Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL-3.0.12 (previous was OpenSSL-3.0.9) 

### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]

 * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
   EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
   that alter the key or IV length ([CVE-2023-5363]).

   *Paul Dale*

### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]

 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.

   The POLY1305 MAC (message authentication code) implementation in OpenSSL
   does not save the contents of non-volatile XMM registers on Windows 64
   platform when calculating the MAC of data larger than 64 bytes. Before
   returning to the caller all the XMM registers are set to zero rather than
   restoring their previous content. The vulnerable code is used only on newer
   x86_64 processors supporting the AVX512-IFMA instructions.

   The consequences of this kind of internal application state corruption can
   be various - from no consequences, if the calling application does not
   depend on the contents of non-volatile XMM registers at all, to the worst
   consequences, where the attacker could get complete control of the
   application process. However given the contents of the registers are just
   zeroized so the attacker cannot put arbitrary values inside, the most likely
   consequence, if any, would be an incorrect result of some application
   dependent calculations or a crash leading to a denial of service.

   ([CVE-2023-4807])

   *Bernd Edlinger*

### Changes between 3.0.9 and 3.0.10 [1 Aug 2023]

 * Fix excessive time spent checking DH q parameter value.

   The function DH_check() performs various checks on DH parameters. After
   fixing CVE-2023-3446 it was discovered that a large q parameter value can
   also trigger an overly long computation during some of these checks.
   A correct q value, if present, cannot be larger than the modulus p
   parameter, thus it is unnecessary to perform these checks if q is larger
   than p.

   If DH_check() is called with such q parameter value,
   DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
   intensive checks are skipped.

   ([CVE-2023-3817])

   *Tomáš Mráz*

 * Fix DH_check() excessive time with over sized modulus.

   The function DH_check() performs various checks on DH parameters. One of
   those checks confirms that the modulus ("p" parameter) is not too large.
   Trying to use a very large modulus is slow and OpenSSL will not normally use
   a modulus which is over 10,000 bits in length.

   However the DH_check() function checks numerous aspects of the key or
   parameters that have been supplied. Some of those checks use the supplied
   modulus value even if it has already been found to be too large.

   A new limit has been added to DH_check of 32,768 bits. Supplying a
   key/parameters with a modulus over this size will simply cause DH_check() to
   fail.

   ([CVE-2023-3446])

   *Matt Caswell*

 * Do not ignore empty associated data entries with AES-SIV.

   The AES-SIV algorithm allows for authentication of multiple associated
   data entries along with the encryption. To authenticate empty data the
   application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
   with NULL pointer as the output buffer and 0 as the input buffer length.
   The AES-SIV implementation in OpenSSL just returns success for such call
   instead of performing the associated data authentication operation.
   The empty data thus will not be authenticated. ([CVE-2023-2975])

   Thanks to Juerg Wullschleger (Google) for discovering the issue.

   The fix changes the authentication tag value and the ciphertext for
   applications that use empty associated data entries with AES-SIV.
   To decrypt data encrypted with previous versions of OpenSSL the application
   has to skip calls to `EVP_DecryptUpdate()` for empty associated data
   entries.

   *Tomáš Mráz*
This commit is contained in:
christos 2023-10-25 17:13:44 +00:00
parent 8df28fc80a
commit 4778aede46
267 changed files with 3824 additions and 1972 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
crypto/external/bsd/openssl/dist/CHANGES.md vendored
View File

@ -28,6 +28,96 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
*Paul Dale*
### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
([CVE-2023-4807])
*Bernd Edlinger*
### Changes between 3.0.9 and 3.0.10 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
@ -42,7 +132,7 @@ breaking changes, and mappings for the large list of deprecated functions.
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
The basis for this restriction is [RFC 2578 (STD 58), section 3.5]. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).
@ -52,8 +142,6 @@ breaking changes, and mappings for the large list of deprecated functions.
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
*Richard Levitte*
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
@ -19652,6 +19740,12 @@ ndif
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466

11
crypto/external/bsd/openssl/dist/Configurations/10-main.conf vendored
View File

@ -9,19 +9,22 @@ sub vc_win64a_info {
$vc_win64a_info = { AS => "nasm",
ASFLAGS => "-g",
asflags => "-Ox -f win64 -DNEAR",
asoutflag => "-o " };
asoutflag => "-o ",
perlasm_scheme => "nasm" };
} elsif ($disabled{asm}) {
# assembler is still used to compile uplink shim
$vc_win64a_info = { AS => "ml64",
ASFLAGS => "/nologo /Zi",
asflags => "/c /Cp /Cx",
asoutflag => "/Fo" };
asoutflag => "/Fo",
perlasm_scheme => "masm" };
} else {
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win64a_info = { AS => "{unknown}",
ASFLAGS => "",
asflags => "",
asoutflag => "" };
asoutflag => "",
perlasm_scheme => "auto" };
}
}
return $vc_win64a_info;
@ -1416,7 +1419,7 @@ my %targets = (
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
perlasm_scheme => "auto",
perlasm_scheme => sub { vc_win64a_info()->{perlasm_scheme} },
multilib => "-x64",
},
"VC-WIN32" => {

6
crypto/external/bsd/openssl/dist/Configurations/README.md vendored
View File

@ -233,8 +233,14 @@ In each table entry, the following keys are significant:
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit

294
crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl vendored
View File

@ -614,28 +614,28 @@ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_de
install_docs: install_man_docs install_html_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)
$(RM) -r "$(DESTDIR)$(DOCDIR)"
{- output_off() if $disabled{fips}; "" -}
install_fips: build_sw $(INSTALL_FIPSMODULECONF)
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
@$(ECHO) "*** Installing FIPS module"
@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
@cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
@chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
@mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \
$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
@cp "$(INSTALL_FIPSMODULE)" "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new"
@chmod 755 "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new"
@mv -f "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" \
"$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
@$(ECHO) "*** Installing FIPS module configuration"
@$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
@cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
@cp $(INSTALL_FIPSMODULECONF) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
uninstall_fips:
@$(ECHO) "*** Uninstalling FIPS module configuration"
$(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
$(RM) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
@$(ECHO) "*** Uninstalling FIPS module"
$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
$(RM) "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
{- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -}
install_fips:
@$(ECHO) "The 'install_fips' target requires the 'enable-fips' option"
@ -646,75 +646,75 @@ uninstall_fips:
install_ssldirs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc"
@set -e; for x in dummy $(MISC_SCRIPTS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
x1=`echo "$$x" | cut -f1 -d:`; \
x2=`echo "$$x" | cut -f2 -d:`; \
fn=`basename $$x1`; \
$(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
$(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \
chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \
mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \
"$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
if [ "$$x1" != "$$x2" ]; then \
ln=`basename "$$x2"`; \
: {- output_off() unless windowsdll(); "" -}; \
$(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \
: {- output_on() unless windowsdll();
output_off() if windowsdll(); "" -}; \
$(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \
: {- output_on() if windowsdll(); "" -}; \
fi; \
done
@$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
@cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
@chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
@mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
@cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
@chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
@mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
fi
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
@cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
@chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
@mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist
@cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
@chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
@mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \
$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
fi
install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl"
@ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
$(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
done
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)"
@set -e; for l in $(INSTALL_LIBS); do \
fn=`basename $$l`; \
$(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \
cp $$l $(DESTDIR)$(libdir)/$$fn.new; \
$(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \
chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \
mv -f $(DESTDIR)$(libdir)/$$fn.new \
$(DESTDIR)$(libdir)/$$fn; \
cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \
$(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \
chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn.new" \
"$(DESTDIR)$(libdir)/$$fn"; \
done
@ : {- output_off() if $disabled{shared}; "" -}
@set -e; for s in $(INSTALL_SHLIB_INFO); do \
@ -727,18 +727,18 @@ install_dev: install_runtime_libs
: {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \
if [ "$$fn2" != "" ]; then \
$(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \
ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \
ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \
fi; \
: {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \
if [ "$$fn3" != "" ]; then \
$(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \
cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \
chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \
mv -f $(DESTDIR)$(libdir)/$$fn3.new \
$(DESTDIR)$(libdir)/$$fn3; \
cp $$s3 "$(DESTDIR)$(libdir)/$$fn3.new"; \
chmod 755 "$(DESTDIR)$(libdir)/$$fn3.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn3.new" \
"$(DESTDIR)$(libdir)/$$fn3"; \
fi; \
: {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \
a=$(DESTDIR)$(libdir)/$$fn2; \
a="$(DESTDIR)$(libdir)/$$fn2"; \
$(ECHO) "install $$s1 -> $$a"; \
if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \
mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \
@ -755,35 +755,35 @@ install_dev: install_runtime_libs
: {- output_off() if sharedaix(); output_on(); "" -}; \
done
@ : {- output_on() if $disabled{shared}; "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig"
@$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
@cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
@cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
@$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
@cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
@cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
@$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
@cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
@cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
uninstall_dev: uninstall_runtime_libs
@$(ECHO) "*** Uninstalling development files"
@ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl"
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include"
@set -e; for l in $(INSTALL_LIBS); do \
fn=`basename $$l`; \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \
$(RM) $(DESTDIR)$(libdir)/$$fn; \
$(RM) "$(DESTDIR)$(libdir)/$$fn"; \
done
@ : {- output_off() if $disabled{shared}; "" -}
@set -e; for s in $(INSTALL_SHLIB_INFO); do \
@ -795,39 +795,39 @@ uninstall_dev: uninstall_runtime_libs
fn3=`basename "$$s3"`; \
: {- output_off() if windowsdll(); "" -}; \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \
$(RM) $(DESTDIR)$(libdir)/$$fn1; \
$(RM) "$(DESTDIR)$(libdir)/$$fn1"; \
if [ -n "$$fn2" ]; then \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \
$(RM) $(DESTDIR)$(libdir)/$$fn2; \
$(RM) "$(DESTDIR)$(libdir)/$$fn2"; \
fi; \
: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
if [ -n "$$fn3" ]; then \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \
$(RM) $(DESTDIR)$(libdir)/$$fn3; \
$(RM) "$(DESTDIR)$(libdir)/$$fn3"; \
fi; \
: {- output_on() unless windowsdll(); "" -}; \
done
@ : {- output_on() if $disabled{shared}; "" -}
$(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
$(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
$(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
-$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig
-$(RMDIR) $(DESTDIR)$(libdir)
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
-$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig"
-$(RMDIR) "$(DESTDIR)$(libdir)"
_install_modules_deps: install_runtime_libs build_modules
install_engines: _install_modules_deps
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/"
@$(ECHO) "*** Installing engines"
@set -e; for e in dummy $(INSTALL_ENGINES); do \
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
$(DESTDIR)$(ENGINESDIR)/$$fn; \
cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \
mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \
"$(DESTDIR)$(ENGINESDIR)/$$fn"; \
done
uninstall_engines:
@ -836,22 +836,22 @@ uninstall_engines:
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
$(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
-$(RMDIR) "$(DESTDIR)$(ENGINESDIR)"
install_modules: _install_modules_deps
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)/"
@$(ECHO) "*** Installing modules"
@set -e; for e in dummy $(INSTALL_MODULES); do \
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \
cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \
chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \
mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \
$(DESTDIR)$(MODULESDIR)/$$fn; \
cp $$e "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \
mv -f "$(DESTDIR)$(MODULESDIR)/$$fn.new" \
"$(DESTDIR)$(MODULESDIR)/$$fn"; \
done
uninstall_modules:
@ -860,18 +860,18 @@ uninstall_modules:
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \
$(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \
$(RM) "$(DESTDIR)$(MODULESDIR)/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(MODULESDIR)
-$(RMDIR) "$(DESTDIR)$(MODULESDIR)"
install_runtime: install_programs
install_runtime_libs: build_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@ : {- output_off() if windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)"
@ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin"
@ : {- output_on() unless windowsdll(); "" -}
@$(ECHO) "*** Installing runtime libraries"
@set -e; for s in dummy $(INSTALL_SHLIBS); do \
@ -879,40 +879,40 @@ install_runtime_libs: build_libs
fn=`basename $$s`; \
: {- output_off() unless windowsdll(); "" -}; \
$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$s "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
$(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \
cp $$s $(DESTDIR)$(libdir)/$$fn.new; \
chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \
mv -f $(DESTDIR)$(libdir)/$$fn.new \
$(DESTDIR)$(libdir)/$$fn; \
cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn.new" \
"$(DESTDIR)$(libdir)/$$fn"; \
: {- output_on() if windowsdll(); "" -}; \
done
install_programs: install_runtime_libs build_programs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin"
@$(ECHO) "*** Installing runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
@set -e; for x in dummy $(BIN_SCRIPTS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
uninstall_runtime: uninstall_programs uninstall_runtime_libs
@ -924,16 +924,16 @@ uninstall_programs:
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done;
@set -e; for x in dummy $(BIN_SCRIPTS); \
do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/bin"
uninstall_runtime_libs:
@$(ECHO) "*** Uninstalling runtime libraries"
@ -942,49 +942,49 @@ uninstall_runtime_libs:
if [ "$$s" = "dummy" ]; then continue; fi; \
fn=`basename $$s`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
@ : {- output_on() unless windowsdll(); "" -}
install_man_docs: build_man_docs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man1"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man3"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man5"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man7"
@$(ECHO) "*** Installing manpages"
@set -e; for x in dummy $(MANDOCS1); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
cp $$x "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \
done
@set -e; for x in dummy $(MANDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
cp $$x "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \
done
@set -e; for x in dummy $(MANDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
cp $$x "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \
done
@set -e; for x in dummy $(MANDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
cp $$x "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \
done
uninstall_man_docs: build_man_docs
@ -993,65 +993,65 @@ uninstall_man_docs: build_man_docs
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
$(RM) "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \
done
@set -e; for x in dummy $(MANDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
$(RM) "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \
done
@set -e; for x in dummy $(MANDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
$(RM) "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \
done
@set -e; for x in dummy $(MANDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
$(RM) "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \
done
install_html_docs: install_image_docs build_html_docs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man1"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man3"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man5"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7"
@$(ECHO) "*** Installing HTML manpages"
@set -e; for x in dummy $(HTMLDOCS1); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
done
uninstall_html_docs: uninstall_image_docs
@ -1060,35 +1060,35 @@ uninstall_html_docs: uninstall_image_docs
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
done
install_image_docs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7/img"
@set -e; for x in dummy $(IMAGEDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
cp $(SRCDIR)/$$x "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
done
uninstall_image_docs:
@ -1096,7 +1096,7 @@ uninstall_image_docs:
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
done
# Developer targets (note: these are only available on Unix) #########

22
crypto/external/bsd/openssl/dist/INSTALL.md vendored
View File

@ -2,8 +2,8 @@ Build and Install
=================
This document describes installation on all supported operating
systems (the Unix/Linux family, including macOS), OpenVMS,
and Windows).
systems: the Unix/Linux family (including macOS), OpenVMS,
and Windows.
Table of Contents
=================
@ -796,14 +796,22 @@ By default OpenSSL will attempt to stay in memory until the process exits.
This is so that libcrypto and libssl can be properly cleaned up automatically
via an `atexit()` handler. The handler is registered by libcrypto and cleans
up both libraries. On some platforms the `atexit()` handler will run on unload of
libcrypto (if it has been dynamically loaded) rather than at process exit. This
option can be used to stop OpenSSL from attempting to stay in memory until the
libcrypto (if it has been dynamically loaded) rather than at process exit.
This option can be used to stop OpenSSL from attempting to stay in memory until the
process exits. This could lead to crashes if either libcrypto or libssl have
already been unloaded at the point that the atexit handler is invoked, e.g. on a
platform which calls `atexit()` on unload of the library, and libssl is unloaded
before libcrypto then a crash is likely to happen. Applications can suppress
running of the `atexit()` handler at run time by using the
`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
before libcrypto then a crash is likely to happen.
Note that shared library pinning is not automatically disabled for static builds,
i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
linking libcrypto statically into a shared third-party library, because in this
case the shared library will be pinned. To prevent this behaviour, you need to
configure the static build using `no-shared` and `no-pinshared` together.
Applications can suppress running of the `atexit()` handler at run time by
using the `OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
See the man page for it for further details.
### no-posix-io

21
crypto/external/bsd/openssl/dist/NEWS.md vendored
View File

@ -18,6 +18,22 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs.
([CVE-2023-5363])
### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows
([CVE-2023-4807])
### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
* Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
* Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
@ -1442,6 +1458,11 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466

96
crypto/external/bsd/openssl/dist/README-FIPS.md vendored
View File

@ -2,7 +2,7 @@ OpenSSL FIPS support
====================
This release of OpenSSL includes a cryptographic module that can be
FIPS 140-2 validated. The module is implemented as an OpenSSL provider.
FIPS validated. The module is implemented as an OpenSSL provider.
A provider is essentially a dynamically loadable module which implements
cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
for further details.
@ -28,8 +28,16 @@ resp. `fips.dll` (on Windows). The FIPS provider does not get built and
installed automatically. To enable it, you need to configure OpenSSL using
the `enable-fips` option.
Installing the FIPS module
==========================
Installing the FIPS provider
============================
In order to be FIPS compliant you must only use FIPS validated source code.
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. The instructions given below build OpenSSL
just using the FIPS validated source code.
If you want to use a validated FIPS provider, but also want to use the latest
OpenSSL release to build everything else, then refer to the next section.
The following is only a guide.
Please read the Security Policy for up to date installation instructions.
@ -63,11 +71,12 @@ the installation by doing the following two things:
- Runs the FIPS module self tests
- Generates the so-called FIPS module configuration file containing information
about the module such as the self test status, and the module checksum.
about the module such as the module checksum (and for OpenSSL 3.0 the
self test status).
The FIPS module must have the self tests run, and the FIPS module config file
output generated on every machine that it is to be used on. You must not copy
the FIPS module config file output data from one machine to another.
output generated on every machine that it is to be used on. For OpenSSL 3.0,
you must not copy the FIPS module config file output data from one machine to another.
On Unix the `openssl fipsinstall` command will be invoked as follows by default:
@ -75,7 +84,80 @@ On Unix the `openssl fipsinstall` command will be invoked as follows by default:
If you configured OpenSSL to be installed to a different location, the paths will
vary accordingly. In the rare case that you need to install the fipsmodule.cnf
to non-standard location, you can execute the `openssl fipsinstall` command manually.
to a non-standard location, you can execute the `openssl fipsinstall` command manually.
Installing the FIPS provider and using it with the latest release
=================================================================
This normally requires you to download 2 copies of the OpenSSL source code.
Download and build a validated FIPS provider
--------------------------------------------
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
$ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
$ tar -xf openssl-3.0.0.tar.gz
$ cd openssl-3.0.0
$ ./Configure enable-fips
$ make
$ cd ..
Download and build the latest release of OpenSSL
------------------------------------------------
We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
$ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
$ tar -xf openssl-3.1.0.tar.gz
$ cd openssl-3.1.0
$ ./Configure enable-fips
$ make
Use the OpenSSL FIPS provider for testing
-----------------------------------------
We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
Note that the OpenSSL 3.1.0 FIPS provider has not been validated
so it must not be used for FIPS purposes.
$ cp ../openssl-3.0.0/providers/fips.so providers/.
$ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
// Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
// be copied across multiple machines if it contains an entry for
// `install-status`. (Otherwise the self tests would be skipped).
// Validate the output of the following to make sure we are using the
// OpenSSL 3.0.0 FIPS provider
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// Now run the current tests using the OpenSSL 3.0 FIPS provider.
$ make tests
Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
-------------------------------------------------------------------------------------
$ cd ../openssl-3.0.0
$ sudo make install_fips
Check that the correct FIPS provider is being used
--------------------------------------------------
$./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// This should produce the following output
Providers:
base
name: OpenSSL Base Provider
version: 3.1.0
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.0
status: active
Using the FIPS Module in applications
=====================================

2
crypto/external/bsd/openssl/dist/README.md vendored
View File

@ -166,7 +166,7 @@ attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1998-2023 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

4
crypto/external/bsd/openssl/dist/VERSION.dat vendored
View File

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=9
PATCH=12
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="30 May 2023"
RELEASE_DATE="24 Oct 2023"
SHLIB_VERSION=3

25
crypto/external/bsd/openssl/dist/apps/cms.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -796,6 +796,9 @@ int cms_main(int argc, char **argv)
if ((operation & SMIME_IP) == 0 && contfile != NULL)
BIO_printf(bio_err,
"Warning: -contfile option is ignored for the given operation\n");
if (operation != SMIME_ENCRYPT && *argv != NULL)
BIO_printf(bio_err,
"Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
if ((flags & CMS_BINARY) != 0) {
if (!(operation & SMIME_OP))
@ -823,19 +826,13 @@ int cms_main(int argc, char **argv)
goto end;
}
if (*argv != NULL) {
if (operation == SMIME_ENCRYPT) {
for (; *argv != NULL; argv++) {
cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
} else {
BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
}
for (; *argv != NULL; argv++) {
cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
}

2
crypto/external/bsd/openssl/dist/apps/dgst.c vendored
View File

@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv)
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
if (sigkey == NULL)
goto end;
}
if (hmac_key != NULL) {

4
crypto/external/bsd/openssl/dist/apps/dhparam.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv)
}
tmppkey = app_paramgen(ctx, alg);
if (tmppkey == NULL)
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
if (dsaparam) {

4
crypto/external/bsd/openssl/dist/apps/dsaparam.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", numbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_PrivateKey_bio(out, pkey);

5
crypto/external/bsd/openssl/dist/apps/enc.c vendored
View File

@ -624,7 +624,10 @@ int enc_main(int argc, char **argv)
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
if (enc)
BIO_printf(bio_err, "bad encrypt\n");
else
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}

4
crypto/external/bsd/openssl/dist/apps/gendsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", nbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {

4
crypto/external/bsd/openssl/dist/apps/genpkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv)
pkey = do_param ? app_paramgen(ctx, algname)
: app_keygen(ctx, algname, 0, 0 /* not verbose */);
if (pkey == NULL)
goto end;
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);

4
crypto/external/bsd/openssl/dist/apps/genrsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -203,6 +203,8 @@ opthelp:
goto end;
}
pkey = app_keygen(ctx, "RSA", num, verbose);
if (pkey == NULL)
goto end;
if (verbose) {
BIGNUM *e = NULL;

4
crypto/external/bsd/openssl/dist/apps/pkeyutl.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -421,7 +421,7 @@ int pkeyutl_main(int argc, char **argv)
/* Raw input data is handled elsewhere */
if (in != NULL && !rawin) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
buf_inlen = bio_to_mem(&buf_in, -1, in);
if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;

4
crypto/external/bsd/openssl/dist/crypto/LPdir_unix.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -137,7 +137,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
if ((*ctx)->expect_file_generations) {
char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
while(p > (*ctx)->entry_name && isdigit(p[-1]))
while (p > (*ctx)->entry_name && isdigit((unsigned char)p[-1]))
p--;
if (p > (*ctx)->entry_name && p[-1] == ';')
p[-1] = '\0';

3
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesv8-armx.pl vendored
View File

@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[ui]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

4
crypto/external/bsd/openssl/dist/crypto/asn1/a_strnid.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -129,8 +129,10 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
int idx;
ASN1_STRING_TABLE fnd;
#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
/* "stable" can be impacted by config, so load the config file first */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
fnd.nid = nid;
if (stable) {

11
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_gen.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -698,9 +698,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
atmp->value.asn1_string->data = rdata;
atmp->value.asn1_string->length = rdlen;
atmp->value.asn1_string->type = utype;
} else if (format == ASN1_GEN_FORMAT_ASCII)
ASN1_STRING_set(atmp->value.asn1_string, str, -1);
else if ((format == ASN1_GEN_FORMAT_BITLIST)
} else if (format == ASN1_GEN_FORMAT_ASCII) {
if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
goto bad_str;
}
} else if ((format == ASN1_GEN_FORMAT_BITLIST)
&& (utype == V_ASN1_BIT_STRING)) {
if (!CONF_parse_list
(str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

8
crypto/external/bsd/openssl/dist/crypto/bn/bn_gcd.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
for (i = 0; i < m; i++) {
/* conditionally flip signs if delta is positive and g is odd */
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1)));
delta = (-cond & -delta) | ((cond - 1) & delta);
r->neg ^= cond;
/* swap */
@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
goto err;
BN_consttime_swap(g->d[0] & 1 /* g is odd */
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))),
g, temp, top);
if (!BN_rshift1(g, g))
goto err;

4
crypto/external/bsd/openssl/dist/crypto/bn/bn_recp.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -44,7 +44,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
{
if (!BN_copy(&(recp->N), d))
if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
return 0;
BN_zero(&(recp->Nr));
recp->num_bits = BN_num_bits(d);

2
crypto/external/bsd/openssl/dist/crypto/build.info vendored
View File

@ -97,8 +97,6 @@ $UTIL_COMMON=\
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c
SHARED_SOURCE[../libssl]=sparse_array.c
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \

2
crypto/external/bsd/openssl/dist/crypto/chacha/asm/chacha-ia64.pl vendored
View File

@ -46,6 +46,8 @@ ChaCha20_ctr32:
ADDP @k[11]=4,$key
.save ar.lc,r3
mov r3=ar.lc }
{ .mmi; ADDP $out=0,$out
ADDP $inp=0,$inp }
{ .mmi; ADDP $key=0,$key
ADDP $counter=0,$counter
.save pr,r14

10
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_asn.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@ -188,22 +188,22 @@ int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
return 0;
}
/* get ASN.1 encoded integer, return -1 on error */
/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
{
int64_t res;
if (!ASN1_INTEGER_get_int64(&res, a)) {
ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
return -1;
return -2;
}
if (res < INT_MIN) {
ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
return -1;
return -2;
}
if (res > INT_MAX) {
ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
return -1;
return -2;
}
return (int)res;
}

2
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_client.c vendored
View File

@ -584,7 +584,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
return 0;
if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
rid = ossl_cmp_asn1_get_int(crep->certReqId);
if (rid != OSSL_CMP_CERTREQID_NONE) {
if (rid < OSSL_CMP_CERTREQID_NONE) {
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
return 0;
}

7
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_status.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@ -30,9 +30,12 @@
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
{
int res ;
if (!ossl_assert(si != NULL && si->status != NULL))
return -1;
return ossl_cmp_asn1_get_int(si->status);
res = ossl_cmp_asn1_get_int(si->status);
return res == -2 ? -1 : res;
}
const char *ossl_cmp_PKIStatus_to_string(int status)

5
crypto/external/bsd/openssl/dist/crypto/cms/cms_enc.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,6 +15,7 @@
#include <openssl/cms.h>
#include <openssl/rand.h>
#include "crypto/evp.h"
#include "crypto/asn1.h"
#include "cms_local.h"
/* CMS EncryptedData Utilities */
@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
if (enc) {
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
if (calg->algorithm == NULL) {
if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
goto err;
}

27
crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c vendored
View File

@ -26,7 +26,7 @@ static void cms_env_set_version(CMS_EnvelopedData *env);
#define CMS_ENVELOPED_STANDARD 1
#define CMS_ENVELOPED_AUTH 2
static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms)
{
int nid = OBJ_obj2nid(cms->contentType);
@ -38,11 +38,28 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
return CMS_ENVELOPED_AUTH;
default:
ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
return 0;
}
}
static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
{
int ret = cms_get_enveloped_type_simple(cms);
if (ret == 0)
ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
return ret;
}
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
{
if (cms_get_enveloped_type_simple(cinf) != 0) {
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
if (ec != NULL)
OPENSSL_clear_free(ec->key, ec->keylen);
}
}
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
@ -142,10 +159,12 @@ CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *c
{
switch (cms_get_enveloped_type(cms)) {
case CMS_ENVELOPED_STANDARD:
return cms->d.envelopedData->encryptedContentInfo;
return cms->d.envelopedData == NULL ? NULL
: cms->d.envelopedData->encryptedContentInfo;
case CMS_ENVELOPED_AUTH:
return cms->d.authEnvelopedData->authEncryptedContentInfo;
return cms->d.authEnvelopedData == NULL ? NULL
: cms->d.authEnvelopedData->authEncryptedContentInfo;
default:
return NULL;

4
crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c vendored
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
"unsupported recipientinfo type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
"unsupported recipient type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
"unsupported signature algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},

1
crypto/external/bsd/openssl/dist/crypto/cms/cms_lib.c vendored
View File

@ -76,6 +76,7 @@ CMS_ContentInfo *CMS_ContentInfo_new(void)
void CMS_ContentInfo_free(CMS_ContentInfo *cms)
{
if (cms != NULL) {
ossl_cms_env_enc_content_free(cms);
OPENSSL_free(cms->ctx.propq);
ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
}

3
crypto/external/bsd/openssl/dist/crypto/cms/cms_local.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -444,6 +444,7 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);

13
crypto/external/bsd/openssl/dist/crypto/cms/cms_rsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,6 +13,7 @@
#include <openssl/core_names.h>
#include "crypto/asn1.h"
#include "crypto/rsa.h"
#include "crypto/evp.h"
#include "cms_local.h"
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
@ -210,6 +211,16 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
if (pad_mode != RSA_PKCS1_PSS_PADDING)
return 0;
if (evp_pkey_ctx_is_legacy(pkctx)) {
/* No provider -> we cannot query it for algorithm ID. */
ASN1_STRING *os = NULL;
os = ossl_rsa_ctx_to_pss_string(pkctx);
if (os == NULL)
return 0;
return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
}
params[0] = OSSL_PARAM_construct_octet_string(
OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
params[1] = OSSL_PARAM_construct_end();

20
crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -233,9 +233,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
int i;
if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
return ossl_cms_ecdsa_dsa_sign(si, cmd);
return ossl_cms_ecdsa_dsa_sign(si, cmd) > 0;
else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
return ossl_cms_rsa_sign(si, cmd);
return ossl_cms_rsa_sign(si, cmd) > 0;
/* Something else? We'll give engines etc a chance to handle this */
if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (md == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
md = EVP_get_digestbynid(def_nid);
if (md == NULL) {
ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"default md nid=%d", def_nid);
goto err;
}
}
@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
}
}
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
if (!(flags & CMS_NOATTR)) {
/*
* Initialize signed attributes structure so other attributes

10
crypto/external/bsd/openssl/dist/crypto/conf/conf_mod.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -184,15 +184,21 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
CONF *conf = NULL;
int ret = 0, diagnostics = 0;
ERR_set_mark();
if (filename == NULL) {
file = CONF_get1_default_config_file();
if (file == NULL)
goto err;
if (*file == '\0') {
/* Do not try to load an empty file name but do not error out */
ret = 1;
goto err;
}
} else {
file = (char *)filename;
}
ERR_set_mark();
conf = NCONF_new_ex(libctx, NULL);
if (conf == NULL)
goto err;

7
crypto/external/bsd/openssl/dist/crypto/conf/conf_sap.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -65,7 +65,10 @@ int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings)
#endif
#ifndef OPENSSL_SYS_UEFI
ret = CONF_modules_load_file(filename, appname, flags);
ret = CONF_modules_load_file_ex(OSSL_LIB_CTX_get0_global_default(),
filename, appname, flags);
#else
ret = 1;
#endif
openssl_configured = 1;
return ret;

5
crypto/external/bsd/openssl/dist/crypto/core_namemap.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -142,6 +142,9 @@ int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
cbdata.number = number;
cbdata.found = 0;
if (namemap == NULL)
return 0;
/*
* We collect all the names first under a read lock. Subsequently we call
* the user function, so that we're not holding the read lock when in user

21
crypto/external/bsd/openssl/dist/crypto/dh/dh_check.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret)
#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
int ok = 0, r, q_good = 0;
BN_CTX *ctx = NULL;
BIGNUM *t1 = NULL, *t2 = NULL;
int nid = DH_get_nid((DH *)dh);
@ -152,6 +152,13 @@ int DH_check(const DH *dh, int *ret)
if (nid != NID_undef)
return 1;
/* Don't do any checks at all with an excessively large modulus */
if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
*ret = DH_MODULUS_TOO_LARGE | DH_CHECK_P_NOT_PRIME;
return 0;
}
if (!DH_check_params(dh, ret))
return 0;
@ -165,6 +172,13 @@ int DH_check(const DH *dh, int *ret)
goto err;
if (dh->params.q != NULL) {
if (BN_ucmp(dh->params.p, dh->params.q) > 0)
q_good = 1;
else
*ret |= DH_CHECK_INVALID_Q_VALUE;
}
if (q_good) {
if (BN_cmp(dh->params.g, BN_value_one()) <= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
else if (BN_cmp(dh->params.g, dh->params.p) >= 0)
@ -245,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
*/
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)

3
crypto/external/bsd/openssl/dist/crypto/dh/dh_key.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
static int dh_init(DH *dh)
{
dh->flags |= DH_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dh->params);
dh->dirty_cnt++;
return 1;
}

8
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_check.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
*/
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
&& *ret == 0;
}
/*
@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
*/
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)

1
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c vendored
View File

@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
static int dsa_init(DSA *dsa)
{
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dsa->params);
dsa->dirty_cnt++;
return 1;
}

7
crypto/external/bsd/openssl/dist/crypto/encode_decode/decoder_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -743,10 +743,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
(void *)new_data.ctx, LEVEL, rv);
} OSSL_TRACE_END(DECODER);
data->flag_construct_called = 1;
ok = (rv > 0);
if (ok)
if (ok) {
data->flag_construct_called = 1;
goto end;
}
}
/* The constructor didn't return success */

8
crypto/external/bsd/openssl/dist/crypto/encode_decode/decoder_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -150,7 +150,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
import_data.keymgmt = keymgmt;
import_data.keydata = NULL;
import_data.selection = data->selection;
if (data->selection == 0)
/* import/export functions do not tolerate 0 selection */
import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
else
import_data.selection = data->selection;
/*
* No need to check for errors here, the value of

11
crypto/external/bsd/openssl/dist/crypto/engine/eng_list.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -78,12 +78,15 @@ static int engine_list_add(ENGINE *e)
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_head = e;
e->prev = NULL;
/*
* The first time the list allocates, we should register the cleanup.
*/
engine_cleanup_add_last(engine_list_cleanup);
if (!engine_cleanup_add_last(engine_list_cleanup)) {
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_head = e;
e->prev = NULL;
} else {
/* We are adding to the tail of an existing list. */
if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {

6
crypto/external/bsd/openssl/dist/crypto/engine/eng_local.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -46,8 +46,8 @@ typedef struct st_engine_cleanup_item {
ENGINE_CLEANUP_CB *cb;
} ENGINE_CLEANUP_ITEM;
DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
/* We need stacks of ENGINEs for use in eng_table.c */
DEFINE_STACK_OF(ENGINE)

44
crypto/external/bsd/openssl/dist/crypto/engine/eng_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return NULL;
}
/* We enforce check for legacy key */
switch (EVP_PKEY_get_id(pkey)) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
}
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_set1_EC_KEY(pkey, ec);
EC_KEY_free(ec);
}
break;
# endif
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
{
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_set1_DSA(pkey, dsa);
DSA_free(dsa);
}
break;
#endif
# ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get1_DH(pkey);
EVP_PKEY_set1_DH(pkey, dh);
DH_free(dh);
}
break;
#endif
default:
/*Do nothing */
break;
}
return pkey;
}

13
crypto/external/bsd/openssl/dist/crypto/engine/eng_table.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -93,9 +93,12 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
added = 1;
if (!int_table_check(table, 1))
goto end;
if (added)
/* The cleanup callback needs to be added */
engine_cleanup_add_first(cleanup);
/* The cleanup callback needs to be added */
if (added && !engine_cleanup_add_first(cleanup)) {
lh_ENGINE_PILE_free(&(*table)->piles);
*table = NULL;
goto end;
}
while (num_nids--) {
tmplate.nid = *nids;
fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
@ -201,8 +204,10 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
/* Load the config before trying to check if engines are available */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,

2
crypto/external/bsd/openssl/dist/crypto/err/openssl.txt vendored
View File

@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source
CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm
CMS_R_UNSUPPORTED_TYPE:156:unsupported type
CMS_R_UNWRAP_ERROR:157:unwrap error
CMS_R_UNWRAP_FAILURE:180:unwrap failure
@ -1675,6 +1676,7 @@ X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed
X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
X509_R_CRL_ALREADY_DELTA:127:crl already delta
X509_R_CRL_VERIFY_FAILURE:131:crl verify failure
X509_R_DUPLICATE_ATTRIBUTE:140:duplicate attribute
X509_R_ERROR_GETTING_MD_BY_NID:141:error getting md by nid
X509_R_ERROR_USING_SIGINF_SET:142:error using siginf set
X509_R_IDP_MISMATCH:128:idp mismatch

33
crypto/external/bsd/openssl/dist/crypto/evp/ctrl_params_translate.c vendored
View File

@ -636,8 +636,8 @@ static int default_fixup_args(enum state state,
ctx->p2, ctx->sz);
case OSSL_PARAM_OCTET_STRING:
return OSSL_PARAM_get_octet_string(ctx->params,
ctx->p2, ctx->sz,
&ctx->sz);
&ctx->p2, ctx->sz,
(size_t *)&ctx->p1);
case OSSL_PARAM_OCTET_PTR:
return OSSL_PARAM_get_octet_ptr(ctx->params,
ctx->p2, &ctx->sz);
@ -685,7 +685,7 @@ static int default_fixup_args(enum state state,
return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2,
size);
case OSSL_PARAM_OCTET_PTR:
return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2,
return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2,
size);
default:
ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
@ -695,6 +695,9 @@ static int default_fixup_args(enum state state,
translation->param_data_type);
return 0;
}
} else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
if (translation->param_data_type == OSSL_PARAM_OCTET_PTR)
ctx->p2 = &ctx->bufp;
}
}
/* Any other combination is simply pass-through */
@ -1783,7 +1786,8 @@ static int get_rsa_payload_n(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2));
@ -1796,7 +1800,8 @@ static int get_rsa_payload_e(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2));
@ -1809,7 +1814,8 @@ static int get_rsa_payload_d(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2));
@ -1909,7 +1915,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_factor(state, translation, ctx, n - 1); \
}
@ -1920,7 +1927,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_exponent(state, translation, ctx, \
n - 1); \
@ -1932,7 +1940,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_coefficient(state, translation, ctx, \
n - 1); \
@ -2254,7 +2263,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
{ GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
{ SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
@ -2268,10 +2277,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
{ SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
{ SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },

8
crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
{
KECCAK1600_CTX *ctx = evp_ctx->md_data;
KECCAK1600_CTX *ctx;
if (evp_ctx == NULL)
return 0;
ctx = evp_ctx->md_data;
switch (cmd) {
case EVP_MD_CTRL_XOF_LEN:

3
crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt2.c vendored
View File

@ -231,13 +231,16 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
goto err;
}
(void)ERR_set_mark();
prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
if (prfmd == NULL)
prfmd = EVP_get_digestbynid(hmac_md_nid);
if (prfmd == NULL) {
(void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF);
goto err;
}
(void)ERR_pop_to_mark();
if (kdf->salt->type != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE);

5
crypto/external/bsd/openssl/dist/crypto/evp/p_lib.c vendored
View File

@ -717,11 +717,13 @@ static void detect_foreign_key(EVP_PKEY *pkey)
{
switch (pkey->type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA_PSS:
pkey->foreign = pkey->pkey.rsa != NULL
&& ossl_rsa_is_foreign(pkey->pkey.rsa);
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
break;
case EVP_PKEY_EC:
pkey->foreign = pkey->pkey.ec != NULL
&& ossl_ec_key_is_foreign(pkey->pkey.ec);
@ -1074,6 +1076,7 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
if (pkey->keymgmt == NULL) {
switch (EVP_PKEY_get_base_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA_PSS:
return 1;
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
@ -1198,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
int indent, ASN1_PCTX *pctx)
{
return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL,
return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL,
(pkey->ameth != NULL ? pkey->ameth->priv_print : NULL),
pctx);
}

5
crypto/external/bsd/openssl/dist/crypto/evp/pmeth_lib.c vendored
View File

@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
*/
if (e != NULL)
pmeth = ENGINE_get_pkey_meth(e, id);
else if (pkey != NULL && pkey->foreign)
else
# endif /* OPENSSL_NO_ENGINE */
if (pkey != NULL && pkey->foreign)
pmeth = EVP_PKEY_meth_find(id);
else
# endif
app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
/* END legacy */

16
crypto/external/bsd/openssl/dist/crypto/ffc/ffc_key_validate.c vendored
View File

@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
*ret = 0;
if (params == NULL || pub_key == NULL || params->p == NULL) {
*ret = FFC_ERROR_PASSED_NULL_PARAM;
return 0;
return 1;
}
ctx = BN_CTX_new_ex(NULL);
@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_set_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) <= 0) {
if (BN_cmp(pub_key, tmp) <= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
goto err;
}
/* Step(1): Verify pub_key <= p-2 */
if (BN_copy(tmp, params->p) == NULL
|| !BN_sub_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) >= 0) {
if (BN_cmp(pub_key, tmp) >= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
goto err;
}
ok = 1;
err:
if (ctx != NULL) {
@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
return 0;
if (params->q != NULL) {
if (*ret == 0 && params->q != NULL) {
ctx = BN_CTX_new_ex(NULL);
if (ctx == NULL)
goto err;
@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
goto err;
if (!BN_is_one(tmp)) {
if (!BN_is_one(tmp))
*ret |= FFC_ERROR_PUBKEY_INVALID;
goto err;
}
}
ok = 1;

15
crypto/external/bsd/openssl/dist/crypto/http/http_client.c vendored
View File

@ -164,7 +164,8 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
/*
* Create request line using |rctx| and |path| (or "/" in case |path| is NULL).
* Server name (and port) must be given if and only if plain HTTP proxy is used.
* Server name (and optional port) must be given if and only if
* a plain HTTP proxy is used and |path| does not begin with 'http://'.
*/
int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
const char *server, const char *port,
@ -193,11 +194,17 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
return 0;
}
/* Make sure path includes a forward slash */
if (path == NULL)
/* Make sure path includes a forward slash (abs_path) */
if (path == NULL) {
path = "/";
if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0)
} else if (HAS_PREFIX(path, "http://")) { /* absoluteURI for proxy use */
if (server != NULL) {
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
} else if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) {
return 0;
}
/*
* Add (the rest of) the path and the HTTP version,
* which is fixed to 1.0 for straightforward implementation of keep-alive

8
crypto/external/bsd/openssl/dist/crypto/http/http_lib.c vendored
View File

@ -22,6 +22,13 @@ static void init_pstring(char **pstr)
}
}
static void init_pint(int *pint)
{
if (pint != NULL) {
*pint = 0;
}
}
static int copy_substring(char **dest, const char *start, const char *end)
{
return dest == NULL
@ -54,6 +61,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
init_pstring(puser);
init_pstring(phost);
init_pstring(pport);
init_pint(pport_num);
init_pstring(ppath);
init_pstring(pfrag);
init_pstring(pquery);

5
crypto/external/bsd/openssl/dist/crypto/modes/asm/ghashv8-armx.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -744,6 +744,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

7
crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.c vendored
View File

@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
if (p == NULL) {
const char *base_ = base;
int l, h, i = 0, c = 0;
char *p1;
for (i = 0; i < num; ++i) {
p = &(base_[i * size]);
c = (*cmp) (key, p);
p1 = &(base_[i * size]);
c = (*cmp) (key, p1);
if (c == 0
|| (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
return p;
return p1;
}
}
#endif

13
crypto/external/bsd/openssl/dist/crypto/param_build_set.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params,
{
int i, sz = sk_BIGNUM_const_num(stk);
OSSL_PARAM *p;
const BIGNUM *bn;
if (bld != NULL) {
for (i = 0; i < sz && names[i] != NULL; ++i) {
if (!OSSL_PARAM_BLD_push_BN(bld, names[i],
sk_BIGNUM_const_value(stk, i)))
bn = sk_BIGNUM_const_value(stk, i);
if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn))
return 0;
}
return 1;
}
for (i = 0; i < sz && names[i] != NULL; ++i) {
bn = sk_BIGNUM_const_value(stk, i);
p = OSSL_PARAM_locate(params, names[i]);
if (p != NULL) {
if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i)))
if (p != NULL && bn != NULL) {
if (!OSSL_PARAM_set_BN(p, bn))
return 0;
}
}

40
crypto/external/bsd/openssl/dist/crypto/params.c vendored
View File

@ -14,6 +14,7 @@
#include "internal/numbers.h"
#include "internal/endian.h"
#ifndef OPENSSL_SYS_UEFI
/*
* Return the number of bits in the mantissa of a double. This is used to
* shift a larger integral value to determine if it will exactly fit into a
@ -23,6 +24,7 @@ static unsigned int real_shift(void)
{
return sizeof(double) == 4 ? 24 : 53;
}
#endif
OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key)
{
@ -342,8 +344,6 @@ OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf)
int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
{
double d;
if (val == NULL || p == NULL )
return 0;
@ -391,6 +391,9 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
return general_get_int(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -400,6 +403,7 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
}
break;
}
#endif
}
return 0;
}
@ -442,6 +446,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val)
#endif
return general_set_int(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -450,6 +455,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val)
*(double *)p->data = (double)val;
return 1;
}
#endif
}
return 0;
}
@ -462,8 +468,6 @@ OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf)
int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
{
double d;
if (val == NULL || p == NULL)
return 0;
@ -509,6 +513,9 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
#endif
return general_get_uint(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -518,6 +525,7 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
}
break;
}
#endif
}
return 0;
}
@ -564,6 +572,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val)
#endif
return general_set_uint(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -572,6 +581,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val)
*(double *)p->data = (double)val;
return 1;
}
#endif
}
return 0;
}
@ -584,8 +594,6 @@ OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf)
int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
{
double d;
if (val == NULL || p == NULL )
return 0;
@ -620,6 +628,9 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
#endif
return general_get_int(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -636,14 +647,13 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
}
break;
}
#endif
}
return 0;
}
int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
{
uint64_t u64;
if (p == NULL)
return 0;
p->return_size = 0;
@ -686,6 +696,9 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
#endif
return general_set_int(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
uint64_t u64;
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -698,6 +711,7 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
}
break;
}
#endif
}
return 0;
}
@ -709,8 +723,6 @@ OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf)
int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
{
double d;
if (val == NULL || p == NULL)
return 0;
@ -750,6 +762,9 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
#endif
return general_get_uint(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -766,6 +781,7 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
}
break;
}
#endif
}
return 0;
}
@ -818,6 +834,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val)
#endif
return general_set_uint(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
switch (p->data_size) {
case sizeof(double):
@ -827,6 +844,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val)
}
break;
}
#endif
}
return 0;
}
@ -953,6 +971,7 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
buf, bsize);
}
#ifndef OPENSSL_SYS_UEFI
int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val)
{
int64_t i64;
@ -1073,6 +1092,7 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf)
{
return ossl_param_construct(key, OSSL_PARAM_REAL, buf, sizeof(double));
}
#endif
static int get_string_internal(const OSSL_PARAM *p, void **val,
size_t *max_len, size_t *used_len,

13
crypto/external/bsd/openssl/dist/crypto/pem/pem_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -366,10 +366,19 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
return ret;
}
static int no_password_cb(char *buf, int num, int rwflag, void *userdata)
{
return -1;
}
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OSSL_LIB_CTX *libctx, const char *propq)
{
return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
/*
* PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt
* to get a password just fails.
*/
return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq,
EVP_PKEY_KEY_PARAMETERS);
}

7
crypto/external/bsd/openssl/dist/crypto/perlasm/arm-xlate.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -159,9 +159,8 @@ while(my $line=<>) {
}
{
$line =~ s|(^[\.\w]+)\:\s*||;
my $label = $1;
if ($label) {
if ($line =~ s|(^[\.\w]+)\:\s*||) {
my $label = $1;
printf "%s:",($GLOBALS{$label} or $label);
}
}

64
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_crt.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,6 +14,12 @@
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
PKCS12_SAFEBAG *bag);
static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
X509 *cert,
const char *name,
int namelen,
unsigned char *keyid,
int keyidlen);
static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
{
@ -40,6 +46,9 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
int namelen = -1;
unsigned char *pkeyid = NULL;
int pkeyidlen = -1;
/* Set defaults */
if (nid_cert == NID_undef)
@ -64,11 +73,16 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
}
if (cert) {
bag = PKCS12_add_cert(&bags, cert);
if (name && !PKCS12_add_friendlyname(bag, name, -1))
goto err;
if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
if (name == NULL)
name = (char *)X509_alias_get0(cert, &namelen);
if (keyidlen > 0) {
pkeyid = keyid;
pkeyidlen = keyidlen;
} else {
pkeyid = X509_keyid_get0(cert, &pkeyidlen);
}
bag = pkcs12_add_cert_bag(&bags, cert, name, namelen, pkeyid, pkeyidlen);
}
/* Add all other certificates */
@ -139,30 +153,23 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *
iter, mac_iter, keytype, NULL, NULL);
}
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
X509 *cert,
const char *name,
int namelen,
unsigned char *keyid,
int keyidlen)
{
PKCS12_SAFEBAG *bag = NULL;
char *name;
int namelen = -1;
unsigned char *keyid;
int keyidlen = -1;
/* Add user certificate */
if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
goto err;
/*
* Use friendlyName and localKeyID in certificate. (if present)
*/
name = (char *)X509_alias_get0(cert, &namelen);
if (name && !PKCS12_add_friendlyname(bag, name, namelen))
if (name != NULL && !PKCS12_add_friendlyname(bag, name, namelen))
goto err;
keyid = X509_keyid_get0(cert, &keyidlen);
if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
if (keyid != NULL && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
if (!pkcs12_add_bag(pbags, bag))
@ -173,7 +180,22 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
err:
PKCS12_SAFEBAG_free(bag);
return NULL;
}
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
{
char *name = NULL;
int namelen = -1;
unsigned char *keyid = NULL;
int keyidlen = -1;
/*
* Use friendlyName and localKeyID in certificate. (if present)
*/
name = (char *)X509_alias_get0(cert, &namelen);
keyid = X509_keyid_get0(cert, &keyidlen);
return pkcs12_add_cert_bag(pbags, cert, name, namelen, keyid, keyidlen);
}
PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,

7
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_mutl.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -108,15 +108,20 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
return 0;
(void)ERR_set_mark();
md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name,
p12->authsafes->ctx.propq);
if (md == NULL)
md = EVP_get_digestbynid(OBJ_obj2nid(macoid));
if (md == NULL) {
(void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
(void)ERR_pop_to_mark();
md_size = EVP_MD_get_size(md);
md_nid = EVP_MD_get_type(md);
if (md_size < 0)

26
crypto/external/bsd/openssl/dist/crypto/poly1305/asm/poly1305-armv8.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -85,7 +85,7 @@ poly1305_init:
ldp $r0,$r1,[$inp] // load key
mov $s1,#0xfffffffc0fffffff
movk $s1,#0x0fff,lsl#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $r0,$r0 // flip bytes
rev $r1,$r1
#endif
@ -132,7 +132,7 @@ poly1305_blocks:
.Loop:
ldp $t0,$t1,[$inp],#16 // load input
sub $len,$len,#16
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $t0,$t0
rev $t1,$t1
#endif
@ -197,13 +197,13 @@ poly1305_emit:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif
@ -335,7 +335,7 @@ poly1305_blocks_neon:
adcs $h1,$h1,xzr
adc $h2,$h2,xzr
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -381,7 +381,7 @@ poly1305_blocks_neon:
ldp $d0,$d1,[$inp],#16 // load input
sub $len,$len,#16
add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2)
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -466,7 +466,7 @@ poly1305_blocks_neon:
lsl $padbit,$padbit,#24
add x15,$ctx,#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -502,7 +502,7 @@ poly1305_blocks_neon:
ld1 {$S2,$R3,$S3,$R4},[x15],#64
ld1 {$S4},[x15]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -563,7 +563,7 @@ poly1305_blocks_neon:
umull $ACC1,$IN23_0,${R1}[2]
ldp x9,x13,[$in2],#48
umull $ACC0,$IN23_0,${R0}[2]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -628,7 +628,7 @@ poly1305_blocks_neon:
umlal $ACC4,$IN01_2,${R2}[0]
umlal $ACC1,$IN01_2,${S4}[0]
umlal $ACC2,$IN01_2,${R0}[0]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -909,13 +909,13 @@ poly1305_emit_neon:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif

6
crypto/external/bsd/openssl/dist/crypto/poly1305/asm/poly1305-x86_64.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -195,7 +195,7 @@ $code.=<<___ if ($avx>1);
bt \$`5+32`,%r9 # AVX2?
cmovc %rax,%r10
___
$code.=<<___ if ($avx>3);
$code.=<<___ if ($avx>3 && !$win64);
mov \$`(1<<31|1<<21|1<<16)`,%rax
shr \$32,%r9
and %rax,%r9
@ -2724,7 +2724,7 @@ $code.=<<___;
.cfi_endproc
.size poly1305_blocks_avx512,.-poly1305_blocks_avx512
___
if ($avx>3) {
if ($avx>3 && !$win64) {
########################################################################
# VPMADD52 version using 2^44 radix.
#

6
crypto/external/bsd/openssl/dist/crypto/property/property.c vendored
View File

@ -129,11 +129,11 @@ static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = {
};
OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx,
int loadconfig)
ossl_unused int loadconfig)
{
OSSL_GLOBAL_PROPERTIES *globp;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
return NULL;
#endif
@ -513,7 +513,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
if (nid <= 0 || method == NULL || store == NULL)
return 0;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
if (ossl_lib_ctx_is_default(store->ctx)
&& !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;

36
crypto/external/bsd/openssl/dist/crypto/property/property_parse.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed)
static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
{
size_t olen, len;
size_t olen, len, i;
char quote = '\0';
int quotes;
len = olen = strlen(str);
*needed += len;
if (*remain == 0)
return;
/*
* Check to see if we need quotes or not.
* Characters that are legal in a PropertyName don't need quoting.
* We simply assume all others require quotes.
*/
for (i = 0; i < len; i++)
if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') {
/* Default to single quotes ... */
if (quote == '\0')
quote = '\'';
/* ... but use double quotes if a single is present */
if (str[i] == '\'')
quote = '"';
}
if (*remain < len + 1)
quotes = quote != '\0';
if (*remain == 0) {
*needed += 2 * quotes;
return;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (*remain < len + 1 + quotes)
len = *remain - 1;
if (len > 0) {
@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
*remain -= len;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (len < olen && *remain == 1) {
**buf = '\0';
++*buf;

8
crypto/external/bsd/openssl/dist/crypto/provider_core.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -408,7 +408,7 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
}
OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
int noconfig)
ossl_unused int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
@ -417,7 +417,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
OSSL_PROVIDER tmpl = { 0, };
int i;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
/*
* Make sure any providers are loaded from config before we try to find
* them.
@ -1356,7 +1356,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
struct provider_store_st *store = get_provider_store(ctx);
STACK_OF(OSSL_PROVIDER) *provs = NULL;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
/*
* Make sure any providers are loaded from config before we try to use
* them.

8
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c vendored
View File

@ -120,6 +120,8 @@ void RAND_keep_random_devices_open(int keep)
*/
int RAND_poll(void)
{
static const char salt[] = "polling";
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
int ret = meth == RAND_OpenSSL();
@ -148,14 +150,12 @@ int RAND_poll(void)
ret = 1;
err:
ossl_rand_pool_free(pool);
return ret;
}
return ret;
# else
static const char salt[] = "polling";
# endif
RAND_seed(salt, sizeof(salt));
return 1;
# endif
}
# ifndef OPENSSL_NO_DEPRECATED_3_0

7
crypto/external/bsd/openssl/dist/crypto/rc4/build.info vendored
View File

@ -21,10 +21,15 @@ SOURCE[../../libcrypto]=$RC4ASM
# When all deprecated symbols are removed, libcrypto doesn't export the
# rc4 functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}]
IF[{- !$disabled{module} && !$disabled{shared} -}]
SOURCE[../../providers/liblegacy.a]=$RC4ASM
ENDIF
# Implementations are now spread across several libraries, so the defines
# need to be applied to all affected libraries and modules.
DEFINE[../../libcrypto]=$RC4DEF
DEFINE[../../providers/liblegacy.a]=$RC4DEF
GENERATE[rc4-586.S]=asm/rc4-586.pl
DEPEND[rc4-586.S]=../perlasm/x86asm.pl

39
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -60,13 +60,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
if (!rsa_param_encode(pkey, &str, &strtype))
return 0;
penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
if (penclen <= 0)
if (penclen <= 0) {
ASN1_STRING_free(str);
return 0;
}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
strtype, str, penc, penclen))
return 1;
OPENSSL_free(penc);
ASN1_STRING_free(str);
return 0;
}
@ -641,6 +644,36 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
size_t aid_len = 0;
OSSL_PARAM params[2];
if (evp_pkey_ctx_is_legacy(pkctx)) {
/* No provider -> we cannot query it for algorithm ID. */
ASN1_STRING *os1 = NULL;
os1 = ossl_rsa_ctx_to_pss_string(pkctx);
if (os1 == NULL)
return 0;
/* Duplicate parameters if we have to */
if (alg2 != NULL) {
ASN1_STRING *os2 = ASN1_STRING_dup(os1);
if (os2 == NULL) {
ASN1_STRING_free(os1);
return 0;
}
if (!X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os2)) {
ASN1_STRING_free(os1);
ASN1_STRING_free(os2);
return 0;
}
}
if (!X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os1)) {
ASN1_STRING_free(os1);
return 0;
}
return 3;
}
params[0] = OSSL_PARAM_construct_octet_string(
OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
params[1] = OSSL_PARAM_construct_end();
@ -652,11 +685,13 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
if (alg1 != NULL) {
const unsigned char *pp = aid;
if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
return 0;
}
if (alg2 != NULL) {
const unsigned char *pp = aid;
if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
return 0;
}

14
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_backend.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
/* Check private key data integrity */
if (include_private && rsa_d != NULL) {
int numprimes = sk_BIGNUM_const_num(factors);
int numexps = sk_BIGNUM_const_num(exps);
int numcoeffs = sk_BIGNUM_const_num(coeffs);
/*
* It's permissible to have zero primes, i.e. no CRT params.
* Otherwise, there must be at least two, as many exponents,
* and one coefficient less.
*/
if (numprimes != 0
&& (numprimes < 2 || numexps < 2 || numcoeffs < 1))
goto err;
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
rsa_d)

6
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_pmeth.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -584,6 +584,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE);
return -2;
}
if (p2 == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
*(unsigned char **)p2 = rctx->oaep_label;
return rctx->oaep_labellen;

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx2.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -432,6 +432,7 @@ $code.=<<___;
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
rhotates_left:
.quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0]

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx512.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -486,6 +486,7 @@ SHA3_squeeze:
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
theta_perm:
.quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used]

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx512vl.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -349,6 +349,7 @@ $code.=<<___;
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
rhotates_left:
.quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0]

3
crypto/external/bsd/openssl/dist/crypto/srp/srp_vfy.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -283,6 +283,7 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key)
return NULL;
if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
|| (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
sk_SRP_user_pwd_free(vb->users_pwd);
OPENSSL_free(vb);
return NULL;
}

6
crypto/external/bsd/openssl/dist/crypto/store/store_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -424,14 +424,14 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
load_data.v = NULL;
load_data.ctx = ctx;
ctx->error_flag = 0;
if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
ossl_store_handle_load_result,
&load_data,
ossl_pw_passphrase_callback_dec,
&ctx->pwdata)) {
if (!OSSL_STORE_eof(ctx))
ctx->error_flag = 1;
ctx->error_flag = 1;
return NULL;
}
v = load_data.v;

6
crypto/external/bsd/openssl/dist/crypto/store/store_result.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -553,8 +553,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
ok = 0; /* Assume decryption or parse error */
if (PKCS12_verify_mac(p12, "", 0)
if (!PKCS12_mac_present(p12)
|| PKCS12_verify_mac(p12, NULL, 0)) {
pass = NULL;
} else if (PKCS12_verify_mac(p12, "", 0)) {
pass = "";
} else {
static char prompt_info[] = "PKCS12 import pass phrase";

3
crypto/external/bsd/openssl/dist/crypto/x509/by_dir.c vendored
View File

@ -348,7 +348,8 @@ static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
/*
* we have added it to the cache so now pull it out again
*/
X509_STORE_lock(xl->store_ctx);
if (!X509_STORE_lock(xl->store_ctx))
goto finish;
j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
X509_STORE_unlock(xl->store_ctx);

33
crypto/external/bsd/openssl/dist/crypto/x509/v3_ist.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -50,43 +50,38 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
}
if (strcmp(cnf->name, "signTool") == 0) {
ist->signTool = ASN1_UTF8STRING_new();
if (ist->signTool == NULL) {
if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
ISSUER_SIGN_TOOL_free(ist);
return NULL;
goto err;
}
ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value));
} else if (strcmp(cnf->name, "cATool") == 0) {
ist->cATool = ASN1_UTF8STRING_new();
if (ist->cATool == NULL) {
if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
ISSUER_SIGN_TOOL_free(ist);
return NULL;
goto err;
}
ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value));
} else if (strcmp(cnf->name, "signToolCert") == 0) {
ist->signToolCert = ASN1_UTF8STRING_new();
if (ist->signToolCert == NULL) {
if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
ISSUER_SIGN_TOOL_free(ist);
return NULL;
goto err;
}
ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value));
} else if (strcmp(cnf->name, "cAToolCert") == 0) {
ist->cAToolCert = ASN1_UTF8STRING_new();
if (ist->cAToolCert == NULL) {
if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
ISSUER_SIGN_TOOL_free(ist);
return NULL;
goto err;
}
ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value));
} else {
ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT);
ISSUER_SIGN_TOOL_free(ist);
return NULL;
goto err;
}
}
return ist;
err:
ISSUER_SIGN_TOOL_free(ist);
return NULL;
}
static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,

8
crypto/external/bsd/openssl/dist/crypto/x509/v3_purp.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -438,7 +438,7 @@ int ossl_x509v3_cache_extensions(X509 *x)
* in case ctx->param->flags & X509_V_FLAG_X509_STRICT
*/
if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
ERR_raise(ERR_LIB_X509, X509V3_R_NEGATIVE_PATHLEN);
ERR_raise(ERR_LIB_X509V3, X509V3_R_NEGATIVE_PATHLEN);
x->ex_flags |= EXFLAG_INVALID;
} else {
x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
@ -479,7 +479,7 @@ int ossl_x509v3_cache_extensions(X509 *x)
ASN1_BIT_STRING_free(usage);
/* Check for empty key usage according to RFC 5280 section 4.2.1.3 */
if (x->ex_kusage == 0) {
ERR_raise(ERR_LIB_X509, X509V3_R_EMPTY_KEY_USAGE);
ERR_raise(ERR_LIB_X509V3, X509V3_R_EMPTY_KEY_USAGE);
x->ex_flags |= EXFLAG_INVALID;
}
} else if (i != -1) {
@ -632,7 +632,7 @@ int ossl_x509v3_cache_extensions(X509 *x)
return 1;
}
if ((x->ex_flags & EXFLAG_INVALID) != 0)
ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE);
ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_CERTIFICATE);
/* If computing sha1_hash failed the error queue already reflects this. */
err:

7
crypto/external/bsd/openssl/dist/crypto/x509/x509_att.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -82,6 +82,11 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
return NULL;
}
if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) {
ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE);
return NULL;
}
if (*x == NULL) {
if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
goto err;

19
crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -277,11 +277,11 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
if (ret == 0 && a->canon_enclen == 0)
return 0;
if (a->canon_enc == NULL || b->canon_enc == NULL)
return -2;
if (ret == 0)
if (ret == 0) {
if (a->canon_enc == NULL || b->canon_enc == NULL)
return -2;
ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
}
return ret < 0 ? -1 : ret > 0;
}
@ -292,12 +292,13 @@ unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx,
unsigned long ret = 0;
unsigned char md[SHA_DIGEST_LENGTH];
EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq);
int i2d_ret;
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
i2d_ret = i2d_X509_NAME(x, NULL);
if (ok != NULL)
*ok = 0;
if (sha1 != NULL
if (i2d_ret >= 0 && sha1 != NULL
&& EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, sha1, NULL)) {
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
@ -325,7 +326,9 @@ unsigned long X509_NAME_hash_old(const X509_NAME *x)
goto end;
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x, NULL);
if (i2d_X509_NAME(x, NULL) < 0)
goto end;
if (EVP_DigestInit_ex(md_ctx, md5, NULL)
&& EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
&& EVP_DigestFinal_ex(md_ctx, md, NULL))

4
crypto/external/bsd/openssl/dist/crypto/x509/x509_err.c vendored
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -28,6 +28,8 @@ static const ERR_STRING_DATA X509_str_reasons[] = {
{ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
"crl verify failure"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_DUPLICATE_ATTRIBUTE),
"duplicate attribute"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID),
"error getting md by nid"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET),

12
crypto/external/bsd/openssl/dist/crypto/x509/x509_vpm.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -337,7 +337,10 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
if (param->policies == NULL)
return 0;
}
return sk_ASN1_OBJECT_push(param->policies, policy);
if (sk_ASN1_OBJECT_push(param->policies, policy) <= 0)
return 0;
return 1;
}
int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
@ -592,7 +595,10 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
X509_VERIFY_PARAM_free(ptmp);
}
}
return sk_X509_VERIFY_PARAM_push(param_table, param);
if (sk_X509_VERIFY_PARAM_push(param_table, param) <= 0)
return 0;
return 1;
}
int X509_VERIFY_PARAM_get_count(void)

31
crypto/external/bsd/openssl/dist/doc/man1/openssl-cmp.pod.in vendored
View File

@ -659,11 +659,12 @@ is typically used when authenticating with pre-shared key (password-based MAC).
=item B<-secret> I<arg>
Prefer PBM-based message protection with given source of a secret value.
The secret is used for creating PBM-based protection of outgoing messages
and (as far as needed) for validating PBM-based protection of incoming messages.
PBM stands for Password-Based Message Authentication Code.
Provides the source of a secret value to use with MAC-based message protection.
This takes precedence over the B<-cert> and B<-key> options.
The secret is used for creating MAC-based protection of outgoing messages
and for validating incoming messages that have MAC-based protection.
The algorithm used by default is Password-Based Message Authentication Code (PBM)
as defined in RFC 4210 section 5.1.3.1.
For more information about the format of I<arg> see
L<openssl-passphrase-options(1)>.
@ -682,7 +683,8 @@ while the subject of B<-oldcert> or B<-subjectName> may provide fallback values.
The issuer of this certificate is used as one of the recipient fallback values
and as fallback issuer entry in the certificate template of IR/CR/KUR messages.
When using signature-based message protection, this "protection certificate"
When performing signature-based message protection,
this "protection certificate", also called "signer certificate",
will be included first in the extraCerts field of outgoing messages
and the signature is done with the corresponding key.
In Initialization Request (IR) messages this can be used for authenticating
@ -713,8 +715,8 @@ have no effect on the certificate verification enabled via this option.
The corresponding private key file for the client's current certificate given in
the B<-cert> option.
This will be used for signature-based message protection unless
the B<-secret> option indicating PBM or B<-unprotected_requests> is given.
This will be used for signature-based message protection unless the B<-secret>
option indicating MAC-based protection or B<-unprotected_requests> is given.
It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages.
@ -730,7 +732,7 @@ L<openssl-passphrase-options(1)>.
=item B<-digest> I<name>
Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
and as the one-way function (OWF) in MSG_MAC_ALG.
and as the one-way function (OWF) in C<MSG_MAC_ALG>.
If applicable, this is used for message protection and
proof-of-possession (POPO) signatures.
To see the list of supported digests, use C<openssl list -digest-commands>.
@ -738,7 +740,7 @@ Defaults to C<sha256>.
=item B<-mac> I<name>
Specifies the name of the MAC algorithm in MSG_MAC_ALG.
Specifies the name of the MAC algorithm in C<MSG_MAC_ALG>.
To get the names of supported MAC algorithms use C<openssl list -mac-algorithms>
and possibly combine such a name with the name of a supported digest algorithm,
e.g., hmacWithSHA256.
@ -1097,6 +1099,13 @@ only affect the certificate verification enabled via the B<-out_trusted> option.
=head1 NOTES
When a client obtains from a CMP server CA certificates that it is going to
trust, for instance via the C<caPubs> field of a certificate response,
authentication of the CMP server is particularly critical.
So special care must be taken setting up server authentication
using B<-trusted> and related options for certificate-based authentication
or B<-secret> for MAC-based protection.
When setting up CMP configurations and experimenting with enrollment options
typically various errors occur until the configuration is correct and complete.
When the CMP server reports an error the client will by default
@ -1166,7 +1175,7 @@ In order to update the enrolled certificate one may call
openssl cmp -section insta,kur
using with PBM-based protection or
using MAC-based protection with PBM or
openssl cmp -section insta,kur,signature
@ -1225,7 +1234,7 @@ Then it can start using the new cert and key.
-newkey cl_key_new.pem -certout cl_cert.pem
cp cl_key_new.pem cl_key.pem
This command sequence can be repated as often as needed.
This command sequence can be repeated as often as needed.
=head2 Requesting information from CMP server

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-cms.pod.in vendored
View File

@ -391,7 +391,7 @@ option.
=item I<recipient-cert> ...
This is an alternative to using the B<-recip> option when encrypting a message.
One or more certificate filennames may be given.
One or more certificate filenames may be given.
=item B<-I<cipher>>
@ -902,7 +902,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-dhparam.pod.in vendored
View File

@ -88,7 +88,7 @@ I<numbits>. It must be the last option. If this option is present then
the input file is ignored and parameters are generated instead. If
this option is not present but a generator (B<-2>, B<-3> or B<-5>) is
present, parameters are generated with a default length of 2048 bits.
The minimim length is 512 bits. The maximum length is 10000 bits.
The minimum length is 512 bits. The maximum length is 10000 bits.
=item B<-noout>
@ -126,7 +126,7 @@ The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/external/bsd/openssl/dist/doc/man1/openssl-genpkey.pod.in vendored
View File

@ -278,7 +278,7 @@ RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256".
If this option is set, then the appropriate RFC5114 parameters are used
instead of generating new parameters. The value I<num> can be one of
1, 2 or 3 that are equivalant to using the option B<group> with one of
1, 2 or 3 that are equivalent to using the option B<group> with one of
"dh_1024_160", "dh_2048_224" or "dh_2048_256".
All other options will be ignored if this value is set.
@ -333,7 +333,7 @@ The B<algorithm> option must be B<"DH">.
=item "default"
Selects a default type based on the B<algorithm>. This is used by the
OpenSSL default provider to set the type for backwards compatability.
OpenSSL default provider to set the type for backwards compatibility.
If B<algorithm> is B<"DH"> then B<"generator"> is used.
If B<algorithm> is B<"DHX"> then B<"fips186_2"> is used.
@ -494,7 +494,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

9
crypto/external/bsd/openssl/dist/doc/man1/openssl-genrsa.pod.in vendored
View File

@ -35,9 +35,6 @@ B<openssl> B<genrsa>
=head1 DESCRIPTION
This command has been deprecated.
The L<openssl-genpkey(1)> command should be used instead.
This command generates an RSA private key.
=head1 OPTIONS
@ -118,13 +115,9 @@ L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-gendsa(1)>
=head1 HISTORY
This command was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

41
crypto/external/bsd/openssl/dist/doc/man1/openssl-kdf.pod.in vendored
View File

@ -66,8 +66,7 @@ cases.
=item B<-kdfopt> I<nm>:I<v>
Passes options to the KDF algorithm.
A comprehensive list of parameters can be found in the EVP_KDF_CTX
implementation documentation.
A comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>.
Common parameter names used by EVP_KDF_CTX_set_params() are:
=over 4
@ -81,9 +80,8 @@ A key must be specified for most KDF algorithms.
=item B<hexkey:>I<string>
Specifies the secret key in hexadecimal form (two hex digits per byte).
The key length must conform to any restrictions of the KDF algorithm.
A key must be specified for most KDF algorithms.
Alternative to the B<key:> option where
the secret key is specified in hexadecimal form (two hex digits per byte).
=item B<pass:>I<string>
@ -93,8 +91,35 @@ The password must be specified for PBKDF2 and scrypt.
=item B<hexpass:>I<string>
Specifies the password in hexadecimal form (two hex digits per byte).
The password must be specified for PBKDF2 and scrypt.
Alternative to the B<pass:> option where
the password is specified in hexadecimal form (two hex digits per byte).
=item B<salt:>I<string>
Specifies a non-secret unique cryptographic salt as an alphanumeric string
(use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.
A salt parameter is required for several KDF algorithms,
such as L<EVP_KDF-PBKDF2(7)>.
=item B<hexsalt:>I<string>
Alternative to the B<salt:> option where
the salt is specified in hexadecimal form (two hex digits per byte).
=item B<info:>I<string>
Some KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter
for binding the derived key material
to application- and context-specific information.
Specifies the info, fixed info, other info or shared info argument
as an alphanumeric string (use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.
=item B<hexinfo:>I<string>
Alternative to the B<info:> option where
the info is specified in hexadecimal form (two hex digits per byte).
=item B<digest:>I<string>
@ -195,7 +220,7 @@ Added in OpenSSL 3.0
=head1 COPYRIGHT
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-rsautl.pod.in vendored
View File

@ -99,7 +99,7 @@ Encrypt the input data using an RSA public key.
Decrypt the input data using an RSA private key.
=item B<-pkcs>, B<-oaep>, B<-x931> B<-raw>
=item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw>
The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
ANSI X9.31, or no padding, respectively.
@ -232,7 +232,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-s_client.pod.in vendored
View File

@ -274,7 +274,7 @@ See L<openssl-format-options(1)> for details.
=item B<-pass> I<arg>
the private key and certifiate file password source.
the private key and certificate file password source.
For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
@ -910,7 +910,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-ts.pod.in vendored
View File

@ -490,7 +490,7 @@ Default is no. (Optional)
=item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's
public key certificate identifier. Default is sha256. (Optional)
public key certificate identifier. Default is sha1. (Optional)
=back
@ -652,7 +652,7 @@ L<ossl_store-file(7)>
=head1 COPYRIGHT
Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-verification-options.pod vendored
View File

@ -92,7 +92,7 @@ It does not have a negative trust attribute rejecting the given use.
=item *
It has a positive trust attribute accepting the given use
or (by default) one of the following compatibilty conditions apply:
or (by default) one of the following compatibility conditions apply:
It is self-signed or the B<-partial_chain> option is given
(which corresponds to the B<X509_V_FLAG_PARTIAL_CHAIN> flag being set).
@ -686,7 +686,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/external/bsd/openssl/dist/doc/man1/openssl-x509.pod.in vendored
View File

@ -478,7 +478,7 @@ unless the B<-new> option is given, which generates a certificate from scratch.
=item B<-CAform> B<DER>|B<PEM>|B<P12>,
The format for the CA certificate; unspecifed by default.
The format for the CA certificate; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-CAkey> I<filename>|I<uri>
@ -784,7 +784,7 @@ The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

Some files were not shown because too many files have changed in this diff Show More