Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge conflicts

This commit is contained in:
christos 2018-12-08 22:35:42 +00:00
parent f4f044c4b1
commit bf8eace1c0
41 changed files with 632 additions and 523 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
crypto/external/bsd/openssl/dist/CHANGES vendored
View File

@ -7,6 +7,42 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Timing vulnerability in ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]
*) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
are retained for backwards compatibility.
[Antoine Salon]
*) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
if its length exceeds 4096 bytes. The limit has been raised to a buffer size
of two gigabytes and the error handling improved.
This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
categorized as a normal bug, not a security issue, because the DRBG reseeds
automatically and is fully functional even without additional randomness
provided by the application.
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
*) Add a new ClientHello callback. Provides a callback interface that gives
@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebishop@spyglass.com>]

79
crypto/external/bsd/openssl/dist/Configure vendored
View File

@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) {
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
You have selected the --with-rand-seed=none option, which effectively disables
automatic reseeding of the OpenSSL random generator. All operations depending
on the random generator such as creating keys will not work unless the random
generator is seeded manually by the application.
Please read the 'Note on random number generation' section in the INSTALL
instructions and the RAND_DRBG(7) manual page for more details.
============================== WARNING ===============================
You have selected the --with-rand-seed=none option, which effectively
disables automatic reseeding of the OpenSSL random generator.
All operations depending on the random generator such as creating keys
will not work unless the random generator is seeded manually by the
application.
Please read the 'Note on random number generation' section in the
INSTALL instructions and the RAND_DRBG(7) manual page for more details.
============================== WARNING ===============================
_____
}
push @{$config{openssl_other_defines}},
@ -2174,6 +2179,16 @@ EOF
# Massage the result
# If the user configured no-shared, we allow no shared sources
if ($disabled{shared}) {
foreach (keys %{$unified_info{shared_sources}}) {
foreach (keys %{$unified_info{shared_sources}->{$_}}) {
delete $unified_info{sources}->{$_};
}
}
$unified_info{shared_sources} = {};
}
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
@ -2198,8 +2213,8 @@ EOF
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
(keys %{$unified_info{sources}->{$dest}},
keys %{$unified_info{shared_sources}->{$dest}})) {
(keys %{$unified_info{sources}->{$dest} // {}},
keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@ -2238,6 +2253,42 @@ EOF
[ @{$unified_info{includes}->{$dest}->{source}} ];
}
}
# For convenience collect information regarding directories where
# files are generated, those generated files and the end product
# they end up in where applicable. Then, add build rules for those
# directories
my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
"dso" => [ @{$unified_info{engines}} ],
"bin" => [ @{$unified_info{programs}} ],
"script" => [ @{$unified_info{scripts}} ] );
foreach my $type (keys %loopinfo) {
foreach my $product (@{$loopinfo{$type}}) {
my %dirs = ();
my $pd = dirname($product);
foreach (@{$unified_info{sources}->{$product} // []},
@{$unified_info{shared_sources}->{$product} // []}) {
my $d = dirname($_);
# We don't want to create targets for source directories
# when building out of source
next if ($config{sourcedir} ne $config{builddir}
&& $d =~ m|^\Q$config{sourcedir}\E|);
# We already have a "test" target, and the current directory
# is just silly to make a target for
next if $d eq "test" || $d eq ".";
$dirs{$d} = 1;
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
if $d ne $pd;
}
foreach (keys %dirs) {
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
$product;
}
}
}
}
# For the schemes that need it, we provide the old *_obj configs
@ -2712,10 +2763,16 @@ print <<"EOF";
**********************************************************************
*** ***
*** If you want to report a building issue, please include the ***
*** output from this command: ***
*** OpenSSL has been successfully configured ***
*** ***
*** perl configdata.pm --dump ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
EOF

5
crypto/external/bsd/openssl/dist/NEWS vendored
View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
o Timing vulnerability in DSA signature generation (CVE-2018-0734)
o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3

2
crypto/external/bsd/openssl/dist/README vendored
View File

@ -1,5 +1,5 @@
OpenSSL 1.1.1 11 Sep 2018
OpenSSL 1.1.1a 20 Nov 2018
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

21
crypto/external/bsd/openssl/dist/apps/ca.c vendored
View File

@ -605,7 +605,7 @@ end_of_options:
/*
* outdir is a directory spec, but access() for VMS demands a
* filename. We could use the DEC C routine to convert the
* directory syntax to Unixly, and give that to app_isdir,
* directory syntax to Unix, and give that to app_isdir,
* but for now the fopen will catch the error if it's not a
* directory
*/
@ -976,7 +976,7 @@ end_of_options:
BIO_printf(bio_err, "Write out database with %d new entries\n",
sk_X509_num(cert_sk));
if (!rand_ser
if (serialfile != NULL
&& !save_serial(serialfile, "new", serial, NULL))
goto end;
@ -1044,7 +1044,8 @@ end_of_options:
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
if (!rotate_serial(serialfile, "new", "old"))
if (serialfile != NULL
&& !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
@ -1177,10 +1178,9 @@ end_of_options:
}
/* we have a CRL number that need updating */
if (crlnumberfile != NULL)
if (!rand_ser
&& !save_serial(crlnumberfile, "new", crlnumber, NULL))
goto end;
if (crlnumberfile != NULL
&& !save_serial(crlnumberfile, "new", crlnumber, NULL))
goto end;
BN_free(crlnumber);
crlnumber = NULL;
@ -1195,9 +1195,10 @@ end_of_options:
PEM_write_bio_X509_CRL(Sout, crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */
if (!rotate_serial(crlnumberfile, "new", "old"))
goto end;
/* Rename the crlnumber file */
if (crlnumberfile != NULL
&& !rotate_serial(crlnumberfile, "new", "old"))
goto end;
}
/*****************************************************************/

2
crypto/external/bsd/openssl/dist/apps/ocsp.c vendored
View File

@ -950,6 +950,7 @@ static void spawn_loop(void)
sleep(30);
break;
case 0: /* child */
OPENSSL_free(kidpids);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
if (termsig)
@ -976,6 +977,7 @@ static void spawn_loop(void)
}
/* The loop above can only break on termsig */
OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}

2
crypto/external/bsd/openssl/dist/apps/openssl.cnf vendored
View File

@ -10,7 +10,6 @@
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@ -57,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert

10
crypto/external/bsd/openssl/dist/apps/s_server.c vendored
View File

@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
BIO_printf(bio_s_out,
"PSK warning: client identity not what we expected"
" (got '%s' expected '%s')\n", identity, psk_identity);
*sess = NULL;
return 1;
}
if (psksess != NULL) {
@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[])
goto end;
}
#endif
if (early_data && (www > 0 || rev)) {
BIO_printf(bio_err,
"Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
goto end;
}
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {

2
crypto/external/bsd/openssl/dist/apps/speed.c vendored
View File

@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
for (testnum++; testnum < EC_NUM; testnum++)
for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}

4
crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c vendored
View File

@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
argi = (int)len;
}
if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (*processed > INT_MAX)
return -1;
inret = *processed;
@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
ret = b->callback(b, oper, argp, argi, argl, inret);
if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
*processed = (size_t)ret;
ret = 1;
}

5
crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c vendored
View File

@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
# endif /* Unix */
#else /* NO_SYSLOG */
const BIO_METHOD *BIO_s_log(void)
{
return NULL;
}
#endif /* NO_SYSLOG */

8
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -64,12 +64,6 @@
* machine.
*/
# if defined(_WIN64) || !defined(__LP64__)
# define BN_ULONG unsigned long long
# else
# define BN_ULONG unsigned long
# endif
# undef mul
# undef mul_add

2
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c vendored
View File

@ -1081,7 +1081,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* is not only slower but also makes each bit vulnerable to
* EM (and likely other) side-channel attacks like One&Done
* (for details see "One&Done: A Single-Decryption EM-Based
* Attack on OpenSSLs Constant-Time Blinded RSA" by M. Alam,
* Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
* M. Prvulovic, in USENIX Security'18)
*/

42
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c vendored
View File

@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
b->neg ^= t;
/*-
* Idea behind BN_FLG_STATIC_DATA is actually to
* indicate that data may not be written to.
* Intention is actually to treat it as it's
* read-only data, and some (if not most) of it does
* reside in read-only segment. In other words
* observation of BN_FLG_STATIC_DATA in
* BN_consttime_swap should be treated as fatal
* condition. It would either cause SEGV or
* effectively cause data corruption.
* BN_FLG_MALLOCED refers to BN structure itself,
* and hence must be preserved. Remaining flags are
* BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
* preserved, because it determines how x->d was
* allocated and hence how to free it. This leaves
* BN_FLG_CONSTTIME that one can do something about.
* To summarize it's sufficient to mask and swap
* BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
* be treated as fatal.
* BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
* is actually to treat it as it's read-only data, and some (if not most)
* of it does reside in read-only segment. In other words observation of
* BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
* condition. It would either cause SEGV or effectively cause data
* corruption.
*
* BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
* preserved.
*
* BN_FLG_SECURE: must be preserved, because it determines how x->d was
* allocated and hence how to free it.
*
* BN_FLG_CONSTTIME: sufficient to mask and swap
*
* BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
* the data, so the d array may be padded with additional 0 values (i.e.
* top could be greater than the minimal value that it could be). We should
* be swapping it
*/
t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;

2
crypto/external/bsd/openssl/dist/crypto/cryptlib.c vendored
View File

@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
if (_OPENSSL_isservice.p == NULL) {
HANDLE mod = GetModuleHandle(NULL);
FARPROC f;
FARPROC f = NULL;
if (mod != NULL)
f = GetProcAddress(mod, "_OPENSSL_isservice");

4
crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c vendored
View File

@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else

132
crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c vendored
View File

@ -28,6 +28,13 @@
# define CHECK_BSD_STYLE_MACROS
#endif
/*
* ONE global file descriptor for all sessions. This allows operations
* such as digest session data copying (see digest_copy()), but is also
* saner... why re-open /dev/crypto for every session?
*/
static int cfd;
/******************************************************************************
*
* Ciphers
@ -39,7 +46,6 @@
*****/
struct cipher_ctx {
int cfd;
struct session_op sess;
/* to pass from init to do_cipher */
@ -69,7 +75,7 @@ static const struct cipher_data_st {
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
#ifndef OPENSSL_NO_RC4
{ NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
{ NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
{ NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
@ -135,19 +141,13 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
SYSerr(SYS_F_OPEN, errno);
return 0;
}
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
close(cipher_ctx->cfd);
return 0;
}
@ -187,7 +187,7 @@ static int cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
cryp.flags = COP_FLAG_WRITE_IV;
#endif
if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@ -213,14 +213,10 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx)
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
if (close(cipher_ctx->cfd) < 0) {
SYSerr(SYS_F_CLOSE, errno);
return 0;
}
return 1;
}
@ -234,14 +230,10 @@ static int known_cipher_nids[OSSL_NELEM(cipher_data)];
static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
static void prepare_cipher_methods()
static void prepare_cipher_methods(void)
{
size_t i;
struct session_op sess;
int cfd;
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
return;
memset(&sess, 0, sizeof(sess));
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
@ -256,7 +248,7 @@ static void prepare_cipher_methods()
sess.cipher = cipher_data[i].devcryptoid;
sess.keylen = cipher_data[i].keylen;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
|| ioctl(cfd, CIOCFSESSION, &sess) < 0)
|| ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_cipher_methods[i] =
@ -282,8 +274,6 @@ static void prepare_cipher_methods()
cipher_data[i].nid;
}
}
close(cfd);
}
static const EVP_CIPHER *get_cipher_method(int nid)
@ -309,7 +299,7 @@ static void destroy_cipher_method(int nid)
known_cipher_methods[i] = NULL;
}
static void destroy_all_cipher_methods()
static void destroy_all_cipher_methods(void)
{
size_t i;
@ -330,11 +320,12 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
/*
* We only support digests if the cryptodev implementation supports multiple
* data updates. Otherwise, we would be forced to maintain a cache, which is
* perilous if there's a lot of data coming in (if someone wants to checksum
* an OpenSSL tarball, for example).
* data updates and session copying. Otherwise, we would be forced to maintain
* a cache, which is perilous if there's a lot of data coming in (if someone
* wants to checksum an OpenSSL tarball, for example).
*/
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
#define IMPLEMENT_DIGEST
/******************************************************************************
*
@ -347,7 +338,6 @@ static int devcrypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
*****/
struct digest_ctx {
int cfd;
struct session_op sess;
int init;
};
@ -414,19 +404,12 @@ static int digest_init(EVP_MD_CTX *ctx)
const struct digest_data_st *digest_d =
get_digest_data(EVP_MD_CTX_type(ctx));
if (digest_ctx->init == 0
&& (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
SYSerr(SYS_F_OPEN, errno);
return 0;
}
digest_ctx->init = 1;
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
digest_ctx->sess.mac = digest_d->devcryptoid;
if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
close(digest_ctx->cfd);
return 0;
}
@ -445,7 +428,7 @@ static int digest_op(struct digest_ctx *ctx, const void *src, size_t srclen,
cryp.dst = NULL;
cryp.mac = res;
cryp.flags = flags;
return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
return ioctl(cfd, CIOCCRYPT, &cryp);
}
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@ -473,7 +456,7 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@ -481,16 +464,38 @@ static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
return 1;
}
static int digest_cleanup(EVP_MD_CTX *ctx)
static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
struct digest_ctx *digest_ctx =
(struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
struct digest_ctx *digest_from =
(struct digest_ctx *)EVP_MD_CTX_md_data(from);
struct digest_ctx *digest_to =
(struct digest_ctx *)EVP_MD_CTX_md_data(to);
struct cphash_op cphash;
if (close(digest_ctx->cfd) < 0) {
SYSerr(SYS_F_CLOSE, errno);
if (digest_from == NULL)
return 1;
if (digest_from->init != 1) {
SYSerr(SYS_F_IOCTL, EINVAL);
return 0;
}
if (!digest_init(to)) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
cphash.src_ses = digest_from->sess.ses;
cphash.dst_ses = digest_to->sess.ses;
if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
return 1;
}
static int digest_cleanup(EVP_MD_CTX *ctx)
{
return 1;
}
@ -503,14 +508,10 @@ static int known_digest_nids[OSSL_NELEM(digest_data)];
static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
static void prepare_digest_methods()
static void prepare_digest_methods(void)
{
size_t i;
struct session_op sess;
int cfd;
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
return;
memset(&sess, 0, sizeof(sess));
@ -523,7 +524,7 @@ static void prepare_digest_methods()
*/
sess.mac = digest_data[i].devcryptoid;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
|| ioctl(cfd, CIOCFSESSION, &sess) < 0)
|| ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
@ -533,6 +534,7 @@ static void prepare_digest_methods()
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
|| !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
|| !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
|| !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
|| !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
|| !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
sizeof(struct digest_ctx))) {
@ -542,8 +544,6 @@ static void prepare_digest_methods()
known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
}
}
close(cfd);
}
static const EVP_MD *get_digest_method(int nid)
@ -569,7 +569,7 @@ static void destroy_digest_method(int nid)
known_digest_methods[i] = NULL;
}
static void destroy_all_digest_methods()
static void destroy_all_digest_methods(void)
{
size_t i;
@ -599,9 +599,12 @@ static int devcrypto_digests(ENGINE *e, const EVP_MD **digest,
static int devcrypto_unload(ENGINE *e)
{
destroy_all_cipher_methods();
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
#ifdef IMPLEMENT_DIGEST
destroy_all_digest_methods();
#endif
close(cfd);
return 1;
}
/*
@ -612,23 +615,30 @@ void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
if (access("/dev/crypto", R_OK | W_OK) < 0) {
fprintf(stderr,
"/dev/crypto not present, not enabling devcrypto engine\n");
if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
return;
}
prepare_cipher_methods();
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
#ifdef IMPLEMENT_DIGEST
prepare_digest_methods();
#endif
if ((e = ENGINE_new()) == NULL)
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);
/*
* We know that devcrypto_unload() won't be called when one of the
* above two calls have failed, so we close cfd explicitly here to
* avoid leaking resources.
*/
close(cfd);
return;
}
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
|| !ENGINE_set_destroy_function(e, devcrypto_unload)
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
@ -665,7 +675,7 @@ void engine_load_devcrypto_int()
# endif
#endif
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
#ifdef IMPLEMENT_DIGEST
|| !ENGINE_set_digests(e, devcrypto_digests)
#endif
) {

2
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c vendored
View File

@ -2241,7 +2241,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (!cctx->aes.ccm.len_set) {
/*-
* In case message length was not previously set explicitely via
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

56
crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c vendored
View File

@ -77,6 +77,17 @@ static uint64_t get_timer_bits(void);
# endif
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
#if defined(OPENSSL_RAND_SEED_NONE)
/* none means none. this simplifies the following logic */
# undef OPENSSL_RAND_SEED_OS
# undef OPENSSL_RAND_SEED_GETRANDOM
# undef OPENSSL_RAND_SEED_LIBRANDOM
# undef OPENSSL_RAND_SEED_DEVRANDOM
# undef OPENSSL_RAND_SEED_RDTSC
# undef OPENSSL_RAND_SEED_RDCPU
# undef OPENSSL_RAND_SEED_EGD
#endif
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
!defined(OPENSSL_RAND_SEED_NONE)
# error "UEFI and VXWorks only support seeding NONE"
@ -86,8 +97,6 @@ static uint64_t get_timer_bits(void);
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|| defined(OPENSSL_SYS_UEFI))
static ssize_t syscall_random(void *buf, size_t buflen);
# if defined(OPENSSL_SYS_VOS)
# ifndef OPENSSL_RAND_SEED_OS
@ -244,6 +253,7 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
}
# endif
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
/*
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
@ -254,7 +264,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
* Note: 'buflen' equals the size of the buffer which is used by the
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
*
* 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
* 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
*
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
@ -302,8 +312,9 @@ static ssize_t syscall_random(void *buf, size_t buflen)
return -1;
# endif
}
# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
static const char *random_device_paths[] = { DEVRANDOM };
static struct random_device {
int fd;
@ -375,21 +386,13 @@ static void close_random_device(size_t n)
rd->fd = -1;
}
static void open_random_devices(void)
{
size_t i;
for (i = 0; i < OSSL_NELEM(random_devices); i++)
(void)get_random_device(i);
}
int rand_pool_init(void)
{
size_t i;
for (i = 0; i < OSSL_NELEM(random_devices); i++)
random_devices[i].fd = -1;
open_random_devices();
return 1;
}
@ -403,16 +406,13 @@ void rand_pool_cleanup(void)
void rand_pool_keep_random_devices_open(int keep)
{
if (keep)
open_random_devices();
else
if (!keep)
rand_pool_cleanup();
keep_random_devices_open = keep;
}
# else /* defined(OPENSSL_RAND_SEED_NONE)
* || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
*/
# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
int rand_pool_init(void)
{
@ -427,9 +427,7 @@ void rand_pool_keep_random_devices_open(int keep)
{
}
# endif /* !defined(OPENSSL_RAND_SEED_NONE)
* && defined(OPENSSL_RAND_SEED_DEVRANDOM)
*/
# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
/*
* Try the various seeding methods in turn, exit when successful.
@ -450,14 +448,14 @@ void rand_pool_keep_random_devices_open(int keep)
*/
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
# ifdef OPENSSL_RAND_SEED_NONE
# if defined(OPENSSL_RAND_SEED_NONE)
return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
# ifdef OPENSSL_RAND_SEED_GETRANDOM
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
{
ssize_t bytes;
/* Maximum allowed number of consecutive unsuccessful attempts */
@ -487,7 +485,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
}
# endif
# ifdef OPENSSL_RAND_SEED_DEVRANDOM
# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
{
size_t i;
@ -524,19 +522,19 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
}
# endif
# ifdef OPENSSL_RAND_SEED_RDTSC
# if defined(OPENSSL_RAND_SEED_RDTSC)
entropy_available = rand_acquire_entropy_from_tsc(pool);
if (entropy_available > 0)
return entropy_available;
# endif
# ifdef OPENSSL_RAND_SEED_RDCPU
# if defined(OPENSSL_RAND_SEED_RDCPU)
entropy_available = rand_acquire_entropy_from_cpu(pool);
if (entropy_available > 0)
return entropy_available;
# endif
# ifdef OPENSSL_RAND_SEED_EGD
# if defined(OPENSSL_RAND_SEED_EGD)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
@ -577,7 +575,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
/*
* Add process id, thread id, and a high resolution timestamp to
* ensure that the nonce is unique whith high probability for
* ensure that the nonce is unique with high probability for
* different process instances.
*/
data.pid = getpid();

44
crypto/external/bsd/openssl/dist/crypto/rand/randfile.c vendored
View File

@ -16,6 +16,7 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/rand_drbg.h>
#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
@ -48,7 +49,7 @@
# define S_ISREG(m) ((m) & S_IFREG)
# endif
#define RAND_FILE_SIZE 1024
#define RAND_BUF_SIZE 1024
#define RFILE ".rnd"
#ifdef OPENSSL_SYS_VMS
@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
*/
int RAND_load_file(const char *file, long bytes)
{
unsigned char buf[RAND_FILE_SIZE];
/*
* The load buffer size exceeds the chunk size by the comfortable amount
* of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
* to avoid calling RAND_add() with a small final chunk. Instead, such
* a small final chunk will be added together with the previous chunk
* (unless it's the only one).
*/
#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
unsigned char buf[RAND_LOAD_BUF_SIZE];
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
#endif
@ -98,8 +108,12 @@ int RAND_load_file(const char *file, long bytes)
return -1;
}
if (!S_ISREG(sb.st_mode) && bytes < 0)
bytes = 256;
if (bytes < 0) {
if (S_ISREG(sb.st_mode))
bytes = sb.st_size;
else
bytes = RAND_DRBG_STRENGTH;
}
#endif
/*
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
@ -124,9 +138,9 @@ int RAND_load_file(const char *file, long bytes)
for ( ; ; ) {
if (bytes > 0)
n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
else
n = RAND_FILE_SIZE;
n = RAND_LOAD_BUF_SIZE;
i = fread(buf, 1, n, in);
#ifdef EINTR
if (ferror(in) && errno == EINTR){
@ -148,12 +162,18 @@ int RAND_load_file(const char *file, long bytes)
OPENSSL_cleanse(buf, sizeof(buf));
fclose(in);
if (!RAND_status()) {
RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
ERR_add_error_data(2, "Filename=", file);
return -1;
}
return ret;
}
int RAND_write_file(const char *file)
{
unsigned char buf[RAND_FILE_SIZE];
unsigned char buf[RAND_BUF_SIZE];
int ret = -1;
FILE *out = NULL;
#ifndef OPENSSL_NO_POSIX_IO
@ -222,9 +242,9 @@ int RAND_write_file(const char *file)
chmod(file, 0600);
#endif
ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
fclose(out);
OPENSSL_cleanse(buf, RAND_FILE_SIZE);
OPENSSL_cleanse(buf, RAND_BUF_SIZE);
return ret;
}
@ -262,11 +282,9 @@ const char *RAND_file_name(char *buf, size_t size)
}
}
#else
if (OPENSSL_issetugid() != 0) {
if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
} else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
s = getenv("HOME");
s = ossl_safe_getenv("HOME");
}
#endif

16
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c vendored
View File

@ -125,8 +125,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
BN_clear_free(r->n);
BN_clear_free(r->e);
BN_free(r->n);
BN_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
@ -196,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
r->e = e;
}
if (d != NULL) {
BN_free(r->d);
BN_clear_free(r->d);
r->d = d;
}
@ -213,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
return 0;
if (p != NULL) {
BN_free(r->p);
BN_clear_free(r->p);
r->p = p;
}
if (q != NULL) {
BN_free(r->q);
BN_clear_free(r->q);
r->q = q;
}
@ -235,15 +235,15 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
return 0;
if (dmp1 != NULL) {
BN_free(r->dmp1);
BN_clear_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
BN_free(r->dmq1);
BN_clear_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
BN_free(r->iqmp);
BN_clear_free(r->iqmp);
r->iqmp = iqmp;
}

18
crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c vendored
View File

@ -415,6 +415,24 @@ static int open_console(UI *ui)
is_a_tty = 0;
else
# endif
# ifdef ENXIO
/*
* Solaris can return ENXIO.
* This should be ok
*/
if (errno == ENXIO)
is_a_tty = 0;
else
# endif
# ifdef EIO
/*
* Linux can return EIO.
* This should be ok
*/
if (errno == EIO)
is_a_tty = 0;
else
# endif
# ifdef ENODEV
/*
* MacOS X returns ENODEV (Operation not supported by device),

11
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c vendored
View File

@ -517,15 +517,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
/* check_purpose() makes the callback as needed */
if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
return 0;
/* Check pathlen if not self issued */
if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
&& (x->ex_pathlen != -1)
&& (plen > (x->ex_pathlen + proxy_path_length + 1))) {
/* Check pathlen */
if ((i > 1) && (x->ex_pathlen != -1)
&& (plen > (x->ex_pathlen + proxy_path_length))) {
if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
return 0;
}
/* Increment path length if not self issued */
if (!(x->ex_flags & EXFLAG_SI))
/* Increment path length if not a self issued intermediate CA */
if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
plen++;
/*
* If this certificate is a proxy certificate, the next certificate

103
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_client_CA_list.pod vendored
View File

@ -1,103 +0,0 @@
=pod
=head1 NAME
SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
SSL_add_client_CA - set list of CAs sent to the client when requesting a
client certificate
=head1 SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
int SSL_add_client_CA(SSL *ssl, X509 *cacert);
=head1 DESCRIPTION
SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
requesting a client certificate for B<ctx>.
SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
requesting a client certificate for the chosen B<ssl>, overriding the
setting valid for B<ssl>'s SSL_CTX object.
SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
list of CAs sent to the client when requesting a client certificate for
B<ctx>.
SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
list of CAs sent to the client when requesting a client certificate for
the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
=head1 NOTES
When a TLS/SSL server requests a client certificate (see
B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
it will accept certificates, to the client.
This list must explicitly be set using SSL_CTX_set_client_CA_list() for
B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
specified overrides the previous setting. The CAs listed do not become
trusted (B<list> only contains the names, not the complete certificates); use
L<SSL_CTX_load_verify_locations(3)>
to additionally load them for verification.
If the list of acceptable CAs is compiled in a file, the
L<SSL_load_client_CA_file(3)>
function can be used to help importing the necessary data.
SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
items the list of client CAs. If no list was specified before using
SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
CA list for B<ctx> or B<ssl> (as appropriate) is opened.
These functions are only useful for TLS/SSL servers.
=head1 RETURN VALUES
SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
diagnostic information.
SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
values:
=over 4
=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
=item Z<>1
The operation succeeded.
=back
=head1 EXAMPLES
Scan all certificates in B<CAfile> and list them as acceptable CAs:
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
=head1 SEE ALSO
L<ssl(7)>,
L<SSL_get_client_CA_list(3)>,
L<SSL_load_client_CA_file(3)>,
L<SSL_CTX_load_verify_locations(3)>
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

62
crypto/external/bsd/openssl/dist/doc/man3/SSL_get_client_CA_list.pod vendored
View File

@ -1,62 +0,0 @@
=pod
=head1 NAME
SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
=head1 SYNOPSIS
#include <openssl/ssl.h>
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
=head1 DESCRIPTION
SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
B<ctx> using L<SSL_CTX_set_client_CA_list(3)>.
SSL_get_client_CA_list() returns the list of client CAs explicitly
set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
L<SSL_CTX_set_client_CA_list(3)>, when in
server mode. In client mode, SSL_get_client_CA_list returns the list of
client CAs sent from the server, if any.
=head1 RETURN VALUES
SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
diagnostic information.
SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
values:
=over 4
=item STACK_OF(X509_NAMES)
List of CA names explicitly set (for B<ctx> or in server mode) or send
by the server (client mode).
=item NULL
No client CA list was explicitly set (for B<ctx> or in server mode) or
the server did not send a list of CAs (client mode).
=back
=head1 SEE ALSO
L<ssl(7)>,
L<SSL_CTX_set_client_CA_list(3)>,
L<SSL_CTX_set_client_cert_cb(3)>
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

43
crypto/external/bsd/openssl/dist/doc/man3/SSL_get_server_tmp_key.pod vendored
View File

@ -1,43 +0,0 @@
=pod
=head1 NAME
SSL_get_server_tmp_key - get information about the server's temporary key used
during a handshake
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key);
=head1 DESCRIPTION
SSL_get_server_tmp_key() returns the temporary key provided by the server and
used during key exchange. For example, if ECDHE is in use, then this represents
the server's public ECDHE key. On success a pointer to the key is stored in
B<*key>. It is the caller's responsibility to free this key after use using
L<EVP_PKEY_free(3)>. This function may only be called by the client.
=head1 RETURN VALUES
SSL_get_server_tmp_key() returns 1 on success or 0 otherwise.
=head1 NOTES
This function is implemented as a macro.
=head1 SEE ALSO
L<ssl(7)>, L<EVP_PKEY_free(3)>
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

15
crypto/external/bsd/openssl/dist/e_os.h vendored
View File

@ -245,7 +245,7 @@ extern FILE *_imp___iob;
Finally, we add the VMS C facility code 0x35a000, because there are some
programs, such as Perl, that will reinterpret the code back to something
POSIXly. 'man perlvms' explains it further.
POSIX. 'man perlvms' explains it further.
NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
codes (status type = 1). I couldn't disagree more. Fortunately, the
@ -317,8 +317,15 @@ struct servent *getservbyname(const char *name, const char *proto);
# endif
/* end vxworks */
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
# define CRYPTO_memcmp memcmp
#endif
# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
# define CRYPTO_memcmp memcmp
# endif
/* unistd.h defines _POSIX_VERSION */
# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
&& ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
|| defined(__sun) || defined(__hpux) || defined(__sgi) \
|| defined(__osf__) )
# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */
# endif
#endif

6
crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h vendored
View File

@ -57,6 +57,7 @@
# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
# endif
@ -69,6 +70,7 @@
# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
# endif
@ -113,8 +115,11 @@
# pragma intrinsic(_InterlockedExchangeAdd64)
# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
: _InterlockedExchangeAdd((ptr), 1))
# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
: _InterlockedExchangeAdd((ptr), -1))
# else
# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
# endif
# if !defined(_ISO_VOLATILE)
# define tsan_ld_acq(ptr) (*(ptr))
@ -129,6 +134,7 @@
# define tsan_load(ptr) (*(ptr))
# define tsan_store(ptr, val) (*(ptr) = (val))
# define tsan_counter(ptr) ((*(ptr))++)
# define tsan_decr(ptr) ((*(ptr))--)
/*
* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
* sophisticated enough to support them. Code that relies on them should be

93
crypto/external/bsd/openssl/dist/ssl/d1_lib.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -445,15 +445,14 @@ static void get_current_time(struct timeval *t)
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
int next, n, ret = 0, clearpkt = 0;
int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
unsigned char *buf;
size_t fragoff, fraglen, msglen;
unsigned char *buf, *wbuf;
size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
@ -476,13 +475,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
/*
* We only peek at incoming ClientHello's until we're sure we are going to
* to respond with a HelloVerifyRequest. If its a ClientHello with a valid
* cookie then we leave it in the BIO for accept to handle.
*/
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
/*
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
* requires the MAC to be calculated *including* the first ClientHello
@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
if (s->init_buf == NULL) {
if ((bufm = BUF_MEM_new()) == NULL) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
BUF_MEM_free(bufm);
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
return -1;
}
s->init_buf = bufm;
if (!ssl3_setup_buffers(s)) {
/* SSLerr already called */
return -1;
}
buf = (unsigned char *)s->init_buf->data;
buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
#if defined(SSL3_ALIGN_PAYLOAD)
# if SSL3_ALIGN_PAYLOAD != 0
/*
* Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
* consistency with ssl3_read_n. In practice it should make no difference
* for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
* SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
*/
align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
# endif
#endif
buf += align;
do {
/* Get a packet */
clear_sys_error();
/*
* Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
* + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
* the record header as well, but we do here. We've set up init_buf to
* be the standard size for simplicity. In practice we shouldn't ever
* receive a ClientHello as long as this. If we do it will get dropped
* in the record length check below.
*/
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+ DTLS1_RT_HEADER_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
/* Non-blocking IO */
@ -532,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
return -1;
}
/* If we hit any problems we need to clear this packet from the BIO */
clearpkt = 1;
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
return -1;
@ -587,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
reclen = PACKET_remaining(&msgpkt);
/*
* We allow data remaining at the end of the packet because there could
* be a second record (but we ignore it)
@ -706,14 +693,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* to resend, we just drop it.
*/
/*
* Dump the read packet, we don't need it any more. Ignore return
* value
*/
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
@ -732,7 +711,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
: s->version;
/* Construct the record and message headers */
if (!WPACKET_init(&wpkt, s->init_buf)
if (!WPACKET_init_static_len(&wpkt,
wbuf,
ssl_get_max_send_fragment(s)
+ DTLS1_RT_HEADER_LENGTH,
0)
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|| !WPACKET_put_bytes_u16(&wpkt, version)
/*
@ -790,8 +773,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
* plus one byte for the message content type. The source is the
* last 3 bytes of the message header
*/
memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
&buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
&wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
if (s->msg_callback)
@ -815,7 +798,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
tmpclient = NULL;
/* TODO(size_t): convert this call */
if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
@ -865,15 +848,13 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
/* Buffer the record in the processed_rcds queue */
if (!dtls_buffer_listen_record(s, reclen, seq, align))
return -1;
ret = 1;
clearpkt = 0;
end:
BIO_ADDR_free(tmpclient);
BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
if (clearpkt) {
/* Dump this packet. Ignore return value */
BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
}
return ret;
}
#endif

7
crypto/external/bsd/openssl/dist/ssl/s3_cbc.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -256,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
* of hash termination (0x80 + 64-bit length) don't fit in the final
* block, we say that the final two blocks can vary based on the padding.
* TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
* required to be minimal. Therefore we say that the final six blocks can
* required to be minimal. Therefore we say that the final |variance_blocks|
* blocks can
* vary based on the padding. Later in the function, if the message is
* short and there obviously cannot be this many blocks then
* variance_blocks can be reduced.
*/
variance_blocks = is_sslv3 ? 2 : 6;
variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes

8
crypto/external/bsd/openssl/dist/ssl/s3_enc.c vendored
View File

@ -442,15 +442,16 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
return 0;
ret = 0;
goto err;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
EVP_MD_CTX_reset(ctx);
return 0;
ret = 0;
goto err;
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
@ -463,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
ret = 0;
}
err:
EVP_MD_CTX_free(ctx);
return ret;

24
crypto/external/bsd/openssl/dist/ssl/s3_lib.c vendored
View File

@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
return 1;
case SSL_CTRL_GET_SERVER_TMP_KEY:
case SSL_CTRL_GET_SIGNATURE_NID:
if (s->s3->tmp.sigalg == NULL)
return 0;
*(int *)parg = s->s3->tmp.sigalg->hash;
return 1;
case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
if (s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->peer_tmp);
@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
#else
return 0;
#endif
case SSL_CTRL_GET_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
if (s->session == NULL || s->s3->tmp.pkey == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->tmp.pkey);
*(EVP_PKEY **)parg = s->s3->tmp.pkey;
return 1;
}
#else
return 0;
#endif
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{

2
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c vendored
View File

@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
return 1;
}
int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
{
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();

62
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c vendored
View File

@ -654,6 +654,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
ctx->method = meth;
if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
return 0;
}
sk = ssl_create_cipher_list(ctx->method,
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
@ -1192,6 +1196,7 @@ void SSL_free(SSL *s)
EVP_MD_CTX_free(s->pha_dgst);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
sk_X509_pop_free(s->verified_chain, X509_free);
@ -2951,6 +2956,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
goto err;
@ -3108,6 +3116,7 @@ void SSL_CTX_free(SSL_CTX *a)
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
@ -3653,10 +3662,38 @@ const char *SSL_get_version(const SSL *s)
return ssl_protocol_to_string(s->version);
}
SSL *SSL_dup(SSL *s)
static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;
int i;
if (src == NULL) {
*dst = NULL;
return 1;
}
if ((sk = sk_X509_NAME_new_null()) == NULL)
return 0;
for (i = 0; i < sk_X509_NAME_num(src); i++) {
xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
if (xn == NULL) {
sk_X509_NAME_pop_free(sk, X509_NAME_free);
return 0;
}
if (sk_X509_NAME_insert(sk, xn, i) == 0) {
X509_NAME_free(xn);
sk_X509_NAME_pop_free(sk, X509_NAME_free);
return 0;
}
}
*dst = sk;
return 1;
}
SSL *SSL_dup(SSL *s)
{
SSL *ret;
int i;
@ -3761,18 +3798,10 @@ SSL *SSL_dup(SSL *s)
goto err;
/* Dup the client_CA list */
if (s->ca_names != NULL) {
if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
goto err;
ret->ca_names = sk;
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
xn = sk_X509_NAME_value(sk, i);
if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
X509_NAME_free(xn);
goto err;
}
}
}
if (!dup_ca_names(&ret->ca_names, s->ca_names)
|| !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
goto err;
return ret;
err:
@ -5102,7 +5131,8 @@ static int nss_keylog_int(const char *prefix,
size_t i;
size_t prefix_len;
if (ssl->ctx->keylog_callback == NULL) return 1;
if (ssl->ctx->keylog_callback == NULL)
return 1;
/*
* Our output buffer will contain the following strings, rendered with
@ -5113,7 +5143,7 @@ static int nss_keylog_int(const char *prefix,
* hexadecimal, so we need a buffer that is twice their lengths.
*/
prefix_len = strlen(prefix);
out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
ERR_R_MALLOC_FAILURE);
@ -5137,7 +5167,7 @@ static int nss_keylog_int(const char *prefix,
*cursor = '\0';
ssl->ctx->keylog_callback(ssl, (const char *)out);
OPENSSL_free(out);
OPENSSL_clear_free(out, out_len);
return 1;
}

22
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h vendored
View File

@ -471,7 +471,11 @@ struct ssl_method_st {
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64
/*
* Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
* consistency, even in the event of OPENSSL_NO_PSK being defined.
*/
# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
/*-
* Lets make this into an ASN.1 type structure as follows
@ -850,9 +854,11 @@ struct ssl_ctx_st {
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
* earlier versions.
* earlier versions. If client_ca_names is populated then it is only used
* for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
@ -1229,8 +1235,14 @@ struct ssl_st {
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
/* for server side, keep the list of CA_dn we can use */
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
* earlier versions. If client_ca_names is populated then it is only used
* for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
@ -2251,7 +2263,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@ -2561,6 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
# ifndef OPENSSL_NO_EC
__owur int tls_check_sigalg_curve(const SSL *s, int curve);
# endif
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);

45
crypto/external/bsd/openssl/dist/ssl/t1_lib.c vendored
View File

@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, size_t *pextlen,
*/
unsigned long dup_list = 0;
if (ngroups == 0) {
SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
return 0;
}
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
return 0;
@ -945,6 +949,39 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
}
}
#ifndef OPENSSL_NO_EC
/*
* Called by servers only. Checks that we have a sig alg that supports the
* specified EC curve.
*/
int tls_check_sigalg_curve(const SSL *s, int curve)
{
const uint16_t *sigs;
size_t siglen, i;
if (s->cert->conf_sigalgs) {
sigs = s->cert->conf_sigalgs;
siglen = s->cert->conf_sigalgslen;
} else {
sigs = tls12_sigalgs;
siglen = OSSL_NELEM(tls12_sigalgs);
}
for (i = 0; i < siglen; i++) {
const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
if (lu == NULL)
continue;
if (lu->sig == EVP_PKEY_EC
&& lu->curve != NID_undef
&& curve == lu->curve)
return 1;
}
return 0;
}
#endif
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
@ -1087,6 +1124,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
return 1;
}
int SSL_get_signature_type_nid(const SSL *s, int *pnid)
{
if (s->s3->tmp.sigalg == NULL)
return 0;
*pnid = s->s3->tmp.sigalg->sig;
return 1;
}
/*
* Set a mask of disabled algorithms: an algorithm is disabled if it isn't
* supported, doesn't appear in supported signature algorithms, isn't supported

59
crypto/external/bsd/openssl/dist/test/ecdsatest.c vendored
View File

@ -13,7 +13,7 @@
#include <string.h>
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
# include "testutil.h"
#include "testutil.h"
#ifndef OPENSSL_NO_EC
@ -25,6 +25,7 @@
# ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
# endif
# include <openssl/sha.h>
# include <openssl/err.h>
# include <openssl/rand.h>
@ -103,7 +104,7 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
{
int ret = 0;
const char message[] = "abc";
unsigned char digest[20];
unsigned char digest[SHA_DIGEST_LENGTH];
unsigned int dgst_len = 0;
EVP_MD_CTX *md_ctx;
EC_KEY *key = NULL;
@ -135,7 +136,8 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
/* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)))
goto x962_int_err;
if (!TEST_ptr(signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key)))
if (!TEST_ptr(signature =
ECDSA_do_sign_ex(digest, SHA_DIGEST_LENGTH, kinv, rp, key)))
goto x962_int_err;
/* compare the created signature with the expected signature */
@ -149,7 +151,8 @@ static int x9_62_test_internal(int nid, const char *r_in, const char *s_in)
goto x962_int_err;
/* verify the signature */
if (!TEST_int_eq(ECDSA_do_verify(digest, 20, signature, key), 1))
if (!TEST_int_eq(ECDSA_do_verify(digest, SHA_DIGEST_LENGTH,
signature, key), 1))
goto x962_int_err;
ret = 1;
@ -211,7 +214,8 @@ static int test_builtin(void)
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char digest[SHA512_DIGEST_LENGTH];
unsigned char wrong_digest[SHA512_DIGEST_LENGTH];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
@ -223,8 +227,8 @@ static int test_builtin(void)
int nid, ret = 0;
/* fill digest values with some random data */
if (!TEST_true(RAND_bytes(digest, 20))
|| !TEST_true(RAND_bytes(wrong_digest, 20)))
if (!TEST_true(RAND_bytes(digest, SHA512_DIGEST_LENGTH))
|| !TEST_true(RAND_bytes(wrong_digest, SHA512_DIGEST_LENGTH)))
goto builtin_err;
/* create and verify a ecdsa signature with every available curve */
@ -239,7 +243,7 @@ static int test_builtin(void)
unsigned char dirt, offset;
nid = curves[n].nid;
if (nid == NID_ipsec4)
if (nid == NID_ipsec4 || nid == NID_ipsec3)
continue;
/* create new ecdsa key (== EC_KEY) */
if (!TEST_ptr(eckey = EC_KEY_new())
@ -248,12 +252,7 @@ static int test_builtin(void)
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
if (degree < 160) {
/* drop the curve */
EC_KEY_free(eckey);
eckey = NULL;
continue;
}
TEST_info("testing %s", OBJ_nid2sn(nid));
/* create key */
@ -275,28 +274,32 @@ static int test_builtin(void)
/* create signature */
sig_len = ECDSA_size(eckey);
if (!TEST_ptr(signature = OPENSSL_malloc(sig_len))
|| !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len,
eckey)))
|| !TEST_true(ECDSA_sign(0, digest, SHA512_DIGEST_LENGTH,
signature, &sig_len, eckey)))
goto builtin_err;
/* verify signature */
if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len,
eckey), 1))
if (!TEST_int_eq(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
signature, sig_len, eckey),
1))
goto builtin_err;
/* verify signature with the wrong key */
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len,
wrong_eckey), 1))
if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
signature, sig_len, wrong_eckey),
1))
goto builtin_err;
/* wrong digest */
if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature,
sig_len, eckey), 1))
if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, SHA512_DIGEST_LENGTH,
signature, sig_len, eckey),
1))
goto builtin_err;
/* wrong length */
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature,
sig_len - 1, eckey), 1))
if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
signature, sig_len - 1, eckey),
1))
goto builtin_err;
/*
@ -342,14 +345,15 @@ static int test_builtin(void)
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
if (!TEST_false(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
signature, sig_len, eckey)))
goto builtin_err;
/* Sanity check: undo the modification and verify signature. */
raw_buf[offset] ^= dirt;
if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|| !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len,
bn_len, NULL))
bn_len, NULL))
|| !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r,
unmodified_s))) {
BN_free(unmodified_r);
@ -359,7 +363,8 @@ static int test_builtin(void)
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
if (!TEST_true(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
signature, sig_len, eckey)))
goto builtin_err;
/* cleanup */

46
crypto/external/bsd/openssl/dist/test/evp_extra_test.c vendored
View File

@ -17,6 +17,7 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/kdf.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/evp_int.h"
@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i)
return ret;
}
static int test_HKDF(void)
{
EVP_PKEY_CTX *pctx;
unsigned char out[20];
size_t outlen;
int i, ret = 0;
unsigned char salt[] = "0123456789";
unsigned char key[] = "012345678901234567890123456789";
unsigned char info[] = "infostring";
const unsigned char expected[] = {
0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
};
size_t expectedlen = sizeof(expected);
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
goto done;
/* We do this twice to test reuse of the EVP_PKEY_CTX */
for (i = 0; i < 2; i++) {
outlen = sizeof(out);
memset(out, 0, outlen);
if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
sizeof(salt) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
sizeof(key) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
sizeof(info) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
|| !TEST_mem_eq(out, outlen, expected, expectedlen))
goto done;
}
ret = 1;
done:
EVP_PKEY_CTX_free(pctx);
return ret;
}
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@ -941,5 +986,6 @@ int setup_tests(void)
if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
return 0;
ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
ADD_TEST(test_HKDF);
return 1;
}

37
crypto/external/bsd/openssl/dist/test/evp_test.c vendored
View File

@ -73,8 +73,6 @@ static KEY_LIST *public_keys;
static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
const char *value);
/*
* Compare two memory regions for equality, returning zero if they differ.
@ -459,7 +457,7 @@ typedef struct cipher_data_st {
size_t plaintext_len;
unsigned char *ciphertext;
size_t ciphertext_len;
/* GCM, CCM only */
/* GCM, CCM and OCB only */
unsigned char *aad;
size_t aad_len;
unsigned char *tag;
@ -487,7 +485,7 @@ static int cipher_test_init(EVP_TEST *t, const char *alg)
if (m == EVP_CIPH_GCM_MODE
|| m == EVP_CIPH_OCB_MODE
|| m == EVP_CIPH_CCM_MODE)
cdat->aead = EVP_CIPHER_mode(cipher);
cdat->aead = m;
else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
cdat->aead = -1;
else
@ -927,6 +925,28 @@ static int mac_test_parse(EVP_TEST *t,
return 0;
}
static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
const char *value)
{
int rv;
char *p, *tmpval;
if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
return 0;
p = strchr(tmpval, ':');
if (p != NULL)
*p++ = '\0';
rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
if (rv == -2)
t->err = "PKEY_CTRL_INVALID";
else if (rv <= 0)
t->err = "PKEY_CTRL_ERROR";
else
rv = 1;
OPENSSL_free(tmpval);
return rv > 0;
}
static int mac_test_run(EVP_TEST *t)
{
MAC_DATA *expected = t->data;
@ -972,8 +992,9 @@ static int mac_test_run(EVP_TEST *t)
goto err;
}
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
if (!pkey_test_ctrl(t, pctx,
sk_OPENSSL_STRING_value(expected->controls, i))) {
if (!mac_test_ctrl_pkey(t, pctx,
sk_OPENSSL_STRING_value(expected->controls,
i))) {
t->err = "EVPPKEYCTXCTRL_ERROR";
goto err;
}
@ -2614,8 +2635,8 @@ top:
return 0;
}
if (rv < 0) {
TEST_info("Line %d: error processing keyword %s\n",
t->s.curr, pp->key);
TEST_info("Line %d: error processing keyword %s = %s\n",
t->s.curr, pp->key, pp->value);
return 0;
}
}

12
crypto/external/bsd/openssl/dist/util/mkdef.pl vendored
View File

@ -247,7 +247,7 @@ $crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
$crypto.=" include/internal/sslconf.h";
foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
my $fn = "include/openssl/" . lc(basename($f));
my $fn = "include/openssl/" . basename($f);
$crypto .= " $fn" if !defined $skipthese{$fn};
}
@ -936,16 +936,6 @@ sub do_defs
}
}
# Prune the returned symbols
delete $syms{"bn_dump1"};
$platform{"BIO_s_log"} .= ",!WIN32,!macintosh";
$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
# Info we know about
push @ret, map { $_."\\".&info_string($_,"EXIST",

3
crypto/external/bsd/openssl/lib/libcrypto/crypto.inc vendored
View File

@ -1,4 +1,4 @@
# $NetBSD: crypto.inc,v 1.8 2018/09/23 13:33:04 christos Exp $
# $NetBSD: crypto.inc,v 1.9 2018/12/08 22:35:44 christos Exp $
#
# @(#) Copyright (c) 1995 Simon J. Gerraty
#
@ -15,6 +15,7 @@ ctype.c \
cversion.c \
ebcdic.c \
ex_data.c \
getenv.c \
init.c \
mem.c \
mem_dbg.c \