mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-01 14:14:56 +00:00
OpenSSL: Vendor import of OpenSSL 3.0.12
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Sponsored by: The FreeBSD Foundation
This commit is contained in:
parent
315108b816
commit
825caf7e12
|
@ -28,6 +28,14 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|||
|
||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||
|
||||
### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
|
||||
|
||||
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
|
||||
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
|
||||
that alter the key or IV length ([CVE-2023-5363]).
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
|
||||
|
||||
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
|
||||
|
@ -19732,6 +19740,7 @@ ndif
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
|
||||
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
|
||||
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
|
||||
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
|
||||
|
|
|
@ -2,8 +2,8 @@ Build and Install
|
|||
=================
|
||||
|
||||
This document describes installation on all supported operating
|
||||
systems (the Unix/Linux family, including macOS), OpenVMS,
|
||||
and Windows).
|
||||
systems: the Unix/Linux family (including macOS), OpenVMS,
|
||||
and Windows.
|
||||
|
||||
Table of Contents
|
||||
=================
|
||||
|
|
6
NEWS.md
6
NEWS.md
|
@ -18,6 +18,11 @@ OpenSSL Releases
|
|||
OpenSSL 3.0
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
|
||||
|
||||
* Mitigate incorrect resize handling for symmetric cipher keys and IVs.
|
||||
([CVE-2023-5363])
|
||||
|
||||
### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
|
||||
|
||||
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows
|
||||
|
@ -1453,6 +1458,7 @@ OpenSSL 0.9.x
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
|
||||
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
|
||||
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
|
||||
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
MAJOR=3
|
||||
MINOR=0
|
||||
PATCH=11
|
||||
PATCH=12
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="19 Sep 2023"
|
||||
RELEASE_DATE="24 Oct 2023"
|
||||
SHLIB_VERSION=3
|
||||
|
|
|
@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv)
|
|||
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
|
||||
/* Verbose output would make external-tests gost-engine fail */
|
||||
EVP_PKEY_CTX_free(mac_ctx);
|
||||
if (sigkey == NULL)
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (hmac_key != NULL) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
tmppkey = app_paramgen(ctx, alg);
|
||||
if (tmppkey == NULL)
|
||||
goto end;
|
||||
EVP_PKEY_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
if (dsaparam) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
pkey = app_keygen(ctx, "DSA", numbits, verbose);
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
assert(private);
|
||||
if (outformat == FORMAT_ASN1)
|
||||
i = i2d_PrivateKey_bio(out, pkey);
|
||||
|
|
|
@ -624,7 +624,10 @@ int enc_main(int argc, char **argv)
|
|||
}
|
||||
}
|
||||
if (!BIO_flush(wbio)) {
|
||||
BIO_printf(bio_err, "bad decrypt\n");
|
||||
if (enc)
|
||||
BIO_printf(bio_err, "bad encrypt\n");
|
||||
else
|
||||
BIO_printf(bio_err, "bad decrypt\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
pkey = app_keygen(ctx, "DSA", nbits, verbose);
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
assert(private);
|
||||
if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv)
|
|||
|
||||
pkey = do_param ? app_paramgen(ctx, algname)
|
||||
: app_keygen(ctx, algname, 0, 0 /* not verbose */);
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
if (do_param) {
|
||||
rv = PEM_write_bio_Parameters(out, pkey);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -203,6 +203,8 @@ int genrsa_main(int argc, char **argv)
|
|||
goto end;
|
||||
}
|
||||
pkey = app_keygen(ctx, "RSA", num, verbose);
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
if (verbose) {
|
||||
BIGNUM *e = NULL;
|
||||
|
|
|
@ -960,10 +960,14 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
|
|||
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
|
||||
params, NULL, NULL);
|
||||
}
|
||||
if (ctx == NULL)
|
||||
if (ctx == NULL) {
|
||||
BIO_printf(bio_err, "Could not open file or uri for loading");
|
||||
goto end;
|
||||
if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
|
||||
}
|
||||
if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) {
|
||||
BIO_printf(bio_err, "Internal error trying to load");
|
||||
goto end;
|
||||
}
|
||||
|
||||
failed = NULL;
|
||||
while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) {
|
||||
|
@ -3359,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
|
|||
BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
|
||||
"if the system has a poor entropy source\n");
|
||||
if (EVP_PKEY_keygen(ctx, &res) <= 0)
|
||||
app_bail_out("%s: Error generating %s key\n", opt_getprog(),
|
||||
alg != NULL ? alg : "asymmetric");
|
||||
BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(),
|
||||
alg != NULL ? alg : "asymmetric");
|
||||
return res;
|
||||
}
|
||||
|
||||
|
@ -3372,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
|
|||
BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
|
||||
"if the system has a poor entropy source\n");
|
||||
if (EVP_PKEY_paramgen(ctx, &res) <= 0)
|
||||
app_bail_out("%s: Generating %s key parameters failed\n",
|
||||
opt_getprog(), alg != NULL ? alg : "asymmetric");
|
||||
BIO_printf(bio_err, "%s: Generating %s key parameters failed\n",
|
||||
opt_getprog(), alg != NULL ? alg : "asymmetric");
|
||||
return res;
|
||||
}
|
||||
|
||||
|
|
|
@ -685,6 +685,8 @@ int req_main(int argc, char **argv)
|
|||
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
|
||||
|
||||
pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
|
||||
if (pkey == NULL)
|
||||
goto end;
|
||||
|
||||
EVP_PKEY_CTX_free(genctx);
|
||||
genctx = NULL;
|
||||
|
|
|
@ -3700,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
|
|||
} else {
|
||||
int pad;
|
||||
|
||||
RAND_bytes(out, 16);
|
||||
if (RAND_bytes(inp, 16) <= 0)
|
||||
app_bail_out("error setting random bytes\n");
|
||||
len += 16;
|
||||
aad[11] = (unsigned char)(len >> 8);
|
||||
aad[12] = (unsigned char)(len);
|
||||
|
|
|
@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
|
|||
s/\.[ui]?64//o and s/\.16b/\.2d/go;
