mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 02:37:15 +00:00
openssl: Vendor import of OpenSSL-3.0.9
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.9.tar.gz Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.9.tar.gz 14 MB 74 MBps 01s openssl-3.0.9.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.9 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14] A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C uid [ unknown] Tomáš Mráz <tm@t8m.info> uid [ unknown] Tomáš Mráz <tomas@arleto.cz> uid [ unknown] Tomáš Mráz <tomas@openssl.org> sub rsa4096 2021-07-16 [S] [expires: 2027-07-15] sub rsa4096 2021-07-16 [E] [expires: 2031-07-14] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue May 30 14:32:24 2023 CEST gpg: using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown] gpg: aka "Tomáš Mráz <tomas@arleto.cz>" [unknown] gpg: aka "Tomáš Mráz <tomas@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C Subkey fingerprint: DC70 3266 2AF8 85E2 F47F 243F 5274 66A2 1CA7 9E6D $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ```
This commit is contained in:
parent
e4520c8bd1
commit
b84c4564ef
81
CHANGES.md
81
CHANGES.md
|
@ -28,6 +28,80 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|||
|
||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||
|
||||
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
|
||||
|
||||
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
|
||||
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
|
||||
|
||||
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
|
||||
numeric text form. For gigantic sub-identifiers, this would take a very
|
||||
long time, the time complexity being O(n^2) where n is the size of that
|
||||
sub-identifier. ([CVE-2023-2650])
|
||||
|
||||
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
|
||||
IDENTIFIER to canonical numeric text form if the size of that OBJECT
|
||||
IDENTIFIER is 586 bytes or less, and fail otherwise.
|
||||
|
||||
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
|
||||
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
|
||||
most 128 sub-identifiers, and that the maximum value that each sub-
|
||||
identifier may have is 2^32-1 (4294967295 decimal).
|
||||
|
||||
For each byte of every sub-identifier, only the 7 lower bits are part of
|
||||
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
|
||||
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
|
||||
bytes.
|
||||
|
||||
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||
|
||||
*Richard Levitte*
|
||||
|
||||
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
|
||||
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
|
||||
trigger a crash of an application using AES-XTS decryption if the memory
|
||||
just after the buffer being decrypted is not mapped.
|
||||
Thanks to Anton Romanov (Amazon) for discovering the issue.
|
||||
([CVE-2023-1255])
|
||||
|
||||
*Nevine Ebeid*
|
||||
|
||||
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
|
||||
The previous fix for this timing side channel turned out to cause
|
||||
a severe 2-3x performance regression in the typical use case
|
||||
compared to 3.0.7. The new fix uses existing constant time
|
||||
code paths, and restores the previous performance level while
|
||||
fully eliminating all existing timing side channels.
|
||||
The fix was developed by Bernd Edlinger with testing support
|
||||
by Hubert Kario.
|
||||
|
||||
*Bernd Edlinger*
|
||||
|
||||
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
|
||||
that it does not enable policy checking. Thanks to David Benjamin for
|
||||
discovering this issue.
|
||||
([CVE-2023-0466])
|
||||
|
||||
*Tomáš Mráz*
|
||||
|
||||
* Fixed an issue where invalid certificate policies in leaf certificates are
|
||||
silently ignored by OpenSSL and other certificate policy checks are skipped
|
||||
for that certificate. A malicious CA could use this to deliberately assert
|
||||
invalid certificate policies in order to circumvent policy checking on the
|
||||
certificate altogether.
|
||||
([CVE-2023-0465])
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Limited the number of nodes created in a policy tree to mitigate
|
||||
against CVE-2023-0464. The default limit is set to 1000 nodes, which
|
||||
should be sufficient for most installations. If required, the limit
|
||||
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
|
||||
time define to a desired maximum number of nodes or zero to allow
|
||||
unlimited growth.
|
||||
([CVE-2023-0464])
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
|
||||
|
||||
* Fixed NULL dereference during PKCS7 data verification.
|
||||
|
@ -19578,6 +19652,11 @@ ndif
|
|||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||
|
@ -19588,7 +19667,7 @@ ndif
|
|||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||
|
|
|
@ -1423,7 +1423,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
|
|||
}
|
||||
|
||||
if ($target =~ /linux.*-mips/ && !$disabled{asm}
|
||||
&& !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
|
||||
&& !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
|
||||
# minimally required architecture flags for assembly modules
|
||||
my $value;
|
||||
$value = '-mips2' if ($target =~ /mips32/);
|
||||
|
|
19
NEWS.md
19
NEWS.md
|
@ -18,6 +18,17 @@ OpenSSL Releases
|
|||
OpenSSL 3.0
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
|
||||
|
||||
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
|
||||
IDENTIFIER sub-identities. ([CVE-2023-2650])
|
||||
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
|
||||
([CVE-2023-1255])
|
||||
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
|
||||
* Fixed handling of invalid certificate policies in leaf certificates
|
||||
([CVE-2023-0465])
|
||||
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
|
||||
|
||||
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
|
||||
|
||||
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
|
||||
|
@ -1430,6 +1441,12 @@ OpenSSL 0.9.x
|
|||
* Support for various new platforms
|
||||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||
|
@ -1440,7 +1457,7 @@ OpenSSL 0.9.x
|
|||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||
|
|
|
@ -44,6 +44,20 @@ instead of `nsx` in the set above.
|
|||
You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
|
||||
option to `./Configure`.
|
||||
|
||||
Linking and Loading Considerations
|
||||
----------------------------------
|
||||
|
||||
Because of how the NonStop Common Runtime Environment (CRE) works, there are
|
||||
restrictions on how programs can link and load with OpenSSL libraries.
|
||||
On current NonStop platforms, programs cannot both statically link OpenSSL
|
||||
libraries and dynamically load OpenSSL shared libraries concurrently. If this
|
||||
is done, there is a high probability of encountering a SIGSEGV condition
|
||||
relating to `atexit()` processing when a shared library is unloaded and when
|
||||
the program terminates. This limitation applies to all OpenSSL shared library
|
||||
components.
|
||||
|
||||
A resolution to this situation is under investigation.
|
||||
|
||||
About Prefix and OpenSSLDir
|
||||
---------------------------
|
||||
|
||||
|
|
17
NOTES-VMS.md
17
NOTES-VMS.md
|
@ -83,6 +83,23 @@ When done, we recommend that you turn that flag back off:
|
|||
|
||||
$ set image /flag=nocall_debug [.test]evp_test.exe
|
||||
|
||||
About assembler acceleration
|
||||
----------------------------
|
||||
|
||||
OpenSSL has assembler acceleration for a number of BIGNUM and crypto
|
||||
routines. The VMS config targets tries to look for a selection of
|
||||
assemblers and will use what they find. If none of the assemblers are
|
||||
found, OpenSSL will be built as if `no-asm` was configured.
|
||||
|
||||
### For Itanium / IA64 / I64
|
||||
|
||||
- There is only one assembler, a port of Intel's `ias`, found in the
|
||||
HP Open Source Tools CD, available through [DECUSlib](http://www.decuslib.com).
|
||||
It's assumed to be set up as per the instructions, where `disk` and
|
||||
`dir` are expected to be adapted to local conditions:
|
||||
|
||||
$ ias :== $disk:[dir]iasi64.exe
|
||||
|
||||
Checking the distribution
|
||||
-------------------------
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
MAJOR=3
|
||||
MINOR=0
|
||||
PATCH=8
|
||||
PATCH=9
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="7 Feb 2023"
|
||||
RELEASE_DATE="30 May 2023"
|
||||
SHLIB_VERSION=3
|
||||
|
|
144
apps/cmp.c
144
apps/cmp.c
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -158,6 +158,7 @@ static char *opt_reqin = NULL;
|
|||
static int opt_reqin_new_tid = 0;
|
||||
static char *opt_reqout = NULL;
|
||||
static char *opt_rspin = NULL;
|
||||
static int rspin_in_use = 0;
|
||||
static char *opt_rspout = NULL;
|
||||
static int opt_use_mock_srv = 0;
|
||||
|
||||
|
@ -371,7 +372,7 @@ const OPTIONS cmp_options[] = {
|
|||
|
||||
OPT_SECTION("Server authentication"),
|
||||
{"trusted", OPT_TRUSTED, 's',
|
||||
"Certificates to trust as chain roots when verifying signed CMP responses"},
|
||||
"Certificates to use as trust anchors when verifying signed CMP responses"},
|
||||
{OPT_MORE_STR, 0, 0, "unless -srvcert is given"},
|
||||
{"untrusted", OPT_UNTRUSTED, 's',
|
||||
"Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"},
|
||||
|
@ -417,7 +418,7 @@ const OPTIONS cmp_options[] = {
|
|||
{OPT_MORE_STR, 0, 0,
|
||||
"This can be used as the default CMP signer cert chain to include"},
|
||||
{"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
|
||||
"Send messages without CMP-level protection"},
|
||||
"Send request messages without CMP-level protection"},
|
||||
|
||||
OPT_SECTION("Credentials format"),
|
||||
{"certform", OPT_CERTFORM, 's',
|
||||
|
@ -462,13 +463,16 @@ const OPTIONS cmp_options[] = {
|
|||
"Do not interactively prompt for input when a password is required etc."},
|
||||
{"repeat", OPT_REPEAT, 'p',
|
||||
"Invoke the transaction the given positive number of times. Default 1"},
|
||||
{"reqin", OPT_REQIN, 's', "Take sequence of CMP requests from file(s)"},
|
||||
{"reqin", OPT_REQIN, 's',
|
||||
"Take sequence of CMP requests to send to server from file(s)"},
|
||||
{"reqin_new_tid", OPT_REQIN_NEW_TID, '-',
|
||||
"Use fresh transactionID for CMP requests read from -reqin"},
|
||||
{"reqout", OPT_REQOUT, 's', "Save sequence of CMP requests to file(s)"},
|
||||
{"reqout", OPT_REQOUT, 's',
|
||||
"Save sequence of CMP requests created by the client to file(s)"},
|
||||
{"rspin", OPT_RSPIN, 's',
|
||||
"Process sequence of CMP responses provided in file(s), skipping server"},
|
||||
{"rspout", OPT_RSPOUT, 's', "Save sequence of CMP responses to file(s)"},
|
||||
{"rspout", OPT_RSPOUT, 's',
|
||||
"Save sequence of actually used CMP responses to file(s)"},
|
||||
|
||||
{"use_mock_srv", OPT_USE_MOCK_SRV, '-',
|
||||
"Use internal mock server at API level, bypassing socket-based HTTP"},
|
||||
|
@ -754,12 +758,12 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
|
|||
}
|
||||
|
||||
/* read DER-encoded OSSL_CMP_MSG from the specified file name item */
|
||||
static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
|
||||
static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames)
|
||||
{
|
||||
char *file;
|
||||
OSSL_CMP_MSG *ret;
|
||||
|
||||
if (filenames == NULL) {
|
||||
if (filenames == NULL || desc == NULL) {
|
||||
CMP_err("NULL arg to read_PKIMESSAGE");
|
||||
return NULL;
|
||||
}
|
||||
|
@ -774,6 +778,8 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
|
|||
ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq());
|
||||
if (ret == NULL)
|
||||
CMP_err1("cannot read PKIMessage from file '%s'", file);
|
||||
else
|
||||
CMP_info2("%s %s", desc, file);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -795,7 +801,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|||
&& !write_PKIMESSAGE(req, &opt_reqout))
|
||||
goto err;
|
||||
if (opt_reqin != NULL && opt_rspin == NULL) {
|
||||
if ((req_new = read_PKIMESSAGE(&opt_reqin)) == NULL)
|
||||
if ((req_new = read_PKIMESSAGE("actually sending", &opt_reqin)) == NULL)
|
||||
goto err;
|
||||
/*-
|
||||
* The transaction ID in req_new read from opt_reqin may not be fresh.
|
||||
|
@ -805,22 +811,44 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|||
if (opt_reqin_new_tid
|
||||
&& !OSSL_CMP_MSG_update_transactionID(ctx, req_new))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* Except for first request, need to satisfy recipNonce check by server.
|
||||
* Unfortunately requires re-protection if protection is required.
|
||||
*/
|
||||
if (!OSSL_CMP_MSG_update_recipNonce(ctx, req_new))
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (opt_rspin != NULL) {
|
||||
res = read_PKIMESSAGE(&opt_rspin);
|
||||
res = read_PKIMESSAGE("actually using", &opt_rspin);
|
||||
} else {
|
||||
const OSSL_CMP_MSG *actual_req = opt_reqin != NULL ? req_new : req;
|
||||
const OSSL_CMP_MSG *actual_req = req_new != NULL ? req_new : req;
|
||||
|
||||
res = opt_use_mock_srv
|
||||
? OSSL_CMP_CTX_server_perform(ctx, actual_req)
|
||||
: OSSL_CMP_MSG_http_perform(ctx, actual_req);
|
||||
if (opt_use_mock_srv) {
|
||||
if (rspin_in_use)
|
||||
CMP_warn("too few -rspin filename arguments; resorting to using mock server");
|
||||
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
|
||||
} else {
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
if (opt_server == NULL) {
|
||||
CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
|
||||
goto err;
|
||||
}
|
||||
if (rspin_in_use)
|
||||
CMP_warn("too few -rspin filename arguments; resorting to contacting server");
|
||||
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
|
||||
#else
|
||||
CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
|
||||
#endif
|
||||
}
|
||||
rspin_in_use = 0;
|
||||
}
|
||||
if (res == NULL)
|
||||
goto err;
|
||||
|
||||
if (opt_reqin != NULL || prev_opt_rspin != NULL) {
|
||||
/* need to satisfy nonce and transactionID checks */
|
||||
if (req_new != NULL || prev_opt_rspin != NULL) {
|
||||
/* need to satisfy nonce and transactionID checks by client */
|
||||
ASN1_OCTET_STRING *nonce;
|
||||
ASN1_OCTET_STRING *tid;
|
||||
|
||||
|
@ -1024,10 +1052,10 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
|
|||
goto err;
|
||||
}
|
||||
} else if (opt_srv_cert == NULL) {
|
||||
CMP_err("mock server credentials must be given if -use_mock_srv or -port is used");
|
||||
CMP_err("server credentials (-srv_secret or -srv_cert) must be given if -use_mock_srv or -port is used");
|
||||
goto err;
|
||||
} else {
|
||||
CMP_warn("mock server will not be able to handle PBM-protected requests since -srv_secret is not given");
|
||||
CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given");
|
||||
}
|
||||
|
||||
if (opt_srv_secret == NULL
|
||||
|
@ -1121,7 +1149,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
|
|||
goto err;
|
||||
|
||||
if (opt_send_error)
|
||||
(void)ossl_cmp_mock_srv_set_send_error(srv_ctx, 1);
|
||||
(void)ossl_cmp_mock_srv_set_sendError(srv_ctx, 1);
|
||||
|
||||
if (opt_send_unprotected)
|
||||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1);
|
||||
|
@ -1283,7 +1311,9 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
|
|||
/* disable any cert status/revocation checking etc. */
|
||||
X509_VERIFY_PARAM_clear_flags(tls_vpm,
|
||||
~(X509_V_FLAG_USE_CHECK_TIME
|
||||
| X509_V_FLAG_NO_CHECK_TIME));
|
||||
| X509_V_FLAG_NO_CHECK_TIME
|
||||
| X509_V_FLAG_PARTIAL_CHAIN
|
||||
| X509_V_FLAG_POLICY_CHECK));
|
||||
}
|
||||
CMP_debug("trying to build cert chain for own TLS cert");
|
||||
if (SSL_CTX_build_cert_chain(ssl_ctx,
|
||||
|
@ -1498,10 +1528,25 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||
CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
|
||||
|
||||
if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) {
|
||||
if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) {
|
||||
CMP_err("missing -newkey (or -key) to be certified and no -csr given");
|
||||
if (opt_newkey == NULL
|
||||
&& opt_key == NULL && opt_csr == NULL && opt_oldcert == NULL) {
|
||||
CMP_err("missing -newkey (or -key) to be certified and no -csr, -oldcert, or -cert given for fallback public key");
|
||||
return 0;
|
||||
}
|
||||
if (opt_newkey == NULL
|
||||
&& opt_popo != OSSL_CRMF_POPO_NONE
|
||||
&& opt_popo != OSSL_CRMF_POPO_RAVERIFIED) {
|
||||
if (opt_csr != NULL) {
|
||||
CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s",
|
||||
opt_key == NULL ? "" :
|
||||
", and -key option superseded by by -csr");
|
||||
return 0;
|
||||
}
|
||||
if (opt_key == NULL) {
|
||||
CMP_err("missing -newkey (or -key) option for POPO");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (opt_certout == NULL) {
|
||||
CMP_err("-certout not given, nowhere to save newly enrolled certificate");
|
||||
return 0;
|
||||
|
@ -1897,8 +1942,11 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT,
|
||||
opt_total_timeout);
|
||||
|
||||
if (opt_reqin != NULL && opt_rspin != NULL)
|
||||
CMP_warn("-reqin is ignored since -rspin is present");
|
||||
if (opt_rspin != NULL) {
|
||||
rspin_in_use = 1;
|
||||
if (opt_reqin != NULL)
|
||||
CMP_warn("-reqin is ignored since -rspin is present");
|
||||
}
|
||||
if (opt_reqin_new_tid && opt_reqin == NULL)
|
||||
CMP_warn("-reqin_new_tid is ignored since -reqin is not present");
|
||||
if (opt_reqin != NULL || opt_reqout != NULL
|
||||
|
@ -1923,12 +1971,14 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||
if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL)
|
||||
goto err;
|
||||
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
|
||||
info->server = opt_server;
|
||||
info->port = server_port;
|
||||
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
|
||||
info->server = host;
|
||||
host = NULL; /* prevent deallocation */
|
||||
if ((info->port = OPENSSL_strdup(server_port)) == NULL)
|
||||
goto err;
|
||||
/* workaround for callback design flaw, see #17088: */
|
||||
info->use_proxy = proxy_host != NULL;
|
||||
info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT);
|
||||
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
|
||||
|
||||
if (info->ssl_ctx == NULL)
|
||||
goto err;
|
||||
|
@ -1952,7 +2002,9 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||
|
||||
/* not printing earlier, to minimize confusion in case setup fails before */
|
||||
if (opt_rspin != NULL)
|
||||
CMP_info("will not contact any server since -rspin is given");
|
||||
CMP_info2("will contact %s%s "
|
||||
"only if -rspin argument gives too few filenames",
|
||||
server_buf, proxy_buf);
|
||||
else
|
||||
CMP_info2("will contact %s%s", server_buf, proxy_buf);
|
||||
|
||||
|
@ -2847,8 +2899,16 @@ int cmp_main(int argc, char **argv)
|
|||
CMP_err("-tls_used option not supported with -port option");
|
||||
goto err;
|
||||
}
|
||||
if (opt_use_mock_srv || opt_server != NULL || opt_rspin != NULL) {
|
||||
CMP_err("cannot use -port with -use_mock_srv, -server, or -rspin options");
|
||||
if (opt_server != NULL || opt_use_mock_srv) {
|
||||
CMP_err("The -port option excludes -server and -use_mock_srv");
|
||||
goto err;
|
||||
}
|
||||
if (opt_reqin != NULL || opt_reqout != NULL) {
|
||||
CMP_err("The -port option does not support -reqin and -reqout");
|
||||
goto err;
|
||||
}
|
||||
if (opt_rspin != NULL || opt_rspout != NULL) {
|
||||
CMP_err("The -port option does not support -rspin and -rspout");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
@ -2857,10 +2917,6 @@ int cmp_main(int argc, char **argv)
|
|||
goto err;
|
||||
}
|
||||
#endif
|
||||
if (opt_rspin != NULL && opt_use_mock_srv) {
|
||||
CMP_err("cannot use both -rspin and -use_mock_srv options");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (opt_use_mock_srv
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
|
@ -2881,8 +2937,8 @@ int cmp_main(int argc, char **argv)
|
|||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
if (opt_tls_used && (opt_use_mock_srv || opt_rspin != NULL)) {
|
||||
CMP_warn("ignoring -tls_used option since -use_mock_srv or -rspin is given");
|
||||
if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) {
|
||||
CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
|
||||
opt_tls_used = 0;
|
||||
}
|
||||
|
||||
|
@ -2893,11 +2949,11 @@ int cmp_main(int argc, char **argv)
|
|||
|
||||
/* act as CMP client, possibly using internal mock server */
|
||||
|
||||
if (opt_server != NULL) {
|
||||
if (opt_rspin != NULL) {
|
||||
CMP_warn("ignoring -server option since -rspin is given");
|
||||
opt_server = NULL;
|
||||
}
|
||||
if (opt_rspin != NULL) {
|
||||
if (opt_server != NULL)
|
||||
CMP_warn("-server option is not used if enough filenames given for -rspin");
|
||||
if (opt_use_mock_srv)
|
||||
CMP_warn("-use_mock_srv option is not used if enough filenames given for -rspin");
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -3010,7 +3066,11 @@ int cmp_main(int argc, char **argv)
|
|||
/* cannot free info already here, as it may be used indirectly by: */
|
||||
OSSL_CMP_CTX_free(cmp_ctx);
|
||||
#ifndef OPENSSL_NO_SOCK
|
||||
APP_HTTP_TLS_INFO_free(info);
|
||||
if (info != NULL) {
|
||||
OPENSSL_free((char *)info->server);
|
||||
OPENSSL_free((char *)info->port);
|
||||
APP_HTTP_TLS_INFO_free(info);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
X509_VERIFY_PARAM_free(vpm);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -487,8 +487,11 @@ static void show_digests(const OBJ_NAME *name, void *arg)
|
|||
|
||||
/* Filter out message digests that we cannot use */
|
||||
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
|
||||
if (md == NULL)
|
||||
return;
|
||||
if (md == NULL) {
|
||||
md = EVP_get_digestbyname(name->name);
|
||||
if (md == NULL)
|
||||
return;
|
||||
}
|
||||
|
||||
BIO_printf(dec->bio, "-%-25s", name->name);
|
||||
if (++dec->n == 3) {
|
||||
|
|
17
apps/enc.c
17
apps/enc.c
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -30,6 +30,10 @@
|
|||
#define SIZE (512)
|
||||
#define BSIZE (8*1024)
|
||||
|
||||
#define PBKDF2_ITER_DEFAULT 10000
|
||||
#define STR(a) XSTR(a)
|
||||
#define XSTR(a) #a
|
||||
|
||||
static int set_hex(const char *in, unsigned char *out, int size);
|
||||
static void show_ciphers(const OBJ_NAME *name, void *bio_);
|
||||
|
||||
|
@ -88,8 +92,13 @@ const OPTIONS enc_options[] = {
|
|||
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
|
||||
{"iv", OPT_IV, 's', "IV in hex"},
|
||||
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
|
||||
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
|
||||
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
|
||||
{"iter", OPT_ITER, 'p',
|
||||
"Specify the iteration count and force the use of PBKDF2"},
|
||||
{OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT)},
|
||||
{"pbkdf2", OPT_PBKDF2, '-',
|
||||
"Use password-based key derivation function 2 (PBKDF2)"},
|
||||
{OPT_MORE_STR, 0, 0,
|
||||
"Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)},
|
||||
{"none", OPT_NONE, '-', "Don't encrypt"},
|
||||
#ifdef ZLIB
|
||||
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
|
||||
|
@ -272,7 +281,7 @@ int enc_main(int argc, char **argv)
|
|||
case OPT_PBKDF2:
|
||||
pbkdf2 = 1;
|
||||
if (iter == 0) /* do not overwrite a chosen value */
|
||||
iter = 10000;
|
||||
iter = PBKDF2_ITER_DEFAULT;
|
||||
break;
|
||||
case OPT_NONE:
|
||||
cipher = NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -27,7 +27,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
STACK_OF(X509) *caPubs);
|
||||
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
||||
int fail_info, const char *text);
|
||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
||||
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
||||
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -2474,6 +2474,10 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
|
|||
if (connect) {
|
||||
SSL *ssl;
|
||||
BIO *sbio = NULL;
|
||||
X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx);
|
||||
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
||||
const char *host = vpm == NULL ? NULL :
|
||||
X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */);
|
||||
|
||||
/* adapt after fixing callback design flaw, see #17088 */
|
||||
if ((info->use_proxy
|
||||
|
@ -2488,8 +2492,8 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
/* adapt after fixing callback design flaw, see #17088 */
|
||||
SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */
|
||||
if (vpm != NULL)
|
||||
SSL_set_tlsext_host_name(ssl, host /* may be NULL */);
|
||||
|
||||
SSL_set_connect_state(ssl);
|
||||
BIO_set_ssl(sbio, ssl, BIO_CLOSE);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -14,7 +14,7 @@
|
|||
#include <openssl/cmp.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/cmperr.h>
|
||||
|
||||
|
||||
/* the context for the CMP mock server */
|
||||
typedef struct
|
||||
{
|
||||
|
@ -22,9 +22,8 @@ typedef struct
|
|||
STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
|
||||
STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */
|
||||
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
|
||||
int sendError; /* send error response also on valid requests */
|
||||
int sendError; /* send error response on given request type */
|
||||
OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
|
||||
int certReqId; /* id of last ir/cr/kur, used for polling */
|
||||
int pollCount; /* number of polls before actual cert response */
|
||||
int curr_pollCount; /* number of polls so far for current request */
|
||||
int checkAfterTime; /* time the client should wait between polling */
|
||||
|
@ -54,7 +53,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
|
|||
if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)
|
||||
goto err;
|
||||
|
||||
ctx->certReqId = -1;
|
||||
ctx->sendError = -1;
|
||||
|
||||
/* all other elements are initialized to 0 or NULL, respectively */
|
||||
return ctx;
|
||||
|
@ -130,7 +129,7 @@ int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
|||
return 1;
|
||||
}
|
||||
|
||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val)
|
||||
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
|
||||
{
|
||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||
|
||||
|
@ -138,7 +137,8 @@ int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val)
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
ctx->sendError = val != 0;
|
||||
/* might check bodytype, but this would require exporting all body types */
|
||||
ctx->sendError = bodytype;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -172,7 +172,7 @@ int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec)
|
|||
|
||||
static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
const OSSL_CMP_MSG *cert_req,
|
||||
int certReqId,
|
||||
ossl_unused int certReqId,
|
||||
const OSSL_CRMF_MSG *crm,
|
||||
const X509_REQ *p10cr,
|
||||
X509 **certOut,
|
||||
|
@ -187,7 +187,8 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return NULL;
|
||||
}
|
||||
if (ctx->sendError) {
|
||||
if (ctx->sendError == 1
|
||||
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -195,7 +196,6 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
*certOut = NULL;
|
||||
*chainOut = NULL;
|
||||
*caPubs = NULL;
|
||||
ctx->certReqId = certReqId;
|
||||
|
||||
if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
|
||||
/* start polling */
|
||||
|
@ -270,7 +270,8 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return NULL;
|
||||
}
|
||||
if (ctx->sendError || ctx->certOut == NULL) {
|
||||
if (ctx->certOut == NULL || ctx->sendError == 1
|
||||
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -301,7 +302,9 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
|
||||
if (ctx->sendError == 1
|
||||
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
|
||||
|| sk_OSSL_CMP_ITAV_num(in) > 1) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||
return 0;
|
||||
}
|
||||
|
@ -358,7 +361,8 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
|
|||
}
|
||||
|
||||
static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
const OSSL_CMP_MSG *certConf, int certReqId,
|
||||
const OSSL_CMP_MSG *certConf,
|
||||
ossl_unused int certReqId,
|
||||
const ASN1_OCTET_STRING *certHash,
|
||||
const OSSL_CMP_PKISI *si)
|
||||
{
|
||||
|
@ -369,17 +373,13 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
if (ctx->sendError || ctx->certOut == NULL) {
|
||||
if (ctx->sendError == 1
|
||||
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
|
||||
|| ctx->certOut == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (certReqId != ctx->certReqId) {
|
||||
/* in case of error, invalid reqId -1 */
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL)
|
||||
return 0;
|
||||
if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {
|
||||
|
@ -392,7 +392,8 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
}
|
||||
|
||||
static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
const OSSL_CMP_MSG *pollReq, int certReqId,
|
||||
const OSSL_CMP_MSG *pollReq,
|
||||
ossl_unused int certReqId,
|
||||
OSSL_CMP_MSG **certReq, int64_t *check_after)
|
||||
{
|
||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||
|
@ -402,7 +403,8 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
if (ctx->sendError) {
|
||||
if (ctx->sendError == 1
|
||||
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
|
||||
*certReq = NULL;
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||
return 0;
|
||||
|
|
|
@ -356,7 +356,7 @@ cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
|
|||
# Certificate enrollment
|
||||
subject = "/CN=openssl-cmp-test"
|
||||
newkey = insta.priv.pem
|
||||
out_trusted = insta.ca.crt
|
||||
out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
|
||||
certout = insta.cert.pem
|
||||
|
||||
[pbm] # Password-based protection for Insta CA
|
||||
|
@ -366,7 +366,7 @@ secret = $insta::secret # pass:insta
|
|||
|
||||
[signature] # Signature-based protection for Insta CA
|
||||
# Server authentication
|
||||
trusted = insta.ca.crt # does not include keyUsage digitalSignature
|
||||
trusted = $insta::out_trusted # apps/insta.ca.crt
|
||||
|
||||
# Client authentication
|
||||
secret = # disable PBM
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -340,6 +340,11 @@ static int ends_with_dirsep(const char *path)
|
|||
return *path == '/';
|
||||
}
|
||||
|
||||
static int sk_strcmp(const char * const *a, const char * const *b)
|
||||
{
|
||||
return strcmp(*a, *b);
|
||||
}
|
||||
|
||||
/*
|
||||
* Process a directory; return number of errors found.
