Commit upstream/1.1.1l - openssl

+65

-0

CHANGES less more

5	5	For a full list of changes, see the git commit log; for example,
6	6	https://github.com/openssl/openssl/commits/ and pick the appropriate
7	7	release branch.
	8
	9	Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
	10
	11	*) Fixed an SM2 Decryption Buffer Overflow.
	12
	13	In order to decrypt SM2 encrypted data an application is expected to call the
	14	API function EVP_PKEY_decrypt(). Typically an application will call this
	15	function twice. The first time, on entry, the "out" parameter can be NULL and,
	16	on exit, the "outlen" parameter is populated with the buffer size required to
	17	hold the decrypted plaintext. The application can then allocate a sufficiently
	18	sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
	19	value for the "out" parameter.
	20
	21	A bug in the implementation of the SM2 decryption code means that the
	22	calculation of the buffer size required to hold the plaintext returned by the
	23	first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
	24	the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
	25	called by the application a second time with a buffer that is too small.
	26
	27	A malicious attacker who is able present SM2 content for decryption to an
	28	application could cause attacker chosen data to overflow the buffer by up to a
	29	maximum of 62 bytes altering the contents of other data held after the
	30	buffer, possibly changing application behaviour or causing the application to
	31	crash. The location of the buffer is application dependent but is typically
	32	heap allocated.
	33	(CVE-2021-3711)
	34	[Matt Caswell]
	35
	36	*) Fixed various read buffer overruns processing ASN.1 strings
	37
	38	ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
	39	structure which contains a buffer holding the string data and a field holding
	40	the buffer length. This contrasts with normal C strings which are repesented as
	41	a buffer for the string data which is terminated with a NUL (0) byte.
	42
	43	Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
	44	own "d2i" functions (and other similar parsing functions) as well as any string
	45	whose value has been set with the ASN1_STRING_set() function will additionally
	46	NUL terminate the byte array in the ASN1_STRING structure.
	47
	48	However, it is possible for applications to directly construct valid ASN1_STRING
	49	structures which do not NUL terminate the byte array by directly setting the
	50	"data" and "length" fields in the ASN1_STRING array. This can also happen by
	51	using the ASN1_STRING_set0() function.
	52
	53	Numerous OpenSSL functions that print ASN.1 data have been found to assume that
	54	the ASN1_STRING byte array will be NUL terminated, even though this is not
	55	guaranteed for strings that have been directly constructed. Where an application
	56	requests an ASN.1 structure to be printed, and where that ASN.1 structure
	57	contains ASN1_STRINGs that have been directly constructed by the application
	58	without NUL terminating the "data" field, then a read buffer overrun can occur.
	59
	60	The same thing can also occur during name constraints processing of certificates
	61	(for example if a certificate has been directly constructed by the application
	62	instead of loading it via the OpenSSL parsing functions, and the certificate
	63	contains non NUL terminated ASN1_STRING structures). It can also occur in the
	64	X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
	65
	66	If a malicious actor can cause an application to directly construct an
	67	ASN1_STRING and then process it through one of the affected OpenSSL functions
	68	then this issue could be hit. This might result in a crash (causing a Denial of
	69	Service attack). It could also result in the disclosure of private memory
	70	contents (such as private keys, or sensitive plaintext).
	71	(CVE-2021-3712)
	72	[Matt Caswell]
8	73
9	74	Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
10	75

+7

-0

Configurations/10-main.conf less more

751	751	cxxflags => add("-mabi=64"),
752	752	perlasm_scheme => "64",
753	753	multilib => "64",
	754	},
	755
	756	# riscv64 below refers to contemporary RISCV Architecture
	757	# specifications,
	758	"linux64-riscv64" => {
	759	inherit_from => [ "linux-generic64"],
	760	perlasm_scheme => "linux64",
754	761	},
755	762
756	763	#### IA-32 targets...

+55

-35

Configurations/15-android.conf less more

28	28	$ndk = $ENV{$ndk_var};
29	29	last if defined $ndk;
30	30	}
31		die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
32		if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
33		# $ndk/platforms is traditional "all-inclusive" NDK, while
34		# $ndk/AndroidVersion.txt is so-called standalone toolchain
35		# tailored for specific target down to API level.
	31	die "\$ANDROID_NDK_HOME is not defined" if (!$ndk);
	32	my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
	33	my $ndk_src_props = "$ndk/source.properties";
	34	my $is_ndk = -f $ndk_src_props;
	35	if ($is_ndk == $is_standalone_toolchain) {
36	36	die "\$ANDROID_NDK_HOME=$ndk is invalid";
37	37	}
38	38	$ndk = canonpath($ndk);
39	39
40	40	my $ndkver = undef;
41	41
42		if (open my $fh, "<$ndk/source.properties") {
	42	if (open my $fh, "<$ndk_src_props") {
43	43	local $_;
44	44	while(<$fh>) {
45	45	if (m\|Pkg\.Revision\s=\s([0-9]+)\|) {

58	58	if ($sysroot = $ENV{CROSS_SYSROOT}) {
59	59	$sysroot =~ m\|/android-([0-9]+)/arch-(\w+)/?$\|;
60	60	($api, $arch) = ($1, $2);
61		} elsif (-f "$ndk/AndroidVersion.txt") {
	61	} elsif ($is_standalone_toolchain) {
62	62	$sysroot = "$ndk/sysroot";
63	63	} else {
64	64	$api = "*";

71	71	}
72	72	}
73	73
74		# list available platforms (numerically)
75		my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
76		$b =~ m/-([0-9]+)$/; $aa <=> $1;
77		} glob("$ndk/platforms/android-$api");
78		die "no $ndk/platforms/android-$api" if ($#platforms < 0);
79
80		$sysroot = "@platforms[$#platforms]/arch-$arch";
81		$sysroot =~ m\|/android-([0-9]+)/arch-$arch\|;
82		$api = $1;
83		}
84		die "no sysroot=$sysroot" if (!-d $sysroot);
	74	if (-d "$ndk/platforms") {
	75	# list available platforms (numerically)
	76	my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
	77	$b =~ m/-([0-9]+)$/; $aa <=> $1;
	78	} glob("$ndk/platforms/android-$api");
	79	die "no $ndk/platforms/android-$api" if ($#platforms < 0);
	80
	81	$sysroot = "@platforms[$#platforms]/arch-$arch";
	82	$sysroot =~ m\|/android-([0-9]+)/arch-$arch\|;
	83	$api = $1;
	84	} elsif ($api eq "*") {
	85	# r22 Removed platforms dir, use this JSON file
	86	my $path = "$ndk/meta/platforms.json";
	87	open my $fh, $path or die "Could not open '$path' $!";
	88	while (<$fh>) {
	89	if (/"max": (\d+),/) {
	90	$api = $1;
	91	last;
	92	}
	93	}
	94	close $fh;
	95	}
	96	die "Could not get default API Level" if ($api eq "*");
	97	}
	98	die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
85	99
86	100	my $triarch = $triplet{$arch};
87	101	my $cflags;

94	108	my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
95	109	(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
96	110	(my $tritools = $triarch) =~ s/(?:x\|i6)86(_64)?-.*/x86$1/;
97		$cflags .= " -target $tridefault "
98		. "-gcc-toolchain \$($ndk_var)/toolchains"
99		. "/$tritools-4.9/prebuilt/$host";
100		$user{CC} = "clang" if ($user{CC} !~ m\|clang\|);
	111	if (length $sysroot) {
	112	$cflags .= " -target $tridefault "
	113	. "-gcc-toolchain \$($ndk_var)/toolchains"
	114	. "/$tritools-4.9/prebuilt/$host";
	115	$user{CC} = "clang" if ($user{CC} !~ m\|clang\|);
	116	} else {
	117	$user{CC} = "$tridefault$api-clang";
	118	}
101	119	$user{CROSS_COMPILE} = undef;
102	120	if (which("llvm-ar") =~ m\|^$ndk/.*/prebuilt/([^/]+)/\|) {
103	121	$user{AR} = "llvm-ar";
104	122	$user{ARFLAGS} = [ "rs" ];
105	123	$user{RANLIB} = ":";
106	124	}
107		} elsif (-f "$ndk/AndroidVersion.txt") { #"standalone toolchain"
	125	} elsif ($is_standalone_toolchain) {
108	126	my $cc = $user{CC} // "clang";
109	127	# One can probably argue that both clang and gcc should be
110	128	# probed, but support for "standalone toolchain" was added

126	144	$user{CROSS_COMPILE} = "$triarch-";
127	145	}
128	146
129		if (!-d "$sysroot/usr/include") {
130		my $incroot = "$ndk/sysroot/usr/include";
131		die "no $incroot" if (!-d $incroot);
132		die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
133		$incroot =~ s\|^$ndk/\|\|;
134		$cppflags = "-D__ANDROID_API__=$api";
135		$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
136		$cppflags .= " -isystem \$($ndk_var)/$incroot";
137		}
138
139		$sysroot =~ s\|^$ndk/\|\|;
	147	if (length $sysroot) {
	148	if (!-d "$sysroot/usr/include") {
	149	my $incroot = "$ndk/sysroot/usr/include";
	150	die "no $incroot" if (!-d $incroot);
	151	die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
	152	$incroot =~ s\|^$ndk/\|\|;
	153	$cppflags = "-D__ANDROID_API__=$api";
	154	$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
	155	$cppflags .= " -isystem \$($ndk_var)/$incroot";
	156	}
	157	$sysroot =~ s\|^$ndk/\|\|;
	158	$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
	159	}
140	160	$android_ndk = {
141		cflags => "$cflags --sysroot=\$($ndk_var)/$sysroot",
	161	cflags => $cflags . $sysroot,
142	162	cppflags => $cppflags,
143	163	bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
144	164	: "BN_LLONG",

+0

-1

Configurations/unix-Makefile.tmpl less more

522	522	$(RM) -r test/test-runs
523	523	$(RM) openssl.pc libcrypto.pc libssl.pc
524	524	-$(RM) `find . -type l \! -name '.*' -print`
525		$(RM) $(TARFILE)
526	525
527	526	distclean: clean
528	527	$(RM) configdata.pm

+13

-13

Configurations/windows-makefile.tmpl less more

323	323	# Convenience target to prebuild all generated files, not just the mandatory
324	324	# ones
325	325	build_all_generated: $(GENERATED_MANDATORY) $(GENERATED)
326		@{- output_off() if $disabled{makedepend}; "" -}
	326	@{- output_off() if $disabled{makedepend}; "\@rem" -}
327	327	@$(ECHO) "Warning: consider configuring with no-makedepend, because if"
328	328	@$(ECHO) " target system doesn't have $(PERL),"
329	329	@$(ECHO) " then make will fail..."
330		@{- output_on() if $disabled{makedepend}; "" -}
	330	@{- output_on() if $disabled{makedepend}; "\@rem" -}
331	331
332	332	test: tests
333	333	{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep
334		@{- output_off() if $disabled{tests}; "" -}
	334	@{- output_off() if $disabled{tests}; "\@rem" -}
335	335	-mkdir $(BLDDIR)\test\test-runs
336	336	set SRCTOP=$(SRCDIR)
337	337	set BLDTOP=$(BLDDIR)

340	340	set OPENSSL_ENGINES=$(MAKEDIR)\engines
341	341	set OPENSSL_DEBUG_MEMORY=on
342	342	"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
343		@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
	343	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
344	344	@$(ECHO) "Tests are not supported with your chosen Configure options"
345		@{- output_on() if !$disabled{tests}; "" -}
	345	@{- output_on() if !$disabled{tests}; "\@rem" -}
346	346
347	347	list-tests:
348		@{- output_off() if $disabled{tests}; "" -}
	348	@{- output_off() if $disabled{tests}; "\@rem" -}
349	349	@set SRCTOP=$(SRCDIR)
350	350	@"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list
351		@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
	351	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "\@rem" -}
352	352	@$(ECHO) "Tests are not supported with your chosen Configure options"
353		@{- output_on() if !$disabled{tests}; "" -}
	353	@{- output_on() if !$disabled{tests}; "\@rem" -}
354	354
355	355	install: install_sw install_ssldirs install_docs
356	356

361	361	-del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb
362	362
363	363	clean: libclean
364		{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -}
	364	{- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) \|\| "\@rem" -}
365	365	-del /Q /F $(ENGINES)
366	366	-del /Q /F $(SCRIPTS)
367	367	-del /Q /F $(GENERATED_MANDATORY)

377	377	-del /Q /F makefile
378	378
379	379	depend:
380		@ {- output_off() if $disabled{makedepend}; "" -}
	380	@ {- output_off() if $disabled{makedepend}; "\@rem" -}
381	381	@ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC"
382		@ {- output_on() if $disabled{makedepend}; "" -}
	382	@ {- output_on() if $disabled{makedepend}; "\@rem" -}
383	383
384	384	# Install helper targets #############################################
385	385

412	412	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
413	413	@$(ECHO) "*** Installing development files"
414	414	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
415		@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
	415	@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
416	416	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
417	417	"$(INSTALLTOP)\include\openssl"
418		@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
	418	@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "\@rem" -}
419	419	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
420	420	"$(SRCDIR)\include\openssl\*.h" \
421	421	"$(INSTALLTOP)\include\openssl"

+5

-0

NEWS less more

3	3
4	4	This file gives a brief overview of the major changes between each OpenSSL
5	5	release. For more details please read the CHANGES file.
	6
	7	Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
	8
	9	o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
	10	o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
6	11
7	12	Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
8	13

+1

-1

README less more

0	0
1		OpenSSL 1.1.1k 25 Mar 2021
	1	OpenSSL 1.1.1l 24 Aug 2021
2	2
3	3	Copyright (c) 1998-2021 The OpenSSL Project
4	4	Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

+11

-9

apps/crl2p7.c less more

0	0	/*
1		* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

119	119
120	120	if (!ASN1_INTEGER_set(p7s->version, 1))
121	121	goto end;
122		if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
123		goto end;
124		p7s->crl = crl_stack;
	122
125	123	if (crl != NULL) {
	124	if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
	125	goto end;
	126	p7s->crl = crl_stack;
126	127	sk_X509_CRL_push(crl_stack, crl);
127	128	crl = NULL; /* now part of p7 for OPENSSL_freeing */
128	129	}
129	130
130		if ((cert_stack = sk_X509_new_null()) == NULL)
131		goto end;
132		p7s->cert = cert_stack;
133
134		if (certflst != NULL)
	131	if (certflst != NULL) {
	132	if ((cert_stack = sk_X509_new_null()) == NULL)
	133	goto end;
	134	p7s->cert = cert_stack;
	135
135	136	for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
136	137	certfile = sk_OPENSSL_STRING_value(certflst, i);
137	138	if (add_certs_from_file(cert_stack, certfile) < 0) {

140	141	goto end;
141	142	}
142	143	}
	144	}
143	145
144	146	out = bio_open_default(outfile, 'w', outformat);
145	147	if (out == NULL)

+2

-2

apps/enc.c less more

0	0	/*
1		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

80	80	{"", OPT_CIPHER, '-', "Any supported cipher"},
81	81	OPT_R_OPTIONS,
82	82	#ifdef ZLIB
83		{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
	83	{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
84	84	#endif
85	85	#ifndef OPENSSL_NO_ENGINE
86	86	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},

+12

-1

apps/s_server.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
3	3	* Copyright 2005 Nokia. All rights reserved.
4	4	*

132	132
133	133	if (s_debug)
134	134	BIO_printf(bio_s_out, "psk_server_cb\n");
	135
	136	if (SSL_version(ssl) >= TLS1_3_VERSION) {
	137	/*
	138	* This callback is designed for use in TLSv1.2. It is possible to use
	139	* a single callback for all protocol versions - but it is preferred to
	140	* use a dedicated callback for TLSv1.3. For TLSv1.3 we have
	141	* psk_find_session_cb.
	142	*/
	143	return 0;
	144	}
	145
135	146	if (identity == NULL) {
136	147	BIO_printf(bio_err, "Error: client did not send PSK identity\n");
137	148	goto out_err;

+11

-1

apps/s_socket.c less more

0	0	/*
1		* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

213	213	const BIO_ADDRINFO *next;
214	214	int sock_family, sock_type, sock_protocol, sock_port;
215	215	const BIO_ADDR *sock_address;
	216	int sock_family_fallback = AF_UNSPEC;
	217	const BIO_ADDR *sock_address_fallback = NULL;
216	218	int sock_options = BIO_SOCK_REUSEADDR;
217	219	int ret = 0;
218	220

243	245	&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
244	246	if (sock_family == AF_INET
245	247	&& BIO_ADDRINFO_family(next) == AF_INET6) {
	248	/* In case AF_INET6 is returned but not supported by the
	249	* kernel, retry with the first detected address family */
	250	sock_family_fallback = sock_family;
	251	sock_address_fallback = sock_address;
246	252	sock_family = AF_INET6;
247	253	sock_address = BIO_ADDRINFO_address(next);
248	254	} else if (sock_family == AF_INET6

252	258	}
253	259
254	260	asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
	261	if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
	262	asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
	263	sock_address = sock_address_fallback;
	264	}
255	265	if (asock == INVALID_SOCKET
256	266	\|\| !BIO_listen(asock, sock_address, sock_options)) {
257	267	BIO_ADDRINFO_free(res);

+15

-0

crypto/armcap.c less more

67	67	# include <sys/auxv.h>
68	68	# define OSSL_IMPLEMENT_GETAUXVAL
69	69	# endif
	70	# elif defined(__ANDROID_API__)
	71	/* see https://developer.android.google.cn/ndk/guides/cpu-features */
	72	# if __ANDROID_API__ >= 18
	73	# include <sys/auxv.h>
	74	# define OSSL_IMPLEMENT_GETAUXVAL
	75	# endif
70	76	# endif
71	77	# if defined(__FreeBSD__)
72	78	# include <sys/param.h>

85	91	}
86	92	# endif
87	93	# endif
	94
	95	/*
	96	* Android: according to https://developer.android.com/ndk/guides/cpu-features,
	97	* getauxval is supported starting with API level 18
	98	*/
	99	# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
	100	# include <sys/auxv.h>
	101	# define OSSL_IMPLEMENT_GETAUXVAL
	102	# endif
88	103
89	104	/*
90	105	* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas

+9

-6

crypto/asn1/a_object.c less more

0	0	/*
1		* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

285	285	}
286	286	}
287	287
288		/*
289		* only the ASN1_OBJECTs from the 'table' will have values for ->sn or
290		* ->ln
291		*/
292	288	if ((a == NULL) \|\| ((*a) == NULL) \|\|
293	289	!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
294	290	if ((ret = ASN1_OBJECT_new()) == NULL)
295	291	return NULL;
296		} else
	292	} else {
297	293	ret = (*a);
	294	}
298	295
299	296	p = *pp;
300	297	/* detach data from object */

312	309	ret->flags \|= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
313	310	}
314	311	memcpy(data, p, length);
	312	/* If there are dynamic strings, free them here, and clear the flag */
	313	if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
	314	OPENSSL_free((char *)ret->sn);
	315	OPENSSL_free((char *)ret->ln);
	316	ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
	317	}
315	318	/* reattach data to object, after which it remains const */
316	319	ret->data = data;
317	320	ret->length = length;

+3

-1

crypto/asn1/a_strex.c less more

0	0	/*
1		* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

279	279	t.type = str->type;
280	280	t.value.ptr = (char *)str;
281	281	der_len = i2d_ASN1_TYPE(&t, NULL);
	282	if (der_len <= 0)
	283	return -1;
282	284	if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
283	285	ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
284	286	return -1;

