Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL-3.0.12 (previous was OpenSSL-3.0.9) 

### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]

 * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
   EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
   that alter the key or IV length ([CVE-2023-5363]).

   *Paul Dale*

### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]

 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.

   The POLY1305 MAC (message authentication code) implementation in OpenSSL
   does not save the contents of non-volatile XMM registers on Windows 64
   platform when calculating the MAC of data larger than 64 bytes. Before
   returning to the caller all the XMM registers are set to zero rather than
   restoring their previous content. The vulnerable code is used only on newer
   x86_64 processors supporting the AVX512-IFMA instructions.

   The consequences of this kind of internal application state corruption can
   be various - from no consequences, if the calling application does not
   depend on the contents of non-volatile XMM registers at all, to the worst
   consequences, where the attacker could get complete control of the
   application process. However given the contents of the registers are just
   zeroized so the attacker cannot put arbitrary values inside, the most likely
   consequence, if any, would be an incorrect result of some application
   dependent calculations or a crash leading to a denial of service.

   ([CVE-2023-4807])

   *Bernd Edlinger*

### Changes between 3.0.9 and 3.0.10 [1 Aug 2023]

 * Fix excessive time spent checking DH q parameter value.

   The function DH_check() performs various checks on DH parameters. After
   fixing CVE-2023-3446 it was discovered that a large q parameter value can
   also trigger an overly long computation during some of these checks.
   A correct q value, if present, cannot be larger than the modulus p
   parameter, thus it is unnecessary to perform these checks if q is larger
   than p.

   If DH_check() is called with such q parameter value,
   DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
   intensive checks are skipped.

   ([CVE-2023-3817])

   *Tomáš Mráz*

 * Fix DH_check() excessive time with over sized modulus.

   The function DH_check() performs various checks on DH parameters. One of
   those checks confirms that the modulus ("p" parameter) is not too large.
   Trying to use a very large modulus is slow and OpenSSL will not normally use
   a modulus which is over 10,000 bits in length.

   However the DH_check() function checks numerous aspects of the key or
   parameters that have been supplied. Some of those checks use the supplied
   modulus value even if it has already been found to be too large.

   A new limit has been added to DH_check of 32,768 bits. Supplying a
   key/parameters with a modulus over this size will simply cause DH_check() to
   fail.

   ([CVE-2023-3446])

   *Matt Caswell*

 * Do not ignore empty associated data entries with AES-SIV.

   The AES-SIV algorithm allows for authentication of multiple associated
   data entries along with the encryption. To authenticate empty data the
   application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
   with NULL pointer as the output buffer and 0 as the input buffer length.
   The AES-SIV implementation in OpenSSL just returns success for such call
   instead of performing the associated data authentication operation.
   The empty data thus will not be authenticated. ([CVE-2023-2975])

   Thanks to Juerg Wullschleger (Google) for discovering the issue.

   The fix changes the authentication tag value and the ciphertext for
   applications that use empty associated data entries with AES-SIV.
   To decrypt data encrypted with previous versions of OpenSSL the application
   has to skip calls to `EVP_DecryptUpdate()` for empty associated data
   entries.

   *Tomáš Mráz*
This commit is contained in:
christos 2023-10-25 17:13:44 +00:00
parent 56990941c2
commit 9630a006cb
295 changed files with 4604 additions and 2094 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
crypto/external/bsd/openssl/dist/CHANGES.md vendored
View File

@ -28,6 +28,96 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
*Paul Dale*
### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
([CVE-2023-4807])
*Bernd Edlinger*
### Changes between 3.0.9 and 3.0.10 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
@ -42,7 +132,7 @@ breaking changes, and mappings for the large list of deprecated functions.
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
The basis for this restriction is [RFC 2578 (STD 58), section 3.5]. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).
@ -52,8 +142,6 @@ breaking changes, and mappings for the large list of deprecated functions.
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
*Richard Levitte*
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
@ -19652,6 +19740,12 @@ ndif
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466

11
crypto/external/bsd/openssl/dist/Configurations/10-main.conf vendored
View File

@ -9,19 +9,22 @@ sub vc_win64a_info {
$vc_win64a_info = { AS => "nasm",
ASFLAGS => "-g",
asflags => "-Ox -f win64 -DNEAR",
asoutflag => "-o " };
asoutflag => "-o ",
perlasm_scheme => "nasm" };
} elsif ($disabled{asm}) {
# assembler is still used to compile uplink shim
$vc_win64a_info = { AS => "ml64",
ASFLAGS => "/nologo /Zi",
asflags => "/c /Cp /Cx",
asoutflag => "/Fo" };
asoutflag => "/Fo",
perlasm_scheme => "masm" };
} else {
$die->("NASM not found - make sure it's installed and available on %PATH%\n");
$vc_win64a_info = { AS => "{unknown}",
ASFLAGS => "",
asflags => "",
asoutflag => "" };
asoutflag => "",
perlasm_scheme => "auto" };
}
}
return $vc_win64a_info;
@ -1416,7 +1419,7 @@ my %targets = (
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
perlasm_scheme => "auto",
perlasm_scheme => sub { vc_win64a_info()->{perlasm_scheme} },
multilib => "-x64",
},
"VC-WIN32" => {

6
crypto/external/bsd/openssl/dist/Configurations/README.md vendored
View File

@ -233,8 +233,14 @@ In each table entry, the following keys are significant:
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit

294
crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl vendored
View File

@ -614,28 +614,28 @@ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_de
install_docs: install_man_docs install_html_docs
uninstall_docs: uninstall_man_docs uninstall_html_docs
$(RM) -r $(DESTDIR)$(DOCDIR)
$(RM) -r "$(DESTDIR)$(DOCDIR)"
{- output_off() if $disabled{fips}; "" -}
install_fips: build_sw $(INSTALL_FIPSMODULECONF)
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)"
@$(ECHO) "*** Installing FIPS module"
@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
@cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
@chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new
@mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \
$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
@cp "$(INSTALL_FIPSMODULE)" "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new"
@chmod 755 "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new"
@mv -f "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" \
"$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
@$(ECHO) "*** Installing FIPS module configuration"
@$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
@cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
@cp $(INSTALL_FIPSMODULECONF) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
uninstall_fips:
@$(ECHO) "*** Uninstalling FIPS module configuration"
$(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf
$(RM) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf"
@$(ECHO) "*** Uninstalling FIPS module"
$(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)
$(RM) "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)"
{- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -}
install_fips:
@$(ECHO) "The 'install_fips' target requires the 'enable-fips' option"
@ -646,75 +646,75 @@ uninstall_fips:
install_ssldirs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc"
@set -e; for x in dummy $(MISC_SCRIPTS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
x1=`echo "$$x" | cut -f1 -d:`; \
x2=`echo "$$x" | cut -f2 -d:`; \
fn=`basename $$x1`; \
$(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \
mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \
$(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \
cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \
chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \
mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \
"$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
if [ "$$x1" != "$$x2" ]; then \
ln=`basename "$$x2"`; \
: {- output_off() unless windowsdll(); "" -}; \
$(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \
: {- output_on() unless windowsdll();
output_off() if windowsdll(); "" -}; \
$(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \
ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \
ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \
: {- output_on() if windowsdll(); "" -}; \
fi; \
done
@$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
@cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
@chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new
@mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist
@cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
@chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new"
@mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist"
@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \
$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \
cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \
fi
@$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
@cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
@chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new
@mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist
@cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
@chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new"
@mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist"
@if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \
$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \
fi
install_dev: install_runtime_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(ECHO) "*** Installing development files"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl"
@ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
$(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
done
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)"
@set -e; for l in $(INSTALL_LIBS); do \
fn=`basename $$l`; \
$(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \
cp $$l $(DESTDIR)$(libdir)/$$fn.new; \
$(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \
chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \
mv -f $(DESTDIR)$(libdir)/$$fn.new \
$(DESTDIR)$(libdir)/$$fn; \
cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \
$(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \
chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn.new" \
"$(DESTDIR)$(libdir)/$$fn"; \
done
@ : {- output_off() if $disabled{shared}; "" -}
@set -e; for s in $(INSTALL_SHLIB_INFO); do \
@ -727,18 +727,18 @@ install_dev: install_runtime_libs
: {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \
if [ "$$fn2" != "" ]; then \
$(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \
ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \
ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \
fi; \
: {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \
if [ "$$fn3" != "" ]; then \
$(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \
cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \
chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \
mv -f $(DESTDIR)$(libdir)/$$fn3.new \
$(DESTDIR)$(libdir)/$$fn3; \
cp $$s3 "$(DESTDIR)$(libdir)/$$fn3.new"; \
chmod 755 "$(DESTDIR)$(libdir)/$$fn3.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn3.new" \
"$(DESTDIR)$(libdir)/$$fn3"; \
fi; \
: {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \
a=$(DESTDIR)$(libdir)/$$fn2; \
a="$(DESTDIR)$(libdir)/$$fn2"; \
$(ECHO) "install $$s1 -> $$a"; \
if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \
mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \
@ -755,35 +755,35 @@ install_dev: install_runtime_libs
: {- output_off() if sharedaix(); output_on(); "" -}; \
done
@ : {- output_on() if $disabled{shared}; "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig"
@$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
@cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
@cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
@$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
@cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
@cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
@$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
@cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig
@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
@cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig"
@chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
uninstall_dev: uninstall_runtime_libs
@$(ECHO) "*** Uninstalling development files"
@ : {- output_off() if $disabled{uplink}; "" -}
@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
@$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
@ : {- output_on() if $disabled{uplink}; "" -}
@set -e; for i in $(SRCDIR)/include/openssl/*.h \
$(BLDDIR)/include/openssl/*.h; do \
fn=`basename $$i`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl"
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include"
@set -e; for l in $(INSTALL_LIBS); do \
fn=`basename $$l`; \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \
$(RM) $(DESTDIR)$(libdir)/$$fn; \
$(RM) "$(DESTDIR)$(libdir)/$$fn"; \
done
@ : {- output_off() if $disabled{shared}; "" -}
@set -e; for s in $(INSTALL_SHLIB_INFO); do \
@ -795,39 +795,39 @@ uninstall_dev: uninstall_runtime_libs
fn3=`basename "$$s3"`; \
: {- output_off() if windowsdll(); "" -}; \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \
$(RM) $(DESTDIR)$(libdir)/$$fn1; \
$(RM) "$(DESTDIR)$(libdir)/$$fn1"; \
if [ -n "$$fn2" ]; then \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \
$(RM) $(DESTDIR)$(libdir)/$$fn2; \
$(RM) "$(DESTDIR)$(libdir)/$$fn2"; \
fi; \
: {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \
if [ -n "$$fn3" ]; then \
$(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \
$(RM) $(DESTDIR)$(libdir)/$$fn3; \
$(RM) "$(DESTDIR)$(libdir)/$$fn3"; \
fi; \
: {- output_on() unless windowsdll(); "" -}; \
done
@ : {- output_on() if $disabled{shared}; "" -}
$(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc
$(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc
$(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
-$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig
-$(RMDIR) $(DESTDIR)$(libdir)
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc"
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc"
$(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc"
-$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig"
-$(RMDIR) "$(DESTDIR)$(libdir)"
_install_modules_deps: install_runtime_libs build_modules
install_engines: _install_modules_deps
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/"
@$(ECHO) "*** Installing engines"
@set -e; for e in dummy $(INSTALL_ENGINES); do \
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \
cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \
mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \
$(DESTDIR)$(ENGINESDIR)/$$fn; \
cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \
mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \
"$(DESTDIR)$(ENGINESDIR)/$$fn"; \
done
uninstall_engines:
@ -836,22 +836,22 @@ uninstall_engines:
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \
$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \
$(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
-$(RMDIR) "$(DESTDIR)$(ENGINESDIR)"
install_modules: _install_modules_deps
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)/"
@$(ECHO) "*** Installing modules"
@set -e; for e in dummy $(INSTALL_MODULES); do \
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \
cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \
chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \
mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \
$(DESTDIR)$(MODULESDIR)/$$fn; \
cp $$e "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \
mv -f "$(DESTDIR)$(MODULESDIR)/$$fn.new" \
"$(DESTDIR)$(MODULESDIR)/$$fn"; \
done
uninstall_modules:
@ -860,18 +860,18 @@ uninstall_modules:
if [ "$$e" = "dummy" ]; then continue; fi; \
fn=`basename $$e`; \
$(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \
$(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \
$(RM) "$(DESTDIR)$(MODULESDIR)/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(MODULESDIR)
-$(RMDIR) "$(DESTDIR)$(MODULESDIR)"
install_runtime: install_programs
install_runtime_libs: build_libs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@ : {- output_off() if windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)"
@ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -}
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin"
@ : {- output_on() unless windowsdll(); "" -}
@$(ECHO) "*** Installing runtime libraries"
@set -e; for s in dummy $(INSTALL_SHLIBS); do \
@ -879,40 +879,40 @@ install_runtime_libs: build_libs
fn=`basename $$s`; \
: {- output_off() unless windowsdll(); "" -}; \
$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$s "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
$(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \
cp $$s $(DESTDIR)$(libdir)/$$fn.new; \
chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \
mv -f $(DESTDIR)$(libdir)/$$fn.new \
$(DESTDIR)$(libdir)/$$fn; \
cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \
chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \
mv -f "$(DESTDIR)$(libdir)/$$fn.new" \
"$(DESTDIR)$(libdir)/$$fn"; \
: {- output_on() if windowsdll(); "" -}; \
done
install_programs: install_runtime_libs build_programs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin"
@$(ECHO) "*** Installing runtime programs"
@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
@set -e; for x in dummy $(BIN_SCRIPTS); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
$(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \
mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \
"$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
uninstall_runtime: uninstall_programs uninstall_runtime_libs
@ -924,16 +924,16 @@ uninstall_programs:
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done;
@set -e; for x in dummy $(BIN_SCRIPTS); \
do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
-$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/bin"
uninstall_runtime_libs:
@$(ECHO) "*** Uninstalling runtime libraries"
@ -942,49 +942,49 @@ uninstall_runtime_libs:
if [ "$$s" = "dummy" ]; then continue; fi; \
fn=`basename $$s`; \
$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
$(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
done
@ : {- output_on() unless windowsdll(); "" -}
install_man_docs: build_man_docs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man1"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man3"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man5"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man7"
@$(ECHO) "*** Installing manpages"
@set -e; for x in dummy $(MANDOCS1); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
cp $$x "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \
done
@set -e; for x in dummy $(MANDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
cp $$x "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \
done
@set -e; for x in dummy $(MANDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
cp $$x "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \
done
@set -e; for x in dummy $(MANDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
cp $$x "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
chmod 644 "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \
done
uninstall_man_docs: build_man_docs
@ -993,65 +993,65 @@ uninstall_man_docs: build_man_docs
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \
$(RM) "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \
done
@set -e; for x in dummy $(MANDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \
$(RM) "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \
done
@set -e; for x in dummy $(MANDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \
$(RM) "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \
done
@set -e; for x in dummy $(MANDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \
$(RM) "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \
$(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \
done
install_html_docs: install_image_docs build_html_docs
@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man1"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man3"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man5"
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7"
@$(ECHO) "*** Installing HTML manpages"
@set -e; for x in dummy $(HTMLDOCS1); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
cp $$x "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
done
uninstall_html_docs: uninstall_image_docs
@ -1060,35 +1060,35 @@ uninstall_html_docs: uninstall_image_docs
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS3); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS5); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \
done
@set -e; for x in dummy $(HTMLDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \
done
install_image_docs:
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7/img"
@set -e; for x in dummy $(IMAGEDOCS7); do \
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
cp $(SRCDIR)/$$x "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
done
uninstall_image_docs:
@ -1096,7 +1096,7 @@ uninstall_image_docs:
if [ "$$x" = "dummy" ]; then continue; fi; \
fn=`basename $$x`; \
$(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \
$(RM) "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \
done
# Developer targets (note: these are only available on Unix) #########

