openssl: Vendor import of OpenSSL-3.0.9
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.9.tar.gz Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.9.tar.gz 14 MB 74 MBps 01s openssl-3.0.9.tar.gz.asc 833 B 10 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.9 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2021-07-16 [SC] [expires: 2031-07-14] A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C uid [ unknown] Tomáš Mráz <tm@t8m.info> uid [ unknown] Tomáš Mráz <tomas@arleto.cz> uid [ unknown] Tomáš Mráz <tomas@openssl.org> sub rsa4096 2021-07-16 [S] [expires: 2027-07-15] sub rsa4096 2021-07-16 [E] [expires: 2031-07-14] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue May 30 14:32:24 2023 CEST gpg: using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown] gpg: aka "Tomáš Mráz <tomas@arleto.cz>" [unknown] gpg: aka "Tomáš Mráz <tomas@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C Subkey fingerprint: DC70 3266 2AF8 85E2 F47F 243F 5274 66A2 1CA7 9E6D $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ```
This commit is contained in:
committed by
Ed Maste
parent
e4520c8bd1
commit
b84c4564ef
+80
-1
@@ -28,6 +28,80 @@ breaking changes, and mappings for the large list of deprecated functions.
|
|||||||
|
|
||||||
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
|
||||||
|
|
||||||
|
### Changes between 3.0.8 and 3.0.9 [30 May 2023]
|
||||||
|
|
||||||
|
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
|
||||||
|
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
|
||||||
|
|
||||||
|
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
|
||||||
|
numeric text form. For gigantic sub-identifiers, this would take a very
|
||||||
|
long time, the time complexity being O(n^2) where n is the size of that
|
||||||
|
sub-identifier. ([CVE-2023-2650])
|
||||||
|
|
||||||
|
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
|
||||||
|
IDENTIFIER to canonical numeric text form if the size of that OBJECT
|
||||||
|
IDENTIFIER is 586 bytes or less, and fail otherwise.
|
||||||
|
|
||||||
|
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
|
||||||
|
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
|
||||||
|
most 128 sub-identifiers, and that the maximum value that each sub-
|
||||||
|
identifier may have is 2^32-1 (4294967295 decimal).
|
||||||
|
|
||||||
|
For each byte of every sub-identifier, only the 7 lower bits are part of
|
||||||
|
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
|
||||||
|
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
|
||||||
|
bytes.
|
||||||
|
|
||||||
|
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||||
|
|
||||||
|
*Richard Levitte*
|
||||||
|
|
||||||
|
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
|
||||||
|
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
|
||||||
|
trigger a crash of an application using AES-XTS decryption if the memory
|
||||||
|
just after the buffer being decrypted is not mapped.
|
||||||
|
Thanks to Anton Romanov (Amazon) for discovering the issue.
|
||||||
|
([CVE-2023-1255])
|
||||||
|
|
||||||
|
*Nevine Ebeid*
|
||||||
|
|
||||||
|
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
|
||||||
|
The previous fix for this timing side channel turned out to cause
|
||||||
|
a severe 2-3x performance regression in the typical use case
|
||||||
|
compared to 3.0.7. The new fix uses existing constant time
|
||||||
|
code paths, and restores the previous performance level while
|
||||||
|
fully eliminating all existing timing side channels.
|
||||||
|
The fix was developed by Bernd Edlinger with testing support
|
||||||
|
by Hubert Kario.
|
||||||
|
|
||||||
|
*Bernd Edlinger*
|
||||||
|
|
||||||
|
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
|
||||||
|
that it does not enable policy checking. Thanks to David Benjamin for
|
||||||
|
discovering this issue.
|
||||||
|
([CVE-2023-0466])
|
||||||
|
|
||||||
|
*Tomáš Mráz*
|
||||||
|
|
||||||
|
* Fixed an issue where invalid certificate policies in leaf certificates are
|
||||||
|
silently ignored by OpenSSL and other certificate policy checks are skipped
|
||||||
|
for that certificate. A malicious CA could use this to deliberately assert
|
||||||
|
invalid certificate policies in order to circumvent policy checking on the
|
||||||
|
certificate altogether.
|
||||||
|
([CVE-2023-0465])
|
||||||
|
|
||||||
|
*Matt Caswell*
|
||||||
|
|
||||||
|
* Limited the number of nodes created in a policy tree to mitigate
|
||||||
|
against CVE-2023-0464. The default limit is set to 1000 nodes, which
|
||||||
|
should be sufficient for most installations. If required, the limit
|
||||||
|
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
|
||||||
|
time define to a desired maximum number of nodes or zero to allow
|
||||||
|
unlimited growth.
|
||||||
|
([CVE-2023-0464])
|
||||||
|
|
||||||
|
*Paul Dale*
|
||||||
|
|
||||||
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
|
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
|
||||||
|
|
||||||
* Fixed NULL dereference during PKCS7 data verification.
|
* Fixed NULL dereference during PKCS7 data verification.
|
||||||
@@ -19578,6 +19652,11 @@ ndif
|
|||||||
|
|
||||||
<!-- Links -->
|
<!-- Links -->
|
||||||
|
|
||||||
|
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||||
|
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||||
|
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||||
|
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||||
|
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||||
@@ -19588,7 +19667,7 @@ ndif
|
|||||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||||
|
|||||||
@@ -1423,7 +1423,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($target =~ /linux.*-mips/ && !$disabled{asm}
|
if ($target =~ /linux.*-mips/ && !$disabled{asm}
|
||||||
&& !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
|
&& !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
|
||||||
# minimally required architecture flags for assembly modules
|
# minimally required architecture flags for assembly modules
|
||||||
my $value;
|
my $value;
|
||||||
$value = '-mips2' if ($target =~ /mips32/);
|
$value = '-mips2' if ($target =~ /mips32/);
|
||||||
|
|||||||
@@ -18,6 +18,17 @@ OpenSSL Releases
|
|||||||
OpenSSL 3.0
|
OpenSSL 3.0
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
|
### Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
|
||||||
|
|
||||||
|
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
|
||||||
|
IDENTIFIER sub-identities. ([CVE-2023-2650])
|
||||||
|
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms
|
||||||
|
([CVE-2023-1255])
|
||||||
|
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
|
||||||
|
* Fixed handling of invalid certificate policies in leaf certificates
|
||||||
|
([CVE-2023-0465])
|
||||||
|
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
|
||||||
|
|
||||||
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
|
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
|
||||||
|
|
||||||
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
|
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
|
||||||
@@ -1430,6 +1441,12 @@ OpenSSL 0.9.x
|
|||||||
* Support for various new platforms
|
* Support for various new platforms
|
||||||
|
|
||||||
<!-- Links -->
|
<!-- Links -->
|
||||||
|
|
||||||
|
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||||
|
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||||
|
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||||
|
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||||
|
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||||
@@ -1440,7 +1457,7 @@ OpenSSL 0.9.x
|
|||||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||||
|
|||||||
@@ -44,6 +44,20 @@ instead of `nsx` in the set above.
|
|||||||
You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
|
You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
|
||||||
option to `./Configure`.
|
option to `./Configure`.
|
||||||
|
|
||||||
|
Linking and Loading Considerations
|
||||||
|
----------------------------------
|
||||||
|
|
||||||
|
Because of how the NonStop Common Runtime Environment (CRE) works, there are
|
||||||
|
restrictions on how programs can link and load with OpenSSL libraries.
|
||||||
|
On current NonStop platforms, programs cannot both statically link OpenSSL
|
||||||
|
libraries and dynamically load OpenSSL shared libraries concurrently. If this
|
||||||
|
is done, there is a high probability of encountering a SIGSEGV condition
|
||||||
|
relating to `atexit()` processing when a shared library is unloaded and when
|
||||||
|
the program terminates. This limitation applies to all OpenSSL shared library
|
||||||
|
components.
|
||||||
|
|
||||||
|
A resolution to this situation is under investigation.
|
||||||
|
|
||||||
About Prefix and OpenSSLDir
|
About Prefix and OpenSSLDir
|
||||||
---------------------------
|
---------------------------
|
||||||
|
|
||||||
|
|||||||
@@ -83,6 +83,23 @@ When done, we recommend that you turn that flag back off:
|
|||||||
|
|
||||||
$ set image /flag=nocall_debug [.test]evp_test.exe
|
$ set image /flag=nocall_debug [.test]evp_test.exe
|
||||||
|
|
||||||
|
About assembler acceleration
|
||||||
|
----------------------------
|
||||||
|
|
||||||
|
OpenSSL has assembler acceleration for a number of BIGNUM and crypto
|
||||||
|
routines. The VMS config targets tries to look for a selection of
|
||||||
|
assemblers and will use what they find. If none of the assemblers are
|
||||||
|
found, OpenSSL will be built as if `no-asm` was configured.
|
||||||
|
|
||||||
|
### For Itanium / IA64 / I64
|
||||||
|
|
||||||
|
- There is only one assembler, a port of Intel's `ias`, found in the
|
||||||
|
HP Open Source Tools CD, available through [DECUSlib](http://www.decuslib.com).
|
||||||
|
It's assumed to be set up as per the instructions, where `disk` and
|
||||||
|
`dir` are expected to be adapted to local conditions:
|
||||||
|
|
||||||
|
$ ias :== $disk:[dir]iasi64.exe
|
||||||
|
|
||||||
Checking the distribution
|
Checking the distribution
|
||||||
-------------------------
|
-------------------------
|
||||||
|
|
||||||
|
|||||||
+2
-2
@@ -1,7 +1,7 @@
|
|||||||
MAJOR=3
|
MAJOR=3
|
||||||
MINOR=0
|
MINOR=0
|
||||||
PATCH=8
|
PATCH=9
|
||||||
PRE_RELEASE_TAG=
|
PRE_RELEASE_TAG=
|
||||||
BUILD_METADATA=
|
BUILD_METADATA=
|
||||||
RELEASE_DATE="7 Feb 2023"
|
RELEASE_DATE="30 May 2023"
|
||||||
SHLIB_VERSION=3
|
SHLIB_VERSION=3
|
||||||
|
|||||||
+102
-42
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -158,6 +158,7 @@ static char *opt_reqin = NULL;
|
|||||||
static int opt_reqin_new_tid = 0;
|
static int opt_reqin_new_tid = 0;
|
||||||
static char *opt_reqout = NULL;
|
static char *opt_reqout = NULL;
|
||||||
static char *opt_rspin = NULL;
|
static char *opt_rspin = NULL;
|
||||||
|
static int rspin_in_use = 0;
|
||||||
static char *opt_rspout = NULL;
|
static char *opt_rspout = NULL;
|
||||||
static int opt_use_mock_srv = 0;
|
static int opt_use_mock_srv = 0;
|
||||||
|
|
||||||
@@ -371,7 +372,7 @@ const OPTIONS cmp_options[] = {
|
|||||||
|
|
||||||
OPT_SECTION("Server authentication"),
|
OPT_SECTION("Server authentication"),
|
||||||
{"trusted", OPT_TRUSTED, 's',
|
{"trusted", OPT_TRUSTED, 's',
|
||||||
"Certificates to trust as chain roots when verifying signed CMP responses"},
|
"Certificates to use as trust anchors when verifying signed CMP responses"},
|
||||||
{OPT_MORE_STR, 0, 0, "unless -srvcert is given"},
|
{OPT_MORE_STR, 0, 0, "unless -srvcert is given"},
|
||||||
{"untrusted", OPT_UNTRUSTED, 's',
|
{"untrusted", OPT_UNTRUSTED, 's',
|
||||||
"Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"},
|
"Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"},
|
||||||
@@ -417,7 +418,7 @@ const OPTIONS cmp_options[] = {
|
|||||||
{OPT_MORE_STR, 0, 0,
|
{OPT_MORE_STR, 0, 0,
|
||||||
"This can be used as the default CMP signer cert chain to include"},
|
"This can be used as the default CMP signer cert chain to include"},
|
||||||
{"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
|
{"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
|
||||||
"Send messages without CMP-level protection"},
|
"Send request messages without CMP-level protection"},
|
||||||
|
|
||||||
OPT_SECTION("Credentials format"),
|
OPT_SECTION("Credentials format"),
|
||||||
{"certform", OPT_CERTFORM, 's',
|
{"certform", OPT_CERTFORM, 's',
|
||||||
@@ -462,13 +463,16 @@ const OPTIONS cmp_options[] = {
|
|||||||
"Do not interactively prompt for input when a password is required etc."},
|
"Do not interactively prompt for input when a password is required etc."},
|
||||||
{"repeat", OPT_REPEAT, 'p',
|
{"repeat", OPT_REPEAT, 'p',
|
||||||
"Invoke the transaction the given positive number of times. Default 1"},
|
"Invoke the transaction the given positive number of times. Default 1"},
|
||||||
{"reqin", OPT_REQIN, 's', "Take sequence of CMP requests from file(s)"},
|
{"reqin", OPT_REQIN, 's',
|
||||||
|
"Take sequence of CMP requests to send to server from file(s)"},
|
||||||
{"reqin_new_tid", OPT_REQIN_NEW_TID, '-',
|
{"reqin_new_tid", OPT_REQIN_NEW_TID, '-',
|
||||||
"Use fresh transactionID for CMP requests read from -reqin"},
|
"Use fresh transactionID for CMP requests read from -reqin"},
|
||||||
{"reqout", OPT_REQOUT, 's', "Save sequence of CMP requests to file(s)"},
|
{"reqout", OPT_REQOUT, 's',
|
||||||
|
"Save sequence of CMP requests created by the client to file(s)"},
|
||||||
{"rspin", OPT_RSPIN, 's',
|
{"rspin", OPT_RSPIN, 's',
|
||||||
"Process sequence of CMP responses provided in file(s), skipping server"},
|
"Process sequence of CMP responses provided in file(s), skipping server"},
|
||||||
{"rspout", OPT_RSPOUT, 's', "Save sequence of CMP responses to file(s)"},
|
{"rspout", OPT_RSPOUT, 's',
|
||||||
|
"Save sequence of actually used CMP responses to file(s)"},
|
||||||
|
|
||||||
{"use_mock_srv", OPT_USE_MOCK_SRV, '-',
|
{"use_mock_srv", OPT_USE_MOCK_SRV, '-',
|
||||||
"Use internal mock server at API level, bypassing socket-based HTTP"},
|
"Use internal mock server at API level, bypassing socket-based HTTP"},
|
||||||
@@ -754,12 +758,12 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* read DER-encoded OSSL_CMP_MSG from the specified file name item */
|
/* read DER-encoded OSSL_CMP_MSG from the specified file name item */
|
||||||
static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
|
static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames)
|
||||||
{
|
{
|
||||||
char *file;
|
char *file;
|
||||||
OSSL_CMP_MSG *ret;
|
OSSL_CMP_MSG *ret;
|
||||||
|
|
||||||
if (filenames == NULL) {
|
if (filenames == NULL || desc == NULL) {
|
||||||
CMP_err("NULL arg to read_PKIMESSAGE");
|
CMP_err("NULL arg to read_PKIMESSAGE");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -774,6 +778,8 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
|
|||||||
ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq());
|
ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq());
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
CMP_err1("cannot read PKIMessage from file '%s'", file);
|
CMP_err1("cannot read PKIMessage from file '%s'", file);
|
||||||
|
else
|
||||||
|
CMP_info2("%s %s", desc, file);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -795,7 +801,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|||||||
&& !write_PKIMESSAGE(req, &opt_reqout))
|
&& !write_PKIMESSAGE(req, &opt_reqout))
|
||||||
goto err;
|
goto err;
|
||||||
if (opt_reqin != NULL && opt_rspin == NULL) {
|
if (opt_reqin != NULL && opt_rspin == NULL) {
|
||||||
if ((req_new = read_PKIMESSAGE(&opt_reqin)) == NULL)
|
if ((req_new = read_PKIMESSAGE("actually sending", &opt_reqin)) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
/*-
|
/*-
|
||||||
* The transaction ID in req_new read from opt_reqin may not be fresh.
|
* The transaction ID in req_new read from opt_reqin may not be fresh.
|
||||||
@@ -805,22 +811,44 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
|
|||||||
if (opt_reqin_new_tid
|
if (opt_reqin_new_tid
|
||||||
&& !OSSL_CMP_MSG_update_transactionID(ctx, req_new))
|
&& !OSSL_CMP_MSG_update_transactionID(ctx, req_new))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Except for first request, need to satisfy recipNonce check by server.
|
||||||
|
* Unfortunately requires re-protection if protection is required.
|
||||||
|
*/
|
||||||
|
if (!OSSL_CMP_MSG_update_recipNonce(ctx, req_new))
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_rspin != NULL) {
|
if (opt_rspin != NULL) {
|
||||||
res = read_PKIMESSAGE(&opt_rspin);
|
res = read_PKIMESSAGE("actually using", &opt_rspin);
|
||||||
} else {
|
} else {
|
||||||
const OSSL_CMP_MSG *actual_req = opt_reqin != NULL ? req_new : req;
|
const OSSL_CMP_MSG *actual_req = req_new != NULL ? req_new : req;
|
||||||
|
|
||||||
res = opt_use_mock_srv
|
if (opt_use_mock_srv) {
|
||||||
? OSSL_CMP_CTX_server_perform(ctx, actual_req)
|
if (rspin_in_use)
|
||||||
: OSSL_CMP_MSG_http_perform(ctx, actual_req);
|
CMP_warn("too few -rspin filename arguments; resorting to using mock server");
|
||||||
|
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
|
||||||
|
} else {
|
||||||
|
#ifndef OPENSSL_NO_SOCK
|
||||||
|
if (opt_server == NULL) {
|
||||||
|
CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
if (rspin_in_use)
|
||||||
|
CMP_warn("too few -rspin filename arguments; resorting to contacting server");
|
||||||
|
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
|
||||||
|
#else
|
||||||
|
CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
rspin_in_use = 0;
|
||||||
}
|
}
|
||||||
if (res == NULL)
|
if (res == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (opt_reqin != NULL || prev_opt_rspin != NULL) {
|
if (req_new != NULL || prev_opt_rspin != NULL) {
|
||||||
/* need to satisfy nonce and transactionID checks */
|
/* need to satisfy nonce and transactionID checks by client */
|
||||||
ASN1_OCTET_STRING *nonce;
|
ASN1_OCTET_STRING *nonce;
|
||||||
ASN1_OCTET_STRING *tid;
|
ASN1_OCTET_STRING *tid;
|
||||||
|
|
||||||
@@ -1024,10 +1052,10 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
} else if (opt_srv_cert == NULL) {
|
} else if (opt_srv_cert == NULL) {
|
||||||
CMP_err("mock server credentials must be given if -use_mock_srv or -port is used");
|
CMP_err("server credentials (-srv_secret or -srv_cert) must be given if -use_mock_srv or -port is used");
|
||||||
goto err;
|
goto err;
|
||||||
} else {
|
} else {
|
||||||
CMP_warn("mock server will not be able to handle PBM-protected requests since -srv_secret is not given");
|
CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_srv_secret == NULL
|
if (opt_srv_secret == NULL
|
||||||
@@ -1121,7 +1149,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (opt_send_error)
|
if (opt_send_error)
|
||||||
(void)ossl_cmp_mock_srv_set_send_error(srv_ctx, 1);
|
(void)ossl_cmp_mock_srv_set_sendError(srv_ctx, 1);
|
||||||
|
|
||||||
if (opt_send_unprotected)
|
if (opt_send_unprotected)
|
||||||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1);
|
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1);
|
||||||
@@ -1283,7 +1311,9 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
|
|||||||
/* disable any cert status/revocation checking etc. */
|
/* disable any cert status/revocation checking etc. */
|
||||||
X509_VERIFY_PARAM_clear_flags(tls_vpm,
|
X509_VERIFY_PARAM_clear_flags(tls_vpm,
|
||||||
~(X509_V_FLAG_USE_CHECK_TIME
|
~(X509_V_FLAG_USE_CHECK_TIME
|
||||||
| X509_V_FLAG_NO_CHECK_TIME));
|
| X509_V_FLAG_NO_CHECK_TIME
|
||||||
|
| X509_V_FLAG_PARTIAL_CHAIN
|
||||||
|
| X509_V_FLAG_POLICY_CHECK));
|
||||||
}
|
}
|
||||||
CMP_debug("trying to build cert chain for own TLS cert");
|
CMP_debug("trying to build cert chain for own TLS cert");
|
||||||
if (SSL_CTX_build_cert_chain(ssl_ctx,
|
if (SSL_CTX_build_cert_chain(ssl_ctx,
|
||||||
@@ -1498,10 +1528,25 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||||||
CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
|
CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
|
||||||
|
|
||||||
if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) {
|
if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) {
|
||||||
if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) {
|
if (opt_newkey == NULL
|
||||||
CMP_err("missing -newkey (or -key) to be certified and no -csr given");
|
&& opt_key == NULL && opt_csr == NULL && opt_oldcert == NULL) {
|
||||||
|
CMP_err("missing -newkey (or -key) to be certified and no -csr, -oldcert, or -cert given for fallback public key");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
if (opt_newkey == NULL
|
||||||
|
&& opt_popo != OSSL_CRMF_POPO_NONE
|
||||||
|
&& opt_popo != OSSL_CRMF_POPO_RAVERIFIED) {
|
||||||
|
if (opt_csr != NULL) {
|
||||||
|
CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s",
|
||||||
|
opt_key == NULL ? "" :
|
||||||
|
", and -key option superseded by by -csr");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (opt_key == NULL) {
|
||||||
|
CMP_err("missing -newkey (or -key) option for POPO");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (opt_certout == NULL) {
|
if (opt_certout == NULL) {
|
||||||
CMP_err("-certout not given, nowhere to save newly enrolled certificate");
|
CMP_err("-certout not given, nowhere to save newly enrolled certificate");
|
||||||
return 0;
|
return 0;
|
||||||
@@ -1897,8 +1942,11 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||||||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT,
|
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT,
|
||||||
opt_total_timeout);
|
opt_total_timeout);
|
||||||
|
|
||||||
if (opt_reqin != NULL && opt_rspin != NULL)
|
if (opt_rspin != NULL) {
|
||||||
CMP_warn("-reqin is ignored since -rspin is present");
|
rspin_in_use = 1;
|
||||||
|
if (opt_reqin != NULL)
|
||||||
|
CMP_warn("-reqin is ignored since -rspin is present");
|
||||||
|
}
|
||||||
if (opt_reqin_new_tid && opt_reqin == NULL)
|
if (opt_reqin_new_tid && opt_reqin == NULL)
|
||||||
CMP_warn("-reqin_new_tid is ignored since -reqin is not present");
|
CMP_warn("-reqin_new_tid is ignored since -reqin is not present");
|
||||||
if (opt_reqin != NULL || opt_reqout != NULL
|
if (opt_reqin != NULL || opt_reqout != NULL
|
||||||
@@ -1923,12 +1971,14 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||||||
if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL)
|
if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
|
(void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info);
|
||||||
info->server = opt_server;
|
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
|
||||||
info->port = server_port;
|
info->server = host;
|
||||||
|
host = NULL; /* prevent deallocation */
|
||||||
|
if ((info->port = OPENSSL_strdup(server_port)) == NULL)
|
||||||
|
goto err;
|
||||||
/* workaround for callback design flaw, see #17088: */
|
/* workaround for callback design flaw, see #17088: */
|
||||||
info->use_proxy = proxy_host != NULL;
|
info->use_proxy = proxy_host != NULL;
|
||||||
info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT);
|
info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT);
|
||||||
info->ssl_ctx = setup_ssl_ctx(ctx, host, engine);
|
|
||||||
|
|
||||||
if (info->ssl_ctx == NULL)
|
if (info->ssl_ctx == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
@@ -1952,7 +2002,9 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|
|||||||
|
|
||||||
/* not printing earlier, to minimize confusion in case setup fails before */
|
/* not printing earlier, to minimize confusion in case setup fails before */
|
||||||
if (opt_rspin != NULL)
|
if (opt_rspin != NULL)
|
||||||
CMP_info("will not contact any server since -rspin is given");
|
CMP_info2("will contact %s%s "
|
||||||
|
"only if -rspin argument gives too few filenames",
|
||||||
|
server_buf, proxy_buf);
|
||||||
else
|
else
|
||||||
CMP_info2("will contact %s%s", server_buf, proxy_buf);
|
CMP_info2("will contact %s%s", server_buf, proxy_buf);
|
||||||
|
|
||||||
@@ -2847,8 +2899,16 @@ int cmp_main(int argc, char **argv)
|
|||||||
CMP_err("-tls_used option not supported with -port option");
|
CMP_err("-tls_used option not supported with -port option");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (opt_use_mock_srv || opt_server != NULL || opt_rspin != NULL) {
|
if (opt_server != NULL || opt_use_mock_srv) {
|
||||||
CMP_err("cannot use -port with -use_mock_srv, -server, or -rspin options");
|
CMP_err("The -port option excludes -server and -use_mock_srv");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
if (opt_reqin != NULL || opt_reqout != NULL) {
|
||||||
|
CMP_err("The -port option does not support -reqin and -reqout");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
if (opt_rspin != NULL || opt_rspout != NULL) {
|
||||||
|
CMP_err("The -port option does not support -rspin and -rspout");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2857,10 +2917,6 @@ int cmp_main(int argc, char **argv)
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if (opt_rspin != NULL && opt_use_mock_srv) {
|
|
||||||
CMP_err("cannot use both -rspin and -use_mock_srv options");
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (opt_use_mock_srv
|
if (opt_use_mock_srv
|
||||||
#ifndef OPENSSL_NO_SOCK
|
#ifndef OPENSSL_NO_SOCK
|
||||||
@@ -2881,8 +2937,8 @@ int cmp_main(int argc, char **argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_SOCK
|
#ifndef OPENSSL_NO_SOCK
|
||||||
if (opt_tls_used && (opt_use_mock_srv || opt_rspin != NULL)) {
|
if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) {
|
||||||
CMP_warn("ignoring -tls_used option since -use_mock_srv or -rspin is given");
|
CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
|
||||||
opt_tls_used = 0;
|
opt_tls_used = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2893,11 +2949,11 @@ int cmp_main(int argc, char **argv)
|
|||||||
|
|
||||||
/* act as CMP client, possibly using internal mock server */
|
/* act as CMP client, possibly using internal mock server */
|
||||||
|
|
||||||
if (opt_server != NULL) {
|
if (opt_rspin != NULL) {
|
||||||
if (opt_rspin != NULL) {
|
if (opt_server != NULL)
|
||||||
CMP_warn("ignoring -server option since -rspin is given");
|
CMP_warn("-server option is not used if enough filenames given for -rspin");
|
||||||
opt_server = NULL;
|
if (opt_use_mock_srv)
|
||||||
}
|
CMP_warn("-use_mock_srv option is not used if enough filenames given for -rspin");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -3010,7 +3066,11 @@ int cmp_main(int argc, char **argv)
|
|||||||
/* cannot free info already here, as it may be used indirectly by: */
|
/* cannot free info already here, as it may be used indirectly by: */
|
||||||
OSSL_CMP_CTX_free(cmp_ctx);
|
OSSL_CMP_CTX_free(cmp_ctx);
|
||||||
#ifndef OPENSSL_NO_SOCK
|
#ifndef OPENSSL_NO_SOCK
|
||||||
APP_HTTP_TLS_INFO_free(info);
|
if (info != NULL) {
|
||||||
|
OPENSSL_free((char *)info->server);
|
||||||
|
OPENSSL_free((char *)info->port);
|
||||||
|
APP_HTTP_TLS_INFO_free(info);
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
X509_VERIFY_PARAM_free(vpm);
|
X509_VERIFY_PARAM_free(vpm);
|
||||||
|
|||||||
+6
-3
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -487,8 +487,11 @@ static void show_digests(const OBJ_NAME *name, void *arg)
|
|||||||
|
|
||||||
/* Filter out message digests that we cannot use */
|
/* Filter out message digests that we cannot use */
|
||||||
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
|
md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
|
||||||
if (md == NULL)
|
if (md == NULL) {
|
||||||
return;
|
md = EVP_get_digestbyname(name->name);
|
||||||
|
if (md == NULL)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
BIO_printf(dec->bio, "-%-25s", name->name);
|
BIO_printf(dec->bio, "-%-25s", name->name);
|
||||||
if (++dec->n == 3) {
|
if (++dec->n == 3) {
|
||||||
|
|||||||
+13
-4
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -30,6 +30,10 @@
|
|||||||
#define SIZE (512)
|
#define SIZE (512)
|
||||||
#define BSIZE (8*1024)
|
#define BSIZE (8*1024)
|
||||||
|
|
||||||
|
#define PBKDF2_ITER_DEFAULT 10000
|
||||||
|
#define STR(a) XSTR(a)
|
||||||
|
#define XSTR(a) #a
|
||||||
|
|
||||||
static int set_hex(const char *in, unsigned char *out, int size);
|
static int set_hex(const char *in, unsigned char *out, int size);
|
||||||
static void show_ciphers(const OBJ_NAME *name, void *bio_);
|
static void show_ciphers(const OBJ_NAME *name, void *bio_);
|
||||||
|
|
||||||
@@ -88,8 +92,13 @@ const OPTIONS enc_options[] = {
|
|||||||
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
|
{"S", OPT_UPPER_S, 's', "Salt, in hex"},
|
||||||
{"iv", OPT_IV, 's', "IV in hex"},
|
{"iv", OPT_IV, 's', "IV in hex"},
|
||||||
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
|
{"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
|
||||||
{"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
|
{"iter", OPT_ITER, 'p',
|
||||||
{"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
|
"Specify the iteration count and force the use of PBKDF2"},
|
||||||
|
{OPT_MORE_STR, 0, 0, "Default: " STR(PBKDF2_ITER_DEFAULT)},
|
||||||
|
{"pbkdf2", OPT_PBKDF2, '-',
|
||||||
|
"Use password-based key derivation function 2 (PBKDF2)"},
|
||||||
|
{OPT_MORE_STR, 0, 0,
|
||||||
|
"Use -iter to change the iteration count from " STR(PBKDF2_ITER_DEFAULT)},
|
||||||
{"none", OPT_NONE, '-', "Don't encrypt"},
|
{"none", OPT_NONE, '-', "Don't encrypt"},
|
||||||
#ifdef ZLIB
|
#ifdef ZLIB
|
||||||
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
|
{"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
|
||||||
@@ -272,7 +281,7 @@ int enc_main(int argc, char **argv)
|
|||||||
case OPT_PBKDF2:
|
case OPT_PBKDF2:
|
||||||
pbkdf2 = 1;
|
pbkdf2 = 1;
|
||||||
if (iter == 0) /* do not overwrite a chosen value */
|
if (iter == 0) /* do not overwrite a chosen value */
|
||||||
iter = 10000;
|
iter = PBKDF2_ITER_DEFAULT;
|
||||||
break;
|
break;
|
||||||
case OPT_NONE:
|
case OPT_NONE:
|
||||||
cipher = NULL;
|
cipher = NULL;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Siemens AG 2018-2020
|
* Copyright Siemens AG 2018-2020
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -27,7 +27,7 @@ int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
STACK_OF(X509) *caPubs);
|
STACK_OF(X509) *caPubs);
|
||||||
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
||||||
int fail_info, const char *text);
|
int fail_info, const char *text);
|
||||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
||||||
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
||||||
|
|
||||||
|
|||||||
+7
-3
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -2474,6 +2474,10 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
|
|||||||
if (connect) {
|
if (connect) {
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
BIO *sbio = NULL;
|
BIO *sbio = NULL;
|
||||||
|
X509_STORE *ts = SSL_CTX_get_cert_store(ssl_ctx);
|
||||||
|
X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
|
||||||
|
const char *host = vpm == NULL ? NULL :
|
||||||
|
X509_VERIFY_PARAM_get0_host(vpm, 0 /* first hostname */);
|
||||||
|
|
||||||
/* adapt after fixing callback design flaw, see #17088 */
|
/* adapt after fixing callback design flaw, see #17088 */
|
||||||
if ((info->use_proxy
|
if ((info->use_proxy
|
||||||
@@ -2488,8 +2492,8 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* adapt after fixing callback design flaw, see #17088 */
|
if (vpm != NULL)
|
||||||
SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */
|
SSL_set_tlsext_host_name(ssl, host /* may be NULL */);
|
||||||
|
|
||||||
SSL_set_connect_state(ssl);
|
SSL_set_connect_state(ssl);
|
||||||
BIO_set_ssl(sbio, ssl, BIO_CLOSE);
|
BIO_set_ssl(sbio, ssl, BIO_CLOSE);
|
||||||
|
|||||||
+24
-22
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Siemens AG 2018-2020
|
* Copyright Siemens AG 2018-2020
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -14,7 +14,7 @@
|
|||||||
#include <openssl/cmp.h>
|
#include <openssl/cmp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/cmperr.h>
|
#include <openssl/cmperr.h>
|
||||||
|
|
||||||
/* the context for the CMP mock server */
|
/* the context for the CMP mock server */
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
@@ -22,9 +22,8 @@ typedef struct
|
|||||||
STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
|
STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */
|
||||||
STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */
|
STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */
|
||||||
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
|
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
|
||||||
int sendError; /* send error response also on valid requests */
|
int sendError; /* send error response on given request type */
|
||||||
OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
|
OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */
|
||||||
int certReqId; /* id of last ir/cr/kur, used for polling */
|
|
||||||
int pollCount; /* number of polls before actual cert response */
|
int pollCount; /* number of polls before actual cert response */
|
||||||
int curr_pollCount; /* number of polls so far for current request */
|
int curr_pollCount; /* number of polls so far for current request */
|
||||||
int checkAfterTime; /* time the client should wait between polling */
|
int checkAfterTime; /* time the client should wait between polling */
|
||||||
@@ -54,7 +53,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
|
|||||||
if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)
|
if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
ctx->certReqId = -1;
|
ctx->sendError = -1;
|
||||||
|
|
||||||
/* all other elements are initialized to 0 or NULL, respectively */
|
/* all other elements are initialized to 0 or NULL, respectively */
|
||||||
return ctx;
|
return ctx;
|
||||||
@@ -130,7 +129,7 @@ int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val)
|
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
|
||||||
{
|
{
|
||||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||||
|
|
||||||
@@ -138,7 +137,8 @@ int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val)
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
ctx->sendError = val != 0;
|
/* might check bodytype, but this would require exporting all body types */
|
||||||
|
ctx->sendError = bodytype;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -172,7 +172,7 @@ int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec)
|
|||||||
|
|
||||||
static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||||
const OSSL_CMP_MSG *cert_req,
|
const OSSL_CMP_MSG *cert_req,
|
||||||
int certReqId,
|
ossl_unused int certReqId,
|
||||||
const OSSL_CRMF_MSG *crm,
|
const OSSL_CRMF_MSG *crm,
|
||||||
const X509_REQ *p10cr,
|
const X509_REQ *p10cr,
|
||||||
X509 **certOut,
|
X509 **certOut,
|
||||||
@@ -187,7 +187,8 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (ctx->sendError) {
|
if (ctx->sendError == 1
|
||||||
|
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(cert_req)) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -195,7 +196,6 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
*certOut = NULL;
|
*certOut = NULL;
|
||||||
*chainOut = NULL;
|
*chainOut = NULL;
|
||||||
*caPubs = NULL;
|
*caPubs = NULL;
|
||||||
ctx->certReqId = certReqId;
|
|
||||||
|
|
||||||
if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
|
if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) {
|
||||||
/* start polling */
|
/* start polling */
|
||||||
@@ -270,7 +270,8 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (ctx->sendError || ctx->certOut == NULL) {
|
if (ctx->certOut == NULL || ctx->sendError == 1
|
||||||
|
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(rr)) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -301,7 +302,9 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) {
|
if (ctx->sendError == 1
|
||||||
|
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(genm)
|
||||||
|
|| sk_OSSL_CMP_ITAV_num(in) > 1) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -358,7 +361,8 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||||
const OSSL_CMP_MSG *certConf, int certReqId,
|
const OSSL_CMP_MSG *certConf,
|
||||||
|
ossl_unused int certReqId,
|
||||||
const ASN1_OCTET_STRING *certHash,
|
const ASN1_OCTET_STRING *certHash,
|
||||||
const OSSL_CMP_PKISI *si)
|
const OSSL_CMP_PKISI *si)
|
||||||
{
|
{
|
||||||
@@ -369,17 +373,13 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (ctx->sendError || ctx->certOut == NULL) {
|
if (ctx->sendError == 1
|
||||||
|
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(certConf)
|
||||||
|
|| ctx->certOut == NULL) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (certReqId != ctx->certReqId) {
|
|
||||||
/* in case of error, invalid reqId -1 */
|
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL)
|
if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {
|
if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) {
|
||||||
@@ -392,7 +392,8 @@ static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||||
const OSSL_CMP_MSG *pollReq, int certReqId,
|
const OSSL_CMP_MSG *pollReq,
|
||||||
|
ossl_unused int certReqId,
|
||||||
OSSL_CMP_MSG **certReq, int64_t *check_after)
|
OSSL_CMP_MSG **certReq, int64_t *check_after)
|
||||||
{
|
{
|
||||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||||
@@ -402,7 +403,8 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (ctx->sendError) {
|
if (ctx->sendError == 1
|
||||||
|
|| ctx->sendError == OSSL_CMP_MSG_get_bodytype(pollReq)) {
|
||||||
*certReq = NULL;
|
*certReq = NULL;
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
+2
-2
@@ -356,7 +356,7 @@ cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
|
|||||||
# Certificate enrollment
|
# Certificate enrollment
|
||||||
subject = "/CN=openssl-cmp-test"
|
subject = "/CN=openssl-cmp-test"
|
||||||
newkey = insta.priv.pem
|
newkey = insta.priv.pem
|
||||||
out_trusted = insta.ca.crt
|
out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
|
||||||
certout = insta.cert.pem
|
certout = insta.cert.pem
|
||||||
|
|
||||||
[pbm] # Password-based protection for Insta CA
|
[pbm] # Password-based protection for Insta CA
|
||||||
@@ -366,7 +366,7 @@ secret = $insta::secret # pass:insta
|
|||||||
|
|
||||||
[signature] # Signature-based protection for Insta CA
|
[signature] # Signature-based protection for Insta CA
|
||||||
# Server authentication
|
# Server authentication
|
||||||
trusted = insta.ca.crt # does not include keyUsage digitalSignature
|
trusted = $insta::out_trusted # apps/insta.ca.crt
|
||||||
|
|
||||||
# Client authentication
|
# Client authentication
|
||||||
secret = # disable PBM
|
secret = # disable PBM
|
||||||
|
|||||||
+7
-2
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
|
* Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -340,6 +340,11 @@ static int ends_with_dirsep(const char *path)
|
|||||||
return *path == '/';
|
return *path == '/';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int sk_strcmp(const char * const *a, const char * const *b)
|
||||||
|
{
|
||||||
|
return strcmp(*a, *b);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Process a directory; return number of errors found.