+12

-2

crypto/asn1/asn1_lib.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

291	291	}
292	292	if ((size_t)str->length <= len \|\| str->data == NULL) {
293	293	c = str->data;
	294	#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
	295	/* No NUL terminator in fuzzing builds */
	296	str->data = OPENSSL_realloc(c, len);
	297	#else
294	298	str->data = OPENSSL_realloc(c, len + 1);
	299	#endif
295	300	if (str->data == NULL) {
296	301	ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
297	302	str->data = c;

301	306	str->length = len;
302	307	if (data != NULL) {
303	308	memcpy(str->data, data, len);
304		/* an allowance for strings :-) */
	309	#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
	310	/*
	311	* Add a NUL terminator. This should not be necessary - but we add it as
	312	* a safety precaution
	313	*/
305	314	str->data[len] = '\0';
	315	#endif
306	316	}
307	317	return 1;
308	318	}

+6

-1

crypto/asn1/bio_asn1.c less more

0	0	/*
1		* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

137	137	if (ctx == NULL)
138	138	return 0;
139	139
	140	if (ctx->prefix_free != NULL)
	141	ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
	142	if (ctx->suffix_free != NULL)
	143	ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
	144
140	145	OPENSSL_free(ctx->buf);
141	146	OPENSSL_free(ctx);
142	147	BIO_set_data(b, NULL);

+3

-0

crypto/asn1/bio_ndef.c less more

141	141
142	142	ndef_aux = (NDEF_SUPPORT *)parg;
143	143
	144	if (ndef_aux == NULL)
	145	return 0;
	146
144	147	OPENSSL_free(ndef_aux->derbuf);
145	148
146	149	ndef_aux->derbuf = NULL;

+50

-23

crypto/asn1/d2i_pr.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

77	77	* type
78	78	*/
79	79
	80	static EVP_PKEY key_as_pkcs8(const unsigned char pp, long length, int carry_on)
	81	{
	82	const unsigned char p = pp;
	83	PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
	84	EVP_PKEY *ret;
	85
	86	if (p8 == NULL)
	87	return NULL;
	88
	89	ret = EVP_PKCS82PKEY(p8);
	90	if (ret == NULL)
	91	*carry_on = 0;
	92
	93	PKCS8_PRIV_KEY_INFO_free(p8);
	94
	95	if (ret != NULL)
	96	*pp = p;
	97
	98	return ret;
	99	}
	100
80	101	EVP_PKEY d2i_AutoPrivateKey(EVP_PKEY a, const unsigned char *pp,
81	102	long length)
82	103	{
83	104	STACK_OF(ASN1_TYPE) *inkey;
84	105	const unsigned char *p;
85	106	int keytype;
	107	EVP_PKEY *ret = NULL;
	108	int carry_on = 1;
	109
	110	ERR_set_mark();
	111	ret = key_as_pkcs8(pp, length, &carry_on);
	112	if (ret != NULL) {
	113	ERR_clear_last_mark();
	114	if (a != NULL)
	115	*a = ret;
	116	return ret;
	117	}
	118
	119	if (carry_on == 0) {
	120	ERR_clear_last_mark();
	121	ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
	122	ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
	123	return NULL;
	124	}
86	125	p = *pp;
	126
87	127	/*
88	128	* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
89	129	* analyzing it we can determine the passed structure: this assumes the

99	139	keytype = EVP_PKEY_DSA;
100	140	else if (sk_ASN1_TYPE_num(inkey) == 4)
101	141	keytype = EVP_PKEY_EC;
102		else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
103		* traditional format */
104		PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
105		EVP_PKEY *ret;
106
107		sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
108		if (!p8) {
109		ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
110		ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
111		return NULL;
112		}
113		ret = EVP_PKCS82PKEY(p8);
114		PKCS8_PRIV_KEY_INFO_free(p8);
115		if (ret == NULL)
116		return NULL;
117		*pp = p;
118		if (a) {
119		*a = ret;
120		}
121		return ret;
122		} else
	142	else
123	143	keytype = EVP_PKEY_RSA;
124	144	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
125		return d2i_PrivateKey(keytype, a, pp, length);
	145
	146	ret = d2i_PrivateKey(keytype, a, pp, length);
	147	if (ret != NULL)
	148	ERR_pop_to_mark();
	149	else
	150	ERR_clear_last_mark();
	151
	152	return ret;
126	153	}

+2

-2

crypto/asn1/t_spki.c less more

0	0	/*
1		* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

37	37	}
38	38	chal = spki->spkac->challenge;
39	39	if (chal->length)
40		BIO_printf(out, " Challenge String: %s\n", chal->data);
	40	BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
41	41	i = OBJ_obj2nid(spki->sig_algor.algorithm);
42	42	BIO_printf(out, " Signature Algorithm: %s",
43	43	(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));

+2

-2

crypto/bio/b_addr.c less more

0	0	/*
1		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

688	688	hints.ai_protocol = protocol;
689	689	# ifdef AI_ADDRCONFIG
690	690	# ifdef AF_UNSPEC
691		if (family == AF_UNSPEC)
	691	if (host != NULL && family == AF_UNSPEC)
692	692	# endif
693	693	hints.ai_flags \|= AI_ADDRCONFIG;
694	694	# endif

+3

-2

crypto/bio/b_sock2.c less more

0	0	/*
1		* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

242	242	}
243	243	}
244	244
245		# ifdef IPV6_V6ONLY
	245	/* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
	246	# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
246	247	if (BIO_ADDR_family(addr) == AF_INET6) {
247	248	/*
248	249	* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.

+5

-4

crypto/bn/bn_div.c less more

0	0	/*
1		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

267	267	BIGNUM tmp, snum, sdiv, res;
268	268	BN_ULONG resp, wnum, *wnumtop;
269	269	BN_ULONG d0, d1;
270		int num_n, div_n;
	270	int num_n, div_n, num_neg;
271	271
272	272	assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
273	273

325	325	/* Setup quotient */
326	326	if (!bn_wexpand(res, loop))
327	327	goto err;
328		res->neg = (num->neg ^ divisor->neg);
	328	num_neg = num->neg;
	329	res->neg = (num_neg ^ divisor->neg);
329	330	res->top = loop;
330	331	res->flags \|= BN_FLG_FIXED_TOP;
331	332	resp = &(res->d[loop]);

441	442	*--resp = q;
442	443	}
443	444	/* snum holds remainder, it's as wide as divisor */
444		snum->neg = num->neg;
	445	snum->neg = num_neg;
445	446	snum->top = div_n;
446	447	snum->flags \|= BN_FLG_FIXED_TOP;
447	448	if (rm != NULL)

+43

-11

crypto/chacha/asm/chacha-x86_64.pl less more

0	0	#! /usr/bin/env perl
1		# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

470	470	&por ($b,$t);
471	471	}
472	472
473		my $xframe = $win64 ? 32+8 : 8;
	473	my $xframe = $win64 ? 160+8 : 8;
474	474
475	475	$code.=<<___;
476	476	.type ChaCha20_ssse3,\@function,5

2498	2498	&vprold ($b,$b,7);
2499	2499	}
2500	2500
2501		my $xframe = $win64 ? 32+8 : 8;
	2501	my $xframe = $win64 ? 160+8 : 8;
2502	2502
2503	2503	$code.=<<___;
2504	2504	.type ChaCha20_avx512,\@function,5

2514	2514	sub \$64+$xframe,%rsp
2515	2515	___
2516	2516	$code.=<<___ if ($win64);
2517		movaps %xmm6,-0x28(%r9)
2518		movaps %xmm7,-0x18(%r9)
	2517	movaps %xmm6,-0xa8(%r9)
	2518	movaps %xmm7,-0x98(%r9)
	2519	movaps %xmm8,-0x88(%r9)
	2520	movaps %xmm9,-0x78(%r9)
	2521	movaps %xmm10,-0x68(%r9)
	2522	movaps %xmm11,-0x58(%r9)
	2523	movaps %xmm12,-0x48(%r9)
	2524	movaps %xmm13,-0x38(%r9)
	2525	movaps %xmm14,-0x28(%r9)
	2526	movaps %xmm15,-0x18(%r9)
2519	2527	.Lavx512_body:
2520	2528	___
2521	2529	$code.=<<___;

2682	2690	vzeroall
2683	2691	___
2684	2692	$code.=<<___ if ($win64);
2685		movaps -0x28(%r9),%xmm6
2686		movaps -0x18(%r9),%xmm7
	2693	movaps -0xa8(%r9),%xmm6
	2694	movaps -0x98(%r9),%xmm7
	2695	movaps -0x88(%r9),%xmm8
	2696	movaps -0x78(%r9),%xmm9
	2697	movaps -0x68(%r9),%xmm10
	2698	movaps -0x58(%r9),%xmm11
	2699	movaps -0x48(%r9),%xmm12
	2700	movaps -0x38(%r9),%xmm13
	2701	movaps -0x28(%r9),%xmm14
	2702	movaps -0x18(%r9),%xmm15
2687	2703	___
2688	2704	$code.=<<___;
2689	2705	lea (%r9),%rsp

2710	2726	sub \$64+$xframe,%rsp
2711	2727	___
2712	2728	$code.=<<___ if ($win64);
2713		movaps %xmm6,-0x28(%r9)
2714		movaps %xmm7,-0x18(%r9)
	2729	movaps %xmm6,-0xa8(%r9)
	2730	movaps %xmm7,-0x98(%r9)
	2731	movaps %xmm8,-0x88(%r9)
	2732	movaps %xmm9,-0x78(%r9)
	2733	movaps %xmm10,-0x68(%r9)
	2734	movaps %xmm11,-0x58(%r9)
	2735	movaps %xmm12,-0x48(%r9)
	2736	movaps %xmm13,-0x38(%r9)
	2737	movaps %xmm14,-0x28(%r9)
	2738	movaps %xmm15,-0x18(%r9)
2715	2739	.Lavx512vl_body:
2716	2740	___
2717	2741	$code.=<<___;

2835	2859	vzeroall
2836	2860	___
2837	2861	$code.=<<___ if ($win64);
2838		movaps -0x28(%r9),%xmm6
2839		movaps -0x18(%r9),%xmm7
	2862	movaps -0xa8(%r9),%xmm6
	2863	movaps -0x98(%r9),%xmm7
	2864	movaps -0x88(%r9),%xmm8
	2865	movaps -0x78(%r9),%xmm9
	2866	movaps -0x68(%r9),%xmm10
	2867	movaps -0x58(%r9),%xmm11
	2868	movaps -0x48(%r9),%xmm12
	2869	movaps -0x38(%r9),%xmm13
	2870	movaps -0x28(%r9),%xmm14
	2871	movaps -0x18(%r9),%xmm15
2840	2872	___
2841	2873	$code.=<<___;
2842	2874	lea (%r9),%rsp

+9

-5

crypto/dsa/dsa_prn.c less more

0	0	/*
1		* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

48	48	EVP_PKEY *pk;
49	49	int ret;
50	50	pk = EVP_PKEY_new();
51		if (pk == NULL \|\| !EVP_PKEY_set1_DSA(pk, (DSA *)x))
	51	if (pk == NULL)
52	52	return 0;
53		ret = EVP_PKEY_print_private(bp, pk, off, NULL);
	53	ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
	54	if (ret)
	55	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
54	56	EVP_PKEY_free(pk);
55	57	return ret;
56	58	}

60	62	EVP_PKEY *pk;
61	63	int ret;
62	64	pk = EVP_PKEY_new();
63		if (pk == NULL \|\| !EVP_PKEY_set1_DSA(pk, (DSA *)x))
	65	if (pk == NULL)
64	66	return 0;
65		ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
	67	ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
	68	if (ret)
	69	ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
66	70	EVP_PKEY_free(pk);
67	71	return ret;
68	72	}

+34

-9

crypto/ec/ec2_oct.c less more

0	0	/*
1		* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use

246	246	ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
247	247	return 0;
248	248	}
249		form = buf[0];
250		y_bit = form & 1;
251		form = form & ~1U;
	249
	250	/*
	251	* The first octet is the point converison octet PC, see X9.62, page 4
	252	* and section 4.4.2. It must be:
	253	* 0x00 for the point at infinity
	254	* 0x02 or 0x03 for compressed form
	255	* 0x04 for uncompressed form
	256	* 0x06 or 0x07 for hybrid form.
	257	* For compressed or hybrid forms, we store the last bit of buf[0] as
	258	* y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
	259	* We error if buf[0] contains any but the above values.
	260	*/
	261	y_bit = buf[0] & 1;
	262	form = buf[0] & ~1U;
	263
252	264	if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
253	265	&& (form != POINT_CONVERSION_UNCOMPRESSED)
254	266	&& (form != POINT_CONVERSION_HYBRID)) {

260	272	return 0;
261	273	}
262	274
	275	/* The point at infinity is represented by a single zero octet. */
263	276	if (form == 0) {
264	277	if (len != 1) {
265	278	ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

311	324	goto err;
312	325	}
313	326	if (form == POINT_CONVERSION_HYBRID) {
314		if (!group->meth->field_div(group, yxi, y, x, ctx))
315		goto err;
316		if (y_bit != BN_is_odd(yxi)) {
317		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
318		goto err;
	327	/*
	328	* Check that the form in the encoding was set correctly
	329	* according to X9.62 4.4.2.a, 4(c), see also first paragraph
	330	* of X9.62, 4.4.1.b.
	331	*/
	332	if (BN_is_zero(x)) {
	333	if (y_bit != 0) {
	334	ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
	335	goto err;
	336	}
	337	} else {
	338	if (!group->meth->field_div(group, yxi, y, x, ctx))
	339	goto err;
	340	if (y_bit != BN_is_odd(yxi)) {
	341	ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
	342	goto err;
	343	}
319	344	}
320	345	}
321	346

+5

-2

crypto/ec/ec_asn1.c less more

0	0	/*
1		* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

760	760	ret->seed_len = params->curve->seed->length;
761	761	}
762	762
763		if (!params->order \|\| !params->base \|\| !params->base->data) {
	763	if (params->order == NULL
	764	\|\| params->base == NULL
	765	\|\| params->base->data == NULL
	766	\|\| params->base->length == 0) {
764	767	ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
765	768	goto err;
766	769	}

+5

-0

crypto/err/openssl.txt less more

1159	1159	SSL_F_FINAL_EMS:486:final_ems
1160	1160	SSL_F_FINAL_KEY_SHARE:503:final_key_share
1161	1161	SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
	1162	SSL_F_FINAL_PSK:639:final_psk
1162	1163	SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
1163	1164	SSL_F_FINAL_SERVER_NAME:558:final_server_name
1164	1165	SSL_F_FINAL_SIG_ALGS:497:final_sig_algs

1651	1652	X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
1652	1653	X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
1653	1654	X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
	1655	X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID
1654	1656	X509V3_F_LEVEL_ADD_NODE:168:level_add_node
1655	1657	X509V3_F_NOTICE_SECTION:132:notice_section
1656	1658	X509V3_F_NREF_NOS:133:nref_nos

1691	1693	X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
1692	1694	X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
1693	1695	X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
	1696	X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value
1694	1697	X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
1695	1698	X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
1696	1699	X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias

2740	2743	SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
2741	2744	SSL_R_MISSING_FATAL:256:missing fatal
2742	2745	SSL_R_MISSING_PARAMETERS:290:missing parameters
	2746	SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
2743	2747	SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
2744	2748	SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
2745	2749	SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert

2783	2787	SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
2784	2788	SSL_R_NULL_SSL_CTX:195:null ssl ctx
2785	2789	SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
	2790	SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
2786	2791	SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
2787	2792	SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
2788	2793	old session compression algorithm not returned

+100

-106

crypto/evp/e_aes.c less more

0	0	/*
1		* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

610	610	*/
611	611	void aes128_t4_cbc_encrypt(const unsigned char in, unsigned char out,
612	612	size_t len, const AES_KEY *key,
613		unsigned char *ivec);
	613	unsigned char ivec, int /unused*/);
614	614	void aes128_t4_cbc_decrypt(const unsigned char in, unsigned char out,
615	615	size_t len, const AES_KEY *key,
616		unsigned char *ivec);
	616	unsigned char ivec, int /unused*/);
617	617	void aes192_t4_cbc_encrypt(const unsigned char in, unsigned char out,
618	618	size_t len, const AES_KEY *key,
619		unsigned char *ivec);
	619	unsigned char ivec, int /unused*/);
620	620	void aes192_t4_cbc_decrypt(const unsigned char in, unsigned char out,
621	621	size_t len, const AES_KEY *key,
622		unsigned char *ivec);
	622	unsigned char ivec, int /unused*/);
623	623	void aes256_t4_cbc_encrypt(const unsigned char in, unsigned char out,
624	624	size_t len, const AES_KEY *key,
625		unsigned char *ivec);
	625	unsigned char ivec, int /unused*/);
626	626	void aes256_t4_cbc_decrypt(const unsigned char in, unsigned char out,
627	627	size_t len, const AES_KEY *key,
628		unsigned char *ivec);
	628	unsigned char ivec, int /unused*/);
629	629	void aes128_t4_ctr32_encrypt(const unsigned char in, unsigned char out,
630	630	size_t blocks, const AES_KEY *key,
631	631	unsigned char *ivec);

1167	1167	static int s390x_aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
1168	1168	const unsigned char *iv, int enc);
1169	1169
1170		# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
1171		# define S390X_aes_192_cbc_CAPABLE 1
1172		# define S390X_aes_256_cbc_CAPABLE 1
	1170	# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */
	1171	# define S390X_aes_192_cbc_CAPABLE 0
	1172	# define S390X_aes_256_cbc_CAPABLE 0
1173	1173	# define S390X_AES_CBC_CTX EVP_AES_KEY
1174	1174
1175	1175	# define s390x_aes_cbc_init_key aes_init_key

1189	1189	S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
1190	1190	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
1191	1191
1192		cctx->fc = S390X_AES_FC(keylen);
1193		if (!enc)
1194		cctx->fc \|= S390X_DECRYPT;
1195
1196		memcpy(cctx->km.param.k, key, keylen);
	1192	cctx->fc = S390X_AES_FC(keylen) \| (enc ? 0 : S390X_DECRYPT);
	1193
	1194	if (key != NULL)
	1195	memcpy(cctx->km.param.k, key, keylen);
	1196
1197	1197	return 1;
1198	1198	}
1199	1199

1221	1221	const unsigned char *ivec, int enc)
1222	1222	{
1223	1223	S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
1224		const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
	1224	const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
1225	1225	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
1226	1226	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
1227	1227
1228		memcpy(cctx->kmo.param.cv, iv, ivlen);
1229		memcpy(cctx->kmo.param.k, key, keylen);
1230	1228	cctx->fc = S390X_AES_FC(keylen);
	1229
	1230	if (key != NULL)
	1231	memcpy(cctx->kmo.param.k, key, keylen);
	1232
1231	1233	cctx->res = 0;
	1234	memcpy(cctx->kmo.param.cv, oiv, ivlen);
1232	1235	return 1;
1233	1236	}
1234	1237

1236	1239	const unsigned char *in, size_t len)
1237	1240	{
1238	1241	S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
	1242	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
	1243	unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1239	1244	int n = cctx->res;
1240	1245	int rem;
1241	1246
	1247	memcpy(cctx->kmo.param.cv, iv, ivlen);
1242	1248	while (n && len) {
1243	1249	out = in ^ cctx->kmo.param.cv[n];
1244	1250	n = (n + 1) & 0xf;

1267	1273	}
1268	1274	}
1269	1275
	1276	memcpy(iv, cctx->kmo.param.cv, ivlen);
1270	1277	cctx->res = n;
1271	1278	return 1;
1272	1279	}

1286	1293	const unsigned char *ivec, int enc)
1287	1294	{
1288	1295	S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1289		const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
	1296	const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
1290	1297	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
1291	1298	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
1292	1299
1293		cctx->fc = S390X_AES_FC(keylen);
1294		cctx->fc \|= 16 << 24; /* 16 bytes cipher feedback */
1295		if (!enc)
1296		cctx->fc \|= S390X_DECRYPT;
	1300	cctx->fc = S390X_AES_FC(keylen) \| (enc ? 0 : S390X_DECRYPT)
	1301	\| (16 << 24); /* 16 bytes cipher feedback */
	1302
	1303	if (key != NULL)
	1304	memcpy(cctx->kmf.param.k, key, keylen);
1297	1305
1298	1306	cctx->res = 0;
1299		memcpy(cctx->kmf.param.cv, iv, ivlen);
1300		memcpy(cctx->kmf.param.k, key, keylen);
	1307	memcpy(cctx->kmf.param.cv, oiv, ivlen);
1301	1308	return 1;
1302	1309	}
1303	1310

1307	1314	S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1308	1315	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
1309	1316	const int enc = EVP_CIPHER_CTX_encrypting(ctx);
	1317	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
	1318	unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
1310	1319	int n = cctx->res;
1311	1320	int rem;
1312	1321	unsigned char tmp;
1313	1322
	1323	memcpy(cctx->kmf.param.cv, iv, ivlen);
1314	1324	while (n && len) {
1315	1325	tmp = *in;
1316	1326	*out = cctx->kmf.param.cv[n] ^ tmp;

1343	1353	}
1344	1354	}
1345	1355
	1356	memcpy(iv, cctx->kmf.param.cv, ivlen);
1346	1357	cctx->res = n;
1347	1358	return 1;
1348	1359	}

1359	1370	const unsigned char *ivec, int enc)
1360	1371	{
1361	1372	S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1362		const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
	1373	const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
1363	1374	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
1364	1375	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
1365	1376
1366		cctx->fc = S390X_AES_FC(keylen);
1367		cctx->fc \|= 1 << 24; /* 1 byte cipher feedback */
1368		if (!enc)
1369		cctx->fc \|= S390X_DECRYPT;
1370
1371		memcpy(cctx->kmf.param.cv, iv, ivlen);
1372		memcpy(cctx->kmf.param.k, key, keylen);
	1377	cctx->fc = S390X_AES_FC(keylen) \| (enc ? 0 : S390X_DECRYPT)
	1378	\| (1 << 24); /* 1 byte cipher feedback flag */
	1379
	1380	if (key != NULL)
	1381	memcpy(cctx->kmf.param.k, key, keylen);
	1382
	1383	cctx->res = 0;
	1384	memcpy(cctx->kmf.param.cv, oiv, ivlen);
1373	1385	return 1;
1374	1386	}
1375	1387

1377	1389	const unsigned char *in, size_t len)
1378	1390	{
1379	1391	S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
1380
	1392	const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
	1393	unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
	1394
	1395	memcpy(cctx->kmf.param.cv, iv, ivlen);
1381	1396	s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
	1397	memcpy(iv, cctx->kmf.param.cv, ivlen);
1382	1398	return 1;
1383	1399	}
1384	1400

1392	1408	static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX ctx, unsigned char out,
1393	1409	const unsigned char *in, size_t len);
1394	1410
1395		# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
1396		# define S390X_aes_192_ctr_CAPABLE 1
1397		# define S390X_aes_256_ctr_CAPABLE 1
	1411	# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */
	1412	# define S390X_aes_192_ctr_CAPABLE 0
	1413	# define S390X_aes_256_ctr_CAPABLE 0
1398	1414	# define S390X_AES_CTR_CTX EVP_AES_KEY
1399	1415
1400	1416	# define s390x_aes_ctr_init_key aes_init_key

1562	1578	/*-
1563	1579	* Initialize context structure. Code is big-endian.
1564	1580	*/
1565		static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
1566		const unsigned char *iv)
	1581	static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
1567	1582	{
1568	1583	ctx->kma.param.t.g[0] = 0;
1569	1584	ctx->kma.param.t.g[1] = 0;

1574	1589	ctx->kreslen = 0;
1575	1590
1576	1591	if (ctx->ivlen == 12) {
1577		memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
	1592	memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
1578	1593	ctx->kma.param.j0.w[3] = 1;
1579	1594	ctx->kma.param.cv.w = 1;
1580	1595	} else {
1581	1596	/* ctx->iv has the right size and is already padded. */
1582		memcpy(ctx->iv, iv, ctx->ivlen);
1583	1597	s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
1584	1598	ctx->fc, &ctx->kma.param);
1585	1599	ctx->fc \|= S390X_KMA_HS;

1693	1707	if (gctx->iv_gen == 0 \|\| gctx->key_set == 0)
1694	1708	return 0;
1695	1709
1696		s390x_aes_gcm_setiv(gctx, gctx->iv);
	1710	s390x_aes_gcm_setiv(gctx);
1697	1711
1698	1712	if (arg <= 0 \|\| arg > gctx->ivlen)
1699	1713	arg = gctx->ivlen;

1713	1727	return 0;
1714	1728
1715	1729	memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
1716		s390x_aes_gcm_setiv(gctx, gctx->iv);
	1730	s390x_aes_gcm_setiv(gctx);
1717	1731	gctx->iv_set = 1;
1718	1732	return 1;
1719	1733

1769	1783	}
1770	1784
1771	1785	/*-
1772		* Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
	1786	* Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
1773	1787	*/
1774	1788	static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
1775	1789	const unsigned char *key,
1776	1790	const unsigned char *iv, int enc)
1777	1791	{
1778	1792	S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
1779		int keylen;
1780
1781		if (iv == NULL && key == NULL)
1782		return 1;
	1793	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
	1794
	1795	gctx->fc = S390X_AES_FC(keylen) \| (enc ? 0 : S390X_DECRYPT);
1783	1796
1784	1797	if (key != NULL) {
1785		keylen = EVP_CIPHER_CTX_key_length(ctx);
	1798	gctx->fc &= ~S390X_KMA_HS;
1786	1799	memcpy(&gctx->kma.param.k, key, keylen);
1787
1788		gctx->fc = S390X_AES_FC(keylen);
1789		if (!enc)
1790		gctx->fc \|= S390X_DECRYPT;
1791
1792		if (iv == NULL && gctx->iv_set)
1793		iv = gctx->iv;
1794
1795		if (iv != NULL) {
1796		s390x_aes_gcm_setiv(gctx, iv);
1797		gctx->iv_set = 1;
1798		}
1799	1800	gctx->key_set = 1;
1800		} else {
1801		if (gctx->key_set)
1802		s390x_aes_gcm_setiv(gctx, iv);
1803		else
1804		memcpy(gctx->iv, iv, gctx->ivlen);
1805
	1801	}
	1802
	1803	if (iv != NULL) {
	1804	memcpy(gctx->iv, iv, gctx->ivlen);
	1805	gctx->iv_gen = 0;
1806	1806	gctx->iv_set = 1;
1807		gctx->iv_gen = 0;
1808		}
	1807	}
	1808
	1809	if (gctx->key_set && gctx->iv_set)
	1810	s390x_aes_gcm_setiv(gctx);
	1811
	1812	gctx->fc &= ~(S390X_KMA_LPC \| S390X_KMA_LAAD);
	1813	gctx->areslen = 0;
	1814	gctx->mreslen = 0;
	1815	gctx->kreslen = 0;
1809	1816	return 1;
1810	1817	}
1811	1818

1894	1901	/* recall that we already did en-/decrypt gctx->mres
1895	1902	* and returned it to caller... */
1896	1903	OPENSSL_cleanse(tmp, gctx->mreslen);
1897		gctx->iv_set = 0;
1898	1904
1899	1905	enc = EVP_CIPHER_CTX_encrypting(ctx);
1900	1906	if (enc) {

1928	1934	}
1929	1935
1930	1936	# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
1931		# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
1932		# define S390X_aes_256_xts_CAPABLE 1
	1937	# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */
	1938	# define S390X_aes_256_xts_CAPABLE 0
1933	1939
1934	1940	# define s390x_aes_xts_init_key aes_xts_init_key
1935	1941	static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,

2133	2139	const unsigned char *in, size_t len)
2134	2140	{
2135	2141	S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
2136		unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
	2142	const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
2137	2143	unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
2138	2144	const int enc = EVP_CIPHER_CTX_encrypting(ctx);
	2145	unsigned char iv[EVP_MAX_IV_LENGTH];
2139	2146
2140	2147	if (out != in
2141	2148	\|\| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))

2151	2158	* Get explicit iv (sequence number). We already have fixed iv
2152	2159	* (server/client_write_iv) here.
2153	2160	*/
2154		memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
2155		s390x_aes_ccm_setiv(cctx, ivec, len);
	2161	memcpy(iv, ivec, sizeof(iv));
	2162	memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
	2163	s390x_aes_ccm_setiv(cctx, iv, len);
2156	2164
2157	2165	/* Process aad (sequence number\|type\|version\|length) */
2158	2166	s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);

2179	2187	}
2180	2188
2181	2189	/*-
2182		* Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
2183		* returned.
	2190	* Set key or iv or enc/dec. Returns 1 if successful.
	2191	* Otherwise 0 is returned.
2184	2192	*/
2185	2193	static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
2186	2194	const unsigned char *key,
2187	2195	const unsigned char *iv, int enc)
2188	2196	{
2189	2197	S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
2190		unsigned char *ivec;
2191		int keylen;
2192
2193		if (iv == NULL && key == NULL)
2194		return 1;
	2198	const int keylen = EVP_CIPHER_CTX_key_length(ctx);
	2199	unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
	2200
	2201	cctx->aes.ccm.fc = S390X_AES_FC(keylen);
2195	2202
2196	2203	if (key != NULL) {
2197		keylen = EVP_CIPHER_CTX_key_length(ctx);
2198		cctx->aes.ccm.fc = S390X_AES_FC(keylen);
2199	2204	memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
2200
2201		/* Store encoded m and l. */
2202		cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
2203		\| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
2204		memset(cctx->aes.ccm.nonce.b + 1, 0,
2205		sizeof(cctx->aes.ccm.nonce.b));
2206		cctx->aes.ccm.blocks = 0;
2207
2208	2205	cctx->aes.ccm.key_set = 1;
2209	2206	}
2210
2211	2207	if (iv != NULL) {
2212		ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
2213	2208	memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
2214
2215	2209	cctx->aes.ccm.iv_set = 1;
2216	2210	}
2217	2211
	2212	/* Store encoded m and l. */
	2213	cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
	2214	\| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
	2215	memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
	2216
	2217	cctx->aes.ccm.blocks = 0;
	2218	cctx->aes.ccm.len_set = 0;
2218	2219	return 1;
2219	2220	}
2220	2221

2229	2230	{
2230	2231	S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
2231	2232	const int enc = EVP_CIPHER_CTX_encrypting(ctx);
	2233	const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
	2234	unsigned char *buf;
2232	2235	int rv;
2233		unsigned char buf, ivec;
2234	2236
2235	2237	if (!cctx->aes.ccm.key_set)
2236	2238	return -1;

2252	2254	if (out == NULL) {
2253	2255	/* Update(): Pass message length. */
2254	2256	if (in == NULL) {
2255		ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
2256	2257	s390x_aes_ccm_setiv(cctx, ivec, len);
2257	2258
2258	2259	cctx->aes.ccm.len_set = 1;

2278	2279	* In case message length was not previously set explicitly via
2279	2280	* Update(), set it now.
2280	2281	*/
2281		ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
2282	2282	s390x_aes_ccm_setiv(cctx, ivec, len);
2283	2283
2284	2284	cctx->aes.ccm.len_set = 1;

2303	2303	if (rv == -1)
2304	2304	OPENSSL_cleanse(out, len);
2305	2305
2306		cctx->aes.ccm.iv_set = 0;
2307		cctx->aes.ccm.tag_set = 0;
2308		cctx->aes.ccm.len_set = 0;
2309	2306	return rv;
2310	2307	}
2311	2308	}

2413	2410	return 0;
2414	2411
2415	2412	memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
2416		cctx->aes.ccm.tag_set = 0;
2417		cctx->aes.ccm.iv_set = 0;
2418		cctx->aes.ccm.len_set = 0;
2419	2413	return 1;
2420	2414
2421	2415	case EVP_CTRL_COPY:

2452	2446	nid##_##keylen##_##nmode,blocksize, \
2453	2447	keylen / 8, \
2454	2448	ivlen, \
2455		flags \| EVP_CIPH_##MODE##_MODE, \
	2449	flags \| EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_##MODE##_MODE, \
2456	2450	s390x_aes_##mode##_init_key, \
2457	2451	s390x_aes_##mode##_cipher, \
2458	2452	NULL, \

2489	2483	blocksize, \
2490	2484	(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
2491	2485	ivlen, \
2492		flags \| EVP_CIPH_##MODE##_MODE, \
	2486	flags \| EVP_CIPH_ALWAYS_CALL_INIT \| EVP_CIPH_##MODE##_MODE, \
2493	2487	s390x_aes_##mode##_init_key, \
2494	2488	s390x_aes_##mode##_cipher, \
2495	2489	s390x_aes_##mode##_cleanup, \

+5

-5

crypto/evp/e_camellia.c less more

0	0	/*
1		* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

54	54
55	55	void cmll128_t4_cbc_encrypt(const unsigned char in, unsigned char out,
56	56	size_t len, const CAMELLIA_KEY *key,
57		unsigned char *ivec);
	57	unsigned char ivec, int /unused*/);
58	58	void cmll128_t4_cbc_decrypt(const unsigned char in, unsigned char out,
59	59	size_t len, const CAMELLIA_KEY *key,
60		unsigned char *ivec);
	60	unsigned char ivec, int /unused*/);
61	61	void cmll256_t4_cbc_encrypt(const unsigned char in, unsigned char out,
62	62	size_t len, const CAMELLIA_KEY *key,
63		unsigned char *ivec);
	63	unsigned char ivec, int /unused*/);
64	64	void cmll256_t4_cbc_decrypt(const unsigned char in, unsigned char out,
65	65	size_t len, const CAMELLIA_KEY *key,
66		unsigned char *ivec);
	66	unsigned char ivec, int /unused*/);
67	67	void cmll128_t4_ctr32_encrypt(const unsigned char in, unsigned char out,
68	68	size_t blocks, const CAMELLIA_KEY *key,
69	69	unsigned char *ivec);

+3

-2

crypto/hmac/hm_ameth.c less more

0	0	/*
1		* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

46	46
47	47	static int hmac_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
48	48	{
49		return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
	49	/* the ameth pub_cmp must return 1 on match, 0 on mismatch */
	50	return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
50	51	}
51	52
52	53	static int hmac_set_priv_key(EVP_PKEY pkey, const unsigned char priv,

+2

-2

crypto/pkcs12/p12_key.c less more

0	0	/*
1		* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

100	100	#endif
101	101	v = EVP_MD_block_size(md_type);
102	102	u = EVP_MD_size(md_type);
103		if (u < 0 \|\| v <= 0)
	103	if (u <= 0 \|\| v <= 0)
104	104	goto err;
105	105	D = OPENSSL_malloc(v);
106	106	Ai = OPENSSL_malloc(u);

+2

-2

crypto/poly1305/poly1305_ameth.c less more

0	0	/*
1		* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

42	42
43	43	static int poly1305_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
44	44	{
45		return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
	45	return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
46	46	}
47	47
48	48	static int poly1305_set_priv_key(EVP_PKEY pkey, const unsigned char priv,

+6

-0

crypto/ppccap.c less more

210	210	# if __GLIBC_PREREQ(2, 16)
211	211	# include <sys/auxv.h>
212	212	# define OSSL_IMPLEMENT_GETAUXVAL
	213	# elif defined(__ANDROID_API__)
	214	/* see https://developer.android.google.cn/ndk/guides/cpu-features */
	215	# if __ANDROID_API__ >= 18
	216	# include <sys/auxv.h>
	217	# define OSSL_IMPLEMENT_GETAUXVAL
	218	# endif
213	219	# endif
214	220	#endif
215	221

+9

-1

crypto/rand/rand_unix.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

32	32	#endif
33	33	#if defined(__OpenBSD__)
34	34	# include <sys/param.h>
	35	#endif
	36	#if defined(__APPLE__)
	37	# include <CommonCrypto/CommonRandom.h>
35	38	#endif
36	39
37	40	#if defined(OPENSSL_SYS_UNIX) \|\| defined(__DJGPP__)

377	380	if (errno != ENOSYS)
378	381	return -1;
379	382	}
	383	# elif defined(__APPLE__)
	384	if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
	385	return (ssize_t)buflen;
	386
	387	return -1;
380	388	# else
381	389	union {
382	390	void *p;

+5

-3

crypto/rsa/rsa_prn.c less more

0	0	/*
1		* Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

33	33	EVP_PKEY *pk;
34	34	int ret;
35	35	pk = EVP_PKEY_new();
36		if (pk == NULL \|\| !EVP_PKEY_set1_RSA(pk, (RSA *)x))
	36	if (pk == NULL)
37	37	return 0;
38		ret = EVP_PKEY_print_private(bp, pk, off, NULL);
	38	ret = EVP_PKEY_set1_RSA(pk, (RSA *)x);
	39	if (ret)
	40	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
39	41	EVP_PKEY_free(pk);
40	42	return ret;
41	43	}

+2

-2

crypto/siphash/siphash_ameth.c less more

0	0	/*
1		* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

43	43
44	44	static int siphash_pkey_public_cmp(const EVP_PKEY a, const EVP_PKEY b)
45	45	{
46		return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
	46	return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
47	47	}
48	48
49	49	static int siphash_set_priv_key(EVP_PKEY pkey, const unsigned char priv,

+15

-20

crypto/sm2/sm2_crypt.c less more

0	0	/*
1		* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2017 Ribose Inc. All Rights Reserved.
3	3	* Ported from Ribose contributions from Botan.
4	4	*

60	60	return field_size;
61	61	}
62	62
63		int sm2_plaintext_size(const EC_KEY key, const EVP_MD digest, size_t msg_len,
64		size_t *pt_size)
65		{
66		const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
67		const int md_size = EVP_MD_size(digest);
68		size_t overhead;
69
70		if (md_size < 0) {
71		SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
72		return 0;
73		}
74		if (field_size == 0) {
75		SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
76		return 0;
77		}
78
79		overhead = 10 + 2 * field_size + (size_t)md_size;
80		if (msg_len <= overhead) {
	63	int sm2_plaintext_size(const unsigned char ct, size_t ct_size, size_t pt_size)
	64	{
	65	struct SM2_Ciphertext_st *sm2_ctext = NULL;
	66
	67	sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
	68
	69	if (sm2_ctext == NULL) {
81	70	SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
82	71	return 0;
83	72	}
84	73
85		*pt_size = msg_len - overhead;
	74	*pt_size = sm2_ctext->C2->length;
	75	SM2_Ciphertext_free(sm2_ctext);
	76
86	77	return 1;
87	78	}
88	79

302	293	C2 = sm2_ctext->C2->data;
303	294	C3 = sm2_ctext->C3->data;
304	295	msg_len = sm2_ctext->C2->length;
	296	if (*ptext_len < (size_t)msg_len) {
	297	SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
	298	goto done;
	299	}
305	300
306	301	ctx = BN_CTX_new();
307	302	if (ctx == NULL) {

+2

-2

crypto/sm2/sm2_pmeth.c less more

0	0	/*
1		* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

150	150	const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
151	151
152	152	if (out == NULL) {
153		if (!sm2_plaintext_size(ec, md, inlen, outlen))
	153	if (!sm2_plaintext_size(in, inlen, outlen))
154	154	return -1;
155	155	else
156	156	return 1;

+2

-1

crypto/sparcv9cap.c less more

0	0	/*
1		* Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

15	15	#include <unistd.h>
16	16	#include <openssl/bn.h>
17	17	#include "internal/cryptlib.h"
	18	#include "bn/bn_local.h" /* for definition of bn_mul_mont */
18	19
19	20	#include "sparc_arch.h"
20	21

+9

-8

crypto/srp/srp_vfy.c less more

0	0	/*
1		* Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use

683	683	BIGNUM *x = NULL;
684	684	BN_CTX *bn_ctx = BN_CTX_new();
685	685	unsigned char tmp2[MAX_LEN];
686		BIGNUM *salttmp = NULL;
	686	BIGNUM salttmp = NULL, verif;
687	687
688	688	if ((user == NULL) \|\|
689	689	(pass == NULL) \|\|

706	706	if (x == NULL)
707	707	goto err;
708	708
709		*verifier = BN_new();
710		if (*verifier == NULL)
711		goto err;
712
713		if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
714		BN_clear_free(*verifier);
	709	verif = BN_new();
	710	if (verif == NULL)
	711	goto err;
	712
	713	if (!BN_mod_exp(verif, g, x, N, bn_ctx)) {
	714	BN_clear_free(verif);
715	715	goto err;
716	716	}
717	717
718	718	result = 1;
719	719	*salt = salttmp;
	720	*verifier = verif;
720	721
721	722	err:
722	723	if (salt != NULL && *salt != salttmp)

+2

-1

crypto/store/loader_file.c less more

0	0	/*
1		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

369	369	mem->data = (char *)new_data;
370	370	mem->max = mem->length = (size_t)new_data_len;
371	371	X509_SIG_free(p8);
	372	p8 = NULL;
372	373
373	374	store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
374	375	if (store_info == NULL) {

+2

-1

crypto/ts/ts_rsp_verify.c less more

0	0	/*
1		* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

611	611	err:
612	612	EVP_MD_CTX_free(md_ctx);
613	613	X509_ALGOR_free(*md_alg);
	614	*md_alg = NULL;
614	615	OPENSSL_free(*imprint);
615	616	*imprint_len = 0;
616	617	*imprint = 0;

+3

-1

crypto/ts/ts_verify_ctx.c less more

0	0	/*
1		* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

125	125	goto err;
126	126	msg = imprint->hashed_msg;
127	127	ret->imprint_len = ASN1_STRING_length(msg);
	128	if (ret->imprint_len <= 0)
	129	goto err;
128	130	if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
129	131	goto err;
130	132	memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);

+7

-1

crypto/uid.c less more

0	0	/*
1		* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

35	35	# include <sys/auxv.h>
36	36	# define OSSL_IMPLEMENT_GETAUXVAL
37	37	# endif
	38	# elif defined(__ANDROID_API__)
	39	/* see https://developer.android.google.cn/ndk/guides/cpu-features */
	40	# if __ANDROID_API__ >= 18
	41	# include <sys/auxv.h>
	42	# define OSSL_IMPLEMENT_GETAUXVAL
	43	# endif
38	44	# endif
39	45
40	46	int OPENSSL_issetugid(void)

+3

-3

crypto/x509/t_x509.c less more

0	0	/*
1		* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

364	364	BIO_puts(out, "\n");
365	365	} else
366	366	BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
367		alias = X509_alias_get0(x, NULL);
	367	alias = X509_alias_get0(x, &i);
368	368	if (alias)
369		BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
	369	BIO_printf(out, "%sAlias: %.s\n", indent, "", i, alias);
370	370	keyid = X509_keyid_get0(x, &keyidlen);
371	371	if (keyid) {
372	372	BIO_printf(out, "%*sKey Id: ", indent, "");

+3

-3

crypto/x509/x509_vpm.c less more

0	0	/*
1		* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

198	198	return 0;
199	199	}
200	200
201		/* Copy the host flags if and only if we're copying the host list */
	201	x509_verify_param_copy(hostflags, 0);
	202
202	203	if (test_x509_verify_param_copy(hosts, NULL)) {
203	204	sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
204	205	dest->hosts = NULL;

207	208	sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
208	209	if (dest->hosts == NULL)
209	210	return 0;
210		dest->hostflags = src->hostflags;
211	211	}
212	212	}
213	213

+34

-6

crypto/x509v3/v3_akey.c less more

0	0	/*
1		* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

38	38	STACK_OF(CONF_VALUE)
39	39	*extlist)
40	40	{
41		char *tmp;
	41	char *tmp = NULL;
	42	STACK_OF(CONF_VALUE) origextlist = extlist, tmpextlist;
	43
42	44	if (akeyid->keyid) {
43	45	tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
44		X509V3_add_value("keyid", tmp, &extlist);
	46	if (tmp == NULL) {
	47	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
	48	return NULL;
	49	}
	50	if (!X509V3_add_value("keyid", tmp, &extlist)) {
	51	OPENSSL_free(tmp);
	52	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
	53	goto err;
	54	}
45	55	OPENSSL_free(tmp);
46	56	}
47		if (akeyid->issuer)
48		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
	57	if (akeyid->issuer) {
	58	tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
	59	if (tmpextlist == NULL) {
	60	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
	61	goto err;
	62	}
	63	extlist = tmpextlist;
	64	}
49	65	if (akeyid->serial) {
50	66	tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
51		X509V3_add_value("serial", tmp, &extlist);
	67	if (tmp == NULL) {
	68	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
	69	goto err;
	70	}
	71	if (!X509V3_add_value("serial", tmp, &extlist)) {
	72	OPENSSL_free(tmp);
	73	X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
	74	goto err;
	75	}
52	76	OPENSSL_free(tmp);
53	77	}
54	78	return extlist;
	79	err:
	80	if (origextlist == NULL)
	81	sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
	82	return NULL;
55	83	}
56	84
57	85	/*-

+8

-4

crypto/x509v3/v3_alt.c less more

0	0	/*
1		* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

8	8
9	9	#include <stdio.h>
10	10	#include "internal/cryptlib.h"
	11	#include "crypto/x509.h"
11	12	#include <openssl/conf.h>
12	13	#include <openssl/x509v3.h>
13	14	#include "ext_dat.h"

98	99	break;
99	100
100	101	case GEN_EMAIL:
101		if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
	102	if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
	103	gen->d.ia5->length, &ret))
102	104	return NULL;
103	105	break;
104	106
105	107	case GEN_DNS:
106		if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
	108	if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
	109	gen->d.ia5->length, &ret))
107	110	return NULL;
108	111	break;
109	112
110	113	case GEN_URI:
111		if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
	114	if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
	115	gen->d.ia5->length, &ret))
112	116	return NULL;
113	117	break;
114	118

+7

-4

crypto/x509v3/v3_cpols.c less more

0	0	/*
1		* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

421	421	qualinfo = sk_POLICYQUALINFO_value(quals, i);
422	422	switch (OBJ_obj2nid(qualinfo->pqualid)) {
423	423	case NID_id_qt_cps:
424		BIO_printf(out, "%*sCPS: %s\n", indent, "",
	424	BIO_printf(out, "%sCPS: %.s\n", indent, "",
	425	qualinfo->d.cpsuri->length,
425	426	qualinfo->d.cpsuri->data);
426	427	break;
427	428

446	447	if (notice->noticeref) {
447	448	NOTICEREF *ref;
448	449	ref = notice->noticeref;
449		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
	450	BIO_printf(out, "%sOrganization: %.s\n", indent, "",
	451	ref->organization->length,
450	452	ref->organization->data);
451	453	BIO_printf(out, "%*sNumber%s: ", indent, "",
452	454	sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");

469	471	BIO_puts(out, "\n");
470	472	}
471	473	if (notice->exptext)
472		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
	474	BIO_printf(out, "%sExplicit Text: %.s\n", indent, "",
	475	notice->exptext->length,
473	476	notice->exptext->data);
474	477	}
475	478

+55

-28

crypto/x509v3/v3_ncons.c less more

0	0	/*
1		* Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

62	62	IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
63	63	IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
64	64
	65
	66	#define IA5_OFFSET_LEN(ia5base, offset) \
	67	((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
	68
	69	/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
	70	* starting point to search from
	71	*/
	72	# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
	73
	74	/* Like memrrchr but for ASN1_IA5STRING */
	75	static char ia5memrchr(ASN1_IA5STRING str, int c)
	76	{
	77	int i;
	78
	79	for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
	80
	81	if (i == 0)
	82	return NULL;
	83
	84	return (char *)&str->data[i - 1];
	85	}
	86
65	87	/*
66		* We cannot use strncasecmp here because that applies locale specific rules.
	88	* We cannot use strncasecmp here because that applies locale specific rules. It
	89	* also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
67	90	* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
68	91	* do a simple ASCII case comparison ignoring the locale (that is why we use
69	92	* numeric constants below).

88	111
89	112	/* c1 > c2 */
90	113	return 1;
91		} else if (*s1 == 0) {
92		/* If we get here we know that s2 == 0 too /
93		return 0;
94	114	}
95	115	}
96	116
97	117	return 0;
98		}
99
100		static int ia5casecmp(const char s1, const char s2)
101		{
102		return ia5ncasecmp(s1, s2, SIZE_MAX);
103	118	}
104	119
105	120	static void v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD method,

336	351	--utf8_length;
337	352
338	353	/* Reject embedded NULs */
339		if ((size_t)utf8_length != strlen((char *)utf8_value)) {
	354	if (memchr(utf8_value, 0, utf8_length) != NULL) {
340	355	OPENSSL_free(utf8_value);
341	356	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
342	357	}

535	550	{
536	551	char baseptr = (char )base->data;
537	552	char dnsptr = (char )dns->data;
	553
538	554	/* Empty matches everything */
539		if (!*baseptr)
	555	if (base->length == 0)
540	556	return X509_V_OK;
	557
	558	if (dns->length < base->length)
	559	return X509_V_ERR_PERMITTED_VIOLATION;
	560
541	561	/*
542	562	* Otherwise can add zero or more components on the left so compare RHS
543	563	* and if dns is longer and expect '.' as preceding character.

548	568	return X509_V_ERR_PERMITTED_VIOLATION;
549	569	}
550	570
551		if (ia5casecmp(baseptr, dnsptr))
	571	if (ia5ncasecmp(baseptr, dnsptr, base->length))
552	572	return X509_V_ERR_PERMITTED_VIOLATION;
553	573
554	574	return X509_V_OK;

559	579	{
560	580	const char baseptr = (char )base->data;
561	581	const char emlptr = (char )eml->data;
562
563		const char *baseat = strchr(baseptr, '@');
564		const char *emlat = strchr(emlptr, '@');
	582	const char *baseat = ia5memrchr(base, '@');
	583	const char *emlat = ia5memrchr(eml, '@');
	584	size_t basehostlen, emlhostlen;
	585
565	586	if (!emlat)
566	587	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
567	588	/* Special case: initial '.' is RHS match */
568		if (!baseat && (*baseptr == '.')) {
	589	if (!baseat && base->length > 0 && (*baseptr == '.')) {
569	590	if (eml->length > base->length) {
570	591	emlptr += eml->length - base->length;
571		if (ia5casecmp(baseptr, emlptr) == 0)
	592	if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
572	593	return X509_V_OK;
573	594	}
574	595	return X509_V_ERR_PERMITTED_VIOLATION;

588	609	baseptr = baseat + 1;
589	610	}
590	611	emlptr = emlat + 1;
	612	basehostlen = IA5_OFFSET_LEN(base, baseptr);
	613	emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
591	614	/* Just have hostname left to match: case insensitive */
592		if (ia5casecmp(baseptr, emlptr))
	615	if (basehostlen != emlhostlen \|\| ia5ncasecmp(baseptr, emlptr, emlhostlen))
593	616	return X509_V_ERR_PERMITTED_VIOLATION;
594	617
595	618	return X509_V_OK;

600	623	{
601	624	const char baseptr = (char )base->data;
602	625	const char hostptr = (char )uri->data;
603		const char *p = strchr(hostptr, ':');
	626	const char p = ia5memchr(uri, (char )uri->data, ':');
604	627	int hostlen;
	628
605	629	/* Check for foo:// and skip past it */
606		if (!p \|\| (p[1] != '/') \|\| (p[2] != '/'))
	630	if (p == NULL
	631	\|\| IA5_OFFSET_LEN(uri, p) < 3
	632	\|\| p[1] != '/'
	633	\|\| p[2] != '/')
607	634	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
608	635	hostptr = p + 3;
609	636

611	638
612	639	/* Look for a port indicator as end of hostname first */
613	640
614		p = strchr(hostptr, ':');
	641	p = ia5memchr(uri, hostptr, ':');
615	642	/* Otherwise look for trailing slash */
616		if (!p)
617		p = strchr(hostptr, '/');
618
619		if (!p)
620		hostlen = strlen(hostptr);
	643	if (p == NULL)
	644	p = ia5memchr(uri, hostptr, '/');
	645
	646	if (p == NULL)
	647	hostlen = IA5_OFFSET_LEN(uri, hostptr);
621	648	else
622	649	hostlen = p - hostptr;
623	650

625	652	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
626	653
627	654	/* Special case: initial '.' is RHS match */
628		if (*baseptr == '.') {
	655	if (base->length > 0 && *baseptr == '.') {
629	656	if (hostlen > base->length) {
630	657	p = hostptr + hostlen - base->length;
631	658	if (ia5ncasecmp(p, baseptr, base->length) == 0)

+3

-2

crypto/x509v3/v3_pci.c less more

0	0	/*
1		* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

76	76	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
77	77	BIO_puts(out, "\n");
78	78	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
79		BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
	79	BIO_printf(out, "%sPolicy Text: %.s\n", indent, "",
	80	pci->proxyPolicy->policy->length,
80	81	pci->proxyPolicy->policy->data);
81	82	return 1;
82	83	}

+47

-13

crypto/x509v3/v3_utl.c less more

0	0	/*
1		* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

11	11	#include "e_os.h"
12	12	#include "internal/cryptlib.h"
13	13	#include <stdio.h>
	14	#include <string.h>
14	15	#include "crypto/ctype.h"
15	16	#include <openssl/conf.h>
16	17	#include <openssl/crypto.h>

33	34
34	35	/* Add a CONF_VALUE name value pair to stack */
35	36
36		int X509V3_add_value(const char name, const char value,
37		STACK_OF(CONF_VALUE) **extlist)
	37	static int x509v3_add_len_value(const char name, const char value,
	38	size_t vallen, STACK_OF(CONF_VALUE) **extlist)
38	39	{
39	40	CONF_VALUE *vtmp = NULL;
40	41	char tname = NULL, tvalue = NULL;
41	42	int sk_allocated = (*extlist == NULL);
42	43
43		if (name && (tname = OPENSSL_strdup(name)) == NULL)
	44	if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
44	45	goto err;
45		if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
46		goto err;
	46	if (value != NULL && vallen > 0) {
	47	/*
	48	* We tolerate a single trailing NUL character, but otherwise no
	49	* embedded NULs
	50	*/
	51	if (memchr(value, 0, vallen - 1) != NULL)
	52	goto err;
	53	tvalue = OPENSSL_strndup(value, vallen);
	54	if (tvalue == NULL)
	55	goto err;
	56	}
47	57	if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
48	58	goto err;
49	59	if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)

55	65	goto err;
56	66	return 1;
57	67	err:
58		X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
	68	X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE);
59	69	if (sk_allocated) {
60	70	sk_CONF_VALUE_free(*extlist);
61	71	*extlist = NULL;

66	76	return 0;
67	77	}
68	78
	79	int X509V3_add_value(const char name, const char value,
	80	STACK_OF(CONF_VALUE) **extlist)
	81	{
	82	return x509v3_add_len_value(name, value,
	83	value != NULL ? strlen((const char *)value) : 0,
	84	extlist);
	85	}
	86
69	87	int X509V3_add_value_uchar(const char name, const unsigned char value,
70	88	STACK_OF(CONF_VALUE) **extlist)
71	89	{
72		return X509V3_add_value(name, (const char *)value, extlist);
	90	return x509v3_add_len_value(name, (const char *)value,
	91	value != NULL ? strlen((const char *)value) : 0,
	92	extlist);
	93	}
	94
	95	int x509v3_add_len_value_uchar(const char name, const unsigned char value,
	96	size_t vallen, STACK_OF(CONF_VALUE) **extlist)
	97	{
	98	return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
73	99	}
74	100
75	101	/* Free function for STACK_OF(CONF_VALUE) */

501	527	/* First some sanity checks */
502	528	if (email->type != V_ASN1_IA5STRING)
503	529	return 1;
504		if (!email->data \|\| !email->length)
	530	if (email->data == NULL \|\| email->length == 0)
	531	return 1;
	532	if (memchr(email->data, 0, email->length) != NULL)
505	533	return 1;
506	534	if (*sk == NULL)
507	535	*sk = sk_OPENSSL_STRING_new(sk_strcmp);
508	536	if (*sk == NULL)
509	537	return 0;
	538
	539	emtmp = OPENSSL_strndup((char *)email->data, email->length);
	540	if (emtmp == NULL)
	541	return 0;
	542
510	543	/* Don't add duplicates */
511		if (sk_OPENSSL_STRING_find(sk, (char )email->data) != -1)
	544	if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
	545	OPENSSL_free(emtmp);
512	546	return 1;
513		emtmp = OPENSSL_strdup((char *)email->data);
514		if (emtmp == NULL \|\| !sk_OPENSSL_STRING_push(*sk, emtmp)) {
515		OPENSSL_free(emtmp); /* free on push failure */
	547	}
	548	if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
	549	OPENSSL_free(emtmp); /* free on push failure */
516	550	X509_email_free(*sk);
517	551	*sk = NULL;
518	552	return 0;

+5

-1

crypto/x509v3/v3err.c less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

38	38	"i2s_ASN1_INTEGER"},
39	39	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
40	40	"i2v_AUTHORITY_INFO_ACCESS"},
	41	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0),
	42	"i2v_AUTHORITY_KEYID"},
41	43	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
42	44	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
43	45	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},

103	105	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
104	106	"v3_generic_extension"},
105	107	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
	108	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0),
	109	"x509v3_add_len_value"},
106	110	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
107	111	"X509V3_add_value"},
108	112	{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},

+1

-7

demos/bio/client-arg.c less more

0	0	/*
1		* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

93	93	goto end;
94	94	}
95	95
96		if (BIO_do_handshake(sbio) <= 0) {
97		fprintf(stderr, "Error establishing SSL connection\n");
98		ERR_print_errors_fp(stderr);
99		goto end;
100		}
101
102	96	/* Could examine ssl here to get connection info */
103	97
104	98	BIO_puts(sbio, "GET / HTTP/1.0\n\n");

+1

-7

demos/bio/client-conf.c less more

0	0	/*
1		* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

101	101	goto end;
102	102	}
103	103
104		if (BIO_do_handshake(sbio) <= 0) {
105		fprintf(stderr, "Error establishing SSL connection\n");
106		ERR_print_errors_fp(stderr);
107		goto end;
108		}
109
110	104	/* Could examine ssl here to get connection info */
111	105
112	106	BIO_puts(sbio, "GET / HTTP/1.0\n\n");

+2

-2

doc/man1/enc.pod less more

179	179
180	180	=item B<-z>
181	181
182		Compress or decompress clear text using zlib before encryption or after
183		decryption. This option exists only if OpenSSL with compiled with zlib
	182	Compress or decompress encrypted data using zlib after encryption or before
	183	decryption. This option exists only if OpenSSL was compiled with the zlib
184	184	or zlib-dynamic option.
185	185
186	186	=item B<-none>

+1

-1

doc/man1/s_client.pod less more

796	796
797	797	The B<s_client> utility is a test tool and is designed to continue the
798	798	handshake after any certificate verification errors. As a result it will
799		accept any certificate chain (trusted or not) sent by the peer. None test
	799	accept any certificate chain (trusted or not) sent by the peer. Non-test
800	800	applications should B<not> do this as it makes them vulnerable to a MITM
801	801	attack. This behaviour can be changed by with the B<-verify_return_error>
802	802	option: any verify errors are then returned aborting the handshake.

+1

-1

doc/man1/s_server.pod less more

700	700
701	701	=item B<-alpn val>, B<-nextprotoneg val>
702	702
703		These flags enable the Enable the Application-Layer Protocol Negotiation
	703	These flags enable the Application-Layer Protocol Negotiation
704	704	or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
705	705	IETF standard and replaces NPN.
706	706	The B<val> list is a comma-separated list of supported protocol

+1

-6

doc/man3/BIO_f_ssl.pod less more

181	181	out = BIO_new_fp(stdout, BIO_NOCLOSE);
182	182	if (BIO_do_connect(sbio) <= 0) {
183	183	fprintf(stderr, "Error connecting to server\n");
184		ERR_print_errors_fp(stderr);
185		exit(1);
186		}
187		if (BIO_do_handshake(sbio) <= 0) {
188		fprintf(stderr, "Error establishing SSL connection\n");
189	184	ERR_print_errors_fp(stderr);
190	185	exit(1);
191	186	}

297	292
298	293	=head1 COPYRIGHT
299	294
300		Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
	295	Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
301	296
302	297	Licensed under the OpenSSL license (the "License"). You may not use
303	298	this file except in compliance with the License. You can obtain a copy

+3

-3

doc/man3/BIO_push.pod less more

60	60	by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
61	61
62	62	It should be noted that reading causes data to pass in the reverse
63		direction, that is data is read from B<f>, base64 B<decoded> and digested
64		by B<md1> and B<md2>. If the call:
	63	direction, that is data is read from B<f>, B<base64> decoded and digested
	64	by B<md2> and B<md1>. If the call:
65	65
66	66	BIO_pop(md2);
67	67

78	78
79	79	=head1 COPYRIGHT
80	80
81		Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
	81	Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
82	82
83	83	Licensed under the OpenSSL license (the "License"). You may not use
84	84	this file except in compliance with the License. You can obtain a copy

+23

-18

doc/man3/BN_cmp.pod less more

1	1
2	2	=head1 NAME
3	3
4		BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
	4	BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions
5	5
6	6	=head1 SYNOPSIS
7	7
8	8	#include <openssl/bn.h>
9	9
10		int BN_cmp(BIGNUM a, BIGNUM b);
11		int BN_ucmp(BIGNUM a, BIGNUM b);
	10	int BN_cmp(const BIGNUM a, const BIGNUM b);
	11	int BN_ucmp(const BIGNUM a, const BIGNUM b);
12	12
13		int BN_is_zero(BIGNUM *a);
14		int BN_is_one(BIGNUM *a);
15		int BN_is_word(BIGNUM *a, BN_ULONG w);
16		int BN_is_odd(BIGNUM *a);
	13	int BN_is_zero(const BIGNUM *a);
	14	int BN_is_one(const BIGNUM *a);
	15	int BN_is_word(const BIGNUM *a, const BN_ULONG w);
	16	int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
	17	int BN_is_odd(const BIGNUM *a);
17	18
18	19	=head1 DESCRIPTION
19	20
20		BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
	21	BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their
21	22	absolute values.
22	23
23		BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
24		or B<w> respectively. BN_is_odd() tests if a is odd.
25
26		BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
	24	BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if
	25	I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively.
	26	BN_is_odd() tests if I<a> is odd.
27	27
28	28	=head1 RETURN VALUES
29	29
30		BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
31		B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
32		of B<a> and B<b>.
	30	BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if
	31	I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values
	32	of I<a> and I<b>.
33	33
34		BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
35		the condition is true, 0 otherwise.
	34	BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and
	35	BN_is_odd() return 1 if the condition is true, 0 otherwise.
	36
	37	=head1 HISTORY
	38
	39	Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(),
	40	BN_abs_is_word() and BN_is_odd() were macros.
36	41
37	42	=head1 COPYRIGHT
38	43
39		Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
	44	Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
40	45
41	46	Licensed under the OpenSSL license (the "License"). You may not use
42	47	this file except in compliance with the License. You can obtain a copy

+5

-1

doc/man3/d2i_PrivateKey.pod less more

41	41
42	42	=head1 NOTES
43	43
	44	All the functions that operate on data in memory update the data pointer I<*pp>
	45	after a successful operation, just like the other d2i and i2d functions;
	46	see L<d2i_X509(3)>.
	47
44	48	All these functions use DER format and unencrypted keys. Applications wishing
45	49	to encrypt or decrypt private keys should use other functions such as
46	50	d2i_PKCS8PrivateKey() instead.

70	74
71	75	=head1 COPYRIGHT
72	76
73		Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
	77	Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
74	78
75	79	Licensed under the OpenSSL license (the "License"). You may not use
76	80	this file except in compliance with the License. You can obtain a copy

+3

-3

doc/man7/x509.pod less more

10	10	=head1 DESCRIPTION
11	11
12	12	An X.509 certificate is a structured grouping of information about
13		an individual, a device, or anything one can imagine. A X.509 CRL
	13	an individual, a device, or anything one can imagine. An X.509 CRL
14	14	(certificate revocation list) is a tool to help determine if a
15	15	certificate is still valid. The exact definition of those can be
16	16	found in the X.509 document from ITU-T, or in RFC3280 from PKIX.

23	23
24	24	To handle some complex parts of a certificate, there are the types
25	25	X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
26		a certificate attributes), X509_EXTENSION (to express a certificate
	26	a certificate attribute), X509_EXTENSION (to express a certificate
27	27	extension) and a few more.
28	28
29	29	Finally, there's the supertype X509_INFO, which can contain a CRL, a

62	62
63	63	=head1 COPYRIGHT
64	64
65		Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
	65	Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
66	66
67	67	Licensed under the OpenSSL license (the "License"). You may not use
68	68	this file except in compliance with the License. You can obtain a copy

+2

-3

include/crypto/sm2.h less more

0	0	/*
1		* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright 2017 Ribose Inc. All Rights Reserved.
3	3	* Ported from Ribose contributions from Botan.
4	4	*

59	59	int sm2_ciphertext_size(const EC_KEY key, const EVP_MD digest, size_t msg_len,
60	60	size_t *ct_size);
61	61
62		int sm2_plaintext_size(const EC_KEY key, const EVP_MD digest, size_t msg_len,
63		size_t *pt_size);
	62	int sm2_plaintext_size(const unsigned char ct, size_t ct_size, size_t pt_size);
64	63
65	64	int sm2_encrypt(const EC_KEY *key,
66	65	const EVP_MD *digest,

+6

-1

include/crypto/x509.h less more

0	0	/*
1		* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

7	7	*/
8	8
9	9	#include "internal/refcount.h"
	10	#include <openssl/x509.h>
	11	#include <openssl/conf.h>
10	12
11	13	/* Internal X509 structures and functions: not for application use */
12	14

283	285	int x509_set1_time(ASN1_TIME *ptm, const ASN1_TIME tm);
284	286
285	287	void x509_init_sig_info(X509 *x);
	288
	289	int x509v3_add_len_value_uchar(const char name, const unsigned char value,
	290	size_t vallen, STACK_OF(CONF_VALUE) **extlist);

+3

-2

include/openssl/e_os2.h less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

278	278	# define ossl_inline inline
279	279	# endif
280	280
281		# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
	281	# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
	282	!defined(__cplusplus)
282	283	# define ossl_noreturn _Noreturn
283	284	# elif defined(__GNUC__) && __GNUC__ >= 2
284	285	# define ossl_noreturn __attribute__((noreturn))

+2

-2

include/openssl/opensslv.h less more

38	38	* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
39	39	* major minor fix final patch/beta)
40	40	*/
41		# define OPENSSL_VERSION_NUMBER 0x101010bfL
42		# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k 25 Mar 2021"
	41	# define OPENSSL_VERSION_NUMBER 0x101010cfL
	42	# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l 24 Aug 2021"
43	43
44	44	/*-
45	45	* The macros below are to be used for shared library (.so, .dll, ...)

+4

-1

include/openssl/sslerr.h less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

69	69	# define SSL_F_FINAL_EMS 486
70	70	# define SSL_F_FINAL_KEY_SHARE 503
71	71	# define SSL_F_FINAL_MAXFRAGMENTLEN 557
	72	# define SSL_F_FINAL_PSK 639
72	73	# define SSL_F_FINAL_RENEGOTIATE 483
73	74	# define SSL_F_FINAL_SERVER_NAME 558
74	75	# define SSL_F_FINAL_SIG_ALGS 497

591	592	# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
592	593	# define SSL_R_MISSING_FATAL 256
593	594	# define SSL_R_MISSING_PARAMETERS 290
	595	# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310
594	596	# define SSL_R_MISSING_RSA_CERTIFICATE 168
595	597	# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
596	598	# define SSL_R_MISSING_RSA_SIGNING_CERT 170

632	634	# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
633	635	# define SSL_R_NULL_SSL_CTX 195
634	636	# define SSL_R_NULL_SSL_METHOD_PASSED 196
	637	# define SSL_R_OCSP_CALLBACK_FAILURE 294
635	638	# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
636	639	# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
637	640	# define SSL_R_OVERFLOW_ERROR 237

+3

-1

include/openssl/x509v3err.h less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

37	37	# define X509V3_F_I2S_ASN1_IA5STRING 149
38	38	# define X509V3_F_I2S_ASN1_INTEGER 120
39	39	# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
	40	# define X509V3_F_I2V_AUTHORITY_KEYID 173
40	41	# define X509V3_F_LEVEL_ADD_NODE 168
41	42	# define X509V3_F_NOTICE_SECTION 132
42	43	# define X509V3_F_NREF_NOS 133

77	78	# define X509V3_F_V2I_TLS_FEATURE 165
78	79	# define X509V3_F_V3_GENERIC_EXTENSION 116
79	80	# define X509V3_F_X509V3_ADD1_I2D 140
	81	# define X509V3_F_X509V3_ADD_LEN_VALUE 174
80	82	# define X509V3_F_X509V3_ADD_VALUE 105
81	83	# define X509V3_F_X509V3_EXT_ADD 104
82	84	# define X509V3_F_X509V3_EXT_ADD_ALIAS 106

+2

-1

ssl/bio_ssl.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

450	450	goto err;
451	451	return ret;
452	452	err:
	453	BIO_free(ssl);
453	454	BIO_free(con);
454	455	#endif
455	456	return NULL;

+1

-2

ssl/d1_lib.c less more

341	341	return 1;
342	342	}
343	343
344		void dtls1_double_timeout(SSL *s)
	344	static void dtls1_double_timeout(SSL *s)
345	345	{
346	346	s->d1->timeout_duration_us *= 2;
347	347	if (s->d1->timeout_duration_us > 60000000)
348	348	s->d1->timeout_duration_us = 60000000;
349		dtls1_start_timer(s);
350	349	}
351	350
352	351	void dtls1_stop_timer(SSL *s)

+4

-4

ssl/record/rec_layer_s3.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

171	171	/*
172	172	* If extend == 0, obtain new n-byte packet; if extend == 1, increase
173	173	* packet by another n bytes. The packet will be in the sub-array of
174		* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
175		* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
176		* s->packet_length bytes if extend == 1].)
	174	* s->rlayer.rbuf.buf specified by s->rlayer.packet and
	175	* s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
	176	* be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
177	177	* if clearold == 1, move the packet to the start of the buffer; if
178	178	* clearold == 0 then leave any old packets where they were
179	179	*/

+1

-2

ssl/record/ssl3_buffer.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

73	73	b->len = len;
74	74	}
75	75
76		RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
77	76	return 1;
78	77	}
79	78

+18

-18

ssl/record/ssl3_record.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

404	404	more = thisrr->length;
405	405	}
406	406	if (more > 0) {
407		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
	407	/* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
408	408
409	409	rret = ssl3_read_n(s, more, more, 1, 0, &n);
410	410	if (rret <= 0)

415	415	RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
416	416
417	417	/*
418		* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
419		* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
420		* + thisrr->length and we have that many bytes in s->packet
	418	* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
	419	* + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
	420	* + thisrr->length and we have that many bytes in s->rlayer.packet
421	421	*/
422	422	if (thisrr->rec_version == SSL2_VERSION) {
423	423	thisrr->input =

428	428	}
429	429
430	430	/*
431		* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
432		* points at thisrr->length bytes, which need to be copied into
433		* thisrr->data by either the decryption or by the decompression When
434		* the data is 'copied' into the thisrr->data buffer, thisrr->input will
435		* be pointed at the new buffer
	431	* ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
	432	* thisrr->input points at thisrr->length bytes, which need to be copied
	433	* into thisrr->data by either the decryption or by the decompression.
	434	* When the data is 'copied' into the thisrr->data buffer,
	435	* thisrr->input will be updated to point at the new buffer
436	436	*/
437	437
438	438	/*

1615	1615	sess = s->session;
1616	1616
1617	1617	/*
1618		* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
1619		* and we have that many bytes in s->packet
	1618	* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
	1619	* and we have that many bytes in s->rlayer.packet
1620	1620	*/
1621	1621	rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
1622	1622
1623	1623	/*
1624		* ok, we can now read from 's->packet' data into 'rr' rr->input points
1625		* at rr->length bytes, which need to be copied into rr->data by either
1626		* the decryption or by the decompression When the data is 'copied' into
1627		* the rr->data buffer, rr->input will be pointed at the new buffer
	1624	* ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
	1625	* points at rr->length bytes, which need to be copied into rr->data by
	1626	* either the decryption or by the decompression. When the data is 'copied'
	1627	* into the rr->data buffer, rr->input will be pointed at the new buffer
1628	1628	*/
1629	1629
1630	1630	/*

1946	1946
1947	1947	if (rr->length >
1948	1948	RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
1949		/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
	1949	/* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
1950	1950	more = rr->length;
1951	1951	rret = ssl3_read_n(s, more, more, 1, 1, &n);
1952	1952	/* this packet contained a partial record, dump it */

1962	1962	}
1963	1963
1964	1964	/*
1965		* now n == rr->length, and s->packet_length ==
	1965	* now n == rr->length, and s->rlayer.packet_length ==
1966	1966	* DTLS1_RT_HEADER_LENGTH + rr->length
1967	1967	*/
1968	1968	}

+3

-1

ssl/s3_msg.c less more

0	0	/*
1		* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

46	46	desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
47	47	* protocol_version alerts */
48	48	if (desc < 0)
	49	return -1;
	50	if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
49	51	return -1;
50	52	/* If a fatal one, remove from cache */
51	53	if ((level == SSL3_AL_FATAL) && (s->session != NULL))

+26

-11

ssl/ssl_cert.c less more

0	0	/*
1		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use

875	875	return 1;
876	876	}
877	877
	878	int ssl_get_security_level_bits(const SSL s, const SSL_CTX ctx, int *levelp)
	879	{
	880	int level;
	881	static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
	882
	883	if (ctx != NULL)
	884	level = SSL_CTX_get_security_level(ctx);
	885	else
	886	level = SSL_get_security_level(s);
	887
	888	if (level > 5)
	889	level = 5;
	890	else if (level < 0)
	891	level = 0;
	892
	893	if (levelp != NULL)
	894	*levelp = level;
	895
	896	return minbits_table[level];
	897	}
	898
878	899	static int ssl_security_default_callback(const SSL s, const SSL_CTX ctx,
879	900	int op, int bits, int nid, void *other,
880	901	void *ex)
881	902	{
882	903	int level, minbits;
883		static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
884		if (ctx)
885		level = SSL_CTX_get_security_level(ctx);
886		else
887		level = SSL_get_security_level(s);
888
889		if (level <= 0) {
	904
	905	minbits = ssl_get_security_level_bits(s, ctx, &level);
	906
	907	if (level == 0) {
890	908	/*
891	909	* No EDH keys weaker than 1024-bits even at level 0, otherwise,
892	910	* anything goes.

895	913	return 0;
896	914	return 1;
897	915	}
898		if (level > 5)
899		level = 5;
900		minbits = minbits_table[level - 1];
901	916	switch (op) {
902	917	case SSL_SECOP_CIPHER_SUPPORTED:
903	918	case SSL_SECOP_CIPHER_SHARED:

+6

-1

ssl/ssl_err.c less more

0	0	/*
1	1	* Generated by util/mkerr.pl DO NOT EDIT
2		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use
5	5	* this file except in compliance with the License. You can obtain a copy

84	84	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
85	85	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
86	86	"final_maxfragmentlen"},
	87	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
87	88	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
88	89	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
89	90	{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},

947	948	"missing ecdsa signing cert"},
948	949	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
949	950	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
	951	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
	952	"missing psk kex modes extension"},
950	953	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
951	954	"missing rsa certificate"},
952	955	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),

1017	1020	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
1018	1021	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
1019	1022	"null ssl method passed"},
	1023	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
	1024	"ocsp callback failure"},
1020	1025	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
1021	1026	"old session cipher not returned"},
1022	1027	{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),

+52

-7

ssl/ssl_lib.c less more

2118	2118	return 0;
2119	2119	}
2120	2120
	2121	if (RECORD_LAYER_write_pending(&s->rlayer)) {
	2122	SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
	2123	return 0;
	2124	}
	2125
2121	2126	ossl_statem_set_in_init(s, 1);
2122	2127	s->key_update = updatetype;
2123	2128	return 1;

2828	2833	}
2829	2834	#endif
2830	2835
	2836	static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
	2837	{
	2838	unsigned int idx;
	2839
	2840	if (protos_len < 2 \|\| protos == NULL)
	2841	return 0;
	2842
	2843	for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
	2844	if (protos[idx] == 0)
	2845	return 0;
	2846	}
	2847	return idx == protos_len;
	2848	}
2831	2849	/*
2832	2850	* SSL_CTX_set_alpn_protos sets the ALPN protocol list on \|ctx\| to \|protos\|.
2833	2851	* \|protos\| must be in wire-format (i.e. a series of non-empty, 8-bit

2836	2854	int SSL_CTX_set_alpn_protos(SSL_CTX ctx, const unsigned char protos,
2837	2855	unsigned int protos_len)
2838	2856	{
2839		OPENSSL_free(ctx->ext.alpn);
2840		ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
2841		if (ctx->ext.alpn == NULL) {
	2857	unsigned char *alpn;
	2858
	2859	if (protos_len == 0 \|\| protos == NULL) {
	2860	OPENSSL_free(ctx->ext.alpn);
	2861	ctx->ext.alpn = NULL;
2842	2862	ctx->ext.alpn_len = 0;
	2863	return 0;
	2864	}
	2865	/* Not valid per RFC */
	2866	if (!alpn_value_ok(protos, protos_len))
	2867	return 1;
	2868
	2869	alpn = OPENSSL_memdup(protos, protos_len);
	2870	if (alpn == NULL) {
2843	2871	SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
2844	2872	return 1;
2845	2873	}
	2874	OPENSSL_free(ctx->ext.alpn);
	2875	ctx->ext.alpn = alpn;
2846	2876	ctx->ext.alpn_len = protos_len;
2847	2877
2848	2878	return 0;

2856	2886	int SSL_set_alpn_protos(SSL ssl, const unsigned char protos,
2857	2887	unsigned int protos_len)
2858	2888	{
2859		OPENSSL_free(ssl->ext.alpn);
2860		ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
2861		if (ssl->ext.alpn == NULL) {
	2889	unsigned char *alpn;
	2890
	2891	if (protos_len == 0 \|\| protos == NULL) {
	2892	OPENSSL_free(ssl->ext.alpn);
	2893	ssl->ext.alpn = NULL;
2862	2894	ssl->ext.alpn_len = 0;
	2895	return 0;
	2896	}
	2897	/* Not valid per RFC */
	2898	if (!alpn_value_ok(protos, protos_len))
	2899	return 1;
	2900
	2901	alpn = OPENSSL_memdup(protos, protos_len);
	2902	if (alpn == NULL) {
2863	2903	SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
2864	2904	return 1;
2865	2905	}
	2906	OPENSSL_free(ssl->ext.alpn);
	2907	ssl->ext.alpn = alpn;
2866	2908	ssl->ext.alpn_len = protos_len;
2867	2909
2868	2910	return 0;

4519	4561	}
4520	4562
4521	4563	ctx = EVP_MD_CTX_new();
4522		if (ctx == NULL)
	4564	if (ctx == NULL) {
	4565	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
	4566	ERR_R_INTERNAL_ERROR);
4523	4567	goto err;
	4568	}
4524	4569
4525	4570	if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
4526	4571	\|\| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {

+1

-1

ssl/ssl_local.h less more

2304	2304	__owur int ssl_security(const SSL s, int op, int bits, int nid, void other);
2305	2305	__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
2306	2306	void *other);
	2307	int ssl_get_security_level_bits(const SSL s, const SSL_CTX ctx, int *levelp);
2307	2308
2308	2309	__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
2309	2310	__owur const SSL_CERT_LOOKUP ssl_cert_lookup_by_pkey(const EVP_PKEY pk,

2425	2426	void dtls1_start_timer(SSL *s);
2426	2427	void dtls1_stop_timer(SSL *s);
2427	2428	__owur int dtls1_is_timer_expired(SSL *s);
2428		void dtls1_double_timeout(SSL *s);
2429	2429	__owur int dtls_raw_hello_verify_request(WPACKET pkt, unsigned char cookie,
2430	2430	size_t cookie_len);
2431	2431	__owur size_t dtls1_min_mtu(SSL *s);

+29

-2

ssl/statem/extensions.c less more

17	17	static int init_server_name(SSL *s, unsigned int context);
18	18	static int final_server_name(SSL *s, unsigned int context, int sent);
19	19	#ifndef OPENSSL_NO_EC
	20	static int init_ec_point_formats(SSL *s, unsigned int context);
20	21	static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
21	22	#endif
22	23	static int init_session_ticket(SSL *s, unsigned int context);

55	56	static int final_early_data(SSL *s, unsigned int context, int sent);
56	57	static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
57	58	static int init_post_handshake_auth(SSL *s, unsigned int context);
	59	static int final_psk(SSL *s, unsigned int context, int sent);
58	60
59	61	/* Structure to define a built-in extension */
60	62	typedef struct extensions_definition_st {

157	159	TLSEXT_TYPE_ec_point_formats,
158	160	SSL_EXT_CLIENT_HELLO \| SSL_EXT_TLS1_2_SERVER_HELLO
159	161	\| SSL_EXT_TLS1_2_AND_BELOW_ONLY,
160		NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
	162	init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
161	163	tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
162	164	final_ec_pt_formats
163	165	},

388	390	SSL_EXT_CLIENT_HELLO \| SSL_EXT_TLS1_3_SERVER_HELLO
389	391	\| SSL_EXT_TLS_IMPLEMENTATION_ONLY \| SSL_EXT_TLS1_3_ONLY,
390	392	NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
391		tls_construct_ctos_psk, NULL
	393	tls_construct_ctos_psk, final_psk
392	394	}
393	395	};
394	396

1025	1027	}
1026	1028
1027	1029	#ifndef OPENSSL_NO_EC
	1030	static int init_ec_point_formats(SSL *s, unsigned int context)
	1031	{
	1032	OPENSSL_free(s->ext.peer_ecpointformats);
	1033	s->ext.peer_ecpointformats = NULL;
	1034	s->ext.peer_ecpointformats_len = 0;
	1035
	1036	return 1;
	1037	}
	1038
1028	1039	static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
1029	1040	{
1030	1041	unsigned long alg_k, alg_a;

1717	1728
1718	1729	return 1;
1719	1730	}
	1731
	1732	/*
	1733	* If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
	1734	* extension, servers MUST abort the handshake.
	1735	*/
	1736	static int final_psk(SSL *s, unsigned int context, int sent)
	1737	{
	1738	if (s->server && sent && s->clienthello != NULL
	1739	&& !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
	1740	SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK,
	1741	SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
	1742	return 0;
	1743	}
	1744
	1745	return 1;
	1746	}

+8

-1

ssl/statem/extensions_srvr.c less more

0	0	/*
1		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

1713	1713	}
1714	1714	return EXT_RETURN_NOT_SENT;
1715	1715	}
	1716	if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
	1717	/*
	1718	* PSK ('hit') and explicitly not doing DHE (if the client sent the
	1719	* DHE option we always take it); don't send key share.
	1720	*/
	1721	return EXT_RETURN_NOT_SENT;
	1722	}
1716	1723
1717	1724	if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
1718	1725	\|\| !WPACKET_start_sub_packet_u16(pkt)

+3

-2

ssl/statem/statem_clnt.c less more

1000	1000	return CCS_MAX_LENGTH;
1001	1001
1002	1002	case TLS_ST_CR_SESSION_TICKET:
1003		return SSL3_RT_MAX_PLAIN_LENGTH;
	1003	return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
	1004	: SESSION_TICKET_MAX_LENGTH_TLS12;
1004	1005
1005	1006	case TLS_ST_CR_FINISHED:
1006	1007	return FINISHED_MAX_LENGTH;

2832	2833	if (ret < 0) {
2833	2834	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
2834	2835	SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
2835		ERR_R_MALLOC_FAILURE);
	2836	SSL_R_OCSP_CALLBACK_FAILURE);
2836	2837	return 0;
2837	2838	}
2838	2839	}

+3

-1

ssl/statem/statem_local.h less more

0	0	/*
1		* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

21	21	#define SERVER_HELLO_MAX_LENGTH 20000
22	22	#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000
23	23	#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
	24	#define SESSION_TICKET_MAX_LENGTH_TLS13 131338
	25	#define SESSION_TICKET_MAX_LENGTH_TLS12 65541
24	26	#define SERVER_KEY_EXCH_MAX_LENGTH 102400
25	27	#define SERVER_HELLO_DONE_MAX_LENGTH 0
26	28	#define KEY_UPDATE_MAX_LENGTH 1

+7

-4

ssl/statem/statem_srvr.c less more

3752	3752
3753	3753	sk_X509_pop_free(s->session->peer_chain, X509_free);
3754	3754	s->session->peer_chain = sk;
	3755	sk = NULL;
3755	3756
3756	3757	/*
3757	3758	* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE

3766	3767	* Inconsistency alert: cert_chain does not include the peer's own
3767	3768	* certificate, while we do include it in statem_clnt.c
3768	3769	*/
3769		sk = NULL;
3770	3770
3771	3771	/* Save the current hash state for when we receive the CertificateVerify */
3772	3772	if (SSL_IS_TLS13(s)) {

4138	4138	}
4139	4139
4140	4140	if (tctx->generate_ticket_cb != NULL &&
4141		tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
4142		goto err;
4143
	4141	tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
	4142	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
	4143	SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
	4144	ERR_R_INTERNAL_ERROR);
	4145	goto err;
	4146	}
4144	4147	/*
4145	4148	* If we are using anti-replay protection then we behave as if
4146	4149	* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there

+9

-2

ssl/t1_lib.c less more

0	0	/*
1		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

2440	2440	{
2441	2441	DH *dhp = NULL;
2442	2442	BIGNUM p = NULL, g = NULL;
2443		int dh_secbits = 80;
	2443	int dh_secbits = 80, sec_level_bits;
	2444
2444	2445	if (s->cert->dh_tmp_auto != 2) {
2445	2446	if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL \| SSL_aPSK)) {
2446	2447	if (s->s3->tmp.new_cipher->strength_bits == 256)

2463	2464	BN_free(g);
2464	2465	return NULL;
2465	2466	}
	2467
	2468	/* Do not pick a prime that is too weak for the current security level */
	2469	sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
	2470	if (dh_secbits < sec_level_bits)
	2471	dh_secbits = sec_level_bits;
	2472
2466	2473	if (dh_secbits >= 192)
2467	2474	p = BN_get_rfc3526_prime_8192(NULL);
2468	2475	else if (dh_secbits >= 152)

+29

-3

test/asn1_decode_test.c less more

0	0	/*
1		* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

11	11
12	12	#include <openssl/rand.h>
13	13	#include <openssl/asn1t.h>
	14	#include <openssl/obj_mac.h>
14	15	#include "internal/numbers.h"
15	16	#include "testutil.h"
16	17

194	195	return 0;
195	196	}
196	197
	198	static int test_reuse_asn1_object(void)
	199	{
	200	static unsigned char cn_der[] = { 0x06, 0x03, 0x55, 0x04, 0x06 };
	201	static unsigned char oid_der[] = {
	202	0x06, 0x06, 0x2a, 0x03, 0x04, 0x05, 0x06, 0x07
	203	};
	204	int ret = 0;
	205	ASN1_OBJECT *obj;
	206	unsigned char const *p = oid_der;
	207
	208	/* Create an object that owns dynamically allocated 'sn' and 'ln' fields */
	209
	210	if (!TEST_ptr(obj = ASN1_OBJECT_create(NID_undef, cn_der, sizeof(cn_der),
	211	"C", "countryName")))
	212	goto err;
	213	/* reuse obj - this should not leak sn and ln */
	214	if (!TEST_ptr(d2i_ASN1_OBJECT(&obj, &p, sizeof(oid_der))))
	215	goto err;
	216	ret = 1;
	217	err:
	218	ASN1_OBJECT_free(obj);
	219	return ret;
	220	}
	221
197	222	int setup_tests(void)
198	223	{
199	224	#if OPENSSL_API_COMPAT < 0x10200000L

204	229	ADD_TEST(test_int64);
205	230	ADD_TEST(test_uint64);
206	231	ADD_TEST(test_invalid_template);
207		return 1;
208		}
	232	ADD_TEST(test_reuse_asn1_object);
	233	return 1;
	234	}

+72

-8

test/bio_memleak_test.c less more

0	0	/*
1		* Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

9	9	#include <string.h>
10	10	#include <openssl/buffer.h>
11	11	#include <openssl/bio.h>
	12	#include <openssl/pkcs7.h>
	13	#include <openssl/obj_mac.h>
12	14
13	15	#include "testutil.h"
14	16

34	36	goto finish;
35	37	ok = 1;
36	38
37		finish:
	39	finish:
38	40	BIO_free(bio);
39	41	return ok;
40	42	}

61	63	goto finish;
62	64	ok = 1;
63	65
64		finish:
	66	finish:
65	67	BIO_free(bio);
66	68	BUF_MEM_free(bufmem);
67	69	return ok;

97	99	goto finish;
98	100	ok = 1;
99	101
100		finish:
	102	finish:
101	103	BIO_free(bio);
102	104	return ok;
103	105	}

138	140	goto finish;
139	141	ok = 1;
140	142
141		finish:
	143	finish:
142	144	BIO_free(bio);
143	145	BIO_free(bio2);
144	146	return ok;

175	177
176	178	ok = 1;
177	179
178		finish:
	180	finish:
179	181	BIO_free(bio);
180	182	return ok;
181	183	}

215	217
216	218	ok = 1;
217	219
218		finish:
219		BIO_free(bio);
	220	finish:
	221	BIO_free(bio);
	222	return ok;
	223	}
	224
	225	static int error_callback_fired;
	226	static long BIO_error_callback(BIO bio, int cmd, const char argp,
	227	size_t len, int argi,
	228	long argl, int ret, size_t *processed)
	229	{
	230	if ((cmd & (BIO_CB_READ \| BIO_CB_RETURN)) != 0) {
	231	error_callback_fired = 1;
	232	ret = 0; /* fail for read operations to simulate error in input BIO */
	233	}
	234	return ret;
	235	}
	236
	237	/* Checks i2d_ASN1_bio_stream() is freeing all memory when input BIO ends unexpectedly. */
	238	static int test_bio_i2d_ASN1_mime(void)
	239	{
	240	int ok = 0;
	241	BIO bio = NULL, out = NULL;
	242	BUF_MEM bufmem;
	243	static const char str[] = "BIO mime test\n";
	244	PKCS7 *p7 = NULL;
	245
	246	if (!TEST_ptr(bio = BIO_new(BIO_s_mem())))
	247	goto finish;
	248
	249	bufmem.length = sizeof(str);
	250	bufmem.data = (char *) str;
	251	bufmem.max = bufmem.length;
	252	BIO_set_mem_buf(bio, &bufmem, BIO_NOCLOSE);
	253	BIO_set_flags(bio, BIO_FLAGS_MEM_RDONLY);
	254	BIO_set_callback_ex(bio, BIO_error_callback);
	255
	256	if (!TEST_ptr(out = BIO_new(BIO_s_mem())))
	257	goto finish;
	258	if (!TEST_ptr(p7 = PKCS7_new()))
	259	goto finish;
	260	if (!TEST_true(PKCS7_set_type(p7, NID_pkcs7_data)))
	261	goto finish;
	262
	263	error_callback_fired = 0;
	264
	265	/*
	266	* The call succeeds even if the input stream ends unexpectedly as
	267	* there is no handling for this case in SMIME_crlf_copy().
	268	*/
	269	if (!TEST_true(i2d_ASN1_bio_stream(out, (ASN1_VALUE*) p7, bio,
	270	SMIME_STREAM \| SMIME_BINARY,
	271	ASN1_ITEM_rptr(PKCS7))))
	272	goto finish;
	273
	274	if (!TEST_int_eq(error_callback_fired, 1))
	275	goto finish;
	276
	277	ok = 1;
	278
	279	finish:
	280	BIO_free(bio);
	281	BIO_free(out);
	282	PKCS7_free(p7);
220	283	return ok;
221	284	}
222	285

235	298	ADD_TEST(test_bio_rdonly_mem_buf);
236	299	ADD_TEST(test_bio_rdwr_rdonly);
237	300	ADD_TEST(test_bio_nonclear_rst);
	301	ADD_TEST(test_bio_i2d_ASN1_mime);
238	302	return 1;
239	303	}

+76

-3

test/bntest.c less more

0	0	/*
1		* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

304	304	return st;
305	305	}
306	306
	307	static struct {
	308	int n, divisor, result, remainder;
	309	} signed_mod_tests[] = {
	310	{ 10, 3, 3, 1 },
	311	{ -10, 3, -3, -1 },
	312	{ 10, -3, -3, 1 },
	313	{ -10, -3, 3, -1 },
	314	};
	315
	316	static BIGNUM *set_signed_bn(int value)
	317	{
	318	BIGNUM *bn = BN_new();
	319
	320	if (bn == NULL)
	321	return NULL;
	322	if (!BN_set_word(bn, value < 0 ? -value : value)) {
	323	BN_free(bn);
	324	return NULL;
	325	}
	326	BN_set_negative(bn, value < 0);
	327	return bn;
	328	}
	329
	330	static int test_signed_mod_replace_ab(int n)
	331	{
	332	BIGNUM a = NULL, b = NULL, c = NULL, d = NULL;
	333	int st = 0;
	334
	335	if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
	336	\|\| !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
	337	\|\| !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
	338	\|\| !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
	339	goto err;
	340
	341	if (TEST_true(BN_div(a, b, a, b, ctx))
	342	&& TEST_BN_eq(a, c)
	343	&& TEST_BN_eq(b, d))
	344	st = 1;
	345	err:
	346	BN_free(a);
	347	BN_free(b);
	348	BN_free(c);
	349	BN_free(d);
	350	return st;
	351	}
	352
	353	static int test_signed_mod_replace_ba(int n)
	354	{
	355	BIGNUM a = NULL, b = NULL, c = NULL, d = NULL;
	356	int st = 0;
	357
	358	if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n))
	359	\|\| !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor))
	360	\|\| !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result))
	361	\|\| !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder)))
	362	goto err;
	363
	364	if (TEST_true(BN_div(b, a, a, b, ctx))
	365	&& TEST_BN_eq(b, c)
	366	&& TEST_BN_eq(a, d))
	367	st = 1;
	368	err:
	369	BN_free(a);
	370	BN_free(b);
	371	BN_free(c);
	372	BN_free(d);
	373	return st;
	374	}
	375
307	376	static int test_mod(void)
308	377	{
309	378	BIGNUM a = NULL, b = NULL, c = NULL, d = NULL, *e = NULL;

325	394	BN_set_negative(b, rand_neg());
326	395	if (!(TEST_true(BN_mod(c, a, b, ctx))
327	396	&& TEST_true(BN_div(d, e, a, b, ctx))
328		&& TEST_true(BN_sub(e, e, c))
329		&& TEST_BN_eq_zero(e)))
	397	&& TEST_BN_eq(e, c)
	398	&& TEST_true(BN_mul(c, d, b, ctx))
	399	&& TEST_true(BN_add(d, c, e))
	400	&& TEST_BN_eq(d, a)))
330	401	goto err;
331	402	}
332	403	st = 1;

2758	2829	if (n == 0) {
2759	2830	ADD_TEST(test_sub);
2760	2831	ADD_TEST(test_div_recip);
	2832	ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests));
	2833	ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests));
2761	2834	ADD_TEST(test_mod);
2762	2835	ADD_TEST(test_modexp_mont5);
2763	2836	ADD_TEST(test_kronecker);

+16

-17

test/certs/ee-self-signed.pem less more

0	0	-----BEGIN CERTIFICATE-----
1		MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL
2		BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP
3		MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN
4		BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg
5		K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7
6		iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c
7		QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS
8		luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj
9		1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB
10		o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU
11		55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
12		B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm
13		WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO
14		h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG
15		G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf
16		vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o
17		ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM=
	1	MIICzzCCAbegAwIBAgIUBP7iEKPlKuinZGQNFxSY3IBIb0swDQYJKoZIhvcNAQEL
	2	BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwHhcNMjAwNjI4MTA1MTQ1WhcN
	3	MjAwNzI4MTA1MTQ1WjAZMRcwFQYDVQQDDA5lZS1zZWxmLXNpZ25lZDCCASIwDQYJ
	4	KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU
	5	fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC
	6	76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz
	7	BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl
	8	V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv
	9	0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaMP
	10	MA0wCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBiLmIUCGb+hmRGbmpO
	11	lDqEwiRVdxHBs4OSb3IA9QgU1QKUDRqn7q27RRelmzTXllubZZcX3K6o+dunRW5G
	12	d3f3FVr+3Z7wnmkQtC2y3NWtGuWNczss+6rMLzKvla5CjRiNPlSvluMNpcs7BJxI
	13	ppk1LxlaiYlQkDW32OPyxzXWDNv1ZkphcOcoCkHAagnq9x1SszvLTjAlo5XpYrm5
	14	CPgBOEnVwFCgne5Ab4QPTgkxPh/Ta508I/FKaPLJqci1EfGKipZkS7mMGTUJEeVK
	15	wZrn4z7RiTfJ4PdqO5iv8eOpt03fqdPEXQWe8DrKyfGM6/e369FaXMFhcd2ZxZy2
	16	WHoc
18	17	-----END CERTIFICATE-----

+10

-4

test/clienthellotest.c less more

0	0	/*
1		* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

44	44
45	45	static const char *sessionfile = NULL;
46	46	/* Dummy ALPN protocols used to pad out the size of the ClientHello */
	47	/* ASCII 'O' = 79 = 0x4F = EBCDIC '\|'*/
	48	#ifdef CHARSET_EBCDIC
47	49	static const char alpn_prots[] =
48		"0123456789012345678901234567890123456789012345678901234567890123456789"
49		"0123456789012345678901234567890123456789012345678901234567890123456789"
50		"01234567890123456789";
	50	"\|1234567890123456789012345678901234567890123456789012345678901234567890123456789"
	51	"\|1234567890123456789012345678901234567890123456789012345678901234567890123456789";
	52	#else
	53	static const char alpn_prots[] =
	54	"O1234567890123456789012345678901234567890123456789012345678901234567890123456789"
	55	"O1234567890123456789012345678901234567890123456789012345678901234567890123456789";
	56	#endif
51	57
52	58	static int test_client_hello(int currtest)
53	59	{

+52

-2

test/ectest.c less more

0	0	/*
1		* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
3	3	*
4	4	* Licensed under the OpenSSL license (the "License"). You may not use

1123	1123	BN_free(yplusone);
1124	1124	return r;
1125	1125	}
1126		# endif
	1126
	1127	static int hybrid_point_encoding_test(void)
	1128	{
	1129	BIGNUM x = NULL, y = NULL;
	1130	EC_GROUP *group = NULL;
	1131	EC_POINT *point = NULL;
	1132	unsigned char *buf = NULL;
	1133	size_t len;
	1134	int r = 0;
	1135
	1136	if (!TEST_true(BN_dec2bn(&x, "0"))
	1137	\|\| !TEST_true(BN_dec2bn(&y, "1"))
	1138	\|\| !TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_sect571k1))
	1139	\|\| !TEST_ptr(point = EC_POINT_new(group))
	1140	\|\| !TEST_true(EC_POINT_set_affine_coordinates(group, point, x, y, NULL))
	1141	\|\| !TEST_size_t_ne(0, (len = EC_POINT_point2oct(group,
	1142	point,
	1143	POINT_CONVERSION_HYBRID,
	1144	NULL,
	1145	0,
	1146	NULL)))
	1147	\|\| !TEST_ptr(buf = OPENSSL_malloc(len))
	1148	\|\| !TEST_size_t_eq(len, EC_POINT_point2oct(group,
	1149	point,
	1150	POINT_CONVERSION_HYBRID,
	1151	buf,
	1152	len,
	1153	NULL)))
	1154	goto err;
	1155
	1156	r = 1;
	1157
	1158	/* buf contains a valid hybrid point, check that we can decode it. */
	1159	if (!TEST_true(EC_POINT_oct2point(group, point, buf, len, NULL)))
	1160	r = 0;
	1161
	1162	/* Flip the y_bit and verify that the invalid encoding is rejected. */
	1163	buf[0] ^= 1;
	1164	if (!TEST_false(EC_POINT_oct2point(group, point, buf, len, NULL)))
	1165	r = 0;
	1166
	1167	err:
	1168	BN_free(x);
	1169	BN_free(y);
	1170	EC_GROUP_free(group);
	1171	EC_POINT_free(point);
	1172	OPENSSL_free(buf);
	1173	return r;
	1174	}
	1175	#endif
1127	1176
1128	1177	static int internal_curve_test(int n)
1129	1178	{

2194	2243	ADD_ALL_TESTS(cardinality_test, crv_len);
2195	2244	ADD_TEST(prime_field_tests);
2196	2245	# ifndef OPENSSL_NO_EC2M
	2246	ADD_TEST(hybrid_point_encoding_test);
2197	2247	ADD_TEST(char2_field_tests);
2198	2248	ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
2199	2249	# endif

+594

-2

test/evp_extra_test.c less more

0	0	/*
1		* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

319	319	};
320	320	#endif
321	321
	322	static const unsigned char kCFBDefaultKey[] = {
	323	0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
	324	0x09, 0xCF, 0x4F, 0x3C
	325	};
	326
	327	static const unsigned char kGCMDefaultKey[32] = { 0 };
	328
	329	static const unsigned char kGCMResetKey[] = {
	330	0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
	331	0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
	332	0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
	333	};
	334
	335	static const unsigned char iCFBIV[] = {
	336	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
	337	0x0C, 0x0D, 0x0E, 0x0F
	338	};
	339
	340	static const unsigned char iGCMDefaultIV[12] = { 0 };
	341
	342	static const unsigned char iGCMResetIV1[] = {
	343	0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
	344	};
	345
	346	static const unsigned char iGCMResetIV2[] = {
	347	0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
	348	};
	349
	350	static const unsigned char cfbPlaintext[] = {
	351	0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
	352	0x73, 0x93, 0x17, 0x2A
	353	};
	354
	355	static const unsigned char gcmDefaultPlaintext[16] = { 0 };
	356
	357	static const unsigned char gcmResetPlaintext[] = {
	358	0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
	359	0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
	360	0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
	361	0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
	362	0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
	363	};
	364
	365	static const unsigned char cfbCiphertext[] = {
	366	0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
	367	0xE8, 0x3C, 0xFB, 0x4A
	368	};
	369
	370	static const unsigned char gcmDefaultCiphertext[] = {
	371	0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
	372	0xba, 0xf3, 0x9d, 0x18
	373	};
	374
	375	static const unsigned char gcmResetCiphertext1[] = {
	376	0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
	377	0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
	378	0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
	379	0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
	380	0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
	381	};
	382
	383	static const unsigned char gcmResetCiphertext2[] = {
	384	0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
	385	0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
	386	0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
	387	0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
	388	0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
	389	};
	390
	391	static const unsigned char gcmAAD[] = {
	392	0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
	393	0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
	394	};
	395
	396	static const unsigned char gcmDefaultTag[] = {
	397	0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
	398	0xd4, 0x8a, 0xb9, 0x19
	399	};
	400
	401	static const unsigned char gcmResetTag1[] = {
	402	0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
	403	0xfe, 0x2e, 0xa8, 0xf2
	404	};
	405
	406	static const unsigned char gcmResetTag2[] = {
	407	0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
	408	0xbb, 0x2d, 0x55, 0x1b
	409	};
	410
	411
322	412	typedef struct APK_DATA_st {
323	413	const unsigned char *kder;
324	414	size_t size;

328	418	int param_check;
329	419	int type; /* 0 for private, 1 for public, 2 for params */
330	420	} APK_DATA;
	421
	422	typedef struct {
	423	const char *cipher;
	424	const unsigned char *key;
	425	const unsigned char *iv;
	426	const unsigned char *input;
	427	const unsigned char *expected;
	428	const unsigned char *tag;
	429	size_t ivlen; /* 0 if we do not need to set a specific IV len */
	430	size_t inlen;
	431	size_t expectedlen;
	432	size_t taglen;
	433	int keyfirst;
	434	int initenc;
	435	int finalenc;
	436	} EVP_INIT_TEST_st;
	437
	438	static const EVP_INIT_TEST_st evp_init_tests[] = {
	439	{
	440	"aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
	441	cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
	442	0, 1, 0, 1
	443	},
	444	{
	445	"aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
	446	gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
	447	sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
	448	sizeof(gcmDefaultTag), 1, 0, 1
	449	},
	450	{
	451	"aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
	452	cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
	453	0, 0, 0, 1
	454	},
	455	{
	456	"aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
	457	gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
	458	sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
	459	sizeof(gcmDefaultTag), 0, 0, 1
	460	},
	461	{
	462	"aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
	463	cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
	464	0, 1, 1, 0
	465	},
	466	{
	467	"aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
	468	gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
	469	sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
	470	sizeof(gcmDefaultTag), 1, 1, 0
	471	},
	472	{
	473	"aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
	474	cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
	475	0, 0, 1, 0
	476	},
	477	{
	478	"aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
	479	gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
	480	sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
	481	sizeof(gcmDefaultTag), 0, 1, 0
	482	}
	483	};
	484
	485	static int evp_init_seq_set_iv(EVP_CIPHER_CTX ctx, const EVP_INIT_TEST_st t)
	486	{
	487	int res = 0;
	488
	489	if (t->ivlen != 0) {
	490	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
	491	goto err;
	492	}
	493	if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
	494	goto err;
	495	res = 1;
	496	err:
	497	return res;
	498	}
	499
	500	/*
	501	* Test step-wise cipher initialization via EVP_CipherInit_ex where the
	502	* arguments are given one at a time and a final adjustment to the enc
	503	* parameter sets the correct operation.
	504	*/
	505	static int test_evp_init_seq(int idx)
	506	{
	507	int outlen1, outlen2;
	508	int testresult = 0;
	509	unsigned char outbuf[1024];
	510	unsigned char tag[16];
	511	const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
	512	EVP_CIPHER_CTX *ctx = NULL;
	513	const EVP_CIPHER *type = NULL;
	514	size_t taglen = sizeof(tag);
	515	char *errmsg = NULL;
	516
	517	ctx = EVP_CIPHER_CTX_new();
	518	if (ctx == NULL) {
	519	errmsg = "CTX_ALLOC";
	520	goto err;
	521	}
	522	if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) {
	523	errmsg = "GET_CIPHERBYNAME";
	524	goto err;
	525	}
	526	if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
	527	errmsg = "EMPTY_ENC_INIT";
	528	goto err;
	529	}
	530	if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
	531	errmsg = "PADDING";
	532	goto err;
	533	}
	534	if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
	535	errmsg = "KEY_INIT (before iv)";
	536	goto err;
	537	}
	538	if (!evp_init_seq_set_iv(ctx, t)) {
	539	errmsg = "IV_INIT";
	540	goto err;
	541	}
	542	if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
	543	errmsg = "KEY_INIT (after iv)";
	544	goto err;
	545	}
	546	if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
	547	errmsg = "FINAL_ENC_INIT";
	548	goto err;
	549	}
	550	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
	551	errmsg = "CIPHER_UPDATE";
	552	goto err;
	553	}
	554	if (t->finalenc == 0 && t->tag != NULL) {
	555	/* Set expected tag */
	556	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
	557	t->taglen, (void *)t->tag))) {
	558	errmsg = "SET_TAG";
	559	goto err;
	560	}
	561	}
	562	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	563	errmsg = "CIPHER_FINAL";
	564	goto err;
	565	}
	566	if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
	567	errmsg = "WRONG_RESULT";
	568	goto err;
	569	}
	570	if (t->finalenc != 0 && t->tag != NULL) {
	571	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
	572	errmsg = "GET_TAG";
	573	goto err;
	574	}
	575	if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
	576	errmsg = "TAG_ERROR";
	577	goto err;
	578	}
	579	}
	580	testresult = 1;
	581	err:
	582	if (errmsg != NULL)
	583	TEST_info("evp_init_test %d: %s", idx, errmsg);
	584	EVP_CIPHER_CTX_free(ctx);
	585	return testresult;
	586	}
	587
	588	typedef struct {
	589	const unsigned char *input;
	590	const unsigned char *expected;
	591	size_t inlen;
	592	size_t expectedlen;
	593	int enc;
	594	} EVP_RESET_TEST_st;
	595
	596	static const EVP_RESET_TEST_st evp_reset_tests[] = {
	597	{
	598	cfbPlaintext, cfbCiphertext,
	599	sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
	600	},
	601	{
	602	cfbCiphertext, cfbPlaintext,
	603	sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
	604	}
	605	};
	606
	607	/*
	608	* Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
	609	* been used.
	610	*/
	611	static int test_evp_reset(int idx)
	612	{
	613	const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
	614	int outlen1, outlen2;
	615	int testresult = 0;
	616	unsigned char outbuf[1024];
	617	EVP_CIPHER_CTX *ctx = NULL;
	618	const EVP_CIPHER *type = NULL;
	619	char *errmsg = NULL;
	620
	621	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
	622	errmsg = "CTX_ALLOC";
	623	goto err;
	624	}
	625	if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) {
	626	errmsg = "GET_CIPHERBYNAME";
	627	goto err;
	628	}
	629	if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
	630	errmsg = "CIPHER_INIT";
	631	goto err;
	632	}
	633	if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
	634	errmsg = "PADDING";
	635	goto err;
	636	}
	637	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
	638	errmsg = "CIPHER_UPDATE";
	639	goto err;
	640	}
	641	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	642	errmsg = "CIPHER_FINAL";
	643	goto err;
	644	}
	645	if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
	646	errmsg = "WRONG_RESULT";
	647	goto err;
	648	}
	649	if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
	650	errmsg = "CIPHER_REINIT";
	651	goto err;
	652	}
	653	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
	654	errmsg = "CIPHER_UPDATE (reinit)";
	655	goto err;
	656	}
	657	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	658	errmsg = "CIPHER_FINAL (reinit)";
	659	goto err;
	660	}
	661	if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
	662	errmsg = "WRONG_RESULT (reinit)";
	663	goto err;
	664	}
	665	testresult = 1;
	666	err:
	667	if (errmsg != NULL)
	668	TEST_info("test_evp_reset %d: %s", idx, errmsg);
	669	EVP_CIPHER_CTX_free(ctx);
	670	return testresult;
	671	}
	672
	673	typedef struct {
	674	const unsigned char *iv1;
	675	const unsigned char *iv2;
	676	const unsigned char *expected1;
	677	const unsigned char *expected2;
	678	const unsigned char *tag1;
	679	const unsigned char *tag2;
	680	size_t ivlen1;
	681	size_t ivlen2;
	682	size_t expectedlen1;
	683	size_t expectedlen2;
	684	} TEST_GCM_IV_REINIT_st;
	685
	686	static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
	687	{
	688	iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
	689	gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
	690	sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
	691	},
	692	{
	693	iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
	694	gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
	695	sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
	696	}
	697	};
	698
	699	static int test_gcm_reinit(int idx)
	700	{
	701	int outlen1, outlen2, outlen3;
	702	int testresult = 0;
	703	unsigned char outbuf[1024];
	704	unsigned char tag[16];
	705	const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
	706	EVP_CIPHER_CTX *ctx = NULL;
	707	const EVP_CIPHER *type = NULL;
	708	size_t taglen = sizeof(tag);
	709	char *errmsg = NULL;
	710
	711	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
	712	errmsg = "CTX_ALLOC";
	713	goto err;
	714	}
	715	if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) {
	716	errmsg = "GET_CIPHERBYNAME";
	717	goto err;
	718	}
	719	if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
	720	errmsg = "ENC_INIT";
	721	goto err;
	722	}
	723	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
	724	errmsg = "SET_IVLEN1";
	725	goto err;
	726	}
	727	if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
	728	errmsg = "SET_IV1";
	729	goto err;
	730	}
	731	if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
	732	errmsg = "AAD1";
	733	goto err;
	734	}
	735	EVP_CIPHER_CTX_set_padding(ctx, 0);
	736	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
	737	sizeof(gcmResetPlaintext)))) {
	738	errmsg = "CIPHER_UPDATE1";
	739	goto err;
	740	}
	741	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	742	errmsg = "CIPHER_FINAL1";
	743	goto err;
	744	}
	745	if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
	746	errmsg = "WRONG_RESULT1";
	747	goto err;
	748	}
	749	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
	750	errmsg = "GET_TAG1";
	751	goto err;
	752	}
	753	if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
	754	errmsg = "TAG_ERROR1";
	755	goto err;
	756	}
	757	/* Now reinit */
	758	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
	759	errmsg = "SET_IVLEN2";
	760	goto err;
	761	}
	762	if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
	763	errmsg = "SET_IV2";
	764	goto err;
	765	}
	766	if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
	767	errmsg = "AAD2";
	768	goto err;
	769	}
	770	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
	771	sizeof(gcmResetPlaintext)))) {
	772	errmsg = "CIPHER_UPDATE2";
	773	goto err;
	774	}
	775	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	776	errmsg = "CIPHER_FINAL2";
	777	goto err;
	778	}
	779	if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
	780	errmsg = "WRONG_RESULT2";
	781	goto err;
	782	}
	783	if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
	784	errmsg = "GET_TAG2";
	785	goto err;
	786	}
	787	if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
	788	errmsg = "TAG_ERROR2";
	789	goto err;
	790	}
	791	testresult = 1;
	792	err:
	793	if (errmsg != NULL)
	794	TEST_info("evp_init_test %d: %s", idx, errmsg);
	795	EVP_CIPHER_CTX_free(ctx);
	796	return testresult;
	797	}
	798
	799	typedef struct {
	800	const char *cipher;
	801	int enc;
	802	} EVP_UPDATED_IV_TEST_st;
	803
	804	static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
	805	{
	806	"aes-128-cfb", 1
	807	},
	808	{
	809	"aes-128-cfb", 0
	810	},
	811	{
	812	"aes-128-cfb1", 1
	813	},
	814	{
	815	"aes-128-cfb1", 0
	816	},
	817	{
	818	"aes-128-cfb128", 1
	819	},
	820	{
	821	"aes-128-cfb128", 0
	822	},
	823	{
	824	"aes-128-cfb8", 1
	825	},
	826	{
	827	"aes-128-cfb8", 0
	828	},
	829	{
	830	"aes-128-ofb", 1
	831	},
	832	{
	833	"aes-128-ofb", 0
	834	},
	835	{
	836	"aes-128-ctr", 1
	837	},
	838	{
	839	"aes-128-ctr", 0
	840	},
	841	{
	842	"aes-128-cbc", 1
	843	},
	844	{
	845	"aes-128-cbc", 0
	846	}
	847	};
	848
	849	/*
	850	* Test that the IV in the context is updated during a crypto operation for CFB
	851	* and OFB.
	852	*/
	853	static int test_evp_updated_iv(int idx)
	854	{
	855	const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
	856	int outlen1, outlen2;
	857	int testresult = 0;
	858	unsigned char outbuf[1024];
	859	EVP_CIPHER_CTX *ctx = NULL;
	860	const EVP_CIPHER *type = NULL;
	861	const unsigned char *updated_iv;
	862	int iv_len;
	863	char *errmsg = NULL;
	864
	865	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
	866	errmsg = "CTX_ALLOC";
	867	goto err;
	868	}
	869	if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) {
	870	TEST_info("cipher %s not supported, skipping", t->cipher);
	871	goto ok;
	872	}
	873	if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
	874	errmsg = "CIPHER_INIT";
	875	goto err;
	876	}
	877	if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
	878	errmsg = "PADDING";
	879	goto err;
	880	}
	881	if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
	882	errmsg = "CIPHER_UPDATE";
	883	goto err;
	884	}
	885	if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) {
	886	errmsg = "CIPHER_CTX_IV";
	887	goto err;
	888	}
	889	if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) {
	890	errmsg = "CIPHER_CTX_IV_LEN";
	891	goto err;
	892	}
	893	if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
	894	errmsg = "IV_NOT_UPDATED";
	895	goto err;
	896	}
	897	if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
	898	errmsg = "CIPHER_FINAL";
	899	goto err;
	900	}
	901	ok:
	902	testresult = 1;
	903	err:
	904	if (errmsg != NULL)
	905	TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
	906	EVP_CIPHER_CTX_free(ctx);
	907	return testresult;
	908	}
331	909
332	910	static APK_DATA keydata[] = {
333	911	{kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},

817	1395	} keys[] = {
818	1396	{
819	1397	EVP_PKEY_HMAC, "0123456789", NULL
	1398	#ifndef OPENSSL_NO_POLY1305
820	1399	}, {
821	1400	EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
	1401	#endif
	1402	#ifndef OPENSSL_NO_SIPHASH
822	1403	}, {
823	1404	EVP_PKEY_SIPHASH, "0123456789012345", NULL
	1405	#endif
824	1406	},
825	1407	#ifndef OPENSSL_NO_EC
826	1408	{

850	1432	EVP_PKEY *pkey;
851	1433
852	1434	/* Check if this algorithm supports public keys */
853		if (keys[tst].pub == NULL)
	1435	if (pub && keys[tst].pub == NULL)
854	1436	return 1;
855	1437
856	1438	memset(buf, 0, sizeof(buf));
857	1439
858	1440	if (pub) {
	1441	#ifndef OPENSSL_NO_EC
859	1442	inlen = strlen(keys[tst].pub);
860	1443	in = (unsigned char *)keys[tst].pub;
861	1444	pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
862	1445	NULL,
863	1446	in,
864	1447	inlen);
	1448	#else
	1449	return 1;
	1450	#endif
865	1451	} else {
866	1452	inlen = strlen(keys[tst].priv);
867	1453	in = (unsigned char *)keys[tst].priv;

872	1458	}
873	1459
874	1460	if (!TEST_ptr(pkey)
	1461	\|\| !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1)
875	1462	\|\| (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
876	1463	\|\| (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
877	1464	\|\| !TEST_true(len == inlen)

1208	1795	ADD_TEST(test_EVP_PKEY_set1_DH);
1209	1796	#endif
1210	1797
	1798	ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
	1799	ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
	1800	ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
	1801	ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
	1802
1211	1803	return 1;
1212	1804	}

+26

-3

test/recipes/25-test_req.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

46	46	ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
47	47
48	48	subtest "generating certificate requests with RSA" => sub {
49		plan tests => 2;
	49	plan tests => 6;
50	50
51	51	SKIP: {
52	52	skip "RSA is not supported by this OpenSSL build", 2

62	62	"-config", srctop_file("test", "test.cnf"),
63	63	"-verify", "-in", "testreq.pem", "-noout"])),
64	64	"Verifying signature on request");
	65
	66	ok(run(app(["openssl", "req",
	67	"-config", srctop_file("test", "test.cnf"),
	68	"-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
	69	"-key", srctop_file("test", "testrsa_withattrs.pem")])),
	70	"Generating request from a key with extra attributes - PEM");
	71
	72	ok(run(app(["openssl", "req",
	73	"-config", srctop_file("test", "test.cnf"),
	74	"-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
	75	"Verifying signature on request from a key with extra attributes - PEM");
	76
	77	ok(run(app(["openssl", "req",
	78	"-config", srctop_file("test", "test.cnf"),
	79	"-new", "-out", "testreq_withattrs_der.pem", "-utf8",
	80	"-key", srctop_file("test", "testrsa_withattrs.der"),
	81	"-keyform", "DER"])),
	82	"Generating request from a key with extra attributes - PEM");
	83
	84	ok(run(app(["openssl", "req",
	85	"-config", srctop_file("test", "test.cnf"),
	86	"-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
	87	"Verifying signature on request from a key with extra attributes - PEM");
65	88	}
66	89	};
67	90

164	187	run_conversion('req conversions -- testreq2',
165	188	srctop_file("test", "testreq2.pem"));
166	189
167		unlink "testkey.pem", "testreq.pem";
	190	unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
168	191
169	192	sub run_conversion {
170	193	my $title = shift;

+2

-1

test/recipes/25-test_verify.t less more

395	395	ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
396	396	"Public Key Algorithm rsa instead of rsaEncryption");
397	397
398		ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
	398	ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], [],
	399	"-attime", "1593565200"),
399	400	"accept trusted self-signed EE cert excluding key usage keyCertSign");
400	401
401	402	SKIP: {

+11

-1

test/recipes/30-test_evp_data/evppkey.txt less more

0	0	#
1		# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

18443	18443	Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197
18444	18444	Output = "The floofy bunnies hop at midnight"
18445	18445
	18446	# Test with an C1y value < 32 bytes in length (self generated)
	18447	Decrypt = SM2_key1
	18448	Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6
	18449	Output = "Hello World"
	18450
	18451	# Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated)
	18452	Decrypt = SM2_key1
	18453	Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533
	18454	Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah."
	18455
18446	18456	# This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface
18447	18457	# is capable of creating a signature without failing, but it does not say
18448	18458	# anything about the generated signature being valid, nor does it test the

+6

-8

test/recipes/70-test_tls13kexmodes.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

194	194	plan tests => 11;
195	195	ok(TLSProxy::Message->success(), "Initial connection");
196	196
197		#Test 2: Attempt a resume with no kex modes extension. Should not resume
	197	#Test 2: Attempt a resume with no kex modes extension. Should fail (server
	198	# MUST abort handshake with pre_shared key and no psk_kex_modes)
198	199	$proxy->clear();
199	200	$proxy->clientflags("-sess_in ".$session);
200	201	my $testtype = DELETE_EXTENSION;
201	202	$proxy->filter(\&modify_kex_modes_filter);
202	203	$proxy->start();
203		checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
204		checkhandshake::DEFAULT_EXTENSIONS
205		\| checkhandshake::KEY_SHARE_SRV_EXTENSION
206		\| checkhandshake::PSK_CLI_EXTENSION,
207		"Resume with no kex modes");
	204	ok(TLSProxy::Message->fail(), "Resume with no kex modes");
208	205
209	206	#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
210	207	# extension is invalid)

242	239	"Resume with non-dhe kex mode");
243	240
244	241	#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
	242	# but rather fall back to full handshake
245	243	$proxy->clear();
246	244	$proxy->clientflags("-sess_in ".$session);
247	245	$testtype = UNKNOWN_KEX_MODES;

251	249	\| checkhandshake::PSK_KEX_MODES_EXTENSION
252	250	\| checkhandshake::KEY_SHARE_SRV_EXTENSION
253	251	\| checkhandshake::PSK_CLI_EXTENSION,
254		"Resume with empty kex modes");
	252	"Resume with unrecognized kex mode");
255	253
256	254	#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
257	255	# a key_share

+11

-3

test/recipes/80-test_ssl_old.t less more

0	0	#! /usr/bin/env perl
1		# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

475	475	subtest 'RSA/(EC)DHE/PSK tests' => sub {
476	476	######################################################################
477	477
478		plan tests => 5;
	478	plan tests => 6;
479	479
480	480	SKIP: {
481		skip "TLSv1.0 is not supported by this OpenSSL build", 5
	481	skip "TLSv1.0 is not supported by this OpenSSL build", 6
482	482	if $no_tls1;
483	483
484	484	SKIP: {

512	512
513	513	ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
514	514	'test tls1 with PSK via BIO pair');
	515	}
	516
	517	SKIP: {
	518	skip "skipping auto PSK tests", 1
	519	if ($no_dh \|\| $no_psk \|\| $no_ec);
	520
	521	ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
	522	'test auto DH meets security strength');
515	523	}
516	524	}
517	525

+4

-5

test/rsa_test.c less more

305	305	int ret = 0;
306	306	RSA *key = NULL;
307	307	unsigned char ptext[256];
308		unsigned char ctext[256];
309	308	static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
310	309	unsigned char ctext_ex[256];
311	310	int plen;

327	326
328	327	/* Try decrypting corrupted ciphertexts. */
329	328	for (n = 0; n < clen; ++n) {
330		ctext[n] ^= 1;
331		num = RSA_private_decrypt(clen, ctext, ptext, key,
	329	ctext_ex[n] ^= 1;
	330	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
332	331	RSA_PKCS1_OAEP_PADDING);
333	332	if (!TEST_int_le(num, 0))
334	333	goto err;
335		ctext[n] ^= 1;
	334	ctext_ex[n] ^= 1;
336	335	}
337	336
338	337	/* Test truncated ciphertexts, as well as negative length. */
339	338	for (n = -1; n < clen; ++n) {
340		num = RSA_private_decrypt(n, ctext, ptext, key,
	339	num = RSA_private_decrypt(n, ctext_ex, ptext, key,
341	340	RSA_PKCS1_OAEP_PADDING);
342	341	if (!TEST_int_le(num, 0))
343	342	goto err;

+2

-2

test/sm2_internal_test.c less more

0	0	/*
1		* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

184	184	if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len))
185	185	goto done;
186	186
187		if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len))
	187	if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len))
188	188	\|\| !TEST_int_eq(ptext_len, msg_len))
189	189	goto done;
190	190

+120

-3

test/sslapitest.c less more

0	0	/*
1		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

16	16	#include <openssl/srp.h>
17	17	#include <openssl/txt_db.h>
18	18	#include <openssl/aes.h>
	19	#include <openssl/x509v3.h>
19	20
20	21	#include "ssltestlib.h"
21	22	#include "testutil.h"

1825	1826
1826	1827	/* Verify changing the rbio/wbio directly does not cause leaks */
1827	1828	if (change_bio != NO_BIO_CHANGE) {
1828		if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
1829		goto end;
	1829	if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) {
	1830	ssl = NULL;
	1831	goto end;
	1832	}
1830	1833	if (change_bio == CHANGE_RBIO)
1831	1834	SSL_set0_rbio(ssl, membio2);
1832	1835	else

6712	6715	return testresult;
6713	6716	}
6714	6717	#endif
	6718	/*
	6719	* Test that setting an ALPN does not violate RFC
	6720	*/
	6721	static int test_set_alpn(void)
	6722	{
	6723	SSL_CTX *ctx = NULL;
	6724	SSL *ssl = NULL;
	6725	int testresult = 0;
	6726
	6727	unsigned char bad0[] = { 0x00, 'b', 'a', 'd' };
	6728	unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' };
	6729	unsigned char bad1[] = { 0x01, 'b', 'a', 'd' };
	6730	unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00};
	6731	unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'};
	6732	unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'};
	6733
	6734	/* Create an initial SSL_CTX with no certificate configured */
	6735	ctx = SSL_CTX_new(TLS_server_method());
	6736	if (!TEST_ptr(ctx))
	6737	goto end;
	6738
	6739	/* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */
	6740	if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, NULL, 2)))
	6741	goto end;
	6742	if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, 0)))
	6743	goto end;
	6744	if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, sizeof(good))))
	6745	goto end;
	6746	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, good, 1)))
	6747	goto end;
	6748	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad0, sizeof(bad0))))
	6749	goto end;
	6750	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad1, sizeof(bad1))))
	6751	goto end;
	6752	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad2, sizeof(bad2))))
	6753	goto end;
	6754	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad3, sizeof(bad3))))
	6755	goto end;
	6756	if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad4, sizeof(bad4))))
	6757	goto end;
	6758
	6759	ssl = SSL_new(ctx);
	6760	if (!TEST_ptr(ssl))
	6761	goto end;
	6762
	6763	if (!TEST_false(SSL_set_alpn_protos(ssl, NULL, 2)))
	6764	goto end;
	6765	if (!TEST_false(SSL_set_alpn_protos(ssl, good, 0)))
	6766	goto end;
	6767	if (!TEST_false(SSL_set_alpn_protos(ssl, good, sizeof(good))))
	6768	goto end;
	6769	if (!TEST_true(SSL_set_alpn_protos(ssl, good, 1)))
	6770	goto end;
	6771	if (!TEST_true(SSL_set_alpn_protos(ssl, bad0, sizeof(bad0))))
	6772	goto end;
	6773	if (!TEST_true(SSL_set_alpn_protos(ssl, bad1, sizeof(bad1))))
	6774	goto end;
	6775	if (!TEST_true(SSL_set_alpn_protos(ssl, bad2, sizeof(bad2))))
	6776	goto end;
	6777	if (!TEST_true(SSL_set_alpn_protos(ssl, bad3, sizeof(bad3))))
	6778	goto end;
	6779	if (!TEST_true(SSL_set_alpn_protos(ssl, bad4, sizeof(bad4))))
	6780	goto end;
	6781
	6782	testresult = 1;
	6783
	6784	end:
	6785	SSL_free(ssl);
	6786	SSL_CTX_free(ctx);
	6787	return testresult;
	6788	}
	6789
	6790	static int test_inherit_verify_param(void)
	6791	{
	6792	int testresult = 0;
	6793
	6794	SSL_CTX *ctx = NULL;
	6795	X509_VERIFY_PARAM *cp = NULL;
	6796	SSL *ssl = NULL;
	6797	X509_VERIFY_PARAM *sp = NULL;
	6798	int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
	6799
	6800	ctx = SSL_CTX_new(TLS_server_method());
	6801	if (!TEST_ptr(ctx))
	6802	goto end;
	6803
	6804	cp = SSL_CTX_get0_param(ctx);
	6805	if (!TEST_ptr(cp))
	6806	goto end;
	6807	if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0))
	6808	goto end;
	6809
	6810	X509_VERIFY_PARAM_set_hostflags(cp, hostflags);
	6811
	6812	ssl = SSL_new(ctx);
	6813	if (!TEST_ptr(ssl))
	6814	goto end;
	6815
	6816	sp = SSL_get0_param(ssl);
	6817	if (!TEST_ptr(sp))
	6818	goto end;
	6819	if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags))
	6820	goto end;
	6821
	6822	testresult = 1;
	6823
	6824	end:
	6825	SSL_free(ssl);
	6826	SSL_CTX_free(ctx);
	6827
	6828	return testresult;
	6829	}
6715	6830
6716	6831	int setup_tests(void)
6717	6832	{

6839	6954	#ifndef OPENSSL_NO_TLS1_3
6840	6955	ADD_TEST(test_sni_tls13);
6841	6956	#endif
	6957	ADD_TEST(test_set_alpn);
	6958	ADD_TEST(test_inherit_verify_param);
6842	6959	return 1;
6843	6960	}
6844	6961

test/testrsa_withattrs.der less more

Binary diff not shown

+29

-0

test/testrsa_withattrs.pem less more

	0	-----BEGIN PRIVATE KEY-----
	1	MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDsh7QWxhftrqng
	2	RC3Ms+HxH2NFCX1sRoiIV4cYK2z0DQdEiNpFdpHlcs3weTuudcpr8XursodVFMTB
	3	eHjROhgwO/LT9xReEUiaoHJgfv6KcKcxEvntCjQkzGhkw03OH5VYdtTRAbwpwcYt
	4	groPiZ2STINpQOmFabzai+K+3rddwTGkkca3C5kY7KOMlnt9IuvmycksRqH6MPKz
	5	P5QbztlgY95rtra+OEzKLYQ1ux6hkaUlpxT5eGKfzYdccwKJWa0dUXyT/8F6rpTm
	6	Zbz3BxdKGAWMywaTfh5ywhNmVNTeIumxIRc3+PInn0rqKTaDrWylxiBdb3t27HxQ
	7	InDZmPwdAgMBAAECggEBAMTRrzN8JxEq1ES/tvStgodoPOyHlwxwLNB3NP0RtZnm
	8	9XM8BZTjs0egnmlKGDV14riruuMGrcJIg+kR3EcN9m68k7V51kLoUugINuTBCAIe
	9	96DIT5vFb9pnFT8znRy1/0obp787mF2O1t+r9jNTqgDBFmCRGUBg2jtpR4bYQPEL
	10	ZjXMDPcsmOlmbBdsyQvjlOHqXjCoUWwOCBEZdtaLzxaOPrBW5Jh2h3Xz1pV3NdZ/
	11	xufAYRhpJamPNiSipRehBZAeQP2ZAyHj/5x3tgEcA+C04Ki8NvuwJx/6T/lGKD+1
	12	x3DKsniNi6fEbGlpST/Zp1GY4WyVPcrLa8JxyO+UagECgYEA+gvBBI+LSK5enPXu
	13	WooEQP17fKzdZG7Cic8TfTPbtBIcXjNQFLHjFoBNk+TBFCjZma7L+fEcKcDm+Bg1
	14	qa4xihOP6BoQqHXZZNZ+9ZU96MPmI9Zb60CMG9lM1VVhSqrm2n3Q+tefod/a2bQk
	15	oz8QsdpsUFqVFCF5l+Tb6lp2QN0CgYEA8imPEml6LG35snBY1H6t0ASCHT1oFdHP
	16	o01WKQas/tuLO+pMfZrA0zLZBExxZuUJloC6COsTcOrlK+hGM60Ab6TgSPbUvYqH
	17	8yMV7SYLvheEngqIiFExmHg79mxnys3Rgv9KMxAV2Ip2wBrBMwUOaURU9pUKXlIN
	18	xiaUuevSVEECgYEA0Dbrcs3JUSuKM7AC3DfjlO6/XrFf5hrpOfJKq058m/Uc1EBs
	19	Zd8/V2RdtVKeiRf/Ix9QUYA6UHaGnn8iaHpaXD0v7zmNN4pzDaojrIKrO+GtCZid
	20	kEd+pE4N0fO4AYJQnA567/aPwi7zQaflfl6smz1kRoE3dLzvUNHNYtgTcq0CgYAm
	21	Op1VgMVCwlHK86VyVlVGI5AO4aTO3QJ0ez8A1wb0bOA8Iy7UHVwXe017Oj4kyj+L
	22	POMhiUrWZp6rIc4DVmpdNaAapKzNB1OS9JT/jSQJbFkJQgxvyLGVqlV8/3wbLgbH
	23	MVobWYy5VJKOnSqmzUOLJrhq/PhYD4gRIgIUn7/igQKBgQCptqrREOq9fXDEpozC
	24	39TL4vDrKJWpB1uK6pBEjgEVD/+tcfziVN40j5hnNFDUu/8kxxp9/4w8mPjdJ0CF
	25	hWIvrXasjnnFehy6IewWCljNH5CfOM64rDoXaF+ESIM4rLBHbQ8KYvaKkMjOcdNB
	26	JG1sRWVU01AwEhnvxS1zbyBtiqA4MDYGCCqFAwIJAwgBMSoEKBqiSOXm8r5I7hEA
	27	+gglN/s0bbRCnzopEhuEorpcnDXrktVtjQrmMi0=
	28	-----END PRIVATE KEY-----

+7

-5

test/x509_time_test.c less more

0	0	/*
1		* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
	1	* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	*
3	3	* Licensed under the OpenSSL license (the "License"). You may not use
4	4	* this file except in compliance with the License. You can obtain a copy

329	329
330	330	/* if t is not NULL but expected_string is NULL, it is an 'OK' case too */
331	331	if (t != NULL && x509_format_tests[idx].expected_string) {
332		if (!TEST_str_eq((const char *)t->data,
333		x509_format_tests[idx].expected_string)) {
334		TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n",
335		idx, x509_format_tests[idx].expected_string, t->data);
	332	if (!TEST_mem_eq((const char *)t->data, t->length,
	333	x509_format_tests[idx].expected_string,
	334	strlen(x509_format_tests[idx].expected_string))) {
	335	TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n",
	336	idx, x509_format_tests[idx].expected_string, t->length,
	337	t->data);
336	338	goto out;
337	339	}
338	340	}

+3

-2

util/mkdir-p.pl less more

0	0	#! /usr/bin/env perl
1		# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
	1	# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
2	2	#
3	3	# Licensed under the OpenSSL license (the "License"). You may not use
4	4	# this file except in compliance with the License. You can obtain a copy

33	33	}
34	34
35	35	unless (mkdir($dir, 0777)) {
	36	local($err) = $!;
36	37	if (-d $dir) {
37	38	# We raced against another instance doing the same thing.
38	39	return;
39	40	}
40		die "Cannot create directory $dir: $!\n";
	41	die "Cannot create directory $dir: $err\n";
41	42	}
42	43	print "created directory `$dir'\n";
43	44	}