Citra-emu/ext-libressl-portable
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #8 from liushuyu/master

Browse Source 
libressl: Update to 3.4.2
This commit is contained in:
Schplee 2021-12-22 16:42:59 -08:00 committed by GitHub
commit 5f51486f69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
174 changed files with 17124 additions and 6248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CMakeLists.txt
View File

@ -113,19 +113,21 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
endif()
if(WIN32)
add_definitions(-Drestrict)
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600)
add_definitions(-DCPPFLAGS -DNO_SYSLOG -DNO_CRYPT)
set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32)
add_definitions(-DWIN32_LEAN_AND_MEAN)
if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore")
add_definitions(-D_WIN32_WINNT=0x0600)
endif()
set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32 bcrypt)
endif()
if(MSVC)
add_definitions(-Dinline=__inline)
message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
if(CMAKE_C_COMPILER_ID MATCHES "MSVC" OR CMAKE_C_COMPILER_ID MATCHES "Clang")
set(MSVC_DISABLED_WARNINGS_LIST
"C4018" # 'expression' : signed/unsigned mismatch
"C4057" # 'operator' : 'identifier1' indirection to
@ -298,6 +300,7 @@ if(ENABLE_ASM)
elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
set(HOST_ASM_ELF_X86_64 true)
endif()
add_definitions(-DHAVE_GNU_STACK)
elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
set(HOST_ASM_MACOSX_X86_64 true)
elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64"))
@ -331,12 +334,23 @@ if(SIZEOF_TIME_T STREQUAL "4")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
set(OPENSSL_LIBS tls ssl crypto ${PLATFORM_LIBS})
set(OPENSSL_LIBS ssl crypto ${PLATFORM_LIBS})
set(LIBTLS_LIBS tls ${PLATFORM_LIBS})
add_subdirectory(crypto)
add_subdirectory(ssl)
if(LIBRESSL_APPS)
add_subdirectory(apps)
endif()
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
add_subdirectory(man)
endif()
# Tests require the openssl executable and are unavailable when building shared libraries
if(LIBRESSL_APPS AND LIBRESSL_TESTS)
add_subdirectory(tests)
endif()
if(NOT MSVC)
# Create pkgconfig files.
@ -358,3 +372,23 @@ if(NOT MSVC)
DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
set(CONF_DIR "${OPENSSLDIR}")
else()
set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
if(ENABLE_LIBRESSL_INSTALL)
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
endif(ENABLE_LIBRESSL_INSTALL)
if(NOT TARGET uninstall)
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
endif()

513
ChangeLog
View File

@ -28,6 +28,514 @@ history is also available from Git.
LibreSSL Portable Release Notes:
3.4.2 - Security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
3.4.1 - Stable release
* New Features
- Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
- Enabled the new X.509 validator to allow verification of
modern certificate chains.
* Portable Improvements
- Ported continuous integration and test infrastructure to Github
actions.
- Added Universal Windows Platform (UWP) build support.
- Fixed mingw-w64 builds on newer versions with missing SSP support.
- Added non-executable stack annotations for CMake builds.
* API and Documentation Enhancements
- Added the following APIs from OpenSSL
BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
EC_GROUP_order_bits EC_GROUP_set_curve
EC_POINT_get_affine_coordinates
EC_POINT_set_affine_coordinates
EC_POINT_set_compressed_coordinates EVP_DigestSign
EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
SSL_SESSION_set_max_early_data SSL_get_early_data_status
SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
SSL_set_ciphersuites SSL_set_max_early_data
SSL_set_post_handshake_auth
SSL_set_psk_use_session_callback
SSL_verify_client_post_handshake SSL_write_early_data
- Added AES-GCM constants from RFC 7714 for SRTP.
* Compatibility Changes
- Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
- Call the info callback on connect/accept exit in TLSv1.3,
needed for p5-Net-SSLeay.
- Default to using named curve parameter encoding from
pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
- Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
* Testing and Proactive Security
- Added additional state machine test coverage.
- Improved integration test support with ruby/openssl tests.
- Error codes and callback support in new X.509 validator made
compatible with p5-Net_SSLeay tests.
* Internal Improvements
- Numerous fixes and improvements to the new X.509 validator to
ensure compatible error codes and callback support compatible
with the legacy OpenSSL validator.
3.4.0 - Development release
* Add support for OpenSSL 1.1.1 TLSv1.3 APIs.
* Enable new x509 validator.
* More details to come, testing is appreciated.
3.3.5 - Security fix
* A stack overread could occur when checking X.509 name constraints.
From GoldBinocle on GitHub.
* Enable X509_V_FLAG_TRUSTED_FIRST by default in the legacy verifier.
This compensates for the expiry of the DST Root X3 certificate.
3.3.4 - Security fix
* In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print().
From Ingo Schwarze
* Ensure GNU-stack is set on ELF platforms when building with CMake to
enable non-executable stack annotations for the GNU toolchain.
From Tobias Heider
3.3.3 - Stable release
* This is the first stable release from the 3.3.x series.
There are no changes from 3.3.2.
3.3.2 - Development release
* This release adds support for DTLSv1.2 and continues the rewrite
of the record layer for the legacy stack. Numerous bugs and
interoperability issues were fixed in the new verifier. A few bugs
and incompatibilities remain, so this release uses the old verifier
by default. The OpenSSL 1.1 TLSv1.3 API is not yet available.
* Switch finish{,_peer}_md_len from an int to a size_t.
* Make SSL_get{,_peer}_finished() work when used with TLSv1.3.
* Use EVP_MD_MAX_MD_SIZE instead of 2 * EVP_MD_MAX_MD_SIZE as size
for cert_verify_md[], finish_md[] and peer_finish_md[]. The factor 2
was a historical artefact.
* Correct the return value type from ERR_peek_error() to a long.
* Avoid use of uninitialized in ASN1_time_parse() which could happen
on parsing UTCTime if the caller did not initialise the passed
struct tm.
* Destroy the mutex in a tls_config object on tls_config_free().
* Free alert_data and phh_data in tls13_record_layer_free()
these could leak if SSL_shutdown() or tls_close() were called
after closing the underlying socket().
* Free struct members in tls13_record_layer_free() in their natural
order for reviewability.
* Gracefully handle root certificates being both trusted and
untrusted.
* Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in the new
verifier.
* Use the legacy verifier when building auto chains for TLS.
* Use consistent names in tls13_{client,server}_finished_{recv,send}().
* Add tls13_secret_{init,cleanup}() and use them throughout the
TLSv1.3 code base.
* Move the read MAC key into the TLSv1.2 record layer.
* Make tls12_record_layer_free() NULL safe.
* Search the intermediates only after searching the root certs in the
new verifier to avoid problems with the legacy callback.
* Bail out early after finding a single chain in the new verifier, if
we have been called via the legacy verifier API.
* Set (invalid and likely incomplete) chain on the xsc on chain build
failure prior to calling the callback. This is required by various
callers, including auto chain.
* Align SSL_get_shared_ciphers() with OpenSSL. This takes into account
that it never returned server ciphers, so now it will fail when
called from the client side.
* Add support for SSL_get_shared_ciphers() with TLSv1.3.
* Split the record protection from the TLSv1.2 record layer.
* Clean up sequence number handling in the new TLSv1.2 record layer.
* Clean up sequence number handling in DTLS.
* Clean up dtls1_reset_seq_numbers().
* Factor out code for explicit IV length, block size and MAC length
from tls12_record_layer_open_record_protected_cipher().
* Provide record layer overhead for DTLS.
* Provide functions to determine if TLSv1.2 record protection is
engaged.
* Add code to handle change of cipher state in the new TLSv1.2 record
layer.
* Mop up now unused dtls1_build_sequence_numbers() function.
* Allow setting a keypair on a tls context without specifying the
private key, and fake it internally in libtls. This removes the
need for privsep engines like relayd to use bogus keys.
* Skip the private key check for fake private keys.
* Move the private key setup from tls_configure_ssl_keypair() to a
helper function with proper error checking.
* Change the internal tls_configure_ssl_keypair() function to
return -1 instead of 1 on failure.
* Move sequence numbers into the new TLSv1.2 record layer.
* Move AEAD handling into the new TLSv1.2 record layer.
* Remove direct assignment of aead_ctx to avoid a leak.
* Add a number of RPKI OIDs from RFC 6482, 6484, 6493, 8182, 8360,
draft-ietf-sidrops-rpki-rta, and draft-ietf-opsawg-finding-geofeeds.
* Fail early in legacy exporter if the master secret is not available
to avoid a segfault if it is called when the handshake is not
completed.
* Factor out legacy stack version checks.
* Correct handshake MAC/PRF for various TLSv1.2 cipher suites which
were originally added with the default handshake MAC and PRF rather
than the SHA256 handshake MAC and PRF.
* Absorb ssl3_get_algorithm2() into ssl_get_handshake_evp_md().
* Use dtls1_record_retrieve_buffered_record() to load buffered
application data.
* Enforce read ahead with DTLS.
* Remove bogus DTLS checks that disabled ECC and OCSP.
* Sync cert.pem with Mozilla NSS root CAs except "GeoTrust Global CA".
* Only print the certificate file once on verification failure.
* Pull in fix for EVP_CipherUpdate() overflow from OpenSSL.
* Clean up and simplify dtls1_get_cipher().
* Group HelloVerifyRequest decoding and add missing check for trailing
data.
* Revise HelloVerifyRequest handling for DTLSv1.2.
* Handle DTLS1_2_VERSION in various places.
* Add DTLSv1.2 methods.
* Make SSL{_CTX,}_get_{min,max}_proto_version() return a version of
zero if the minimum or maximum has been set to zero to match
OpenSSL's behavior.
* Rename the "truncated" label into "decode_err" and the "f_err"
label into "fatal_err".
* Factor out and change some of the legacy client version code.
* Simplify version checks in the TLSv1.3 client. Ensure that the
server announced TLSv1.3 and nothing higher and check that the
legacy_version is set to TLSv1.2 as required by RFC 8446.
* Fix an off-by-one in x509_verify_set_xsc_chain() to make sure that
the new validator checks for EXFLAG_CRITICAL in
x509_vfy_check_chain_extension() for all untrusted certs in the
chain. Take into account that the root is not necessarily trusted.
* Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.
* Rename depth to num_untrusted.
* Only use TLS versions internally rather than both TLS and DTLS
versions since the latter are the one's complement of the human
readable version numbers, which means that newer versions decrease
in value.
* Fix two bugs in the legacy verifier that resulted from refactoring
of X509_verify_cert() for the new verifier: a return value was
incorrectly treated as boolean, making it insufficient to decide
whether validation should carry on or not.
* Identify DTLS based on the version major value.
* Move handling of cipher/hash based cipher suites into the new record
layer.
* Add tls12_record_protection_unused() and call it from CCS functions.
* Move key/IV length checks closer to usage sites. Also add explicit
checks against EVP_CIPHER_{iv,key}_length().
* Replace two handrolled tls12_record_protection_engaged().
* Improve internal version handling: add handshake fields for our
minimum version, our maximum version and the TLS version negotiated
during the handshake. Convert most of the internal code to use these
version fields.
* Guard against future internal use of TLS1_get_{client,}_version()
macros.
* Remove the internal ssl_downgrade_max_version() function which is no
longer needed.
* Fix checks for memory caps of constraints names. There are internal
caps on the number of name constraints and other names, that the new
name constraints code allocates per cert chain. These limits were
checked too late, making them only partially effective.
* Use EXFLAG_INVALID to handle out of memory and parse errors in
x509v3_cache_extensions().
* Add support for DTLSv1.2 version handling.
* Enable DTLSv1.2 support.
* Add DTLSv1.2 support to openssl s_client/s_server.
* Remove no longer needed read ahead workarounds in the s_client and
s_server.
* Fix a copy-paste error - skid was confused with an akid when
checking for EXFLAG_INVALID. This broke OCSP validation with
certain mirrors.
* Make supported protocols and options for DHE params more prominent
in tls_config_set_protocols.3.
* Avoid a use-after-scope in tls13_cert_add().
* Split TLSv1.3 record protection from record layer.
* Move the TLSv1.3 handshake struct inside the shared handshake
struct.
* Fully initialize rrec in tls12_record_layer_open_record_protected()
to avoid confusing some static analyzers.
* Use tls_set_errorx() on OCSP_basic_verify() failure since the latter
does not set errno.
* Convert openssl(1) x509 to new option handling and do the usual
clean up that goes along with it.
* Add SSL_HANDSHAKE_TLS12 for TLSv1.2 specific handshake data.
* Rename new_cipher to cipher to align naming with keyblock or other
parts of the handshake data.
* Avoid mangled output in BIO_debug_callback().
* Fix client initiated renegotiation by replacing use of s->internal-type
with s->server.
* Move the TLSv1.2 record number increment into the new record layer.
* Move finished and peer finished into the handshake struct.
* Avoid transcript initialization when sending a TLS HelloRequest,
fixing server initiated renegotiation.
* Remove pointless assignment in SSL_get0_alpn_selected().
* Provide EVP_PKEY_new_CMAC_KEY(3).
* Add missing prototype for d2i_DSAPrivateKey_fp(3) to x509.h.
* Add DTLSv1.2 to openssl(1) s_server and s_client protocol message
logging.
* Avoid leaking param->name in x509_verify_param_zero().
* Avoid a leak in an error path in openssl(1) x509.
* Add some error checking to openssl(1) x509.
* When sending an alert in TLSv1.3, only set its error code when no
other error was set previously. Certain clients rely on specific
SSL_R_ error codes to identify that they are dealing with a self
signed cert.
* Switch to the legacy verifier for the stable release.
* Provide SSL_use_certificate_chain_file(3).
* Provide SSL_set_hostflags(3) and SSL_get0_peername(3).
* Provide various DTLSv1.2 specific functions and defines.
* Document meaning of '*' in the genrsa output.
* Updated documentation for SSL_get_shared_ciphers(3).
* Add documentation for SSL_get_finished(3).
* Document EVP_PKEY_new_CMAC_key(3)
* Document SSL_use_certificate_chain_file(3).
* Document SSL_set_hostflags(3) and SSL_get0_peername(3).
* Update SSL_get_version.3 manual for DTLSv.1.2 support.
* Added '--enable-libtls-only' build option, which builds and installs a
statically-linked libtls, skipping libcrypto and libssl. This is useful
for systems that ship with OpenSSL but wish to also package libtls.
3.3.1 - Security fix
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.
Bug fixes
* Move point-on-curve check to set_affine_coordinates to avoid
verifying ECDSA signatures with unchecked public keys.
* Fix SSL_is_server() to behave as documented by re-introducing the
client-specific methods.
* Avoid undefined behavior due to memcpy(NULL, NULL, 0).
* Mark a few more internal static tables const.
3.3.0 - Development release
* Make openssl(1) s_server ignore -4 and -6 for compatibility with
OpenSSL.
* Further cleanup of the DTLS record handling.
* Continue the replacement of the TLSv1.2 record layer by
reimplementing the read side of the TLSv1.2 record handling.
* Replace DTLSv1_enc_data() with TLSv1_1_enc_data().
* Merge d1_{clnt,srvr}.c into ssl_{clnt,srvr}.c.
* When switching from the TLSv1.3 stack to the legacy stack include
a TLS record header. This is necessary if there is more than one
handshake message in the TLS plaintext record.
* Set SO_REUSEADDR on the server socket in the openssl(1) ocsp
command.
* Fix resource handling on error in OCSP_request_add0_id().
* Add const to ssl_ciphers and tls1[23]_sigalgs* to push them into
.data.rel.ro and .rodata, respectively.
* Add a const qualifier to srtp_known_profiles.
* Simplify TLS method by removing the client and server specific
methods internally.
* Avoid casting away const in ssl_ctx_make_profiles().
* Make sure there is enough room for stashing the handshake message
when switching to the legacy TLS stack.
* Avoid explicitly conditioning an assert on DTLS1_VERSION to make
the assert work for newer DTLS versions.
* Merge SSL_ENC_METHOD into SSL_METHOD_INTERNAL.
* Send a host header with OCSP queries to make openssl(1) ocsp
work with some widely used OCSP responders.
* Fix a memory leak in the openssl(1) s_client.
* Add a flag to mark DTLS methods as DTLS to have an easy way to
recognize DTLS methods that avoids inspecting the version number.
* Implement SSL_is_dtls() and use it internally in place of the
SSL_IS_DTLS macro.
* Unbreak DTLS retransmissions for flights that include a CCS.
* Add ability to ocspcheck(8) to parse a port in the specified
OCSP URL.
* Refactor and clean up ocspcheck(8) and add regression tests.
* If x509_verify() fails, ensure that the error is set on both
the x509_verify_ctx() and its store context to make some failures
visible from SSL_get_verify_result().
* Use the X509_STORE_CTX get_issuer() callback from the new X.509
verifier to fix hashed certificate directories.
* Only check BIO_should_read() on read and BIO_should_write() on
write. Previously, BIO_should_write() was also checked after read
and BIO_should_read() after write which could cause stalls in
software that uses the same BIO for read and write.
* In openssl(1) verify, also check for error on the store context
since the return value of X509_verify_cert() is unreliable in
presence of a callback that returns 1 too often.
* Update getentropy on Windows to use Cryptography Next Generation
(CNG). wincrypt is deprecated and no longer works with newer Windows
environments, such as in Windows Store apps.
* Implement auto chain for the TLSv1.3 server since some software
relies on this.
* Handle additional certificate error cases in the new X.509 verifier.
Keep track of the errors encountered if a verify callback tells the
verifier to continue and report them back via the error on the store
context. This mimics the behavior of the old verifier that would
persist the first error encountered while building the chain.
* Report specific failures for "self signed certificates" in a way
compatible with the old verifier since software relies on the
error code.
* Implement key exporter for TLSv1.3.
* Plug a large memory leak in the new verifier caused by calling
X509_policy_check() repeatedly.
* Avoid leaking memory in x509_verify_chain_dup().
* Various documentation improvements, particularly around TLS methods.
3.2.3 - Security fix
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.
3.2.2 - Stable release
* This is the first stable release with the new TLSv1.3
@ -279,6 +787,11 @@ LibreSSL Portable Release Notes:
* Use non-expired certificates first when building a certificate chain.
3.1.5 - Security fix
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference.
3.1.4 - Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates

12
README.md
View File

@ -1,4 +1,4 @@
Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.2.tar.gz
Built from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2.tar.gz
Modifications:
- Removed tests/mandocs/pkgconfig/scripts/apps/cmake_uninstall from both filesystem and CMakeLists.txt
@ -9,7 +9,11 @@ Modifications:
![LibreSSL image](https://www.libressl.org/images/libressl.jpg)
## Official portable version of [LibreSSL](https://www.libressl.org) ##
[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl)
[![Linux Build Status](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/linux_test.yml)
[![macOS Build Status](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/macos_test.yml)
[![Android_Build Status](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/android_test.yml)
[![Cross_Build Status](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl-portable/portable/actions/workflows/cross_test.yml)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl)
LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
[OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase,
@ -45,9 +49,9 @@ At the time of this writing, LibreSSL is known to build and work on:
* AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
* Microsoft Windows (Vista or higher, x86 and x64)
* Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64)
* Wine (32-bit and 64-bit)
* Builds with Mingw-w64, Cygwin, and Visual Studio
* Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory

2
VERSION
View File

@ -1,2 +1,2 @@
3.2.2
3.4.2

5950
cert.pem Normal file
View File

File diff suppressed because it is too large Load Diff

20
crypto/CMakeLists.txt
View File

@ -968,7 +968,25 @@ if(EXTRA_EXPORT)
endforeach()
endif()
add_library(crypto ${CRYPTO_SRC})
set(LIBTLS_EXTRA_EXPORT ${EXTRA_EXPORT} PARENT_SCOPE)
add_library(crypto_obj OBJECT ${CRYPTO_SRC})
target_include_directories(crypto_obj
PRIVATE
.
asn1
bn
dsa
ec
ecdh
ecdsa
evp
modes
../include/compat
PUBLIC
../include)
add_library(crypto $<TARGET_OBJECTS:crypto_obj>)
target_include_directories(crypto
PRIVATE
.