|
* Process a directory; return number of errors found.
|
||||||
*/
|
*/
|
||||||
@@ -369,7 +374,7 @@ static int do_dir(const char *dirname, enum Hash h)
|
|||||||
if (verbose)
|
if (verbose)
|
||||||
BIO_printf(bio_out, "Doing %s\n", dirname);
|
BIO_printf(bio_out, "Doing %s\n", dirname);
|
||||||
|
|
||||||
if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
|
if ((files = sk_OPENSSL_STRING_new(sk_strcmp)) == NULL) {
|
||||||
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
|
BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
|
||||||
errs = 1;
|
errs = 1;
|
||||||
goto err;
|
goto err;
|
||||||
|
|||||||
+2
-1
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||||
* Copyright 2005 Nokia. All rights reserved.
|
* Copyright 2005 Nokia. All rights reserved.
|
||||||
*
|
*
|
||||||
@@ -229,6 +229,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
|
|||||||
|| !SSL_SESSION_set_cipher(tmpsess, cipher)
|
|| !SSL_SESSION_set_cipher(tmpsess, cipher)
|
||||||
|| !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
|
|| !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
|
||||||
OPENSSL_free(key);
|
OPENSSL_free(key);
|
||||||
|
SSL_SESSION_free(tmpsess);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
OPENSSL_free(key);
|
OPENSSL_free(key);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /usr/bin/env perl
|
#! /usr/bin/env perl
|
||||||
# Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
|
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
# this file except in compliance with the License. You can obtain a copy
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -2261,10 +2261,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
b.ne .Lxts_enc_big_size
|
b.ne .Lxts_enc_big_size
|
||||||
// Encrypt the iv with key2, as the first XEX iv.
|
// Encrypt the iv with key2, as the first XEX iv.
|
||||||
ldr $rounds,[$key2,#240]
|
ldr $rounds,[$key2,#240]
|
||||||
vld1.8 {$dat},[$key2],#16
|
vld1.32 {$dat},[$key2],#16
|
||||||
vld1.8 {$iv0},[$ivp]
|
vld1.8 {$iv0},[$ivp]
|
||||||
sub $rounds,$rounds,#2
|
sub $rounds,$rounds,#2
|
||||||
vld1.8 {$dat1},[$key2],#16
|
vld1.32 {$dat1},[$key2],#16
|
||||||
|
|
||||||
.Loop_enc_iv_enc:
|
.Loop_enc_iv_enc:
|
||||||
aese $iv0,$dat
|
aese $iv0,$dat
|
||||||
@@ -2866,9 +2866,9 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
|
|
||||||
// Encrypt the composite block to get the last second encrypted text block
|
// Encrypt the composite block to get the last second encrypted text block
|
||||||
ldr $rounds,[$key1,#240] // load key schedule...
|
ldr $rounds,[$key1,#240] // load key schedule...
|
||||||
vld1.8 {$dat},[$key1],#16
|
vld1.32 {$dat},[$key1],#16
|
||||||
sub $rounds,$rounds,#2
|
sub $rounds,$rounds,#2
|
||||||
vld1.8 {$dat1},[$key1],#16 // load key schedule...
|
vld1.32 {$dat1},[$key1],#16 // load key schedule...
|
||||||
.Loop_final_enc:
|
.Loop_final_enc:
|
||||||
aese $tmpin,$dat0
|
aese $tmpin,$dat0
|
||||||
aesmc $tmpin,$tmpin
|
aesmc $tmpin,$tmpin
|
||||||
@@ -2937,10 +2937,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
b.ne .Lxts_dec_big_size
|
b.ne .Lxts_dec_big_size
|
||||||
// Encrypt the iv with key2, as the first XEX iv.
|
// Encrypt the iv with key2, as the first XEX iv.
|
||||||
ldr $rounds,[$key2,#240]
|
ldr $rounds,[$key2,#240]
|
||||||
vld1.8 {$dat},[$key2],#16
|
vld1.32 {$dat},[$key2],#16
|
||||||
vld1.8 {$iv0},[$ivp]
|
vld1.8 {$iv0},[$ivp]
|
||||||
sub $rounds,$rounds,#2
|
sub $rounds,$rounds,#2
|
||||||
vld1.8 {$dat1},[$key2],#16
|
vld1.32 {$dat1},[$key2],#16
|
||||||
|
|
||||||
.Loop_dec_small_iv_enc:
|
.Loop_dec_small_iv_enc:
|
||||||
aese $iv0,$dat
|
aese $iv0,$dat
|
||||||
@@ -3020,10 +3020,10 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
|
|
||||||
// Encrypt the iv with key2, as the first XEX iv
|
// Encrypt the iv with key2, as the first XEX iv
|
||||||
ldr $rounds,[$key2,#240]
|
ldr $rounds,[$key2,#240]
|
||||||
vld1.8 {$dat},[$key2],#16
|
vld1.32 {$dat},[$key2],#16
|
||||||
vld1.8 {$iv0},[$ivp]
|
vld1.8 {$iv0},[$ivp]
|
||||||
sub $rounds,$rounds,#2
|
sub $rounds,$rounds,#2
|
||||||
vld1.8 {$dat1},[$key2],#16
|
vld1.32 {$dat1},[$key2],#16
|
||||||
|
|
||||||
.Loop_dec_iv_enc:
|
.Loop_dec_iv_enc:
|
||||||
aese $iv0,$dat
|
aese $iv0,$dat
|
||||||
@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
.align 4
|
.align 4
|
||||||
.Lxts_dec_tail4x:
|
.Lxts_dec_tail4x:
|
||||||
add $inp,$inp,#16
|
add $inp,$inp,#16
|
||||||
vld1.32 {$dat0},[$inp],#16
|
tst $tailcnt,#0xf
|
||||||
veor $tmp1,$dat1,$tmp0
|
veor $tmp1,$dat1,$tmp0
|
||||||
vst1.8 {$tmp1},[$out],#16
|
vst1.8 {$tmp1},[$out],#16
|
||||||
veor $tmp2,$dat2,$tmp2
|
veor $tmp2,$dat2,$tmp2
|
||||||
@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
veor $tmp4,$dat4,$tmp4
|
veor $tmp4,$dat4,$tmp4
|
||||||
vst1.8 {$tmp3-$tmp4},[$out],#32
|
vst1.8 {$tmp3-$tmp4},[$out],#32
|
||||||
|
|
||||||
|
b.eq .Lxts_dec_abort
|
||||||
|
vld1.8 {$dat0},[$inp],#16
|
||||||
b .Lxts_done
|
b .Lxts_done
|
||||||
.align 4
|
.align 4
|
||||||
.Lxts_outer_dec_tail:
|
.Lxts_outer_dec_tail:
|
||||||
@@ -3539,7 +3541,7 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
// Processing the last two blocks with cipher stealing.
|
// Processing the last two blocks with cipher stealing.
|
||||||
mov x7,x3
|
mov x7,x3
|
||||||
cbnz x2,.Lxts_dec_1st_done
|
cbnz x2,.Lxts_dec_1st_done
|
||||||
vld1.32 {$dat0},[$inp],#16
|
vld1.8 {$dat0},[$inp],#16
|
||||||
|
|
||||||
// Decrypt the last secod block to get the last plain text block
|
// Decrypt the last secod block to get the last plain text block
|
||||||
.Lxts_dec_1st_done:
|
.Lxts_dec_1st_done:
|
||||||
@@ -3584,9 +3586,9 @@ $code.=<<___ if ($flavour =~ /64/);
|
|||||||
|
|
||||||
// Decrypt the composite block to get the last second plain text block
|
// Decrypt the composite block to get the last second plain text block
|
||||||
ldr $rounds,[$key_,#240]
|
ldr $rounds,[$key_,#240]
|
||||||
vld1.8 {$dat},[$key_],#16
|
vld1.32 {$dat},[$key_],#16
|
||||||
sub $rounds,$rounds,#2
|
sub $rounds,$rounds,#2
|
||||||
vld1.8 {$dat1},[$key_],#16
|
vld1.32 {$dat1},[$key_],#16
|
||||||
.Loop_final_dec:
|
.Loop_final_dec:
|
||||||
aesd $tmpin,$dat0
|
aesd $tmpin,$dat0
|
||||||
aesimc $tmpin,$tmpin
|
aesimc $tmpin,$tmpin
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /usr/bin/env perl
|
#! /usr/bin/env perl
|
||||||
# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
|
# Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
# this file except in compliance with the License. You can obtain a copy
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -14,7 +14,7 @@
|
|||||||
# details see http://www.openssl.org/~appro/cryptogams/.
|
# details see http://www.openssl.org/~appro/cryptogams/.
|
||||||
#
|
#
|
||||||
# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
|
# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
|
||||||
# of Linaro. Permission to use under GPL terms is granted.
|
# of Linaro.
|
||||||
# ====================================================================
|
# ====================================================================
|
||||||
|
|
||||||
# Bit-sliced AES for ARM NEON
|
# Bit-sliced AES for ARM NEON
|
||||||
@@ -1447,7 +1447,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
|
|||||||
.align 2
|
.align 2
|
||||||
0: add r12, $key, #248
|
0: add r12, $key, #248
|
||||||
vld1.8 {@XMM[0]}, [$ctr] @ load counter
|
vld1.8 {@XMM[0]}, [$ctr] @ load counter
|
||||||
adrl $ctr, .LREVM0SR @ borrow $ctr
|
add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr
|
||||||
vldmia r12, {@XMM[4]} @ load round0 key
|
vldmia r12, {@XMM[4]} @ load round0 key
|
||||||
sub sp, #0x10 @ place for adjusted round0 key
|
sub sp, #0x10 @ place for adjusted round0 key
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
|
|||||||
int w, v, iv;
|
int w, v, iv;
|
||||||
unsigned char *c;
|
unsigned char *c;
|
||||||
|
|
||||||
|
if (n < 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
w = n / 8;
|
w = n / 8;
|
||||||
v = 1 << (7 - (n & 0x07));
|
v = 1 << (7 - (n & 0x07));
|
||||||
iv = ~v;
|
iv = ~v;
|
||||||
@@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
|
|||||||
{
|
{
|
||||||
int w, v;
|
int w, v;
|
||||||
|
|
||||||
|
if (n < 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
w = n / 8;
|
w = n / 8;
|
||||||
v = 1 << (7 - (n & 0x07));
|
v = 1 << (7 - (n & 0x07));
|
||||||
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
|
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -50,7 +50,7 @@ static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len,
|
|||||||
pop_f_prefix = 1;
|
pop_f_prefix = 1;
|
||||||
}
|
}
|
||||||
saved_indent = BIO_get_indent(bp);
|
saved_indent = BIO_get_indent(bp);
|
||||||
if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) < 0)
|
if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -29,7 +29,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
|
|||||||
OPENSSL_free(octmp->data);
|
OPENSSL_free(octmp->data);
|
||||||
octmp->data = NULL;
|
octmp->data = NULL;
|
||||||
|
|
||||||
if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
|
if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) <= 0) {
|
||||||
ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR);
|
ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -784,7 +784,7 @@ BIO *BIO_dup_chain(BIO *in)
|
|||||||
/* This will let SSL_s_sock() work with stdin/stdout */
|
/* This will let SSL_s_sock() work with stdin/stdout */
|
||||||
new_bio->num = bio->num;
|
new_bio->num = bio->num;
|
||||||
|
|
||||||
if (!BIO_dup_state(bio, (char *)new_bio)) {
|
if (BIO_dup_state(bio, (char *)new_bio) <= 0) {
|
||||||
BIO_free(new_bio);
|
BIO_free(new_bio);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -566,7 +566,7 @@ BIO *BIO_new_accept(const char *str)
|
|||||||
ret = BIO_new(BIO_s_accept());
|
ret = BIO_new(BIO_s_accept());
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
if (BIO_set_accept_name(ret, str))
|
if (BIO_set_accept_name(ret, str) > 0)
|
||||||
return ret;
|
return ret;
|
||||||
BIO_free(ret);
|
BIO_free(ret);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
+59
-49
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -381,25 +381,33 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
#ifndef OPENSSL_SMALL_FOOTPRINT
|
#ifndef OPENSSL_SMALL_FOOTPRINT
|
||||||
while (n & ~3) {
|
while (n & ~3) {
|
||||||
t1 = a[0];
|
t1 = a[0];
|
||||||
t2 = b[0];
|
t2 = (t1 - c) & BN_MASK2;
|
||||||
r[0] = (t1 - t2 - c) & BN_MASK2;
|
c = (t2 > t1);
|
||||||
if (t1 != t2)
|
t1 = b[0];
|
||||||
c = (t1 < t2);
|
t1 = (t2 - t1) & BN_MASK2;
|
||||||
|
r[0] = t1;
|
||||||
|
c += (t1 > t2);
|
||||||
t1 = a[1];
|
t1 = a[1];
|
||||||
t2 = b[1];
|
t2 = (t1 - c) & BN_MASK2;
|
||||||
r[1] = (t1 - t2 - c) & BN_MASK2;
|
c = (t2 > t1);
|
||||||
if (t1 != t2)
|
t1 = b[1];
|
||||||
c = (t1 < t2);
|
t1 = (t2 - t1) & BN_MASK2;
|
||||||
|
r[1] = t1;
|
||||||
|
c += (t1 > t2);
|
||||||
t1 = a[2];
|
t1 = a[2];
|
||||||
t2 = b[2];
|
t2 = (t1 - c) & BN_MASK2;
|
||||||
r[2] = (t1 - t2 - c) & BN_MASK2;
|
c = (t2 > t1);
|
||||||
if (t1 != t2)
|
t1 = b[2];
|
||||||
c = (t1 < t2);
|
t1 = (t2 - t1) & BN_MASK2;
|
||||||
|
r[2] = t1;
|
||||||
|
c += (t1 > t2);
|
||||||
t1 = a[3];
|
t1 = a[3];
|
||||||
t2 = b[3];
|
t2 = (t1 - c) & BN_MASK2;
|
||||||
r[3] = (t1 - t2 - c) & BN_MASK2;
|
c = (t2 > t1);
|
||||||
if (t1 != t2)
|
t1 = b[3];
|
||||||
c = (t1 < t2);
|
t1 = (t2 - t1) & BN_MASK2;
|
||||||
|
r[3] = t1;
|
||||||
|
c += (t1 > t2);
|
||||||
a += 4;
|
a += 4;
|
||||||
b += 4;
|
b += 4;
|
||||||
r += 4;
|
r += 4;
|
||||||
@@ -408,10 +416,12 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
#endif
|
#endif
|
||||||
while (n) {
|
while (n) {
|
||||||
t1 = a[0];
|
t1 = a[0];
|
||||||
t2 = b[0];
|
t2 = (t1 - c) & BN_MASK2;
|
||||||
r[0] = (t1 - t2 - c) & BN_MASK2;
|
c = (t2 > t1);
|
||||||
if (t1 != t2)
|
t1 = b[0];
|
||||||
c = (t1 < t2);
|
t1 = (t2 - t1) & BN_MASK2;
|
||||||
|
r[0] = t1;
|
||||||
|
c += (t1 > t2);
|
||||||
a++;
|
a++;
|
||||||
b++;
|
b++;
|
||||||
r++;
|
r++;
|
||||||
@@ -446,7 +456,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
t += c0; /* no carry */ \
|
t += c0; /* no carry */ \
|
||||||
c0 = (BN_ULONG)Lw(t); \
|
c0 = (BN_ULONG)Lw(t); \
|
||||||
hi = (BN_ULONG)Hw(t); \
|
hi = (BN_ULONG)Hw(t); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||||
@@ -455,11 +465,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
BN_ULLONG tt = t+c0; /* no carry */ \
|
BN_ULLONG tt = t+c0; /* no carry */ \
|
||||||
c0 = (BN_ULONG)Lw(tt); \
|
c0 = (BN_ULONG)Lw(tt); \
|
||||||
hi = (BN_ULONG)Hw(tt); \
|
hi = (BN_ULONG)Hw(tt); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
t += c0; /* no carry */ \
|
t += c0; /* no carry */ \
|
||||||
c0 = (BN_ULONG)Lw(t); \
|
c0 = (BN_ULONG)Lw(t); \
|
||||||
hi = (BN_ULONG)Hw(t); \
|
hi = (BN_ULONG)Hw(t); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||||
@@ -468,7 +478,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
t += c0; /* no carry */ \
|
t += c0; /* no carry */ \
|
||||||
c0 = (BN_ULONG)Lw(t); \
|
c0 = (BN_ULONG)Lw(t); \
|
||||||
hi = (BN_ULONG)Hw(t); \
|
hi = (BN_ULONG)Hw(t); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||||
@@ -483,26 +493,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
BN_ULONG ta = (a), tb = (b); \
|
BN_ULONG ta = (a), tb = (b); \
|
||||||
BN_ULONG lo, hi; \
|
BN_ULONG lo, hi; \
|
||||||
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||||
BN_ULONG ta = (a), tb = (b); \
|
BN_ULONG ta = (a), tb = (b); \
|
||||||
BN_ULONG lo, hi, tt; \
|
BN_ULONG lo, hi, tt; \
|
||||||
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
BN_UMULT_LOHI(lo,hi,ta,tb); \
|
||||||
c0 += lo; tt = hi+((c0<lo)?1:0); \
|
c0 += lo; tt = hi + (c0<lo); \
|
||||||
c1 += tt; c2 += (c1<tt)?1:0; \
|
c1 += tt; c2 += (c1<tt); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||||
BN_ULONG ta = (a)[i]; \
|
BN_ULONG ta = (a)[i]; \
|
||||||
BN_ULONG lo, hi; \
|
BN_ULONG lo, hi; \
|
||||||
BN_UMULT_LOHI(lo,hi,ta,ta); \
|
BN_UMULT_LOHI(lo,hi,ta,ta); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||||
@@ -517,26 +527,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
BN_ULONG ta = (a), tb = (b); \
|
BN_ULONG ta = (a), tb = (b); \
|
||||||
BN_ULONG lo = ta * tb; \
|
BN_ULONG lo = ta * tb; \
|
||||||
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||||
BN_ULONG ta = (a), tb = (b), tt; \
|
BN_ULONG ta = (a), tb = (b), tt; \
|
||||||
BN_ULONG lo = ta * tb; \
|
BN_ULONG lo = ta * tb; \
|
||||||
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
BN_ULONG hi = BN_UMULT_HIGH(ta,tb); \
|
||||||
c0 += lo; tt = hi + ((c0<lo)?1:0); \
|
c0 += lo; tt = hi + (c0<lo); \
|
||||||
c1 += tt; c2 += (c1<tt)?1:0; \
|
c1 += tt; c2 += (c1<tt); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||||
BN_ULONG ta = (a)[i]; \
|
BN_ULONG ta = (a)[i]; \
|
||||||
BN_ULONG lo = ta * ta; \
|
BN_ULONG lo = ta * ta; \
|
||||||
BN_ULONG hi = BN_UMULT_HIGH(ta,ta); \
|
BN_ULONG hi = BN_UMULT_HIGH(ta,ta); \
|
||||||
c0 += lo; hi += (c0<lo)?1:0; \
|
c0 += lo; hi += (c0<lo); \
|
||||||
c1 += hi; c2 += (c1<hi)?1:0; \
|
c1 += hi; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||||
@@ -551,8 +561,8 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
BN_ULONG lo = LBITS(a), hi = HBITS(a); \
|
BN_ULONG lo = LBITS(a), hi = HBITS(a); \
|
||||||
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
||||||
mul64(lo,hi,bl,bh); \
|
mul64(lo,hi,bl,bh); \
|
||||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
# define mul_add_c2(a,b,c0,c1,c2) do { \
|
||||||
@@ -561,17 +571,17 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
BN_ULONG bl = LBITS(b), bh = HBITS(b); \
|
||||||
mul64(lo,hi,bl,bh); \
|
mul64(lo,hi,bl,bh); \
|
||||||
tt = hi; \
|
tt = hi; \
|
||||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
|
c0 = (c0+lo)&BN_MASK2; tt += (c0<lo); \
|
||||||
c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
|
c1 = (c1+tt)&BN_MASK2; c2 += (c1<tt); \
|
||||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
# define sqr_add_c(a,i,c0,c1,c2) do { \
|
||||||
BN_ULONG lo, hi; \
|
BN_ULONG lo, hi; \
|
||||||
sqr64(lo,hi,(a)[i]); \
|
sqr64(lo,hi,(a)[i]); \
|
||||||
c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
|
c0 = (c0+lo)&BN_MASK2; hi += (c0<lo); \
|
||||||
c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
|
c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi); \
|
||||||
} while(0)
|
} while(0)
|
||||||
|
|
||||||
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
# define sqr_add_c2(a,i,j,c0,c1,c2) \
|
||||||
|
|||||||
+16
-1
@@ -13,6 +13,20 @@
|
|||||||
|
|
||||||
#define BN_BLINDING_COUNTER 32
|
#define BN_BLINDING_COUNTER 32
|
||||||
|
|
||||||
|
struct bn_blinding_st {
|
||||||
|
BIGNUM *A;
|
||||||
|
BIGNUM *Ai;
|
||||||
|
BIGNUM *e;
|
||||||
|
BIGNUM *mod; /* just a reference */
|
||||||
|
CRYPTO_THREAD_ID tid;
|
||||||
|
int counter;
|
||||||
|
unsigned long flags;
|
||||||
|
BN_MONT_CTX *m_ctx;
|
||||||
|
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
||||||
|
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
||||||
|
CRYPTO_RWLOCK *lock;
|
||||||
|
};
|
||||||
|
|
||||||
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
|
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
|
||||||
{
|
{
|
||||||
BN_BLINDING *ret = NULL;
|
BN_BLINDING *ret = NULL;
|
||||||
@@ -177,7 +191,8 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
|
|||||||
n->top = (int)(rtop & ~mask) | (ntop & mask);
|
n->top = (int)(rtop & ~mask) | (ntop & mask);
|
||||||
n->flags |= (BN_FLG_FIXED_TOP & ~mask);
|
n->flags |= (BN_FLG_FIXED_TOP & ~mask);
|
||||||
}
|
}
|
||||||
ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
|
ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx);
|
||||||
|
bn_correct_top_consttime(n);
|
||||||
} else {
|
} else {
|
||||||
ret = BN_mod_mul(n, n, r, b->mod, ctx);
|
ret = BN_mod_mul(n, n, r, b->mod, ctx);
|
||||||
}
|
}
|
||||||
|
|||||||
+23
-1
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -1021,6 +1021,28 @@ BIGNUM *bn_wexpand(BIGNUM *a, int words)
|
|||||||
return (words <= a->dmax) ? a : bn_expand2(a, words);
|
return (words <= a->dmax) ? a : bn_expand2(a, words);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void bn_correct_top_consttime(BIGNUM *a)
|
||||||
|
{
|
||||||
|
int j, atop;
|
||||||
|
BN_ULONG limb;
|
||||||
|
unsigned int mask;
|
||||||
|
|
||||||
|
for (j = 0, atop = 0; j < a->dmax; j++) {
|
||||||
|
limb = a->d[j];
|
||||||
|
limb |= 0 - limb;
|
||||||
|
limb >>= BN_BITS2 - 1;
|
||||||
|
limb = 0 - limb;
|
||||||
|
mask = (unsigned int)limb;
|
||||||
|
mask &= constant_time_msb(j - a->top);
|
||||||
|
atop = constant_time_select_int(mask, j + 1, atop);
|
||||||
|
}
|
||||||
|
|
||||||
|
mask = constant_time_eq_int(atop, 0);
|
||||||
|
a->top = atop;
|
||||||
|
a->neg = constant_time_select_int(mask, 0, a->neg);
|
||||||
|
a->flags &= ~BN_FLG_FIXED_TOP;
|
||||||
|
}
|
||||||
|
|
||||||
void bn_correct_top(BIGNUM *a)
|
void bn_correct_top(BIGNUM *a)
|
||||||
{
|
{
|
||||||
BN_ULONG *ftl;
|
BN_ULONG *ftl;
|
||||||
|
|||||||
+13
-45
@@ -290,20 +290,6 @@ struct bn_gencb_st {
|
|||||||
} cb;
|
} cb;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct bn_blinding_st {
|
|
||||||
BIGNUM *A;
|
|
||||||
BIGNUM *Ai;
|
|
||||||
BIGNUM *e;
|
|
||||||
BIGNUM *mod; /* just a reference */
|
|
||||||
CRYPTO_THREAD_ID tid;
|
|
||||||
int counter;
|
|
||||||
unsigned long flags;
|
|
||||||
BN_MONT_CTX *m_ctx;
|
|
||||||
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
||||||
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
|
||||||
CRYPTO_RWLOCK *lock;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
|
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
|
||||||
*
|
*
|
||||||
@@ -378,24 +364,6 @@ struct bn_blinding_st {
|
|||||||
# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */
|
# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */
|
||||||
# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */
|
# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */
|
||||||
|
|
||||||
/*
|
|
||||||
* 2011-02-22 SMS. In various places, a size_t variable or a type cast to
|
|
||||||
* size_t was used to perform integer-only operations on pointers. This
|
|
||||||
* failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
|
|
||||||
* is still only 32 bits. What's needed in these cases is an integer type
|
|
||||||
* with the same size as a pointer, which size_t is not certain to be. The
|
|
||||||
* only fix here is VMS-specific.
|
|
||||||
*/
|
|
||||||
# if defined(OPENSSL_SYS_VMS)
|
|
||||||
# if __INITIAL_POINTER_SIZE == 64
|
|
||||||
# define PTR_SIZE_INT long long
|
|
||||||
# else /* __INITIAL_POINTER_SIZE == 64 */
|
|
||||||
# define PTR_SIZE_INT int
|
|
||||||
# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
|
|
||||||
# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */
|
|
||||||
# define PTR_SIZE_INT size_t
|
|
||||||
# endif /* defined(OPENSSL_SYS_VMS) [else] */
|
|
||||||
|
|
||||||
# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
|
# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
|
||||||
/*
|
/*
|
||||||
* BN_UMULT_HIGH section.
|
* BN_UMULT_HIGH section.
|
||||||
@@ -536,10 +504,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
ret = (r); \
|
ret = (r); \
|
||||||
BN_UMULT_LOHI(low,high,w,tmp); \
|
BN_UMULT_LOHI(low,high,w,tmp); \
|
||||||
ret += (c); \
|
ret += (c); \
|
||||||
(c) = (ret<(c))?1:0; \
|
(c) = (ret<(c)); \
|
||||||
(c) += high; \
|
(c) += high; \
|
||||||
ret += low; \
|
ret += low; \
|
||||||
(c) += (ret<low)?1:0; \
|
(c) += (ret<low); \
|
||||||
(r) = ret; \
|
(r) = ret; \
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -548,7 +516,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
BN_UMULT_LOHI(low,high,w,ta); \
|
BN_UMULT_LOHI(low,high,w,ta); \
|
||||||
ret = low + (c); \
|
ret = low + (c); \
|
||||||
(c) = high; \
|
(c) = high; \
|
||||||
(c) += (ret<low)?1:0; \
|
(c) += (ret<low); \
|
||||||
(r) = ret; \
|
(r) = ret; \
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -564,10 +532,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
high= BN_UMULT_HIGH(w,tmp); \
|
high= BN_UMULT_HIGH(w,tmp); \
|
||||||
ret += (c); \
|
ret += (c); \
|
||||||
low = (w) * tmp; \
|
low = (w) * tmp; \
|
||||||
(c) = (ret<(c))?1:0; \
|
(c) = (ret<(c)); \
|
||||||
(c) += high; \
|
(c) += high; \
|
||||||
ret += low; \
|
ret += low; \
|
||||||
(c) += (ret<low)?1:0; \
|
(c) += (ret<low); \
|
||||||
(r) = ret; \
|
(r) = ret; \
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -577,7 +545,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
high= BN_UMULT_HIGH(w,ta); \
|
high= BN_UMULT_HIGH(w,ta); \
|
||||||
ret = low + (c); \
|
ret = low + (c); \
|
||||||
(c) = high; \
|
(c) = high; \
|
||||||
(c) += (ret<low)?1:0; \
|
(c) += (ret<low); \
|
||||||
(r) = ret; \
|
(r) = ret; \
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -610,10 +578,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
lt=(bl)*(lt); \
|
lt=(bl)*(lt); \
|
||||||
m1=(bl)*(ht); \
|
m1=(bl)*(ht); \
|
||||||
ht =(bh)*(ht); \
|
ht =(bh)*(ht); \
|
||||||
m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
|
m=(m+m1)&BN_MASK2; ht += L2HBITS((BN_ULONG)(m < m1)); \
|
||||||
ht+=HBITS(m); \
|
ht+=HBITS(m); \
|
||||||
m1=L2HBITS(m); \
|
m1=L2HBITS(m); \
|
||||||
lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
|
lt=(lt+m1)&BN_MASK2; ht += (lt < m1); \
|
||||||
(l)=lt; \
|
(l)=lt; \
|
||||||
(h)=ht; \
|
(h)=ht; \
|
||||||
}
|
}
|
||||||
@@ -630,7 +598,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
h*=h; \
|
h*=h; \
|
||||||
h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
|
h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
|
||||||
m =(m&BN_MASK2l)<<(BN_BITS4+1); \
|
m =(m&BN_MASK2l)<<(BN_BITS4+1); \
|
||||||
l=(l+m)&BN_MASK2; if (l < m) h++; \
|
l=(l+m)&BN_MASK2; h += (l < m); \
|
||||||
(lo)=l; \
|
(lo)=l; \
|
||||||
(ho)=h; \
|
(ho)=h; \
|
||||||
}
|
}
|
||||||
@@ -644,9 +612,9 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
mul64(l,h,(bl),(bh)); \
|
mul64(l,h,(bl),(bh)); \
|
||||||
\
|
\
|
||||||
/* non-multiply part */ \
|
/* non-multiply part */ \
|
||||||
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
|
l=(l+(c))&BN_MASK2; h += (l < (c)); \
|
||||||
(c)=(r); \
|
(c)=(r); \
|
||||||
l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
|
l=(l+(c))&BN_MASK2; h += (l < (c)); \
|
||||||
(c)=h&BN_MASK2; \
|
(c)=h&BN_MASK2; \
|
||||||
(r)=l; \
|
(r)=l; \
|
||||||
}
|
}
|
||||||
@@ -660,7 +628,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
|||||||
mul64(l,h,(bl),(bh)); \
|
mul64(l,h,(bl),(bh)); \
|
||||||
\
|
\
|
||||||
/* non-multiply part */ \
|
/* non-multiply part */ \
|
||||||
l+=(c); if ((l&BN_MASK2) < (c)) h++; \
|
l+=(c); h += ((l&BN_MASK2) < (c)); \
|
||||||
(c)=h&BN_MASK2; \
|
(c)=h&BN_MASK2; \
|
||||||
(r)=l&BN_MASK2; \
|
(r)=l&BN_MASK2; \
|
||||||
}
|
}
|
||||||
@@ -690,7 +658,7 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|||||||
int cl, int dl);
|
int cl, int dl);
|
||||||
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||||
|
void bn_correct_top_consttime(BIGNUM *a);
|
||||||
BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
BIGNUM *int_bn_mod_inverse(BIGNUM *in,
|
||||||
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
|
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
|
||||||
int *noinv);
|
int *noinv);
|
||||||
|
|||||||
+26
-61
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -338,7 +338,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
sizeof(unsigned int)];
|
sizeof(unsigned int)];
|
||||||
} buf;
|
} buf;
|
||||||
BN_ULONG c_d[BN_NIST_192_TOP], *res;
|
BN_ULONG c_d[BN_NIST_192_TOP], *res;
|
||||||
PTR_SIZE_INT mask;
|
|
||||||
static const BIGNUM ossl_bignum_nist_p_192_sqr = {
|
static const BIGNUM ossl_bignum_nist_p_192_sqr = {
|
||||||
(BN_ULONG *)_nist_p_192_sqr,
|
(BN_ULONG *)_nist_p_192_sqr,
|
||||||
OSSL_NELEM(_nist_p_192_sqr),
|
OSSL_NELEM(_nist_p_192_sqr),
|
||||||
@@ -439,13 +438,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
|
* 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
|
||||||
* this is what happens below, but without explicit if:-) a.
|
* this is what happens below, but without explicit if:-) a.
|
||||||
*/
|
*/
|
||||||
mask =
|
res = (bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP) && carry)
|
||||||
0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
|
? r_d
|
||||||
BN_NIST_192_TOP);
|
: c_d;
|
||||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
|
||||||
res = c_d;
|
|
||||||
res = (BN_ULONG *)
|
|
||||||
(((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
|
|
||||||
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
|
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
|
||||||
r->top = BN_NIST_192_TOP;
|
r->top = BN_NIST_192_TOP;
|
||||||
bn_correct_top(r);
|
bn_correct_top(r);
|
||||||
@@ -479,11 +474,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
sizeof(unsigned int)];
|
sizeof(unsigned int)];
|
||||||
} buf;
|
} buf;
|
||||||
BN_ULONG c_d[BN_NIST_224_TOP], *res;
|
BN_ULONG c_d[BN_NIST_224_TOP], *res;
|
||||||
PTR_SIZE_INT mask;
|
bn_addsub_f adjust;
|
||||||
union {
|
|
||||||
bn_addsub_f f;
|
|
||||||
PTR_SIZE_INT p;
|
|
||||||
} u;
|
|
||||||
static const BIGNUM ossl_bignum_nist_p_224_sqr = {
|
static const BIGNUM ossl_bignum_nist_p_224_sqr = {
|
||||||
(BN_ULONG *)_nist_p_224_sqr,
|
(BN_ULONG *)_nist_p_224_sqr,
|
||||||
OSSL_NELEM(_nist_p_224_sqr),
|
OSSL_NELEM(_nist_p_224_sqr),
|
||||||
@@ -597,7 +588,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
# endif
|
# endif
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
u.f = bn_sub_words;
|
adjust = bn_sub_words;
|
||||||
if (carry > 0) {
|
if (carry > 0) {
|
||||||
carry =
|
carry =
|
||||||
(int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
|
(int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
|
||||||
@@ -616,19 +607,14 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
carry =
|
carry =
|
||||||
(int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
|
(int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
|
||||||
BN_NIST_224_TOP);
|
BN_NIST_224_TOP);
|
||||||
mask = 0 - (PTR_SIZE_INT) carry;
|
adjust = carry ? bn_sub_words : bn_add_words;
|
||||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
|
||||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
|
||||||
} else
|
} else
|
||||||
carry = 1;
|
carry = 1;
|
||||||
|
|
||||||
/* otherwise it's effectively same as in BN_nist_mod_192... */
|
/* otherwise it's effectively same as in BN_nist_mod_192... */
|
||||||
mask =
|
res = ((*adjust) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP) && carry)
|
||||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
|
? r_d
|
||||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
: c_d;
|
||||||
res = c_d;
|
|
||||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
|
||||||
((PTR_SIZE_INT) r_d & mask));
|
|
||||||
nist_cp_bn(r_d, res, BN_NIST_224_TOP);
|
nist_cp_bn(r_d, res, BN_NIST_224_TOP);
|
||||||
r->top = BN_NIST_224_TOP;
|
r->top = BN_NIST_224_TOP;
|
||||||
bn_correct_top(r);
|
bn_correct_top(r);
|
||||||
@@ -660,11 +646,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
sizeof(unsigned int)];
|
sizeof(unsigned int)];
|
||||||
} buf;
|
} buf;
|
||||||
BN_ULONG c_d[BN_NIST_256_TOP], *res;
|
BN_ULONG c_d[BN_NIST_256_TOP], *res;
|
||||||
PTR_SIZE_INT mask;
|
bn_addsub_f adjust;
|
||||||
union {
|
|
||||||
bn_addsub_f f;
|
|
||||||
PTR_SIZE_INT p;
|
|
||||||
} u;
|
|
||||||
static const BIGNUM ossl_bignum_nist_p_256_sqr = {
|
static const BIGNUM ossl_bignum_nist_p_256_sqr = {
|
||||||
(BN_ULONG *)_nist_p_256_sqr,
|
(BN_ULONG *)_nist_p_256_sqr,
|
||||||
OSSL_NELEM(_nist_p_256_sqr),
|
OSSL_NELEM(_nist_p_256_sqr),
|
||||||
@@ -850,7 +832,7 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* see BN_nist_mod_224 for explanation */
|
/* see BN_nist_mod_224 for explanation */
|
||||||
u.f = bn_sub_words;
|
adjust = bn_sub_words;
|
||||||
if (carry > 0)
|
if (carry > 0)
|
||||||
carry =
|
carry =
|
||||||
(int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
|
(int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
|
||||||
@@ -859,18 +841,13 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
carry =
|
carry =
|
||||||
(int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
|
(int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
|
||||||
BN_NIST_256_TOP);
|
BN_NIST_256_TOP);
|
||||||
mask = 0 - (PTR_SIZE_INT) carry;
|
adjust = carry ? bn_sub_words : bn_add_words;
|
||||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
|
||||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
|
||||||
} else
|
} else
|
||||||
carry = 1;
|
carry = 1;
|
||||||
|
|
||||||
mask =
|
res = ((*adjust) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP) && carry)
|
||||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
|
? r_d
|
||||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
: c_d;
|
||||||
res = c_d;
|
|
||||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
|
||||||
((PTR_SIZE_INT) r_d & mask));
|
|
||||||
nist_cp_bn(r_d, res, BN_NIST_256_TOP);
|
nist_cp_bn(r_d, res, BN_NIST_256_TOP);
|
||||||
r->top = BN_NIST_256_TOP;
|
r->top = BN_NIST_256_TOP;
|
||||||
bn_correct_top(r);
|
bn_correct_top(r);
|
||||||
@@ -906,11 +883,7 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
sizeof(unsigned int)];
|
sizeof(unsigned int)];
|
||||||
} buf;
|
} buf;
|
||||||
BN_ULONG c_d[BN_NIST_384_TOP], *res;
|
BN_ULONG c_d[BN_NIST_384_TOP], *res;
|
||||||
PTR_SIZE_INT mask;
|
bn_addsub_f adjust;
|
||||||
union {
|
|
||||||
bn_addsub_f f;
|
|
||||||
PTR_SIZE_INT p;
|
|
||||||
} u;
|
|
||||||
static const BIGNUM ossl_bignum_nist_p_384_sqr = {
|
static const BIGNUM ossl_bignum_nist_p_384_sqr = {
|
||||||
(BN_ULONG *)_nist_p_384_sqr,
|
(BN_ULONG *)_nist_p_384_sqr,
|
||||||
OSSL_NELEM(_nist_p_384_sqr),
|
OSSL_NELEM(_nist_p_384_sqr),
|
||||||
@@ -1131,7 +1104,7 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* see BN_nist_mod_224 for explanation */
|
/* see BN_nist_mod_224 for explanation */
|
||||||
u.f = bn_sub_words;
|
adjust = bn_sub_words;
|
||||||
if (carry > 0)
|
if (carry > 0)
|
||||||
carry =
|
carry =
|
||||||
(int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
|
(int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
|
||||||
@@ -1140,18 +1113,13 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
carry =
|
carry =
|
||||||
(int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
|
(int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
|
||||||
BN_NIST_384_TOP);
|
BN_NIST_384_TOP);
|
||||||
mask = 0 - (PTR_SIZE_INT) carry;
|
adjust = carry ? bn_sub_words : bn_add_words;
|
||||||
u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
|
|
||||||
((PTR_SIZE_INT) bn_add_words & ~mask);
|
|
||||||
} else
|
} else
|
||||||
carry = 1;
|
carry = 1;
|
||||||
|
|
||||||
mask =
|
res = ((*adjust) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP) && carry)
|
||||||
0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
|
? r_d
|
||||||
mask &= 0 - (PTR_SIZE_INT) carry;
|
: c_d;
|
||||||
res = c_d;
|
|
||||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
|
||||||
((PTR_SIZE_INT) r_d & mask));
|
|
||||||
nist_cp_bn(r_d, res, BN_NIST_384_TOP);
|
nist_cp_bn(r_d, res, BN_NIST_384_TOP);
|
||||||
r->top = BN_NIST_384_TOP;
|
r->top = BN_NIST_384_TOP;
|
||||||
bn_correct_top(r);
|
bn_correct_top(r);
|
||||||
@@ -1168,7 +1136,6 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
{
|
{
|
||||||
int top = a->top, i;
|
int top = a->top, i;
|
||||||
BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
|
BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
|
||||||
PTR_SIZE_INT mask;
|
|
||||||
static const BIGNUM ossl_bignum_nist_p_521_sqr = {
|
static const BIGNUM ossl_bignum_nist_p_521_sqr = {
|
||||||
(BN_ULONG *)_nist_p_521_sqr,
|
(BN_ULONG *)_nist_p_521_sqr,
|
||||||
OSSL_NELEM(_nist_p_521_sqr),
|
OSSL_NELEM(_nist_p_521_sqr),
|
||||||
@@ -1221,12 +1188,10 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
|
|||||||
r_d[i] &= BN_NIST_521_TOP_MASK;
|
r_d[i] &= BN_NIST_521_TOP_MASK;
|
||||||
|
|
||||||
bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
|
bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
|
||||||
mask =
|
res = bn_sub_words(t_d, r_d, _nist_p_521,
|
||||||
0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
|
BN_NIST_521_TOP)
|
||||||
BN_NIST_521_TOP);
|
? r_d
|
||||||
res = t_d;
|
: t_d;
|
||||||
res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
|
|
||||||
((PTR_SIZE_INT) r_d & mask));
|
|
||||||
nist_cp_bn(r_d, res, BN_NIST_521_TOP);
|
nist_cp_bn(r_d, res, BN_NIST_521_TOP);
|
||||||
r->top = BN_NIST_521_TOP;
|
r->top = BN_NIST_521_TOP;
|
||||||
bn_correct_top(r);
|
bn_correct_top(r);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -318,7 +318,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
|
|||||||
* sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
|
* sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1.
|
||||||
*/
|
*/
|
||||||
if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base))
|
if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base))
|
||||||
goto end;
|
goto err;
|
||||||
}
|
}
|
||||||
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
|
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
|
||||||
if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X))
|
if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X))
|
||||||
|
|||||||
@@ -105,7 +105,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
|
|||||||
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
|
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
|
||||||
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
|
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
|
||||||
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
|
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
|
||||||
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c
|
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
|
||||||
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
|
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
|
||||||
DEFINE[../../libcrypto]=$BNDEF
|
DEFINE[../../libcrypto]=$BNDEF
|
||||||
IF[{- !$disabled{'deprecated-0.9.8'} -}]
|
IF[{- !$disabled{'deprecated-0.9.8'} -}]
|
||||||
|
|||||||
@@ -1,604 +0,0 @@
|
|||||||
#include <openssl/e_os2.h>
|
|
||||||
#include <stddef.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
#include <openssl/rsaerr.h>
|
|
||||||
#include "internal/endian.h"
|
|
||||||
#include "internal/numbers.h"
|
|
||||||
#include "internal/constant_time.h"
|
|
||||||
#include "bn_local.h"
|
|
||||||
|
|
||||||
# if BN_BYTES == 8
|
|
||||||
typedef uint64_t limb_t;
|
|
||||||
# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
|
|
||||||
typedef uint128_t limb2_t;
|
|
||||||
# define HAVE_LIMB2_T
|
|
||||||
# endif
|
|
||||||
# define LIMB_BIT_SIZE 64
|
|
||||||
# define LIMB_BYTE_SIZE 8
|
|
||||||
# elif BN_BYTES == 4
|
|
||||||
typedef uint32_t limb_t;
|
|
||||||
typedef uint64_t limb2_t;
|
|
||||||
# define LIMB_BIT_SIZE 32
|
|
||||||
# define LIMB_BYTE_SIZE 4
|
|
||||||
# define HAVE_LIMB2_T
|
|
||||||
# else
|
|
||||||
# error "Not supported"
|
|
||||||
# endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* For multiplication we're using schoolbook multiplication,
|
|
||||||
* so if we have two numbers, each with 6 "digits" (words)
|
|
||||||
* the multiplication is calculated as follows:
|
|
||||||
* A B C D E F
|
|
||||||
* x I J K L M N
|
|
||||||
* --------------
|
|
||||||
* N*F
|
|
||||||
* N*E
|
|
||||||
* N*D
|
|
||||||
* N*C
|
|
||||||
* N*B
|
|
||||||
* N*A
|
|
||||||
* M*F
|
|
||||||
* M*E
|
|
||||||
* M*D
|
|
||||||
* M*C
|
|
||||||
* M*B
|
|
||||||
* M*A
|
|
||||||
* L*F
|
|
||||||
* L*E
|
|
||||||
* L*D
|
|
||||||
* L*C
|
|
||||||
* L*B
|
|
||||||
* L*A
|
|
||||||
* K*F
|
|
||||||
* K*E
|
|
||||||
* K*D
|
|
||||||
* K*C
|
|
||||||
* K*B
|
|
||||||
* K*A
|
|
||||||
* J*F
|
|
||||||
* J*E
|
|
||||||
* J*D
|
|
||||||
* J*C
|
|
||||||
* J*B
|
|
||||||
* J*A
|
|
||||||
* I*F
|
|
||||||
* I*E
|
|
||||||
* I*D
|
|
||||||
* I*C
|
|
||||||
* I*B
|
|
||||||
* + I*A
|
|
||||||
* ==========================
|
|
||||||
* N*B N*D N*F
|
|
||||||
* + N*A N*C N*E
|
|
||||||
* + M*B M*D M*F
|
|
||||||
* + M*A M*C M*E
|
|
||||||
* + L*B L*D L*F
|
|
||||||
* + L*A L*C L*E
|
|
||||||
* + K*B K*D K*F
|
|
||||||
* + K*A K*C K*E
|
|
||||||
* + J*B J*D J*F
|
|
||||||
* + J*A J*C J*E
|
|
||||||
* + I*B I*D I*F
|
|
||||||
* + I*A I*C I*E
|
|
||||||
*
|
|
||||||
* 1+1 1+3 1+5
|
|
||||||
* 1+0 1+2 1+4
|
|
||||||
* 0+1 0+3 0+5
|
|
||||||
* 0+0 0+2 0+4
|
|
||||||
*
|
|
||||||
* 0 1 2 3 4 5 6
|
|
||||||
* which requires n^2 multiplications and 2n full length additions
|
|
||||||
* as we can keep every other result of limb multiplication in two separate
|
|
||||||
* limbs
|
|
||||||
*/
|
|
||||||
|
|
||||||
#if defined HAVE_LIMB2_T
|
|
||||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
|
||||||
{
|
|
||||||
limb2_t t;
|
|
||||||
/*
|
|
||||||
* this is idiomatic code to tell compiler to use the native mul
|
|
||||||
* those three lines will actually compile to single instruction
|
|
||||||
*/
|
|
||||||
|
|
||||||
t = (limb2_t)a * b;
|
|
||||||
*hi = t >> LIMB_BIT_SIZE;
|
|
||||||
*lo = (limb_t)t;
|
|
||||||
}
|
|
||||||
#elif (BN_BYTES == 8) && (defined _MSC_VER)
|
|
||||||
/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
|
|
||||||
#pragma intrinsic(_umul128)
|
|
||||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
|
||||||
{
|
|
||||||
*lo = _umul128(a, b, hi);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
/*
|
|
||||||
* if the compiler doesn't have either a 128bit data type nor a "return
|
|
||||||
* high 64 bits of multiplication"
|
|
||||||
*/
|
|
||||||
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
|
|
||||||
{
|
|
||||||
limb_t a_low = (limb_t)(uint32_t)a;
|
|
||||||
limb_t a_hi = a >> 32;
|
|
||||||
limb_t b_low = (limb_t)(uint32_t)b;
|
|
||||||
limb_t b_hi = b >> 32;
|
|
||||||
|
|
||||||
limb_t p0 = a_low * b_low;
|
|
||||||
limb_t p1 = a_low * b_hi;
|
|
||||||
limb_t p2 = a_hi * b_low;
|
|
||||||
limb_t p3 = a_hi * b_hi;
|
|
||||||
|
|
||||||
uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
|
|
||||||
|
|
||||||
*lo = p0 + (p1 << 32) + (p2 << 32);
|
|
||||||
*hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* add two limbs with carry in, return carry out */
|
|
||||||
static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
|
|
||||||
{
|
|
||||||
limb_t carry1, carry2, t;
|
|
||||||
/*
|
|
||||||
* `c = a + b; if (c < a)` is idiomatic code that makes compilers
|
|
||||||
* use add with carry on assembly level
|
|
||||||
*/
|
|
||||||
|
|
||||||
*ret = a + carry;
|
|
||||||
if (*ret < a)
|
|
||||||
carry1 = 1;
|
|
||||||
else
|
|
||||||
carry1 = 0;
|
|
||||||
|
|
||||||
t = *ret;
|
|
||||||
*ret = t + b;
|
|
||||||
if (*ret < t)
|
|
||||||
carry2 = 1;
|
|
||||||
else
|
|
||||||
carry2 = 0;
|
|
||||||
|
|
||||||
return carry1 + carry2;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* add two numbers of the same size, return overflow
|
|
||||||
*
|
|
||||||
* add a to b, place result in ret; all arrays need to be n limbs long
|
|
||||||
* return overflow from addition (0 or 1)
|
|
||||||
*/
|
|
||||||
static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
|
||||||
{
|
|
||||||
limb_t c = 0;
|
|
||||||
ossl_ssize_t i;
|
|
||||||
|
|
||||||
for(i = n - 1; i > -1; i--)
|
|
||||||
c = _add_limb(&ret[i], a[i], b[i], c);
|
|
||||||
|
|
||||||
return c;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* return number of limbs necessary for temporary values
|
|
||||||
* when multiplying numbers n limbs large
|
|
||||||
*/
|
|
||||||
static ossl_inline size_t mul_limb_numb(size_t n)
|
|
||||||
{
|
|
||||||
return 2 * n * 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* multiply two numbers of the same size
|
|
||||||
*
|
|
||||||
* multiply a by b, place result in ret; a and b need to be n limbs long
|
|
||||||
* ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
|
|
||||||
* long
|
|
||||||
*/
|
|
||||||
static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
|
|
||||||
{
|
|
||||||
limb_t *r_odd, *r_even;
|
|
||||||
size_t i, j, k;
|
|
||||||
|
|
||||||
r_odd = tmp;
|
|
||||||
r_even = &tmp[2 * n];
|
|
||||||
|
|
||||||
memset(ret, 0, 2 * n * sizeof(limb_t));
|
|
||||||
|
|
||||||
for (i = 0; i < n; i++) {
|
|
||||||
for (k = 0; k < i + n + 1; k++) {
|
|
||||||
r_even[k] = 0;
|
|
||||||
r_odd[k] = 0;
|
|
||||||
}
|
|
||||||
for (j = 0; j < n; j++) {
|
|
||||||
/*
|
|
||||||
* place results from even and odd limbs in separate arrays so that
|
|
||||||
* we don't have to calculate overflow every time we get individual
|
|
||||||
* limb multiplication result
|
|
||||||
*/
|
|
||||||
if (j % 2 == 0)
|
|
||||||
_mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
|
|
||||||
else
|
|
||||||
_mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
|
|
||||||
}
|
|
||||||
/*
|
|
||||||
* skip the least significant limbs when adding multiples of
|
|
||||||
* more significant limbs (they're zero anyway)
|
|
||||||
*/
|
|
||||||
add(ret, ret, r_even, n + i + 1);
|
|
||||||
add(ret, ret, r_odd, n + i + 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* modifies the value in place by performing a right shift by one bit */
|
|
||||||
static ossl_inline void rshift1(limb_t *val, size_t n)
|
|
||||||
{
|
|
||||||
limb_t shift_in = 0, shift_out = 0;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
for (i = 0; i < n; i++) {
|
|
||||||
shift_out = val[i] & 1;
|
|
||||||
val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
|
|
||||||
shift_in = shift_out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* extend the LSB of flag to all bits of limb */
|
|
||||||
static ossl_inline limb_t mk_mask(limb_t flag)
|
|
||||||
{
|
|
||||||
flag |= flag << 1;
|
|
||||||
flag |= flag << 2;
|
|
||||||
flag |= flag << 4;
|
|
||||||
flag |= flag << 8;
|
|
||||||
flag |= flag << 16;
|
|
||||||
#if (LIMB_BYTE_SIZE == 8)
|
|
||||||
flag |= flag << 32;
|
|
||||||
#endif
|
|
||||||
return flag;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* copy from either a or b to ret based on flag
|
|
||||||
* when flag == 0, then copies from b
|
|
||||||
* when flag == 1, then copies from a
|
|
||||||
*/
|
|
||||||
static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* would be more efficient with non volatile mask, but then gcc
|
|
||||||
* generates code with jumps
|
|
||||||
*/
|
|
||||||
volatile limb_t mask;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
mask = mk_mask(flag);
|
|
||||||
for (i = 0; i < n; i++) {
|
|
||||||
#if (LIMB_BYTE_SIZE == 8)
|
|
||||||
ret[i] = constant_time_select_64(mask, a[i], b[i]);
|
|
||||||
#else
|
|
||||||
ret[i] = constant_time_select_32(mask, a[i], b[i]);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
|
|
||||||
{
|
|
||||||
limb_t borrow1, borrow2, t;
|
|
||||||
/*
|
|
||||||
* while it doesn't look constant-time, this is idiomatic code
|
|
||||||
* to tell compilers to use the carry bit from subtraction
|
|
||||||
*/
|
|
||||||
|
|
||||||
*ret = a - borrow;
|
|
||||||
if (*ret > a)
|
|
||||||
borrow1 = 1;
|
|
||||||
else
|
|
||||||
borrow1 = 0;
|
|
||||||
|
|
||||||
t = *ret;
|
|
||||||
*ret = t - b;
|
|
||||||
if (*ret > t)
|
|
||||||
borrow2 = 1;
|
|
||||||
else
|
|
||||||
borrow2 = 0;
|
|
||||||
|
|
||||||
return borrow1 + borrow2;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* place the result of a - b into ret, return the borrow bit.
|
|
||||||
* All arrays need to be n limbs long
|
|
||||||
*/
|
|
||||||
static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
|
|
||||||
{
|
|
||||||
limb_t borrow = 0;
|
|
||||||
ossl_ssize_t i;
|
|
||||||
|
|
||||||
for (i = n - 1; i > -1; i--)
|
|
||||||
borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
|
|
||||||
|
|
||||||
return borrow;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* return the number of limbs necessary to allocate for the mod() tmp operand */
|
|
||||||
static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
|
|
||||||
{
|
|
||||||
return (anum + modnum) * 3;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* calculate a % mod, place the result in ret
|
|
||||||
* size of a is defined by anum, size of ret and mod is modnum,
|
|
||||||
* size of tmp is returned by mod_limb_numb()
|
|
||||||
*/
|
|
||||||
static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
|
||||||
size_t modnum, limb_t *tmp)
|
|
||||||
{
|
|
||||||
limb_t *atmp, *modtmp, *rettmp;
|
|
||||||
limb_t res;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
|
|
||||||
|
|
||||||
atmp = tmp;
|
|
||||||
modtmp = &tmp[anum + modnum];
|
|
||||||
rettmp = &tmp[(anum + modnum) * 2];
|
|
||||||
|
|
||||||
for (i = modnum; i <modnum + anum; i++)
|
|
||||||
atmp[i] = a[i-modnum];
|
|
||||||
|
|
||||||
for (i = 0; i < modnum; i++)
|
|
||||||
modtmp[i] = mod[i];
|
|
||||||
|
|
||||||
for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
|
|
||||||
rshift1(modtmp, anum + modnum);
|
|
||||||
res = sub(rettmp, atmp, modtmp, anum+modnum);
|
|
||||||
cselect(res, atmp, atmp, rettmp, anum+modnum);
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* necessary size of tmp for a _mul_add_limb() call with provided anum */
|
|
||||||
static ossl_inline size_t _mul_add_limb_numb(size_t anum)
|
|
||||||
{
|
|
||||||
return 2 * (anum + 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* multiply a by m, add to ret, return carry */
|
|
||||||
static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
|
|
||||||
limb_t m, limb_t *tmp)
|
|
||||||
{
|
|
||||||
limb_t carry = 0;
|
|
||||||
limb_t *r_odd, *r_even;
|
|
||||||
size_t i;
|
|
||||||
|
|
||||||
memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
|
|
||||||
|
|
||||||
r_odd = tmp;
|
|
||||||
r_even = &tmp[anum + 1];
|
|
||||||
|
|
||||||
for (i = 0; i < anum; i++) {
|
|
||||||
/*
|
|
||||||
* place the results from even and odd limbs in separate arrays
|
|
||||||
* so that we have to worry about carry just once
|
|
||||||
*/
|
|
||||||
if (i % 2 == 0)
|
|
||||||
_mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
|
|
||||||
else
|
|
||||||
_mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
|
|
||||||
}
|
|
||||||
/* assert: add() carry here will be equal zero */
|
|
||||||
add(r_even, r_even, r_odd, anum + 1);
|
|
||||||
/*
|
|
||||||
* while here it will not overflow as the max value from multiplication
|
|
||||||
* is -2 while max overflow from addition is 1, so the max value of
|
|
||||||
* carry is -1 (i.e. max int)
|
|
||||||
*/
|
|
||||||
carry = add(ret, ret, &r_even[1], anum) + r_even[0];
|
|
||||||
|
|
||||||
return carry;
|
|
||||||
}
|
|
||||||
|
|
||||||
static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
|
|
||||||
{
|
|
||||||
return modnum * 2 + _mul_add_limb_numb(modnum);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* calculate a % mod, place result in ret
|
|
||||||
* assumes that a is in Montgomery form with the R (Montgomery modulus) being
|
|
||||||
* smallest power of two big enough to fit mod and that's also a power
|
|
||||||
* of the count of number of bits in limb_t (B).
|
|
||||||
* For calculation, we also need n', such that mod * n' == -1 mod B.
|
|
||||||
* anum must be <= 2 * modnum
|
|
||||||
* ret needs to be modnum words long
|
|
||||||
* tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
|
|
||||||
*/
|
|
||||||
static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
|
|
||||||
size_t modnum, limb_t ni0, limb_t *tmp)
|
|
||||||
{
|
|
||||||
limb_t carry, v;
|
|
||||||
limb_t *res, *rp, *tmp2;
|
|
||||||
ossl_ssize_t i;
|
|
||||||
|
|
||||||
res = tmp;
|
|
||||||
/*
|
|
||||||
* for intermediate result we need an integer twice as long as modulus
|
|
||||||
* but keep the input in the least significant limbs
|
|
||||||
*/
|
|
||||||
memset(res, 0, sizeof(limb_t) * (modnum * 2));
|
|
||||||
memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
|
|
||||||
rp = &res[modnum];
|
|
||||||
tmp2 = &res[modnum * 2];
|
|
||||||
|
|
||||||
carry = 0;
|
|
||||||
|
|
||||||
/* add multiples of the modulus to the value until R divides it cleanly */
|
|
||||||
for (i = modnum; i > 0; i--, rp--) {
|
|
||||||
v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2);
|
|
||||||
v = v + carry + rp[-1];
|
|
||||||
carry |= (v != rp[-1]);
|
|
||||||
carry &= (v <= rp[-1]);
|
|
||||||
rp[-1] = v;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* perform the final reduction by mod... */
|
|
||||||
carry -= sub(ret, rp, mod, modnum);
|
|
||||||
|
|
||||||
/* ...conditionally */
|
|
||||||
cselect(carry, ret, rp, ret, modnum);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* allocated buffer should be freed afterwards */
|
|
||||||
static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
|
||||||
limb_t *ptr = buf + (limbs - real_limbs);
|
|
||||||
|
|
||||||
for (i = 0; i < real_limbs; i++)
|
|
||||||
ptr[i] = bn->d[real_limbs - i - 1];
|
|
||||||
}
|
|
||||||
|
|
||||||
#if LIMB_BYTE_SIZE == 8
|
|
||||||
static ossl_inline uint64_t be64(uint64_t host)
|
|
||||||
{
|
|
||||||
uint64_t big = 0;
|
|
||||||
DECLARE_IS_ENDIAN;
|
|
||||||
|
|
||||||
if (!IS_LITTLE_ENDIAN)
|
|
||||||
return host;
|
|
||||||
|
|
||||||
big |= (host & 0xff00000000000000) >> 56;
|
|
||||||
big |= (host & 0x00ff000000000000) >> 40;
|
|
||||||
big |= (host & 0x0000ff0000000000) >> 24;
|
|
||||||
big |= (host & 0x000000ff00000000) >> 8;
|
|
||||||
big |= (host & 0x00000000ff000000) << 8;
|
|
||||||
big |= (host & 0x0000000000ff0000) << 24;
|
|
||||||
big |= (host & 0x000000000000ff00) << 40;
|
|
||||||
big |= (host & 0x00000000000000ff) << 56;
|
|
||||||
return big;
|
|
||||||
}
|
|
||||||
|
|
||||||
#else
|
|
||||||
/* Not all platforms have htobe32(). */
|
|
||||||
static ossl_inline uint32_t be32(uint32_t host)
|
|
||||||
{
|
|
||||||
uint32_t big = 0;
|
|
||||||
DECLARE_IS_ENDIAN;
|
|
||||||
|
|
||||||
if (!IS_LITTLE_ENDIAN)
|
|
||||||
return host;
|
|
||||||
|
|
||||||
big |= (host & 0xff000000) >> 24;
|
|
||||||
big |= (host & 0x00ff0000) >> 8;
|
|
||||||
big |= (host & 0x0000ff00) << 8;
|
|
||||||
big |= (host & 0x000000ff) << 24;
|
|
||||||
return big;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
* We assume that intermediate, possible_arg2, blinding, and ctx are used
|
|
||||||
* similar to BN_BLINDING_invert_ex() arguments.
|
|
||||||
* to_mod is RSA modulus.
|
|
||||||
* buf and num is the serialization buffer and its length.
|
|
||||||
*
|
|
||||||
* Here we use classic/Montgomery multiplication and modulo. After the calculation finished
|
|
||||||
* we serialize the new structure instead of BIGNUMs taking endianness into account.
|
|
||||||
*/
|
|
||||||
int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
|
|
||||||
const BN_BLINDING *blinding,
|
|
||||||
const BIGNUM *possible_arg2,
|
|
||||||
const BIGNUM *to_mod, BN_CTX *ctx,
|
|
||||||
unsigned char *buf, int num)
|
|
||||||
{
|
|
||||||
limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
|
|
||||||
limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
|
|
||||||
size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
|
|
||||||
size_t l_tmp_count = 0;
|
|
||||||
int ret = 0;
|
|
||||||
size_t i;
|
|
||||||
unsigned char *tmp;
|
|
||||||
const BIGNUM *arg1 = intermediate;
|
|
||||||
const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
|
|
||||||
|
|
||||||
l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
|
||||||
l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
|
||||||
l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
|
|
||||||
|
|
||||||
l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
|
|
||||||
l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
|
||||||
l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
|
|
||||||
l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
|
|
||||||
|
|
||||||
if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
BN_to_limb(arg1, l_im, l_size);
|
|
||||||
BN_to_limb(arg2, l_mul, l_size);
|
|
||||||
BN_to_limb(to_mod, l_mod, l_mod_count);
|
|
||||||
|
|
||||||
l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
|
|
||||||
|
|
||||||
if (blinding->m_ctx != NULL) {
|
|
||||||
l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
|
|
||||||
mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
|
|
||||||
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
|
||||||
} else {
|
|
||||||
l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
|
|
||||||
mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
|
|
||||||
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((l_ret == NULL) || (l_tmp == NULL))
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
if (blinding->m_ctx != NULL) {
|
|
||||||
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
|
||||||
mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
|
|
||||||
blinding->m_ctx->n0[0], l_tmp);
|
|
||||||
} else {
|
|
||||||
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
|
|
||||||
mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
|
|
||||||
if (num < BN_num_bytes(to_mod)) {
|
|
||||||
ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(buf, 0, num);
|
|
||||||
tmp = buf + num - BN_num_bytes(to_mod);
|
|
||||||
for (i = 0; i < l_mod_count; i++) {
|
|
||||||
#if LIMB_BYTE_SIZE == 8
|
|
||||||
l_buf = be64(l_ret[i]);
|
|
||||||
#else
|
|
||||||
l_buf = be32(l_ret[i]);
|
|
||||||
#endif
|
|
||||||
if (i == 0) {
|
|
||||||
int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
|
|
||||||
|
|
||||||
memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
|
|
||||||
tmp += delta;
|
|
||||||
} else {
|
|
||||||
memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
|
|
||||||
tmp += LIMB_BYTE_SIZE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
ret = num;
|
|
||||||
|
|
||||||
err:
|
|
||||||
OPENSSL_free(l_im);
|
|
||||||
OPENSSL_free(l_mul);
|
|
||||||
OPENSSL_free(l_mod);
|
|
||||||
OPENSSL_free(l_tmp);
|
|
||||||
OPENSSL_free(l_ret);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
+1
-3
@@ -97,9 +97,7 @@ $UTIL_COMMON=\
|
|||||||
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
|
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
|
||||||
param_build_set.c der_writer.c threads_lib.c params_dup.c
|
param_build_set.c der_writer.c threads_lib.c params_dup.c
|
||||||
|
|
||||||
IF[{- !$disabled{shared} -}]
|
SHARED_SOURCE[../libssl]=sparse_array.c
|
||||||
SOURCE[../libssl]=sparse_array.c
|
|
||||||
ENDIF
|
|
||||||
|
|
||||||
SOURCE[../libcrypto]=$UTIL_COMMON \
|
SOURCE[../libcrypto]=$UTIL_COMMON \
|
||||||
mem.c mem_sec.c \
|
mem.c mem_sec.c \
|
||||||
|
|||||||
+48
-20
@@ -64,10 +64,10 @@ static int unprotected_exception(const OSSL_CMP_CTX *ctx,
|
|||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (IS_CREP(rcvd_type)) {
|
if (IS_CREP(rcvd_type)) {
|
||||||
|
int any_rid = OSSL_CMP_CERTREQID_NONE;
|
||||||
OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip;
|
OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip;
|
||||||
OSSL_CMP_CERTRESPONSE *crep =
|
OSSL_CMP_CERTRESPONSE *crep =
|
||||||
ossl_cmp_certrepmessage_get0_certresponse(crepmsg,
|
ossl_cmp_certrepmessage_get0_certresponse(crepmsg, any_rid);
|
||||||
-1 /* any rid */);
|
|
||||||
|
|
||||||
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
|
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
|
||||||
return -1;
|
return -1;
|
||||||
@@ -357,15 +357,16 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||||||
* Send certConf for IR, CR or KUR sequences and check response,
|
* Send certConf for IR, CR or KUR sequences and check response,
|
||||||
* not modifying ctx->status during the certConf exchange
|
* not modifying ctx->status during the certConf exchange
|
||||||
*/
|
*/
|
||||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info,
|
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||||
const char *txt)
|
int fail_info, const char *txt)
|
||||||
{
|
{
|
||||||
OSSL_CMP_MSG *certConf;
|
OSSL_CMP_MSG *certConf;
|
||||||
OSSL_CMP_MSG *PKIconf = NULL;
|
OSSL_CMP_MSG *PKIconf = NULL;
|
||||||
int res = 0;
|
int res = 0;
|
||||||
|
|
||||||
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
|
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
|
||||||
if ((certConf = ossl_cmp_certConf_new(ctx, fail_info, txt)) == NULL)
|
certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
|
||||||
|
if (certConf == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF);
|
res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF);
|
||||||
@@ -411,12 +412,10 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
|
|||||||
{
|
{
|
||||||
char buf[OSSL_CMP_PKISI_BUFLEN];
|
char buf[OSSL_CMP_PKISI_BUFLEN];
|
||||||
X509 *crt = NULL;
|
X509 *crt = NULL;
|
||||||
EVP_PKEY *privkey;
|
|
||||||
|
|
||||||
if (!ossl_assert(ctx != NULL && crep != NULL))
|
if (!ossl_assert(ctx != NULL && crep != NULL))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
|
||||||
switch (ossl_cmp_pkisi_get_status(crep->status)) {
|
switch (ossl_cmp_pkisi_get_status(crep->status)) {
|
||||||
case OSSL_CMP_PKISTATUS_waiting:
|
case OSSL_CMP_PKISTATUS_waiting:
|
||||||
ossl_cmp_err(ctx,
|
ossl_cmp_err(ctx,
|
||||||
@@ -454,7 +453,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
|
|||||||
ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS);
|
ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
crt = ossl_cmp_certresponse_get1_cert(crep, ctx, privkey);
|
crt = ossl_cmp_certresponse_get1_cert(ctx, crep);
|
||||||
if (crt == NULL) /* according to PKIStatus, we can expect a cert */
|
if (crt == NULL) /* according to PKIStatus, we can expect a cert */
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
|
ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
|
||||||
|
|
||||||
@@ -493,18 +492,46 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||||||
if (fail_info != 0) /* accept any error flagged by CMP core library */
|
if (fail_info != 0) /* accept any error flagged by CMP core library */
|
||||||
return fail_info;
|
return fail_info;
|
||||||
|
|
||||||
ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert");
|
if (out_trusted == NULL) {
|
||||||
chain = X509_build_chain(cert, ctx->untrusted, out_trusted /* maybe NULL */,
|
ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert");
|
||||||
0, ctx->libctx, ctx->propq);
|
chain = X509_build_chain(cert, ctx->untrusted, out_trusted,
|
||||||
|
0, ctx->libctx, ctx->propq);
|
||||||
|
} else {
|
||||||
|
X509_STORE_CTX *csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq);
|
||||||
|
|
||||||
|
ossl_cmp_debug(ctx, "validating newly enrolled cert");
|
||||||
|
if (csc == NULL)
|
||||||
|
goto err;
|
||||||
|
if (!X509_STORE_CTX_init(csc, out_trusted, cert, ctx->untrusted))
|
||||||
|
goto err;
|
||||||
|
/* disable any cert status/revocation checking etc. */
|
||||||
|
X509_VERIFY_PARAM_clear_flags(X509_STORE_CTX_get0_param(csc),
|
||||||
|
~(X509_V_FLAG_USE_CHECK_TIME
|
||||||
|
| X509_V_FLAG_NO_CHECK_TIME
|
||||||
|
| X509_V_FLAG_PARTIAL_CHAIN
|
||||||
|
| X509_V_FLAG_POLICY_CHECK));
|
||||||
|
if (X509_verify_cert(csc) <= 0)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
if (!ossl_x509_add_certs_new(&chain, X509_STORE_CTX_get0_chain(csc),
|
||||||
|
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
|
||||||
|
| X509_ADD_FLAG_NO_SS)) {
|
||||||
|
sk_X509_free(chain);
|
||||||
|
chain = NULL;
|
||||||
|
}
|
||||||
|
err:
|
||||||
|
X509_STORE_CTX_free(csc);
|
||||||
|
}
|
||||||
|
|
||||||
if (sk_X509_num(chain) > 0)
|
if (sk_X509_num(chain) > 0)
|
||||||
X509_free(sk_X509_shift(chain)); /* remove leaf (EE) cert */
|
X509_free(sk_X509_shift(chain)); /* remove leaf (EE) cert */
|
||||||
if (out_trusted != NULL) {
|
if (out_trusted != NULL) {
|
||||||
if (chain == NULL) {
|
if (chain == NULL) {
|
||||||
ossl_cmp_err(ctx, "failed building chain for newly enrolled cert");
|
ossl_cmp_err(ctx, "failed to validate newly enrolled cert");
|
||||||
fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData;
|
fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData;
|
||||||
} else {
|
} else {
|
||||||
ossl_cmp_debug(ctx,
|
ossl_cmp_debug(ctx,
|
||||||
"succeeded building proper chain for newly enrolled cert");
|
"success validating newly enrolled cert");
|
||||||
}
|
}
|
||||||
} else if (chain == NULL) {
|
} else if (chain == NULL) {
|
||||||
ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts");
|
ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts");
|
||||||
@@ -521,6 +548,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Perform the generic handling of certificate responses for IR/CR/KUR/P10CR.
|
* Perform the generic handling of certificate responses for IR/CR/KUR/P10CR.
|
||||||
|
* |rid| must be OSSL_CMP_CERTREQID_NONE if not available, namely for p10cr
|
||||||
* Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value.
|
* Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value.
|
||||||
* Returns 1 on success and provides the received PKIMESSAGE in *resp.
|
* Returns 1 on success and provides the received PKIMESSAGE in *resp.
|
||||||
* Returns 0 on error (which includes the case that timeout has been reached).
|
* Returns 0 on error (which includes the case that timeout has been reached).
|
||||||
@@ -530,7 +558,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||||||
OSSL_CMP_MSG **resp, int *checkAfter,
|
OSSL_CMP_MSG **resp, int *checkAfter,
|
||||||
int req_type, int expected_type)
|
int req_type, int expected_type)
|
||||||
{
|
{
|
||||||
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx /* may be NULL */, 0);
|
EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx);
|
||||||
int fail_info = 0; /* no failure */
|
int fail_info = 0; /* no failure */
|
||||||
const char *txt = NULL;
|
const char *txt = NULL;
|
||||||
OSSL_CMP_CERTREPMESSAGE *crepmsg;
|
OSSL_CMP_CERTREPMESSAGE *crepmsg;
|
||||||
@@ -554,10 +582,9 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||||||
return 0;
|
return 0;
|
||||||
if (!save_statusInfo(ctx, crep->status))
|
if (!save_statusInfo(ctx, crep->status))
|
||||||
return 0;
|
return 0;
|
||||||
if (rid == -1) {
|
if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
|
||||||
/* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */
|
|
||||||
rid = ossl_cmp_asn1_get_int(crep->certReqId);
|
rid = ossl_cmp_asn1_get_int(crep->certReqId);
|
||||||
if (rid == -1) {
|
if (rid != OSSL_CMP_CERTREQID_NONE) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -621,7 +648,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||||||
"rejecting newly enrolled cert with subject: %s", subj);
|
"rejecting newly enrolled cert with subject: %s", subj);
|
||||||
if (!ctx->disableConfirm
|
if (!ctx->disableConfirm
|
||||||
&& !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) {
|
&& !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) {
|
||||||
if (!ossl_cmp_exchange_certConf(ctx, fail_info, txt))
|
if (!ossl_cmp_exchange_certConf(ctx, rid, fail_info, txt))
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -630,6 +657,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
|||||||
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
|
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
|
||||||
"rejecting newly enrolled cert with subject: %s; %s",
|
"rejecting newly enrolled cert with subject: %s; %s",
|
||||||
subj, txt);
|
subj, txt);
|
||||||
|
ctx->status = OSSL_CMP_PKISTATUS_rejection;
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
OPENSSL_free(subj);
|
OPENSSL_free(subj);
|
||||||
@@ -662,7 +690,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|||||||
{
|
{
|
||||||
OSSL_CMP_MSG *rep = NULL;
|
OSSL_CMP_MSG *rep = NULL;
|
||||||
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
||||||
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
|
||||||
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
||||||
int res = 0;
|
int res = 0;
|
||||||
|
|
||||||
@@ -704,7 +732,7 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|||||||
|
|
||||||
OSSL_CMP_MSG *rep = NULL;
|
OSSL_CMP_MSG *rep = NULL;
|
||||||
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
|
||||||
int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
|
int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
|
||||||
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
|
||||||
X509 *result = NULL;
|
X509 *result = NULL;
|
||||||
|
|
||||||
|
|||||||
+21
-5
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -457,8 +457,8 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Set or clear the password to be used for protecting messages with PBMAC */
|
/* Set or clear the password to be used for protecting messages with PBMAC */
|
||||||
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
|
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
|
||||||
const int len)
|
const unsigned char *sec, int len)
|
||||||
{
|
{
|
||||||
ASN1_OCTET_STRING *secretValue = NULL;
|
ASN1_OCTET_STRING *secretValue = NULL;
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
@@ -669,13 +669,13 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
|
|||||||
*/
|
*/
|
||||||
DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509)
|
DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509)
|
||||||
|
|
||||||
/* Set the X509 name of the recipient. Set in the PKIHeader */
|
/* Set the X509 name of the recipient to be placed in the PKIHeader */
|
||||||
DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
|
DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
|
||||||
|
|
||||||
/* Store the X509 name of the expected sender in the PKIHeader of responses */
|
/* Store the X509 name of the expected sender in the PKIHeader of responses */
|
||||||
DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
|
DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
|
||||||
|
|
||||||
/* Set the X509 name of the issuer. Set in the PKIHeader */
|
/* Set the X509 name of the issuer to be placed in the certTemplate */
|
||||||
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
|
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -834,6 +834,7 @@ int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Get the private/public key to use for cert enrollment, or NULL on error */
|
/* Get the private/public key to use for cert enrollment, or NULL on error */
|
||||||
|
/* In case |priv| == 0, better use ossl_cmp_ctx_get0_newPubkey() below */
|
||||||
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
|
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
|
||||||
{
|
{
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
@@ -848,6 +849,21 @@ EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
|
|||||||
return ctx->pkey; /* may be NULL */
|
return ctx->pkey; /* may be NULL */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx)
|
||||||
|
{
|
||||||
|
if (!ossl_assert(ctx != NULL))
|
||||||
|
return NULL;
|
||||||
|
if (ctx->newPkey != NULL)
|
||||||
|
return ctx->newPkey;
|
||||||
|
if (ctx->p10CSR != NULL)
|
||||||
|
return X509_REQ_get0_pubkey(ctx->p10CSR);
|
||||||
|
if (ctx->oldCert != NULL)
|
||||||
|
return X509_get0_pubkey(ctx->oldCert);
|
||||||
|
if (ctx->cert != NULL)
|
||||||
|
return X509_get0_pubkey(ctx->cert);
|
||||||
|
return ctx->pkey;
|
||||||
|
}
|
||||||
|
|
||||||
/* Set the given transactionID to the context */
|
/* Set the given transactionID to the context */
|
||||||
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
|
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
|
||||||
const ASN1_OCTET_STRING *id)
|
const ASN1_OCTET_STRING *id)
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -95,7 +95,10 @@ static const ERR_STRING_DATA CMP_str_reasons[] = {
|
|||||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"},
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"},
|
||||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY),
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY),
|
||||||
"missing private key"},
|
"missing private key"},
|
||||||
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO),
|
||||||
|
"missing private key for popo"},
|
||||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"},
|
||||||
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PUBLIC_KEY), "missing public key"},
|
||||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT),
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT),
|
||||||
"missing reference cert"},
|
"missing reference cert"},
|
||||||
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"},
|
{ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"},
|
||||||
|
|||||||
+11
-8
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -789,6 +789,7 @@ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
|
|||||||
STACK_OF(X509) *extraCertsIn);
|
STACK_OF(X509) *extraCertsIn);
|
||||||
int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
|
int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
|
||||||
const ASN1_OCTET_STRING *nonce);
|
const ASN1_OCTET_STRING *nonce);
|
||||||
|
EVP_PKEY *ossl_cmp_ctx_get0_newPubkey(const OSSL_CMP_CTX *ctx);
|
||||||
|
|
||||||
/* from cmp_status.c */
|
/* from cmp_status.c */
|
||||||
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
||||||
@@ -852,7 +853,9 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
|
|||||||
# define OSSL_CMP_PKIBODY_POLLREP 26
|
# define OSSL_CMP_PKIBODY_POLLREP 26
|
||||||
# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP
|
# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP
|
||||||
/* certReqId for the first - and so far only - certificate request */
|
/* certReqId for the first - and so far only - certificate request */
|
||||||
# define OSSL_CMP_CERTREQID 0
|
# define OSSL_CMP_CERTREQID 0
|
||||||
|
# define OSSL_CMP_CERTREQID_NONE -1
|
||||||
|
# define OSSL_CMP_CERTREQID_INVALID -2
|
||||||
/* sequence id for the first - and so far only - revocation request */
|
/* sequence id for the first - and so far only - revocation request */
|
||||||
# define OSSL_CMP_REVREQSID 0
|
# define OSSL_CMP_REVREQSID 0
|
||||||
int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
|
int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
|
||||||
@@ -885,8 +888,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
|
|||||||
int unprotected);
|
int unprotected);
|
||||||
int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
|
int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
|
||||||
ASN1_OCTET_STRING *hash);
|
ASN1_OCTET_STRING *hash);
|
||||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||||
const char *text);
|
int fail_info, const char *text);
|
||||||
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
||||||
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
|
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
|
||||||
int64_t poll_after);
|
int64_t poll_after);
|
||||||
@@ -900,8 +903,8 @@ ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc,
|
|||||||
OSSL_CMP_CERTRESPONSE *
|
OSSL_CMP_CERTRESPONSE *
|
||||||
ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
|
ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
|
||||||
int rid);
|
int rid);
|
||||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
|
const OSSL_CMP_CERTRESPONSE *crep);
|
||||||
OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
|
OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
|
||||||
|
|
||||||
/* from cmp_protect.c */
|
/* from cmp_protect.c */
|
||||||
@@ -922,8 +925,8 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
|
|||||||
const OSSL_CMP_MSG *msg, int accept_RAVerified);
|
const OSSL_CMP_MSG *msg, int accept_RAVerified);
|
||||||
|
|
||||||
/* from cmp_client.c */
|
/* from cmp_client.c */
|
||||||
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info,
|
int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||||
const char *txt);
|
int fail_info, const char *txt);
|
||||||
int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
|
int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
|
||||||
const char *txt, int errorCode, const char *detail);
|
const char *txt, int errorCode, const char *detail);
|
||||||
|
|
||||||
|
|||||||
+38
-28
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -274,7 +274,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
|
|||||||
OSSL_CRMF_MSG *crm = NULL;
|
OSSL_CRMF_MSG *crm = NULL;
|
||||||
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
|
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
|
||||||
/* refcert defaults to current client cert */
|
/* refcert defaults to current client cert */
|
||||||
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
|
EVP_PKEY *rkey = ossl_cmp_ctx_get0_newPubkey(ctx);
|
||||||
STACK_OF(GENERAL_NAME) *default_sans = NULL;
|
STACK_OF(GENERAL_NAME) *default_sans = NULL;
|
||||||
const X509_NAME *ref_subj =
|
const X509_NAME *ref_subj =
|
||||||
refcert != NULL ? X509_get_subject_name(refcert) : NULL;
|
refcert != NULL ? X509_get_subject_name(refcert) : NULL;
|
||||||
@@ -286,15 +286,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
|
|||||||
/* RFC5280: subjectAltName MUST be critical if subject is null */
|
/* RFC5280: subjectAltName MUST be critical if subject is null */
|
||||||
X509_EXTENSIONS *exts = NULL;
|
X509_EXTENSIONS *exts = NULL;
|
||||||
|
|
||||||
if (rkey == NULL && ctx->p10CSR != NULL)
|
|
||||||
rkey = X509_REQ_get0_pubkey(ctx->p10CSR);
|
|
||||||
if (rkey == NULL && refcert != NULL)
|
|
||||||
rkey = X509_get0_pubkey(refcert);
|
|
||||||
if (rkey == NULL)
|
|
||||||
rkey = ctx->pkey; /* default is independent of ctx->oldCert */
|
|
||||||
if (rkey == NULL) {
|
if (rkey == NULL) {
|
||||||
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PUBLIC_KEY);
|
||||||
return NULL;
|
return NULL;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
@@ -411,15 +405,9 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type,
|
|||||||
if (type != OSSL_CMP_PKIBODY_P10CR) {
|
if (type != OSSL_CMP_PKIBODY_P10CR) {
|
||||||
EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||||
|
|
||||||
/*
|
/* privkey is ctx->newPkey (if private, else NULL) or ctx->pkey */
|
||||||
* privkey is NULL in case ctx->newPkey does not include a private key.
|
if (ctx->popoMethod >= OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
|
||||||
* We then may try to use ctx->pkey as fallback/default, but only
|
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY_FOR_POPO);
|
||||||
* if ctx-> newPkey does not include a (non-matching) public key:
|
|
||||||
*/
|
|
||||||
if (privkey == NULL && OSSL_CMP_CTX_get0_newPkey(ctx, 0) == NULL)
|
|
||||||
privkey = ctx->pkey; /* default is independent of ctx->oldCert */
|
|
||||||
if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) {
|
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
|
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (crm == NULL) {
|
if (crm == NULL) {
|
||||||
@@ -794,15 +782,17 @@ int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||||
const char *text)
|
int fail_info, const char *text)
|
||||||
{
|
{
|
||||||
OSSL_CMP_MSG *msg = NULL;
|
OSSL_CMP_MSG *msg = NULL;
|
||||||
OSSL_CMP_CERTSTATUS *certStatus = NULL;
|
OSSL_CMP_CERTSTATUS *certStatus = NULL;
|
||||||
ASN1_OCTET_STRING *certHash = NULL;
|
ASN1_OCTET_STRING *certHash = NULL;
|
||||||
OSSL_CMP_PKISI *sinfo;
|
OSSL_CMP_PKISI *sinfo;
|
||||||
|
|
||||||
if (!ossl_assert(ctx != NULL && ctx->newCert != NULL))
|
if (!ossl_assert(ctx != NULL && ctx->newCert != NULL
|
||||||
|
&& (certReqId == OSSL_CMP_CERTREQID
|
||||||
|
|| certReqId == OSSL_CMP_CERTREQID_NONE)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) {
|
if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) {
|
||||||
@@ -816,10 +806,13 @@ OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
|||||||
if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL)
|
if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
/* consume certStatus into msg right away so it gets deallocated with msg */
|
/* consume certStatus into msg right away so it gets deallocated with msg */
|
||||||
if (!sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus))
|
if (sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus) < 1) {
|
||||||
|
OSSL_CMP_CERTSTATUS_free(certStatus);
|
||||||
goto err;
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
/* set the ID of the certReq */
|
/* set the ID of the certReq */
|
||||||
if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID))
|
if (!ASN1_INTEGER_set(certStatus->certReqId, certReqId))
|
||||||
goto err;
|
goto err;
|
||||||
/*
|
/*
|
||||||
* The hash of the certificate, using the same hash algorithm
|
* The hash of the certificate, using the same hash algorithm
|
||||||
@@ -965,12 +958,12 @@ static int suitable_rid(const ASN1_INTEGER *certReqId, int rid)
|
|||||||
{
|
{
|
||||||
int trid;
|
int trid;
|
||||||
|
|
||||||
if (rid == -1)
|
if (rid == OSSL_CMP_CERTREQID_NONE)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
trid = ossl_cmp_asn1_get_int(certReqId);
|
trid = ossl_cmp_asn1_get_int(certReqId);
|
||||||
|
|
||||||
if (trid == -1) {
|
if (trid == OSSL_CMP_CERTREQID_NONE) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1031,14 +1024,15 @@ ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm,
|
|||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Retrieve the newly enrolled certificate from the given certResponse crep.
|
* Retrieve the newly enrolled certificate from the given certResponse crep.
|
||||||
* In case of indirect POPO uses the libctx and propq from ctx and private key.
|
* Uses libctx and propq from ctx, in case of indirect POPO also private key.
|
||||||
* Returns a pointer to a copy of the found certificate, or NULL if not found.
|
* Returns a pointer to a copy of the found certificate, or NULL if not found.
|
||||||
*/
|
*/
|
||||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey)
|
const OSSL_CMP_CERTRESPONSE *crep)
|
||||||
{
|
{
|
||||||
OSSL_CMP_CERTORENCCERT *coec;
|
OSSL_CMP_CERTORENCCERT *coec;
|
||||||
X509 *crt = NULL;
|
X509 *crt = NULL;
|
||||||
|
EVP_PKEY *pkey;
|
||||||
|
|
||||||
if (!ossl_assert(crep != NULL && ctx != NULL))
|
if (!ossl_assert(crep != NULL && ctx != NULL))
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -1051,6 +1045,8 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
|||||||
break;
|
break;
|
||||||
case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT:
|
case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT:
|
||||||
/* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */
|
/* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */
|
||||||
|
pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
||||||
|
/* pkey is ctx->newPkey (if private, else NULL) or ctx->pkey */
|
||||||
if (pkey == NULL) {
|
if (pkey == NULL) {
|
||||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
|
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY);
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -1084,6 +1080,20 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
|||||||
|| ossl_cmp_msg_protect(ctx, msg);
|
|| ossl_cmp_msg_protect(ctx, msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||||
|
{
|
||||||
|
if (ctx == NULL || msg == NULL || msg->header == NULL) {
|
||||||
|
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (ctx->recipNonce == NULL) /* nothing to do for 1st msg in transaction */
|
||||||
|
return 1;
|
||||||
|
if (!ossl_cmp_asn1_octet_string_set1(&msg->header->recipNonce,
|
||||||
|
ctx->recipNonce))
|
||||||
|
return 0;
|
||||||
|
return msg->header->protectionAlg == NULL || ossl_cmp_msg_protect(ctx, msg);
|
||||||
|
}
|
||||||
|
|
||||||
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
|
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
|
||||||
const char *propq)
|
const char *propq)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -129,6 +129,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ctx is not const just because ctx->chain may get adapted */
|
||||||
int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||||
{
|
{
|
||||||
if (!ossl_assert(ctx != NULL && msg != NULL))
|
if (!ossl_assert(ctx != NULL && msg != NULL))
|
||||||
@@ -251,6 +252,7 @@ static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg,
|
|||||||
return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id);
|
return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ctx is not const just because ctx->chain may get adapted */
|
||||||
int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
|
||||||
{
|
{
|
||||||
if (!ossl_assert(ctx != NULL && msg != NULL))
|
if (!ossl_assert(ctx != NULL && msg != NULL))
|
||||||
|
|||||||
+33
-12
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2019
|
* Copyright Nokia 2007-2019
|
||||||
* Copyright Siemens AG 2015-2019
|
* Copyright Siemens AG 2015-2019
|
||||||
*
|
*
|
||||||
@@ -22,8 +22,9 @@
|
|||||||
/* the context for the generic CMP server */
|
/* the context for the generic CMP server */
|
||||||
struct ossl_cmp_srv_ctx_st
|
struct ossl_cmp_srv_ctx_st
|
||||||
{
|
{
|
||||||
OSSL_CMP_CTX *ctx; /* Client CMP context, partly reused for srv */
|
void *custom_ctx; /* pointer to application-specific server context */
|
||||||
void *custom_ctx; /* pointer to specific server context */
|
OSSL_CMP_CTX *ctx; /* Client CMP context, reusing transactionID etc. */
|
||||||
|
int certReqId; /* id of last ir/cr/kur, OSSL_CMP_CERTREQID_NONE for p10cr */
|
||||||
|
|
||||||
OSSL_CMP_SRV_cert_request_cb_t process_cert_request;
|
OSSL_CMP_SRV_cert_request_cb_t process_cert_request;
|
||||||
OSSL_CMP_SRV_rr_cb_t process_rr;
|
OSSL_CMP_SRV_rr_cb_t process_rr;
|
||||||
@@ -57,6 +58,7 @@ OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
|
|||||||
|
|
||||||
if ((ctx->ctx = OSSL_CMP_CTX_new(libctx, propq)) == NULL)
|
if ((ctx->ctx = OSSL_CMP_CTX_new(libctx, propq)) == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
ctx->certReqId = OSSL_CMP_CERTREQID_INVALID;
|
||||||
|
|
||||||
/* all other elements are initialized to 0 or NULL, respectively */
|
/* all other elements are initialized to 0 or NULL, respectively */
|
||||||
return ctx;
|
return ctx;
|
||||||
@@ -184,7 +186,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
|
if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) {
|
||||||
certReqId = OSSL_CMP_CERTREQID;
|
certReqId = OSSL_CMP_CERTREQID_NONE; /* p10cr does not include an Id */
|
||||||
p10cr = req->body->value.p10cr;
|
p10cr = req->body->value.p10cr;
|
||||||
} else {
|
} else {
|
||||||
OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */
|
OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */
|
||||||
@@ -199,7 +201,12 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
certReqId = OSSL_CRMF_MSG_get_certReqId(crm);
|
certReqId = OSSL_CRMF_MSG_get_certReqId(crm);
|
||||||
|
if (certReqId != OSSL_CMP_CERTREQID) {
|
||||||
|
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
srv_ctx->certReqId = certReqId;
|
||||||
|
|
||||||
if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) {
|
if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) {
|
||||||
/* Proof of possession could not be verified */
|
/* Proof of possession could not be verified */
|
||||||
@@ -356,6 +363,10 @@ static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ASN1_OCTET_STRING *certHash = status->certHash;
|
ASN1_OCTET_STRING *certHash = status->certHash;
|
||||||
OSSL_CMP_PKISI *si = status->statusInfo;
|
OSSL_CMP_PKISI *si = status->statusInfo;
|
||||||
|
|
||||||
|
if (certReqId != srv_ctx->certReqId) {
|
||||||
|
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (!srv_ctx->process_certConf(srv_ctx, req, certReqId, certHash, si))
|
if (!srv_ctx->process_certConf(srv_ctx, req, certReqId, certHash, si))
|
||||||
return NULL; /* reason code may be: CMP_R_CERTHASH_UNMATCHED */
|
return NULL; /* reason code may be: CMP_R_CERTHASH_UNMATCHED */
|
||||||
|
|
||||||
@@ -394,8 +405,12 @@ static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
pr = sk_OSSL_CMP_POLLREQ_value(prc, 0);
|
pr = sk_OSSL_CMP_POLLREQ_value(prc, OSSL_CMP_CERTREQID);
|
||||||
certReqId = ossl_cmp_asn1_get_int(pr->certReqId);
|
certReqId = ossl_cmp_asn1_get_int(pr->certReqId);
|
||||||
|
if (certReqId != srv_ctx->certReqId) {
|
||||||
|
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (!srv_ctx->process_pollReq(srv_ctx, req, certReqId,
|
if (!srv_ctx->process_pollReq(srv_ctx, req, certReqId,
|
||||||
&certReq, &check_after))
|
&certReq, &check_after))
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -446,7 +461,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
ASN1_OCTET_STRING *backup_secret;
|
ASN1_OCTET_STRING *backup_secret;
|
||||||
OSSL_CMP_PKIHEADER *hdr;
|
OSSL_CMP_PKIHEADER *hdr;
|
||||||
int req_type, rsp_type;
|
int req_type, rsp_type;
|
||||||
int res;
|
int req_verified = 0;
|
||||||
OSSL_CMP_MSG *rsp = NULL;
|
OSSL_CMP_MSG *rsp = NULL;
|
||||||
|
|
||||||
if (srv_ctx == NULL || srv_ctx->ctx == NULL
|
if (srv_ctx == NULL || srv_ctx->ctx == NULL
|
||||||
@@ -506,12 +521,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
|
req_verified = ossl_cmp_msg_check_update(ctx, req, unprotected_exception,
|
||||||
srv_ctx->acceptUnprotected);
|
srv_ctx->acceptUnprotected);
|
||||||
if (ctx->secretValue != NULL && ctx->pkey != NULL
|
if (ctx->secretValue != NULL && ctx->pkey != NULL
|
||||||
&& ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
|
&& ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC)
|
||||||
ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
|
ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */
|
||||||
if (!res)
|
if (!req_verified)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
switch (req_type) {
|
switch (req_type) {
|
||||||
@@ -568,9 +583,15 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|||||||
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
|
int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest;
|
||||||
OSSL_CMP_PKISI *si = NULL;
|
OSSL_CMP_PKISI *si = NULL;
|
||||||
|
|
||||||
if (ctx->transactionID == NULL) {
|
if (!req_verified) {
|
||||||
/* ignore any (extra) error in next two function calls: */
|
/*
|
||||||
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
|
* Above ossl_cmp_msg_check_update() was not successfully executed,
|
||||||
|
* which normally would set ctx->transactionID and ctx->recipNonce.
|
||||||
|
* So anyway try to provide the right transactionID and recipNonce,
|
||||||
|
* while ignoring any (extra) error in next two function calls.
|
||||||
|
*/
|
||||||
|
if (ctx->transactionID == NULL)
|
||||||
|
(void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID);
|
||||||
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
|
(void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+9
-10
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Nokia 2007-2020
|
* Copyright Nokia 2007-2020
|
||||||
* Copyright Siemens AG 2015-2020
|
* Copyright Siemens AG 2015-2020
|
||||||
*
|
*
|
||||||
@@ -323,11 +323,11 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
|
|||||||
* verify that the newly enrolled certificate (which assumed rid ==
|
* verify that the newly enrolled certificate (which assumed rid ==
|
||||||
* OSSL_CMP_CERTREQID) can also be validated with the same trusted store
|
* OSSL_CMP_CERTREQID) can also be validated with the same trusted store
|
||||||
*/
|
*/
|
||||||
EVP_PKEY *pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
|
|
||||||
OSSL_CMP_CERTRESPONSE *crep =
|
OSSL_CMP_CERTRESPONSE *crep =
|
||||||
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
|
ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
|
||||||
OSSL_CMP_CERTREQID);
|
OSSL_CMP_CERTREQID);
|
||||||
X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
|
X509 *newcrt = ossl_cmp_certresponse_get1_cert(ctx, crep);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* maybe better use get_cert_status() from cmp_client.c, which catches
|
* maybe better use get_cert_status() from cmp_client.c, which catches
|
||||||
* errors
|
* errors
|
||||||
@@ -642,7 +642,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*-
|
/*-
|
||||||
* Check received message (i.e., response by server or request from client)
|
* Check received message (i.e., response by server or request from client)
|
||||||
* Any msg->extraCerts are prepended to ctx->untrusted.
|
* Any msg->extraCerts are prepended to ctx->untrusted.
|
||||||
@@ -765,6 +764,11 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* if not yet present, learn transactionID */
|
||||||
|
if (ctx->transactionID == NULL
|
||||||
|
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID))
|
||||||
|
return 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RFC 4210 section 5.1.1 states: the recipNonce is copied from
|
* RFC 4210 section 5.1.1 states: the recipNonce is copied from
|
||||||
* the senderNonce of the previous message in the transaction.
|
* the senderNonce of the previous message in the transaction.
|
||||||
@@ -773,11 +777,6 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||||||
if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce))
|
if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* if not yet present, learn transactionID */
|
|
||||||
if (ctx->transactionID == NULL
|
|
||||||
&& !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID))
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Store any provided extraCerts in ctx for future use,
|
* Store any provided extraCerts in ctx for future use,
|
||||||
* such that they are available to ctx->certConf_cb and
|
* such that they are available to ctx->certConf_cb and
|
||||||
@@ -788,7 +787,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
|
|||||||
/* this allows self-signed certs */
|
/* this allows self-signed certs */
|
||||||
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
|
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
|
||||||
| X509_ADD_FLAG_PREPEND))
|
| X509_ADD_FLAG_PREPEND))
|
||||||
return -1;
|
return 0;
|
||||||
|
|
||||||
if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) {
|
if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) {
|
||||||
/*
|
/*
|
||||||
|
|||||||
+2
-2
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -309,7 +309,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||||||
*/
|
*/
|
||||||
penc = NULL;
|
penc = NULL;
|
||||||
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
||||||
if (penc == NULL || penclen == 0)
|
if (penclen <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
wrap_str = ASN1_STRING_new();
|
wrap_str = ASN1_STRING_new();
|
||||||
if (wrap_str == NULL)
|
if (wrap_str == NULL)
|
||||||
|
|||||||
+12
-8
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -8,6 +8,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
#include <limits.h>
|
||||||
#include <openssl/cms.h>
|
#include <openssl/cms.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/decoder.h>
|
#include <openssl/decoder.h>
|
||||||
@@ -257,7 +258,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||||||
ASN1_STRING *wrap_str;
|
ASN1_STRING *wrap_str;
|
||||||
ASN1_OCTET_STRING *ukm;
|
ASN1_OCTET_STRING *ukm;
|
||||||
unsigned char *penc = NULL;
|
unsigned char *penc = NULL;
|
||||||
size_t penclen;
|
int penclen;
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
|
int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
|
||||||
const EVP_MD *kdf_md;
|
const EVP_MD *kdf_md;
|
||||||
@@ -274,15 +275,18 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||||||
/* Is everything uninitialised? */
|
/* Is everything uninitialised? */
|
||||||
if (aoid == OBJ_nid2obj(NID_undef)) {
|
if (aoid == OBJ_nid2obj(NID_undef)) {
|
||||||
/* Set the key */
|
/* Set the key */
|
||||||
|
size_t enckeylen;
|
||||||
|
|
||||||
penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc);
|
enckeylen = EVP_PKEY_get1_encoded_public_key(pkey, &penc);
|
||||||
ASN1_STRING_set0(pubkey, penc, penclen);
|
if (enckeylen > INT_MAX || enckeylen == 0)
|
||||||
|
goto err;
|
||||||
|
ASN1_STRING_set0(pubkey, penc, (int)enckeylen);
|
||||||
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
|
pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
|
||||||
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
|
pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
|
||||||
|
|
||||||
penc = NULL;
|
penc = NULL;
|
||||||
X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
|
(void)X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
|
||||||
V_ASN1_UNDEF, NULL);
|
V_ASN1_UNDEF, NULL); /* cannot fail */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* See if custom parameters set */
|
/* See if custom parameters set */
|
||||||
@@ -346,7 +350,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||||||
|
|
||||||
penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
|
penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
|
||||||
|
|
||||||
if (penclen == 0)
|
if (penclen <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
|
if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
|
||||||
@@ -358,7 +362,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||||||
* of another AlgorithmIdentifier.
|
* of another AlgorithmIdentifier.
|
||||||
*/
|
*/
|
||||||
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
penclen = i2d_X509_ALGOR(wrap_alg, &penc);
|
||||||
if (penc == NULL || penclen == 0)
|
if (penclen <= 0)
|
||||||
goto err;
|
goto err;
|
||||||
wrap_str = ASN1_STRING_new();
|
wrap_str = ASN1_STRING_new();
|
||||||
if (wrap_str == NULL)
|
if (wrap_str == NULL)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -138,7 +138,7 @@ int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
|
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms)
|
||||||
{
|
{
|
||||||
switch (cms_get_enveloped_type(cms)) {
|
switch (cms_get_enveloped_type(cms)) {
|
||||||
case CMS_ENVELOPED_STANDARD:
|
case CMS_ENVELOPED_STANDARD:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -432,7 +432,7 @@ BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
|
|||||||
(void)ERR_pop_to_mark();
|
(void)ERR_pop_to_mark();
|
||||||
|
|
||||||
mdbio = BIO_new(BIO_f_md());
|
mdbio = BIO_new(BIO_f_md());
|
||||||
if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
|
if (mdbio == NULL || BIO_set_md(mdbio, digest) <= 0) {
|
||||||
ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
|
ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@@ -615,11 +615,12 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
|
|||||||
|
|
||||||
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
|
int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
|
||||||
{
|
{
|
||||||
int r;
|
if (!X509_CRL_up_ref(crl))
|
||||||
r = CMS_add0_crl(cms, crl);
|
return 0;
|
||||||
if (r > 0)
|
if (CMS_add0_crl(cms, crl))
|
||||||
X509_CRL_up_ref(crl);
|
return 1;
|
||||||
return r;
|
X509_CRL_free(crl);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
|
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
|
||||||
|
|||||||
+42
-31
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -701,14 +701,21 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
|
|||||||
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
||||||
X509 *cert, X509 *peer)
|
X509 *cert, X509 *peer)
|
||||||
{
|
{
|
||||||
STACK_OF(CMS_RecipientInfo) *ris;
|
STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
|
||||||
CMS_RecipientInfo *ri;
|
CMS_RecipientInfo *ri;
|
||||||
int i, r, cms_pkey_ri_type;
|
int i, r, cms_pkey_ri_type;
|
||||||
int debug = 0, match_ri = 0;
|
int debug = 0, match_ri = 0;
|
||||||
|
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
|
||||||
|
|
||||||
ris = CMS_get0_RecipientInfos(cms);
|
/* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */
|
||||||
if (ris != NULL)
|
if (ec != NULL) {
|
||||||
debug = ossl_cms_get0_env_enc_content(cms)->debug;
|
OPENSSL_clear_free(ec->key, ec->keylen);
|
||||||
|
ec->key = NULL;
|
||||||
|
ec->keylen = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ris != NULL && ec != NULL)
|
||||||
|
debug = ec->debug;
|
||||||
|
|
||||||
cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk);
|
cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk);
|
||||||
if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) {
|
if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) {
|
||||||
@@ -731,11 +738,8 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
/*
|
/* If we have a cert, try matching RecipientInfo, else try them all */
|
||||||
* If we have a cert try matching RecipientInfo otherwise try them
|
else if (cert == NULL || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
|
||||||
* all.
|
|
||||||
*/
|
|
||||||
else if (cert == NULL|| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
|
|
||||||
EVP_PKEY_up_ref(pk);
|
EVP_PKEY_up_ref(pk);
|
||||||
CMS_RecipientInfo_set0_pkey(ri, pk);
|
CMS_RecipientInfo_set0_pkey(ri, pk);
|
||||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||||
@@ -772,7 +776,8 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
if (!match_ri)
|
||||||
|
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -783,7 +788,7 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||||||
{
|
{
|
||||||
STACK_OF(CMS_RecipientInfo) *ris;
|
STACK_OF(CMS_RecipientInfo) *ris;
|
||||||
CMS_RecipientInfo *ri;
|
CMS_RecipientInfo *ri;
|
||||||
int i, r;
|
int i, r, match_ri = 0;
|
||||||
|
|
||||||
ris = CMS_get0_RecipientInfos(cms);
|
ris = CMS_get0_RecipientInfos(cms);
|
||||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
||||||
@@ -791,11 +796,10 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||||||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
|
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/*
|
/* If we have an id, try matching RecipientInfo, else try them all */
|
||||||
* If we have an id try matching RecipientInfo otherwise try them
|
if (id == NULL
|
||||||
* all.
|
|| (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
|
||||||
*/
|
match_ri = 1;
|
||||||
if (id == NULL || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
|
|
||||||
CMS_RecipientInfo_set0_key(ri, key, keylen);
|
CMS_RecipientInfo_set0_key(ri, key, keylen);
|
||||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||||
CMS_RecipientInfo_set0_key(ri, NULL, 0);
|
CMS_RecipientInfo_set0_key(ri, NULL, 0);
|
||||||
@@ -809,7 +813,8 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
if (!match_ri)
|
||||||
|
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -817,15 +822,25 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
|
|||||||
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
||||||
unsigned char *pass, ossl_ssize_t passlen)
|
unsigned char *pass, ossl_ssize_t passlen)
|
||||||
{
|
{
|
||||||
STACK_OF(CMS_RecipientInfo) *ris;
|
STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms);
|
||||||
CMS_RecipientInfo *ri;
|
CMS_RecipientInfo *ri;
|
||||||
int i, r;
|
int i, r, match_ri = 0;
|
||||||
|
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms);
|
||||||
|
|
||||||
|
/* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */
|
||||||
|
if (ec != NULL) {
|
||||||
|
OPENSSL_clear_free(ec->key, ec->keylen);
|
||||||
|
ec->key = NULL;
|
||||||
|
ec->keylen = 0;
|
||||||
|
}
|
||||||
|
|
||||||
ris = CMS_get0_RecipientInfos(cms);
|
|
||||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
|
||||||
ri = sk_CMS_RecipientInfo_value(ris, i);
|
ri = sk_CMS_RecipientInfo_value(ris, i);
|
||||||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
|
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
/* Must try each PasswordRecipientInfo */
|
||||||
|
match_ri = 1;
|
||||||
CMS_RecipientInfo_set0_password(ri, pass, passlen);
|
CMS_RecipientInfo_set0_password(ri, pass, passlen);
|
||||||
r = CMS_RecipientInfo_decrypt(cms, ri);
|
r = CMS_RecipientInfo_decrypt(cms, ri);
|
||||||
CMS_RecipientInfo_set0_password(ri, NULL, 0);
|
CMS_RecipientInfo_set0_password(ri, NULL, 0);
|
||||||
@@ -833,7 +848,8 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
if (!match_ri)
|
||||||
|
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -843,7 +859,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
|||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
BIO *cont;
|
BIO *cont;
|
||||||
|
CMS_EncryptedContentInfo *ec;
|
||||||
int nid = OBJ_obj2nid(CMS_get0_type(cms));
|
int nid = OBJ_obj2nid(CMS_get0_type(cms));
|
||||||
|
|
||||||
if (nid != NID_pkcs7_enveloped
|
if (nid != NID_pkcs7_enveloped
|
||||||
@@ -853,14 +869,9 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
|
|||||||
}
|
}
|
||||||
if (dcont == NULL && !check_content(cms))
|
if (dcont == NULL && !check_content(cms))
|
||||||
return 0;
|
return 0;
|
||||||
if (flags & CMS_DEBUG_DECRYPT)
|
ec = ossl_cms_get0_env_enc_content(cms);
|
||||||
ossl_cms_get0_env_enc_content(cms)->debug = 1;
|
ec->debug = (flags & CMS_DEBUG_DECRYPT) != 0;
|
||||||
else
|
ec->havenocert = cert == NULL;
|
||||||
ossl_cms_get0_env_enc_content(cms)->debug = 0;
|
|
||||||
if (cert == NULL)
|
|
||||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 1;
|
|
||||||
else
|
|
||||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 0;
|
|
||||||
if (pk == NULL && cert == NULL && dcont == NULL && out == NULL)
|
if (pk == NULL && cert == NULL && dcont == NULL && out == NULL)
|
||||||
return 1;
|
return 1;
|
||||||
if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert))
|
||||||
|
|||||||
+18
-1
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -226,6 +226,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
|||||||
char *dirpath = NULL;
|
char *dirpath = NULL;
|
||||||
OPENSSL_DIR_CTX *dirctx = NULL;
|
OPENSSL_DIR_CTX *dirctx = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
|
int numincludes = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
if ((buff = BUF_MEM_new()) == NULL) {
|
if ((buff = BUF_MEM_new()) == NULL) {
|
||||||
ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
|
ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
|
||||||
@@ -442,6 +445,20 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
|
|||||||
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
|
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
|
||||||
char *include_path = NULL;
|
char *include_path = NULL;
|
||||||
|
|
||||||
|
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
|
/*
|
||||||
|
* The include processing below can cause the "conf" fuzzer to
|
||||||
|
* timeout due to the fuzzer inserting large and complicated
|
||||||
|
* includes - with a large amount of time spent in
|
||||||
|
* OPENSSL_strlcat/OPENSSL_strcpy. This is not a security
|
||||||
|
* concern because config files should never come from untrusted
|
||||||
|
* sources. We just set an arbitrary limit on the allowed
|
||||||
|
* number of includes when fuzzing to prevent this timeout.
|
||||||
|
*/
|
||||||
|
if (numincludes++ > 10)
|
||||||
|
goto err;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (include_dir == NULL)
|
if (include_dir == NULL)
|
||||||
include_dir = conf->includedir;
|
include_dir = conf->includedir;
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -173,7 +173,10 @@ DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
|
|||||||
ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR);
|
ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR);
|
||||||
goto dsaerr;
|
goto dsaerr;
|
||||||
}
|
}
|
||||||
DSA_set0_key(dsa, dsa_pubkey, dsa_privkey);
|
if (!DSA_set0_key(dsa, dsa_pubkey, dsa_privkey)) {
|
||||||
|
ERR_raise(ERR_LIB_DSA, ERR_R_INTERNAL_ERROR);
|
||||||
|
goto dsaerr;
|
||||||
|
}
|
||||||
|
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -36,6 +36,7 @@ static const ERR_STRING_DATA DSA_str_reasons[] = {
|
|||||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
||||||
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
|
||||||
"seed_len is less than the length of q"},
|
"seed_len is less than the length of q"},
|
||||||
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_TOO_MANY_RETRIES), "too many retries"},
|
||||||
{0, NULL}
|
{0, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
+25
-10
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -21,6 +21,9 @@
|
|||||||
#include "dsa_local.h"
|
#include "dsa_local.h"
|
||||||
#include <openssl/asn1.h>
|
#include <openssl/asn1.h>
|
||||||
|
|
||||||
|
#define MIN_DSA_SIGN_QBITS 128
|
||||||
|
#define MAX_DSA_SIGN_RETRIES 8
|
||||||
|
|
||||||
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
|
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
|
||||||
static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||||
BIGNUM **rp);
|
BIGNUM **rp);
|
||||||
@@ -75,6 +78,7 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
int reason = ERR_R_BN_LIB;
|
int reason = ERR_R_BN_LIB;
|
||||||
DSA_SIG *ret = NULL;
|
DSA_SIG *ret = NULL;
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
|
int retries = 0;
|
||||||
|
|
||||||
if (dsa->params.p == NULL
|
if (dsa->params.p == NULL
|
||||||
|| dsa->params.q == NULL
|
|| dsa->params.q == NULL
|
||||||
@@ -129,7 +133,10 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
* s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
|
* s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Generate a blinding value */
|
/*
|
||||||
|
* Generate a blinding value
|
||||||
|
* The size of q is tested in dsa_sign_setup() so there should not be an infinite loop here.
|
||||||
|
*/
|
||||||
do {
|
do {
|
||||||
if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1,
|
if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1,
|
||||||
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
|
BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx))
|
||||||
@@ -164,14 +171,19 @@ DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa)
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Redo if r or s is zero as required by FIPS 186-3: this is very
|
* Redo if r or s is zero as required by FIPS 186-4: Section 4.6
|
||||||
* unlikely.
|
* This is very unlikely.
|
||||||
|
* Limit the retries so there is no possibility of an infinite
|
||||||
|
* loop for bad domain parameter values.
|
||||||
*/
|
*/
|
||||||
if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
|
if (BN_is_zero(ret->r) || BN_is_zero(ret->s)) {
|
||||||
|
if (retries++ > MAX_DSA_SIGN_RETRIES) {
|
||||||
|
reason = DSA_R_TOO_MANY_RETRIES;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
goto redo;
|
goto redo;
|
||||||
|
}
|
||||||
rv = 1;
|
rv = 1;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
if (rv == 0) {
|
if (rv == 0) {
|
||||||
ERR_raise(ERR_LIB_DSA, reason);
|
ERR_raise(ERR_LIB_DSA, reason);
|
||||||
@@ -212,7 +224,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||||||
/* Reject obviously invalid parameters */
|
/* Reject obviously invalid parameters */
|
||||||
if (BN_is_zero(dsa->params.p)
|
if (BN_is_zero(dsa->params.p)
|
||||||
|| BN_is_zero(dsa->params.q)
|
|| BN_is_zero(dsa->params.q)
|
||||||
|| BN_is_zero(dsa->params.g)) {
|
|| BN_is_zero(dsa->params.g)
|
||||||
|
|| BN_is_negative(dsa->params.p)
|
||||||
|
|| BN_is_negative(dsa->params.q)
|
||||||
|
|| BN_is_negative(dsa->params.g)) {
|
||||||
ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS);
|
ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -220,7 +235,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||||||
ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY);
|
ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
k = BN_new();
|
k = BN_new();
|
||||||
l = BN_new();
|
l = BN_new();
|
||||||
if (k == NULL || l == NULL)
|
if (k == NULL || l == NULL)
|
||||||
@@ -236,7 +250,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
|
|||||||
/* Preallocate space */
|
/* Preallocate space */
|
||||||
q_bits = BN_num_bits(dsa->params.q);
|
q_bits = BN_num_bits(dsa->params.q);
|
||||||
q_words = bn_get_top(dsa->params.q);
|
q_words = bn_get_top(dsa->params.q);
|
||||||
if (!bn_wexpand(k, q_words + 2)
|
if (q_bits < MIN_DSA_SIGN_QBITS
|
||||||
|
|| !bn_wexpand(k, q_words + 2)
|
||||||
|| !bn_wexpand(l, q_words + 2))
|
|| !bn_wexpand(l, q_words + 2))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -165,7 +165,7 @@ int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen,
|
|||||||
*siglen = 0;
|
*siglen = 0;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
*siglen = i2d_DSA_SIG(s, &sig);
|
*siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||||
DSA_SIG_free(s);
|
DSA_SIG_free(s);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
#! /usr/bin/env perl
|
#! /usr/bin/env perl
|
||||||
# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
# this file except in compliance with the License. You can obtain a copy
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -140,6 +140,7 @@ ___
|
|||||||
}
|
}
|
||||||
|
|
||||||
$code.=<<___;
|
$code.=<<___;
|
||||||
|
.machine "any"
|
||||||
.text
|
.text
|
||||||
|
|
||||||
___
|
___
|
||||||
|
|||||||
+2
-1
@@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -108,6 +108,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = {
|
|||||||
"random number generation failed"},
|
"random number generation failed"},
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
|
||||||
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_TOO_MANY_RETRIES), "too many retries"},
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
|
||||||
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
|
||||||
|
|||||||
+20
-3
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -20,6 +20,15 @@
|
|||||||
#include "crypto/bn.h"
|
#include "crypto/bn.h"
|
||||||
#include "ec_local.h"
|
#include "ec_local.h"
|
||||||
|
|
||||||
|
#define MIN_ECDSA_SIGN_ORDERBITS 64
|
||||||
|
/*
|
||||||
|
* It is highly unlikely that a retry will happen,
|
||||||
|
* Multiple retries would indicate that something is wrong
|
||||||
|
* with the group parameters (which would normally only happen
|
||||||
|
* with a bad custom group).
|
||||||
|
*/
|
||||||
|
#define MAX_ECDSA_SIGN_RETRIES 8
|
||||||
|
|
||||||
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
|
||||||
BIGNUM **rp)
|
BIGNUM **rp)
|
||||||
{
|
{
|
||||||
@@ -66,7 +75,7 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
|
|||||||
*siglen = 0;
|
*siglen = 0;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
*siglen = i2d_ECDSA_SIG(s, &sig);
|
*siglen = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||||
ECDSA_SIG_free(s);
|
ECDSA_SIG_free(s);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -120,7 +129,9 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
|
|||||||
|
|
||||||
/* Preallocate space */
|
/* Preallocate space */
|
||||||
order_bits = BN_num_bits(order);
|
order_bits = BN_num_bits(order);
|
||||||
if (!BN_set_bit(k, order_bits)
|
/* Check the number of bits here so that an infinite loop is not possible */
|
||||||
|
if (order_bits < MIN_ECDSA_SIGN_ORDERBITS
|
||||||
|
|| !BN_set_bit(k, order_bits)
|
||||||
|| !BN_set_bit(r, order_bits)
|
|| !BN_set_bit(r, order_bits)
|
||||||
|| !BN_set_bit(X, order_bits))
|
|| !BN_set_bit(X, order_bits))
|
||||||
goto err;
|
goto err;
|
||||||
@@ -195,6 +206,7 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|||||||
EC_KEY *eckey)
|
EC_KEY *eckey)
|
||||||
{
|
{
|
||||||
int ok = 0, i;
|
int ok = 0, i;
|
||||||
|
int retries = 0;
|
||||||
BIGNUM *kinv = NULL, *s, *m = NULL;
|
BIGNUM *kinv = NULL, *s, *m = NULL;
|
||||||
const BIGNUM *order, *ckinv;
|
const BIGNUM *order, *ckinv;
|
||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
@@ -304,6 +316,11 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
|
|||||||
ERR_raise(ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES);
|
ERR_raise(ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
/* Avoid infinite loops cause by invalid group parameters */
|
||||||
|
if (retries++ > MAX_ECDSA_SIGN_RETRIES) {
|
||||||
|
ERR_raise(ERR_LIB_EC, EC_R_TOO_MANY_RETRIES);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
/* s != 0 => we have a valid signature */
|
/* s != 0 => we have a valid signature */
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -712,7 +712,7 @@ const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth = {
|
|||||||
static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
|
||||||
{
|
{
|
||||||
ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id,
|
ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id,
|
||||||
KEY_OP_PUBLIC, NULL, NULL);
|
KEY_OP_KEYGEN, NULL, NULL);
|
||||||
|
|
||||||
if (ecx != NULL) {
|
if (ecx != NULL) {
|
||||||
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx);
|
EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx);
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -140,8 +140,9 @@ void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
|
|||||||
if (!int_cleanup_check(1))
|
if (!int_cleanup_check(1))
|
||||||
return;
|
return;
|
||||||
item = int_cleanup_item(cb);
|
item = int_cleanup_item(cb);
|
||||||
if (item)
|
if (item != NULL)
|
||||||
sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
|
if (sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0) <= 0)
|
||||||
|
OPENSSL_free(item);
|
||||||
}
|
}
|
||||||
|
|
||||||
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
|
void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
#
|
#
|
||||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
# this file except in compliance with the License. You can obtain a copy
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -233,7 +233,9 @@ CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature
|
|||||||
CMP_R_MISSING_P10CSR:121:missing p10csr
|
CMP_R_MISSING_P10CSR:121:missing p10csr
|
||||||
CMP_R_MISSING_PBM_SECRET:166:missing pbm secret
|
CMP_R_MISSING_PBM_SECRET:166:missing pbm secret
|
||||||
CMP_R_MISSING_PRIVATE_KEY:131:missing private key
|
CMP_R_MISSING_PRIVATE_KEY:131:missing private key
|
||||||
|
CMP_R_MISSING_PRIVATE_KEY_FOR_POPO:190:missing private key for popo
|
||||||
CMP_R_MISSING_PROTECTION:143:missing protection
|
CMP_R_MISSING_PROTECTION:143:missing protection
|
||||||
|
CMP_R_MISSING_PUBLIC_KEY:183:missing public key
|
||||||
CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert
|
CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert
|
||||||
CMP_R_MISSING_SECRET:178:missing secret
|
CMP_R_MISSING_SECRET:178:missing secret
|
||||||
CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification
|
CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification
|
||||||
@@ -514,6 +516,7 @@ DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
|||||||
DSA_R_P_NOT_PRIME:115:p not prime
|
DSA_R_P_NOT_PRIME:115:p not prime
|
||||||
DSA_R_Q_NOT_PRIME:113:q not prime
|
DSA_R_Q_NOT_PRIME:113:q not prime
|
||||||
DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
|
DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q
|
||||||
|
DSA_R_TOO_MANY_RETRIES:116:too many retries
|
||||||
DSO_R_CTRL_FAILED:100:control command failed
|
DSO_R_CTRL_FAILED:100:control command failed
|
||||||
DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
|
DSO_R_DSO_ALREADY_LOADED:110:dso already loaded
|
||||||
DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
|
DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure
|
||||||
@@ -597,6 +600,7 @@ EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve
|
|||||||
EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
|
EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed
|
||||||
EC_R_SHARED_INFO_ERROR:150:shared info error
|
EC_R_SHARED_INFO_ERROR:150:shared info error
|
||||||
EC_R_SLOT_FULL:108:slot full
|
EC_R_SLOT_FULL:108:slot full
|
||||||
|
EC_R_TOO_MANY_RETRIES:176:too many retries
|
||||||
EC_R_UNDEFINED_GENERATOR:113:undefined generator
|
EC_R_UNDEFINED_GENERATOR:113:undefined generator
|
||||||
EC_R_UNDEFINED_ORDER:128:undefined order
|
EC_R_UNDEFINED_ORDER:128:undefined order
|
||||||
EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
|
EC_R_UNKNOWN_COFACTOR:164:unknown cofactor
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -387,7 +387,7 @@ static int default_fixup_args(enum state state,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if ((ret = default_check(state, translation, ctx)) < 0)
|
if ((ret = default_check(state, translation, ctx)) <= 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
switch (state) {
|
switch (state) {
|
||||||
@@ -1136,6 +1136,7 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
|||||||
const struct translation_st *translation,
|
const struct translation_st *translation,
|
||||||
struct translation_ctx_st *ctx)
|
struct translation_ctx_st *ctx)
|
||||||
{
|
{
|
||||||
|
char *p2 = NULL;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if ((ret = default_check(state, translation, ctx)) <= 0)
|
if ((ret = default_check(state, translation, ctx)) <= 0)
|
||||||
@@ -1148,13 +1149,25 @@ static int fix_ec_paramgen_curve_nid(enum state state,
|
|||||||
if (state == PRE_CTRL_TO_PARAMS) {
|
if (state == PRE_CTRL_TO_PARAMS) {
|
||||||
ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
|
ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
|
||||||
ctx->p1 = 0;
|
ctx->p1 = 0;
|
||||||
|
} else if (state == PRE_PARAMS_TO_CTRL) {
|
||||||
|
/*
|
||||||
|
* We're translating from params to ctrl and setting the curve name.
|
||||||
|
* The ctrl function needs it to be a NID, but meanwhile, we need
|
||||||
|
* space to get the curve name from the param. |ctx->name_buf| is
|
||||||
|
* sufficient for that.
|
||||||
|
* The double indirection is necessary for default_fixup_args()'s
|
||||||
|
* call of OSSL_PARAM_get_utf8_string() to be done correctly.
|
||||||
|
*/
|
||||||
|
p2 = ctx->name_buf;
|
||||||
|
ctx->p2 = &p2;
|
||||||
|
ctx->sz = sizeof(ctx->name_buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
|
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
if (state == PRE_PARAMS_TO_CTRL) {
|
if (state == PRE_PARAMS_TO_CTRL) {
|
||||||
ctx->p1 = OBJ_sn2nid(ctx->p2);
|
ctx->p1 = OBJ_sn2nid(p2);
|
||||||
ctx->p2 = NULL;
|
ctx->p2 = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2140,6 +2153,46 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
|||||||
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
|
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
|
||||||
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
|
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
|
||||||
|
|
||||||
|
/*-
|
||||||
|
* SM2
|
||||||
|
* ==
|
||||||
|
*/
|
||||||
|
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
|
||||||
|
EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL,
|
||||||
|
OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc },
|
||||||
|
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
|
||||||
|
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
|
||||||
|
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
|
||||||
|
fix_ec_paramgen_curve_nid },
|
||||||
|
/*
|
||||||
|
* EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used
|
||||||
|
* both for setting and getting. The fixup function has to handle this...
|
||||||
|
*/
|
||||||
|
{ NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER,
|
||||||
|
fix_ecdh_cofactor },
|
||||||
|
{ NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type },
|
||||||
|
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
|
||||||
|
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
|
||||||
|
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
|
||||||
|
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
|
||||||
|
{ SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
|
||||||
|
{ GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
|
||||||
|
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
|
||||||
|
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
|
||||||
/*-
|
/*-
|
||||||
* RSA
|
* RSA
|
||||||
* ===
|
* ===
|
||||||
@@ -2307,8 +2360,12 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
|
|||||||
*/
|
*/
|
||||||
{ SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
{ SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
||||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||||
|
{ SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
|
||||||
|
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||||
{ SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
{ SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
|
||||||
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||||
|
{ SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
|
||||||
|
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct translation_st evp_pkey_translations[] = {
|
static const struct translation_st evp_pkey_translations[] = {
|
||||||
@@ -2721,6 +2778,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
|
|||||||
if (translation->fixup_args != NULL)
|
if (translation->fixup_args != NULL)
|
||||||
fixup = translation->fixup_args;
|
fixup = translation->fixup_args;
|
||||||
ctx.action_type = translation->action_type;
|
ctx.action_type = translation->action_type;
|
||||||
|
ctx.ctrl_cmd = translation->ctrl_num;
|
||||||
}
|
}
|
||||||
ctx.pctx = pctx;
|
ctx.pctx = pctx;
|
||||||
ctx.params = params;
|
ctx.params = params;
|
||||||
|
|||||||
+3
-3
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -447,7 +447,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize)
|
|||||||
|
|
||||||
if (isize != NULL) {
|
if (isize != NULL) {
|
||||||
if (size <= UINT_MAX) {
|
if (size <= UINT_MAX) {
|
||||||
*isize = (int)size;
|
*isize = (unsigned int)size;
|
||||||
} else {
|
} else {
|
||||||
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
|
||||||
ret = 0;
|
ret = 0;
|
||||||
@@ -762,7 +762,7 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
|
|||||||
return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
|
return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx,
|
||||||
params);
|
params);
|
||||||
|
|
||||||
if (ctx->digest != NULL && ctx->digest->get_params != NULL)
|
if (ctx->digest != NULL && ctx->digest->get_ctx_params != NULL)
|
||||||
return ctx->digest->get_ctx_params(ctx->algctx, params);
|
return ctx->digest->get_ctx_params(ctx->algctx, params);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -283,7 +283,9 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
|
|||||||
*/
|
*/
|
||||||
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
|
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
|
||||||
{
|
{
|
||||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
|
int keytype = nid == EVP_PKEY_SM2 ? EVP_PKEY_SM2 : EVP_PKEY_EC;
|
||||||
|
|
||||||
|
return EVP_PKEY_CTX_ctrl(ctx, keytype, EVP_PKEY_OP_TYPE_GEN,
|
||||||
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
|
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
|
||||||
nid, NULL);
|
nid, NULL);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -136,7 +136,7 @@ int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
|
|||||||
md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
|
md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq);
|
||||||
/* Fallback to legacy method */
|
/* Fallback to legacy method */
|
||||||
if (md == NULL)
|
if (md == NULL)
|
||||||
EVP_get_digestbynid(md_nid);
|
md = EVP_get_digestbynid(md_nid);
|
||||||
|
|
||||||
if (md == NULL) {
|
if (md == NULL) {
|
||||||
(void)ERR_clear_last_mark();
|
(void)ERR_clear_last_mark();
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -378,7 +378,7 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
|
|||||||
|
|
||||||
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)
|
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)
|
||||||
{
|
{
|
||||||
if (keymgmt->gen != NULL)
|
if (keymgmt->gen_cleanup != NULL)
|
||||||
keymgmt->gen_cleanup(genctx);
|
keymgmt->gen_cleanup(genctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+17
-4
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -1324,6 +1324,8 @@ static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
|
|||||||
|
|
||||||
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
|
int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
|
||||||
{
|
{
|
||||||
|
if (pkey == NULL)
|
||||||
|
return 0;
|
||||||
return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
|
return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1374,7 +1376,9 @@ int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx,
|
|||||||
int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
|
int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub,
|
||||||
size_t publen)
|
size_t publen)
|
||||||
{
|
{
|
||||||
if (pkey != NULL && evp_pkey_is_provided(pkey))
|
if (pkey == NULL)
|
||||||
|
return 0;
|
||||||
|
if (evp_pkey_is_provided(pkey))
|
||||||
return
|
return
|
||||||
EVP_PKEY_set_octet_string_param(pkey,
|
EVP_PKEY_set_octet_string_param(pkey,
|
||||||
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
|
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
|
||||||
@@ -1393,7 +1397,9 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub)
|
|||||||
{
|
{
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
if (pkey != NULL && evp_pkey_is_provided(pkey)) {
|
if (pkey == NULL)
|
||||||
|
return 0;
|
||||||
|
if (evp_pkey_is_provided(pkey)) {
|
||||||
size_t return_size = OSSL_PARAM_UNMODIFIED;
|
size_t return_size = OSSL_PARAM_UNMODIFIED;
|
||||||
unsigned char *buf;
|
unsigned char *buf;
|
||||||
|
|
||||||
@@ -2172,7 +2178,14 @@ int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name,
|
|||||||
goto err;
|
goto err;
|
||||||
ret = OSSL_PARAM_get_BN(params, bn);
|
ret = OSSL_PARAM_get_BN(params, bn);
|
||||||
err:
|
err:
|
||||||
OPENSSL_free(buf);
|
if (buf != NULL) {
|
||||||
|
if (OSSL_PARAM_modified(params))
|
||||||
|
OPENSSL_clear_free(buf, buf_sz);
|
||||||
|
else
|
||||||
|
OPENSSL_free(buf);
|
||||||
|
} else if (OSSL_PARAM_modified(params)) {
|
||||||
|
OPENSSL_cleanse(buffer, params[0].data_size);
|
||||||
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+21
-9
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -509,8 +509,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||||||
if (pctx->op.kex.algctx != NULL) {
|
if (pctx->op.kex.algctx != NULL) {
|
||||||
if (!ossl_assert(pctx->op.kex.exchange != NULL))
|
if (!ossl_assert(pctx->op.kex.exchange != NULL))
|
||||||
goto err;
|
goto err;
|
||||||
rctx->op.kex.algctx
|
|
||||||
= pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
|
if (pctx->op.kex.exchange->dupctx != NULL)
|
||||||
|
rctx->op.kex.algctx
|
||||||
|
= pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx);
|
||||||
|
|
||||||
if (rctx->op.kex.algctx == NULL) {
|
if (rctx->op.kex.algctx == NULL) {
|
||||||
EVP_KEYEXCH_free(rctx->op.kex.exchange);
|
EVP_KEYEXCH_free(rctx->op.kex.exchange);
|
||||||
rctx->op.kex.exchange = NULL;
|
rctx->op.kex.exchange = NULL;
|
||||||
@@ -527,8 +530,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||||||
if (pctx->op.sig.algctx != NULL) {
|
if (pctx->op.sig.algctx != NULL) {
|
||||||
if (!ossl_assert(pctx->op.sig.signature != NULL))
|
if (!ossl_assert(pctx->op.sig.signature != NULL))
|
||||||
goto err;
|
goto err;
|
||||||
rctx->op.sig.algctx
|
|
||||||
= pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
|
if (pctx->op.sig.signature->dupctx != NULL)
|
||||||
|
rctx->op.sig.algctx
|
||||||
|
= pctx->op.sig.signature->dupctx(pctx->op.sig.algctx);
|
||||||
|
|
||||||
if (rctx->op.sig.algctx == NULL) {
|
if (rctx->op.sig.algctx == NULL) {
|
||||||
EVP_SIGNATURE_free(rctx->op.sig.signature);
|
EVP_SIGNATURE_free(rctx->op.sig.signature);
|
||||||
rctx->op.sig.signature = NULL;
|
rctx->op.sig.signature = NULL;
|
||||||
@@ -545,8 +551,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||||||
if (pctx->op.ciph.algctx != NULL) {
|
if (pctx->op.ciph.algctx != NULL) {
|
||||||
if (!ossl_assert(pctx->op.ciph.cipher != NULL))
|
if (!ossl_assert(pctx->op.ciph.cipher != NULL))
|
||||||
goto err;
|
goto err;
|
||||||
rctx->op.ciph.algctx
|
|
||||||
= pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
|
if (pctx->op.ciph.cipher->dupctx != NULL)
|
||||||
|
rctx->op.ciph.algctx
|
||||||
|
= pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx);
|
||||||
|
|
||||||
if (rctx->op.ciph.algctx == NULL) {
|
if (rctx->op.ciph.algctx == NULL) {
|
||||||
EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
|
EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher);
|
||||||
rctx->op.ciph.cipher = NULL;
|
rctx->op.ciph.cipher = NULL;
|
||||||
@@ -563,8 +572,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
|
|||||||
if (pctx->op.encap.algctx != NULL) {
|
if (pctx->op.encap.algctx != NULL) {
|
||||||
if (!ossl_assert(pctx->op.encap.kem != NULL))
|
if (!ossl_assert(pctx->op.encap.kem != NULL))
|
||||||
goto err;
|
goto err;
|
||||||
rctx->op.encap.algctx
|
|
||||||
= pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
|
if (pctx->op.encap.kem->dupctx != NULL)
|
||||||
|
rctx->op.encap.algctx
|
||||||
|
= pctx->op.encap.kem->dupctx(pctx->op.encap.algctx);
|
||||||
|
|
||||||
if (rctx->op.encap.algctx == NULL) {
|
if (rctx->op.encap.algctx == NULL) {
|
||||||
EVP_KEM_free(rctx->op.encap.kem);
|
EVP_KEM_free(rctx->op.encap.kem);
|
||||||
rctx->op.encap.kem = NULL;
|
rctx->op.encap.kem = NULL;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -111,6 +111,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[])
|
|||||||
if (p1 != NULL) {
|
if (p1 != NULL) {
|
||||||
if (p1->data_type != OSSL_PARAM_UTF8_STRING)
|
if (p1->data_type != OSSL_PARAM_UTF8_STRING)
|
||||||
goto err;
|
goto err;
|
||||||
|
props = p1->data;
|
||||||
}
|
}
|
||||||
if (!ossl_ffc_set_digest(ffc, prm->data, props))
|
if (!ossl_ffc_set_digest(ffc, prm->data, props))
|
||||||
goto err;
|
goto err;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -182,6 +182,8 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src)
|
|||||||
|| !ffc_bn_cpy(&dst->j, src->j))
|
|| !ffc_bn_cpy(&dst->j, src->j))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
dst->mdname = src->mdname;
|
||||||
|
dst->mdprops = src->mdprops;
|
||||||
OPENSSL_free(dst->seed);
|
OPENSSL_free(dst->seed);
|
||||||
dst->seedlen = src->seedlen;
|
dst->seedlen = src->seedlen;
|
||||||
if (src->seed != NULL) {
|
if (src->seed != NULL) {
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright Siemens AG 2018-2020
|
* Copyright Siemens AG 2018-2020
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -1122,7 +1122,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||||||
char *port;
|
char *port;
|
||||||
char *path;
|
char *path;
|
||||||
int use_ssl;
|
int use_ssl;
|
||||||
OSSL_HTTP_REQ_CTX *rctx;
|
OSSL_HTTP_REQ_CTX *rctx = NULL;
|
||||||
BIO *resp = NULL;
|
BIO *resp = NULL;
|
||||||
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
|
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
|
||||||
|
|
||||||
@@ -1148,10 +1148,12 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||||||
NULL /* req */,
|
NULL /* req */,
|
||||||
expected_ct, expect_asn1, max_resp_len,
|
expected_ct, expect_asn1, max_resp_len,
|
||||||
-1 /* use same max time (timeout) */,
|
-1 /* use same max time (timeout) */,
|
||||||
0 /* no keep_alive */))
|
0 /* no keep_alive */)) {
|
||||||
OSSL_HTTP_REQ_CTX_free(rctx);
|
OSSL_HTTP_REQ_CTX_free(rctx);
|
||||||
else
|
rctx = NULL;
|
||||||
|
} else {
|
||||||
resp = OSSL_HTTP_exchange(rctx, &redirection_url);
|
resp = OSSL_HTTP_exchange(rctx, &redirection_url);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
OPENSSL_free(path);
|
OPENSSL_free(path);
|
||||||
if (resp == NULL && redirection_url != NULL) {
|
if (resp == NULL && redirection_url != NULL) {
|
||||||
@@ -1166,6 +1168,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||||||
OPENSSL_free(host);
|
OPENSSL_free(host);
|
||||||
OPENSSL_free(port);
|
OPENSSL_free(port);
|
||||||
(void)OSSL_HTTP_close(rctx, 1);
|
(void)OSSL_HTTP_close(rctx, 1);
|
||||||
|
rctx = NULL;
|
||||||
BIO_free(resp);
|
BIO_free(resp);
|
||||||
OPENSSL_free(current_url);
|
OPENSSL_free(current_url);
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -1175,6 +1178,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||||||
OPENSSL_free(host);
|
OPENSSL_free(host);
|
||||||
OPENSSL_free(port);
|
OPENSSL_free(port);
|
||||||
(void)OSSL_HTTP_close(rctx, 1);
|
(void)OSSL_HTTP_close(rctx, 1);
|
||||||
|
rctx = NULL;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
/* if redirection not allowed, ignore it */
|
/* if redirection not allowed, ignore it */
|
||||||
@@ -1184,6 +1188,7 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
|
|||||||
OPENSSL_free(port);
|
OPENSSL_free(port);
|
||||||
if (!OSSL_HTTP_close(rctx, resp != NULL)) {
|
if (!OSSL_HTTP_close(rctx, resp != NULL)) {
|
||||||
BIO_free(resp);
|
BIO_free(resp);
|
||||||
|
rctx = NULL;
|
||||||
resp = NULL;
|
resp = NULL;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -253,9 +253,9 @@ static int use_proxy(const char *no_proxy, const char *server)
|
|||||||
* compatible with other HTTP client implementations like wget, curl and git
|
* compatible with other HTTP client implementations like wget, curl and git
|
||||||
*/
|
*/
|
||||||
if (no_proxy == NULL)
|
if (no_proxy == NULL)
|
||||||
no_proxy = getenv("no_proxy");
|
no_proxy = ossl_safe_getenv("no_proxy");
|
||||||
if (no_proxy == NULL)
|
if (no_proxy == NULL)
|
||||||
no_proxy = getenv(OPENSSL_NO_PROXY);
|
no_proxy = ossl_safe_getenv(OPENSSL_NO_PROXY);
|
||||||
|
|
||||||
if (no_proxy != NULL)
|
if (no_proxy != NULL)
|
||||||
found = strstr(no_proxy, server);
|
found = strstr(no_proxy, server);
|
||||||
@@ -275,10 +275,9 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
|
|||||||
* compatible with other HTTP client implementations like wget, curl and git
|
* compatible with other HTTP client implementations like wget, curl and git
|
||||||
*/
|
*/
|
||||||
if (proxy == NULL)
|
if (proxy == NULL)
|
||||||
proxy = getenv(use_ssl ? "https_proxy" : "http_proxy");
|
proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
|
||||||
if (proxy == NULL)
|
if (proxy == NULL)
|
||||||
proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY :
|
proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY);
|
||||||
OPENSSL_HTTPS_PROXY);
|
|
||||||
|
|
||||||
if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
|
if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
|
|||||||
first = 1;
|
first = 1;
|
||||||
bl = NULL;
|
bl = NULL;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
|
||||||
|
*
|
||||||
|
* > 3.5. OBJECT IDENTIFIER values
|
||||||
|
* >
|
||||||
|
* > An OBJECT IDENTIFIER value is an ordered list of non-negative
|
||||||
|
* > numbers. For the SMIv2, each number in the list is referred to as a
|
||||||
|
* > sub-identifier, there are at most 128 sub-identifiers in a value,
|
||||||
|
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295
|
||||||
|
* > decimal).
|
||||||
|
*
|
||||||
|
* So a legitimate OID according to this RFC is at most (32 * 128 / 7),
|
||||||
|
* i.e. 586 bytes long.
|
||||||
|
*
|
||||||
|
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||||
|
*/
|
||||||
|
if (len > 586)
|
||||||
|
goto err;
|
||||||
|
|
||||||
while (len > 0) {
|
while (len > 0) {
|
||||||
l = 0;
|
l = 0;
|
||||||
use_bn = 0;
|
use_bn = 0;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -510,14 +510,15 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
int j, best = -1, score, optional;
|
int j, best = -1, score, optional;
|
||||||
|
|
||||||
#ifndef FIPS_MODULE
|
|
||||||
if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (nid <= 0 || method == NULL || store == NULL)
|
if (nid <= 0 || method == NULL || store == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
#ifndef FIPS_MODULE
|
||||||
|
if (ossl_lib_ctx_is_default(store->ctx)
|
||||||
|
&& !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* This only needs to be a read lock, because the query won't create anything */
|
/* This only needs to be a read lock, because the query won't create anything */
|
||||||
if (!ossl_property_read_lock(store))
|
if (!ossl_property_read_lock(store))
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -272,7 +272,13 @@ void RAND_add(const void *buf, int num, double randomness)
|
|||||||
# endif
|
# endif
|
||||||
drbg = RAND_get0_primary(NULL);
|
drbg = RAND_get0_primary(NULL);
|
||||||
if (drbg != NULL && num > 0)
|
if (drbg != NULL && num > 0)
|
||||||
|
# ifdef OPENSSL_RAND_SEED_NONE
|
||||||
|
/* Without an entropy source, we have to rely on the user */
|
||||||
|
EVP_RAND_reseed(drbg, 0, buf, num, NULL, 0);
|
||||||
|
# else
|
||||||
|
/* With an entropy source, we downgrade this to additional input */
|
||||||
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
|
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
|
||||||
|
# endif
|
||||||
}
|
}
|
||||||
|
|
||||||
# if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
|
# if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
|
||||||
|
|||||||
+11
-7
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -124,13 +124,17 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
|
|||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
|
||||||
|
ret = -1;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
for (idx = 0; idx < ex_primes; idx++) {
|
for (idx = 0; idx < ex_primes; idx++) {
|
||||||
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
|
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
|
||||||
if (!BN_sub(k, pinfo->r, BN_value_one())) {
|
if (!BN_sub(k, pinfo->r, BN_value_one())) {
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!BN_mul(l, l, k, ctx)) {
|
if (!BN_mul(l, m, k, ctx)) {
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
@@ -138,12 +142,12 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
|
|||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
if (!BN_div(m, NULL, l, m, ctx)) { /* remainder is 0 */
|
||||||
|
ret = -1;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
|
if (!BN_mod_mul(i, key->d, key->e, m, ctx)) {
|
||||||
ret = -1;
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
|
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|||||||
+12
-20
@@ -234,6 +234,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
|
|||||||
* will only read the modulus from BN_BLINDING. In both cases it's safe
|
* will only read the modulus from BN_BLINDING. In both cases it's safe
|
||||||
* to access the blinding without a lock.
|
* to access the blinding without a lock.
|
||||||
*/
|
*/
|
||||||
|
BN_set_flags(f, BN_FLG_CONSTTIME);
|
||||||
return BN_BLINDING_invert_ex(f, unblind, b, ctx);
|
return BN_BLINDING_invert_ex(f, unblind, b, ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -416,6 +417,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
||||||
|
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
|
||||||
|
rsa->n, ctx))
|
||||||
|
goto err;
|
||||||
|
|
||||||
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
|
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
|
||||||
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
|
||||||
if (blinding == NULL) {
|
if (blinding == NULL) {
|
||||||
@@ -453,13 +459,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
|
||||||
|
|
||||||
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
|
|
||||||
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
|
|
||||||
rsa->n, ctx)) {
|
|
||||||
BN_free(d);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
|
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
|
||||||
rsa->_method_mod_n)) {
|
rsa->_method_mod_n)) {
|
||||||
BN_free(d);
|
BN_free(d);
|
||||||
@@ -469,20 +468,13 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
|
|||||||
BN_free(d);
|
BN_free(d);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (blinding) {
|
if (blinding)
|
||||||
/*
|
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
|
||||||
* ossl_bn_rsa_do_unblind() combines blinding inversion and
|
|
||||||
* 0-padded BN BE serialization
|
|
||||||
*/
|
|
||||||
j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
|
|
||||||
buf, num);
|
|
||||||
if (j == 0)
|
|
||||||
goto err;
|
goto err;
|
||||||
} else {
|
|
||||||
j = BN_bn2binpad(ret, buf, num);
|
j = BN_bn2binpad(ret, buf, num);
|
||||||
if (j < 0)
|
if (j < 0)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
|
||||||
|
|
||||||
switch (padding) {
|
switch (padding) {
|
||||||
case RSA_PKCS1_PADDING:
|
case RSA_PKCS1_PADDING:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
@@ -361,6 +361,7 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
|
|||||||
BN_CTX *ctx = NULL;
|
BN_CTX *ctx = NULL;
|
||||||
BIGNUM *e = NULL;
|
BIGNUM *e = NULL;
|
||||||
RSA_ACVP_TEST *info = NULL;
|
RSA_ACVP_TEST *info = NULL;
|
||||||
|
BIGNUM *tmp;
|
||||||
|
|
||||||
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
|
||||||
info = rsa->acvp_test;
|
info = rsa->acvp_test;
|
||||||
@@ -392,6 +393,14 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
|
|||||||
/* (Step 2) Generate prime factors */
|
/* (Step 2) Generate prime factors */
|
||||||
if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb))
|
if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
/* p>q check and skipping in case of acvp test */
|
||||||
|
if (info == NULL && BN_cmp(rsa->p, rsa->q) < 0) {
|
||||||
|
tmp = rsa->p;
|
||||||
|
rsa->p = rsa->q;
|
||||||
|
rsa->q = tmp;
|
||||||
|
}
|
||||||
|
|
||||||
/* (Steps 3-5) Compute params d, n, dP, dQ, qInv */
|
/* (Steps 3-5) Compute params d, n, dP, dQ, qInv */
|
||||||
ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx);
|
ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx);
|
||||||
if (ok < 0)
|
if (ok < 0)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||||
* Ported from Ribose contributions from Botan.
|
* Ported from Ribose contributions from Botan.
|
||||||
*
|
*
|
||||||
@@ -454,7 +454,7 @@ int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen,
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
sigleni = i2d_ECDSA_SIG(s, &sig);
|
sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
|
||||||
if (sigleni < 0) {
|
if (sigleni < 0) {
|
||||||
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
|
||||||
goto done;
|
goto done;
|
||||||
|
|||||||
+5
-1
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -528,6 +528,10 @@ int UI_process(UI *ui)
|
|||||||
ok = 0;
|
ok = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
ui->flags &= ~UI_FLAG_REDOABLE;
|
||||||
|
ok = -2;
|
||||||
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+2
-4
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -32,7 +32,7 @@ int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
|
|||||||
int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
||||||
int verify)
|
int verify)
|
||||||
{
|
{
|
||||||
int ok = 0;
|
int ok = -2;
|
||||||
UI *ui;
|
UI *ui;
|
||||||
|
|
||||||
if (size < 1)
|
if (size < 1)
|
||||||
@@ -47,8 +47,6 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
|
|||||||
ok = UI_process(ui);
|
ok = UI_process(ui);
|
||||||
UI_free(ui);
|
UI_free(ui);
|
||||||
}
|
}
|
||||||
if (ok > 0)
|
|
||||||
ok = 0;
|
|
||||||
return ok;
|
return ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct X509_POLICY_TREE_st {
|
struct X509_POLICY_TREE_st {
|
||||||
|
/* The number of nodes in the tree */
|
||||||
|
size_t node_count;
|
||||||
|
/* The maximum number of nodes in the tree */
|
||||||
|
size_t node_maximum;
|
||||||
|
|
||||||
/* This is the tree 'level' data */
|
/* This is the tree 'level' data */
|
||||||
X509_POLICY_LEVEL *levels;
|
X509_POLICY_LEVEL *levels;
|
||||||
int nlevel;
|
int nlevel;
|
||||||
@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
|
|||||||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
||||||
X509_POLICY_DATA *data,
|
X509_POLICY_DATA *data,
|
||||||
X509_POLICY_NODE *parent,
|
X509_POLICY_NODE *parent,
|
||||||
X509_POLICY_TREE *tree);
|
X509_POLICY_TREE *tree,
|
||||||
|
int extra_data);
|
||||||
void ossl_policy_node_free(X509_POLICY_NODE *node);
|
void ossl_policy_node_free(X509_POLICY_NODE *node);
|
||||||
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
|
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
|
||||||
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
|
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
|
||||||
|
|||||||
+20
-6
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
|
|||||||
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
||||||
X509_POLICY_DATA *data,
|
X509_POLICY_DATA *data,
|
||||||
X509_POLICY_NODE *parent,
|
X509_POLICY_NODE *parent,
|
||||||
X509_POLICY_TREE *tree)
|
X509_POLICY_TREE *tree,
|
||||||
|
int extra_data)
|
||||||
{
|
{
|
||||||
X509_POLICY_NODE *node;
|
X509_POLICY_NODE *node;
|
||||||
|
|
||||||
|
/* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
|
||||||
|
if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
node = OPENSSL_zalloc(sizeof(*node));
|
node = OPENSSL_zalloc(sizeof(*node));
|
||||||
if (node == NULL) {
|
if (node == NULL) {
|
||||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||||
@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|||||||
}
|
}
|
||||||
node->data = data;
|
node->data = data;
|
||||||
node->parent = parent;
|
node->parent = parent;
|
||||||
if (level) {
|
if (level != NULL) {
|
||||||
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
|
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
|
||||||
if (level->anyPolicy)
|
if (level->anyPolicy)
|
||||||
goto node_error;
|
goto node_error;
|
||||||
@@ -90,24 +95,33 @@ X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tree) {
|
if (extra_data) {
|
||||||
if (tree->extra_data == NULL)
|
if (tree->extra_data == NULL)
|
||||||
tree->extra_data = sk_X509_POLICY_DATA_new_null();
|
tree->extra_data = sk_X509_POLICY_DATA_new_null();
|
||||||
if (tree->extra_data == NULL){
|
if (tree->extra_data == NULL){
|
||||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||||
goto node_error;
|
goto extra_data_error;
|
||||||
}
|
}
|
||||||
if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
|
if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
|
||||||
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
||||||
goto node_error;
|
goto extra_data_error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tree->node_count++;
|
||||||
if (parent)
|
if (parent)
|
||||||
parent->nchild++;
|
parent->nchild++;
|
||||||
|
|
||||||
return node;
|
return node;
|
||||||
|
|
||||||
|
extra_data_error:
|
||||||
|
if (level != NULL) {
|
||||||
|
if (level->anyPolicy == node)
|
||||||
|
level->anyPolicy = NULL;
|
||||||
|
else
|
||||||
|
(void) sk_X509_POLICY_NODE_pop(level->nodes);
|
||||||
|
}
|
||||||
|
|
||||||
node_error:
|
node_error:
|
||||||
ossl_policy_node_free(node);
|
ossl_policy_node_free(node);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
+40
-14
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -14,6 +14,19 @@
|
|||||||
|
|
||||||
#include "pcy_local.h"
|
#include "pcy_local.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If the maximum number of nodes in the policy tree isn't defined, set it to
|
||||||
|
* a generous default of 1000 nodes.
|
||||||
|
*
|
||||||
|
* Defining this to be zero means unlimited policy tree growth which opens the
|
||||||
|
* door on CVE-2023-0464.
|
||||||
|
*/
|
||||||
|
#ifndef OPENSSL_POLICY_TREE_NODES_MAX
|
||||||
|
# define OPENSSL_POLICY_TREE_NODES_MAX 1000
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static void exnode_free(X509_POLICY_NODE *node);
|
||||||
|
|
||||||
static void expected_print(BIO *channel,
|
static void expected_print(BIO *channel,
|
||||||
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
|
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
|
||||||
int indent)
|
int indent)
|
||||||
@@ -163,6 +176,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||||||
return X509_PCY_TREE_INTERNAL;
|
return X509_PCY_TREE_INTERNAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Limit the growth of the tree to mitigate CVE-2023-0464 */
|
||||||
|
tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
|
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
|
||||||
*
|
*
|
||||||
@@ -180,7 +196,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||||||
if ((data = ossl_policy_data_new(NULL,
|
if ((data = ossl_policy_data_new(NULL,
|
||||||
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
|
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
|
||||||
goto bad_tree;
|
goto bad_tree;
|
||||||
if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
|
if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
|
||||||
ossl_policy_data_free(data);
|
ossl_policy_data_free(data);
|
||||||
goto bad_tree;
|
goto bad_tree;
|
||||||
}
|
}
|
||||||
@@ -239,7 +255,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
|
|||||||
* Return value: 1 on success, 0 otherwise
|
* Return value: 1 on success, 0 otherwise
|
||||||
*/
|
*/
|
||||||
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
||||||
X509_POLICY_DATA *data)
|
X509_POLICY_DATA *data,
|
||||||
|
X509_POLICY_TREE *tree)
|
||||||
{
|
{
|
||||||
X509_POLICY_LEVEL *last = curr - 1;
|
X509_POLICY_LEVEL *last = curr - 1;
|
||||||
int i, matched = 0;
|
int i, matched = 0;
|
||||||
@@ -249,13 +266,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|||||||
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
|
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
|
||||||
|
|
||||||
if (ossl_policy_node_match(last, node, data->valid_policy)) {
|
if (ossl_policy_node_match(last, node, data->valid_policy)) {
|
||||||
if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
|
if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
matched = 1;
|
matched = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!matched && last->anyPolicy) {
|
if (!matched && last->anyPolicy) {
|
||||||
if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
|
if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@@ -268,7 +285,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
|
|||||||
* Return value: 1 on success, 0 otherwise.
|
* Return value: 1 on success, 0 otherwise.
|
||||||
*/
|
*/
|
||||||
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
||||||
const X509_POLICY_CACHE *cache)
|
const X509_POLICY_CACHE *cache,
|
||||||
|
X509_POLICY_TREE *tree)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@@ -276,7 +294,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
|
|||||||
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
|
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
|
||||||
|
|
||||||
/* Look for matching nodes in previous level */
|
/* Look for matching nodes in previous level */
|
||||||
if (!tree_link_matching_nodes(curr, data))
|
if (!tree_link_matching_nodes(curr, data, tree))
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
@@ -307,7 +325,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
|
|||||||
/* Curr may not have anyPolicy */
|
/* Curr may not have anyPolicy */
|
||||||
data->qualifier_set = cache->anyPolicy->qualifier_set;
|
data->qualifier_set = cache->anyPolicy->qualifier_set;
|
||||||
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
|
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
|
||||||
if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
|
if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
|
||||||
ossl_policy_data_free(data);
|
ossl_policy_data_free(data);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -370,7 +388,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
|
|||||||
/* Finally add link to anyPolicy */
|
/* Finally add link to anyPolicy */
|
||||||
if (last->anyPolicy &&
|
if (last->anyPolicy &&
|
||||||
ossl_policy_level_add_node(curr, cache->anyPolicy,
|
ossl_policy_level_add_node(curr, cache->anyPolicy,
|
||||||
last->anyPolicy, NULL) == NULL)
|
last->anyPolicy, tree, 0) == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -553,15 +571,23 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
|
|||||||
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
|
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
|
||||||
| POLICY_DATA_FLAG_EXTRA_NODE;
|
| POLICY_DATA_FLAG_EXTRA_NODE;
|
||||||
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
|
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
|
||||||
tree);
|
tree, 1);
|
||||||
|
if (node == NULL) {
|
||||||
|
ossl_policy_data_free(extra);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!tree->user_policies) {
|
if (!tree->user_policies) {
|
||||||
tree->user_policies = sk_X509_POLICY_NODE_new_null();
|
tree->user_policies = sk_X509_POLICY_NODE_new_null();
|
||||||
if (!tree->user_policies)
|
if (!tree->user_policies) {
|
||||||
return 1;
|
exnode_free(node);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
|
if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) {
|
||||||
|
exnode_free(node);
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -580,7 +606,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
|
|||||||
|
|
||||||
for (i = 1; i < tree->nlevel; i++, curr++) {
|
for (i = 1; i < tree->nlevel; i++, curr++) {
|
||||||
cache = ossl_policy_cache_set(curr->cert);
|
cache = ossl_policy_cache_set(curr->cert);
|
||||||
if (!tree_link_nodes(curr, cache))
|
if (!tree_link_nodes(curr, cache, tree))
|
||||||
return X509_PCY_TREE_INTERNAL;
|
return X509_PCY_TREE_INTERNAL;
|
||||||
|
|
||||||
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
|
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
|
||||||
|
|||||||
@@ -179,7 +179,7 @@ const char *X509_verify_cert_error_string(long n)
|
|||||||
case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH:
|
case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH:
|
||||||
return "subject signature algorithm and issuer public key algorithm mismatch";
|
return "subject signature algorithm and issuer public key algorithm mismatch";
|
||||||
case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY:
|
case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY:
|
||||||
return "cert info siganature and signature algorithm mismatch";
|
return "cert info signature and signature algorithm mismatch";
|
||||||
case X509_V_ERR_INVALID_CA:
|
case X509_V_ERR_INVALID_CA:
|
||||||
return "invalid CA certificate";
|
return "invalid CA certificate";
|
||||||
case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA:
|
case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA:
|
||||||
@@ -213,6 +213,11 @@ const char *X509_verify_cert_error_string(long n)
|
|||||||
case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
|
case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
|
||||||
return "Certificate public key has explicit ECC parameters";
|
return "Certificate public key has explicit ECC parameters";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Entries must be kept consistent with include/openssl/x509_vfy.h.in
|
||||||
|
* and with doc/man3/X509_STORE_CTX_get_error.pod
|
||||||
|
*/
|
||||||
|
|
||||||
default:
|
default:
|
||||||
/* Printing an error number into a static buffer is not thread-safe */
|
/* Printing an error number into a static buffer is not thread-safe */
|
||||||
return "unknown certificate verification error";
|
return "unknown certificate verification error";
|
||||||
|
|||||||
+12
-4
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *ctx)
|
|||||||
goto memerr;
|
goto memerr;
|
||||||
/* Invalid or inconsistent extensions */
|
/* Invalid or inconsistent extensions */
|
||||||
if (ret == X509_PCY_TREE_INVALID) {
|
if (ret == X509_PCY_TREE_INVALID) {
|
||||||
int i;
|
int i, cbcalled = 0;
|
||||||
|
|
||||||
/* Locate certificates with bad extensions and notify callback. */
|
/* Locate certificates with bad extensions and notify callback. */
|
||||||
for (i = 1; i < sk_X509_num(ctx->chain); i++) {
|
for (i = 0; i < sk_X509_num(ctx->chain); i++) {
|
||||||
X509 *x = sk_X509_value(ctx->chain, i);
|
X509 *x = sk_X509_value(ctx->chain, i);
|
||||||
|
|
||||||
|
if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
|
||||||
|
cbcalled = 1;
|
||||||
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
|
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
|
||||||
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
|
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
|
||||||
}
|
}
|
||||||
|
if (!cbcalled) {
|
||||||
|
/* Should not be able to get here */
|
||||||
|
ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
/* The callback ignored the error so we return success */
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (ret == X509_PCY_TREE_FAILURE) {
|
if (ret == X509_PCY_TREE_FAILURE) {
|
||||||
@@ -3413,7 +3421,7 @@ static int check_curve(X509 *cert)
|
|||||||
ret = EVP_PKEY_get_int_param(pkey,
|
ret = EVP_PKEY_get_int_param(pkey,
|
||||||
OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
|
OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS,
|
||||||
&val);
|
&val);
|
||||||
return ret < 0 ? ret : !val;
|
return ret == 1 ? !val : -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@@ -4145,6 +4145,10 @@ DEPEND[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
|
|||||||
GENERATE[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
|
GENERATE[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod
|
||||||
DEPEND[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
DEPEND[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
||||||
GENERATE[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
GENERATE[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod
|
||||||
|
DEPEND[html/man7/EVP_CIPHER-NULL.html]=man7/EVP_CIPHER-NULL.pod
|
||||||
|
GENERATE[html/man7/EVP_CIPHER-NULL.html]=man7/EVP_CIPHER-NULL.pod
|
||||||
|
DEPEND[man/man7/EVP_CIPHER-NULL.7]=man7/EVP_CIPHER-NULL.pod
|
||||||
|
GENERATE[man/man7/EVP_CIPHER-NULL.7]=man7/EVP_CIPHER-NULL.pod
|
||||||
DEPEND[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
DEPEND[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
||||||
GENERATE[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
GENERATE[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod
|
||||||
DEPEND[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod
|
DEPEND[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod
|
||||||
@@ -4289,6 +4293,10 @@ DEPEND[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod
|
|||||||
GENERATE[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod
|
GENERATE[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod
|
||||||
DEPEND[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
DEPEND[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
||||||
GENERATE[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
GENERATE[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod
|
||||||
|
DEPEND[html/man7/EVP_MD-NULL.html]=man7/EVP_MD-NULL.pod
|
||||||
|
GENERATE[html/man7/EVP_MD-NULL.html]=man7/EVP_MD-NULL.pod
|
||||||
|
DEPEND[man/man7/EVP_MD-NULL.7]=man7/EVP_MD-NULL.pod
|
||||||
|
GENERATE[man/man7/EVP_MD-NULL.7]=man7/EVP_MD-NULL.pod
|
||||||
DEPEND[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
DEPEND[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
||||||
GENERATE[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
GENERATE[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod
|
||||||
DEPEND[man/man7/EVP_MD-RIPEMD160.7]=man7/EVP_MD-RIPEMD160.pod
|
DEPEND[man/man7/EVP_MD-RIPEMD160.7]=man7/EVP_MD-RIPEMD160.pod
|
||||||
@@ -4619,6 +4627,7 @@ html/man7/EVP_CIPHER-CAST.html \
|
|||||||
html/man7/EVP_CIPHER-CHACHA.html \
|
html/man7/EVP_CIPHER-CHACHA.html \
|
||||||
html/man7/EVP_CIPHER-DES.html \
|
html/man7/EVP_CIPHER-DES.html \
|
||||||
html/man7/EVP_CIPHER-IDEA.html \
|
html/man7/EVP_CIPHER-IDEA.html \
|
||||||
|
html/man7/EVP_CIPHER-NULL.html \
|
||||||
html/man7/EVP_CIPHER-RC2.html \
|
html/man7/EVP_CIPHER-RC2.html \
|
||||||
html/man7/EVP_CIPHER-RC4.html \
|
html/man7/EVP_CIPHER-RC4.html \
|
||||||
html/man7/EVP_CIPHER-RC5.html \
|
html/man7/EVP_CIPHER-RC5.html \
|
||||||
@@ -4655,6 +4664,7 @@ html/man7/EVP_MD-MD4.html \
|
|||||||
html/man7/EVP_MD-MD5-SHA1.html \
|
html/man7/EVP_MD-MD5-SHA1.html \
|
||||||
html/man7/EVP_MD-MD5.html \
|
html/man7/EVP_MD-MD5.html \
|
||||||
html/man7/EVP_MD-MDC2.html \
|
html/man7/EVP_MD-MDC2.html \
|
||||||
|
html/man7/EVP_MD-NULL.html \
|
||||||
html/man7/EVP_MD-RIPEMD160.html \
|
html/man7/EVP_MD-RIPEMD160.html \
|
||||||
html/man7/EVP_MD-SHA1.html \
|
html/man7/EVP_MD-SHA1.html \
|
||||||
html/man7/EVP_MD-SHA2.html \
|
html/man7/EVP_MD-SHA2.html \
|
||||||
@@ -4743,6 +4753,7 @@ man/man7/EVP_CIPHER-CAST.7 \
|
|||||||
man/man7/EVP_CIPHER-CHACHA.7 \
|
man/man7/EVP_CIPHER-CHACHA.7 \
|
||||||
man/man7/EVP_CIPHER-DES.7 \
|
man/man7/EVP_CIPHER-DES.7 \
|
||||||
man/man7/EVP_CIPHER-IDEA.7 \
|
man/man7/EVP_CIPHER-IDEA.7 \
|
||||||
|
man/man7/EVP_CIPHER-NULL.7 \
|
||||||
man/man7/EVP_CIPHER-RC2.7 \
|
man/man7/EVP_CIPHER-RC2.7 \
|
||||||
man/man7/EVP_CIPHER-RC4.7 \
|
man/man7/EVP_CIPHER-RC4.7 \
|
||||||
man/man7/EVP_CIPHER-RC5.7 \
|
man/man7/EVP_CIPHER-RC5.7 \
|
||||||
@@ -4779,6 +4790,7 @@ man/man7/EVP_MD-MD4.7 \
|
|||||||
man/man7/EVP_MD-MD5-SHA1.7 \
|
man/man7/EVP_MD-MD5-SHA1.7 \
|
||||||
man/man7/EVP_MD-MD5.7 \
|
man/man7/EVP_MD-MD5.7 \
|
||||||
man/man7/EVP_MD-MDC2.7 \
|
man/man7/EVP_MD-MDC2.7 \
|
||||||
|
man/man7/EVP_MD-NULL.7 \
|
||||||
man/man7/EVP_MD-RIPEMD160.7 \
|
man/man7/EVP_MD-RIPEMD160.7 \
|
||||||
man/man7/EVP_MD-SHA1.7 \
|
man/man7/EVP_MD-SHA1.7 \
|
||||||
man/man7/EVP_MD-SHA2.7 \
|
man/man7/EVP_MD-SHA2.7 \
|
||||||
|
|||||||
@@ -12,6 +12,9 @@ in the file named openssl-1.0.1h.tar.gz.asc.
|
|||||||
The following is the list of fingerprints for the keys that are
|
The following is the list of fingerprints for the keys that are
|
||||||
currently in use to sign OpenSSL distributions:
|
currently in use to sign OpenSSL distributions:
|
||||||
|
|
||||||
|
OpenSSL OMC:
|
||||||
|
EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
|
||||||
|
|
||||||
Richard Levitte:
|
Richard Levitte:
|
||||||
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
|
||||||
|
|
||||||
|
|||||||
@@ -30,8 +30,8 @@ ossl_cmp_error_new
|
|||||||
OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
|
OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
|
||||||
const OSSL_CRMF_CERTID *cid,
|
const OSSL_CRMF_CERTID *cid,
|
||||||
int unprotectedErrors);
|
int unprotectedErrors);
|
||||||
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
|
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId,
|
||||||
const char *text);
|
int fail_info, const char *text);
|
||||||
OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx);
|
OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx);
|
||||||
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid);
|
||||||
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after);
|
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after);
|
||||||
@@ -124,8 +124,9 @@ It does not protect the message if the B<status> value in I<si> is B<rejected>
|
|||||||
and I<unprotectedErrors> is nonzero.
|
and I<unprotectedErrors> is nonzero.
|
||||||
|
|
||||||
ossl_cmp_certConf_new() creates a Certificate Confirmation message for the last
|
ossl_cmp_certConf_new() creates a Certificate Confirmation message for the last
|
||||||
received certificate. PKIStatus defaults to B<accepted> if the I<fail_info> bit
|
received certificate with the given I<certReqId>.
|
||||||
field is 0. Else it is taken as the failInfo of the PKIStatusInfo, PKIStatus is
|
The PKIStatus defaults to B<accepted> if the I<fail_info> bit field is 0.
|
||||||
|
Otherwise it is taken as the failInfo of the PKIStatusInfo, PKIStatus is
|
||||||
set to B<rejected>, and I<text> is copied to statusString unless it is NULL.
|
set to B<rejected>, and I<text> is copied to statusString unless it is NULL.
|
||||||
|
|
||||||
ossl_cmp_pkiconf_new() creates a PKI Confirmation message.
|
ossl_cmp_pkiconf_new() creates a PKI Confirmation message.
|
||||||
@@ -167,7 +168,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ ossl_cmp_mock_srv_set1_certOut,
|
|||||||
ossl_cmp_mock_srv_set1_chainOut,
|
ossl_cmp_mock_srv_set1_chainOut,
|
||||||
ossl_cmp_mock_srv_set1_caPubsOut,
|
ossl_cmp_mock_srv_set1_caPubsOut,
|
||||||
ossl_cmp_mock_srv_set_statusInfo,
|
ossl_cmp_mock_srv_set_statusInfo,
|
||||||
ossl_cmp_mock_srv_set_send_error,
|
ossl_cmp_mock_srv_set_sendError,
|
||||||
ossl_cmp_mock_srv_set_pollCount,
|
ossl_cmp_mock_srv_set_pollCount,
|
||||||
ossl_cmp_mock_srv_set_checkAfterTime
|
ossl_cmp_mock_srv_set_checkAfterTime
|
||||||
- functions used for testing with CMP mock server
|
- functions used for testing with CMP mock server
|
||||||
@@ -27,7 +27,7 @@ ossl_cmp_mock_srv_set_checkAfterTime
|
|||||||
STACK_OF(X509) *caPubs);
|
STACK_OF(X509) *caPubs);
|
||||||
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
||||||
int fail_info, const char *text);
|
int fail_info, const char *text);
|
||||||
int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
||||||
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
||||||
|
|
||||||
@@ -39,25 +39,27 @@ I<propq>, both of which may be NULL to select the defaults.
|
|||||||
|
|
||||||
ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server.
|
ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in
|
ossl_cmp_mock_srv_set1_certOut() sets the certificate to be returned in
|
||||||
cp/ip/kup.
|
cp/ip/kup.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to
|
ossl_cmp_mock_srv_set1_chainOut() sets the certificate chain to be added to
|
||||||
the extraCerts in a cp/ip/kup.
|
the extraCerts in a cp/ip/kup.
|
||||||
It should to useful to validate B<certOut>.
|
It should be useful for the validation of the certificate given via
|
||||||
|
ossl_cmp_mock_srv_set1_certOut().
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip.
|
ossl_cmp_mock_srv_set1_caPubsOut() sets the caPubs to be returned in an ip.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set_statusInfo() sets the status info to be returned.
|
ossl_cmp_mock_srv_set_statusInfo() sets the status info to be returned.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set_send_error() enables enforcement of error responses.
|
ossl_cmp_mock_srv_set_sendError() enables enforcement of error responses
|
||||||
|
for requests of the given I<bodytype>, or for all requests if I<bodytype> is 1.
|
||||||
|
A I<bodytype> of -1 can be used to disable this feature, which is the default.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set_pollCount() sets the number of polls before cert response.
|
ossl_cmp_mock_srv_set_pollCount() sets the number of polls before cert response.
|
||||||
|
|
||||||
OSSL_CMP_SRV_CTX_set_checkAfterTime() sets the number of seconds
|
ossl_cmp_mock_srv_set_checkAfterTime() sets the number of seconds
|
||||||
the client should wait for the next poll.
|
the client should wait for the next poll.
|
||||||
|
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
||||||
@@ -77,7 +79,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ using the credentials, library context, and property criteria in the I<ctx>.
|
|||||||
ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
|
ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
|
||||||
depending on the available context information given in the I<ctx>.
|
depending on the available context information given in the I<ctx>.
|
||||||
If there is a secretValue it selects PBMAC, else if there is a protection cert
|
If there is a secretValue it selects PBMAC, else if there is a protection cert
|
||||||
it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.
|
it selects Signature and uses ossl_cmp_msg_add_extraCerts (see below).
|
||||||
It also sets the protectionAlg field in the message header accordingly.
|
It also sets the protectionAlg field in the message header accordingly.
|
||||||
|
|
||||||
ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
|
ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
|
||||||
@@ -40,6 +40,10 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
|
|||||||
|
|
||||||
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
||||||
|
|
||||||
|
The I<ctx> parameter of ossl_cmp_msg_add_extraCerts()
|
||||||
|
and thus also of ossl_cmp_msg_protect() cannot be made I<const>
|
||||||
|
because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
ossl_cmp_calc_protection() returns the protection on success, else NULL.
|
ossl_cmp_calc_protection() returns the protection on success, else NULL.
|
||||||
@@ -52,7 +56,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -43,8 +43,8 @@ ossl_cmp_pkisi_check_pkifailureinfo
|
|||||||
# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
|
# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
|
||||||
# define OSSL_CMP_PKIFAILUREINFO_MAX 26
|
# define OSSL_CMP_PKIFAILUREINFO_MAX 26
|
||||||
|
|
||||||
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
|
X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx,
|
||||||
const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
|
const OSSL_CMP_CERTRESPONSE *crep);
|
||||||
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si);
|
||||||
const char *ossl_cmp_PKIStatus_to_string(int status);
|
const char *ossl_cmp_PKIStatus_to_string(int status);
|
||||||
OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si);
|
OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si);
|
||||||
@@ -55,7 +55,7 @@ ossl_cmp_pkisi_check_pkifailureinfo
|
|||||||
|
|
||||||
ossl_cmp_certresponse_get1_cert() returns a pointer to a copy of the newly
|
ossl_cmp_certresponse_get1_cert() returns a pointer to a copy of the newly
|
||||||
enrolled certificate from the given certResponse I<crep>, or NULL on error.
|
enrolled certificate from the given certResponse I<crep>, or NULL on error.
|
||||||
In case of indirect POPO uses data from the I<ctx> and the private key I<pkey>.
|
Uses data from I<ctx>, which in case of indirect POPO includes the private key.
|
||||||
|
|
||||||
ossl_cmp_pkisi_get_status() returns the PKIStatus of I<si>, or -1 on error.
|
ossl_cmp_pkisi_get_status() returns the PKIStatus of I<si>, or -1 on error.
|
||||||
|
|
||||||
@@ -89,7 +89,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
+101
-47
@@ -248,12 +248,16 @@ e.g., C<1.2.3.4:int:56789>.
|
|||||||
|
|
||||||
=item B<-newkey> I<filename>|I<uri>
|
=item B<-newkey> I<filename>|I<uri>
|
||||||
|
|
||||||
The source of the private or public key for the certificate requested
|
The source of the private or public key for the certificate being requested.
|
||||||
in Initialization Request (IR), Certification Request(CR), or
|
|
||||||
Key Update Request (KUR).
|
|
||||||
Defaults to the public key in the PKCS#10 CSR given with the B<-csr> option,
|
Defaults to the public key in the PKCS#10 CSR given with the B<-csr> option,
|
||||||
the public key of the reference certificate, or the current client key.
|
the public key of the reference certificate, or the current client key.
|
||||||
|
|
||||||
|
The public portion of the key is placed in the certification request.
|
||||||
|
|
||||||
|
Unless B<-cmd> I<p10cr>, B<-popo> I<-1>, or B<-popo> I<0> is given, the
|
||||||
|
private key will be needed as well to provide the proof of possession (POPO),
|
||||||
|
where the B<-key> option may provide a fallback.
|
||||||
|
|
||||||
=item B<-newkeypass> I<arg>
|
=item B<-newkeypass> I<arg>
|
||||||
|
|
||||||
Pass phrase source for the key given with the B<-newkey> option.
|
Pass phrase source for the key given with the B<-newkey> option.
|
||||||
@@ -344,7 +348,7 @@ Flag the policies given with B<-policy_oids> as critical.
|
|||||||
|
|
||||||
=item B<-popo> I<number>
|
=item B<-popo> I<number>
|
||||||
|
|
||||||
Proof-of-Possession (POPO) method to use for IR/CR/KUR; values: C<-1>..<2> where
|
Proof-of-possession (POPO) method to use for IR/CR/KUR; values: C<-1>..<2> where
|
||||||
C<-1> = NONE, C<0> = RAVERIFIED, C<1> = SIGNATURE (default), C<2> = KEYENC.
|
C<-1> = NONE, C<0> = RAVERIFIED, C<1> = SIGNATURE (default), C<2> = KEYENC.
|
||||||
|
|
||||||
Note that a signature-based POPO can only be produced if a private key
|
Note that a signature-based POPO can only be produced if a private key
|
||||||
@@ -354,15 +358,22 @@ is provided via the B<-newkey> or B<-key> options.
|
|||||||
|
|
||||||
PKCS#10 CSR in PEM or DER format containing a certificate request.
|
PKCS#10 CSR in PEM or DER format containing a certificate request.
|
||||||
With B<-cmd> I<p10cr> it is used directly in a legacy P10CR message.
|
With B<-cmd> I<p10cr> it is used directly in a legacy P10CR message.
|
||||||
|
|
||||||
When used with B<-cmd> I<ir>, I<cr>, or I<kur>,
|
When used with B<-cmd> I<ir>, I<cr>, or I<kur>,
|
||||||
it is transformed into the respective regular CMP request,
|
it is transformed into the respective regular CMP request.
|
||||||
while its public key is ignored if I<-newkey> is given.
|
In this case, a private key must be provided (with B<-newkey> or B<-key>)
|
||||||
It may also be used with B<-cmd> I<rr> to specify the certificate to be revoked
|
for the proof of possession (unless B<-popo> I<-1> or B<-popo> I<0> is used)
|
||||||
|
and the respective public key is placed in the certification request
|
||||||
|
(rather than taking over the public key contained in the PKCS#10 CSR).
|
||||||
|
|
||||||
|
PKCS#10 CSR input may also be used with B<-cmd> I<rr>
|
||||||
|
to specify the certificate to be revoked
|
||||||
via the included subject name and public key.
|
via the included subject name and public key.
|
||||||
|
|
||||||
=item B<-out_trusted> I<filenames>|I<uris>
|
=item B<-out_trusted> I<filenames>|I<uris>
|
||||||
|
|
||||||
Trusted certificate(s) to use for validating the newly enrolled certificate.
|
Trusted certificate(s) to use for validating the newly enrolled certificate.
|
||||||
|
During this verification, any certificate status checking is disabled.
|
||||||
|
|
||||||
Multiple sources may be given, separated by commas and/or whitespace
|
Multiple sources may be given, separated by commas and/or whitespace
|
||||||
(where in the latter case the whole argument must be enclosed in "...").
|
(where in the latter case the whole argument must be enclosed in "...").
|
||||||
@@ -408,6 +419,7 @@ For RR the certificate to be revoked can also be specified using B<-csr>.
|
|||||||
The reference certificate, if any, is also used for
|
The reference certificate, if any, is also used for
|
||||||
deriving default subject DN and Subject Alternative Names and the
|
deriving default subject DN and Subject Alternative Names and the
|
||||||
default issuer entry in the requested certificate template of an IR/CR/KUR.
|
default issuer entry in the requested certificate template of an IR/CR/KUR.
|
||||||
|
Its public key is used as a fallback in the template of certification requests.
|
||||||
Its subject is used as sender of outgoing messages if B<-cert> is not given.
|
Its subject is used as sender of outgoing messages if B<-cert> is not given.
|
||||||
Its issuer is used as default recipient in CMP message headers
|
Its issuer is used as default recipient in CMP message headers
|
||||||
if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
|
if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
|
||||||
@@ -443,7 +455,8 @@ Reason numbers defined in RFC 5280 are:
|
|||||||
|
|
||||||
The DNS hostname or IP address and optionally port
|
The DNS hostname or IP address and optionally port
|
||||||
of the CMP server to connect to using HTTP(S).
|
of the CMP server to connect to using HTTP(S).
|
||||||
This excludes I<-port> and I<-use_mock_srv> and is ignored with I<-rspin>.
|
This option excludes I<-port> and I<-use_mock_srv>.
|
||||||
|
It is ignored if I<-rspin> is given with enough filename arguments.
|
||||||
|
|
||||||
The scheme C<https> may be given only if the B<-tls_used> option is used.
|
The scheme C<https> may be given only if the B<-tls_used> option is used.
|
||||||
In this case the default port is 443, else 80.
|
In this case the default port is 443, else 80.
|
||||||
@@ -523,15 +536,15 @@ Default is 0.
|
|||||||
|
|
||||||
=item B<-trusted> I<filenames>|I<uris>
|
=item B<-trusted> I<filenames>|I<uris>
|
||||||
|
|
||||||
When validating signature-based protection of CMP response messages,
|
The certificate(s), typically of root CAs, the client shall use as trust anchors
|
||||||
these are the CA certificate(s) to trust while checking certificate chains
|
when validating signature-based protection of CMP response messages.
|
||||||
during CMP server authentication.
|
This option is ignored if the B<-srvcert> option is given as well.
|
||||||
This option gives more flexibility than the B<-srvcert> option because the
|
It provides more flexibility than B<-srvcert> because the CMP protection
|
||||||
server-side CMP signer certificate is not pinned but may be any certificate
|
certificate of the server is not pinned but may be any certificate
|
||||||
for which a chain to one of the given trusted certificates can be constructed.
|
from which a chain to one of the given trust anchors can be constructed.
|
||||||
|
|
||||||
If no B<-trusted>, B<-srvcert>, and B<-secret> option is given
|
If none of B<-trusted>, B<-srvcert>, and B<-secret> is given, message validation
|
||||||
then protected response messages from the server are not authenticated.
|
errors will be thrown unless B<-unprotected_errors> permits an exception.
|
||||||
|
|
||||||
Multiple sources may be given, separated by commas and/or whitespace
|
Multiple sources may be given, separated by commas and/or whitespace
|
||||||
(where in the latter case the whole argument must be enclosed in "...").
|
(where in the latter case the whole argument must be enclosed in "...").
|
||||||
@@ -546,24 +559,24 @@ have no effect on the certificate verification enabled via this option.
|
|||||||
Non-trusted intermediate CA certificate(s).
|
Non-trusted intermediate CA certificate(s).
|
||||||
Any extra certificates given with the B<-cert> option are appended to it.
|
Any extra certificates given with the B<-cert> option are appended to it.
|
||||||
All these certificates may be useful for cert path construction
|
All these certificates may be useful for cert path construction
|
||||||
for the CMP client certificate (to include in the extraCerts field of outgoing
|
for the own CMP signer certificate (to include in the extraCerts field of
|
||||||
messages) and for the TLS client certificate (if TLS is enabled)
|
request messages) and for the TLS client certificate (if TLS is enabled)
|
||||||
as well as for chain building
|
as well as for chain building
|
||||||
when validating the CMP server certificate (checking signature-based
|
when validating server certificates (checking signature-based
|
||||||
CMP message protection) and when validating newly enrolled certificates.
|
CMP message protection) and when validating newly enrolled certificates.
|
||||||
|
|
||||||
Multiple sources may be given, separated by commas and/or whitespace.
|
Multiple filenames or URLs may be given, separated by commas and/or whitespace.
|
||||||
Each file may contain multiple certificates.
|
Each source may contain multiple certificates.
|
||||||
|
|
||||||
=item B<-srvcert> I<filename>|I<uri>
|
=item B<-srvcert> I<filename>|I<uri>
|
||||||
|
|
||||||
The specific CMP server certificate to expect and directly trust (even if it is
|
The specific CMP server certificate to expect and directly trust (even if it is
|
||||||
expired) when validating signature-based protection of CMP response messages.
|
expired) when verifying signature-based protection of CMP response messages.
|
||||||
May be set alternatively to the B<-trusted> option to pin the accepted server.
|
This pins the accepted server and results in ignoring the B<-trusted> option.
|
||||||
|
|
||||||
If set, the subject of the certificate is also used
|
If set, the subject of the certificate is also used
|
||||||
as default value for the recipient of CMP requests
|
as default value for the recipient of CMP requests
|
||||||
and as default value for the expected sender of incoming CMP messages.
|
and as default value for the expected sender of CMP responses.
|
||||||
|
|
||||||
=item B<-expect_sender> I<name>
|
=item B<-expect_sender> I<name>
|
||||||
|
|
||||||
@@ -583,8 +596,8 @@ For details see the description of the B<-subject> option.
|
|||||||
=item B<-ignore_keyusage>
|
=item B<-ignore_keyusage>
|
||||||
|
|
||||||
Ignore key usage restrictions in CMP signer certificates when validating
|
Ignore key usage restrictions in CMP signer certificates when validating
|
||||||
signature-based protection of incoming CMP messages,
|
signature-based protection of incoming CMP messages.
|
||||||
else C<digitalSignature> must be allowed for signer certificate.
|
By default, C<digitalSignature> must be allowed by CMP signer certificates.
|
||||||
|
|
||||||
=item B<-unprotected_errors>
|
=item B<-unprotected_errors>
|
||||||
|
|
||||||
@@ -659,17 +672,25 @@ L<openssl-passphrase-options(1)>.
|
|||||||
|
|
||||||
The client's current CMP signer certificate.
|
The client's current CMP signer certificate.
|
||||||
Requires the corresponding key to be given with B<-key>.
|
Requires the corresponding key to be given with B<-key>.
|
||||||
|
|
||||||
|
The subject and the public key contained in this certificate
|
||||||
|
serve as fallback values in the certificate template of IR/CR/KUR messages.
|
||||||
|
|
||||||
The subject of this certificate will be used as sender of outgoing CMP messages,
|
The subject of this certificate will be used as sender of outgoing CMP messages,
|
||||||
while the subject of B<-oldcert> or B<-subjectName> may provide fallback values.
|
while the subject of B<-oldcert> or B<-subjectName> may provide fallback values.
|
||||||
|
|
||||||
The issuer of this certificate is used as one of the recipient fallback values
|
The issuer of this certificate is used as one of the recipient fallback values
|
||||||
and as fallback issuer entry in the certificate template of IR/CR/KUR.
|
and as fallback issuer entry in the certificate template of IR/CR/KUR messages.
|
||||||
|
|
||||||
When using signature-based message protection, this "protection certificate"
|
When using signature-based message protection, this "protection certificate"
|
||||||
will be included first in the extraCerts field of outgoing messages
|
will be included first in the extraCerts field of outgoing messages
|
||||||
and the signature is done with the corresponding key.
|
and the signature is done with the corresponding key.
|
||||||
In Initialization Request (IR) messages this can be used for authenticating
|
In Initialization Request (IR) messages this can be used for authenticating
|
||||||
using an external entity certificate as defined in appendix E.7 of RFC 4210.
|
using an external entity certificate as defined in appendix E.7 of RFC 4210.
|
||||||
|
|
||||||
For Key Update Request (KUR) messages this is also used as
|
For Key Update Request (KUR) messages this is also used as
|
||||||
the certificate to be updated if the B<-oldcert> option is not given.
|
the certificate to be updated if the B<-oldcert> option is not given.
|
||||||
|
|
||||||
If the file includes further certs, they are appended to the untrusted certs
|
If the file includes further certs, they are appended to the untrusted certs
|
||||||
because they typically constitute the chain of the client certificate, which
|
because they typically constitute the chain of the client certificate, which
|
||||||
is included in the extraCerts field in signature-protected request messages.
|
is included in the extraCerts field in signature-protected request messages.
|
||||||
@@ -695,6 +716,8 @@ the B<-cert> option.
|
|||||||
This will be used for signature-based message protection unless
|
This will be used for signature-based message protection unless
|
||||||
the B<-secret> option indicating PBM or B<-unprotected_requests> is given.
|
the B<-secret> option indicating PBM or B<-unprotected_requests> is given.
|
||||||
|
|
||||||
|
It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages.
|
||||||
|
|
||||||
=item B<-keypass> I<arg>
|
=item B<-keypass> I<arg>
|
||||||
|
|
||||||
Pass phrase source for the private key given with the B<-key> option.
|
Pass phrase source for the private key given with the B<-key> option.
|
||||||
@@ -709,7 +732,7 @@ L<openssl-passphrase-options(1)>.
|
|||||||
Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
|
Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
|
||||||
and as the one-way function (OWF) in MSG_MAC_ALG.
|
and as the one-way function (OWF) in MSG_MAC_ALG.
|
||||||
If applicable, this is used for message protection and
|
If applicable, this is used for message protection and
|
||||||
Proof-of-Possession (POPO) signatures.
|
proof-of-possession (POPO) signatures.
|
||||||
To see the list of supported digests, use C<openssl list -digest-commands>.
|
To see the list of supported digests, use C<openssl list -digest-commands>.
|
||||||
Defaults to C<sha256>.
|
Defaults to C<sha256>.
|
||||||
|
|
||||||
@@ -732,7 +755,7 @@ Each source may contain multiple certificates.
|
|||||||
|
|
||||||
=item B<-unprotected_requests>
|
=item B<-unprotected_requests>
|
||||||
|
|
||||||
Send messages without CMP-level protection.
|
Send request messages without CMP-level protection.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
@@ -801,11 +824,14 @@ B<-tls_key>.
|
|||||||
|
|
||||||
=item B<-tls_used>
|
=item B<-tls_used>
|
||||||
|
|
||||||
Enable using TLS (even when other TLS_related options are not set)
|
Enable using TLS (even when other TLS-related options are not set)
|
||||||
when connecting to CMP server via HTTP.
|
for message exchange with CMP server via HTTP.
|
||||||
This option is not supported with the I<-port> option
|
This option is not supported with the I<-port> option.
|
||||||
and is ignored with the I<-use_mock_srv> and I<-rspin> options
|
It is ignored if the I<-server> option is not given or I<-use_mock_srv> is given
|
||||||
or if the I<-server> option is not given.
|
or I<-rspin> is given with enough filename arguments.
|
||||||
|
|
||||||
|
The following TLS-related options are ignored
|
||||||
|
if B<-tls_used> is not given or does not take effect.
|
||||||
|
|
||||||
=item B<-tls_cert> I<filename>|I<uri>
|
=item B<-tls_cert> I<filename>|I<uri>
|
||||||
|
|
||||||
@@ -867,46 +893,71 @@ Default is one invocation.
|
|||||||
|
|
||||||
=item B<-reqin> I<filenames>
|
=item B<-reqin> I<filenames>
|
||||||
|
|
||||||
Take sequence of CMP requests from file(s).
|
Take the sequence of CMP requests to send to the server from the given file(s)
|
||||||
|
rather than from the sequence of requests produced internally.
|
||||||
|
|
||||||
|
This option is ignored if the B<-rspin> option is given
|
||||||
|
because in the latter case no requests are actually sent.
|
||||||
|
|
||||||
Multiple filenames may be given, separated by commas and/or whitespace
|
Multiple filenames may be given, separated by commas and/or whitespace
|
||||||
(where in the latter case the whole argument must be enclosed in "...").
|
(where in the latter case the whole argument must be enclosed in "...").
|
||||||
As many files are read as needed for a complete transaction.
|
|
||||||
|
The files are read as far as needed to complete the transaction
|
||||||
|
and filenames have been provided. If more requests are needed,
|
||||||
|
the remaining ones are taken from the items at the respective position
|
||||||
|
in the sequence of requests produced internally.
|
||||||
|
|
||||||
|
The client needs to update the recipNonce field in the given requests (except
|
||||||
|
for the first one) in order to satisfy the checks to be performed by the server.
|
||||||
|
This causes re-protection (if protecting requests is required).
|
||||||
|
|
||||||
=item B<-reqin_new_tid>
|
=item B<-reqin_new_tid>
|
||||||
|
|
||||||
Use a fresh transactionID for CMP request messages read using B<-reqin>,
|
Use a fresh transactionID for CMP request messages read using B<-reqin>,
|
||||||
which requires re-protecting them as far as they were protected before.
|
which causes their reprotection (if protecting requests is required).
|
||||||
This may be needed in case the sequence of requests is reused
|
This may be needed in case the sequence of requests is reused
|
||||||
and the CMP server complains that the transaction ID has already been used.
|
and the CMP server complains that the transaction ID has already been used.
|
||||||
|
|
||||||
=item B<-reqout> I<filenames>
|
=item B<-reqout> I<filenames>
|
||||||
|
|
||||||
Save sequence of CMP requests to file(s).
|
Save the sequence of CMP requests created by the client to the given file(s).
|
||||||
|
These requests are not sent to the server if the B<-reqin> option is used, too.
|
||||||
|
|
||||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||||
As many files are written as needed to store the complete transaction.
|
|
||||||
|
Files are written as far as needed to save the transaction
|
||||||
|
and filenames have been provided.
|
||||||
|
If the transaction contains more requests, the remaining ones are not saved.
|
||||||
|
|
||||||
=item B<-rspin> I<filenames>
|
=item B<-rspin> I<filenames>
|
||||||
|
|
||||||
Process sequence of CMP responses provided in file(s), skipping server.
|
Process the sequence of CMP responses provided in the given file(s),
|
||||||
This excludes I<-server>, I<-port>, and I<-use_mock_srv>.
|
not contacting any given server,
|
||||||
|
as long as enough filenames are provided to complete the transaction.
|
||||||
|
|
||||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||||
As many files are read as needed for the complete transaction.
|
|
||||||
|
Any server specified via the I<-server> or I<-use_mock_srv> options is contacted
|
||||||
|
only if more responses are needed to complete the transaction.
|
||||||
|
In this case the transaction will fail
|
||||||
|
unless the server has been prepared to continue the already started transaction.
|
||||||
|
|
||||||
=item B<-rspout> I<filenames>
|
=item B<-rspout> I<filenames>
|
||||||
|
|
||||||
Save sequence of CMP responses to file(s).
|
Save the sequence of actually used CMP responses to the given file(s).
|
||||||
|
These have been received from the server unless B<-rspin> takes effect.
|
||||||
|
|
||||||
Multiple filenames may be given, separated by commas and/or whitespace.
|
Multiple filenames may be given, separated by commas and/or whitespace.
|
||||||
As many files are written as needed to store the complete transaction.
|
|
||||||
|
Files are written as far as needed to save the responses
|
||||||
|
contained in the transaction and filenames have been provided.
|
||||||
|
If the transaction contains more responses, the remaining ones are not saved.
|
||||||
|
|
||||||
=item B<-use_mock_srv>
|
=item B<-use_mock_srv>
|
||||||
|
|
||||||
Test the client using the internal CMP server mock-up at API level,
|
Test the client using the internal CMP server mock-up at API level,
|
||||||
bypassing socket-based transfer via HTTP.
|
bypassing socket-based transfer via HTTP.
|
||||||
This excludes I<-server>, I<-port>, and I<-rspin>.
|
This excludes the B<-server> and B<-port> options.
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
@@ -917,7 +968,9 @@ This excludes I<-server>, I<-port>, and I<-rspin>.
|
|||||||
=item B<-port> I<number>
|
=item B<-port> I<number>
|
||||||
|
|
||||||
Act as HTTP-based CMP server mock-up listening on the given port.
|
Act as HTTP-based CMP server mock-up listening on the given port.
|
||||||
This excludes I<-server>, I<-rspin>, and I<-use_mock_srv>.
|
This excludes the B<-server> and B<-use_mock_srv> options.
|
||||||
|
The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options
|
||||||
|
so far are not supported in this mode.
|
||||||
|
|
||||||
=item B<-max_msgs> I<number>
|
=item B<-max_msgs> I<number>
|
||||||
|
|
||||||
@@ -1022,10 +1075,11 @@ Accept missing or invalid protection of requests.
|
|||||||
=item B<-accept_unprot_err>
|
=item B<-accept_unprot_err>
|
||||||
|
|
||||||
Accept unprotected error messages from client.
|
Accept unprotected error messages from client.
|
||||||
|
So far this has no effect because the server does not accept any error messages.
|
||||||
|
|
||||||
=item B<-accept_raverified>
|
=item B<-accept_raverified>
|
||||||
|
|
||||||
Accept RAVERIFED as proof-of-possession (POPO).
|
Accept RAVERIFED as proof of possession (POPO).
|
||||||
|
|
||||||
=back
|
=back
|
||||||
|
|
||||||
|
|||||||
@@ -129,7 +129,8 @@ This option enables the use of PBKDF2 algorithm to derive the key.
|
|||||||
|
|
||||||
=item B<-pbkdf2>
|
=item B<-pbkdf2>
|
||||||
|
|
||||||
Use PBKDF2 algorithm with default iteration count unless otherwise specified.
|
Use PBKDF2 algorithm with a default iteration count of 10000
|
||||||
|
unless otherwise specified by the B<-iter> command line option.
|
||||||
|
|
||||||
=item B<-nosalt>
|
=item B<-nosalt>
|
||||||
|
|
||||||
|
|||||||
@@ -568,10 +568,12 @@ When a specific TLS version is required, only that version will be offered or
|
|||||||
accepted.
|
accepted.
|
||||||
Only one specific protocol can be given and it cannot be combined with any of
|
Only one specific protocol can be given and it cannot be combined with any of
|
||||||
the B<no_> options.
|
the B<no_> options.
|
||||||
|
The B<no_*> options do not work with B<s_time> and B<ciphers> commands but work with
|
||||||
|
B<s_client> and B<s_server> commands.
|
||||||
|
|
||||||
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
|
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
|
||||||
|
|
||||||
These options specify to use DTLS instead of DLTS.
|
These options specify to use DTLS instead of TLS.
|
||||||
With B<-dtls>, clients will negotiate any supported DTLS protocol version.
|
With B<-dtls>, clients will negotiate any supported DTLS protocol version.
|
||||||
Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
|
Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
|
||||||
respectively.
|
respectively.
|
||||||
@@ -831,7 +833,7 @@ that program with no arguments is now equivalent to C<openssl help>.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -27,7 +27,7 @@ If I<a> is NULL nothing is done.
|
|||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
Other string types call the B<ASN1_STRING> functions. For example
|
Other string types call the B<ASN1_STRING> functions. For example
|
||||||
ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
|
ASN1_OCTET_STRING_new() calls ASN1_STRING_type_new(V_ASN1_OCTET_STRING).
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
@@ -42,7 +42,7 @@ L<ERR_get_error(3)>
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -21,10 +21,10 @@ to and I<flags> is an optional set of flags.
|
|||||||
I<dcont> is used in the rare case where the encrypted content is detached. It
|
I<dcont> is used in the rare case where the encrypted content is detached. It
|
||||||
will normally be set to NULL.
|
will normally be set to NULL.
|
||||||
|
|
||||||
The following flags can be passed in the B<flags> parameter.
|
The following flags can be passed in the I<flags> parameter.
|
||||||
|
|
||||||
If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
|
If the B<CMS_TEXT> flag is set MIME headers for type C<text/plain> are deleted
|
||||||
from the content. If the content is not of type B<text/plain> then an error is
|
from the content. If the content is not of type C<text/plain> then an error is
|
||||||
returned.
|
returned.
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
@@ -39,7 +39,7 @@ L<ERR_get_error(3)>, L<CMS_EncryptedData_encrypt(3)>
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -20,6 +20,8 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
|
|||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
|
CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
|
||||||
|
This is used by L<CMS_sign_ex(3)> and L<CMS_sign(3)> and may be used before
|
||||||
|
calling L<CMS_verify(3)> to help chain building in certificate validation.
|
||||||
I<cms> must be of type signed data or (authenticated) enveloped data.
|
I<cms> must be of type signed data or (authenticated) enveloped data.
|
||||||
For signed data, such a certificate can be used when signing or verifying
|
For signed data, such a certificate can be used when signing or verifying
|
||||||
to fill in the signer certificate or to provide an extra CA certificate
|
to fill in the signer certificate or to provide an extra CA certificate
|
||||||
@@ -29,7 +31,8 @@ CMS_get1_certs() returns all certificates in I<cms>.
|
|||||||
|
|
||||||
CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
|
CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
|
||||||
I<cms> must be of type signed data or (authenticated) enveloped data.
|
I<cms> must be of type signed data or (authenticated) enveloped data.
|
||||||
For signed data, such a CRL may be used in certificate validation.
|
For signed data, such a CRL may be used in certificate validation
|
||||||
|
with L<CMS_verify(3)>.
|
||||||
It may be given both for inclusion when signing a CMS message
|
It may be given both for inclusion when signing a CMS message
|
||||||
and when verifying a signed CMS message.
|
and when verifying a signed CMS message.
|
||||||
|
|
||||||
@@ -48,8 +51,7 @@ As the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it
|
|||||||
must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
|
must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
|
||||||
must be freed up.
|
must be freed up.
|
||||||
|
|
||||||
The same certificate or CRL must not be added to the same cms structure more
|
The same certificate must not be added to the same cms structure more than once.
|
||||||
than once.
|
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
@@ -63,12 +65,12 @@ in practice is if the I<cms> type is invalid.
|
|||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<ERR_get_error(3)>,
|
L<ERR_get_error(3)>,
|
||||||
L<CMS_sign(3)>,
|
L<CMS_sign(3)>, L<CMS_sign_ex(3)>, L<CMS_verify(3)>,
|
||||||
L<CMS_encrypt(3)>
|
L<CMS_encrypt(3)>
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
+50
-24
@@ -2,8 +2,9 @@
|
|||||||
|
|
||||||
=head1 NAME
|
=head1 NAME
|
||||||
|
|
||||||
CMS_decrypt, CMS_decrypt_set1_pkey_and_peer, CMS_decrypt_set1_pkey - decrypt
|
CMS_decrypt, CMS_decrypt_set1_pkey_and_peer,
|
||||||
content from a CMS envelopedData structure
|
CMS_decrypt_set1_pkey, CMS_decrypt_set1_password
|
||||||
|
- decrypt content from a CMS envelopedData structure
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
@@ -14,23 +15,41 @@ content from a CMS envelopedData structure
|
|||||||
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms,
|
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms,
|
||||||
EVP_PKEY *pk, X509 *cert, X509 *peer);
|
EVP_PKEY *pk, X509 *cert, X509 *peer);
|
||||||
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
|
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
|
||||||
|
int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
|
||||||
|
unsigned char *pass, ossl_ssize_t passlen);
|
||||||
|
|
||||||
=head1 DESCRIPTION
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData
|
CMS_decrypt() extracts the decrypted content from a CMS EnvelopedData
|
||||||
or AuthEnvelopedData structure. B<pkey> is the private key of the recipient,
|
or AuthEnvelopedData structure.
|
||||||
B<cert> is the recipient's certificate, B<out> is a BIO to write the content to
|
It uses CMS_decrypt_set1_pkey() to decrypt the content
|
||||||
and B<flags> is an optional set of flags.
|
with the recipient private key I<pkey> if I<pkey> is not NULL.
|
||||||
|
In this case, it is recommended to provide the associated certificate
|
||||||
The B<dcont> parameter is used in the rare case where the encrypted content
|
in I<cert> - see the NOTES below.
|
||||||
|
I<out> is a BIO to write the content to and
|
||||||
|
I<flags> is an optional set of flags.
|
||||||
|
If I<pkey> is NULL the function assumes that decryption was already done
|
||||||
|
(e.g., using CMS_decrypt_set1_pkey() or CMS_decrypt_set1_password()) and just
|
||||||
|
provides the content unless I<cert>, I<dcont>, and I<out> are NULL as well.
|
||||||
|
The I<dcont> parameter is used in the rare case where the encrypted content
|
||||||
is detached. It will normally be set to NULL.
|
is detached. It will normally be set to NULL.
|
||||||
|
|
||||||
CMS_decrypt_set1_pkey_and_peer() associates the private key B<pkey>, the
|
CMS_decrypt_set1_pkey_and_peer() decrypts the CMS_ContentInfo structure I<cms>
|
||||||
corresponding certificate B<cert> and the originator certificate B<peer> with
|
using the private key I<pkey>, the corresponding certificate I<cert>, which is
|
||||||
the CMS_ContentInfo structure B<cms>.
|
recommended to be supplied but may be NULL,
|
||||||
|
and the (optional) originator certificate I<peer>.
|
||||||
|
On success, it also records in I<cms> the decryption key I<pkey>, and this
|
||||||
|
should be followed by C<CMS_decrypt(cms, NULL, NULL, dcont, out, flags)>.
|
||||||
|
This call deallocates any decryption key stored in I<cms>.
|
||||||
|
|
||||||
CMS_decrypt_set1_pkey() associates the private key B<pkey>, corresponding
|
CMS_decrypt_set1_pkey() is the same as
|
||||||
certificate B<cert> with the CMS_ContentInfo structure B<cms>.
|
CMS_decrypt_set1_pkey_and_peer() with I<peer> being NULL.
|
||||||
|
|
||||||
|
CMS_decrypt_set1_password() decrypts the CMS_ContentInfo structure I<cms>
|
||||||
|
using the secret I<pass> of length I<passlen>.
|
||||||
|
On success, it also records in I<cms> the decryption key used, and this
|
||||||
|
should be followed by C<CMS_decrypt(cms, NULL, NULL, dcont, out, flags)>.
|
||||||
|
This call deallocates any decryption key stored in I<cms>.
|
||||||
|
|
||||||
=head1 NOTES
|
=head1 NOTES
|
||||||
|
|
||||||
@@ -38,7 +57,7 @@ Although the recipients certificate is not needed to decrypt the data it is
|
|||||||
needed to locate the appropriate (of possible several) recipients in the CMS
|
needed to locate the appropriate (of possible several) recipients in the CMS
|
||||||
structure.
|
structure.
|
||||||
|
|
||||||
If B<cert> is set to NULL all possible recipients are tried. This case however
|
If I<cert> is set to NULL all possible recipients are tried. This case however
|
||||||
is problematic. To thwart the MMA attack (Bleichenbacher's attack on
|
is problematic. To thwart the MMA attack (Bleichenbacher's attack on
|
||||||
PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
|
PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
|
||||||
not. If no recipient succeeds then a random symmetric key is used to decrypt
|
not. If no recipient succeeds then a random symmetric key is used to decrypt
|
||||||
@@ -54,26 +73,32 @@ open to attack.
|
|||||||
|
|
||||||
It is possible to determine the correct recipient key by other means (for
|
It is possible to determine the correct recipient key by other means (for
|
||||||
example looking them up in a database) and setting them in the CMS structure
|
example looking them up in a database) and setting them in the CMS structure
|
||||||
in advance using the CMS utility functions such as CMS_set1_pkey(). In this
|
in advance using the CMS utility functions such as CMS_set1_pkey(),
|
||||||
case both B<cert> and B<pkey> should be set to NULL.
|
or use CMS_decrypt_set1_password() if the recipient has a symmetric key.
|
||||||
|
In these cases both I<cert> and I<pkey> should be set to NULL.
|
||||||
|
|
||||||
To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
|
To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
|
||||||
and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and
|
and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and
|
||||||
B<cert> and B<pkey> set to NULL.
|
I<cert> and I<pkey> set to NULL.
|
||||||
|
|
||||||
The following flags can be passed in the B<flags> parameter.
|
The following flags can be passed in the I<flags> parameter.
|
||||||
|
|
||||||
If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
|
If the B<CMS_TEXT> flag is set MIME headers for type C<text/plain> are deleted
|
||||||
from the content. If the content is not of type B<text/plain> then an error is
|
from the content. If the content is not of type C<text/plain> then an error is
|
||||||
returned.
|
returned.
|
||||||
|
|
||||||
=head1 RETURN VALUES
|
=head1 RETURN VALUES
|
||||||
|
|
||||||
CMS_decrypt() returns either 1 for success or 0 for failure.
|
CMS_decrypt(), CMS_decrypt_set1_pkey_and_peer(),
|
||||||
The error can be obtained from ERR_get_error(3)
|
CMS_decrypt_set1_pkey(), and CMS_decrypt_set1_password()
|
||||||
|
return either 1 for success or 0 for failure.
|
||||||
|
The error can be obtained from ERR_get_error(3).
|
||||||
|
|
||||||
=head1 BUGS
|
=head1 BUGS
|
||||||
|
|
||||||
|
The B<set1_> part of these function names is misleading
|
||||||
|
and should better read: B<with_>.
|
||||||
|
|
||||||
The lack of single pass processing and the need to hold all data in memory as
|
The lack of single pass processing and the need to hold all data in memory as
|
||||||
mentioned in CMS_verify() also applies to CMS_decrypt().
|
mentioned in CMS_verify() also applies to CMS_decrypt().
|
||||||
|
|
||||||
@@ -83,11 +108,12 @@ L<ERR_get_error(3)>, L<CMS_encrypt(3)>
|
|||||||
|
|
||||||
=head1 HISTORY
|
=head1 HISTORY
|
||||||
|
|
||||||
B<CMS_decrypt_set1_pkey_and_peer> was added in OpenSSL 3.0.
|
CMS_decrypt_set1_pkey_and_peer() and CMS_decrypt_set1_password()
|
||||||
|
were added in OpenSSL 3.0.
|
||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ point_conversion_form_t is an enum defined as follows:
|
|||||||
For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
|
For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by
|
||||||
the octets for x, followed by the octets for y.
|
the octets for x, followed by the octets for y.
|
||||||
|
|
||||||
For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For
|
For any given x coordinate for a point on a curve it is possible to derive two possible y values. For
|
||||||
POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
|
POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of
|
||||||
the two possible solutions for y has been used, followed by the octets for x.
|
the two possible solutions for y has been used, followed by the octets for x.
|
||||||
|
|
||||||
|
|||||||
@@ -128,7 +128,7 @@ EC_KEY_check_key() performs various sanity checks on the EC_KEY object to
|
|||||||
confirm that it is valid.
|
confirm that it is valid.
|
||||||
|
|
||||||
EC_KEY_set_public_key_affine_coordinates() sets the public key for I<key> based
|
EC_KEY_set_public_key_affine_coordinates() sets the public key for I<key> based
|
||||||
on its affine co-ordinates; i.e., it constructs an EC_POINT object based on
|
on its affine coordinates; i.e., it constructs an EC_POINT object based on
|
||||||
the supplied I<x> and I<y> values and sets the public key to be this
|
the supplied I<x> and I<y> values and sets the public key to be this
|
||||||
EC_POINT. It also performs certain sanity checks on the key to confirm
|
EC_POINT. It also performs certain sanity checks on the key to confirm
|
||||||
that it is valid.
|
that it is valid.
|
||||||
@@ -235,7 +235,7 @@ For replacement see L<EVP_PKEY-EC(7)>.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -44,7 +44,7 @@ EC_POINT_is_on_curve tests whether the supplied point is on the curve or not.
|
|||||||
EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.
|
EC_POINT_cmp compares the two supplied points and tests whether or not they are equal.
|
||||||
|
|
||||||
The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine
|
The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine
|
||||||
co-ordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be
|
coordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be
|
||||||
forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used.
|
forced. These functions were deprecated in OpenSSL 3.0 and should no longer be used.
|
||||||
Modern versions automatically perform this conversion when needed.
|
Modern versions automatically perform this conversion when needed.
|
||||||
|
|
||||||
@@ -90,7 +90,7 @@ were deprecated in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
+14
-14
@@ -124,9 +124,9 @@ public concept.
|
|||||||
A valid point on a curve is the special point at infinity. A point is set to
|
A valid point on a curve is the special point at infinity. A point is set to
|
||||||
be at infinity by calling EC_POINT_set_to_infinity().
|
be at infinity by calling EC_POINT_set_to_infinity().
|
||||||
|
|
||||||
The affine co-ordinates for a point describe a point in terms of its x and y
|
The affine coordinates for a point describe a point in terms of its x and y
|
||||||
position. The function EC_POINT_set_affine_coordinates() sets the B<x> and B<y>
|
position. The function EC_POINT_set_affine_coordinates() sets the B<x> and B<y>
|
||||||
co-ordinates for the point B<p> defined over the curve given in B<group>. The
|
coordinates for the point B<p> defined over the curve given in B<group>. The
|
||||||
function EC_POINT_get_affine_coordinates() sets B<x> and B<y>, either of which
|
function EC_POINT_get_affine_coordinates() sets B<x> and B<y>, either of which
|
||||||
may be NULL, to the corresponding coordinates of B<p>.
|
may be NULL, to the corresponding coordinates of B<p>.
|
||||||
|
|
||||||
@@ -140,27 +140,27 @@ EC_POINT_get_affine_coordinates_GF2m() are synonyms for
|
|||||||
EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility
|
EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility
|
||||||
only and should not be used.
|
only and should not be used.
|
||||||
|
|
||||||
As well as the affine co-ordinates, a point can alternatively be described in
|
As well as the affine coordinates, a point can alternatively be described in
|
||||||
terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian
|
terms of its Jacobian projective coordinates (for Fp curves only). Jacobian
|
||||||
projective co-ordinates are expressed as three values x, y and z. Working in
|
projective coordinates are expressed as three values x, y and z. Working in
|
||||||
this co-ordinate system provides more efficient point multiplication
|
this coordinate system provides more efficient point multiplication
|
||||||
operations. A mapping exists between Jacobian projective co-ordinates and
|
operations. A mapping exists between Jacobian projective coordinates and
|
||||||
affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written
|
affine coordinates. A Jacobian projective coordinate (x, y, z) can be written
|
||||||
as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
|
as an affine coordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian
|
||||||
projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped
|
projective from affine coordinates is simple. The coordinate (x, y) is mapped
|
||||||
to (x, y, 1). Although deprecated in OpenSSL 3.0 and should no longer be used,
|
to (x, y, 1). Although deprecated in OpenSSL 3.0 and should no longer be used,
|
||||||
to set or get the projective co-ordinates in older versions use
|
to set or get the projective coordinates in older versions use
|
||||||
EC_POINT_set_Jprojective_coordinates_GFp() and
|
EC_POINT_set_Jprojective_coordinates_GFp() and
|
||||||
EC_POINT_get_Jprojective_coordinates_GFp() respectively.
|
EC_POINT_get_Jprojective_coordinates_GFp() respectively.
|
||||||
Modern versions should instead use EC_POINT_set_affine_coordinates() and
|
Modern versions should instead use EC_POINT_set_affine_coordinates() and
|
||||||
EC_POINT_get_affine_coordinates(), performing the conversion manually using the
|
EC_POINT_get_affine_coordinates(), performing the conversion manually using the
|
||||||
above maps in such rare circumstances.
|
above maps in such rare circumstances.
|
||||||
|
|
||||||
Points can also be described in terms of their compressed co-ordinates. For a
|
Points can also be described in terms of their compressed coordinates. For a
|
||||||
point (x, y), for any given value for x such that the point is on the curve
|
point (x, y), for any given value for x such that the point is on the curve
|
||||||
there will only ever be two possible values for y. Therefore, a point can be set
|
there will only ever be two possible values for y. Therefore, a point can be set
|
||||||
using the EC_POINT_set_compressed_coordinates() function where B<x> is the x
|
using the EC_POINT_set_compressed_coordinates() function where B<x> is the x
|
||||||
co-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two
|
coordinate and B<y_bit> is a value 0 or 1 to identify which of the two
|
||||||
possible values for y should be used.
|
possible values for y should be used.
|
||||||
|
|
||||||
The functions EC_POINT_set_compressed_coordinates_GFp() and
|
The functions EC_POINT_set_compressed_coordinates_GFp() and
|
||||||
@@ -269,7 +269,7 @@ added in OpenSSL 1.1.1.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
@@ -1065,7 +1065,7 @@ with an L<OSSL_PARAM(3)> item with the key
|
|||||||
|
|
||||||
When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called
|
When used with a fetched B<EVP_CIPHER>, EVP_CIPHER_CTX_set_params() get called
|
||||||
with an L<OSSL_PARAM(3)> item with the key
|
with an L<OSSL_PARAM(3)> item with the key
|
||||||
"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
|
"tlsaad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD>)
|
||||||
followed by EVP_CIPHER_CTX_get_params() with a key of
|
followed by EVP_CIPHER_CTX_get_params() with a key of
|
||||||
"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>).
|
"tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>).
|
||||||
|
|
||||||
|
|||||||
@@ -62,13 +62,16 @@ see L<openssl_user_macros(7)>:
|
|||||||
EVP_PKEY_get_base_id() returns the type of I<pkey>. For example
|
EVP_PKEY_get_base_id() returns the type of I<pkey>. For example
|
||||||
an RSA key will return B<EVP_PKEY_RSA>.
|
an RSA key will return B<EVP_PKEY_RSA>.
|
||||||
|
|
||||||
EVP_PKEY_get_id() returns the actual OID associated with I<pkey>.
|
EVP_PKEY_get_id() returns the actual NID associated with I<pkey>
|
||||||
Historically keys using the same algorithm could use different OIDs.
|
only if the I<pkey> type isn't implemented just in a L<provider(7)>.
|
||||||
For example an RSA key could use the OIDs corresponding to
|
Historically keys using the same algorithm could use different NIDs.
|
||||||
|
For example an RSA key could use the NIDs corresponding to
|
||||||
the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or
|
the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or
|
||||||
B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
|
B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
|
||||||
alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
|
alternative non-standard NIDs is now rare so B<EVP_PKEY_RSA2> et al are not
|
||||||
often seen in practice.
|
often seen in practice.
|
||||||
|
EVP_PKEY_get_id() returns -1 (B<EVP_PKEY_KEYMGMT>) if the I<pkey> is
|
||||||
|
only implemented in a L<provider(7)>.
|
||||||
|
|
||||||
EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
|
EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
|
||||||
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
|
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
|
||||||
@@ -142,6 +145,9 @@ EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
|
|||||||
|
|
||||||
For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
|
For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
|
||||||
|
|
||||||
|
For purposes of retrieving the name of the B<EVP_PKEY> the function
|
||||||
|
L<EVP_PKEY_get0_type_name(3)> is more generally useful.
|
||||||
|
|
||||||
The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
|
The keys returned from the functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(),
|
||||||
EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
|
EVP_PKEY_get0_DH() and EVP_PKEY_get0_EC_KEY() were changed to have a "const"
|
||||||
return type in OpenSSL 3.0. As described above the keys returned may be cached
|
return type in OpenSSL 3.0. As described above the keys returned may be cached
|
||||||
@@ -222,7 +228,7 @@ It was removed in OpenSSL 3.0.
|
|||||||
|
|
||||||
=head1 COPYRIGHT
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
|
||||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
this file except in compliance with the License. You can obtain a copy
|
this file except in compliance with the License. You can obtain a copy
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user