|
||||
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
|
||||
|
||||
# Switch preprocessor checks to aarch64 versions.
|
||||
s/__ARME([BL])__/__AARCH64E$1__/go;
|
||||
|
||||
print $_,"\n";
|
||||
}
|
||||
} else { ######## 32-bit code
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -21,11 +21,6 @@
|
|||
# elif defined(__GNUC__)
|
||||
# if defined(__aarch64__)
|
||||
# define __ARM_ARCH__ 8
|
||||
# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
|
||||
# define __ARMEB__
|
||||
# else
|
||||
# define __ARMEL__
|
||||
# endif
|
||||
/*
|
||||
* Why doesn't gcc define __ARM_ARCH__? Instead it defines
|
||||
* bunch of below macros. See all_architectures[] table in
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
|
|||
|
||||
for (i = 0; i < m; i++) {
|
||||
/* conditionally flip signs if delta is positive and g is odd */
|
||||
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
|
||||
cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
|
||||
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
|
||||
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
|
||||
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1)));
|
||||
delta = (-cond & -delta) | ((cond - 1) & delta);
|
||||
r->neg ^= cond;
|
||||
/* swap */
|
||||
|
@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
|
|||
goto err;
|
||||
BN_consttime_swap(g->d[0] & 1 /* g is odd */
|
||||
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
|
||||
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
|
||||
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))),
|
||||
g, temp, top);
|
||||
if (!BN_rshift1(g, g))
|
||||
goto err;
|
||||
|
|
|
@ -97,8 +97,6 @@ $UTIL_COMMON=\
|
|||
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
|
||||
param_build_set.c der_writer.c threads_lib.c params_dup.c
|
||||
|
||||
SHARED_SOURCE[../libssl]=sparse_array.c
|
||||
|
||||
SOURCE[../libcrypto]=$UTIL_COMMON \
|
||||
mem.c mem_sec.c \
|
||||
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -15,6 +15,7 @@
|
|||
#include <openssl/cms.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "crypto/evp.h"
|
||||
#include "crypto/asn1.h"
|
||||
#include "cms_local.h"
|
||||
|
||||
/* CMS EncryptedData Utilities */
|
||||
|
@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
|
|||
|
||||
if (enc) {
|
||||
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
|
||||
if (calg->algorithm == NULL) {
|
||||
if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
|
|||
"unsupported recipientinfo type"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
|
||||
"unsupported recipient type"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
|
||||
"unsupported signature algorithm"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
|
||||
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
|
||||
|
|
|
@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
|
|||
|
||||
if (md == NULL) {
|
||||
int def_nid;
|
||||
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
|
||||
|
||||
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
|
||||
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
|
||||
"pkey nid=%d", EVP_PKEY_get_id(pk));
|
||||
goto err;
|
||||
}
|
||||
md = EVP_get_digestbynid(def_nid);
|
||||
if (md == NULL) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
|
||||
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
|
||||
"default md nid=%d", def_nid);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
|
|||
}
|
||||
}
|
||||
|
||||
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
|
||||
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) {
|
||||
ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM,
|
||||
"pkey nid=%d", EVP_PKEY_get_id(pk));
|
||||
goto err;
|
||||
}
|
||||
if (!(flags & CMS_NOATTR)) {
|
||||
/*
|
||||
* Initialize signed attributes structure so other attributes
|
||||
|
|
|
@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
|||
*/
|
||||
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
|
||||
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret)
|
||||
&& *ret == 0;
|
||||
}
|
||||
|
||||
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
|
|||
static int dh_init(DH *dh)
|
||||
{
|
||||
dh->flags |= DH_FLAG_CACHE_MONT_P;
|
||||
ossl_ffc_params_init(&dh->params);
|
||||
dh->dirty_cnt++;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
|
|||
goto err;
|
||||
#endif /* FIPS_MODULE */
|
||||
|
||||
ossl_ffc_params_init(&ret->params);
|
||||
|
||||
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
|
||||
ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL);
|
||||
goto err;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
|
|||
*/
|
||||
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
|
||||
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
|
||||
&& *ret == 0;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
|||
*/
|
||||
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
||||
{
|
||||
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
|
||||
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
|
||||
&& *ret == 0;
|
||||
}
|
||||
|
||||
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
|
|||
goto err;
|
||||
#endif
|
||||
|
||||
ossl_ffc_params_init(&ret->params);
|
||||
|
||||
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
|
||||
ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
|
||||
goto err;
|
||||
|
|
|
@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
|
|||
static int dsa_init(DSA *dsa)
|
||||
{
|
||||
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
|
||||
ossl_ffc_params_init(&dsa->params);
|
||||
dsa->dirty_cnt++;
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
|
|||
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
}
|
||||
/* We enforce check for legacy key */
|
||||
switch (EVP_PKEY_get_id(pkey)) {
|
||||
case EVP_PKEY_RSA:
|
||||
{
|
||||
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_set1_RSA(pkey, rsa);
|
||||
RSA_free(rsa);
|
||||
}
|
||||
break;
|
||||
# ifndef OPENSSL_NO_EC
|
||||
case EVP_PKEY_SM2:
|
||||
case EVP_PKEY_EC:
|
||||
{
|
||||
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
EVP_PKEY_set1_EC_KEY(pkey, ec);
|
||||
EC_KEY_free(ec);
|
||||
}
|
||||
break;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
{
|
||||
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
|
||||
EVP_PKEY_set1_DSA(pkey, dsa);
|
||||
DSA_free(dsa);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
case EVP_PKEY_DH:
|
||||
{
|
||||
DH *dh = EVP_PKEY_get1_DH(pkey);
|
||||
EVP_PKEY_set1_DH(pkey, dh);
|
||||
DH_free(dh);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
/*Do nothing */
|
||||
break;
|
||||
}
|
||||
|
||||
return pkey;
|
||||
}
|
||||
|
||||
|
|
|
@ -97,6 +97,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
|
|||
if (added && !engine_cleanup_add_first(cleanup)) {
|
||||
lh_ENGINE_PILE_free(&(*table)->piles);
|
||||
*table = NULL;
|
||||
goto end;
|
||||
}
|
||||
while (num_nids--) {
|
||||
tmplate.nid = *nids;
|
||||
|
|
|
@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
|
|||
CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source
|
||||
CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
|
||||
CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
|
||||
CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm
|
||||
CMS_R_UNSUPPORTED_TYPE:156:unsupported type
|
||||
CMS_R_UNWRAP_ERROR:157:unwrap error
|
||||
CMS_R_UNWRAP_FAILURE:180:unwrap failure
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
|
|||
#endif
|
||||
}
|
||||
|
||||
if (cipher->prov != NULL) {
|
||||
if (!ossl_assert(cipher->prov != NULL)) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (cipher != ctx->fetched_cipher) {
|
||||
if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
return 0;
|
||||
|
@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
/*
|
||||
* Fix for CVE-2023-5363
|
||||
* Passing in a size as part of the init call takes effect late
|
||||
* so, force such to occur before the initialisation.