2
crypto/VERSION
View File

@ -1 +1 @@
46:1:0
47:0:0

11
crypto/asn1/a_object.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: a_object.c,v 1.31 2018/04/25 11:48:21 tb Exp $ */
/* $OpenBSD: a_object.c,v 1.32 2021/05/01 13:16:30 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -304,8 +304,6 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
}
}
/* only the ASN1_OBJECTs from the 'table' will have values
* for ->sn or ->ln */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
if ((ret = ASN1_OBJECT_new()) == NULL)
@ -327,6 +325,13 @@ c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len)
memcpy(data, p, length);
/* If there are dynamic strings, free them here, and clear the flag. */
if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
free((void *)ret->sn);
free((void *)ret->ln);
ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
}
/* reattach data to object, after which it remains const */
ret->data = data;
ret->length = length;

14
crypto/asn1/a_time_tm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */
/* $OpenBSD: a_time_tm.c,v 1.18 2021/08/28 08:22:48 tb Exp $ */
/*
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
*
@ -163,10 +163,9 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
return (-1);
lt = tm;
if (lt == NULL) {
memset(&ltm, 0, sizeof(ltm));
if (lt == NULL)
lt = &ltm;
}
memset(lt, 0, sizeof(*lt));
/* Timezone is required and must be GMT (Zulu). */
if (bytes[len - 1] != 'Z')
@ -262,8 +261,8 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
size_t len;
char * p;
if (gmtime_r(&t, &tm) == NULL)
return (NULL);
if (gmtime_r(&t, &tm) == NULL)
return (NULL);
if (offset_day || offset_sec) {
if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec))
@ -299,7 +298,7 @@ ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
case GENTIME_LENGTH:
s->type = V_ASN1_GENERALIZEDTIME;
break;
case UTCTIME_LENGTH:
case UTCTIME_LENGTH:
s->type = V_ASN1_UTCTIME;
break;
default:
@ -354,7 +353,6 @@ ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
return (NULL);
memset(&tm, 0, sizeof(tm));
if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
return (NULL);
if ((str = gentime_string_from_tm(&tm)) == NULL)

3
crypto/asn1/asn1_err.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: asn1_err.c,v 1.21 2018/03/29 02:29:24 inoguchi Exp $ */
/* $OpenBSD: asn1_err.c,v 1.22 2020/12/08 15:06:42 tb Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@ -85,6 +85,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) , "bad object header"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) , "bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG) , "bad tag"},
{ERR_REASON(ASN1_R_BAD_TEMPLATE) , "bad template"},
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"},
{ERR_REASON(ASN1_R_BN_LIB) , "bn lib"},
{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},

4
crypto/asn1/asn1_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */
/* $OpenBSD: asn1_lib.c,v 1.45 2020/12/08 15:06:42 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -388,6 +388,8 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
{
int i;
if (a == NULL || b == NULL)
return -1;
i = (a->length - b->length);
if (i == 0) {
i = memcmp(a->data, b->data, a->length);

5
crypto/asn1/t_spki.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t_spki.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */
/* $OpenBSD: t_spki.c,v 1.12 2021/08/24 15:23:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -94,7 +94,8 @@ NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
}
chal = spki->spkac->challenge;
if (chal->length)
BIO_printf(out, " Challenge String: %s\n", chal->data);
BIO_printf(out, " Challenge String: %.*s\n", chal->length,
chal->data);
i = OBJ_obj2nid(spki->sig_algor->algorithm);
BIO_printf(out, " Signature Algorithm: %s",
(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));

12
crypto/asn1/t_x509.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t_x509.c,v 1.32 2020/04/10 07:05:24 tb Exp $ */
/* $OpenBSD: t_x509.c,v 1.34 2021/07/26 16:54:20 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -180,7 +180,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
goto err;
if (X509_NAME_print_ex(bp, X509_get_issuer_name(x),
nmindent, nmflags) < 0)
nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
@ -203,7 +203,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
goto err;
if (X509_NAME_print_ex(bp, X509_get_subject_name(x),
nmindent, nmflags) < 0)
nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
@ -261,10 +261,12 @@ X509_ocspid_print(BIO *bp, X509 *x)
in OCSP requests */
if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
goto err;
derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
if ((derlen = i2d_X509_NAME(x->cert_info->subject, NULL)) <= 0)
goto err;
if ((der = dertmp = malloc(derlen)) == NULL)
goto err;
i2d_X509_NAME(x->cert_info->subject, &dertmp);
if (i2d_X509_NAME(x->cert_info->subject, &dertmp) <= 0)
goto err;
if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
goto err;

6
crypto/asn1/t_x509a.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: t_x509a.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */
/* $OpenBSD: t_x509a.c,v 1.9 2021/07/10 17:45:16 schwarze Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -105,8 +105,8 @@ X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
} else
BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
if (aux->alias)
BIO_printf(out, "%*sAlias: %s\n", indent, "",
aux->alias->data);
BIO_printf(out, "%*sAlias: %.*s\n", indent, "",
aux->alias->length, aux->alias->data);
if (aux->keyid) {
BIO_printf(out, "%*sKey Id: ", indent, "");
for (i = 0; i < aux->keyid->length; i++)

22
crypto/asn1/tasn_dec.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tasn_dec.c,v 1.37 2019/04/01 15:48:04 jsing Exp $ */
/* $OpenBSD: tasn_dec.c,v 1.38 2020/12/08 15:06:42 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -210,6 +210,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
break;
case ASN1_ITYPE_MSTRING:
/*
* It never makes sense for multi-strings to have implicit
* tagging, so if tag != -1, then this looks like an error in
* the template.
*/
if (tag != -1) {
ASN1error(ASN1_R_BAD_TEMPLATE);
goto err;
}
p = *in;
/* Just read in tag and class */
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
@ -245,6 +255,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
it, tag, aclass, opt, ctx);
case ASN1_ITYPE_CHOICE:
/*
* It never makes sense for CHOICE types to have implicit
* tagging, so if tag != -1, then this looks like an error in
* the template.
*/
if (tag != -1) {
ASN1error(ASN1_R_BAD_TEMPLATE);
goto err;
}
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;

21
crypto/asn1/tasn_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tasn_enc.c,v 1.22 2019/04/01 15:48:04 jsing Exp $ */
/* $OpenBSD: tasn_enc.c,v 1.23 2020/12/08 15:06:42 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
@ -61,6 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/err.h>
#include <openssl/objects.h>
static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
@ -152,9 +153,27 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
break;
case ASN1_ITYPE_MSTRING:
/*
* It never makes sense for multi-strings to have implicit
* tagging, so if tag != -1, then this looks like an error in
* the template.
*/
if (tag != -1) {
ASN1error(ASN1_R_BAD_TEMPLATE);
return 0;
}
return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
case ASN1_ITYPE_CHOICE:
/*
* It never makes sense for CHOICE types to have implicit
* tagging, so if tag != -1, then this looks like an error in
* the template.
*/
if (tag != -1) {
ASN1error(ASN1_R_BAD_TEMPLATE);
return 0;
}
if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
return 0;
i = asn1_get_choice_selector(pval, it);

22
crypto/asn1/x_name.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x_name.c,v 1.34 2018/02/20 17:09:20 jsing Exp $ */
/* $OpenBSD: x_name.c,v 1.35 2021/07/04 11:38:37 schwarze Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -626,19 +626,13 @@ i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
int
X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
X509_NAME *in;
if (!xn || !name)
return (0);
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
if (*xn == name)
return *xn != NULL;
if ((name = X509_NAME_dup(name)) == NULL)
return 0;
X509_NAME_free(*xn);
*xn = name;
return 1;
}
int

10
crypto/asn1/x_x509.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x_x509.c,v 1.26 2018/02/17 15:50:42 jsing Exp $ */
/* $OpenBSD: x_x509.c,v 1.27 2021/09/02 12:41:44 job Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -185,6 +185,10 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
ret->akid = NULL;
ret->aux = NULL;
ret->crldp = NULL;
#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
#endif
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
break;
@ -202,6 +206,10 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
#endif
free(ret->name);
ret->name = NULL;
break;

15
crypto/bio/b_dump.c
View File

@ -1,10 +1,10 @@
/* $OpenBSD: b_dump.c,v 1.21 2015/04/23 06:11:19 deraadt Exp $ */
/* $OpenBSD: b_dump.c,v 1.22 2021/07/11 20:18:07 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
@ -82,7 +82,7 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
{
int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc;
int i, j, rows, trc, written;
unsigned char ch;
int dump_width;
@ -133,13 +133,18 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
/* if this is the last call then update the ddt_dump thing so
* that we will move the selection point in the debug window
*/
ret += cb((void *)buf, strlen(buf), u);
if ((written = cb((void *)buf, strlen(buf), u)) < 0)
return -1;
ret += written;
}
#ifdef TRUNCATE
if (trc > 0) {
snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n",
str, len + trc);
ret += cb((void *)buf, strlen(buf), u);
if ((written = cb((void *)buf, strlen(buf), u)) < 0)
return -1;
ret += written;
}
#endif
return (ret);

16
crypto/bio/bio_cb.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bio_cb.c,v 1.16 2014/12/08 03:54:19 bcook Exp $ */
/* $OpenBSD: bio_cb.c,v 1.17 2021/03/25 09:26:17 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -70,15 +70,22 @@ BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl,
BIO *b;
char buf[256];
char *p;
int nbuf;
long r = 1;
size_t p_maxlen;
if (BIO_CB_RETURN & cmd)
r = ret;
snprintf(buf, sizeof buf, "BIO[%p]:", bio);
p = &(buf[14]);
p_maxlen = sizeof buf - 14;
nbuf = snprintf(buf, sizeof(buf), "BIO[%p]: ", bio);
if (nbuf < 0)
nbuf = 0; /* Ignore error; continue printing. */
if (nbuf >= sizeof(buf))
goto out;
p = buf + nbuf;
p_maxlen = sizeof(buf) - nbuf;
switch (cmd) {
case BIO_CB_FREE:
snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
@ -136,6 +143,7 @@ BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl,
break;
}
out:
b = (BIO *)bio->cb_arg;
if (b != NULL)
BIO_write(b, buf, strlen(buf));

141
crypto/bn/bn_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bn_lib.c,v 1.47 2019/06/17 17:11:48 tb Exp $ */
/* $OpenBSD: bn_lib.c,v 1.48 2021/09/08 12:19:17 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -583,20 +583,143 @@ BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
return (ret);
}
typedef enum {
big,
little,
} endianness_t;
/* ignore negative */
static int
bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianness_t endianness)
{
int n;
size_t i, lasti, j, atop, mask;
BN_ULONG l;
/*
* In case |a| is fixed-top, BN_num_bytes can return bogus length,
* but it's assumed that fixed-top inputs ought to be "nominated"
* even for padded output, so it works out...
*/
n = BN_num_bytes(a);
if (tolen == -1)
tolen = n;
else if (tolen < n) { /* uncommon/unlike case */
BIGNUM temp = *a;
bn_correct_top(&temp);
n = BN_num_bytes(&temp);
if (tolen < n)
return -1;
}
/* Swipe through whole available data and don't give away padded zero. */
atop = a->dmax * BN_BYTES;
if (atop == 0) {
explicit_bzero(to, tolen);
return tolen;
}
lasti = atop - 1;
atop = a->top * BN_BYTES;
if (endianness == big)
to += tolen; /* start from the end of the buffer */
for (i = 0, j = 0; j < (size_t)tolen; j++) {
unsigned char val;
l = a->d[i / BN_BYTES];
mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
if (endianness == big)
*--to = val;
else
*to++ = val;
i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
}
return tolen;
}
int
BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
if (tolen < 0)
return -1;
return bn2binpad(a, to, tolen, big);
}
int
BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
int n, i;
BN_ULONG l;
return bn2binpad(a, to, -1, big);
}
bn_check_top(a);
n = i=BN_num_bytes(a);
while (i--) {
l = a->d[i / BN_BYTES];
*(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
BIGNUM *
BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
{
unsigned int i, m, n;
BN_ULONG l;
BIGNUM *bn = NULL;
if (ret == NULL)
ret = bn = BN_new();
if (ret == NULL)
return NULL;
bn_check_top(ret);
s += len;
/* Skip trailing zeroes. */
for (; len > 0 && s[-1] == 0; s--, len--)
continue;
n = len;
if (n == 0) {
ret->top = 0;
return ret;
}
return (n);
i = ((n - 1) / BN_BYTES) + 1;
m = (n - 1) % BN_BYTES;
if (bn_wexpand(ret, (int)i) == NULL) {
BN_free(bn);
return NULL;
}
ret->top = i;
ret->neg = 0;
l = 0;
while (n-- > 0) {
s--;
l = (l << 8L) | *s;
if (m-- == 0) {
ret->d[--i] = l;
l = 0;
m = BN_BYTES - 1;
}
}
/*
* need to call this due to clear byte at top if avoiding having the
* top bit set (-ve number)
*/
bn_correct_top(ret);
return ret;
}
int
BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
{
if (tolen < 0)
return -1;
return bn2binpad(a, to, tolen, little);
}
int

6
crypto/bn/bn_print.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bn_print.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */
/* $OpenBSD: bn_print.c,v 1.32 2021/08/31 11:19:19 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -216,7 +216,7 @@ BN_hex2bn(BIGNUM **bn, const char *a)
if ((ret = BN_new()) == NULL)
return (0);
} else {
ret= *bn;
ret = *bn;
BN_zero(ret);
}
@ -228,7 +228,7 @@ BN_hex2bn(BIGNUM **bn, const char *a)
m = 0;
h = 0;
while (j > 0) {
m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j;
m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
l = 0;
for (;;) {
c = a[j - m];

8
crypto/bn/bn_rand.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bn_rand.c,v 1.24 2020/09/12 17:16:36 tb Exp $ */
/* $OpenBSD: bn_rand.c,v 1.25 2021/08/31 11:19:19 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -194,20 +194,20 @@ err:
return (ret);
}
int
int
BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(0, rnd, bits, top, bottom);
}
int
int
BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(1, rnd, bits, top, bottom);
}
#if 1
int
int
BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
{
return bnrand(2, rnd, bits, top, bottom);

3
crypto/cms/cms_env.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cms_env.c,v 1.23 2019/10/04 18:03:56 tb Exp $ */
/* $OpenBSD: cms_env.c,v 1.24 2021/09/08 14:33:02 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
@ -792,6 +792,7 @@ cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
goto err;
}
freezero(ec->key, ec->keylen);
ec->key = ukey;
ec->keylen = ukeylen;

6
crypto/compat/getentropy_freebsd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */
/* $OpenBSD: getentropy_freebsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */
/*
* Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@ -32,11 +32,9 @@
static size_t
getentropy_sysctl(u_char *buf, size_t size)
{
int mib[2];
const int mib[2] = { CTL_KERN, KERN_ARND };
size_t len, done;
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
done = 0;
do {

6
crypto/compat/getentropy_netbsd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */
/* $OpenBSD: getentropy_netbsd.c,v 1.4 2020/10/12 22:08:33 deraadt Exp $ */
/*
* Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
@ -32,11 +32,9 @@
static size_t
getentropy_sysctl(u_char *buf, size_t size)
{
int mib[2];
const int mib[2] = { CTL_KERN, KERN_ARND };
size_t len, done;
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
done = 0;
do {

27
crypto/compat/getentropy_win.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */
/* $OpenBSD: getentropy_win.c,v 1.6 2020/11/11 10:41:24 bcook Exp $ */
/*
* Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
@ -21,39 +21,30 @@
*/
#include <windows.h>
#include <bcrypt.h>
#include <errno.h>
#include <stdint.h>
#include <sys/types.h>
#include <wincrypt.h>
#include <process.h>
int getentropy(void *buf, size_t len);
/*
* On Windows, CryptGenRandom is supposed to be a well-seeded
* cryptographically strong random number generator.
* On Windows, BCryptGenRandom with BCRYPT_USE_SYSTEM_PREFERRED_RNG is supposed
* to be a well-seeded, cryptographically strong random number generator.
* https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom
*/
int
getentropy(void *buf, size_t len)
{
HCRYPTPROV provider;
if (len > 256) {
errno = EIO;
return (-1);
}
if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT) == 0)
goto fail;
if (CryptGenRandom(provider, len, buf) == 0) {
CryptReleaseContext(provider, 0);
goto fail;
if (FAILED(BCryptGenRandom(NULL, buf, len, BCRYPT_USE_SYSTEM_PREFERRED_RNG))) {
errno = EIO;
return (-1);
}
CryptReleaseContext(provider, 0);
return (0);
fail:
errno = EIO;
return (-1);
return (0);
}

4
crypto/compat/recallocarray.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */
/* $OpenBSD: recallocarray.c,v 1.2 2021/03/18 11:16:58 claudio Exp $ */
/*
* Copyright (c) 2008, 2017 Otto Moerbeek <otto@drijf.net>
*
@ -57,7 +57,7 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
if (newsize <= oldsize) {
size_t d = oldsize - newsize;
if (d < oldsize / 2 && d < getpagesize()) {
if (d < oldsize / 2 && d < (size_t)getpagesize()) {
memset((char *)ptr + newsize, 0, d);
return ptr;
}

12
crypto/crypto.sym
View File

@ -425,6 +425,8 @@ BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2binpad
BN_bn2lebinpad
BN_bn2dec
BN_bn2hex
BN_bn2mpi
@ -468,6 +470,7 @@ BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lebin2bn
BN_lshift
BN_lshift1
BN_mask_bits
@ -1047,6 +1050,7 @@ EC_GROUP_get0_seed
EC_GROUP_get_asn1_flag
EC_GROUP_get_basis_type
EC_GROUP_get_cofactor
EC_GROUP_get_curve
EC_GROUP_get_curve_GF2m
EC_GROUP_get_curve_GFp
EC_GROUP_get_curve_name
@ -1062,8 +1066,10 @@ EC_GROUP_new
EC_GROUP_new_by_curve_name
EC_GROUP_new_curve_GF2m
EC_GROUP_new_curve_GFp
EC_GROUP_order_bits
EC_GROUP_precompute_mult
EC_GROUP_set_asn1_flag
EC_GROUP_set_curve
EC_GROUP_set_curve_GF2m
EC_GROUP_set_curve_GFp
EC_GROUP_set_curve_name
@ -1128,6 +1134,7 @@ EC_POINT_dbl
EC_POINT_dup
EC_POINT_free
EC_POINT_get_Jprojective_coordinates_GFp
EC_POINT_get_affine_coordinates
EC_POINT_get_affine_coordinates_GF2m
EC_POINT_get_affine_coordinates_GFp
EC_POINT_hex2point
@ -1143,8 +1150,10 @@ EC_POINT_point2bn
EC_POINT_point2hex
EC_POINT_point2oct
EC_POINT_set_Jprojective_coordinates_GFp
EC_POINT_set_affine_coordinates
EC_POINT_set_affine_coordinates_GF2m
EC_POINT_set_affine_coordinates_GFp
EC_POINT_set_compressed_coordinates
EC_POINT_set_compressed_coordinates_GF2m
EC_POINT_set_compressed_coordinates_GFp
EC_POINT_set_to_infinity
@ -1447,9 +1456,11 @@ EVP_DigestFinal
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestSign
EVP_DigestSignFinal
EVP_DigestSignInit
EVP_DigestUpdate
EVP_DigestVerify
EVP_DigestVerifyFinal
EVP_DigestVerifyInit
EVP_ENCODE_CTX_free
@ -1587,6 +1598,7 @@ EVP_PKEY_meth_set_verify_recover
EVP_PKEY_meth_set_verifyctx
EVP_PKEY_missing_parameters
EVP_PKEY_new
EVP_PKEY_new_CMAC_key
EVP_PKEY_new_mac_key
EVP_PKEY_paramgen
EVP_PKEY_paramgen_init

91
crypto/ec/ec2_oct.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec2_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: ec2_oct.c,v 1.16 2021/05/03 14:42:45 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@ -121,6 +121,10 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
if (!BN_GF2m_mod_arr(x, x_, group->poly))
goto err;
if (BN_is_zero(x)) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_COMPRESSED_POINT);
goto err;
}
if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx))
goto err;
} else {
@ -152,7 +156,7 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
}
}
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
ret = 1;
@ -221,7 +225,7 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
if ((yxi = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
buf[0] = form;
@ -280,10 +284,11 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
}
/* Converts an octet string representation to an EC_POINT.
/*
* Converts an octet string representation to an EC_POINT.
* Note that the simple implementation only uses affine coordinates.
*/
int
int
ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
const unsigned char *buf, size_t len, BN_CTX *ctx)
{
@ -298,19 +303,35 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerror(EC_R_BUFFER_TOO_SMALL);
return 0;
}
form = buf[0];
y_bit = form & 1;
form = form & ~1U;
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) &&
(form != POINT_CONVERSION_UNCOMPRESSED) &&
(form != POINT_CONVERSION_HYBRID)) {
/*
* The first octet is the point conversion octet PC, see X9.62, page 4
* and section 4.4.2. It must be:
* 0x00 for the point at infinity
* 0x02 or 0x03 for compressed form
* 0x04 for uncompressed form
* 0x06 or 0x07 for hybrid form.
* For compressed or hybrid forms, we store the last bit of buf[0] as
* y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
* We error if buf[0] contains any but the above values.
*/
y_bit = buf[0] & 1;
form = buf[0] & ~1U;
if (form != 0 && form != POINT_CONVERSION_COMPRESSED &&
form != POINT_CONVERSION_UNCOMPRESSED &&
form != POINT_CONVERSION_HYBRID) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
if (form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
}
/* The point at infinity is represented by a single zero octet. */
if (form == 0) {
if (len != 1) {
ECerror(EC_R_INVALID_ENCODING);
@ -318,6 +339,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
}
return EC_POINT_set_to_infinity(group, point);
}
field_len = (EC_GROUP_get_degree(group) + 7) / 8;
enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len :
1 + 2 * field_len;
@ -326,6 +348,7 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerror(EC_R_INVALID_ENCODING);
return 0;
}
if (ctx == NULL) {
ctx = new_ctx = BN_CTX_new();
if (ctx == NULL)
@ -346,7 +369,11 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_COMPRESSED) {
if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx))
/*
* EC_POINT_set_compressed_coordinates checks that the
* point is on the curve as required by X9.62.
*/
if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
goto err;
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@ -356,22 +383,34 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
if (!group->meth->field_div(group, yxi, y, x, ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
/*
* Check that the form in the encoding was set
* correctly according to X9.62 4.4.2.a, 4(c),
* see also first paragraph of X9.62 4.4.1.b.
*/
if (BN_is_zero(x)) {
if (y_bit != 0) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
}
} else {
if (!group->meth->field_div(group, yxi, y, x,
ctx))
goto err;
if (y_bit != BN_is_odd(yxi)) {
ECerror(EC_R_INVALID_ENCODING);
goto err;
}
}
}
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
/*
* EC_POINT_set_affine_coordinates checks that the
* point is on the curve as required by X9.62.
*/
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
}
/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
ret = 1;
err:

21
crypto/ec/ec2_smpl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec2_smpl.c,v 1.21 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ec2_smpl.c,v 1.23 2021/09/08 17:29:21 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@ -88,17 +88,18 @@ EC_GF2m_simple_method(void)
.group_set_curve = ec_GF2m_simple_group_set_curve,
.group_get_curve = ec_GF2m_simple_group_get_curve,
.group_get_degree = ec_GF2m_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GF2m_simple_group_check_discriminant,
ec_GF2m_simple_group_check_discriminant,
.point_init = ec_GF2m_simple_point_init,
.point_finish = ec_GF2m_simple_point_finish,
.point_clear_finish = ec_GF2m_simple_point_clear_finish,
.point_copy = ec_GF2m_simple_point_copy,
.point_set_to_infinity = ec_GF2m_simple_point_set_to_infinity,
.point_set_affine_coordinates =
ec_GF2m_simple_point_set_affine_coordinates,
ec_GF2m_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GF2m_simple_point_get_affine_coordinates,
ec_GF2m_simple_point_get_affine_coordinates,
.add = ec_GF2m_simple_add,
.dbl = ec_GF2m_simple_dbl,
.invert = ec_GF2m_simple_invert,
@ -483,7 +484,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_copy(y0, &a->Y))
goto err;
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
goto err;
}
if (b->Z_is_one) {
@ -492,7 +493,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_copy(y1, &b->Y))
goto err;
} else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
goto err;
}
@ -541,7 +542,7 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
if (!BN_GF2m_add(y2, y2, y1))
goto err;
if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
goto err;
ret = 1;
@ -684,9 +685,9 @@ ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
if ((bY = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
goto err;
ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
@ -720,7 +721,7 @@ ec_GF2m_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ct
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!BN_copy(&point->X, x))
goto err;

25
crypto/ec/ec_asn1.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_asn1.c,v 1.31 2018/09/01 16:23:15 tb Exp $ */
/* $OpenBSD: ec_asn1.c,v 1.34 2021/08/31 20:14:40 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -709,7 +709,7 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
goto err;
}
/* the parameters are specified by the prime number p */
if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
@ -801,12 +801,12 @@ ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field)
static int
ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
{
int ok = 0, nid;
BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL,
*b_buf = NULL;
size_t len_1, len_2;
unsigned char char_zero = 0;
int ok = 0;
if (!group || !curve || !curve->a || !curve->b)
return 0;
@ -815,23 +815,12 @@ ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve)
ECerror(ERR_R_MALLOC_FAILURE);
goto err;
}
nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
/* get a and b */
if (nid == NID_X9_62_prime_field) {
if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
#ifndef OPENSSL_NO_EC2M
else { /* nid == NID_X9_62_characteristic_two_field */
if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
ECerror(ERR_R_EC_LIB);
goto err;
}
}
#endif
len_1 = (size_t) BN_num_bytes(tmp_1);
len_2 = (size_t) BN_num_bytes(tmp_2);
@ -1028,7 +1017,7 @@ ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params)
if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
ok = 0;
} else
/* we don't kmow the nid => ERROR */
/* we don't know the group => ERROR */
ok = 0;
} else {
/* use the ECPARAMETERS structure */

4
crypto/ec/ec_curve.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_curve.c,v 1.20 2020/06/05 17:12:09 jsing Exp $ */
/* $OpenBSD: ec_curve.c,v 1.21 2021/04/20 17:16:37 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -3373,7 +3373,7 @@ ec_group_new_from_data(const ec_list_element curve)
ECerror(ERR_R_BN_LIB);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) {
if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
ECerror(ERR_R_EC_LIB);
goto err;
}

8
crypto/ec/ec_cvt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_cvt.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */
/* $OpenBSD: ec_cvt.c,v 1.7 2021/04/20 17:04:13 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -112,7 +112,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
unsigned long err;
err = ERR_peek_last_error();
@ -136,7 +136,7 @@ EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
EC_GROUP_clear_free(ret);
return NULL;
}
@ -158,7 +158,7 @@ EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b,
if (ret == NULL)
return NULL;
if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
EC_GROUP_clear_free(ret);
return NULL;
}

31
crypto/ec/ec_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_key.c,v 1.24 2019/01/19 01:12:48 tb Exp $ */
/* $OpenBSD: ec_key.c,v 1.26 2021/04/20 17:23:37 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -381,7 +381,7 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
int ok = 0, tmp_nid, is_char_two = 0;
int ok = 0;
if (!key || !key->group || !x || !y) {
ECerror(ERR_R_PASSED_NULL_PARAMETER);
@ -396,34 +396,15 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
if (!point)
goto err;
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
if ((tx = BN_CTX_get(ctx)) == NULL)
goto err;
if ((ty = BN_CTX_get(ctx)) == NULL)
goto err;
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
tx, ty, ctx))
goto err;
} else
#endif
{
if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
tx, ty, ctx))
goto err;
}
if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
goto err;
/*
* Check if retrieved coordinates match originals: if not values are
* out of range.

37
crypto/ec/ec_lcl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_lcl.h,v 1.13 2019/01/19 01:12:48 tb Exp $ */
/* $OpenBSD: ec_lcl.h,v 1.18 2021/09/08 17:29:21 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -105,14 +105,14 @@ struct ec_method_st {
void (*group_clear_finish)(EC_GROUP *);
int (*group_copy)(EC_GROUP *, const EC_GROUP *);
/* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
/* used by EC_GROUP_{get,set}_curve */
int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
/* used by EC_GROUP_get_degree: */
int (*group_get_degree)(const EC_GROUP *);
/* used by EC_GROUP_order_bits: */
int (*group_order_bits)(const EC_GROUP *);
/* used by EC_GROUP_check: */
int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
@ -122,17 +122,18 @@ struct ec_method_st {
void (*point_clear_finish)(EC_POINT *);
int (*point_copy)(EC_POINT *, const EC_POINT *);
/* used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates_GFp,
* EC_POINT_get_Jprojective_coordinates_GFp,
* EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
* EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
/*
* used by EC_POINT_set_to_infinity,
* EC_POINT_set_Jprojective_coordinates,
* EC_POINT_get_Jprojective_coordinates,
* EC_POINT_set_affine_coordinates,
* EC_POINT_get_affine_coordinates,
* EC_POINT_set_compressed_coordinates:
*/
int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
int (*point_set_Jprojective_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
int (*point_get_Jprojective_coordinates)(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, BN_CTX *);
@ -282,7 +283,7 @@ void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
int ec_group_simple_order_bits(const EC_GROUP *group);
struct ec_point_st {
const EC_METHOD *meth;
@ -297,8 +298,6 @@ struct ec_point_st {
int Z_is_one; /* enable optimized point arithmetics for special case */
} /* EC_POINT */;
/* method functions in ec_mult.c
* (ec_lib.c uses these as defaults if group->method->mul is 0) */
int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
@ -321,10 +320,10 @@ void ec_GFp_simple_point_finish(EC_POINT *);
void ec_GFp_simple_point_clear_finish(EC_POINT *);
int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
int ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *,
const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
const BIGNUM *x, const BIGNUM *y, BN_CTX *);
int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,

190
crypto/ec/ec_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_lib.c,v 1.32 2019/09/29 10:09:09 tb Exp $ */
/* $OpenBSD: ec_lib.c,v 1.41 2021/09/12 16:23:19 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -100,7 +100,7 @@ EC_GROUP_new(const EC_METHOD * meth)
BN_init(&ret->cofactor);
ret->curve_name = 0;
ret->asn1_flag = 0;
ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
ret->seed = NULL;
@ -401,6 +401,11 @@ EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
return !BN_is_zero(order);
}
int
EC_GROUP_order_bits(const EC_GROUP *group)
{
return group->meth->group_order_bits(group);
}
int
EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
@ -488,52 +493,55 @@ EC_GROUP_get_seed_len(const EC_GROUP * group)
return group->seed_len;
}
int
EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
const BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_set_curve == 0) {
if (group->meth->group_set_curve == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx)
{
if (group->meth->group_get_curve == 0) {
if (group->meth->group_get_curve == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_curve(group, p, a, b, ctx);
}
int
EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
return EC_GROUP_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx)
{
return EC_GROUP_get_curve(group, p, a, b, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a,
const BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_set_curve == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_set_curve(group, p, a, b, ctx);
return EC_GROUP_set_curve(group, p, a, b, ctx);
}
int
EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a,
BIGNUM * b, BN_CTX * ctx)
int
EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
BIGNUM *b, BN_CTX *ctx)
{
if (group->meth->group_get_curve == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
return group->meth->group_get_curve(group, p, a, b, ctx);
return EC_GROUP_get_curve(group, p, a, b, ctx);
}
#endif
@ -919,28 +927,57 @@ EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
return group->meth->point_set_to_infinity(group, point);
}
int
EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_set_Jprojective_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_Jprojective_coordinates(group, point,
x, y, z, ctx);
}
int
int
EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_get_Jprojective_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_Jprojective_coordinates(group, point,
x, y, z, ctx);
}
int
EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
return EC_POINT_set_Jprojective_coordinates(group, point, x, y, z, ctx);
}
int
int
EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
return EC_POINT_get_Jprojective_coordinates(group, point, x, y, z, ctx);
}
int
EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@ -948,47 +985,36 @@ EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
return 0;
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
int
int
EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
int
EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_set_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
}
#endif
int
EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
int
EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_get_affine_coordinates == 0) {
if (group->meth->point_get_affine_coordinates == NULL) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@ -999,20 +1025,19 @@ EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
}
int
EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
int
EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
if (group->meth->point_get_affine_coordinates == 0) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
}
#endif
@ -1241,6 +1266,17 @@ EC_GROUP_have_precompute_mult(const EC_GROUP * group)
* been performed */
}
int
ec_group_simple_order_bits(const EC_GROUP *group)
{
/* XXX change group->order to a pointer? */
#if 0
if (group->order == NULL)
return 0;
#endif
return BN_num_bits(&group->order);
}
EC_KEY *
ECParameters_dup(EC_KEY *key)
{

58
crypto/ec/ec_oct.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: ec_oct.c,v 1.8 2021/04/20 17:34:33 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -70,12 +70,12 @@
#include "ec_lcl.h"
int
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, int y_bit, BN_CTX * ctx)
int
EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
if (group->meth->point_set_compressed_coordinates == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
if (group->meth->point_set_compressed_coordinates == NULL &&
!(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
@ -98,36 +98,33 @@ EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point
group, point, x, y_bit, ctx);
#endif
}
return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
if (!group->meth->point_set_compressed_coordinates(group, point, x,
y_bit, ctx))
return 0;
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
return 0;
}
return 1;
}
int
EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
}
#ifndef OPENSSL_NO_EC2M
int
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, int y_bit, BN_CTX * ctx)
int
EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
const BIGNUM *x, int y_bit, BN_CTX *ctx)
{
if (group->meth->point_set_compressed_coordinates == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
}
if (group->meth != point->meth) {
ECerror(EC_R_INCOMPATIBLE_OBJECTS);
return 0;
}
if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
if (group->meth->field_type == NID_X9_62_prime_field)
return ec_GFp_simple_set_compressed_coordinates(
group, point, x, y_bit, ctx);
else
return ec_GF2m_simple_set_compressed_coordinates(
group, point, x, y_bit, ctx);
}
return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
}
#endif
size_t
size_t
EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
point_conversion_form_t form,
unsigned char *buf, size_t len, BN_CTX *ctx)
@ -159,8 +156,7 @@ EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
return group->meth->point2oct(group, point, form, buf, len, ctx);
}
int
int
EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
const unsigned char *buf, size_t len, BN_CTX *ctx)
{

20
crypto/ec/eck_prn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: eck_prn.c,v 1.15 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: eck_prn.c,v 1.17 2021/04/20 17:12:43 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -64,8 +64,6 @@
#include <stdio.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/err.h>
@ -214,19 +212,9 @@ ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off)
reason = ERR_R_MALLOC_FAILURE;
goto err;
}
#ifndef OPENSSL_NO_EC2M
if (is_char_two) {
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
} else /* prime field */
#endif
{
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
reason = ERR_R_EC_LIB;
goto err;
}
if ((point = EC_GROUP_get0_generator(x)) == NULL) {

37
crypto/ec/ecp_mont.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecp_mont.c,v 1.17 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ecp_mont.c,v 1.20 2021/09/08 17:29:21 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -79,21 +79,22 @@ EC_GFp_mont_method(void)
.group_set_curve = ec_GFp_mont_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@ -117,7 +118,7 @@ EC_GFp_mont_method(void)
}
int
int
ec_GFp_mont_group_init(EC_GROUP * group)
{
int ok;
@ -129,7 +130,7 @@ ec_GFp_mont_group_init(EC_GROUP * group)
}
void
void
ec_GFp_mont_group_finish(EC_GROUP * group)
{
BN_MONT_CTX_free(group->field_data1);
@ -140,7 +141,7 @@ ec_GFp_mont_group_finish(EC_GROUP * group)
}
void
void
ec_GFp_mont_group_clear_finish(EC_GROUP * group)
{
BN_MONT_CTX_free(group->field_data1);
@ -151,7 +152,7 @@ ec_GFp_mont_group_clear_finish(EC_GROUP * group)
}
int
int
ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
BN_MONT_CTX_free(dest->field_data1);
@ -185,7 +186,7 @@ ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src)
}
int
int
ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@ -237,7 +238,7 @@ ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@ -249,7 +250,7 @@ ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@ -261,7 +262,7 @@ ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@ -273,7 +274,7 @@ ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx)
{
@ -285,7 +286,7 @@ ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
{
if (group->field_data2 == NULL) {

25
crypto/ec/ecp_nist.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecp_nist.c,v 1.15 2018/11/05 20:18:21 tb Exp $ */
/* $OpenBSD: ecp_nist.c,v 1.18 2021/09/08 17:29:21 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project.
*/
@ -80,21 +80,22 @@ EC_GFp_nist_method(void)
.group_set_curve = ec_GFp_nist_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@ -114,7 +115,7 @@ EC_GFp_nist_method(void)
return &ret;
}
int
int
ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
dest->field_mod_func = src->field_mod_func;
@ -122,7 +123,7 @@ ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src)
return ec_GFp_simple_group_copy(dest, src);
}
int
int
ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
@ -162,7 +163,7 @@ ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
}
int
int
ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx)
{
@ -189,7 +190,7 @@ ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
}
int
int
ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a,
BN_CTX * ctx)
{

23
crypto/ec/ecp_oct.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecp_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */
/* $OpenBSD: ecp_oct.c,v 1.14 2021/04/20 17:32:57 tb Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project.
* Includes code written by Bodo Moeller for the OpenSSL project.
@ -185,7 +185,7 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
ECerror(ERR_R_INTERNAL_ERROR);
goto err;
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
ret = 1;
@ -246,7 +246,7 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
@ -362,7 +362,11 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
goto err;
}
if (form == POINT_CONVERSION_COMPRESSED) {
if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx))
/*
* EC_POINT_set_compressed_coordinates checks that the point
* is on the curve as required by X9.62.
*/
if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
goto err;
} else {
if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
@ -377,15 +381,14 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
goto err;
}
}
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
/*
* EC_POINT_set_affine_coordinates checks that the point is
* on the curve as required by X9.62.
*/
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
}
/* test required by X9.62 */
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerror(EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
}
ret = 1;
err:

98
crypto/ec/ecp_smpl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */
/* $OpenBSD: ecp_smpl.c,v 1.33 2021/09/08 17:29:21 tb Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project.
* Includes code written by Bodo Moeller for the OpenSSL project.
@ -80,21 +80,22 @@ EC_GFp_simple_method(void)
.group_set_curve = ec_GFp_simple_group_set_curve,
.group_get_curve = ec_GFp_simple_group_get_curve,
.group_get_degree = ec_GFp_simple_group_get_degree,
.group_order_bits = ec_group_simple_order_bits,
.group_check_discriminant =
ec_GFp_simple_group_check_discriminant,
ec_GFp_simple_group_check_discriminant,
.point_init = ec_GFp_simple_point_init,
.point_finish = ec_GFp_simple_point_finish,
.point_clear_finish = ec_GFp_simple_point_clear_finish,
.point_copy = ec_GFp_simple_point_copy,
.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
.point_set_Jprojective_coordinates_GFp =
ec_GFp_simple_set_Jprojective_coordinates_GFp,
.point_get_Jprojective_coordinates_GFp =
ec_GFp_simple_get_Jprojective_coordinates_GFp,
.point_set_Jprojective_coordinates =
ec_GFp_simple_set_Jprojective_coordinates,
.point_get_Jprojective_coordinates =
ec_GFp_simple_get_Jprojective_coordinates,
.point_set_affine_coordinates =
ec_GFp_simple_point_set_affine_coordinates,
ec_GFp_simple_point_set_affine_coordinates,
.point_get_affine_coordinates =
ec_GFp_simple_point_get_affine_coordinates,
ec_GFp_simple_point_get_affine_coordinates,
.add = ec_GFp_simple_add,
.dbl = ec_GFp_simple_dbl,
.invert = ec_GFp_simple_invert,
@ -129,7 +130,7 @@ EC_GFp_simple_method(void)
*/
int
int
ec_GFp_simple_group_init(EC_GROUP * group)
{
BN_init(&group->field);
@ -140,7 +141,7 @@ ec_GFp_simple_group_init(EC_GROUP * group)
}
void
void
ec_GFp_simple_group_finish(EC_GROUP * group)
{
BN_free(&group->field);
@ -149,7 +150,7 @@ ec_GFp_simple_group_finish(EC_GROUP * group)
}
void
void
ec_GFp_simple_group_clear_finish(EC_GROUP * group)
{
BN_clear_free(&group->field);
@ -158,7 +159,7 @@ ec_GFp_simple_group_clear_finish(EC_GROUP * group)
}
int
int
ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src)
{
if (!BN_copy(&dest->field, &src->field))
@ -174,7 +175,7 @@ ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src)
}
int
int
ec_GFp_simple_group_set_curve(EC_GROUP * group,
const BIGNUM * p, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
@ -231,7 +232,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group,
}
int
int
ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BIGNUM * b, BN_CTX * ctx)
{
int ret = 0;
@ -275,14 +276,14 @@ ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BI
}
int
int
ec_GFp_simple_group_get_degree(const EC_GROUP * group)
{
return BN_num_bits(&group->field);
}
int
int
ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
{
int ret = 0;
@ -358,7 +359,7 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
}
int
int
ec_GFp_simple_point_init(EC_POINT * point)
{
BN_init(&point->X);
@ -370,7 +371,7 @@ ec_GFp_simple_point_init(EC_POINT * point)
}
void
void
ec_GFp_simple_point_finish(EC_POINT * point)
{
BN_free(&point->X);
@ -379,7 +380,7 @@ ec_GFp_simple_point_finish(EC_POINT * point)
}
void
void
ec_GFp_simple_point_clear_finish(EC_POINT * point)
{
BN_clear_free(&point->X);
@ -389,7 +390,7 @@ ec_GFp_simple_point_clear_finish(EC_POINT * point)
}
int
int
ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src)
{
if (!BN_copy(&dest->X, &src->X))
@ -404,7 +405,7 @@ ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src)
}
int
int
ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
{
point->Z_is_one = 0;
@ -413,9 +414,10 @@ ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point)
}
int
ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, const BIGNUM * y, const BIGNUM * z, BN_CTX * ctx)
int
ec_GFp_simple_set_Jprojective_coordinates(const EC_GROUP *group,
EC_POINT *point, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z,
BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
int ret = 0;
@ -465,10 +467,9 @@ ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT *
return ret;
}
int
ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_POINT * point,
BIGNUM * x, BIGNUM * y, BIGNUM * z, BN_CTX * ctx)
int
ec_GFp_simple_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
int ret = 0;
@ -513,8 +514,7 @@ ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_P
return ret;
}
int
int
ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point,
const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx)
{
@ -523,11 +523,11 @@ ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * po
ECerror(ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
return EC_POINT_set_Jprojective_coordinates(group, point, x, y,
BN_value_one(), ctx);
}
int
int
ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point,
BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
{
@ -634,7 +634,7 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
return ret;
}
int
int
ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@ -823,7 +823,7 @@ ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, cons
}
int
int
ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@ -965,7 +965,7 @@ ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_C
}
int
int
ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
{
if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y))
@ -976,14 +976,14 @@ ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
}
int
int
ec_GFp_simple_is_at_infinity(const EC_GROUP * group, const EC_POINT * point)
{
return BN_is_zero(&point->Z);
}
int
int
ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx)
{
int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
@ -1086,7 +1086,7 @@ ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX
}
int
int
ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx)
{
/*
@ -1188,7 +1188,7 @@ ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b
}
int
int
ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx)
{
BN_CTX *new_ctx = NULL;
@ -1209,9 +1209,9 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
if ((y = BN_CTX_get(ctx)) == NULL)
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
goto err;
if (!point->Z_is_one) {
ECerror(ERR_R_INTERNAL_ERROR);
@ -1226,7 +1226,7 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
}
int
int
ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * points[], BN_CTX * ctx)
{
BN_CTX *new_ctx = NULL;
@ -1272,11 +1272,11 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
/*
* The array is used as a binary tree, exactly as in heapsort:
*
*
* heap[1] heap[2] heap[3] heap[4] heap[5]
* heap[6] heap[7] heap[8]heap[9] heap[10]heap[11]
* heap[12]heap[13] heap[14] heap[15]
*
*
* We put the Z's in the last line; then we set each other node to the
* product of its two child-nodes (where empty or 0 entries are
* treated as ones); then we invert heap[1]; then we invert each
@ -1401,13 +1401,13 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
}
int
int
ec_GFp_simple_field_mul(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
{
return BN_mod_mul(r, a, b, &group->field, ctx);
}
int
int
ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx)
{
return BN_mod_sqr(r, a, &group->field, ctx);
@ -1417,7 +1417,7 @@ ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN
* Apply randomization of EC point projective coordinates:
*
* (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)
*
*
* where lambda is in the interval [1, group->field).
*/
int
@ -1687,7 +1687,7 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
/* one final cswap to move the right value into r */
EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
ret = 1;
err:

21
crypto/ecdh/ech_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ech_key.c,v 1.9 2019/01/19 01:12:48 tb Exp $ */
/* $OpenBSD: ech_key.c,v 1.11 2021/04/20 17:23:37 tb Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@ -140,23 +140,10 @@ ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y,
ctx)) {
ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
if (!EC_POINT_get_affine_coordinates(group, tmp, x, y, ctx)) {
ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
#ifndef OPENSSL_NO_EC2M
else {
if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y,
ctx)) {
ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
}
#endif
buflen = ECDH_size(ecdh);
len = BN_num_bytes(x);

41
crypto/ecdsa/ecs_ossl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ecs_ossl.c,v 1.20 2019/06/04 18:15:27 tb Exp $ */
/* $OpenBSD: ecs_ossl.c,v 1.22 2021/04/20 17:23:37 tb Exp $ */
/*
* Written by Nils Larsch for the OpenSSL project
*/
@ -205,23 +205,11 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group, point,
X, NULL, ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL,
ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group, point,
X, NULL, ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(r, X, order, ctx)) {
ECDSAerror(ERR_R_BN_LIB);
goto err;
@ -521,23 +509,10 @@ ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
NID_X9_62_prime_field) {
if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL,
ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
#ifndef OPENSSL_NO_EC2M
else { /* NID_X9_62_characteristic_two_field */
if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL,
ctx)) {
ECDSAerror(ERR_R_EC_LIB);
goto err;
}
}
#endif
if (!BN_nnmod(u1, X, order, ctx)) {
ECDSAerror(ERR_R_BN_LIB);
goto err;

24
crypto/evp/evp_enc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_enc.c,v 1.43 2019/04/14 17:16:57 jsing Exp $ */
/* $OpenBSD: evp_enc.c,v 1.44 2021/02/18 19:12:29 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -337,6 +338,17 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return 1;
} else {
j = bl - i;
/*
* Once we've processed the first j bytes from in, the
* amount of data left that is a multiple of the block
* length is (inl - j) & ~(bl - 1). Ensure this plus
* the block processed from ctx-buf doesn't overflow.
*/
if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
}
memcpy(&(ctx->buf[i]), in, j);
if (!M_do_cipher(ctx, out, ctx->buf, bl))
return 0;
@ -451,6 +463,16 @@ EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
}
if (ctx->final_used) {
/*
* final_used is only ever set if buf_len is 0. Therefore the
* maximum length output we will ever see from EVP_EncryptUpdate
* is inl & ~(b - 1). Since final_used is set, the final output
* length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow.
*/
if ((inl & ~(b - 1)) > INT_MAX - b) {
EVPerror(EVP_R_TOO_LARGE);
return 0;
}
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;

3
crypto/evp/evp_err.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp_err.c,v 1.26 2020/04/27 19:31:02 tb Exp $ */
/* $OpenBSD: evp_err.c,v 1.27 2021/03/29 15:57:23 tb Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@ -116,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"},
{ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"},
{ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"},
{ERR_REASON(EVP_R_KEY_SETUP_FAILED) , "key setup failed"},
{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"},
{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"},
{ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"},

63
crypto/evp/m_sigver.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: m_sigver.c,v 1.7 2018/05/13 06:35:10 tb Exp $ */
/* $OpenBSD: m_sigver.c,v 1.9 2021/05/09 14:25:40 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@ -74,15 +74,17 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
if (ctx->pctx == NULL)
return 0;
if (type == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
type = EVP_get_digestbynid(def_nid);
}
if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
if (type == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
type = EVP_get_digestbynid(def_nid);
}
if (type == NULL) {
EVPerror(EVP_R_NO_DEFAULT_DIGEST);
return 0;
if (type == NULL) {
EVPerror(EVP_R_NO_DEFAULT_DIGEST);
return 0;
}
}
if (ver) {
@ -105,6 +107,8 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
return 0;
if (pctx)
*pctx = ctx->pctx;
if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
return 1;
if (!EVP_DigestInit_ex(ctx, type, e))
return 0;
return 1;
@ -127,7 +131,24 @@ EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
int
EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
{
int sctx, r = 0;
EVP_PKEY_CTX *pctx = ctx->pctx;
int sctx;
int r = 0;
if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
EVP_PKEY_CTX *dctx;
if (sigret == NULL)
return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
/* XXX - support EVP_MD_CTX_FLAG_FINALISE? */
if ((dctx = EVP_PKEY_CTX_dup(ctx->pctx)) == NULL)
return 0;
r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
EVP_PKEY_CTX_free(dctx);
return r;
}
if (ctx->pctx->pmeth->signctx)
sctx = 1;
@ -165,6 +186,18 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
return 1;
}
int
EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
if (sigret != NULL) {
if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
return 0;
}
return EVP_DigestSignFinal(ctx, sigret, siglen);
}
int
EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
{
@ -191,3 +224,13 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen)
return r;
return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
}
int
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
return -1;
return EVP_DigestVerifyFinal(ctx, sigret, siglen);
}

51
crypto/evp/p_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */
/* $OpenBSD: p_lib.c,v 1.26 2021/03/29 15:57:23 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -61,6 +61,7 @@
#include <openssl/opensslconf.h>
#include <openssl/bn.h>
#include <openssl/cmac.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
@ -216,10 +217,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
*/
static int
pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
{
const EVP_PKEY_ASN1_METHOD *ameth;
ENGINE *e = NULL;
ENGINE **eptr = NULL;
if (e == NULL)
eptr = &e;
if (pkey) {
if (pkey->pkey.ptr)
EVP_PKEY_free_it(pkey);
@ -234,11 +239,11 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
#endif
}
if (str)
ameth = EVP_PKEY_asn1_find_str(&e, str, len);
ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
else
ameth = EVP_PKEY_asn1_find(&e, type);
ameth = EVP_PKEY_asn1_find(eptr, type);
#ifndef OPENSSL_NO_ENGINE
if (pkey == NULL)
if (pkey == NULL && eptr != NULL)
ENGINE_finish(e);
#endif
if (!ameth) {
@ -258,13 +263,43 @@ pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
int
EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
{
return pkey_set_type(pkey, type, NULL, -1);
return pkey_set_type(pkey, NULL, type, NULL, -1);
}
EVP_PKEY *
EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
const EVP_CIPHER *cipher)
{
EVP_PKEY *ret = NULL;
CMAC_CTX *cmctx = NULL;
if ((ret = EVP_PKEY_new()) == NULL)
goto err;
if ((cmctx = CMAC_CTX_new()) == NULL)
goto err;
if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))
goto err;
if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
EVPerror(EVP_R_KEY_SETUP_FAILED);
goto err;
}
ret->pkey.ptr = (char *)cmctx;
return ret;
err:
EVP_PKEY_free(ret);
CMAC_CTX_free(cmctx);
return NULL;
}
int
EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
{
return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
}
int

8
crypto/gost/gostr341001.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gostr341001.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: gostr341001.c,v 1.8 2021/04/20 17:16:38 tb Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@ -206,7 +206,7 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
GOSTerror(ERR_R_EC_LIB);
goto err;
}
if (EC_POINT_get_affine_coordinates_GFp(group, C, X,
if (EC_POINT_get_affine_coordinates(group, C, X,
NULL, ctx) == 0) {
GOSTerror(ERR_R_EC_LIB);
goto err;
@ -304,7 +304,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
GOSTerror(ERR_R_EC_LIB);
goto err;
}
if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) {
if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) {
GOSTerror(ERR_R_EC_LIB);
goto err;
}
@ -354,7 +354,7 @@ VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key,
goto err;
if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0)
goto err;
if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0)
if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0)
goto err;
ok = 1;

7
crypto/gost/gostr341001_ameth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gostr341001_ameth.c,v 1.16 2020/06/05 17:17:22 jsing Exp $ */
/* $OpenBSD: gostr341001_ameth.c,v 1.17 2021/04/20 17:16:38 tb Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@ -290,7 +290,7 @@ pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
goto err;
}
if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec),
if (EC_POINT_get_affine_coordinates(GOST_KEY_get0_group(ec),
pub_key, X, Y, NULL) == 0) {
GOSTerror(ERR_R_EC_LIB);
goto err;
@ -352,8 +352,7 @@ pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
goto err;
pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost);
group = GOST_KEY_get0_group(pkey->pkey.gost);
if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y,
ctx) == 0) {
if (EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx) == 0) {
GOSTerror(ERR_R_EC_LIB);
goto err;
}

6
crypto/gost/gostr341001_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: gostr341001_key.c,v 1.8 2017/05/02 03:59:44 deraadt Exp $ */
/* $OpenBSD: gostr341001_key.c,v 1.9 2021/04/20 17:16:38 tb Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@ -201,10 +201,10 @@ GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y)
goto err;
if ((ty = BN_CTX_get(ctx)) == NULL)
goto err;
if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y,
if (EC_POINT_set_affine_coordinates(key->group, point, x, y,
ctx) == 0)
goto err;
if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty,
if (EC_POINT_get_affine_coordinates(key->group, point, tx, ty,
ctx) == 0)
goto err;
/*

3
crypto/hkdf/hkdf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hkdf.c,v 1.4 2019/11/21 20:02:20 tim Exp $ */
/* $OpenBSD: hkdf.c,v 1.5 2021/08/27 16:12:33 tb Exp $ */
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -16,7 +16,6 @@
#include <openssl/hkdf.h>
#include <assert.h>
#include <string.h>
#include <openssl/err.h>

3
crypto/objects/obj_dat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: obj_dat.c,v 1.42 2019/07/03 03:24:04 deraadt Exp $ */
/* $OpenBSD: obj_dat.c,v 1.43 2021/09/01 09:42:28 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -628,7 +628,6 @@ OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
buf_len -= i;
}
ret += i;
l = 0;
}
}

96
crypto/objects/obj_dat.h
View File

@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
#define NUM_NID 1001
#define NUM_SN 994
#define NUM_LN 994
#define NUM_OBJ 924
#define NUM_NID 1016
#define NUM_SN 1009
#define NUM_LN 1009
#define NUM_OBJ 939
static const unsigned char lvalues[6481]={
static const unsigned char lvalues[6618]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@ -986,6 +986,21 @@ static const unsigned char lvalues[6481]={
0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,/* [6455] OBJ_id_tc26_gost_3410_12_512_paramSetC */
0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6464] OBJ_id_tc26_hmac_gost_3411_12_256 */
0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6472] OBJ_id_tc26_hmac_gost_3411_12_512 */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x18,/* [6480] OBJ_id_ct_routeOriginAuthz */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1A,/* [6491] OBJ_id_ct_rpkiManifest */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x23,/* [6502] OBJ_id_ct_rpkiGhostbusters */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x24,/* [6513] OBJ_id_ct_resourceTaggedAttest */
0x2B,0x06,0x01,0x05,0x05,0x07,0x0E, /* [6524] OBJ_id_cp */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1C, /* [6531] OBJ_sbgp_ipAddrBlockv2 */
0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1D, /* [6539] OBJ_sbgp_autonomousSysNumv2 */
0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x02, /* [6547] OBJ_ipAddr_asNumber */
0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x03, /* [6555] OBJ_ipAddr_asNumberv2 */
0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0A, /* [6563] OBJ_rpkiManifest */
0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B, /* [6571] OBJ_signedObject */
0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D, /* [6579] OBJ_rpkiNotify */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x2F,/* [6587] OBJ_id_ct_geofeedCSVwithCRLF */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x30,/* [6598] OBJ_id_ct_signedChecklist */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [6609] OBJ_id_kp_bgpsec_router */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@ -2612,6 +2627,32 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
NID_id_tc26_hmac_gost_3411_12_256,8,&(lvalues[6464]),0},
{"id-tc26-hmac-gost-3411-12-512","HMAC STREEBOG 512",
NID_id_tc26_hmac_gost_3411_12_512,8,&(lvalues[6472]),0},
{"id-ct-routeOriginAuthz","id-ct-routeOriginAuthz",
NID_id_ct_routeOriginAuthz,11,&(lvalues[6480]),0},
{"id-ct-rpkiManifest","id-ct-rpkiManifest",NID_id_ct_rpkiManifest,11,
&(lvalues[6491]),0},
{"id-ct-rpkiGhostbusters","id-ct-rpkiGhostbusters",
NID_id_ct_rpkiGhostbusters,11,&(lvalues[6502]),0},
{"id-ct-resourceTaggedAttest","id-ct-resourceTaggedAttest",
NID_id_ct_resourceTaggedAttest,11,&(lvalues[6513]),0},
{"id-cp","id-cp",NID_id_cp,7,&(lvalues[6524]),0},
{"sbgp-ipAddrBlockv2","sbgp-ipAddrBlockv2",NID_sbgp_ipAddrBlockv2,8,
&(lvalues[6531]),0},
{"sbgp-autonomousSysNumv2","sbgp-autonomousSysNumv2",
NID_sbgp_autonomousSysNumv2,8,&(lvalues[6539]),0},
{"ipAddr-asNumber","ipAddr-asNumber",NID_ipAddr_asNumber,8,
&(lvalues[6547]),0},
{"ipAddr-asNumberv2","ipAddr-asNumberv2",NID_ipAddr_asNumberv2,8,
&(lvalues[6555]),0},
{"rpkiManifest","RPKI Manifest",NID_rpkiManifest,8,&(lvalues[6563]),0},
{"signedObject","Signed Object",NID_signedObject,8,&(lvalues[6571]),0},
{"rpkiNotify","RPKI Notify",NID_rpkiNotify,8,&(lvalues[6579]),0},
{"id-ct-geofeedCSVwithCRLF","id-ct-geofeedCSVwithCRLF",
NID_id_ct_geofeedCSVwithCRLF,11,&(lvalues[6587]),0},
{"id-ct-signedChecklist","id-ct-signedChecklist",
NID_id_ct_signedChecklist,11,&(lvalues[6598]),0},
{"id-kp-bgpsec-router","BGPsec Router",NID_id_kp_bgpsec_router,8,
&(lvalues[6609]),0},
};
static const unsigned int sn_objs[NUM_SN]={
@ -3096,7 +3137,14 @@ static const unsigned int sn_objs[NUM_SN]={
332, /* "id-cmc-senderNonce" */
327, /* "id-cmc-statusInfo" */
331, /* "id-cmc-transactionId" */
1005, /* "id-cp" */
787, /* "id-ct-asciiTextWithCRLF" */
1013, /* "id-ct-geofeedCSVwithCRLF" */
1004, /* "id-ct-resourceTaggedAttest" */
1001, /* "id-ct-routeOriginAuthz" */
1003, /* "id-ct-rpkiGhostbusters" */
1002, /* "id-ct-rpkiManifest" */
1014, /* "id-ct-signedChecklist" */
408, /* "id-ecPublicKey" */
508, /* "id-hex-multipart-message" */
507, /* "id-hex-partial-message" */
@ -3118,6 +3166,7 @@ static const unsigned int sn_objs[NUM_SN]={
784, /* "id-it-suppLangTags" */
304, /* "id-it-unsupportedOIDs" */
128, /* "id-kp" */
1015, /* "id-kp-bgpsec-router" */
280, /* "id-mod-attribute-cert" */
274, /* "id-mod-cmc" */
277, /* "id-mod-cmp" */
@ -3257,6 +3306,8 @@ static const unsigned int sn_objs[NUM_SN]={
647, /* "international-organizations" */
869, /* "internationaliSDNNumber" */
142, /* "invalidityDate" */
1008, /* "ipAddr-asNumber" */
1009, /* "ipAddr-asNumberv2" */
294, /* "ipsecEndSystem" */
295, /* "ipsecTunnel" */
296, /* "ipsecUser" */
@ -3375,6 +3426,8 @@ static const unsigned int sn_objs[NUM_SN]={
877, /* "roleOccupant" */
448, /* "room" */
463, /* "roomNumber" */
1010, /* "rpkiManifest" */
1012, /* "rpkiNotify" */
6, /* "rsaEncryption" */
644, /* "rsaOAEPEncryptionSET" */
377, /* "rsaSignature" */
@ -3382,7 +3435,9 @@ static const unsigned int sn_objs[NUM_SN]={
482, /* "sOARecord" */
155, /* "safeContentsBag" */
291, /* "sbgp-autonomousSysNum" */
1007, /* "sbgp-autonomousSysNumv2" */
290, /* "sbgp-ipAddrBlock" */
1006, /* "sbgp-ipAddrBlockv2" */
292, /* "sbgp-routerIdentifier" */
159, /* "sdsiCertificate" */
859, /* "searchGuide" */
@ -3555,6 +3610,7 @@ static const unsigned int sn_objs[NUM_SN]={
604, /* "setext-pinAny" */
603, /* "setext-pinSecure" */
605, /* "setext-track2" */
1011, /* "signedObject" */
52, /* "signingTime" */
454, /* "simpleSecurityObject" */
496, /* "singleLevelQuality" */
@ -3618,6 +3674,7 @@ static const unsigned int ln_objs[NUM_LN]={
910, /* "Any Extended Key Usage" */
664, /* "Any language" */
177, /* "Authority Information Access" */
1015, /* "BGPsec Router" */
365, /* "Basic OCSP Response" */
285, /* "Biometric Info" */
179, /* "CA Issuers" */
@ -3728,6 +3785,8 @@ static const unsigned int ln_objs[NUM_LN]={
165, /* "Policy Qualifier User Notice" */
385, /* "Private" */
663, /* "Proxy Certificate Information" */
1010, /* "RPKI Manifest" */
1012, /* "RPKI Notify" */
1, /* "RSA Data Security, Inc." */
2, /* "RSA Data Security, Inc. PKCS" */
188, /* "S/MIME" */
@ -3736,6 +3795,7 @@ static const unsigned int ln_objs[NUM_LN]={
512, /* "Secure Electronic Transactions" */
386, /* "Security" */
394, /* "Selected Attribute Types" */
1011, /* "Signed Object" */
143, /* "Strong Extranet ID" */
398, /* "Subject Information Access" */
130, /* "TLS Web Client Authentication" */
@ -4087,7 +4147,14 @@ static const unsigned int ln_objs[NUM_LN]={
332, /* "id-cmc-senderNonce" */
327, /* "id-cmc-statusInfo" */
331, /* "id-cmc-transactionId" */
1005, /* "id-cp" */
787, /* "id-ct-asciiTextWithCRLF" */
1013, /* "id-ct-geofeedCSVwithCRLF" */
1004, /* "id-ct-resourceTaggedAttest" */
1001, /* "id-ct-routeOriginAuthz" */
1003, /* "id-ct-rpkiGhostbusters" */
1002, /* "id-ct-rpkiManifest" */
1014, /* "id-ct-signedChecklist" */
408, /* "id-ecPublicKey" */
508, /* "id-hex-multipart-message" */
507, /* "id-hex-partial-message" */
@ -4228,6 +4295,8 @@ static const unsigned int ln_objs[NUM_LN]={
461, /* "info" */
101, /* "initials" */
869, /* "internationaliSDNNumber" */
1008, /* "ipAddr-asNumber" */
1009, /* "ipAddr-asNumberv2" */
749, /* "ipsec3" */
750, /* "ipsec4" */
181, /* "iso" */
@ -4374,7 +4443,9 @@ static const unsigned int ln_objs[NUM_LN]={
482, /* "sOARecord" */
155, /* "safeContentsBag" */
291, /* "sbgp-autonomousSysNum" */
1007, /* "sbgp-autonomousSysNumv2" */
290, /* "sbgp-ipAddrBlock" */
1006, /* "sbgp-ipAddrBlockv2" */
292, /* "sbgp-routerIdentifier" */
159, /* "sdsiCertificate" */
859, /* "searchGuide" */
@ -5015,6 +5086,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */
267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */
268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */
1005, /* OBJ_id_cp 1 3 6 1 5 5 7 14 */
662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */
176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */
507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */
@ -5137,6 +5209,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
1006, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */
1007, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */
164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */
@ -5150,6 +5224,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */
180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */
297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */
1015, /* OBJ_id_kp_bgpsec_router 1 3 6 1 5 5 7 3 30 */
298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */
299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */
300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */
@ -5209,6 +5284,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */
361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */
362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */
1008, /* OBJ_ipAddr_asNumber 1 3 6 1 5 5 7 14 2 */
1009, /* OBJ_ipAddr_asNumberv2 1 3 6 1 5 5 7 14 3 */
664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */
665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */
667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */
@ -5217,6 +5294,9 @@ static const unsigned int obj_objs[NUM_OBJ]={
363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */
364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */
785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */
1010, /* OBJ_rpkiManifest 1 3 6 1 5 5 7 48 10 */
1011, /* OBJ_signedObject 1 3 6 1 5 5 7 48 11 */
1012, /* OBJ_rpkiNotify 1 3 6 1 5 5 7 48 13 */
780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */
781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */
58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */
@ -5475,7 +5555,13 @@ static const unsigned int obj_objs[NUM_OBJ]={
210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */
211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */
1001, /* OBJ_id_ct_routeOriginAuthz 1 2 840 113549 1 9 16 1 24 */
1002, /* OBJ_id_ct_rpkiManifest 1 2 840 113549 1 9 16 1 26 */
787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */
1003, /* OBJ_id_ct_rpkiGhostbusters 1 2 840 113549 1 9 16 1 35 */
1004, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */
1013, /* OBJ_id_ct_geofeedCSVwithCRLF 1 2 840 113549 1 9 16 1 47 */
1014, /* OBJ_id_ct_signedChecklist 1 2 840 113549 1 9 16 1 48 */
212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */
213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */
214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */

22
crypto/objects/obj_xref.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: obj_xref.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */
/* $OpenBSD: obj_xref.h,v 1.5 2021/05/12 10:24:39 inoguchi Exp $ */
/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
__BEGIN_HIDDEN_DECLS
@ -44,6 +44,16 @@ static const nid_triple sigoid_srt[] =
{NID_rsassaPss, NID_undef, NID_rsaEncryption},
{NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001},
{NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001},
{NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
{NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
{NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf},
};
static const nid_triple * const sigoid_srt_xref[] =
@ -61,19 +71,29 @@ static const nid_triple * const sigoid_srt_xref[] =
&sigoid_srt[5],
&sigoid_srt[8],
&sigoid_srt[12],
&sigoid_srt[32],
&sigoid_srt[37],
&sigoid_srt[6],
&sigoid_srt[10],
&sigoid_srt[11],
&sigoid_srt[13],
&sigoid_srt[24],
&sigoid_srt[20],
&sigoid_srt[34],
&sigoid_srt[39],
&sigoid_srt[14],
&sigoid_srt[21],
&sigoid_srt[35],
&sigoid_srt[40],
&sigoid_srt[15],
&sigoid_srt[22],
&sigoid_srt[36],
&sigoid_srt[41],
&sigoid_srt[16],
&sigoid_srt[23],
&sigoid_srt[19],
&sigoid_srt[33],
&sigoid_srt[38],
&sigoid_srt[25],
&sigoid_srt[26],
&sigoid_srt[27],

17
crypto/ocsp/ocsp_cl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ocsp_cl.c,v 1.16 2018/11/25 19:48:43 jmc Exp $ */
/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
@ -81,18 +81,19 @@
OCSP_ONEREQ *
OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
{
OCSP_ONEREQ *one = NULL;
OCSP_ONEREQ *one;
if (!(one = OCSP_ONEREQ_new()))
if ((one = OCSP_ONEREQ_new()) == NULL)
goto err;
if (one->reqCert)
OCSP_CERTID_free(one->reqCert);
if (req != NULL) {
if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
goto err;
}
OCSP_CERTID_free(one->reqCert);
one->reqCert = cid;
if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
goto err;
return one;
err:
err:
OCSP_ONEREQ_free(one);
return NULL;
}

10
crypto/pkcs12/p12_attr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */
/* $OpenBSD: p12_attr.c,v 1.13 2021/07/09 14:07:59 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -125,10 +125,10 @@ PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
if (!attrs)
return NULL;
for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
attrib = sk_X509_ATTRIBUTE_value (attrs, i);
if (OBJ_obj2nid (attrib->object) == attr_nid) {
if (sk_ASN1_TYPE_num (attrib->value.set))
for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
attrib = sk_X509_ATTRIBUTE_value(attrs, i);
if (OBJ_obj2nid(attrib->object) == attr_nid) {
if (sk_ASN1_TYPE_num(attrib->value.set))
return sk_ASN1_TYPE_value(attrib->value.set, 0);
else
return NULL;

6
crypto/pkcs12/p12_crpt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: p12_crpt.c,v 1.15 2021/07/09 14:07:59 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -101,13 +101,13 @@ PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
}
salt = pbe->salt->data;
saltlen = pbe->salt->length;
if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
iter, EVP_CIPHER_key_length(cipher), key, md)) {
PKCS12error(PKCS12_R_KEY_GEN_ERROR);
PBEPARAM_free(pbe);
return 0;
}
if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
PKCS12error(PKCS12_R_IV_GEN_ERROR);
PBEPARAM_free(pbe);

4
crypto/pkcs12/p12_decr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_decr.c,v 1.19 2018/05/13 14:22:34 tb Exp $ */
/* $OpenBSD: p12_decr.c,v 1.20 2021/07/09 14:08:00 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -156,7 +156,7 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
unsigned char *in = NULL;
int inlen;
if (!(oct = ASN1_OCTET_STRING_new ())) {
if (!(oct = ASN1_OCTET_STRING_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);
return NULL;
}

16
crypto/pkcs12/p12_key.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */
/* $OpenBSD: p12_key.c,v 1.27 2021/07/09 14:08:00 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -143,7 +143,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
!EVP_DigestFinal_ex(&ctx, Ai, NULL))
goto err;
}
memcpy (out, Ai, min (n, u));
memcpy(out, Ai, min(n, u));
if (u >= n) {
ret = 1;
goto end;
@ -153,9 +153,9 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
for (j = 0; j < v; j++)
B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
if (!BN_bin2bn (B, v, Bpl1))
if (!BN_bin2bn(B, v, Bpl1))
goto err;
if (!BN_add_word (Bpl1, 1))
if (!BN_add_word(Bpl1, 1))
goto err;
for (j = 0; j < Ilen; j += v) {
if (!BN_bin2bn(I + j, v, Ij))
@ -164,12 +164,12 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
goto err;
if (!BN_bn2bin(Ij, B))
goto err;
Ijlen = BN_num_bytes (Ij);
Ijlen = BN_num_bytes(Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
if (Ijlen > v) {
if (!BN_bn2bin (Ij, B))
if (!BN_bn2bin(Ij, B))
goto err;
memcpy (I + j, B + 1, v);
memcpy(I + j, B + 1, v);
#ifndef PKCS12_BROKEN_KEYGEN
/* If less than v bytes pad with zeroes */
} else if (Ijlen < v) {
@ -177,7 +177,7 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
if (!BN_bn2bin(Ij, I + j + v - Ijlen))
goto err;
#endif
} else if (!BN_bn2bin (Ij, I + j))
} else if (!BN_bn2bin(Ij, I + j))
goto err;
}
}

18
crypto/pkcs12/p12_kiss.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: p12_kiss.c,v 1.21 2021/07/09 14:08:00 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -125,17 +125,19 @@ PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
return 0;
}
if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) {
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
PKCS12error(PKCS12_R_PARSE_ERROR);
goto err;
}
while ((x = sk_X509_pop(ocerts))) {
if (pkey && *pkey && cert && !*cert) {
ERR_set_mark();
if (X509_check_private_key(x, *pkey)) {
*cert = x;
x = NULL;
}
ERR_pop_to_mark();
}
if (ca && x) {
@ -177,11 +179,11 @@ parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey,
int i, bagnid;
PKCS7 *p7;
if (!(asafes = PKCS12_unpack_authsafes (p12)))
if (!(asafes = PKCS12_unpack_authsafes(p12)))
return 0;
for (i = 0; i < sk_PKCS7_num (asafes); i++) {
p7 = sk_PKCS7_value (asafes, i);
bagnid = OBJ_obj2nid (p7->type);
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
if (bagnid == NID_pkcs7_data) {
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
@ -227,10 +229,10 @@ parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey,
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
fname = attrib->value.bmpstring;
if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
if ((attrib = PKCS12_get_attr(bag, NID_localKeyID)))
lkid = attrib->value.octet_string;
switch (OBJ_obj2nid(bag->type)) {

4
crypto/pkcs12/p12_mutl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: p12_mutl.c,v 1.24 2021/07/09 14:08:00 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -192,7 +192,7 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
if (!salt)
arc4random_buf(p12->mac->salt->data, saltlen);
else
memcpy (p12->mac->salt->data, salt, saltlen);
memcpy(p12->mac->salt->data, salt, saltlen);
p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
PKCS12error(ERR_R_MALLOC_FAILURE);

8
crypto/rsa/rsa_sign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rsa_sign.c,v 1.31 2018/09/05 00:55:33 djm Exp $ */
/* $OpenBSD: rsa_sign.c,v 1.32 2021/05/14 18:03:42 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -108,7 +108,7 @@ encode_pkcs1(unsigned char **out, int *out_len, int type,
sig.algor->parameter = &parameter;
sig.digest = &digest;
sig.digest->data = (unsigned char*)m; /* TMP UGLY CAST */
sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
sig.digest->length = m_len;
if ((len = i2d_X509_SIG(&sig, &der)) < 0)
@ -194,7 +194,7 @@ int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
if ((decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf,
rsa, RSA_PKCS1_PADDING)) <= 0)
goto err;
if (type == NID_md5_sha1) {
/*
* NID_md5_sha1 corresponds to the MD5/SHA1 combination in
@ -229,7 +229,7 @@ int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
if (rm != NULL) {
const EVP_MD *md;
if ((md = EVP_get_digestbynid(type)) == NULL) {
if ((md = EVP_get_digestbynid(type)) == NULL) {
RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
goto err;
}

49
crypto/ts/ts_rsp_verify.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
/* $OpenBSD: ts_rsp_verify.c,v 1.21 2021/07/02 11:15:08 schwarze Exp $ */
/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
* project 2002.
*/
@ -593,35 +593,40 @@ TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
}
static int
TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
unsigned char **imprint, unsigned *imprint_len)
TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **out_md_alg,
unsigned char **out_imprint, unsigned int *out_imprint_len)
{
TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
TS_MSG_IMPRINT *msg_imprint;
X509_ALGOR *md_alg_resp;
X509_ALGOR *md_alg = NULL;
unsigned char *imprint = NULL;
unsigned int imprint_len = 0;
const EVP_MD *md;
EVP_MD_CTX md_ctx;
unsigned char buffer[4096];
int length;
*md_alg = NULL;
*imprint = NULL;
*out_md_alg = NULL;
*out_imprint = NULL;
*out_imprint_len = 0;
/* Return the MD algorithm of the response. */
if (!(*md_alg = X509_ALGOR_dup(md_alg_resp)))
/* Retrieve the MD algorithm of the response. */
msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info);
md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint);
if ((md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
goto err;
/* Getting the MD object. */
if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
if ((md = EVP_get_digestbyobj((md_alg)->algorithm)) == NULL) {
TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM);
goto err;
}
/* Compute message digest. */
length = EVP_MD_size(md);
if (length < 0)
if ((length = EVP_MD_size(md)) < 0)
goto err;
*imprint_len = length;
if (!(*imprint = malloc(*imprint_len))) {
imprint_len = length;
if ((imprint = malloc(imprint_len)) == NULL) {
TSerror(ERR_R_MALLOC_FAILURE);
goto err;
}
@ -632,16 +637,20 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
if (!EVP_DigestUpdate(&md_ctx, buffer, length))
goto err;
}
if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
if (!EVP_DigestFinal(&md_ctx, imprint, NULL))
goto err;
*out_md_alg = md_alg;
md_alg = NULL;
*out_imprint = imprint;
imprint = NULL;
*out_imprint_len = imprint_len;
return 1;
err:
X509_ALGOR_free(*md_alg);
free(*imprint);
*imprint = NULL;
*imprint_len = 0;
X509_ALGOR_free(md_alg);
free(imprint);
return 0;
}
@ -711,7 +720,7 @@ TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
/* Check the subject name first. */
if (tsa_name->type == GEN_DIRNAME &&
X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
X509_NAME_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0)
return 1;
/* Check all the alternative names. */

8
crypto/x509/ext_dat.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ext_dat.h,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
/* $OpenBSD: ext_dat.h,v 1.3 2021/09/02 21:27:26 job Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -72,7 +72,7 @@ extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
extern X509V3_EXT_METHOD v3_addr, v3_asid;
extern const X509V3_EXT_METHOD v3_addr, v3_asid;
/* This table will be searched using OBJ_bsearch so it *must* kept in
* order of the ext_nid values.
@ -105,6 +105,10 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,

1541
crypto/x509/x509_addr.c Normal file
View File

File diff suppressed because it is too large Load Diff

11
crypto/x509/x509_alt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_alt.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
/* $OpenBSD: x509_alt.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
@ -264,15 +264,18 @@ GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
break;
case GEN_EMAIL:
BIO_printf(out, "email:%s", gen->d.ia5->data);
BIO_printf(out, "email:%.*s", gen->d.ia5->length,
gen->d.ia5->data);
break;
case GEN_DNS:
BIO_printf(out, "DNS:%s", gen->d.ia5->data);
BIO_printf(out, "DNS:%.*s", gen->d.ia5->length,
gen->d.ia5->data);
break;
case GEN_URI:
BIO_printf(out, "URI:%s", gen->d.ia5->data);
BIO_printf(out, "URI:%.*s", gen->d.ia5->length,
gen->d.ia5->data);
break;
case GEN_DIRNAME:

1083
crypto/x509/x509_asid.c Normal file
View File

File diff suppressed because it is too large Load Diff

100
crypto/x509/x509_constraints.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_constraints.c,v 1.10 2020/09/21 05:41:43 tb Exp $ */
/* $OpenBSD: x509_constraints.c,v 1.17 2021/09/23 15:49:48 jsing Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@ -36,7 +36,7 @@
#define DOMAIN_PART_MAX_LEN 255
struct x509_constraints_name *
x509_constraints_name_new()
x509_constraints_name_new(void)
{
return (calloc(1, sizeof(struct x509_constraints_name)));
}
@ -69,9 +69,11 @@ x509_constraints_name_dup(struct x509_constraints_name *name)
new->type = name->type;
new->af = name->af;
new->der_len = name->der_len;
if (name->der_len > 0 && (new->der = malloc(name->der_len)) == NULL)
goto err;
memcpy(new->der, name->der, name->der_len);
if (name->der_len > 0) {
if ((new->der = malloc(name->der_len)) == NULL)
goto err;
memcpy(new->der, name->der, name->der_len);
}
if (name->name != NULL && (new->name = strdup(name->name)) == NULL)
goto err;
if (name->local != NULL && (new->local = strdup(name->local)) == NULL)
@ -84,9 +86,16 @@ x509_constraints_name_dup(struct x509_constraints_name *name)
}
struct x509_constraints_names *
x509_constraints_names_new()
x509_constraints_names_new(size_t names_max)
{
return (calloc(1, sizeof(struct x509_constraints_names)));
struct x509_constraints_names *new;
if ((new = calloc(1, sizeof(struct x509_constraints_names))) == NULL)
return NULL;
new->names_max = names_max;
return new;
}
void
@ -114,8 +123,8 @@ int
x509_constraints_names_add(struct x509_constraints_names *names,
struct x509_constraints_name *name)
{
size_t i = names->names_count;
if (names->names_count >= names->names_max)
return 0;
if (names->names_count == names->names_len) {
struct x509_constraints_name **tmp;
if ((tmp = recallocarray(names->names, names->names_len,
@ -124,7 +133,7 @@ x509_constraints_names_add(struct x509_constraints_names *names,
names->names_len += 32;
names->names = tmp;
}
names->names[i] = name;
names->names[names->names_count] = name;
names->names_count++;
return 1;
}
@ -139,14 +148,16 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
if (names == NULL)
return NULL;
if ((new = x509_constraints_names_new()) == NULL)
if ((new = x509_constraints_names_new(names->names_max)) == NULL)
goto err;
for (i = 0; i < names->names_count; i++) {
if ((name = x509_constraints_name_dup(names->names[i])) == NULL)
goto err;
if (!x509_constraints_names_add(new, name))
goto err;
}
return new;
err:
x509_constraints_names_free(new);
@ -158,13 +169,15 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
/*
* Validate that the name contains only a hostname consisting of RFC
* 5890 compliant A-labels (see RFC 6066 section 3). This is more
* permissive to allow for a leading '*' for a SAN DNSname wildcard,
* or a leading '.' for a subdomain based constraint, as well as
* allowing for '_' which is commonly accepted by nonconformant
* DNS implementaitons.
* permissive to allow for a leading '.' for a subdomain based
* constraint, as well as allowing for '_' which is commonly accepted
* by nonconformant DNS implementaitons.
*
* if "wildcards" is set it allows '*' to occur in the string at the end of a
* component.
*/
static int
x509_constraints_valid_domain_internal(uint8_t *name, size_t len)
x509_constraints_valid_domain_internal(uint8_t *name, size_t len, int wildcards)
{
uint8_t prev, c = 0;
int component = 0;
@ -187,8 +200,8 @@ x509_constraints_valid_domain_internal(uint8_t *name, size_t len)
if (!isalnum(c) && c != '-' && c != '.' && c != '_' && c != '*')
return 0;
/* '*' can only be the first thing. */
if (c == '*' && !first)
/* if it is a '*', fail if not wildcards */
if (!wildcards && c == '*')
return 0;
/* '-' must not start a component or be at the end. */
@ -210,6 +223,13 @@ x509_constraints_valid_domain_internal(uint8_t *name, size_t len)
component = 0;
continue;
}
/*
* Wildcards can only occur at the end of a component.
* c*.com is valid, c*c.com is not.
*/
if (prev == '*')
return 0;
/* Components must be 63 chars or less. */
if (++component > 63)
return 0;
@ -222,15 +242,13 @@ x509_constraints_valid_domain(uint8_t *name, size_t len)
{
if (len == 0)
return 0;
if (name[0] == '*') /* wildcard not allowed in a domain name */
return 0;
/*
* A domain may not be less than two characters, so you can't
* have a require subdomain name with less than that.
*/
if (len < 3 && name[0] == '.')
return 0;
return x509_constraints_valid_domain_internal(name, len);
return x509_constraints_valid_domain_internal(name, len, 0);
}
int
@ -241,15 +259,13 @@ x509_constraints_valid_host(uint8_t *name, size_t len)
if (len == 0)
return 0;
if (name[0] == '*') /* wildcard not allowed in a host name */
return 0;
if (name[0] == '.') /* leading . not allowed in a host name*/
return 0;
if (inet_pton(AF_INET, name, &sin4) == 1)
return 0;
if (inet_pton(AF_INET6, name, &sin6) == 1)
return 0;
return x509_constraints_valid_domain_internal(name, len);
return x509_constraints_valid_domain_internal(name, len, 0);
}
int
@ -272,7 +288,7 @@ x509_constraints_valid_sandns(uint8_t *name, size_t len)
if (len >= 4 && name[0] == '*' && name[1] != '.')
return 0;
return x509_constraints_valid_domain_internal(name, len);
return x509_constraints_valid_domain_internal(name, len, 1);
}
static inline int
@ -323,16 +339,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
if (c == '.')
goto bad;
}
if (wi > DOMAIN_PART_MAX_LEN)
goto bad;
if (accept) {
if (wi >= DOMAIN_PART_MAX_LEN)
goto bad;
working[wi++] = c;
accept = 0;
continue;
}
if (candidate_local != NULL) {
/* We are looking for the domain part */
if (wi > DOMAIN_PART_MAX_LEN)
if (wi >= DOMAIN_PART_MAX_LEN)
goto bad;
working[wi++] = c;
if (i == len - 1) {
@ -347,7 +363,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
continue;
}
/* We are looking for the local part */
if (wi > LOCAL_PART_MAX_LEN)
if (wi >= LOCAL_PART_MAX_LEN)
break;
if (quoted) {
@ -367,6 +383,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
*/
if (c == 9)
goto bad;
if (wi >= LOCAL_PART_MAX_LEN)
goto bad;
working[wi++] = c;
continue; /* all's good inside our quoted string */
}
@ -396,6 +414,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len,
}
if (!local_part_ok(c))
goto bad;
if (wi >= LOCAL_PART_MAX_LEN)
goto bad;
working[wi++] = c;
}
if (candidate_local == NULL || candidate_domain == NULL)
@ -420,16 +440,13 @@ x509_constraints_valid_domain_constraint(uint8_t *constraint, size_t len)
if (len == 0)
return 1; /* empty constraints match */
if (constraint[0] == '*') /* wildcard not allowed in a constraint */
return 0;
/*
* A domain may not be less than two characters, so you
* can't match a single domain of less than that
*/
if (len < 3 && constraint[0] == '.')
return 0;
return x509_constraints_valid_domain_internal(constraint, len);
return x509_constraints_valid_domain_internal(constraint, len, 0);
}
/*
@ -700,7 +717,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
*error = X509_V_ERR_OUT_OF_MEM;
goto err;
}
vname->type=GEN_DNS;
vname->type = GEN_DNS;
include_cn = 0; /* don't use cn from subject */
break;
case GEN_EMAIL:
@ -1115,7 +1132,8 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth)
goto err;
if (chain_length == 1)
return 1;
if ((names = x509_constraints_names_new()) == NULL) {
if ((names = x509_constraints_names_new(
X509_VERIFY_MAX_CHAIN_NAMES)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
@ -1128,13 +1146,13 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth)
if ((cert = sk_X509_value(chain, i)) == NULL)
goto err;
if (cert->nc != NULL) {
if ((permitted =
x509_constraints_names_new()) == NULL) {
if ((permitted = x509_constraints_names_new(
X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
if ((excluded =
x509_constraints_names_new()) == NULL) {
if ((excluded = x509_constraints_names_new(
X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
@ -1159,10 +1177,6 @@ x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth)
if (!x509_constraints_extract_names(names, cert, 0,
&verify_err))
goto err;
if (names->names_count > X509_VERIFY_MAX_CHAIN_NAMES) {
verify_err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
}
x509_constraints_names_free(names);

13
crypto/x509/x509_cpols.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_cpols.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
/* $OpenBSD: x509_cpols.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -696,7 +696,8 @@ print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent)
qualinfo = sk_POLICYQUALINFO_value(quals, i);
switch (OBJ_obj2nid(qualinfo->pqualid)) {
case NID_id_qt_cps:
BIO_printf(out, "%*sCPS: %s\n", indent, "",
BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
qualinfo->d.cpsuri->length,
qualinfo->d.cpsuri->data);
break;
@ -724,8 +725,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
if (notice->noticeref) {
NOTICEREF *ref;
ref = notice->noticeref;
BIO_printf(out, "%*sOrganization: %s\n", indent, "",
ref->organization->data);
BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
ref->organization->length, ref->organization->data);
BIO_printf(out, "%*sNumber%s: ", indent, "",
sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
@ -741,8 +742,8 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
BIO_puts(out, "\n");
}
if (notice->exptext)
BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
notice->exptext->data);
BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
notice->exptext->length, notice->exptext->data);
}
void

52
crypto/x509/x509_genn.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_genn.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
/* $OpenBSD: x509_genn.c,v 1.2 2020/12/08 15:06:42 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -117,16 +117,17 @@ OTHERNAME_free(OTHERNAME *a)
ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it);
}
/* Uses explicit tagging since DIRECTORYSTRING is a CHOICE type */
static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = {
{
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(EDIPARTYNAME, nameAssigner),
.field_name = "nameAssigner",
.item = &DIRECTORYSTRING_it,
},
{
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
.flags = ASN1_TFLG_EXPLICIT,
.tag = 1,
.offset = offsetof(EDIPARTYNAME, partyName),
.field_name = "partyName",
@ -324,6 +325,37 @@ GENERAL_NAME_dup(GENERAL_NAME *a)
return ASN1_item_dup(&GENERAL_NAME_it, a);
}
static int
EDIPARTYNAME_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
{
int res;
/*
* Shouldn't be possible in a valid GENERAL_NAME, but we handle it
* anyway. OTHERNAME_cmp treats NULL != NULL, so we do the same here.
*/
if (a == NULL || b == NULL)
return -1;
if (a->nameAssigner == NULL && b->nameAssigner != NULL)
return -1;
if (a->nameAssigner != NULL && b->nameAssigner == NULL)
return 1;
/* If we get here, both have nameAssigner set or both unset. */
if (a->nameAssigner != NULL) {
res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
if (res != 0)
return res;
}
/*
* partyName is required, so these should never be NULL. We treat it in
* the same way as the a == NULL || b == NULL case above.
*/
if (a->partyName == NULL || b->partyName == NULL)
return -1;
return ASN1_STRING_cmp(a->partyName, b->partyName);
}
/* Returns 0 if they are equal, != 0 otherwise. */
int
GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
@ -334,8 +366,11 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return -1;
switch (a->type) {
case GEN_X400:
result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
break;
case GEN_EDIPARTY:
result = ASN1_TYPE_cmp(a->d.other, b->d.other);
result = EDIPARTYNAME_cmp(a->d.ediPartyName, b->d.ediPartyName);
break;
case GEN_OTHERNAME:
@ -384,8 +419,11 @@ GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
{
switch (type) {
case GEN_X400:
a->d.x400Address = value;
break;
case GEN_EDIPARTY:
a->d.other = value;
a->d.ediPartyName = value;
break;
case GEN_OTHERNAME:
@ -420,8 +458,10 @@ GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
*ptype = a->type;
switch (a->type) {
case GEN_X400:
return a->d.x400Address;
case GEN_EDIPARTY:
return a->d.other;
return a->d.ediPartyName;
case GEN_OTHERNAME:
return a->d.otherName;

20
crypto/x509/x509_internal.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_internal.h,v 1.3 2020/09/15 11:55:14 beck Exp $ */
/* $OpenBSD: x509_internal.h,v 1.12.2.1 2021/11/24 09:28:55 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@ -51,18 +51,23 @@ struct x509_constraints_name {
struct x509_constraints_names {
struct x509_constraints_name **names;
size_t names_len;
size_t names_count;
size_t names_len;
size_t names_max;
};
struct x509_verify_chain {
STACK_OF(X509) *certs; /* Kept in chain order, includes leaf */
int *cert_errors; /* Verify error for each cert in chain. */
struct x509_constraints_names *names; /* All names from all certs */
};
struct x509_verify_ctx {
X509_STORE_CTX *xsc;
struct x509_verify_chain **chains; /* Validated chains */
STACK_OF(X509) *saved_error_chain;
int saved_error;
int saved_error_depth;
size_t chains_count;
STACK_OF(X509) *roots; /* Trusted roots for this validation */
STACK_OF(X509) *intermediates; /* Intermediates provided by peer */
@ -72,8 +77,8 @@ struct x509_verify_ctx {
size_t max_depth; /* Max chain depth for validation */
size_t max_sigs; /* Max number of signature checks */
size_t sig_checks; /* Number of signature checks done */
size_t error_depth; /* Depth of last error seen */
int error; /* Last error seen */
size_t error_depth; /* Depth of last error seen */
int error; /* Last error seen */
};
int ASN1_time_tm_clamp_notafter(struct tm *tm);
@ -85,13 +90,14 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx);
int x509_vfy_check_policy(X509_STORE_CTX *ctx);
int x509_vfy_check_trust(X509_STORE_CTX *ctx);
int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
void x509v3_cache_extensions(X509 *x);
X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x);
int x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm,
int notafter);
struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc,
STACK_OF(X509) *roots);
struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc);
void x509_constraints_name_clear(struct x509_constraints_name *name);
int x509_constraints_names_add(struct x509_constraints_names *names,
@ -99,7 +105,7 @@ int x509_constraints_names_add(struct x509_constraints_names *names,
struct x509_constraints_names *x509_constraints_names_dup(
struct x509_constraints_names *names);
void x509_constraints_names_clear(struct x509_constraints_names *names);
struct x509_constraints_names *x509_constraints_names_new(void);
struct x509_constraints_names *x509_constraints_names_new(size_t names_max);
void x509_constraints_names_free(struct x509_constraints_names *names);
int x509_constraints_valid_host(uint8_t *name, size_t len);
int x509_constraints_valid_sandns(uint8_t *name, size_t len);

12
crypto/x509/x509_issuer_cache.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_issuer_cache.c,v 1.1 2020/09/11 14:30:51 beck Exp $ */
/* $OpenBSD: x509_issuer_cache.c,v 1.2 2020/11/18 17:00:59 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@ -77,9 +77,9 @@ x509_issuer_cache_set_max(size_t max)
* Find a previous result of checking if parent signed child
*
* Returns:
* -1 : No entry exists in the cache. signature must be checked.
* 0 : The signature of parent signing child is invalid.
* 1 : The signature of parent signing child is valid.
* -1 : No entry exists in the cache. signature must be checked.
* 0 : The signature of parent signing child is invalid.
* 1 : The signature of parent signing child is valid.
*/
int
x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md)
@ -98,7 +98,7 @@ x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md)
return -1;
if ((found = RB_FIND(x509_issuer_tree, &x509_issuer_cache,
&candidate)) != NULL) {
TAILQ_REMOVE(&x509_issuer_lru, found, queue);
TAILQ_REMOVE(&x509_issuer_lru, found, queue);
TAILQ_INSERT_HEAD(&x509_issuer_lru, found, queue);
ret = found->valid;
}
@ -111,7 +111,7 @@ x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md)
* Attempt to add a validation result to the cache.
*
* valid must be:
* 0: The signature of parent signing child is invalid.
* 0: The signature of parent signing child is invalid.
* 1: The signature of parent signing child is valid.
*
* Previously added entries for the same parent and child are *not* replaced.

12
crypto/x509/x509_lu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_lu.c,v 1.30 2018/08/24 19:21:09 tb Exp $ */
/* $OpenBSD: x509_lu.c,v 1.31 2021/10/06 08:29:41 claudio Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -312,6 +312,9 @@ X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT stmp, *tmp;
int i, j;
if (ctx == NULL)
return 0;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
@ -561,6 +564,8 @@ X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
X509 *x;
X509_OBJECT *obj;
if (ctx->ctx == NULL)
return NULL;
sk = sk_X509_new_null();
if (sk == NULL)
return NULL;
@ -610,6 +615,8 @@ X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
X509_CRL *x;
X509_OBJECT *obj, xobj;
if (ctx->ctx == NULL)
return NULL;
sk = sk_X509_CRL_new_null();
if (sk == NULL)
return NULL;
@ -718,6 +725,9 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
X509_OBJECT_free_contents(&obj);
if (ctx->ctx == NULL)
return 0;
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

5
crypto/x509/x509_pci.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_pci.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
/* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
/* Contributed to the OpenSSL Project 2004
* by Richard Levitte (richard@levitte.org)
*/
@ -77,7 +77,8 @@ i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out,
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n");
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data);
return 1;
}

79
crypto/x509/x509_purp.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_purp.c,v 1.2 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509_purp.c,v 1.7 2021/09/13 15:26:53 claudio Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -132,6 +132,8 @@ X509_check_purpose(X509 *x, int id, int ca)
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
if (x->ex_flags & EXFLAG_INVALID)
return X509_V_ERR_UNSPECIFIED;
}
if (id == -1)
return 1;
@ -293,11 +295,7 @@ xptable_free(X509_PURPOSE *p)
void
X509_PURPOSE_cleanup(void)
{
unsigned int i;
sk_X509_PURPOSE_pop_free(xptable, xptable_free);
for(i = 0; i < X509_PURPOSE_COUNT; i++)
xptable_free(xstandard + i);
xptable = NULL;
}
@ -368,6 +366,10 @@ X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@ -421,7 +423,12 @@ setup_crldp(X509 *x)
{
int i;
x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL);
if (x->crldp == NULL && i != -1) {
x->ex_flags |= EXFLAG_INVALID;
return;
}
for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
}
@ -449,7 +456,7 @@ x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_V1;
/* Handle basic constraints */
if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) {
if (bs->ca)
x->ex_flags |= EXFLAG_CA;
if (bs->pathlen) {
@ -463,10 +470,12 @@ x509v3_cache_extensions(X509 *x)
x->ex_pathlen = -1;
BASIC_CONSTRAINTS_free(bs);
x->ex_flags |= EXFLAG_BCONS;
} else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
/* Handle proxy certificates */
if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) {
if (x->ex_flags & EXFLAG_CA ||
X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 ||
X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
@ -485,10 +494,12 @@ x509v3_cache_extensions(X509 *x)
x->ex_pcpathlen = -1;
PROXY_CERT_INFO_EXTENSION_free(pci);
x->ex_flags |= EXFLAG_PROXY;
} else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
/* Handle key usage */
if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL))) {
if (usage->length > 0) {
x->ex_kusage = usage->data[0];
if (usage->length > 1)
@ -497,9 +508,12 @@ x509v3_cache_extensions(X509 *x)
x->ex_kusage = 0;
x->ex_flags |= EXFLAG_KUSAGE;
ASN1_BIT_STRING_free(usage);
} else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
x->ex_xkusage = 0;
if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL))) {
x->ex_flags |= EXFLAG_XKUSAGE;
for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
@ -538,19 +552,27 @@ x509v3_cache_extensions(X509 *x)
}
}
sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
} else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL))) {
if (ns->length > 0)
x->ex_nscert = ns->data[0];
else
x->ex_nscert = 0;
x->ex_flags |= EXFLAG_NSCERT;
ASN1_BIT_STRING_free(ns);
} else if (i != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL);
if (x->skid == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL);
if (x->akid == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
/* Does subject name match issuer? */
if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
@ -561,12 +583,23 @@ x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_SS;
}
x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL);
if (x->altname == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
if (!x->nc && (i != -1))
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);
#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL);
if (x->rfc3779_addr == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL);
if (x->rfc3779_asid == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) ==
@ -626,6 +659,8 @@ X509_check_ca(X509 *x)
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
if (x->ex_flags & EXFLAG_INVALID)
return X509_V_ERR_UNSPECIFIED;
}
return check_ca(x);
@ -836,8 +871,20 @@ X509_check_issued(X509 *issuer, X509 *subject)
if (X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_issuer_name(subject)))
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
x509v3_cache_extensions(issuer);
x509v3_cache_extensions(subject);
if (!(issuer->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(issuer);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
if (issuer->ex_flags & EXFLAG_INVALID)
return X509_V_ERR_UNSPECIFIED;
if (!(subject->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(subject);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
if (subject->ex_flags & EXFLAG_INVALID)
return X509_V_ERR_UNSPECIFIED;
if (subject->akid) {
int ret = X509_check_akid(issuer, subject->akid);

6
crypto/x509/x509_trs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_trs.c,v 1.23 2018/05/18 18:40:38 tb Exp $ */
/* $OpenBSD: x509_trs.c,v 1.24 2021/07/23 20:50:28 schwarze Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -265,10 +265,6 @@ trtable_free(X509_TRUST *p)
void
X509_TRUST_cleanup(void)
{
unsigned int i;
for (i = 0; i < X509_TRUST_COUNT; i++)
trtable_free(trstandard + i);
sk_X509_TRUST_pop_free(trtable, trtable_free);
trtable = NULL;
}

577
crypto/x509/x509_verify.c
View File

@ -1,6 +1,6 @@
/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */
/* $OpenBSD: x509_verify.c,v 1.49.2.1 2021/11/24 09:28:56 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -15,7 +15,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* x509_verify - inspired by golang's crypto/x509/Verify */
/* x509_verify - inspired by golang's crypto/x509.Verify */
#include <errno.h>
#include <stdio.h>
@ -33,7 +33,7 @@
static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
struct x509_verify_chain *current_chain);
static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
struct x509_verify_chain *current_chain);
struct x509_verify_chain *current_chain, int full_chain);
static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert,
size_t depth, int error, int ok);
static void x509_verify_chain_free(struct x509_verify_chain *chain);
@ -49,7 +49,11 @@ x509_verify_chain_new(void)
goto err;
if ((chain->certs = sk_X509_new_null()) == NULL)
goto err;
if ((chain->names = x509_constraints_names_new()) == NULL)
if ((chain->cert_errors = calloc(X509_VERIFY_MAX_CHAIN_CERTS,
sizeof(int))) == NULL)
goto err;
if ((chain->names =
x509_constraints_names_new(X509_VERIFY_MAX_CHAIN_NAMES)) == NULL)
goto err;
return chain;
@ -63,6 +67,8 @@ x509_verify_chain_clear(struct x509_verify_chain *chain)
{
sk_X509_pop_free(chain->certs, X509_free);
chain->certs = NULL;
free(chain->cert_errors);
chain->cert_errors = NULL;
x509_constraints_names_free(chain->names);
chain->names = NULL;
}
@ -81,10 +87,15 @@ x509_verify_chain_dup(struct x509_verify_chain *chain)
{
struct x509_verify_chain *new_chain;
if ((new_chain = x509_verify_chain_new()) == NULL)
if ((new_chain = calloc(1, sizeof(*chain))) == NULL)
goto err;
if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL)
goto err;
if ((new_chain->cert_errors = calloc(X509_VERIFY_MAX_CHAIN_CERTS,
sizeof(int))) == NULL)
goto err;
memcpy(new_chain->cert_errors, chain->cert_errors,
X509_VERIFY_MAX_CHAIN_CERTS * sizeof(int));
if ((new_chain->names =
x509_constraints_names_dup(chain->names)) == NULL)
goto err;
@ -99,18 +110,32 @@ x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert,
int *error)
{
int verify_err = X509_V_ERR_UNSPECIFIED;
size_t idx;
if (!x509_constraints_extract_names(chain->names, cert,
sk_X509_num(chain->certs) == 0, &verify_err)) {
*error = verify_err;
return 0;
}
X509_up_ref(cert);
if (!sk_X509_push(chain->certs, cert)) {
X509_free(cert);
*error = X509_V_ERR_OUT_OF_MEM;
return 0;
}
idx = sk_X509_num(chain->certs) - 1;
chain->cert_errors[idx] = *error;
/*
* We've just added the issuer for the previous certificate,
* clear its error if appropriate.
*/
if (idx > 1 && chain->cert_errors[idx - 1] ==
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
chain->cert_errors[idx - 1] = X509_V_OK;
return 1;
}
@ -141,6 +166,9 @@ x509_verify_ctx_reset(struct x509_verify_ctx *ctx)
for (i = 0; i < ctx->chains_count; i++)
x509_verify_chain_free(ctx->chains[i]);
sk_X509_pop_free(ctx->saved_error_chain, X509_free);
ctx->saved_error = 0;
ctx->saved_error_depth = 0;
ctx->error = 0;
ctx->error_depth = 0;
ctx->chains_count = 0;
@ -158,40 +186,209 @@ x509_verify_ctx_clear(struct x509_verify_ctx *ctx)
}
static int
x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert)
x509_verify_cert_cache_extensions(X509 *cert) {
if (!(cert->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(cert);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
if (cert->ex_flags & EXFLAG_INVALID)
return 0;
return (cert->ex_flags & EXFLAG_SET);
}
static int
x509_verify_cert_self_signed(X509 *cert)
{
return (cert->ex_flags & EXFLAG_SS) ? 1 : 0;
}
static int
x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert,
int full_chain)
{
X509 *match = NULL;
int i;
for (i = 0; i < sk_X509_num(ctx->roots); i++) {
if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0)
return 1;
if (!x509_verify_cert_cache_extensions(cert))
return 0;
/* Check by lookup if we have a legacy xsc */
if (ctx->xsc != NULL) {
if ((match = x509_vfy_lookup_cert_match(ctx->xsc,
cert)) != NULL) {
X509_free(match);
return !full_chain ||
x509_verify_cert_self_signed(cert);
}
} else {
/* Check the provided roots */
for (i = 0; i < sk_X509_num(ctx->roots); i++) {
if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0)
return !full_chain ||
x509_verify_cert_self_signed(cert);
}
}
return 0;
}
static int
x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
struct x509_verify_chain *chain)
struct x509_verify_chain *chain, int set_error, int is_trusted)
{
size_t depth;
X509 *last = x509_verify_chain_last(chain);
size_t num_untrusted;
int i;
if (ctx->xsc == NULL)
return 1;
depth = sk_X509_num(chain->certs);
if (depth > 0)
depth--;
/*
* XXX last_untrusted is actually the number of untrusted certs at the
* bottom of the chain. This works now since we stop at the first
* trusted cert. This will need fixing once we allow more than one
* trusted certificate.
*/
num_untrusted = sk_X509_num(chain->certs);
if (is_trusted && num_untrusted > 0)
num_untrusted--;
ctx->xsc->last_untrusted = num_untrusted;
ctx->xsc->last_untrusted = depth ? depth - 1 : 0;
sk_X509_pop_free(ctx->xsc->chain, X509_free);
ctx->xsc->chain = X509_chain_up_ref(chain->certs);
if (ctx->xsc->chain == NULL)
return x509_verify_cert_error(ctx, last, depth,
return x509_verify_cert_error(ctx, NULL, 0,
X509_V_ERR_OUT_OF_MEM, 0);
if (set_error) {
ctx->xsc->error = X509_V_OK;
ctx->xsc->error_depth = 0;
for (i = 0; i < sk_X509_num(chain->certs); i++) {
if (chain->cert_errors[i] != X509_V_OK) {
ctx->xsc->error = chain->cert_errors[i];
ctx->xsc->error_depth = i;
break;
}
}
}
return 1;
}
/*
* Save the error state and unvalidated chain off of the xsc for
* later.
*/
static int
x509_verify_ctx_save_xsc_error(struct x509_verify_ctx *ctx)
{
if (ctx->xsc != NULL && ctx->xsc->chain != NULL) {
sk_X509_pop_free(ctx->saved_error_chain, X509_free);
ctx->saved_error_chain = X509_chain_up_ref(ctx->xsc->chain);
if (ctx->saved_error_chain == NULL)
return x509_verify_cert_error(ctx, NULL, 0,
X509_V_ERR_OUT_OF_MEM, 0);
ctx->saved_error = ctx->xsc->error;
ctx->saved_error_depth = ctx->xsc->error_depth;
}
return 1;
}
/*
* Restore the saved error state and unvalidated chain to the xsc
* if we do not have a validated chain.
*/
static int
x509_verify_ctx_restore_xsc_error(struct x509_verify_ctx *ctx)
{
if (ctx->xsc != NULL && ctx->chains_count == 0 &&
ctx->saved_error_chain != NULL) {
sk_X509_pop_free(ctx->xsc->chain, X509_free);
ctx->xsc->chain = X509_chain_up_ref(ctx->saved_error_chain);
if (ctx->xsc->chain == NULL)
return x509_verify_cert_error(ctx, NULL, 0,
X509_V_ERR_OUT_OF_MEM, 0);
ctx->xsc->error = ctx->saved_error;
ctx->xsc->error_depth = ctx->saved_error_depth;
}
return 1;
}
/* Perform legacy style validation of a chain */
static int
x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx,
struct x509_verify_chain *chain, size_t depth)
{
int ret = 0, trust;
if (ctx->xsc == NULL)
return 1;
/*
* If we have a legacy xsc, choose a validated chain, and
* apply the extensions, revocation, and policy checks just
* like the legacy code did. We do this here instead of as
* building the chains to more easily support the callback and
* the bewildering array of VERIFY_PARAM knobs that are there
* for the fiddling.
*/
/* These may be set in one of the following calls. */
ctx->xsc->error = X509_V_OK;
ctx->xsc->error_depth = 0;
trust = x509_vfy_check_trust(ctx->xsc);
if (trust == X509_TRUST_REJECTED)
goto err;
if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1))
goto err;
/*
* XXX currently this duplicates some work done in chain
* build, but we keep it here until we have feature parity
*/
if (!x509_vfy_check_chain_extensions(ctx->xsc))
goto err;
if (!x509_constraints_chain(ctx->xsc->chain,
&ctx->xsc->error, &ctx->xsc->error_depth)) {
X509 *cert = sk_X509_value(ctx->xsc->chain, depth);
if (!x509_verify_cert_error(ctx, cert,
ctx->xsc->error_depth, ctx->xsc->error, 0))
goto err;
}
if (!x509_vfy_check_revocation(ctx->xsc))
goto err;
if (!x509_vfy_check_policy(ctx->xsc))
goto err;
if ((!(ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) &&
trust != X509_TRUST_TRUSTED)
goto err;
ret = 1;
err:
/*
* The above checks may have set ctx->xsc->error and
* ctx->xsc->error_depth - save these for later on.
*/
if (ctx->xsc->error != X509_V_OK) {
if (ctx->xsc->error_depth < 0 ||
ctx->xsc->error_depth >= X509_VERIFY_MAX_CHAIN_CERTS)
return 0;
chain->cert_errors[ctx->xsc->error_depth] =
ctx->xsc->error;
ctx->error_depth = ctx->xsc->error_depth;
}
return ret;
}
/* Add a validated chain to our list of valid chains */
static int
x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx,
@ -208,43 +405,17 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx,
return x509_verify_cert_error(ctx, last, depth,
X509_V_ERR_CERT_CHAIN_TOO_LONG, 0);
/* Clear a get issuer failure for a root certificate. */
if (chain->cert_errors[depth] ==
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
chain->cert_errors[depth] = X509_V_OK;
if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth))
return 0;
/*
* If we have a legacy xsc, choose a validated chain,
* and apply the extensions, revocation, and policy checks
* just like the legacy code did. We do this here instead
* of as building the chains to more easily support the
* callback and the bewildering array of VERIFY_PARAM
* knobs that are there for the fiddling.
*/
if (ctx->xsc != NULL) {
if (!x509_verify_ctx_set_xsc_chain(ctx, chain))
return 0;
/*
* XXX currently this duplicates some work done
* in chain build, but we keep it here until
* we have feature parity
*/
if (!x509_vfy_check_chain_extensions(ctx->xsc))
return 0;
if (!x509_constraints_chain(ctx->xsc->chain,
&ctx->xsc->error, &ctx->xsc->error_depth)) {
X509 *cert = sk_X509_value(ctx->xsc->chain, depth);
if (!x509_verify_cert_error(ctx, cert,
ctx->xsc->error_depth, ctx->xsc->error, 0))
return 0;
}
if (!x509_vfy_check_revocation(ctx->xsc))
return 0;
if (!x509_vfy_check_policy(ctx->xsc))
return 0;
}
/*
* no xsc means we are being called from the non-legacy API,
* extensions and purpose are dealt with as the chain is built.
* In the non-legacy code, extensions and purpose are dealt
* with as the chain is built.
*
* The non-legacy api returns multiple chains but does not do
* any revocation checking (it must be done by the caller on
@ -266,6 +437,8 @@ static int
x509_verify_potential_parent(struct x509_verify_ctx *ctx, X509 *parent,
X509 *child)
{
if (!x509_verify_cert_cache_extensions(parent))
return 0;
if (ctx->xsc != NULL)
return (ctx->xsc->check_issued(ctx->xsc, child, parent));
@ -313,7 +486,7 @@ x509_verify_parent_signature(X509 *parent, X509 *child,
static int
x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert,
unsigned char *cert_md, int is_root_cert, X509 *candidate,
struct x509_verify_chain *current_chain)
struct x509_verify_chain *current_chain, int full_chain)
{
int depth = sk_X509_num(current_chain->certs);
struct x509_verify_chain *new_chain;
@ -333,12 +506,11 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert,
return 0;
}
if (!x509_verify_parent_signature(candidate, cert, cert_md,
&ctx->error)) {
if (!x509_verify_cert_error(ctx, candidate, depth,
ctx->error, 0))
return 0;
if (!x509_verify_cert_error(ctx, candidate, depth,
ctx->error, 0))
return 0;
}
if (!x509_verify_cert_valid(ctx, candidate, current_chain))
@ -351,8 +523,7 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert,
return 0;
}
if (!x509_verify_chain_append(new_chain, candidate, &ctx->error)) {
x509_verify_cert_error(ctx, candidate, depth,
ctx->error, 0);
x509_verify_cert_error(ctx, candidate, depth, ctx->error, 0);
x509_verify_chain_free(new_chain);
return 0;
}
@ -363,17 +534,18 @@ x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert,
* give up.
*/
if (is_root_cert) {
if (!x509_verify_ctx_set_xsc_chain(ctx, new_chain)) {
if (!x509_verify_ctx_set_xsc_chain(ctx, new_chain, 0, 1)) {
x509_verify_chain_free(new_chain);
return 0;
}
if (x509_verify_cert_error(ctx, candidate, depth, X509_V_OK, 1)) {
(void) x509_verify_ctx_add_chain(ctx, new_chain);
goto done;
if (!x509_verify_ctx_add_chain(ctx, new_chain)) {
x509_verify_chain_free(new_chain);
return 0;
}
goto done;
}
x509_verify_build_chains(ctx, candidate, new_chain);
x509_verify_build_chains(ctx, candidate, new_chain, full_chain);
done:
x509_verify_chain_free(new_chain);
@ -397,11 +569,19 @@ x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth,
static void
x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
struct x509_verify_chain *current_chain)
struct x509_verify_chain *current_chain, int full_chain)
{
unsigned char cert_md[EVP_MAX_MD_SIZE] = { 0 };
X509 *candidate;
int i, depth, count;
int i, depth, count, ret, is_root;
/*
* If we are finding chains with an xsc, just stop after we have
* one chain, there's no point in finding more, it just exercises
* the potentially buggy callback processing in the calling software.
*/
if (ctx->xsc != NULL && ctx->chains_count > 0)
return;
depth = sk_X509_num(current_chain->certs);
if (depth > 0)
@ -418,36 +598,80 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
return;
count = ctx->chains_count;
ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
ctx->error_depth = depth;
for (i = 0; i < sk_X509_num(ctx->roots); i++) {
candidate = sk_X509_value(ctx->roots, i);
if (x509_verify_potential_parent(ctx, candidate, cert)) {
x509_verify_consider_candidate(ctx, cert,
cert_md, 1, candidate, current_chain);
if (ctx->saved_error != 0)
ctx->error = ctx->saved_error;
if (ctx->saved_error_depth != 0)
ctx->error_depth = ctx->saved_error_depth;
if (ctx->xsc != NULL) {
/*
* Long ago experiments at Muppet labs resulted in a
* situation where software not only sees these errors
* but forced developers to expect them in certain cases.
* so we must mimic this awfulness for the legacy case.
*/
if (cert->ex_flags & EXFLAG_SS)
ctx->error = (depth == 0) ?
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
}
/* Check for legacy mode roots */
if (ctx->xsc != NULL) {
if ((ret = ctx->xsc->get_issuer(&candidate, ctx->xsc, cert)) < 0) {
x509_verify_cert_error(ctx, cert, depth,
X509_V_ERR_STORE_LOOKUP, 0);
return;
}
if (ret > 0) {
if (x509_verify_potential_parent(ctx, candidate, cert)) {
is_root = !full_chain ||
x509_verify_cert_self_signed(candidate);
x509_verify_consider_candidate(ctx, cert,
cert_md, is_root, candidate, current_chain,
full_chain);
}
X509_free(candidate);
}
} else {
/* Check to see if we have a trusted root issuer. */
for (i = 0; i < sk_X509_num(ctx->roots); i++) {
candidate = sk_X509_value(ctx->roots, i);
if (x509_verify_potential_parent(ctx, candidate, cert)) {
is_root = !full_chain ||
x509_verify_cert_self_signed(candidate);
x509_verify_consider_candidate(ctx, cert,
cert_md, is_root, candidate, current_chain,
full_chain);
}
}
}
/* Check intermediates after checking roots */
if (ctx->intermediates != NULL) {
for (i = 0; i < sk_X509_num(ctx->intermediates); i++) {
candidate = sk_X509_value(ctx->intermediates, i);
if (x509_verify_potential_parent(ctx, candidate, cert)) {
x509_verify_consider_candidate(ctx, cert,
cert_md, 0, candidate, current_chain);
cert_md, 0, candidate, current_chain,
full_chain);
}
}
}
if (ctx->chains_count > count) {
if (ctx->xsc != NULL) {
ctx->xsc->error = X509_V_OK;
ctx->xsc->error_depth = depth;
ctx->xsc->current_cert = cert;
(void) ctx->xsc->verify_cb(1, ctx->xsc);
}
} else if (ctx->error_depth == depth) {
(void) x509_verify_cert_error(ctx, cert, depth,
ctx->error, 0);
if (!x509_verify_ctx_set_xsc_chain(ctx, current_chain, 0, 0))
return;
}
}
@ -458,8 +682,13 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name)
size_t len;
if (name == NULL) {
if (ctx->xsc != NULL)
return x509_vfy_check_id(ctx->xsc);
if (ctx->xsc != NULL) {
int ret;
if ((ret = x509_vfy_check_id(ctx->xsc)) == 0)
ctx->error = ctx->xsc->error;
return ret;
}
return 1;
}
if ((candidate = strdup(name)) == NULL) {
@ -516,8 +745,6 @@ x509_verify_asn1_time_to_tm(const ASN1_TIME *atime, struct tm *tm, int notafter)
{
int type;
memset(tm, 0, sizeof(*tm));
type = ASN1_time_parse(atime->data, atime->length, tm, atime->type);
if (type == -1)
return 0;
@ -601,11 +828,13 @@ x509_verify_validate_constraints(X509 *cert,
return 1;
if (cert->nc != NULL) {
if ((permitted = x509_constraints_names_new()) == NULL) {
if ((permitted = x509_constraints_names_new(
X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
if ((excluded = x509_constraints_names_new()) == NULL) {
if ((excluded = x509_constraints_names_new(
X509_VERIFY_MAX_CHAIN_CONSTRAINTS)) == NULL) {
err = X509_V_ERR_OUT_OF_MEM;
goto err;
}
@ -630,10 +859,9 @@ x509_verify_validate_constraints(X509 *cert,
static int
x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca)
{
if (!(cert->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(cert);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
if (!x509_verify_cert_cache_extensions(cert)) {
ctx->error = X509_V_ERR_UNSPECIFIED;
return 0;
}
if (ctx->xsc != NULL)
@ -712,7 +940,7 @@ x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
}
struct x509_verify_ctx *
x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots)
x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc)
{
struct x509_verify_ctx *ctx;
size_t max_depth;
@ -720,7 +948,7 @@ x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc, STACK_OF(X509) *roots)
if (xsc == NULL)
return NULL;
if ((ctx = x509_verify_ctx_new(roots)) == NULL)
if ((ctx = x509_verify_ctx_new(NULL)) == NULL)
return NULL;
ctx->xsc = xsc;
@ -748,14 +976,16 @@ x509_verify_ctx_new(STACK_OF(X509) *roots)
{
struct x509_verify_ctx *ctx;
if (roots == NULL)
return NULL;
if ((ctx = calloc(1, sizeof(struct x509_verify_ctx))) == NULL)
return NULL;
if ((ctx->roots = X509_chain_up_ref(roots)) == NULL)
goto err;
if (roots != NULL) {
if ((ctx->roots = X509_chain_up_ref(roots)) == NULL)
goto err;
} else {
if ((ctx->roots = sk_X509_new_null()) == NULL)
goto err;
}
ctx->max_depth = X509_VERIFY_MAX_CHAIN_CERTS;
ctx->max_chains = X509_VERIFY_MAX_CHAINS;
@ -850,19 +1080,24 @@ size_t
x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
{
struct x509_verify_chain *current_chain;
int retry_chain_build, full_chain = 0;
if (ctx->roots == NULL || ctx->max_depth == 0) {
ctx->error = X509_V_ERR_INVALID_CALL;
return 0;
goto err;
}
if (ctx->xsc != NULL) {
if (leaf != NULL || name != NULL) {
ctx->error = X509_V_ERR_INVALID_CALL;
return 0;
goto err;
}
leaf = ctx->xsc->cert;
/* XXX */
full_chain = 1;
if (ctx->xsc->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
full_chain = 0;
/*
* XXX
* The legacy code expects the top level cert to be
@ -872,57 +1107,163 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
*/
if ((ctx->xsc->chain = sk_X509_new_null()) == NULL) {
ctx->error = X509_V_ERR_OUT_OF_MEM;
return 0;
goto err;
}
if (!X509_up_ref(leaf)) {
ctx->error = X509_V_ERR_OUT_OF_MEM;
return 0;
goto err;
}
if (!sk_X509_push(ctx->xsc->chain, leaf)) {
X509_free(leaf);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return 0;
goto err;
}
ctx->xsc->error_depth = 0;
ctx->xsc->current_cert = leaf;
}
if (!x509_verify_cert_valid(ctx, leaf, NULL))
return 0;
goto err;
if (!x509_verify_cert_hostname(ctx, leaf, name))
return 0;
goto err;
if ((current_chain = x509_verify_chain_new()) == NULL) {
ctx->error = X509_V_ERR_OUT_OF_MEM;
return 0;
goto err;
}
if (!x509_verify_chain_append(current_chain, leaf, &ctx->error)) {
x509_verify_chain_free(current_chain);
return 0;
goto err;
}
if (x509_verify_ctx_cert_is_root(ctx, leaf))
x509_verify_ctx_add_chain(ctx, current_chain);
else
x509_verify_build_chains(ctx, leaf, current_chain);
do {
retry_chain_build = 0;
if (x509_verify_ctx_cert_is_root(ctx, leaf, full_chain)) {
if (!x509_verify_ctx_add_chain(ctx, current_chain)) {
x509_verify_chain_free(current_chain);
goto err;
}
} else {
x509_verify_build_chains(ctx, leaf, current_chain,
full_chain);
if (full_chain && ctx->chains_count == 0) {
/*
* Save the error state from the xsc
* at this point to put back on the
* xsc in case we do not find a chain
* that is trusted but not a full
* chain to a self signed root. This
* is because the unvalidated chain is
* used by the autochain batshittery
* on failure and will be needed for
* that.
*/
if (!x509_verify_ctx_save_xsc_error(ctx)) {
x509_verify_chain_free(current_chain);
goto err;
}
full_chain = 0;
retry_chain_build = 1;
}
}
} while (retry_chain_build);
x509_verify_chain_free(current_chain);
/*
* Safety net:
* We could not find a validated chain, and for some reason do not
* have an error set.
* Do the new verifier style return, where we don't have an xsc
* that allows a crazy callback to turn invalid things into valid.
*/
if (ctx->chains_count == 0 && ctx->error == 0)
if (ctx->xsc == NULL) {
/*
* Safety net:
* We could not find a validated chain, and for some reason do not
* have an error set.
*/
if (ctx->chains_count == 0 && ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
/*
* If we are not using an xsc, and have no possibility for the
* crazy OpenSSL callback API changing the results of
* validation steps (because the callback can make validation
* proceed in the presence of invalid certs), any chains we
* have here are correctly built and verified.
*/
if (ctx->chains_count > 0)
ctx->error = X509_V_OK;
return ctx->chains_count;
}
/*
* Otherwise we are doing compatibility with an xsc, which means that we
* will have one chain, which might actually be a bogus chain because
* the callback told us to ignore errors and proceed to build an invalid
* chain. Possible return values from this include returning 1 with an
* invalid chain and a value of xsc->error != X509_V_OK (It's tradition
* that makes it ok).
*/
if (ctx->chains_count > 0) {
/*
* The chain we have using an xsc might not be a verified chain
* if the callback perverted things while we built it to ignore
* failures and proceed with chain building. We put this chain
* and the error associated with it on the xsc.
*/
if (!x509_verify_ctx_set_xsc_chain(ctx, ctx->chains[0], 1, 1))
goto err;
/*
* Call the callback for completion up our built
* chain. The callback could still tell us to
* fail. Since this chain might exist as the result of
* callback doing perversions, we could still return
* "success" with something other than X509_V_OK set
* as the error.
*/
if (!x509_vfy_callback_indicate_completion(ctx->xsc))
goto err;
} else {
/*
* We did not find a chain. Bring back the failure
* case we wanted to the xsc if we saved one. If we
* did not we should have just the leaf on the xsc.
*/
if (!x509_verify_ctx_restore_xsc_error(ctx))
goto err;
/*
* Safety net, ensure we have an error set in the
* failing case.
*/
if (ctx->xsc->error == X509_V_OK) {
if (ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
ctx->xsc->error = ctx->error;
}
/*
* Let the callback override the return value
* at depth 0 if it chooses to
*/
return ctx->xsc->verify_cb(0, ctx->xsc);
}
/* We only ever find one chain in compat mode with an xsc. */
return 1;
err:
if (ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
/* Clear whatever errors happened if we have any validated chain */
if (ctx->chains_count > 0)
ctx->error = X509_V_OK;
if (ctx->xsc != NULL) {
ctx->xsc->error = ctx->error;
return ctx->xsc->verify_cb(ctx->chains_count, ctx->xsc);
if (ctx->xsc->error == X509_V_OK)
ctx->xsc->error = X509_V_ERR_UNSPECIFIED;
ctx->error = ctx->xsc->error;
}
return (ctx->chains_count);
return 0;
}

114
crypto/x509/x509_vfy.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vfy.c,v 1.81 2020/09/26 02:06:28 deraadt Exp $ */
/* $OpenBSD: x509_vfy.c,v 1.89.2.1 2021/11/24 09:28:56 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -240,12 +240,13 @@ x509_vfy_check_id(X509_STORE_CTX *ctx) {
* Oooooooh..
*/
static int
X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad)
X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
{
X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
int bad_chain = 0;
X509_VERIFY_PARAM *param = ctx->param;
int depth, i, ok = 0;
int ok = 0, ret = 0;
int depth, i;
int num, j, retry, trust;
int (*cb) (int xok, X509_STORE_CTX *xctx);
STACK_OF(X509) *sktmp = NULL;
@ -517,11 +518,15 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad)
if (!ok)
goto end;
}
ret = 1;
end:
sk_X509_free(sktmp);
X509_free(chain_ss);
*bad = bad_chain;
return ok;
*out_ok = ok;
return ret;
}
static int
@ -531,8 +536,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx)
ctx->error = X509_V_OK; /* Initialize to OK */
ok = X509_verify_cert_legacy_build_chain(ctx, &bad_chain);
if (!ok)
if (!X509_verify_cert_legacy_build_chain(ctx, &bad_chain, &ok))
goto end;
/* We have the chain complete: now we need to check its purpose */
@ -630,60 +634,13 @@ X509_verify_cert(X509_STORE_CTX *ctx)
/* Use the modern multi-chain verifier from x509_verify_cert */
/* Find our trusted roots */
ctx->error = X509_V_ERR_OUT_OF_MEM;
if (ctx->get_issuer == get_issuer_sk) {
/*
* We are using the trusted stack method. so
* the roots are in the aptly named "ctx->other_ctx"
* pointer. (It could have been called "al")
*/
if ((roots = X509_chain_up_ref(ctx->other_ctx)) == NULL)
return -1;
} else {
/*
* We have a X509_STORE and need to pull out the roots.
* Don't look Ethel...
*/
STACK_OF(X509_OBJECT) *objs;
size_t i, good = 1;
if ((roots = sk_X509_new_null()) == NULL)
return -1;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
if ((objs = X509_STORE_get0_objects(ctx->ctx)) == NULL)
good = 0;
for (i = 0; good && i < sk_X509_OBJECT_num(objs); i++) {
X509_OBJECT *obj;
X509 *root;
obj = sk_X509_OBJECT_value(objs, i);
if (obj->type != X509_LU_X509)
continue;
root = obj->data.x509;
if (X509_up_ref(root) == 0)
good = 0;
if (sk_X509_push(roots, root) == 0) {
X509_free(root);
good = 0;
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
if (!good) {
sk_X509_pop_free(roots, X509_free);
return -1;
}
}
if ((vctx = x509_verify_ctx_new_from_xsc(ctx, roots)) != NULL) {
if ((vctx = x509_verify_ctx_new_from_xsc(ctx)) != NULL) {
ctx->error = X509_V_OK; /* Initialize to OK */
chain_count = x509_verify(vctx, NULL, NULL);
}
x509_verify_ctx_free(vctx);
sk_X509_pop_free(roots, X509_free);
x509_verify_ctx_free(vctx);
/* if we succeed we have a chain in ctx->chain */
return (chain_count > 0 && ctx->chain != NULL);
@ -910,7 +867,8 @@ check_name_constraints(X509_STORE_CTX *ctx)
/* Given a certificate try and find an exact match in the store */
static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
static X509 *
lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
{
STACK_OF(X509) *certs;
X509 *xtmp = NULL;
@ -937,7 +895,17 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
return xtmp;
}
static int check_trust(X509_STORE_CTX *ctx)
X509 *
x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
{
if (ctx->lookup_certs == NULL || ctx->ctx == NULL ||
ctx->ctx->objs == NULL)
return NULL;
return lookup_cert_match(ctx, x);
}
static int
check_trust(X509_STORE_CTX *ctx)
{
size_t i;
int ok;
@ -991,7 +959,8 @@ static int check_trust(X509_STORE_CTX *ctx)
return X509_TRUST_UNTRUSTED;
}
int x509_vfy_check_trust(X509_STORE_CTX *ctx)
int
x509_vfy_check_trust(X509_STORE_CTX *ctx)
{
return check_trust(ctx);
}
@ -1794,6 +1763,11 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx)
if (ctx->parent)
return 1;
/* X509_policy_check always allocates a new tree. */
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
ctx->param->policies, ctx->param->flags);
if (ret == 0) {
@ -1905,7 +1879,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
}
static int
internal_verify(X509_STORE_CTX *ctx)
x509_vfy_internal_verify(X509_STORE_CTX *ctx, int chain_verified)
{
int n = sk_X509_num(ctx->chain) - 1;
X509 *xi = sk_X509_value(ctx->chain, n);
@ -1941,8 +1915,8 @@ internal_verify(X509_STORE_CTX *ctx)
* certificate and its depth (rather than the depth of
* the subject).
*/
if (xs != xi ||
(ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
if (!chain_verified && ( xs != xi ||
(ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
EVP_PKEY *pkey;
if ((pkey = X509_get_pubkey(xi)) == NULL) {
if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n,
@ -1959,7 +1933,7 @@ internal_verify(X509_STORE_CTX *ctx)
}
check_cert:
/* Calls verify callback as needed */
if (!x509_check_cert_time(ctx, xs, n))
if (!chain_verified && !x509_check_cert_time(ctx, xs, n))
return 0;
/*
@ -1980,6 +1954,22 @@ check_cert:
return 1;
}
static int
internal_verify(X509_STORE_CTX *ctx)
{
return x509_vfy_internal_verify(ctx, 0);
}
/*
* Internal verify, but with a chain where the verification
* math has already been performed.
*/
int
x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx)
{
return x509_vfy_internal_verify(ctx, 1);
}
int
X509_cmp_current_time(const ASN1_TIME *ctm)
{

17
crypto/x509/x509_vpm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vpm.c,v 1.22 2020/09/14 08:10:04 beck Exp $ */
/* $OpenBSD: x509_vpm.c,v 1.27 2021/09/30 18:23:46 jsing Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@ -172,6 +172,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param)
X509_VERIFY_PARAM_ID *paramid;
if (!param)
return;
free(param->name);
param->name = NULL;
param->purpose = 0;
param->trust = 0;
@ -207,7 +208,7 @@ X509_VERIFY_PARAM_new(void)
param = calloc(1, sizeof(X509_VERIFY_PARAM));
if (param == NULL)
return NULL;
paramid = calloc (1, sizeof(X509_VERIFY_PARAM_ID));
paramid = calloc(1, sizeof(X509_VERIFY_PARAM_ID));
if (paramid == NULL) {
free(param);
return NULL;
@ -227,7 +228,8 @@ X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
free(param);
}
/* This function determines how parameters are "inherited" from one structure
/*
* This function determines how parameters are "inherited" from one structure
* to another. There are several different ways this can happen.
*
* 1. If a child structure needs to have its values initialized from a parent
@ -596,6 +598,7 @@ static const X509_VERIFY_PARAM_ID _empty_id = { NULL };
static const X509_VERIFY_PARAM default_table[] = {
{
.name = "default",
.flags = X509_V_FLAG_TRUSTED_FIRST,
.depth = 100,
.trust = 0, /* XXX This is not the default trust value */
.id = vpm_empty_id
@ -673,8 +676,8 @@ X509_VERIFY_PARAM_get_count(void)
return num;
}
const
X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
const X509_VERIFY_PARAM *
X509_VERIFY_PARAM_get0(int id)
{
int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM);
if (id < num)
@ -682,8 +685,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
return sk_X509_VERIFY_PARAM_value(param_table, id - num);
}
const
X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
const X509_VERIFY_PARAM *
X509_VERIFY_PARAM_lookup(const char *name)
{
X509_VERIFY_PARAM pm;
unsigned int i, limit;

8
include/compat/pthread.h
View File

@ -102,6 +102,14 @@ pthread_mutex_unlock(pthread_mutex_t *mutex)
return 0;
}
static inline int
pthread_mutex_destroy(pthread_mutex_t *mutex)
{
DeleteCriticalSection(mutex->lock);
free(mutex->lock);
return 0;
}
#else
#include_next <pthread.h>
#endif

3
include/openssl/asn1.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */
/* $OpenBSD: asn1.h,v 1.54 2020/12/08 15:06:42 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1137,6 +1137,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
#define ASN1_R_BAD_TEMPLATE 230
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106

14
include/openssl/bn.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bn.h,v 1.39 2019/08/25 19:23:59 schwarze Exp $ */
/* $OpenBSD: bn.h,v 1.43 2021/09/10 14:33:44 tb Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -231,6 +231,15 @@ extern "C" {
#define BN_set_flags(b,n) ((b)->flags|=(n))
#define BN_get_flags(b,n) ((b)->flags&(n))
/* Values for |top| in BN_rand() */
#define BN_RAND_TOP_ANY -1
#define BN_RAND_TOP_ONE 0
#define BN_RAND_TOP_TWO 1
/* Values for |bottom| in BN_rand() */
#define BN_RAND_BOTTOM_ANY 0
#define BN_RAND_BOTTOM_ODD 1
/* get a clone of a BIGNUM with changed flags, for *temporary* use only
* (the two BIGNUMs cannot not be used in parallel!) */
#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
@ -428,6 +437,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
void BN_swap(BIGNUM *a, BIGNUM *b);
BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2bin(const BIGNUM *a, unsigned char *to);
int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);

89
include/openssl/dtls1.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dtls1.h,v 1.23 2020/03/12 17:01:53 jsing Exp $ */
/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@ -78,6 +78,8 @@ extern "C" {
#endif
#define DTLS1_VERSION 0xFEFF
#define DTLS1_2_VERSION 0xFEFD
#define DTLS1_VERSION_MAJOR 0xFE
/* lengths of messages */
#define DTLS1_COOKIE_LENGTH 256
@ -93,91 +95,6 @@ extern "C" {
#define DTLS1_AL_HEADER_LENGTH 2
#ifndef OPENSSL_NO_SSL_INTERN
typedef struct dtls1_bitmap_st {
unsigned long map; /* track 32 packets on 32-bit systems
and 64 - on 64-bit systems */
unsigned char max_seq_num[8]; /* max record number seen so far,
64-bit value in big-endian
encoding */
} DTLS1_BITMAP;
struct dtls1_retransmit_state {
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD_CTX *write_hash; /* used for mac generation */
SSL_SESSION *session;
unsigned short epoch;
};
struct hm_header_st {
unsigned char type;
unsigned long msg_len;
unsigned short seq;
unsigned long frag_off;
unsigned long frag_len;
unsigned int is_ccs;
struct dtls1_retransmit_state saved_retransmit_state;
};
struct ccs_header_st {
unsigned char type;
unsigned short seq;
};
struct dtls1_timeout_st {
/* Number of read timeouts so far */
unsigned int read_timeouts;
/* Number of write timeouts so far */
unsigned int write_timeouts;
/* Number of alerts received so far */
unsigned int num_alerts;
};
struct _pqueue;
typedef struct record_pqueue_st {
unsigned short epoch;
struct _pqueue *q;
} record_pqueue;
typedef struct hm_fragment_st {
struct hm_header_st msg_header;
unsigned char *fragment;
unsigned char *reassembly;
} hm_fragment;
struct dtls1_state_internal_st;
typedef struct dtls1_state_st {
/* Buffered (sent) handshake records */
struct _pqueue *sent_messages;
/* Indicates when the last handshake msg or heartbeat sent will timeout */
struct timeval next_timeout;
/* Timeout duration */
unsigned short timeout_duration;
struct dtls1_state_internal_st *internal;
} DTLS1_STATE;
#ifndef LIBRESSL_INTERNAL
typedef struct dtls1_record_data_st {
unsigned char *packet;
unsigned int packet_length;
SSL3_BUFFER rbuf;
SSL3_RECORD rrec;
} DTLS1_RECORD_DATA;
#endif
#endif
/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
#define DTLS1_TMO_READ_COUNT 2
#define DTLS1_TMO_WRITE_COUNT 2

35
include/openssl/ec.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec.h,v 1.18 2019/09/29 10:09:09 tb Exp $ */
/* $OpenBSD: ec.h,v 1.27 2021/09/12 16:23:19 tb Exp $ */
/*
* Originally written by Bodo Moeller for the OpenSSL project.
*/
@ -250,6 +250,8 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
int EC_GROUP_order_bits(const EC_GROUP *group);
/** Gets the cofactor of a EC_GROUP
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
@ -280,6 +282,11 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
size_t EC_GROUP_get_seed_len(const EC_GROUP *);
size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx);
int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
BN_CTX *ctx);
#if !defined(LIBRESSL_INTERNAL)
/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
* \param group EC_GROUP object
* \param p BIGNUM with the prime number
@ -321,6 +328,8 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
*/
int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
#endif
#endif
/** Returns the number of bits needed to represent a field element
* \param group EC_GROUP object
* \return number of bits needed to represent a field element
@ -446,6 +455,22 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
*/
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#if defined(LIBRESSL_INTERNAL)
int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
#else
/** Sets the jacobian projective coordinates of a EC_POINT over GFp
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@ -502,6 +527,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
*/
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#ifndef OPENSSL_NO_EC2M
/** Sets the affine coordinates of a EC_POINT over GF2m
* \param group underlying EC_GROUP object
@ -535,7 +561,9 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
*/
int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
#endif
#endif /* OPENSSL_NO_EC2M */
#endif /* !LIBRESSL_INTERNAL */
/** Encodes a EC_POINT object to a octet string
* \param group underlying EC_GROUP object
* \param p EC_POINT object
@ -680,7 +708,8 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
unsigned int *k2, unsigned int *k3);
#endif
#define OPENSSL_EC_NAMED_CURVE 0x001
#define OPENSSL_EC_EXPLICIT_CURVE 0x000
#define OPENSSL_EC_NAMED_CURVE 0x001
typedef struct ecpk_parameters_st ECPKPARAMETERS;

13
include/openssl/evp.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: evp.h,v 1.79 2020/04/27 19:31:02 tb Exp $ */
/* $OpenBSD: evp.h,v 1.83 2021/05/10 17:00:32 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -617,7 +617,7 @@ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
#ifndef LIBRESSL_INTERNAL
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
#endif
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
EVP_PKEY *pkey);
@ -628,11 +628,17 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen);
int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
const unsigned char *tbs, size_t tbslen);
int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen);
int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
size_t siglen, const unsigned char *tbs, size_t tbslen);
int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv);
int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
@ -1149,6 +1155,8 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
int keylen);
EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
size_t len, const EVP_CIPHER *cipher);
void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@ -1512,6 +1520,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_INVALID_OPERATION 148
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
#define EVP_R_KEY_SETUP_FAILED 180
#define EVP_R_MESSAGE_DIGEST_IS_NULL 159
#define EVP_R_METHOD_NOT_SUPPORTED 144
#define EVP_R_MISSING_PARAMETERS 103

64
include/openssl/obj_mac.h
View File

@ -853,10 +853,34 @@
#define NID_id_smime_ct_compressedData 786
#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz"
#define NID_id_ct_routeOriginAuthz 1001
#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L
#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest"
#define NID_id_ct_rpkiManifest 1002
#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L
#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
#define NID_id_ct_asciiTextWithCRLF 787
#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters"
#define NID_id_ct_rpkiGhostbusters 1003
#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L
#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest"
#define NID_id_ct_resourceTaggedAttest 1004
#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L
#define SN_id_ct_geofeedCSVwithCRLF "id-ct-geofeedCSVwithCRLF"
#define NID_id_ct_geofeedCSVwithCRLF 1013
#define OBJ_id_ct_geofeedCSVwithCRLF OBJ_id_smime_ct,47L
#define SN_id_ct_signedChecklist "id-ct-signedChecklist"
#define NID_id_ct_signedChecklist 1014
#define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L
#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
#define NID_id_smime_aa_receiptRequest 212
#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
@ -1366,6 +1390,10 @@
#define NID_id_cct 268
#define OBJ_id_cct OBJ_id_pkix,12L
#define SN_id_cp "id-cp"
#define NID_id_cp 1005
#define OBJ_id_cp OBJ_id_pkix,14L
#define SN_id_ppl "id-ppl"
#define NID_id_ppl 662
#define OBJ_id_ppl OBJ_id_pkix,21L
@ -1490,6 +1518,14 @@
#define NID_proxyCertInfo 663
#define OBJ_proxyCertInfo OBJ_id_pe,14L
#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2"
#define NID_sbgp_ipAddrBlockv2 1006
#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L
#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2"
#define NID_sbgp_autonomousSysNumv2 1007
#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L
#define SN_id_qt_cps "id-qt-cps"
#define LN_id_qt_cps "Policy Qualifier CPS"
#define NID_id_qt_cps 164
@ -1554,6 +1590,11 @@
#define NID_dvcs 297
#define OBJ_dvcs OBJ_id_kp,10L
#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router"
#define LN_id_kp_bgpsec_router "BGPsec Router"
#define NID_id_kp_bgpsec_router 1015
#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L
#define SN_id_it_caProtEncCert "id-it-caProtEncCert"
#define NID_id_it_caProtEncCert 298
#define OBJ_id_it_caProtEncCert OBJ_id_it,1L
@ -1823,6 +1864,14 @@
#define NID_id_cct_PKIResponse 362
#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L
#define SN_ipAddr_asNumber "ipAddr-asNumber"
#define NID_ipAddr_asNumber 1008
#define OBJ_ipAddr_asNumber OBJ_id_cp,2L
#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2"
#define NID_ipAddr_asNumberv2 1009
#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L
#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage"
#define LN_id_ppl_anyLanguage "Any language"
#define NID_id_ppl_anyLanguage 664
@ -1863,6 +1912,21 @@
#define NID_caRepository 785
#define OBJ_caRepository OBJ_id_ad,5L
#define SN_rpkiManifest "rpkiManifest"
#define LN_rpkiManifest "RPKI Manifest"
#define NID_rpkiManifest 1010
#define OBJ_rpkiManifest OBJ_id_ad,10L
#define SN_signedObject "signedObject"
#define LN_signedObject "Signed Object"
#define NID_signedObject 1011
#define OBJ_signedObject OBJ_id_ad,11L
#define SN_rpkiNotify "rpkiNotify"
#define LN_rpkiNotify "RPKI Notify"
#define NID_rpkiNotify 1012
#define OBJ_rpkiNotify OBJ_id_ad,13L
#define OBJ_id_pkix_OCSP OBJ_ad_OCSP
#define SN_id_pkix_OCSP_basic "basicOCSPResponse"

3
include/openssl/opensslfeatures.h
View File

@ -3,7 +3,8 @@
* are enabled, rather than not being able to tell when things are
* enabled (or possibly not yet not implemented, or removed!).
*/
/* #define LIBRESSL_HAS_TLS1_3 */
#define LIBRESSL_HAS_TLS1_3
#define LIBRESSL_HAS_DTLS1_2
#define OPENSSL_THREADS

6
include/openssl/opensslv.h
View File

@ -1,11 +1,11 @@
/* $OpenBSD: opensslv.h,v 1.61 2020/09/25 11:31:39 bcook Exp $ */
/* $OpenBSD: opensslv.h,v 1.66 2021/09/15 17:14:26 tb Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x3020200fL
#define LIBRESSL_VERSION_NUMBER 0x3040200fL
/* ^ Patch starts here */
#define LIBRESSL_VERSION_TEXT "LibreSSL 3.2.2"
#define LIBRESSL_VERSION_TEXT "LibreSSL 3.4.2"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L

6
include/openssl/srtp.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */
/* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -129,6 +129,10 @@ extern "C" {
#define SRTP_NULL_SHA1_80 0x0005
#define SRTP_NULL_SHA1_32 0x0006
/* AEAD SRTP protection profiles from RFC 7714 */
#define SRTP_AEAD_AES_128_GCM 0x0007
#define SRTP_AEAD_AES_256_GCM 0x0008
int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);

247
include/openssl/ssl.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl.h,v 1.178 2020/09/20 09:42:00 tb Exp $ */
/* $OpenBSD: ssl.h,v 1.209 2021/09/14 23:07:18 inoguchi Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -301,6 +301,7 @@ extern "C" {
#define SSL_TXT_STREEBOG512 "STREEBOG512"
#define SSL_TXT_DTLS1 "DTLSv1"
#define SSL_TXT_DTLS1_2 "DTLSv1.2"
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_TLSV1 "TLSv1"
@ -356,7 +357,9 @@ extern "C" {
* in SSL_CTX. */
typedef struct ssl_st *ssl_crock_st;
#if defined(LIBRESSL_INTERNAL)
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
#endif
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
@ -376,113 +379,6 @@ typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
#ifndef OPENSSL_NO_SSL_INTERN
/* used to hold info on the particular ciphers used */
struct ssl_cipher_st {
int valid;
const char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
unsigned long algorithm_mkey; /* key exchange algorithm */
unsigned long algorithm_auth; /* server authentication */
unsigned long algorithm_enc; /* symmetric encryption */
unsigned long algorithm_mac; /* symmetric authentication */
unsigned long algorithm_ssl; /* (major) protocol version */
unsigned long algo_strength; /* strength and export flags */
unsigned long algorithm2; /* Extra flags */
int strength_bits; /* Number of bits really used */
int alg_bits; /* Number of bits for algorithm */
};
/* Used to hold functions for SSLv3/TLSv1 functions */
struct ssl_method_internal_st;
struct ssl_method_st {
int (*ssl_dispatch_alert)(SSL *s);
int (*num_ciphers)(void);
const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
const struct ssl_method_internal_st *internal;
};
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET STRING, -- the 3 byte cipher ID
* Session_ID OCTET STRING, -- the Session ID
* Master_key OCTET STRING, -- the master key
* KRB5_principal OCTET STRING -- optional Kerberos principal
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
* PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
* PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
* Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
struct ssl_session_internal_st;
struct ssl_session_st {
int ssl_version; /* what ssl version session info is
* being kept in here? */
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
unsigned int session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
/* this is used to determine whether the session is being reused in
* the appropriate context. It is up to the application to set this,
* via SSL_new */
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/* This is the cert for the other end. */
X509 *peer;
/* when app_verify_callback accepts a session where the peer's certificate
* is not ok, we must remember the error for session reuse: */
long verify_result; /* only for servers */
long timeout;
time_t time;
int references;
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
char *tlsext_hostname;
/* RFC4507 info */
unsigned char *tlsext_tick; /* Session ticket */
size_t tlsext_ticklen; /* Session ticket length */
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
struct ssl_session_internal_st *internal;
};
#endif
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
@ -520,6 +416,9 @@ struct ssl_session_st {
#define SSL_OP_NO_TLSv1_3 0x20000000L
#endif
#define SSL_OP_NO_DTLSv1 0x40000000L
#define SSL_OP_NO_DTLSv1_2 0x80000000L
/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
#define SSL_OP_ALL \
(SSL_OP_LEGACY_SERVER_CONNECT)
@ -610,8 +509,10 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
#ifndef LIBRESSL_INTERNAL
struct ssl_aead_ctx_st;
typedef struct ssl_aead_ctx_st SSL_AEAD_CTX;
#endif
#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
@ -635,7 +536,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
typedef struct ssl_comp_st SSL_COMP;
#ifndef OPENSSL_NO_SSL_INTERN
#ifdef LIBRESSL_INTERNAL
struct ssl_comp_st {
int id;
@ -782,6 +683,12 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
const unsigned char **id, size_t *idlen, SSL_SESSION **sess);
void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
#endif
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
@ -796,7 +703,7 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
#ifndef OPENSSL_NO_SSL_INTERN
#if defined(LIBRESSL_INTERNAL)
struct ssl_internal_st;
struct ssl_st {
@ -954,6 +861,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_VERIFY_PEER 0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_VERIFY_POST_HANDSHAKE 0x08
int SSL_verify_client_post_handshake(SSL *s);
void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
void SSL_set_post_handshake_auth(SSL *s, int val);
#endif
#define OpenSSL_add_ssl_algorithms() SSL_library_init()
#define SSLeay_add_ssl_algorithms() SSL_library_init()
@ -982,40 +896,53 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
/*
* TLS Alerts.
*
* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
*/
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
/* Obsolete alerts. */
#ifndef LIBRESSL_INTERNAL
#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */
#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */
#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */
#endif
#define SSL_AD_CLOSE_NOTIFY 0
#define SSL_AD_UNEXPECTED_MESSAGE 10
#define SSL_AD_BAD_RECORD_MAC 20
#define SSL_AD_RECORD_OVERFLOW 22
#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */
#define SSL_AD_HANDSHAKE_FAILURE 40
#define SSL_AD_BAD_CERTIFICATE 42
#define SSL_AD_UNSUPPORTED_CERTIFICATE 43
#define SSL_AD_CERTIFICATE_REVOKED 44
#define SSL_AD_CERTIFICATE_EXPIRED 45
#define SSL_AD_CERTIFICATE_UNKNOWN 46
#define SSL_AD_ILLEGAL_PARAMETER 47
#define SSL_AD_UNKNOWN_CA 48
#define SSL_AD_ACCESS_DENIED 49
#define SSL_AD_DECODE_ERROR 50
#define SSL_AD_DECRYPT_ERROR 51
#define SSL_AD_PROTOCOL_VERSION 70
#define SSL_AD_INSUFFICIENT_SECURITY 71
#define SSL_AD_INTERNAL_ERROR 80
#define SSL_AD_INAPPROPRIATE_FALLBACK 86
#define SSL_AD_USER_CANCELLED 90
#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */
#define SSL_AD_MISSING_EXTENSION 109 /* Added in TLSv1.3. */
#define SSL_AD_UNSUPPORTED_EXTENSION 110
#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */
#define SSL_AD_UNRECOGNIZED_NAME 112
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */
#define SSL_AD_UNKNOWN_PSK_IDENTITY 115
#define SSL_AD_CERTIFICATE_REQUIRED 116
#define SSL_AD_NO_APPLICATION_PROTOCOL 120
/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
#define SSL_AD_REASON_OFFSET 1000
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
@ -1088,6 +1015,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
@ -1127,6 +1055,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_SET_ECDH_AUTO 94
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108
#define SSL_CTRL_GET_PEER_TMP_KEY 109
#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
#else
@ -1142,6 +1071,10 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
#define SSL_CTRL_GET_MIN_PROTO_VERSION 130
#define SSL_CTRL_GET_MAX_PROTO_VERSION 131
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_CTRL_GET_SIGNATURE_NID 132
#endif
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@ -1214,6 +1147,8 @@ int SSL_get_max_proto_version(SSL *ssl);
int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
#ifndef LIBRESSL_INTERNAL
#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS
#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST
@ -1237,8 +1172,17 @@ int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define SSL_get_signature_nid(s, pn) \
SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
#define SSL_get_peer_signature_nid(s, pn) \
SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
#define SSL_get_peer_tmp_key(s, pk) \
SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
#ifndef LIBRESSL_INTERNAL
@ -1296,6 +1240,7 @@ long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
int SSL_want(const SSL *s);
int SSL_clear(SSL *s);
@ -1309,6 +1254,7 @@ const char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
@ -1327,6 +1273,7 @@ int SSL_set_rfd(SSL *s, int fd);
int SSL_set_wfd(SSL *s, int fd);
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
BIO * SSL_get_rbio(const SSL *s);
void SSL_set0_rbio(SSL *s, BIO *rbio);
BIO * SSL_get_wbio(const SSL *s);
int SSL_set_cipher_list(SSL *s, const char *str);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
@ -1349,6 +1296,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
@ -1365,6 +1313,7 @@ const char *SSL_state_string(const SSL *s);
const char *SSL_rstate_string(const SSL *s);
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss);
size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss,
unsigned char *out, size_t max_out);
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
@ -1378,6 +1327,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
unsigned int sid_len);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,
const unsigned char *sid_ctx, unsigned int sid_ctx_len);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
int SSL_SESSION_is_resumable(const SSL_SESSION *s);
#endif
SSL_SESSION *SSL_SESSION_new(void);
void SSL_SESSION_free(SSL_SESSION *ses);
@ -1443,9 +1395,8 @@ int SSL_set_purpose(SSL *s, int purpose);
int SSL_CTX_set_trust(SSL_CTX *s, int trust);
int SSL_set_trust(SSL *s, int trust);
int SSL_set1_host(SSL *s, const char *hostname);
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
#endif
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
@ -1457,6 +1408,7 @@ void SSL_free(SSL *ssl);
int SSL_up_ref(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
int SSL_is_dtls(const SSL *s);
int SSL_is_server(const SSL *s);
int SSL_read(SSL *ssl, void *buf, int num);
int SSL_peek(SSL *ssl, void *buf, int num);
@ -1516,6 +1468,10 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */
const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */
const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */
@ -2035,6 +1991,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_MULTIPLE_SGC_RESTARTS 346
#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
#define SSL_R_NO_APPLICATION_PROTOCOL 235
#define SSL_R_NO_CERTIFICATES_RETURNED 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
#define SSL_R_NO_CERTIFICATE_RETURNED 178

46
include/openssl/ssl3.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl3.h,v 1.51 2020/06/05 18:14:05 jsing Exp $ */
/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -292,11 +292,11 @@ extern "C" {
#define SSL3_RT_ALERT 21
#define SSL3_RT_HANDSHAKE 22
#define SSL3_RT_APPLICATION_DATA 23
#define TLS1_RT_HEARTBEAT 24
#define SSL3_AL_WARNING 1
#define SSL3_AL_FATAL 2
#ifndef LIBRESSL_INTERNAL
#define SSL3_AD_CLOSE_NOTIFY 0
#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
@ -309,34 +309,11 @@ extern "C" {
#define SSL3_AD_CERTIFICATE_EXPIRED 45
#define SSL3_AD_CERTIFICATE_UNKNOWN 46
#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
#endif
#define TLS1_HB_REQUEST 1
#define TLS1_HB_RESPONSE 2
#ifndef OPENSSL_NO_SSL_INTERN
#ifndef LIBRESSL_INTERNAL
typedef struct ssl3_record_st {
/*r */ int type; /* type of record */
/*rw*/ unsigned int length; /* How many bytes available */
/*r */ unsigned int off; /* read/write offset into 'buf' */
/*rw*/ unsigned char *data; /* pointer to the record data */
/*rw*/ unsigned char *input; /* where the decode bytes are */
/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
/*r */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
typedef struct ssl3_buffer_st {
unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
* see ssl3_setup_buffers() */
size_t len; /* buffer size */
int offset; /* where to 'copy from' */
int left; /* how many bytes left */
} SSL3_BUFFER;
#endif
#endif
#define SSL3_CT_RSA_SIGN 1
#define SSL3_CT_DSS_SIGN 2
#define SSL3_CT_RSA_FIXED_DH 3
@ -355,21 +332,6 @@ typedef struct ssl3_buffer_st {
#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020
#define SSL3_FLAGS_CCS_OK 0x0080
#ifndef OPENSSL_NO_SSL_INTERN
struct ssl3_state_internal_st;
typedef struct ssl3_state_st {
long flags;
unsigned char server_random[SSL3_RANDOM_SIZE];
unsigned char client_random[SSL3_RANDOM_SIZE];
struct ssl3_state_internal_st *internal;
} SSL3_STATE;
#endif
/* SSLv3 */
/*client */
/* extra state */
@ -475,6 +437,7 @@ typedef struct ssl3_state_st {
#define SSL3_MT_CCS 1
#ifndef LIBRESSL_INTERNAL
/* These are used when changing over to a new cipher */
#define SSL3_CC_READ 0x01
#define SSL3_CC_WRITE 0x02
@ -484,6 +447,7 @@ typedef struct ssl3_state_st {
#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
#endif
#ifdef __cplusplus
}

21
include/openssl/tls1.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tls1.h,v 1.41 2020/06/05 18:14:05 jsing Exp $ */
/* $OpenBSD: tls1.h,v 1.49 2021/09/10 14:57:31 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -177,18 +177,7 @@ extern "C" {
#define TLS1_VERSION_MAJOR 0x03
#define TLS1_VERSION_MINOR 0x01
#define TLS1_get_version(s) \
((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
#define TLS1_get_client_version(s) \
((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
/*
* TLS Alert codes.
*
* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
*/
#ifndef LIBRESSL_INTERNAL
#define TLS1_AD_DECRYPTION_FAILED 21
#define TLS1_AD_RECORD_OVERFLOW 22
#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@ -211,6 +200,7 @@ extern "C" {
#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
/* Code 115 from RFC 4279. */
#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
#endif
/*
* TLS ExtensionType values.
@ -328,6 +318,9 @@ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
#define SSL_set_tlsext_debug_arg(ssl, arg) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
#define SSL_get_tlsext_status_type(ssl) \
SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
#define SSL_set_tlsext_status_type(ssl, type) \
SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
@ -768,11 +761,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
#define TLS_MD_MASTER_SECRET_CONST "master secret"
#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
#if defined(LIBRESSL_INTERNAL)
/* TLS Session Ticket extension struct. */
struct tls_session_ticket_ext_st {
unsigned short length;
void *data;
};
#endif
#ifdef __cplusplus
}

7
include/openssl/x509.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509.h,v 1.74 2018/08/24 20:26:03 tb Exp $ */
/* $OpenBSD: x509.h,v 1.76 2021/09/02 12:41:44 job Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -300,6 +300,10 @@ struct x509_st
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
#endif
#ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endif
@ -692,6 +696,7 @@ int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
#ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
#endif
#ifndef OPENSSL_NO_EC

4
include/openssl/x509_vfy.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_vfy.h,v 1.31 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509_vfy.h,v 1.32 2021/02/24 18:01:31 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -247,7 +247,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
/* The following is built up */
int valid; /* if 0, rebuild chain */
int last_untrusted; /* index of last untrusted cert */
int last_untrusted; /* XXX: number of untrusted certs in chain!!! */
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
X509_POLICY_TREE *tree; /* Valid policy tree */

192
include/openssl/x509v3.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509v3.h,v 1.2 2020/09/13 15:06:17 beck Exp $ */
/* $OpenBSD: x509v3.h,v 1.5 2021/09/02 13:48:39 job Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@ -842,6 +842,196 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)
#if defined(LIBRESSL_INTERNAL)
#ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;
# define ASIdOrRange_id 0
# define ASIdOrRange_range 1
typedef struct ASIdOrRange_st {
int type;
union {
ASN1_INTEGER *id;
ASRange *range;
} u;
} ASIdOrRange;
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)
# define ASIdentifierChoice_inherit 0
# define ASIdentifierChoice_asIdsOrRanges 1
typedef struct ASIdentifierChoice_st {
int type;
union {
ASN1_NULL *inherit;
ASIdOrRanges *asIdsOrRanges;
} u;
} ASIdentifierChoice;
typedef struct ASIdentifiers_st {
ASIdentifierChoice *asnum, *rdi;
} ASIdentifiers;
ASRange *ASRange_new(void);
void ASRange_free(ASRange *a);
ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len);
int i2d_ASRange(ASRange *a, unsigned char **out);
extern const ASN1_ITEM ASRange_it;
ASIdOrRange *ASIdOrRange_new(void);
void ASIdOrRange_free(ASIdOrRange *a);
ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in,
long len);
int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out);
extern const ASN1_ITEM ASIdOrRange_it;
ASIdentifierChoice *ASIdentifierChoice_new(void);
void ASIdentifierChoice_free(ASIdentifierChoice *a);
ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a,
const unsigned char **in, long len);
int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out);
extern const ASN1_ITEM ASIdentifierChoice_it;
ASIdentifiers *ASIdentifiers_new(void);
void ASIdentifiers_free(ASIdentifiers *a);
ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in,
long len);
int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out);
extern const ASN1_ITEM ASIdentifiers_it;
typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min, *max;
} IPAddressRange;
# define IPAddressOrRange_addressPrefix 0
# define IPAddressOrRange_addressRange 1
typedef struct IPAddressOrRange_st {
int type;
union {
ASN1_BIT_STRING *addressPrefix;
IPAddressRange *addressRange;
} u;
} IPAddressOrRange;
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)
# define IPAddressChoice_inherit 0
# define IPAddressChoice_addressesOrRanges 1
typedef struct IPAddressChoice_st {
int type;
union {
ASN1_NULL *inherit;
IPAddressOrRanges *addressesOrRanges;
} u;
} IPAddressChoice;
typedef struct IPAddressFamily_st {
ASN1_OCTET_STRING *addressFamily;
IPAddressChoice *ipAddressChoice;
} IPAddressFamily;
typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
DECLARE_STACK_OF(IPAddressFamily)
IPAddressRange *IPAddressRange_new(void);
void IPAddressRange_free(IPAddressRange *a);
IPAddressRange *d2i_IPAddressRange(IPAddressRange **a,
const unsigned char **in, long len);
int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out);
extern const ASN1_ITEM IPAddressRange_it;
IPAddressOrRange *IPAddressOrRange_new(void);
void IPAddressOrRange_free(IPAddressOrRange *a);
IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a,
const unsigned char **in, long len);
int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out);
extern const ASN1_ITEM IPAddressOrRange_it;
IPAddressChoice *IPAddressChoice_new(void);
void IPAddressChoice_free(IPAddressChoice *a);
IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a,
const unsigned char **in, long len);
int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out);
extern const ASN1_ITEM IPAddressChoice_it;
IPAddressFamily *IPAddressFamily_new(void);
void IPAddressFamily_free(IPAddressFamily *a);
IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a,
const unsigned char **in, long len);
int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out);
extern const ASN1_ITEM IPAddressFamily_it;
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
# define V3_ASID_ASNUM 0
# define V3_ASID_RDI 1
/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
* handling code totally generic, but there are too many little things
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
# define IANA_AFI_IPV4 1
# define IANA_AFI_IPV6 2
/*
* Utilities to construct and extract values from RFC3779 extensions,
* since some of the encodings (particularly for IP address prefixes
* and ranges) are a bit tedious to work with directly.
*/
int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
ASN1_INTEGER *min, ASN1_INTEGER *max);
int X509v3_addr_add_inherit(IPAddrBlocks *addr,
const unsigned afi, const unsigned *safi);
int X509v3_addr_add_prefix(IPAddrBlocks *addr,
const unsigned afi, const unsigned *safi,
unsigned char *a, const int prefixlen);
int X509v3_addr_add_range(IPAddrBlocks *addr,
const unsigned afi, const unsigned *safi,
unsigned char *min, unsigned char *max);
unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
unsigned char *min, unsigned char *max,
const int length);
/*
* Canonical forms.
*/
int X509v3_asid_is_canonical(ASIdentifiers *asid);
int X509v3_addr_is_canonical(IPAddrBlocks *addr);
int X509v3_asid_canonize(ASIdentifiers *asid);
int X509v3_addr_canonize(IPAddrBlocks *addr);
/*
* Tests for inheritance and containment.
*/
int X509v3_asid_inherits(ASIdentifiers *asid);
int X509v3_addr_inherits(IPAddrBlocks *addr);
int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
/*
* Check whether RFC 3779 extensions nest properly in chains.
*/
int X509v3_asid_validate_path(X509_STORE_CTX *);
int X509v3_addr_validate_path(X509_STORE_CTX *);
int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
ASIdentifiers *ext,
int allow_inheritance);
int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);
#endif /* OPENSSL_NO_RFC3779 */
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

24
openssl.cnf Normal file
View File

@ -0,0 +1,24 @@
[ req ]
#default_bits = 2048
#default_md = sha256
#default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, fully qualified host name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20

15
ssl/CMakeLists.txt
View File

@ -5,11 +5,9 @@ set(
bs_cbb.c
bs_cbs.c
d1_both.c
d1_clnt.c
d1_lib.c
d1_pkt.c
d1_srtp.c
d1_srvr.c
pqueue.c
s3_cbc.c
s3_lib.c
@ -38,6 +36,9 @@ set(
ssl_versions.c
t1_enc.c
t1_lib.c
tls_content.c
tls12_key_schedule.c
tls12_lib.c
tls12_record_layer.c
tls13_buffer.c
tls13_client.c
@ -53,7 +54,15 @@ set(
tls13_server.c
)
add_library(ssl ${SSL_SRC})
add_library(ssl_obj OBJECT ${SSL_SRC})
target_include_directories(ssl_obj
PRIVATE
.
../include/compat
PUBLIC
../include)
add_library(ssl $<TARGET_OBJECTS:ssl_obj>)
target_include_directories(ssl
PRIVATE
.

2
ssl/VERSION
View File

@ -1 +1 @@
48:1:0
50:0:0

Some files were not shown because too many files have changed in this diff Show More