5
crypto/external/bsd/openssl/dist/Configure vendored
View File

@ -597,8 +597,7 @@ my @disable_cascades = (
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
# If no modules, then no dynamic engines either
"module" => [ "dynamic-engine" ],
"module" => [ "dynamic-engine", "fips" ],
# Without shared libraries, dynamic engines aren't possible.
# This is due to them having to link with libcrypto and register features
@ -616,8 +615,6 @@ my @disable_cascades = (
# or modules.
"pic" => [ "shared", "module" ],
"module" => [ "fips", "dso" ],
"engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ],
"dynamic-engine" => [ "loadereng" ],
"hw" => [ "padlockeng" ],

22
crypto/external/bsd/openssl/dist/INSTALL.md vendored
View File

@ -2,8 +2,8 @@ Build and Install
=================
This document describes installation on all supported operating
systems (the Unix/Linux family, including macOS), OpenVMS,
and Windows).
systems: the Unix/Linux family (including macOS), OpenVMS,
and Windows.
Table of Contents
=================
@ -796,14 +796,22 @@ By default OpenSSL will attempt to stay in memory until the process exits.
This is so that libcrypto and libssl can be properly cleaned up automatically
via an `atexit()` handler. The handler is registered by libcrypto and cleans
up both libraries. On some platforms the `atexit()` handler will run on unload of
libcrypto (if it has been dynamically loaded) rather than at process exit. This
option can be used to stop OpenSSL from attempting to stay in memory until the
libcrypto (if it has been dynamically loaded) rather than at process exit.
This option can be used to stop OpenSSL from attempting to stay in memory until the
process exits. This could lead to crashes if either libcrypto or libssl have
already been unloaded at the point that the atexit handler is invoked, e.g. on a
platform which calls `atexit()` on unload of the library, and libssl is unloaded
before libcrypto then a crash is likely to happen. Applications can suppress
running of the `atexit()` handler at run time by using the
`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
before libcrypto then a crash is likely to happen.
Note that shared library pinning is not automatically disabled for static builds,
i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
linking libcrypto statically into a shared third-party library, because in this
case the shared library will be pinned. To prevent this behaviour, you need to
configure the static build using `no-shared` and `no-pinshared` together.
Applications can suppress running of the `atexit()` handler at run time by
using the `OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
See the man page for it for further details.
### no-posix-io

21
crypto/external/bsd/openssl/dist/NEWS.md vendored
View File

@ -18,6 +18,22 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs.
([CVE-2023-5363])
### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows
([CVE-2023-4807])
### Major changes between OpenSSL 3.0.9 and OpenSSL 3.0.10 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
* Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
* Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
@ -1442,6 +1458,11 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466

96
crypto/external/bsd/openssl/dist/README-FIPS.md vendored
View File

@ -2,7 +2,7 @@ OpenSSL FIPS support
====================
This release of OpenSSL includes a cryptographic module that can be
FIPS 140-2 validated. The module is implemented as an OpenSSL provider.
FIPS validated. The module is implemented as an OpenSSL provider.
A provider is essentially a dynamically loadable module which implements
cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
for further details.
@ -28,8 +28,16 @@ resp. `fips.dll` (on Windows). The FIPS provider does not get built and
installed automatically. To enable it, you need to configure OpenSSL using
the `enable-fips` option.
Installing the FIPS module
==========================
Installing the FIPS provider
============================
In order to be FIPS compliant you must only use FIPS validated source code.
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. The instructions given below build OpenSSL
just using the FIPS validated source code.
If you want to use a validated FIPS provider, but also want to use the latest
OpenSSL release to build everything else, then refer to the next section.
The following is only a guide.
Please read the Security Policy for up to date installation instructions.
@ -63,11 +71,12 @@ the installation by doing the following two things:
- Runs the FIPS module self tests
- Generates the so-called FIPS module configuration file containing information
about the module such as the self test status, and the module checksum.
about the module such as the module checksum (and for OpenSSL 3.0 the
self test status).
The FIPS module must have the self tests run, and the FIPS module config file
output generated on every machine that it is to be used on. You must not copy
the FIPS module config file output data from one machine to another.
output generated on every machine that it is to be used on. For OpenSSL 3.0,
you must not copy the FIPS module config file output data from one machine to another.
On Unix the `openssl fipsinstall` command will be invoked as follows by default:
@ -75,7 +84,80 @@ On Unix the `openssl fipsinstall` command will be invoked as follows by default:
If you configured OpenSSL to be installed to a different location, the paths will
vary accordingly. In the rare case that you need to install the fipsmodule.cnf
to non-standard location, you can execute the `openssl fipsinstall` command manually.
to a non-standard location, you can execute the `openssl fipsinstall` command manually.
Installing the FIPS provider and using it with the latest release
=================================================================
This normally requires you to download 2 copies of the OpenSSL source code.
Download and build a validated FIPS provider
--------------------------------------------
Refer to <https://www.openssl.org/source/> for information related to
which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
$ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
$ tar -xf openssl-3.0.0.tar.gz
$ cd openssl-3.0.0
$ ./Configure enable-fips
$ make
$ cd ..
Download and build the latest release of OpenSSL
------------------------------------------------
We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
$ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
$ tar -xf openssl-3.1.0.tar.gz
$ cd openssl-3.1.0
$ ./Configure enable-fips
$ make
Use the OpenSSL FIPS provider for testing
-----------------------------------------
We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
Note that the OpenSSL 3.1.0 FIPS provider has not been validated
so it must not be used for FIPS purposes.
$ cp ../openssl-3.0.0/providers/fips.so providers/.
$ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
// Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
// be copied across multiple machines if it contains an entry for
// `install-status`. (Otherwise the self tests would be skipped).
// Validate the output of the following to make sure we are using the
// OpenSSL 3.0.0 FIPS provider
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// Now run the current tests using the OpenSSL 3.0 FIPS provider.
$ make tests
Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
-------------------------------------------------------------------------------------
$ cd ../openssl-3.0.0
$ sudo make install_fips
Check that the correct FIPS provider is being used
--------------------------------------------------
$./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider fips -providers
// This should produce the following output
Providers:
base
name: OpenSSL Base Provider
version: 3.1.0
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.0
status: active
Using the FIPS Module in applications
=====================================