|
||||
*/
|
||||
|
@ -369,7 +374,7 @@ static int do_dir(const char *dirname, enum Hash h)
|
|||
if (verbose)
|
||||
BIO_printf(bio_out, "Doing %s\n", dirname);
|
||||
|
||||
if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
|
||||
if ((files = sk_OPENSSL_STRING_new(sk_strcmp)) == NULL) {
|
||||
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
|
||||
errs = 1;
|
||||
goto err;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -229,6 +229,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
|
|||
|| !SSL_SESSION_set_cipher(tmpsess, cipher)
|
||||
|| !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
|
||||
OPENSSL_free(key);
|
||||
SSL_SESSION_free(tmpsess);
|
||||
return 0;
|
||||
}
|
||||
OPENSSL_free(key);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -2261,10 +2261,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
b.ne .Lxts_enc_big_size
|
||||
// Encrypt the iv with key2, as the first XEX iv.
|
||||
ldr $rounds,[$key2,#240]
|
||||
vld1.8 {$dat},[$key2],#16
|
||||
vld1.32 {$dat},[$key2],#16
|
||||
vld1.8 {$iv0},[$ivp]
|
||||
sub $rounds,$rounds,#2
|
||||
vld1.8 {$dat1},[$key2],#16
|
||||
vld1.32 {$dat1},[$key2],#16
|
||||
|
||||
.Loop_enc_iv_enc:
|
||||
aese $iv0,$dat
|
||||
|
@ -2866,9 +2866,9 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
|
||||
// Encrypt the composite block to get the last second encrypted text block
|
||||
ldr $rounds,[$key1,#240] // load key schedule...
|
||||
vld1.8 {$dat},[$key1],#16
|
||||
vld1.32 {$dat},[$key1],#16
|
||||
sub $rounds,$rounds,#2
|
||||
vld1.8 {$dat1},[$key1],#16 // load key schedule...
|
||||
vld1.32 {$dat1},[$key1],#16 // load key schedule...
|
||||
.Loop_final_enc:
|
||||
aese $tmpin,$dat0
|
||||
aesmc $tmpin,$tmpin
|
||||
|
@ -2937,10 +2937,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
b.ne .Lxts_dec_big_size
|
||||
// Encrypt the iv with key2, as the first XEX iv.
|
||||
ldr $rounds,[$key2,#240]
|
||||
vld1.8 {$dat},[$key2],#16
|
||||
vld1.32 {$dat},[$key2],#16
|
||||
vld1.8 {$iv0},[$ivp]
|
||||
sub $rounds,$rounds,#2
|
||||
vld1.8 {$dat1},[$key2],#16
|
||||
vld1.32 {$dat1},[$key2],#16
|
||||
|
||||
.Loop_dec_small_iv_enc:
|
||||
aese $iv0,$dat
|
||||
|
@ -3020,10 +3020,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
|
||||
// Encrypt the iv with key2, as the first XEX iv
|
||||
ldr $rounds,[$key2,#240]
|
||||
vld1.8 {$dat},[$key2],#16
|
||||
vld1.32 {$dat},[$key2],#16
|
||||
vld1.8 {$iv0},[$ivp]
|
||||
sub $rounds,$rounds,#2
|
||||
vld1.8 {$dat1},[$key2],#16
|
||||
vld1.32 {$dat1},[$key2],#16
|
||||
|
||||
.Loop_dec_iv_enc:
|
||||
aese $iv0,$dat
|
||||
|
@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
.align 4
|
||||
.Lxts_dec_tail4x:
|
||||
add $inp,$inp,#16
|
||||
vld1.32 {$dat0},[$inp],#16
|
||||
tst $tailcnt,#0xf
|
||||
veor $tmp1,$dat1,$tmp0
|
||||
vst1.8 {$tmp1},[$out],#16
|
||||
veor $tmp2,$dat2,$tmp2
|
||||
|
@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
veor $tmp4,$dat4,$tmp4
|
||||
vst1.8 {$tmp3-$tmp4},[$out],#32
|
||||
|
||||
b.eq .Lxts_dec_abort
|
||||
vld1.8 {$dat0},[$inp],#16
|
||||
b .Lxts_done
|
||||
.align 4
|
||||
.Lxts_outer_dec_tail:
|
||||
|
@ -3539,7 +3541,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
// Processing the last two blocks with cipher stealing.
|
||||
mov x7,x3
|
||||
cbnz x2,.Lxts_dec_1st_done
|
||||
vld1.32 {$dat0},[$inp],#16
|
||||
vld1.8 {$dat0},[$inp],#16
|
||||
|
||||
// Decrypt the last secod block to get the last plain text block
|
||||
.Lxts_dec_1st_done:
|
||||
|
@ -3584,9 +3586,9 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||
|
||||
// Decrypt the composite block to get the last second plain text block
|
||||
ldr $rounds,[$key_,#240]
|
||||
vld1.8 {$dat},[$key_],#16
|
||||
vld1.32 {$dat},[$key_],#16
|
||||
sub $rounds,$rounds,#2
|
||||
vld1.8 {$dat1},[$key_],#16
|
||||
vld1.32 {$dat1},[$key_],#16
|
||||
.Loop_final_dec:
|
||||
aesd $tmpin,$dat0
|
||||
aesimc $tmpin,$tmpin
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,7 +14,7 @@
|
|||
# details see http://www.openssl.org/~appro/cryptogams/.
|
||||
#
|
||||
# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
|
||||
# of Linaro. Permission to use under GPL terms is granted.
|
||||
# of Linaro.
|
||||
# ====================================================================
|
||||
|
||||
# Bit-sliced AES for ARM NEON
|
||||
|
@ -1447,7 +1447,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
|
|||
.align 2
|
||||
0: add r12, $key, #248
|
||||
vld1.8 {@XMM[0]}, [$ctr] @ load counter
|
||||
adrl $ctr, .LREVM0SR @ borrow $ctr
|
||||
add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr
|
||||
vldmia r12, {@XMM[4]} @ load round0 key
|
||||
sub sp, #0x10 @ place for adjusted round0 key
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
|
|||
int w, v, iv;
|
||||
unsigned char *c;
|
||||
|
||||
if (n < 0)
|
||||
return 0;
|
||||
|
||||
w = n / 8;
|
||||
v = 1 << (7 - (n & 0x07));
|
||||
iv = ~v;
|
||||
|
@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
|
|||
{
|
||||
int w, v;
|
||||
|
||||
if (n < 0)
|
||||
return 0;
|
||||
|
||||
w = n / 8;
|
||||
v = 1 << (7 - (n & 0x07));
|
||||
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -50,7 +50,7 @@ static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len,
|
|||
pop_f_prefix = 1;
|
||||
}
|
||||
saved_indent = BIO_get_indent(bp);
|
||||
if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) < 0)
|
||||
if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) <= 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -29,7 +29,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
|
|||
OPENSSL_free(octmp->data);
|
||||
octmp->data = NULL;
|
||||
|
||||
if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
|
||||
if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) <= 0) {
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -784,7 +784,7 @@ BIO *BIO_dup_chain(BIO *in)
|
|||
/* This will let SSL_s_sock() work with stdin/stdout */
|
||||
new_bio->num = bio->num;
|
||||
|
||||
if (!BIO_dup_state(bio, (char *)new_bio)) {
|
||||
if (BIO_dup_state(bio, (char *)new_bio) <= 0) {
|
||||
BIO_free(new_bio);
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -566,7 +566,7 @@ BIO *BIO_new_accept(const char *str)
|
|||
ret = BIO_new(BIO_s_accept());
|
||||
if (ret == NULL)
|
||||
return NULL;
|
||||
if (BIO_set_accept_name(ret, str))
|
||||
if (BIO_set_accept_name(ret, str) > 0)
|
||||
return ret;
|
||||
BIO_free(ret);
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -381,25 +381,33 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
#ifndef OPENSSL_SMALL_FOOTPRINT
|
||||
while (n & ~3) {
|
||||
t1 = a[0];
|
||||
t2 = b[0];
|
||||
r[0] = (t1 - t2 - c) & BN_MASK2;
|
||||
if (t1 != t2)
|
||||
c = (t1 < t2);
|
||||
t2 = (t1 - c) & BN_MASK2;
|
||||
c = (t2 > t1);
|
||||
t1 = b[0];
|
||||
t1 = (t2 - t1) & BN_MASK2;
|
||||
r[0] = t1;
|
||||
c += (t1 > t2);
|
||||
t1 = a[1];
|
||||
t2 = b[1];
|
||||
r[1] = (t1 - t2 - c) & BN_MASK2;
|
||||
if (t1 != t2)
|
||||
c = (t1 < t2);
|
||||
t2 = (t1 - c) & BN_MASK2;
|
||||
c = (t2 > t1);
|
||||
t1 = b[1];
|
||||
t1 = (t2 - t1) & BN_MASK2;
|
||||
r[1] = t1;
|
||||
c += (t1 > t2);
|
||||
t1 = a[2];
|
||||
t2 = b[2];
|
||||
r[2] = (t1 - t2 - c) & BN_MASK2;
|
||||
if (t1 != t2)
|
||||
c = (t1 < t2);
|
||||
t2 = (t1 - c) & BN_MASK2;
|
||||
c = (t2 > t1);
|
||||
t1 = b[2];
|
||||
t1 = (t2 - t1) & BN_MASK2;
|
||||
r[2] = t1;
|
||||
c += (t1 > t2);
|
||||
t1 = a[3];
|
||||
t2 = b[3];
|
||||
r[3] = (t1 - t2 - c) & BN_MASK2;
|
||||
if (t1 != t2)
|
||||
c = (t1 < t2);
|
||||
t2 = (t1 - c) & BN_MASK2;
|
||||
c = (t2 > t1);
|
||||
t1 = b[3];
|
||||
t1 = (t2 - t1) & BN_MASK2;
|
||||
r[3] = t1;
|
||||
c += (t1 > t2);
|
||||
a += 4;
|
||||
b += 4;
|
||||
r += 4;
|
||||
|
@ -408,10 +416,12 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
#endif
|
||||
while (n) {
|
||||
t1 = a[0];
|
||||
t2 = b[0];
|
||||
r[0] = (t1 - t2 - c) & BN_MASK2;
|
||||
if (t1 != t2)
|
||||
c = (t1 < t2);
|
||||
t2 = (t1 - c) & BN_MASK2;
|
||||
c = (t2 > t1);
|
||||
t1 = b[0];
|
||||
t1 = (t2 - t1) & BN_MASK2;
|
||||
r[0] = t1;
|
||||
c += (t1 > t2);
|
||||
a++;
|
||||
b++;
|
||||
r++;
|
||||
|
@ -446,7 +456,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
t += c0; /* no carry */ \
|
||||
c0 = (BN_ULONG)Lw(t); \
|
||||
hi = (BN_ULONG)Hw(t); \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||
|
@ -455,11 +465,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
BN_ULLONG tt = t+c0; /* no carry */ \
|
||||
c0 = (BN_ULONG)Lw(tt); \
|
||||
hi = (BN_ULONG)Hw(tt); \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
t += c0; /* no carry */ \
|
||||
c0 = (BN_ULONG)Lw(t); \
|
||||
hi = (BN_ULONG)Hw(t); \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||
|
@ -468,7 +478,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
t += c0; /* no carry */ \
|
||||
c0 = (BN_ULONG)Lw(t); \
|
||||
hi = (BN_ULONG)Hw(t); \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||
|
@ -483,26 +493,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
BN_ULONG ta = (a), tb = (b); \
|
||||
BN_ULONG lo, hi; \
|
||||
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||
BN_ULONG ta = (a), tb = (b); \
|
||||
BN_ULONG lo, hi, tt; \
|
||||
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
||||
c0 += lo; tt = hi+((c0<lo)?1:0); \
|
||||
c1 += tt; c2 += (c1<tt)?1:0; \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; tt = hi + (c0<lo); \
|
||||
c1 += tt; c2 += (c1<tt); \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||
BN_ULONG ta = (a)[i]; \
|
||||
BN_ULONG lo, hi; \
|
||||
BN_UMULT_LOHI(lo,hi,ta,ta); \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||
|
@ -517,26 +527,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
BN_ULONG ta = (a), tb = (b); \
|
||||
BN_ULONG lo = ta * tb; \
|
||||
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||
BN_ULONG ta = (a), tb = (b), tt; \
|
||||
BN_ULONG lo = ta * tb; \
|
||||
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
||||
c0 += lo; tt = hi + ((c0<lo)?1:0); \
|
||||
c1 += tt; c2 += (c1<tt)?1:0; \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; tt = hi + (c0<lo); \
|
||||
c1 += tt; c2 += (c1<tt); \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||
BN_ULONG ta = (a)[i]; \
|
||||
BN_ULONG lo = ta * ta; \
|
||||
BN_ULONG hi = BN_UMULT_HIGH(ta,ta); \
|
||||
c0 += lo; hi += (c0<lo)?1:0; \
|
||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
||||
c0 += lo; hi += (c0<lo); \
|
||||
c1 += hi; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||
|
@ -551,8 +561,8 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
BN_ULONG lo = LBITS(a), hi = HBITS(a); \
|
||||
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
||||
mul64(lo,hi,bl,bh); \
|
||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||
|
@ -561,17 +571,17 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
||||
mul64(lo,hi,bl,bh); \
|
||||
tt = hi; \
|
||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
|
||||
c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
|
||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c0 = (c0+lo)&BN_MASK2; tt += (c0<lo); \
|
||||
c1 = (c1+tt)&BN_MASK2; c2 += (c1<tt); \
|
||||
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||
BN_ULONG lo, hi; \
|
||||
sqr64(lo,hi,(a)[i]); \
|
||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
||||
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||
} while(0)
|
||||
|
||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||
|
|
|
@ -13,6 +13,20 @@
|
|||
|
||||
#define BN_BLINDING_COUNTER 32
|
||||
|
||||
struct bn_blinding_st {
|
||||
BIGNUM *A;
|
||||
BIGNUM *Ai;
|
||||
BIGNUM *e;
|
||||
BIGNUM *mod; /* just a reference */
|
||||
CRYPTO_THREAD_ID tid;
|
||||
int counter;
|
||||
unsigned long flags;
|
||||
BN_MONT_CTX *m_ctx;
|
||||
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||
CRYPTO_RWLOCK *lock;
|
||||
};
|
||||
|
||||
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
|
||||
{
|
||||
BN_BLINDING *ret = NULL;
|
||||
|
@ -177,7 +191,8 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
|
|||
n->top = (int)(rtop & ~mask) | (ntop & mask);
|
||||
n->flags |= (BN_FLG_FIXED_TOP & ~mask);
|
||||
}
|
||||
ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
|
||||
ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx);
|
||||
bn_correct_top_consttime(n);
|
||||
} else {
|
||||
ret = BN_mod_mul(n, n, r, b->mod, ctx);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1021,6 +1021,28 @@ BIGNUM *bn_wexpand(BIGNUM *a, int words)
|
|||
return (words <= a->dmax) ? a : bn_expand2(a, words);
|
||||
}
|
||||
|
||||
void bn_correct_top_consttime(BIGNUM *a)
|
||||
{
|
||||
int j, atop;
|
||||
BN_ULONG limb;
|
||||
unsigned int mask;
|
||||
|
||||
for (j = 0, atop = 0; j < a->dmax; j++) {
|
||||
limb = a->d[j];
|
||||
limb |= 0 - limb;
|
||||
limb >>= BN_BITS2 - 1;
|
||||
limb = 0 - limb;
|
||||
mask = (unsigned int)limb;
|
||||
mask &= constant_time_msb(j - a->top);
|
||||
atop = constant_time_select_int(mask, j + 1, atop);
|
||||
}
|
||||
|
||||
mask = constant_time_eq_int(atop, 0);
|
||||
a->top = atop;
|
||||
a->neg = constant_time_select_int(mask, 0, a->neg);
|
||||
a->flags &= ~BN_FLG_FIXED_TOP;
|
||||
}
|
||||
|
||||
void bn_correct_top(BIGNUM *a)
|
||||
{
|
||||
BN_ULONG *ftl;
|
||||
|
|
|
@ -290,20 +290,6 @@ struct bn_gencb_st {
|
|||
} cb;
|
||||
};
|
||||
|
||||
struct bn_blinding_st {
|
||||
BIGNUM *A;
|
||||
BIGNUM *Ai;
|
||||
BIGNUM *e;
|
||||
BIGNUM *mod; /* just a reference */
|
||||
CRYPTO_THREAD_ID tid;
|
||||
int counter;
|
||||
unsigned long flags;
|
||||
BN_MONT_CTX *m_ctx;
|
||||
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||
CRYPTO_RWLOCK *lock;
|
||||
};
|
||||
|
||||
/*-
|
||||
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
|
||||
*
|
||||
|
@ -378,24 +364,6 @@ struct bn_blinding_st {
|
|||
# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */
|
||||
# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */
|
||||
|
||||
/*
|
||||
* 2011-02-22 SMS. In various places, a size_t variable or a type cast to
|
||||
* size_t was used to perform integer-only operations on pointers. This
|
||||
* failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
|
||||
* is still only 32 bits. What's needed in these cases is an integer type
|
||||
* with the same size as a pointer, which size_t is not certain to be. The
|
||||
* only fix here is VMS-specific.
|
||||
*/
|
||||
# if defined(OPENSSL_SYS_VMS)
|
||||
# if __INITIAL_POINTER_SIZE == 64
|
||||
# define PTR_SIZE_INT long long
|
||||
# else /* __INITIAL_POINTER_SIZE == 64 */
|
||||
# define PTR_SIZE_INT int
|
||||
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
|
||||
# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */
|
||||
# define PTR_SIZE_INT size_t
|
||||
# endif /* defined(OPENSSL_SYS_VMS) [else] */
|
||||
|
||||
# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
|
||||
/*
|
||||
* BN_UMULT_HIGH section.
|
||||
|
@ -536,10 +504,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
ret = (r); \
|
||||
BN_UMULT_LOHI(low,high,w,tmp); \
|
||||
ret += (c); \
|
||||
(c) = (ret<(c))?1:0; \
|
||||
(c) = (ret<(c)); \
|
||||
(c) += high; \
|
||||
ret += low; \
|
||||
(c) += (ret<low)?1:0; \
|
||||
(c) += (ret<low); \
|
||||
(r) = ret; \
|
||||
}
|
||||
|
||||
|
@ -548,7 +516,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
BN_UMULT_LOHI(low,high,w,ta); \
|
||||
ret = low + (c); \
|
||||
(c) = high; \
|
||||
(c) += (ret<low)?1:0; \
|
||||
(c) += (ret<low); \
|
||||
(r) = ret; \
|
||||
}
|
||||
|
||||
|
@ -564,10 +532,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
high= BN_UMULT_HIGH(w,tmp); \
|
||||
ret += (c); \
|
||||
low = (w) * tmp; \
|
||||
(c) = (ret<(c))?1:0; \
|
||||
(c) = (ret<(c)); \
|
||||
(c) += high; \
|
||||
ret += low; \
|
||||
(c) += (ret<low)?1:0; \
|
||||
(c) += (ret<low); \
|
||||
(r) = ret; \
|
||||
}
|
||||
|
||||
|
@ -577,7 +545,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
high= BN_UMULT_HIGH(w,ta); \
|
||||
ret = low + (c); \
|
||||
(c) = high; \
|
||||
(c) += (ret<low)?1:0; \
|
||||
(c) += (ret<low); \
|
||||
(r) = ret; \
|
||||
}
|
||||
|
||||
|
@ -610,10 +578,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
lt=(bl)*(lt); \
|
||||
m1=(bl)*(ht); \
|
||||
ht =(bh)*(ht); \
|
||||
m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
|
||||
m=(m+m1)&BN_MASK2; ht += L2HBITS((BN_ULONG)(m < m1)); \
|
||||
ht+=HBITS(m); \
|
||||
m1=L2HBITS(m); \
|
||||
lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
|
||||
lt=(lt+m1)&BN_MASK2; ht += (lt < m1); \
|
||||
(l)=lt; \
|
||||
(h)=ht; \
|
||||
}
|
||||
|
@ -630,7 +598,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
h*=h; \
|
||||
h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
|
||||
m =(m&BN_MASK2l)<<(BN_BITS4+1); \
|
||||
l=(l+m)&BN_MASK2; if (l < m) h++; \
|
||||
l=(l+m)&BN_MASK2; h += (l < m); \
|
||||
(lo)=l; \
|
||||
(ho)=h; \
|
||||
}
|
||||
|
@ -644,9 +612,9 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
mul64(l,h,(bl),(bh)); \
|
||||
\
|
||||
/* non-multiply part */ \
|
||||
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
|
||||
l=(l+(c))&BN_MASK2; h += (l < (c)); \
|
||||
(c)=(r); \
|
||||
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
|
||||
l=(l+(c))&BN_MASK2; h += (l < (c)); \
|
||||
(c)=h&BN_MASK2; \
|
||||
(r)=l; \
|
||||
}
|
||||
|
@ -660,7 +628,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||
mul64(l,h,(bl),(bh)); \
|
||||
\
|
||||
/* non-multiply part */ \
|
||||
l+=(c); if ((l&BN_MASK2) < (c)) h++; \
|
||||
l+=(c); h += ((l&BN_MASK2) < (c)); \
|
||||
(c)=h&BN_MASK2; \
|
||||
(r)=l&BN_MASK2; \
|
||||
}
|
||||
|
@ -690,7 +658,7 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||
int cl, int dl);
|
||||
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
|
||||
void bn_correct_top_consttime(BIGNUM *a);
|
||||
BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
|
||||
int *noinv);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -338,7 +338,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
sizeof(unsigned int)];
|
||||
} buf;
|
||||
BN_ULONG c_d[BN_NIST_192_TOP], *res;
|
||||
PTR_SIZE_INT mask;
|
||||
static const BIGNUM ossl_bignum_nist_p_192_sqr = {
|
||||
(BN_ULONG *)_nist_p_192_sqr,
|
||||
OSSL_NELEM(_nist_p_192_sqr),
|
||||
|
@ -439,13 +438,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
|
||||
* this is what happens below, but without explicit if:-) a.
|
||||
*/
|
||||
mask =
|
||||
0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
|
||||
BN_NIST_192_TOP);
|
||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
||||
res = c_d;
|
||||
res = (BN_ULONG *)
|
||||
(((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
|
||||
res = (bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP) && carry)
|
||||
? r_d
|
||||
: c_d;
|
||||
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
|
||||
r->top = BN_NIST_192_TOP;
|
||||
bn_correct_top(r);
|
||||
|
@ -479,11 +474,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
sizeof(unsigned int)];
|
||||
} buf;
|
||||
BN_ULONG c_d[BN_NIST_224_TOP], *res;
|
||||
PTR_SIZE_INT mask;
|
||||
union {
|
||||
bn_addsub_f f;
|
||||
PTR_SIZE_INT p;
|
||||
} u;
|
||||
bn_addsub_f adjust;
|
||||
static const BIGNUM ossl_bignum_nist_p_224_sqr = {
|
||||
(BN_ULONG *)_nist_p_224_sqr,
|
||||
OSSL_NELEM(_nist_p_224_sqr),
|
||||
|
@ -597,7 +588,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
# endif
|
||||
}
|
||||
#endif
|
||||
u.f = bn_sub_words;
|
||||
adjust = bn_sub_words;
|
||||
if (carry > 0) {
|
||||
carry =
|
||||
(int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
|
||||
|
@ -616,19 +607,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
carry =
|
||||
(int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
|
||||
BN_NIST_224_TOP);
|
||||
mask = 0 - (PTR_SIZE_INT) carry;
|
||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
||||
adjust = carry ? bn_sub_words : bn_add_words;
|
||||
} else
|
||||
carry = 1;
|
||||
|
||||
/* otherwise it's effectively same as in BN_nist_mod_192... */
|
||||
mask =
|
||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
|
||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
||||
res = c_d;
|
||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
||||
((PTR_SIZE_INT) r_d & mask));
|
||||
res = ((*adjust) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP) && carry)
|
||||
? r_d
|
||||
: c_d;
|
||||
nist_cp_bn(r_d, res, BN_NIST_224_TOP);
|
||||
r->top = BN_NIST_224_TOP;
|
||||
bn_correct_top(r);
|
||||
|
@ -660,11 +646,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
sizeof(unsigned int)];
|
||||
} buf;
|
||||
BN_ULONG c_d[BN_NIST_256_TOP], *res;
|
||||
PTR_SIZE_INT mask;
|
||||
union {
|
||||
bn_addsub_f f;
|
||||
PTR_SIZE_INT p;
|
||||
} u;
|
||||
bn_addsub_f adjust;
|
||||
static const BIGNUM ossl_bignum_nist_p_256_sqr = {
|
||||
(BN_ULONG *)_nist_p_256_sqr,
|
||||
OSSL_NELEM(_nist_p_256_sqr),
|
||||
|
@ -850,7 +832,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
}
|
||||
#endif
|
||||
/* see BN_nist_mod_224 for explanation */
|
||||
u.f = bn_sub_words;
|
||||
adjust = bn_sub_words;
|
||||
if (carry > 0)
|
||||
carry =
|
||||
(int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
|
||||
|
@ -859,18 +841,13 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
carry =
|
||||
(int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
|
||||
BN_NIST_256_TOP);
|
||||
mask = 0 - (PTR_SIZE_INT) carry;
|
||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
||||
adjust = carry ? bn_sub_words : bn_add_words;
|
||||
} else
|
||||
carry = 1;
|
||||
|
||||
mask =
|
||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
|
||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
||||
res = c_d;
|
||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
||||
((PTR_SIZE_INT) r_d & mask));
|
||||
res = ((*adjust) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP) && carry)
|
||||
? r_d
|
||||
: c_d;
|
||||
nist_cp_bn(r_d, res, BN_NIST_256_TOP);
|
||||
r->top = BN_NIST_256_TOP;
|
||||
bn_correct_top(r);
|
||||
|
@ -906,11 +883,7 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
sizeof(unsigned int)];
|
||||
} buf;
|
||||
BN_ULONG c_d[BN_NIST_384_TOP], *res;
|
||||
PTR_SIZE_INT mask;
|
||||
union {
|
||||
bn_addsub_f f;
|
||||
PTR_SIZE_INT p;
|
||||
} u;
|
||||
bn_addsub_f adjust;
|
||||
static const BIGNUM ossl_bignum_nist_p_384_sqr = {
|
||||
(BN_ULONG *)_nist_p_384_sqr,
|
||||
OSSL_NELEM(_nist_p_384_sqr),
|
||||
|
@ -1131,7 +1104,7 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
}
|
||||
#endif
|
||||
/* see BN_nist_mod_224 for explanation */
|
||||
u.f = bn_sub_words;
|
||||
adjust = bn_sub_words;
|
||||
if (carry > 0)
|
||||
carry =
|
||||
(int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
|
||||
|
@ -1140,18 +1113,13 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
carry =
|
||||
(int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
|
||||
BN_NIST_384_TOP);
|
||||
mask = 0 - (PTR_SIZE_INT) carry;
|
||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
||||
adjust = carry ? bn_sub_words : bn_add_words;
|
||||
} else
|
||||
carry = 1;
|
||||
|
||||
mask =
|
||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
|
||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
||||
res = c_d;
|
||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
||||
((PTR_SIZE_INT) r_d & mask));
|
||||
res = ((*adjust) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP) && carry)
|
||||
? r_d
|
||||
: c_d;
|
||||
nist_cp_bn(r_d, res, BN_NIST_384_TOP);
|
||||
r->top = BN_NIST_384_TOP;
|
||||
bn_correct_top(r);
|
||||
|
@ -1168,7 +1136,6 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
{
|
||||
int top = a->top, i;
|
||||
BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
|
||||
PTR_SIZE_INT mask;
|
||||
static const BIGNUM ossl_bignum_nist_p_521_sqr = {
|
||||
(BN_ULONG *)_nist_p_521_sqr,
|
||||
OSSL_NELEM(_nist_p_521_sqr),
|
||||
|
@ -1221,12 +1188,10 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||
r_d[i] &= BN_NIST_521_TOP_MASK;
|
||||
|
||||
bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
|
||||
mask =
|
||||
0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
|
||||
BN_NIST_521_TOP);
|
||||
res = t_d;
|
||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
||||
((PTR_SIZE_INT) r_d & mask));
|
||||
res = bn_sub_words(t_d, r_d, _nist_p_521,
|
||||
BN_NIST_521_TOP)
|
||||
? r_d
|
||||
: t_d;
|
||||
nist_cp_bn(r_d, res, BN_NIST_521_TOP);
|
||||
r->top = BN_NIST_521_TOP;
|
||||
bn_correct_top(r);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -318,7 +318,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
|||
* sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
|
||||
*/
|
||||
if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base))
|
||||
goto end;
|
||||
goto err;
|
||||
}
|
||||
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
|
||||
if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X))
|
||||
|
|
|
@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
|
|||
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
|
||||
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
|
||||
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
|
||||
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c
|
||||
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
|
||||
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
|
||||
DEFINE[../../libcrypto]=$BNDEF
|
||||
IF[{- !$disabled{'deprecated-0.9.8'} -}]
|
||||
|
|
|
@ -1,604 +0,0 @@
|
|||
#include <openssl/e_os2.h>
|
||||
#include <stddef.h>
|
||||
#include <sys/types.h>
|
||||
#include <string.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/rsaerr.h>
|
||||
#include "internal/endian.h"
|
||||
#include "internal/numbers.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
# if BN_BYTES == 8
|
||||
typedef uint64_t limb_t;
|
||||
# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
|
||||
typedef uint128_t limb2_t;
|
||||
# define HAVE_LIMB2_T
|
||||
# endif
|
||||
# define LIMB_BIT_SIZE 64
|
||||
# define LIMB_BYTE_SIZE 8
|
||||
# elif BN_BYTES == 4
|
||||
typedef uint32_t limb_t;
|
||||
typedef uint64_t limb2_t;
|
||||
# define LIMB_BIT_SIZE 32
|
||||
# define LIMB_BYTE_SIZE 4
|
||||
# define HAVE_LIMB2_T
|
||||
# else
|
||||
# error "Not supported"
|
||||
# endif
|
||||
|
||||
/*
|
||||
* For multiplication we're using schoolbook multiplication,
|
||||
* so if we have two numbers, each with 6 "digits" (words)
|
||||
* the multiplication is calculated as follows:
|
||||
* A B C D E F
|
||||
* x I J K L M N
|
||||
* --------------
|
||||
* N*F
|
||||
* N*E
|
||||
* N*D
|
||||
* N*C
|
||||
* N*B
|
||||
* N*A
|
||||
* M*F
|
||||
* M*E
|
||||
* M*D
|
||||
* M*C
|
||||
* M*B
|
||||
* M*A
|
||||
* L*F
|
||||
* L*E
|
||||
* L*D
|
||||
* L*C
|
||||
* L*B
|
||||
* L*A
|
||||
* K*F
|
||||
* K*E
|
||||
* K*D
|
||||
* K*C
|
||||
* K*B
|
||||
* K*A
|
||||
* J*F
|
||||
* J*E
|
||||
* J*D
|
||||
* J*C
|
||||
* J*B
|
||||
* J*A
|
||||
* I*F
|
||||
* I*E
|
||||
* I*D
|
||||
* I*C
|
||||
* I*B
|
||||
* + I*A
|
||||
* ==========================
|
||||
* N*B N*D N*F
|
||||
* + N*A N*C N*E
|
||||
* + M*B M*D M*F
|
||||
* + M*A M*C M*E
|
||||
* + L*B L*D L*F
|
||||
* + L*A L*C L*E
|
||||
* + K*B K*D K*F
|
||||
* + K*A K*C K*E
|
||||
* + J*B J*D J*F
|
||||
* + J*A J*C J*E
|
||||
* + I*B I*D I*F
|
||||
* + I*A I*C I*E
|
||||
*
|
||||
* 1+1 1+3 1+5
|
||||
* 1+0 1+2 1+4
|
||||
* 0+1 0+3 0+5
|
||||
* 0+0 0+2 0+4
|
||||
*
|
||||
* 0 1 2 3 4 5 6
|
||||
* which requires n^2 multiplications and 2n full length additions
|
||||
* as we can keep every other result of limb multiplication in two separate
|
||||
* limbs
|
||||
*/
|
||||
|
||||
#if defined HAVE_LIMB2_T
|
||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||
{
|
||||
limb2_t t;
|
||||
/*
|
||||
* this is idiomatic code to tell compiler to use the native mul
|
||||
* those three lines will actually compile to single instruction
|
||||
*/
|
||||
|
||||
t = (limb2_t)a * b;
|
||||
*hi = t >> LIMB_BIT_SIZE;
|
||||
*lo = (limb_t)t;
|
||||
}
|
||||
#elif (BN_BYTES == 8) && (defined _MSC_VER)
|
||||
/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
|
||||
#pragma intrinsic(_umul128)
|
||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||
{
|
||||
*lo = _umul128(a, b, hi);
|
||||
}
|
||||
#else
|
||||
/*
|
||||
* if the compiler doesn't have either a 128bit data type nor a "return
|
||||
* high 64 bits of multiplication"
|
||||
*/
|
||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
||||
{
|
||||
limb_t a_low = (limb_t)(uint32_t)a;
|
||||
limb_t a_hi = a >> 32;
|
||||
limb_t b_low = (limb_t)(uint32_t)b;
|
||||
limb_t b_hi = b >> 32;
|
||||
|
||||
limb_t p0 = a_low * b_low;
|
||||
limb_t p1 = a_low * b_hi;
|
||||
limb_t p2 = a_hi * b_low;
|
||||
limb_t p3 = a_hi * b_hi;
|
||||
|
||||
uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
|
||||
|
||||
*lo = p0 + (p1 << 32) + (p2 << 32);
|
||||
*hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* add two limbs with carry in, return carry out */
|
||||
static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
|
||||
{
|
||||
limb_t carry1, carry2, t;
|
||||
/*
|
||||
* `c = a + b; if (c < a)` is idiomatic code that makes compilers
|
||||
* use add with carry on assembly level
|
||||
*/
|
||||
|
||||
*ret = a + carry;
|
||||
if (*ret < a)
|
||||
carry1 = 1;
|
||||
else
|
||||
carry1 = 0;
|
||||
|
||||
t = *ret;
|
||||
*ret = t + b;
|
||||
if (*ret < t)
|
||||
carry2 = 1;
|
||||
else
|
||||
carry2 = 0;
|
||||
|
||||
return carry1 + carry2;
|
||||
}
|
||||
|
||||
/*
|
||||
* add two numbers of the same size, return overflow
|
||||
*
|
||||
* add a to b, place result in ret; all arrays need to be n limbs long
|
||||
* return overflow from addition (0 or 1)
|
||||
*/
|
||||
static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||
{
|
||||
limb_t c = 0;
|
||||
ossl_ssize_t i;
|
||||
|
||||
for(i = n - 1; i > -1; i--)
|
||||
c = _add_limb(&ret[i], a[i], b[i], c);
|
||||
|
||||
return c;
|
||||
}
|
||||
|
||||
/*
|
||||
* return number of limbs necessary for temporary values
|
||||
* when multiplying numbers n limbs large
|
||||
*/
|
||||
static ossl_inline size_t mul_limb_numb(size_t n)
|
||||
{
|
||||
return 2 * n * 2;
|
||||
}
|
||||
|
||||
/*
|
||||
* multiply two numbers of the same size
|
||||
*
|
||||
* multiply a by b, place result in ret; a and b need to be n limbs long
|
||||
* ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
|
||||
* long
|
||||
*/
|
||||
static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
|
||||
{
|
||||
limb_t *r_odd, *r_even;
|
||||
size_t i, j, k;
|
||||
|
||||
r_odd = tmp;
|
||||
r_even = &tmp[2 * n];
|
||||
|
||||
memset(ret, 0, 2 * n * sizeof(limb_t));
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
for (k = 0; k < i + n + 1; k++) {
|
||||
r_even[k] = 0;
|
||||
r_odd[k] = 0;
|
||||
}
|
||||
for (j = 0; j < n; j++) {
|
||||
/*
|
||||
* place results from even and odd limbs in separate arrays so that
|
||||
* we don't have to calculate overflow every time we get individual
|
||||
* limb multiplication result
|
||||
*/
|
||||
if (j % 2 == 0)
|
||||
_mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
|
||||
else
|
||||
_mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
|
||||
}
|
||||
/*
|
||||
* skip the least significant limbs when adding multiples of
|
||||
* more significant limbs (they're zero anyway)
|
||||
*/
|
||||
add(ret, ret, r_even, n + i + 1);
|
||||
add(ret, ret, r_odd, n + i + 1);
|
||||
}
|
||||
}
|
||||
|
||||
/* modifies the value in place by performing a right shift by one bit */
|
||||
static ossl_inline void rshift1(limb_t *val, size_t n)
|
||||
{
|
||||
limb_t shift_in = 0, shift_out = 0;
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
shift_out = val[i] & 1;
|
||||
val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
|
||||
shift_in = shift_out;
|
||||
}
|
||||
}
|
||||
|
||||
/* extend the LSB of flag to all bits of limb */
|
||||
static ossl_inline limb_t mk_mask(limb_t flag)
|
||||
{
|
||||
flag |= flag << 1;
|
||||
flag |= flag << 2;
|
||||
flag |= flag << 4;
|
||||
flag |= flag << 8;
|
||||
flag |= flag << 16;
|
||||
#if (LIMB_BYTE_SIZE == 8)
|
||||
flag |= flag << 32;
|
||||
#endif
|
||||
return flag;
|
||||
}
|
||||
|
||||
/*
|
||||
* copy from either a or b to ret based on flag
|
||||
* when flag == 0, then copies from b
|
||||
* when flag == 1, then copies from a
|
||||
*/
|
||||
static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||
{
|
||||
/*
|
||||
* would be more efficient with non volatile mask, but then gcc
|
||||
* generates code with jumps
|
||||
*/
|
||||
volatile limb_t mask;
|
||||
size_t i;
|
||||
|
||||
mask = mk_mask(flag);
|
||||
for (i = 0; i < n; i++) {
|
||||
#if (LIMB_BYTE_SIZE == 8)
|
||||
ret[i] = constant_time_select_64(mask, a[i], b[i]);
|
||||
#else
|
||||
ret[i] = constant_time_select_32(mask, a[i], b[i]);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
|
||||
{
|
||||
limb_t borrow1, borrow2, t;
|
||||
/*
|
||||
* while it doesn't look constant-time, this is idiomatic code
|
||||
* to tell compilers to use the carry bit from subtraction
|
||||
*/
|
||||
|
||||
*ret = a - borrow;
|
||||
if (*ret > a)
|
||||
borrow1 = 1;
|
||||
else
|
||||
borrow1 = 0;
|
||||
|
||||
t = *ret;
|
||||
*ret = t - b;
|
||||
if (*ret > t)
|
||||
borrow2 = 1;
|
||||
else
|
||||
borrow2 = 0;
|
||||
|
||||
return borrow1 + borrow2;
|
||||
}
|
||||
|
||||
/*
|
||||
* place the result of a - b into ret, return the borrow bit.
|
||||
* All arrays need to be n limbs long
|
||||
*/
|
||||
static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
||||
{
|
||||
limb_t borrow = 0;
|
||||
ossl_ssize_t i;
|
||||
|
||||
for (i = n - 1; i > -1; i--)
|
||||
borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
|
||||
|
||||
return borrow;
|
||||
}
|
||||
|
||||
/* return the number of limbs necessary to allocate for the mod() tmp operand */
|
||||
static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
|
||||
{
|
||||
return (anum + modnum) * 3;
|
||||
}
|
||||
|
||||
/*
|
||||
* calculate a % mod, place the result in ret
|
||||
* size of a is defined by anum, size of ret and mod is modnum,
|
||||
* size of tmp is returned by mod_limb_numb()
|
||||
*/
|
||||
static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
||||
size_t modnum, limb_t *tmp)
|
||||
{
|
||||
limb_t *atmp, *modtmp, *rettmp;
|
||||
limb_t res;
|
||||
size_t i;
|
||||
|
||||
memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
|
||||
|
||||
atmp = tmp;
|
||||
modtmp = &tmp[anum + modnum];
|
||||
rettmp = &tmp[(anum + modnum) * 2];
|
||||
|
||||
for (i = modnum; i <modnum + anum; i++)
|
||||
atmp[i] = a[i-modnum];
|
||||
|
||||
for (i = 0; i < modnum; i++)
|
||||
modtmp[i] = mod[i];
|
||||
|
||||
for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
|
||||
rshift1(modtmp, anum + modnum);
|
||||
res = sub(rettmp, atmp, modtmp, anum+modnum);
|
||||
cselect(res, atmp, atmp, rettmp, anum+modnum);
|
||||
}
|
||||
|
||||
memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
|
||||
}
|
||||
|
||||
/* necessary size of tmp for a _mul_add_limb() call with provided anum */
|
||||
static ossl_inline size_t _mul_add_limb_numb(size_t anum)
|
||||
{
|
||||
return 2 * (anum + 1);
|
||||
}
|
||||
|
||||
/* multiply a by m, add to ret, return carry */
|
||||
static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
|
||||
limb_t m, limb_t *tmp)
|
||||
{
|
||||
limb_t carry = 0;
|
||||
limb_t *r_odd, *r_even;
|
||||
size_t i;
|
||||
|
||||
memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
|
||||
|
||||
r_odd = tmp;
|
||||
r_even = &tmp[anum + 1];
|
||||
|
||||
for (i = 0; i < anum; i++) {
|
||||
/*
|
||||
* place the results from even and odd limbs in separate arrays
|
||||
* so that we have to worry about carry just once
|
||||
*/
|
||||
if (i % 2 == 0)
|
||||
_mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
|
||||
else
|
||||
_mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
|
||||
}
|
||||
/* assert: add() carry here will be equal zero */
|
||||
add(r_even, r_even, r_odd, anum + 1);
|
||||
/*
|
||||
* while here it will not overflow as the max value from multiplication
|
||||
* is -2 while max overflow from addition is 1, so the max value of
|
||||
* carry is -1 (i.e. max int)
|
||||
*/
|
||||
carry = add(ret, ret, &r_even[1], anum) + r_even[0];
|
||||
|
||||
return carry;
|
||||
}
|
||||
|
||||
static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
|
||||
{
|
||||
return modnum * 2 + _mul_add_limb_numb(modnum);
|
||||
}
|
||||
|
||||
/*
|
||||
* calculate a % mod, place result in ret
|
||||
* assumes that a is in Montgomery form with the R (Montgomery modulus) being
|
||||
* smallest power of two big enough to fit mod and that's also a power
|
||||
* of the count of number of bits in limb_t (B).
|
||||
* For calculation, we also need n', such that mod * n' == -1 mod B.
|
||||
* anum must be <= 2 * modnum
|
||||
* ret needs to be modnum words long
|
||||
* tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
|
||||
*/
|
||||
static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
||||
size_t modnum, limb_t ni0, limb_t *tmp)
|
||||
{
|
||||
limb_t carry, v;
|
||||
limb_t *res, *rp, *tmp2;
|
||||
ossl_ssize_t i;
|
||||
|
||||
res = tmp;
|
||||
/*
|
||||
* for intermediate result we need an integer twice as long as modulus
|
||||
* but keep the input in the least significant limbs
|
||||
*/
|
||||
memset(res, 0, sizeof(limb_t) * (modnum * 2));
|
||||
memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
|
||||
rp = &res[modnum];
|
||||
tmp2 = &res[modnum * 2];
|
||||
|
||||
carry = 0;
|
||||
|
||||
/* add multiples of the modulus to the value until R divides it cleanly */
|
||||
for (i = modnum; i > 0; i--, rp--) {
|
||||
v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2);
|
||||
v = v + carry + rp[-1];
|
||||
carry |= (v != rp[-1]);
|
||||
carry &= (v <= rp[-1]);
|
||||
rp[-1] = v;
|
||||
}
|
||||
|
||||
/* perform the final reduction by mod... */
|
||||
carry -= sub(ret, rp, mod, modnum);
|
||||
|
||||
/* ...conditionally */
|
||||
cselect(carry, ret, rp, ret, modnum);
|
||||
}
|
||||
|
||||
/* allocated buffer should be freed afterwards */
|
||||
static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
|
||||
{
|
||||
int i;
|
||||
int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||
limb_t *ptr = buf + (limbs - real_limbs);
|
||||
|
||||
for (i = 0; i < real_limbs; i++)
|
||||
ptr[i] = bn->d[real_limbs - i - 1];
|
||||
}
|
||||
|
||||
#if LIMB_BYTE_SIZE == 8
|
||||
static ossl_inline uint64_t be64(uint64_t host)
|
||||
{
|
||||
uint64_t big = 0;
|
||||
DECLARE_IS_ENDIAN;
|
||||
|
||||
if (!IS_LITTLE_ENDIAN)
|
||||
return host;
|
||||
|
||||
big |= (host & 0xff00000000000000) >> 56;
|
||||
big |= (host & 0x00ff000000000000) >> 40;
|
||||
big |= (host & 0x0000ff0000000000) >> 24;
|
||||
big |= (host & 0x000000ff00000000) >> 8;
|
||||
big |= (host & 0x00000000ff000000) << 8;
|
||||
big |= (host & 0x0000000000ff0000) << 24;
|
||||
big |= (host & 0x000000000000ff00) << 40;
|
||||
big |= (host & 0x00000000000000ff) << 56;
|
||||
return big;
|
||||
}
|
||||
|
||||
#else
|
||||
/* Not all platforms have htobe32(). */
|
||||
static ossl_inline uint32_t be32(uint32_t host)
|
||||
{
|
||||
uint32_t big = 0;
|
||||
DECLARE_IS_ENDIAN;
|
||||
|
||||
if (!IS_LITTLE_ENDIAN)
|
||||
return host;
|
||||
|
||||
big |= (host & 0xff000000) >> 24;
|
||||
big |= (host & 0x00ff0000) >> 8;
|
||||
big |= (host & 0x0000ff00) << 8;
|
||||
big |= (host & 0x000000ff) << 24;
|
||||
return big;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* We assume that intermediate, possible_arg2, blinding, and ctx are used
|
||||
* similar to BN_BLINDING_invert_ex() arguments.
|
||||
* to_mod is RSA modulus.
|
||||
* buf and num is the serialization buffer and its length.
|
||||
*
|
||||
* Here we use classic/Montgomery multiplication and modulo. After the calculation finished
|
||||
* we serialize the new structure instead of BIGNUMs taking endianness into account.
|
||||
*/
|
||||
int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
|
||||
const BN_BLINDING *blinding,
|
||||
const BIGNUM *possible_arg2,
|
||||
const BIGNUM *to_mod, BN_CTX *ctx,
|
||||
unsigned char *buf, int num)
|
||||
{
|
||||
limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
|
||||
limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
|
||||
size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
|
||||
size_t l_tmp_count = 0;
|
||||
int ret = 0;
|
||||
size_t i;
|
||||
unsigned char *tmp;
|
||||
const BIGNUM *arg1 = intermediate;
|
||||
const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
|
||||
|
||||
l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||
l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||
l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
||||
|
||||
l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
|
||||
l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
||||
l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
||||
l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
|
||||
|
||||
if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
|
||||
goto err;
|
||||
|
||||
BN_to_limb(arg1, l_im, l_size);
|
||||
BN_to_limb(arg2, l_mul, l_size);
|
||||
BN_to_limb(to_mod, l_mod, l_mod_count);
|
||||
|
||||
l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
|
||||
|
||||
if (blinding->m_ctx != NULL) {
|
||||
l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
|
||||
mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
|
||||
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
||||
} else {
|
||||
l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
|
||||
mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
|
||||
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
||||
}
|
||||
|
||||
if ((l_ret == NULL) || (l_tmp == NULL))
|
||||
goto err;
|
||||
|
||||
if (blinding->m_ctx != NULL) {
|
||||
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
||||
mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
|
||||
blinding->m_ctx->n0[0], l_tmp);
|
||||
} else {
|
||||
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
||||
mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
|
||||
}
|
||||
|
||||
/* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
|
||||
if (num < BN_num_bytes(to_mod)) {
|
||||
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
|
||||
goto err;
|
||||
}
|
||||
|
||||
memset(buf, 0, num);
|
||||
tmp = buf + num - BN_num_bytes(to_mod);
|
||||
for (i = 0; i < l_mod_count; i++) {
|
||||
#if LIMB_BYTE_SIZE == 8
|
||||
l_buf = be64(l_ret[i]);
|
||||
#else
|
||||
l_buf = be32(l_ret[i]);
|
||||
#endif
|
||||
if (i == 0) {
|
||||
int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
|
||||
|
||||
memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
|
||||
tmp += delta;
|
||||
} else {
|
||||
memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
|
||||
tmp += LIMB_BYTE_SIZE;
|
||||
}
|
||||
}
|
||||
ret = num;
|
||||
|
||||
err:
|
||||
OPENSSL_free(l_im);
|
||||
OPENSSL_free(l_mul);
|
||||
OPENSSL_free(l_mod);
|
||||
OPENSSL_free(l_tmp);
|
||||
OPENSSL_free(l_ret);
|
||||
|
||||
return ret;
|
||||
}
|
|
@ -97,9 +97,7 @@ $UTIL_COMMON=\
|
|||
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
|
||||
param_build_set.c der_writer.c threads_lib.c params_dup.c
|
||||
|
||||
IF[{- !$disabled{shared} -}]
|
||||
SOURCE[../libssl]=sparse_array.c
|
||||
ENDIF
|
||||
SHARED_SOURCE[../libssl]=sparse_array.c
|
||||
|
||||
SOURCE[../libcrypto]=$UTIL_COMMON \
|
||||
mem.c mem_sec.c \
|
||||
|
|
|
@ -64,10 +64,10 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
|
|||
break;
|
||||
default:
|
||||
if (IS_CREP(rcvd_type)) {
|
||||
int any_rid = OSSL_CMP_CERTREQID_NONE;
|
||||
OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip;
|
||||
OSSL_CMP_CERTRESPONSE *crep =
|
||||
ossl_cmp_certrepmessage_get0_certresponse(crepmsg,
|
||||
-1 /* any rid */);
|
||||
ossl_cmp_certrepmessage_get0_certresponse(crepmsg, any_rid);
|
||||
|
||||
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
|
||||
return -1;
|
||||
|
@ -357,15 +357,16 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||
* Send certConf for IR, CR or KUR sequences and check response,
|
||||
* not modifying ctx->status during the certConf exchange
|
||||
*/
|
||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info,
|
||||
const char *txt)
|
||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
int fail_info, const char *txt)
|
||||
{
|
||||
OSSL_CMP_MSG *certConf;
|
||||
OSSL_CMP_MSG *PKIconf = NULL;
|
||||
int res = 0;
|
||||
|
||||
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
|
||||
if ((certConf = ossl_cmp_certConf_new(ctx, fail_info, txt)) == NULL)
|
||||
certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
|
||||
if (certConf == NULL)
|
||||
goto err;
|
||||
|
||||
res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF);
|
||||
|
@ -411,12 +412,10 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
|
|||
{
|
||||
char buf[OSSL_CMP_PKISI_BUFLEN];
|
||||
X509 *crt = NULL;
|
||||
EVP_PKEY *privkey;
|
||||
|
||||
if (!ossl_assert(ctx != NULL && crep != NULL))
|
||||
return NULL;
|
||||
|
||||
privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||
switch (ossl_cmp_pkisi_get_status(crep->status)) {
|
||||
case OSSL_CMP_PKISTATUS_waiting:
|
||||
ossl_cmp_err(ctx,
|
||||
|
@ -454,7 +453,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
|
|||
ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS);
|
||||
goto err;
|
||||
}
|
||||
crt = ossl_cmp_certresponse_get1_cert(crep, ctx, privkey);
|
||||
crt = ossl_cmp_certresponse_get1_cert(ctx, crep);
|
||||
if (crt == NULL) /* according to PKIStatus, we can expect a cert */
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
|
||||
|
||||
|
@ -493,18 +492,46 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||
if (fail_info != 0) /* accept any error flagged by CMP core library */
|
||||
return fail_info;
|
||||
|
||||
ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert");
|
||||
chain = X509_build_chain(cert, ctx->untrusted, out_trusted /* maybe NULL */,
|
||||
0, ctx->libctx, ctx->propq);
|
||||
if (out_trusted == NULL) {
|
||||
ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert");
|
||||
chain = X509_build_chain(cert, ctx->untrusted, out_trusted,
|
||||
0, ctx->libctx, ctx->propq);
|
||||
} else {
|
||||
X509_STORE_CTX *csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq);
|
||||
|
||||
ossl_cmp_debug(ctx, "validating newly enrolled cert");
|
||||
if (csc == NULL)
|
||||
goto err;
|
||||
if (!X509_STORE_CTX_init(csc, out_trusted, cert, ctx->untrusted))
|
||||
goto err;
|
||||
/* disable any cert status/revocation checking etc. */
|
||||
X509_VERIFY_PARAM_clear_flags(X509_STORE_CTX_get0_param(csc),
|
||||
~(X509_V_FLAG_USE_CHECK_TIME
|
||||
| X509_V_FLAG_NO_CHECK_TIME
|
||||
| X509_V_FLAG_PARTIAL_CHAIN
|
||||
| X509_V_FLAG_POLICY_CHECK));
|
||||
if (X509_verify_cert(csc) <= 0)
|
||||
goto err;
|
||||
|
||||
if (!ossl_x509_add_certs_new(&chain, X509_STORE_CTX_get0_chain(csc),
|
||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
|
||||
| X509_ADD_FLAG_NO_SS)) {
|
||||
sk_X509_free(chain);
|
||||
chain = NULL;
|
||||
}
|
||||
err:
|
||||
X509_STORE_CTX_free(csc);
|
||||
}
|
||||
|
||||
if (sk_X509_num(chain) > 0)
|
||||
X509_free(sk_X509_shift(chain)); /* remove leaf (EE) cert */
|
||||
if (out_trusted != NULL) {
|
||||
if (chain == NULL) {
|
||||
ossl_cmp_err(ctx, "failed building chain for newly enrolled cert");
|
||||
ossl_cmp_err(ctx, "failed to validate newly enrolled cert");
|
||||
fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData;
|
||||
} else {
|
||||
ossl_cmp_debug(ctx,
|
||||
"succeeded building proper chain for newly enrolled cert");
|
||||
"success validating newly enrolled cert");
|
||||
}
|
||||
} else if (chain == NULL) {
|
||||
ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts");
|
||||
|
@ -521,6 +548,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||
|
||||
/*-
|
||||
* Perform the generic handling of certificate responses for IR/CR/KUR/P10CR.
|
||||
* |rid| must be OSSL_CMP_CERTREQID_NONE if not available, namely for p10cr
|
||||
* Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value.
|
||||
* Returns 1 on success and provides the received PKIMESSAGE in *resp.
|
||||
* Returns 0 on error (which includes the case that timeout has been reached).
|
||||
|
@ -530,7 +558,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||
OSSL_CMP_MSG **resp, int *checkAfter,
|
||||
int req_type, int expected_type)
|
||||
{
|
||||
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx /* may be NULL */, 0);
|
||||
EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx);
|
||||
int fail_info = 0; /* no failure */
|
||||
const char *txt = NULL;
|
||||
OSSL_CMP_CERTREPMESSAGE *crepmsg;
|
||||
|
@ -554,10 +582,9 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||
return 0;
|
||||
if (!save_statusInfo(ctx, crep->status))
|
||||
return 0;
|
||||
if (rid == -1) {
|
||||
/* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */
|
||||
if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
|
||||
rid = ossl_cmp_asn1_get_int(crep->certReqId);
|
||||
if (rid == -1) {
|
||||
if (rid != OSSL_CMP_CERTREQID_NONE) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return 0;
|
||||
}
|
||||
|
@ -621,7 +648,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||
"rejecting newly enrolled cert with subject: %s", subj);
|
||||
if (!ctx->disableConfirm
|
||||
&& !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) {
|
||||
if (!ossl_cmp_exchange_certConf(ctx, fail_info, txt))
|
||||
if (!ossl_cmp_exchange_certConf(ctx, rid, fail_info, txt))
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
|
@ -630,6 +657,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
|
||||
"rejecting newly enrolled cert with subject: %s; %s",
|
||||
subj, txt);
|
||||
ctx->status = OSSL_CMP_PKISTATUS_rejection;
|
||||
ret = 0;
|
||||
}
|
||||
OPENSSL_free(subj);
|
||||
|
@ -662,7 +690,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|||
{
|
||||
OSSL_CMP_MSG *rep = NULL;
|
||||
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
||||
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
||||
int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
|
||||
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
||||
int res = 0;
|
||||
|
||||
|
@ -704,7 +732,7 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|||
|
||||
OSSL_CMP_MSG *rep = NULL;
|
||||
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
||||
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
||||
int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
|
||||
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
||||
X509 *result = NULL;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -457,8 +457,8 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
|
|||
}
|
||||
|
||||
/* Set or clear the password to be used for protecting messages with PBMAC */
|
||||
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
|
||||
const int len)
|
||||
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
|
||||
const unsigned char *sec, int len)
|
||||
{
|
||||
ASN1_OCTET_STRING *secretValue = NULL;
|
||||
if (ctx == NULL) {
|
||||
|
@ -669,13 +669,13 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
|
|||
*/
|
||||
DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509)
|
||||
|
||||
/* Set the X509 name of the recipient. Set in the PKIHeader */
|
||||
/* Set the X509 name of the recipient to be placed in the PKIHeader */
|
||||
DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
|
||||
|
||||
/* Store the X509 name of the expected sender in the PKIHeader of responses */
|
||||
DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
|
||||
|
||||
/* Set the X509 name of the issuer. Set in the PKIHeader */
|
||||
/* Set the X509 name of the issuer to be placed in the certTemplate */
|
||||
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
|
||||
|
||||
/*
|
||||
|
@ -834,6 +834,7 @@ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
|
|||
}
|
||||
|
||||
/* Get the private/public key to use for cert enrollment, or NULL on error */
|
||||
/* In case |priv| == 0, better use ossl_cmp_ctx_get0_newPubkey() below */
|
||||
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
|
||||
{
|
||||
if (ctx == NULL) {
|
||||
|
@ -848,6 +849,21 @@ EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
|
|||
return ctx->pkey; /* may be NULL */
|
||||
}
|
||||
|
||||
EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx)
|
||||
{
|
||||
if (!ossl_assert(ctx != NULL))
|
||||
return NULL;
|
||||
if (ctx->newPkey != NULL)
|
||||
return ctx->newPkey;
|
||||
if (ctx->p10CSR != NULL)
|
||||
return X509_REQ_get0_pubkey(ctx->p10CSR);
|
||||
if (ctx->oldCert != NULL)
|
||||
return X509_get0_pubkey(ctx->oldCert);
|
||||
if (ctx->cert != NULL)
|
||||
return X509_get0_pubkey(ctx->cert);
|
||||
return ctx->pkey;
|
||||
}
|
||||
|
||||
/* Set the given transactionID to the context */
|
||||
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
|
||||
const ASN1_OCTET_STRING *id)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -95,7 +95,10 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
|
|||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY),
|
||||
"missing private key"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO),
|
||||
"missing private key for popo"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PUBLIC_KEY), "missing public key"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT),
|
||||
"missing reference cert"},
|
||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"},
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -789,6 +789,7 @@ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
|
|||
STACK_OF(X509) *extraCertsIn);
|
||||
int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
|
||||
const ASN1_OCTET_STRING *nonce);
|
||||
EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx);
|
||||
|
||||
/* from cmp_status.c */
|
||||
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
||||
|
@ -852,7 +853,9 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
|
|||
# define OSSL_CMP_PKIBODY_POLLREP 26
|
||||
# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP
|
||||
/* certReqId for the first - and so far only - certificate request */
|
||||
# define OSSL_CMP_CERTREQID 0
|
||||
# define OSSL_CMP_CERTREQID 0
|
||||
# define OSSL_CMP_CERTREQID_NONE -1
|
||||
# define OSSL_CMP_CERTREQID_INVALID -2
|
||||
/* sequence id for the first - and so far only - revocation request */
|
||||
# define OSSL_CMP_REVREQSID 0
|
||||
int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
|
||||
|
@ -885,8 +888,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
|
|||
int unprotected);
|
||||
int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
|
||||
ASN1_OCTET_STRING *hash);
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
||||
const char *text);
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
int fail_info, const char *text);
|
||||
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
||||
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
|
||||
int64_t poll_after);
|
||||
|
@ -900,8 +903,8 @@ ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc,
|
|||
OSSL_CMP_CERTRESPONSE *
|
||||
ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
|
||||
int rid);
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||
const OSSL_CMP_CERTRESPONSE *crep);
|
||||
OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
|
||||
|
||||
/* from cmp_protect.c */
|
||||
|
@ -922,8 +925,8 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
|
|||
const OSSL_CMP_MSG *msg, int accept_RAVerified);
|
||||
|
||||
/* from cmp_client.c */
|
||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info,
|
||||
const char *txt);
|
||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
int fail_info, const char *txt);
|
||||
int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
|
||||
const char *txt, int errorCode, const char *detail);
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -274,7 +274,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
|
|||
OSSL_CRMF_MSG *crm = NULL;
|
||||
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
|
||||
/* refcert defaults to current client cert */
|
||||
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
|
||||
EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx);
|
||||
STACK_OF(GENERAL_NAME) *default_sans = NULL;
|
||||
const X509_NAME *ref_subj =
|
||||
refcert != NULL ? X509_get_subject_name(refcert) : NULL;
|
||||
|
@ -286,15 +286,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
|
|||
/* RFC5280: subjectAltName MUST be critical if subject is null */
|
||||
X509_EXTENSIONS *exts = NULL;
|
||||
|
||||
if (rkey == NULL && ctx->p10CSR != NULL)
|
||||
rkey = X509_REQ_get0_pubkey(ctx->p10CSR);
|
||||
if (rkey == NULL && refcert != NULL)
|
||||
rkey = X509_get0_pubkey(refcert);
|
||||
if (rkey == NULL)
|
||||
rkey = ctx->pkey; /* default is independent of ctx->oldCert */
|
||||
if (rkey == NULL) {
|
||||
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PUBLIC_KEY);
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
@ -411,15 +405,9 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
|
|||
if (type != OSSL_CMP_PKIBODY_P10CR) {
|
||||
EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||
|
||||
/*
|
||||
* privkey is NULL in case ctx->newPkey does not include a private key.
|
||||
* We then may try to use ctx->pkey as fallback/default, but only
|
||||
* if ctx-> newPkey does not include a (non-matching) public key:
|
||||
*/
|
||||
if (privkey == NULL && OSSL_CMP_CTX_get0_newPkey(ctx, 0) == NULL)
|
||||
privkey = ctx->pkey; /* default is independent of ctx->oldCert */
|
||||
if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
|
||||
/* privkey is ctx->newPkey (if private, else NULL) or ctx->pkey */
|
||||
if (ctx->popoMethod >= OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO);
|
||||
goto err;
|
||||
}
|
||||
if (crm == NULL) {
|
||||
|
@ -794,15 +782,17 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
|
|||
return 1;
|
||||
}
|
||||
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
||||
const char *text)
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
int fail_info, const char *text)
|
||||
{
|
||||
OSSL_CMP_MSG *msg = NULL;
|
||||
OSSL_CMP_CERTSTATUS *certStatus = NULL;
|
||||
ASN1_OCTET_STRING *certHash = NULL;
|
||||
OSSL_CMP_PKISI *sinfo;
|
||||
|
||||
if (!ossl_assert(ctx != NULL && ctx->newCert != NULL))
|
||||
if (!ossl_assert(ctx != NULL && ctx->newCert != NULL
|
||||
&& (certReqId == OSSL_CMP_CERTREQID
|
||||
|| certReqId == OSSL_CMP_CERTREQID_NONE)))
|
||||
return NULL;
|
||||
|
||||
if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) {
|
||||
|
@ -816,10 +806,13 @@ OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
|||
if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL)
|
||||
goto err;
|
||||
/* consume certStatus into msg right away so it gets deallocated with msg */
|
||||
if (!sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus))
|
||||
if (sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus) < 1) {
|
||||
OSSL_CMP_CERTSTATUS_free(certStatus);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* set the ID of the certReq */
|
||||
if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID))
|
||||
if (!ASN1_INTEGER_set(certStatus->certReqId, certReqId))
|
||||
goto err;
|
||||
/*
|
||||
* The hash of the certificate, using the same hash algorithm
|
||||
|
@ -965,12 +958,12 @@ static int suitable_rid(const ASN1_INTEGER *certReqId, int rid)
|
|||
{
|
||||
int trid;
|
||||
|
||||
if (rid == -1)
|
||||
if (rid == OSSL_CMP_CERTREQID_NONE)
|
||||
return 1;
|
||||
|
||||
trid = ossl_cmp_asn1_get_int(certReqId);
|
||||
|
||||
if (trid == -1) {
|
||||
if (trid == OSSL_CMP_CERTREQID_NONE) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1031,14 +1024,15 @@ ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
|
|||
|
||||
/*-
|
||||
* Retrieve the newly enrolled certificate from the given certResponse crep.
|
||||
* In case of indirect POPO uses the libctx and propq from ctx and private key.
|
||||
* Uses libctx and propq from ctx, in case of indirect POPO also private key.
|
||||
* Returns a pointer to a copy of the found certificate, or NULL if not found.
|
||||
*/
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey)
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||
const OSSL_CMP_CERTRESPONSE *crep)
|
||||
{
|
||||
OSSL_CMP_CERTORENCCERT *coec;
|
||||
X509 *crt = NULL;
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
if (!ossl_assert(crep != NULL && ctx != NULL))
|
||||
return NULL;
|
||||
|
@ -1051,6 +1045,8 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
|||
break;
|
||||
case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT:
|
||||
/* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */
|
||||
pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||
/* pkey is ctx->newPkey (if private, else NULL) or ctx->pkey */
|
||||
if (pkey == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
|
@ -1084,6 +1080,20 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
|||
|| ossl_cmp_msg_protect(ctx, msg);
|
||||
}
|
||||
|
||||
int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||
{
|
||||
if (ctx == NULL || msg == NULL || msg->header == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
if (ctx->recipNonce == NULL) /* nothing to do for 1st msg in transaction */
|
||||
return 1;
|
||||
if (!ossl_cmp_asn1_octet_string_set1(&msg->header->recipNonce,
|
||||
ctx->recipNonce))
|
||||
return 0;
|
||||
return msg->header->protectionAlg == NULL || ossl_cmp_msg_protect(ctx, msg);
|
||||
}
|
||||
|
||||
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
|
||||
const char *propq)
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -129,6 +129,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
|
|||
}
|
||||
}
|
||||
|
||||
/* ctx is not const just because ctx->chain may get adapted */
|
||||
int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||
{
|
||||
if (!ossl_assert(ctx != NULL && msg != NULL))
|
||||
|
@ -251,6 +252,7 @@ static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg,
|
|||
return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id);
|
||||
}
|
||||
|
||||
/* ctx is not const just because ctx->chain may get adapted */
|
||||
int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||
{
|
||||
if (!ossl_assert(ctx != NULL && msg != NULL))
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
@ -22,8 +22,9 @@
|
|||
/* the context for the generic CMP server */
|
||||
struct ossl_cmp_srv_ctx_st
|
||||
{
|
||||
OSSL_CMP_CTX *ctx; /* Client CMP context, partly reused for srv */
|
||||
void *custom_ctx; /* pointer to specific server context */
|
||||
void *custom_ctx; /* pointer to application-specific server context */
|
||||
OSSL_CMP_CTX *ctx; /* Client CMP context, reusing transactionID etc. */
|
||||
int certReqId; /* id of last ir/cr/kur, OSSL_CMP_CERTREQID_NONE for p10cr */
|
||||
|
||||
OSSL_CMP_SRV_cert_request_cb_t process_cert_request;
|
||||
OSSL_CMP_SRV_rr_cb_t process_rr;
|
||||
|
@ -57,6 +58,7 @@ OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
|
|||
|
||||
if ((ctx->ctx = OSSL_CMP_CTX_new(libctx, propq)) == NULL)
|
||||
goto err;
|
||||
ctx->certReqId = OSSL_CMP_CERTREQID_INVALID;
|
||||
|
||||
/* all other elements are initialized to 0 or NULL, respectively */
|
||||
return ctx;
|
||||
|
@ -184,7 +186,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
}
|
||||
|
||||
if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
|
||||
certReqId = OSSL_CMP_CERTREQID;
|
||||
certReqId = OSSL_CMP_CERTREQID_NONE; /* p10cr does not include an Id */
|
||||
p10cr = req->body->value.p10cr;
|
||||
} else {
|
||||
OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */
|
||||
|
@ -199,7 +201,12 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
return NULL;
|
||||
}
|
||||
certReqId = OSSL_CRMF_MSG_get_certReqId(crm);
|
||||
if (certReqId != OSSL_CMP_CERTREQID) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
srv_ctx->certReqId = certReqId;
|
||||
|
||||
if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) {
|
||||
/* Proof of possession could not be verified */
|
||||
|
@ -356,6 +363,10 @@ static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ASN1_OCTET_STRING *certHash = status->certHash;
|
||||
OSSL_CMP_PKISI *si = status->statusInfo;
|
||||
|
||||
if (certReqId != srv_ctx->certReqId) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return NULL;
|
||||
}
|
||||
if (!srv_ctx->process_certConf(srv_ctx, req, certReqId, certHash, si))
|
||||
return NULL; /* reason code may be: CMP_R_CERTHASH_UNMATCHED */
|
||||
|
||||
|
@ -394,8 +405,12 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
return NULL;
|
||||
}
|
||||
|
||||
pr = sk_OSSL_CMP_POLLREQ_value(prc, 0);
|
||||
pr = sk_OSSL_CMP_POLLREQ_value(prc, OSSL_CMP_CERTREQID);
|
||||
certReqId = ossl_cmp_asn1_get_int(pr->certReqId);
|
||||
if (certReqId != srv_ctx->certReqId) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||
return NULL;
|
||||
}
|
||||
if (!srv_ctx->process_pollReq(srv_ctx, req, certReqId,
|
||||
&certReq, &check_after))
|
||||
return NULL;
|
||||
|
@ -446,7 +461,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
ASN1_OCTET_STRING *backup_secret;
|
||||
OSSL_CMP_PKIHEADER *hdr;
|
||||
int req_type, rsp_type;
|
||||
int res;
|
||||
int req_verified = 0;
|
||||
OSSL_CMP_MSG *rsp = NULL;
|
||||
|
||||
if (srv_ctx == NULL || srv_ctx->ctx == NULL
|
||||
|
@ -506,12 +521,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
}
|
||||
}
|
||||
|
||||
res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
|
||||
srv_ctx->acceptUnprotected);
|
||||
req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
|
||||
srv_ctx->acceptUnprotected);
|
||||
if (ctx->secretValue != NULL && ctx->pkey != NULL
|
||||
&& ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
|
||||
ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
|
||||
if (!res)
|
||||
if (!req_verified)
|
||||
goto err;
|
||||
|
||||
switch (req_type) {
|
||||
|
@ -568,9 +583,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
|
||||
OSSL_CMP_PKISI *si = NULL;
|
||||
|
||||
if (ctx->transactionID == NULL) {
|
||||
/* ignore any (extra) error in next two function calls: */
|
||||
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
|
||||
if (!req_verified) {
|
||||
/*
|
||||
* Above ossl_cmp_msg_check_update() was not successfully executed,
|
||||
* which normally would set ctx->transactionID and ctx->recipNonce.
|
||||
* So anyway try to provide the right transactionID and recipNonce,
|
||||
* while ignoring any (extra) error in next two function calls.
|
||||
*/
|
||||
if (ctx->transactionID == NULL)
|
||||
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
|
||||
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2020
|
||||
* Copyright Siemens AG 2015-2020
|
||||
*
|
||||
|
@ -323,11 +323,11 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
|
|||
* verify that the newly enrolled certificate (which assumed rid ==
|
||||
* OSSL_CMP_CERTREQID) can also be validated with the same trusted store
|
||||
*/
|
||||
EVP_PKEY *pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||
OSSL_CMP_CERTRESPONSE *crep =
|
||||
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
|
||||
OSSL_CMP_CERTREQID);
|
||||
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
|
||||
X509 *newcrt = ossl_cmp_certresponse_get1_cert(ctx, crep);
|
||||
|
||||
/*
|
||||
* maybe better use get_cert_status() from cmp_client.c, which catches
|
||||
* errors
|
||||
|
@ -642,7 +642,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*-
|
||||
* Check received message (i.e., response by server or request from client)
|
||||
* Any msg->extraCerts are prepended to ctx->untrusted.
|
||||
|
@ -765,6 +764,11 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||
#endif
|
||||
}
|
||||
|
||||
/* if not yet present, learn transactionID */
|
||||
if (ctx->transactionID == NULL
|
||||
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* RFC 4210 section 5.1.1 states: the recipNonce is copied from
|
||||
* the senderNonce of the previous message in the transaction.
|
||||
|
@ -773,11 +777,6 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||
if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce))
|
||||
return 0;
|
||||
|
||||
/* if not yet present, learn transactionID */
|
||||
if (ctx->transactionID == NULL
|
||||
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID))
|
||||
return -1;
|
||||
|
||||
/*
|
||||
* Store any provided extraCerts in ctx for future use,
|
||||
* such that they are available to ctx->certConf_cb and
|
||||
|
@ -788,7 +787,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||
/* this allows self-signed certs */
|
||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
|
||||
| X509_ADD_FLAG_PREPEND))
|
||||
return -1;
|
||||
return 0;
|
||||
|
||||
if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) {
|
||||
/*
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -309,7 +309,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
*/
|
||||
penc = NULL;
|
||||
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
||||
if (penc == NULL || penclen == 0)
|
||||
if (penclen <= 0)
|
||||
goto err;
|
||||
wrap_str = ASN1_STRING_new();
|
||||
if (wrap_str == NULL)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -8,6 +8,7 @@
|
|||
*/
|
||||
|
||||
#include <assert.h>
|
||||
#include <limits.h>
|
||||
#include <openssl/cms.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/decoder.h>
|
||||
|
@ -257,7 +258,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
ASN1_STRING *wrap_str;
|
||||
ASN1_OCTET_STRING *ukm;
|
||||
unsigned char *penc = NULL;
|
||||
size_t penclen;
|
||||
int penclen;
|
||||
int rv = 0;
|
||||
int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
|
||||
const EVP_MD *kdf_md;
|
||||
|
@ -274,15 +275,18 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
/* Is everything uninitialised? */
|
||||
if (aoid == OBJ_nid2obj(NID_undef)) {
|
||||
/* Set the key */
|
||||
size_t enckeylen;
|
||||
|
||||
penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc);
|
||||
ASN1_STRING_set0(pubkey, penc, penclen);
|
||||
enckeylen = EVP_PKEY_get1_encoded_public_key(pkey, &penc);
|
||||
if (enckeylen > INT_MAX || enckeylen == 0)
|
||||
goto err;
|
||||
ASN1_STRING_set0(pubkey, penc, (int)enckeylen);
|
||||
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
|
||||
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
|
||||
|
||||
penc = NULL;
|
||||
X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
|
||||
V_ASN1_UNDEF, NULL);
|
||||
(void)X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
|
||||
V_ASN1_UNDEF, NULL); /* cannot fail */
|
||||
}
|
||||
|
||||
/* See if custom parameters set */
|
||||
|
@ -346,7 +350,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
|
||||
penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
|
||||
|
||||
if (penclen == 0)
|
||||
if (penclen <= 0)
|
||||
goto err;
|
||||
|
||||
if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
|
||||
|
@ -358,7 +362,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
* of another AlgorithmIdentifier.
|
||||
*/
|
||||
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
||||
if (penc == NULL || penclen == 0)
|
||||
if (penclen <= 0)
|
||||
goto err;
|
||||
wrap_str = ASN1_STRING_new();
|
||||
if (wrap_str == NULL)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -138,7 +138,7 @@ int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
|
|||
return 1;
|
||||
}
|
||||
|
||||
CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
|
||||
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
|
||||
{
|
||||
switch (cms_get_enveloped_type(cms)) {
|
||||
case CMS_ENVELOPED_STANDARD:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -432,7 +432,7 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
|
|||
(void)ERR_pop_to_mark();
|
||||
|
||||
mdbio = BIO_new(BIO_f_md());
|
||||
if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
|
||||
if (mdbio == NULL || BIO_set_md(mdbio, digest) <= 0) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
@ -615,11 +615,12 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
|
|||
|
||||
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
|
||||
{
|
||||
int r;
|
||||
r = CMS_add0_crl(cms, crl);
|
||||
if (r > 0)
|
||||
X509_CRL_up_ref(crl);
|
||||
return r;
|
||||
if (!X509_CRL_up_ref(crl))
|
||||
return 0;
|
||||
if (CMS_add0_crl(cms, crl))
|
||||
return 1;
|
||||
X509_CRL_free(crl);
|
||||
return 0;
|
||||
}
|
||||
|
||||
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -701,14 +701,21 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
|
|||
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
||||
X509 *cert, X509 *peer)
|
||||
{
|
||||
STACK_OF(CMS_RecipientInfo) *ris;
|
||||
STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
|
||||
CMS_RecipientInfo *ri;
|
||||
int i, r, cms_pkey_ri_type;
|
||||
int debug = 0, match_ri = 0;
|
||||
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
|
||||
|
||||
ris = CMS_get0_RecipientInfos(cms);
|
||||
if (ris != NULL)
|
||||
debug = ossl_cms_get0_env_enc_content(cms)->debug;
|
||||
/* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */
|
||||
if (ec != NULL) {
|
||||
OPENSSL_clear_free(ec->key, ec->keylen);
|
||||
ec->key = NULL;
|
||||
ec->keylen = 0;
|
||||
}
|
||||
|
||||
if (ris != NULL && ec != NULL)
|
||||
debug = ec->debug;
|
||||
|
||||
cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk);
|
||||
if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) {
|
||||
|
@ -731,11 +738,8 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
|||
if (r < 0)
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* If we have a cert try matching RecipientInfo otherwise try them
|
||||
* all.
|
||||
*/
|
||||
else if (cert == NULL|| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
|
||||
/* If we have a cert, try matching RecipientInfo, else try them all */
|
||||
else if (cert == NULL || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
|
||||
EVP_PKEY_up_ref(pk);
|
||||
CMS_RecipientInfo_set0_pkey(ri, pk);
|
||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||
|
@ -772,7 +776,8 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
|||
return 1;
|
||||
}
|
||||
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
if (!match_ri)
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
@ -783,7 +788,7 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||
{
|
||||
STACK_OF(CMS_RecipientInfo) *ris;
|
||||
CMS_RecipientInfo *ri;
|
||||
int i, r;
|
||||
int i, r, match_ri = 0;
|
||||
|
||||
ris = CMS_get0_RecipientInfos(cms);
|
||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
||||
|
@ -791,11 +796,10 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
|
||||
continue;
|
||||
|
||||
/*
|
||||
* If we have an id try matching RecipientInfo otherwise try them
|
||||
* all.
|
||||
*/
|
||||
if (id == NULL || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
|
||||
/* If we have an id, try matching RecipientInfo, else try them all */
|
||||
if (id == NULL
|
||||
|| (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
|
||||
match_ri = 1;
|
||||
CMS_RecipientInfo_set0_key(ri, key, keylen);
|
||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||
CMS_RecipientInfo_set0_key(ri, NULL, 0);
|
||||
|
@ -809,7 +813,8 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||
}
|
||||
}
|
||||
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
if (!match_ri)
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
@ -817,15 +822,25 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
||||
unsigned char *pass, ossl_ssize_t passlen)
|
||||
{
|
||||
STACK_OF(CMS_RecipientInfo) *ris;
|
||||
STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
|
||||
CMS_RecipientInfo *ri;
|
||||
int i, r;
|
||||
int i, r, match_ri = 0;
|
||||
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
|
||||
|
||||
/* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */
|
||||
if (ec != NULL) {
|
||||
OPENSSL_clear_free(ec->key, ec->keylen);
|
||||
ec->key = NULL;
|
||||
ec->keylen = 0;
|
||||
}
|
||||
|
||||
ris = CMS_get0_RecipientInfos(cms);
|
||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
||||
ri = sk_CMS_RecipientInfo_value(ris, i);
|
||||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
|
||||
continue;
|
||||
|
||||
/* Must try each PasswordRecipientInfo */
|
||||
match_ri = 1;
|
||||
CMS_RecipientInfo_set0_password(ri, pass, passlen);
|
||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||
CMS_RecipientInfo_set0_password(ri, NULL, 0);
|
||||
|
@ -833,7 +848,8 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
|||
return 1;
|
||||
}
|
||||
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
if (!match_ri)
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
@ -843,7 +859,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
|||
{
|
||||
int r;
|
||||
BIO *cont;
|
||||
|
||||
CMS_EncryptedContentInfo *ec;
|
||||
int nid = OBJ_obj2nid(CMS_get0_type(cms));
|
||||
|
||||
if (nid != NID_pkcs7_enveloped
|
||||
|
@ -853,14 +869,9 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
|||
}
|
||||
if (dcont == NULL && !check_content(cms))
|
||||
return 0;
|
||||
if (flags & CMS_DEBUG_DECRYPT)
|
||||
ossl_cms_get0_env_enc_content(cms)->debug = 1;
|
||||
else
|
||||
ossl_cms_get0_env_enc_content(cms)->debug = 0;
|
||||
if (cert == NULL)
|
||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 1;
|
||||
else
|
||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 0;
|
||||
ec = ossl_cms_get0_env_enc_content(cms);
|
||||
ec->debug = (flags & CMS_DEBUG_DECRYPT) != 0;
|
||||
ec->havenocert = cert == NULL;
|
||||
if (pk == NULL && cert == NULL && dcont == NULL && out == NULL)
|
||||
return 1;
|
||||
if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -226,6 +226,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
|||
char *dirpath = NULL;
|
||||
OPENSSL_DIR_CTX *dirctx = NULL;
|
||||
#endif
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
int numincludes = 0;
|
||||
#endif
|
||||
|
||||
if ((buff = BUF_MEM_new()) == NULL) {
|
||||
ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
|
||||
|
@ -442,6 +445,20 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
|||
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
|
||||
char *include_path = NULL;
|
||||
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
/*
|
||||
* The include processing below can cause the "conf" fuzzer to
|
||||
* timeout due to the fuzzer inserting large and complicated
|
||||
* includes - with a large amount of time spent in
|
||||
* OPENSSL_strlcat/OPENSSL_strcpy. This is not a security
|
||||
* concern because config files should never come from untrusted
|
||||
* sources. We just set an arbitrary limit on the allowed
|
||||
* number of includes when fuzzing to prevent this timeout.
|
||||
*/
|
||||
if (numincludes++ > 10)
|
||||
goto err;
|
||||
#endif
|
||||
|
||||
if (include_dir == NULL)
|
||||
include_dir = conf->includedir;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -173,7 +173,10 @@ DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
|
|||
ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR);
|
||||
goto dsaerr;
|
||||
}
|
||||
DSA_set0_key(dsa, dsa_pubkey, dsa_privkey);
|
||||
if (!DSA_set0_key(dsa, dsa_pubkey, dsa_privkey)) {
|
||||
ERR_raise(ERR_LIB_DSA, ERR_R_INTERNAL_ERROR);
|
||||
goto dsaerr;
|
||||
}
|
||||
|
||||
goto done;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -36,6 +36,7 @@ static const ERR_STRING_DATA DSA_str_reasons[] = {
|
|||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
|
||||
"seed_len is less than the length of q"},
|
||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_TOO_MANY_RETRIES), "too many retries"},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -21,6 +21,9 @@
|
|||
#include "dsa_local.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
#define MIN_DSA_SIGN_QBITS 128
|
||||
#define MAX_DSA_SIGN_RETRIES 8
|
||||
|
||||
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
|
||||
static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
BIGNUM **rp);
|
||||
|
@ -75,6 +78,7 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||
int reason = ERR_R_BN_LIB;
|
||||
DSA_SIG *ret = NULL;
|
||||
int rv = 0;
|
||||
int retries = 0;
|
||||
|
||||
if (dsa->params.p == NULL
|
||||
|| dsa->params.q == NULL
|
||||
|
@ -129,7 +133,10 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||
* s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
|
||||
*/
|
||||
|
||||
/* Generate a blinding value */
|
||||
/*
|
||||
* Generate a blinding value
|
||||
* The size of q is tested in dsa_sign_setup() so there should not be an infinite loop here.
|
||||
*/
|
||||
do {
|
||||
if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1,
|
||||
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
|
||||
|
@ -164,14 +171,19 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||
goto err;
|
||||
|
||||
/*
|
||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
||||
* unlikely.
|
||||
* Redo if r or s is zero as required by FIPS 186-4: Section 4.6
|
||||
* This is very unlikely.
|
||||
* Limit the retries so there is no possibility of an infinite
|
||||
* loop for bad domain parameter values.
|
||||
*/
|
||||
if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
|
||||
if (BN_is_zero(ret->r) || BN_is_zero(ret->s)) {
|
||||
if (retries++ > MAX_DSA_SIGN_RETRIES) {
|
||||
reason = DSA_R_TOO_MANY_RETRIES;
|
||||
goto err;
|
||||
}
|
||||
goto redo;
|
||||
|
||||
}
|
||||
rv = 1;
|
||||
|
||||
err:
|
||||
if (rv == 0) {
|
||||
ERR_raise(ERR_LIB_DSA, reason);
|
||||
|
@ -212,7 +224,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||
/* Reject obviously invalid parameters */
|
||||
if (BN_is_zero(dsa->params.p)
|
||||
|| BN_is_zero(dsa->params.q)
|
||||
|| BN_is_zero(dsa->params.g)) {
|
||||
|| BN_is_zero(dsa->params.g)
|
||||
|| BN_is_negative(dsa->params.p)
|
||||
|| BN_is_negative(dsa->params.q)
|
||||
|| BN_is_negative(dsa->params.g)) {
|
||||
ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS);
|
||||
return 0;
|
||||
}
|
||||
|
@ -220,7 +235,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||
ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
k = BN_new();
|
||||
l = BN_new();
|
||||
if (k == NULL || l == NULL)
|
||||
|
@ -236,7 +250,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||
/* Preallocate space */
|
||||
q_bits = BN_num_bits(dsa->params.q);
|
||||
q_words = bn_get_top(dsa->params.q);
|
||||
if (!bn_wexpand(k, q_words + 2)
|
||||
if (q_bits < MIN_DSA_SIGN_QBITS
|
||||
|| !bn_wexpand(k, q_words + 2)
|
||||
|| !bn_wexpand(l, q_words + 2))
|
||||
goto err;
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -165,7 +165,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
|
|||
*siglen = 0;
|
||||
return 0;
|
||||
}
|
||||
*siglen = i2d_DSA_SIG(s, &sig);
|
||||
*siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||
DSA_SIG_free(s);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -140,6 +140,7 @@ ___
|
|||
}
|
||||
|
||||
$code.=<<___;
|
||||
.machine "any"
|
||||
.text
|
||||
|
||||
___
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -108,6 +108,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
|
|||
"random number generation failed"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_TOO_MANY_RETRIES), "too many retries"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
|
||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -20,6 +20,15 @@
|
|||
#include "crypto/bn.h"
|
||||
#include "ec_local.h"
|
||||
|
||||
#define MIN_ECDSA_SIGN_ORDERBITS 64
|
||||
/*
|
||||
* It is highly unlikely that a retry will happen,
|
||||
* Multiple retries would indicate that something is wrong
|
||||
* with the group parameters (which would normally only happen
|
||||
* with a bad custom group).
|
||||
*/
|
||||
#define MAX_ECDSA_SIGN_RETRIES 8
|
||||
|
||||
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||
BIGNUM **rp)
|
||||
{
|
||||
|
@ -66,7 +75,7 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
|||
*siglen = 0;
|
||||
return 0;
|
||||
}
|
||||
*siglen = i2d_ECDSA_SIG(s, &sig);
|
||||
*siglen = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||
ECDSA_SIG_free(s);
|
||||
return 1;
|
||||
}
|
||||
|
@ -120,7 +129,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
|
|||
|
||||
/* Preallocate space */
|
||||
order_bits = BN_num_bits(order);
|
||||
if (!BN_set_bit(k, order_bits)
|
||||
/* Check the number of bits here so that an infinite loop is not possible */
|
||||
if (order_bits < MIN_ECDSA_SIGN_ORDERBITS
|
||||
|| !BN_set_bit(k, order_bits)
|
||||
|| !BN_set_bit(r, order_bits)
|
||||
|| !BN_set_bit(X, order_bits))
|
||||
goto err;
|
||||
|
@ -195,6 +206,7 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|||
EC_KEY *eckey)
|
||||
{
|
||||
int ok = 0, i;
|
||||
int retries = 0;
|
||||
BIGNUM *kinv = NULL, *s, *m = NULL;
|
||||
const BIGNUM *order, *ckinv;
|
||||
BN_CTX *ctx = NULL;
|
||||
|
@ -304,6 +316,11 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|||
ERR_raise(ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES);
|
||||
goto err;
|
||||
}
|
||||
/* Avoid infinite loops cause by invalid group parameters */
|
||||
if (retries++ > MAX_ECDSA_SIGN_RETRIES) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_TOO_MANY_RETRIES);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
/* s != 0 => we have a valid signature */
|
||||
break;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -712,7 +712,7 @@ const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth = {
|
|||
static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
||||
{
|
||||
ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id,
|
||||
KEY_OP_PUBLIC, NULL, NULL);
|
||||
KEY_OP_KEYGEN, NULL, NULL);
|
||||
|
||||
if (ecx != NULL) {
|
||||
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -140,8 +140,9 @@ void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
|
|||
if (!int_cleanup_check(1))
|
||||
return;
|
||||
item = int_cleanup_item(cb);
|
||||
if (item)
|
||||
sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
|
||||
if (item != NULL)
|
||||
if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0) <= 0)
|
||||
OPENSSL_free(item);
|
||||
}
|
||||
|
||||
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -233,7 +233,9 @@ CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
|
|||
CMP_R_MISSING_P10CSR:121:missing p10csr
|
||||
CMP_R_MISSING_PBM_SECRET:166:missing pbm secret
|
||||
CMP_R_MISSING_PRIVATE_KEY:131:missing private key
|
||||
CMP_R_MISSING_PRIVATE_KEY_FOR_POPO:190:missing private key for popo
|
||||
CMP_R_MISSING_PROTECTION:143:missing protection
|
||||
CMP_R_MISSING_PUBLIC_KEY:183:missing public key
|
||||
CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert
|
||||
CMP_R_MISSING_SECRET:178:missing secret
|
||||
CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification
|
||||
|
@ -514,6 +516,7 @@ DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
|||
DSA_R_P_NOT_PRIME:115:p not prime
|
||||
DSA_R_Q_NOT_PRIME:113:q not prime
|
||||
DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
|
||||
DSA_R_TOO_MANY_RETRIES:116:too many retries
|
||||
DSO_R_CTRL_FAILED:100:control command failed
|
||||
DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
|
||||
DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
|
||||
|
@ -597,6 +600,7 @@ EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
|
|||
EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
|
||||
EC_R_SHARED_INFO_ERROR:150:shared info error
|
||||
EC_R_SLOT_FULL:108:slot full
|
||||
EC_R_TOO_MANY_RETRIES:176:too many retries
|
||||
EC_R_UNDEFINED_GENERATOR:113:undefined generator
|
||||
EC_R_UNDEFINED_ORDER:128:undefined order
|
||||
EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -387,7 +387,7 @@ static int default_fixup_args(enum state state,
|
|||
{
|
||||
int ret;
|
||||
|
||||
if ((ret = default_check(state, translation, ctx)) < 0)
|
||||
if ((ret = default_check(state, translation, ctx)) <= 0)
|
||||
return ret;
|
||||
|
||||
switch (state) {
|
||||
|
@ -1136,6 +1136,7 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
|||
const struct translation_st *translation,
|
||||
struct translation_ctx_st *ctx)
|
||||
{
|
||||
char *p2 = NULL;
|
||||
int ret;
|
||||
|
||||
if ((ret = default_check(state, translation, ctx)) <= 0)
|
||||
|
@ -1148,13 +1149,25 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
|||
if (state == PRE_CTRL_TO_PARAMS) {
|
||||
ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
|
||||
ctx->p1 = 0;
|
||||
} else if (state == PRE_PARAMS_TO_CTRL) {
|
||||
/*
|
||||
* We're translating from params to ctrl and setting the curve name.
|
||||
* The ctrl function needs it to be a NID, but meanwhile, we need
|
||||
* space to get the curve name from the param. |ctx->name_buf| is
|
||||
* sufficient for that.
|
||||
* The double indirection is necessary for default_fixup_args()'s
|
||||
* call of OSSL_PARAM_get_utf8_string() to be done correctly.
|
||||
*/
|
||||
p2 = ctx->name_buf;
|
||||
ctx->p2 = &p2;
|
||||
ctx->sz = sizeof(ctx->name_buf);
|
||||
}
|
||||
|
||||
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
|
||||
return ret;
|
||||
|
||||
if (state == PRE_PARAMS_TO_CTRL) {
|
||||
ctx->p1 = OBJ_sn2nid(ctx->p2);
|
||||
ctx->p1 = OBJ_sn2nid(p2);
|
||||
ctx->p2 = NULL;
|
||||
}
|
||||
|
||||
|
@ -2140,6 +2153,46 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
|||
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
|
||||
|
||||
/*-
|
||||
* SM2
|
||||
* ==
|
||||
*/
|
||||
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
|
||||
EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL,
|
||||
OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc },
|
||||
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
|
||||
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
|
||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
|
||||
fix_ec_paramgen_curve_nid },
|
||||
/*
|
||||
* EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used
|
||||
* both for setting and getting. The fixup function has to handle this...
|
||||
*/
|
||||
{ NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL,
|
||||
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER,
|
||||
fix_ecdh_cofactor },
|
||||
{ NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type },
|
||||
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
|
||||
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
|
||||
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
|
||||
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
|
||||
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
|
||||
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
|
||||
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
|
||||
/*-
|
||||
* RSA
|
||||
* ===
|
||||
|
@ -2307,8 +2360,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
|||
*/
|
||||
{ SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||
{ SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
|
||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||
{ SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||
{ SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
|
||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||
};
|
||||
|
||||
static const struct translation_st evp_pkey_translations[] = {
|
||||
|
@ -2721,6 +2778,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
|
|||
if (translation->fixup_args != NULL)
|
||||
fixup = translation->fixup_args;
|
||||
ctx.action_type = translation->action_type;
|
||||
ctx.ctrl_cmd = translation->ctrl_num;
|
||||
}
|
||||
ctx.pctx = pctx;
|
||||
ctx.params = params;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -447,7 +447,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
|
|||
|
||||
if (isize != NULL) {
|
||||
if (size <= UINT_MAX) {
|
||||
*isize = (int)size;
|
||||
*isize = (unsigned int)size;
|
||||
} else {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
||||
ret = 0;
|
||||
|
@ -762,7 +762,7 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
|
|||
return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
|
||||
params);
|
||||
|
||||
if (ctx->digest != NULL && ctx->digest->get_params != NULL)
|
||||
if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL)
|
||||
return ctx->digest->get_ctx_params(ctx->algctx, params);
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -283,7 +283,9 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
|
|||
*/
|
||||
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
|
||||
{
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
|
||||
int keytype = nid == EVP_PKEY_SM2 ? EVP_PKEY_SM2 : EVP_PKEY_EC;
|
||||
|
||||
return EVP_PKEY_CTX_ctrl(ctx, keytype, EVP_PKEY_OP_TYPE_GEN,
|
||||
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
|
||||
nid, NULL);
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -136,7 +136,7 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|||
md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
|
||||
/* Fallback to legacy method */
|
||||
if (md == NULL)
|
||||
EVP_get_digestbynid(md_nid);
|
||||
md = EVP_get_digestbynid(md_nid);
|
||||
|
||||
if (md == NULL) {
|
||||
(void)ERR_clear_last_mark();
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -378,7 +378,7 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
|
|||
|
||||
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)
|
||||
{
|
||||
if (keymgmt->gen != NULL)
|
||||
if (keymgmt->gen_cleanup != NULL)
|
||||
keymgmt->gen_cleanup(genctx);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1324,6 +1324,8 @@ static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
|
|||
|
||||
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
|
||||
{
|
||||
if (pkey == NULL)
|
||||
return 0;
|
||||
return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
|
||||
}
|
||||
|
||||
|
@ -1374,7 +1376,9 @@ int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
|
|||
int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
|
||||
size_t publen)
|
||||
{
|
||||
if (pkey != NULL && evp_pkey_is_provided(pkey))
|
||||
if (pkey == NULL)
|
||||
return 0;
|
||||
if (evp_pkey_is_provided(pkey))
|
||||
return
|
||||
EVP_PKEY_set_octet_string_param(pkey,
|
||||
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
|
||||
|
@ -1393,7 +1397,9 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub)
|
|||
{
|
||||
int rv;
|
||||
|
||||
if (pkey != NULL && evp_pkey_is_provided(pkey)) {
|
||||
if (pkey == NULL)
|
||||
return 0;
|
||||
if (evp_pkey_is_provided(pkey)) {
|
||||
size_t return_size = OSSL_PARAM_UNMODIFIED;
|
||||
unsigned char *buf;
|
||||
|
||||
|
@ -2172,7 +2178,14 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
|
|||
goto err;
|
||||
ret = OSSL_PARAM_get_BN(params, bn);
|
||||
err:
|
||||
OPENSSL_free(buf);
|
||||
if (buf != NULL) {
|
||||
if (OSSL_PARAM_modified(params))
|
||||
OPENSSL_clear_free(buf, buf_sz);
|
||||
else
|
||||
OPENSSL_free(buf);
|
||||
} else if (OSSL_PARAM_modified(params)) {
|
||||
OPENSSL_cleanse(buffer, params[0].data_size);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -509,8 +509,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||
if (pctx->op.kex.algctx != NULL) {
|
||||
if (!ossl_assert(pctx->op.kex.exchange != NULL))
|
||||
goto err;
|
||||
rctx->op.kex.algctx
|
||||
= pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
|
||||
|
||||
if (pctx->op.kex.exchange->dupctx != NULL)
|
||||
rctx->op.kex.algctx
|
||||
= pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
|
||||
|
||||
if (rctx->op.kex.algctx == NULL) {
|
||||
EVP_KEYEXCH_free(rctx->op.kex.exchange);
|
||||
rctx->op.kex.exchange = NULL;
|
||||
|
@ -527,8 +530,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||
if (pctx->op.sig.algctx != NULL) {
|
||||
if (!ossl_assert(pctx->op.sig.signature != NULL))
|
||||
goto err;
|
||||
rctx->op.sig.algctx
|
||||
= pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
|
||||
|
||||
if (pctx->op.sig.signature->dupctx != NULL)
|
||||
rctx->op.sig.algctx
|
||||
= pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
|
||||
|
||||
if (rctx->op.sig.algctx == NULL) {
|
||||
EVP_SIGNATURE_free(rctx->op.sig.signature);
|
||||
rctx->op.sig.signature = NULL;
|
||||
|
@ -545,8 +551,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||
if (pctx->op.ciph.algctx != NULL) {
|
||||
if (!ossl_assert(pctx->op.ciph.cipher != NULL))
|
||||
goto err;
|
||||
rctx->op.ciph.algctx
|
||||
= pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
|
||||
|
||||
if (pctx->op.ciph.cipher->dupctx != NULL)
|
||||
rctx->op.ciph.algctx
|
||||
= pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
|
||||
|
||||
if (rctx->op.ciph.algctx == NULL) {
|
||||
EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
|
||||
rctx->op.ciph.cipher = NULL;
|
||||
|
@ -563,8 +572,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||
if (pctx->op.encap.algctx != NULL) {
|
||||
if (!ossl_assert(pctx->op.encap.kem != NULL))
|
||||
goto err;
|
||||
rctx->op.encap.algctx
|
||||
= pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
|
||||
|
||||
if (pctx->op.encap.kem->dupctx != NULL)
|
||||
rctx->op.encap.algctx
|
||||
= pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
|
||||
|
||||
if (rctx->op.encap.algctx == NULL) {
|
||||
EVP_KEM_free(rctx->op.encap.kem);
|
||||
rctx->op.encap.kem = NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -111,6 +111,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
|
|||
if (p1 != NULL) {
|
||||
if (p1->data_type != OSSL_PARAM_UTF8_STRING)
|
||||
goto err;
|
||||
props = p1->data;
|
||||
}
|
||||
if (!ossl_ffc_set_digest(ffc, prm->data, props))
|
||||
goto err;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -182,6 +182,8 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
|
|||
|| !ffc_bn_cpy(&dst->j, src->j))
|
||||
return 0;
|
||||
|
||||
dst->mdname = src->mdname;
|
||||
dst->mdprops = src->mdprops;
|
||||
OPENSSL_free(dst->seed);
|
||||
dst->seedlen = src->seedlen;
|
||||
if (src->seed != NULL) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -1122,7 +1122,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||
char *port;
|
||||
char *path;
|
||||
int use_ssl;
|
||||
OSSL_HTTP_REQ_CTX *rctx;
|
||||
OSSL_HTTP_REQ_CTX *rctx = NULL;
|
||||
BIO *resp = NULL;
|
||||
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
|
||||
|
||||
|
@ -1148,10 +1148,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||
NULL /* req */,
|
||||
expected_ct, expect_asn1, max_resp_len,
|
||||
-1 /* use same max time (timeout) */,
|
||||
0 /* no keep_alive */))
|
||||
0 /* no keep_alive */)) {
|
||||
OSSL_HTTP_REQ_CTX_free(rctx);
|
||||
else
|
||||
rctx = NULL;
|
||||
} else {
|
||||
resp = OSSL_HTTP_exchange(rctx, &redirection_url);
|
||||
}
|
||||
}
|
||||
OPENSSL_free(path);
|
||||
if (resp == NULL && redirection_url != NULL) {
|
||||
|
@ -1166,6 +1168,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||
OPENSSL_free(host);
|
||||
OPENSSL_free(port);
|
||||
(void)OSSL_HTTP_close(rctx, 1);
|
||||
rctx = NULL;
|
||||
BIO_free(resp);
|
||||
OPENSSL_free(current_url);
|
||||
return NULL;
|
||||
|
@ -1175,6 +1178,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||
OPENSSL_free(host);
|
||||
OPENSSL_free(port);
|
||||
(void)OSSL_HTTP_close(rctx, 1);
|
||||
rctx = NULL;
|
||||
continue;
|
||||
}
|
||||
/* if redirection not allowed, ignore it */
|
||||
|
@ -1184,6 +1188,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||
OPENSSL_free(port);
|
||||
if (!OSSL_HTTP_close(rctx, resp != NULL)) {
|
||||
BIO_free(resp);
|
||||
rctx = NULL;
|
||||
resp = NULL;
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -253,9 +253,9 @@ static int use_proxy(const char *no_proxy, const char *server)
|
|||
* compatible with other HTTP client implementations like wget, curl and git
|
||||
*/
|
||||
if (no_proxy == NULL)
|
||||
no_proxy = getenv("no_proxy");
|
||||
no_proxy = ossl_safe_getenv("no_proxy");
|
||||
if (no_proxy == NULL)
|
||||
no_proxy = getenv(OPENSSL_NO_PROXY);
|
||||
no_proxy = ossl_safe_getenv(OPENSSL_NO_PROXY);
|
||||
|
||||
if (no_proxy != NULL)
|
||||
found = strstr(no_proxy, server);
|
||||
|
@ -275,10 +275,9 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
|
|||
* compatible with other HTTP client implementations like wget, curl and git
|
||||
*/
|
||||
if (proxy == NULL)
|
||||
proxy = getenv(use_ssl ? "https_proxy" : "http_proxy");
|
||||
proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
|
||||
if (proxy == NULL)
|
||||
proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY :
|
||||
OPENSSL_HTTPS_PROXY);
|
||||
proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY);
|
||||
|
||||
if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
|
||||
return NULL;
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
|||
first = 1;
|
||||
bl = NULL;
|
||||
|
||||
/*
|
||||
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
|
||||
*
|
||||
* > 3.5. OBJECT IDENTIFIER values
|
||||
* >
|
||||
* > An OBJECT IDENTIFIER value is an ordered list of non-negative
|
||||
* > numbers. For the SMIv2, each number in the list is referred to as a
|
||||
* > sub-identifier, there are at most 128 sub-identifiers in a value,
|
||||
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295
|
||||
* > decimal).
|
||||
*
|
||||
* So a legitimate OID according to this RFC is at most (32 * 128 / 7),
|
||||
* i.e. 586 bytes long.
|
||||
*
|
||||
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||
*/
|
||||
if (len > 586)
|
||||
goto err;
|
||||
|
||||
while (len > 0) {
|
||||
l = 0;
|
||||
use_bn = 0;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -510,14 +510,15 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
|
|||
int ret = 0;
|
||||
int j, best = -1, score, optional;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
if (nid <= 0 || method == NULL || store == NULL)
|
||||
return 0;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (ossl_lib_ctx_is_default(store->ctx)
|
||||
&& !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
/* This only needs to be a read lock, because the query won't create anything */
|
||||
if (!ossl_property_read_lock(store))
|
||||
return 0;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -272,7 +272,13 @@ void RAND_add(const void *buf, int num, double randomness)
|
|||
# endif
|
||||
drbg = RAND_get0_primary(NULL);
|
||||
if (drbg != NULL && num > 0)
|
||||
# ifdef OPENSSL_RAND_SEED_NONE
|
||||
/* Without an entropy source, we have to rely on the user */
|
||||
EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0);
|
||||
# else
|
||||
/* With an entropy source, we downgrade this to additional input */
|
||||
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
|
||||
# endif
|
||||
}
|
||||
|
||||
# if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -124,13 +124,17 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
|
|||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
for (idx = 0; idx < ex_primes; idx++) {
|
||||
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
|
||||
if (!BN_sub(k, pinfo->r, BN_value_one())) {
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mul(l, l, k, ctx)) {
|
||||
if (!BN_mul(l, m, k, ctx)) {
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
|
@ -138,12 +142,12 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
|
|||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
|
||||
if (!BN_mod_mul(i, key->d, key->e, m, ctx)) {
|
||||
ret = -1;
|
||||
goto err;
|
||||
}
|
||||
|
|
|
@ -234,6 +234,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
|
|||
* will only read the modulus from BN_BLINDING. In both cases it's safe
|
||||
* to access the blinding without a lock.
|
||||
*/
|
||||
BN_set_flags(f, BN_FLG_CONSTTIME);
|
||||
return BN_BLINDING_invert_ex(f, unblind, b, ctx);
|
||||
}
|
||||
|
||||
|
@ -416,6 +417,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
||||
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
|
||||
rsa->n, ctx))
|
||||
goto err;
|
||||
|
||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
|
||||
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||
if (blinding == NULL) {
|
||||
|
@ -453,13 +459,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||
goto err;
|
||||
}
|
||||
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||
|
||||
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
||||
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
|
||||
rsa->n, ctx)) {
|
||||
BN_free(d);
|
||||
goto err;
|
||||
}
|
||||
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
|
||||
rsa->_method_mod_n)) {
|
||||
BN_free(d);
|
||||
|
@ -469,20 +468,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||
BN_free(d);
|
||||
}
|
||||
|
||||
if (blinding) {
|
||||
/*
|
||||
* ossl_bn_rsa_do_unblind() combines blinding inversion and
|
||||
* 0-padded BN BE serialization
|
||||
*/
|
||||
j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
|
||||
buf, num);
|
||||
if (j == 0)
|
||||
if (blinding)
|
||||
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||
goto err;
|
||||
} else {
|
||||
j = BN_bn2binpad(ret, buf, num);
|
||||
if (j < 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
j = BN_bn2binpad(ret, buf, num);
|
||||
if (j < 0)
|
||||
goto err;
|
||||
|
||||
switch (padding) {
|
||||
case RSA_PKCS1_PADDING:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
|
@ -361,6 +361,7 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
|
|||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
RSA_ACVP_TEST *info = NULL;
|
||||
BIGNUM *tmp;
|
||||
|
||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||
info = rsa->acvp_test;
|
||||
|
@ -392,6 +393,14 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
|
|||
/* (Step 2) Generate prime factors */
|
||||
if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb))
|
||||
goto err;
|
||||
|
||||
/* p>q check and skipping in case of acvp test */
|
||||
if (info == NULL && BN_cmp(rsa->p, rsa->q) < 0) {
|
||||
tmp = rsa->p;
|
||||
rsa->p = rsa->q;
|
||||
rsa->q = tmp;
|
||||
}
|
||||
|
||||
/* (Steps 3-5) Compute params d, n, dP, dQ, qInv */
|
||||
ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx);
|
||||
if (ok < 0)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
|
@ -454,7 +454,7 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
|
|||
goto done;
|
||||
}
|
||||
|
||||
sigleni = i2d_ECDSA_SIG(s, &sig);
|
||||
sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||
if (sigleni < 0) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -528,6 +528,10 @@ int UI_process(UI *ui)
|
|||
ok = 0;
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
ui->flags &= ~UI_FLAG_REDOABLE;
|
||||
ok = -2;
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -32,7 +32,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
|
|||
int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
||||
int verify)
|
||||
{
|
||||
int ok = 0;
|
||||
int ok = -2;
|
||||
UI *ui;
|
||||
|
||||
if (size < 1)
|
||||
|
@ -47,8 +47,6 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
|||
ok = UI_process(ui);
|
||||
UI_free(ui);
|
||||
}
|
||||
if (ok > 0)
|
||||
ok = 0;
|
||||
return ok;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
|
|||
};
|
||||
|
||||
struct X509_POLICY_TREE_st {
|
||||
/* The number of nodes in the tree */
|
||||
size_t node_count;
|
||||
/* The maximum number of nodes in the tree */
|
||||
size_t node_maximum;
|
||||
|
||||
/* This is the tree 'level' data */
|
||||
X509_POLICY_LEVEL *levels;
|
||||
int nlevel;
|
||||
|
@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
|
|||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
||||
X509_POLICY_DATA *data,
|
||||
X509_POLICY_NODE *parent,
|
||||
X509_POLICY_TREE *tree);
|
||||
X509_POLICY_TREE *tree,
|
||||
int extra_data);
|
||||
void ossl_policy_node_free(X509_POLICY_NODE *node);
|
||||
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
|
||||
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
|
|||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
||||
X509_POLICY_DATA *data,
|
||||
X509_POLICY_NODE *parent,
|
||||
X509_POLICY_TREE *tree)
|
||||
X509_POLICY_TREE *tree,
|
||||
int extra_data)
|
||||
{
|
||||
X509_POLICY_NODE *node;
|
||||
|
||||
/* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
|
||||
if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
|
||||
return NULL;
|
||||
|
||||
node = OPENSSL_zalloc(sizeof(*node));
|
||||
if (node == NULL) {
|
||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||
|
@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|||
}
|
||||
node->data = data;
|
||||
node->parent = parent;
|
||||
if (level) {
|
||||
if (level != NULL) {
|
||||
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
|
||||
if (level->anyPolicy)
|
||||
goto node_error;
|
||||
|
@ -90,24 +95,33 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|||
}
|
||||
}
|
||||
|
||||
if (tree) {
|
||||
if (extra_data) {
|
||||
if (tree->extra_data == NULL)
|
||||
tree->extra_data = sk_X509_POLICY_DATA_new_null();
|
||||
if (tree->extra_data == NULL){
|
||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||
goto node_error;
|
||||
goto extra_data_error;
|
||||
}
|
||||
if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
|
||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||
goto node_error;
|
||||
goto extra_data_error;
|
||||
}
|
||||
}
|
||||
|
||||
tree->node_count++;
|
||||
if (parent)
|
||||
parent->nchild++;
|
||||
|
||||
return node;
|
||||
|
||||
extra_data_error:
|
||||
if (level != NULL) {
|
||||
if (level->anyPolicy == node)
|
||||
level->anyPolicy = NULL;
|
||||
else
|
||||
(void) sk_X509_POLICY_NODE_pop(level->nodes);
|
||||
}
|
||||
|
||||
node_error:
|
||||
ossl_policy_node_free(node);
|
||||
return NULL;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -14,6 +14,19 @@
|
|||
|
||||
#include "pcy_local.h"
|
||||
|
||||
/*
|
||||
* If the maximum number of nodes in the policy tree isn't defined, set it to
|
||||
* a generous default of 1000 nodes.
|
||||
*
|
||||
* Defining this to be zero means unlimited policy tree growth which opens the
|
||||
* door on CVE-2023-0464.
|
||||
*/
|
||||
#ifndef OPENSSL_POLICY_TREE_NODES_MAX
|
||||
# define OPENSSL_POLICY_TREE_NODES_MAX 1000
|
||||
#endif
|
||||
|
||||
static void exnode_free(X509_POLICY_NODE *node);
|
||||
|
||||
static void expected_print(BIO *channel,
|
||||
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
|
||||
int indent)
|
||||
|
@ -163,6 +176,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||
return X509_PCY_TREE_INTERNAL;
|
||||
}
|
||||
|
||||
/* Limit the growth of the tree to mitigate CVE-2023-0464 */
|
||||
tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
|
||||
|
||||
/*
|
||||
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
|
||||
*
|
||||
|
@ -180,7 +196,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||
if ((data = ossl_policy_data_new(NULL,
|
||||
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
|
||||
goto bad_tree;
|
||||
if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
|
||||
if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
|
||||
ossl_policy_data_free(data);
|
||||
goto bad_tree;
|
||||
}
|
||||
|
@ -239,7 +255,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||
* Return value: 1 on success, 0 otherwise
|
||||
*/
|
||||
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
||||
X509_POLICY_DATA *data)
|
||||
X509_POLICY_DATA *data,
|
||||
X509_POLICY_TREE *tree)
|
||||
{
|
||||
X509_POLICY_LEVEL *last = curr - 1;
|
||||
int i, matched = 0;
|
||||
|
@ -249,13 +266,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|||
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
|
||||
|
||||
if (ossl_policy_node_match(last, node, data->valid_policy)) {
|
||||
if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
|
||||
if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
|
||||
return 0;
|
||||
matched = 1;
|
||||
}
|
||||
}
|
||||
if (!matched && last->anyPolicy) {
|
||||
if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
|
||||
if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -268,7 +285,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|||
* Return value: 1 on success, 0 otherwise.
|
||||
*/
|
||||
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
||||
const X509_POLICY_CACHE *cache)
|
||||
const X509_POLICY_CACHE *cache,
|
||||
X509_POLICY_TREE *tree)
|
||||
{
|
||||
int i;
|
||||
|
||||
|
@ -276,7 +294,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
|||
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
|
||||
|
||||
/* Look for matching nodes in previous level */
|
||||
if (!tree_link_matching_nodes(curr, data))
|
||||
if (!tree_link_matching_nodes(curr, data, tree))
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
|
@ -307,7 +325,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
|
|||
/* Curr may not have anyPolicy */
|
||||
data->qualifier_set = cache->anyPolicy->qualifier_set;
|
||||
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
|
||||
if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
|
||||
if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
|
||||
ossl_policy_data_free(data);
|
||||
return 0;
|
||||
}
|
||||
|
@ -370,7 +388,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
|
|||
/* Finally add link to anyPolicy */
|
||||
if (last->anyPolicy &&
|
||||
ossl_policy_level_add_node(curr, cache->anyPolicy,
|
||||
last->anyPolicy, NULL) == NULL)
|
||||
last->anyPolicy, tree, 0) == NULL)
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
@ -553,15 +571,23 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
|
|||
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
|
||||
| POLICY_DATA_FLAG_EXTRA_NODE;
|
||||
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
|
||||
tree);
|
||||
tree, 1);
|
||||
if (node == NULL) {
|
||||
ossl_policy_data_free(extra);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (!tree->user_policies) {
|
||||
tree->user_policies = sk_X509_POLICY_NODE_new_null();
|
||||
if (!tree->user_policies)
|
||||
return 1;
|
||||
if (!tree->user_policies) {
|
||||
exnode_free(node);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
|
||||
if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) {
|
||||
exnode_free(node);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
@ -580,7 +606,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
|
|||
|
||||
for (i = 1; i < tree->nlevel; i++, curr++) {
|
||||
cache = ossl_policy_cache_set(curr->cert);
|
||||
if (!tree_link_nodes(curr, cache))
|
||||
if (!tree_link_nodes(curr, cache, tree))
|
||||
return X509_PCY_TREE_INTERNAL;
|
||||
|
||||
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
|
||||
|
|
|
@ -179,7 +179,7 @@ const char *X509_verify_cert_error_string(long n)
|
|||
case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH:
|
||||
return "subject signature algorithm and issuer public key algorithm mismatch";
|
||||
case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY:
|
||||
return "cert info siganature and signature algorithm mismatch";
|
||||
return "cert info signature and signature algorithm mismatch";
|
||||
case X509_V_ERR_INVALID_CA:
|
||||
return "invalid CA certificate";
|
||||
case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA:
|
||||
|
@ -213,6 +213,11 @@ const char *X509_verify_cert_error_string(long n)
|
|||
case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
|
||||
return "Certificate public key has explicit ECC parameters";
|
||||
|
||||
/*
|
||||
* Entries must be kept consistent with include/openssl/x509_vfy.h.in
|
||||
* and with doc/man3/X509_STORE_CTX_get_error.pod
|
||||
*/
|
||||
|
||||
default:
|
||||
/* Printing an error number into a static buffer is not thread-safe */
|
||||
return "unknown certificate verification error";
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
|
|||
goto memerr;
|
||||
/* Invalid or inconsistent extensions */
|
||||
if (ret == X509_PCY_TREE_INVALID) {
|
||||
int i;
|
||||
int i, cbcalled = 0;
|
||||
|
||||
/* Locate certificates with bad extensions and notify callback. */
|
||||
for (i = 1; i < sk_X509_num(ctx->chain); i++) {
|
||||
for (i = 0; i < sk_X509_num(ctx->chain); i++) {
|
||||
X509 *x = sk_X509_value(ctx->chain, i);
|
||||
|
||||
if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
|
||||
cbcalled = 1;
|
||||
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
|
||||
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
|
||||
}
|
||||
if (!cbcalled) {
|
||||
/* Should not be able to get here */
|
||||
ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
/* The callback ignored the error so we return success */
|
||||
return 1;
|
||||
}
|
||||
if (ret == X509_PCY_TREE_FAILURE) {
|
||||
|
@ -3413,7 +3421,7 @@ static int check_curve(X509 *cert)
|
|||
ret = EVP_PKEY_get_int_param(pkey,
|
||||
OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
|
||||
&val);
|
||||
return ret < 0 ? ret : !val;
|
||||
return ret == 1 ? !val : -1;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
|
|
@ -4145,6 +4145,10 @@ DEPEND[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
|
|||
GENERATE[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
|
||||
DEPEND[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
||||
GENERATE[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
||||
DEPEND[html/man7/EVP_CIPHER-NULL.html]=man7/EVP_CIPHER-NULL.pod
|
||||
GENERATE[html/man7/EVP_CIPHER-NULL.html]=man7/EVP_CIPHER-NULL.pod
|
||||
DEPEND[man/man7/EVP_CIPHER-NULL.7]=man7/EVP_CIPHER-NULL.pod
|
||||
GENERATE[man/man7/EVP_CIPHER-NULL.7]=man7/EVP_CIPHER-NULL.pod
|
||||
DEPEND[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
||||
GENERATE[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
||||
DEPEND[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod
|
||||
|
@ -4289,6 +4293,10 @@ DEPEND[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod
|
|||
GENERATE[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod
|
||||
DEPEND[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
||||
GENERATE[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
||||
DEPEND[html/man7/EVP_MD-NULL.html]=man7/EVP_MD-NULL.pod
|
||||
GENERATE[html/man7/EVP_MD-NULL.html]=man7/EVP_MD-NULL.pod
|
||||
DEPEND[man/man7/EVP_MD-NULL.7]=man7/EVP_MD-NULL.pod
|
||||
GENERATE[man/man7/EVP_MD-NULL.7]=man7/EVP_MD-NULL.pod
|
||||
DEPEND[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
||||
GENERATE[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
||||
DEPEND[man/man7/EVP_MD-RIPEMD160.7]=man7/EVP_MD-RIPEMD160.pod
|
||||
|
@ -4619,6 +4627,7 @@ html/man7/EVP_CIPHER-CAST.html \
|
|||
html/man7/EVP_CIPHER-CHACHA.html \
|
||||
html/man7/EVP_CIPHER-DES.html \
|
||||
html/man7/EVP_CIPHER-IDEA.html \
|
||||
html/man7/EVP_CIPHER-NULL.html \
|
||||
html/man7/EVP_CIPHER-RC2.html \
|
||||
html/man7/EVP_CIPHER-RC4.html \
|
||||
html/man7/EVP_CIPHER-RC5.html \
|
||||
|
@ -4655,6 +4664,7 @@ html/man7/EVP_MD-MD4.html \
|
|||
html/man7/EVP_MD-MD5-SHA1.html \
|
||||
html/man7/EVP_MD-MD5.html \
|
||||
html/man7/EVP_MD-MDC2.html \
|
||||
html/man7/EVP_MD-NULL.html \
|
||||
html/man7/EVP_MD-RIPEMD160.html \
|
||||
html/man7/EVP_MD-SHA1.html \
|
||||
html/man7/EVP_MD-SHA2.html \
|
||||
|
@ -4743,6 +4753,7 @@ man/man7/EVP_CIPHER-CAST.7 \
|
|||
man/man7/EVP_CIPHER-CHACHA.7 \
|
||||
man/man7/EVP_CIPHER-DES.7 \
|
||||
man/man7/EVP_CIPHER-IDEA.7 \
|
||||
man/man7/EVP_CIPHER-NULL.7 \
|
||||
man/man7/EVP_CIPHER-RC2.7 \
|
||||
man/man7/EVP_CIPHER-RC4.7 \
|
||||
man/man7/EVP_CIPHER-RC5.7 \
|
||||
|
@ -4779,6 +4790,7 @@ man/man7/EVP_MD-MD4.7 \
|
|||
man/man7/EVP_MD-MD5-SHA1.7 \
|
||||
man/man7/EVP_MD-MD5.7 \
|
||||
man/man7/EVP_MD-MDC2.7 \
|
||||
man/man7/EVP_MD-NULL.7 \
|
||||
man/man7/EVP_MD-RIPEMD160.7 \
|
||||
man/man7/EVP_MD-SHA1.7 \
|
||||
man/man7/EVP_MD-SHA2.7 \
|
||||
|
|
|
@ -12,6 +12,9 @@ in the file named openssl-1.0.1h.tar.gz.asc.
|
|||
The following is the list of fingerprints for the keys that are
|
||||
currently in use to sign OpenSSL distributions:
|
||||
|
||||
OpenSSL OMC:
|
||||
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
|
||||
|
||||
Richard Levitte:
|
||||
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||
|
||||
|
|
|
@ -30,8 +30,8 @@ ossl_cmp_error_new
|
|||
OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
|
||||
const OSSL_CRMF_CERTID *cid,
|
||||
int unprotectedErrors);
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
||||
const char *text);
|
||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
int fail_info, const char *text);
|
||||
OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx);
|
||||
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
||||
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after);
|
||||
|
@ -124,8 +124,9 @@ It does not protect the message if the B<status> value in I<si> is B<rejected>
|
|||
and I<unprotectedErrors> is nonzero.
|
||||
|
||||
ossl_cmp_certConf_new() creates a Certificate Confirmation message for the last
|
||||
received certificate. PKIStatus defaults to B<accepted> if the I<fail_info> bit
|
||||
field is 0. Else it is taken as the failInfo of the PKIStatusInfo, PKIStatus is
|
||||
received certificate with the given I<certReqId>.
|
||||
The PKIStatus defaults to B<accepted> if the I<fail_info> bit field is 0.
|
||||
Otherwise it is taken as the failInfo of the PKIStatusInfo, PKIStatus is
|
||||
set to B<rejected>, and I<text> is copied to statusString unless it is NULL.
|
||||
|
||||
ossl_cmp_pkiconf_new() creates a PKI Confirmation message.
|
||||
|
@ -167,7 +168,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -8,7 +8,7 @@ ossl_cmp_mock_srv_set1_certOut,
|
|||
ossl_cmp_mock_srv_set1_chainOut,
|
||||
ossl_cmp_mock_srv_set1_caPubsOut,
|
||||
ossl_cmp_mock_srv_set_statusInfo,
|
||||
ossl_cmp_mock_srv_set_send_error,
|
||||
ossl_cmp_mock_srv_set_sendError,
|
||||
ossl_cmp_mock_srv_set_pollCount,
|
||||
ossl_cmp_mock_srv_set_checkAfterTime
|
||||
- functions used for testing with CMP mock server
|
||||
|
@ -27,7 +27,7 @@ ossl_cmp_mock_srv_set_checkAfterTime
|
|||
STACK_OF(X509) *caPubs);
|
||||
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
||||
int fail_info, const char *text);
|
||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
||||
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
||||
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
||||
|
||||
|
@ -39,25 +39,27 @@ I<propq>, both of which may be NULL to select the defaults.
|
|||
|
||||
ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in
|
||||
ossl_cmp_mock_srv_set1_certOut() sets the certificate to be returned in
|
||||
cp/ip/kup.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to
|
||||
ossl_cmp_mock_srv_set1_chainOut() sets the certificate chain to be added to
|
||||
the extraCerts in a cp/ip/kup.
|
||||
It should to useful to validate B<certOut>.
|
||||
It should be useful for the validation of the certificate given via
|
||||
ossl_cmp_mock_srv_set1_certOut().
|
||||
|
||||
OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip.
|
||||
ossl_cmp_mock_srv_set1_caPubsOut() sets the caPubs to be returned in an ip.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set_statusInfo() sets the status info to be returned.
|
||||
ossl_cmp_mock_srv_set_statusInfo() sets the status info to be returned.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set_send_error() enables enforcement of error responses.
|
||||
ossl_cmp_mock_srv_set_sendError() enables enforcement of error responses
|
||||
for requests of the given I<bodytype>, or for all requests if I<bodytype> is 1.
|
||||
A I<bodytype> of -1 can be used to disable this feature, which is the default.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set_pollCount() sets the number of polls before cert response.
|
||||
ossl_cmp_mock_srv_set_pollCount() sets the number of polls before cert response.
|
||||
|
||||
OSSL_CMP_SRV_CTX_set_checkAfterTime() sets the number of seconds
|
||||
ossl_cmp_mock_srv_set_checkAfterTime() sets the number of seconds
|
||||
the client should wait for the next poll.
|
||||
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
||||
|
@ -77,7 +79,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -25,7 +25,7 @@ using the credentials, library context, and property criteria in the I<ctx>.
|
|||
ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
|
||||
depending on the available context information given in the I<ctx>.
|
||||
If there is a secretValue it selects PBMAC, else if there is a protection cert
|
||||
it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.
|
||||
it selects Signature and uses ossl_cmp_msg_add_extraCerts (see below).
|
||||
It also sets the protectionAlg field in the message header accordingly.
|
||||
|
||||
ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
|
||||
|
@ -40,6 +40,10 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
|
|||
|
||||
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
||||
|
||||
The I<ctx> parameter of ossl_cmp_msg_add_extraCerts()
|
||||
and thus also of ossl_cmp_msg_protect() cannot be made I<const>
|
||||
because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
ossl_cmp_calc_protection() returns the protection on success, else NULL.
|
||||
|
@ -52,7 +56,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -43,8 +43,8 @@ ossl_cmp_pkisi_check_pkifailureinfo
|
|||
# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
|
||||
# define OSSL_CMP_PKIFAILUREINFO_MAX 26
|
||||
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
|
||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||
const OSSL_CMP_CERTRESPONSE *crep);
|
||||
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
||||
const char *ossl_cmp_PKIStatus_to_string(int status);
|
||||
OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si);
|
||||
|
@ -55,7 +55,7 @@ ossl_cmp_pkisi_check_pkifailureinfo
|
|||
|
||||
ossl_cmp_certresponse_get1_cert() returns a pointer to a copy of the newly
|
||||
enrolled certificate from the given certResponse I<crep>, or NULL on error.
|
||||
In case of indirect POPO uses data from the I<ctx> and the private key I<pkey>.
|
||||
Uses data from I<ctx>, which in case of indirect POPO includes the private key.
|
||||
|
||||
ossl_cmp_pkisi_get_status() returns the PKIStatus of I<si>, or -1 on error.
|
||||
|
||||
|
@ -89,7 +89,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -248,12 +248,16 @@ e.g., C<1.2.3.4:int:56789>.
|
|||
|
||||
=item B<-newkey> I<filename>|I<uri>
|
||||
|
||||
The source of the private or public key for the certificate requested
|
||||
in Initialization Request (IR), Certification Request(CR), or
|
||||
Key Update Request (KUR).
|
||||
The source of the private or public key for the certificate being requested.
|
||||
Defaults to the public key in the PKCS#10 CSR given with the B<-csr> option,
|
||||
the public key of the reference certificate, or the current client key.
|
||||
|
||||
The public portion of the key is placed in the certification request.
|
||||
|
||||
Unless B<-cmd> I<p10cr>, B<-popo> I<-1>, or B<-popo> I<0> is given, the
|
||||
private key will be needed as well to provide the proof of possession (POPO),
|
||||
where the B<-key> option may provide a fallback.
|
||||
|
||||
=item B<-newkeypass> I<arg>
|
||||
|
||||
Pass phrase source for the key given with the B<-newkey> option.
|
||||
|
@ -344,7 +348,7 @@ Flag the policies given with B<-policy_oids> as critical.
|
|||
|
||||
=item B<-popo> I<number>
|
||||
|
||||
Proof-of-Possession (POPO) method to use for IR/CR/KUR; values: C<-1>..<2> where
|
||||
Proof-of-possession (POPO) method to use for IR/CR/KUR; values: C<-1>..<2> where
|
||||
C<-1> = NONE, C<0> = RAVERIFIED, C<1> = SIGNATURE (default), C<2> = KEYENC.
|
||||
|
||||
Note that a signature-based POPO can only be produced if a private key
|
||||
|
@ -354,15 +358,22 @@ is provided via the B<-newkey> or B<-key> options.
|
|||
|
||||
PKCS#10 CSR in PEM or DER format containing a certificate request.
|
||||
With B<-cmd> I<p10cr> it is used directly in a legacy P10CR message.
|
||||
|
||||
When used with B<-cmd> I<ir>, I<cr>, or I<kur>,
|
||||
it is transformed into the respective regular CMP request,
|
||||
while its public key is ignored if I<-newkey> is given.
|
||||
It may also be used with B<-cmd> I<rr> to specify the certificate to be revoked
|
||||
it is transformed into the respective regular CMP request.
|
||||
In this case, a private key must be provided (with B<-newkey> or B<-key>)
|
||||
for the proof of possession (unless B<-popo> I<-1> or B<-popo> I<0> is used)
|
||||
and the respective public key is placed in the certification request
|
||||
(rather than taking over the public key contained in the PKCS#10 CSR).
|
||||
|
||||
PKCS#10 CSR input may also be used with B<-cmd> I<rr>
|
||||
to specify the certificate to be revoked
|
||||
via the included subject name and public key.
|
||||
|
||||
=item B<-out_trusted> I<filenames>|I<uris>
|
||||
|
||||
Trusted certificate(s) to use for validating the newly enrolled certificate.
|
||||
During this verification, any certificate status checking is disabled.
|
||||
|
||||
Multiple sources may be given, separated by commas and/or whitespace
|
||||
(where in the latter case the whole argument must be enclosed in "...").
|
||||
|
@ -408,6 +419,7 @@ For RR the certificate to be revoked can also be specified using B<-csr>.
|
|||
The reference certificate, if any, is also used for
|
||||
deriving default subject DN and Subject Alternative Names and the
|
||||
default issuer entry in the requested certificate template of an IR/CR/KUR.
|
||||
Its public key is used as a fallback in the template of certification requests.
|
||||
Its subject is used as sender of outgoing messages if B<-cert> is not given.
|
||||
Its issuer is used as default recipient in CMP message headers
|
||||
if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
|
||||
|
@ -443,7 +455,8 @@ Reason numbers defined in RFC 5280 are:
|
|||
|
||||
The DNS hostname or IP address and optionally port
|
||||
of the CMP server to connect to using HTTP(S).
|
||||
This excludes I<-port> and I<-use_mock_srv> and is ignored with I<-rspin>.
|
||||
This option excludes I<-port> and I<-use_mock_srv>.
|
||||
It is ignored if I<-rspin> is given with enough filename arguments.
|
||||
|
||||
The scheme C<https> may be given only if the B<-tls_used> option is used.
|
||||
In this case the default port is 443, else 80.
|
||||
|
@ -523,15 +536,15 @@ Default is 0.
|
|||
|
||||
=item B<-trusted> I<filenames>|I<uris>
|
||||
|
||||
When validating signature-based protection of CMP response messages,
|
||||
these are the CA certificate(s) to trust while checking certificate chains
|
||||
during CMP server authentication.
|
||||
This option gives more flexibility than the B<-srvcert> option because the
|
||||
server-side CMP signer certificate is not pinned but may be any certificate
|
||||
for which a chain to one of the given trusted certificates can be constructed.
|
||||
The certificate(s), typically of root CAs, the client shall use as trust anchors
|
||||
when validating signature-based protection of CMP response messages.
|
||||
This option is ignored if the B<-srvcert> option is given as well.
|
||||
It provides more flexibility than B<-srvcert> because the CMP protection
|
||||
certificate of the server is not pinned but may be any certificate
|
||||
from which a chain to one of the given trust anchors can be constructed.
|
||||
|
||||
If no B<-trusted>, B<-srvcert>, and B<-secret> option is given
|
||||
then protected response messages from the server are not authenticated.
|
||||
If none of B<-trusted>, B<-srvcert>, and B<-secret> is given, message validation
|
||||
errors will be thrown unless B<-unprotected_errors> permits an exception.
|
||||
|
||||
Multiple sources may be given, separated by commas and/or whitespace
|
||||
(where in the latter case the whole argument must be enclosed in "...").
|
||||
|
@ -546,24 +559,24 @@ have no effect on the certificate verification enabled via this option.
|
|||
Non-trusted intermediate CA certificate(s).
|
||||
Any extra certificates given with the B<-cert> option are appended to it.
|
||||
All these certificates may be useful for cert path construction
|
||||
for the CMP client certificate (to include in the extraCerts field of outgoing
|
||||
messages) and for the TLS client certificate (if TLS is enabled)
|
||||
for the own CMP signer certificate (to include in the extraCerts field of
|
||||
request messages) and for the TLS client certificate (if TLS is enabled)
|
||||
as well as for chain building
|
||||
when validating the CMP server certificate (checking signature-based
|
||||
when validating server certificates (checking signature-based
|
||||
CMP message protection) and when validating newly enrolled certificates.
|
||||
|
||||
Multiple sources may be given, separated by commas and/or whitespace.
|
||||
Each file may contain multiple certificates.
|
||||
Multiple filenames or URLs may be given, separated by commas and/or whitespace.
|
||||
Each source may contain multiple certificates.
|
||||
|
||||
=item B<-srvcert> I<filename>|I<uri>
|
||||
|
||||
The specific CMP server certificate to expect and directly trust (even if it is
|
||||
expired) when validating signature-based protection of CMP response messages.
|
||||
May be set alternatively to the B<-trusted> option to pin the accepted server.
|
||||
expired) when verifying signature-based protection of CMP response messages.
|
||||
This pins the accepted server and results in ignoring the B<-trusted> option.
|
||||
|
||||
If set, the subject of the certificate is also used
|
||||
as default value for the recipient of CMP requests
|
||||
and as default value for the expected sender of incoming CMP messages.
|
||||
and as default value for the expected sender of CMP responses.
|
||||
|
||||
=item B<-expect_sender> I<name>
|
||||
|
||||
|
@ -583,8 +596,8 @@ For details see the description of the B<-subject> option.
|
|||
=item B<-ignore_keyusage>
|
||||
|
||||
Ignore key usage restrictions in CMP signer certificates when validating
|
||||
signature-based protection of incoming CMP messages,
|
||||
else C<digitalSignature> must be allowed for signer certificate.
|
||||
signature-based protection of incoming CMP messages.
|
||||
By default, C<digitalSignature> must be allowed by CMP signer certificates.
|
||||
|
||||
=item B<-unprotected_errors>
|
||||
|
||||
|
@ -659,17 +672,25 @@ L<openssl-passphrase-options(1)>.
|
|||
|
||||
The client's current CMP signer certificate.
|
||||
Requires the corresponding key to be given with B<-key>.
|
||||
|
||||
The subject and the public key contained in this certificate
|
||||
serve as fallback values in the certificate template of IR/CR/KUR messages.
|
||||
|
||||
The subject of this certificate will be used as sender of outgoing CMP messages,
|
||||
while the subject of B<-oldcert> or B<-subjectName> may provide fallback values.
|
||||
|
||||
The issuer of this certificate is used as one of the recipient fallback values
|
||||
and as fallback issuer entry in the certificate template of IR/CR/KUR.
|
||||
and as fallback issuer entry in the certificate template of IR/CR/KUR messages.
|
||||
|
||||
When using signature-based message protection, this "protection certificate"
|
||||
will be included first in the extraCerts field of outgoing messages
|
||||
and the signature is done with the corresponding key.
|
||||
In Initialization Request (IR) messages this can be used for authenticating
|
||||
using an external entity certificate as defined in appendix E.7 of RFC 4210.
|
||||
|
||||
For Key Update Request (KUR) messages this is also used as
|
||||
the certificate to be updated if the B<-oldcert> option is not given.
|
||||
|
||||
If the file includes further certs, they are appended to the untrusted certs
|
||||
because they typically constitute the chain of the client certificate, which
|
||||
is included in the extraCerts field in signature-protected request messages.
|
||||
|
@ -695,6 +716,8 @@ the B<-cert> option.
|
|||
This will be used for signature-based message protection unless
|
||||
the B<-secret> option indicating PBM or B<-unprotected_requests> is given.
|
||||
|
||||
It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages.
|
||||
|
||||
=item B<-keypass> I<arg>
|
||||
|
||||
Pass phrase source for the private key given with the B<-key> option.
|
||||
|
@ -709,7 +732,7 @@ L<openssl-passphrase-options(1)>.
|
|||
Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
|
||||
and as the one-way function (OWF) in MSG_MAC_ALG.
|
||||
If applicable, this is used for message protection and
|
||||
Proof-of-Possession (POPO) signatures.
|
||||
proof-of-possession (POPO) signatures.
|
||||
To see the list of supported digests, use C<openssl list -digest-commands>.
|
||||
Defaults to C<sha256>.
|
||||
|
||||
|
@ -732,7 +755,7 @@ Each source may contain multiple certificates.
|
|||
|
||||
=item B<-unprotected_requests>
|
||||
|
||||
Send messages without CMP-level protection.
|
||||
Send request messages without CMP-level protection.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -801,11 +824,14 @@ B<-tls_key>.
|
|||
|
||||
=item B<-tls_used>
|
||||
|
||||
Enable using TLS (even when other TLS_related options are not set)
|
||||
when connecting to CMP server via HTTP.
|
||||
This option is not supported with the I<-port> option
|
||||
and is ignored with the I<-use_mock_srv> and I<-rspin> options
|
||||
or if the I<-server> option is not given.
|
||||
Enable using TLS (even when other TLS-related options are not set)
|
||||
for message exchange with CMP server via HTTP.
|
||||
This option is not supported with the I<-port> option.
|
||||
It is ignored if the I<-server> option is not given or I<-use_mock_srv> is given
|
||||
or I<-rspin> is given with enough filename arguments.
|
||||
|
||||
The following TLS-related options are ignored
|
||||
if B<-tls_used> is not given or does not take effect.
|
||||
|
||||
=item B<-tls_cert> I<filename>|I<uri>
|
||||
|
||||
|
@ -867,46 +893,71 @@ Default is one invocation.
|
|||
|
||||
=item B<-reqin> I<filenames>
|
||||
|
||||
Take sequence of CMP requests from file(s).
|
||||
Take the sequence of CMP requests to send to the server from the given file(s)
|
||||
rather than from the sequence of requests produced internally.
|
||||
|
||||
This option is ignored if the B<-rspin> option is given
|
||||
because in the latter case no requests are actually sent.
|
||||
|
||||
Multiple filenames may be given, separated by commas and/or whitespace
|
||||
(where in the latter case the whole argument must be enclosed in "...").
|
||||
As many files are read as needed for a complete transaction.
|
||||
|
||||
The files are read as far as needed to complete the transaction
|
||||
and filenames have been provided. If more requests are needed,
|
||||
the remaining ones are taken from the items at the respective position
|
||||
in the sequence of requests produced internally.
|
||||
|
||||
The client needs to update the recipNonce field in the given requests (except
|
||||
for the first one) in order to satisfy the checks to be performed by the server.
|
||||
This causes re-protection (if protecting requests is required).
|
||||
|
||||
=item B<-reqin_new_tid>
|
||||
|
||||
Use a fresh transactionID for CMP request messages read using B<-reqin>,
|
||||
which requires re-protecting them as far as they were protected before.
|
||||
which causes their reprotection (if protecting requests is required).
|
||||
This may be needed in case the sequence of requests is reused
|
||||
and the CMP server complains that the transaction ID has already been used.
|
||||
|
||||
=item B<-reqout> I<filenames>
|
||||
|
||||
Save sequence of CMP requests to file(s).
|
||||
Save the sequence of CMP requests created by the client to the given file(s).
|
||||
These requests are not sent to the server if the B<-reqin> option is used, too.
|
||||
|
||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||
As many files are written as needed to store the complete transaction.
|
||||
|
||||
Files are written as far as needed to save the transaction
|
||||
and filenames have been provided.
|
||||
If the transaction contains more requests, the remaining ones are not saved.
|
||||
|
||||
=item B<-rspin> I<filenames>
|
||||
|
||||
Process sequence of CMP responses provided in file(s), skipping server.
|
||||
This excludes I<-server>, I<-port>, and I<-use_mock_srv>.
|
||||
Process the sequence of CMP responses provided in the given file(s),
|
||||
not contacting any given server,
|
||||
as long as enough filenames are provided to complete the transaction.
|
||||
|
||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||
As many files are read as needed for the complete transaction.
|
||||
|
||||
Any server specified via the I<-server> or I<-use_mock_srv> options is contacted
|
||||
only if more responses are needed to complete the transaction.
|
||||
In this case the transaction will fail
|
||||
unless the server has been prepared to continue the already started transaction.
|
||||
|
||||
=item B<-rspout> I<filenames>
|
||||
|
||||
Save sequence of CMP responses to file(s).
|
||||
Save the sequence of actually used CMP responses to the given file(s).
|
||||
These have been received from the server unless B<-rspin> takes effect.
|
||||
|
||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||
As many files are written as needed to store the complete transaction.
|
||||
|
||||
Files are written as far as needed to save the responses
|
||||
contained in the transaction and filenames have been provided.
|
||||
If the transaction contains more responses, the remaining ones are not saved.
|
||||
|
||||
=item B<-use_mock_srv>
|
||||
|
||||
Test the client using the internal CMP server mock-up at API level,
|
||||
bypassing socket-based transfer via HTTP.
|
||||
This excludes I<-server>, I<-port>, and I<-rspin>.
|
||||
This excludes the B<-server> and B<-port> options.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -917,7 +968,9 @@ This excludes I<-server>, I<-port>, and I<-rspin>.
|
|||
=item B<-port> I<number>
|
||||
|
||||
Act as HTTP-based CMP server mock-up listening on the given port.
|
||||
This excludes I<-server>, I<-rspin>, and I<-use_mock_srv>.
|
||||
This excludes the B<-server> and B<-use_mock_srv> options.
|
||||
The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options
|
||||
so far are not supported in this mode.
|
||||
|
||||
=item B<-max_msgs> I<number>
|
||||
|
||||
|
@ -1022,10 +1075,11 @@ Accept missing or invalid protection of requests.
|
|||
=item B<-accept_unprot_err>
|
||||
|
||||
Accept unprotected error messages from client.
|
||||
So far this has no effect because the server does not accept any error messages.
|
||||
|
||||
=item B<-accept_raverified>
|
||||
|
||||
Accept RAVERIFED as proof-of-possession (POPO).
|
||||
Accept RAVERIFED as proof of possession (POPO).
|
||||
|
||||
=back
|
||||
|
||||
|
|
|
@ -129,7 +129,8 @@ This option enables the use of PBKDF2 algorithm to derive the key.
|
|||
|
||||
=item B<-pbkdf2>
|
||||
|
||||
Use PBKDF2 algorithm with default iteration count unless otherwise specified.
|
||||
Use PBKDF2 algorithm with a default iteration count of 10000
|
||||
unless otherwise specified by the B<-iter> command line option.
|
||||
|
||||
=item B<-nosalt>
|
||||
|
||||
|
|
|
@ -568,10 +568,12 @@ When a specific TLS version is required, only that version will be offered or
|
|||
accepted.
|
||||
Only one specific protocol can be given and it cannot be combined with any of
|
||||
the B<no_> options.
|
||||
The B<no_*> options do not work with B<s_time> and B<ciphers> commands but work with
|
||||
B<s_client> and B<s_server> commands.
|
||||
|
||||
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
|
||||
|
||||
These options specify to use DTLS instead of DLTS.
|
||||
These options specify to use DTLS instead of TLS.
|
||||
With B<-dtls>, clients will negotiate any supported DTLS protocol version.
|
||||
Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
|
||||
respectively.
|
||||
|
@ -831,7 +833,7 @@ that program with no arguments is now equivalent to C<openssl help>.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -27,7 +27,7 @@ If I<a> is NULL nothing is done.
|
|||
=head1 NOTES
|
||||
|
||||
Other string types call the B<ASN1_STRING> functions. For example
|
||||
ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
|
||||
ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING).
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
@ -42,7 +42,7 @@ L<ERR_get_error(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -21,10 +21,10 @@ to and I<flags> is an optional set of flags.
|
|||
I<dcont> is used in the rare case where the encrypted content is detached. It
|
||||
will normally be set to NULL.
|
||||
|
||||
The following flags can be passed in the B<flags> parameter.
|
||||
The following flags can be passed in the I<flags> parameter.
|
||||
|
||||
If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
|
||||
from the content. If the content is not of type B<text/plain> then an error is
|
||||
If the B<CMS_TEXT> flag is set MIME headers for type C<text/plain> are deleted
|
||||
from the content. If the content is not of type C<text/plain> then an error is
|
||||
returned.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
@ -39,7 +39,7 @@ L<ERR_get_error(3)>, L<CMS_EncryptedData_encrypt(3)>
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -20,6 +20,8 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
|
|||
=head1 DESCRIPTION
|
||||
|
||||
CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
|
||||
This is used by L<CMS_sign_ex(3)> and L<CMS_sign(3)> and may be used before
|
||||
calling L<CMS_verify(3)> to help chain building in certificate validation.
|
||||
I<cms> must be of type signed data or (authenticated) enveloped data.
|
||||
For signed data, such a certificate can be used when signing or verifying
|
||||
to fill in the signer certificate or to provide an extra CA certificate
|
||||
|
@ -29,7 +31,8 @@ CMS_get1_certs() returns all certificates in I<cms>.
|
|||
|
||||
CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
|
||||
I<cms> must be of type signed data or (authenticated) enveloped data.
|
||||
For signed data, such a CRL may be used in certificate validation.
|
||||
For signed data, such a CRL may be used in certificate validation
|
||||
with L<CMS_verify(3)>.
|
||||
It may be given both for inclusion when signing a CMS message
|
||||
and when verifying a signed CMS message.
|
||||
|
||||
|
@ -48,8 +51,7 @@ As the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it
|
|||
must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
|
||||
must be freed up.
|
||||
|
||||
The same certificate or CRL must not be added to the same cms structure more
|
||||
than once.
|
||||
The same certificate must not be added to the same cms structure more than once.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
@ -63,12 +65,12 @@ in practice is if the I<cms> type is invalid.
|
|||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>,
|
||||
L<CMS_sign(3)>,
|
||||
L<CMS_sign(3)>, L<CMS_sign_ex(3)>, L<CMS_verify(3)>,
|
||||
L<CMS_encrypt(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -2,8 +2,9 @@
|
|||
|
||||
=head1 NAME
|
||||
|
||||
CMS_decrypt, CMS_decrypt_set1_pkey_and_peer, CMS_decrypt_set1_pkey - decrypt
|
||||
content from a CMS envelopedData structure
|
||||
CMS_decrypt, CMS_decrypt_set1_pkey_and_peer,
|
||||
CMS_decrypt_set1_pkey, CMS_decrypt_set1_password
|
||||
- decrypt content from a CMS envelopedData structure
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
|
@ -14,23 +15,41 @@ content from a CMS envelopedData structure
|
|||
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms,
|
||||
EVP_PKEY *pk, X509 *cert, X509 *peer);
|
||||
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
|
||||
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
||||
unsigned char *pass, ossl_ssize_t passlen);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData
|
||||
or AuthEnvelopedData structure. B<pkey> is the private key of the recipient,
|
||||
B<cert> is the recipient's certificate, B<out> is a BIO to write the content to
|
||||
and B<flags> is an optional set of flags.
|
||||
|
||||
The B<dcont> parameter is used in the rare case where the encrypted content
|
||||
CMS_decrypt() extracts the decrypted content from a CMS EnvelopedData
|
||||
or AuthEnvelopedData structure.
|
||||
It uses CMS_decrypt_set1_pkey() to decrypt the content
|
||||
with the recipient private key I<pkey> if I<pkey> is not NULL.
|
||||
In this case, it is recommended to provide the associated certificate
|
||||
in I<cert> - see the NOTES below.
|
||||
I<out> is a BIO to write the content to and
|
||||
I<flags> is an optional set of flags.
|
||||
If I<pkey> is NULL the function assumes that decryption was already done
|
||||
(e.g., using CMS_decrypt_set1_pkey() or CMS_decrypt_set1_password()) and just
|
||||
provides the content unless I<cert>, I<dcont>, and I<out> are NULL as well.
|
||||
The I<dcont> parameter is used in the rare case where the encrypted content
|
||||
is detached. It will normally be set to NULL.
|
||||
|
||||
CMS_decrypt_set1_pkey_and_peer() associates the private key B<pkey>, the
|
||||
corresponding certificate B<cert> and the originator certificate B<peer> with
|
||||
the CMS_ContentInfo structure B<cms>.
|
||||
CMS_decrypt_set1_pkey_and_peer() decrypts the CMS_ContentInfo structure I<cms>
|
||||
using the private key I<pkey>, the corresponding certificate I<cert>, which is
|
||||
recommended to be supplied but may be NULL,
|
||||
and the (optional) originator certificate I<peer>.
|
||||
On success, it also records in I<cms> the decryption key I<pkey>, and this
|
||||
should be followed by C<CMS_decrypt(cms, NULL, NULL, dcont, out, flags)>.
|
||||
This call deallocates any decryption key stored in I<cms>.
|
||||
|
||||
CMS_decrypt_set1_pkey() associates the private key B<pkey>, corresponding
|
||||
certificate B<cert> with the CMS_ContentInfo structure B<cms>.
|
||||
CMS_decrypt_set1_pkey() is the same as
|
||||
CMS_decrypt_set1_pkey_and_peer() with I<peer> being NULL.
|
||||
|
||||
CMS_decrypt_set1_password() decrypts the CMS_ContentInfo structure I<cms>
|
||||
using the secret I<pass> of length I<passlen>.
|
||||
On success, it also records in I<cms> the decryption key used, and this
|
||||
should be followed by C<CMS_decrypt(cms, NULL, NULL, dcont, out, flags)>.
|
||||
This call deallocates any decryption key stored in I<cms>.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
|
@ -38,7 +57,7 @@ Although the recipients certificate is not needed to decrypt the data it is
|
|||
needed to locate the appropriate (of possible several) recipients in the CMS
|
||||
structure.
|
||||
|
||||
If B<cert> is set to NULL all possible recipients are tried. This case however
|
||||
If I<cert> is set to NULL all possible recipients are tried. This case however
|
||||
is problematic. To thwart the MMA attack (Bleichenbacher's attack on
|
||||
PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
|
||||
not. If no recipient succeeds then a random symmetric key is used to decrypt
|
||||
|
@ -54,26 +73,32 @@ open to attack.
|
|||
|
||||
It is possible to determine the correct recipient key by other means (for
|
||||
example looking them up in a database) and setting them in the CMS structure
|
||||
in advance using the CMS utility functions such as CMS_set1_pkey(). In this
|
||||
case both B<cert> and B<pkey> should be set to NULL.
|
||||
in advance using the CMS utility functions such as CMS_set1_pkey(),
|
||||
or use CMS_decrypt_set1_password() if the recipient has a symmetric key.
|
||||
In these cases both I<cert> and I<pkey> should be set to NULL.
|
||||
|
||||
To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
|
||||
and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and
|
||||
B<cert> and B<pkey> set to NULL.
|
||||
I<cert> and I<pkey> set to NULL.
|
||||
|
||||
The following flags can be passed in the B<flags> parameter.
|
||||
The following flags can be passed in the I<flags> parameter.
|
||||
|
||||
If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
|
||||
from the content. If the content is not of type B<text/plain> then an error is
|
||||
If the B<CMS_TEXT> flag is set MIME headers for type C<text/plain> are deleted
|
||||
from the content. If the content is not of type C<text/plain> then an error is
|
||||
returned.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
CMS_decrypt() returns either 1 for success or 0 for failure.
|
||||
The error can be obtained from ERR_get_error(3)
|
||||
CMS_decrypt(), CMS_decrypt_set1_pkey_and_peer(),
|
||||
CMS_decrypt_set1_pkey(), and CMS_decrypt_set1_password()
|
||||
return either 1 for success or 0 for failure.
|
||||
The error can be obtained from ERR_get_error(3).
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
The B<set1_> part of these function names is misleading
|
||||
and should better read: B<with_>.
|
||||
|
||||
The lack of single pass processing and the need to hold all data in memory as
|
||||
mentioned in CMS_verify() also applies to CMS_decrypt().
|
||||
|
||||
|
@ -83,11 +108,12 @@ L<ERR_get_error(3)>, L<CMS_encrypt(3)>
|
|||
|
||||
=head1 HISTORY
|
||||
|
||||
B<CMS_decrypt_set1_pkey_and_peer> was added in OpenSSL 3.0.
|
||||
CMS_decrypt_set1_pkey_and_peer() and CMS_decrypt_set1_password()
|
||||
were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -129,7 +129,7 @@ point_conversion_form_t is an enum defined as follows:
|
|||
For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
|
||||
the octets for x, followed by the octets for y.
|
||||
|
||||
For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For
|
||||
For any given x coordinate for a point on a curve it is possible to derive two possible y values. For
|
||||
POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
|
||||
the two possible solutions for y has been used, followed by the octets for x.
|
||||
|
||||
|
|
|
@ -128,7 +128,7 @@ EC_KEY_check_key() performs various sanity checks on the EC_KEY object to
|
|||
confirm that it is valid.
|
||||
|
||||
EC_KEY_set_public_key_affine_coordinates() sets the public key for I<key> based
|
||||
on its affine co-ordinates; i.e., it constructs an EC_POINT object based on
|
||||
on its affine coordinates; i.e., it constructs an EC_POINT object based on
|
||||
the supplied I<x> and I<y> values and sets the public key to be this
|
||||
EC_POINT. It also performs certain sanity checks on the key to confirm
|
||||
that it is valid.
|
||||
|
@ -235,7 +235,7 @@ For replacement see L<EVP_PKEY-EC(7)>.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -44,7 +44,7 @@ EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.
|
|||
EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.
|
||||
|
||||
The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine
|
||||
co-ordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be
|
||||
coordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be
|
||||
forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used.
|
||||
Modern versions automatically perform this conversion when needed.
|
||||
|
||||
|
@ -90,7 +90,7 @@ were deprecated in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -124,9 +124,9 @@ public concept.
|
|||
A valid point on a curve is the special point at infinity. A point is set to
|
||||
be at infinity by calling EC_POINT_set_to_infinity().
|
||||
|
||||
The affine co-ordinates for a point describe a point in terms of its x and y
|
||||
The affine coordinates for a point describe a point in terms of its x and y
|
||||
position. The function EC_POINT_set_affine_coordinates() sets the B<x> and B<y>
|
||||
co-ordinates for the point B<p> defined over the curve given in B<group>. The
|
||||
coordinates for the point B<p> defined over the curve given in B<group>. The
|
||||
function EC_POINT_get_affine_coordinates() sets B<x> and B<y>, either of which
|
||||
may be NULL, to the corresponding coordinates of B<p>.
|
||||
|
||||
|
@ -140,27 +140,27 @@ EC_POINT_get_affine_coordinates_GF2m() are synonyms for
|
|||
EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility
|
||||
only and should not be used.
|
||||
|
||||
As well as the affine co-ordinates, a point can alternatively be described in
|
||||
terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian
|
||||
projective co-ordinates are expressed as three values x, y and z. Working in
|
||||
this co-ordinate system provides more efficient point multiplication
|
||||
operations. A mapping exists between Jacobian projective co-ordinates and
|
||||
affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
|
||||
as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
|
||||
projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped
|
||||
As well as the affine coordinates, a point can alternatively be described in
|
||||
terms of its Jacobian projective coordinates (for Fp curves only). Jacobian
|
||||
projective coordinates are expressed as three values x, y and z. Working in
|
||||
this coordinate system provides more efficient point multiplication
|
||||
operations. A mapping exists between Jacobian projective coordinates and
|
||||
affine coordinates. A Jacobian projective coordinate (x, y, z) can be written
|
||||
as an affine coordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
|
||||
projective from affine coordinates is simple. The coordinate (x, y) is mapped
|
||||
to (x, y, 1). Although deprecated in OpenSSL 3.0 and should no longer be used,
|
||||
to set or get the projective co-ordinates in older versions use
|
||||
to set or get the projective coordinates in older versions use
|
||||
EC_POINT_set_Jprojective_coordinates_GFp() and
|
||||
EC_POINT_get_Jprojective_coordinates_GFp() respectively.
|
||||
Modern versions should instead use EC_POINT_set_affine_coordinates() and
|
||||
EC_POINT_get_affine_coordinates(), performing the conversion manually using the
|
||||
above maps in such rare circumstances.
|
||||
|
||||
Points can also be described in terms of their compressed co-ordinates. For a
|
||||
Points can also be described in terms of their compressed coordinates. For a
|
||||
point (x, y), for any given value for x such that the point is on the curve
|
||||
there will only ever be two possible values for y. Therefore, a point can be set
|
||||
using the EC_POINT_set_compressed_coordinates() function where B<x> is the x
|
||||
co-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two
|
||||
coordinate and B<y_bit> is a value 0 or 1 to identify which of the two
|
||||
possible values for y should be used.
|
||||
|
||||
The functions EC_POINT_set_compressed_coordinates_GFp() and
|
||||
|
@ -269,7 +269,7 @@ added in OpenSSL 1.1.1.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
|
@ -1065,7 +1065,7 @@ with an L<OSSL_PARAM(3)> item with the key
|
|||
|
||||
When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called
|
||||
with an L<OSSL_PARAM(3)> item with the key
|
||||
"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
|
||||
"tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
|
||||
followed by EVP_CIPHER_CTX_get_params() with a key of
|
||||
"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>).
|
||||
|
||||
|
|
|
@ -62,13 +62,16 @@ see L<openssl_user_macros(7)>:
|
|||
EVP_PKEY_get_base_id() returns the type of I<pkey>. For example
|
||||
an RSA key will return B<EVP_PKEY_RSA>.
|
||||
|
||||
EVP_PKEY_get_id() returns the actual OID associated with I<pkey>.
|
||||
Historically keys using the same algorithm could use different OIDs.
|
||||
For example an RSA key could use the OIDs corresponding to
|
||||
EVP_PKEY_get_id() returns the actual NID associated with I<pkey>
|
||||
only if the I<pkey> type isn't implemented just in a L<provider(7)>.
|
||||
Historically keys using the same algorithm could use different NIDs.
|
||||
For example an RSA key could use the NIDs corresponding to
|
||||
the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or
|
||||
B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
|
||||
alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
|
||||
alternative non-standard NIDs is now rare so B<EVP_PKEY_RSA2> et al are not
|
||||
often seen in practice.
|
||||
EVP_PKEY_get_id() returns -1 (B<EVP_PKEY_KEYMGMT>) if the I<pkey> is
|
||||
only implemented in a L<provider(7)>.
|
||||
|
||||
EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
|
||||
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
|
||||
|
@ -142,6 +145,9 @@ EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
|
|||
|
||||
For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
|
||||
|
||||
For purposes of retrieving the name of the B<EVP_PKEY> the function
|
||||
L<EVP_PKEY_get0_type_name(3)> is more generally useful.
|
||||
|
||||
The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
|
||||
EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
|
||||
return type in OpenSSL 3.0. As described above the keys returned may be cached
|
||||
|
@ -222,7 +228,7 @@ It was removed in OpenSSL 3.0.
|
|||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue