mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-01 14:14:56 +00:00
Update to OpenSSL 3.0.14
This release resolves 3 upstream found CVEs: - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511) MFC after: 3 days Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'
This commit is contained in:
commit
44096ebd22
|
@ -28,6 +28,72 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|||
|
||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||
|
||||
### Changes between 3.0.13 and 3.0.14 [4 Jun 2024]
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called.
|
||||
|
||||
The SSL_free_buffers function is used to free the internal OpenSSL
|
||||
buffer used when processing an incoming record from the network.
|
||||
The call is only expected to succeed if the buffer is not currently
|
||||
in use. However, two scenarios have been identified where the buffer
|
||||
is freed even when still in use.
|
||||
|
||||
The first scenario occurs where a record header has been received
|
||||
from the network and processed by OpenSSL, but the full record body
|
||||
has not yet arrived. In this case calling SSL_free_buffers will succeed
|
||||
even though a record has only been partially processed and the buffer
|
||||
is still in use.
|
||||
|
||||
The second scenario occurs where a full record containing application
|
||||
data has been received and processed by OpenSSL but the application has
|
||||
only read part of this data. Again a call to SSL_free_buffers will
|
||||
succeed even though the buffer is still in use.
|
||||
|
||||
([CVE-2024-4741])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fixed an issue where checking excessively long DSA keys or parameters may
|
||||
be very slow.
|
||||
|
||||
Applications that use the functions EVP_PKEY_param_check() or
|
||||
EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
|
||||
experience long delays. Where the key or parameters that are being checked
|
||||
have been obtained from an untrusted source this may lead to a Denial of
|
||||
Service.
|
||||
|
||||
To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
|
||||
will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
|
||||
reason.
|
||||
|
||||
([CVE-2024-4603])
|
||||
|
||||
*Tomáš Mráz*
|
||||
|
||||
* Fixed an issue where some non-default TLS server configurations can cause
|
||||
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
|
||||
exploit certain server configurations to trigger unbounded memory growth that
|
||||
would lead to a Denial of Service
|
||||
|
||||
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option
|
||||
is being used (but not if early_data is also configured and the default
|
||||
anti-replay protection is in use). In this case, under certain conditions,
|
||||
the session cache can get into an incorrect state and it will fail to flush
|
||||
properly as it fills. The session cache will continue to grow in an unbounded
|
||||
manner. A malicious client could deliberately create the scenario for this
|
||||
failure to force a Denial of Service. It may also happen by accident in
|
||||
normal operation.
|
||||
|
||||
([CVE-2024-2511])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
|
||||
is registered when libcrypto is unloaded. This can be used on platforms
|
||||
where using atexit() from shared libraries causes crashes on exit.
|
||||
|
||||
*Randall S. Becker*
|
||||
|
||||
### Changes between 3.0.12 and 3.0.13 [30 Jan 2024]
|
||||
|
||||
* A file in PKCS12 format can contain certificates and keys and may come from
|
||||
|
@ -19824,6 +19890,9 @@ ndif
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
|
||||
|
|
|
@ -9,7 +9,7 @@ Development is done on GitHub in the [openssl/openssl] repository.
|
|||
|
||||
[openssl/openssl]: <https://github.com/openssl/openssl>
|
||||
|
||||
To request new a feature, ask a question, or report a bug,
|
||||
To request a new feature, ask a question, or report a bug,
|
||||
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
|
||||
|
||||
To submit a patch or implement a new feature, please open a
|
||||
|
@ -67,7 +67,8 @@ guidelines:
|
|||
often. We do not accept merge commits, you will have to remove them
|
||||
(usually by rebasing) before it will be acceptable.
|
||||
|
||||
4. Code provided should follow our [coding style] and compile without warnings.
|
||||
4. Code provided should follow our [coding style] and [documentation policy]
|
||||
and compile without warnings.
|
||||
There is a [Perl tool](util/check-format.pl) that helps
|
||||
finding code formatting mistakes and other coding style nits.
|
||||
Where `gcc` or `clang` is available, you should use the
|
||||
|
@ -77,6 +78,7 @@ guidelines:
|
|||
whenever a PR is created or updated by committers.
|
||||
|
||||
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
|
||||
[documentation policy]: https://openssl.org/policies/technical/documentation-policy.html
|
||||
|
||||
5. When at all possible, code contributions should include tests. These can
|
||||
either be added to an existing test, or completely new. Please see
|
||||
|
|
|
@ -784,7 +784,14 @@ my %targets = (
|
|||
asm_arch => 'aarch64',
|
||||
perlasm_scheme => "linux64",
|
||||
},
|
||||
|
||||
"linux-arm64ilp32-clang" => { # clang config abi by --target
|
||||
inherit_from => [ "linux-generic32" ],
|
||||
CC => "clang",
|
||||
CXX => "clang++",
|
||||
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
|
||||
asm_arch => 'aarch64',
|
||||
perlasm_scheme => "linux64",
|
||||
},
|
||||
"linux-mips32" => {
|
||||
# Configure script adds minimally required -march for assembly
|
||||
# support, if no -march was specified at command line.
|
||||
|
|
|
@ -49,16 +49,16 @@ my %targets = (
|
|||
#
|
||||
"iphoneos-cross" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
|
||||
},
|
||||
"ios-cross" => {
|
||||
inherit_from => [ "ios-xcrun" ],
|
||||
CC => "cc",
|
||||
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
|
||||
},
|
||||
"ios64-cross" => {
|
||||
inherit_from => [ "ios64-xcrun" ],
|
||||
CC => "cc",
|
||||
cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"),
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
|
||||
},
|
||||
);
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
sub dependmagic {
|
||||
my $target = shift;
|
||||
|
||||
return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
|
||||
return "$target: build_generated\n\t\"\$(MAKE)\" depend && \"\$(MAKE)\" _$target\n_$target";
|
||||
}
|
||||
|
||||
our $COLUMNS = $ENV{COLUMNS};
|
||||
|
@ -527,7 +527,7 @@ all: build_sw build_docs
|
|||
|
||||
test: tests
|
||||
{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils
|
||||
$(MAKE) run_tests
|
||||
"$(MAKE)" run_tests
|
||||
run_tests: FORCE
|
||||
@ : {- output_off() if $disabled{tests}; "" -}
|
||||
( SRCTOP=$(SRCDIR) \
|
||||
|
@ -542,7 +542,7 @@ run_tests: FORCE
|
|||
|
||||
list-tests:
|
||||
@ : {- output_off() if $disabled{tests}; "" -}
|
||||
$(MAKE) run_tests TESTS=list
|
||||
"$(MAKE)" run_tests TESTS=list
|
||||
@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
|
||||
@echo "Tests are not supported with your chosen Configure options"
|
||||
@ : {- output_on() if !$disabled{tests}; "" -}
|
||||
|
@ -1193,12 +1193,12 @@ providers/fips.module.sources.new: configdata.pm
|
|||
cd sources-tmp \
|
||||
&& $$srcdir/Configure --banner=Configured enable-fips -O0 \
|
||||
&& ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \
|
||||
&& $(MAKE) -sj 4 build_generated providers/fips.so \
|
||||
&& "$(MAKE)" -sj 4 build_generated providers/fips.so \
|
||||
&& find . -name '*.d' | xargs cat > dep1 \
|
||||
&& $(MAKE) distclean \
|
||||
&& "$(MAKE)" distclean \
|
||||
&& $$srcdir/Configure --banner=Configured enable-fips no-asm -O0 \
|
||||
&& ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \
|
||||
&& $(MAKE) -sj 4 build_generated providers/fips.so \
|
||||
&& "$(MAKE)" -sj 4 build_generated providers/fips.so \
|
||||
&& find . -name '*.d' | xargs cat > dep2 \
|
||||
&& cat sources1 sources2 \
|
||||
| grep -v ' : \\$$' | grep -v util/providers.num \
|
||||
|
@ -1332,7 +1332,7 @@ ordinals: build_generated
|
|||
$(SSLHEADERS)
|
||||
|
||||
test_ordinals:
|
||||
$(MAKE) run_tests TESTS=test_ordinals
|
||||
"$(MAKE)" run_tests TESTS=test_ordinals
|
||||
|
||||
tags TAGS: FORCE
|
||||
rm -f TAGS tags
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#! /usr/bin/env perl
|
||||
# -*- mode: perl; -*-
|
||||
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -405,6 +405,7 @@ my @disablables = (
|
|||
"asan",
|
||||
"asm",
|
||||
"async",
|
||||
"atexit",
|
||||
"autoalginit",
|
||||
"autoerrinit",
|
||||
"autoload-config",
|
||||
|
|
|
@ -480,7 +480,7 @@ Setting the FIPS HMAC key
|
|||
|
||||
As part of its self-test validation, the FIPS module must verify itself
|
||||
by performing a SHA-256 HMAC computation on itself. The default key is
|
||||
the SHA256 value of "the holy handgrenade of antioch" and is sufficient
|
||||
the SHA256 value of "holy hand grenade of antioch" and is sufficient
|
||||
for meeting the FIPS requirements.
|
||||
|
||||
To change the key to a different value, use this flag. The value should
|
||||
|
@ -546,6 +546,13 @@ be used even with this option.
|
|||
|
||||
Do not build support for async operations.
|
||||
|
||||
### no-atexit
|
||||
|
||||
Do not use `atexit()` in libcrypto builds.
|
||||
|
||||
`atexit()` has varied semantics between platforms and can cause SIGSEGV in some
|
||||
circumstances. This option disables the atexit registration of OPENSSL_cleanup.
|
||||
|
||||
### no-autoalginit
|
||||
|
||||
Don't automatically load all supported ciphers and digests.
|
||||
|
|
|
@ -18,6 +18,18 @@ OpenSSL Releases
|
|||
OpenSSL 3.0
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024]
|
||||
|
||||
* Fixed potential use after free after SSL_free_buffers() is called
|
||||
([CVE-2024-4741])
|
||||
|
||||
* Fixed an issue where checking excessively long DSA keys or parameters may
|
||||
be very slow
|
||||
([CVE-2024-4603])
|
||||
|
||||
* Fixed unbounded memory growth with session handling in TLSv1.3
|
||||
([CVE-2024-2511])
|
||||
|
||||
### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
|
||||
|
||||
* Fixed PKCS12 Decoding crashes
|
||||
|
@ -1470,6 +1482,9 @@ OpenSSL 0.9.x
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
|
||||
|
|
|
@ -56,7 +56,10 @@ relating to `atexit()` processing when a shared library is unloaded and when
|
|||
the program terminates. This limitation applies to all OpenSSL shared library
|
||||
components.
|
||||
|
||||
A resolution to this situation is under investigation.
|
||||
It is possible to configure the build with `no-atexit` to avoid the SIGSEGV.
|
||||
Preferably, you can explicitly call `OPENSSL_cleanup()` from your application.
|
||||
It is not mandatory as it just deallocates various global data structures
|
||||
OpenSSL allocated.
|
||||
|
||||
About Prefix and OpenSSLDir
|
||||
---------------------------
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
MAJOR=3
|
||||
MINOR=0
|
||||
PATCH=13
|
||||
PATCH=14
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="30 Jan 2024"
|
||||
RELEASE_DATE="4 Jun 2024"
|
||||
SHLIB_VERSION=3
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1318,7 +1318,8 @@ int ssl_load_stores(SSL_CTX *ctx,
|
|||
if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore))
|
||||
goto err;
|
||||
add_crls_store(vfy, crls);
|
||||
SSL_CTX_set1_verify_cert_store(ctx, vfy);
|
||||
if (SSL_CTX_set1_verify_cert_store(ctx, vfy) == 0)
|
||||
goto err;
|
||||
if (crl_download)
|
||||
store_setup_crl_download(vfy);
|
||||
}
|
||||
|
@ -1332,7 +1333,8 @@ int ssl_load_stores(SSL_CTX *ctx,
|
|||
goto err;
|
||||
if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore))
|
||||
goto err;
|
||||
SSL_CTX_set1_chain_cert_store(ctx, ch);
|
||||
if (SSL_CTX_set1_chain_cert_store(ctx, ch) == 0)
|
||||
goto err;
|
||||
}
|
||||
rv = 1;
|
||||
err:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1230,6 +1230,7 @@ static void list_provider_info(void)
|
|||
}
|
||||
|
||||
if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) {
|
||||
sk_OSSL_PROVIDER_free(providers);
|
||||
BIO_printf(bio_err, "ERROR: Memory allocation\n");
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -11,7 +11,7 @@
|
|||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
/* So fd_set and friends get properly defined on OpenVMS */
|
||||
# define _XOPEN_SOURCE_EXTENDED
|
||||
# define _XOPEN_SOURCE_EXTENDED 1
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -712,9 +712,6 @@ int pkcs12_main(int argc, char **argv)
|
|||
in = bio_open_default(infile, 'r', FORMAT_PKCS12);
|
||||
if (in == NULL)
|
||||
goto end;
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq());
|
||||
if (p12 == NULL) {
|
||||
|
@ -814,6 +811,11 @@ int pkcs12_main(int argc, char **argv)
|
|||
|
||||
dump:
|
||||
assert(private);
|
||||
|
||||
out = bio_open_owner(outfile, FORMAT_PEM, private);
|
||||
if (out == NULL)
|
||||
goto end;
|
||||
|
||||
if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
|
||||
BIO_printf(bio_err, "Error outputting keys and certificates\n");
|
||||
ERR_print_errors(bio_err);
|
||||
|
@ -855,7 +857,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
|
|||
} else if (bagnid == NID_pkcs7_encrypted) {
|
||||
if (options & INFO) {
|
||||
BIO_printf(bio_err, "PKCS7 Encrypted data: ");
|
||||
alg_print(p7->d.encrypted->enc_data->algorithm);
|
||||
if (p7->d.encrypted == NULL) {
|
||||
BIO_printf(bio_err, "<no data>\n");
|
||||
} else {
|
||||
alg_print(p7->d.encrypted->enc_data->algorithm);
|
||||
}
|
||||
}
|
||||
bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
|
||||
} else {
|
||||
|
|
|
@ -569,7 +569,7 @@ int req_main(int argc, char **argv)
|
|||
X509V3_CTX ctx;
|
||||
|
||||
X509V3_set_ctx_test(&ctx);
|
||||
X509V3_set_nconf(&ctx, addext_conf);
|
||||
X509V3_set_nconf(&ctx, req_conf);
|
||||
if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
|
||||
BIO_printf(bio_err, "Error checking extensions defined using -addext\n");
|
||||
goto end;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -727,8 +727,12 @@ static int EVP_Update_loop(void *args)
|
|||
unsigned char *buf = tempargs->buf;
|
||||
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
||||
int outl, count, rc;
|
||||
unsigned char faketag[16] = { 0xcc };
|
||||
|
||||
if (decrypt) {
|
||||
if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
|
||||
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag);
|
||||
}
|
||||
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
||||
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
||||
if (rc != 1) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -535,15 +535,18 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
|
|||
|
||||
*md_value = OPENSSL_hexstr2buf(digest, &digest_len);
|
||||
if (*md_value == NULL || md_value_len != digest_len) {
|
||||
OPENSSL_free(*md_value);
|
||||
*md_value = NULL;
|
||||
BIO_printf(bio_err, "bad digest, %d bytes "
|
||||
"must be specified\n", md_value_len);
|
||||
return 0;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
rv = md_value_len;
|
||||
err:
|
||||
if (rv <= 0) {
|
||||
OPENSSL_free(*md_value);
|
||||
*md_value = NULL;
|
||||
rv = 0;
|
||||
}
|
||||
EVP_MD_CTX_free(md_ctx);
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -76,7 +76,7 @@ DEFINE[../../providers/libdefault.a]=$AESDEF
|
|||
# already gets everything that the static libcrypto.a has, and doesn't need it
|
||||
# added again.
|
||||
IF[{- !$disabled{module} && !$disabled{shared} -}]
|
||||
DEFINE[../providers/liblegacy.a]=$AESDEF
|
||||
DEFINE[../../providers/liblegacy.a]=$AESDEF
|
||||
ENDIF
|
||||
|
||||
GENERATE[aes-ia64.s]=asm/aes-ia64.S
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -869,8 +869,12 @@ static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds)
|
|||
return 1;
|
||||
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE)
|
||||
return BIO_socket_wait(fd, BIO_should_read(bio), max_time);
|
||||
if (BIO_get_fd(bio, &fd) > 0) {
|
||||
int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time);
|
||||
|
||||
if (ret != -1)
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
/* fall back to polling since no sockets are available */
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -396,7 +396,11 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time)
|
|||
struct timeval tv;
|
||||
time_t now;
|
||||
|
||||
#ifdef _WIN32
|
||||
if ((SOCKET)fd == INVALID_SOCKET)
|
||||
#else
|
||||
if (fd < 0 || fd >= FD_SETSIZE)
|
||||
#endif
|
||||
return -1;
|
||||
if (max_time == 0)
|
||||
return 1;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -618,14 +618,29 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
|
|||
int i;
|
||||
BN_ULONG t1, t2, *ap, *bp;
|
||||
|
||||
ap = a->d;
|
||||
bp = b->d;
|
||||
|
||||
if (BN_get_flags(a, BN_FLG_CONSTTIME)
|
||||
&& a->top == b->top) {
|
||||
int res = 0;
|
||||
|
||||
for (i = 0; i < b->top; i++) {
|
||||
res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]),
|
||||
-1, res);
|
||||
res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]),
|
||||
1, res);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
bn_check_top(a);
|
||||
bn_check_top(b);
|
||||
|
||||
i = a->top - b->top;
|
||||
if (i != 0)
|
||||
return i;
|
||||
ap = a->d;
|
||||
bp = b->d;
|
||||
|
||||
for (i = a->top - 1; i >= 0; i--) {
|
||||
t1 = ap[i];
|
||||
t2 = bp[i];
|
||||
|
@ -737,11 +752,10 @@ int BN_is_bit_set(const BIGNUM *a, int n)
|
|||
return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
|
||||
}
|
||||
|
||||
int BN_mask_bits(BIGNUM *a, int n)
|
||||
int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n)
|
||||
{
|
||||
int b, w;
|
||||
|
||||
bn_check_top(a);
|
||||
if (n < 0)
|
||||
return 0;
|
||||
|
||||
|
@ -755,10 +769,21 @@ int BN_mask_bits(BIGNUM *a, int n)
|
|||
a->top = w + 1;
|
||||
a->d[w] &= ~(BN_MASK2 << b);
|
||||
}
|
||||
bn_correct_top(a);
|
||||
a->flags |= BN_FLG_FIXED_TOP;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int BN_mask_bits(BIGNUM *a, int n)
|
||||
{
|
||||
int ret;
|
||||
|
||||
bn_check_top(a);
|
||||
ret = ossl_bn_mask_bits_fixed_top(a, n);
|
||||
if (ret)
|
||||
bn_correct_top(a);
|
||||
return ret;
|
||||
}
|
||||
|
||||
void BN_set_negative(BIGNUM *a, int b)
|
||||
{
|
||||
if (b && !BN_is_zero(a))
|
||||
|
@ -935,6 +960,22 @@ int BN_is_word(const BIGNUM *a, const BN_ULONG w)
|
|||
return BN_abs_is_word(a, w) && (!w || !a->neg);
|
||||
}
|
||||
|
||||
int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w)
|
||||
{
|
||||
int res, i;
|
||||
const BN_ULONG *ap = a->d;
|
||||
|
||||
if (a->neg || a->top == 0)
|
||||
return 0;
|
||||
|
||||
res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0);
|
||||
|
||||
for (i = 1; i < a->top; i++)
|
||||
res = constant_time_select_int(constant_time_is_zero_bn(ap[i]),
|
||||
res, 0);
|
||||
return res;
|
||||
}
|
||||
|
||||
int BN_is_odd(const BIGNUM *a)
|
||||
{
|
||||
return (a->top > 0) && (a->d[0] & 1);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -186,8 +186,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
|
|||
} else {
|
||||
do {
|
||||
/* range = 11..._2 or range = 101..._2 */
|
||||
if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,
|
||||
ctx))
|
||||
if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
|
||||
strength, ctx))
|
||||
return 0;
|
||||
|
||||
if (!--count) {
|
||||
|
@ -240,17 +240,63 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
|
|||
# endif
|
||||
#endif
|
||||
|
||||
int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
|
||||
unsigned int strength, BN_CTX *ctx)
|
||||
{
|
||||
int n;
|
||||
int count = 100;
|
||||
|
||||
if (r == NULL) {
|
||||
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (range->neg || BN_is_zero(range)) {
|
||||
ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
n = BN_num_bits(range); /* n > 0 */
|
||||
|
||||
/* BN_is_bit_set(range, n - 1) always holds */
|
||||
|
||||
if (n == 1) {
|
||||
BN_zero(r);
|
||||
} else {
|
||||
BN_set_flags(r, BN_FLG_CONSTTIME);
|
||||
do {
|
||||
if (!bnrand(PRIVATE, r, n + 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY,
|
||||
strength, ctx))
|
||||
return 0;
|
||||
|
||||
if (!--count) {
|
||||
ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS);
|
||||
return 0;
|
||||
}
|
||||
ossl_bn_mask_bits_fixed_top(r, n);
|
||||
}
|
||||
while (BN_ucmp(r, range) >= 0);
|
||||
#ifdef BN_DEBUG
|
||||
/* With BN_DEBUG on a fixed top number cannot be returned */
|
||||
bn_correct_top(r);
|
||||
#endif
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
|
||||
* BN_rand_range, it also includes the contents of |priv| and |message| in
|
||||
* the generation so that an RNG failure isn't fatal as long as |priv|
|
||||
* ossl_bn_gen_dsa_nonce_fixed_top generates a random number 0 <= out < range.
|
||||
* Unlike BN_rand_range, it also includes the contents of |priv| and |message|
|
||||
* in the generation so that an RNG failure isn't fatal as long as |priv|
|
||||
* remains secret. This is intended for use in DSA and ECDSA where an RNG
|
||||
* weakness leads directly to private key exposure unless this function is
|
||||
* used.
|
||||
*/
|
||||
int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
||||
const BIGNUM *priv, const unsigned char *message,
|
||||
size_t message_len, BN_CTX *ctx)
|
||||
int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
|
||||
const BIGNUM *priv,
|
||||
const unsigned char *message,
|
||||
size_t message_len, BN_CTX *ctx)
|
||||
{
|
||||
EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
|
||||
/*
|
||||
|
@ -260,20 +306,24 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
|||
unsigned char random_bytes[64];
|
||||
unsigned char digest[SHA512_DIGEST_LENGTH];
|
||||
unsigned done, todo;
|
||||
/* We generate |range|+8 bytes of random output. */
|
||||
const unsigned num_k_bytes = BN_num_bytes(range) + 8;
|
||||
/* We generate |range|+1 bytes of random output. */
|
||||
const unsigned num_k_bytes = BN_num_bytes(range) + 1;
|
||||
unsigned char private_bytes[96];
|
||||
unsigned char *k_bytes = NULL;
|
||||
const int max_n = 64; /* Pr(failure to generate) < 2^max_n */
|
||||
int n;
|
||||
int ret = 0;
|
||||
EVP_MD *md = NULL;
|
||||
OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx);
|
||||
|
||||
if (mdctx == NULL)
|
||||
goto err;
|
||||
goto end;
|
||||
|
||||
k_bytes = OPENSSL_malloc(num_k_bytes);
|
||||
if (k_bytes == NULL)
|
||||
goto err;
|
||||
goto end;
|
||||
/* Ensure top byte is set to avoid non-constant time in bin2bn */
|
||||
k_bytes[0] = 0xff;
|
||||
|
||||
/* We copy |priv| into a local buffer to avoid exposing its length. */
|
||||
if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
|
||||
|
@ -283,41 +333,60 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
|||
* length of the private key.
|
||||
*/
|
||||
ERR_raise(ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE);
|
||||
goto err;
|
||||
goto end;
|
||||
}
|
||||
|
||||
md = EVP_MD_fetch(libctx, "SHA512", NULL);
|
||||
if (md == NULL) {
|
||||
ERR_raise(ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST);
|
||||
goto err;
|
||||
goto end;
|
||||
}
|
||||
for (done = 0; done < num_k_bytes;) {
|
||||
if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0) <= 0)
|
||||
goto err;
|
||||
for (n = 0; n < max_n; n++) {
|
||||
unsigned char i = 0;
|
||||
|
||||
if (!EVP_DigestInit_ex(mdctx, md, NULL)
|
||||
|| !EVP_DigestUpdate(mdctx, &done, sizeof(done))
|
||||
|| !EVP_DigestUpdate(mdctx, private_bytes,
|
||||
sizeof(private_bytes))
|
||||
|| !EVP_DigestUpdate(mdctx, message, message_len)
|
||||
|| !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes))
|
||||
|| !EVP_DigestFinal_ex(mdctx, digest, NULL))
|
||||
goto err;
|
||||
for (done = 1; done < num_k_bytes;) {
|
||||
if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes),
|
||||
0) <= 0)
|
||||
goto end;
|
||||
|
||||
todo = num_k_bytes - done;
|
||||
if (todo > SHA512_DIGEST_LENGTH)
|
||||
todo = SHA512_DIGEST_LENGTH;
|
||||
memcpy(k_bytes + done, digest, todo);
|
||||
done += todo;
|
||||
if (!EVP_DigestInit_ex(mdctx, md, NULL)
|
||||
|| !EVP_DigestUpdate(mdctx, &i, sizeof(i))
|
||||
|| !EVP_DigestUpdate(mdctx, private_bytes,
|
||||
sizeof(private_bytes))
|
||||
|| !EVP_DigestUpdate(mdctx, message, message_len)
|
||||
|| !EVP_DigestUpdate(mdctx, random_bytes,
|
||||
sizeof(random_bytes))
|
||||
|| !EVP_DigestFinal_ex(mdctx, digest, NULL))
|
||||
goto end;
|
||||
|
||||
todo = num_k_bytes - done;
|
||||
if (todo > SHA512_DIGEST_LENGTH)
|
||||
todo = SHA512_DIGEST_LENGTH;
|
||||
memcpy(k_bytes + done, digest, todo);
|
||||
done += todo;
|
||||
++i;
|
||||
}
|
||||
|
||||
if (!BN_bin2bn(k_bytes, num_k_bytes, out))
|
||||
goto end;
|
||||
|
||||
/* Clear out the top bits and rejection filter into range */
|
||||
BN_set_flags(out, BN_FLG_CONSTTIME);
|
||||
ossl_bn_mask_bits_fixed_top(out, BN_num_bits(range));
|
||||
|
||||
if (BN_ucmp(out, range) < 0) {
|
||||
ret = 1;
|
||||
#ifdef BN_DEBUG
|
||||
/* With BN_DEBUG on a fixed top number cannot be returned */
|
||||
bn_correct_top(out);
|
||||
#endif
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
/* Failed to generate anything */
|
||||
ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR);
|
||||
|
||||
if (!BN_bin2bn(k_bytes, num_k_bytes, out))
|
||||
goto err;
|
||||
if (BN_mod(out, out, range, ctx) != 1)
|
||||
goto err;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
end:
|
||||
EVP_MD_CTX_free(mdctx);
|
||||
EVP_MD_free(md);
|
||||
OPENSSL_clear_free(k_bytes, num_k_bytes);
|
||||
|
@ -326,3 +395,20 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
|||
OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
|
||||
return ret;
|
||||
}
|
||||
|
||||
int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
|
||||
const BIGNUM *priv, const unsigned char *message,
|
||||
size_t message_len, BN_CTX *ctx)
|
||||
{
|
||||
int ret;
|
||||
|
||||
ret = ossl_bn_gen_dsa_nonce_fixed_top(out, range, priv, message,
|
||||
message_len, ctx);
|
||||
/*
|
||||
* This call makes the BN_generate_dsa_nonce non-const-time, thus we
|
||||
* do not use it internally. But fixed_top BNs currently cannot be returned
|
||||
* from public API calls.
|
||||
*/
|
||||
bn_correct_top(out);
|
||||
return ret;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -156,6 +156,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
|
|||
return 0;
|
||||
}
|
||||
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
ret = bn_rshift_fixed_top(r, a, n);
|
||||
|
||||
bn_correct_top(r);
|
||||
|
@ -177,9 +180,6 @@ int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
|
|||
BN_ULONG *t, *f;
|
||||
BN_ULONG l, m, mask;
|
||||
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
assert(n >= 0);
|
||||
|
||||
nw = n / BN_BITS2;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -19,8 +19,34 @@
|
|||
#include "dsa_local.h"
|
||||
#include "crypto/dsa.h"
|
||||
|
||||
static int dsa_precheck_params(const DSA *dsa, int *ret)
|
||||
{
|
||||
if (dsa->params.p == NULL || dsa->params.q == NULL) {
|
||||
ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
|
||||
*ret = FFC_CHECK_INVALID_PQ;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
|
||||
ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
|
||||
*ret = FFC_CHECK_INVALID_PQ;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
|
||||
ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
|
||||
*ret = FFC_CHECK_INVALID_PQ;
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
|
||||
{
|
||||
if (!dsa_precheck_params(dsa, ret))
|
||||
return 0;
|
||||
|
||||
if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
|
||||
return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
|
||||
FFC_PARAM_TYPE_DSA, ret);
|
||||
|
@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
|
|||
*/
|
||||
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
if (!dsa_precheck_params(dsa, ret))
|
||||
return 0;
|
||||
|
||||
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
|
||||
&& *ret == 0;
|
||||
}
|
||||
|
@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
|||
*/
|
||||
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
if (!dsa_precheck_params(dsa, ret))
|
||||
return 0;
|
||||
|
||||
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
|
||||
&& *ret == 0;
|
||||
}
|
||||
|
@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
|
|||
{
|
||||
*ret = 0;
|
||||
|
||||
return (dsa->params.q != NULL
|
||||
&& ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
|
||||
if (!dsa_precheck_params(dsa, ret))
|
||||
return 0;
|
||||
|
||||
return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa)
|
|||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *pub_key = NULL;
|
||||
|
||||
if (dsa->params.p == NULL
|
||||
|| dsa->params.g == NULL
|
||||
if (!dsa_precheck_params(dsa, &ret))
|
||||
return 0;
|
||||
|
||||
if (dsa->params.g == NULL
|
||||
|| dsa->priv_key == NULL
|
||||
|| dsa->pub_key == NULL)
|
||||
return 0;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -262,12 +262,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||
* We calculate k from SHA512(private_key + H(message) + random).
|
||||
* This protects the private key from a weak PRNG.
|
||||
*/
|
||||
if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst,
|
||||
dlen, ctx))
|
||||
if (!ossl_bn_gen_dsa_nonce_fixed_top(k, dsa->params.q,
|
||||
dsa->priv_key, dgst,
|
||||
dlen, ctx))
|
||||
goto err;
|
||||
} else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx))
|
||||
} else if (!ossl_bn_priv_rand_range_fixed_top(k, dsa->params.q, 0, ctx))
|
||||
goto err;
|
||||
} while (BN_is_zero(k));
|
||||
} while (ossl_bn_is_word_fixed_top(k, 0));
|
||||
|
||||
BN_set_flags(k, BN_FLG_CONSTTIME);
|
||||
BN_set_flags(l, BN_FLG_CONSTTIME);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -156,6 +156,11 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
|
|||
{
|
||||
DSA_SIG *s;
|
||||
|
||||
if (sig == NULL) {
|
||||
*siglen = DSA_size(dsa);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* legacy case uses the method table */
|
||||
if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method())
|
||||
s = DSA_do_sign(dgst, dlen, dsa);
|
||||
|
@ -165,7 +170,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
|
|||
*siglen = 0;
|
||||
return 0;
|
||||
}
|
||||
*siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||
*siglen = i2d_DSA_SIG(s, &sig);
|
||||
DSA_SIG_free(s);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -77,7 +77,7 @@ DEFINE[../../providers/libdefault.a]=$ECDEF
|
|||
# Otherwise, it already gets everything that the static libcrypto.a
|
||||
# has, and doesn't need it added again.
|
||||
IF[{- !$disabled{module} && !$disabled{shared} -}]
|
||||
DEFINE[../providers/liblegacy.a]=$ECDEF
|
||||
DEFINE[../../providers/liblegacy.a]=$ECDEF
|
||||
ENDIF
|
||||
|
||||
GENERATE[ecp_nistz256-x86.S]=asm/ecp_nistz256-x86.pl
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2014 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -45,9 +45,9 @@ void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
|
|||
accum0 += widemul(a[j + 4], b[i - j + 4]);
|
||||
}
|
||||
for (; j < 4; j++) {
|
||||
accum2 += widemul(a[j], b[i - j + 8]);
|
||||
accum1 += widemul(aa[j], bbb[i - j + 4]);
|
||||
accum0 += widemul(a[j + 4], bb[i - j + 4]);
|
||||
accum2 += widemul(a[j], b[i + 8 - j]);
|
||||
accum1 += widemul(aa[j], bbb[i + 4 - j]);
|
||||
accum0 += widemul(a[j + 4], bb[i + 4 - j]);
|
||||
}
|
||||
|
||||
accum1 -= accum2;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -70,6 +70,11 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
|||
{
|
||||
ECDSA_SIG *s;
|
||||
|
||||
if (sig == NULL && (kinv == NULL || r == NULL)) {
|
||||
*siglen = ECDSA_size(eckey);
|
||||
return 1;
|
||||
}
|
||||
|
||||
s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
|
||||
if (s == NULL) {
|
||||
*siglen = 0;
|
||||
|
@ -140,18 +145,18 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
|
|||
/* get random k */
|
||||
do {
|
||||
if (dgst != NULL) {
|
||||
if (!BN_generate_dsa_nonce(k, order, priv_key,
|
||||
dgst, dlen, ctx)) {
|
||||
if (!ossl_bn_gen_dsa_nonce_fixed_top(k, order, priv_key,
|
||||
dgst, dlen, ctx)) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
|
||||
if (!ossl_bn_priv_rand_range_fixed_top(k, order, 0, ctx)) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
} while (BN_is_zero(k));
|
||||
} while (ossl_bn_is_word_fixed_top(k, 0));
|
||||
|
||||
/* compute r the x-coordinate of generator * k */
|
||||
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -59,6 +59,11 @@ int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out)
|
|||
return 0;
|
||||
}
|
||||
|
||||
if (ctx->cleanup == NULL || ctx->construct == NULL) {
|
||||
ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INIT_FAIL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return encoder_process(&data) > 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
|
|||
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
}
|
||||
/* We enforce check for legacy key */
|
||||
switch (EVP_PKEY_get_id(pkey)) {
|
||||
case EVP_PKEY_RSA:
|
||||
{
|
||||
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_set1_RSA(pkey, rsa);
|
||||
RSA_free(rsa);
|
||||
}
|
||||
break;
|
||||
# ifndef OPENSSL_NO_EC
|
||||
case EVP_PKEY_SM2:
|
||||
case EVP_PKEY_EC:
|
||||
{
|
||||
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
EVP_PKEY_set1_EC_KEY(pkey, ec);
|
||||
EC_KEY_free(ec);
|
||||
}
|
||||
break;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
{
|
||||
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
|
||||
EVP_PKEY_set1_DSA(pkey, dsa);
|
||||
DSA_free(dsa);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
case EVP_PKEY_DH:
|
||||
{
|
||||
DH *dh = EVP_PKEY_get1_DH(pkey);
|
||||
EVP_PKEY_set1_DH(pkey, dh);
|
||||
DH_free(dh);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
/*Do nothing */
|
||||
break;
|
||||
}
|
||||
|
||||
return pkey;
|
||||
}
|
||||
|
||||
|
|
|
@ -76,6 +76,6 @@ R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
|
|||
R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
|
||||
R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
|
||||
R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
|
||||
R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115
|
||||
R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
|
||||
R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116
|
||||
R TLS1_AD_NO_APPLICATION_PROTOCOL 1120
|
||||
R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -293,7 +293,7 @@ int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss,
|
|||
int i, ret;
|
||||
|
||||
if (require_signing_cert && ss == NULL && ssv2 == NULL) {
|
||||
ERR_raise(ERR_LIB_CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE);
|
||||
ERR_raise(ERR_LIB_ESS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE);
|
||||
return -1;
|
||||
}
|
||||
if (n_v1 == 0 || n_v2 == 0) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -243,10 +243,15 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
|
|||
/*
|
||||
* A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause
|
||||
* problems when we've only a read lock.