2
crypto/external/bsd/openssl/dist/README.md vendored
View File

@ -166,7 +166,7 @@ attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1998-2023 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

4
crypto/external/bsd/openssl/dist/VERSION.dat vendored
View File

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=9
PATCH=12
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="30 May 2023"
RELEASE_DATE="24 Oct 2023"
SHLIB_VERSION=3

52
crypto/external/bsd/openssl/dist/apps/ca.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -628,6 +628,8 @@ end_of_options:
f = NCONF_get_string(conf, section, ENV_NAMEOPT);
if (f == NULL)
ERR_clear_error();
if (f != NULL) {
if (!set_nameopt(f)) {
BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
@ -785,8 +787,10 @@ end_of_options:
/* We can have sections in the ext file */
if (extensions == NULL) {
extensions = NCONF_get_string(extfile_conf, "default", "extensions");
if (extensions == NULL)
if (extensions == NULL) {
ERR_clear_error();
extensions = "default";
}
}
}
@ -802,15 +806,20 @@ end_of_options:
/*
* EVP_PKEY_get_default_digest_name() returns 2 if the digest is
* mandatory for this algorithm.
*
* That call may give back the name "UNDEF", which has these meanings:
*
* when def_ret == 2: the user MUST leave the digest unspecified
* when def_ret == 1: the user MAY leave the digest unspecified
*/
if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) {
/* The signing algorithm requires there to be no digest */
dgst = NULL;
} else if (dgst == NULL
&& (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
&& (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL
&& strcmp(def_dgst, "UNDEF") != 0) {
goto end;
} else {
if (strcmp(dgst, "default") == 0) {
if (strcmp(dgst, "default") == 0 || strcmp(def_dgst, "UNDEF") == 0) {
if (def_ret <= 0) {
BIO_puts(bio_err, "no default digest\n");
goto end;
@ -824,6 +833,8 @@ end_of_options:
char *tmp_email_dn = NULL;
tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
if (tmp_email_dn == NULL)
ERR_clear_error();
if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
email_dn = 0;
}
@ -839,6 +850,7 @@ end_of_options:
if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) {
rand_ser = 1;
} else {
ERR_clear_error();
serialfile = lookup_conf(conf, section, ENV_SERIAL);
if (serialfile == NULL)
goto end;
@ -908,8 +920,10 @@ end_of_options:
}
if (days == 0) {
if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) {
ERR_clear_error();
days = 0;
}
}
if (enddate == NULL && days == 0) {
BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
@ -1034,7 +1048,7 @@ end_of_options:
}
}
/*
* we have a stack of newly certified certificates and a data base
* we have a stack of newly certified certificates and a database
* and serial number that need updating
*/
@ -1135,7 +1149,7 @@ end_of_options:
if (!rotate_index(dbfile, "new", "old"))
goto end;
BIO_printf(bio_err, "Data Base Updated\n");
BIO_printf(bio_err, "Database updated\n");
}
}
@ -1161,22 +1175,28 @@ end_of_options:
}
}
if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
!= NULL)
crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER);
if (crlnumberfile != NULL) {
if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
== NULL) {
BIO_printf(bio_err, "error while loading CRL number\n");
goto end;
}
} else {
ERR_clear_error();
}
if (!crldays && !crlhours && !crlsec) {
if (!NCONF_get_number(conf, section,
ENV_DEFAULT_CRL_DAYS, &crldays))
ENV_DEFAULT_CRL_DAYS, &crldays)) {
ERR_clear_error();
crldays = 0;
}
if (!NCONF_get_number(conf, section,
ENV_DEFAULT_CRL_HOURS, &crlhours))
ENV_DEFAULT_CRL_HOURS, &crlhours)) {
ERR_clear_error();
crlhours = 0;
ERR_clear_error();
}
}
if ((crl_nextupdate == NULL) &&
(crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
@ -1316,7 +1336,7 @@ end_of_options:
if (!rotate_index(dbfile, "new", "old"))
goto end;
BIO_printf(bio_err, "Data Base Updated\n");
BIO_printf(bio_err, "Database updated\n");
}
}
ret = 0;
@ -1758,7 +1778,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
"The subject name appears to be ok, checking database for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject. */
if (!email_dn) {
@ -1847,7 +1867,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
else if (rrow[DB_type][0] == DB_TYPE_VAL)
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
p = "\ninvalid type, Database error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == DB_TYPE_REV) {
p = rrow[DB_exp_date];

7
crypto/external/bsd/openssl/dist/apps/cmp.c vendored
View File

@ -2115,7 +2115,7 @@ static const char *prev_item(const char *opt, const char *end)
beg = end;
while (beg > opt) {
--beg;
if (beg[0] == ',' || isspace(beg[0])) {
if (beg[0] == ',' || isspace(_UC(beg[0]))) {
++beg;
break;
}
@ -2130,7 +2130,7 @@ static const char *prev_item(const char *opt, const char *end)
opt_item[len] = '\0';
while (beg > opt) {
--beg;
if (beg[0] != ',' && !isspace(beg[0])) {
if (beg[0] != ',' && !isspace(_UC(beg[0]))) {
++beg;
break;
}
@ -2148,6 +2148,7 @@ static char *conf_get_string(const CONF *src_conf, const char *groups,
while ((end = prev_item(groups, end)) != NULL) {
if ((res = NCONF_get_string(src_conf, opt_item, name)) != NULL)
return res;
ERR_clear_error();
}
return res;
}
@ -2511,7 +2512,7 @@ static int get_opts(int argc, char **argv)
}
break;
case OPT_CSR:
opt_csr = opt_arg();
opt_csr = opt_str();
break;
case OPT_OUT_TRUSTED:
opt_out_trusted = opt_str();

25
crypto/external/bsd/openssl/dist/apps/cms.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -796,6 +796,9 @@ int cms_main(int argc, char **argv)
if ((operation & SMIME_IP) == 0 && contfile != NULL)
BIO_printf(bio_err,
"Warning: -contfile option is ignored for the given operation\n");
if (operation != SMIME_ENCRYPT && *argv != NULL)
BIO_printf(bio_err,
"Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
if ((flags & CMS_BINARY) != 0) {
if (!(operation & SMIME_OP))
@ -823,19 +826,13 @@ int cms_main(int argc, char **argv)
goto end;
}
if (*argv != NULL) {
if (operation == SMIME_ENCRYPT) {
for (; *argv != NULL; argv++) {
cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
} else {
BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
}
for (; *argv != NULL; argv++) {
cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
}

2
crypto/external/bsd/openssl/dist/apps/dgst.c vendored
View File

@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv)
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
if (sigkey == NULL)
goto end;
}
if (hmac_key != NULL) {

4
crypto/external/bsd/openssl/dist/apps/dhparam.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv)
}
tmppkey = app_paramgen(ctx, alg);
if (tmppkey == NULL)
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
if (dsaparam) {

4
crypto/external/bsd/openssl/dist/apps/dsaparam.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", numbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_PrivateKey_bio(out, pkey);

5
crypto/external/bsd/openssl/dist/apps/enc.c vendored
View File

@ -624,7 +624,10 @@ int enc_main(int argc, char **argv)
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
if (enc)
BIO_printf(bio_err, "bad encrypt\n");
else
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}

4
crypto/external/bsd/openssl/dist/apps/gendsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", nbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {

4
crypto/external/bsd/openssl/dist/apps/genpkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv)
pkey = do_param ? app_paramgen(ctx, algname)
: app_keygen(ctx, algname, 0, 0 /* not verbose */);
if (pkey == NULL)
goto end;
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);

4
crypto/external/bsd/openssl/dist/apps/genrsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -203,6 +203,8 @@ opthelp:
goto end;
}
pkey = app_keygen(ctx, "RSA", num, verbose);
if (pkey == NULL)
goto end;
if (verbose) {
BIGNUM *e = NULL;

31
crypto/external/bsd/openssl/dist/apps/lib/apps.c vendored
View File

@ -638,13 +638,13 @@ void *app_malloc(size_t sz, const char *what)
char *next_item(char *opt) /* in list separated by comma and/or space */
{
/* advance to separator (comma or whitespace), if any */
while (*opt != ',' && !isspace(*opt) && *opt != '\0')
while (*opt != ',' && !isspace(_UC(*opt)) && *opt != '\0')
opt++;
if (*opt != '\0') {
/* terminate current item */
*opt++ = '\0';
/* skip over any whitespace after separator */
while (isspace(*opt))
while (isspace(_UC(*opt)))
opt++;
}
return *opt == '\0' ? NULL : opt; /* NULL indicates end of input */
@ -944,7 +944,7 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
BIO *bio;
if (!maybe_stdin) {
BIO_printf(bio_err, "No filename or uri specified for loading");
BIO_printf(bio_err, "No filename or uri specified for loading\n");
goto end;
}
uri = "<stdin>";
@ -964,8 +964,10 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
}
if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) {
BIO_printf(bio_err, "Internal error trying to load");
goto end;
}
failed = NULL;
while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) {
@ -1679,7 +1681,10 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
if (p) {
retdb->attributes.unique_subject = parse_yesno(p, 1);
} else {
ERR_clear_error();
}
}
retdb->dbfname = OPENSSL_strdup(dbfile);
@ -1945,16 +1950,17 @@ X509_NAME *parse_name(const char *cp, int chtype, int canmulti,
nid = OBJ_txt2nid(typestr);
if (nid == NID_undef) {
BIO_printf(bio_err,
"%s: Skipping unknown %s name attribute \"%s\"\n",
"%s warning: Skipping unknown %s name attribute \"%s\"\n",
opt_getprog(), desc, typestr);
if (ismulti)
BIO_printf(bio_err,
"Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n");
"%s hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n",
opt_getprog());
continue;
}
if (*valstr == '\0') {
BIO_printf(bio_err,
"%s: No value provided for %s name attribute \"%s\", skipped\n",
"%s warning: No value provided for %s name attribute \"%s\", skipped\n",
opt_getprog(), desc, typestr);
continue;
}
@ -2008,7 +2014,8 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
BIO_free(mem);
return -1;
}
maxlen -= len;
if (maxlen != -1)
maxlen -= len;
if (maxlen == 0)
break;
@ -3356,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
"if the system has a poor entropy source\n");
if (EVP_PKEY_keygen(ctx, &res) <= 0)
app_bail_out("%s: Error generating %s key\n", opt_getprog(),
alg != NULL ? alg : "asymmetric");
BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(),
alg != NULL ? alg : "asymmetric");
return res;
}
@ -3369,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
"if the system has a poor entropy source\n");
if (EVP_PKEY_paramgen(ctx, &res) <= 0)
app_bail_out("%s: Generating %s key parameters failed\n",
opt_getprog(), alg != NULL ? alg : "asymmetric");
BIO_printf(bio_err, "%s: Generating %s key parameters failed\n",
opt_getprog(), alg != NULL ? alg : "asymmetric");
return res;
}

4
crypto/external/bsd/openssl/dist/apps/pkeyutl.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -421,7 +421,7 @@ int pkeyutl_main(int argc, char **argv)
/* Raw input data is handled elsewhere */
if (in != NULL && !rawin) {
/* Read the input data */
buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
buf_inlen = bio_to_mem(&buf_in, -1, in);
if (buf_inlen < 0) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;

20
crypto/external/bsd/openssl/dist/apps/req.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -199,7 +199,7 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
/* Check syntax. */
/* Skip leading whitespace, make a copy. */
while (*kv && isspace(*kv))
while (*kv && isspace(_UC(*kv)))
if (*++kv == '\0')
return 1;
if ((p = strchr(kv, '=')) == NULL)
@ -210,7 +210,7 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
/* Skip trailing space before the equal sign. */
for (p = kv + off; p > kv; --p)
if (!isspace(p[-1]))
if (!isspace(_UC(p[-1])))
break;
if (p == kv) {
OPENSSL_free(kv);
@ -635,8 +635,10 @@ int req_main(int argc, char **argv)
if (newreq && pkey == NULL) {
app_RAND_load_conf(req_conf, section);
if (!NCONF_get_number(req_conf, section, BITS, &newkey_len))
if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) {
ERR_clear_error();
newkey_len = DEFAULT_KEY_LENGTH;
}
genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng);
if (genctx == NULL)
@ -683,6 +685,8 @@ int req_main(int argc, char **argv)
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
if (pkey == NULL)
goto end;
EVP_PKEY_CTX_free(genctx);
genctx = NULL;
@ -988,10 +992,10 @@ int req_main(int argc, char **argv)
else
tpubkey = X509_REQ_get0_pubkey(req);
if (tpubkey == NULL) {
fprintf(stdout, "Modulus is unavailable\n");
BIO_puts(bio_err, "Modulus is unavailable\n");
goto end;
}
fprintf(stdout, "Modulus=");
BIO_puts(out, "Modulus=");
if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) {
BIGNUM *n = NULL;
@ -1000,9 +1004,9 @@ int req_main(int argc, char **argv)
BN_print(out, n);
BN_free(n);
} else {
fprintf(stdout, "Wrong Algorithm type");
BIO_puts(out, "Wrong Algorithm type");
}
fprintf(stdout, "\n");
BIO_puts(out, "\n");
}
if (!noout && !gen_x509) {

4
crypto/external/bsd/openssl/dist/apps/s_client.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -2271,7 +2271,7 @@ int s_client_main(int argc, char **argv)
do {
mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
}
while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' '));
while (mbuf_len > 3 && (!isdigit((unsigned char)mbuf[0]) || !isdigit((unsigned char)mbuf[1]) || !isdigit((unsigned char)mbuf[2]) || mbuf[3] != ' '));
(void)BIO_flush(fbio);
BIO_pop(fbio);
BIO_free(fbio);

2
crypto/external/bsd/openssl/dist/apps/s_server.c vendored
View File

@ -789,7 +789,7 @@ const OPTIONS s_server_options[] = {
"second server certificate chain file in PEM format"},
{"dkey", OPT_DKEY, '<',
"Second private key file to use (usually for DSA)"},
{"dkeyform", OPT_DKEYFORM, 'F',
{"dkeyform", OPT_DKEYFORM, 'f',
"Second key file format (ENGINE, other values ignored)"},
{"dpass", OPT_DPASS, 's',
"Second private key and cert file pass phrase source"},

33
crypto/external/bsd/openssl/dist/apps/speed.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -1005,6 +1005,13 @@ static int EdDSA_sign_loop(void *args)
int ret, count;
for (count = 0; COND(eddsa_c[testnum][0]); count++) {
ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL);
if (ret == 0) {
BIO_printf(bio_err, "EdDSA sign init failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
if (ret == 0) {
BIO_printf(bio_err, "EdDSA sign failure\n");
@ -1026,6 +1033,13 @@ static int EdDSA_verify_loop(void *args)
int ret, count;
for (count = 0; COND(eddsa_c[testnum][1]); count++) {
ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL);
if (ret == 0) {
BIO_printf(bio_err, "EdDSA verify init failure\n");
ERR_print_errors(bio_err);
count = -1;
break;
}
ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
if (ret != 1) {
BIO_printf(bio_err, "EdDSA verify failure\n");
@ -3133,12 +3147,22 @@ skip_hmac:
}
for (k = 0; k < ALGOR_NUM; k++) {
const char *alg_name = names[k];
if (!doit[k])
continue;
if (k == D_EVP) {
if (evp_cipher == NULL)
alg_name = evp_md_name;
else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
app_bail_out("failed to get name of cipher '%s'\n", evp_cipher);
}
if (mr)
printf("+F:%u:%s", k, names[k]);
printf("+F:%u:%s", k, alg_name);
else
printf("%-13s", names[k]);
printf("%-13s", alg_name);
for (testnum = 0; testnum < size_num; testnum++) {
if (results[k][testnum] > 10000 && !mr)
printf(" %11.2fk", results[k][testnum] / 1e3);
@ -3676,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
} else {
int pad;
RAND_bytes(out, 16);
if (RAND_bytes(inp, 16) <= 0)
app_bail_out("error setting random bytes\n");
len += 16;
aad[11] = (unsigned char)(len >> 8);
aad[12] = (unsigned char)(len);

4
crypto/external/bsd/openssl/dist/crypto/LPdir_unix.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -137,7 +137,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
if ((*ctx)->expect_file_generations) {
char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
while(p > (*ctx)->entry_name && isdigit(p[-1]))
while (p > (*ctx)->entry_name && isdigit((unsigned char)p[-1]))
p--;
if (p > (*ctx)->entry_name && p[-1] == ';')
p[-1] = '\0';

3
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesv8-armx.pl vendored
View File

@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[ui]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

7
crypto/external/bsd/openssl/dist/crypto/arm_arch.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -21,11 +21,6 @@
# elif defined(__GNUC__)
# if defined(__aarch64__)
# define __ARM_ARCH__ 8
# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
# define __ARMEB__
# else
# define __ARMEL__
# endif
/*
* Why doesn't gcc define __ARM_ARCH__? Instead it defines
* bunch of below macros. See all_architectures[] table in

4
crypto/external/bsd/openssl/dist/crypto/asn1/a_strnid.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -129,8 +129,10 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
int idx;
ASN1_STRING_TABLE fnd;
#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
/* "stable" can be impacted by config, so load the config file first */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
fnd.nid = nid;
if (stable) {

11
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_gen.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -698,9 +698,12 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
atmp->value.asn1_string->data = rdata;
atmp->value.asn1_string->length = rdlen;
atmp->value.asn1_string->type = utype;
} else if (format == ASN1_GEN_FORMAT_ASCII)
ASN1_STRING_set(atmp->value.asn1_string, str, -1);
else if ((format == ASN1_GEN_FORMAT_BITLIST)
} else if (format == ASN1_GEN_FORMAT_ASCII) {
if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
goto bad_str;
}
} else if ((format == ASN1_GEN_FORMAT_BITLIST)
&& (utype == V_ASN1_BIT_STRING)) {
if (!CONF_parse_list
(str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

8
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -516,6 +516,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
int len;
char linebuf[MAX_SMLEN];
int ret;
if (in == NULL || out == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/*
* Buffer output so we don't write one line at a time. This is useful
* when streaming as we don't end up with one OCTET STRING per line.

8
crypto/external/bsd/openssl/dist/crypto/bn/bn_gcd.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
for (i = 0; i < m; i++) {
/* conditionally flip signs if delta is positive and g is odd */
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1)));
delta = (-cond & -delta) | ((cond - 1) & delta);
r->neg ^= cond;
/* swap */
@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
goto err;
BN_consttime_swap(g->d[0] & 1 /* g is odd */
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))),
g, temp, top);
if (!BN_rshift1(g, g))
goto err;

4
crypto/external/bsd/openssl/dist/crypto/bn/bn_recp.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -44,7 +44,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
{
if (!BN_copy(&(recp->N), d))
if (BN_is_zero(d) || !BN_copy(&(recp->N), d))
return 0;
BN_zero(&(recp->Nr));
recp->num_bits = BN_num_bits(d);

2
crypto/external/bsd/openssl/dist/crypto/build.info vendored
View File

@ -97,8 +97,6 @@ $UTIL_COMMON=\
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c
SHARED_SOURCE[../libssl]=sparse_array.c
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \

2
crypto/external/bsd/openssl/dist/crypto/chacha/asm/chacha-ia64.pl vendored
View File

@ -46,6 +46,8 @@ ChaCha20_ctr32:
ADDP @k[11]=4,$key
.save ar.lc,r3
mov r3=ar.lc }
{ .mmi; ADDP $out=0,$out
ADDP $inp=0,$inp }
{ .mmi; ADDP $key=0,$key
ADDP $counter=0,$counter
.save pr,r14

10
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_asn.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@ -188,22 +188,22 @@ int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
return 0;
}
/* get ASN.1 encoded integer, return -1 on error */
/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
{
int64_t res;
if (!ASN1_INTEGER_get_int64(&res, a)) {
ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
return -1;
return -2;
}
if (res < INT_MIN) {
ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
return -1;
return -2;
}
if (res > INT_MAX) {
ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
return -1;
return -2;
}
return (int)res;
}

2
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_client.c vendored
View File

@ -584,7 +584,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
return 0;
if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
rid = ossl_cmp_asn1_get_int(crep->certReqId);
if (rid != OSSL_CMP_CERTREQID_NONE) {
if (rid < OSSL_CMP_CERTREQID_NONE) {
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
return 0;
}

7
crypto/external/bsd/openssl/dist/crypto/cmp/cmp_status.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@ -30,9 +30,12 @@
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
{
int res ;
if (!ossl_assert(si != NULL && si->status != NULL))
return -1;
return ossl_cmp_asn1_get_int(si->status);
res = ossl_cmp_asn1_get_int(si->status);
return res == -2 ? -1 : res;
}
const char *ossl_cmp_PKIStatus_to_string(int status)

5
crypto/external/bsd/openssl/dist/crypto/cms/cms_enc.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,6 +15,7 @@
#include <openssl/cms.h>
#include <openssl/rand.h>
#include "crypto/evp.h"
#include "crypto/asn1.h"
#include "cms_local.h"
/* CMS EncryptedData Utilities */
@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
if (enc) {
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
if (calg->algorithm == NULL) {
if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
goto err;
}

27
crypto/external/bsd/openssl/dist/crypto/cms/cms_env.c vendored
View File

@ -26,7 +26,7 @@ static void cms_env_set_version(CMS_EnvelopedData *env);
#define CMS_ENVELOPED_STANDARD 1
#define CMS_ENVELOPED_AUTH 2
static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
static int cms_get_enveloped_type_simple(const CMS_ContentInfo *cms)
{
int nid = OBJ_obj2nid(cms->contentType);
@ -38,11 +38,28 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
return CMS_ENVELOPED_AUTH;
default:
ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
return 0;
}
}
static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
{
int ret = cms_get_enveloped_type_simple(cms);
if (ret == 0)
ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
return ret;
}
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
{
if (cms_get_enveloped_type_simple(cinf) != 0) {
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
if (ec != NULL)
OPENSSL_clear_free(ec->key, ec->keylen);
}
}
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
@ -142,10 +159,12 @@ CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *c
{
switch (cms_get_enveloped_type(cms)) {
case CMS_ENVELOPED_STANDARD:
return cms->d.envelopedData->encryptedContentInfo;
return cms->d.envelopedData == NULL ? NULL
: cms->d.envelopedData->encryptedContentInfo;
case CMS_ENVELOPED_AUTH:
return cms->d.authEnvelopedData->authEncryptedContentInfo;
return cms->d.authEnvelopedData == NULL ? NULL
: cms->d.authEnvelopedData->authEncryptedContentInfo;
default:
return NULL;

4
crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c vendored
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
"unsupported recipientinfo type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
"unsupported recipient type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
"unsupported signature algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},

1
crypto/external/bsd/openssl/dist/crypto/cms/cms_lib.c vendored
View File

@ -76,6 +76,7 @@ CMS_ContentInfo *CMS_ContentInfo_new(void)
void CMS_ContentInfo_free(CMS_ContentInfo *cms)
{
if (cms != NULL) {
ossl_cms_env_enc_content_free(cms);
OPENSSL_free(cms->ctx.propq);
ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
}

3
crypto/external/bsd/openssl/dist/crypto/cms/cms_local.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -444,6 +444,7 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);

13
crypto/external/bsd/openssl/dist/crypto/cms/cms_rsa.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,6 +13,7 @@
#include <openssl/core_names.h>
#include "crypto/asn1.h"
#include "crypto/rsa.h"
#include "crypto/evp.h"
#include "cms_local.h"
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
@ -210,6 +211,16 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
if (pad_mode != RSA_PKCS1_PSS_PADDING)
return 0;
if (evp_pkey_ctx_is_legacy(pkctx)) {
/* No provider -> we cannot query it for algorithm ID. */
ASN1_STRING *os = NULL;
os = ossl_rsa_ctx_to_pss_string(pkctx);
if (os == NULL)
return 0;
return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
}
params[0] = OSSL_PARAM_construct_octet_string(
OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
params[1] = OSSL_PARAM_construct_end();

20
crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -233,9 +233,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
int i;
if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC"))
return ossl_cms_ecdsa_dsa_sign(si, cmd);
return ossl_cms_ecdsa_dsa_sign(si, cmd) > 0;
else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS"))
return ossl_cms_rsa_sign(si, cmd);
return ossl_cms_rsa_sign(si, cmd) > 0;
/* Something else? We'll give engines etc a chance to handle this */
if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (md == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
md = EVP_get_digestbynid(def_nid);
if (md == NULL) {
ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"default md nid=%d", def_nid);
goto err;
}
}
@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
}
}
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
if (!(flags & CMS_NOATTR)) {
/*
* Initialize signed attributes structure so other attributes

10
crypto/external/bsd/openssl/dist/crypto/conf/conf_mod.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -184,15 +184,21 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
CONF *conf = NULL;
int ret = 0, diagnostics = 0;
ERR_set_mark();
if (filename == NULL) {
file = CONF_get1_default_config_file();
if (file == NULL)
goto err;
if (*file == '\0') {
/* Do not try to load an empty file name but do not error out */
ret = 1;
goto err;
}
} else {
file = (char *)filename;
}
ERR_set_mark();
conf = NCONF_new_ex(libctx, NULL);
if (conf == NULL)
goto err;

7
crypto/external/bsd/openssl/dist/crypto/conf/conf_sap.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -65,7 +65,10 @@ int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings)
#endif
#ifndef OPENSSL_SYS_UEFI
ret = CONF_modules_load_file(filename, appname, flags);
ret = CONF_modules_load_file_ex(OSSL_LIB_CTX_get0_global_default(),
filename, appname, flags);
#else
ret = 1;
#endif
openssl_configured = 1;
return ret;

5
crypto/external/bsd/openssl/dist/crypto/core_namemap.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -142,6 +142,9 @@ int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
cbdata.number = number;
cbdata.found = 0;
if (namemap == NULL)
return 0;
/*
* We collect all the names first under a read lock. Subsequently we call
* the user function, so that we're not holding the read lock when in user

21
crypto/external/bsd/openssl/dist/crypto/dh/dh_check.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret)
#ifdef FIPS_MODULE
return DH_check_params(dh, ret);
#else
int ok = 0, r;
int ok = 0, r, q_good = 0;
BN_CTX *ctx = NULL;
BIGNUM *t1 = NULL, *t2 = NULL;
int nid = DH_get_nid((DH *)dh);
@ -152,6 +152,13 @@ int DH_check(const DH *dh, int *ret)
if (nid != NID_undef)
return 1;
/* Don't do any checks at all with an excessively large modulus */
if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
*ret = DH_MODULUS_TOO_LARGE | DH_CHECK_P_NOT_PRIME;
return 0;
}
if (!DH_check_params(dh, ret))
return 0;
@ -165,6 +172,13 @@ int DH_check(const DH *dh, int *ret)
goto err;
if (dh->params.q != NULL) {
if (BN_ucmp(dh->params.p, dh->params.q) > 0)
q_good = 1;
else
*ret |= DH_CHECK_INVALID_Q_VALUE;
}
if (q_good) {
if (BN_cmp(dh->params.g, BN_value_one()) <= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
else if (BN_cmp(dh->params.g, dh->params.p) >= 0)
@ -245,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
*/
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)

3
crypto/external/bsd/openssl/dist/crypto/dh/dh_key.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
static int dh_init(DH *dh)
{
dh->flags |= DH_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dh->params);
dh->dirty_cnt++;
return 1;
}

4
crypto/external/bsd/openssl/dist/crypto/dh/dh_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
goto err;
#endif /* FIPS_MODULE */
ossl_ffc_params_init(&ret->params);
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL);
goto err;

8
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_check.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
*/
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
&& *ret == 0;
}
/*
@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
*/
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)

4
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
goto err;
#endif
ossl_ffc_params_init(&ret->params);
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
goto err;

1
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ossl.c vendored
View File

@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
static int dsa_init(DSA *dsa)
{
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dsa->params);
dsa->dirty_cnt++;
return 1;
}

7
crypto/external/bsd/openssl/dist/crypto/encode_decode/decoder_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -743,10 +743,11 @@ static int decoder_process(const OSSL_PARAM params[], void *arg)
(void *)new_data.ctx, LEVEL, rv);
} OSSL_TRACE_END(DECODER);
data->flag_construct_called = 1;
ok = (rv > 0);
if (ok)
if (ok) {
data->flag_construct_called = 1;
goto end;
}
}
/* The constructor didn't return success */

8
crypto/external/bsd/openssl/dist/crypto/encode_decode/decoder_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -150,7 +150,11 @@ static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
import_data.keymgmt = keymgmt;
import_data.keydata = NULL;
import_data.selection = data->selection;
if (data->selection == 0)
/* import/export functions do not tolerate 0 selection */
import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
else
import_data.selection = data->selection;
/*
* No need to check for errors here, the value of

36
crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c vendored
View File

@ -133,28 +133,34 @@ static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
return item;
}
void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
{
ENGINE_CLEANUP_ITEM *item;
if (!int_cleanup_check(1))
return;
item = int_cleanup_item(cb);
if (item != NULL)
if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0) <= 0)
OPENSSL_free(item);
}
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
{
ENGINE_CLEANUP_ITEM *item;
if (!int_cleanup_check(1))
return;
return 0;
item = int_cleanup_item(cb);
if (item != NULL) {
if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
OPENSSL_free(item);
if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0))
return 1;
OPENSSL_free(item);
}
return 0;
}
int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
{
ENGINE_CLEANUP_ITEM *item;
if (!int_cleanup_check(1))
return 0;
item = int_cleanup_item(cb);
if (item != NULL) {
if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) > 0)
return 1;
OPENSSL_free(item);
}
return 0;
}
/* The API function that performs all cleanup */

11
crypto/external/bsd/openssl/dist/crypto/engine/eng_list.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -78,12 +78,15 @@ static int engine_list_add(ENGINE *e)
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_head = e;
e->prev = NULL;
/*
* The first time the list allocates, we should register the cleanup.
*/
engine_cleanup_add_last(engine_list_cleanup);
if (!engine_cleanup_add_last(engine_list_cleanup)) {
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR);
return 0;
}
engine_list_head = e;
e->prev = NULL;
} else {
/* We are adding to the tail of an existing list. */
if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {

6
crypto/external/bsd/openssl/dist/crypto/engine/eng_local.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -46,8 +46,8 @@ typedef struct st_engine_cleanup_item {
ENGINE_CLEANUP_CB *cb;
} ENGINE_CLEANUP_ITEM;
DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
int engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
int engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
/* We need stacks of ENGINEs for use in eng_table.c */
DEFINE_STACK_OF(ENGINE)

44
crypto/external/bsd/openssl/dist/crypto/engine/eng_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return NULL;
}
/* We enforce check for legacy key */
switch (EVP_PKEY_get_id(pkey)) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
}
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_set1_EC_KEY(pkey, ec);
EC_KEY_free(ec);
}
break;
# endif
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
{
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_set1_DSA(pkey, dsa);
DSA_free(dsa);
}
break;
#endif
# ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get1_DH(pkey);
EVP_PKEY_set1_DH(pkey, dh);
DH_free(dh);
}
break;
#endif
default:
/*Do nothing */
break;
}
return pkey;
}

13
crypto/external/bsd/openssl/dist/crypto/engine/eng_table.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -93,9 +93,12 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
added = 1;
if (!int_table_check(table, 1))
goto end;
if (added)
/* The cleanup callback needs to be added */
engine_cleanup_add_first(cleanup);
/* The cleanup callback needs to be added */
if (added && !engine_cleanup_add_first(cleanup)) {
lh_ENGINE_PILE_free(&(*table)->piles);
*table = NULL;
goto end;
}
while (num_nids--) {
tmplate.nid = *nids;
fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
@ -201,8 +204,10 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
/* Load the config before trying to check if engines are available */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,

2
crypto/external/bsd/openssl/dist/crypto/err/openssl.txt vendored
View File

@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source
CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm
CMS_R_UNSUPPORTED_TYPE:156:unsupported type
CMS_R_UNWRAP_ERROR:157:unwrap error
CMS_R_UNWRAP_FAILURE:180:unwrap failure
@ -1675,6 +1676,7 @@ X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed
X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
X509_R_CRL_ALREADY_DELTA:127:crl already delta
X509_R_CRL_VERIFY_FAILURE:131:crl verify failure
X509_R_DUPLICATE_ATTRIBUTE:140:duplicate attribute
X509_R_ERROR_GETTING_MD_BY_NID:141:error getting md by nid
X509_R_ERROR_USING_SIGINF_SET:142:error using siginf set
X509_R_IDP_MISMATCH:128:idp mismatch

33
crypto/external/bsd/openssl/dist/crypto/evp/ctrl_params_translate.c vendored
View File

@ -636,8 +636,8 @@ static int default_fixup_args(enum state state,
ctx->p2, ctx->sz);
case OSSL_PARAM_OCTET_STRING:
return OSSL_PARAM_get_octet_string(ctx->params,
ctx->p2, ctx->sz,
&ctx->sz);
&ctx->p2, ctx->sz,
(size_t *)&ctx->p1);
case OSSL_PARAM_OCTET_PTR:
return OSSL_PARAM_get_octet_ptr(ctx->params,
ctx->p2, &ctx->sz);
@ -685,7 +685,7 @@ static int default_fixup_args(enum state state,
return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2,
size);
case OSSL_PARAM_OCTET_PTR:
return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2,
return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2,
size);
default:
ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
@ -695,6 +695,9 @@ static int default_fixup_args(enum state state,
translation->param_data_type);
return 0;
}
} else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
if (translation->param_data_type == OSSL_PARAM_OCTET_PTR)
ctx->p2 = &ctx->bufp;
}
}
/* Any other combination is simply pass-through */
@ -1783,7 +1786,8 @@ static int get_rsa_payload_n(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2));
@ -1796,7 +1800,8 @@ static int get_rsa_payload_e(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2));
@ -1809,7 +1814,8 @@ static int get_rsa_payload_d(enum state state,
{
const BIGNUM *bn = NULL;
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS)
return 0;
bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2));
@ -1909,7 +1915,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_factor(state, translation, ctx, n - 1); \
}
@ -1920,7 +1927,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_exponent(state, translation, ctx, \
n - 1); \
@ -1932,7 +1940,8 @@ static int get_rsa_payload_coefficient(enum state state,
const struct translation_st *translation, \
struct translation_ctx_st *ctx) \
{ \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \
if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \
&& EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \
return 0; \
return get_rsa_payload_coefficient(state, translation, ctx, \
n - 1); \
@ -2254,7 +2263,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
{ GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
{ SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
@ -2268,10 +2277,10 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
{ SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
{ SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
{ SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },

45
crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
#endif
}
if (cipher->prov != NULL) {
if (!ossl_assert(cipher->prov != NULL)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
}
if (cipher != ctx->fetched_cipher) {
if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
return 0;
}
#ifndef FIPS_MODULE
/*
* Fix for CVE-2023-5363
* Passing in a size as part of the init call takes effect late
* so, force such to occur before the initialisation.
*
* The FIPS provider's internal library context is used in a manner
* such that this is not an issue.
*/
if (params != NULL) {
OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
OSSL_PARAM_END };
OSSL_PARAM *q = param_lens;
const OSSL_PARAM *p;
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL)
memcpy(q++, p, sizeof(*q));
/*
* Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
* OSSL_CIPHER_PARAM_IVLEN so both are covered here.
*/
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
if (p != NULL)
memcpy(q++, p, sizeof(*q));
if (q != param_lens) {
if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
return 0;
}
}
}
#endif
if (enc) {
if (ctx->cipher->einit == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);

8
crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
{
KECCAK1600_CTX *ctx = evp_ctx->md_data;
KECCAK1600_CTX *ctx;
if (evp_ctx == NULL)
return 0;
ctx = evp_ctx->md_data;
switch (cmd) {
case EVP_MD_CTRL_XOF_LEN:

3
crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt2.c vendored
View File

@ -231,13 +231,16 @@ int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
goto err;
}
(void)ERR_set_mark();
prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq);
if (prfmd == NULL)
prfmd = EVP_get_digestbynid(hmac_md_nid);
if (prfmd == NULL) {
(void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF);
goto err;
}
(void)ERR_pop_to_mark();
if (kdf->salt->type != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE);

5
crypto/external/bsd/openssl/dist/crypto/evp/p_lib.c vendored
View File

@ -717,11 +717,13 @@ static void detect_foreign_key(EVP_PKEY *pkey)
{
switch (pkey->type) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA_PSS:
pkey->foreign = pkey->pkey.rsa != NULL
&& ossl_rsa_is_foreign(pkey->pkey.rsa);
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
break;
case EVP_PKEY_EC:
pkey->foreign = pkey->pkey.ec != NULL
&& ossl_ec_key_is_foreign(pkey->pkey.ec);
@ -1074,6 +1076,7 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
if (pkey->keymgmt == NULL) {
switch (EVP_PKEY_get_base_id(pkey)) {
case EVP_PKEY_RSA:
case EVP_PKEY_RSA_PSS:
return 1;
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
@ -1198,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
int indent, ASN1_PCTX *pctx)
{
return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL,
return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL,
(pkey->ameth != NULL ? pkey->ameth->priv_print : NULL),
pctx);
}

5
crypto/external/bsd/openssl/dist/crypto/evp/pmeth_lib.c vendored
View File

@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
*/
if (e != NULL)
pmeth = ENGINE_get_pkey_meth(e, id);
else if (pkey != NULL && pkey->foreign)
else
# endif /* OPENSSL_NO_ENGINE */
if (pkey != NULL && pkey->foreign)
pmeth = EVP_PKEY_meth_find(id);
else
# endif
app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
/* END legacy */

4
crypto/external/bsd/openssl/dist/crypto/ex_data.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
* "app_data" routines use ex_data index zero. See RT 3710. */
if (ip->meth == NULL
|| !sk_EX_CALLBACK_push(ip->meth, NULL)) {
sk_EX_CALLBACK_free(ip->meth);
ip->meth = NULL;
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
goto err;
}

16
crypto/external/bsd/openssl/dist/crypto/ffc/ffc_key_validate.c vendored
View File

@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
*ret = 0;
if (params == NULL || pub_key == NULL || params->p == NULL) {
*ret = FFC_ERROR_PASSED_NULL_PARAM;
return 0;
return 1;
}
ctx = BN_CTX_new_ex(NULL);
@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_set_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) <= 0) {
if (BN_cmp(pub_key, tmp) <= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
goto err;
}
/* Step(1): Verify pub_key <= p-2 */
if (BN_copy(tmp, params->p) == NULL
|| !BN_sub_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) >= 0) {
if (BN_cmp(pub_key, tmp) >= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
goto err;
}
ok = 1;
err:
if (ctx != NULL) {
@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
return 0;
if (params->q != NULL) {
if (*ret == 0 && params->q != NULL) {
ctx = BN_CTX_new_ex(NULL);
if (ctx == NULL)
goto err;
@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
goto err;
if (!BN_is_one(tmp)) {
if (!BN_is_one(tmp))
*ret |= FFC_ERROR_PUBKEY_INVALID;
goto err;
}
}
ok = 1;

15
crypto/external/bsd/openssl/dist/crypto/http/http_client.c vendored
View File

@ -164,7 +164,8 @@ void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx,
/*
* Create request line using |rctx| and |path| (or "/" in case |path| is NULL).
* Server name (and port) must be given if and only if plain HTTP proxy is used.
* Server name (and optional port) must be given if and only if
* a plain HTTP proxy is used and |path| does not begin with 'http://'.
*/
int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
const char *server, const char *port,
@ -193,11 +194,17 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
return 0;
}
/* Make sure path includes a forward slash */
if (path == NULL)
/* Make sure path includes a forward slash (abs_path) */
if (path == NULL) {
path = "/";
if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0)
} else if (HAS_PREFIX(path, "http://")) { /* absoluteURI for proxy use */
if (server != NULL) {
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
}
} else if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) {
return 0;
}
/*
* Add (the rest of) the path and the HTTP version,
* which is fixed to 1.0 for straightforward implementation of keep-alive

8
crypto/external/bsd/openssl/dist/crypto/http/http_lib.c vendored
View File

@ -22,6 +22,13 @@ static void init_pstring(char **pstr)
}
}
static void init_pint(int *pint)
{
if (pint != NULL) {
*pint = 0;
}
}
static int copy_substring(char **dest, const char *start, const char *end)
{
return dest == NULL
@ -54,6 +61,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
init_pstring(puser);
init_pstring(phost);
init_pstring(pport);
init_pint(pport_num);
init_pstring(ppath);
init_pstring(pfrag);
init_pstring(pquery);

6
crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh)
if (n == NULL) {
/* fputs("realloc error in lhash",stderr); */
lh->error++;
return;
} else {
lh->b = n;
}
lh->num_alloc_nodes /= 2;
lh->pmax /= 2;
lh->p = lh->pmax - 1;
lh->b = n;
} else
lh->p--;

17
crypto/external/bsd/openssl/dist/crypto/mem.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
* or 100;100@25;0
* This means 100 mallocs succeed, then next 100 fail 25% of the time, and
* all remaining (count is zero) succeed.
* The failure percentge can have 2 digits after the comma. For example:
* 0@0.01
* This means 0.01% of all allocations will fail.
*/
static void parseit(void)
{
@ -112,26 +115,27 @@ static void parseit(void)
/* Get the count (atol will stop at the @ if there), and percentage */
md_count = atol(md_failstring);
atsign = strchr(md_failstring, '@');
md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
if (semi != NULL)
md_failstring = semi;
}
/*
* Windows doesn't have random(), but it has rand()
* Windows doesn't have random() and srandom(), but it has rand() and srand().
* Some rand() implementations aren't good, but we're not
* dealing with secure randomness here.
*/
# ifdef _WIN32
# define random() rand()
# define srandom(seed) srand(seed)
# endif
/*
* See if the current malloc should fail.
*/
static int shouldfail(void)
{
int roll = (int)(random() % 100);
int roll = (int)(random() % 10000);
int shoulditfail = roll < md_fail_percent;
# ifndef _WIN32
/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void)
parseit();
if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
md_tracefd = atoi(cp);
if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
srandom(atoi(cp));
}
#endif
@ -195,7 +201,6 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line)
void *ret;
ret = CRYPTO_malloc(num, file, line);
FAILTEST();
if (ret != NULL)
memset(ret, 0, num);
@ -208,7 +213,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
if (realloc_impl != CRYPTO_realloc)
return realloc_impl(str, num, file, line);
FAILTEST();
if (str == NULL)
return CRYPTO_malloc(num, file, line);
@ -217,6 +221,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
return NULL;
}
FAILTEST();
return realloc(str, num);
}

5
crypto/external/bsd/openssl/dist/crypto/modes/asm/ghashv8-armx.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -744,6 +744,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

7
crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.c vendored
View File

@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
if (p == NULL) {
const char *base_ = base;
int l, h, i = 0, c = 0;
char *p1;
for (i = 0; i < num; ++i) {
p = &(base_[i * size]);
c = (*cmp) (key, p);
p1 = &(base_[i * size]);
c = (*cmp) (key, p1);
if (c == 0
|| (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
return p;
return p1;
}
}
#endif

13
crypto/external/bsd/openssl/dist/crypto/param_build_set.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params,
{
int i, sz = sk_BIGNUM_const_num(stk);
OSSL_PARAM *p;
const BIGNUM *bn;
if (bld != NULL) {
for (i = 0; i < sz && names[i] != NULL; ++i) {
if (!OSSL_PARAM_BLD_push_BN(bld, names[i],
sk_BIGNUM_const_value(stk, i)))
bn = sk_BIGNUM_const_value(stk, i);
if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn))
return 0;
}
return 1;
}
for (i = 0; i < sz && names[i] != NULL; ++i) {
bn = sk_BIGNUM_const_value(stk, i);
p = OSSL_PARAM_locate(params, names[i]);
if (p != NULL) {
if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i)))
if (p != NULL && bn != NULL) {
if (!OSSL_PARAM_set_BN(p, bn))
return 0;
}
}

40
crypto/external/bsd/openssl/dist/crypto/params.c vendored
View File

@ -14,6 +14,7 @@
#include "internal/numbers.h"
#include "internal/endian.h"
#ifndef OPENSSL_SYS_UEFI
/*
* Return the number of bits in the mantissa of a double. This is used to
* shift a larger integral value to determine if it will exactly fit into a
@ -23,6 +24,7 @@ static unsigned int real_shift(void)
{
return sizeof(double) == 4 ? 24 : 53;
}
#endif
OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key)
{
@ -342,8 +344,6 @@ OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf)
int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
{
double d;
if (val == NULL || p == NULL )
return 0;
@ -391,6 +391,9 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
return general_get_int(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -400,6 +403,7 @@ int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val)
}
break;
}
#endif
}
return 0;
}
@ -442,6 +446,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val)
#endif
return general_set_int(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -450,6 +455,7 @@ int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val)
*(double *)p->data = (double)val;
return 1;
}
#endif
}
return 0;
}
@ -462,8 +468,6 @@ OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf)
int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
{
double d;
if (val == NULL || p == NULL)
return 0;
@ -509,6 +513,9 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
#endif
return general_get_uint(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -518,6 +525,7 @@ int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val)
}
break;
}
#endif
}
return 0;
}
@ -564,6 +572,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val)
#endif
return general_set_uint(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -572,6 +581,7 @@ int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val)
*(double *)p->data = (double)val;
return 1;
}
#endif
}
return 0;
}
@ -584,8 +594,6 @@ OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf)
int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
{
double d;
if (val == NULL || p == NULL )
return 0;
@ -620,6 +628,9 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
#endif
return general_get_int(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -636,14 +647,13 @@ int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val)
}
break;
}
#endif
}
return 0;
}
int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
{
uint64_t u64;
if (p == NULL)
return 0;
p->return_size = 0;
@ -686,6 +696,9 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
#endif
return general_set_int(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
uint64_t u64;
p->return_size = sizeof(double);
if (p->data == NULL)
return 1;
@ -698,6 +711,7 @@ int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val)
}
break;
}
#endif
}
return 0;
}
@ -709,8 +723,6 @@ OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf)
int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
{
double d;
if (val == NULL || p == NULL)
return 0;
@ -750,6 +762,9 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
#endif
return general_get_uint(p, val, sizeof(*val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
double d;
switch (p->data_size) {
case sizeof(double):
d = *(const double *)p->data;
@ -766,6 +781,7 @@ int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val)
}
break;
}
#endif
}
return 0;
}
@ -818,6 +834,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val)
#endif
return general_set_uint(p, &val, sizeof(val));
} else if (p->data_type == OSSL_PARAM_REAL) {
#ifndef OPENSSL_SYS_UEFI
p->return_size = sizeof(double);
switch (p->data_size) {
case sizeof(double):
@ -827,6 +844,7 @@ int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val)
}
break;
}
#endif
}
return 0;
}
@ -953,6 +971,7 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf,
buf, bsize);
}
#ifndef OPENSSL_SYS_UEFI
int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val)
{
int64_t i64;
@ -1073,6 +1092,7 @@ OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf)
{
return ossl_param_construct(key, OSSL_PARAM_REAL, buf, sizeof(double));
}
#endif
static int get_string_internal(const OSSL_PARAM *p, void **val,
size_t *max_len, size_t *used_len,

13
crypto/external/bsd/openssl/dist/crypto/pem/pem_pkey.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -366,10 +366,19 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
return ret;
}
static int no_password_cb(char *buf, int num, int rwflag, void *userdata)
{
return -1;
}
EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x,
OSSL_LIB_CTX *libctx, const char *propq)
{
return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq,
/*
* PEM_read_bio_Parameters(_ex) should never ask for a password. Any attempt
* to get a password just fails.
*/
return pem_read_bio_key(bp, x, no_password_cb, NULL, libctx, propq,
EVP_PKEY_KEY_PARAMETERS);
}

7
crypto/external/bsd/openssl/dist/crypto/perlasm/arm-xlate.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -159,9 +159,8 @@ while(my $line=<>) {
}
{
$line =~ s|(^[\.\w]+)\:\s*||;
my $label = $1;
if ($label) {
if ($line =~ s|(^[\.\w]+)\:\s*||) {
my $label = $1;
printf "%s:",($GLOBALS{$label} or $label);
}
}

64
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_crt.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,6 +14,12 @@
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
PKCS12_SAFEBAG *bag);
static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
X509 *cert,
const char *name,
int namelen,
unsigned char *keyid,
int keyidlen);
static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
{
@ -40,6 +46,9 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
int namelen = -1;
unsigned char *pkeyid = NULL;
int pkeyidlen = -1;
/* Set defaults */
if (nid_cert == NID_undef)
@ -64,11 +73,16 @@ PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey,
}
if (cert) {
bag = PKCS12_add_cert(&bags, cert);
if (name && !PKCS12_add_friendlyname(bag, name, -1))
goto err;
if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
if (name == NULL)
name = (char *)X509_alias_get0(cert, &namelen);
if (keyidlen > 0) {
pkeyid = keyid;
pkeyidlen = keyidlen;
} else {
pkeyid = X509_keyid_get0(cert, &pkeyidlen);
}
bag = pkcs12_add_cert_bag(&bags, cert, name, namelen, pkeyid, pkeyidlen);
}
/* Add all other certificates */
@ -139,30 +153,23 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *
iter, mac_iter, keytype, NULL, NULL);
}
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
static PKCS12_SAFEBAG *pkcs12_add_cert_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
X509 *cert,
const char *name,
int namelen,
unsigned char *keyid,
int keyidlen)
{
PKCS12_SAFEBAG *bag = NULL;
char *name;
int namelen = -1;
unsigned char *keyid;
int keyidlen = -1;
/* Add user certificate */
if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
goto err;
/*
* Use friendlyName and localKeyID in certificate. (if present)
*/
name = (char *)X509_alias_get0(cert, &namelen);
if (name && !PKCS12_add_friendlyname(bag, name, namelen))
if (name != NULL && !PKCS12_add_friendlyname(bag, name, namelen))
goto err;
keyid = X509_keyid_get0(cert, &keyidlen);
if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
if (keyid != NULL && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
goto err;
if (!pkcs12_add_bag(pbags, bag))
@ -173,7 +180,22 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
err:
PKCS12_SAFEBAG_free(bag);
return NULL;
}
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
{
char *name = NULL;
int namelen = -1;
unsigned char *keyid = NULL;
int keyidlen = -1;
/*
* Use friendlyName and localKeyID in certificate. (if present)
*/
name = (char *)X509_alias_get0(cert, &namelen);
keyid = X509_keyid_get0(cert, &keyidlen);
return pkcs12_add_cert_bag(pbags, cert, name, namelen, keyid, keyidlen);
}
PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,

7
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_mutl.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -108,15 +108,20 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
return 0;
(void)ERR_set_mark();
md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name,
p12->authsafes->ctx.propq);
if (md == NULL)
md = EVP_get_digestbynid(OBJ_obj2nid(macoid));
if (md == NULL) {
(void)ERR_clear_last_mark();
ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
return 0;
}
(void)ERR_pop_to_mark();
md_size = EVP_MD_get_size(md);
md_nid = EVP_MD_get_type(md);
if (md_size < 0)

26
crypto/external/bsd/openssl/dist/crypto/poly1305/asm/poly1305-armv8.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -85,7 +85,7 @@ poly1305_init:
ldp $r0,$r1,[$inp] // load key
mov $s1,#0xfffffffc0fffffff
movk $s1,#0x0fff,lsl#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $r0,$r0 // flip bytes
rev $r1,$r1
#endif
@ -132,7 +132,7 @@ poly1305_blocks:
.Loop:
ldp $t0,$t1,[$inp],#16 // load input
sub $len,$len,#16
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $t0,$t0
rev $t1,$t1
#endif
@ -197,13 +197,13 @@ poly1305_emit:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif
@ -335,7 +335,7 @@ poly1305_blocks_neon:
adcs $h1,$h1,xzr
adc $h2,$h2,xzr
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -381,7 +381,7 @@ poly1305_blocks_neon:
ldp $d0,$d1,[$inp],#16 // load input
sub $len,$len,#16
add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2)
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -466,7 +466,7 @@ poly1305_blocks_neon:
lsl $padbit,$padbit,#24
add x15,$ctx,#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -502,7 +502,7 @@ poly1305_blocks_neon:
ld1 {$S2,$R3,$S3,$R4},[x15],#64
ld1 {$S4},[x15]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -563,7 +563,7 @@ poly1305_blocks_neon:
umull $ACC1,$IN23_0,${R1}[2]
ldp x9,x13,[$in2],#48
umull $ACC0,$IN23_0,${R0}[2]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -628,7 +628,7 @@ poly1305_blocks_neon:
umlal $ACC4,$IN01_2,${R2}[0]
umlal $ACC1,$IN01_2,${S4}[0]
umlal $ACC2,$IN01_2,${R0}[0]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -909,13 +909,13 @@ poly1305_emit_neon:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif

6
crypto/external/bsd/openssl/dist/crypto/poly1305/asm/poly1305-x86_64.pl vendored
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -195,7 +195,7 @@ $code.=<<___ if ($avx>1);
bt \$`5+32`,%r9 # AVX2?
cmovc %rax,%r10
___
$code.=<<___ if ($avx>3);
$code.=<<___ if ($avx>3 && !$win64);
mov \$`(1<<31|1<<21|1<<16)`,%rax
shr \$32,%r9
and %rax,%r9
@ -2724,7 +2724,7 @@ $code.=<<___;
.cfi_endproc
.size poly1305_blocks_avx512,.-poly1305_blocks_avx512
___
if ($avx>3) {
if ($avx>3 && !$win64) {
########################################################################
# VPMADD52 version using 2^44 radix.
#

6
crypto/external/bsd/openssl/dist/crypto/property/property.c vendored
View File

@ -129,11 +129,11 @@ static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = {
};
OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx,
int loadconfig)
ossl_unused int loadconfig)
{
OSSL_GLOBAL_PROPERTIES *globp;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
return NULL;
#endif
@ -513,7 +513,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
if (nid <= 0 || method == NULL || store == NULL)
return 0;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
if (ossl_lib_ctx_is_default(store->ctx)
&& !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;

36
crypto/external/bsd/openssl/dist/crypto/property/property_parse.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed)
static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
{
size_t olen, len;
size_t olen, len, i;
char quote = '\0';
int quotes;
len = olen = strlen(str);
*needed += len;
if (*remain == 0)
return;
/*
* Check to see if we need quotes or not.
* Characters that are legal in a PropertyName don't need quoting.
* We simply assume all others require quotes.
*/
for (i = 0; i < len; i++)
if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') {
/* Default to single quotes ... */
if (quote == '\0')
quote = '\'';
/* ... but use double quotes if a single is present */
if (str[i] == '\'')
quote = '"';
}
if (*remain < len + 1)
quotes = quote != '\0';
if (*remain == 0) {
*needed += 2 * quotes;
return;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (*remain < len + 1 + quotes)
len = *remain - 1;
if (len > 0) {
@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
*remain -= len;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (len < olen && *remain == 1) {
**buf = '\0';
++*buf;

8
crypto/external/bsd/openssl/dist/crypto/provider_core.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -408,7 +408,7 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
}
OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
int noconfig)
ossl_unused int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
@ -417,7 +417,7 @@ OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name,
OSSL_PROVIDER tmpl = { 0, };
int i;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
/*
* Make sure any providers are loaded from config before we try to find
* them.
@ -1356,7 +1356,7 @@ int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
struct provider_store_st *store = get_provider_store(ctx);
STACK_OF(OSSL_PROVIDER) *provs = NULL;
#ifndef FIPS_MODULE
#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG)
/*
* Make sure any providers are loaded from config before we try to use
* them.

8
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c vendored
View File

@ -120,6 +120,8 @@ void RAND_keep_random_devices_open(int keep)
*/
int RAND_poll(void)
{
static const char salt[] = "polling";
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
int ret = meth == RAND_OpenSSL();
@ -148,14 +150,12 @@ int RAND_poll(void)
ret = 1;
err:
ossl_rand_pool_free(pool);
return ret;
}
return ret;
# else
static const char salt[] = "polling";
# endif
RAND_seed(salt, sizeof(salt));
return 1;
# endif
}
# ifndef OPENSSL_NO_DEPRECATED_3_0

7
crypto/external/bsd/openssl/dist/crypto/rc4/build.info vendored
View File

@ -21,10 +21,15 @@ SOURCE[../../libcrypto]=$RC4ASM
# When all deprecated symbols are removed, libcrypto doesn't export the
# rc4 functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}]
IF[{- !$disabled{module} && !$disabled{shared} -}]
SOURCE[../../providers/liblegacy.a]=$RC4ASM
ENDIF
# Implementations are now spread across several libraries, so the defines
# need to be applied to all affected libraries and modules.
DEFINE[../../libcrypto]=$RC4DEF
DEFINE[../../providers/liblegacy.a]=$RC4DEF
GENERATE[rc4-586.S]=asm/rc4-586.pl
DEPEND[rc4-586.S]=../perlasm/x86asm.pl

39
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -60,13 +60,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
if (!rsa_param_encode(pkey, &str, &strtype))
return 0;
penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
if (penclen <= 0)
if (penclen <= 0) {
ASN1_STRING_free(str);
return 0;
}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
strtype, str, penc, penclen))
return 1;
OPENSSL_free(penc);
ASN1_STRING_free(str);
return 0;
}
@ -641,6 +644,36 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
size_t aid_len = 0;
OSSL_PARAM params[2];
if (evp_pkey_ctx_is_legacy(pkctx)) {
/* No provider -> we cannot query it for algorithm ID. */
ASN1_STRING *os1 = NULL;
os1 = ossl_rsa_ctx_to_pss_string(pkctx);
if (os1 == NULL)
return 0;
/* Duplicate parameters if we have to */
if (alg2 != NULL) {
ASN1_STRING *os2 = ASN1_STRING_dup(os1);
if (os2 == NULL) {
ASN1_STRING_free(os1);
return 0;
}
if (!X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os2)) {
ASN1_STRING_free(os1);
ASN1_STRING_free(os2);
return 0;
}
}
if (!X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
V_ASN1_SEQUENCE, os1)) {
ASN1_STRING_free(os1);
return 0;
}
return 3;
}
params[0] = OSSL_PARAM_construct_octet_string(
OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
params[1] = OSSL_PARAM_construct_end();
@ -652,11 +685,13 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
if (alg1 != NULL) {
const unsigned char *pp = aid;
if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
return 0;
}
if (alg2 != NULL) {
const unsigned char *pp = aid;
if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
return 0;
}

14
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_backend.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
/* Check private key data integrity */
if (include_private && rsa_d != NULL) {
int numprimes = sk_BIGNUM_const_num(factors);
int numexps = sk_BIGNUM_const_num(exps);
int numcoeffs = sk_BIGNUM_const_num(coeffs);
/*
* It's permissible to have zero primes, i.e. no CRT params.
* Otherwise, there must be at least two, as many exponents,
* and one coefficient less.
*/
if (numprimes != 0
&& (numprimes < 2 || numexps < 2 || numcoeffs < 1))
goto err;
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
rsa_d)

32
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
return 0;
pnum = sk_BIGNUM_num(primes);
if (pnum < 2
|| pnum != sk_BIGNUM_num(exps)
|| pnum != sk_BIGNUM_num(coeffs) + 1)
if (pnum < 2)
return 0;
if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0),
sk_BIGNUM_value(primes, 1))
|| !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
sk_BIGNUM_value(exps, 1),
sk_BIGNUM_value(coeffs, 0)))
sk_BIGNUM_value(primes, 1)))
return 0;
if (pnum == sk_BIGNUM_num(exps)
&& pnum == sk_BIGNUM_num(coeffs) + 1) {
if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
sk_BIGNUM_value(exps, 1),
sk_BIGNUM_value(coeffs, 0)))
return 0;
}
#ifndef FIPS_MODULE
old_infos = r->prime_infos;
#endif
@ -1084,6 +1088,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
{
OSSL_PARAM rsa_params[2], *p = rsa_params;
const char *empty = "";
/*
* Needed as we swap label with empty if it is NULL, and label is
* freed at the end of this function.
*/
void *plabel = label;
int ret;
if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
@ -1096,9 +1106,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
return -1;
/* Accept NULL for backward compatibility */
if (label == NULL && llen == 0)
plabel = (void *)empty;
/* Cast away the const. This is read only so should be safe */
*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
(void *)label, (size_t)llen);
(void *)plabel, (size_t)llen);
*p++ = OSSL_PARAM_construct_end();
ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params);

6
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_pmeth.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -584,6 +584,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE);
return -2;
}
if (p2 == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
*(unsigned char **)p2 = rctx->oaep_label;
return rctx->oaep_labellen;

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx2.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -432,6 +432,7 @@ $code.=<<___;
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
rhotates_left:
.quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0]

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx512.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -486,6 +486,7 @@ SHA3_squeeze:
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
theta_perm:
.quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used]

3
crypto/external/bsd/openssl/dist/crypto/sha/asm/keccak1600-avx512vl.pl vendored
View File

@ -1,5 +1,5 @@
#!/usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -349,6 +349,7 @@ $code.=<<___;
ret
.size SHA3_squeeze,.-SHA3_squeeze
.section .rodata
.align 64
rhotates_left:
.quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0]

3
crypto/external/bsd/openssl/dist/crypto/srp/srp_vfy.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -283,6 +283,7 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key)
return NULL;
if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
|| (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
sk_SRP_user_pwd_free(vb->users_pwd);
OPENSSL_free(vb);
return NULL;
}

6
crypto/external/bsd/openssl/dist/crypto/store/store_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -424,14 +424,14 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
load_data.v = NULL;
load_data.ctx = ctx;
ctx->error_flag = 0;
if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
ossl_store_handle_load_result,
&load_data,
ossl_pw_passphrase_callback_dec,
&ctx->pwdata)) {
if (!OSSL_STORE_eof(ctx))
ctx->error_flag = 1;
ctx->error_flag = 1;
return NULL;
}
v = load_data.v;

6
crypto/external/bsd/openssl/dist/crypto/store/store_result.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -553,8 +553,10 @@ static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
ok = 0; /* Assume decryption or parse error */
if (PKCS12_verify_mac(p12, "", 0)
if (!PKCS12_mac_present(p12)
|| PKCS12_verify_mac(p12, NULL, 0)) {
pass = NULL;
} else if (PKCS12_verify_mac(p12, "", 0)) {
pass = "";
} else {
static char prompt_info[] = "PKCS12 import pass phrase";

Some files were not shown because too many files have changed in this diff Show More