|
||||
*
|
||||
* The FIPS provider's internal library context is used in a manner
|
||||
* such that this is not an issue.
|
||||
*/
|
||||
if (params != NULL) {
|
||||
OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
|
||||
OSSL_PARAM_END };
|
||||
OSSL_PARAM *q = param_lens;
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
|
||||
if (p != NULL)
|
||||
memcpy(q++, p, sizeof(*q));
|
||||
|
||||
/*
|
||||
* Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
|
||||
* OSSL_CIPHER_PARAM_IVLEN so both are covered here.
|
||||
*/
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
|
||||
if (p != NULL)
|
||||
memcpy(q++, p, sizeof(*q));
|
||||
|
||||
if (q != param_lens) {
|
||||
if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (enc) {
|
||||
if (ctx->cipher->einit == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
|
|||
|
||||
static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
|
||||
{
|
||||
KECCAK1600_CTX *ctx = evp_ctx->md_data;
|
||||
KECCAK1600_CTX *ctx;
|
||||
|
||||
if (evp_ctx == NULL)
|
||||
return 0;
|
||||
ctx = evp_ctx->md_data;
|
||||
|
||||
switch (cmd) {
|
||||
case EVP_MD_CTRL_XOF_LEN:
|
||||
|
|
|
@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
|
|||
int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
|
||||
int indent, ASN1_PCTX *pctx)
|
||||
{
|
||||
return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL,
|
||||
return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL,
|
||||
(pkey->ameth != NULL ? pkey->ameth->priv_print : NULL),
|
||||
pctx);
|
||||
}
|
||||
|
|
|
@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
|
|||
*/
|
||||
if (e != NULL)
|
||||
pmeth = ENGINE_get_pkey_meth(e, id);
|
||||
else if (pkey != NULL && pkey->foreign)
|
||||
else
|
||||
# endif /* OPENSSL_NO_ENGINE */
|
||||
if (pkey != NULL && pkey->foreign)
|
||||
pmeth = EVP_PKEY_meth_find(id);
|
||||
else
|
||||
# endif
|
||||
app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
|
||||
|
||||
/* END legacy */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
|
|||
* "app_data" routines use ex_data index zero. See RT 3710. */
|
||||
if (ip->meth == NULL
|
||||
|| !sk_EX_CALLBACK_push(ip->meth, NULL)) {
|
||||
sk_EX_CALLBACK_free(ip->meth);
|
||||
ip->meth = NULL;
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
|
|||
*ret = 0;
|
||||
if (params == NULL || pub_key == NULL || params->p == NULL) {
|
||||
*ret = FFC_ERROR_PASSED_NULL_PARAM;
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
ctx = BN_CTX_new_ex(NULL);
|
||||
|
@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
|
|||
if (tmp == NULL
|
||||
|| !BN_set_word(tmp, 1))
|
||||
goto err;
|
||||
if (BN_cmp(pub_key, tmp) <= 0) {
|
||||
if (BN_cmp(pub_key, tmp) <= 0)
|
||||
*ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
|
||||
goto err;
|
||||
}
|
||||
/* Step(1): Verify pub_key <= p-2 */
|
||||
if (BN_copy(tmp, params->p) == NULL
|
||||
|| !BN_sub_word(tmp, 1))
|
||||
goto err;
|
||||
if (BN_cmp(pub_key, tmp) >= 0) {
|
||||
if (BN_cmp(pub_key, tmp) >= 0)
|
||||
*ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
|
||||
goto err;
|
||||
}
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
|
@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
|
|||
if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
|
||||
return 0;
|
||||
|
||||
if (params->q != NULL) {
|
||||
if (*ret == 0 && params->q != NULL) {
|
||||
ctx = BN_CTX_new_ex(NULL);
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
|
@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
|
|||
if (tmp == NULL
|
||||
|| !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
|
||||
goto err;
|
||||
if (!BN_is_one(tmp)) {
|
||||
if (!BN_is_one(tmp))
|
||||
*ret |= FFC_ERROR_PUBKEY_INVALID;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
ok = 1;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh)
|
|||
if (n == NULL) {
|
||||
/* fputs("realloc error in lhash",stderr); */
|
||||
lh->error++;
|
||||
return;
|
||||
} else {
|
||||
lh->b = n;
|
||||
}
|
||||
lh->num_alloc_nodes /= 2;
|
||||
lh->pmax /= 2;
|
||||
lh->p = lh->pmax - 1;
|
||||
lh->b = n;
|
||||
} else
|
||||
lh->p--;
|
||||
|
||||
|
|
12
crypto/mem.c
12
crypto/mem.c
|
@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
|
|||
* or 100;100@25;0
|
||||
* This means 100 mallocs succeed, then next 100 fail 25% of the time, and
|
||||
* all remaining (count is zero) succeed.
|
||||
* The failure percentge can have 2 digits after the comma. For example:
|
||||
* 0@0.01
|
||||
* This means 0.01% of all allocations will fail.
|
||||
*/
|
||||
static void parseit(void)
|
||||
{
|
||||
|
@ -112,26 +115,27 @@ static void parseit(void)
|
|||
/* Get the count (atol will stop at the @ if there), and percentage */
|
||||
md_count = atol(md_failstring);
|
||||
atsign = strchr(md_failstring, '@');
|
||||
md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
|
||||
md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
|
||||
|
||||
if (semi != NULL)
|
||||
md_failstring = semi;
|
||||
}
|
||||
|
||||
/*
|
||||
* Windows doesn't have random(), but it has rand()
|
||||
* Windows doesn't have random() and srandom(), but it has rand() and srand().
|
||||
* Some rand() implementations aren't good, but we're not
|
||||
* dealing with secure randomness here.
|
||||
*/
|
||||
# ifdef _WIN32
|
||||
# define random() rand()
|
||||
# define srandom(seed) srand(seed)
|
||||
# endif
|
||||
/*
|
||||
* See if the current malloc should fail.
|
||||
*/
|
||||
static int shouldfail(void)
|
||||
{
|
||||
int roll = (int)(random() % 100);
|
||||
int roll = (int)(random() % 10000);
|
||||
int shoulditfail = roll < md_fail_percent;
|
||||
# ifndef _WIN32
|
||||
/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
|
||||
|
@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void)
|
|||
parseit();
|
||||
if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
|
||||
md_tracefd = atoi(cp);
|
||||
if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
|
||||
srandom(atoi(cp));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -744,6 +744,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
|
|||
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
|
||||
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
|
||||
|
||||
# Switch preprocessor checks to aarch64 versions.
|
||||
s/__ARME([BL])__/__AARCH64E$1__/go;
|
||||
|
||||
print $_,"\n";
|
||||
}
|
||||
} else { ######## 32-bit code
|
||||
|
|
|
@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
|
|||
if (p == NULL) {
|
||||
const char *base_ = base;
|
||||
int l, h, i = 0, c = 0;
|
||||
char *p1;
|
||||
|
||||
for (i = 0; i < num; ++i) {
|
||||
p = &(base_[i * size]);
|
||||
c = (*cmp) (key, p);
|
||||
p1 = &(base_[i * size]);
|
||||
c = (*cmp) (key, p1);
|
||||
if (c == 0
|
||||
|| (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
|
||||
return p;
|
||||
return p1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params,
|
|||
{
|
||||
int i, sz = sk_BIGNUM_const_num(stk);
|
||||
OSSL_PARAM *p;
|
||||
|
||||
const BIGNUM *bn;
|
||||
|
||||
if (bld != NULL) {
|
||||
for (i = 0; i < sz && names[i] != NULL; ++i) {
|
||||
if (!OSSL_PARAM_BLD_push_BN(bld, names[i],
|
||||
sk_BIGNUM_const_value(stk, i)))
|
||||
bn = sk_BIGNUM_const_value(stk, i);
|
||||
if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
for (i = 0; i < sz && names[i] != NULL; ++i) {
|
||||
bn = sk_BIGNUM_const_value(stk, i);
|
||||
p = OSSL_PARAM_locate(params, names[i]);
|
||||
if (p != NULL) {
|
||||
if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i)))
|
||||
if (p != NULL && bn != NULL) {
|
||||
if (!OSSL_PARAM_set_BN(p, bn))
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -85,7 +85,7 @@ poly1305_init:
|
|||
ldp $r0,$r1,[$inp] // load key
|
||||
mov $s1,#0xfffffffc0fffffff
|
||||
movk $s1,#0x0fff,lsl#48
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $r0,$r0 // flip bytes
|
||||
rev $r1,$r1
|
||||
#endif
|
||||
|
@ -132,7 +132,7 @@ poly1305_blocks:
|
|||
.Loop:
|
||||
ldp $t0,$t1,[$inp],#16 // load input
|
||||
sub $len,$len,#16
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $t0,$t0
|
||||
rev $t1,$t1
|
||||
#endif
|
||||
|
@ -197,13 +197,13 @@ poly1305_emit:
|
|||
csel $h0,$h0,$d0,eq
|
||||
csel $h1,$h1,$d1,eq
|
||||
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
ror $t0,$t0,#32 // flip nonce words
|
||||
ror $t1,$t1,#32
|
||||
#endif
|
||||
adds $h0,$h0,$t0 // accumulate nonce
|
||||
adc $h1,$h1,$t1
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $h0,$h0 // flip output bytes
|
||||
rev $h1,$h1
|
||||
#endif
|
||||
|
@ -335,7 +335,7 @@ poly1305_blocks_neon:
|
|||
adcs $h1,$h1,xzr
|
||||
adc $h2,$h2,xzr
|
||||
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $d0,$d0
|
||||
rev $d1,$d1
|
||||
#endif
|
||||
|
@ -381,7 +381,7 @@ poly1305_blocks_neon:
|
|||
ldp $d0,$d1,[$inp],#16 // load input
|
||||
sub $len,$len,#16
|
||||
add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2)
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $d0,$d0
|
||||
rev $d1,$d1
|
||||
#endif
|
||||
|
@ -466,7 +466,7 @@ poly1305_blocks_neon:
|
|||
lsl $padbit,$padbit,#24
|
||||
add x15,$ctx,#48
|
||||
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev x8,x8
|
||||
rev x12,x12
|
||||
rev x9,x9
|
||||
|
@ -502,7 +502,7 @@ poly1305_blocks_neon:
|
|||
ld1 {$S2,$R3,$S3,$R4},[x15],#64
|
||||
ld1 {$S4},[x15]
|
||||
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev x8,x8
|
||||
rev x12,x12
|
||||
rev x9,x9
|
||||
|
@ -563,7 +563,7 @@ poly1305_blocks_neon:
|
|||
umull $ACC1,$IN23_0,${R1}[2]
|
||||
ldp x9,x13,[$in2],#48
|
||||
umull $ACC0,$IN23_0,${R0}[2]
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev x8,x8
|
||||
rev x12,x12
|
||||
rev x9,x9
|
||||
|
@ -628,7 +628,7 @@ poly1305_blocks_neon:
|
|||
umlal $ACC4,$IN01_2,${R2}[0]
|
||||
umlal $ACC1,$IN01_2,${S4}[0]
|
||||
umlal $ACC2,$IN01_2,${R0}[0]
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev x8,x8
|
||||
rev x12,x12
|
||||
rev x9,x9
|
||||
|
@ -909,13 +909,13 @@ poly1305_emit_neon:
|
|||
csel $h0,$h0,$d0,eq
|
||||
csel $h1,$h1,$d1,eq
|
||||
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
ror $t0,$t0,#32 // flip nonce words
|
||||
ror $t1,$t1,#32
|
||||
#endif
|
||||
adds $h0,$h0,$t0 // accumulate nonce
|
||||
adc $h1,$h1,$t1
|
||||
#ifdef __ARMEB__
|
||||
#ifdef __AARCH64EB__
|
||||
rev $h0,$h0 // flip output bytes
|
||||
rev $h1,$h1
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed)
|
|||
|
||||
static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
|
||||
{
|
||||
size_t olen, len;
|
||||
size_t olen, len, i;
|
||||
char quote = '\0';
|
||||
int quotes;
|
||||
|
||||
len = olen = strlen(str);
|
||||
*needed += len;
|
||||
|
||||
if (*remain == 0)
|
||||
return;
|
||||
/*
|
||||
* Check to see if we need quotes or not.
|
||||
* Characters that are legal in a PropertyName don't need quoting.
|
||||
* We simply assume all others require quotes.
|
||||
*/
|
||||
for (i = 0; i < len; i++)
|
||||
if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') {
|
||||
/* Default to single quotes ... */
|
||||
if (quote == '\0')
|
||||
quote = '\'';
|
||||
/* ... but use double quotes if a single is present */
|
||||
if (str[i] == '\'')
|
||||
quote = '"';
|
||||
}
|
||||
|
||||
if (*remain < len + 1)
|
||||
quotes = quote != '\0';
|
||||
if (*remain == 0) {
|
||||
*needed += 2 * quotes;
|
||||
return;
|
||||
}
|
||||
|
||||
if (quotes)
|
||||
put_char(quote, buf, remain, needed);
|
||||
|
||||
if (*remain < len + 1 + quotes)
|
||||
len = *remain - 1;
|
||||
|
||||
if (len > 0) {
|
||||
|
@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
|
|||
*remain -= len;
|
||||
}
|
||||
|
||||
if (quotes)
|
||||
put_char(quote, buf, remain, needed);
|
||||
|
||||
if (len < olen && *remain == 1) {
|
||||
**buf = '\0';
|
||||
++*buf;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
|
|||
|
||||
/* Check private key data integrity */
|
||||
if (include_private && rsa_d != NULL) {
|
||||
int numprimes = sk_BIGNUM_const_num(factors);
|
||||
int numexps = sk_BIGNUM_const_num(exps);
|
||||
int numcoeffs = sk_BIGNUM_const_num(coeffs);
|
||||
|
||||
/*
|
||||
* It's permissible to have zero primes, i.e. no CRT params.
|
||||
* Otherwise, there must be at least two, as many exponents,
|
||||
* and one coefficient less.
|
||||
*/
|
||||
if (numprimes != 0
|
||||
&& (numprimes < 2 || numexps < 2 || numcoeffs < 1))
|
||||
goto err;
|
||||
|
||||
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
|
||||
rsa_d)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
|
|||
return 0;
|
||||
|
||||
pnum = sk_BIGNUM_num(primes);
|
||||
if (pnum < 2
|
||||
|| pnum != sk_BIGNUM_num(exps)
|
||||
|| pnum != sk_BIGNUM_num(coeffs) + 1)
|
||||
if (pnum < 2)
|
||||
return 0;
|
||||
|
||||
if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0),
|
||||
sk_BIGNUM_value(primes, 1))
|
||||
|| !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
|
||||
sk_BIGNUM_value(exps, 1),
|
||||
sk_BIGNUM_value(coeffs, 0)))
|
||||
sk_BIGNUM_value(primes, 1)))
|
||||
return 0;
|
||||
|
||||
if (pnum == sk_BIGNUM_num(exps)
|
||||
&& pnum == sk_BIGNUM_num(coeffs) + 1) {
|
||||
|
||||
if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
|
||||
sk_BIGNUM_value(exps, 1),
|
||||
sk_BIGNUM_value(coeffs, 0)))
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
old_infos = r->prime_infos;
|
||||
#endif
|
||||
|
@ -1084,6 +1088,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
|
|||
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
|
||||
{
|
||||
OSSL_PARAM rsa_params[2], *p = rsa_params;
|
||||
const char *empty = "";
|
||||
/*
|
||||
* Needed as we swap label with empty if it is NULL, and label is
|
||||
* freed at the end of this function.
|
||||
*/
|
||||
void *plabel = label;
|
||||
int ret;
|
||||
|
||||
if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
|
||||
|
@ -1096,9 +1106,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
|
|||
if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
|
||||
return -1;
|
||||
|
||||
/* Accept NULL for backward compatibility */
|
||||
if (label == NULL && llen == 0)
|
||||
plabel = (void *)empty;
|
||||
|
||||
/* Cast away the const. This is read only so should be safe */
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
|
||||
(void *)label, (size_t)llen);
|
||||
(void *)plabel, (size_t)llen);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params);
|
||||
|
|
|
@ -31,8 +31,8 @@ Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo
|
|||
structure is not complete and must be finalized either by streaming (if
|
||||
applicable) or a call to CMS_final().
|
||||
|
||||
The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo
|
||||
structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags
|
||||
The CMS_SignerInfo_sign() function explicitly signs a CMS_SignerInfo
|
||||
structure, its main use is when the B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags
|
||||
are both set.
|
||||
|
||||
=head1 NOTES
|
||||
|
@ -90,6 +90,8 @@ before it is finalized.
|
|||
CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
|
||||
structure just added or NULL if an error occurs.
|
||||
|
||||
CMS_SignerInfo_sign() returns 1 on success, 0 on failure.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>, L<CMS_sign(3)>,
|
||||
|
@ -97,7 +99,7 @@ L<CMS_final(3)>,
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -128,6 +128,10 @@ The parameter B<j> is invalid.
|
|||
|
||||
=back
|
||||
|
||||
If 0 is returned or B<*codes> is set to a nonzero value the supplied
|
||||
parameters should not be used for Diffie-Hellman operations otherwise
|
||||
the security properties of the key exchange are not guaranteed.
|
||||
|
||||
DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to
|
||||
DH_check() and DH_check_params() respectively, but the error reasons are added
|
||||
to the thread's error queue instead of provided as return values from the
|
||||
|
@ -160,7 +164,7 @@ DH_generate_parameters_ex() instead.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the
|
|||
BN_GENCB_call function discussed below, refer to
|
||||
L<BN_generate_prime(3)>.
|
||||
|
||||
DSA_generate_prime() is similar to DSA_generate_prime_ex() but
|
||||
DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but
|
||||
expects an old-style callback function; see
|
||||
L<BN_generate_prime(3)> for information on the old-style callback.
|
||||
|
||||
|
@ -126,7 +126,7 @@ DSA_generate_parameters_ex() instead.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -134,13 +134,7 @@ section for details.
|
|||
EVP_aes_192_wrap(),
|
||||
EVP_aes_256_wrap(),
|
||||
EVP_aes_128_wrap_pad(),
|
||||
EVP_aes_128_wrap(),
|
||||
EVP_aes_192_wrap(),
|
||||
EVP_aes_256_wrap(),
|
||||
EVP_aes_192_wrap_pad(),
|
||||
EVP_aes_128_wrap(),
|
||||
EVP_aes_192_wrap(),
|
||||
EVP_aes_256_wrap(),
|
||||
EVP_aes_256_wrap_pad()
|
||||
|
||||
AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section
|
||||
|
@ -173,7 +167,7 @@ the XTS "tweak" value.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-AES(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -96,7 +96,7 @@ correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-ARIA(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -41,7 +41,7 @@ Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-BLOWFISH(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -35,7 +35,7 @@ The BLAKE2b algorithm that produces a 512-bit output from a given input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-BLAKE2(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
While the BLAKE2b and BLAKE2s algorithms supports a variable length digest,
|
||||
|
|
|
@ -79,7 +79,7 @@ Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAMELLIA(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -41,7 +41,7 @@ CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAST(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -44,7 +44,7 @@ L<EVP_EncryptInit(3)/AEAD Interface> section for more information.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CHACHA(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
L<RFC 7539|https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4>
|
||||
|
|
|
@ -89,7 +89,7 @@ Triple-DES key wrap according to RFC 3217 Section 3.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -31,7 +31,7 @@ implementation.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -39,7 +39,7 @@ The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-IDEA(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -28,7 +28,7 @@ The MD2 algorithm which produces a 128-bit output from a given input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-MD2(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -29,7 +29,7 @@ The MD4 algorithm which produces a 128-bit output from a given input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-MD4(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -40,7 +40,7 @@ WARNING: this algorithm is not intended for non-SSL usage.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-MD5(7)> or L<EVP_MD-MD5-SHA1(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -30,7 +30,7 @@ The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-MDC2(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -55,7 +55,7 @@ functions to set the key length and effective key length.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC2(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -47,7 +47,7 @@ interface.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC4(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -60,7 +60,7 @@ is an int.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC5(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -29,7 +29,7 @@ The RIPEMD-160 algorithm which produces a 160-bit output from a given input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-RIPEMD160(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -41,7 +41,7 @@ The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SEED(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -29,7 +29,7 @@ The SHA-1 algorithm which produces a 160-bit output from a given input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA1(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -49,7 +49,7 @@ their outputs are of the same size.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA2(7)>instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -54,7 +54,7 @@ B<EVP_shake256> provides that of 256 bits.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA3(7)> or L<EVP_MD-SHAKE(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -28,7 +28,7 @@ The SM3 hash function.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-SM3(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -45,7 +45,7 @@ respectively.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling these functions multiple times and should consider using
|
||||
L<EVP_CIPHER_fetch(3)> instead.
|
||||
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SM4(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -30,7 +30,7 @@ input.
|
|||
|
||||
Developers should be aware of the negative performance implications of
|
||||
calling this function multiple times and should consider using
|
||||
L<EVP_MD_fetch(3)> instead.
|
||||
L<EVP_MD_fetch(3)> with L<EVP_MD-WHIRLPOOL(7)> instead.
|
||||
See L<crypto(7)/Performance> for further information.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
|
|
@ -33,7 +33,8 @@ be NULL terminated.
|
|||
|
||||
B<iter> is the iteration count and its value should be greater than or
|
||||
equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
|
||||
B<iter> less than 1 is treated as a single iteration.
|
||||
B<iter> value less than 1 is invalid; such values will result in failure
|
||||
and raise the PROV_R_INVALID_ITERATION_COUNT error.
|
||||
|
||||
B<digest> is the message digest function used in the derivation.
|
||||
PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1().
|
||||
|
@ -66,7 +67,7 @@ L<passphrase-encoding(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
SSL_CONF_CTX_finish,
|
||||
SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
@ -10,6 +11,7 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
|
|||
|
||||
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
|
||||
void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
|
||||
int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -23,6 +25,10 @@ B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with
|
|||
B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
|
||||
B<ssl>.
|
||||
|
||||
The function SSL_CONF_CTX_finish() must be called after all configuration
|
||||
operations have been completed. It is used to finalise any operations
|
||||
or to process defaults.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
The context need not be set or it can be set to B<NULL> in which case only
|
||||
|
@ -32,6 +38,8 @@ syntax checking of commands is performed, where possible.
|
|||
|
||||
SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.
|
||||
|
||||
SSL_CONF_CTX_finish() returns 1 for success and 0 for failure.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(7)>,
|
||||
|
@ -47,7 +55,7 @@ These functions were added in OpenSSL 1.0.2.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -12,11 +12,15 @@ SSL_get_info_callback
|
|||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
|
||||
void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
|
||||
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
|
||||
void (*callback) (const SSL *ssl, int type, int val));
|
||||
|
||||
void SSL_set_info_callback(SSL *ssl, void (*callback)());
|
||||
void (*SSL_get_info_callback(const SSL *ssl))();
|
||||
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val);
|
||||
|
||||
void SSL_set_info_callback(SSL *ssl,
|
||||
void (*callback) (const SSL *ssl, int type, int val));
|
||||
|
||||
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting.
|
|||
The following example callback function prints state strings, information
|
||||
about alerts being handled and error messages to the B<bio_err> BIO.
|
||||
|
||||
void apps_ssl_info_callback(SSL *s, int where, int ret)
|
||||
void apps_ssl_info_callback(const SSL *s, int where, int ret)
|
||||
{
|
||||
const char *str;
|
||||
int w = where & ~SSL_ST_MASK;
|
||||
|
@ -156,7 +160,7 @@ L<SSL_alert_type_string(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -8,7 +8,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private
|
|||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
|
||||
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
|
||||
|
@ -64,7 +64,7 @@ L<passphrase-encoding(7)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred
|
|||
then NULL is returned.
|
||||
|
||||
On a successful return, if I<*a> is not NULL then it is assumed that I<*a>
|
||||
contains a valid B<I<TYPE>> structure and an attempt is made to reuse it. This
|
||||
"reuse" capability is present for historical compatibility but its use is
|
||||
B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
|
||||
VALUES section).
|
||||
contains a valid B<I<TYPE>> structure and an attempt is made to reuse it.
|
||||
For B<I<TYPE>> structures where it matters it is possible to set up a library
|
||||
context on the decoded structure this way (see the B<EXAMPLES> section).
|
||||
However using the "reuse" capability for other purposes is B<strongly
|
||||
discouraged> (see B<BUGS> below, and the discussion in the B<RETURN VALUES>
|
||||
section).
|
||||
|
||||
B<d2i_I<TYPE>_bio>() is similar to B<d2i_I<TYPE>>() except it attempts
|
||||
to parse data from BIO I<bp>.
|
||||
|
@ -538,6 +540,22 @@ Alternative technique:
|
|||
if (d2i_X509(&x, &p, len) == NULL)
|
||||
/* error */
|
||||
|
||||
Setting up a library context and property query:
|
||||
|
||||
X509 *x;
|
||||
unsigned char *buf;
|
||||
const unsigned char *p;
|
||||
int len;
|
||||
OSSL_LIB_CTX *libctx = ....;
|
||||
const char *propq = ....;
|
||||
|
||||
/* Set up buf and len to point to the input buffer. */
|
||||
p = buf;
|
||||
x = X509_new_ex(libctx, propq);
|
||||
|
||||
if (d2i_X509(&x, &p, len) == NULL)
|
||||
/* error, x was freed and NULL assigned to it (see RETURN VALUES) */
|
||||
|
||||
=head1 WARNINGS
|
||||
|
||||
Using a temporary variable is mandatory. A common
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -113,6 +113,7 @@
|
|||
# define CMS_R_UNSUPPORTED_LABEL_SOURCE 193
|
||||
# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155
|
||||
# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
|
||||
# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195
|
||||
# define CMS_R_UNSUPPORTED_TYPE 156
|
||||
# define CMS_R_UNWRAP_ERROR 157
|
||||
# define CMS_R_UNWRAP_FAILURE 180
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -85,6 +85,8 @@
|
|||
/* Easy to use macros for EVP_PKEY related selections */
|
||||
# define EVP_PKEY_KEY_PARAMETERS \
|
||||
( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS )
|
||||
# define EVP_PKEY_PRIVATE_KEY \
|
||||
( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY )
|
||||
# define EVP_PKEY_PUBLIC_KEY \
|
||||
( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY )
|
||||
# define EVP_PKEY_KEYPAIR \
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* {- join("\n * ", @autowarntext) -}
|
||||
*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -57,8 +57,8 @@ typedef struct pkcs7_signer_info_st {
|
|||
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
|
||||
X509_ALGOR *digest_alg;
|
||||
STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
|
||||
X509_ALGOR *digest_enc_alg;
|
||||
ASN1_OCTET_STRING *enc_digest;
|
||||
X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */
|
||||
ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */
|
||||
STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
|
||||
/* The private key to sign with */
|
||||
EVP_PKEY *pkey;
|
||||
|
|
|
@ -21,7 +21,7 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm
|
|||
c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl
|
||||
f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl
|
||||
e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl
|
||||
a097f9d71de7cefa8e93629033ff1986fb01128623ec051d9b5afef55c0e5ebb crypto/aes/asm/aesv8-armx.pl
|
||||
e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl
|
||||
5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl
|
||||
0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl
|
||||
1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl
|
||||
|
@ -79,7 +79,7 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_d
|
|||
74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c
|
||||
a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c
|
||||
ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c
|
||||
1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c
|
||||
baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c
|
||||
4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c
|
||||
081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c
|
||||
602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c
|
||||
|
@ -122,20 +122,20 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb
|
|||
61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c
|
||||
8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h
|
||||
816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c
|
||||
d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c
|
||||
fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c
|
||||
7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c
|
||||
6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c
|
||||
a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c
|
||||
0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c
|
||||
b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c
|
||||
9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c
|
||||
92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c
|
||||
8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h
|
||||
bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c
|
||||
b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c
|
||||
d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c
|
||||
ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c
|
||||
b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c
|
||||
9e436a2e0867920c3a5ac58bc14300cad4ab2c4c8fe5e40b355dfd21bfdfe146 crypto/dsa/dsa_lib.c
|
||||
9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c
|
||||
f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h
|
||||
38062c6eebdb2f88fa0c6592837a96a49de2ae520d3ad483a3e02921c8adb094 crypto/dsa/dsa_ossl.c
|
||||
c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c
|
||||
d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c
|
||||
53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c
|
||||
d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl
|
||||
|
@ -193,7 +193,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_
|
|||
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
|
||||
1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c
|
||||
838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c
|
||||
1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c
|
||||
61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c
|
||||
7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c
|
||||
ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c
|
||||
78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h
|
||||
|
@ -213,11 +213,11 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac
|
|||
1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c
|
||||
76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c
|
||||
4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c
|
||||
b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c
|
||||
f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c
|
||||
1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c
|
||||
a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c
|
||||
854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c
|
||||
2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c
|
||||
4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c
|
||||
8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c
|
||||
1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c
|
||||
73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c
|
||||
|
@ -225,7 +225,7 @@ a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc
|
|||
0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h
|
||||
0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S
|
||||
f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c
|
||||
5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c
|
||||
7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c
|
||||
5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h
|
||||
f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c
|
||||
e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl
|
||||
|
@ -240,7 +240,7 @@ e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/a
|
|||
26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl
|
||||
72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl
|
||||
a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl
|
||||
0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl
|
||||
69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl
|
||||
65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c
|
||||
1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c
|
||||
d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c
|
||||
|
@ -252,7 +252,7 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w
|
|||
8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c
|
||||
8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c
|
||||
a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c
|
||||
c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c
|
||||
2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c
|
||||
0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c
|
||||
4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
|
||||
a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c
|
||||
|
@ -261,7 +261,7 @@ a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_
|
|||
b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c
|
||||
3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c
|
||||
66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h
|
||||
921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c
|
||||
099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c
|
||||
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
|
||||
065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
|
||||
0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c
|
||||
|
@ -270,11 +270,11 @@ d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provide
|
|||
a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c
|
||||
fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h
|
||||
f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c
|
||||
9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c
|
||||
5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c
|
||||
38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c
|
||||
e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c
|
||||
e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c
|
||||
74ed75d1d8e0844800504a137bfd81c3dbcb6c4bd58b5d5fe9d0a362092b6e88 crypto/rsa/rsa_lib.c
|
||||
f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c
|
||||
a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h
|
||||
cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c
|
||||
5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c
|
||||
|
@ -430,7 +430,7 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openss
|
|||
61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h
|
||||
69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
|
||||
c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in
|
||||
12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h
|
||||
b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h
|
||||
5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h
|
||||
5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h
|
||||
b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in
|
||||
|
@ -567,7 +567,7 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl
|
|||
589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c
|
||||
4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c
|
||||
6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c
|
||||
9d5eb7e056e790b1b4292ec7af03fbf0b26e34625c70eb36643451965bcfc696 providers/implementations/keymgmt/dh_kmgmt.c
|
||||
11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c
|
||||
a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/implementations/keymgmt/dsa_kmgmt.c
|
||||
9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c
|
||||
258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc
|
||||
|
@ -578,7 +578,7 @@ a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/impl
|
|||
aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c
|
||||
e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c
|
||||
895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c
|
||||
f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c
|
||||
8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c
|
||||
bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c
|
||||
9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c
|
||||
bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c
|
||||
|
|
|
@ -1 +1 @@
|
|||
8d97c837eeb1288f74788f0e48cb0cbc8498d4cf7ddc25c89344df7d5309ffc8 providers/fips-sources.checksums
|
||||
114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection)
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||
pub_key = DH_get0_pub_key(dh);
|
||||
if (pub_key == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
|
||||
|
@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection)
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||
pub_key = DSA_get0_pub_key(dsa);
|
||||
if (pub_key == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
|
||||
|
@ -525,7 +525,7 @@ static int ec_to_text(BIO *out, const void *key, int selection)
|
|||
if (priv_len == 0)
|
||||
goto err;
|
||||
}
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||
const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec);
|
||||
|
||||
if (pub_pt == NULL) {
|
||||
|
@ -575,26 +575,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
|
|||
return 0;
|
||||
}
|
||||
|
||||
switch (ecx->type) {
|
||||
case ECX_KEY_TYPE_X25519:
|
||||
type_label = "X25519";
|
||||
break;
|
||||
case ECX_KEY_TYPE_X448:
|
||||
type_label = "X448";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED25519:
|
||||
type_label = "ED25519";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED448:
|
||||
type_label = "ED448";
|
||||
break;
|
||||
}
|
||||
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
|
||||
if (ecx->privkey == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
switch (ecx->type) {
|
||||
case ECX_KEY_TYPE_X25519:
|
||||
type_label = "X25519 Private-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_X448:
|
||||
type_label = "X448 Private-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED25519:
|
||||
type_label = "ED25519 Private-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED448:
|
||||
type_label = "ED448 Private-Key";
|
||||
break;
|
||||
}
|
||||
if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0)
|
||||
return 0;
|
||||
if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen))
|
||||
return 0;
|
||||
} else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
||||
/* ecx->pubkey is an array, not a pointer... */
|
||||
if (!ecx->haspubkey) {
|
||||
|
@ -602,29 +607,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
|
|||
return 0;
|
||||
}
|
||||
|
||||
switch (ecx->type) {
|
||||
case ECX_KEY_TYPE_X25519:
|
||||
type_label = "X25519 Public-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_X448:
|
||||
type_label = "X448 Public-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED25519:
|
||||
type_label = "ED25519 Public-Key";
|
||||
break;
|
||||
case ECX_KEY_TYPE_ED448:
|
||||
type_label = "ED448 Public-Key";
|
||||
break;
|
||||
}
|
||||
if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (BIO_printf(out, "%s:\n", type_label) <= 0)
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
|
||||
&& !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen))
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
|
||||
&& !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen))
|
||||
if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
|
|
|
@ -392,7 +392,7 @@ static int dh_validate_public(const DH *dh, int checktype)
|
|||
&& ossl_dh_is_named_safe_prime_group(dh))
|
||||
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
|
||||
|
||||
return DH_check_pub_key(dh, pub_key, &res);
|
||||
return DH_check_pub_key_ex(dh, pub_key);
|
||||
}
|
||||
|
||||
static int dh_validate_private(const DH *dh)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
|
|||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
if (w < 0) {
|
||||
if (w <= 0) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
|
@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key,
|
|||
return 0;
|
||||
|
||||
t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
|
||||
if (t < 0) {
|
||||
if (t <= 0) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue