MFV: openssl 3.5.7
This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.
More information about the release (from a high level) can be found in
the release notes [1].
1. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
All conflicts were resolved with `--theirs`, taking the release diff
over the local diff; the conflicts occurred due to preemptive security
fixes applied by so@ in e508c343.
MFC after: 3 days (the important security issues have been
preemptively addressed)
Merge commit '3a71a35ad9dad0e5d2cad8efecc8ba9d57c42d43'
Conflicts:
crypto/openssl/include/internal/quic_channel.h
crypto/openssl/ssl/quic/quic_channel_local.h
crypto/openssl/ssl/quic/quic_rx_depack.c
crypto/openssl/test/cmsapitest.c
crypto/openssl/test/evp_extra_test.c
This commit is contained in:
@@ -28,6 +28,303 @@ OpenSSL Releases
|
||||
OpenSSL 3.5
|
||||
-----------
|
||||
|
||||
### Changes between 3.5.6 and 3.5.7 [9 Jun 2026]
|
||||
|
||||
* Fixed heap use-after-free in `PKCS7_verify()`.
|
||||
|
||||
Severity: High
|
||||
|
||||
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
|
||||
trigger a use-after-free during PKCS#7 signature verification.
|
||||
|
||||
Impact summary: A use-after-free may result in process crashes, heap
|
||||
corruption, or, potentially, remote code execution.
|
||||
|
||||
Reported by: Thai Duong (Calif.io in collaboration with Claude
|
||||
and Anthropic Research).
|
||||
|
||||
([CVE-2026-45447])
|
||||
|
||||
*Igor Ustinov*
|
||||
|
||||
* Fixed CMS `AuthEnvelopedData` processing may accept forged messages.
|
||||
|
||||
Severity: Moderate
|
||||
|
||||
Issue Summary: Cryptographic Message Services (CMS) processing fails
|
||||
to perform sufficient input validation on the cipher and tag length fields
|
||||
of `AuthEnvelopedData` containers, leading to various potential compromises.
|
||||
|
||||
Impact Summary: Attackers making use of these vulnerabilities may achieve
|
||||
key-equivalent functionality for a given CMS recipient and/or bypass
|
||||
integrity validation for a given message.
|
||||
|
||||
Reported by: Asim Viladi Oglu Manizada, Alex Gaynor (Anthropic),
|
||||
Ying Dong, and Haiyang Huang.
|
||||
|
||||
([CVE-2026-34182])
|
||||
|
||||
*Neil Horman*
|
||||
|
||||
* Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler.
|
||||
|
||||
Severity: Moderate
|
||||
|
||||
Issue summary: Remote peer may exhaust heap memory of the QUIC server
|
||||
or client by flooding it with packets containing `PATH_CHALLENGE` frames.
|
||||
|
||||
Impact summary: A malicious remote peer can cause an unbounded memory
|
||||
allocation which can lead to an abnormal termination of the application
|
||||
acting as a QUIC client or server and a Denial of Service.
|
||||
|
||||
Reported by: Abhinav Agarwal.
|
||||
|
||||
([CVE-2026-34183])
|
||||
|
||||
*Abhinav Agarwal and Alexandr Nedvedicky*
|
||||
|
||||
* Fixed NULL pointer dereference in QUIC server initial packet handling.
|
||||
|
||||
Severity: Moderate
|
||||
|
||||
Issue summary: Receiving a QUIC initial packet with an invalid token
|
||||
may trigger a NULL pointer dereference in the OpenSSL QUIC server
|
||||
with address validation disabled.
|
||||
|
||||
Impact summary: NULL pointer dereference typically causes abnormal
|
||||
termination of the affected QUIC server process and a Denial of Service.
|
||||
|
||||
Reported by: Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH),
|
||||
and Seunghyun Yoon (KENTECH).
|
||||
|
||||
([CVE-2026-42764])
|
||||
|
||||
*Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH), and Seunghyun Yoon (KENTECH)*
|
||||
|
||||
* Fixed AES-OCB IV ignored on `EVP_Cipher()` path.
|
||||
|
||||
Severity: Moderate
|
||||
|
||||
Issue summary: When an application drives an AES-OCB context through
|
||||
the public `EVP_Cipher()` one-shot interface, the application-supplied
|
||||
initialisation vector (IV) is silently discarded.
|
||||
|
||||
Impact summary: Every message encrypted under the same key uses the same
|
||||
effective nonce regardless of the IV supplied by the caller, resulting
|
||||
in `(key, nonce)` reuse and loss of confidentiality. If the same code path
|
||||
is used to compute the authentication tag, the tag depends only
|
||||
on the `(key, IV)` pair and not on the plaintext or ciphertext, allowing
|
||||
universal forgery of arbitrary ciphertext from a single captured message.
|
||||
|
||||
Reported by: Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-45445])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed possible heap buffer overflow in ASN.1 multibyte string conversion.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: A signed integer overflow when sizing the destination
|
||||
buffer for Unicode output in `ASN1_mbstring_ncopy()` can lead to a heap
|
||||
buffer overflow.
|
||||
|
||||
Impact summary: A heap buffer overflow may lead to a crash or possibly
|
||||
attacker controlled code execution or other undefined behaviour.
|
||||
|
||||
Reported by: Zehua Qiao and Jinwen He.
|
||||
|
||||
([CVE-2026-7383])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed out-of-bounds read in CMS password-based decryption.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: When CMS password-based decryption ([RFC 3211]/PWRI key
|
||||
unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode
|
||||
KEK cipher can trigger a heap out-of-bounds read in `kek_unwrap_key()`.
|
||||
|
||||
Impact summary: A heap buffer over-read may trigger a crash, which leads
|
||||
to Denial of Service for an application if the input buffer ends at a memory
|
||||
page boundary and the following page is unmapped. There is no information
|
||||
disclosure, as the over-read bytes are not revealed to the attacker.
|
||||
|
||||
Reported by: Bhabani Sankar Das and Haruki Oyama (Waseda University).
|
||||
|
||||
([CVE-2026-9076])
|
||||
|
||||
*Nikola Pajkovský*
|
||||
|
||||
* Fixed heap buffer over-read in ASN.1 content parsing.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
|
||||
element whose content exceeds 2 gigabytes in length may cause a heap buffer
|
||||
over-read on 64-bit Unix and Unix-like platforms.
|
||||
|
||||
Impact summary: The heap buffer over-read may crash the application (Denial
|
||||
of Service) or to load into the decoded ASN.1 object contents of memory
|
||||
beyond the end of the input buffer. More typically, such ASN.1 elements
|
||||
would instead be truncated.
|
||||
|
||||
Reported by: Frank Buss.
|
||||
|
||||
([CVE-2026-34180])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
|
||||
validation for files that use Password-Based Message Authentication Code 1
|
||||
(PBMAC1) integrity mechanism allowing a certificate and private key forgery.
|
||||
|
||||
Impact Summary: An attacker impersonating a user can cause a service reading
|
||||
PKCS#12 files to accept forged certificates and private keys with a 1 in 256
|
||||
probability.
|
||||
|
||||
Reported by: Pavol Žáčik (Red Hat) and Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-34181])
|
||||
|
||||
*Alicja Kario (Red Hat)*
|
||||
|
||||
* Fixed possible NULL dereference in password-dased CMS decryption.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: A specially crafted password-encrypted CMS message
|
||||
could trigger a NULL pointer dereference during CMS decryption.
|
||||
|
||||
Impact summary: This NULL pointer dereference could lead to an application
|
||||
crash and a Denial of Service.
|
||||
|
||||
Reported by: Mayank Jangid, Kushal Khemka, Hari Priandana,
|
||||
Bhabani Sankar Das, and Qifan Zhang (Palo Alto Networks).
|
||||
|
||||
([CVE-2026-42766])
|
||||
|
||||
*Igor Ustinov*
|
||||
|
||||
* Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
|
||||
server could trigger a NULL pointer dereference in a CMP client application.
|
||||
|
||||
Impact summary: A NULL pointer dereference could cause a crash
|
||||
of the application and a Denial of Service.
|
||||
|
||||
Reported by: Zhanpeng Liu (Tencent Xuanwu Lab),
|
||||
Guannan Wang (Tencent Xuanwu Lab), and Guancheng Li (Tencent Xuanwu Lab).
|
||||
|
||||
([CVE-2026-42767])
|
||||
|
||||
*Igor Ustinov*
|
||||
|
||||
* Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()`
|
||||
and `PKCS7_decrypt()`.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: The `CMS_decrypt()` and `PKCS7_decrypt()` functions
|
||||
are vulnerable to Bleichenbacher-style attack when an attacker is able
|
||||
to provide CMS or S/MIME messages and observe the error code
|
||||
and/or decryption output.
|
||||
|
||||
Impact summary: The Bleichenbacher-style attack allows an attacker to use
|
||||
the victim's vulnerable application as a way to decrypt or sign messages
|
||||
with the victim's private RSA key.
|
||||
|
||||
Reported by: Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-42768])
|
||||
|
||||
*Dmitry Belyavskiy (Red Hat) and Alicja Kario (Red Hat)*
|
||||
|
||||
* Fixed trust anchor substitution via `cert`/`issuer` typo in CMP
|
||||
`rootCaKeyUpdate`.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue Summary: An error in the callback used to verify the certificate
|
||||
provided in a Root CA key update Certificate Management Protocol (CMP)
|
||||
message response rendered the certificate validation ineffectual,
|
||||
which could lead to escalation of credentials from the Registration
|
||||
Authority (RA) level to the root Certification Authority (root CA) level.
|
||||
|
||||
Impact Summary: The Registration Authority could replace the root CA
|
||||
certificate for the CMP clients with an arbitrary root CA certificate.
|
||||
|
||||
Reported by: Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-42769])
|
||||
|
||||
*Alex Gaynor (Anthropic) and Bob Beck*
|
||||
|
||||
* Fixed FFC-DH peer validation uses attacker-supplied `q`.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: When `EVP_PKEY_derive_set_peer()` is called with a DHX (X9.42)
|
||||
peer key, the peer key is not properly checked for the subgroup membership.
|
||||
|
||||
Impact summary: A malicious peer which presents an X9.42 key carrying
|
||||
the victim's `p` and `g` parameters, a forged `q = r` (a small prime factor
|
||||
of the cofactor `(p − 1)/q_local`), and a public value `Y` of order `r` can
|
||||
recover the victim's private key after a small number of key exchange
|
||||
attempts.
|
||||
|
||||
Reported by: Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-42770])
|
||||
|
||||
*Alex Gaynor (Anthropic), Viktor Dukhovni, and Norbert Pócs*
|
||||
|
||||
* Fixed incorrect tag processing for empty messages in AES-GCM-SIV
|
||||
and AES-SIV modes.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: The implementations of AES-SIV ([RFC 5297]) and AES-GCM-SIV
|
||||
([RFC 8452]) mishandle the authentication of AAD (Additional Authenticated
|
||||
Data) with an empty ciphertext, allowing forgery of such messages.
|
||||
|
||||
Impact summary: An attacker can forge empty messages with arbitrary AAD
|
||||
to the victim's application using these ciphers.
|
||||
|
||||
Reported by: Alex Gaynor (Anthropic).
|
||||
|
||||
([CVE-2026-45446])
|
||||
|
||||
*Dmitry Belyavskiy (Red Hat)*
|
||||
|
||||
* Fixed TLS 1.3 server not sending `NewSessionTicket` message
|
||||
after ciphersuite mismatch.
|
||||
<!-- https://github.com/openssl/openssl/pull/30626 -->
|
||||
|
||||
*Daniel Kubec*
|
||||
|
||||
* Implemented validation of the minimal length of PSK identity
|
||||
being of at least one byte long, as required per [RFC 8446].
|
||||
<!-- https://github.com/openssl/openssl/pull/31058 -->
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
* Fixed usage of stale application buffer pointer by kTLS implementation
|
||||
after incomplete writes when `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` is set,
|
||||
that led to invalid memory reads and sending of incorrect data.
|
||||
<!-- https://github.com/openssl/openssl/pull/31146 -->
|
||||
|
||||
*Ilya Maximets*
|
||||
|
||||
### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
|
||||
|
||||
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
|
||||
@@ -21961,6 +22258,8 @@ ndif
|
||||
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
|
||||
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
|
||||
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
|
||||
[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
|
||||
[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
|
||||
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
|
||||
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
|
||||
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
|
||||
@@ -21969,5 +22268,22 @@ ndif
|
||||
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
|
||||
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
|
||||
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
|
||||
[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
|
||||
[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181
|
||||
[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182
|
||||
[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183
|
||||
[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764
|
||||
[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
|
||||
[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767
|
||||
[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768
|
||||
[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769
|
||||
[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770
|
||||
[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445
|
||||
[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446
|
||||
[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
|
||||
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
||||
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||
[RFC 3211]: https://datatracker.ietf.org/doc/html/rfc3211
|
||||
[RFC 5297]: https://datatracker.ietf.org/doc/html/rfc5297
|
||||
[RFC 8446]: https://datatracker.ietf.org/doc/html/rfc8446
|
||||
[RFC 8452]: https://datatracker.ietf.org/doc/html/rfc8452
|
||||
|
||||
@@ -502,7 +502,7 @@ The build-file template is processed with the perl module
|
||||
Text::Template, using `{-` and `-}` as delimiters that enclose the
|
||||
perl code fragments that generate configuration-dependent content.
|
||||
Those perl fragments have access to all the hash variables from
|
||||
configdata.pem.
|
||||
configdata.pm.
|
||||
|
||||
The build-file template is expected to define at least the following
|
||||
perl functions in a perl code fragment enclosed with `{-` and `-}`.
|
||||
|
||||
+15
-10
@@ -1,6 +1,6 @@
|
||||
#! /usr/bin/env perl
|
||||
# -*- mode: perl; -*-
|
||||
# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -221,16 +221,9 @@ our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
|
||||
#
|
||||
# API compatibility name to version number mapping.
|
||||
#
|
||||
|
||||
# This table expresses when API additions or changes can occur
|
||||
my $apitable = {
|
||||
# This table expresses when API additions or changes can occur.
|
||||
# The numbering used changes from 3.0 and on because we updated
|
||||
# (solidified) our version numbering scheme at that point.
|
||||
|
||||
# From 3.0 and on, we internalise the given version number in decimal
|
||||
# as MAJOR * 10000 + MINOR * 100 + 0
|
||||
"3.0.0" => 30000,
|
||||
"3.0" => 30000,
|
||||
|
||||
# Note that before 3.0, we didn't have the same version number scheme.
|
||||
# Still, the numbering we use here covers what we need.
|
||||
"1.1.1" => 10101,
|
||||
@@ -241,6 +234,18 @@ my $apitable = {
|
||||
"0.9.8" => 908,
|
||||
};
|
||||
|
||||
# From 3.0 and on, we internalise the given version number in decimal
|
||||
# as MAJOR * 10000 + MINOR * 100 + 0
|
||||
my @post30_versions = ([3, 0], [3, 1], [3, 2], [3, 3], [3, 4], [3, 5],
|
||||
);
|
||||
|
||||
# The numbering used changes from 3.0 and on because we updated
|
||||
# (solidified) our version numbering scheme at that point.
|
||||
foreach (@post30_versions) {
|
||||
my ($x, $y) = @{$_};
|
||||
$apitable->{"$x.$y.0"} = $apitable->{"$x.$y"} = $x * 10000 + $y * 100;
|
||||
}
|
||||
|
||||
# For OpenSSL::config::get_platform
|
||||
my %guess_opts = ();
|
||||
|
||||
|
||||
+71
-1
@@ -23,10 +23,65 @@ OpenSSL Releases
|
||||
OpenSSL 3.5
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.5.6 and OpenSSL 3.5.7 [9 Jun 2026]
|
||||
|
||||
OpenSSL 3.5.7 is a security patch release. The most severe CVE fixed
|
||||
in this release is High.
|
||||
|
||||
This release incorporates the following bug fixes and mitigations:
|
||||
|
||||
* Fixed heap use-after-free in `PKCS7_verify()`.
|
||||
([CVE-2026-45447])
|
||||
|
||||
* Fixed CMS `AuthEnvelopedData` processing may accept forged messages.
|
||||
([CVE-2026-34182])
|
||||
|
||||
* Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler.
|
||||
([CVE-2026-34183])
|
||||
|
||||
* Fixed NULL pointer dereference in QUIC server initial packet handling.
|
||||
([CVE-2026-42764])
|
||||
|
||||
* Fixed AES-OCB IV ignored on `EVP_Cipher()` path.
|
||||
([CVE-2026-45445])
|
||||
|
||||
* Fixed possible heap buffer overflow in ASN.1 multibyte string conversion.
|
||||
([CVE-2026-7383])
|
||||
|
||||
* Fixed out-of-bounds read in CMS password-based decryption.
|
||||
([CVE-2026-9076])
|
||||
|
||||
* Fixed heap buffer over-read in ASN.1 content parsing.
|
||||
([CVE-2026-34180])
|
||||
|
||||
* Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys.
|
||||
([CVE-2026-34181])
|
||||
|
||||
* Fixed possible NULL dereference in password-dased CMS decryption.
|
||||
([CVE-2026-42766])
|
||||
|
||||
* Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption.
|
||||
([CVE-2026-42767])
|
||||
|
||||
* Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()`
|
||||
and `PKCS7_decrypt()`.
|
||||
([CVE-2026-42768])
|
||||
|
||||
* Fixed trust anchor substitution via `cert`/`issuer` typo in CMP
|
||||
`rootCaKeyUpdate`.
|
||||
([CVE-2026-42769])
|
||||
|
||||
* Fixed FFC-DH peer validation uses attacker-supplied `q`.
|
||||
([CVE-2026-42770])
|
||||
|
||||
* Fixed incorrect tag processing for empty messages in AES-GCM-SIV
|
||||
and AES-SIV modes.
|
||||
([CVE-2026-45446])
|
||||
|
||||
### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
|
||||
|
||||
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
|
||||
release is Medium.
|
||||
release is Moderate.
|
||||
|
||||
This release incorporates the following bug fixes and mitigations:
|
||||
|
||||
@@ -2210,6 +2265,8 @@ OpenSSL 0.9.x
|
||||
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
|
||||
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
|
||||
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
|
||||
[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383
|
||||
[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076
|
||||
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
|
||||
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
|
||||
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
|
||||
@@ -2218,6 +2275,19 @@ OpenSSL 0.9.x
|
||||
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
|
||||
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
|
||||
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
|
||||
[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180
|
||||
[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181
|
||||
[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182
|
||||
[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183
|
||||
[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764
|
||||
[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766
|
||||
[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767
|
||||
[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768
|
||||
[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769
|
||||
[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770
|
||||
[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445
|
||||
[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446
|
||||
[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447
|
||||
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
||||
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
|
||||
[README-QUIC.md]: ./README-QUIC.md
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
MAJOR=3
|
||||
MINOR=5
|
||||
PATCH=6
|
||||
PATCH=7
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="7 Apr 2026"
|
||||
RELEASE_DATE="9 Jun 2026"
|
||||
SHLIB_VERSION=3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -716,7 +716,7 @@ int enc_main(int argc, char **argv)
|
||||
|
||||
skey = EVP_SKEY_import(app_get0_libctx(), EVP_SKEYMGMT_get0_name(mgmt),
|
||||
app_get0_propq(), OSSL_SKEYMGMT_SELECT_ALL, params);
|
||||
OSSL_PARAM_free(params);
|
||||
app_params_free(params);
|
||||
if (skey == NULL) {
|
||||
BIO_printf(bio_err, "Error creating opaque key object for skeymgmt %s\n",
|
||||
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
|
||||
|
||||
@@ -1057,9 +1057,12 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
|
||||
if (ok)
|
||||
pcert = NULL;
|
||||
} else if (pcerts != NULL) {
|
||||
ok = X509_add_cert(*pcerts,
|
||||
OSSL_STORE_INFO_get1_CERT(info),
|
||||
X509_ADD_FLAG_DEFAULT);
|
||||
X509 *cert = OSSL_STORE_INFO_get1_CERT(info);
|
||||
|
||||
ok = cert != NULL
|
||||
&& X509_add_cert(*pcerts, cert, X509_ADD_FLAG_DEFAULT);
|
||||
if (!ok)
|
||||
X509_free(cert);
|
||||
}
|
||||
ncerts += ok;
|
||||
break;
|
||||
@@ -1069,7 +1072,11 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
|
||||
if (ok)
|
||||
pcrl = NULL;
|
||||
} else if (pcrls != NULL) {
|
||||
ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info));
|
||||
X509_CRL *crl = OSSL_STORE_INFO_get1_CRL(info);
|
||||
|
||||
ok = crl != NULL && sk_X509_CRL_push(*pcrls, crl);
|
||||
if (!ok)
|
||||
X509_CRL_free(crl);
|
||||
}
|
||||
ncrls += ok;
|
||||
break;
|
||||
|
||||
@@ -345,6 +345,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
STACK_OF(ASN1_UTF8STRING) *strs;
|
||||
ASN1_UTF8STRING *str;
|
||||
const char *data;
|
||||
int len;
|
||||
|
||||
if (OBJ_obj2nid(obj) == NID_id_it_certProfile) {
|
||||
if (!OSSL_CMP_ITAV_get0_certProfile(itav, &strs))
|
||||
@@ -359,7 +360,8 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
|
||||
return NULL;
|
||||
}
|
||||
if (strcmp(data, "profile1") != 0) {
|
||||
if (((len = ASN1_STRING_length(str)) != (int)sizeof("profile1") - 1)
|
||||
|| memcmp(data, "profile1", len) != 0) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_CERTPROFILE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -1490,6 +1490,9 @@ static void list_disabled(void)
|
||||
#ifdef OPENSSL_NO_DSA
|
||||
BIO_puts(bio_out, "DSA\n");
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_SIPHASH
|
||||
BIO_puts(bio_out, "SIPHASH\n");
|
||||
#endif
|
||||
#if defined(OPENSSL_NO_DTLS)
|
||||
BIO_puts(bio_out, "DTLS\n");
|
||||
#endif
|
||||
|
||||
@@ -2549,7 +2549,7 @@ int s_client_main(int argc, char **argv)
|
||||
"xmlns='jabber:%s' to='%s' version='1.0'>",
|
||||
starttls_proto == PROTO_XMPP ? "client" : "server",
|
||||
protohost ? protohost : host);
|
||||
seen = BIO_read(sbio, mbuf, BUFSIZZ);
|
||||
seen = BIO_read(sbio, mbuf, BUFSIZZ - 1);
|
||||
if (seen < 0) {
|
||||
BIO_printf(bio_err, "BIO_read failed\n");
|
||||
goto end;
|
||||
@@ -2558,7 +2558,7 @@ int s_client_main(int argc, char **argv)
|
||||
while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
|
||||
&& !strstr(mbuf,
|
||||
"<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
|
||||
seen = BIO_read(sbio, mbuf, BUFSIZZ);
|
||||
seen = BIO_read(sbio, mbuf, BUFSIZZ - 1);
|
||||
|
||||
if (seen <= 0)
|
||||
goto shut;
|
||||
@@ -2567,7 +2567,7 @@ int s_client_main(int argc, char **argv)
|
||||
}
|
||||
BIO_printf(sbio,
|
||||
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
|
||||
seen = BIO_read(sbio, sbuf, BUFSIZZ);
|
||||
seen = BIO_read(sbio, sbuf, BUFSIZZ - 1);
|
||||
if (seen < 0) {
|
||||
BIO_printf(bio_err, "BIO_read failed\n");
|
||||
goto shut;
|
||||
@@ -2793,7 +2793,7 @@ int s_client_main(int argc, char **argv)
|
||||
"Didn't find STARTTLS in server response,"
|
||||
" trying anyway...\n");
|
||||
BIO_printf(sbio, "STARTTLS\r\n");
|
||||
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
|
||||
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ - 1);
|
||||
if (mbuf_len < 0) {
|
||||
BIO_printf(bio_err, "BIO_read failed\n");
|
||||
goto end;
|
||||
@@ -2834,7 +2834,7 @@ int s_client_main(int argc, char **argv)
|
||||
"Didn't find STARTTLS in server response,"
|
||||
" trying anyway...\n");
|
||||
BIO_printf(sbio, "STARTTLS\r\n");
|
||||
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
|
||||
mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ - 1);
|
||||
if (mbuf_len < 0) {
|
||||
BIO_printf(bio_err, "BIO_read failed\n");
|
||||
goto end;
|
||||
@@ -3307,7 +3307,7 @@ int s_client_main(int argc, char **argv)
|
||||
if (crlf) {
|
||||
int j, lf_num;
|
||||
|
||||
i = raw_read_stdin(cbuf, BUFSIZZ / 2);
|
||||
i = raw_read_stdin(cbuf, (BUFSIZZ - 1) / 2);
|
||||
lf_num = 0;
|
||||
/* both loops are skipped when i <= 0 */
|
||||
for (j = 0; j < i; j++)
|
||||
@@ -3323,7 +3323,7 @@ int s_client_main(int argc, char **argv)
|
||||
}
|
||||
assert(lf_num == 0);
|
||||
} else
|
||||
i = raw_read_stdin(cbuf, BUFSIZZ);
|
||||
i = raw_read_stdin(cbuf, BUFSIZZ - 1);
|
||||
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
|
||||
if (i == 0)
|
||||
at_eof = 1;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -106,7 +106,7 @@ int skeyutl_main(int argc, char **argv)
|
||||
skey = EVP_SKEY_generate(app_get0_libctx(),
|
||||
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
|
||||
app_get0_propq(), params);
|
||||
OSSL_PARAM_free(params);
|
||||
app_params_free(params);
|
||||
if (skey == NULL) {
|
||||
BIO_printf(bio_err, "Error creating opaque key for skeymgmt %s\n",
|
||||
skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -3138,8 +3138,9 @@ int speed_main(int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG,
|
||||
TAG_LEN, &loopargs[k].tag)) {
|
||||
if (EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG,
|
||||
TAG_LEN, &loopargs[k].tag)
|
||||
<= 0) {
|
||||
BIO_printf(bio_err, "\nFailed to get the tag\n");
|
||||
dofail();
|
||||
exit(1);
|
||||
|
||||
+138
-1338
File diff suppressed because it is too large
Load Diff
+449
-4467
File diff suppressed because it is too large
Load Diff
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -479,11 +479,16 @@ aes_fx_cbc_encrypt:
|
||||
ldd [$end + 24], %f12
|
||||
|
||||
movrz $len, 0, $inc
|
||||
|
||||
brz,pn $len, .Lcbc_enc_skip_load
|
||||
nop
|
||||
|
||||
fmovd $intail, $in0
|
||||
ldd [$inp - 8], $in1 ! load next input block
|
||||
ldda [$inp]0x82, $intail ! non-faulting load
|
||||
add $inp, $inc, $inp ! inp+=16
|
||||
|
||||
.Lcbc_enc_skip_load:
|
||||
fmovd %f0, %f4
|
||||
faesencx %f2, %f6, %f0
|
||||
faesencx %f4, %f8, %f2
|
||||
@@ -694,11 +699,16 @@ aes_fx_cbc_encrypt:
|
||||
fmovd $in1, $iv1
|
||||
|
||||
movrz $len, 0, $inc
|
||||
|
||||
brz,pn $len, .Lcbc_dec_skip_load
|
||||
nop
|
||||
|
||||
fmovd $intail, $in0
|
||||
ldd [$inp - 8], $in1 ! load next input block
|
||||
ldda [$inp]0x82, $intail ! non-faulting load
|
||||
add $inp, $inc, $inp ! inp+=16
|
||||
|
||||
.Lcbc_dec_skip_load:
|
||||
fmovd %f0, %f4
|
||||
faesdecx %f2, %f10, %f0
|
||||
faesdecx %f4, %f12, %f2
|
||||
@@ -953,11 +963,16 @@ aes_fx_ctr32_encrypt_blocks:
|
||||
fxor $in1, $rllo, %f8
|
||||
|
||||
movrz $len, 0, $inc
|
||||
|
||||
brz,pn $len, .Lctr32_enc_skip_load
|
||||
nop
|
||||
|
||||
fmovd $intail, $in0
|
||||
ldd [$inp - 8], $in1 ! load next input block
|
||||
ldda [$inp]0x82, $intail ! non-faulting load
|
||||
add $inp, $inc, $inp ! inp+=16
|
||||
|
||||
.Lctr32_enc_skip_load:
|
||||
fmovd %f0, %f4
|
||||
faesencx %f2, %f10, %f0
|
||||
faesencx %f4, %f12, %f2
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -104,7 +104,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
|
||||
}
|
||||
#endif
|
||||
|
||||
#define HEADER_SIZE 8
|
||||
#define HEADER_SIZE 2
|
||||
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
|
||||
int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
{
|
||||
@@ -138,7 +138,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
goto err;
|
||||
}
|
||||
i = BIO_read(in, &(b->data[len]), want);
|
||||
if (i < 0 && diff == 0) {
|
||||
if (i <= 0) {
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
}
|
||||
@@ -154,12 +154,65 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
}
|
||||
/* else data already loaded */
|
||||
|
||||
/* make sure there is enough data for a complete header */
|
||||
p = (unsigned char *)&(b->data[off]);
|
||||
q = p;
|
||||
diff = len - off;
|
||||
if (diff == 0)
|
||||
if (diff < 2) {
|
||||
/* Failed sanity check */
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
|
||||
goto err;
|
||||
inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff);
|
||||
}
|
||||
|
||||
diff--;
|
||||
if ((*(q++) & V_ASN1_PRIMITIVE_TAG) == V_ASN1_PRIMITIVE_TAG) {
|
||||
unsigned int n = 0;
|
||||
/* Multi-byte tag. See if we have the whole thing yet */
|
||||
do {
|
||||
if (n > 4) {
|
||||
/* The tag value must fit into int */
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
++n;
|
||||
diff--;
|
||||
} while (diff > 0 && *(q++) & 0x80);
|
||||
|
||||
if (diff == 0) {
|
||||
/*
|
||||
* End of current data, will need at least 1 more byte for
|
||||
* length. 2 if the tag is still incomplete
|
||||
*/
|
||||
want = q - p + 2;
|
||||
if (*q & 0x80) {
|
||||
want++;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/* Check the length. This should also work for indefinite length */
|
||||
diff--;
|
||||
if (*q & 0x80) {
|
||||
unsigned int n = *q & 0x7f;
|
||||
|
||||
if (n > sizeof(long)) {
|
||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
|
||||
goto err;
|
||||
}
|
||||
if (n > diff) {
|
||||
want = q - p + n + 1;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* We have a complete header now, assuming we didn't hit EOF. Parse the
|
||||
* tag and length
|
||||
*/
|
||||
q = p;
|
||||
diff = len - off;
|
||||
inf = ASN1_get_object(&q, &slen, &tag, &xclass, (int)diff);
|
||||
if (inf & 0x80) {
|
||||
unsigned long e;
|
||||
|
||||
@@ -169,8 +222,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
|
||||
ERR_pop_to_mark();
|
||||
ERR_set_mark();
|
||||
}
|
||||
i = q - p; /* header length */
|
||||
off += i; /* end of data */
|
||||
off += q - p; /* end of data */
|
||||
|
||||
if (inf & 1) {
|
||||
/* no data body so go round again */
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -129,7 +129,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
|
||||
*inf = 0;
|
||||
i = *p & 0x7f;
|
||||
if (*p++ & 0x80) {
|
||||
if (max < i + 1)
|
||||
if (max < i)
|
||||
return 0;
|
||||
/* Skip leading zeroes */
|
||||
while (i > 0 && *p == 0) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -665,16 +665,18 @@ static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **r
|
||||
#else
|
||||
1
|
||||
#endif
|
||||
|| (flags & SMIME_CRLFEOL) != 0)
|
||||
BIO_write(bpart, "\r\n", 2);
|
||||
else
|
||||
BIO_write(bpart, "\n", 1);
|
||||
|| (flags & SMIME_CRLFEOL) != 0) {
|
||||
if (BIO_write(bpart, "\r\n", 2) < 2)
|
||||
goto err;
|
||||
} else if (BIO_write(bpart, "\n", 1) < 1)
|
||||
goto err;
|
||||
}
|
||||
eol = next_eol;
|
||||
if (len > 0)
|
||||
BIO_write(bpart, linebuf, len);
|
||||
if (len > 0 && BIO_write(bpart, linebuf, len) < len)
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
err:
|
||||
BIO_free(bpart);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -68,8 +68,8 @@
|
||||
#undef NO_RECVMMSG
|
||||
#define NO_RECVMMSG
|
||||
#endif
|
||||
#if defined(_AIX) && !defined(_AIX72)
|
||||
/* AIX >= 7.2 provides sendmmsg() and recvmmsg(). */
|
||||
#if defined(_AIX)
|
||||
/* AIX header files don't properly expose sendmmsg/recvmmsg declarations */
|
||||
#undef NO_RECVMMSG
|
||||
#define NO_RECVMMSG
|
||||
#endif
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -305,6 +305,7 @@ static int dgram_mem_init(BIO *bio)
|
||||
b = bio->ptr;
|
||||
|
||||
if (ring_buf_init(&b->rbuf, b->req_buf_len) == 0) {
|
||||
dgram_pair_free(bio);
|
||||
ERR_raise(ERR_LIB_BIO, ERR_R_BIO_LIB);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -24,102 +24,16 @@
|
||||
BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
|
||||
{
|
||||
static const unsigned char RFC2409_PRIME_768[] = {
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xC9,
|
||||
0x0F,
|
||||
0xDA,
|
||||
0xA2,
|
||||
0x21,
|
||||
0x68,
|
||||
0xC2,
|
||||
0x34,
|
||||
0xC4,
|
||||
0xC6,
|
||||
0x62,
|
||||
0x8B,
|
||||
0x80,
|
||||
0xDC,
|
||||
0x1C,
|
||||
0xD1,
|
||||
0x29,
|
||||
0x02,
|
||||
0x4E,
|
||||
0x08,
|
||||
0x8A,
|
||||
0x67,
|
||||
0xCC,
|
||||
0x74,
|
||||
0x02,
|
||||
0x0B,
|
||||
0xBE,
|
||||
0xA6,
|
||||
0x3B,
|
||||
0x13,
|
||||
0x9B,
|
||||
0x22,
|
||||
0x51,
|
||||
0x4A,
|
||||
0x08,
|
||||
0x79,
|
||||
0x8E,
|
||||
0x34,
|
||||
0x04,
|
||||
0xDD,
|
||||
0xEF,
|
||||
0x95,
|
||||
0x19,
|
||||
0xB3,
|
||||
0xCD,
|
||||
0x3A,
|
||||
0x43,
|
||||
0x1B,
|
||||
0x30,
|
||||
0x2B,
|
||||
0x0A,
|
||||
0x6D,
|
||||
0xF2,
|
||||
0x5F,
|
||||
0x14,
|
||||
0x37,
|
||||
0x4F,
|
||||
0xE1,
|
||||
0x35,
|
||||
0x6D,
|
||||
0x6D,
|
||||
0x51,
|
||||
0xC2,
|
||||
0x45,
|
||||
0xE4,
|
||||
0x85,
|
||||
0xB5,
|
||||
0x76,
|
||||
0x62,
|
||||
0x5E,
|
||||
0x7E,
|
||||
0xC6,
|
||||
0xF4,
|
||||
0x4C,
|
||||
0x42,
|
||||
0xE9,
|
||||
0xA6,
|
||||
0x3A,
|
||||
0x36,
|
||||
0x20,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F,
|
||||
0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B,
|
||||
0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67,
|
||||
0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
|
||||
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95,
|
||||
0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
|
||||
0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51,
|
||||
0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
|
||||
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
|
||||
}
|
||||
@@ -136,134 +50,19 @@ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
|
||||
BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
|
||||
{
|
||||
static const unsigned char RFC2409_PRIME_1024[] = {
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xC9,
|
||||
0x0F,
|
||||
0xDA,
|
||||
0xA2,
|
||||
0x21,
|
||||
0x68,
|
||||
0xC2,
|
||||
0x34,
|
||||
0xC4,
|
||||
0xC6,
|
||||
0x62,
|
||||
0x8B,
|
||||
0x80,
|
||||
0xDC,
|
||||
0x1C,
|
||||
0xD1,
|
||||
0x29,
|
||||
0x02,
|
||||
0x4E,
|
||||
0x08,
|
||||
0x8A,
|
||||
0x67,
|
||||
0xCC,
|
||||
0x74,
|
||||
0x02,
|
||||
0x0B,
|
||||
0xBE,
|
||||
0xA6,
|
||||
0x3B,
|
||||
0x13,
|
||||
0x9B,
|
||||
0x22,
|
||||
0x51,
|
||||
0x4A,
|
||||
0x08,
|
||||
0x79,
|
||||
0x8E,
|
||||
0x34,
|
||||
0x04,
|
||||
0xDD,
|
||||
0xEF,
|
||||
0x95,
|
||||
0x19,
|
||||
0xB3,
|
||||
0xCD,
|
||||
0x3A,
|
||||
0x43,
|
||||
0x1B,
|
||||
0x30,
|
||||
0x2B,
|
||||
0x0A,
|
||||
0x6D,
|
||||
0xF2,
|
||||
0x5F,
|
||||
0x14,
|
||||
0x37,
|
||||
0x4F,
|
||||
0xE1,
|
||||
0x35,
|
||||
0x6D,
|
||||
0x6D,
|
||||
0x51,
|
||||
0xC2,
|
||||
0x45,
|
||||
0xE4,
|
||||
0x85,
|
||||
0xB5,
|
||||
0x76,
|
||||
0x62,
|
||||
0x5E,
|
||||
0x7E,
|
||||
0xC6,
|
||||
0xF4,
|
||||
0x4C,
|
||||
0x42,
|
||||
0xE9,
|
||||
0xA6,
|
||||
0x37,
|
||||
0xED,
|
||||
0x6B,
|
||||
0x0B,
|
||||
0xFF,
|
||||
0x5C,
|
||||
0xB6,
|
||||
0xF4,
|
||||
0x06,
|
||||
0xB7,
|
||||
0xED,
|
||||
0xEE,
|
||||
0x38,
|
||||
0x6B,
|
||||
0xFB,
|
||||
0x5A,
|
||||
0x89,
|
||||
0x9F,
|
||||
0xA5,
|
||||
0xAE,
|
||||
0x9F,
|
||||
0x24,
|
||||
0x11,
|
||||
0x7C,
|
||||
0x4B,
|
||||
0x1F,
|
||||
0xE6,
|
||||
0x49,
|
||||
0x28,
|
||||
0x66,
|
||||
0x51,
|
||||
0xEC,
|
||||
0xE6,
|
||||
0x53,
|
||||
0x81,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F,
|
||||
0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B,
|
||||
0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67,
|
||||
0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
|
||||
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95,
|
||||
0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
|
||||
0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51,
|
||||
0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
|
||||
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF,
|
||||
0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, 0xFB,
|
||||
0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B,
|
||||
0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1998-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -11,24 +11,24 @@
|
||||
#include "internal/nelem.h"
|
||||
#include "bn_local.h"
|
||||
|
||||
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
|
||||
int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
|
||||
{
|
||||
/*
|
||||
* like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
|
||||
* like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |m|
|
||||
* always holds)
|
||||
*/
|
||||
|
||||
if (r == d) {
|
||||
if (r == m) {
|
||||
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(BN_mod(r, m, d, ctx)))
|
||||
if (!(BN_mod(r, a, m, ctx)))
|
||||
return 0;
|
||||
if (!r->neg)
|
||||
return 1;
|
||||
/* now -|d| < r < 0, so we have to set r := r + |d| */
|
||||
return (d->neg ? BN_sub : BN_add)(r, r, d);
|
||||
/* now -|m| < r < 0, so we have to set r := r + |m| */
|
||||
return (m->neg ? BN_sub : BN_add)(r, r, m);
|
||||
}
|
||||
|
||||
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
|
||||
|
||||
+257
-2049
File diff suppressed because it is too large
Load Diff
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -501,7 +501,7 @@ my ($xv8,$xv9,$xv10,$xv11,$xv12,$xv13,$xv14,$xv15,$xv16,$xv17) = map("v$_",(8..1
|
||||
my ($xv18,$xv19,$xv20,$xv21) = map("v$_",(18..21));
|
||||
my ($xv22,$xv23,$xv24,$xv25,$xv26) = map("v$_",(22..26));
|
||||
|
||||
my $FRAME=$LOCALS+64+9*16; # 8*16 is for v24-v31 offload
|
||||
my $FRAME=$LOCALS+64+9*16+13*8+4*16; # 8*16 for v24-v31 offload, 13*8 for f14-f26, 4*16 for v20-v23
|
||||
|
||||
sub VSX_lane_ROUND_8x {
|
||||
my ($a0,$b0,$c0,$d0,$a4,$b4,$c4,$d4)=@_;
|
||||
@@ -665,7 +665,28 @@ $code.=<<___;
|
||||
addi r11,r11,32
|
||||
stvx v30,r10,$sp
|
||||
stvx v31,r11,$sp
|
||||
stw r12,`$FRAME-4`($sp) # save vrsave
|
||||
stfd f14,`$LOCALS+64+9*16+0*8`($sp) # save FPR14-FPR26 (callee-saved per ELFv2 ABI)
|
||||
stfd f15,`$LOCALS+64+9*16+1*8`($sp)
|
||||
stfd f16,`$LOCALS+64+9*16+2*8`($sp)
|
||||
stfd f17,`$LOCALS+64+9*16+3*8`($sp)
|
||||
stfd f18,`$LOCALS+64+9*16+4*8`($sp)
|
||||
stfd f19,`$LOCALS+64+9*16+5*8`($sp)
|
||||
stfd f20,`$LOCALS+64+9*16+6*8`($sp)
|
||||
stfd f21,`$LOCALS+64+9*16+7*8`($sp)
|
||||
stfd f22,`$LOCALS+64+9*16+8*8`($sp)
|
||||
stfd f23,`$LOCALS+64+9*16+9*8`($sp)
|
||||
stfd f24,`$LOCALS+64+9*16+10*8`($sp)
|
||||
stfd f25,`$LOCALS+64+9*16+11*8`($sp)
|
||||
be?stfd f26,`$LOCALS+64+9*16+12*8`($sp) # BE only
|
||||
li r10,`$LOCALS+64+9*16+13*8+15`
|
||||
li r11,`$LOCALS+64+9*16+13*8+31`
|
||||
stvx v20,r10,$sp # save VMX v20-v23 (callee-saved per ELFv2 ABI)
|
||||
addi r10,r10,32
|
||||
stvx v21,r11,$sp
|
||||
addi r11,r11,32
|
||||
stvx v22,r10,$sp
|
||||
stvx v23,r11,$sp
|
||||
stw r12,`$LOCALS+64+9*16-4`($sp) # save vrsave
|
||||
li r12,-4096+63
|
||||
$PUSH r0, `$FRAME+$LRSAVE`($sp)
|
||||
mtspr 256,r12 # preserve 29 AltiVec registers
|
||||
@@ -1159,7 +1180,28 @@ $code.=<<___;
|
||||
bne Loop_outer_vsx_8x
|
||||
|
||||
Ldone_vsx_8x:
|
||||
lwz r12,`$FRAME-4`($sp) # pull vrsave
|
||||
lwz r12,`$LOCALS+64+9*16-4`($sp) # pull vrsave
|
||||
lfd f14,`$LOCALS+64+9*16+0*8`($sp) # restore FPR14-FPR26 (callee-saved per ELFv2 ABI)
|
||||
lfd f15,`$LOCALS+64+9*16+1*8`($sp)
|
||||
lfd f16,`$LOCALS+64+9*16+2*8`($sp)
|
||||
lfd f17,`$LOCALS+64+9*16+3*8`($sp)
|
||||
lfd f18,`$LOCALS+64+9*16+4*8`($sp)
|
||||
lfd f19,`$LOCALS+64+9*16+5*8`($sp)
|
||||
lfd f20,`$LOCALS+64+9*16+6*8`($sp)
|
||||
lfd f21,`$LOCALS+64+9*16+7*8`($sp)
|
||||
lfd f22,`$LOCALS+64+9*16+8*8`($sp)
|
||||
lfd f23,`$LOCALS+64+9*16+9*8`($sp)
|
||||
lfd f24,`$LOCALS+64+9*16+10*8`($sp)
|
||||
lfd f25,`$LOCALS+64+9*16+11*8`($sp)
|
||||
be?lfd f26,`$LOCALS+64+9*16+12*8`($sp) # BE only
|
||||
li r10,`$LOCALS+64+9*16+13*8+15`
|
||||
li r11,`$LOCALS+64+9*16+13*8+31`
|
||||
lvx v20,r10,$sp # restore VMX v20-v23 (callee-saved per ELFv2 ABI)
|
||||
addi r10,r10,32
|
||||
lvx v21,r11,$sp
|
||||
addi r11,r11,32
|
||||
lvx v22,r10,$sp
|
||||
lvx v23,r11,$sp
|
||||
li r10,`15+$LOCALS+64`
|
||||
li r11,`31+$LOCALS+64`
|
||||
$POP r0, `$FRAME+$LRSAVE`($sp)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2022
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -113,8 +113,7 @@ static OSSL_CMP_ITAV *get_genm_itav(OSSL_CMP_CTX *ctx,
|
||||
for (i = 0; i < n; i++) {
|
||||
OSSL_CMP_ITAV *itav = sk_OSSL_CMP_ITAV_shift(itavs);
|
||||
ASN1_OBJECT *obj = OSSL_CMP_ITAV_get0_type(itav);
|
||||
char name[128] = "genp contains InfoType '";
|
||||
size_t offset = strlen(name);
|
||||
char name[128];
|
||||
|
||||
if (OBJ_obj2nid(obj) == expected) {
|
||||
for (i++; i < n; i++)
|
||||
@@ -123,9 +122,11 @@ static OSSL_CMP_ITAV *get_genm_itav(OSSL_CMP_CTX *ctx,
|
||||
return itav;
|
||||
}
|
||||
|
||||
if (OBJ_obj2txt(name + offset, sizeof(name) - offset, obj, 0) < 0)
|
||||
strcat(name, "<unknown>");
|
||||
ossl_cmp_log2(WARN, ctx, "%s' while expecting 'id-it-%s'", name, desc);
|
||||
if (OBJ_obj2txt(name, sizeof(name), obj, 0) < 0)
|
||||
name[0] = '\0';
|
||||
ossl_cmp_log2(WARN, ctx,
|
||||
"genp contains InfoType '%s' while expecting 'id-it-%s'",
|
||||
name[0] == '\0' ? "<unknown>" : name, desc);
|
||||
OSSL_CMP_ITAV_free(itav);
|
||||
}
|
||||
ERR_raise_data(ERR_LIB_CMP, CMP_R_INVALID_GENP,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2018
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1998-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -32,134 +32,19 @@
|
||||
* implementations do.
|
||||
*/
|
||||
static const unsigned char con_salt[128] = {
|
||||
0xD2,
|
||||
0xD3,
|
||||
0xD4,
|
||||
0xD5,
|
||||
0xD6,
|
||||
0xD7,
|
||||
0xD8,
|
||||
0xD9,
|
||||
0xDA,
|
||||
0xDB,
|
||||
0xDC,
|
||||
0xDD,
|
||||
0xDE,
|
||||
0xDF,
|
||||
0xE0,
|
||||
0xE1,
|
||||
0xE2,
|
||||
0xE3,
|
||||
0xE4,
|
||||
0xE5,
|
||||
0xE6,
|
||||
0xE7,
|
||||
0xE8,
|
||||
0xE9,
|
||||
0xEA,
|
||||
0xEB,
|
||||
0xEC,
|
||||
0xED,
|
||||
0xEE,
|
||||
0xEF,
|
||||
0xF0,
|
||||
0xF1,
|
||||
0xF2,
|
||||
0xF3,
|
||||
0xF4,
|
||||
0xF5,
|
||||
0xF6,
|
||||
0xF7,
|
||||
0xF8,
|
||||
0xF9,
|
||||
0xFA,
|
||||
0xFB,
|
||||
0xFC,
|
||||
0xFD,
|
||||
0xFE,
|
||||
0xFF,
|
||||
0x00,
|
||||
0x01,
|
||||
0x02,
|
||||
0x03,
|
||||
0x04,
|
||||
0x05,
|
||||
0x06,
|
||||
0x07,
|
||||
0x08,
|
||||
0x09,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x05,
|
||||
0x06,
|
||||
0x07,
|
||||
0x08,
|
||||
0x09,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x0C,
|
||||
0x0D,
|
||||
0x0E,
|
||||
0x0F,
|
||||
0x10,
|
||||
0x11,
|
||||
0x12,
|
||||
0x13,
|
||||
0x14,
|
||||
0x15,
|
||||
0x16,
|
||||
0x17,
|
||||
0x18,
|
||||
0x19,
|
||||
0x1A,
|
||||
0x1B,
|
||||
0x1C,
|
||||
0x1D,
|
||||
0x1E,
|
||||
0x1F,
|
||||
0x20,
|
||||
0x21,
|
||||
0x22,
|
||||
0x23,
|
||||
0x24,
|
||||
0x25,
|
||||
0x20,
|
||||
0x21,
|
||||
0x22,
|
||||
0x23,
|
||||
0x24,
|
||||
0x25,
|
||||
0x26,
|
||||
0x27,
|
||||
0x28,
|
||||
0x29,
|
||||
0x2A,
|
||||
0x2B,
|
||||
0x2C,
|
||||
0x2D,
|
||||
0x2E,
|
||||
0x2F,
|
||||
0x30,
|
||||
0x31,
|
||||
0x32,
|
||||
0x33,
|
||||
0x34,
|
||||
0x35,
|
||||
0x36,
|
||||
0x37,
|
||||
0x38,
|
||||
0x39,
|
||||
0x3A,
|
||||
0x3B,
|
||||
0x3C,
|
||||
0x3D,
|
||||
0x3E,
|
||||
0x3F,
|
||||
0x40,
|
||||
0x41,
|
||||
0x42,
|
||||
0x43,
|
||||
0x44,
|
||||
0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB,
|
||||
0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, 0xE2, 0xE3, 0xE4, 0xE5,
|
||||
0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF,
|
||||
0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
|
||||
0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, 0x02, 0x03,
|
||||
0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x05, 0x06,
|
||||
0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
|
||||
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
|
||||
0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24,
|
||||
0x25, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
|
||||
0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
|
||||
0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
|
||||
0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44
|
||||
};
|
||||
|
||||
static const unsigned char cov_2char[64] = {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -319,7 +319,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
|
||||
len++; /* 1 for ending \ */
|
||||
}
|
||||
len += file_split->dirlen;
|
||||
if (file_split->dir && file_split->file) {
|
||||
if (file_split->dir) {
|
||||
len++; /* 1 for ending \ */
|
||||
}
|
||||
len += file_split->filelen;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2016 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -213,6 +213,7 @@ void ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a
|
||||
c448_dword_t chain = 0;
|
||||
unsigned int i;
|
||||
|
||||
mask = value_barrier_c448(mask);
|
||||
for (i = 0; i < C448_SCALAR_LIMBS; i++) {
|
||||
chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
|
||||
out->limb[i] = (c448_word_t)chain;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2014 Cryptography Research, Inc.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <openssl/e_os2.h>
|
||||
#include "curve448utils.h"
|
||||
#include "internal/constant_time.h"
|
||||
|
||||
#ifdef INT128_MAX
|
||||
#include "arch_64/arch_intrinsics.h"
|
||||
@@ -53,6 +54,12 @@ typedef int64_t dsword_t;
|
||||
#error "For now we only support 32- and 64-bit architectures."
|
||||
#endif
|
||||
|
||||
#if C448_WORD_BITS == 64
|
||||
#define value_barrier_c448(x) value_barrier_64(x)
|
||||
#elif C448_WORD_BITS == 32
|
||||
#define value_barrier_c448(x) value_barrier_32(x)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* The plan on booleans: The external interface uses c448_bool_t, but this
|
||||
* might be a different size than our particular arch's word_t (and thus
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -2495,208 +2495,38 @@ static const struct {
|
||||
unsigned char data[0 + 32 * 6];
|
||||
} _EC_sm2p256v1 = {
|
||||
{ NID_X9_62_prime_field, 0, 32, 1 },
|
||||
{
|
||||
/* no seed */
|
||||
{ /* no seed */
|
||||
|
||||
/* p */
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfe,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff,
|
||||
/* a */
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfe,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfc,
|
||||
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xfc,
|
||||
/* b */
|
||||
0x28,
|
||||
0xe9,
|
||||
0xfa,
|
||||
0x9e,
|
||||
0x9d,
|
||||
0x9f,
|
||||
0x5e,
|
||||
0x34,
|
||||
0x4d,
|
||||
0x5a,
|
||||
0x9e,
|
||||
0x4b,
|
||||
0xcf,
|
||||
0x65,
|
||||
0x09,
|
||||
0xa7,
|
||||
0xf3,
|
||||
0x97,
|
||||
0x89,
|
||||
0xf5,
|
||||
0x15,
|
||||
0xab,
|
||||
0x8f,
|
||||
0x92,
|
||||
0xdd,
|
||||
0xbc,
|
||||
0xbd,
|
||||
0x41,
|
||||
0x4d,
|
||||
0x94,
|
||||
0x0e,
|
||||
0x93,
|
||||
0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a,
|
||||
0x9e, 0x4b, 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5,
|
||||
0x15, 0xab, 0x8f, 0x92, 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94,
|
||||
0x0e, 0x93,
|
||||
/* x */
|
||||
0x32,
|
||||
0xc4,
|
||||
0xae,
|
||||
0x2c,
|
||||
0x1f,
|
||||
0x19,
|
||||
0x81,
|
||||
0x19,
|
||||
0x5f,
|
||||
0x99,
|
||||
0x04,
|
||||
0x46,
|
||||
0x6a,
|
||||
0x39,
|
||||
0xc9,
|
||||
0x94,
|
||||
0x8f,
|
||||
0xe3,
|
||||
0x0b,
|
||||
0xbf,
|
||||
0xf2,
|
||||
0x66,
|
||||
0x0b,
|
||||
0xe1,
|
||||
0x71,
|
||||
0x5a,
|
||||
0x45,
|
||||
0x89,
|
||||
0x33,
|
||||
0x4c,
|
||||
0x74,
|
||||
0xc7,
|
||||
0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99,
|
||||
0x04, 0x46, 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf,
|
||||
0xf2, 0x66, 0x0b, 0xe1, 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c,
|
||||
0x74, 0xc7,
|
||||
/* y */
|
||||
0xbc,
|
||||
0x37,
|
||||
0x36,
|
||||
0xa2,
|
||||
0xf4,
|
||||
0xf6,
|
||||
0x77,
|
||||
0x9c,
|
||||
0x59,
|
||||
0xbd,
|
||||
0xce,
|
||||
0xe3,
|
||||
0x6b,
|
||||
0x69,
|
||||
0x21,
|
||||
0x53,
|
||||
0xd0,
|
||||
0xa9,
|
||||
0x87,
|
||||
0x7c,
|
||||
0xc6,
|
||||
0x2a,
|
||||
0x47,
|
||||
0x40,
|
||||
0x02,
|
||||
0xdf,
|
||||
0x32,
|
||||
0xe5,
|
||||
0x21,
|
||||
0x39,
|
||||
0xf0,
|
||||
0xa0,
|
||||
0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd,
|
||||
0xce, 0xe3, 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c,
|
||||
0xc6, 0x2a, 0x47, 0x40, 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39,
|
||||
0xf0, 0xa0,
|
||||
/* order */
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfe,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x72,
|
||||
0x03,
|
||||
0xdf,
|
||||
0x6b,
|
||||
0x21,
|
||||
0xc6,
|
||||
0x05,
|
||||
0x2b,
|
||||
0x53,
|
||||
0xbb,
|
||||
0xf4,
|
||||
0x09,
|
||||
0x39,
|
||||
0xd5,
|
||||
0x41,
|
||||
0x23,
|
||||
}
|
||||
0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b,
|
||||
0x21, 0xc6, 0x05, 0x2b, 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5,
|
||||
0x41, 0x23 }
|
||||
};
|
||||
#endif /* OPENSSL_NO_SM2 */
|
||||
|
||||
|
||||
@@ -1683,7 +1683,8 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
|
||||
/* generator base point */
|
||||
ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GENERATOR);
|
||||
if (ptmp == NULL
|
||||
|| ptmp->data_type != OSSL_PARAM_OCTET_STRING) {
|
||||
|| ptmp->data_type != OSSL_PARAM_OCTET_STRING
|
||||
|| ptmp->data_size == 0) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -142,9 +142,24 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
|
||||
const BIGNUM *privkey;
|
||||
int off;
|
||||
|
||||
if (dgstlen < 0) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (eckey == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
group = EC_KEY_get0_group(eckey);
|
||||
if (group == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
privkey = EC_KEY_get0_private_key(eckey);
|
||||
if (group == NULL || privkey == NULL) {
|
||||
if (privkey == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return NULL;
|
||||
}
|
||||
@@ -239,9 +254,24 @@ static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen,
|
||||
const EC_POINT *pubkey;
|
||||
int off;
|
||||
|
||||
if (dgstlen < 0) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (sig == NULL || eckey == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
group = EC_KEY_get0_group(eckey);
|
||||
if (group == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
pubkey = EC_KEY_get0_public_key(eckey);
|
||||
if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) {
|
||||
if (pubkey == NULL) {
|
||||
ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -46,10 +46,7 @@ ALIGN32 static const BN_ULONG def_xG[P256_LIMBS] = {
|
||||
};
|
||||
|
||||
ALIGN32 static const BN_ULONG def_yG[P256_LIMBS] = {
|
||||
0x02df32e52139f0a0,
|
||||
0xd0a9877cc62a4740,
|
||||
0x59bdcee36b692153,
|
||||
0xbc3736a2f4f6779c,
|
||||
0x02df32e52139f0a0, 0xd0a9877cc62a4740, 0x59bdcee36b692153, 0xbc3736a2f4f6779c
|
||||
};
|
||||
#endif
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -102,7 +102,9 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
|
||||
* iteration we're on.
|
||||
*/
|
||||
EVP_ASYM_CIPHER_free(cipher);
|
||||
cipher = NULL;
|
||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||
tmp_keymgmt = NULL;
|
||||
|
||||
switch (iter) {
|
||||
case 1:
|
||||
|
||||
@@ -1466,7 +1466,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
return 1;
|
||||
|
||||
case EVP_CTRL_AEAD_SET_IVLEN:
|
||||
if (arg <= 0)
|
||||
if (arg <= 0 || arg > EVP_MAX_IV_LENGTH)
|
||||
return 0;
|
||||
|
||||
if (arg != 12) {
|
||||
|
||||
@@ -67,265 +67,35 @@ static const unsigned char srpdata_bin2ascii[65] = "0123456789ABCDEFGHIJKLMNOPQR
|
||||
#define B64_BASE64(a) (!B64_NOT_BASE64(a))
|
||||
|
||||
static const unsigned char data_ascii2bin[128] = {
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xE0,
|
||||
0xF0,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xF1,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xE0,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x3E,
|
||||
0xFF,
|
||||
0xF2,
|
||||
0xFF,
|
||||
0x3F,
|
||||
0x34,
|
||||
0x35,
|
||||
0x36,
|
||||
0x37,
|
||||
0x38,
|
||||
0x39,
|
||||
0x3A,
|
||||
0x3B,
|
||||
0x3C,
|
||||
0x3D,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x00,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x00,
|
||||
0x01,
|
||||
0x02,
|
||||
0x03,
|
||||
0x04,
|
||||
0x05,
|
||||
0x06,
|
||||
0x07,
|
||||
0x08,
|
||||
0x09,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x0C,
|
||||
0x0D,
|
||||
0x0E,
|
||||
0x0F,
|
||||
0x10,
|
||||
0x11,
|
||||
0x12,
|
||||
0x13,
|
||||
0x14,
|
||||
0x15,
|
||||
0x16,
|
||||
0x17,
|
||||
0x18,
|
||||
0x19,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x1A,
|
||||
0x1B,
|
||||
0x1C,
|
||||
0x1D,
|
||||
0x1E,
|
||||
0x1F,
|
||||
0x20,
|
||||
0x21,
|
||||
0x22,
|
||||
0x23,
|
||||
0x24,
|
||||
0x25,
|
||||
0x26,
|
||||
0x27,
|
||||
0x28,
|
||||
0x29,
|
||||
0x2A,
|
||||
0x2B,
|
||||
0x2C,
|
||||
0x2D,
|
||||
0x2E,
|
||||
0x2F,
|
||||
0x30,
|
||||
0x31,
|
||||
0x32,
|
||||
0x33,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE0,
|
||||
0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, 0x34, 0x35,
|
||||
0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0xFF, 0xFF,
|
||||
0xFF, 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04,
|
||||
0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
|
||||
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
|
||||
0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x1A, 0x1B, 0x1C,
|
||||
0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26,
|
||||
0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
|
||||
0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
|
||||
static const unsigned char srpdata_ascii2bin[128] = {
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xE0,
|
||||
0xF0,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xF1,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xE0,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xF2,
|
||||
0x3E,
|
||||
0x3F,
|
||||
0x00,
|
||||
0x01,
|
||||
0x02,
|
||||
0x03,
|
||||
0x04,
|
||||
0x05,
|
||||
0x06,
|
||||
0x07,
|
||||
0x08,
|
||||
0x09,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x00,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x0A,
|
||||
0x0B,
|
||||
0x0C,
|
||||
0x0D,
|
||||
0x0E,
|
||||
0x0F,
|
||||
0x10,
|
||||
0x11,
|
||||
0x12,
|
||||
0x13,
|
||||
0x14,
|
||||
0x15,
|
||||
0x16,
|
||||
0x17,
|
||||
0x18,
|
||||
0x19,
|
||||
0x1A,
|
||||
0x1B,
|
||||
0x1C,
|
||||
0x1D,
|
||||
0x1E,
|
||||
0x1F,
|
||||
0x20,
|
||||
0x21,
|
||||
0x22,
|
||||
0x23,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0x24,
|
||||
0x25,
|
||||
0x26,
|
||||
0x27,
|
||||
0x28,
|
||||
0x29,
|
||||
0x2A,
|
||||
0x2B,
|
||||
0x2C,
|
||||
0x2D,
|
||||
0x2E,
|
||||
0x2F,
|
||||
0x30,
|
||||
0x31,
|
||||
0x32,
|
||||
0x33,
|
||||
0x34,
|
||||
0x35,
|
||||
0x36,
|
||||
0x37,
|
||||
0x38,
|
||||
0x39,
|
||||
0x3A,
|
||||
0x3B,
|
||||
0x3C,
|
||||
0x3D,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE0,
|
||||
0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
||||
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F, 0x00, 0x01,
|
||||
0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xFF, 0xFF,
|
||||
0xFF, 0x00, 0xFF, 0xFF, 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
|
||||
0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
|
||||
0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
|
||||
0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x24, 0x25, 0x26,
|
||||
0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
|
||||
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
|
||||
0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
|
||||
};
|
||||
|
||||
#ifndef CHARSET_EBCDIC
|
||||
|
||||
@@ -297,7 +297,7 @@ int EVP_CIPHER_get_type(const EVP_CIPHER *cipher)
|
||||
case NID_des_ede3_cfb8:
|
||||
case NID_des_ede3_cfb1:
|
||||
|
||||
return NID_des_cfb64;
|
||||
return NID_des_ede3_cfb64;
|
||||
|
||||
default:
|
||||
#ifdef FIPS_MODULE
|
||||
|
||||
@@ -97,7 +97,9 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
|
||||
* iteration we're on.
|
||||
*/
|
||||
EVP_KEM_free(kem);
|
||||
kem = NULL;
|
||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||
tmp_keymgmt = NULL;
|
||||
|
||||
switch (iter) {
|
||||
case 1:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -139,7 +139,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
||||
* iteration we're on.
|
||||
*/
|
||||
EVP_SIGNATURE_free(signature);
|
||||
signature = NULL;
|
||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||
tmp_keymgmt = NULL;
|
||||
|
||||
switch (iter) {
|
||||
case 1:
|
||||
|
||||
@@ -726,7 +726,9 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
|
||||
* iteration we're on.
|
||||
*/
|
||||
EVP_SIGNATURE_free(signature);
|
||||
signature = NULL;
|
||||
EVP_KEYMGMT_free(tmp_keymgmt);
|
||||
tmp_keymgmt = NULL;
|
||||
|
||||
switch (iter) {
|
||||
case 1:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -182,8 +182,10 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
|
||||
if (!ffc_bn_cpy(&dst->p, src->p)
|
||||
|| !ffc_bn_cpy(&dst->g, src->g)
|
||||
|| !ffc_bn_cpy(&dst->q, src->q)
|
||||
|| !ffc_bn_cpy(&dst->j, src->j))
|
||||
|| !ffc_bn_cpy(&dst->j, src->j)) {
|
||||
ossl_ffc_params_cleanup(dst);
|
||||
return 0;
|
||||
}
|
||||
|
||||
dst->mdname = src->mdname;
|
||||
dst->mdprops = src->mdprops;
|
||||
@@ -191,8 +193,10 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
|
||||
dst->seedlen = src->seedlen;
|
||||
if (src->seed != NULL) {
|
||||
dst->seed = OPENSSL_memdup(src->seed, src->seedlen);
|
||||
if (dst->seed == NULL)
|
||||
if (dst->seed == NULL) {
|
||||
ossl_ffc_params_cleanup(dst);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
dst->seed = NULL;
|
||||
}
|
||||
|
||||
@@ -285,6 +285,7 @@ static int ossl_ht_flush_internal(HT *h)
|
||||
{
|
||||
struct ht_mutable_data_st *newmd = NULL;
|
||||
struct ht_mutable_data_st *oldmd = NULL;
|
||||
CRYPTO_RCU_CB_ITEM *cbi = NULL;
|
||||
|
||||
newmd = OPENSSL_zalloc(sizeof(*newmd));
|
||||
if (newmd == NULL)
|
||||
@@ -299,6 +300,13 @@ static int ossl_ht_flush_internal(HT *h)
|
||||
|
||||
newmd->neighborhood_mask = DEFAULT_NEIGH_LEN - 1;
|
||||
|
||||
cbi = ossl_rcu_cb_item_new();
|
||||
if (cbi == NULL) {
|
||||
OPENSSL_free(newmd->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(newmd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Swap the old and new mutable data sets */
|
||||
oldmd = ossl_rcu_deref(&h->md);
|
||||
ossl_rcu_assign_ptr(&h->md, &newmd);
|
||||
@@ -307,8 +315,9 @@ static int ossl_ht_flush_internal(HT *h)
|
||||
h->wpd.value_count = 0;
|
||||
h->wpd.neighborhood_len = DEFAULT_NEIGH_LEN;
|
||||
|
||||
ossl_rcu_call(h->lock, free_oldmd, oldmd);
|
||||
ossl_rcu_call(h->lock, cbi, free_oldmd, oldmd);
|
||||
h->wpd.need_sync = 1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -319,17 +328,23 @@ int ossl_ht_flush(HT *h)
|
||||
|
||||
void ossl_ht_free(HT *h)
|
||||
{
|
||||
int flush_ok;
|
||||
|
||||
if (h == NULL)
|
||||
return;
|
||||
|
||||
ossl_ht_write_lock(h);
|
||||
ossl_ht_flush_internal(h);
|
||||
flush_ok = ossl_ht_flush_internal(h);
|
||||
ossl_ht_write_unlock(h);
|
||||
/* Freeing the lock does a final sync for us */
|
||||
CRYPTO_THREAD_lock_free(h->atomic_lock);
|
||||
ossl_rcu_lock_free(h->lock);
|
||||
OPENSSL_free(h->md->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(h->md);
|
||||
if (flush_ok) {
|
||||
OPENSSL_free(h->md->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(h->md);
|
||||
} else {
|
||||
free_oldmd(h->md);
|
||||
}
|
||||
OPENSSL_free(h);
|
||||
return;
|
||||
}
|
||||
@@ -423,6 +438,7 @@ static int grow_hashtable(HT *h, size_t oldsize)
|
||||
{
|
||||
struct ht_mutable_data_st *newmd;
|
||||
struct ht_mutable_data_st *oldmd = ossl_rcu_deref(&h->md);
|
||||
CRYPTO_RCU_CB_ITEM *cbi = NULL;
|
||||
int rc = 0;
|
||||
uint64_t oldi, oldj, newi, newj;
|
||||
uint64_t oldhash;
|
||||
@@ -469,12 +485,20 @@ static int grow_hashtable(HT *h, size_t oldsize)
|
||||
}
|
||||
if (rehashed == 0) {
|
||||
/* we ran out of space in a neighborhood, grow again */
|
||||
OPENSSL_free(newmd->neighborhoods);
|
||||
OPENSSL_free(newmd->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(newmd);
|
||||
return grow_hashtable(h, newsize);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Pre allocate the rcu callback item before assigning the newmd.
|
||||
*/
|
||||
cbi = ossl_rcu_cb_item_new();
|
||||
if (cbi == NULL)
|
||||
goto out_free;
|
||||
|
||||
/*
|
||||
* Now that our entries are all hashed into the new bucket list
|
||||
* update our bucket_len and target_max_load
|
||||
@@ -485,7 +509,7 @@ static int grow_hashtable(HT *h, size_t oldsize)
|
||||
* Now we replace the old mutable data with the new
|
||||
*/
|
||||
ossl_rcu_assign_ptr(&h->md, &newmd);
|
||||
ossl_rcu_call(h->lock, free_old_neigh_table, oldmd);
|
||||
ossl_rcu_call(h->lock, cbi, free_old_neigh_table, oldmd);
|
||||
h->wpd.need_sync = 1;
|
||||
/*
|
||||
* And we're done
|
||||
@@ -495,7 +519,7 @@ static int grow_hashtable(HT *h, size_t oldsize)
|
||||
out:
|
||||
return rc;
|
||||
out_free:
|
||||
OPENSSL_free(newmd->neighborhoods);
|
||||
OPENSSL_free(newmd->neighborhood_ptr_to_free);
|
||||
OPENSSL_free(newmd);
|
||||
goto out;
|
||||
}
|
||||
@@ -539,6 +563,7 @@ static int ossl_ht_insert_locked(HT *h, uint64_t hash,
|
||||
HT_VALUE *ival;
|
||||
size_t empty_idx = SIZE_MAX;
|
||||
int lockless_reads = h->config.lockless_reads;
|
||||
CRYPTO_RCU_CB_ITEM *cbi;
|
||||
|
||||
do {
|
||||
PREFETCH_NEIGHBORHOOD(md->neighborhoods[neigh_idx]);
|
||||
@@ -561,13 +586,16 @@ static int ossl_ht_insert_locked(HT *h, uint64_t hash,
|
||||
return 0;
|
||||
}
|
||||
/* Do a replacement */
|
||||
cbi = ossl_rcu_cb_item_new();
|
||||
if (cbi == NULL)
|
||||
return 0;
|
||||
if (!CRYPTO_atomic_store(&md->neighborhoods[neigh_idx].entries[j].hash,
|
||||
hash, h->atomic_lock))
|
||||
return 0;
|
||||
*olddata = (HT_VALUE *)md->neighborhoods[neigh_idx].entries[j].value;
|
||||
ossl_rcu_assign_ptr(&md->neighborhoods[neigh_idx].entries[j].value,
|
||||
&newval);
|
||||
ossl_rcu_call(h->lock, free_old_ht_value, *olddata);
|
||||
ossl_rcu_call(h->lock, cbi, free_old_ht_value, *olddata);
|
||||
h->wpd.need_sync = 1;
|
||||
return 1;
|
||||
}
|
||||
@@ -646,7 +674,7 @@ int ossl_ht_insert(HT *h, HT_KEY *key, HT_VALUE *data, HT_VALUE **olddata)
|
||||
|
||||
for (i = 0;
|
||||
(rc = ossl_ht_insert_locked(h, hash, newval, olddata)) == -1
|
||||
&& i < 4;
|
||||
&& i <= (int)NEIGHBORHOOD_LEN;
|
||||
++i)
|
||||
if (!grow_hashtable(h, h->wpd.neighborhood_len)) {
|
||||
rc = -1;
|
||||
@@ -730,19 +758,20 @@ int ossl_ht_delete(HT *h, HT_KEY *key)
|
||||
continue;
|
||||
if (compare_hash(hash, h->md->neighborhoods[neigh_idx].entries[j].hash)
|
||||
&& match_key(key, &v->value.key)) {
|
||||
CRYPTO_RCU_CB_ITEM *cbi = ossl_rcu_cb_item_new();
|
||||
if (cbi == NULL)
|
||||
break;
|
||||
if (!CRYPTO_atomic_store(&h->md->neighborhoods[neigh_idx].entries[j].hash,
|
||||
0, h->atomic_lock))
|
||||
break;
|
||||
h->wpd.value_count--;
|
||||
ossl_rcu_assign_ptr(&h->md->neighborhoods[neigh_idx].entries[j].value,
|
||||
&nv);
|
||||
ossl_rcu_call(h->lock, cbi, free_old_entry, v);
|
||||
h->wpd.need_sync = 1;
|
||||
rc = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (rc == 1) {
|
||||
ossl_rcu_call(h->lock, free_old_entry, v);
|
||||
h->wpd.need_sync = 1;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -406,9 +406,8 @@ EVP_KDF_CTX *ossl_kdf_ctx_create(const char *kdfname, const char *mdname,
|
||||
if (kctx != NULL && mdname != NULL) {
|
||||
OSSL_PARAM params[3], *p = params;
|
||||
|
||||
if (mdname != NULL)
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
||||
(char *)mdname, 0);
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
||||
(char *)mdname, 0);
|
||||
if (propq != NULL)
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_PROPERTIES,
|
||||
(char *)propq, 0);
|
||||
|
||||
@@ -95,6 +95,16 @@ struct ossl_http_req_ctx_st {
|
||||
|
||||
/* Low-level HTTP API implementation */
|
||||
|
||||
static int no_crlf(const char *component, const char *value)
|
||||
{
|
||||
if (value != NULL && strpbrk(value, "\r\n") != NULL) {
|
||||
ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT,
|
||||
"CR or LF character in %s", component);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size)
|
||||
{
|
||||
OSSL_HTTP_REQ_CTX *rctx;
|
||||
@@ -184,6 +194,10 @@ int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST,
|
||||
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
if (!no_crlf("server", server)
|
||||
|| !no_crlf("port", port)
|
||||
|| !no_crlf("path", path))
|
||||
return 0;
|
||||
BIO_free(rctx->mem);
|
||||
if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL)
|
||||
return 0;
|
||||
@@ -237,6 +251,9 @@ int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx,
|
||||
ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||
return 0;
|
||||
}
|
||||
if (!no_crlf("header name", name)
|
||||
|| !no_crlf("header value", value))
|
||||
return 0;
|
||||
|
||||
if (BIO_puts(rctx->mem, name) <= 0)
|
||||
return 0;
|
||||
@@ -310,7 +327,7 @@ static int set1_content(OSSL_HTTP_REQ_CTX *rctx,
|
||||
} else {
|
||||
if (HAS_CASE_PREFIX(content_type, "text/"))
|
||||
rctx->text = 1;
|
||||
if (BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0)
|
||||
if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, "Content-Type", content_type))
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1442,11 +1459,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
|
||||
{
|
||||
#undef BUF_SIZE
|
||||
#define BUF_SIZE (8 * 1024)
|
||||
char *mbuf = OPENSSL_malloc(BUF_SIZE);
|
||||
char *mbuf = NULL;
|
||||
char *mbufp;
|
||||
int read_len = 0;
|
||||
int ret = 0;
|
||||
BIO *fbio = BIO_new(BIO_f_buffer());
|
||||
BIO *fbio = NULL;
|
||||
int rv;
|
||||
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
|
||||
|
||||
@@ -1457,8 +1474,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
|
||||
}
|
||||
if (port == NULL || *port == '\0')
|
||||
port = OSSL_HTTPS_PORT;
|
||||
if (!no_crlf("server", server) || !no_crlf("port", port))
|
||||
goto end;
|
||||
|
||||
if (mbuf == NULL || fbio == NULL) {
|
||||
if ((mbuf = OPENSSL_malloc(BUF_SIZE)) == NULL
|
||||
|| (fbio = BIO_new(BIO_f_buffer())) == NULL) {
|
||||
BIO_printf(bio_err /* may be NULL */, "%s: out of memory", prog);
|
||||
goto end;
|
||||
}
|
||||
|
||||
@@ -271,6 +271,9 @@ static int use_proxy(const char *no_proxy, const char *server)
|
||||
server = host;
|
||||
}
|
||||
|
||||
if (sl == 0)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* using environment variable names, both lowercase and uppercase variants,
|
||||
* compatible with other HTTP client implementations like wget, curl and git
|
||||
|
||||
@@ -121,6 +121,16 @@ init_get_thread_local(CRYPTO_THREAD_LOCAL *local, int alloc, int keep)
|
||||
return hands;
|
||||
}
|
||||
|
||||
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
{
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (!ossl_init_thread())
|
||||
return 0;
|
||||
#endif
|
||||
return ossl_thread_init_local(key, cleanup);
|
||||
}
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
/*
|
||||
* Since per-thread-specific-data destructors are not universally
|
||||
@@ -200,36 +210,18 @@ static void init_thread_destructor(void *hands)
|
||||
}
|
||||
|
||||
static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT;
|
||||
/* MSVC linker can use other segment for uninitialized (zeroed) variables */
|
||||
#if defined(OPENSSL_SYS_WINDOWS)
|
||||
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1;
|
||||
#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_))
|
||||
static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 };
|
||||
#else
|
||||
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0;
|
||||
#endif
|
||||
|
||||
DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once)
|
||||
{
|
||||
/* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */
|
||||
recursion_guard = CRYPTO_THREAD_get_current_id();
|
||||
if (!CRYPTO_THREAD_init_local(&destructor_key.value,
|
||||
if (!ossl_thread_init_local(&destructor_key.value,
|
||||
init_thread_destructor))
|
||||
return 0;
|
||||
|
||||
#if defined(OPENSSL_SYS_TANDEM)
|
||||
memset(&recursion_guard, 0, sizeof(recursion_guard));
|
||||
#else
|
||||
recursion_guard = (CRYPTO_THREAD_ID)0;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ossl_init_thread(void)
|
||||
{
|
||||
if (CRYPTO_THREAD_compare_id(recursion_guard,
|
||||
CRYPTO_THREAD_get_current_id()))
|
||||
return 1;
|
||||
if (!RUN_ONCE(&ossl_init_thread_runonce, ossl_init_thread_once))
|
||||
return 0;
|
||||
return 1;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -32,262 +32,32 @@ static void md2_block(MD2_CTX *c, const unsigned char *d);
|
||||
* a random byte string.
|
||||
*/
|
||||
static const MD2_INT S[256] = {
|
||||
0x29,
|
||||
0x2E,
|
||||
0x43,
|
||||
0xC9,
|
||||
0xA2,
|
||||
0xD8,
|
||||
0x7C,
|
||||
0x01,
|
||||
0x3D,
|
||||
0x36,
|
||||
0x54,
|
||||
0xA1,
|
||||
0xEC,
|
||||
0xF0,
|
||||
0x06,
|
||||
0x13,
|
||||
0x62,
|
||||
0xA7,
|
||||
0x05,
|
||||
0xF3,
|
||||
0xC0,
|
||||
0xC7,
|
||||
0x73,
|
||||
0x8C,
|
||||
0x98,
|
||||
0x93,
|
||||
0x2B,
|
||||
0xD9,
|
||||
0xBC,
|
||||
0x4C,
|
||||
0x82,
|
||||
0xCA,
|
||||
0x1E,
|
||||
0x9B,
|
||||
0x57,
|
||||
0x3C,
|
||||
0xFD,
|
||||
0xD4,
|
||||
0xE0,
|
||||
0x16,
|
||||
0x67,
|
||||
0x42,
|
||||
0x6F,
|
||||
0x18,
|
||||
0x8A,
|
||||
0x17,
|
||||
0xE5,
|
||||
0x12,
|
||||
0xBE,
|
||||
0x4E,
|
||||
0xC4,
|
||||
0xD6,
|
||||
0xDA,
|
||||
0x9E,
|
||||
0xDE,
|
||||
0x49,
|
||||
0xA0,
|
||||
0xFB,
|
||||
0xF5,
|
||||
0x8E,
|
||||
0xBB,
|
||||
0x2F,
|
||||
0xEE,
|
||||
0x7A,
|
||||
0xA9,
|
||||
0x68,
|
||||
0x79,
|
||||
0x91,
|
||||
0x15,
|
||||
0xB2,
|
||||
0x07,
|
||||
0x3F,
|
||||
0x94,
|
||||
0xC2,
|
||||
0x10,
|
||||
0x89,
|
||||
0x0B,
|
||||
0x22,
|
||||
0x5F,
|
||||
0x21,
|
||||
0x80,
|
||||
0x7F,
|
||||
0x5D,
|
||||
0x9A,
|
||||
0x5A,
|
||||
0x90,
|
||||
0x32,
|
||||
0x27,
|
||||
0x35,
|
||||
0x3E,
|
||||
0xCC,
|
||||
0xE7,
|
||||
0xBF,
|
||||
0xF7,
|
||||
0x97,
|
||||
0x03,
|
||||
0xFF,
|
||||
0x19,
|
||||
0x30,
|
||||
0xB3,
|
||||
0x48,
|
||||
0xA5,
|
||||
0xB5,
|
||||
0xD1,
|
||||
0xD7,
|
||||
0x5E,
|
||||
0x92,
|
||||
0x2A,
|
||||
0xAC,
|
||||
0x56,
|
||||
0xAA,
|
||||
0xC6,
|
||||
0x4F,
|
||||
0xB8,
|
||||
0x38,
|
||||
0xD2,
|
||||
0x96,
|
||||
0xA4,
|
||||
0x7D,
|
||||
0xB6,
|
||||
0x76,
|
||||
0xFC,
|
||||
0x6B,
|
||||
0xE2,
|
||||
0x9C,
|
||||
0x74,
|
||||
0x04,
|
||||
0xF1,
|
||||
0x45,
|
||||
0x9D,
|
||||
0x70,
|
||||
0x59,
|
||||
0x64,
|
||||
0x71,
|
||||
0x87,
|
||||
0x20,
|
||||
0x86,
|
||||
0x5B,
|
||||
0xCF,
|
||||
0x65,
|
||||
0xE6,
|
||||
0x2D,
|
||||
0xA8,
|
||||
0x02,
|
||||
0x1B,
|
||||
0x60,
|
||||
0x25,
|
||||
0xAD,
|
||||
0xAE,
|
||||
0xB0,
|
||||
0xB9,
|
||||
0xF6,
|
||||
0x1C,
|
||||
0x46,
|
||||
0x61,
|
||||
0x69,
|
||||
0x34,
|
||||
0x40,
|
||||
0x7E,
|
||||
0x0F,
|
||||
0x55,
|
||||
0x47,
|
||||
0xA3,
|
||||
0x23,
|
||||
0xDD,
|
||||
0x51,
|
||||
0xAF,
|
||||
0x3A,
|
||||
0xC3,
|
||||
0x5C,
|
||||
0xF9,
|
||||
0xCE,
|
||||
0xBA,
|
||||
0xC5,
|
||||
0xEA,
|
||||
0x26,
|
||||
0x2C,
|
||||
0x53,
|
||||
0x0D,
|
||||
0x6E,
|
||||
0x85,
|
||||
0x28,
|
||||
0x84,
|
||||
0x09,
|
||||
0xD3,
|
||||
0xDF,
|
||||
0xCD,
|
||||
0xF4,
|
||||
0x41,
|
||||
0x81,
|
||||
0x4D,
|
||||
0x52,
|
||||
0x6A,
|
||||
0xDC,
|
||||
0x37,
|
||||
0xC8,
|
||||
0x6C,
|
||||
0xC1,
|
||||
0xAB,
|
||||
0xFA,
|
||||
0x24,
|
||||
0xE1,
|
||||
0x7B,
|
||||
0x08,
|
||||
0x0C,
|
||||
0xBD,
|
||||
0xB1,
|
||||
0x4A,
|
||||
0x78,
|
||||
0x88,
|
||||
0x95,
|
||||
0x8B,
|
||||
0xE3,
|
||||
0x63,
|
||||
0xE8,
|
||||
0x6D,
|
||||
0xE9,
|
||||
0xCB,
|
||||
0xD5,
|
||||
0xFE,
|
||||
0x3B,
|
||||
0x00,
|
||||
0x1D,
|
||||
0x39,
|
||||
0xF2,
|
||||
0xEF,
|
||||
0xB7,
|
||||
0x0E,
|
||||
0x66,
|
||||
0x58,
|
||||
0xD0,
|
||||
0xE4,
|
||||
0xA6,
|
||||
0x77,
|
||||
0x72,
|
||||
0xF8,
|
||||
0xEB,
|
||||
0x75,
|
||||
0x4B,
|
||||
0x0A,
|
||||
0x31,
|
||||
0x44,
|
||||
0x50,
|
||||
0xB4,
|
||||
0x8F,
|
||||
0xED,
|
||||
0x1F,
|
||||
0x1A,
|
||||
0xDB,
|
||||
0x99,
|
||||
0x8D,
|
||||
0x33,
|
||||
0x9F,
|
||||
0x11,
|
||||
0x83,
|
||||
0x14,
|
||||
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
|
||||
0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
|
||||
0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
|
||||
0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
|
||||
0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
|
||||
0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
|
||||
0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
|
||||
0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
|
||||
0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
|
||||
0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
|
||||
0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
|
||||
0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
|
||||
0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
|
||||
0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
|
||||
0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
|
||||
0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
|
||||
0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
|
||||
0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
|
||||
0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
|
||||
0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
|
||||
0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
|
||||
0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
|
||||
0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
|
||||
0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
|
||||
0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
|
||||
0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
|
||||
};
|
||||
|
||||
const char *MD2_options(void)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -274,7 +274,7 @@ int ossl_ml_dsa_key_equal(const ML_DSA_KEY *key1, const ML_DSA_KEY *key2,
|
||||
if (!key_checked
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
|
||||
if (key1->priv_encoding != NULL && key2->priv_encoding != NULL) {
|
||||
if (memcmp(key1->priv_encoding, key2->priv_encoding,
|
||||
if (CRYPTO_memcmp(key1->priv_encoding, key2->priv_encoding,
|
||||
key1->params->sk_len)
|
||||
!= 0)
|
||||
return 0;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2013-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -18,14 +18,7 @@
|
||||
|
||||
/** RFC 3394 section 2.2.3.1 Default Initial Value */
|
||||
static const unsigned char default_iv[] = {
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6,
|
||||
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
|
||||
};
|
||||
|
||||
/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
|
||||
@@ -178,7 +171,9 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
|
||||
*
|
||||
* @param[in] key Key value.
|
||||
* @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv.
|
||||
* @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes.
|
||||
* @param[out] out Ciphertext. Minimal buffer length =
|
||||
* (inlen rounded up to 8 + 8) bytes, i.e.
|
||||
* ((inlen + 7) / 8) * 8 + 8.
|
||||
* Input and output buffers can overlap if block function
|
||||
* supports that.
|
||||
* @param[in] in Plaintext as n 64-bit blocks, n >= 2.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -705,8 +705,8 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
|
||||
*/
|
||||
if (p == NULL) {
|
||||
const char *base_ = base;
|
||||
int l, h, i = 0, c = 0;
|
||||
char *p1;
|
||||
int i = 0, c = 0;
|
||||
const char *p1;
|
||||
|
||||
for (i = 0; i < num; ++i) {
|
||||
p1 = &(base_[i * size]);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -58,5 +58,7 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
|
||||
ret = (a->length - b->length);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (a->length == 0)
|
||||
return 0;
|
||||
return memcmp(a->data, b->data, a->length);
|
||||
}
|
||||
|
||||
@@ -345,7 +345,7 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
|
||||
{
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
|
||||
if (bld == NULL || key == NULL) {
|
||||
if (bld == NULL || key == NULL || buf == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
@@ -365,7 +365,7 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
int secure;
|
||||
|
||||
if (bld == NULL || key == NULL || buf == NULL) {
|
||||
if (bld == NULL || key == NULL || (buf == NULL && bsize != 0)) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
@@ -383,7 +383,7 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
|
||||
{
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
|
||||
if (bld == NULL || key == NULL) {
|
||||
if (bld == NULL || key == NULL || (buf == NULL && bsize != 0)) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -73,6 +73,11 @@ int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p,
|
||||
return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, sz);
|
||||
p = OSSL_PARAM_locate(p, key);
|
||||
if (p != NULL) {
|
||||
/* Size probe: NULL data means "report the required size". */
|
||||
if (p->data == NULL) {
|
||||
p->return_size = sz;
|
||||
return 1;
|
||||
}
|
||||
if (sz > p->data_size) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
|
||||
return 0;
|
||||
|
||||
@@ -103,7 +103,7 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor,
|
||||
if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
|
||||
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
|
||||
(int)mac_len, out + outlen)
|
||||
< 0) {
|
||||
<= 0) {
|
||||
OPENSSL_free(out);
|
||||
out = NULL;
|
||||
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -17,262 +17,32 @@
|
||||
#include "rc2_local.h"
|
||||
|
||||
static const unsigned char key_table[256] = {
|
||||
0xd9,
|
||||
0x78,
|
||||
0xf9,
|
||||
0xc4,
|
||||
0x19,
|
||||
0xdd,
|
||||
0xb5,
|
||||
0xed,
|
||||
0x28,
|
||||
0xe9,
|
||||
0xfd,
|
||||
0x79,
|
||||
0x4a,
|
||||
0xa0,
|
||||
0xd8,
|
||||
0x9d,
|
||||
0xc6,
|
||||
0x7e,
|
||||
0x37,
|
||||
0x83,
|
||||
0x2b,
|
||||
0x76,
|
||||
0x53,
|
||||
0x8e,
|
||||
0x62,
|
||||
0x4c,
|
||||
0x64,
|
||||
0x88,
|
||||
0x44,
|
||||
0x8b,
|
||||
0xfb,
|
||||
0xa2,
|
||||
0x17,
|
||||
0x9a,
|
||||
0x59,
|
||||
0xf5,
|
||||
0x87,
|
||||
0xb3,
|
||||
0x4f,
|
||||
0x13,
|
||||
0x61,
|
||||
0x45,
|
||||
0x6d,
|
||||
0x8d,
|
||||
0x09,
|
||||
0x81,
|
||||
0x7d,
|
||||
0x32,
|
||||
0xbd,
|
||||
0x8f,
|
||||
0x40,
|
||||
0xeb,
|
||||
0x86,
|
||||
0xb7,
|
||||
0x7b,
|
||||
0x0b,
|
||||
0xf0,
|
||||
0x95,
|
||||
0x21,
|
||||
0x22,
|
||||
0x5c,
|
||||
0x6b,
|
||||
0x4e,
|
||||
0x82,
|
||||
0x54,
|
||||
0xd6,
|
||||
0x65,
|
||||
0x93,
|
||||
0xce,
|
||||
0x60,
|
||||
0xb2,
|
||||
0x1c,
|
||||
0x73,
|
||||
0x56,
|
||||
0xc0,
|
||||
0x14,
|
||||
0xa7,
|
||||
0x8c,
|
||||
0xf1,
|
||||
0xdc,
|
||||
0x12,
|
||||
0x75,
|
||||
0xca,
|
||||
0x1f,
|
||||
0x3b,
|
||||
0xbe,
|
||||
0xe4,
|
||||
0xd1,
|
||||
0x42,
|
||||
0x3d,
|
||||
0xd4,
|
||||
0x30,
|
||||
0xa3,
|
||||
0x3c,
|
||||
0xb6,
|
||||
0x26,
|
||||
0x6f,
|
||||
0xbf,
|
||||
0x0e,
|
||||
0xda,
|
||||
0x46,
|
||||
0x69,
|
||||
0x07,
|
||||
0x57,
|
||||
0x27,
|
||||
0xf2,
|
||||
0x1d,
|
||||
0x9b,
|
||||
0xbc,
|
||||
0x94,
|
||||
0x43,
|
||||
0x03,
|
||||
0xf8,
|
||||
0x11,
|
||||
0xc7,
|
||||
0xf6,
|
||||
0x90,
|
||||
0xef,
|
||||
0x3e,
|
||||
0xe7,
|
||||
0x06,
|
||||
0xc3,
|
||||
0xd5,
|
||||
0x2f,
|
||||
0xc8,
|
||||
0x66,
|
||||
0x1e,
|
||||
0xd7,
|
||||
0x08,
|
||||
0xe8,
|
||||
0xea,
|
||||
0xde,
|
||||
0x80,
|
||||
0x52,
|
||||
0xee,
|
||||
0xf7,
|
||||
0x84,
|
||||
0xaa,
|
||||
0x72,
|
||||
0xac,
|
||||
0x35,
|
||||
0x4d,
|
||||
0x6a,
|
||||
0x2a,
|
||||
0x96,
|
||||
0x1a,
|
||||
0xd2,
|
||||
0x71,
|
||||
0x5a,
|
||||
0x15,
|
||||
0x49,
|
||||
0x74,
|
||||
0x4b,
|
||||
0x9f,
|
||||
0xd0,
|
||||
0x5e,
|
||||
0x04,
|
||||
0x18,
|
||||
0xa4,
|
||||
0xec,
|
||||
0xc2,
|
||||
0xe0,
|
||||
0x41,
|
||||
0x6e,
|
||||
0x0f,
|
||||
0x51,
|
||||
0xcb,
|
||||
0xcc,
|
||||
0x24,
|
||||
0x91,
|
||||
0xaf,
|
||||
0x50,
|
||||
0xa1,
|
||||
0xf4,
|
||||
0x70,
|
||||
0x39,
|
||||
0x99,
|
||||
0x7c,
|
||||
0x3a,
|
||||
0x85,
|
||||
0x23,
|
||||
0xb8,
|
||||
0xb4,
|
||||
0x7a,
|
||||
0xfc,
|
||||
0x02,
|
||||
0x36,
|
||||
0x5b,
|
||||
0x25,
|
||||
0x55,
|
||||
0x97,
|
||||
0x31,
|
||||
0x2d,
|
||||
0x5d,
|
||||
0xfa,
|
||||
0x98,
|
||||
0xe3,
|
||||
0x8a,
|
||||
0x92,
|
||||
0xae,
|
||||
0x05,
|
||||
0xdf,
|
||||
0x29,
|
||||
0x10,
|
||||
0x67,
|
||||
0x6c,
|
||||
0xba,
|
||||
0xc9,
|
||||
0xd3,
|
||||
0x00,
|
||||
0xe6,
|
||||
0xcf,
|
||||
0xe1,
|
||||
0x9e,
|
||||
0xa8,
|
||||
0x2c,
|
||||
0x63,
|
||||
0x16,
|
||||
0x01,
|
||||
0x3f,
|
||||
0x58,
|
||||
0xe2,
|
||||
0x89,
|
||||
0xa9,
|
||||
0x0d,
|
||||
0x38,
|
||||
0x34,
|
||||
0x1b,
|
||||
0xab,
|
||||
0x33,
|
||||
0xff,
|
||||
0xb0,
|
||||
0xbb,
|
||||
0x48,
|
||||
0x0c,
|
||||
0x5f,
|
||||
0xb9,
|
||||
0xb1,
|
||||
0xcd,
|
||||
0x2e,
|
||||
0xc5,
|
||||
0xf3,
|
||||
0xdb,
|
||||
0x47,
|
||||
0xe5,
|
||||
0xa5,
|
||||
0x9c,
|
||||
0x77,
|
||||
0x0a,
|
||||
0xa6,
|
||||
0x20,
|
||||
0x68,
|
||||
0xfe,
|
||||
0x7f,
|
||||
0xc1,
|
||||
0xad,
|
||||
0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9,
|
||||
0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83,
|
||||
0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b,
|
||||
0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13,
|
||||
0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, 0xbd, 0x8f,
|
||||
0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
|
||||
0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60,
|
||||
0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,
|
||||
0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d,
|
||||
0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, 0x6f, 0xbf, 0x0e, 0xda,
|
||||
0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94,
|
||||
0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
|
||||
0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8,
|
||||
0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac,
|
||||
0x35, 0x4d, 0x6a, 0x2a, 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15,
|
||||
0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,
|
||||
0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91,
|
||||
0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
|
||||
0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55,
|
||||
0x97, 0x31, 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae,
|
||||
0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00,
|
||||
0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f,
|
||||
0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33,
|
||||
0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
|
||||
0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6,
|
||||
0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad
|
||||
};
|
||||
|
||||
#if defined(_MSC_VER) && defined(_ARM_)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -62,7 +62,6 @@ static int slh_dsa_key_hash_init(SLH_DSA_KEY *key)
|
||||
key->hash_func = ossl_slh_get_hash_fn(is_shake);
|
||||
return 1;
|
||||
err:
|
||||
slh_dsa_key_hash_cleanup(key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -206,7 +205,7 @@ int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *key2,
|
||||
if (!key_checked
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
|
||||
if (key1->has_priv && key2->has_priv) {
|
||||
if (memcmp(key1->priv, key2->priv,
|
||||
if (CRYPTO_memcmp(key1->priv, key2->priv,
|
||||
key1->params->pk_len)
|
||||
!= 0)
|
||||
return 0;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
@@ -248,12 +248,23 @@ int ossl_sm2_encrypt(const EC_KEY *key,
|
||||
goto done;
|
||||
}
|
||||
|
||||
ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
|
||||
ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, NULL);
|
||||
/* Ensure cast to size_t is safe */
|
||||
if (ciphertext_leni < 0) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (*ciphertext_len < (size_t)ciphertext_leni) {
|
||||
ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL);
|
||||
goto done;
|
||||
}
|
||||
|
||||
ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
|
||||
if (ciphertext_leni < 0) {
|
||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||
goto done;
|
||||
}
|
||||
*ciphertext_len = (size_t)ciphertext_leni;
|
||||
|
||||
rc = 1;
|
||||
@@ -266,6 +277,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
|
||||
OPENSSL_free(x2y2);
|
||||
OPENSSL_free(C3);
|
||||
EVP_MD_CTX_free(hash);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
EC_POINT_free(kG);
|
||||
EC_POINT_free(kP);
|
||||
@@ -406,6 +418,7 @@ int ossl_sm2_decrypt(const EC_KEY *key,
|
||||
OPENSSL_free(x2y2);
|
||||
OPENSSL_free(computed_C3);
|
||||
EC_POINT_free(C1);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
SM2_Ciphertext_free(sm2_ctext);
|
||||
EVP_MD_CTX_free(hash);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
@@ -60,6 +60,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
|
||||
goto done;
|
||||
}
|
||||
|
||||
BN_CTX_start(ctx);
|
||||
p = BN_CTX_get(ctx);
|
||||
a = BN_CTX_get(ctx);
|
||||
b = BN_CTX_get(ctx);
|
||||
@@ -141,6 +142,7 @@ int ossl_sm2_compute_z_digest(uint8_t *out,
|
||||
|
||||
done:
|
||||
OPENSSL_free(buf);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
EVP_MD_CTX_free(hash);
|
||||
return rc;
|
||||
@@ -322,6 +324,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
|
||||
BN_free(s);
|
||||
}
|
||||
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
EC_POINT_free(kG);
|
||||
return sig;
|
||||
@@ -405,8 +408,8 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
|
||||
ret = 1;
|
||||
|
||||
done:
|
||||
BN_CTX_end(ctx);
|
||||
EC_POINT_free(pt);
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -73,18 +73,23 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
|
||||
}
|
||||
}
|
||||
|
||||
int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
|
||||
CRYPTO_RCU_CB_ITEM *ossl_rcu_cb_item_new(void)
|
||||
{
|
||||
struct rcu_cb_item *new = OPENSSL_zalloc(sizeof(*new));
|
||||
return OPENSSL_zalloc(sizeof(CRYPTO_RCU_CB_ITEM));
|
||||
}
|
||||
|
||||
if (new == NULL)
|
||||
return 0;
|
||||
void ossl_rcu_cb_item_free(CRYPTO_RCU_CB_ITEM *item)
|
||||
{
|
||||
OPENSSL_free(item);
|
||||
}
|
||||
|
||||
new->fn = cb;
|
||||
new->data = data;
|
||||
new->next = lock->cb_items;
|
||||
lock->cb_items = new;
|
||||
return 1;
|
||||
void ossl_rcu_call(CRYPTO_RCU_LOCK *lock, CRYPTO_RCU_CB_ITEM *item,
|
||||
rcu_cb_fn cb, void *data)
|
||||
{
|
||||
item->fn = cb;
|
||||
item->data = data;
|
||||
item->next = lock->cb_items;
|
||||
lock->cb_items = item;
|
||||
}
|
||||
|
||||
void *ossl_rcu_uptr_deref(void **p)
|
||||
@@ -162,15 +167,10 @@ struct thread_local_storage_entry {
|
||||
|
||||
static struct thread_local_storage_entry thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
|
||||
|
||||
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
int ossl_thread_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
{
|
||||
int entry_idx = 0;
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (!ossl_init_thread())
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
for (entry_idx = 0; entry_idx < OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX; entry_idx++) {
|
||||
if (!thread_local_storage[entry_idx].used)
|
||||
break;
|
||||
|
||||
@@ -501,24 +501,27 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
|
||||
}
|
||||
}
|
||||
|
||||
CRYPTO_RCU_CB_ITEM *ossl_rcu_cb_item_new(void)
|
||||
{
|
||||
return OPENSSL_zalloc(sizeof(CRYPTO_RCU_CB_ITEM));
|
||||
}
|
||||
|
||||
void ossl_rcu_cb_item_free(CRYPTO_RCU_CB_ITEM *item)
|
||||
{
|
||||
OPENSSL_free(item);
|
||||
}
|
||||
|
||||
/*
|
||||
* Note: This call assumes its made under the protection of
|
||||
* ossl_rcu_write_lock
|
||||
*/
|
||||
int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
|
||||
void ossl_rcu_call(CRYPTO_RCU_LOCK *lock, CRYPTO_RCU_CB_ITEM *item,
|
||||
rcu_cb_fn cb, void *data)
|
||||
{
|
||||
struct rcu_cb_item *new = OPENSSL_zalloc(sizeof(*new));
|
||||
|
||||
if (new == NULL)
|
||||
return 0;
|
||||
|
||||
new->data = data;
|
||||
new->fn = cb;
|
||||
|
||||
new->next = lock->cb_items;
|
||||
lock->cb_items = new;
|
||||
|
||||
return 1;
|
||||
item->fn = cb;
|
||||
item->data = data;
|
||||
item->next = lock->cb_items;
|
||||
lock->cb_items = item;
|
||||
}
|
||||
|
||||
void *ossl_rcu_uptr_deref(void **p)
|
||||
@@ -728,14 +731,9 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
|
||||
return 1;
|
||||
}
|
||||
|
||||
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
int ossl_thread_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
{
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (!ossl_init_thread())
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
if (pthread_key_create(key, cleanup) != 0)
|
||||
return 0;
|
||||
|
||||
|
||||
@@ -397,23 +397,26 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
|
||||
return;
|
||||
}
|
||||
|
||||
CRYPTO_RCU_CB_ITEM *ossl_rcu_cb_item_new(void)
|
||||
{
|
||||
return OPENSSL_zalloc(sizeof(CRYPTO_RCU_CB_ITEM));
|
||||
}
|
||||
|
||||
void ossl_rcu_cb_item_free(CRYPTO_RCU_CB_ITEM *item)
|
||||
{
|
||||
OPENSSL_free(item);
|
||||
}
|
||||
|
||||
/*
|
||||
* Note, must be called under the protection of ossl_rcu_write_lock
|
||||
*/
|
||||
int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
|
||||
void ossl_rcu_call(CRYPTO_RCU_LOCK *lock, CRYPTO_RCU_CB_ITEM *item,
|
||||
rcu_cb_fn cb, void *data)
|
||||
{
|
||||
struct rcu_cb_item *new;
|
||||
|
||||
new = OPENSSL_zalloc(sizeof(struct rcu_cb_item));
|
||||
if (new == NULL)
|
||||
return 0;
|
||||
new->data = data;
|
||||
new->fn = cb;
|
||||
|
||||
new->next = lock->cb_items;
|
||||
lock->cb_items = new;
|
||||
|
||||
return 1;
|
||||
item->fn = cb;
|
||||
item->data = data;
|
||||
item->next = lock->cb_items;
|
||||
lock->cb_items = item;
|
||||
}
|
||||
|
||||
void *ossl_rcu_uptr_deref(void **p)
|
||||
@@ -540,14 +543,9 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
|
||||
return (*lock == ONCE_DONE);
|
||||
}
|
||||
|
||||
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
int ossl_thread_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
|
||||
{
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
if (!ossl_init_thread())
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
*key = TlsAlloc();
|
||||
if (*key == TLS_OUT_OF_INDEXES)
|
||||
return 0;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -48,7 +48,6 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
|
||||
continue;
|
||||
}
|
||||
if (strcmp(cnf->name, "signTool") == 0) {
|
||||
ist->signTool = ASN1_UTF8STRING_new();
|
||||
if (ist->signTool == NULL
|
||||
|| cnf->value == NULL
|
||||
|| !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) {
|
||||
@@ -56,7 +55,6 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(cnf->name, "cATool") == 0) {
|
||||
ist->cATool = ASN1_UTF8STRING_new();
|
||||
if (ist->cATool == NULL
|
||||
|| cnf->value == NULL
|
||||
|| !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) {
|
||||
@@ -64,7 +62,6 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(cnf->name, "signToolCert") == 0) {
|
||||
ist->signToolCert = ASN1_UTF8STRING_new();
|
||||
if (ist->signToolCert == NULL
|
||||
|| cnf->value == NULL
|
||||
|| !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) {
|
||||
@@ -72,7 +69,6 @@ static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(cnf->name, "cAToolCert") == 0) {
|
||||
ist->cAToolCert = ASN1_UTF8STRING_new();
|
||||
if (ist->cAToolCert == NULL
|
||||
|| cnf->value == NULL
|
||||
|| !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,102 +27,24 @@ static const unsigned char wrap_key[] = {
|
||||
|
||||
/* Unique initialisation vector */
|
||||
static const unsigned char wrap_iv[] = {
|
||||
0x99,
|
||||
0xaa,
|
||||
0x3e,
|
||||
0x68,
|
||||
0xed,
|
||||
0x81,
|
||||
0x73,
|
||||
0xa0,
|
||||
0xee,
|
||||
0xd0,
|
||||
0x66,
|
||||
0x84,
|
||||
0x99,
|
||||
0xaa,
|
||||
0x3e,
|
||||
0x68,
|
||||
0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0,
|
||||
0x66, 0x84, 0x99, 0xaa, 0x3e, 0x68
|
||||
};
|
||||
|
||||
/* Example plaintext to encrypt */
|
||||
static const unsigned char wrap_pt[] = {
|
||||
0xad,
|
||||
0x4f,
|
||||
0xc9,
|
||||
0xfc,
|
||||
0x77,
|
||||
0x69,
|
||||
0xc9,
|
||||
0xea,
|
||||
0xfc,
|
||||
0xdf,
|
||||
0x00,
|
||||
0xac,
|
||||
0x34,
|
||||
0xec,
|
||||
0x40,
|
||||
0xbc,
|
||||
0x28,
|
||||
0x3f,
|
||||
0xa4,
|
||||
0x5e,
|
||||
0xd8,
|
||||
0x99,
|
||||
0xe4,
|
||||
0x5d,
|
||||
0x5e,
|
||||
0x7a,
|
||||
0xc4,
|
||||
0xe6,
|
||||
0xca,
|
||||
0x7b,
|
||||
0xa5,
|
||||
0xb7,
|
||||
0xad, 0x4f, 0xc9, 0xfc, 0x77, 0x69, 0xc9, 0xea, 0xfc, 0xdf,
|
||||
0x00, 0xac, 0x34, 0xec, 0x40, 0xbc, 0x28, 0x3f, 0xa4, 0x5e,
|
||||
0xd8, 0x99, 0xe4, 0x5d, 0x5e, 0x7a, 0xc4, 0xe6, 0xca, 0x7b,
|
||||
0xa5, 0xb7
|
||||
};
|
||||
|
||||
/* Expected ciphertext value */
|
||||
static const unsigned char wrap_ct[] = {
|
||||
0x97,
|
||||
0x99,
|
||||
0x55,
|
||||
0xca,
|
||||
0xf6,
|
||||
0x3e,
|
||||
0x95,
|
||||
0x54,
|
||||
0x39,
|
||||
0xd6,
|
||||
0xaf,
|
||||
0x63,
|
||||
0xff,
|
||||
0x2c,
|
||||
0xe3,
|
||||
0x96,
|
||||
0xf7,
|
||||
0x0d,
|
||||
0x2c,
|
||||
0x9c,
|
||||
0xc7,
|
||||
0x43,
|
||||
0xc0,
|
||||
0xb6,
|
||||
0x31,
|
||||
0x43,
|
||||
0xb9,
|
||||
0x20,
|
||||
0xac,
|
||||
0x6b,
|
||||
0xd3,
|
||||
0x67,
|
||||
0xad,
|
||||
0x01,
|
||||
0xaf,
|
||||
0xa7,
|
||||
0x32,
|
||||
0x74,
|
||||
0x26,
|
||||
0x92,
|
||||
0x97, 0x99, 0x55, 0xca, 0xf6, 0x3e, 0x95, 0x54, 0x39, 0xd6,
|
||||
0xaf, 0x63, 0xff, 0x2c, 0xe3, 0x96, 0xf7, 0x0d, 0x2c, 0x9c,
|
||||
0xc7, 0x43, 0xc0, 0xb6, 0x31, 0x43, 0xb9, 0x20, 0xac, 0x6b,
|
||||
0xd3, 0x67, 0xad, 0x01, 0xaf, 0xa7, 0x32, 0x74, 0x26, 0x92
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,22 +27,8 @@ static const unsigned char cbc_key[] = {
|
||||
|
||||
/* Unique initialisation vector */
|
||||
static const unsigned char cbc_iv[] = {
|
||||
0x99,
|
||||
0xaa,
|
||||
0x3e,
|
||||
0x68,
|
||||
0xed,
|
||||
0x81,
|
||||
0x73,
|
||||
0xa0,
|
||||
0xee,
|
||||
0xd0,
|
||||
0x66,
|
||||
0x84,
|
||||
0x99,
|
||||
0xaa,
|
||||
0x3e,
|
||||
0x68,
|
||||
0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0,
|
||||
0x66, 0x84, 0x99, 0xaa, 0x3e, 0x68
|
||||
};
|
||||
|
||||
/* Example plaintext to encrypt */
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -62,70 +62,13 @@ static const char *hamlet_2 = "The insolence of Office, and the spurns\n"
|
||||
|
||||
/* The known value of the SHA3-512 digest of the above soliloqy */
|
||||
static const unsigned char known_answer[] = {
|
||||
0xbb,
|
||||
0x69,
|
||||
0xf8,
|
||||
0x09,
|
||||
0x9c,
|
||||
0x2e,
|
||||
0x00,
|
||||
0x3d,
|
||||
0xa4,
|
||||
0x29,
|
||||
0x5f,
|
||||
0x59,
|
||||
0x4b,
|
||||
0x89,
|
||||
0xe4,
|
||||
0xd9,
|
||||
0xdb,
|
||||
0xa2,
|
||||
0xe5,
|
||||
0xaf,
|
||||
0xa5,
|
||||
0x87,
|
||||
0x73,
|
||||
0x9d,
|
||||
0x83,
|
||||
0x72,
|
||||
0xcf,
|
||||
0xea,
|
||||
0x84,
|
||||
0x66,
|
||||
0xc1,
|
||||
0xf9,
|
||||
0xc9,
|
||||
0x78,
|
||||
0xef,
|
||||
0xba,
|
||||
0x3d,
|
||||
0xe9,
|
||||
0xc1,
|
||||
0xff,
|
||||
0xa3,
|
||||
0x75,
|
||||
0xc7,
|
||||
0x58,
|
||||
0x74,
|
||||
0x8e,
|
||||
0x9c,
|
||||
0x1d,
|
||||
0x14,
|
||||
0xd9,
|
||||
0xdd,
|
||||
0xd1,
|
||||
0xfd,
|
||||
0x24,
|
||||
0x30,
|
||||
0xd6,
|
||||
0x81,
|
||||
0xca,
|
||||
0x8f,
|
||||
0x78,
|
||||
0x29,
|
||||
0x19,
|
||||
0x9a,
|
||||
0xfe,
|
||||
0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d, 0xa4, 0x29,
|
||||
0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9, 0xdb, 0xa2, 0xe5, 0xaf,
|
||||
0xa5, 0x87, 0x73, 0x9d, 0x83, 0x72, 0xcf, 0xea, 0x84, 0x66,
|
||||
0xc1, 0xf9, 0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff,
|
||||
0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d, 0x14, 0xd9,
|
||||
0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6, 0x81, 0xca, 0x8f, 0x78,
|
||||
0x29, 0x19, 0x9a, 0xfe
|
||||
};
|
||||
|
||||
static int demonstrate_digest(void)
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -26,38 +26,10 @@
|
||||
* It is done here solely for educational purposes.
|
||||
*/
|
||||
static unsigned char key[] = {
|
||||
0x6c,
|
||||
0xde,
|
||||
0x14,
|
||||
0xf5,
|
||||
0xd5,
|
||||
0x2a,
|
||||
0x4a,
|
||||
0xdf,
|
||||
0x12,
|
||||
0x39,
|
||||
0x1e,
|
||||
0xbf,
|
||||
0x36,
|
||||
0xf9,
|
||||
0x6a,
|
||||
0x46,
|
||||
0x48,
|
||||
0xd0,
|
||||
0xb6,
|
||||
0x51,
|
||||
0x89,
|
||||
0xfc,
|
||||
0x24,
|
||||
0x85,
|
||||
0xa8,
|
||||
0x8d,
|
||||
0xdf,
|
||||
0x7e,
|
||||
0x80,
|
||||
0x14,
|
||||
0xc8,
|
||||
0xce,
|
||||
0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, 0x12, 0x39,
|
||||
0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, 0x48, 0xd0, 0xb6, 0x51,
|
||||
0x89, 0xfc, 0x24, 0x85, 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14,
|
||||
0xc8, 0xce
|
||||
};
|
||||
|
||||
static const unsigned char data[] = "To be, or not to be, that is the question,\n"
|
||||
@@ -80,22 +52,8 @@ static const unsigned char data[] = "To be, or not to be, that is the question,\
|
||||
|
||||
/* The known value of the CMAC/AES256 MAC of the above soliloqy */
|
||||
static const unsigned char expected_output[] = {
|
||||
0x67,
|
||||
0x92,
|
||||
0x32,
|
||||
0x23,
|
||||
0x50,
|
||||
0x3d,
|
||||
0xc5,
|
||||
0xba,
|
||||
0x78,
|
||||
0xd4,
|
||||
0x6d,
|
||||
0x63,
|
||||
0xf2,
|
||||
0x2b,
|
||||
0xe9,
|
||||
0x56,
|
||||
0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, 0x78, 0xd4,
|
||||
0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -26,70 +26,13 @@
|
||||
* It is done here solely for educational purposes.
|
||||
*/
|
||||
static unsigned char key[] = {
|
||||
0x25,
|
||||
0xfd,
|
||||
0x12,
|
||||
0x99,
|
||||
0xdf,
|
||||
0xad,
|
||||
0x1a,
|
||||
0x03,
|
||||
0x0a,
|
||||
0x81,
|
||||
0x3c,
|
||||
0x2d,
|
||||
0xcc,
|
||||
0x05,
|
||||
0xd1,
|
||||
0x5c,
|
||||
0x17,
|
||||
0x7a,
|
||||
0x36,
|
||||
0x73,
|
||||
0x17,
|
||||
0xef,
|
||||
0x41,
|
||||
0x75,
|
||||
0x71,
|
||||
0x18,
|
||||
0xe0,
|
||||
0x1a,
|
||||
0xda,
|
||||
0x99,
|
||||
0xc3,
|
||||
0x61,
|
||||
0x38,
|
||||
0xb5,
|
||||
0xb1,
|
||||
0xe0,
|
||||
0x82,
|
||||
0x2c,
|
||||
0x70,
|
||||
0xa4,
|
||||
0xc0,
|
||||
0x8e,
|
||||
0x5e,
|
||||
0xf9,
|
||||
0x93,
|
||||
0x9f,
|
||||
0xcf,
|
||||
0xf7,
|
||||
0x32,
|
||||
0x4d,
|
||||
0x0c,
|
||||
0xbd,
|
||||
0x31,
|
||||
0x12,
|
||||
0x0f,
|
||||
0x9a,
|
||||
0x15,
|
||||
0xee,
|
||||
0x82,
|
||||
0xdb,
|
||||
0x8d,
|
||||
0x29,
|
||||
0x54,
|
||||
0x14,
|
||||
0x25, 0xfd, 0x12, 0x99, 0xdf, 0xad, 0x1a, 0x03, 0x0a, 0x81,
|
||||
0x3c, 0x2d, 0xcc, 0x05, 0xd1, 0x5c, 0x17, 0x7a, 0x36, 0x73,
|
||||
0x17, 0xef, 0x41, 0x75, 0x71, 0x18, 0xe0, 0x1a, 0xda, 0x99,
|
||||
0xc3, 0x61, 0x38, 0xb5, 0xb1, 0xe0, 0x82, 0x2c, 0x70, 0xa4,
|
||||
0xc0, 0x8e, 0x5e, 0xf9, 0x93, 0x9f, 0xcf, 0xf7, 0x32, 0x4d,
|
||||
0x0c, 0xbd, 0x31, 0x12, 0x0f, 0x9a, 0x15, 0xee, 0x82, 0xdb,
|
||||
0x8d, 0x29, 0x54, 0x14
|
||||
};
|
||||
|
||||
static const unsigned char data[] = "To be, or not to be, that is the question,\n"
|
||||
@@ -112,70 +55,13 @@ static const unsigned char data[] = "To be, or not to be, that is the question,\
|
||||
|
||||
/* The known value of the HMAC/SHA3-512 MAC of the above soliloqy */
|
||||
static const unsigned char expected_output[] = {
|
||||
0x3b,
|
||||
0x77,
|
||||
0x5f,
|
||||
0xf1,
|
||||
0x4f,
|
||||
0x9e,
|
||||
0xb9,
|
||||
0x23,
|
||||
0x8f,
|
||||
0xdc,
|
||||
0xa0,
|
||||
0x68,
|
||||
0x15,
|
||||
0x7b,
|
||||
0x8a,
|
||||
0xf1,
|
||||
0x96,
|
||||
0x23,
|
||||
0xaa,
|
||||
0x3c,
|
||||
0x1f,
|
||||
0xe9,
|
||||
0xdc,
|
||||
0x89,
|
||||
0x11,
|
||||
0x7d,
|
||||
0x58,
|
||||
0x07,
|
||||
0xe7,
|
||||
0x96,
|
||||
0x17,
|
||||
0xe3,
|
||||
0x44,
|
||||
0x8b,
|
||||
0x03,
|
||||
0x37,
|
||||
0x91,
|
||||
0xc0,
|
||||
0x6e,
|
||||
0x06,
|
||||
0x7c,
|
||||
0x54,
|
||||
0xe4,
|
||||
0xa4,
|
||||
0xcc,
|
||||
0xd5,
|
||||
0x16,
|
||||
0xbb,
|
||||
0x5e,
|
||||
0x4d,
|
||||
0x64,
|
||||
0x7d,
|
||||
0x88,
|
||||
0x23,
|
||||
0xc9,
|
||||
0xb7,
|
||||
0x25,
|
||||
0xda,
|
||||
0xbe,
|
||||
0x4b,
|
||||
0xe4,
|
||||
0xd5,
|
||||
0x34,
|
||||
0x30,
|
||||
0x3b, 0x77, 0x5f, 0xf1, 0x4f, 0x9e, 0xb9, 0x23, 0x8f, 0xdc,
|
||||
0xa0, 0x68, 0x15, 0x7b, 0x8a, 0xf1, 0x96, 0x23, 0xaa, 0x3c,
|
||||
0x1f, 0xe9, 0xdc, 0x89, 0x11, 0x7d, 0x58, 0x07, 0xe7, 0x96,
|
||||
0x17, 0xe3, 0x44, 0x8b, 0x03, 0x37, 0x91, 0xc0, 0x6e, 0x06,
|
||||
0x7c, 0x54, 0xe4, 0xa4, 0xcc, 0xd5, 0x16, 0xbb, 0x5e, 0x4d,
|
||||
0x64, 0x7d, 0x88, 0x23, 0xc9, 0xb7, 0x25, 0xda, 0xbe, 0x4b,
|
||||
0xe4, 0xd5, 0x34, 0x30
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*-
|
||||
* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -9,707 +9,79 @@
|
||||
|
||||
/* Signers private EC key */
|
||||
static const unsigned char priv_key_der[] = {
|
||||
0x30,
|
||||
0x82,
|
||||
0x01,
|
||||
0x68,
|
||||
0x02,
|
||||
0x01,
|
||||
0x01,
|
||||
0x04,
|
||||
0x20,
|
||||
0x51,
|
||||
0x77,
|
||||
0xae,
|
||||
0xf4,
|
||||
0x18,
|
||||
0xf4,
|
||||
0x6b,
|
||||
0xc4,
|
||||
0xe5,
|
||||
0xbb,
|
||||
0xe9,
|
||||
0xe6,
|
||||
0x9e,
|
||||
0x6d,
|
||||
0xb0,
|
||||
0xea,
|
||||
0x12,
|
||||
0xf9,
|
||||
0xf3,
|
||||
0xdb,
|
||||
0x9d,
|
||||
0x56,
|
||||
0x59,
|
||||
0xf7,
|
||||
0x5a,
|
||||
0x17,
|
||||
0xd7,
|
||||
0xd1,
|
||||
0xe4,
|
||||
0xd7,
|
||||
0x47,
|
||||
0x28,
|
||||
0xa0,
|
||||
0x81,
|
||||
0xfa,
|
||||
0x30,
|
||||
0x81,
|
||||
0xf7,
|
||||
0x02,
|
||||
0x01,
|
||||
0x01,
|
||||
0x30,
|
||||
0x2c,
|
||||
0x06,
|
||||
0x07,
|
||||
0x2a,
|
||||
0x86,
|
||||
0x48,
|
||||
0xce,
|
||||
0x3d,
|
||||
0x01,
|
||||
0x01,
|
||||
0x02,
|
||||
0x21,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x01,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x30,
|
||||
0x5b,
|
||||
0x04,
|
||||
0x20,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x01,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfc,
|
||||
0x04,
|
||||
0x20,
|
||||
0x5a,
|
||||
0xc6,
|
||||
0x35,
|
||||
0xd8,
|
||||
0xaa,
|
||||
0x3a,
|
||||
0x93,
|
||||
0xe7,
|
||||
0xb3,
|
||||
0xeb,
|
||||
0xbd,
|
||||
0x55,
|
||||
0x76,
|
||||
0x98,
|
||||
0x86,
|
||||
0xbc,
|
||||
0x65,
|
||||
0x1d,
|
||||
0x06,
|
||||
0xb0,
|
||||
0xcc,
|
||||
0x53,
|
||||
0xb0,
|
||||
0xf6,
|
||||
0x3b,
|
||||
0xce,
|
||||
0x3c,
|
||||
0x3e,
|
||||
0x27,
|
||||
0xd2,
|
||||
0x60,
|
||||
0x4b,
|
||||
0x03,
|
||||
0x15,
|
||||
0x00,
|
||||
0xc4,
|
||||
0x9d,
|
||||
0x36,
|
||||
0x08,
|
||||
0x86,
|
||||
0xe7,
|
||||
0x04,
|
||||
0x93,
|
||||
0x6a,
|
||||
0x66,
|
||||
0x78,
|
||||
0xe1,
|
||||
0x13,
|
||||
0x9d,
|
||||
0x26,
|
||||
0xb7,
|
||||
0x81,
|
||||
0x9f,
|
||||
0x7e,
|
||||
0x90,
|
||||
0x04,
|
||||
0x41,
|
||||
0x04,
|
||||
0x6b,
|
||||
0x17,
|
||||
0xd1,
|
||||
0xf2,
|
||||
0xe1,
|
||||
0x2c,
|
||||
0x42,
|
||||
0x47,
|
||||
0xf8,
|
||||
0xbc,
|
||||
0xe6,
|
||||
0xe5,
|
||||
0x63,
|
||||
0xa4,
|
||||
0x40,
|
||||
0xf2,
|
||||
0x77,
|
||||
0x03,
|
||||
0x7d,
|
||||
0x81,
|
||||
0x2d,
|
||||
0xeb,
|
||||
0x33,
|
||||
0xa0,
|
||||
0xf4,
|
||||
0xa1,
|
||||
0x39,
|
||||
0x45,
|
||||
0xd8,
|
||||
0x98,
|
||||
0xc2,
|
||||
0x96,
|
||||
0x4f,
|
||||
0xe3,
|
||||
0x42,
|
||||
0xe2,
|
||||
0xfe,
|
||||
0x1a,
|
||||
0x7f,
|
||||
0x9b,
|
||||
0x8e,
|
||||
0xe7,
|
||||
0xeb,
|
||||
0x4a,
|
||||
0x7c,
|
||||
0x0f,
|
||||
0x9e,
|
||||
0x16,
|
||||
0x2b,
|
||||
0xce,
|
||||
0x33,
|
||||
0x57,
|
||||
0x6b,
|
||||
0x31,
|
||||
0x5e,
|
||||
0xce,
|
||||
0xcb,
|
||||
0xb6,
|
||||
0x40,
|
||||
0x68,
|
||||
0x37,
|
||||
0xbf,
|
||||
0x51,
|
||||
0xf5,
|
||||
0x02,
|
||||
0x21,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xbc,
|
||||
0xe6,
|
||||
0xfa,
|
||||
0xad,
|
||||
0xa7,
|
||||
0x17,
|
||||
0x9e,
|
||||
0x84,
|
||||
0xf3,
|
||||
0xb9,
|
||||
0xca,
|
||||
0xc2,
|
||||
0xfc,
|
||||
0x63,
|
||||
0x25,
|
||||
0x51,
|
||||
0x02,
|
||||
0x01,
|
||||
0x01,
|
||||
0xa1,
|
||||
0x44,
|
||||
0x03,
|
||||
0x42,
|
||||
0x00,
|
||||
0x04,
|
||||
0x4f,
|
||||
0xe7,
|
||||
0x7b,
|
||||
0xb6,
|
||||
0xbb,
|
||||
0x54,
|
||||
0x42,
|
||||
0x39,
|
||||
0xed,
|
||||
0x5d,
|
||||
0xe5,
|
||||
0x40,
|
||||
0xc8,
|
||||
0xd8,
|
||||
0x71,
|
||||
0xca,
|
||||
0x6d,
|
||||
0x83,
|
||||
0x71,
|
||||
0xd1,
|
||||
0x88,
|
||||
0x2a,
|
||||
0x65,
|
||||
0x00,
|
||||
0x6c,
|
||||
0xc6,
|
||||
0x2f,
|
||||
0x01,
|
||||
0x31,
|
||||
0x49,
|
||||
0xbe,
|
||||
0x76,
|
||||
0x7a,
|
||||
0x67,
|
||||
0x6a,
|
||||
0x28,
|
||||
0x33,
|
||||
0xc7,
|
||||
0x5b,
|
||||
0xb9,
|
||||
0x24,
|
||||
0x45,
|
||||
0x24,
|
||||
0x6e,
|
||||
0xf0,
|
||||
0x6d,
|
||||
0x2f,
|
||||
0x34,
|
||||
0x06,
|
||||
0x53,
|
||||
0x73,
|
||||
0x6a,
|
||||
0xff,
|
||||
0x90,
|
||||
0x90,
|
||||
0xc1,
|
||||
0x6d,
|
||||
0x9b,
|
||||
0x94,
|
||||
0x0d,
|
||||
0x0e,
|
||||
0x1f,
|
||||
0x95,
|
||||
0x65,
|
||||
0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51,
|
||||
0x77, 0xae, 0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9,
|
||||
0xe6, 0x9e, 0x6d, 0xb0, 0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d,
|
||||
0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7, 0xd1, 0xe4, 0xd7, 0x47,
|
||||
0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01,
|
||||
0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01,
|
||||
0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00,
|
||||
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04, 0x20,
|
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xfc, 0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a,
|
||||
0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
|
||||
0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, 0xce,
|
||||
0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4,
|
||||
0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78,
|
||||
0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04,
|
||||
0x41, 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47,
|
||||
0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03,
|
||||
0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45,
|
||||
0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a,
|
||||
0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
|
||||
0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6,
|
||||
0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff,
|
||||
0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, 0xa7,
|
||||
0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25,
|
||||
0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04,
|
||||
0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d,
|
||||
0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1,
|
||||
0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49,
|
||||
0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9,
|
||||
0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53,
|
||||
0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d,
|
||||
0x0e, 0x1f, 0x95, 0x65
|
||||
};
|
||||
|
||||
/* The matching public key used for verifying */
|
||||
static const unsigned char pub_key_der[] = {
|
||||
0x30,
|
||||
0x82,
|
||||
0x01,
|
||||
0x4b,
|
||||
0x30,
|
||||
0x82,
|
||||
0x01,
|
||||
0x03,
|
||||
0x06,
|
||||
0x07,
|
||||
0x2a,
|
||||
0x86,
|
||||
0x48,
|
||||
0xce,
|
||||
0x3d,
|
||||
0x02,
|
||||
0x01,
|
||||
0x30,
|
||||
0x81,
|
||||
0xf7,
|
||||
0x02,
|
||||
0x01,
|
||||
0x01,
|
||||
0x30,
|
||||
0x2c,
|
||||
0x06,
|
||||
0x07,
|
||||
0x2a,
|
||||
0x86,
|
||||
0x48,
|
||||
0xce,
|
||||
0x3d,
|
||||
0x01,
|
||||
0x01,
|
||||
0x02,
|
||||
0x21,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x01,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x30,
|
||||
0x5b,
|
||||
0x04,
|
||||
0x20,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x01,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xfc,
|
||||
0x04,
|
||||
0x20,
|
||||
0x5a,
|
||||
0xc6,
|
||||
0x35,
|
||||
0xd8,
|
||||
0xaa,
|
||||
0x3a,
|
||||
0x93,
|
||||
0xe7,
|
||||
0xb3,
|
||||
0xeb,
|
||||
0xbd,
|
||||
0x55,
|
||||
0x76,
|
||||
0x98,
|
||||
0x86,
|
||||
0xbc,
|
||||
0x65,
|
||||
0x1d,
|
||||
0x06,
|
||||
0xb0,
|
||||
0xcc,
|
||||
0x53,
|
||||
0xb0,
|
||||
0xf6,
|
||||
0x3b,
|
||||
0xce,
|
||||
0x3c,
|
||||
0x3e,
|
||||
0x27,
|
||||
0xd2,
|
||||
0x60,
|
||||
0x4b,
|
||||
0x03,
|
||||
0x15,
|
||||
0x00,
|
||||
0xc4,
|
||||
0x9d,
|
||||
0x36,
|
||||
0x08,
|
||||
0x86,
|
||||
0xe7,
|
||||
0x04,
|
||||
0x93,
|
||||
0x6a,
|
||||
0x66,
|
||||
0x78,
|
||||
0xe1,
|
||||
0x13,
|
||||
0x9d,
|
||||
0x26,
|
||||
0xb7,
|
||||
0x81,
|
||||
0x9f,
|
||||
0x7e,
|
||||
0x90,
|
||||
0x04,
|
||||
0x41,
|
||||
0x04,
|
||||
0x6b,
|
||||
0x17,
|
||||
0xd1,
|
||||
0xf2,
|
||||
0xe1,
|
||||
0x2c,
|
||||
0x42,
|
||||
0x47,
|
||||
0xf8,
|
||||
0xbc,
|
||||
0xe6,
|
||||
0xe5,
|
||||
0x63,
|
||||
0xa4,
|
||||
0x40,
|
||||
0xf2,
|
||||
0x77,
|
||||
0x03,
|
||||
0x7d,
|
||||
0x81,
|
||||
0x2d,
|
||||
0xeb,
|
||||
0x33,
|
||||
0xa0,
|
||||
0xf4,
|
||||
0xa1,
|
||||
0x39,
|
||||
0x45,
|
||||
0xd8,
|
||||
0x98,
|
||||
0xc2,
|
||||
0x96,
|
||||
0x4f,
|
||||
0xe3,
|
||||
0x42,
|
||||
0xe2,
|
||||
0xfe,
|
||||
0x1a,
|
||||
0x7f,
|
||||
0x9b,
|
||||
0x8e,
|
||||
0xe7,
|
||||
0xeb,
|
||||
0x4a,
|
||||
0x7c,
|
||||
0x0f,
|
||||
0x9e,
|
||||
0x16,
|
||||
0x2b,
|
||||
0xce,
|
||||
0x33,
|
||||
0x57,
|
||||
0x6b,
|
||||
0x31,
|
||||
0x5e,
|
||||
0xce,
|
||||
0xcb,
|
||||
0xb6,
|
||||
0x40,
|
||||
0x68,
|
||||
0x37,
|
||||
0xbf,
|
||||
0x51,
|
||||
0xf5,
|
||||
0x02,
|
||||
0x21,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0x00,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xff,
|
||||
0xbc,
|
||||
0xe6,
|
||||
0xfa,
|
||||
0xad,
|
||||
0xa7,
|
||||
0x17,
|
||||
0x9e,
|
||||
0x84,
|
||||
0xf3,
|
||||
0xb9,
|
||||
0xca,
|
||||
0xc2,
|
||||
0xfc,
|
||||
0x63,
|
||||
0x25,
|
||||
0x51,
|
||||
0x02,
|
||||
0x01,
|
||||
0x01,
|
||||
0x03,
|
||||
0x42,
|
||||
0x00,
|
||||
0x04,
|
||||
0x4f,
|
||||
0xe7,
|
||||
0x7b,
|
||||
0xb6,
|
||||
0xbb,
|
||||
0x54,
|
||||
0x42,
|
||||
0x39,
|
||||
0xed,
|
||||
0x5d,
|
||||
0xe5,
|
||||
0x40,
|
||||
0xc8,
|
||||
0xd8,
|
||||
0x71,
|
||||
0xca,
|
||||
0x6d,
|
||||
0x83,
|
||||
0x71,
|
||||
0xd1,
|
||||
0x88,
|
||||
0x2a,
|
||||
0x65,
|
||||
0x00,
|
||||
0x6c,
|
||||
0xc6,
|
||||
0x2f,
|
||||
0x01,
|
||||
0x31,
|
||||
0x49,
|
||||
0xbe,
|
||||
0x76,
|
||||
0x7a,
|
||||
0x67,
|
||||
0x6a,
|
||||
0x28,
|
||||
0x33,
|
||||
0xc7,
|
||||
0x5b,
|
||||
0xb9,
|
||||
0x24,
|
||||
0x45,
|
||||
0x24,
|
||||
0x6e,
|
||||
0xf0,
|
||||
0x6d,
|
||||
0x2f,
|
||||
0x34,
|
||||
0x06,
|
||||
0x53,
|
||||
0x73,
|
||||
0x6a,
|
||||
0xff,
|
||||
0x90,
|
||||
0x90,
|
||||
0xc1,
|
||||
0x6d,
|
||||
0x9b,
|
||||
0x94,
|
||||
0x0d,
|
||||
0x0e,
|
||||
0x1f,
|
||||
0x95,
|
||||
0x65,
|
||||
0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07,
|
||||
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7,
|
||||
0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48,
|
||||
0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff,
|
||||
0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30,
|
||||
0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
|
||||
0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a, 0xc6, 0x35,
|
||||
0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76,
|
||||
0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0,
|
||||
0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03,
|
||||
0x15, 0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93,
|
||||
0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f,
|
||||
0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1,
|
||||
0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40,
|
||||
0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4,
|
||||
0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42,
|
||||
0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c,
|
||||
0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e,
|
||||
0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, 0x02,
|
||||
0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6,
|
||||
0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2,
|
||||
0xfc, 0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00,
|
||||
0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed,
|
||||
0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71,
|
||||
0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31,
|
||||
0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b,
|
||||
0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06,
|
||||
0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94,
|
||||
0x0d, 0x0e, 0x1f, 0x95, 0x65
|
||||
};
|
||||
|
||||
@@ -13,6 +13,9 @@ The following is the list of fingerprints for the keys that are
|
||||
currently in use to sign OpenSSL distributions:
|
||||
|
||||
OpenSSL:
|
||||
B146 647E 45A7 B339 47AB 226B 2A2C 87D1 6169 2D40
|
||||
|
||||
OpenSSL (old keys):
|
||||
BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
|
||||
|
||||
Richard Levitte:
|
||||
|
||||
@@ -6,6 +6,7 @@ ossl_rcu_lock_new,
|
||||
ossl_rcu_lock_free, ossl_rcu_read_lock,
|
||||
ossl_rcu_read_unlock, ossl_rcu_write_lock,
|
||||
ossl_rcu_write_unlock, ossl_synchronize_rcu,
|
||||
ossl_rcu_cb_item_new, ossl_rcu_cb_item_free,
|
||||
ossl_rcu_call, ossl_rcu_deref,
|
||||
ossl_rcu_assign_ptr, ossl_rcu_uptr_deref,
|
||||
ossl_rcu_assign_uptr
|
||||
@@ -19,7 +20,10 @@ ossl_rcu_assign_uptr
|
||||
void ossl_rcu_write_unlock(CRYPTO_RCU_LOCK *lock);
|
||||
void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock);
|
||||
void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock);
|
||||
void ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data);
|
||||
CRYPTO_RCU_CB_ITEM *ossl_rcu_cb_item_new(void);
|
||||
void ossl_rcu_cb_item_free(CRYPTO_RCU_CB_ITEM *item);
|
||||
void ossl_rcu_call(CRYPTO_RCU_LOCK *lock, CRYPTO_RCU_CB_ITEM *item,
|
||||
rcu_cb_fn cb, void *data);
|
||||
void *ossl_rcu_deref(void **p);
|
||||
void ossl_rcu_uptr_deref(void **p);
|
||||
void ossl_rcu_assign_ptr(void **p, void **v);
|
||||
@@ -96,10 +100,29 @@ the write side thread is safe to free.
|
||||
|
||||
=item *
|
||||
|
||||
ossl_rcu_call() enqueues a callback function to the lock, to be called
|
||||
when the next synchronization completes. Note: It is not guaranteed that the
|
||||
thread which enqueued the callback will be the thread which executes the
|
||||
callback
|
||||
ossl_rcu_cb_item_new() allocates a callback item suitable for use with
|
||||
ossl_rcu_call(). Returns NULL on allocation failure. The item is owned by
|
||||
the caller until it is passed to ossl_rcu_call(), at which point ownership
|
||||
transfers to the lock and the item must not be touched again by the caller.
|
||||
|
||||
=item *
|
||||
|
||||
ossl_rcu_cb_item_free() frees a callback item that was allocated by
|
||||
ossl_rcu_cb_item_new() but never passed to ossl_rcu_call(). Use this to
|
||||
release the item on the failure path of an operation that decided not to
|
||||
publish its update.
|
||||
|
||||
=item *
|
||||
|
||||
ossl_rcu_call() enqueues a callback function I<cb> to the lock, to be
|
||||
called with I<data> when the next synchronization completes. The caller
|
||||
must provide a callback item I<item> previously obtained from
|
||||
ossl_rcu_cb_item_new(). After this call the lock owns the item and will
|
||||
free it after invoking the callback. This function does not allocate and
|
||||
cannot fail, which lets callers allocate the item before performing any
|
||||
publish (assign_ptr) and bail cleanly if allocation fails. Note: it is
|
||||
not guaranteed that the thread which enqueued the callback will be the
|
||||
thread which executes the callback.
|
||||
|
||||
=item *
|
||||
|
||||
@@ -121,6 +144,9 @@ ossl_rcu_lock_free() frees an allocated RCU lock
|
||||
|
||||
ossl_rcu_lock_new() returns a pointer to a newly created RCU lock structure.
|
||||
|
||||
ossl_rcu_cb_item_new() returns a pointer to a newly created callback item,
|
||||
or NULL on allocation failure.
|
||||
|
||||
ossl_rcu_deref() and ossl_rcu_uptr_deref() return the value pointed
|
||||
to by the passed in value v.
|
||||
|
||||
@@ -152,7 +178,7 @@ This example safely initializes and uses a lock.
|
||||
|
||||
static void myinit(void)
|
||||
{
|
||||
lock = ossl_rcu_lock_new(1);
|
||||
lock = ossl_rcu_lock_new(1, NULL);
|
||||
}
|
||||
|
||||
static int initlock(void)
|
||||
@@ -162,10 +188,16 @@ This example safely initializes and uses a lock.
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void writer_thread()
|
||||
static void free_old_foo(void *data)
|
||||
{
|
||||
OPENSSL_free(data);
|
||||
}
|
||||
|
||||
static int writer_thread(void)
|
||||
{
|
||||
struct foo *newfoo;
|
||||
struct foo *oldfoo;
|
||||
CRYPTO_RCU_CB_ITEM *cbi;
|
||||
|
||||
initlock();
|
||||
|
||||
@@ -177,48 +209,60 @@ This example safely initializes and uses a lock.
|
||||
* 1) create a new shared object
|
||||
*/
|
||||
newfoo = OPENSSL_zalloc(sizeof(struct foo));
|
||||
if (newfoo == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* acquire the write side lock
|
||||
* 2) Pre allocate the rcu callback item before any publish.
|
||||
*/
|
||||
cbi = ossl_rcu_cb_item_new();
|
||||
if (cbi == NULL) {
|
||||
OPENSSL_free(newfoo);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* 3) acquire the write side lock
|
||||
*/
|
||||
ossl_rcu_write_lock(lock);
|
||||
|
||||
/*
|
||||
* 2) read the old pointer
|
||||
* 4) read the old pointer
|
||||
*/
|
||||
oldfoo = ossl_rcu_deref(&fooptr);
|
||||
|
||||
/*
|
||||
* 3) Copy the old pointer to the new object, and
|
||||
* 5) Copy the old pointer to the new object, and
|
||||
* make any needed adjustments
|
||||
*/
|
||||
memcpy(newfoo, oldfoo, sizeof(struct foo));
|
||||
newfoo->aval++;
|
||||
|
||||
/*
|
||||
* 4) Update the shared pointer to the new value
|
||||
* 6) Update the shared pointer to the new value
|
||||
*/
|
||||
ossl_rcu_assign_ptr(&fooptr, &newfoo);
|
||||
|
||||
/*
|
||||
* 5) Release the write side lock
|
||||
* 7) Schedule the old pointer to be freed when readers are done.
|
||||
*/
|
||||
ossl_rcu_call(lock, cbi, free_old_foo, oldfoo);
|
||||
|
||||
/*
|
||||
* 8) Release the write side lock
|
||||
*/
|
||||
ossl_rcu_write_unlock(lock);
|
||||
|
||||
/*
|
||||
* 6) wait for any read side holds on the old data
|
||||
* to be released
|
||||
* 9) wait for any read side holds on the old data
|
||||
* to be released, after which free_old_foo will run
|
||||
*/
|
||||
ossl_synchronize_rcu(lock);
|
||||
|
||||
/*
|
||||
* 7) free the old pointer, now that there are no
|
||||
* further readers
|
||||
*/
|
||||
OPENSSL_free(oldfoo);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void reader_thread()
|
||||
static void reader_thread(void)
|
||||
{
|
||||
struct foo *myfoo = NULL;
|
||||
int a;
|
||||
@@ -249,7 +293,7 @@ L<crypto(7)>, L<openssl-threads(7)>.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -84,11 +84,11 @@ a block of base-64 encoding (defined in IETF RFC 4648), with specific
|
||||
lines used to mark the start and end:
|
||||
|
||||
Text before the BEGIN line is ignored.
|
||||
----- BEGIN object-type -----
|
||||
-----BEGIN object-type-----
|
||||
OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
|
||||
xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
|
||||
UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
|
||||
----- END object-type -----
|
||||
-----END object-type-----
|
||||
Text after the END line is also ignored
|
||||
|
||||
The I<object-type> must match the type of object that is expected.
|
||||
|
||||
@@ -74,7 +74,7 @@ is included.
|
||||
|
||||
=item B<-traditional>
|
||||
|
||||
When this option is present and B<-topk8> is not a traditional format private
|
||||
When this option is present and B<-topk8> is not, a traditional format private
|
||||
key is written.
|
||||
|
||||
=item B<-in> I<filename>
|
||||
@@ -289,7 +289,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -49,8 +49,8 @@ directories to be set up like this in order to find certificates.
|
||||
|
||||
If any directories are named on the command line, then those are
|
||||
processed in turn. If not, then the B<SSL_CERT_DIR> environment variable
|
||||
is consulted; this should be a colon-separated list of directories,
|
||||
like the Unix B<PATH> variable.
|
||||
is consulted; this should be a colon-separated list of directories
|
||||
(or semicolon-separated on Windows), like the B<PATH> variable.
|
||||
If that is not set then the default directory (installation-specific
|
||||
but often F</usr/local/ssl/certs>) is processed.
|
||||
|
||||
@@ -149,7 +149,7 @@ L<openssl-x509(1)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -323,6 +323,12 @@ see L<openssl-verify(1)> for more information.
|
||||
The URI of a store containing trusted certificates to use
|
||||
for verifying the server's certificate.
|
||||
|
||||
When any of B<-verifyCAfile>, B<-verifyCApath>, or B<-verifyCAstore> is
|
||||
specified, they are loaded into a separate verification store (via
|
||||
L<SSL_CTX_set1_verify_cert_store(3)>) and used for server certificate
|
||||
verification instead of the store built from B<-CAfile>, B<-CApath>, and
|
||||
B<-CAstore>.
|
||||
|
||||
=item B<-chainCAfile> I<file>
|
||||
|
||||
A file in PEM format containing trusted certificates to use
|
||||
@@ -680,9 +686,6 @@ The I<protocols> list is a comma-separated list of protocol names that
|
||||
the client should advertise support for. The list should contain the most
|
||||
desirable protocols first. Protocol names are printable ASCII strings,
|
||||
for example "http/1.1" or "spdy/3".
|
||||
An empty list of protocols is treated specially and will cause the
|
||||
client to advertise support for the TLS extension but disconnect just
|
||||
after receiving ServerHello with a list of server supported protocols.
|
||||
The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
|
||||
|
||||
=item B<-ct>, B<-noct>
|
||||
@@ -1025,7 +1028,7 @@ options were added in OpenSSL 3.2.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -334,8 +334,8 @@ Download CRLs from distribution points given in CDP extensions of certificates
|
||||
|
||||
=item B<-verifyCAfile> I<filename>
|
||||
|
||||
A file in PEM format CA containing trusted certificates to use
|
||||
for verifying client certificates.
|
||||
A file in PEM format containing trusted CA certificates (root and/or
|
||||
intermediate) used to verify the client certificate chain.
|
||||
|
||||
=item B<-verifyCApath> I<dir>
|
||||
|
||||
@@ -349,6 +349,15 @@ see L<openssl-verify(1)> for more information.
|
||||
The URI of a store containing trusted certificates to use
|
||||
for verifying client certificates.
|
||||
|
||||
When any of B<-verifyCAfile>, B<-verifyCApath>, or B<-verifyCAstore> is
|
||||
specified, they are loaded into a separate verification store (via
|
||||
L<SSL_CTX_set1_verify_cert_store(3)>) and used for client certificate
|
||||
verification instead of the store built from B<-CAfile>, B<-CApath>, and
|
||||
B<-CAstore>. Note that B<-CAfile> is the sole source of acceptable issuing
|
||||
CA names sent to the client in the Certificate Request message during the
|
||||
handshake; B<-CApath>, B<-CAstore>, and the B<-verifyCA*> options do not
|
||||
contribute to this list.
|
||||
|
||||
=item B<-chainCAfile> I<file>
|
||||
|
||||
A file in PEM format containing trusted certificates to use
|
||||
@@ -763,6 +772,10 @@ has been negotiated, and early data is enabled on the server. A full handshake
|
||||
is forced if a session ticket is used a second or subsequent time. Any early
|
||||
data that was sent will be rejected.
|
||||
|
||||
Note that the server manages an internal cache of session tickets. If a client
|
||||
closes the connection without sending the close_notify alert, the
|
||||
corresponding session ticket is removed and a full handshake is forced.
|
||||
|
||||
=item B<-tfo>
|
||||
|
||||
Enable acceptance of TCP Fast Open (RFC7413) connections.
|
||||
@@ -927,7 +940,7 @@ options were added in OpenSSL 3.2.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -54,8 +54,9 @@ I<recipcert> ...
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This command handles S/MIME mail. It can encrypt, decrypt, sign
|
||||
and verify S/MIME messages.
|
||||
This command handles S/MIME according to RFC 2311 (1998) with no CMS support.
|
||||
It can encrypt, decrypt, sign and verify S/MIME 2.0 messages. For newer messages
|
||||
use the OpenSSL CMS tool.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
@@ -479,7 +480,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -5,7 +5,8 @@
|
||||
BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
|
||||
BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
|
||||
BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
|
||||
BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
|
||||
BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request,
|
||||
BIO_nread0, BIO_nread, BIO_nwrite0, BIO_nwrite - BIO pair BIO
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
@@ -28,6 +29,11 @@ BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
|
||||
size_t BIO_ctrl_get_read_request(BIO *b);
|
||||
int BIO_ctrl_reset_read_request(BIO *b);
|
||||
|
||||
int BIO_nread0(BIO *bio, char **buf);
|
||||
int BIO_nread(BIO *bio, char **buf, int num);
|
||||
int BIO_nwrite0(BIO *bio, char **buf);
|
||||
int BIO_nwrite(BIO *bio, char **buf, int num);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
|
||||
@@ -98,6 +104,44 @@ than that returned by BIO_get_write_guarantee().
|
||||
BIO_ctrl_reset_read_request() can also be used to reset the value returned by
|
||||
BIO_get_read_request() to zero.
|
||||
|
||||
=head2 Non-copying Interface
|
||||
|
||||
BIO_nread0(), BIO_nread(), BIO_nwrite0(), and BIO_nwrite() provide a non-copying
|
||||
interface for reading from and writing to BIO pairs. These functions allow
|
||||
direct access to the internal buffer, avoiding the overhead of copying data.
|
||||
|
||||
BIO_nread0() returns in B<*buf> a pointer to the start of the available data
|
||||
in the peer's write buffer and returns the number of bytes available.
|
||||
This allows reading directly from the buffer without copying.
|
||||
It does not consume the data; a subsequent call to BIO_nread() is needed
|
||||
to advance the buffer position.
|
||||
|
||||
BIO_nread() is similar to BIO_nread0() but also advances the read position
|
||||
by up to B<num> bytes. The actual number of bytes consumed is returned.
|
||||
The B<*buf> pointer is set to the start of the data that was consumed.
|
||||
Since the data is considered consumed after this call, the pointer returned
|
||||
by BIO_nread() should not be used afterwards unless the caller also
|
||||
controls the writing side. The typical pattern is to call BIO_nread0() first,
|
||||
use the data, and then call BIO_nread() to consume it.
|
||||
|
||||
BIO_nwrite0() returns in B<*buf> a pointer to the start of the available
|
||||
space in the write buffer and returns the number of bytes that can be written.
|
||||
This allows writing directly to the buffer without copying.
|
||||
It does not commit the data; a subsequent call to BIO_nwrite() is needed
|
||||
to update the buffer length.
|
||||
|
||||
BIO_nwrite() is similar to BIO_nwrite0() but also commits up to B<num> bytes
|
||||
as written. The actual number of bytes committed is returned.
|
||||
The B<*buf> pointer is set to the start of the region that was committed.
|
||||
BIO_nwrite() should only be called after the data has actually been written
|
||||
to the buffer obtained from BIO_nwrite0(), since committing signals data
|
||||
availability to the reading side.
|
||||
|
||||
Note that due to the ring buffer implementation, if wrapping around would be
|
||||
required, BIO_nread0() and BIO_nwrite0() may return less than the total
|
||||
available space. In such cases, a second call may be needed to access the
|
||||
remaining data or space.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
Both halves of a BIO pair should be freed. That is even if one half is implicit
|
||||
@@ -133,6 +177,17 @@ locations for B<bio1> and B<bio2>. Check the error stack for more information.
|
||||
|
||||
[XXXXX: More return values need to be added here]
|
||||
|
||||
BIO_nread0() returns the number of bytes available for reading, 0 if the peer
|
||||
has closed and no data remains (EOF), or -1 if no data is currently available
|
||||
(retry may be appropriate). If the BIO is not initialized, -2 is returned.
|
||||
|
||||
BIO_nwrite0() returns the number of bytes of space available for writing, or -1
|
||||
if no space is currently available (retry may be appropriate) or the BIO has
|
||||
been closed. If the BIO is not initialized, -2 is returned.
|
||||
|
||||
BIO_nread() and BIO_nwrite() return the number of bytes consumed or committed
|
||||
respectively, or the same error values as BIO_nread0() and BIO_nwrite0().
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
The BIO pair can be used to have full control over the network access of an
|
||||
@@ -176,6 +231,30 @@ and must be transferred to the network. Use BIO_ctrl_get_read_request() to
|
||||
find out, how many bytes must be written into the buffer before the
|
||||
SSL_operation() can successfully be continued.
|
||||
|
||||
A typical usage pattern for the non-copying write interface is:
|
||||
|
||||
int ret;
|
||||
char *buf;
|
||||
|
||||
ret = BIO_nwrite0(bio, &buf);
|
||||
if (ret > 0) {
|
||||
/* write up to 'ret' bytes directly to 'buf' */
|
||||
memcpy(buf, data, len);
|
||||
BIO_nwrite(bio, &buf, len); /* commit the write */
|
||||
}
|
||||
|
||||
A typical usage pattern for the non-copying read interface is:
|
||||
|
||||
int ret;
|
||||
char *buf;
|
||||
|
||||
ret = BIO_nread0(bio, &buf);
|
||||
if (ret > 0) {
|
||||
/* read up to 'ret' bytes directly from 'buf' */
|
||||
process_data(buf, ret);
|
||||
BIO_nread(bio, &buf, ret); /* consume the data */
|
||||
}
|
||||
|
||||
=head1 WARNINGS
|
||||
|
||||
As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
|
||||
@@ -191,7 +270,7 @@ L<BIO_should_retry(3)>, L<BIO_read_ex(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -108,8 +108,10 @@ BN_gcd() computes the greatest common divisor of I<a> and I<b> and
|
||||
places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
|
||||
I<b>.
|
||||
|
||||
For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
|
||||
temporary variables; see L<BN_CTX_new(3)>.
|
||||
For all functions that take a I<ctx> parameter, it must be a previously
|
||||
allocated B<BN_CTX> used for temporary variables; see L<BN_CTX_new(3)>.
|
||||
Unless stated otherwise in the documentation for a specific function,
|
||||
the I<ctx> parameter must not be NULL.
|
||||
|
||||
Unless noted otherwise, the result B<BIGNUM> must be different from
|
||||
the arguments.
|
||||
@@ -135,7 +137,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -112,7 +112,7 @@ were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -413,7 +413,8 @@ encrypted data.
|
||||
For most ciphers and modes, the amount of data written can be anything
|
||||
from zero bytes to (inl + cipher_block_size - 1) bytes.
|
||||
For wrap cipher modes, the amount of data written can be anything
|
||||
from zero bytes to (inl + cipher_block_size) bytes.
|
||||
from zero bytes to (inl rounded up to cipher_block_size + cipher_block_size)
|
||||
bytes.
|
||||
For stream ciphers, the amount of data written can be anything from zero
|
||||
bytes to inl bytes.
|
||||
Thus, the buffer pointed to by I<out> must contain sufficient room for the
|
||||
|
||||
@@ -86,9 +86,12 @@ For backward compatibility, I<path> may begin with C<http://> and thus convey
|
||||
an absoluteURI. In this case it indicates HTTP proxy use and provides also the
|
||||
server (and optionally the port) that the proxy shall forward the request to.
|
||||
In this case the I<server> and I<port> arguments must be NULL.
|
||||
The I<server>, I<port>, and I<path> arguments must not contain CR or LF
|
||||
characters.
|
||||
|
||||
OSSL_HTTP_REQ_CTX_add1_header() adds header I<name> with value I<value> to the
|
||||
context I<rctx>. It can be called more than once to add multiple header lines.
|
||||
The I<name> and I<value> arguments must not contain CR or LF characters.
|
||||
For example, to add a C<Host> header for C<example.com> you would call:
|
||||
|
||||
OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com");
|
||||
@@ -143,6 +146,7 @@ The HTTP header C<Content-Length> is filled out with the length of the request.
|
||||
I<content_type> must be NULL if I<req> is NULL.
|
||||
If I<content_type> isn't NULL,
|
||||
the HTTP header C<Content-Type> is also added with the given string value.
|
||||
The I<content_type> argument must not contain CR or LF characters.
|
||||
The header lines are added to the internal memory B<BIO> for the request header.
|
||||
|
||||
OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared in I<rctx>
|
||||
@@ -299,7 +303,7 @@ All other functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -32,7 +32,9 @@ see L<openssl_user_macros(7)>:
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
OSSL_HTTP_adapt_proxy() takes an optional proxy hostname I<proxy>
|
||||
OSSL_HTTP_adapt_proxy() determines whether a proxy should be used
|
||||
when connecting to the given I<server>.
|
||||
It takes an optional proxy hostname I<proxy>
|
||||
and returns it transformed according to the optional I<no_proxy> parameter,
|
||||
I<server>, I<use_ssl>, and the applicable environment variable, as follows.
|
||||
If I<proxy> is NULL, take any default value from the C<http_proxy>
|
||||
@@ -40,11 +42,13 @@ environment variable, or from C<https_proxy> if I<use_ssl> is nonzero.
|
||||
If this still does not yield a proxy hostname,
|
||||
take any further default value from the C<HTTP_PROXY>
|
||||
environment variable, or from C<HTTPS_PROXY> if I<use_ssl> is nonzero.
|
||||
If I<no_proxy> is NULL, take any default exclusion value from the C<no_proxy>
|
||||
environment variable, or else from C<NO_PROXY>.
|
||||
Return the determined proxy host unless the exclusion value,
|
||||
which is a list of proxy hosts separated by C<,> and/or whitespace,
|
||||
contains I<server>.
|
||||
Return the determined proxy host if I<server> is the empty string
|
||||
or I<server> is not in the exclusion list.
|
||||
The exclusion list is a list of server hosts separated by C<,>
|
||||
and/or whitespace.
|
||||
They may be given via the I<no_proxy> parameter.
|
||||
If it is NULL, the exclusion list is taken from the C<no_proxy>
|
||||
environment variable if set, otherwise from C<NO_PROXY>.
|
||||
Otherwise return NULL.
|
||||
When I<server> is a string delimited by C<[> and C<]>, which are used for IPv6
|
||||
addresses, the enclosing C<[> and C<]> are stripped prior to comparison.
|
||||
@@ -102,7 +106,7 @@ OCSP_parse_url() was deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -158,6 +158,7 @@ pre-established with a TLS proxy using the HTTP CONNECT method,
|
||||
optionally using proxy client credentials I<proxyuser> and I<proxypass>,
|
||||
to connect with TLS protection ultimately to I<server> and I<port>.
|
||||
If the I<port> argument is NULL or the empty string it defaults to "443".
|
||||
The I<server> and I<port> arguments must not contain CR or LF characters.
|
||||
If the I<timeout> parameter is > 0 this indicates the maximum number of
|
||||
seconds the connection setup is allowed to take.
|
||||
A value <= 0 enables waiting indefinitely, i.e., no timeout.
|
||||
@@ -178,6 +179,8 @@ else HTTP POST with the contents of I<req> and optional I<content_type>, where
|
||||
the length of the data in I<req> does not need to be determined in advance: the
|
||||
BIO will be read on-the-fly while sending the request, which supports streaming.
|
||||
The optional list I<headers> may contain additional custom HTTP header lines.
|
||||
The I<path>, I<headers> names and values, and I<content_type> must not contain
|
||||
CR or LF characters.
|
||||
The I<max_resp_len> parameter specifies the maximum allowed
|
||||
response content length, where the value 0 indicates no limit.
|
||||
For the meaning of the I<expected_content_type>, I<expect_asn1>, I<timeout>,
|
||||
@@ -275,7 +278,7 @@ All the functions described here were added in OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -46,16 +46,13 @@ The error can be obtained from ERR_get_error(3)
|
||||
PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
|
||||
be better if it could look up the correct key and certificate from a database.
|
||||
|
||||
The lack of single pass processing and need to hold all data in memory as
|
||||
mentioned in PKCS7_sign() also applies to PKCS7_verify().
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<ERR_get_error(3)>, L<PKCS7_encrypt(3)>, L<EVP_PKEY_decrypt(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -8,8 +8,8 @@ SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
|
||||
long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
|
||||
long SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, long mode);
|
||||
long SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@@ -136,7 +136,7 @@ L<SSL_CTX_flush_sessions(3)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -38,9 +38,6 @@ is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
|
||||
SSL_set_session_id_context() functions are therefore only useful on the
|
||||
server side.
|
||||
|
||||
OpenSSL clients will check the session id context returned by the server
|
||||
when reusing a session.
|
||||
|
||||
The maximum length of the B<sid_ctx> is limited to
|
||||
B<SSL_MAX_SID_CTX_LENGTH>.
|
||||
|
||||
@@ -51,11 +48,24 @@ certificates are used, stored sessions
|
||||
will not be reused but a fatal error will be flagged and the handshake
|
||||
will fail.
|
||||
|
||||
If a server returns a different session id context to an OpenSSL client
|
||||
when reusing a session, an error will be flagged and the handshake will
|
||||
fail. OpenSSL servers will always return the correct session id context,
|
||||
as an OpenSSL server checks the session id context itself before reusing
|
||||
a session as described above.
|
||||
If a client attempts to resume a session and the server detects that the session
|
||||
id context associated with the session is different to the current session id
|
||||
context then the resumption will fail. The handshake will continue normally but
|
||||
no resumption will occur.
|
||||
|
||||
It is vital that the session id context is set before any session resumption
|
||||
occurs. Sessions get created early in the handshake. If the session id context
|
||||
is not set by the time the session gets created then the session will be
|
||||
associated with an empty session id context. The already created session will
|
||||
not get updated if the session id context is later set. In particular the
|
||||
callback set via the L<SSL_CTX_set_tlsext_servername_callback(3)> function will
|
||||
be invoked after the session gets created, so if the session id context is set
|
||||
in the callback then this will be too late for the current handshake and the
|
||||
session id context setting will be ignored with respect to resumption. Typically
|
||||
the session id context should be set before the TLS handshake starts, but it may
|
||||
occur as late as in the callback set via the L<SSL_CTX_set_client_hello_cb(3)>
|
||||
function.
|
||||
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
@@ -82,7 +92,7 @@ L<ssl(7)>
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -29,7 +29,11 @@ still necessary in order to acknowledge the servername requested by the client.
|
||||
SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
|
||||
used by a server to perform any actions or configuration required based on
|
||||
the servername extension received in the incoming connection. When B<cb>
|
||||
is NULL, SNI is not used.
|
||||
is NULL, SNI is not used. Note that this callback occurs late in the processing
|
||||
of the ClientHello message. In particular it happens after session resumption
|
||||
has occurred, and so typically this callback should not call functions such
|
||||
as L<SSL_set_session_id_context(3)> since it is too late to affect the session
|
||||
resumption for the current handshake.
|
||||
|
||||
The servername callback should return one of the following values:
|
||||
|
||||
@@ -169,7 +173,7 @@ NULL.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -471,21 +471,29 @@ encoding. Unlike the C structures which can have pointers to sub-objects
|
||||
within, the DER is a serialized encoding, suitable for sending over the
|
||||
network, writing to a file, and so on.
|
||||
|
||||
B<d2i_I<TYPE>>() attempts to decode I<len> bytes at I<*ppin>. If successful a
|
||||
pointer to the B<I<TYPE>> structure is returned and I<*ppin> is incremented to
|
||||
the byte following the parsed data. If I<a> is not NULL then a pointer
|
||||
to the returned structure is also written to I<*a>. If an error occurred
|
||||
then NULL is returned. The caller retains ownership of the
|
||||
returned object and needs to free it when it is no longer needed, e.g.
|
||||
using X509_free() for X509 objects or DSA_SIG_free() for DSA_SIG objects.
|
||||
B<d2i_I<TYPE>>() attempts to decode I<len> bytes at I<*ppin>.
|
||||
When there is no error, a pointer to a B<I<TYPE>> object is returned and I<*ppin> is
|
||||
incremented to the byte following the parsed data.
|
||||
The caller owns the returned object and needs to free it when it is no longer needed,
|
||||
e.g., via X509_free() for B<X509> objects.
|
||||
|
||||
On a successful return, if I<*a> is not NULL then it is assumed that I<*a>
|
||||
contains a valid B<I<TYPE>> structure and an attempt is made to reuse it.
|
||||
For B<I<TYPE>> structures where it matters it is possible to set up a library
|
||||
context on the decoded structure this way (see the B<EXAMPLES> section).
|
||||
However using the "reuse" capability for other purposes is B<strongly
|
||||
discouraged> (see B<BUGS> below, and the discussion in the B<RETURN VALUES>
|
||||
section).
|
||||
If either I<a> or I<*a> is NULL, then fresh storage is allocated for the
|
||||
returned object, and if I<a> is not NULL then I<*a> is set equal to the
|
||||
returned pointer.
|
||||
|
||||
When both I<a> and I<*a> are not NULL, I<*a> MUST be a pointer to an
|
||||
existing I<TYPE> object, which is reused to hold the decoded result.
|
||||
On error (NULL return value), the object is freed and I<*a> is set to NULL.
|
||||
|
||||
From OpenSSL 3.x onwards, reuse is only supported when I<*a> points to a newly
|
||||
allocated, and not otherwise modified, I<TYPE> object.
|
||||
Allocation can be via one of the various _ex() routines, which make it possible
|
||||
to associate the allocated object with a chosen I<libctx> (library context)
|
||||
or I<propq> (property query), see the B<EXAMPLES> section.
|
||||
No other reuse is supported (see B<BUGS> below, and the discussion in the
|
||||
B<RETURN VALUES> section).
|
||||
The returned object is not suitable for another reuse: each reuse attempt MUST
|
||||
start with a newly allocated object.
|
||||
|
||||
B<d2i_I<TYPE>_bio>() is similar to B<d2i_I<TYPE>>() except it attempts
|
||||
to parse data from BIO I<bp>.
|
||||
@@ -761,7 +769,7 @@ were added in OpenSSL 3.5.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 1998-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -69,6 +69,10 @@ The AES-SIV and AES-WRAP mode implementations do not support streaming. That
|
||||
means to obtain correct results there can be only one L<EVP_EncryptUpdate(3)>
|
||||
or L<EVP_DecryptUpdate(3)> call after the initialization of the context.
|
||||
|
||||
When wrapping with AES-WRAP-PAD ciphers, the output buffer must be at least
|
||||
I<inl> rounded up to the cipher block size (8 bytes) plus the block size.
|
||||
That is, the minimum output buffer size is C<((inl + 7) / 8) * 8 + 8> bytes.
|
||||
|
||||
The AES-XTS implementations allow streaming to be performed, but each
|
||||
L<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
|
||||
to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
|
||||
@@ -86,7 +90,7 @@ The GCM-SIV mode ciphers were added in OpenSSL version 3.2.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -168,6 +168,8 @@ See L<RAND_load_file(3)>.
|
||||
=item B<SSL_CERT_DIR>, B<SSL_CERT_FILE>
|
||||
|
||||
Specify the default directory or file containing CA certificates.
|
||||
B<SSL_CERT_DIR> can contain multiple directories separated by colons
|
||||
(or semicolons on Windows).
|
||||
See L<SSL_CTX_load_verify_locations(3)>.
|
||||
|
||||
=item B<TSGET>
|
||||
|
||||
@@ -38,9 +38,9 @@ provider-asym_cipher - The asym_cipher library E<lt>-E<gt> provider functions
|
||||
|
||||
/* Asymmetric Cipher parameters */
|
||||
int OSSL_FUNC_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]);
|
||||
const OSSL_PARAM *OSSL_FUNC_asym_cipher_gettable_ctx_params(void *provctx);
|
||||
const OSSL_PARAM *OSSL_FUNC_asym_cipher_gettable_ctx_params(void *ctx, void *provctx);
|
||||
int OSSL_FUNC_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
|
||||
const OSSL_PARAM *OSSL_FUNC_asym_cipher_settable_ctx_params(void *provctx);
|
||||
const OSSL_PARAM *OSSL_FUNC_asym_cipher_settable_ctx_params(void *ctx, void *provctx);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@@ -291,7 +291,7 @@ were added in OpenSSL 3.4.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
@@ -269,7 +269,6 @@ OSSL_FUNC_signature_gettable_ctx_params() functions,
|
||||
as well as the "md_params" functions.
|
||||
|
||||
The OSSL_FUNC_signature_dupctx() function is optional.
|
||||
It is not yet used by OpenSSL.
|
||||
|
||||
The OSSL_FUNC_signature_query_key_types() function is optional.
|
||||
When present, it should return a NULL-terminated array of strings
|
||||
@@ -708,7 +707,7 @@ Deterministic digital signature generation for ECDSA was added to the FIPS provi
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user