Merge conflicts
This commit is contained in:
parent
f4f044c4b1
commit
bf8eace1c0
|
@ -7,6 +7,42 @@
|
|||
https://github.com/openssl/openssl/commits/ and pick the appropriate
|
||||
release branch.
|
||||
|
||||
Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
|
||||
|
||||
*) Timing vulnerability in DSA signature generation
|
||||
|
||||
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
|
||||
timing side channel attack. An attacker could use variations in the signing
|
||||
algorithm to recover the private key.
|
||||
|
||||
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
|
||||
(CVE-2018-0734)
|
||||
[Paul Dale]
|
||||
|
||||
*) Timing vulnerability in ECDSA signature generation
|
||||
|
||||
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
|
||||
timing side channel attack. An attacker could use variations in the signing
|
||||
algorithm to recover the private key.
|
||||
|
||||
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
|
||||
(CVE-2018-0735)
|
||||
[Paul Dale]
|
||||
|
||||
*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
|
||||
the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
|
||||
are retained for backwards compatibility.
|
||||
[Antoine Salon]
|
||||
|
||||
*) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
|
||||
if its length exceeds 4096 bytes. The limit has been raised to a buffer size
|
||||
of two gigabytes and the error handling improved.
|
||||
|
||||
This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
|
||||
categorized as a normal bug, not a security issue, because the DRBG reseeds
|
||||
automatically and is fully functional even without additional randomness
|
||||
provided by the application.
|
||||
|
||||
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
|
||||
|
||||
*) Add a new ClientHello callback. Provides a callback interface that gives
|
||||
|
@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
|
|||
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
|
||||
bytes sent in the client random.
|
||||
[Edward Bishop <ebishop@spyglass.com>]
|
||||
|
||||
|
|
|
@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) {
|
|||
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
|
||||
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
|
||||
warn <<_____ if scalar(@seed_sources) == 1;
|
||||
You have selected the --with-rand-seed=none option, which effectively disables
|
||||
automatic reseeding of the OpenSSL random generator. All operations depending
|
||||
on the random generator such as creating keys will not work unless the random
|
||||
generator is seeded manually by the application.
|
||||
|
||||
Please read the 'Note on random number generation' section in the INSTALL
|
||||
instructions and the RAND_DRBG(7) manual page for more details.
|
||||
============================== WARNING ===============================
|
||||
You have selected the --with-rand-seed=none option, which effectively
|
||||
disables automatic reseeding of the OpenSSL random generator.
|
||||
All operations depending on the random generator such as creating keys
|
||||
will not work unless the random generator is seeded manually by the
|
||||
application.
|
||||
|
||||
Please read the 'Note on random number generation' section in the
|
||||
INSTALL instructions and the RAND_DRBG(7) manual page for more details.
|
||||
============================== WARNING ===============================
|
||||
|
||||
_____
|
||||
}
|
||||
push @{$config{openssl_other_defines}},
|
||||
|
@ -2174,6 +2179,16 @@ EOF
|
|||
|
||||
# Massage the result
|
||||
|
||||
# If the user configured no-shared, we allow no shared sources
|
||||
if ($disabled{shared}) {
|
||||
foreach (keys %{$unified_info{shared_sources}}) {
|
||||
foreach (keys %{$unified_info{shared_sources}->{$_}}) {
|
||||
delete $unified_info{sources}->{$_};
|
||||
}
|
||||
}
|
||||
$unified_info{shared_sources} = {};
|
||||
}
|
||||
|
||||
# If we depend on a header file or a perl module, add an inclusion of
|
||||
# its directory to allow smoothe inclusion
|
||||
foreach my $dest (keys %{$unified_info{depends}}) {
|
||||
|
@ -2198,8 +2213,8 @@ EOF
|
|||
next unless defined($unified_info{includes}->{$dest}->{$k});
|
||||
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
|
||||
foreach my $obj (grep /\.o$/,
|
||||
(keys %{$unified_info{sources}->{$dest}},
|
||||
keys %{$unified_info{shared_sources}->{$dest}})) {
|
||||
(keys %{$unified_info{sources}->{$dest} // {}},
|
||||
keys %{$unified_info{shared_sources}->{$dest} // {}})) {
|
||||
foreach my $inc (@incs) {
|
||||
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
|
||||
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
|
||||
|
@ -2238,6 +2253,42 @@ EOF
|
|||
[ @{$unified_info{includes}->{$dest}->{source}} ];
|
||||
}
|
||||
}
|
||||
|
||||
# For convenience collect information regarding directories where
|
||||
# files are generated, those generated files and the end product
|
||||
# they end up in where applicable. Then, add build rules for those
|
||||
# directories
|
||||
my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
|
||||
"dso" => [ @{$unified_info{engines}} ],
|
||||
"bin" => [ @{$unified_info{programs}} ],
|
||||
"script" => [ @{$unified_info{scripts}} ] );
|
||||
foreach my $type (keys %loopinfo) {
|
||||
foreach my $product (@{$loopinfo{$type}}) {
|
||||
my %dirs = ();
|
||||
my $pd = dirname($product);
|
||||
|
||||
foreach (@{$unified_info{sources}->{$product} // []},
|
||||
@{$unified_info{shared_sources}->{$product} // []}) {
|
||||
my $d = dirname($_);
|
||||
|
||||
# We don't want to create targets for source directories
|
||||
# when building out of source
|
||||
next if ($config{sourcedir} ne $config{builddir}
|
||||
&& $d =~ m|^\Q$config{sourcedir}\E|);
|
||||
# We already have a "test" target, and the current directory
|
||||
# is just silly to make a target for
|
||||
next if $d eq "test" || $d eq ".";
|
||||
|
||||
$dirs{$d} = 1;
|
||||
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
|
||||
if $d ne $pd;
|
||||
}
|
||||
foreach (keys %dirs) {
|
||||
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
|
||||
$product;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# For the schemes that need it, we provide the old *_obj configs
|
||||
|
@ -2712,10 +2763,16 @@ print <<"EOF";
|
|||
|
||||
**********************************************************************
|
||||
*** ***
|
||||
*** If you want to report a building issue, please include the ***
|
||||
*** output from this command: ***
|
||||
*** OpenSSL has been successfully configured ***
|
||||
*** ***
|
||||
*** perl configdata.pm --dump ***
|
||||
*** If you encounter a problem while building, please open an ***
|
||||
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
|
||||
*** and include the output from the following command: ***
|
||||
*** ***
|
||||
*** perl configdata.pm --dump ***
|
||||
*** ***
|
||||
*** (If you are new to OpenSSL, you might want to consult the ***
|
||||
*** 'Troubleshooting' section in the INSTALL file first) ***
|
||||
*** ***
|
||||
**********************************************************************
|
||||
EOF
|
||||
|
|
|
@ -5,6 +5,11 @@
|
|||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
|
||||
|
||||
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
|
||||
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
|
||||
|
||||
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
|
||||
|
||||
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
OpenSSL 1.1.1 11 Sep 2018
|
||||
OpenSSL 1.1.1a 20 Nov 2018
|
||||
|
||||
Copyright (c) 1998-2018 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
|
|
@ -605,7 +605,7 @@ end_of_options:
|
|||
/*
|
||||
* outdir is a directory spec, but access() for VMS demands a
|
||||
* filename. We could use the DEC C routine to convert the
|
||||
* directory syntax to Unixly, and give that to app_isdir,
|
||||
* directory syntax to Unix, and give that to app_isdir,
|
||||
* but for now the fopen will catch the error if it's not a
|
||||
* directory
|
||||
*/
|
||||
|
@ -976,7 +976,7 @@ end_of_options:
|
|||
BIO_printf(bio_err, "Write out database with %d new entries\n",
|
||||
sk_X509_num(cert_sk));
|
||||
|
||||
if (!rand_ser
|
||||
if (serialfile != NULL
|
||||
&& !save_serial(serialfile, "new", serial, NULL))
|
||||
goto end;
|
||||
|
||||
|
@ -1044,7 +1044,8 @@ end_of_options:
|
|||
|
||||
if (sk_X509_num(cert_sk)) {
|
||||
/* Rename the database and the serial file */
|
||||
if (!rotate_serial(serialfile, "new", "old"))
|
||||
if (serialfile != NULL
|
||||
&& !rotate_serial(serialfile, "new", "old"))
|
||||
goto end;
|
||||
|
||||
if (!rotate_index(dbfile, "new", "old"))
|
||||
|
@ -1177,10 +1178,9 @@ end_of_options:
|
|||
}
|
||||
|
||||
/* we have a CRL number that need updating */
|
||||
if (crlnumberfile != NULL)
|
||||
if (!rand_ser
|
||||
&& !save_serial(crlnumberfile, "new", crlnumber, NULL))
|
||||
goto end;
|
||||
if (crlnumberfile != NULL
|
||||
&& !save_serial(crlnumberfile, "new", crlnumber, NULL))
|
||||
goto end;
|
||||
|
||||
BN_free(crlnumber);
|
||||
crlnumber = NULL;
|
||||
|
@ -1195,9 +1195,10 @@ end_of_options:
|
|||
|
||||
PEM_write_bio_X509_CRL(Sout, crl);
|
||||
|
||||
if (crlnumberfile != NULL) /* Rename the crlnumber file */
|
||||
if (!rotate_serial(crlnumberfile, "new", "old"))
|
||||
goto end;
|
||||
/* Rename the crlnumber file */
|
||||
if (crlnumberfile != NULL
|
||||
&& !rotate_serial(crlnumberfile, "new", "old"))
|
||||
goto end;
|
||||
|
||||
}
|
||||
/*****************************************************************/
|
||||
|
|
|
@ -950,6 +950,7 @@ static void spawn_loop(void)
|
|||
sleep(30);
|
||||
break;
|
||||
case 0: /* child */
|
||||
OPENSSL_free(kidpids);
|
||||
signal(SIGINT, SIG_DFL);
|
||||
signal(SIGTERM, SIG_DFL);
|
||||
if (termsig)
|
||||
|
@ -976,6 +977,7 @@ static void spawn_loop(void)
|
|||
}
|
||||
|
||||
/* The loop above can only break on termsig */
|
||||
OPENSSL_free(kidpids);
|
||||
syslog(LOG_INFO, "terminating on signal: %d", termsig);
|
||||
killall(0, kidpids);
|
||||
}
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
|
@ -57,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number
|
|||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extensions to add to the cert
|
||||
|
||||
|
|
|
@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
|
|||
|
||||
if (strlen(psk_identity) != identity_len
|
||||
|| memcmp(psk_identity, identity, identity_len) != 0) {
|
||||
BIO_printf(bio_s_out,
|
||||
"PSK warning: client identity not what we expected"
|
||||
" (got '%s' expected '%s')\n", identity, psk_identity);
|
||||
*sess = NULL;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (psksess != NULL) {
|
||||
|
@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[])
|
|||
goto end;
|
||||
}
|
||||
#endif
|
||||
if (early_data && (www > 0 || rev)) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_SCTP
|
||||
if (protocol == IPPROTO_SCTP) {
|
||||
|
|
|
@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
|
|||
|
||||
if (rsa_count <= 1) {
|
||||
/* if longer than 10s, don't do any more */
|
||||
for (testnum++; testnum < EC_NUM; testnum++)
|
||||
for (testnum++; testnum < ECDSA_NUM; testnum++)
|
||||
ecdsa_doit[testnum] = 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
|
|||
argi = (int)len;
|
||||
}
|
||||
|
||||
if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
|
||||
if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
|
||||
if (*processed > INT_MAX)
|
||||
return -1;
|
||||
inret = *processed;
|
||||
|
@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
|
|||
|
||||
ret = b->callback(b, oper, argp, argi, argl, inret);
|
||||
|
||||
if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
|
||||
if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
|
||||
*processed = (size_t)ret;
|
||||
ret = 1;
|
||||
}
|
||||
|
|
|
@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
|
|||
|
||||
# endif /* Unix */
|
||||
|
||||
#else /* NO_SYSLOG */
|
||||
const BIO_METHOD *BIO_s_log(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
#endif /* NO_SYSLOG */
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -64,12 +64,6 @@
|
|||
* machine.
|
||||
*/
|
||||
|
||||
# if defined(_WIN64) || !defined(__LP64__)
|
||||
# define BN_ULONG unsigned long long
|
||||
# else
|
||||
# define BN_ULONG unsigned long
|
||||
# endif
|
||||
|
||||
# undef mul
|
||||
# undef mul_add
|
||||
|
||||
|
|
|
@ -1081,7 +1081,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
|||
* is not only slower but also makes each bit vulnerable to
|
||||
* EM (and likely other) side-channel attacks like One&Done
|
||||
* (for details see "One&Done: A Single-Decryption EM-Based
|
||||
* Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
|
||||
* Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
|
||||
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
|
||||
* M. Prvulovic, in USENIX Security'18)
|
||||
*/
|
||||
|
|
|
@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
|
|||
b->neg ^= t;
|
||||
|
||||
/*-
|
||||
* Idea behind BN_FLG_STATIC_DATA is actually to
|
||||
* indicate that data may not be written to.
|
||||
* Intention is actually to treat it as it's
|
||||
* read-only data, and some (if not most) of it does
|
||||
* reside in read-only segment. In other words
|
||||
* observation of BN_FLG_STATIC_DATA in
|
||||
* BN_consttime_swap should be treated as fatal
|
||||
* condition. It would either cause SEGV or
|
||||
* effectively cause data corruption.
|
||||
* BN_FLG_MALLOCED refers to BN structure itself,
|
||||
* and hence must be preserved. Remaining flags are
|
||||
* BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
|
||||
* preserved, because it determines how x->d was
|
||||
* allocated and hence how to free it. This leaves
|
||||
* BN_FLG_CONSTTIME that one can do something about.
|
||||
* To summarize it's sufficient to mask and swap
|
||||
* BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
|
||||
* be treated as fatal.
|
||||
* BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
|
||||
* is actually to treat it as it's read-only data, and some (if not most)
|
||||
* of it does reside in read-only segment. In other words observation of
|
||||
* BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
|
||||
* condition. It would either cause SEGV or effectively cause data
|
||||
* corruption.
|
||||
*
|
||||
* BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
|
||||
* preserved.
|
||||
*
|
||||
* BN_FLG_SECURE: must be preserved, because it determines how x->d was
|
||||
* allocated and hence how to free it.
|
||||
*
|
||||
* BN_FLG_CONSTTIME: sufficient to mask and swap
|
||||
*
|
||||
* BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
|
||||
* the data, so the d array may be padded with additional 0 values (i.e.
|
||||
* top could be greater than the minimal value that it could be). We should
|
||||
* be swapping it
|
||||
*/
|
||||
t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
|
||||
|
||||
#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
|
||||
|
||||
t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
|
||||
a->flags ^= t;
|
||||
b->flags ^= t;
|
||||
|
||||
|
|
|
@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
|
|||
|
||||
if (_OPENSSL_isservice.p == NULL) {
|
||||
HANDLE mod = GetModuleHandle(NULL);
|
||||
FARPROC f;
|
||||
FARPROC f = NULL;
|
||||
|
||||
if (mod != NULL)
|
||||
f = GetProcAddress(mod, "_OPENSSL_isservice");
|
||||
|
|
|
@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
|
|||
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
|
||||
return 0;
|
||||
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
|
||||
return 0;
|
||||
|
||||
kdf_md = EVP_get_digestbynid(kdfmd_nid);
|
||||
|
@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
ecdh_nid = NID_dh_cofactor_kdf;
|
||||
|
||||
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
|
||||
kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
|
||||
kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
|
||||
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
|
||||
goto err;
|
||||
} else
|
||||
|
|
|
@ -28,6 +28,13 @@
|
|||
# define CHECK_BSD_STYLE_MACROS
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ONE global file descriptor for all sessions. This allows operations
|
||||
* such as digest session data copying (see digest_copy()), but is also
|
||||
* saner... why re-open /dev/crypto for every session?
|
||||
*/
|
||||
static int cfd;
|
||||
|
||||
/******************************************************************************
|
||||
*
|
||||
* Ciphers
|
||||
|
@ -39,7 +46,6 @@
|
|||
*****/
|
||||
|
||||
struct cipher_ctx {
|
||||
int cfd;
|
||||
struct session_op sess;
|
||||
|
||||
/* to pass from init to do_cipher */
|
||||
|
@ -69,7 +75,7 @@ static const struct cipher_data_st {
|
|||
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
|
||||
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
|
||||
#ifndef OPENSSL_NO_RC4
|
||||
{ NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
|
||||
{ NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
|
||||
#endif
|
||||
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
|
||||
{ NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
|
||||
|
@ -135,19 +141,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
|||
const struct cipher_data_st *cipher_d =
|
||||
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
|
||||
|
||||
if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
|
||||
SYSerr(SYS_F_OPEN, errno);
|
||||
return 0;
|
||||
}
|
||||
|
||||
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
|
||||
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
|
||||
cipher_ctx->sess.keylen = cipher_d->keylen;
|
||||
cipher_ctx->sess.key = (void *)key;
|
||||
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
|
||||
if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
|
||||
if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
close(cipher_ctx->cfd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -187,7 +187,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
cryp.flags = COP_FLAG_WRITE_IV;
|
||||
#endif
|
||||
|
||||
if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
|
||||
if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
|
@ -213,14 +213,10 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
|
|||
struct cipher_ctx *cipher_ctx =
|
||||
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
|
||||
|
||||
if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
|
||||
if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
if (close(cipher_ctx->cfd) < 0) {
|
||||
SYSerr(SYS_F_CLOSE, errno);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -234,14 +230,10 @@ static int known_cipher_nids[OSSL_NELEM(cipher_data)];
|
|||
static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
|
||||
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
|
||||
|
||||
static void prepare_cipher_methods()
|
||||
static void prepare_cipher_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
struct session_op sess;
|
||||
int cfd;
|
||||
|
||||
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
|
||||
return;
|
||||
|
||||
memset(&sess, 0, sizeof(sess));
|
||||
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
|
||||
|
@ -256,7 +248,7 @@ static void prepare_cipher_methods()
|
|||
sess.cipher = cipher_data[i].devcryptoid;
|
||||
sess.keylen = cipher_data[i].keylen;
|
||||
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
|
||||
|| ioctl(cfd, CIOCFSESSION, &sess) < 0)
|
||||
|| ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
|
||||
continue;
|
||||
|
||||
if ((known_cipher_methods[i] =
|
||||
|
@ -282,8 +274,6 @@ static void prepare_cipher_methods()
|
|||
cipher_data[i].nid;
|
||||
}
|
||||
}
|
||||
|
||||
close(cfd);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *get_cipher_method(int nid)
|
||||
|
@ -309,7 +299,7 @@ static void destroy_cipher_method(int nid)
|
|||
known_cipher_methods[i] = NULL;
|
||||
}
|
||||
|
||||
static void destroy_all_cipher_methods()
|
||||
static void destroy_all_cipher_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
|
@ -330,11 +320,12 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
|||
|
||||
/*
|
||||
* We only support digests if the cryptodev implementation supports multiple
|
||||
* data updates. Otherwise, we would be forced to maintain a cache, which is
|
||||
* perilous if there's a lot of data coming in (if someone wants to checksum
|
||||
* an OpenSSL tarball, for example).
|
||||
* data updates and session copying. Otherwise, we would be forced to maintain
|
||||
* a cache, which is perilous if there's a lot of data coming in (if someone
|
||||
* wants to checksum an OpenSSL tarball, for example).
|
||||
*/
|
||||
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|
||||
#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|
||||
#define IMPLEMENT_DIGEST
|
||||
|
||||
/******************************************************************************
|
||||
*
|
||||
|
@ -347,7 +338,6 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
|
|||
*****/
|
||||
|
||||
struct digest_ctx {
|
||||
int cfd;
|
||||
struct session_op sess;
|
||||
int init;
|
||||
};
|
||||
|
@ -414,19 +404,12 @@ static int digest_init(EVP_MD_CTX *ctx)
|
|||
const struct digest_data_st *digest_d =
|
||||
get_digest_data(EVP_MD_CTX_type(ctx));
|
||||
|
||||
if (digest_ctx->init == 0
|
||||
&& (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
|
||||
SYSerr(SYS_F_OPEN, errno);
|
||||
return 0;
|
||||
}
|
||||
|
||||
digest_ctx->init = 1;
|
||||
|
||||
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
|
||||
digest_ctx->sess.mac = digest_d->devcryptoid;
|
||||
if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
|
||||
if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
close(digest_ctx->cfd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -445,7 +428,7 @@ static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
|
|||
cryp.dst = NULL;
|
||||
cryp.mac = res;
|
||||
cryp.flags = flags;
|
||||
return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
|
||||
return ioctl(cfd, CIOCCRYPT, &cryp);
|
||||
}
|
||||
|
||||
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
|
||||
|
@ -473,7 +456,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
|
|||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
|
||||
if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
|
@ -481,16 +464,38 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
|
|||
return 1;
|
||||
}
|
||||
|
||||
static int digest_cleanup(EVP_MD_CTX *ctx)
|
||||
static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
|
||||
{
|
||||
struct digest_ctx *digest_ctx =
|
||||
(struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
|
||||
struct digest_ctx *digest_from =
|
||||
(struct digest_ctx *)EVP_MD_CTX_md_data(from);
|
||||
struct digest_ctx *digest_to =
|
||||
(struct digest_ctx *)EVP_MD_CTX_md_data(to);
|
||||
struct cphash_op cphash;
|
||||
|
||||
if (close(digest_ctx->cfd) < 0) {
|
||||
SYSerr(SYS_F_CLOSE, errno);
|
||||
if (digest_from == NULL)
|
||||
return 1;
|
||||
|
||||
if (digest_from->init != 1) {
|
||||
SYSerr(SYS_F_IOCTL, EINVAL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!digest_init(to)) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
|
||||
cphash.src_ses = digest_from->sess.ses;
|
||||
cphash.dst_ses = digest_to->sess.ses;
|
||||
if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
|
||||
SYSerr(SYS_F_IOCTL, errno);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int digest_cleanup(EVP_MD_CTX *ctx)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -503,14 +508,10 @@ static int known_digest_nids[OSSL_NELEM(digest_data)];
|
|||
static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
|
||||
static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
|
||||
|
||||
static void prepare_digest_methods()
|
||||
static void prepare_digest_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
struct session_op sess;
|
||||
int cfd;
|
||||
|
||||
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
|
||||
return;
|
||||
|
||||
memset(&sess, 0, sizeof(sess));
|
||||
|
||||
|
@ -523,7 +524,7 @@ static void prepare_digest_methods()
|
|||
*/
|
||||
sess.mac = digest_data[i].devcryptoid;
|
||||
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
|
||||
|| ioctl(cfd, CIOCFSESSION, &sess) < 0)
|
||||
|| ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
|
||||
continue;
|
||||
|
||||
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
|
||||
|
@ -533,6 +534,7 @@ static void prepare_digest_methods()
|
|||
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
|
||||
|| !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
|
||||
|| !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
|
||||
|| !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
|
||||
|| !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
|
||||
|| !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
|
||||
sizeof(struct digest_ctx))) {
|
||||
|
@ -542,8 +544,6 @@ static void prepare_digest_methods()
|
|||
known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
|
||||
}
|
||||
}
|
||||
|
||||
close(cfd);
|
||||
}
|
||||
|
||||
static const EVP_MD *get_digest_method(int nid)
|
||||
|
@ -569,7 +569,7 @@ static void destroy_digest_method(int nid)
|
|||
known_digest_methods[i] = NULL;
|
||||
}
|
||||
|
||||
static void destroy_all_digest_methods()
|
||||
static void destroy_all_digest_methods(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
|
@ -599,9 +599,12 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
|
|||
static int devcrypto_unload(ENGINE *e)
|
||||
{
|
||||
destroy_all_cipher_methods();
|
||||
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|
||||
#ifdef IMPLEMENT_DIGEST
|
||||
destroy_all_digest_methods();
|
||||
#endif
|
||||
|
||||
close(cfd);
|
||||
|
||||
return 1;
|
||||
}
|
||||
/*
|
||||
|
@ -612,23 +615,30 @@ void engine_load_devcrypto_int()
|
|||
{
|
||||
ENGINE *e = NULL;
|
||||
|
||||
if (access("/dev/crypto", R_OK | W_OK) < 0) {
|
||||
fprintf(stderr,
|
||||
"/dev/crypto not present, not enabling devcrypto engine\n");
|
||||
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
|
||||
fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
||||
prepare_cipher_methods();
|
||||
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|
||||
#ifdef IMPLEMENT_DIGEST
|
||||
prepare_digest_methods();
|
||||
#endif
|
||||
|
||||
if ((e = ENGINE_new()) == NULL)
|
||||
if ((e = ENGINE_new()) == NULL
|
||||
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
|
||||
ENGINE_free(e);
|
||||
/*
|
||||
* We know that devcrypto_unload() won't be called when one of the
|
||||
* above two calls have failed, so we close cfd explicitly here to
|
||||
* avoid leaking resources.
|
||||
*/
|
||||
close(cfd);
|
||||
return;
|
||||
}
|
||||
|
||||
if (!ENGINE_set_id(e, "devcrypto")
|
||||
|| !ENGINE_set_name(e, "/dev/crypto engine")
|
||||
|| !ENGINE_set_destroy_function(e, devcrypto_unload)
|
||||
|
||||
/*
|
||||
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
|
||||
|
@ -665,7 +675,7 @@ void engine_load_devcrypto_int()
|
|||
# endif
|
||||
#endif
|
||||
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
|
||||
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|
||||
#ifdef IMPLEMENT_DIGEST
|
||||
|| !ENGINE_set_digests(e, devcrypto_digests)
|
||||
#endif
|
||||
) {
|
||||
|
|
|
@ -2241,7 +2241,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
|||
|
||||
if (!cctx->aes.ccm.len_set) {
|
||||
/*-
|
||||
* In case message length was not previously set explicitely via
|
||||
* In case message length was not previously set explicitly via
|
||||
* Update(), set it now.
|
||||
*/
|
||||
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
|
||||
|
|
|
@ -77,6 +77,17 @@ static uint64_t get_timer_bits(void);
|
|||
# endif
|
||||
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
|
||||
|
||||
#if defined(OPENSSL_RAND_SEED_NONE)
|
||||
/* none means none. this simplifies the following logic */
|
||||
# undef OPENSSL_RAND_SEED_OS
|
||||
# undef OPENSSL_RAND_SEED_GETRANDOM
|
||||
# undef OPENSSL_RAND_SEED_LIBRANDOM
|
||||
# undef OPENSSL_RAND_SEED_DEVRANDOM
|
||||
# undef OPENSSL_RAND_SEED_RDTSC
|
||||
# undef OPENSSL_RAND_SEED_RDCPU
|
||||
# undef OPENSSL_RAND_SEED_EGD
|
||||
#endif
|
||||
|
||||
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
|
||||
!defined(OPENSSL_RAND_SEED_NONE)
|
||||
# error "UEFI and VXWorks only support seeding NONE"
|
||||
|
@ -86,8 +97,6 @@ static uint64_t get_timer_bits(void);
|
|||
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|
||||
|| defined(OPENSSL_SYS_UEFI))
|
||||
|
||||
static ssize_t syscall_random(void *buf, size_t buflen);
|
||||
|
||||
# if defined(OPENSSL_SYS_VOS)
|
||||
|
||||
# ifndef OPENSSL_RAND_SEED_OS
|
||||
|
@ -244,6 +253,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
|
|||
}
|
||||
# endif
|
||||
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
/*
|
||||
* syscall_random(): Try to get random data using a system call
|
||||
* returns the number of bytes returned in buf, or < 0 on error.
|
||||
|
@ -254,7 +264,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
|
|||
* Note: 'buflen' equals the size of the buffer which is used by the
|
||||
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
|
||||
*
|
||||
* 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
|
||||
* 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
|
||||
*
|
||||
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
|
||||
* between size_t and ssize_t is safe even without a range check.
|
||||
|
@ -302,8 +312,9 @@ static ssize_t syscall_random(void *buf, size_t buflen)
|
|||
return -1;
|
||||
# endif
|
||||
}
|
||||
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
|
||||
|
||||
#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
static const char *random_device_paths[] = { DEVRANDOM };
|
||||
static struct random_device {
|
||||
int fd;
|
||||
|
@ -375,21 +386,13 @@ static void close_random_device(size_t n)
|
|||
rd->fd = -1;
|
||||
}
|
||||
|
||||
static void open_random_devices(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(random_devices); i++)
|
||||
(void)get_random_device(i);
|
||||
}
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
for (i = 0; i < OSSL_NELEM(random_devices); i++)
|
||||
random_devices[i].fd = -1;
|
||||
open_random_devices();
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -403,16 +406,13 @@ void rand_pool_cleanup(void)
|
|||
|
||||
void rand_pool_keep_random_devices_open(int keep)
|
||||
{
|
||||
if (keep)
|
||||
open_random_devices();
|
||||
else
|
||||
if (!keep)
|
||||
rand_pool_cleanup();
|
||||
|
||||
keep_random_devices_open = keep;
|
||||
}
|
||||
|
||||
# else /* defined(OPENSSL_RAND_SEED_NONE)
|
||||
* || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
*/
|
||||
# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
|
||||
|
||||
int rand_pool_init(void)
|
||||
{
|
||||
|
@ -427,9 +427,7 @@ void rand_pool_keep_random_devices_open(int keep)
|
|||
{
|
||||
}
|
||||
|
||||
# endif /* !defined(OPENSSL_RAND_SEED_NONE)
|
||||
* && defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
*/
|
||||
# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
|
||||
|
||||
/*
|
||||
* Try the various seeding methods in turn, exit when successful.
|
||||
|
@ -450,14 +448,14 @@ void rand_pool_keep_random_devices_open(int keep)
|
|||
*/
|
||||
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
||||
{
|
||||
# ifdef OPENSSL_RAND_SEED_NONE
|
||||
# if defined(OPENSSL_RAND_SEED_NONE)
|
||||
return rand_pool_entropy_available(pool);
|
||||
# else
|
||||
size_t bytes_needed;
|
||||
size_t entropy_available = 0;
|
||||
unsigned char *buffer;
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
||||
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
||||
{
|
||||
ssize_t bytes;
|
||||
/* Maximum allowed number of consecutive unsuccessful attempts */
|
||||
|
@ -487,7 +485,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
|||
}
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_DEVRANDOM
|
||||
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
{
|
||||
size_t i;
|
||||
|
@ -524,19 +522,19 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
|
|||
}
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_RDTSC
|
||||
# if defined(OPENSSL_RAND_SEED_RDTSC)
|
||||
entropy_available = rand_acquire_entropy_from_tsc(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_RDCPU
|
||||
# if defined(OPENSSL_RAND_SEED_RDCPU)
|
||||
entropy_available = rand_acquire_entropy_from_cpu(pool);
|
||||
if (entropy_available > 0)
|
||||
return entropy_available;
|
||||
# endif
|
||||
|
||||
# ifdef OPENSSL_RAND_SEED_EGD
|
||||
# if defined(OPENSSL_RAND_SEED_EGD)
|
||||
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
||||
if (bytes_needed > 0) {
|
||||
static const char *paths[] = { DEVRANDOM_EGD, NULL };
|
||||
|
@ -577,7 +575,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
|
|||
|
||||
/*
|
||||
* Add process id, thread id, and a high resolution timestamp to
|
||||
* ensure that the nonce is unique whith high probability for
|
||||
* ensure that the nonce is unique with high probability for
|
||||
* different process instances.
|
||||
*/
|
||||
data.pid = getpid();
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rand_drbg.h>
|
||||
#include <openssl/buffer.h>
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
|
@ -48,7 +49,7 @@
|
|||
# define S_ISREG(m) ((m) & S_IFREG)
|
||||
# endif
|
||||
|
||||
#define RAND_FILE_SIZE 1024
|
||||
#define RAND_BUF_SIZE 1024
|
||||
#define RFILE ".rnd"
|
||||
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
|
@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
|
|||
*/
|
||||
int RAND_load_file(const char *file, long bytes)
|
||||
{
|
||||
unsigned char buf[RAND_FILE_SIZE];
|
||||
/*
|
||||
* The load buffer size exceeds the chunk size by the comfortable amount
|
||||
* of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
|
||||
* to avoid calling RAND_add() with a small final chunk. Instead, such
|
||||
* a small final chunk will be added together with the previous chunk
|
||||
* (unless it's the only one).
|
||||
*/
|
||||
#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
|
||||
unsigned char buf[RAND_LOAD_BUF_SIZE];
|
||||
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
struct stat sb;
|
||||
#endif
|
||||
|
@ -98,8 +108,12 @@ int RAND_load_file(const char *file, long bytes)
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (!S_ISREG(sb.st_mode) && bytes < 0)
|
||||
bytes = 256;
|
||||
if (bytes < 0) {
|
||||
if (S_ISREG(sb.st_mode))
|
||||
bytes = sb.st_size;
|
||||
else
|
||||
bytes = RAND_DRBG_STRENGTH;
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
|
||||
|
@ -124,9 +138,9 @@ int RAND_load_file(const char *file, long bytes)
|
|||
|
||||
for ( ; ; ) {
|
||||
if (bytes > 0)
|
||||
n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
|
||||
n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
|
||||
else
|
||||
n = RAND_FILE_SIZE;
|
||||
n = RAND_LOAD_BUF_SIZE;
|
||||
i = fread(buf, 1, n, in);
|
||||
#ifdef EINTR
|
||||
if (ferror(in) && errno == EINTR){
|
||||
|
@ -148,12 +162,18 @@ int RAND_load_file(const char *file, long bytes)
|
|||
|
||||
OPENSSL_cleanse(buf, sizeof(buf));
|
||||
fclose(in);
|
||||
if (!RAND_status()) {
|
||||
RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
|
||||
ERR_add_error_data(2, "Filename=", file);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int RAND_write_file(const char *file)
|
||||
{
|
||||
unsigned char buf[RAND_FILE_SIZE];
|
||||
unsigned char buf[RAND_BUF_SIZE];
|
||||
int ret = -1;
|
||||
FILE *out = NULL;
|
||||
#ifndef OPENSSL_NO_POSIX_IO
|
||||
|
@ -222,9 +242,9 @@ int RAND_write_file(const char *file)
|
|||
chmod(file, 0600);
|
||||
#endif
|
||||
|
||||
ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
|
||||
ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
|
||||
fclose(out);
|
||||
OPENSSL_cleanse(buf, RAND_FILE_SIZE);
|
||||
OPENSSL_cleanse(buf, RAND_BUF_SIZE);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -262,11 +282,9 @@ const char *RAND_file_name(char *buf, size_t size)
|
|||
}
|
||||
}
|
||||
#else
|
||||
if (OPENSSL_issetugid() != 0) {
|
||||
if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
|
||||
use_randfile = 0;
|
||||
} else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
|
||||
use_randfile = 0;
|
||||
s = getenv("HOME");
|
||||
s = ossl_safe_getenv("HOME");
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -125,8 +125,8 @@ void RSA_free(RSA *r)
|
|||
|
||||
CRYPTO_THREAD_lock_free(r->lock);
|
||||
|
||||
BN_clear_free(r->n);
|
||||
BN_clear_free(r->e);
|
||||
BN_free(r->n);
|
||||
BN_free(r->e);
|
||||
BN_clear_free(r->d);
|
||||
BN_clear_free(r->p);
|
||||
BN_clear_free(r->q);
|
||||
|
@ -196,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
|||
r->e = e;
|
||||
}
|
||||
if (d != NULL) {
|
||||
BN_free(r->d);
|
||||
BN_clear_free(r->d);
|
||||
r->d = d;
|
||||
}
|
||||
|
||||
|
@ -213,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
|
|||
return 0;
|
||||
|
||||
if (p != NULL) {
|
||||
BN_free(r->p);
|
||||
BN_clear_free(r->p);
|
||||
r->p = p;
|
||||
}
|
||||
if (q != NULL) {
|
||||
BN_free(r->q);
|
||||
BN_clear_free(r->q);
|
||||
r->q = q;
|
||||
}
|
||||
|
||||
|
@ -235,15 +235,15 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
|
|||
return 0;
|
||||
|
||||
if (dmp1 != NULL) {
|
||||
BN_free(r->dmp1);
|
||||
BN_clear_free(r->dmp1);
|
||||
r->dmp1 = dmp1;
|
||||
}
|
||||
if (dmq1 != NULL) {
|
||||
BN_free(r->dmq1);
|
||||
BN_clear_free(r->dmq1);
|
||||
r->dmq1 = dmq1;
|
||||
}
|
||||
if (iqmp != NULL) {
|
||||
BN_free(r->iqmp);
|
||||
BN_clear_free(r->iqmp);
|
||||
r->iqmp = iqmp;
|
||||
}
|
||||
|
||||
|
|
|
@ -415,6 +415,24 @@ static int open_console(UI *ui)
|
|||
is_a_tty = 0;
|
||||
else
|
||||
# endif
|
||||
# ifdef ENXIO
|
||||
/*
|
||||
* Solaris can return ENXIO.
|
||||
* This should be ok
|
||||
*/
|
||||
if (errno == ENXIO)
|
||||
is_a_tty = 0;
|
||||
else
|
||||
# endif
|
||||
# ifdef EIO
|
||||
/*
|
||||
* Linux can return EIO.
|
||||
* This should be ok
|
||||
*/
|
||||
if (errno == EIO)
|
||||
is_a_tty = 0;
|
||||
else
|
||||
# endif
|
||||
# ifdef ENODEV
|
||||
/*
|
||||
* MacOS X returns ENODEV (Operation not supported by device),
|
||||
|
|
|
@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
|
|||
/* check_purpose() makes the callback as needed */
|
||||
if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
|
||||
return 0;
|
||||
/* Check pathlen if not self issued */
|
||||
if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
|
||||
&& (x->ex_pathlen != -1)
|
||||
&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
|
||||
/* Check pathlen */
|
||||
if ((i > 1) && (x->ex_pathlen != -1)
|
||||
&& (plen > (x->ex_pathlen + proxy_path_length))) {
|
||||
if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
|
||||
return 0;
|
||||
}
|
||||
/* Increment path length if not self issued */
|
||||
if (!(x->ex_flags & EXFLAG_SI))
|
||||
/* Increment path length if not a self issued intermediate CA */
|
||||
if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
|
||||
plen++;
|
||||
/*
|
||||
* If this certificate is a proxy certificate, the next certificate
|
||||
|
|
|
@ -1,103 +0,0 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
|
||||
SSL_add_client_CA - set list of CAs sent to the client when requesting a
|
||||
client certificate
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
|
||||
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
|
||||
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
|
||||
int SSL_add_client_CA(SSL *ssl, X509 *cacert);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
|
||||
requesting a client certificate for B<ctx>.
|
||||
|
||||
SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
|
||||
requesting a client certificate for the chosen B<ssl>, overriding the
|
||||
setting valid for B<ssl>'s SSL_CTX object.
|
||||
|
||||
SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
|
||||
list of CAs sent to the client when requesting a client certificate for
|
||||
B<ctx>.
|
||||
|
||||
SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
|
||||
list of CAs sent to the client when requesting a client certificate for
|
||||
the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
When a TLS/SSL server requests a client certificate (see
|
||||
B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
|
||||
it will accept certificates, to the client.
|
||||
|
||||
This list must explicitly be set using SSL_CTX_set_client_CA_list() for
|
||||
B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
|
||||
specified overrides the previous setting. The CAs listed do not become
|
||||
trusted (B<list> only contains the names, not the complete certificates); use
|
||||
L<SSL_CTX_load_verify_locations(3)>
|
||||
to additionally load them for verification.
|
||||
|
||||
If the list of acceptable CAs is compiled in a file, the
|
||||
L<SSL_load_client_CA_file(3)>
|
||||
function can be used to help importing the necessary data.
|
||||
|
||||
SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
|
||||
items the list of client CAs. If no list was specified before using
|
||||
SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
|
||||
CA list for B<ctx> or B<ssl> (as appropriate) is opened.
|
||||
|
||||
These functions are only useful for TLS/SSL servers.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
|
||||
diagnostic information.
|
||||
|
||||
SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
|
||||
values:
|
||||
|
||||
=over 4
|
||||
|
||||
=item Z<>0
|
||||
|
||||
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
|
||||
the X509_NAME could not be extracted from B<cacert>. Check the error stack
|
||||
to find out the reason.
|
||||
|
||||
=item Z<>1
|
||||
|
||||
The operation succeeded.
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
Scan all certificates in B<CAfile> and list them as acceptable CAs:
|
||||
|
||||
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(7)>,
|
||||
L<SSL_get_client_CA_list(3)>,
|
||||
L<SSL_load_client_CA_file(3)>,
|
||||
L<SSL_CTX_load_verify_locations(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
|
@ -1,62 +0,0 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
|
||||
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
|
||||
B<ctx> using L<SSL_CTX_set_client_CA_list(3)>.
|
||||
|
||||
SSL_get_client_CA_list() returns the list of client CAs explicitly
|
||||
set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
|
||||
L<SSL_CTX_set_client_CA_list(3)>, when in
|
||||
server mode. In client mode, SSL_get_client_CA_list returns the list of
|
||||
client CAs sent from the server, if any.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
|
||||
diagnostic information.
|
||||
|
||||
SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
|
||||
values:
|
||||
|
||||
=over 4
|
||||
|
||||
=item STACK_OF(X509_NAMES)
|
||||
|
||||
List of CA names explicitly set (for B<ctx> or in server mode) or send
|
||||
by the server (client mode).
|
||||
|
||||
=item NULL
|
||||
|
||||
No client CA list was explicitly set (for B<ctx> or in server mode) or
|
||||
the server did not send a list of CAs (client mode).
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(7)>,
|
||||
L<SSL_CTX_set_client_CA_list(3)>,
|
||||
L<SSL_CTX_set_client_cert_cb(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
|
@ -1,43 +0,0 @@
|
|||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
SSL_get_server_tmp_key - get information about the server's temporary key used
|
||||
during a handshake
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
SSL_get_server_tmp_key() returns the temporary key provided by the server and
|
||||
used during key exchange. For example, if ECDHE is in use, then this represents
|
||||
the server's public ECDHE key. On success a pointer to the key is stored in
|
||||
B<*key>. It is the caller's responsibility to free this key after use using
|
||||
L<EVP_PKEY_free(3)>. This function may only be called by the client.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_get_server_tmp_key() returns 1 on success or 0 otherwise.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
This function is implemented as a macro.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ssl(7)>, L<EVP_PKEY_free(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the OpenSSL license (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
|
@ -245,7 +245,7 @@ extern FILE *_imp___iob;
|
|||
|
||||
Finally, we add the VMS C facility code 0x35a000, because there are some
|
||||
programs, such as Perl, that will reinterpret the code back to something
|
||||
POSIXly. 'man perlvms' explains it further.
|
||||
POSIX. 'man perlvms' explains it further.
|
||||
|
||||
NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
|
||||
codes (status type = 1). I couldn't disagree more. Fortunately, the
|
||||
|
@ -317,8 +317,15 @@ struct servent *getservbyname(const char *name, const char *proto);
|
|||
# endif
|
||||
/* end vxworks */
|
||||
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
# define CRYPTO_memcmp memcmp
|
||||
#endif
|
||||
# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
# define CRYPTO_memcmp memcmp
|
||||
# endif
|
||||
|
||||
/* unistd.h defines _POSIX_VERSION */
|
||||
# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
|
||||
&& ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
|
||||
|| defined(__sun) || defined(__hpux) || defined(__sgi) \
|
||||
|| defined(__osf__) )
|
||||
# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */
|
||||
# endif
|
||||
#endif
|
||||
|
|
|
@ -57,6 +57,7 @@
|
|||
# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
|
||||
# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
|
||||
# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
|
||||
# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
|
||||
# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
|
||||
# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
|
||||
# endif
|
||||
|
@ -69,6 +70,7 @@
|
|||
# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
|
||||
# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
|
||||
# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
|
||||
# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
|
||||
# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
|
||||
# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
|
||||
# endif
|
||||
|
@ -113,8 +115,11 @@
|
|||
# pragma intrinsic(_InterlockedExchangeAdd64)
|
||||
# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
|
||||
: _InterlockedExchangeAdd((ptr), 1))
|
||||
# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
|
||||
: _InterlockedExchangeAdd((ptr), -1))
|
||||
# else
|
||||
# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
|
||||
# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
|
||||
# endif
|
||||
# if !defined(_ISO_VOLATILE)
|
||||
# define tsan_ld_acq(ptr) (*(ptr))
|
||||
|
@ -129,6 +134,7 @@
|
|||
# define tsan_load(ptr) (*(ptr))
|
||||
# define tsan_store(ptr, val) (*(ptr) = (val))
|
||||
# define tsan_counter(ptr) ((*(ptr))++)
|
||||
# define tsan_decr(ptr) ((*(ptr))--)
|
||||
/*
|
||||
* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
|
||||
* sophisticated enough to support them. Code that relies on them should be
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t)
|
|||
#ifndef OPENSSL_NO_SOCK
|
||||
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
||||
{
|
||||
int next, n, ret = 0, clearpkt = 0;
|
||||
int next, n, ret = 0;
|
||||
unsigned char cookie[DTLS1_COOKIE_LENGTH];
|
||||
unsigned char seq[SEQ_NUM_SIZE];
|
||||
const unsigned char *data;
|
||||
unsigned char *buf;
|
||||
size_t fragoff, fraglen, msglen;
|
||||
unsigned char *buf, *wbuf;
|
||||
size_t fragoff, fraglen, msglen, reclen, align = 0;
|
||||
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
|
||||
BIO *rbio, *wbio;
|
||||
BUF_MEM *bufm;
|
||||
BIO_ADDR *tmpclient = NULL;
|
||||
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
|
||||
|
||||
|
@ -476,13 +475,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* We only peek at incoming ClientHello's until we're sure we are going to
|
||||
* to respond with a HelloVerifyRequest. If its a ClientHello with a valid
|
||||
* cookie then we leave it in the BIO for accept to handle.
|
||||
*/
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
|
||||
|
||||
/*
|
||||
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
|
||||
* requires the MAC to be calculated *including* the first ClientHello
|
||||
|
@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
return -1;
|
||||
}
|
||||
|
||||
if (s->init_buf == NULL) {
|
||||
if ((bufm = BUF_MEM_new()) == NULL) {
|
||||
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
|
||||
BUF_MEM_free(bufm);
|
||||
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
s->init_buf = bufm;
|
||||
if (!ssl3_setup_buffers(s)) {
|
||||
/* SSLerr already called */
|
||||
return -1;
|
||||
}
|
||||
buf = (unsigned char *)s->init_buf->data;
|
||||
buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
|
||||
wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
|
||||
#if defined(SSL3_ALIGN_PAYLOAD)
|
||||
# if SSL3_ALIGN_PAYLOAD != 0
|
||||
/*
|
||||
* Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
|
||||
* consistency with ssl3_read_n. In practice it should make no difference
|
||||
* for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
|
||||
* SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
|
||||
*/
|
||||
align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
|
||||
align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
|
||||
# endif
|
||||
#endif
|
||||
buf += align;
|
||||
|
||||
do {
|
||||
/* Get a packet */
|
||||
|
||||
clear_sys_error();
|
||||
/*
|
||||
* Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
|
||||
* + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
|
||||
* the record header as well, but we do here. We've set up init_buf to
|
||||
* be the standard size for simplicity. In practice we shouldn't ever
|
||||
* receive a ClientHello as long as this. If we do it will get dropped
|
||||
* in the record length check below.
|
||||
*/
|
||||
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
|
||||
|
||||
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
|
||||
+ DTLS1_RT_HEADER_LENGTH);
|
||||
if (n <= 0) {
|
||||
if (BIO_should_retry(rbio)) {
|
||||
/* Non-blocking IO */
|
||||
|
@ -532,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
return -1;
|
||||
}
|
||||
|
||||
/* If we hit any problems we need to clear this packet from the BIO */
|
||||
clearpkt = 1;
|
||||
|
||||
if (!PACKET_buf_init(&pkt, buf, n)) {
|
||||
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
|
||||
return -1;
|
||||
|
@ -587,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
|
||||
goto end;
|
||||
}
|
||||
reclen = PACKET_remaining(&msgpkt);
|
||||
/*
|
||||
* We allow data remaining at the end of the packet because there could
|
||||
* be a second record (but we ignore it)
|
||||
|
@ -706,14 +693,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
* to resend, we just drop it.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Dump the read packet, we don't need it any more. Ignore return
|
||||
* value
|
||||
*/
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
|
||||
BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
|
||||
|
||||
/* Generate the cookie */
|
||||
if (s->ctx->app_gen_cookie_cb == NULL ||
|
||||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
|
||||
|
@ -732,7 +711,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
: s->version;
|
||||
|
||||
/* Construct the record and message headers */
|
||||
if (!WPACKET_init(&wpkt, s->init_buf)
|
||||
if (!WPACKET_init_static_len(&wpkt,
|
||||
wbuf,
|
||||
ssl_get_max_send_fragment(s)
|
||||
+ DTLS1_RT_HEADER_LENGTH,
|
||||
0)
|
||||
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|
||||
|| !WPACKET_put_bytes_u16(&wpkt, version)
|
||||
/*
|
||||
|
@ -790,8 +773,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
* plus one byte for the message content type. The source is the
|
||||
* last 3 bytes of the message header
|
||||
*/
|
||||
memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
|
||||
&buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
|
||||
memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
|
||||
&wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
|
||||
3);
|
||||
|
||||
if (s->msg_callback)
|
||||
|
@ -815,7 +798,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
tmpclient = NULL;
|
||||
|
||||
/* TODO(size_t): convert this call */
|
||||
if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
|
||||
if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
|
||||
if (BIO_should_retry(wbio)) {
|
||||
/*
|
||||
* Non-blocking IO...but we're stateless, so we're just
|
||||
|
@ -865,15 +848,13 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
|
|||
if (BIO_dgram_get_peer(rbio, client) <= 0)
|
||||
BIO_ADDR_clear(client);
|
||||
|
||||
/* Buffer the record in the processed_rcds queue */
|
||||
if (!dtls_buffer_listen_record(s, reclen, seq, align))
|
||||
return -1;
|
||||
|
||||
ret = 1;
|
||||
clearpkt = 0;
|
||||
end:
|
||||
BIO_ADDR_free(tmpclient);
|
||||
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
|
||||
if (clearpkt) {
|
||||
/* Dump this packet. Ignore return value */
|
||||
BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -256,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
|
|||
* of hash termination (0x80 + 64-bit length) don't fit in the final
|
||||
* block, we say that the final two blocks can vary based on the padding.
|
||||
* TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
|
||||
* required to be minimal. Therefore we say that the final six blocks can
|
||||
* required to be minimal. Therefore we say that the final |variance_blocks|
|
||||
* blocks can
|
||||
* vary based on the padding. Later in the function, if the message is
|
||||
* short and there obviously cannot be this many blocks then
|
||||
* variance_blocks can be reduced.
|
||||
*/
|
||||
variance_blocks = is_sslv3 ? 2 : 6;
|
||||
variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
|
||||
/*
|
||||
* From now on we're dealing with the MAC, which conceptually has 13
|
||||
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
|
||||
|
|
|
@ -442,15 +442,16 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
|
|||
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
ret = 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = EVP_MD_CTX_size(ctx);
|
||||
if (ret < 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
EVP_MD_CTX_reset(ctx);
|
||||
return 0;
|
||||
ret = 0;
|
||||
goto err;
|
||||
}
|
||||
|
||||
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
|
||||
|
@ -463,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
|
|||
ret = 0;
|
||||
}
|
||||
|
||||
err:
|
||||
EVP_MD_CTX_free(ctx);
|
||||
|
||||
return ret;
|
||||
|
|
|
@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
|
||||
return 1;
|
||||
|
||||
case SSL_CTRL_GET_SERVER_TMP_KEY:
|
||||
case SSL_CTRL_GET_SIGNATURE_NID:
|
||||
if (s->s3->tmp.sigalg == NULL)
|
||||
return 0;
|
||||
*(int *)parg = s->s3->tmp.sigalg->hash;
|
||||
return 1;
|
||||
|
||||
case SSL_CTRL_GET_PEER_TMP_KEY:
|
||||
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
|
||||
if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
|
||||
if (s->session == NULL || s->s3->peer_tmp == NULL) {
|
||||
return 0;
|
||||
} else {
|
||||
EVP_PKEY_up_ref(s->s3->peer_tmp);
|
||||
|
@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
|
|||
#else
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
case SSL_CTRL_GET_TMP_KEY:
|
||||
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
|
||||
if (s->session == NULL || s->s3->tmp.pkey == NULL) {
|
||||
return 0;
|
||||
} else {
|
||||
EVP_PKEY_up_ref(s->s3->tmp.pkey);
|
||||
*(EVP_PKEY **)parg = s->s3->tmp.pkey;
|
||||
return 1;
|
||||
}
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
case SSL_CTRL_GET_EC_POINT_FORMATS:
|
||||
{
|
||||
|
|
|
@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
|
||||
static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
|
||||
{
|
||||
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
|
||||
|
||||
|
|
|
@ -654,6 +654,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
|
|||
|
||||
ctx->method = meth;
|
||||
|
||||
if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
|
||||
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
|
||||
return 0;
|
||||
}
|
||||
sk = ssl_create_cipher_list(ctx->method,
|
||||
ctx->tls13_ciphersuites,
|
||||
&(ctx->cipher_list),
|
||||
|
@ -1192,6 +1196,7 @@ void SSL_free(SSL *s)
|
|||
EVP_MD_CTX_free(s->pha_dgst);
|
||||
|
||||
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
|
||||
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
|
||||
|
||||
sk_X509_pop_free(s->verified_chain, X509_free);
|
||||
|
||||
|
@ -2951,6 +2956,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
|||
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
|
||||
goto err;
|
||||
|
||||
if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
|
||||
goto err;
|
||||
|
||||
|
@ -3108,6 +3116,7 @@ void SSL_CTX_free(SSL_CTX *a)
|
|||
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
|
||||
ssl_cert_free(a->cert);
|
||||
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
|
||||
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
|
||||
sk_X509_pop_free(a->extra_certs, X509_free);
|
||||
a->comp_methods = NULL;
|
||||
#ifndef OPENSSL_NO_SRTP
|
||||
|
@ -3653,10 +3662,38 @@ const char *SSL_get_version(const SSL *s)
|
|||
return ssl_protocol_to_string(s->version);
|
||||
}
|
||||
|
||||
SSL *SSL_dup(SSL *s)
|
||||
static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
|
||||
{
|
||||
STACK_OF(X509_NAME) *sk;
|
||||
X509_NAME *xn;
|
||||
int i;
|
||||
|
||||
if (src == NULL) {
|
||||
*dst = NULL;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ((sk = sk_X509_NAME_new_null()) == NULL)
|
||||
return 0;
|
||||
for (i = 0; i < sk_X509_NAME_num(src); i++) {
|
||||
xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
|
||||
if (xn == NULL) {
|
||||
sk_X509_NAME_pop_free(sk, X509_NAME_free);
|
||||
return 0;
|
||||
}
|
||||
if (sk_X509_NAME_insert(sk, xn, i) == 0) {
|
||||
X509_NAME_free(xn);
|
||||
sk_X509_NAME_pop_free(sk, X509_NAME_free);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
*dst = sk;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
SSL *SSL_dup(SSL *s)
|
||||
{
|
||||
SSL *ret;
|
||||
int i;
|
||||
|
||||
|
@ -3761,18 +3798,10 @@ SSL *SSL_dup(SSL *s)
|
|||
goto err;
|
||||
|
||||
/* Dup the client_CA list */
|
||||
if (s->ca_names != NULL) {
|
||||
if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
|
||||
goto err;
|
||||
ret->ca_names = sk;
|
||||
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
|
||||
xn = sk_X509_NAME_value(sk, i);
|
||||
if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
|
||||
X509_NAME_free(xn);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!dup_ca_names(&ret->ca_names, s->ca_names)
|
||||
|| !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
|
||||
goto err;
|
||||
|
||||
return ret;
|
||||
|
||||
err:
|
||||
|
@ -5102,7 +5131,8 @@ static int nss_keylog_int(const char *prefix,
|
|||
size_t i;
|
||||
size_t prefix_len;
|
||||
|
||||
if (ssl->ctx->keylog_callback == NULL) return 1;
|
||||
if (ssl->ctx->keylog_callback == NULL)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* Our output buffer will contain the following strings, rendered with
|
||||
|
@ -5113,7 +5143,7 @@ static int nss_keylog_int(const char *prefix,
|
|||
* hexadecimal, so we need a buffer that is twice their lengths.
|
||||
*/
|
||||
prefix_len = strlen(prefix);
|
||||
out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
|
||||
out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
|
||||
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
|
||||
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
|
@ -5137,7 +5167,7 @@ static int nss_keylog_int(const char *prefix,
|
|||
*cursor = '\0';
|
||||
|
||||
ssl->ctx->keylog_callback(ssl, (const char *)out);
|
||||
OPENSSL_free(out);
|
||||
OPENSSL_clear_free(out, out_len);
|
||||
return 1;
|
||||
|
||||
}
|
||||
|
|
|
@ -471,7 +471,11 @@ struct ssl_method_st {
|
|||
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
|
||||
};
|
||||
|
||||
# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64
|
||||
/*
|
||||
* Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
|
||||
* consistency, even in the event of OPENSSL_NO_PSK being defined.
|
||||
*/
|
||||
# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
|
||||
|
||||
/*-
|
||||
* Lets make this into an ASN.1 type structure as follows
|
||||
|
@ -850,9 +854,11 @@ struct ssl_ctx_st {
|
|||
/*
|
||||
* What we put in certificate_authorities extension for TLS 1.3
|
||||
* (ClientHello and CertificateRequest) or just client cert requests for
|
||||
* earlier versions.
|
||||
* earlier versions. If client_ca_names is populated then it is only used
|
||||
* for client cert requests, and in preference to ca_names.
|
||||
*/
|
||||
STACK_OF(X509_NAME) *ca_names;
|
||||
STACK_OF(X509_NAME) *client_ca_names;
|
||||
|
||||
/*
|
||||
* Default values to use in SSL structures follow (these are copied by
|
||||
|
@ -1229,8 +1235,14 @@ struct ssl_st {
|
|||
long verify_result;
|
||||
/* extra application data */
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
/* for server side, keep the list of CA_dn we can use */
|
||||
/*
|
||||
* What we put in certificate_authorities extension for TLS 1.3
|
||||
* (ClientHello and CertificateRequest) or just client cert requests for
|
||||
* earlier versions. If client_ca_names is populated then it is only used
|
||||
* for client cert requests, and in preference to ca_names.
|
||||
*/
|
||||
STACK_OF(X509_NAME) *ca_names;
|
||||
STACK_OF(X509_NAME) *client_ca_names;
|
||||
CRYPTO_REF_COUNT references;
|
||||
/* protocol behaviour */
|
||||
uint32_t options;
|
||||
|
@ -2251,7 +2263,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
|
|||
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
|
||||
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
|
||||
const SSL_CIPHER *const *bp);
|
||||
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
|
||||
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||
STACK_OF(SSL_CIPHER) **cipher_list,
|
||||
|
@ -2561,6 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);
|
|||
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
|
||||
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
|
||||
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
|
||||
# ifndef OPENSSL_NO_EC
|
||||
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
|
||||
# endif
|
||||
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
|
||||
__owur int ssl_set_client_disabled(SSL *s);
|
||||
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
|
||||
|
|
|
@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
|
|||
*/
|
||||
unsigned long dup_list = 0;
|
||||
|
||||
if (ngroups == 0) {
|
||||
SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
|
||||
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
|
@ -945,6 +949,39 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
|
|||
}
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
/*
|
||||
* Called by servers only. Checks that we have a sig alg that supports the
|
||||
* specified EC curve.
|
||||
*/
|
||||
int tls_check_sigalg_curve(const SSL *s, int curve)
|
||||
{
|
||||
const uint16_t *sigs;
|
||||
size_t siglen, i;
|
||||
|
||||
if (s->cert->conf_sigalgs) {
|
||||
sigs = s->cert->conf_sigalgs;
|
||||
siglen = s->cert->conf_sigalgslen;
|
||||
} else {
|
||||
sigs = tls12_sigalgs;
|
||||
siglen = OSSL_NELEM(tls12_sigalgs);
|
||||
}
|
||||
|
||||
for (i = 0; i < siglen; i++) {
|
||||
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
|
||||
|
||||
if (lu == NULL)
|
||||
continue;
|
||||
if (lu->sig == EVP_PKEY_EC
|
||||
&& lu->curve != NID_undef
|
||||
&& curve == lu->curve)
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check signature algorithm is consistent with sent supported signature
|
||||
* algorithms and if so set relevant digest and signature scheme in
|
||||
|
@ -1087,6 +1124,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
|
|||
return 1;
|
||||
}
|
||||
|
||||
int SSL_get_signature_type_nid(const SSL *s, int *pnid)
|
||||
{
|
||||
if (s->s3->tmp.sigalg == NULL)
|
||||
return 0;
|
||||
*pnid = s->s3->tmp.sigalg->sig;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Set a mask of disabled algorithms: an algorithm is disabled if it isn't
|
||||
* supported, doesn't appear in supported signature algorithms, isn't supported
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
|
||||
# include "testutil.h"
|
||||
#include "testutil.h"
|
||||
|
||||
#ifndef OPENSSL_NO_EC
|
||||
|
||||
|
@ -25,6 +25,7 @@
|
|||
# ifndef OPENSSL_NO_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
# endif
|
||||
# include <openssl/sha.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/rand.h>
|
||||
|
||||
|
@ -103,7 +104,7 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
|
|||
{
|
||||
int ret = 0;
|
||||
const char message[] = "abc";
|
||||
unsigned char digest[20];
|
||||
unsigned char digest[SHA_DIGEST_LENGTH];
|
||||
unsigned int dgst_len = 0;
|
||||
EVP_MD_CTX *md_ctx;
|
||||
EC_KEY *key = NULL;
|
||||
|
@ -135,7 +136,8 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
|
|||
/* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
|
||||
if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)))
|
||||
goto x962_int_err;
|
||||
if (!TEST_ptr(signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key)))
|
||||
if (!TEST_ptr(signature =
|
||||
ECDSA_do_sign_ex(digest, SHA_DIGEST_LENGTH, kinv, rp, key)))
|
||||
goto x962_int_err;
|
||||
|
||||
/* compare the created signature with the expected signature */
|
||||
|
@ -149,7 +151,8 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
|
|||
goto x962_int_err;
|
||||
|
||||
/* verify the signature */
|
||||
if (!TEST_int_eq(ECDSA_do_verify(digest, 20, signature, key), 1))
|
||||
if (!TEST_int_eq(ECDSA_do_verify(digest, SHA_DIGEST_LENGTH,
|
||||
signature, key), 1))
|
||||
goto x962_int_err;
|
||||
|
||||
ret = 1;
|
||||
|
@ -211,7 +214,8 @@ static int test_builtin(void)
|
|||
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
|
||||
EC_GROUP *group;
|
||||
ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
|
||||
unsigned char digest[20], wrong_digest[20];
|
||||
unsigned char digest[SHA512_DIGEST_LENGTH];
|
||||
unsigned char wrong_digest[SHA512_DIGEST_LENGTH];
|
||||
unsigned char *signature = NULL;
|
||||
const unsigned char *sig_ptr;
|
||||
unsigned char *sig_ptr2;
|
||||
|
@ -223,8 +227,8 @@ static int test_builtin(void)
|
|||
int nid, ret = 0;
|
||||
|
||||
/* fill digest values with some random data */
|
||||
if (!TEST_true(RAND_bytes(digest, 20))
|
||||
|| !TEST_true(RAND_bytes(wrong_digest, 20)))
|
||||
if (!TEST_true(RAND_bytes(digest, SHA512_DIGEST_LENGTH))
|
||||
|| !TEST_true(RAND_bytes(wrong_digest, SHA512_DIGEST_LENGTH)))
|
||||
goto builtin_err;
|
||||
|
||||
/* create and verify a ecdsa signature with every available curve */
|
||||
|
@ -239,7 +243,7 @@ static int test_builtin(void)
|
|||
unsigned char dirt, offset;
|
||||
|
||||
nid = curves[n].nid;
|
||||
if (nid == NID_ipsec4)
|
||||
if (nid == NID_ipsec4 || nid == NID_ipsec3)
|
||||
continue;
|
||||
/* create new ecdsa key (== EC_KEY) */
|
||||
if (!TEST_ptr(eckey = EC_KEY_new())
|
||||
|
@ -248,12 +252,7 @@ static int test_builtin(void)
|
|||
goto builtin_err;
|
||||
EC_GROUP_free(group);
|
||||
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
|
||||
if (degree < 160) {
|
||||
/* drop the curve */
|
||||
EC_KEY_free(eckey);
|
||||
eckey = NULL;
|
||||
continue;
|
||||
}
|
||||
|
||||
TEST_info("testing %s", OBJ_nid2sn(nid));
|
||||
|
||||
/* create key */
|
||||
|
@ -275,28 +274,32 @@ static int test_builtin(void)
|
|||
/* create signature */
|
||||
sig_len = ECDSA_size(eckey);
|
||||
if (!TEST_ptr(signature = OPENSSL_malloc(sig_len))
|
||||
|| !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len,
|
||||
eckey)))
|
||||
|| !TEST_true(ECDSA_sign(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, &sig_len, eckey)))
|
||||
goto builtin_err;
|
||||
|
||||
/* verify signature */
|
||||
if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len,
|
||||
eckey), 1))
|
||||
if (!TEST_int_eq(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len, eckey),
|
||||
1))
|
||||
goto builtin_err;
|
||||
|
||||
/* verify signature with the wrong key */
|
||||
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len,
|
||||
wrong_eckey), 1))
|
||||
if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len, wrong_eckey),
|
||||
1))
|
||||
goto builtin_err;
|
||||
|
||||
/* wrong digest */
|
||||
if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature,
|
||||
sig_len, eckey), 1))
|
||||
if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len, eckey),
|
||||
1))
|
||||
goto builtin_err;
|
||||
|
||||
/* wrong length */
|
||||
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature,
|
||||
sig_len - 1, eckey), 1))
|
||||
if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len - 1, eckey),
|
||||
1))
|
||||
goto builtin_err;
|
||||
|
||||
/*
|
||||
|
@ -342,14 +345,15 @@ static int test_builtin(void)
|
|||
}
|
||||
sig_ptr2 = signature;
|
||||
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
|
||||
if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
|
||||
if (!TEST_false(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len, eckey)))
|
||||
goto builtin_err;
|
||||
|
||||
/* Sanity check: undo the modification and verify signature. */
|
||||
raw_buf[offset] ^= dirt;
|
||||
if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|
||||
|| !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len,
|
||||
bn_len, NULL))
|
||||
bn_len, NULL))
|
||||
|| !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r,
|
||||
unmodified_s))) {
|
||||
BN_free(unmodified_r);
|
||||
|
@ -359,7 +363,8 @@ static int test_builtin(void)
|
|||
|
||||
sig_ptr2 = signature;
|
||||
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
|
||||
if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
|
||||
if (!TEST_true(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
|
||||
signature, sig_len, eckey)))
|
||||
goto builtin_err;
|
||||
|
||||
/* cleanup */
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
#include <openssl/rsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/kdf.h>
|
||||
#include "testutil.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "internal/evp_int.h"
|
||||
|
@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i)
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int test_HKDF(void)
|
||||
{
|
||||
EVP_PKEY_CTX *pctx;
|
||||
unsigned char out[20];
|
||||
size_t outlen;
|
||||
int i, ret = 0;
|
||||
unsigned char salt[] = "0123456789";
|
||||
unsigned char key[] = "012345678901234567890123456789";
|
||||
unsigned char info[] = "infostring";
|
||||
const unsigned char expected[] = {
|
||||
0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
|
||||
0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
|
||||
};
|
||||
size_t expectedlen = sizeof(expected);
|
||||
|
||||
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
|
||||
goto done;
|
||||
|
||||
/* We do this twice to test reuse of the EVP_PKEY_CTX */
|
||||
for (i = 0; i < 2; i++) {
|
||||
outlen = sizeof(out);
|
||||
memset(out, 0, outlen);
|
||||
|
||||
if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
|
||||
|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
|
||||
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
|
||||
sizeof(salt) - 1), 0)
|
||||
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
|
||||
sizeof(key) - 1), 0)
|
||||
|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
|
||||
sizeof(info) - 1), 0)
|
||||
|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
|
||||
|| !TEST_mem_eq(out, outlen, expected, expectedlen))
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = 1;
|
||||
|
||||
done:
|
||||
EVP_PKEY_CTX_free(pctx);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
ADD_TEST(test_EVP_DigestSignInit);
|
||||
|
@ -941,5 +986,6 @@ int setup_tests(void)
|
|||
if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
|
||||
return 0;
|
||||
ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
|
||||
ADD_TEST(test_HKDF);
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -73,8 +73,6 @@ static KEY_LIST *public_keys;
|
|||
static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
|
||||
|
||||
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
|
||||
static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
|
||||
const char *value);
|
||||
|
||||
/*
|
||||
* Compare two memory regions for equality, returning zero if they differ.
|
||||
|
@ -459,7 +457,7 @@ typedef struct cipher_data_st {
|
|||
size_t plaintext_len;
|
||||
unsigned char *ciphertext;
|
||||
size_t ciphertext_len;
|
||||
/* GCM, CCM only */
|
||||
/* GCM, CCM and OCB only */
|
||||
unsigned char *aad;
|
||||
size_t aad_len;
|
||||
unsigned char *tag;
|
||||
|
@ -487,7 +485,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg)
|
|||
if (m == EVP_CIPH_GCM_MODE
|
||||
|| m == EVP_CIPH_OCB_MODE
|
||||
|| m == EVP_CIPH_CCM_MODE)
|
||||
cdat->aead = EVP_CIPHER_mode(cipher);
|
||||
cdat->aead = m;
|
||||
else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
|
||||
cdat->aead = -1;
|
||||
else
|
||||
|
@ -927,6 +925,28 @@ static int mac_test_parse(EVP_TEST *t,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
|
||||
const char *value)
|
||||
{
|
||||
int rv;
|
||||
char *p, *tmpval;
|
||||
|
||||
if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
|
||||
return 0;
|
||||
p = strchr(tmpval, ':');
|
||||
if (p != NULL)
|
||||
*p++ = '\0';
|
||||
rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
|
||||
if (rv == -2)
|
||||
t->err = "PKEY_CTRL_INVALID";
|
||||
else if (rv <= 0)
|
||||
t->err = "PKEY_CTRL_ERROR";
|
||||
else
|
||||
rv = 1;
|
||||
OPENSSL_free(tmpval);
|
||||
return rv > 0;
|
||||
}
|
||||
|
||||
static int mac_test_run(EVP_TEST *t)
|
||||
{
|
||||
MAC_DATA *expected = t->data;
|
||||
|
@ -972,8 +992,9 @@ static int mac_test_run(EVP_TEST *t)
|
|||
goto err;
|
||||
}
|
||||
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
|
||||
if (!pkey_test_ctrl(t, pctx,
|
||||
sk_OPENSSL_STRING_value(expected->controls, i))) {
|
||||
if (!mac_test_ctrl_pkey(t, pctx,
|
||||
sk_OPENSSL_STRING_value(expected->controls,
|
||||
i))) {
|
||||
t->err = "EVPPKEYCTXCTRL_ERROR";
|
||||
goto err;
|
||||
}
|
||||
|
@ -2614,8 +2635,8 @@ top:
|
|||
return 0;
|
||||
}
|
||||
if (rv < 0) {
|
||||
TEST_info("Line %d: error processing keyword %s\n",
|
||||
t->s.curr, pp->key);
|
||||
TEST_info("Line %d: error processing keyword %s = %s\n",
|
||||
t->s.curr, pp->key, pp->value);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -247,7 +247,7 @@ $crypto.=" include/internal/o_str.h";
|
|||
$crypto.=" include/internal/err.h";
|
||||
$crypto.=" include/internal/sslconf.h";
|
||||
foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
|
||||
my $fn = "include/openssl/" . lc(basename($f));
|
||||
my $fn = "include/openssl/" . basename($f);
|
||||
$crypto .= " $fn" if !defined $skipthese{$fn};
|
||||
}
|
||||
|
||||
|
@ -936,16 +936,6 @@ sub do_defs
|
|||
}
|
||||
}
|
||||
|
||||
# Prune the returned symbols
|
||||
|
||||
delete $syms{"bn_dump1"};
|
||||
$platform{"BIO_s_log"} .= ",!WIN32,!macintosh";
|
||||
|
||||
$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
|
||||
$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
|
||||
$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
|
||||
$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
|
||||
|
||||
# Info we know about
|
||||
|
||||
push @ret, map { $_."\\".&info_string($_,"EXIST",
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: crypto.inc,v 1.8 2018/09/23 13:33:04 christos Exp $
|
||||
# $NetBSD: crypto.inc,v 1.9 2018/12/08 22:35:44 christos Exp $
|
||||
#
|
||||
# @(#) Copyright (c) 1995 Simon J. Gerraty
|
||||
#
|
||||
|
@ -15,6 +15,7 @@ ctype.c \
|
|||
cversion.c \
|
||||
ebcdic.c \
|
||||
ex_data.c \
|
||||
getenv.c \
|
||||
init.c \
|
||||
mem.c \
|
||||
mem_dbg.c \
|
||||
|
|
Loading…
Reference in New Issue