|
||||
* A keymgmt is a match if the |keymgmt| pointers are identical or if the
|
||||
* provider and the name ID match
|
||||
*/
|
||||
for (i = 0; i < end; i++) {
|
||||
p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i);
|
||||
if (keymgmt == p->keymgmt && (p->selection & selection) == selection)
|
||||
if ((p->selection & selection) == selection
|
||||
&& (keymgmt == p->keymgmt
|
||||
|| (keymgmt->name_id == p->keymgmt->name_id
|
||||
&& keymgmt->prov == p->keymgmt->prov)))
|
||||
return p;
|
||||
}
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1902,7 +1902,15 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
|
|||
* If |tmp_keymgmt| is present in the operation cache, it means
|
||||
* that export doesn't need to be redone. In that case, we take
|
||||
* token copies of the cached pointers, to have token success
|
||||
* values to return.
|
||||
* values to return. It is possible (e.g. in a no-cached-fetch
|
||||
* build), for op->keymgmt to be a different pointer to tmp_keymgmt
|
||||
* even though the name/provider must be the same. In other words
|
||||
* the keymgmt instance may be different but still equivalent, i.e.
|
||||
* same algorithm/provider instance - but we make the simplifying
|
||||
* assumption that the keydata can be used with either keymgmt
|
||||
* instance. Not doing so introduces significant complexity and
|
||||
* probably requires refactoring - since we would have to ripple
|
||||
* the change in keymgmt instance up the call chain.
|
||||
*/
|
||||
if (op != NULL && op->keymgmt != NULL) {
|
||||
keydata = op->keydata;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1028,6 +1028,71 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
|||
return EVP_PKEY_CTX_set_params(ctx, octet_string_params);
|
||||
}
|
||||
|
||||
static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
|
||||
const char *param, int op, int ctrl,
|
||||
const unsigned char *data,
|
||||
int datalen)
|
||||
{
|
||||
OSSL_PARAM os_params[2];
|
||||
unsigned char *info = NULL;
|
||||
size_t info_len = 0;
|
||||
size_t info_alloc = 0;
|
||||
int ret = 0;
|
||||
|
||||
if (ctx == NULL || (ctx->operation & op) == 0) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
|
||||
/* Code below to be removed when legacy support is dropped. */
|
||||
if (fallback)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data));
|
||||
/* end of legacy support */
|
||||
|
||||
if (datalen < 0) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||
return 0;
|
||||
} else if (datalen == 0) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Get the original value length */
|
||||
os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
|
||||
os_params[1] = OSSL_PARAM_construct_end();
|
||||
|
||||
if (!EVP_PKEY_CTX_get_params(ctx, os_params))
|
||||
return 0;
|
||||
|
||||
/* Older provider that doesn't support getting this parameter */
|
||||
if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
|
||||
return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
|
||||
|
||||
info_alloc = os_params[0].return_size + datalen;
|
||||
if (info_alloc == 0)
|
||||
return 0;
|
||||
info = OPENSSL_zalloc(info_alloc);
|
||||
if (info == NULL)
|
||||
return 0;
|
||||
info_len = os_params[0].return_size;
|
||||
|
||||
os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc);
|
||||
|
||||
/* if we have data, then go get it */
|
||||
if (info_len > 0) {
|
||||
if (!EVP_PKEY_CTX_get_params(ctx, os_params))
|
||||
goto error;
|
||||
}
|
||||
|
||||
/* Copy the input data */
|
||||
memcpy(&info[info_len], data, datalen);
|
||||
ret = EVP_PKEY_CTX_set_params(ctx, os_params);
|
||||
|
||||
error:
|
||||
OPENSSL_clear_free(info, info_alloc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx,
|
||||
const unsigned char *sec, int seclen)
|
||||
{
|
||||
|
@ -1078,7 +1143,7 @@ int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
|
|||
int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
|
||||
const unsigned char *info, int infolen)
|
||||
{
|
||||
return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL,
|
||||
return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL,
|
||||
OSSL_KDF_PARAM_INFO,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_HKDF_INFO,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -403,8 +403,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
|
|||
int iter;
|
||||
|
||||
if (ctx == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return -1;
|
||||
}
|
||||
|
||||
evp_pkey_ctx_free_old_ops(ctx);
|
||||
|
@ -634,8 +634,8 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
|
|||
int ret;
|
||||
|
||||
if (ctx == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ctx->operation != EVP_PKEY_OP_SIGN) {
|
||||
|
@ -646,6 +646,11 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
|
|||
if (ctx->op.sig.algctx == NULL)
|
||||
goto legacy;
|
||||
|
||||
if (ctx->op.sig.signature->sign == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
}
|
||||
|
||||
ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
|
||||
(sig == NULL) ? 0 : *siglen, tbs, tbslen);
|
||||
|
||||
|
@ -678,8 +683,8 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
|
|||
int ret;
|
||||
|
||||
if (ctx == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ctx->operation != EVP_PKEY_OP_VERIFY) {
|
||||
|
@ -690,6 +695,11 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
|
|||
if (ctx->op.sig.algctx == NULL)
|
||||
goto legacy;
|
||||
|
||||
if (ctx->op.sig.signature->verify == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
}
|
||||
|
||||
ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
|
||||
tbs, tbslen);
|
||||
|
||||
|
@ -721,8 +731,8 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
|
|||
int ret;
|
||||
|
||||
if (ctx == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
|
||||
|
@ -733,6 +743,11 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
|
|||
if (ctx->op.sig.algctx == NULL)
|
||||
goto legacy;
|
||||
|
||||
if (ctx->op.sig.signature->verify_recover == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
}
|
||||
|
||||
ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
|
||||
routlen,
|
||||
(rout == NULL ? 0 : *routlen),
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -97,17 +97,19 @@ static int win32atexit(void)
|
|||
|
||||
DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
|
||||
{
|
||||
#ifdef OPENSSL_INIT_DEBUG
|
||||
#ifndef OPENSSL_NO_ATEXIT
|
||||
# ifdef OPENSSL_INIT_DEBUG
|
||||
fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
|
||||
#endif
|
||||
#ifndef OPENSSL_SYS_UEFI
|
||||
# if defined(_WIN32) && !defined(__BORLANDC__)
|
||||
# endif
|
||||
# ifndef OPENSSL_SYS_UEFI
|
||||
# if defined(_WIN32) && !defined(__BORLANDC__)
|
||||
/* We use _onexit() in preference because it gets called on DLL unload */
|
||||
if (_onexit(win32atexit) == NULL)
|
||||
return 0;
|
||||
# else
|
||||
# else
|
||||
if (atexit(OPENSSL_cleanup) != 0)
|
||||
return 0;
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2003-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -251,7 +251,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
|
|||
*q = CH_ZERO;
|
||||
|
||||
#ifdef CHARSET_EBCDIC
|
||||
ebcdic2ascii(str, str, q - str - 1);
|
||||
ebcdic2ascii(str, str, q - str);
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -14,6 +14,7 @@
|
|||
#include <openssl/err.h>
|
||||
#include "internal/propertyerr.h"
|
||||
#include "internal/property.h"
|
||||
#include "internal/numbers.h"
|
||||
#include "crypto/ctype.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "property_local.h"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -567,9 +567,16 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name,
|
|||
}
|
||||
|
||||
/* provider_new() generates an error, so no need here */
|
||||
if ((prov = provider_new(name, template.init, template.parameters)) == NULL)
|
||||
prov = provider_new(name, template.init, template.parameters);
|
||||
|
||||
if (prov == NULL)
|
||||
return NULL;
|
||||
|
||||
if (!ossl_provider_set_module_path(prov, template.path)) {
|
||||
ossl_provider_free(prov);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
prov->libctx = libctx;
|
||||
#ifndef FIPS_MODULE
|
||||
prov->error_lib = ERR_get_next_error_library();
|
||||
|
|
|
@ -88,7 +88,7 @@ DEFINE[../../providers/libdefault.a]=$SHA1DEF $KECCAK1600DEF
|
|||
# linked with libcrypto. Otherwise, it already gets everything that
|
||||
# the static libcrypto.a has, and doesn't need it added again.
|
||||
IF[{- !$disabled{module} && !$disabled{shared} -}]
|
||||
DEFINE[../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF
|
||||
DEFINE[../../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF
|
||||
ENDIF
|
||||
|
||||
GENERATE[sha1-586.S]=asm/sha1-586.pl
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
|
@ -67,6 +67,18 @@ static size_t ec_field_size(const EC_GROUP *group)
|
|||
return field_size;
|
||||
}
|
||||
|
||||
static int is_all_zeros(const unsigned char *msg, size_t msglen)
|
||||
{
|
||||
unsigned char re = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < msglen; i++) {
|
||||
re |= msg[i];
|
||||
}
|
||||
|
||||
return re == 0 ? 1 : 0;
|
||||
}
|
||||
|
||||
int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size,
|
||||
size_t *pt_size)
|
||||
{
|
||||
|
@ -179,6 +191,13 @@ int ossl_sm2_encrypt(const EC_KEY *key,
|
|||
|
||||
memset(ciphertext_buf, 0, *ciphertext_len);
|
||||
|
||||
msg_mask = OPENSSL_zalloc(msg_len);
|
||||
if (msg_mask == NULL) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
again:
|
||||
if (!BN_priv_rand_range_ex(k, order, 0, ctx)) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
|
@ -198,12 +217,6 @@ int ossl_sm2_encrypt(const EC_KEY *key,
|
|||
goto done;
|
||||
}
|
||||
|
||||
msg_mask = OPENSSL_zalloc(msg_len);
|
||||
if (msg_mask == NULL) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* X9.63 with no salt happens to match the KDF used in SM2 */
|
||||
if (!ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
|
||||
digest, libctx, propq)) {
|
||||
|
@ -211,6 +224,11 @@ int ossl_sm2_encrypt(const EC_KEY *key,
|
|||
goto done;
|
||||
}
|
||||
|
||||
if (is_all_zeros(msg_mask, msg_len)) {
|
||||
memset(x2y2, 0, 2 * field_size);
|
||||
goto again;
|
||||
}
|
||||
|
||||
for (i = 0; i != msg_len; ++i)
|
||||
msg_mask[i] ^= msg[i];
|
||||
|
||||
|
@ -364,6 +382,11 @@ int ossl_sm2_decrypt(const EC_KEY *key,
|
|||
goto done;
|
||||
}
|
||||
|
||||
if (is_all_zeros(msg_mask, msg_len)) {
|
||||
ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING);
|
||||
goto done;
|
||||
}
|
||||
|
||||
for (i = 0; i != msg_len; ++i)
|
||||
ptext_buf[i] = C2[i] ^ msg_mask[i];
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
|
@ -29,6 +29,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
|
|||
{
|
||||
int rc = 0;
|
||||
const EC_GROUP *group = EC_KEY_get0_group(key);
|
||||
const EC_POINT *pubkey = EC_KEY_get0_public_key(key);
|
||||
BN_CTX *ctx = NULL;
|
||||
EVP_MD_CTX *hash = NULL;
|
||||
BIGNUM *p = NULL;
|
||||
|
@ -43,6 +44,12 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
|
|||
uint16_t entl = 0;
|
||||
uint8_t e_byte = 0;
|
||||
|
||||
/* SM2 Signatures require a public key, check for it */
|
||||
if (pubkey == NULL) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER);
|
||||
goto done;
|
||||
}
|
||||
|
||||
hash = EVP_MD_CTX_new();
|
||||
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key));
|
||||
if (hash == NULL || ctx == NULL) {
|
||||
|
@ -118,7 +125,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
|
|||
|| BN_bn2binpad(yG, buf, p_bytes) < 0
|
||||
|| !EVP_DigestUpdate(hash, buf, p_bytes)
|
||||
|| !EC_POINT_get_affine_coordinates(group,
|
||||
EC_KEY_get0_public_key(key),
|
||||
pubkey,
|
||||
xA, yA, ctx)
|
||||
|| BN_bn2binpad(xA, buf, p_bytes) < 0
|
||||
|| !EVP_DigestUpdate(hash, buf, p_bytes)
|
||||
|
@ -442,6 +449,11 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
|
|||
int sigleni;
|
||||
int ret = -1;
|
||||
|
||||
if (sig == NULL) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER);
|
||||
goto done;
|
||||
}
|
||||
|
||||
e = BN_bin2bn(dgst, dgstlen, NULL);
|
||||
if (e == NULL) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB);
|
||||
|
@ -454,7 +466,7 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
|
|||
goto done;
|
||||
}
|
||||
|
||||
sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||
sigleni = i2d_ECDSA_SIG(s, &sig);
|
||||
if (sigleni < 0) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
|
|
|
@ -397,11 +397,11 @@ static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr,
|
|||
const int prefixlen, const int afilen)
|
||||
{
|
||||
int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
|
||||
IPAddressOrRange *aor = IPAddressOrRange_new();
|
||||
IPAddressOrRange *aor;
|
||||
|
||||
if (prefixlen < 0 || prefixlen > (afilen * 8))
|
||||
return 0;
|
||||
if (aor == NULL)
|
||||
if ((aor = IPAddressOrRange_new()) == NULL)
|
||||
return 0;
|
||||
aor->type = IPAddressOrRange_addressPrefix;
|
||||
if (aor->u.addressPrefix == NULL &&
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -83,7 +83,7 @@ int demonstrate_digest(void)
|
|||
const char *option_properties = NULL;
|
||||
EVP_MD *message_digest = NULL;
|
||||
EVP_MD_CTX *digest_context = NULL;
|
||||
unsigned int digest_length;
|
||||
int digest_length;
|
||||
unsigned char *digest_value = NULL;
|
||||
int j;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*-
|
||||
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -38,7 +38,7 @@ int demonstrate_digest(BIO *input)
|
|||
const char * option_properties = NULL;
|
||||
EVP_MD *message_digest = NULL;
|
||||
EVP_MD_CTX *digest_context = NULL;
|
||||
unsigned int digest_length;
|
||||
int digest_length;
|
||||
unsigned char *digest_value = NULL;
|
||||
unsigned char buffer[512];
|
||||
int ii;
|
||||
|
|
|
@ -15,6 +15,9 @@ currently in use to sign OpenSSL distributions:
|
|||
OpenSSL OMC:
|
||||
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
|
||||
|
||||
OpenSSL:
|
||||
BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
|
||||
|
||||
Richard Levitte:
|
||||
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||
|
||||
|
|
|
@ -155,7 +155,7 @@ on multiple lines; each entry should use B<OPT_MORE_STR>, like this:
|
|||
{OPT_MORE_STR, 0, 0,
|
||||
"This flag is not really needed on Unix systems"},
|
||||
{OPT_MORE_STR, 0, 0,
|
||||
"(Unix and descendents for ths win!)"}
|
||||
"(Unix and descendents for the win!)"}
|
||||
|
||||
Each subsequent line will be indented the correct amount.
|
||||
|
||||
|
@ -333,7 +333,7 @@ things very differently.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use this
|
||||
file except in compliance with the License. You can obtain a copy in the file
|
||||
|
|
|
@ -93,7 +93,7 @@ This default store should be stored in the library context I<libctx>.
|
|||
The method to be looked up should be identified with data found in I<data>
|
||||
(which is the I<mcm_data> that was passed to ossl_construct_method()).
|
||||
In other words, the ossl_method_construct() caller is entirely responsible
|
||||
for ensuring the necesssary data is made available.
|
||||
for ensuring the necessary data is made available.
|
||||
|
||||
Optionally, I<prov> may be given as a search criterion, to narrow down the
|
||||
search of a method belonging to just one provider.
|
||||
|
@ -148,7 +148,7 @@ This functionality was added to OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use this
|
||||
file except in compliance with the License. You can obtain a copy in the file
|
||||
|
|
|
@ -297,7 +297,7 @@ in a bitstring that's internal to I<provider>.
|
|||
|
||||
ossl_provider_test_operation_bit() checks if the bit operation I<bitnum>
|
||||
is set (1) or not (0) in the internal I<provider> bitstring, and sets
|
||||
I<*result> to 1 or 0 accorddingly.
|
||||
I<*result> to 1 or 0 accordingly.
|
||||
|
||||
ossl_provider_init_as_child() stores in the library context I<ctx> references to
|
||||
the necessary upcalls for managing child providers. The I<handle> and I<in>
|
||||
|
@ -390,7 +390,7 @@ The functions described here were all added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -15,7 +15,7 @@ ossl_random_add_conf_module - internal random configuration module
|
|||
|
||||
ossl_random_add_conf_module() adds the random configuration module
|
||||
for providers.
|
||||
This allows the type and parameters of the stardard setup of random number
|
||||
This allows the type and parameters of the standard setup of random number
|
||||
generators to be configured with an OpenSSL L<config(5)> file.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
@ -32,7 +32,7 @@ The functions described here were all added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -19,7 +19,7 @@ private/public key pairs, but has had other uses as well.
|
|||
|
||||
=for comment "uses" could as well be "abuses"...
|
||||
|
||||
The private/public key pair that an B<EVP_PKEY> contains is refered to
|
||||
The private/public key pair that an B<EVP_PKEY> contains is referred to
|
||||
as its "internal key" or "origin" (the reason for "origin" is
|
||||
explained further down, in L</Export cache for provider operations>),
|
||||
and it can take one of the following forms:
|
||||
|
@ -202,7 +202,7 @@ L<provider-keymgmt(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -95,6 +95,9 @@ Print out the CRL in text form.
|
|||
|
||||
Verify the signature in the CRL.
|
||||
|
||||
This option is implicitly enabled if any of B<-CApath>, B<-CAfile>
|
||||
or B<-CAstore> is specified.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
Don't output the encoded version of the CRL.
|
||||
|
@ -162,7 +165,7 @@ L<ossl_store-file(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -123,26 +123,31 @@ To see the list of supported MAC's use the command C<openssl list
|
|||
|
||||
=head1 EXAMPLES
|
||||
|
||||
To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: \
|
||||
To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout:
|
||||
|
||||
openssl mac -digest SHA1 \
|
||||
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
|
||||
-in msg.bin HMAC
|
||||
|
||||
To create a SipHash MAC from a file with a binary file output: \
|
||||
To create a SipHash MAC from a file with a binary file output:
|
||||
|
||||
openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
|
||||
-in msg.bin -out out.bin -binary SipHash
|
||||
|
||||
To create a hex-encoded CMAC-AES-128-CBC MAC from a file:\
|
||||
To create a hex-encoded CMAC-AES-128-CBC MAC from a file:
|
||||
|
||||
openssl mac -cipher AES-128-CBC \
|
||||
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
|
||||
-in msg.bin CMAC
|
||||
|
||||
To create a hex-encoded KMAC128 MAC from a file with a Customisation String
|
||||
'Tag' and output length of 16: \
|
||||
'Tag' and output length of 16:
|
||||
|
||||
openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
|
||||
-macopt size:16 -in msg.bin KMAC128
|
||||
|
||||
To create a hex-encoded GMAC-AES-128-GCM with a IV from a file: \
|
||||
To create a hex-encoded GMAC-AES-128-GCM with a IV from a file:
|
||||
|
||||
openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
|
||||
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
|
||||
|
||||
|
@ -165,7 +170,7 @@ L<EVP_MAC-Poly1305(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -472,16 +472,29 @@ any digest that has been set.
|
|||
=item B<string_mask>
|
||||
|
||||
This option masks out the use of certain string types in certain
|
||||
fields. Most users will not need to change this option.
|
||||
fields. Most users will not need to change this option. It can be set to
|
||||
several values:
|
||||
|
||||
It can be set to several values B<default> which is also the default
|
||||
option uses PrintableStrings, T61Strings and BMPStrings if the
|
||||
B<pkix> value is used then only PrintableStrings and BMPStrings will
|
||||
be used. This follows the PKIX recommendation in RFC2459. If the
|
||||
B<utf8only> option is used then only UTF8Strings will be used: this
|
||||
is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
|
||||
option just uses PrintableStrings and T61Strings: certain software has
|
||||
problems with BMPStrings and UTF8Strings: in particular Netscape.
|
||||
=over 4
|
||||
|
||||
=item B<utf8only>
|
||||
- only UTF8Strings are used (this is the default value)
|
||||
|
||||
=item B<pkix>
|
||||
- any string type except T61Strings
|
||||
|
||||
=item B<nombstr>
|
||||
- any string type except BMPStrings and UTF8Strings
|
||||
|
||||
=item B<default>
|
||||
- any kind of string type
|
||||
|
||||
=back
|
||||
|
||||
Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the
|
||||
default B<string_mask>; B<default> is not the default option. The B<nombstr>
|
||||
value is a workaround for some software that has problems with variable-sized
|
||||
BMPStrings and UTF8Strings.
|
||||
|
||||
=item B<req_extensions>
|
||||
|
||||
|
@ -765,7 +778,7 @@ The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -195,14 +195,14 @@ Don't try to verify the signatures on the message.
|
|||
|
||||
=item B<-nocerts>
|
||||
|
||||
When signing a message the signer's certificate is normally included
|
||||
with this option it is excluded. This will reduce the size of the
|
||||
signed message but the verifier must have a copy of the signers certificate
|
||||
When signing a message, the signer's certificate is normally included.
|
||||
With this option it is excluded. This will reduce the size of the
|
||||
signed message, but the verifier must have a copy of the signers certificate
|
||||
available locally (passed using the B<-certfile> option for example).
|
||||
|
||||
=item B<-noattr>
|
||||
|
||||
Normally when a message is signed a set of attributes are included which
|
||||
Normally, when a message is signed, a set of attributes are included which
|
||||
include the signing time and supported symmetric algorithms. With this
|
||||
option they are not included.
|
||||
|
||||
|
@ -243,14 +243,6 @@ used multiple times if more than one signer is required. If a message is being
|
|||
verified then the signers certificates will be written to this file if the
|
||||
verification was successful.
|
||||
|
||||
=item B<-nocerts>
|
||||
|
||||
Don't include signers certificate when signing.
|
||||
|
||||
=item B<-noattr>
|
||||
|
||||
Don't include any signed attributes when signing.
|
||||
|
||||
=item B<-recip> I<file>
|
||||
|
||||
The recipients certificate when decrypting a message. This certificate
|
||||
|
@ -482,7 +474,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -79,6 +79,9 @@ returned.
|
|||
Note that all options must be given before the I<uri> argument.
|
||||
Otherwise they are ignored.
|
||||
|
||||
Note I<-keys> selects exclusively private keys, there is no selector for public
|
||||
keys only.
|
||||
|
||||
=item B<-subject> I<arg>
|
||||
|
||||
Search for an object having the subject name I<arg>.
|
||||
|
@ -137,7 +140,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -163,9 +163,9 @@ use its own default policy. (Optional)
|
|||
=item B<-no_nonce>
|
||||
|
||||
No nonce is specified in the request if this option is
|
||||
given. Otherwise a 64 bit long pseudo-random none is
|
||||
included in the request. It is recommended to use nonce to
|
||||
protect against replay-attacks. (Optional)
|
||||
given. Otherwise, a 64-bit long pseudo-random nonce is
|
||||
included in the request. It is recommended to use a nonce to
|
||||
protect against replay attacks. (Optional)
|
||||
|
||||
=item B<-cert>
|
||||
|
||||
|
@ -652,7 +652,7 @@ L<ossl_store-file(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -41,8 +41,8 @@ OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero
|
|||
STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare);
|
||||
STACK_OF(TYPE) *sk_TYPE_new_null(void);
|
||||
int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n);
|
||||
void sk_TYPE_free(const STACK_OF(TYPE) *sk);
|
||||
void sk_TYPE_zero(const STACK_OF(TYPE) *sk);
|
||||
void sk_TYPE_free(STACK_OF(TYPE) *sk);
|
||||
void sk_TYPE_zero(STACK_OF(TYPE) *sk);
|
||||
TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i);
|
||||
TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr);
|
||||
int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr);
|
||||
|
@ -297,7 +297,7 @@ B<sk_I<TYPE>_reserve>() and B<sk_I<TYPE>_new_reserve>() were added in OpenSSL
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -483,7 +483,7 @@ EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys:
|
|||
|
||||
=over 4
|
||||
|
||||
=item "micalg" (B<OSSL_PARAM_DIGEST_KEY_MICALG>) <UTF8 string>.
|
||||
=item "micalg" (B<OSSL_DIGEST_PARAM_MICALG>) <UTF8 string>.
|
||||
|
||||
Gets the digest Message Integrity Check algorithm string. This is used when
|
||||
creating S/MIME multipart/signed messages, as specified in RFC 3851.
|
||||
|
@ -784,7 +784,7 @@ in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -20,7 +20,7 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines
|
|||
typedef struct evp_kdf_st EVP_KDF;
|
||||
typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
|
||||
|
||||
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
|
||||
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
|
||||
const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
|
||||
void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
|
||||
EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
|
||||
|
@ -304,7 +304,7 @@ This functionality was added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -23,7 +23,9 @@ The EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() functions allow
|
|||
transfer of arbitrary key parameters to and from providers.
|
||||
Not all parameters may be supported by all providers.
|
||||
See L<OSSL_PROVIDER(3)> for more information on providers.
|
||||
See L<OSSL_PARAM(3)> for more information on parameters.
|
||||
The I<params> field is a pointer to a list of B<OSSL_PARAM> structures,
|
||||
terminated with a L<OSSL_PARAM_END(3)> struct.
|
||||
See L<OSSL_PARAM(3)> for information about passing parameters.
|
||||
These functions must only be called after the EVP_PKEY_CTX has been initialised
|
||||
for use in an operation.
|
||||
These methods replace the EVP_PKEY_CTX_ctrl() mechanism. (EVP_PKEY_CTX_ctrl now
|
||||
|
@ -84,7 +86,7 @@ All functions were added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke
|
|||
generation method, but may be required for assurance purposes when receiving
|
||||
keys from a third party.
|
||||
|
||||
The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded
|
||||
by any key size limits as private keys are not expected to be supplied by
|
||||
attackers. For that reason they might take an unbounded time if run on
|
||||
arbitrarily large keys.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
All functions return 1 for success or others for failure.
|
||||
|
@ -86,7 +91,7 @@ EVP_PKEY_private_check() and EVP_PKEY_pairwise_check() were added in OpenSSL 3.0
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -109,7 +109,7 @@ cipher B<c>.
|
|||
|
||||
SSL_CIPHER_description() returns a textual description of the cipher used
|
||||
into the buffer B<buf> of length B<len> provided. If B<buf> is provided, it
|
||||
must be at least 128 bytes, otherwise a buffer will be allocated using
|
||||
must be at least 128 bytes. If B<buf> is NULL it will be allocated using
|
||||
OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails,
|
||||
B<NULL> is returned.
|
||||
|
||||
|
@ -203,7 +203,7 @@ The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -16,7 +16,9 @@ SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store - manipu
|
|||
|
||||
SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
|
||||
of B<ctx> to/with B<store>. If another X509_STORE object is currently
|
||||
set in B<ctx>, it will be X509_STORE_free()ed.
|
||||
set in B<ctx>, it will be X509_STORE_free()ed. SSL_CTX_set_cert_store() will
|
||||
take ownership of the B<store>, i.e., the call C<X509_STORE_free(store)> is no
|
||||
longer needed.
|
||||
|
||||
SSL_CTX_set1_cert_store() sets/replaces the certificate verification storage
|
||||
of B<ctx> to/with B<store>. The B<store>'s reference count is incremented.
|
||||
|
@ -79,7 +81,7 @@ L<SSL_CTX_set_verify(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -144,6 +144,9 @@ B<Client mode:> ignored (see BUGS)
|
|||
|
||||
If the B<mode> is SSL_VERIFY_NONE none of the other flags may be set.
|
||||
|
||||
If verification flags are not modified explicitly by C<SSL_CTX_set_verify()>
|
||||
or C<SSL_set_verify()>, the default value will be SSL_VERIFY_NONE.
|
||||
|
||||
The actual verification procedure is performed either using the built-in
|
||||
verification procedure or using another application provided verification
|
||||
function set with
|
||||
|
@ -363,7 +366,7 @@ and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -68,7 +68,7 @@ SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
|
|||
certificates needed to form the complete certificate chain can be
|
||||
specified using the
|
||||
L<SSL_CTX_add_extra_chain_cert(3)>
|
||||
function.
|
||||
function. On success the reference counter of the B<x> is incremented.
|
||||
|
||||
SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
|
||||
the memory location B<d> (with length B<len>) into B<ctx>,
|
||||
|
@ -97,6 +97,7 @@ to the certificate an error is returned. To change a [certificate/private-key]
|
|||
pair, the new certificate needs to be set first with SSL_use_certificate() or
|
||||
SSL_CTX_use_certificate() before setting the private key with
|
||||
SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().
|
||||
On success the reference counter of the B<pkey>/B<rsa> is incremented.
|
||||
|
||||
SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509
|
||||
certificate B<x>, private key B<key>, and certificate B<chain> onto the
|
||||
|
@ -195,7 +196,7 @@ L<SSL_CTX_add_extra_chain_cert(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -54,7 +54,8 @@ it is not limited to CA certificates.
|
|||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
The following return values can occur:
|
||||
The following return values can occur for SSL_load_client_CA_file_ex(), and
|
||||
SSL_load_client_CA_file():
|
||||
|
||||
=over 4
|
||||
|
||||
|
@ -68,6 +69,21 @@ Pointer to the subject names of the successfully read certificates.
|
|||
|
||||
=back
|
||||
|
||||
The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
|
||||
SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():
|
||||
|
||||
=over 4
|
||||
|
||||
=item 0 (Failure)
|
||||
|
||||
The operation failed.
|
||||
|
||||
=item 1 (Success)
|
||||
|
||||
The operation succeeded.
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Load names of CAs from file and use it as a client CA list:
|
||||
|
@ -96,7 +112,7 @@ were added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -38,6 +38,9 @@ Getter that returns the default digest name.
|
|||
B<SM2> signatures can be generated by using the 'DigestSign' series of APIs, for
|
||||
instance, EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal().
|
||||
Ditto for the verification process by calling the 'DigestVerify' series of APIs.
|
||||
Note that the SM2 algorithm requires the presence of the public key for signatures,
|
||||
as such the B<OSSL_PKEY_PARAM_PUB_KEY> option must be set on any key used in signature
|
||||
generation.
|
||||
|
||||
Before computing an B<SM2> signature, an B<EVP_PKEY_CTX> needs to be created,
|
||||
and an B<SM2> ID must be set for it, like this:
|
||||
|
@ -84,7 +87,7 @@ L<EVP_MD_CTX_set_pkey_ctx(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -136,6 +136,14 @@ To ensure the future compatibility, the engines should be turned to providers.
|
|||
To prefer the provider-based hardware offload, you can specify the default
|
||||
properties to prefer your provider.
|
||||
|
||||
Setting engine-based or application-based default low-level crypto method such
|
||||
as B<RSA_METHOD> or B<EC_KEY_METHOD> is still possible and keys inside the
|
||||
default provider will use the engine-based implementation for the crypto
|
||||
operations. However B<EVP_PKEY>s created by decoding by using B<OSSL_DECODER>,
|
||||
B<PEM_> or B<d2i_> APIs will be provider-based. To create a fully legacy
|
||||
B<EVP_PKEY>s L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_EC_KEY(3)> or similar
|
||||
functions must be used.
|
||||
|
||||
=head3 Versioning Scheme
|
||||
|
||||
The OpenSSL versioning scheme has changed with the OpenSSL 3.0 release. The new
|
||||
|
@ -1298,7 +1306,7 @@ d2i_DSAPrivateKey_bio(), d2i_DSAPrivateKey_fp(), d2i_DSA_PUBKEY(),
|
|||
d2i_DSA_PUBKEY_bio(), d2i_DSA_PUBKEY_fp(), d2i_DSAPublicKey(),
|
||||
d2i_ECParameters(), d2i_ECPrivateKey(), d2i_ECPrivateKey_bio(),
|
||||
d2i_ECPrivateKey_fp(), d2i_EC_PUBKEY(), d2i_EC_PUBKEY_bio(),
|
||||
d2i_EC_PUBKEY_fp(), o2i_ECPublicKey(), d2i_RSAPrivateKey(),
|
||||
d2i_EC_PUBKEY_fp(), d2i_RSAPrivateKey(),
|
||||
d2i_RSAPrivateKey_bio(), d2i_RSAPrivateKey_fp(), d2i_RSA_PUBKEY(),
|
||||
d2i_RSA_PUBKEY_bio(), d2i_RSA_PUBKEY_fp(), d2i_RSAPublicKey(),
|
||||
d2i_RSAPublicKey_bio(), d2i_RSAPublicKey_fp()
|
||||
|
@ -1307,6 +1315,13 @@ See L</Deprecated i2d and d2i functions for low-level key types>
|
|||
|
||||
=item *
|
||||
|
||||
o2i_ECPublicKey()
|
||||
|
||||
Use L<EVP_PKEY_set1_encoded_public_key(3)>.
|
||||
See L</Deprecated low-level key parameter setters>
|
||||
|
||||
=item *
|
||||
|
||||
DES_crypt(), DES_fcrypt(), DES_encrypt1(), DES_encrypt2(), DES_encrypt3(),
|
||||
DES_decrypt3(), DES_ede3_cbc_encrypt(), DES_ede3_cfb64_encrypt(),
|
||||
DES_ede3_cfb_encrypt(),DES_ede3_ofb64_encrypt(),
|
||||
|
@ -1857,13 +1872,20 @@ and L<d2i_RSAPrivateKey(3)/Migration>
|
|||
|
||||
i2d_ECParameters(), i2d_ECPrivateKey(), i2d_ECPrivateKey_bio(),
|
||||
i2d_ECPrivateKey_fp(), i2d_EC_PUBKEY(), i2d_EC_PUBKEY_bio(),
|
||||
i2d_EC_PUBKEY_fp(), i2o_ECPublicKey()
|
||||
i2d_EC_PUBKEY_fp()
|
||||
|
||||
See L</Deprecated low-level key reading and writing functions>
|
||||
and L<d2i_RSAPrivateKey(3)/Migration>
|
||||
|
||||
=item *
|
||||
|
||||
i2o_ECPublicKey()
|
||||
|
||||
Use L<EVP_PKEY_get1_encoded_public_key(3)>.
|
||||
See L</Deprecated low-level key parameter getters>
|
||||
|
||||
=item *
|
||||
|
||||
i2d_RSAPrivateKey(), i2d_RSAPrivateKey_bio(), i2d_RSAPrivateKey_fp(),
|
||||
i2d_RSA_PUBKEY(), i2d_RSA_PUBKEY_bio(), i2d_RSA_PUBKEY_fp(),
|
||||
i2d_RSAPublicKey(), i2d_RSAPublicKey_bio(), i2d_RSAPublicKey_fp()
|
||||
|
@ -2462,7 +2484,7 @@ The migration guide was created for OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -296,20 +296,18 @@ static ossl_inline void ossl_sleep(unsigned long millis)
|
|||
ts.tv_sec = (long int) (millis / 1000);
|
||||
ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
|
||||
nanosleep(&ts, NULL);
|
||||
# elif defined(__TANDEM)
|
||||
# if !defined(_REENTRANT)
|
||||
# elif defined(__TANDEM) && !defined(_REENTRANT)
|
||||
# include <cextdecs.h(PROCESS_DELAY_)>
|
||||
|
||||
/* HPNS does not support usleep for non threaded apps */
|
||||
PROCESS_DELAY_(millis * 1000);
|
||||
# elif defined(_SPT_MODEL_)
|
||||
# include <spthread.h>
|
||||
# include <spt_extensions.h>
|
||||
usleep(millis * 1000);
|
||||
# else
|
||||
usleep(millis * 1000);
|
||||
# endif
|
||||
# else
|
||||
usleep(millis * 1000);
|
||||
unsigned int s = (unsigned int)(millis / 1000);
|
||||
unsigned int us = (unsigned int)((millis % 1000) * 1000);
|
||||
|
||||
if (s > 0)
|
||||
sleep(s);
|
||||
usleep(us);
|
||||
# endif
|
||||
}
|
||||
#elif defined(_WIN32)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -811,8 +811,10 @@ static int bind_helper(ENGINE *e, const char *id)
|
|||
if (!afalg_chk_platform())
|
||||
return 0;
|
||||
|
||||
if (!bind_afalg(e))
|
||||
if (!bind_afalg(e)) {
|
||||
afalg_destroy(e);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -985,7 +985,7 @@ static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
|
|||
size_t inlen);
|
||||
|
||||
if (pdecrypt == NULL)
|
||||
EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
|
||||
EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, NULL, &pdecrypt);
|
||||
return pdecrypt(ctx, out, outlen, in, inlen);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -312,10 +312,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
|||
ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
|
||||
|
||||
if (o != NULL) {
|
||||
BIO *bio = BIO_new(BIO_s_null());
|
||||
if (bio != NULL) {
|
||||
ASN1_item_print(bio, o, 4, i, pctx);
|
||||
BIO_free(bio);
|
||||
/*
|
||||
* Don't print excessively long output to prevent spurious fuzzer
|
||||
* timeouts.
|
||||
*/
|
||||
if (b - buf < 10000) {
|
||||
BIO *bio = BIO_new(BIO_s_null());
|
||||
if (bio != NULL) {
|
||||
ASN1_item_print(bio, o, 4, i, pctx);
|
||||
BIO_free(bio);
|
||||
}
|
||||
}
|
||||
if (ASN1_item_i2d(o, &der, i) > 0) {
|
||||
OPENSSL_free(der);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -87,6 +87,14 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
|
|||
int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
|
||||
int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
|
||||
const BIGNUM *d, BN_CTX *ctx);
|
||||
int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n);
|
||||
int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w);
|
||||
int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range,
|
||||
unsigned int strength, BN_CTX *ctx);
|
||||
int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range,
|
||||
const BIGNUM *priv,
|
||||
const unsigned char *message,
|
||||
size_t message_len, BN_CTX *ctx);
|
||||
|
||||
#define BN_PRIMETEST_COMPOSITE 0
|
||||
#define BN_PRIMETEST_COMPOSITE_WITH_FACTOR 1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -140,6 +140,29 @@ static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
|
|||
return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
|
||||
}
|
||||
|
||||
#ifdef BN_ULONG
|
||||
static ossl_inline BN_ULONG constant_time_msb_bn(BN_ULONG a)
|
||||
{
|
||||
return 0 - (a >> (sizeof(a) * 8 - 1));
|
||||
}
|
||||
|
||||
static ossl_inline BN_ULONG constant_time_lt_bn(BN_ULONG a, BN_ULONG b)
|
||||
{
|
||||
return constant_time_msb_bn(a ^ ((a ^ b) | ((a - b) ^ b)));
|
||||
}
|
||||
|
||||
static ossl_inline BN_ULONG constant_time_is_zero_bn(BN_ULONG a)
|
||||
{
|
||||
return constant_time_msb_bn(~a & (a - 1));
|
||||
}
|
||||
|
||||
static ossl_inline BN_ULONG constant_time_eq_bn(BN_ULONG a,
|
||||
BN_ULONG b)
|
||||
{
|
||||
return constant_time_is_zero_bn(a ^ b);
|
||||
}
|
||||
#endif
|
||||
|
||||
static ossl_inline unsigned int constant_time_ge(unsigned int a,
|
||||
unsigned int b)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -283,10 +283,12 @@
|
|||
# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
|
||||
# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
|
||||
# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
|
||||
# define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
|
||||
# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
|
||||
# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
|
||||
# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
|
||||
# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
|
||||
# define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
|
||||
# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
|
||||
# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
|
||||
# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
|
||||
|
|
23
crypto/openssl/os-dep/Apple/PrivacyInfo.xcprivacy
Normal file
23
crypto/openssl/os-dep/Apple/PrivacyInfo.xcprivacy
Normal file
|
@ -0,0 +1,23 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>NSPrivacyAccessedAPITypes</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>NSPrivacyAccessedAPIType</key>
|
||||
<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
|
||||
<key>NSPrivacyAccessedAPITypeReasons</key>
|
||||
<array>
|
||||
<string>C617.1</string>
|
||||
</array>
|
||||
</dict>
|
||||
</array>
|
||||
<key>NSPrivacyCollectedDataTypes</key>
|
||||
<array/>
|
||||
<key>NSPrivacyTrackingDomains</key>
|
||||
<array/>
|
||||
<key>NSPrivacyTracking</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</plist>
|
|
@ -4,71 +4,71 @@ c049a936d74100fcced225f575d46662792a6a0039777d2d4df0cf61eff90a68 crypto/aes/aes
|
|||
c1e674d08683a25bc053f6233f73a0d0b3a90aafe591ff57b702c7da1582e4a5 crypto/aes/aes_local.h
|
||||
a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes_misc.c
|
||||
6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f crypto/aes/asm/aes-586.pl
|
||||
92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a crypto/aes/asm/aes-armv4.pl
|
||||
953897f86e2de9fa27ef411155ab3aed133af94885f1507e76449c142da78656 crypto/aes/asm/aes-c64xplus.pl
|
||||
2eef5f20f1410b48bdaaafa24ded24f56f34c4ca79db1d38fa6bf1b3b19535bf crypto/aes/asm/aes-armv4.pl
|
||||
38c2cf8ed3910efd89d8721e1b0763a8fde073b91f6529d251165a0496ef9555 crypto/aes/asm/aes-c64xplus.pl
|
||||
00196f01f5218ad731e6a058d406078f7228a9756d9d73f51c0d0c2a68f885af crypto/aes/asm/aes-ia64.S
|
||||
88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl
|
||||
7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl
|
||||
f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl
|
||||
ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl
|
||||
ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl
|
||||
2b3b9ac56bf54334d053857a24bdb08592151e8a7a60b89b8195846b7f8ee7b5 crypto/aes/asm/aes-x86_64.pl
|
||||
c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl
|
||||
14359dc32b7f4e5c08227fb9ac8f9232c1287399463b233fec4a2ab0c19f68d1 crypto/aes/asm/aesni-mb-x86_64.pl
|
||||
2fe016e8098d1c959b6199ce98e91dfed9a3a543d6b068daf88d4c4c402701ec crypto/aes/asm/aesni-sha1-x86_64.pl
|
||||
1d3acabadedb88d1327eeb76201ea9b3f4814f44898018ffae6c73e3f400b89b crypto/aes/asm/aesni-sha256-x86_64.pl
|
||||
b4ef595194fe1692e1ab2b561f385da01b277cf004902e8fc99e8ac5389bbd35 crypto/aes/asm/aes-mips.pl
|
||||
123c4498c94040b70708fdd911cb08c6411b020b4cf3eb761d6fa22c583c3e6f crypto/aes/asm/aes-parisc.pl
|
||||
7a7f2f90791415ef4ffc1ba2a6f6b6fe994bfe0e03d3bf9dab6e428e6874695c crypto/aes/asm/aes-ppc.pl
|
||||
d139e5ad69560fd0ffd8aa2e72304e463650cea4c657be7a90e0d1eb782d580a crypto/aes/asm/aes-s390x.pl
|
||||
133ba35d77002abcd430414749c4e98c4a319630da898e45ff8dbc5800176df1 crypto/aes/asm/aes-sparcv9.pl
|
||||
c98690249d490d23e6fee84f672f1463ffc029427110a4329244a59e4e4aaed8 crypto/aes/asm/aes-x86_64.pl
|
||||
7ec99947b47e56595f0b085b8bda0b3113112f694e78b1f71b63ecd1f0fa2c67 crypto/aes/asm/aesfx-sparcv9.pl
|
||||
ab94a27e533e164bcf09898a6f6019f43609d51a3b374cf75482dcf2914d464e crypto/aes/asm/aesni-mb-x86_64.pl
|
||||
74939261340a0056eb9333fff1c843c8758b9f93de3d94650cd6d2899c6790d8 crypto/aes/asm/aesni-sha1-x86_64.pl
|
||||
ce91f0893a2a35fdf4c024ccb0fd8329b30fdbd955f0ae011ab948101ee14951 crypto/aes/asm/aesni-sha256-x86_64.pl
|
||||
4ff74d4e629a88ef5a9e3d3f5b340fc0a4793d16d7cc7f1b70da62512a856248 crypto/aes/asm/aesni-x86.pl
|
||||
c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl
|
||||
f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl
|
||||
e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl
|
||||
e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl
|
||||
5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl
|
||||
0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl
|
||||
1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl
|
||||
c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4 crypto/aes/asm/vpaes-ppc.pl
|
||||
30103cfe3b29d06b34feff48a927e0fa649e9109d35a3db64b09cfeb15426fa2 crypto/aes/asm/aesni-x86_64.pl
|
||||
67c73dbf78b5f3c8a436800dc43bf122cd1f0c4fefab357359edaae4fbb27e8e crypto/aes/asm/aesp8-ppc.pl
|
||||
a5807ed92ec8a16d123061487c385bf1f65e50878cee95c8e8096844454129f8 crypto/aes/asm/aest4-sparcv9.pl
|
||||
d34cf129a8c63e2b77a74117ed4440a4f35408dabd90e21e70eae92d208fa516 crypto/aes/asm/aesv8-armx.pl
|
||||
a0b578b7d2787c91013547df07dfa73d8d7a420446dd624c66f7c55159817eb2 crypto/aes/asm/bsaes-armv7.pl
|
||||
34accd08242a6bf4a751105f89b0c4de2cd7e54320753587815647abff7124de crypto/aes/asm/bsaes-x86_64.pl
|
||||
d9bc047db9b2f54f27fe0d6e2ede9239b4a1f57a14bf89fa3cfba6b836599386 crypto/aes/asm/vpaes-armv8.pl
|
||||
516421b1a321b842f879ad69e7b82ae3e1f3efc8288c83bb34d6577996e85787 crypto/aes/asm/vpaes-ppc.pl
|
||||
3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3 crypto/aes/asm/vpaes-x86.pl
|
||||
060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4 crypto/aes/asm/vpaes-x86_64.pl
|
||||
2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a crypto/alphacpuid.pl
|
||||
0255a480b78bdcc71f76676f496962a9828eb900f53b7be13be96ae3f67fe6db crypto/arm64cpuid.pl
|
||||
47bedbe6a04254eede121e71f11a657b1f1940aee1916bbfc04fa9fb8454f9b8 crypto/aes/asm/vpaes-x86_64.pl
|
||||
1c9a2a0e8cee4a1283c74b2e306f46f79890f6d236394de2a80d1994fd411d1d crypto/alphacpuid.pl
|
||||
7a37cadacdbecb50304228dfcb087ad7fbb6e31f6ab69c52dd161e79afb2f9ca crypto/arm64cpuid.pl
|
||||
e0daf54f72dd8fd1bc537d93f34e2a6a887a9ed6027bb33e15a327ef5ff37a42 crypto/armcap.c
|
||||
a43f2c1eef16146943745f684f2add7d186924932a47abf7fb0760cba02804e6 crypto/armv4cpuid.pl
|
||||
24cc7611225df0e20e414c14e80516c36d48bf99659946e85a876d8757356686 crypto/armv4cpuid.pl
|
||||
16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa crypto/asn1_dsa.c
|
||||
819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl
|
||||
0070595128b250b9ebdebe48ce53d2d27ca16ec4f7c6c8bd169ab2e4a913b2d1 crypto/bn/asm/armv4-gf2m.pl
|
||||
8c1c53a725b8a4f92b8a353bfeeb393be94198df41c912e3270f9e654417b250 crypto/bn/asm/armv4-mont.pl
|
||||
8d6192337fedb0012764229d600634f8357c3b74fd38bcbfe8b86ddc6ca96ea2 crypto/bn/asm/armv8-mont.pl
|
||||
155eff9d747eed808398cfa2af4b276dfc1f9aac8a0f9d801b314ab3f2bf5b56 crypto/bn/asm/alpha-mont.pl
|
||||
894cc71b2d783e4e1b54dbef45e9e9280165a2c43981ebdd03282f0e90914928 crypto/bn/asm/armv4-gf2m.pl
|
||||
0d2e31dc9cdce02c619adfc9ac720ccf7171384e76a84cdf0e686a805dd7006e crypto/bn/asm/armv4-mont.pl
|
||||
d7df31176f725c1ae7241fee8f681fdcf2ab9eb4d3cc6c80d49c2248ae40a56a crypto/bn/asm/armv8-mont.pl
|
||||
cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8 crypto/bn/asm/bn-586.pl
|
||||
636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd crypto/bn/asm/c64xplus-gf2m.pl
|
||||
10fb73a6cc1bc064ebdcf6d7fe3c7407ea1c28b0d65ad0123046f8b1518fa75a crypto/bn/asm/c64xplus-gf2m.pl
|
||||
c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5 crypto/bn/asm/co-586.pl
|
||||
199b9b100f194a2a128c14f2a71be5a04d50d069666d90ca5b69baee1318ccb7 crypto/bn/asm/ia64-mont.pl
|
||||
b88190d748056e6a64988bf1a3d19efc4c292e3d338a65f4505cf769a2041077 crypto/bn/asm/ia64-mont.pl
|
||||
a511aafbf76647a0c83705d4491c898a5584d300aa449fa6166c8803372946eb crypto/bn/asm/ia64.S
|
||||
687c5d6606fdfd0e242005972d15db74a9cbac2b8a9a54a56fcb1e99d3880ff3 crypto/bn/asm/mips-mont.pl
|
||||
8aca83d2ec45a40af15e59cff1ac2dc33737a3d25f0a0b74d401fa778a5c5eb8 crypto/bn/asm/mips.pl
|
||||
b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b crypto/bn/asm/parisc-mont.pl
|
||||
9973523b361db963eea4938a7a8a3adc692e1a4e1aec4fa1f1e57dc93da37921 crypto/bn/asm/ppc-mont.pl
|
||||
59cd27e1e10c4984b7fb684b27f491e7634473b1bcff197a07e0ca653124aa9a crypto/bn/asm/ppc.pl
|
||||
fee42cabeeb87cdf0fa0a6ff3698b2fe98a8a47d10a756052df572097161a8b9 crypto/bn/asm/mips-mont.pl
|
||||
b197a8e1be79b8c21f8d26b34b9a282ca42ec4bcd1f3212fde3889747082a1f7 crypto/bn/asm/mips.pl
|
||||
13df09cee06a21669137294f92e5c31b4bf05a8035be6800c1cb4403d7cd8290 crypto/bn/asm/parisc-mont.pl
|
||||
25c96e545b4981d45557eb14ea5c83aa2d6375ae0df806cb6e6ded2f59ddfed3 crypto/bn/asm/ppc-mont.pl
|
||||
1c057083546fa1a3bb1b9819dc5110f5a3b11b7bf5a2fb275012323bd7412403 crypto/bn/asm/ppc.pl
|
||||
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 crypto/bn/asm/ppc64-mont-fixed.pl
|
||||
a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl
|
||||
231579e532443665020d4d522d9f11713d9c5d5c814b95b434b0f65452e16de4 crypto/bn/asm/rsaz-avx2.pl
|
||||
1657600d320ea549b527b2d878a7658533d60d26eeb38f42ea470fc612f9bb53 crypto/bn/asm/rsaz-avx512.pl
|
||||
31e84dc905b13e38850071528d3abbfcaf8910bbc8b46f38d19c2b386a5f838e crypto/bn/asm/rsaz-x86_64.pl
|
||||
30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl
|
||||
590388d69d7ac3a0e9af4014792f4f0fdb9552719e8fb48ebc7e5dfca2a491d4 crypto/bn/asm/s390x-mont.pl
|
||||
fe9278a2504fb40257637a4718081775c29c4eb81f87a8528e5c85f8d0c6281a crypto/bn/asm/ppc64-mont.pl
|
||||
94b2d5cf0faf2efddeb5fb7c575dabc35c1791715cc9299d59a01d9f96cb2d6f crypto/bn/asm/rsaz-avx2.pl
|
||||
cd0861a565231f67252e172420f6914fe47a324b35916c29f6304491447fe84c crypto/bn/asm/rsaz-avx512.pl
|
||||
c19c717d87dd1ba74f138af05c044c05f5d025e26323637f46ba54a8c871a378 crypto/bn/asm/rsaz-x86_64.pl
|
||||
ae26becda9f6d30e9edde8bb89c251a0c40a9a6c879c4cdaec273d8c09af9cd6 crypto/bn/asm/s390x-gf2m.pl
|
||||
2700337ef133d6688047a1a8e1c671db06016aae777679923ce2b301896762cf crypto/bn/asm/s390x-mont.pl
|
||||
aa02597f3dc09cfbc190aedb75711859ba0f3efff87067ebfba1ec78ebee40d7 crypto/bn/asm/s390x.S
|
||||
2f7cbc2c3d93b1bbc4953dda38b9ae0ab3a0a8331a0418d94d9b286183736c9e crypto/bn/asm/sparct4-mont.pl
|
||||
87d49e83a7df467097fdfc577aa206be9ee622c40fcbbbe5133b35d9783b7816 crypto/bn/asm/sparct4-mont.pl
|
||||
ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101 crypto/bn/asm/sparcv8.S
|
||||
fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef crypto/bn/asm/sparcv8plus.S
|
||||
127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f crypto/bn/asm/sparcv9-gf2m.pl
|
||||
1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac crypto/bn/asm/sparcv9-mont.pl
|
||||
b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2 crypto/bn/asm/sparcv9a-mont.pl
|
||||
2ec1497fa06826f7bc574239e425dd8dda0d4a2743e1fe87669ede900291fcb6 crypto/bn/asm/sparcv9-gf2m.pl
|
||||
1f490fe184c7a51b2d0646a59e69aa659bfe51270ad21594951b8d7b785bac38 crypto/bn/asm/sparcv9-mont.pl
|
||||
277dcb7faa1913b25fd43946c50039bcdd45cb643fd9ddeedd6c207cefa4dd50 crypto/bn/asm/sparcv9a-mont.pl
|
||||
d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/via-mont.pl
|
||||
d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea crypto/bn/asm/vis3-mont.pl
|
||||
d632edf9b9bab7d2cd2d616512a98d15cf4b3ebba7a8e7b83650d654ceb52ecb crypto/bn/asm/vis3-mont.pl
|
||||
89278854f44d95be916516609ce6f79dcd346bab52574b9b6336a9952aa94bee crypto/bn/asm/x86-gf2m.pl
|
||||
90d4ae234c08267adce9ed38d56e0edc223f7480cb9605f5d7399d0b3914c6be crypto/bn/asm/x86-mont.pl
|
||||
d444ca73875e97e0ea88b20e4c02f2fcf3850e8b9311e3b67a2d04fe2796d543 crypto/bn/asm/x86_64-gcc.c
|
||||
709ddee92e9222ee0ed27bfb90db556e85e2d302e4a9131afa25fdc14c4d858f crypto/bn/asm/x86_64-gf2m.pl
|
||||
da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c crypto/bn/asm/x86_64-mont.pl
|
||||
259fb8d7f40c0dba46920b1f169d5b37de03b0fda645463d19e3ae2b56de851d crypto/bn/asm/x86_64-mont5.pl
|
||||
a5481ca55d94dc7ebdc93173610d38ae2569cea1fe9b5180debe0ab94e455ce1 crypto/bn/asm/x86_64-gf2m.pl
|
||||
d8cc080824a72774cb3343a3d50ddf8f41a5b8321203d4c9a764762b62498b96 crypto/bn/asm/x86_64-mont.pl
|
||||
03788cb685268e6a50ddfa742ea1fe937570c9b86f2ebc88ee35f3304f67c045 crypto/bn/asm/x86_64-mont5.pl
|
||||
0ea8185a037a2951bb3d1e590bbbdeac305176d5e618f3e43a04c09733a9de34 crypto/bn/bn_add.c
|
||||
759c2b9df808b3562fe8b0c7778dbadbf35f261e14fc2d5090d18c35b4181760 crypto/bn/bn_asm.c
|
||||
14bd5a35c05fcf454854b92fb30b356d7ac618c1eb699dd798f6ad2936d1f5ee crypto/bn/bn_blind.c
|
||||
|
@ -83,7 +83,7 @@ baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_g
|
|||
5fbb1ab8463cd5544a1d95cf7996b6387ae634984a42256b7a21482ce3ac30a2 crypto/bn/bn_gf2m.c
|
||||
081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c
|
||||
602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c
|
||||
bf73a1788a92142963177fb698bc518af9981bbf0ad9784701fbb2462ca10607 crypto/bn/bn_lib.c
|
||||
81a4afc27dd1e90c4bfa81c8d385214ce8a2b5884537752944a71ebebd91f4b0 crypto/bn/bn_lib.c
|
||||
d5beb9fbac2ff5dc3ccbdfa4d1aabca7225c778cff4e3b05b6d6c63e182637f5 crypto/bn/bn_local.h
|
||||
96f98cdf50087c5b567c31bf2581728623206d79b3f97f5a0c5fdaa0009e6e3c crypto/bn/bn_mod.c
|
||||
f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_mont.c
|
||||
|
@ -92,10 +92,10 @@ f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_m
|
|||
b3677b73ac29aab660c9a549f7af154ca14347fac5cffd43b153a75211f1373f crypto/bn/bn_nist.c
|
||||
c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c
|
||||
c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h
|
||||
628419eabdb88b265823e43a7a1c88fdfecef79771180836f6089050dc9eadb1 crypto/bn/bn_rand.c
|
||||
71186d5bd40d467a919e6449d8aa23d13df88e0c85765d1a165f3eeec6bd33a7 crypto/bn/bn_rand.c
|
||||
4df8f204c8a06de2b4395be613ca0b9943613c523586e2005876d5c7bb891c75 crypto/bn/bn_recp.c
|
||||
a5c5c9f99961a5a7f22a3dcdce964c8a330f822be17f08652223a20fed747d0a crypto/bn/bn_rsa_fips186_4.c
|
||||
704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c
|
||||
6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3 crypto/bn/bn_shift.c
|
||||
622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c
|
||||
42c8ce944c889abcfcf089d0ad2744b7587696d8d7785efa91b3f7ec53dc062a crypto/bn/bn_sqrt.c
|
||||
24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c
|
||||
|
@ -104,7 +104,7 @@ c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz
|
|||
5b82cb8dbf3087c2e671871cb0a92e4039223a51af533a2ee996f3bfd47453a7 crypto/bn/rsaz_exp_x2.c
|
||||
834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c
|
||||
c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c
|
||||
5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl
|
||||
d2bfdfd96b182741d2d51f91478ffcc48491b0da44662bc1c32bc506b3eef1ba crypto/c64xpluscpuid.pl
|
||||
0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d crypto/cmac/cmac.c
|
||||
ff9be205d6d7ff00b0e64508f0eb8d9ec0415fbabc0948d26e308212b3f7b2d8 crypto/context.c
|
||||
c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c
|
||||
|
@ -130,28 +130,28 @@ b0c248efc7dad48eaceb939a18cb2592cbfe5b02dd406592e5e590645488b153 crypto/dh/dh_k
|
|||
92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c
|
||||
8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h
|
||||
bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c
|
||||
d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c
|
||||
786d6c65ced7ee4e25f5dd7c3150259ec95b6aa321a7590d905757b8139f8230 crypto/dsa/dsa_check.c
|
||||
ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c
|
||||
b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c
|
||||
9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c
|
||||
f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h
|
||||
c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c
|
||||
d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c
|
||||
196dc024873e413d92672c3a9b6c062ed6269250b0da6d41c0da1c03cfec9ef8 crypto/dsa/dsa_ossl.c
|
||||
9f501a59c09fc3cb3caafaff25abd44397a94d1062950a4d62e855d2c8986b5a crypto/dsa/dsa_sign.c
|
||||
53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c
|
||||
d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl
|
||||
78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1 crypto/ec/asm/ecp_nistz256-armv4.pl
|
||||
4617351d2de4d0b2abfd358c58050cee00702d0b4c1acca09312ec870e351c7d crypto/ec/asm/ecp_nistz256-armv8.pl
|
||||
3715ddd921425f3018741037f01455ed26a840ace08691a800708170a66cf4d2 crypto/ec/asm/ecp_nistz256-ppc64.pl
|
||||
cfe7e75a2fddc87a7251684469a8808b9da82b2f5725eafad5806920f89932bd crypto/ec/asm/ecp_nistz256-sparcv9.pl
|
||||
786779d7014bc04846832f80638743784a3850c7ee36e4a8062fe8eb7ac31c9b crypto/ec/asm/ecp_nistp521-ppc64.pl
|
||||
2e3056ea14fab8b306b0281d6a6f4317a6e86dbf652a79ade726e716cd79bb1e crypto/ec/asm/ecp_nistz256-armv4.pl
|
||||
a02edef19d22c5aba196080942111ab0172fc2ebe6d6c40db2beb6a1a2d885c6 crypto/ec/asm/ecp_nistz256-armv8.pl
|
||||
729729f8233c95138158f4647b33a36cf175e707ce29563db0eedc811f324ec0 crypto/ec/asm/ecp_nistz256-ppc64.pl
|
||||
78a5b172f7c13ae8ac622439ffb9d99b240dbb4bbda3f5c88d1533ae74a445ad crypto/ec/asm/ecp_nistz256-sparcv9.pl
|
||||
922725c4761cfa567af6ed9ecab04f2c7729ae2595f2fc0fa46dc67879dc87b0 crypto/ec/asm/ecp_nistz256-x86.pl
|
||||
ac327475c7ec828d11aa05628b4e3b81ec3b1400f30fe7bec01daf3cf71f2dc9 crypto/ec/asm/ecp_nistz256-x86_64.pl
|
||||
cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368 crypto/ec/asm/x25519-ppc64.pl
|
||||
ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/x25519-x86_64.pl
|
||||
19ba01af58788e2873ebc1d5b503a76604bec0b9b6296fa794946e141fc945a4 crypto/ec/asm/ecp_nistz256-x86_64.pl
|
||||
e806141073aa3792e2748f6feeee6d3017124b3bc6059a9eca0d53a2f5785346 crypto/ec/asm/x25519-ppc64.pl
|
||||
a397592dc9fdb13016311db6184b4a3a4f2e198aacb03528f770f30ea4966cc4 crypto/ec/asm/x25519-x86_64.pl
|
||||
340336e01aa04fcde9bfd56536f90c9bc0ad56a002b6cfa321a1e421f1e93ceb crypto/ec/curve25519.c
|
||||
9a95ec8366154bb20aeb24f4767a8cbb9953ca0380708eb2f39caca6078cd59e crypto/ec/curve448/arch_32/f_impl32.c
|
||||
063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h
|
||||
43423b7ee85a5c740c1d81499ee06f4a17732c7731a598e7429d5e402ee77cf4 crypto/ec/curve448/arch_64/f_impl.h
|
||||
1689097ae10e4982a8cbe50c2f6eddb03c83436f331f0b67edb98d6b58adc962 crypto/ec/curve448/arch_64/f_impl64.c
|
||||
012d4a9c8aed4a66cd3a3eef17d4b4d8f3c6f384449cd057bd292b98e072a283 crypto/ec/curve448/arch_64/f_impl64.c
|
||||
9b408ec0d43f3b6d714ef5963147e2c2abaddc88633db7dd759193d3c56ed727 crypto/ec/curve448/curve448.c
|
||||
3c12d90e3fdd59b5d32d63186f1a6f15c75eb73f5035b844a2054356a9459780 crypto/ec/curve448/curve448_local.h
|
||||
178fb9863c33174b633c2e7607160b1bedb506d66cc06d53382d87431441f306 crypto/ec/curve448/curve448_tables.c
|
||||
|
@ -178,7 +178,7 @@ fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_m
|
|||
129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c
|
||||
c7fba2f2c33f67dafa23caef8c3abd12f5336274a9a07d412b83be0366969ee6 crypto/ec/ecdh_kdf.c
|
||||
b2cf8f052a5716137da7b0e857ed7a5df5fb513b6d14534199a05e32f2b5a866 crypto/ec/ecdh_ossl.c
|
||||
099f7836a31643c58bda3829090ea81fe3d5acaa4c6f7b145d8355a4293d0ccc crypto/ec/ecdsa_ossl.c
|
||||
031f99c746ac746c1d4f243dd71c8246b502ff00c1d7ca29f7ca024f0e37e14a crypto/ec/ecdsa_ossl.c
|
||||
b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93 crypto/ec/ecdsa_sign.c
|
||||
f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c
|
||||
141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c
|
||||
|
@ -203,7 +203,7 @@ ca8c6cfd30efd53f2e5d1f19bcf09a3a3d0dff6d8947c3943d07a3f4b354aa86 crypto/evp/exc
|
|||
9e25042581b73e295c059c6217f3ecf809134d518eb79b1b67f34e3ca9145677 crypto/evp/kdf_lib.c
|
||||
1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c
|
||||
5179624b8e03615dc9caedc9ec16d094fa081495613dd552d71c2c39475bcd83 crypto/evp/kem.c
|
||||
5016dd7ef8b4cf7e9ea8465c18d1daa4c8808cb589261cf236058ee75bc868d7 crypto/evp/keymgmt_lib.c
|
||||
5cf3e490bf917bd37ae70313d126ae4720432fbec518e4a45e8fa886d5e1689a crypto/evp/keymgmt_lib.c
|
||||
46ffdc73f8a7fc314dc8988f2751a6e9f9784719f4f162dc4be2450b65b55261 crypto/evp/keymgmt_meth.c
|
||||
e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c
|
||||
4290c95f63b43688a8da57690d122add5161a6811f9753da1444d28f46739961 crypto/evp/mac_lib.c
|
||||
|
@ -212,7 +212,7 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac
|
|||
3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c
|
||||
1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c
|
||||
76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c
|
||||
4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c
|
||||
53058617c153a7676e7ca18c98c23df867a93087d67935907076f3c5bd65c15e crypto/evp/signature.c
|
||||
f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c
|
||||
1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c
|
||||
a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c
|
||||
|
@ -228,19 +228,19 @@ f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthr
|
|||
7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c
|
||||
5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h
|
||||
f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c
|
||||
e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl
|
||||
1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl
|
||||
c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904 crypto/modes/asm/ghash-alpha.pl
|
||||
6bc7d63569c73d7020ede481f2de05221ac92403c7cc11e7263ada7644f6aa9b crypto/modes/asm/ghash-armv4.pl
|
||||
097975df63370de7ebea012d17de14fc1f361fb83acf03b432a99ae7d5bceb24 crypto/modes/asm/ghash-c64xplus.pl
|
||||
fdde3bc48b37790c6e0006014da71e7a831bbb4fdbfcda2d01dbe0ceb0ba88fa crypto/modes/asm/ghash-ia64.pl
|
||||
e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/asm/ghash-parisc.pl
|
||||
6fb4332ac88113a20915ad4de1931ef88b0114b5379b16e1d967820e1229fbb0 crypto/modes/asm/ghash-s390x.pl
|
||||
6af1a05981e1d41e4dea51e58938360e3abc4a4f58e179908242466d032b1a8a crypto/modes/asm/ghash-sparcv9.pl
|
||||
78a20112586dbce2b8b6e509a0f46f6a36f2a4acf53c3f3511daf7932a71c391 crypto/modes/asm/aes-gcm-armv8_64.pl
|
||||
e482f02932d77d61142548ca4f3c8d5709d88ec14ab84723d82331444c0f57da crypto/modes/asm/aesni-gcm-x86_64.pl
|
||||
8fdcb4313fa3a6e541a697525856b9527a06ddf4c794f9393e843f86d67f543c crypto/modes/asm/ghash-alpha.pl
|
||||
ace8c376b394439301cecaf468d2a9a8adae21eff1d43191cefbf6765023452d crypto/modes/asm/ghash-armv4.pl
|
||||
c22f4945e7de3bd7bfef73447f09983e40a3e4dd0938244d902a1c44c98a8467 crypto/modes/asm/ghash-c64xplus.pl
|
||||
315a76491cdba48c88df6549c9efd96b50515400810b185a568b7a871681e03d crypto/modes/asm/ghash-ia64.pl
|
||||
25e9f494fcb6eb636c04af2f322736fae8aa339037e199332c96b8c9c3a50afa crypto/modes/asm/ghash-parisc.pl
|
||||
f22d5fa646b4fc2db008b6b05ec07c8790d3ad5485d2b10218fd11d0e81030ba crypto/modes/asm/ghash-s390x.pl
|
||||
de97107e0c19ff9dd4069f0761eccb00e0b3ced345e1f119ab3b918dd2f9c5f6 crypto/modes/asm/ghash-sparcv9.pl
|
||||
26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl
|
||||
72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl
|
||||
a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl
|
||||
69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl
|
||||
2a0d23a644083e46745c7cb1ca79de393af9336a2e8eab7c85ffeb3b7b1a286f crypto/modes/asm/ghash-x86_64.pl
|
||||
b407d9fc6ea65fe1a05edc2d139298d78391f3c165314fa6d56dd375b8e453cd crypto/modes/asm/ghashp8-ppc.pl
|
||||
d8436f6dc43a18d49b1a16999ecb513ccf4483f418f75edc01ce68e777c614a9 crypto/modes/asm/ghashv8-armx.pl
|
||||
65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c
|
||||
1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c
|
||||
d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c
|
||||
|
@ -249,7 +249,7 @@ af1c034152d82b29cb7c938c8516cfd136b62bac0908c1d40eb50790d23b288c crypto/modes/c
|
|||
bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/ofb128.c
|
||||
e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c
|
||||
608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c
|
||||
8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c
|
||||
fecd75b0e1646fb18eeb6b1f528015296157a9bcf97191d0f32b9619aa4f0ffb crypto/o_str.c
|
||||
8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c
|
||||
c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55 crypto/param_build.c
|
||||
2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c
|
||||
|
@ -257,14 +257,14 @@ c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55 crypto/param_b
|
|||
4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
|
||||
b6cbfc8791b31587f32a3f9e4c117549793528ebddc34a361bad1ad8cf8d4c42 crypto/params_from_text.c
|
||||
97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c
|
||||
3ca43596a7528dec8ff9d1a3cd0d68b62640f84b1d6a8b5e4842cfd0be1133ad crypto/ppccpuid.pl
|
||||
826a78afb376cbf1e87f12a2a67eef2ee47059a0fd3f9cba7ce7f035e34f8052 crypto/ppccpuid.pl
|
||||
b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c
|
||||
3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c
|
||||
66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h
|
||||
37dba5e1f8a2f8cb8a69e491d52386359c9d08a3c7e43ac1c7a989b72b71593c crypto/property/property_parse.c
|
||||
b0b382ce829192d2537561cfb0fb5c7afb04305f321f7b3c91441b4ba99b9c92 crypto/property/property_parse.c
|
||||
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
|
||||
065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
|
||||
0b38639ffc696d6037ace06cc0169bb5c411ee1c6bacc1fa18b3abd82000e69f crypto/provider_core.c
|
||||
dcc44eba5d01dc248c37ec7b394d48660627c0fa4933d2b93993e1f2ac4b71da crypto/provider_core.c
|
||||
d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h
|
||||
5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c
|
||||
a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c
|
||||
|
@ -288,50 +288,50 @@ f01af62704dbf9457e2669c3e7c1d4d740f0388faa49df93611b987a8aa2bf11 crypto/rsa/rsa
|
|||
3aba73dacebb046faf8d09dc279149b52c629004b524ec33e6d81c8ad0bc31a8 crypto/rsa/rsa_sp800_56b_gen.c
|
||||
1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c
|
||||
0acbebed48f6242d595c21e3c1ad69da0daa960d62062e8970209deda144f337 crypto/s390xcap.c
|
||||
22205848cfb55116ebf999dced8331b575886a609ce29e6886e6267b2310c337 crypto/s390xcpuid.pl
|
||||
370d98549d4d98e04b60677b319b85904259359bd9401dd5385aa728278e6626 crypto/s390xcpuid.pl
|
||||
5fa59240ca885cbc0c1cd026934b226d44fc9c3fdf0c2e7e3a7bd7f4963ca2e5 crypto/self_test_core.c
|
||||
05c533fde7fdba0c76103e97d881b7224c8427451b453e2f6413552996063e31 crypto/sha/asm/keccak1600-armv4.pl
|
||||
ca3b2b654f9a8c4bc2fa2538c1f19d17acd4a6b9e0df6a4b81df04efa697e67e crypto/sha/asm/keccak1600-armv8.pl
|
||||
12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl
|
||||
faf0cccb685d5abc807e08db194f847c67b940da2fc3c235c210dc31d73a5334 crypto/sha/asm/keccak1600-avx512.pl
|
||||
be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm/keccak1600-avx512vl.pl
|
||||
33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl
|
||||
58a1a8aeb45421954fa0e4bc87157addb96d086ac4e6aade47da96523cecaa74 crypto/sha/asm/keccak1600-armv4.pl
|
||||
d6df6cfdd4e2fee52dc16fd31c91768c45c48c22700c486406d70ecb37e8a8bb crypto/sha/asm/keccak1600-armv8.pl
|
||||
81bfb4484d68a3a3e1d704855f76356090867fe10a75db7707b6f7364e8ee8da crypto/sha/asm/keccak1600-avx2.pl
|
||||
b7bb35d51d439abbf3810454ccb9bfb5a51e2111eaf389fb95796ad6220a61a0 crypto/sha/asm/keccak1600-avx512.pl
|
||||
37365dcc576f99006132271968bab990e2bebdab7f4168c726bd449a2fa51c6a crypto/sha/asm/keccak1600-avx512vl.pl
|
||||
2767ae2f379a7a3d0c6dd1471d4d90dd896545b456cb6efd6c230df29e511d70 crypto/sha/asm/keccak1600-c64x.pl
|
||||
09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl
|
||||
ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a crypto/sha/asm/keccak1600-ppc64.pl
|
||||
a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970 crypto/sha/asm/keccak1600-s390x.pl
|
||||
618dcd4891b4064d3b8aa6dcd74bea7ef55f4962a64957b05a05448f6e3e0f17 crypto/sha/asm/keccak1600-x86_64.pl
|
||||
831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl
|
||||
485dcc50a51705b86c6dc47e6f58d092fec05dfbfcdf4f2785e4235c67cfe742 crypto/sha/asm/keccak1600-ppc64.pl
|
||||
49535b60a1a981059a2a9636fdeeab22942d2a15e775b1ec9b5af8937a46aa76 crypto/sha/asm/keccak1600-s390x.pl
|
||||
093751655b460d33b2fa6aa4d63a86e902f7f20b2d2a02ed948b78e5698c0dd5 crypto/sha/asm/keccak1600-x86_64.pl
|
||||
e0a4a1df82716053a3f01ec0b096c735a0e3c4f6c9d9ec6b2006b37aaac64448 crypto/sha/asm/keccak1600p8-ppc.pl
|
||||
75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl
|
||||
c96e87d4f5311cd73bbdf499acc03418588be12426d878e157dd67e0099e0219 crypto/sha/asm/sha1-alpha.pl
|
||||
4ba6d1c7f12fe76bf39babea966f0a4b7f8769e0c0510cbfc2c46a65dd62d45c crypto/sha/asm/sha1-armv4-large.pl
|
||||
efc69cb0d867b7fac6b3fa8985c343d1f984d552bc8e75bbbbace0adf9ee5f15 crypto/sha/asm/sha1-armv8.pl
|
||||
11d332b4e058e9fa418d6633316d2e9f9bf520a08b2d933e877bdf38b2edefcf crypto/sha/asm/sha1-c64xplus.pl
|
||||
32ff0e701a7b8f25bcfe8477b20795de54f536527bd87d3ce694fd9aaae356d4 crypto/sha/asm/sha1-ia64.pl
|
||||
471c27efca685b2a82ad7fefe329ca54172df9f49b9785da6d706b913b75e693 crypto/sha/asm/sha1-mb-x86_64.pl
|
||||
0f5c63cf09e950d1b488935ab3b5562e3e9d5cd1a563fb88a41e3dae90a35e6d crypto/sha/asm/sha1-mips.pl
|
||||
b5ffd7b6dbb04c05de7efa2945adb67ea845e7e61a3bf163a532f7b6acdf4267 crypto/sha/asm/sha1-parisc.pl
|
||||
482cd23ca6ec38d6f62b90c68f9f20643579c50f2c0fbb0dab1c10a0e35efe77 crypto/sha/asm/sha1-ppc.pl
|
||||
28cf69efd53d7a5a8c32e0f8db32c193f41b91faf44f5f59944334bc3f5aa337 crypto/sha/asm/sha1-s390x.pl
|
||||
7fd355b412ddfa1c510e0ba3284f75b1c0d621b6db2ecb1d2a935d5cdb706628 crypto/sha/asm/sha1-sparcv9.pl
|
||||
24554e68b0e7b7db7b635ff149549015f623ca0bcd9ae90439586a2076f6ae80 crypto/sha/asm/sha1-sparcv9a.pl
|
||||
74d197cdd72400cabbff7e173f72c8976723081508b095dc995e8cd1abf3daa6 crypto/sha/asm/sha1-thumb.pl
|
||||
a59a86293e28f5600609dc8af2b39c5285580ae8636520990b000eeeb67bb889 crypto/sha/asm/sha1-x86_64.pl
|
||||
8d937771993f04407f5fdcca8ca8565f9f8a4d9c9a8f7bfd4e9f9121dd0450bb crypto/sha/asm/sha1-alpha.pl
|
||||
ab7ecd62896324393b1fd9020515b9c0d2b9cc34d559f2efafa35affc9a1485d crypto/sha/asm/sha1-armv4-large.pl
|
||||
0acc4e40f793d4d2b960af2baaecc91176ba6742ddd62dca0c33ddc838c58772 crypto/sha/asm/sha1-armv8.pl
|
||||
c36f51761e7f59bdd0f61230297fb802542ac5d2d1c6d2b1096ed937131bd583 crypto/sha/asm/sha1-c64xplus.pl
|
||||
4ab7c9153b085274a579b388ddff97a4ac7e11585e01811ca95b93a3ec786605 crypto/sha/asm/sha1-ia64.pl
|
||||
7a392c5ef7dc19c39d67c7080e0c5214e7a80572c85c022be7e7d4378a5f740d crypto/sha/asm/sha1-mb-x86_64.pl
|
||||
c0fea5a0d32001263c8bcf7fc0757aa68c6a7377f20fef8d28708e1b81de5dec crypto/sha/asm/sha1-mips.pl
|
||||
f11b75a54c5f42aa3a052de8091bfba47d7cac01920b2fe0ddcb637d4c9d0eb9 crypto/sha/asm/sha1-parisc.pl
|
||||
d46ef3fc166271a83144d90985034e2c514bd1020b84ec0fe5427ad593bfeb74 crypto/sha/asm/sha1-ppc.pl
|
||||
a48c7d9403fe99fbd4daec60e96eb22058da766ab9e606d084a63613962851a2 crypto/sha/asm/sha1-s390x.pl
|
||||
0e2951e0574c64ee055ffddf16ceefdec00823107d60362976605f139ad8ae68 crypto/sha/asm/sha1-sparcv9.pl
|
||||
5da48400d4fae85e205e95a2fa368e7bf525e51e274b1dd680dfb48645426c85 crypto/sha/asm/sha1-sparcv9a.pl
|
||||
04b73c902d36c28b5a7eab47cb85f743eb9c648ed5936f64f655524a1010a1b5 crypto/sha/asm/sha1-thumb.pl
|
||||
f36d7ec7464c932230585a754b91f13cea4cde5a381fc9f798d959256d07910e crypto/sha/asm/sha1-x86_64.pl
|
||||
c099059ef107f548ea2c2bab64a4eb8c277070ce6d74c4d32bb9808dc19c5fa3 crypto/sha/asm/sha256-586.pl
|
||||
b9cee5c5a283f61f601d2dba68a7a76e7aba10bfafffc1a5c4987f9c0aa6f87d crypto/sha/asm/sha256-armv4.pl
|
||||
93ddc97651ee3e779144a3c6b3e46a1bc4aa81e75cd7b9df068a2aef8743d25f crypto/sha/asm/sha256-c64xplus.pl
|
||||
8be5c5d69733ecb16774aa8410b4bcb3623a9f060d2be103d8aa67bf6e4c5843 crypto/sha/asm/sha256-mb-x86_64.pl
|
||||
3a8cf38dd398a7ab1d9c6701fa61c428b07c4431a0041ed3a2ddf937897825c1 crypto/sha/asm/sha256-armv4.pl
|
||||
c394bb5b0ff05595a9e6848b6602a0f29f73a79fc006593740f3ca645ad9d316 crypto/sha/asm/sha256-c64xplus.pl
|
||||
f33af8e2e2f57b7b63b8c8b35722d7d11ca6ef1f73fb6c4ccebdd3e86912f4b1 crypto/sha/asm/sha256-mb-x86_64.pl
|
||||
dd82e1311703abb019975fc7b61fb87d67e1ed916dddd065aced051e851114b9 crypto/sha/asm/sha512-586.pl
|
||||
8d84164f3cfd53290c0c14bb5655510b7a9238857866328c0604d64b4e76fe21 crypto/sha/asm/sha512-armv4.pl
|
||||
dadacb6d66b160913bffb4e1a6c3e5f7be6509b26e2c099701d8d3fdb92c1be0 crypto/sha/asm/sha512-armv8.pl
|
||||
6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb crypto/sha/asm/sha512-c64xplus.pl
|
||||
9fa54fbc34fd881f4b344374b9b4f8fb15b641424be7af9a31c71af89ae5d577 crypto/sha/asm/sha512-ia64.pl
|
||||
fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm/sha512-mips.pl
|
||||
11548f06d213947104a80898e000218ec0d6ff3f6913f6582de498476482ce9f crypto/sha/asm/sha512-parisc.pl
|
||||
7c0c490ce6bb11a228853aecad5e164ce84e5bdabb8a6658ae7184782076c7d3 crypto/sha/asm/sha512-ppc.pl
|
||||
38e0455fd6a2b93a7a5385379ca92bc6526585ca1eb4af365fac4c78f7285c72 crypto/sha/asm/sha512-s390x.pl
|
||||
0611845c52091b0208dd41f22ddef9dd1e68d3d92fa4c4360738b840a6314de6 crypto/sha/asm/sha512-sparcv9.pl
|
||||
f64d16c1e5c3fa4a7969de494a8372127502171a517c14be7a1e3a43a7308699 crypto/sha/asm/sha512-x86_64.pl
|
||||
8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl
|
||||
1f9ba79b1d591b7aa37b62382422cb025f5b45784d26cc5790c05cf4eb52b792 crypto/sha/asm/sha512-armv4.pl
|
||||
8136196fce18b736f671a4b4945cd4aa4ab25a28c90c6fc9ab31ff771e8e0d9f crypto/sha/asm/sha512-armv8.pl
|
||||
5b6796a9978b69fd78ee2ff1adc5cf35d44cad8194a38d1c2aba2023012cf252 crypto/sha/asm/sha512-c64xplus.pl
|
||||
e8df660671ba61aa2e8f51358baf5d8ca913093e2ee1a40c9cb46d9c2c0851f6 crypto/sha/asm/sha512-ia64.pl
|
||||
525f253ef8051bfb0e344ac2e40688ce359a42707fe360d23a03f522cc88c81a crypto/sha/asm/sha512-mips.pl
|
||||
3c3e03529d8514467f8d77c01978348636bb339315feb8041fbde7640565001e crypto/sha/asm/sha512-parisc.pl
|
||||
952ef1b10e8bbe3f638cc798b91ab9c5b47b66ed8fe94647b1beec9874f2e71e crypto/sha/asm/sha512-ppc.pl
|
||||
193a0ea240264b29dd68a425f604a6da4b18e28838dcf909dd7e711af880f782 crypto/sha/asm/sha512-s390x.pl
|
||||
dcb466a1e5938fb64ecb38b0533602192d61334da864ee8dfdcfa12d3cdfa273 crypto/sha/asm/sha512-sparcv9.pl
|
||||
bb6503967a58b767a3e73441cfabc77f15c8ac747f377e276d4aa63d05f2c3c4 crypto/sha/asm/sha512-x86_64.pl
|
||||
68d2f3b2dccb978ee42640f4fb4d2eae6b74d071017a3eedd9e7cb77762817dc crypto/sha/asm/sha512p8-ppc.pl
|
||||
57f6cf54b1b5d2cac7a8f622b7b6bd1878f360fff3fa0f02352061c24162ebbb crypto/sha/keccak1600.c
|
||||
306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c
|
||||
4d8cf04f5806611e7586aab47fb28165ec1afb00168e2c9876bb36cb5c29bf8b crypto/sha/sha256.c
|
||||
|
@ -346,12 +346,12 @@ c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_
|
|||
a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c
|
||||
3729e2bd36f945808b578e0d89fac0fcb3114e4fc9381614bcbd8a9869991716 crypto/threads_pthread.c
|
||||
88423960f0414f6fd41fba4f4c67f9f7260c2741e4788adcd52493e895ec8027 crypto/threads_win.c
|
||||
fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl
|
||||
af0af59fe2cb8668a96751f343232d7faa3e7a937beb2bda09ed74fe60b9cb5f crypto/x86_64cpuid.pl
|
||||
bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl
|
||||
0a9c484f640d96e918921f57f592e82e99ccdbe35d3138d64b10c7af839e9a07 e_os.h
|
||||
acbb841170d4d3eb91d969be1c0e4973b1babfd5fcd76440b0628f509f82fd76 e_os.h
|
||||
6f353dc7c8c4d8f24f7ffbf920668ccb224ebb5810805a7c80d96770cd858005 include/crypto/aes_platform.h
|
||||
8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h
|
||||
8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h
|
||||
f6b01cff254311e973361190011cb6aa4d24b3a8c92f54e5191b7e2f669b8745 include/crypto/bn.h
|
||||
1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in
|
||||
7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h
|
||||
e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h
|
||||
|
@ -373,7 +373,7 @@ f326212c978576c5346c89ae0336c2428594494b54054f6045b1f1038bfbc004 include/crypto
|
|||
7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h
|
||||
7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e include/crypto/types.h
|
||||
782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h
|
||||
92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h
|
||||
8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598 include/internal/constant_time.h
|
||||
c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h
|
||||
0b572801dfb8a41cc239e3439f8097a0ad11bbdf5d54811d10ceba3175cf2f17 include/internal/cryptlib.h
|
||||
9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h
|
||||
|
@ -495,7 +495,7 @@ eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/comm
|
|||
5b94312727ca33e4f5c038f4caaae8417bf584cfde22df83d91f3c55c30c81ee providers/common/securitycheck.c
|
||||
527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c
|
||||
abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c
|
||||
0f761a26c8fa6ad8d5a15c817afe1741352b21769b2164a2eb7dd50e1f6fe04f providers/fips/fipsprov.c
|
||||
4a5ed1059ea6c5ef8d4b2a074b3da332443468852f58c18555f67f5d6d98606a providers/fips/fipsprov.c
|
||||
5d24ba30f9cc7ca48546fb85dc285bd68590f3a604a0bd471bcb0c2a61169591 providers/fips/self_test.c
|
||||
f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h
|
||||
d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc
|
||||
|
@ -546,8 +546,8 @@ de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/impl
|
|||
b5f94d597df72ca58486c59b2a70b4057d13f09528f861ed41a84b7125b54a82 providers/implementations/exchange/dh_exch.c
|
||||
9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c
|
||||
9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c
|
||||
0cc02005660c5c340660123decac838c59b7460ef1003d9d50edc604cfd8e375 providers/implementations/exchange/kdf_exch.c
|
||||
a0d1c1d49557d32497877b2d549d2a7a7729a550306275bfe6ddcefca0d8fc80 providers/implementations/include/prov/ciphercommon.h
|
||||
4692ea3852bf5763db576359bd793fc1ec3bcd0ca42fc906991d7ec4cced7b2a providers/implementations/exchange/kdf_exch.c
|
||||
996f1397f61b9eab1e31b5d06bccd9ac958dbd5982fd41fdb263ee889b84275c providers/implementations/include/prov/ciphercommon.h
|
||||
a9f5de1623221f327245957ec1dfd66a1914bff25adf4bcb81213c7955d19382 providers/implementations/include/prov/ciphercommon_aead.h
|
||||
dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h
|
||||
0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h
|
||||
|
@ -557,7 +557,7 @@ b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/impl
|
|||
c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h
|
||||
29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h
|
||||
2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h
|
||||
4e71ffd329f1715d14b54e14036b4b2618deb2fd81675287ce5eeb6c76a31d54 providers/implementations/kdfs/hkdf.c
|
||||
d376c58489ae36fbece94bb88939845ced04a2a0bdd55d6a3562e45a56577ae1 providers/implementations/kdfs/hkdf.c
|
||||
a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c
|
||||
e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c
|
||||
c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h
|
||||
|
@ -580,11 +580,11 @@ e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/impl
|
|||
895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c
|
||||
8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c
|
||||
bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c
|
||||
9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c
|
||||
bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c
|
||||
a05adc3f6d9d6f948e5ead75f0522ed3164cb5b2d301169242f3cb97c4a7fac3 providers/implementations/rands/drbg_hash.c
|
||||
0876dfae991028c569631938946e458e6829cacf4cfb673d2b144ae50a3160bb providers/implementations/rands/drbg_hmac.c
|
||||
fc43558964bdf12442d3f6ab6cc3e6849f7adb42f4d0123a1279819befcf71cb providers/implementations/rands/drbg_local.h
|
||||
f9457255fc57ef5739aa2584e535195e38cc947e31fd044d28d64c28c8a946ce providers/implementations/rands/drbg.c
|
||||
7e8fa6333845778474ed1313a66867512512372c9397f699a8f68fa6d5fc05fa providers/implementations/rands/drbg_ctr.c
|
||||
8337994f4bc95e421d6d2833bb4481ad9d84deb3913d0faec6e1791ea372a793 providers/implementations/rands/drbg_hash.c
|
||||
1f040090f596f88cb64d6eb89109a8b75e66caee113708fb59335ad2547027fc providers/implementations/rands/drbg_hmac.c
|
||||
7a1b8516f891f25f3dc07ffe0455200f20d3a1f0345a917f00c7d9afe900bb0a providers/implementations/rands/drbg_local.h
|
||||
04339b66c10017229ef368cb48077f58a252ebfda9ab12b9f919e4149b1036ed providers/implementations/rands/test_rng.c
|
||||
cafb9e6f54ad15889fcebddac6df61336bff7d78936f7de3bb5aab8aee5728d2 providers/implementations/signature/dsa_sig.c
|
||||
a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c
|
||||
|
|
|
@ -1 +1 @@
|
|||
9597c676c418928e2ba5075a6352a7d5b398e64db622b577822391424300ed43 providers/fips-sources.checksums
|
||||
4e1960f3d68410e8daf1893c9133ba9840912974ec65f885054c46b6bbeff5cd providers/fips-sources.checksums
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -655,6 +655,8 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
|
|||
}
|
||||
}
|
||||
|
||||
OPENSSL_cpuid_setup();
|
||||
|
||||
/* Create a context. */
|
||||
if ((*provctx = ossl_prov_ctx_new()) == NULL
|
||||
|| (libctx = OSSL_LIB_CTX_new()) == NULL) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -28,9 +28,13 @@ static OSSL_FUNC_keyexch_derive_fn kdf_derive;
|
|||
static OSSL_FUNC_keyexch_freectx_fn kdf_freectx;
|
||||
static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx;
|
||||
static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params;
|
||||
static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params;
|
||||
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params;
|
||||
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
|
||||
static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params;
|
||||
static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params;
|
||||
static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
|
||||
static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params;
|
||||
|
||||
typedef struct {
|
||||
void *provctx;
|
||||
|
@ -169,6 +173,13 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[])
|
|||
return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params);
|
||||
}
|
||||
|
||||
static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[])
|
||||
{
|
||||
PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx;
|
||||
|
||||
return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params);
|
||||
}
|
||||
|
||||
static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx,
|
||||
void *provctx,
|
||||
const char *kdfname)
|
||||
|
@ -197,6 +208,34 @@ KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF")
|
|||
KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF")
|
||||
KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
|
||||
|
||||
static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx,
|
||||
void *provctx,
|
||||
const char *kdfname)
|
||||
{
|
||||
EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname,
|
||||
NULL);
|
||||
const OSSL_PARAM *params;
|
||||
|
||||
if (kdf == NULL)
|
||||
return NULL;
|
||||
|
||||
params = EVP_KDF_gettable_ctx_params(kdf);
|
||||
EVP_KDF_free(kdf);
|
||||
|
||||
return params;
|
||||
}
|
||||
|
||||
#define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \
|
||||
static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \
|
||||
void *provctx) \
|
||||
{ \
|
||||
return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \
|
||||
}
|
||||
|
||||
KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF")
|
||||
KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF")
|
||||
KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
|
||||
|
||||
#define KDF_KEYEXCH_FUNCTIONS(funcname) \
|
||||
const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \
|
||||
{ OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \
|
||||
|
@ -205,8 +244,11 @@ KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT")
|
|||
{ OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \
|
||||
{ OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \
|
||||
{ OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \
|
||||
{ OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \
|
||||
{ OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))kdf_##funcname##_settable_ctx_params }, \
|
||||
{ OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \
|
||||
(void (*)(void))kdf_##funcname##_gettable_ctx_params }, \
|
||||
{ 0, NULL } \
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -42,6 +42,13 @@ typedef int (PROV_CIPHER_HW_FN)(PROV_CIPHER_CTX *dat, unsigned char *out,
|
|||
#define PROV_CIPHER_FLAG_INVERSE_CIPHER 0x0200
|
||||
|
||||
struct prov_cipher_ctx_st {
|
||||
/* place buffer at the beginning for memory alignment */
|
||||
/* The original value of the iv */
|
||||
unsigned char oiv[GENERIC_BLOCK_SIZE];
|
||||
/* Buffer of partial blocks processed via update calls */
|
||||
unsigned char buf[GENERIC_BLOCK_SIZE];
|
||||
unsigned char iv[GENERIC_BLOCK_SIZE];
|
||||
|
||||
block128_f block;
|
||||
union {
|
||||
cbc128_f cbc;
|
||||
|
@ -83,12 +90,6 @@ struct prov_cipher_ctx_st {
|
|||
* manage partial blocks themselves.
|
||||
*/
|
||||
unsigned int num;
|
||||
|
||||
/* The original value of the iv */
|
||||
unsigned char oiv[GENERIC_BLOCK_SIZE];
|
||||
/* Buffer of partial blocks processed via update calls */
|
||||
unsigned char buf[GENERIC_BLOCK_SIZE];
|
||||
unsigned char iv[GENERIC_BLOCK_SIZE];
|
||||
const PROV_CIPHER_HW *hw; /* hardware specific functions */
|
||||
const void *ks; /* Pointer to algorithm specific key data */
|
||||
OSSL_LIB_CTX *libctx;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -340,6 +340,13 @@ static int kdf_hkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
|
|||
return 0;
|
||||
return OSSL_PARAM_set_size_t(p, sz);
|
||||
}
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
|
||||
if (ctx->info == NULL || ctx->info_len == 0) {
|
||||
p->return_size = 0;
|
||||
return 1;
|
||||
}
|
||||
return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
|
||||
}
|
||||
return -2;
|
||||
}
|
||||
|
||||
|
@ -348,6 +355,7 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
|
|||
{
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
return known_gettable_ctx_params;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -765,6 +765,7 @@ int ossl_drbg_enable_locking(void *vctx)
|
|||
PROV_DRBG *ossl_rand_drbg_new
|
||||
(void *provctx, void *parent, const OSSL_DISPATCH *p_dispatch,
|
||||
int (*dnew)(PROV_DRBG *ctx),
|
||||
void (*dfree)(void *vctx),
|
||||
int (*instantiate)(PROV_DRBG *drbg,
|
||||
const unsigned char *entropy, size_t entropylen,
|
||||
const unsigned char *nonce, size_t noncelen,
|
||||
|
@ -844,7 +845,7 @@ PROV_DRBG *ossl_rand_drbg_new
|
|||
return drbg;
|
||||
|
||||
err:
|
||||
ossl_rand_drbg_free(drbg);
|
||||
dfree(drbg);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -581,7 +581,7 @@ static int drbg_ctr_init(PROV_DRBG *drbg)
|
|||
EVP_CIPHER_CTX_free(ctr->ctx_ecb);
|
||||
EVP_CIPHER_CTX_free(ctr->ctx_ctr);
|
||||
ctr->ctx_ecb = ctr->ctx_ctr = NULL;
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int drbg_ctr_new(PROV_DRBG *drbg)
|
||||
|
@ -602,7 +602,8 @@ static int drbg_ctr_new(PROV_DRBG *drbg)
|
|||
static void *drbg_ctr_new_wrapper(void *provctx, void *parent,
|
||||
const OSSL_DISPATCH *parent_dispatch)
|
||||
{
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_ctr_new,
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch,
|
||||
&drbg_ctr_new, &drbg_ctr_free,
|
||||
&drbg_ctr_instantiate, &drbg_ctr_uninstantiate,
|
||||
&drbg_ctr_reseed, &drbg_ctr_generate);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -410,7 +410,8 @@ static int drbg_hash_new(PROV_DRBG *ctx)
|
|||
static void *drbg_hash_new_wrapper(void *provctx, void *parent,
|
||||
const OSSL_DISPATCH *parent_dispatch)
|
||||
{
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_hash_new,
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch,
|
||||
&drbg_hash_new, &drbg_hash_free,
|
||||
&drbg_hash_instantiate, &drbg_hash_uninstantiate,
|
||||
&drbg_hash_reseed, &drbg_hash_generate);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -296,7 +296,8 @@ static int drbg_hmac_new(PROV_DRBG *drbg)
|
|||
static void *drbg_hmac_new_wrapper(void *provctx, void *parent,
|
||||
const OSSL_DISPATCH *parent_dispatch)
|
||||
{
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_hmac_new,
|
||||
return ossl_rand_drbg_new(provctx, parent, parent_dispatch,
|
||||
&drbg_hmac_new, &drbg_hmac_free,
|
||||
&drbg_hmac_instantiate, &drbg_hmac_uninstantiate,
|
||||
&drbg_hmac_reseed, &drbg_hmac_generate);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -181,6 +181,7 @@ struct prov_drbg_st {
|
|||
PROV_DRBG *ossl_rand_drbg_new
|
||||
(void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch,
|
||||
int (*dnew)(PROV_DRBG *ctx),
|
||||
void (*dfree)(void *vctx),
|
||||
int (*instantiate)(PROV_DRBG *drbg,
|
||||
const unsigned char *entropy, size_t entropylen,
|
||||
const unsigned char *nonce, size_t noncelen,
|
||||
|
|
|
@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
|
|||
return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
|
||||
}
|
||||
|
||||
int RECORD_LAYER_data_present(const RECORD_LAYER *rl)
|
||||
{
|
||||
if (rl->rstate == SSL_ST_READ_BODY)
|
||||
return 1;
|
||||
if (RECORD_LAYER_processed_read_pending(rl))
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Checks if we have decrypted unread record data pending */
|
||||
int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
|
||||
{
|
||||
|
@ -221,6 +230,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
|
|||
/* ... now we can act as if 'extend' was set */
|
||||
}
|
||||
|
||||
if (!ossl_assert(s->rlayer.packet != NULL)) {
|
||||
/* does not happen */
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
}
|
||||
|
||||
len = s->rlayer.packet_length;
|
||||
pkt = rb->buf + align;
|
||||
/*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -205,6 +205,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl);
|
|||
int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
|
||||
int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
|
||||
int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
|
||||
int RECORD_LAYER_data_present(const RECORD_LAYER *rl);
|
||||
void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
|
||||
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
|
||||
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -191,5 +191,7 @@ int ssl3_release_read_buffer(SSL *s)
|
|||
OPENSSL_cleanse(b->buf, b->len);
|
||||
OPENSSL_free(b->buf);
|
||||
b->buf = NULL;
|
||||
s->rlayer.packet = NULL;
|
||||
s->rlayer.packet_length = 0;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -457,6 +457,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
"tlsv1 alert insufficient security"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
|
||||
"tlsv1 alert internal error"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL),
|
||||
"tlsv1 alert no application protocol"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
|
||||
"tlsv1 alert no renegotiation"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
|
||||
|
@ -465,6 +467,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|||
"tlsv1 alert record overflow"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
|
||||
"tlsv1 alert unknown ca"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY),
|
||||
"tlsv1 alert unknown psk identity"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
|
||||
"tlsv1 alert user cancelled"},
|
||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode)
|
|||
|
||||
/*
|
||||
* If the session_id_length is 0, we are not supposed to cache it, and it
|
||||
* would be rather hard to do anyway :-)
|
||||
* would be rather hard to do anyway :-). Also if the session has already
|
||||
* been marked as not_resumable we should not cache it for later reuse.
|
||||
*/
|
||||
if (s->session->session_id_length == 0)
|
||||
if (s->session->session_id_length == 0 || s->session->not_resumable)
|
||||
return;
|
||||
|
||||
/*
|
||||
|
@ -5491,6 +5492,9 @@ int SSL_free_buffers(SSL *ssl)
|
|||
if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
|
||||
return 0;
|
||||
|
||||
if (RECORD_LAYER_data_present(rl))
|
||||
return 0;
|
||||
|
||||
RECORD_LAYER_release(rl);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void)
|
|||
return ss;
|
||||
}
|
||||
|
||||
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
|
||||
{
|
||||
return ssl_session_dup(src, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
|
||||
* ticket == 0 then no ticket information is duplicated, otherwise it is.
|
||||
*/
|
||||
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
|
||||
static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
|
||||
{
|
||||
SSL_SESSION *dest;
|
||||
|
||||
|
@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src)
|
||||
{
|
||||
return ssl_session_dup_intern(src, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Used internally when duplicating a session which might be already shared.
|
||||
* We will have resumed the original session. Subsequently we might have marked
|
||||
* it as non-resumable (e.g. in another thread) - but this copy should be ok to
|
||||
* resume from.
|
||||
*/
|
||||
SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket)
|
||||
{
|
||||
SSL_SESSION *sess = ssl_session_dup_intern(src, ticket);
|
||||
|
||||
if (sess != NULL)
|
||||
sess->not_resumable = 0;
|
||||
|
||||
return sess;
|
||||
}
|
||||
|
||||
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
|
||||
{
|
||||
if (len)
|
||||
|
@ -515,6 +531,12 @@ SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
|
|||
ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©);
|
||||
|
||||
if (ret != NULL) {
|
||||
if (ret->not_resumable) {
|
||||
/* If its not resumable then ignore this session */
|
||||
if (!copy)
|
||||
SSL_SESSION_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
ssl_tsan_counter(s->session_ctx,
|
||||
&s->session_ctx->stats.sess_cb_hit);
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
|
|||
* so the following won't overwrite an ID that we're supposed
|
||||
* to send back.
|
||||
*/
|
||||
if (s->session->not_resumable ||
|
||||
(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
|
||||
&& !s->hit))
|
||||
if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
|
||||
&& !s->hit)
|
||||
s->session->session_id_length = 0;
|
||||
|
||||
if (usetls13) {
|
||||
|
@ -3135,7 +3134,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
}
|
||||
if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
goto err;
|
||||
}
|
||||
/*
|
||||
* If client certificate is present and is of the same type, maybe
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -734,7 +734,8 @@ static int gid_cb(const char *elem, int len, void *arg)
|
|||
return 0;
|
||||
if (garg->gidcnt == garg->gidmax) {
|
||||
uint16_t *tmp =
|
||||
OPENSSL_realloc(garg->gid_arr, garg->gidmax + GROUPLIST_INCREMENT);
|
||||
OPENSSL_realloc(garg->gid_arr,
|
||||
(garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr));
|
||||
if (tmp == NULL)
|
||||
return 0;
|
||||
garg->gidmax += GROUPLIST_INCREMENT;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -503,7 +503,6 @@ static int test_bad_dtls(void)
|
|||
if (!TEST_ptr(con)
|
||||
|| !TEST_true(SSL_set_session(con, sess)))
|
||||
goto end;
|
||||
SSL_SESSION_free(sess);
|
||||
|
||||
rbio = BIO_new(BIO_s_mem());
|
||||
wbio = BIO_new(BIO_s_mem());
|
||||
|
@ -591,6 +590,7 @@ static int test_bad_dtls(void)
|
|||
testresult = 1;
|
||||
|
||||
end:
|
||||
SSL_SESSION_free(sess);
|
||||
BIO_free(rbio);
|
||||
BIO_free(wbio);
|
||||
SSL_free(con);
|
||||
|
|
|
@ -874,6 +874,7 @@ IF[{- !$disabled{tests} -}]
|
|||
ENDIF
|
||||
IF[{- $disabled{module} || !$target{dso_scheme} -}]
|
||||
DEFINE[provider_test]=NO_PROVIDER_MODULE
|
||||
DEFINE[prov_config_test]=NO_PROVIDER_MODULE
|
||||
DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
|
||||
ENDIF
|
||||
DEPEND[]=provider_internal_test.cnf
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue