system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1l

Browse source
This commit is contained in:
Jung-uk Kim 2021-09-01 00:26:38 -04:00
parent 706b1a5724
commit 9a3ae0cdef
79 changed files with 703 additions and 334 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
crypto/openssl/CHANGES
View file

@ -7,6 +7,71 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
*) Fixed an SM2 Decryption Buffer Overflow.
In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.
(CVE-2021-3711)
[Matt Caswell]
*) Fixed various read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.
Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.
However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.
Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).
(CVE-2021-3712)
[Matt Caswell]
Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
*) Fixed a problem with verifying a certificate chain when using the

5
crypto/openssl/NEWS
View file

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
o Fixed a problem with verifying a certificate chain when using the

2
crypto/openssl/README
View file

@ -1,5 +1,5 @@
OpenSSL 1.1.1k 25 Mar 2021
OpenSSL 1.1.1l 24 Aug 2021
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

18
crypto/openssl/apps/crl2p7.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -120,19 +120,20 @@ int crl2pkcs7_main(int argc, char **argv)
if (!ASN1_INTEGER_set(p7s->version, 1))
goto end;
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
if (crl != NULL) {
if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
goto end;
p7s->crl = crl_stack;
sk_X509_CRL_push(crl_stack, crl);
crl = NULL; /* now part of p7 for OPENSSL_freeing */
}
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst != NULL) {
if ((cert_stack = sk_X509_new_null()) == NULL)
goto end;
p7s->cert = cert_stack;
if (certflst != NULL)
for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
certfile = sk_OPENSSL_STRING_value(certflst, i);
if (add_certs_from_file(cert_stack, certfile) < 0) {
@ -141,6 +142,7 @@ int crl2pkcs7_main(int argc, char **argv)
goto end;
}
}
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)

4
crypto/openssl/apps/enc.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -81,7 +81,7 @@ const OPTIONS enc_options[] = {
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},

13
crypto/openssl/apps/s_server.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -133,6 +133,17 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
if (SSL_version(ssl) >= TLS1_3_VERSION) {
/*
* This callback is designed for use in TLSv1.2. It is possible to use
* a single callback for all protocol versions - but it is preferred to
* use a dedicated callback for TLSv1.3. For TLSv1.3 we have
* psk_find_session_cb.
*/
return 0;
}
if (identity == NULL) {
BIO_printf(bio_err, "Error: client did not send PSK identity\n");
goto out_err;

12
crypto/openssl/apps/s_socket.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -214,6 +214,8 @@ int do_server(int *accept_sock, const char *host, const char *port,
const BIO_ADDRINFO *next;
int sock_family, sock_type, sock_protocol, sock_port;
const BIO_ADDR *sock_address;
int sock_family_fallback = AF_UNSPEC;
const BIO_ADDR *sock_address_fallback = NULL;
int sock_options = BIO_SOCK_REUSEADDR;
int ret = 0;
@ -244,6 +246,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
&& BIO_ADDRINFO_protocol(next) == sock_protocol) {
if (sock_family == AF_INET
&& BIO_ADDRINFO_family(next) == AF_INET6) {
/* In case AF_INET6 is returned but not supported by the
* kernel, retry with the first detected address family */
sock_family_fallback = sock_family;
sock_address_fallback = sock_address;
sock_family = AF_INET6;
sock_address = BIO_ADDRINFO_address(next);
} else if (sock_family == AF_INET6
@ -253,6 +259,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
}
asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
sock_address = sock_address_fallback;
}
if (asock == INVALID_SOCKET
|| !BIO_listen(asock, sock_address, sock_options)) {
BIO_ADDRINFO_free(res);

15
crypto/openssl/crypto/armcap.c
View file

@ -68,6 +68,12 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# elif defined(__ANDROID_API__)
/* see https://developer.android.google.cn/ndk/guides/cpu-features */
# if __ANDROID_API__ >= 18
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
# if defined(__FreeBSD__)
# include <sys/param.h>
@ -87,6 +93,15 @@ static unsigned long getauxval(unsigned long key)
# endif
# endif
/*
* Android: according to https://developer.android.com/ndk/guides/cpu-features,
* getauxval is supported starting with API level 18
*/
# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.

15
crypto/openssl/crypto/asn1/a_object.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -286,16 +286,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
}
}
/*
* only the ASN1_OBJECTs from the 'table' will have values for ->sn or
* ->ln
*/
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
if ((ret = ASN1_OBJECT_new()) == NULL)
return NULL;
} else
} else {
ret = (*a);
}
p = *pp;
/* detach data from object */
@ -313,6 +310,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
}
memcpy(data, p, length);
/* If there are dynamic strings, free them here, and clear the flag */
if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
OPENSSL_free((char *)ret->sn);
OPENSSL_free((char *)ret->ln);
ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
}
/* reattach data to object, after which it remains const */
ret->data = data;
ret->length = length;

4
crypto/openssl/crypto/asn1/a_strex.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
t.type = str->type;
t.value.ptr = (char *)str;
der_len = i2d_ASN1_TYPE(&t, NULL);
if (der_len <= 0)
return -1;
if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
return -1;

2
crypto/openssl/crypto/asn1/asn1_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

7
crypto/openssl/crypto/asn1/bio_asn1.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -138,6 +138,11 @@ static int asn1_bio_free(BIO *b)
if (ctx == NULL)
return 0;
if (ctx->prefix_free != NULL)
ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
if (ctx->suffix_free != NULL)
ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
OPENSSL_free(ctx->buf);
OPENSSL_free(ctx);
BIO_set_data(b, NULL);

3
crypto/openssl/crypto/asn1/bio_ndef.c
View file

@ -142,6 +142,9 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
ndef_aux = *(NDEF_SUPPORT **)parg;
if (ndef_aux == NULL)
return 0;
OPENSSL_free(ndef_aux->derbuf);
ndef_aux->derbuf = NULL;

73
crypto/openssl/crypto/asn1/d2i_pr.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -78,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
* type
*/
static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)
{
const unsigned char *p = *pp;
PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
EVP_PKEY *ret;
if (p8 == NULL)
return NULL;
ret = EVP_PKCS82PKEY(p8);
if (ret == NULL)
*carry_on = 0;
PKCS8_PRIV_KEY_INFO_free(p8);
if (ret != NULL)
*pp = p;
return ret;
}
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
long length)
{
STACK_OF(ASN1_TYPE) *inkey;
const unsigned char *p;
int keytype;
EVP_PKEY *ret = NULL;
int carry_on = 1;
ERR_set_mark();
ret = key_as_pkcs8(pp, length, &carry_on);
if (ret != NULL) {
ERR_clear_last_mark();
if (a != NULL)
*a = ret;
return ret;
}
if (carry_on == 0) {
ERR_clear_last_mark();
ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return NULL;
}
p = *pp;
/*
* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
* analyzing it we can determine the passed structure: this assumes the
@ -100,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
keytype = EVP_PKEY_DSA;
else if (sk_ASN1_TYPE_num(inkey) == 4)
keytype = EVP_PKEY_EC;
else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
* traditional format */
PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
EVP_PKEY *ret;
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
if (!p8) {
ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return NULL;
}
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (ret == NULL)
return NULL;
*pp = p;
if (a) {
*a = ret;
}
return ret;
} else
else
keytype = EVP_PKEY_RSA;
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
return d2i_PrivateKey(keytype, a, pp, length);
ret = d2i_PrivateKey(keytype, a, pp, length);
if (ret != NULL)
ERR_pop_to_mark();
else
ERR_clear_last_mark();
return ret;
}

2
crypto/openssl/crypto/asn1/t_spki.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/crypto/bio/b_addr.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -689,7 +689,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
hints.ai_protocol = protocol;
# ifdef AI_ADDRCONFIG
# ifdef AF_UNSPEC
if (family == AF_UNSPEC)
if (host != NULL && family == AF_UNSPEC)
# endif
hints.ai_flags |= AI_ADDRCONFIG;
# endif

5
crypto/openssl/crypto/bio/b_sock2.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -255,7 +255,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
}
}
# ifdef IPV6_V6ONLY
/* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
if (BIO_ADDR_family(addr) == AF_INET6) {
/*
* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.

9
crypto/openssl/crypto/bn/bn_div.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
BIGNUM *tmp, *snum, *sdiv, *res;
BN_ULONG *resp, *wnum, *wnumtop;
BN_ULONG d0, d1;
int num_n, div_n;
int num_n, div_n, num_neg;
assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
/* Setup quotient */
if (!bn_wexpand(res, loop))
goto err;
res->neg = (num->neg ^ divisor->neg);
num_neg = num->neg;
res->neg = (num_neg ^ divisor->neg);
res->top = loop;
res->flags |= BN_FLG_FIXED_TOP;
resp = &(res->d[loop]);
@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
*--resp = q;
}
/* snum holds remainder, it's as wide as divisor */
snum->neg = num->neg;
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
if (rm != NULL)

54
crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -471,7 +471,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round
&por ($b,$t);
}
my $xframe = $win64 ? 32+8 : 8;
my $xframe = $win64 ? 160+8 : 8;
$code.=<<___;
.type ChaCha20_ssse3,\@function,5
@ -2499,7 +2499,7 @@ sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round
&vprold ($b,$b,7);
}
my $xframe = $win64 ? 32+8 : 8;
my $xframe = $win64 ? 160+8 : 8;
$code.=<<___;
.type ChaCha20_avx512,\@function,5
@ -2515,8 +2515,16 @@ ChaCha20_avx512:
sub \$64+$xframe,%rsp
___
$code.=<<___ if ($win64);
movaps %xmm6,-0x28(%r9)
movaps %xmm7,-0x18(%r9)
movaps %xmm6,-0xa8(%r9)
movaps %xmm7,-0x98(%r9)
movaps %xmm8,-0x88(%r9)
movaps %xmm9,-0x78(%r9)
movaps %xmm10,-0x68(%r9)
movaps %xmm11,-0x58(%r9)
movaps %xmm12,-0x48(%r9)
movaps %xmm13,-0x38(%r9)
movaps %xmm14,-0x28(%r9)
movaps %xmm15,-0x18(%r9)
.Lavx512_body:
___
$code.=<<___;
@ -2683,8 +2691,16 @@ $code.=<<___;
vzeroall
___
$code.=<<___ if ($win64);
movaps -0x28(%r9),%xmm6
movaps -0x18(%r9),%xmm7
movaps -0xa8(%r9),%xmm6
movaps -0x98(%r9),%xmm7
movaps -0x88(%r9),%xmm8
movaps -0x78(%r9),%xmm9
movaps -0x68(%r9),%xmm10
movaps -0x58(%r9),%xmm11
movaps -0x48(%r9),%xmm12
movaps -0x38(%r9),%xmm13
movaps -0x28(%r9),%xmm14
movaps -0x18(%r9),%xmm15
___
$code.=<<___;
lea (%r9),%rsp
@ -2711,8 +2727,16 @@ ChaCha20_avx512vl:
sub \$64+$xframe,%rsp
___
$code.=<<___ if ($win64);
movaps %xmm6,-0x28(%r9)
movaps %xmm7,-0x18(%r9)
movaps %xmm6,-0xa8(%r9)
movaps %xmm7,-0x98(%r9)
movaps %xmm8,-0x88(%r9)
movaps %xmm9,-0x78(%r9)
movaps %xmm10,-0x68(%r9)
movaps %xmm11,-0x58(%r9)
movaps %xmm12,-0x48(%r9)
movaps %xmm13,-0x38(%r9)
movaps %xmm14,-0x28(%r9)
movaps %xmm15,-0x18(%r9)
.Lavx512vl_body:
___
$code.=<<___;
@ -2836,8 +2860,16 @@ $code.=<<___;
vzeroall
___
$code.=<<___ if ($win64);
movaps -0x28(%r9),%xmm6
movaps -0x18(%r9),%xmm7
movaps -0xa8(%r9),%xmm6
movaps -0x98(%r9),%xmm7
movaps -0x88(%r9),%xmm8
movaps -0x78(%r9),%xmm9
movaps -0x68(%r9),%xmm10
movaps -0x58(%r9),%xmm11
movaps -0x48(%r9),%xmm12
movaps -0x38(%r9),%xmm13
movaps -0x28(%r9),%xmm14
movaps -0x18(%r9),%xmm15
___
$code.=<<___;
lea (%r9),%rsp

14
crypto/openssl/crypto/dsa/dsa_prn.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
if (pk == NULL)
return 0;
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
if (ret)
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;
}
@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
if (pk == NULL)
return 0;
ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
if (ret)
ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
EVP_PKEY_free(pk);
return ret;
}

43
crypto/openssl/crypto/ec/ec2_oct.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
return 0;
}
form = buf[0];
y_bit = form & 1;
form = form & ~1U;
/*
* The first octet is the point converison octet PC, see X9.62, page 4
* and section 4.4.2. It must be:
* 0x00 for the point at infinity
* 0x02 or 0x03 for compressed form
* 0x04 for uncompressed form
* 0x06 or 0x07 for hybrid form.
* For compressed or hybrid forms, we store the last bit of buf[0] as
* y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
* We error if buf[0] contains any but the above values.
*/
y_bit = buf[0] & 1;
form = buf[0] & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID)) {
@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
/* The point at infinity is represented by a single zero octet. */
if (form == 0) {
if (len != 1) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
@ -312,11 +325,23 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
if (!group->meth->field_div(group, yxi, y, x, ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
goto err;
/*
* Check that the form in the encoding was set correctly
* according to X9.62 4.4.2.a, 4(c), see also first paragraph
* of X9.62, 4.4.1.b.
*/
if (BN_is_zero(x)) {
if (y_bit != 0) {
ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
goto err;
}
} else {
if (!group->meth->field_div(group, yxi, y, x, ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
goto err;
}
}
}

2
crypto/openssl/crypto/ec/ec_asn1.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

5
crypto/openssl/crypto/err/openssl.txt
View file

@ -1160,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
SSL_F_FINAL_EMS:486:final_ems
SSL_F_FINAL_KEY_SHARE:503:final_key_share
SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
SSL_F_FINAL_PSK:639:final_psk
SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
SSL_F_FINAL_SERVER_NAME:558:final_server_name
SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
@ -1653,6 +1654,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID
X509V3_F_LEVEL_ADD_NODE:168:level_add_node
X509V3_F_NOTICE_SECTION:132:notice_section
X509V3_F_NREF_NOS:133:nref_nos
@ -1693,6 +1695,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value
X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
@ -2742,6 +2745,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
SSL_R_MISSING_FATAL:256:missing fatal
SSL_R_MISSING_PARAMETERS:290:missing parameters
SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
@ -2785,6 +2789,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
SSL_R_NULL_SSL_CTX:195:null ssl ctx
SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned

196
crypto/openssl/crypto/evp/e_aes.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
unsigned char *ivec);
@ -1168,9 +1168,9 @@ typedef struct {
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
# define S390X_aes_192_cbc_CAPABLE 1
# define S390X_aes_256_cbc_CAPABLE 1
# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */
# define S390X_aes_192_cbc_CAPABLE 0
# define S390X_aes_256_cbc_CAPABLE 0
# define S390X_AES_CBC_CTX EVP_AES_KEY
# define s390x_aes_cbc_init_key aes_init_key
@ -1190,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL)
memcpy(cctx->km.param.k, key, keylen);
memcpy(cctx->km.param.k, key, keylen);
return 1;
}
@ -1222,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
memcpy(cctx->kmo.param.cv, iv, ivlen);
memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
if (key != NULL)
memcpy(cctx->kmo.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmo.param.cv, oiv, ivlen);
return 1;
}
@ -1237,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
memcpy(cctx->kmo.param.cv, iv, ivlen);
while (n && len) {
*out = *in ^ cctx->kmo.param.cv[n];
n = (n + 1) & 0xf;
@ -1268,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
memcpy(iv, cctx->kmo.param.cv, ivlen);
cctx->res = n;
return 1;
}
@ -1287,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
| (16 << 24); /* 16 bytes cipher feedback */
if (key != NULL)
memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@ -1308,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
unsigned char tmp;
memcpy(cctx->kmf.param.cv, iv, ivlen);
while (n && len) {
tmp = *in;
*out = cctx->kmf.param.cv[n] ^ tmp;
@ -1344,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
memcpy(iv, cctx->kmf.param.cv, ivlen);
cctx->res = n;
return 1;
}
@ -1360,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
cctx->fc = S390X_AES_FC(keylen);
cctx->fc |= 1 << 24; /* 1 byte cipher feedback */
if (!enc)
cctx->fc |= S390X_DECRYPT;
cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
| (1 << 24); /* 1 byte cipher feedback flag */
memcpy(cctx->kmf.param.cv, iv, ivlen);
memcpy(cctx->kmf.param.k, key, keylen);
if (key != NULL)
memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@ -1378,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(cctx->kmf.param.cv, iv, ivlen);
s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
memcpy(iv, cctx->kmf.param.cv, ivlen);
return 1;
}
@ -1393,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
# define S390X_aes_192_ctr_CAPABLE 1
# define S390X_aes_256_ctr_CAPABLE 1
# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */
# define S390X_aes_192_ctr_CAPABLE 0
# define S390X_aes_256_ctr_CAPABLE 0
# define S390X_AES_CTR_CTX EVP_AES_KEY
# define s390x_aes_ctr_init_key aes_init_key
@ -1563,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
/*-
* Initialize context structure. Code is big-endian.
*/
static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
const unsigned char *iv)
static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
{
ctx->kma.param.t.g[0] = 0;
ctx->kma.param.t.g[1] = 0;
@ -1575,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
ctx->kreslen = 0;
if (ctx->ivlen == 12) {
memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
ctx->kma.param.j0.w[3] = 1;
ctx->kma.param.cv.w = 1;
} else {
/* ctx->iv has the right size and is already padded. */
memcpy(ctx->iv, iv, ctx->ivlen);
s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
ctx->fc, &ctx->kma.param);
ctx->fc |= S390X_KMA_HS;
@ -1694,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
s390x_aes_gcm_setiv(gctx, gctx->iv);
s390x_aes_gcm_setiv(gctx);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
@ -1714,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
s390x_aes_gcm_setiv(gctx, gctx->iv);
s390x_aes_gcm_setiv(gctx);
gctx->iv_set = 1;
return 1;
@ -1770,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
}
/*-
* Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
* Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
*/
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
int keylen;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
if (iv == NULL && key == NULL)
return 1;
gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL) {
keylen = EVP_CIPHER_CTX_key_length(ctx);
gctx->fc &= ~S390X_KMA_HS;
memcpy(&gctx->kma.param.k, key, keylen);
gctx->fc = S390X_AES_FC(keylen);
if (!enc)
gctx->fc |= S390X_DECRYPT;
if (iv == NULL && gctx->iv_set)
iv = gctx->iv;
if (iv != NULL) {
s390x_aes_gcm_setiv(gctx, iv);
gctx->iv_set = 1;
}
gctx->key_set = 1;
} else {
if (gctx->key_set)
s390x_aes_gcm_setiv(gctx, iv);
else
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_set = 1;
gctx->iv_gen = 0;
}
if (iv != NULL) {
memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_gen = 0;
gctx->iv_set = 1;
}
if (gctx->key_set && gctx->iv_set)
s390x_aes_gcm_setiv(gctx);
gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);
gctx->areslen = 0;
gctx->mreslen = 0;
gctx->kreslen = 0;
return 1;
}
@ -1895,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* recall that we already did en-/decrypt gctx->mres
* and returned it to caller... */
OPENSSL_cleanse(tmp, gctx->mreslen);
gctx->iv_set = 0;
enc = EVP_CIPHER_CTX_encrypting(ctx);
if (enc) {
@ -1929,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
}
# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
# define S390X_aes_256_xts_CAPABLE 1
# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */
# define S390X_aes_256_xts_CAPABLE 0
# define s390x_aes_xts_init_key aes_xts_init_key
static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
@ -2134,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
unsigned char iv[EVP_MAX_IV_LENGTH];
if (out != in
|| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
@ -2152,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* Get explicit iv (sequence number). We already have fixed iv
* (server/client_write_iv) here.
*/
memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
s390x_aes_ccm_setiv(cctx, ivec, len);
memcpy(iv, ivec, sizeof(iv));
memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
s390x_aes_ccm_setiv(cctx, iv, len);
/* Process aad (sequence number|type|version|length) */
s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
@ -2180,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
/*-
* Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
* returned.
* Set key or iv or enc/dec. Returns 1 if successful.
* Otherwise 0 is returned.
*/
static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
unsigned char *ivec;
int keylen;
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
if (iv == NULL && key == NULL)
return 1;
cctx->aes.ccm.fc = S390X_AES_FC(keylen);
if (key != NULL) {
keylen = EVP_CIPHER_CTX_key_length(ctx);
cctx->aes.ccm.fc = S390X_AES_FC(keylen);
memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
/* Store encoded m and l. */
cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
memset(cctx->aes.ccm.nonce.b + 1, 0,
sizeof(cctx->aes.ccm.nonce.b));
cctx->aes.ccm.blocks = 0;
cctx->aes.ccm.key_set = 1;
}
if (iv != NULL) {
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
cctx->aes.ccm.iv_set = 1;
}
/* Store encoded m and l. */
cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
| (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
cctx->aes.ccm.blocks = 0;
cctx->aes.ccm.len_set = 0;
return 1;
}
@ -2230,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf;
int rv;
unsigned char *buf, *ivec;
if (!cctx->aes.ccm.key_set)
return -1;
@ -2253,7 +2255,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (out == NULL) {
/* Update(): Pass message length. */
if (in == NULL) {
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@ -2279,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@ -2304,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (rv == -1)
OPENSSL_cleanse(out, len);
cctx->aes.ccm.iv_set = 0;
cctx->aes.ccm.tag_set = 0;
cctx->aes.ccm.len_set = 0;
return rv;
}
}
@ -2414,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
cctx->aes.ccm.tag_set = 0;
cctx->aes.ccm.iv_set = 0;
cctx->aes.ccm.len_set = 0;
return 1;
case EVP_CTRL_COPY:
@ -2453,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
NULL, \
@ -2490,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
blocksize, \
(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
ivlen, \
flags | EVP_CIPH_##MODE##_MODE, \
flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
s390x_aes_##mode##_cleanup, \

10
crypto/openssl/crypto/evp/e_camellia.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
unsigned char *ivec);
unsigned char *ivec, int /*unused*/);
void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const CAMELLIA_KEY *key,
unsigned char *ivec);

5
crypto/openssl/crypto/hmac/hm_ameth.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -47,7 +47,8 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
/* the ameth pub_cmp must return 1 on match, 0 on mismatch */
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

4
crypto/openssl/crypto/pkcs12/p12_key.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
#endif
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
if (u < 0 || v <= 0)
if (u <= 0 || v <= 0)
goto err;
D = OPENSSL_malloc(v);
Ai = OPENSSL_malloc(u);

4
crypto/openssl/crypto/poly1305/poly1305_ameth.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -43,7 +43,7 @@ static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

6
crypto/openssl/crypto/ppccap.c
View file

@ -211,6 +211,12 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
# if __GLIBC_PREREQ(2, 16)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# elif defined(__ANDROID_API__)
/* see https://developer.android.google.cn/ndk/guides/cpu-features */
# if __ANDROID_API__ >= 18
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
#endif

10
crypto/openssl/crypto/rand/rand_unix.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -34,6 +34,9 @@
#if defined(__OpenBSD__)
# include <sys/param.h>
#endif
#if defined(__APPLE__)
# include <CommonCrypto/CommonRandom.h>
#endif
#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
# include <sys/types.h>
@ -378,6 +381,11 @@ static ssize_t syscall_random(void *buf, size_t buflen)
if (errno != ENOSYS)
return -1;
}
# elif defined(__APPLE__)
if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
return (ssize_t)buflen;
return -1;
# else
union {
void *p;

8
crypto/openssl/crypto/rsa/rsa_prn.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -34,9 +34,11 @@ int RSA_print(BIO *bp, const RSA *x, int off)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
if (pk == NULL)
return 0;
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
ret = EVP_PKEY_set1_RSA(pk, (RSA *)x);
if (ret)
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;
}

4
crypto/openssl/crypto/siphash/siphash_ameth.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -44,7 +44,7 @@ static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

2
crypto/openssl/crypto/sm2/sm2_crypt.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*

2
crypto/openssl/crypto/sm2/sm2_pmeth.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

3
crypto/openssl/crypto/sparcv9cap.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -16,6 +16,7 @@
#include <unistd.h>
#include <openssl/bn.h>
#include "internal/cryptlib.h"
#include "bn/bn_local.h" /* for definition of bn_mul_mont */
#include "sparc_arch.h"

13
crypto/openssl/crypto/srp/srp_vfy.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -684,7 +684,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
BIGNUM *salttmp = NULL;
BIGNUM *salttmp = NULL, *verif;
if ((user == NULL) ||
(pass == NULL) ||
@ -707,17 +707,18 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
if (x == NULL)
goto err;
*verifier = BN_new();
if (*verifier == NULL)
verif = BN_new();
if (verif == NULL)
goto err;
if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
BN_clear_free(*verifier);
if (!BN_mod_exp(verif, g, x, N, bn_ctx)) {
BN_clear_free(verif);
goto err;
}
result = 1;
*salt = salttmp;
*verifier = verif;
err:
if (salt != NULL && *salt != salttmp)

3
crypto/openssl/crypto/store/loader_file.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
mem->data = (char *)new_data;
mem->max = mem->length = (size_t)new_data_len;
X509_SIG_free(p8);
p8 = NULL;
store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
if (store_info == NULL) {

3
crypto/openssl/crypto/ts/ts_rsp_verify.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -612,6 +612,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
err:
EVP_MD_CTX_free(md_ctx);
X509_ALGOR_free(*md_alg);
*md_alg = NULL;
OPENSSL_free(*imprint);
*imprint_len = 0;
*imprint = 0;

4
crypto/openssl/crypto/ts/ts_verify_ctx.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
goto err;
msg = imprint->hashed_msg;
ret->imprint_len = ASN1_STRING_length(msg);
if (ret->imprint_len <= 0)
goto err;
if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
goto err;
memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);

8
crypto/openssl/crypto/uid.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -36,6 +36,12 @@ int OPENSSL_issetugid(void)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# elif defined(__ANDROID_API__)
/* see https://developer.android.google.cn/ndk/guides/cpu-features */
# if __ANDROID_API__ >= 18
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
int OPENSSL_issetugid(void)

6
crypto/openssl/crypto/x509/t_x509.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
BIO_puts(out, "\n");
} else
BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
alias = X509_alias_get0(x, NULL);
alias = X509_alias_get0(x, &i);
if (alias)
BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);
keyid = X509_keyid_get0(x, &keyidlen);
if (keyid) {
BIO_printf(out, "%*sKey Id: ", indent, "");

6
crypto/openssl/crypto/x509/x509_vpm.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
return 0;
}
/* Copy the host flags if and only if we're copying the host list */
x509_verify_param_copy(hostflags, 0);
if (test_x509_verify_param_copy(hosts, NULL)) {
sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
dest->hosts = NULL;
@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
if (dest->hosts == NULL)
return 0;
dest->hostflags = src->hostflags;
}
}

12
crypto/openssl/crypto/x509v3/v3_akey.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -45,12 +45,12 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
if (akeyid->keyid) {
tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
if (tmp == NULL) {
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!X509V3_add_value("keyid", tmp, &extlist)) {
OPENSSL_free(tmp);
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
goto err;
}
OPENSSL_free(tmp);
@ -58,7 +58,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
if (akeyid->issuer) {
tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
if (tmpextlist == NULL) {
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
goto err;
}
extlist = tmpextlist;
@ -66,12 +66,12 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
if (akeyid->serial) {
tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
if (tmp == NULL) {
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!X509V3_add_value("serial", tmp, &extlist)) {
OPENSSL_free(tmp);
X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB);
X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
goto err;
}
OPENSSL_free(tmp);

2
crypto/openssl/crypto/x509v3/v3_alt.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

2
crypto/openssl/crypto/x509v3/v3_cpols.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

2
crypto/openssl/crypto/x509v3/v3_ncons.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

2
crypto/openssl/crypto/x509v3/v3_pci.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

13
crypto/openssl/crypto/x509v3/v3_utl.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -44,9 +44,12 @@ static int x509v3_add_len_value(const char *name, const char *value,
if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
goto err;
if (value != NULL) {
/* We don't allow embeded NUL characters */
if (memchr(value, 0, vallen) != NULL)
if (value != NULL && vallen > 0) {
/*
* We tolerate a single trailing NUL character, but otherwise no
* embedded NULs
*/
if (memchr(value, 0, vallen - 1) != NULL)
goto err;
tvalue = OPENSSL_strndup(value, vallen);
if (tvalue == NULL)
@ -63,7 +66,7 @@ static int x509v3_add_len_value(const char *name, const char *value,
goto err;
return 1;
err:
X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE);
if (sk_allocated) {
sk_CONF_VALUE_free(*extlist);
*extlist = NULL;

6
crypto/openssl/crypto/x509v3/v3err.c
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,6 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {
"i2s_ASN1_INTEGER"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
"i2v_AUTHORITY_INFO_ACCESS"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0),
"i2v_AUTHORITY_KEYID"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
@ -104,6 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
"v3_generic_extension"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0),
"x509v3_add_len_value"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
"X509V3_add_value"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},

4
crypto/openssl/doc/man1/enc.pod
View file

@ -180,8 +180,8 @@ Debug the BIOs used for I/O.
=item B<-z>
Compress or decompress clear text using zlib before encryption or after
decryption. This option exists only if OpenSSL with compiled with zlib
Compress or decompress encrypted data using zlib after encryption or before
decryption. This option exists only if OpenSSL was compiled with the zlib
or zlib-dynamic option.
=item B<-none>

2
crypto/openssl/doc/man1/s_client.pod
View file

@ -797,7 +797,7 @@ server.
The B<s_client> utility is a test tool and is designed to continue the
handshake after any certificate verification errors. As a result it will
accept any certificate chain (trusted or not) sent by the peer. None test
accept any certificate chain (trusted or not) sent by the peer. Non-test
applications should B<not> do this as it makes them vulnerable to a MITM
attack. This behaviour can be changed by with the B<-verify_return_error>
option: any verify errors are then returned aborting the handshake.

2
crypto/openssl/doc/man1/s_server.pod
View file

@ -701,7 +701,7 @@ disabling the ephemeral DH cipher suites.
=item B<-alpn val>, B<-nextprotoneg val>
These flags enable the Enable the Application-Layer Protocol Negotiation
These flags enable the Application-Layer Protocol Negotiation
or Next Protocol Negotiation (NPN) extension, respectively. ALPN is the
IETF standard and replaces NPN.
The B<val> list is a comma-separated list of supported protocol

7
crypto/openssl/doc/man3/BIO_f_ssl.pod
View file

@ -185,11 +185,6 @@ unencrypted example in L<BIO_s_connect(3)>.
ERR_print_errors_fp(stderr);
exit(1);
}
if (BIO_do_handshake(sbio) <= 0) {
fprintf(stderr, "Error establishing SSL connection\n");
ERR_print_errors_fp(stderr);
exit(1);
}
/* XXX Could examine ssl here to get connection info */
@ -298,7 +293,7 @@ be modified to handle this fix or they may free up an already freed BIO.
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/BIO_push.pod
View file

@ -61,8 +61,8 @@ the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
It should be noted that reading causes data to pass in the reverse
direction, that is data is read from B<f>, base64 B<decoded> and digested
by B<md1> and B<md2>. If the call:
direction, that is data is read from B<f>, B<base64> decoded and digested
by B<md2> and B<md1>. If the call:
BIO_pop(md2);
@ -79,7 +79,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

41
crypto/openssl/doc/man3/BN_cmp.pod
View file

@ -2,42 +2,47 @@
=head1 NAME
BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_abs_is_word, BN_is_odd - BIGNUM comparison and test functions
=head1 SYNOPSIS
#include <openssl/bn.h>
int BN_cmp(BIGNUM *a, BIGNUM *b);
int BN_ucmp(BIGNUM *a, BIGNUM *b);
int BN_cmp(const BIGNUM *a, const BIGNUM *b);
int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
int BN_is_zero(BIGNUM *a);
int BN_is_one(BIGNUM *a);
int BN_is_word(BIGNUM *a, BN_ULONG w);
int BN_is_odd(BIGNUM *a);
int BN_is_zero(const BIGNUM *a);
int BN_is_one(const BIGNUM *a);
int BN_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_is_odd(const BIGNUM *a);
=head1 DESCRIPTION
BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
BN_cmp() compares the numbers I<a> and I<b>. BN_ucmp() compares their
absolute values.
BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
or B<w> respectively. BN_is_odd() tests if a is odd.
BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
BN_is_zero(), BN_is_one(), BN_is_word() and BN_abs_is_word() test if
I<a> equals 0, 1, I<w>, or E<verbar>I<w>E<verbar> respectively.
BN_is_odd() tests if I<a> is odd.
=head1 RETURN VALUES
BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
of B<a> and B<b>.
BN_cmp() returns -1 if I<a> E<lt> I<b>, 0 if I<a> == I<b> and 1 if
I<a> E<gt> I<b>. BN_ucmp() is the same using the absolute values
of I<a> and I<b>.
BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
the condition is true, 0 otherwise.
BN_is_zero(), BN_is_one() BN_is_word(), BN_abs_is_word() and
BN_is_odd() return 1 if the condition is true, 0 otherwise.
=head1 HISTORY
Prior to OpenSSL 1.1.0, BN_is_zero(), BN_is_one(), BN_is_word(),
BN_abs_is_word() and BN_is_odd() were macros.
=head1 COPYRIGHT
Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/d2i_PrivateKey.pod
View file

@ -42,6 +42,10 @@ These functions are similar to the d2i_X509() functions; see L<d2i_X509(3)>.
=head1 NOTES
All the functions that operate on data in memory update the data pointer I<*pp>
after a successful operation, just like the other d2i and i2d functions;
see L<d2i_X509(3)>.
All these functions use DER format and unencrypted keys. Applications wishing
to encrypt or decrypt private keys should use other functions such as
d2i_PKCS8PrivateKey() instead.
@ -71,7 +75,7 @@ L<d2i_PKCS8PrivateKey_bio(3)>
=head1 COPYRIGHT
Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man7/x509.pod
View file

@ -11,7 +11,7 @@ x509 - X.509 certificate handling
=head1 DESCRIPTION
An X.509 certificate is a structured grouping of information about
an individual, a device, or anything one can imagine. A X.509 CRL
an individual, a device, or anything one can imagine. An X.509 CRL
(certificate revocation list) is a tool to help determine if a
certificate is still valid. The exact definition of those can be
found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
@ -24,7 +24,7 @@ X509_REQ is used to express such a certificate request.
To handle some complex parts of a certificate, there are the types
X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
a certificate attributes), X509_EXTENSION (to express a certificate
a certificate attribute), X509_EXTENSION (to express a certificate
extension) and a few more.
Finally, there's the supertype X509_INFO, which can contain a CRL, a
@ -63,7 +63,7 @@ L<crypto(7)>
=head1 COPYRIGHT
Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
crypto/openssl/include/crypto/sm2.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*

2
crypto/openssl/include/crypto/x509.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

5
crypto/openssl/include/openssl/e_os2.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -279,7 +279,8 @@ typedef unsigned __int64 uint64_t;
# define ossl_inline inline
# endif
# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
!defined(__cplusplus)
# define ossl_noreturn _Noreturn
# elif defined(__GNUC__) && __GNUC__ >= 2
# define ossl_noreturn __attribute__((noreturn))

4
crypto/openssl/include/openssl/opensslv.h
View file

@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010bfL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1k-freebsd 24 Aug 2021"
# define OPENSSL_VERSION_NUMBER 0x101010cfL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1l-freebsd 24 Aug 2021"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

5
crypto/openssl/include/openssl/sslerr.h
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -70,6 +70,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_FINAL_EMS 486
# define SSL_F_FINAL_KEY_SHARE 503
# define SSL_F_FINAL_MAXFRAGMENTLEN 557
# define SSL_F_FINAL_PSK 639
# define SSL_F_FINAL_RENEGOTIATE 483
# define SSL_F_FINAL_SERVER_NAME 558
# define SSL_F_FINAL_SIG_ALGS 497
@ -593,6 +594,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_ECDSA_SIGNING_CERT 381
# define SSL_R_MISSING_FATAL 256
# define SSL_R_MISSING_PARAMETERS 290
# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310
# define SSL_R_MISSING_RSA_CERTIFICATE 168
# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
# define SSL_R_MISSING_RSA_SIGNING_CERT 170
@ -634,6 +636,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
# define SSL_R_OCSP_CALLBACK_FAILURE 294
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
# define SSL_R_OVERFLOW_ERROR 237

4
crypto/openssl/include/openssl/x509v3err.h
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -38,6 +38,7 @@ int ERR_load_X509V3_strings(void);
# define X509V3_F_I2S_ASN1_IA5STRING 149
# define X509V3_F_I2S_ASN1_INTEGER 120
# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
# define X509V3_F_I2V_AUTHORITY_KEYID 173
# define X509V3_F_LEVEL_ADD_NODE 168
# define X509V3_F_NOTICE_SECTION 132
# define X509V3_F_NREF_NOS 133
@ -78,6 +79,7 @@ int ERR_load_X509V3_strings(void);
# define X509V3_F_V2I_TLS_FEATURE 165
# define X509V3_F_V3_GENERIC_EXTENSION 116
# define X509V3_F_X509V3_ADD1_I2D 140
# define X509V3_F_X509V3_ADD_LEN_VALUE 174
# define X509V3_F_X509V3_ADD_VALUE 105
# define X509V3_F_X509V3_EXT_ADD 104
# define X509V3_F_X509V3_EXT_ADD_ALIAS 106

3
crypto/openssl/ssl/bio_ssl.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -451,6 +451,7 @@ BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
goto err;
return ret;
err:
BIO_free(ssl);
BIO_free(con);
#endif
return NULL;

3
crypto/openssl/ssl/d1_lib.c
View file

@ -342,12 +342,11 @@ int dtls1_is_timer_expired(SSL *s)
return 1;
}
void dtls1_double_timeout(SSL *s)
static void dtls1_double_timeout(SSL *s)
{
s->d1->timeout_duration_us *= 2;
if (s->d1->timeout_duration_us > 60000000)
s->d1->timeout_duration_us = 60000000;
dtls1_start_timer(s);
}
void dtls1_stop_timer(SSL *s)

8
crypto/openssl/ssl/record/rec_layer_s3.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -172,9 +172,9 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes. The packet will be in the sub-array of
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
* s->packet_length bytes if extend == 1].)
* s->rlayer.rbuf.buf specified by s->rlayer.packet and
* s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
* be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
* if clearold == 1, move the packet to the start of the buffer; if
* clearold == 0 then leave any old packets where they were
*/

3
crypto/openssl/ssl/record/ssl3_buffer.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
b->len = len;
}
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
return 1;
}

36
crypto/openssl/ssl/record/ssl3_record.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -432,7 +432,7 @@ int ssl3_get_record(SSL *s)
}
if (more > 0) {
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
/* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
rret = ssl3_read_n(s, more, more, 1, 0, &n);
if (rret <= 0)
@ -443,9 +443,9 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
* + thisrr->length and we have that many bytes in s->packet
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
* + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
* + thisrr->length and we have that many bytes in s->rlayer.packet
*/
if (thisrr->rec_version == SSL2_VERSION) {
thisrr->input =
@ -456,11 +456,11 @@ int ssl3_get_record(SSL *s)
}
/*
* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
* points at thisrr->length bytes, which need to be copied into
* thisrr->data by either the decryption or by the decompression When
* the data is 'copied' into the thisrr->data buffer, thisrr->input will
* be pointed at the new buffer
* ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
* thisrr->input points at thisrr->length bytes, which need to be copied
* into thisrr->data by either the decryption or by the decompression.
* When the data is 'copied' into the thisrr->data buffer,
* thisrr->input will be updated to point at the new buffer
*/
/*
@ -1653,16 +1653,16 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
sess = s->session;
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
* and we have that many bytes in s->packet
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
* and we have that many bytes in s->rlayer.packet
*/
rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
/*
* ok, we can now read from 's->packet' data into 'rr' rr->input points
* at rr->length bytes, which need to be copied into rr->data by either
* the decryption or by the decompression When the data is 'copied' into
* the rr->data buffer, rr->input will be pointed at the new buffer
* ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
* points at rr->length bytes, which need to be copied into rr->data by
* either the decryption or by the decompression. When the data is 'copied'
* into the rr->data buffer, rr->input will be pointed at the new buffer
*/
/*
@ -1984,7 +1984,7 @@ int dtls1_get_record(SSL *s)
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
/* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
more = rr->length;
rret = ssl3_read_n(s, more, more, 1, 1, &n);
/* this packet contained a partial record, dump it */
@ -2000,7 +2000,7 @@ int dtls1_get_record(SSL *s)
}
/*
* now n == rr->length, and s->packet_length ==
* now n == rr->length, and s->rlayer.packet_length ==
* DTLS1_RT_HEADER_LENGTH + rr->length
*/
}

4
crypto/openssl/ssl/s3_msg.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -48,6 +48,8 @@ int ssl3_send_alert(SSL *s, int level, int desc)
* protocol_version alerts */
if (desc < 0)
return -1;
if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
return -1;
/* If a fatal one, remove from cache */
if ((level == SSL3_AL_FATAL) && (s->session != NULL))
SSL_CTX_remove_session(s->session_ctx, s->session);

35
crypto/openssl/ssl/ssl_cert.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -876,18 +876,36 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1;
}
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
{
int level;
static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
if (ctx != NULL)
level = SSL_CTX_get_security_level(ctx);
else
level = SSL_get_security_level(s);
if (level > 5)
level = 5;
else if (level < 0)
level = 0;
if (levelp != NULL)
*levelp = level;
return minbits_table[level];
}
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
int op, int bits, int nid, void *other,
void *ex)
{
int level, minbits;
static const int minbits_table[5] = { 80, 112, 128, 192, 256 };
if (ctx)
level = SSL_CTX_get_security_level(ctx);
else
level = SSL_get_security_level(s);
if (level <= 0) {
minbits = ssl_get_security_level_bits(s, ctx, &level);
if (level == 0) {
/*
* No EDH keys weaker than 1024-bits even at level 0, otherwise,
* anything goes.
@ -896,9 +914,6 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
return 0;
return 1;
}
if (level > 5)
level = 5;
minbits = minbits_table[level - 1];
switch (op) {
case SSL_SECOP_CIPHER_SUPPORTED:
case SSL_SECOP_CIPHER_SHARED:

7
crypto/openssl/ssl/ssl_err.c
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -85,6 +85,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
"final_maxfragmentlen"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
@ -949,6 +950,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"missing ecdsa signing cert"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
"missing psk kex modes extension"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
"missing rsa certificate"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
@ -1019,6 +1022,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
"null ssl method passed"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
"ocsp callback failure"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
"old session cipher not returned"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),

59
crypto/openssl/ssl/ssl_lib.c
View file

@ -2204,6 +2204,11 @@ int SSL_key_update(SSL *s, int updatetype)
return 0;
}
if (RECORD_LAYER_write_pending(&s->rlayer)) {
SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
return 0;
}
ossl_statem_set_in_init(s, 1);
s->key_update = updatetype;
return 1;
@ -2918,6 +2923,19 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
}
#endif
static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
{
unsigned int idx;
if (protos_len < 2 || protos == NULL)
return 0;
for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
if (protos[idx] == 0)
return 0;
}
return idx == protos_len;
}
/*
* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
* |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
@ -2926,13 +2944,25 @@ void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
unsigned int protos_len)
{
OPENSSL_free(ctx->ext.alpn);
ctx->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ctx->ext.alpn == NULL) {
unsigned char *alpn;
if (protos_len == 0 || protos == NULL) {
OPENSSL_free(ctx->ext.alpn);
ctx->ext.alpn = NULL;
ctx->ext.alpn_len = 0;
return 0;
}
/* Not valid per RFC */
if (!alpn_value_ok(protos, protos_len))
return 1;
alpn = OPENSSL_memdup(protos, protos_len);
if (alpn == NULL) {
SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
OPENSSL_free(ctx->ext.alpn);
ctx->ext.alpn = alpn;
ctx->ext.alpn_len = protos_len;
return 0;
@ -2946,13 +2976,25 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len)
{
OPENSSL_free(ssl->ext.alpn);
ssl->ext.alpn = OPENSSL_memdup(protos, protos_len);
if (ssl->ext.alpn == NULL) {
unsigned char *alpn;
if (protos_len == 0 || protos == NULL) {
OPENSSL_free(ssl->ext.alpn);
ssl->ext.alpn = NULL;
ssl->ext.alpn_len = 0;
return 0;
}
/* Not valid per RFC */
if (!alpn_value_ok(protos, protos_len))
return 1;
alpn = OPENSSL_memdup(protos, protos_len);
if (alpn == NULL) {
SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
return 1;
}
OPENSSL_free(ssl->ext.alpn);
ssl->ext.alpn = alpn;
ssl->ext.alpn_len = protos_len;
return 0;
@ -4616,8 +4658,11 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
}
ctx = EVP_MD_CTX_new();
if (ctx == NULL)
if (ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
|| EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {

2
crypto/openssl/ssl/ssl_local.h
View file

@ -2307,6 +2307,7 @@ __owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
@ -2428,7 +2429,6 @@ __owur int dtls1_handle_timeout(SSL *s);
void dtls1_start_timer(SSL *s);
void dtls1_stop_timer(SSL *s);
__owur int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
size_t cookie_len);
__owur size_t dtls1_min_mtu(SSL *s);

31
crypto/openssl/ssl/statem/extensions.c
View file

@ -18,6 +18,7 @@ static int final_renegotiate(SSL *s, unsigned int context, int sent);
static int init_server_name(SSL *s, unsigned int context);
static int final_server_name(SSL *s, unsigned int context, int sent);
#ifndef OPENSSL_NO_EC
static int init_ec_point_formats(SSL *s, unsigned int context);
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
#endif
static int init_session_ticket(SSL *s, unsigned int context);
@ -56,6 +57,7 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent);
static int final_early_data(SSL *s, unsigned int context, int sent);
static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
static int init_post_handshake_auth(SSL *s, unsigned int context);
static int final_psk(SSL *s, unsigned int context, int sent);
/* Structure to define a built-in extension */
typedef struct extensions_definition_st {
@ -158,7 +160,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
TLSEXT_TYPE_ec_point_formats,
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
| SSL_EXT_TLS1_2_AND_BELOW_ONLY,
NULL, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
final_ec_pt_formats
},
@ -389,7 +391,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
| SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
tls_construct_ctos_psk, NULL
tls_construct_ctos_psk, final_psk
}
};
@ -1026,6 +1028,15 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
}
#ifndef OPENSSL_NO_EC
static int init_ec_point_formats(SSL *s, unsigned int context)
{
OPENSSL_free(s->ext.peer_ecpointformats);
s->ext.peer_ecpointformats = NULL;
s->ext.peer_ecpointformats_len = 0;
return 1;
}
static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
{
unsigned long alg_k, alg_a;
@ -1718,3 +1729,19 @@ static int init_post_handshake_auth(SSL *s, unsigned int context)
return 1;
}
/*
* If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
* extension, servers MUST abort the handshake.
*/
static int final_psk(SSL *s, unsigned int context, int sent)
{
if (s->server && sent && s->clienthello != NULL
&& !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK,
SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
return 0;
}
return 1;
}

9
crypto/openssl/ssl/statem/extensions_srvr.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -1714,6 +1714,13 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
}
return EXT_RETURN_NOT_SENT;
}
if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
/*
* PSK ('hit') and explicitly not doing DHE (if the client sent the
* DHE option we always take it); don't send key share.
*/
return EXT_RETURN_NOT_SENT;
}
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
|| !WPACKET_start_sub_packet_u16(pkt)

5
crypto/openssl/ssl/statem/statem_clnt.c
View file

@ -1001,7 +1001,8 @@ size_t ossl_statem_client_max_message_size(SSL *s)
return CCS_MAX_LENGTH;
case TLS_ST_CR_SESSION_TICKET:
return SSL3_RT_MAX_PLAIN_LENGTH;
return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
: SESSION_TICKET_MAX_LENGTH_TLS12;
case TLS_ST_CR_FINISHED:
return FINISHED_MAX_LENGTH;
@ -2833,7 +2834,7 @@ int tls_process_initial_server_flight(SSL *s)
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
ERR_R_MALLOC_FAILURE);
SSL_R_OCSP_CALLBACK_FAILURE);
return 0;
}
}

4
crypto/openssl/ssl/statem/statem_local.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -22,6 +22,8 @@
#define SERVER_HELLO_MAX_LENGTH 20000
#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000
#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
#define SESSION_TICKET_MAX_LENGTH_TLS13 131338
#define SESSION_TICKET_MAX_LENGTH_TLS12 65541
#define SERVER_KEY_EXCH_MAX_LENGTH 102400
#define SERVER_HELLO_DONE_MAX_LENGTH 0
#define KEY_UPDATE_MAX_LENGTH 1

9
crypto/openssl/ssl/statem/statem_srvr.c
View file

@ -3753,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
sk_X509_pop_free(s->session->peer_chain, X509_free);
s->session->peer_chain = sk;
sk = NULL;
/*
* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
@ -3767,7 +3768,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
* Inconsistency alert: cert_chain does *not* include the peer's own
* certificate, while we do include it in statem_clnt.c
*/
sk = NULL;
/* Save the current hash state for when we receive the CertificateVerify */
if (SSL_IS_TLS13(s)) {
@ -4139,9 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
}
if (tctx->generate_ticket_cb != NULL &&
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
ERR_R_INTERNAL_ERROR);
goto err;
}
/*
* If we are using anti-replay protection then we behave as if
* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there

11
crypto/openssl/ssl/t1_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -2441,7 +2441,8 @@ DH *ssl_get_auto_dh(SSL *s)
{
DH *dhp = NULL;
BIGNUM *p = NULL, *g = NULL;
int dh_secbits = 80;
int dh_secbits = 80, sec_level_bits;
if (s->cert->dh_tmp_auto != 2) {
if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
if (s->s3->tmp.new_cipher->strength_bits == 256)
@ -2464,6 +2465,12 @@ DH *ssl_get_auto_dh(SSL *s)
BN_free(g);
return NULL;
}
/* Do not pick a prime that is too weak for the current security level */
sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
if (dh_secbits < sec_level_bits)
dh_secbits = sec_level_bits;
if (dh_secbits >= 192)
p = BN_get_rfc3526_prime_8192(NULL);
else if (dh_secbits >= 152)