sizeof(gcmDefaultTag), 1, 1, 0 | |
471 | }, | |
472 | { | |
473 | "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, | |
474 | cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), | |
475 | 0, 0, 1, 0 | |
476 | }, | |
477 | { | |
478 | "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, | |
479 | gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), | |
480 | sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), | |
481 | sizeof(gcmDefaultTag), 0, 1, 0 | |
482 | } | |
483 | }; | |
484 | ||
485 | static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) | |
486 | { | |
487 | int res = 0; | |
488 | ||
489 | if (t->ivlen != 0) { | |
490 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) | |
491 | goto err; | |
492 | } | |
493 | if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) | |
494 | goto err; | |
495 | res = 1; | |
496 | err: | |
497 | return res; | |
498 | } | |
499 | ||
500 | /* | |
501 | * Test step-wise cipher initialization via EVP_CipherInit_ex where the | |
502 | * arguments are given one at a time and a final adjustment to the enc | |
503 | * parameter sets the correct operation. | |
504 | */ | |
505 | static int test_evp_init_seq(int idx) | |
506 | { | |
507 | int outlen1, outlen2; | |
508 | int testresult = 0; | |
509 | unsigned char outbuf[1024]; | |
510 | unsigned char tag[16]; | |
511 | const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; | |
512 | EVP_CIPHER_CTX *ctx = NULL; | |
513 | const EVP_CIPHER *type = NULL; | |
514 | size_t taglen = sizeof(tag); | |
515 | char *errmsg = NULL; | |
516 | ||
517 | ctx = EVP_CIPHER_CTX_new(); | |
518 | if (ctx == NULL) { | |
519 | errmsg = "CTX_ALLOC"; | |
520 | goto err; | |
521 | } | |
522 | if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) { | |
523 | errmsg = "GET_CIPHERBYNAME"; | |
524 | goto err; | |
525 | } | |
526 | if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { | |
527 | errmsg = "EMPTY_ENC_INIT"; | |
528 | goto err; | |
529 | } | |
530 | if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { | |
531 | errmsg = "PADDING"; | |
532 | goto err; | |
533 | } | |
534 | if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { | |
535 | errmsg = "KEY_INIT (before iv)"; | |
536 | goto err; | |
537 | } | |
538 | if (!evp_init_seq_set_iv(ctx, t)) { | |
539 | errmsg = "IV_INIT"; | |
540 | goto err; | |
541 | } | |
542 | if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { | |
543 | errmsg = "KEY_INIT (after iv)"; | |
544 | goto err; | |
545 | } | |
546 | if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { | |
547 | errmsg = "FINAL_ENC_INIT"; | |
548 | goto err; | |
549 | } | |
550 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { | |
551 | errmsg = "CIPHER_UPDATE"; | |
552 | goto err; | |
553 | } | |
554 | if (t->finalenc == 0 && t->tag != NULL) { | |
555 | /* Set expected tag */ | |
556 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, | |
557 | t->taglen, (void *)t->tag))) { | |
558 | errmsg = "SET_TAG"; | |
559 | goto err; | |
560 | } | |
561 | } | |
562 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
563 | errmsg = "CIPHER_FINAL"; | |
564 | goto err; | |
565 | } | |
566 | if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { | |
567 | errmsg = "WRONG_RESULT"; | |
568 | goto err; | |
569 | } | |
570 | if (t->finalenc != 0 && t->tag != NULL) { | |
571 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { | |
572 | errmsg = "GET_TAG"; | |
573 | goto err; | |
574 | } | |
575 | if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { | |
576 | errmsg = "TAG_ERROR"; | |
577 | goto err; | |
578 | } | |
579 | } | |
580 | testresult = 1; | |
581 | err: | |
582 | if (errmsg != NULL) | |
583 | TEST_info("evp_init_test %d: %s", idx, errmsg); | |
584 | EVP_CIPHER_CTX_free(ctx); | |
585 | return testresult; | |
586 | } | |
587 | ||
588 | typedef struct { | |
589 | const unsigned char *input; | |
590 | const unsigned char *expected; | |
591 | size_t inlen; | |
592 | size_t expectedlen; | |
593 | int enc; | |
594 | } EVP_RESET_TEST_st; | |
595 | ||
596 | static const EVP_RESET_TEST_st evp_reset_tests[] = { | |
597 | { | |
598 | cfbPlaintext, cfbCiphertext, | |
599 | sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 | |
600 | }, | |
601 | { | |
602 | cfbCiphertext, cfbPlaintext, | |
603 | sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 | |
604 | } | |
605 | }; | |
606 | ||
607 | /* | |
608 | * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already | |
609 | * been used. | |
610 | */ | |
611 | static int test_evp_reset(int idx) | |
612 | { | |
613 | const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; | |
614 | int outlen1, outlen2; | |
615 | int testresult = 0; | |
616 | unsigned char outbuf[1024]; | |
617 | EVP_CIPHER_CTX *ctx = NULL; | |
618 | const EVP_CIPHER *type = NULL; | |
619 | char *errmsg = NULL; | |
620 | ||
621 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { | |
622 | errmsg = "CTX_ALLOC"; | |
623 | goto err; | |
624 | } | |
625 | if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) { | |
626 | errmsg = "GET_CIPHERBYNAME"; | |
627 | goto err; | |
628 | } | |
629 | if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { | |
630 | errmsg = "CIPHER_INIT"; | |
631 | goto err; | |
632 | } | |
633 | if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { | |
634 | errmsg = "PADDING"; | |
635 | goto err; | |
636 | } | |
637 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { | |
638 | errmsg = "CIPHER_UPDATE"; | |
639 | goto err; | |
640 | } | |
641 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
642 | errmsg = "CIPHER_FINAL"; | |
643 | goto err; | |
644 | } | |
645 | if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { | |
646 | errmsg = "WRONG_RESULT"; | |
647 | goto err; | |
648 | } | |
649 | if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { | |
650 | errmsg = "CIPHER_REINIT"; | |
651 | goto err; | |
652 | } | |
653 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { | |
654 | errmsg = "CIPHER_UPDATE (reinit)"; | |
655 | goto err; | |
656 | } | |
657 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
658 | errmsg = "CIPHER_FINAL (reinit)"; | |
659 | goto err; | |
660 | } | |
661 | if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { | |
662 | errmsg = "WRONG_RESULT (reinit)"; | |
663 | goto err; | |
664 | } | |
665 | testresult = 1; | |
666 | err: | |
667 | if (errmsg != NULL) | |
668 | TEST_info("test_evp_reset %d: %s", idx, errmsg); | |
669 | EVP_CIPHER_CTX_free(ctx); | |
670 | return testresult; | |
671 | } | |
672 | ||
673 | typedef struct { | |
674 | const unsigned char *iv1; | |
675 | const unsigned char *iv2; | |
676 | const unsigned char *expected1; | |
677 | const unsigned char *expected2; | |
678 | const unsigned char *tag1; | |
679 | const unsigned char *tag2; | |
680 | size_t ivlen1; | |
681 | size_t ivlen2; | |
682 | size_t expectedlen1; | |
683 | size_t expectedlen2; | |
684 | } TEST_GCM_IV_REINIT_st; | |
685 | ||
686 | static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { | |
687 | { | |
688 | iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, | |
689 | gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), | |
690 | sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) | |
691 | }, | |
692 | { | |
693 | iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, | |
694 | gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), | |
695 | sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) | |
696 | } | |
697 | }; | |
698 | ||
699 | static int test_gcm_reinit(int idx) | |
700 | { | |
701 | int outlen1, outlen2, outlen3; | |
702 | int testresult = 0; | |
703 | unsigned char outbuf[1024]; | |
704 | unsigned char tag[16]; | |
705 | const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; | |
706 | EVP_CIPHER_CTX *ctx = NULL; | |
707 | const EVP_CIPHER *type = NULL; | |
708 | size_t taglen = sizeof(tag); | |
709 | char *errmsg = NULL; | |
710 | ||
711 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { | |
712 | errmsg = "CTX_ALLOC"; | |
713 | goto err; | |
714 | } | |
715 | if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) { | |
716 | errmsg = "GET_CIPHERBYNAME"; | |
717 | goto err; | |
718 | } | |
719 | if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { | |
720 | errmsg = "ENC_INIT"; | |
721 | goto err; | |
722 | } | |
723 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { | |
724 | errmsg = "SET_IVLEN1"; | |
725 | goto err; | |
726 | } | |
727 | if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { | |
728 | errmsg = "SET_IV1"; | |
729 | goto err; | |
730 | } | |
731 | if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { | |
732 | errmsg = "AAD1"; | |
733 | goto err; | |
734 | } | |
735 | EVP_CIPHER_CTX_set_padding(ctx, 0); | |
736 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, | |
737 | sizeof(gcmResetPlaintext)))) { | |
738 | errmsg = "CIPHER_UPDATE1"; | |
739 | goto err; | |
740 | } | |
741 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
742 | errmsg = "CIPHER_FINAL1"; | |
743 | goto err; | |
744 | } | |
745 | if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { | |
746 | errmsg = "WRONG_RESULT1"; | |
747 | goto err; | |
748 | } | |
749 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { | |
750 | errmsg = "GET_TAG1"; | |
751 | goto err; | |
752 | } | |
753 | if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { | |
754 | errmsg = "TAG_ERROR1"; | |
755 | goto err; | |
756 | } | |
757 | /* Now reinit */ | |
758 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { | |
759 | errmsg = "SET_IVLEN2"; | |
760 | goto err; | |
761 | } | |
762 | if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { | |
763 | errmsg = "SET_IV2"; | |
764 | goto err; | |
765 | } | |
766 | if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { | |
767 | errmsg = "AAD2"; | |
768 | goto err; | |
769 | } | |
770 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, | |
771 | sizeof(gcmResetPlaintext)))) { | |
772 | errmsg = "CIPHER_UPDATE2"; | |
773 | goto err; | |
774 | } | |
775 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
776 | errmsg = "CIPHER_FINAL2"; | |
777 | goto err; | |
778 | } | |
779 | if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { | |
780 | errmsg = "WRONG_RESULT2"; | |
781 | goto err; | |
782 | } | |
783 | if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { | |
784 | errmsg = "GET_TAG2"; | |
785 | goto err; | |
786 | } | |
787 | if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { | |
788 | errmsg = "TAG_ERROR2"; | |
789 | goto err; | |
790 | } | |
791 | testresult = 1; | |
792 | err: | |
793 | if (errmsg != NULL) | |
794 | TEST_info("evp_init_test %d: %s", idx, errmsg); | |
795 | EVP_CIPHER_CTX_free(ctx); | |
796 | return testresult; | |
797 | } | |
798 | ||
799 | typedef struct { | |
800 | const char *cipher; | |
801 | int enc; | |
802 | } EVP_UPDATED_IV_TEST_st; | |
803 | ||
804 | static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { | |
805 | { | |
806 | "aes-128-cfb", 1 | |
807 | }, | |
808 | { | |
809 | "aes-128-cfb", 0 | |
810 | }, | |
811 | { | |
812 | "aes-128-cfb1", 1 | |
813 | }, | |
814 | { | |
815 | "aes-128-cfb1", 0 | |
816 | }, | |
817 | { | |
818 | "aes-128-cfb128", 1 | |
819 | }, | |
820 | { | |
821 | "aes-128-cfb128", 0 | |
822 | }, | |
823 | { | |
824 | "aes-128-cfb8", 1 | |
825 | }, | |
826 | { | |
827 | "aes-128-cfb8", 0 | |
828 | }, | |
829 | { | |
830 | "aes-128-ofb", 1 | |
831 | }, | |
832 | { | |
833 | "aes-128-ofb", 0 | |
834 | }, | |
835 | { | |
836 | "aes-128-ctr", 1 | |
837 | }, | |
838 | { | |
839 | "aes-128-ctr", 0 | |
840 | }, | |
841 | { | |
842 | "aes-128-cbc", 1 | |
843 | }, | |
844 | { | |
845 | "aes-128-cbc", 0 | |
846 | } | |
847 | }; | |
848 | ||
849 | /* | |
850 | * Test that the IV in the context is updated during a crypto operation for CFB | |
851 | * and OFB. | |
852 | */ | |
853 | static int test_evp_updated_iv(int idx) | |
854 | { | |
855 | const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; | |
856 | int outlen1, outlen2; | |
857 | int testresult = 0; | |
858 | unsigned char outbuf[1024]; | |
859 | EVP_CIPHER_CTX *ctx = NULL; | |
860 | const EVP_CIPHER *type = NULL; | |
861 | const unsigned char *updated_iv; | |
862 | int iv_len; | |
863 | char *errmsg = NULL; | |
864 | ||
865 | if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { | |
866 | errmsg = "CTX_ALLOC"; | |
867 | goto err; | |
868 | } | |
869 | if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) { | |
870 | TEST_info("cipher %s not supported, skipping", t->cipher); | |
871 | goto ok; | |
872 | } | |
873 | if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { | |
874 | errmsg = "CIPHER_INIT"; | |
875 | goto err; | |
876 | } | |
877 | if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { | |
878 | errmsg = "PADDING"; | |
879 | goto err; | |
880 | } | |
881 | if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { | |
882 | errmsg = "CIPHER_UPDATE"; | |
883 | goto err; | |
884 | } | |
885 | if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) { | |
886 | errmsg = "CIPHER_CTX_IV"; | |
887 | goto err; | |
888 | } | |
889 | if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) { | |
890 | errmsg = "CIPHER_CTX_IV_LEN"; | |
891 | goto err; | |
892 | } | |
893 | if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { | |
894 | errmsg = "IV_NOT_UPDATED"; | |
895 | goto err; | |
896 | } | |
897 | if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { | |
898 | errmsg = "CIPHER_FINAL"; | |
899 | goto err; | |
900 | } | |
901 | ok: | |
902 | testresult = 1; | |
903 | err: | |
904 | if (errmsg != NULL) | |
905 | TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); | |
906 | EVP_CIPHER_CTX_free(ctx); | |
907 | return testresult; | |
908 | } | |
331 | 909 | |
332 | 910 | static APK_DATA keydata[] = { |
333 | 911 | {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, |
817 | 1395 | } keys[] = { |
818 | 1396 | { |
819 | 1397 | EVP_PKEY_HMAC, "0123456789", NULL |
1398 | #ifndef OPENSSL_NO_POLY1305 | |
820 | 1399 | }, { |
821 | 1400 | EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL |
1401 | #endif | |
1402 | #ifndef OPENSSL_NO_SIPHASH | |
822 | 1403 | }, { |
823 | 1404 | EVP_PKEY_SIPHASH, "0123456789012345", NULL |
1405 | #endif | |
824 | 1406 | }, |
825 | 1407 | #ifndef OPENSSL_NO_EC |
826 | 1408 | { |
850 | 1432 | EVP_PKEY *pkey; |
851 | 1433 | |
852 | 1434 | /* Check if this algorithm supports public keys */ |
853 | if (keys[tst].pub == NULL) | |
1435 | if (pub && keys[tst].pub == NULL) | |
854 | 1436 | return 1; |
855 | 1437 | |
856 | 1438 | memset(buf, 0, sizeof(buf)); |
857 | 1439 | |
858 | 1440 | if (pub) { |
1441 | #ifndef OPENSSL_NO_EC | |
859 | 1442 | inlen = strlen(keys[tst].pub); |
860 | 1443 | in = (unsigned char *)keys[tst].pub; |
861 | 1444 | pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, |
862 | 1445 | NULL, |
863 | 1446 | in, |
864 | 1447 | inlen); |
1448 | #else | |
1449 | return 1; | |
1450 | #endif | |
865 | 1451 | } else { |
866 | 1452 | inlen = strlen(keys[tst].priv); |
867 | 1453 | in = (unsigned char *)keys[tst].priv; |
872 | 1458 | } |
873 | 1459 | |
874 | 1460 | if (!TEST_ptr(pkey) |
1461 | || !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1) | |
875 | 1462 | || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) |
876 | 1463 | || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) |
877 | 1464 | || !TEST_true(len == inlen) |
1208 | 1795 | ADD_TEST(test_EVP_PKEY_set1_DH); |
1209 | 1796 | #endif |
1210 | 1797 | |
1798 | ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); | |
1799 | ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); | |
1800 | ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); | |
1801 | ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); | |
1802 | ||
1211 | 1803 | return 1; |
1212 | 1804 | } |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
46 | 46 | ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); |
47 | 47 | |
48 | 48 | subtest "generating certificate requests with RSA" => sub { |
49 | plan tests => 2; | |
49 | plan tests => 6; | |
50 | 50 | |
51 | 51 | SKIP: { |
52 | 52 | skip "RSA is not supported by this OpenSSL build", 2 |
62 | 62 | "-config", srctop_file("test", "test.cnf"), |
63 | 63 | "-verify", "-in", "testreq.pem", "-noout"])), |
64 | 64 | "Verifying signature on request"); |
65 | ||
66 | ok(run(app(["openssl", "req", | |
67 | "-config", srctop_file("test", "test.cnf"), | |
68 | "-new", "-out", "testreq_withattrs_pem.pem", "-utf8", | |
69 | "-key", srctop_file("test", "testrsa_withattrs.pem")])), | |
70 | "Generating request from a key with extra attributes - PEM"); | |
71 | ||
72 | ok(run(app(["openssl", "req", | |
73 | "-config", srctop_file("test", "test.cnf"), | |
74 | "-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])), | |
75 | "Verifying signature on request from a key with extra attributes - PEM"); | |
76 | ||
77 | ok(run(app(["openssl", "req", | |
78 | "-config", srctop_file("test", "test.cnf"), | |
79 | "-new", "-out", "testreq_withattrs_der.pem", "-utf8", | |
80 | "-key", srctop_file("test", "testrsa_withattrs.der"), | |
81 | "-keyform", "DER"])), | |
82 | "Generating request from a key with extra attributes - PEM"); | |
83 | ||
84 | ok(run(app(["openssl", "req", | |
85 | "-config", srctop_file("test", "test.cnf"), | |
86 | "-verify", "-in", "testreq_withattrs_der.pem", "-noout"])), | |
87 | "Verifying signature on request from a key with extra attributes - PEM"); | |
65 | 88 | } |
66 | 89 | }; |
67 | 90 | |
164 | 187 | run_conversion('req conversions -- testreq2', |
165 | 188 | srctop_file("test", "testreq2.pem")); |
166 | 189 | |
167 | unlink "testkey.pem", "testreq.pem"; | |
190 | unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem"; | |
168 | 191 | |
169 | 192 | sub run_conversion { |
170 | 193 | my $title = shift; |
395 | 395 | ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"), |
396 | 396 | "Public Key Algorithm rsa instead of rsaEncryption"); |
397 | 397 | |
398 | ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []), | |
398 | ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], [], | |
399 | "-attime", "1593565200"), | |
399 | 400 | "accept trusted self-signed EE cert excluding key usage keyCertSign"); |
400 | 401 | |
401 | 402 | SKIP: { |
0 | 0 | # |
1 | # Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
18443 | 18443 | Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 |
18444 | 18444 | Output = "The floofy bunnies hop at midnight" |
18445 | 18445 | |
18446 | # Test with an C1y value < 32 bytes in length (self generated) | |
18447 | Decrypt = SM2_key1 | |
18448 | Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6 | |
18449 | Output = "Hello World" | |
18450 | ||
18451 | # Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated) | |
18452 | Decrypt = SM2_key1 | |
18453 | Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533 | |
18454 | Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah." | |
18455 | ||
18446 | 18456 | # This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface |
18447 | 18457 | # is capable of creating a signature without failing, but it does not say |
18448 | 18458 | # anything about the generated signature being valid, nor does it test the |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
194 | 194 | plan tests => 11; |
195 | 195 | ok(TLSProxy::Message->success(), "Initial connection"); |
196 | 196 | |
197 | #Test 2: Attempt a resume with no kex modes extension. Should not resume | |
197 | #Test 2: Attempt a resume with no kex modes extension. Should fail (server | |
198 | # MUST abort handshake with pre_shared key and no psk_kex_modes) | |
198 | 199 | $proxy->clear(); |
199 | 200 | $proxy->clientflags("-sess_in ".$session); |
200 | 201 | my $testtype = DELETE_EXTENSION; |
201 | 202 | $proxy->filter(\&modify_kex_modes_filter); |
202 | 203 | $proxy->start(); |
203 | checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, | |
204 | checkhandshake::DEFAULT_EXTENSIONS | |
205 | | checkhandshake::KEY_SHARE_SRV_EXTENSION | |
206 | | checkhandshake::PSK_CLI_EXTENSION, | |
207 | "Resume with no kex modes"); | |
204 | ok(TLSProxy::Message->fail(), "Resume with no kex modes"); | |
208 | 205 | |
209 | 206 | #Test 3: Attempt a resume with empty kex modes extension. Should fail (empty |
210 | 207 | # extension is invalid) |
242 | 239 | "Resume with non-dhe kex mode"); |
243 | 240 | |
244 | 241 | #Test 6: Attempt a resume with only unrecognised kex modes. Should not resume |
242 | # but rather fall back to full handshake | |
245 | 243 | $proxy->clear(); |
246 | 244 | $proxy->clientflags("-sess_in ".$session); |
247 | 245 | $testtype = UNKNOWN_KEX_MODES; |
251 | 249 | | checkhandshake::PSK_KEX_MODES_EXTENSION |
252 | 250 | | checkhandshake::KEY_SHARE_SRV_EXTENSION |
253 | 251 | | checkhandshake::PSK_CLI_EXTENSION, |
254 | "Resume with empty kex modes"); | |
252 | "Resume with unrecognized kex mode"); | |
255 | 253 | |
256 | 254 | #Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with |
257 | 255 | # a key_share |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
475 | 475 | subtest 'RSA/(EC)DHE/PSK tests' => sub { |
476 | 476 | ###################################################################### |
477 | 477 | |
478 | plan tests => 5; | |
478 | plan tests => 6; | |
479 | 479 | |
480 | 480 | SKIP: { |
481 | skip "TLSv1.0 is not supported by this OpenSSL build", 5 | |
481 | skip "TLSv1.0 is not supported by this OpenSSL build", 6 | |
482 | 482 | if $no_tls1; |
483 | 483 | |
484 | 484 | SKIP: { |
512 | 512 | |
513 | 513 | ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), |
514 | 514 | 'test tls1 with PSK via BIO pair'); |
515 | } | |
516 | ||
517 | SKIP: { | |
518 | skip "skipping auto PSK tests", 1 | |
519 | if ($no_dh || $no_psk || $no_ec); | |
520 | ||
521 | ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])), | |
522 | 'test auto DH meets security strength'); | |
515 | 523 | } |
516 | 524 | } |
517 | 525 |
305 | 305 | int ret = 0; |
306 | 306 | RSA *key = NULL; |
307 | 307 | unsigned char ptext[256]; |
308 | unsigned char ctext[256]; | |
309 | 308 | static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; |
310 | 309 | unsigned char ctext_ex[256]; |
311 | 310 | int plen; |
327 | 326 | |
328 | 327 | /* Try decrypting corrupted ciphertexts. */ |
329 | 328 | for (n = 0; n < clen; ++n) { |
330 | ctext[n] ^= 1; | |
331 | num = RSA_private_decrypt(clen, ctext, ptext, key, | |
329 | ctext_ex[n] ^= 1; | |
330 | num = RSA_private_decrypt(clen, ctext_ex, ptext, key, | |
332 | 331 | RSA_PKCS1_OAEP_PADDING); |
333 | 332 | if (!TEST_int_le(num, 0)) |
334 | 333 | goto err; |
335 | ctext[n] ^= 1; | |
334 | ctext_ex[n] ^= 1; | |
336 | 335 | } |
337 | 336 | |
338 | 337 | /* Test truncated ciphertexts, as well as negative length. */ |
339 | 338 | for (n = -1; n < clen; ++n) { |
340 | num = RSA_private_decrypt(n, ctext, ptext, key, | |
339 | num = RSA_private_decrypt(n, ctext_ex, ptext, key, | |
341 | 340 | RSA_PKCS1_OAEP_PADDING); |
342 | 341 | if (!TEST_int_le(num, 0)) |
343 | 342 | goto err; |
0 | 0 | /* |
1 | * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
184 | 184 | if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) |
185 | 185 | goto done; |
186 | 186 | |
187 | if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) | |
187 | if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len)) | |
188 | 188 | || !TEST_int_eq(ptext_len, msg_len)) |
189 | 189 | goto done; |
190 | 190 |
0 | 0 | /* |
1 | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
16 | 16 | #include <openssl/srp.h> |
17 | 17 | #include <openssl/txt_db.h> |
18 | 18 | #include <openssl/aes.h> |
19 | #include <openssl/x509v3.h> | |
19 | 20 | |
20 | 21 | #include "ssltestlib.h" |
21 | 22 | #include "testutil.h" |
1825 | 1826 | |
1826 | 1827 | /* Verify changing the rbio/wbio directly does not cause leaks */ |
1827 | 1828 | if (change_bio != NO_BIO_CHANGE) { |
1828 | if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) | |
1829 | goto end; | |
1829 | if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) { | |
1830 | ssl = NULL; | |
1831 | goto end; | |
1832 | } | |
1830 | 1833 | if (change_bio == CHANGE_RBIO) |
1831 | 1834 | SSL_set0_rbio(ssl, membio2); |
1832 | 1835 | else |
6712 | 6715 | return testresult; |
6713 | 6716 | } |
6714 | 6717 | #endif |
6718 | /* | |
6719 | * Test that setting an ALPN does not violate RFC | |
6720 | */ | |
6721 | static int test_set_alpn(void) | |
6722 | { | |
6723 | SSL_CTX *ctx = NULL; | |
6724 | SSL *ssl = NULL; | |
6725 | int testresult = 0; | |
6726 | ||
6727 | unsigned char bad0[] = { 0x00, 'b', 'a', 'd' }; | |
6728 | unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' }; | |
6729 | unsigned char bad1[] = { 0x01, 'b', 'a', 'd' }; | |
6730 | unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00}; | |
6731 | unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'}; | |
6732 | unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'}; | |
6733 | ||
6734 | /* Create an initial SSL_CTX with no certificate configured */ | |
6735 | ctx = SSL_CTX_new(TLS_server_method()); | |
6736 | if (!TEST_ptr(ctx)) | |
6737 | goto end; | |
6738 | ||
6739 | /* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */ | |
6740 | if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, NULL, 2))) | |
6741 | goto end; | |
6742 | if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, 0))) | |
6743 | goto end; | |
6744 | if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, sizeof(good)))) | |
6745 | goto end; | |
6746 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, good, 1))) | |
6747 | goto end; | |
6748 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad0, sizeof(bad0)))) | |
6749 | goto end; | |
6750 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad1, sizeof(bad1)))) | |
6751 | goto end; | |
6752 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad2, sizeof(bad2)))) | |
6753 | goto end; | |
6754 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad3, sizeof(bad3)))) | |
6755 | goto end; | |
6756 | if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad4, sizeof(bad4)))) | |
6757 | goto end; | |
6758 | ||
6759 | ssl = SSL_new(ctx); | |
6760 | if (!TEST_ptr(ssl)) | |
6761 | goto end; | |
6762 | ||
6763 | if (!TEST_false(SSL_set_alpn_protos(ssl, NULL, 2))) | |
6764 | goto end; | |
6765 | if (!TEST_false(SSL_set_alpn_protos(ssl, good, 0))) | |
6766 | goto end; | |
6767 | if (!TEST_false(SSL_set_alpn_protos(ssl, good, sizeof(good)))) | |
6768 | goto end; | |
6769 | if (!TEST_true(SSL_set_alpn_protos(ssl, good, 1))) | |
6770 | goto end; | |
6771 | if (!TEST_true(SSL_set_alpn_protos(ssl, bad0, sizeof(bad0)))) | |
6772 | goto end; | |
6773 | if (!TEST_true(SSL_set_alpn_protos(ssl, bad1, sizeof(bad1)))) | |
6774 | goto end; | |
6775 | if (!TEST_true(SSL_set_alpn_protos(ssl, bad2, sizeof(bad2)))) | |
6776 | goto end; | |
6777 | if (!TEST_true(SSL_set_alpn_protos(ssl, bad3, sizeof(bad3)))) | |
6778 | goto end; | |
6779 | if (!TEST_true(SSL_set_alpn_protos(ssl, bad4, sizeof(bad4)))) | |
6780 | goto end; | |
6781 | ||
6782 | testresult = 1; | |
6783 | ||
6784 | end: | |
6785 | SSL_free(ssl); | |
6786 | SSL_CTX_free(ctx); | |
6787 | return testresult; | |
6788 | } | |
6789 | ||
6790 | static int test_inherit_verify_param(void) | |
6791 | { | |
6792 | int testresult = 0; | |
6793 | ||
6794 | SSL_CTX *ctx = NULL; | |
6795 | X509_VERIFY_PARAM *cp = NULL; | |
6796 | SSL *ssl = NULL; | |
6797 | X509_VERIFY_PARAM *sp = NULL; | |
6798 | int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; | |
6799 | ||
6800 | ctx = SSL_CTX_new(TLS_server_method()); | |
6801 | if (!TEST_ptr(ctx)) | |
6802 | goto end; | |
6803 | ||
6804 | cp = SSL_CTX_get0_param(ctx); | |
6805 | if (!TEST_ptr(cp)) | |
6806 | goto end; | |
6807 | if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0)) | |
6808 | goto end; | |
6809 | ||
6810 | X509_VERIFY_PARAM_set_hostflags(cp, hostflags); | |
6811 | ||
6812 | ssl = SSL_new(ctx); | |
6813 | if (!TEST_ptr(ssl)) | |
6814 | goto end; | |
6815 | ||
6816 | sp = SSL_get0_param(ssl); | |
6817 | if (!TEST_ptr(sp)) | |
6818 | goto end; | |
6819 | if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags)) | |
6820 | goto end; | |
6821 | ||
6822 | testresult = 1; | |
6823 | ||
6824 | end: | |
6825 | SSL_free(ssl); | |
6826 | SSL_CTX_free(ctx); | |
6827 | ||
6828 | return testresult; | |
6829 | } | |
6715 | 6830 | |
6716 | 6831 | int setup_tests(void) |
6717 | 6832 | { |
6839 | 6954 | #ifndef OPENSSL_NO_TLS1_3 |
6840 | 6955 | ADD_TEST(test_sni_tls13); |
6841 | 6956 | #endif |
6957 | ADD_TEST(test_set_alpn); | |
6958 | ADD_TEST(test_inherit_verify_param); | |
6842 | 6959 | return 1; |
6843 | 6960 | } |
6844 | 6961 |
Binary diff not shown
0 | -----BEGIN PRIVATE KEY----- | |
1 | MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsh7QWxhftrqng | |
2 | RC3Ms+HxH2NFCX1sRoiIV4cYK2z0DQdEiNpFdpHlcs3weTuudcpr8XursodVFMTB | |
3 | eHjROhgwO/LT9xReEUiaoHJgfv6KcKcxEvntCjQkzGhkw03OH5VYdtTRAbwpwcYt | |
4 | groPiZ2STINpQOmFabzai+K+3rddwTGkkca3C5kY7KOMlnt9IuvmycksRqH6MPKz | |
5 | P5QbztlgY95rtra+OEzKLYQ1ux6hkaUlpxT5eGKfzYdccwKJWa0dUXyT/8F6rpTm | |
6 | Zbz3BxdKGAWMywaTfh5ywhNmVNTeIumxIRc3+PInn0rqKTaDrWylxiBdb3t27HxQ | |
7 | InDZmPwdAgMBAAECggEBAMTRrzN8JxEq1ES/tvStgodoPOyHlwxwLNB3NP0RtZnm | |
8 | 9XM8BZTjs0egnmlKGDV14riruuMGrcJIg+kR3EcN9m68k7V51kLoUugINuTBCAIe | |
9 | 96DIT5vFb9pnFT8znRy1/0obp787mF2O1t+r9jNTqgDBFmCRGUBg2jtpR4bYQPEL | |
10 | ZjXMDPcsmOlmbBdsyQvjlOHqXjCoUWwOCBEZdtaLzxaOPrBW5Jh2h3Xz1pV3NdZ/ | |
11 | xufAYRhpJamPNiSipRehBZAeQP2ZAyHj/5x3tgEcA+C04Ki8NvuwJx/6T/lGKD+1 | |
12 | x3DKsniNi6fEbGlpST/Zp1GY4WyVPcrLa8JxyO+UagECgYEA+gvBBI+LSK5enPXu | |
13 | WooEQP17fKzdZG7Cic8TfTPbtBIcXjNQFLHjFoBNk+TBFCjZma7L+fEcKcDm+Bg1 | |
14 | qa4xihOP6BoQqHXZZNZ+9ZU96MPmI9Zb60CMG9lM1VVhSqrm2n3Q+tefod/a2bQk | |
15 | oz8QsdpsUFqVFCF5l+Tb6lp2QN0CgYEA8imPEml6LG35snBY1H6t0ASCHT1oFdHP | |
16 | o01WKQas/tuLO+pMfZrA0zLZBExxZuUJloC6COsTcOrlK+hGM60Ab6TgSPbUvYqH | |
17 | 8yMV7SYLvheEngqIiFExmHg79mxnys3Rgv9KMxAV2Ip2wBrBMwUOaURU9pUKXlIN | |
18 | xiaUuevSVEECgYEA0Dbrcs3JUSuKM7AC3DfjlO6/XrFf5hrpOfJKq058m/Uc1EBs | |
19 | Zd8/V2RdtVKeiRf/Ix9QUYA6UHaGnn8iaHpaXD0v7zmNN4pzDaojrIKrO+GtCZid | |
20 | kEd+pE4N0fO4AYJQnA567/aPwi7zQaflfl6smz1kRoE3dLzvUNHNYtgTcq0CgYAm | |
21 | Op1VgMVCwlHK86VyVlVGI5AO4aTO3QJ0ez8A1wb0bOA8Iy7UHVwXe017Oj4kyj+L | |
22 | POMhiUrWZp6rIc4DVmpdNaAapKzNB1OS9JT/jSQJbFkJQgxvyLGVqlV8/3wbLgbH | |
23 | MVobWYy5VJKOnSqmzUOLJrhq/PhYD4gRIgIUn7/igQKBgQCptqrREOq9fXDEpozC | |
24 | 39TL4vDrKJWpB1uK6pBEjgEVD/+tcfziVN40j5hnNFDUu/8kxxp9/4w8mPjdJ0CF | |
25 | hWIvrXasjnnFehy6IewWCljNH5CfOM64rDoXaF+ESIM4rLBHbQ8KYvaKkMjOcdNB | |
26 | JG1sRWVU01AwEhnvxS1zbyBtiqA4MDYGCCqFAwIJAwgBMSoEKBqiSOXm8r5I7hEA | |
27 | +gglN/s0bbRCnzopEhuEorpcnDXrktVtjQrmMi0= | |
28 | -----END PRIVATE KEY----- |
0 | 0 | /* |
1 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. | |
1 | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | * |
3 | 3 | * Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | * this file except in compliance with the License. You can obtain a copy |
329 | 329 | |
330 | 330 | /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ |
331 | 331 | if (t != NULL && x509_format_tests[idx].expected_string) { |
332 | if (!TEST_str_eq((const char *)t->data, | |
333 | x509_format_tests[idx].expected_string)) { | |
334 | TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", | |
335 | idx, x509_format_tests[idx].expected_string, t->data); | |
332 | if (!TEST_mem_eq((const char *)t->data, t->length, | |
333 | x509_format_tests[idx].expected_string, | |
334 | strlen(x509_format_tests[idx].expected_string))) { | |
335 | TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", | |
336 | idx, x509_format_tests[idx].expected_string, t->length, | |
337 | t->data); | |
336 | 338 | goto out; |
337 | 339 | } |
338 | 340 | } |
0 | 0 | #! /usr/bin/env perl |
1 | # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. | |
1 | # Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. | |
2 | 2 | # |
3 | 3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | 4 | # this file except in compliance with the License. You can obtain a copy |
33 | 33 | } |
34 | 34 | |
35 | 35 | unless (mkdir($dir, 0777)) { |
36 | local($err) = $!; | |
36 | 37 | if (-d $dir) { |
37 | 38 | # We raced against another instance doing the same thing. |
38 | 39 | return; |
39 | 40 | } |
40 | die "Cannot create directory $dir: $!\n"; | |
41 | die "Cannot create directory $dir: $err\n"; | |
41 | 42 | } |
42 | 43 | print "created directory `$dir'\n"; |
43 | 44 | } |