diff --git a/CMakeLists.txt b/CMakeLists.txt index 2f0dfa0e..01a42fb7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,8 +62,13 @@ if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES) STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo") endif() -# Enable asserts regardless of build type -add_definitions(-UNDEBUG) +# Do not disable assertions based on CMAKE_BUILD_TYPE +foreach(_build_type "Release" "MinSizeRel" "RelWithDebInfo") + foreach(_lang C CXX) + string(TOUPPER "CMAKE_${_lang}_FLAGS_${_build_type}" _var) + string(REGEX REPLACE "(^| )[/-]D *NDEBUG($| )" " " ${_var} "${${_var}}") + endforeach() +endforeach() set(BUILD_NC true) @@ -84,16 +89,16 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux") set(PLATFORM_LIBS ${PLATFORM_LIBS} pthread) endif() -if(WIN32 OR (CMAKE_SYSTEM_NAME MATCHES "MINGW")) +if(WIN32) set(BUILD_NC false) - add_definitions(-D_GNU_SOURCE) - add_definitions(-D_POSIX) - add_definitions(-D_POSIX_SOURCE) - add_definitions(-D__USE_MINGW_ANSI_STDIO) + if(MINGW) + add_definitions(-D_GNU_SOURCE) + add_definitions(-D_POSIX) + add_definitions(-D_POSIX_SOURCE) + add_definitions(-D__USE_MINGW_ANSI_STDIO) + endif() endif() -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") - if(CMAKE_SYSTEM_NAME MATCHES "HP-UX") if(CMAKE_C_COMPILER MATCHES "gcc") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -fno-strict-aliasing") @@ -129,7 +134,7 @@ if(WIN32) add_definitions(-D_CRT_SECURE_NO_WARNINGS) add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS) add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS) - add_definitions(-DCPPFLAGS -DNO_SYSLOG -DNO_CRYPT) + add_definitions(-DNO_SYSLOG) add_definitions(-DWIN32_LEAN_AND_MEAN) if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore") add_definitions(-D_WIN32_WINNT=0x0600) @@ -140,6 +145,15 @@ endif() if(MSVC) add_definitions(-Dinline=__inline) message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler") + + include(TestBigEndian) + TEST_BIG_ENDIAN(HAVE_BIG_ENDIAN) + if(HAVE_BIG_ENDIAN) + add_definitions(-DHAVE_BIG_ENDIAN) + else() + add_definitions(-DHAVE_LITTLE_ENDIAN) + endif() + if(CMAKE_C_COMPILER_ID MATCHES "MSVC" OR CMAKE_C_COMPILER_ID MATCHES "Clang") set(MSVC_DISABLED_WARNINGS_LIST "C4018" # 'expression' : signed/unsigned mismatch @@ -182,6 +196,8 @@ if(MSVC) ${MSVC_DISABLED_WARNINGS_LIST}) string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}") +else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") endif() check_function_exists(asprintf HAVE_ASPRINTF) @@ -234,6 +250,11 @@ if(HAVE_STRSEP) add_definitions(-DHAVE_STRSEP) endif() +check_function_exists(strtonum HAVE_STRTONUM) +if(HAVE_STRTONUM) + add_definitions(-DHAVE_STRTONUM) +endif() + check_function_exists(timegm HAVE_TIMEGM) if(HAVE_TIMEGM) add_definitions(-DHAVE_TIMEGM) @@ -295,8 +316,8 @@ if(HAVE_TIMINGSAFE_BCMP) endif() check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP) -if(HAVE_MEMCMP) - add_definitions(-DHAVE_MEMCMP) +if(HAVE_TIMINGSAFE_MEMCMP) + add_definitions(-DHAVE_TIMINGSAFE_MEMCMP) endif() check_function_exists(memmem HAVE_MEMMEM) @@ -333,49 +354,53 @@ if(APPLE AND (NOT CMAKE_OSX_ARCHITECTURES STREQUAL "")) set(CMAKE_SYSTEM_PROCESSOR "${CMAKE_OSX_ARCHITECTURES}") endif() -if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(aarch64|arm64|ARM64)") +if(CMAKE_SYSTEM_PROCESSOR MATCHES "(aarch64|arm64|ARM64)") set(HOST_AARCH64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm") + if(WIN32) + set(ENABLE_ASM false) + endif() +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "arm") set(HOST_ARM true) -elseif("${CMAKE_SYSTEM_NAME}" STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") +elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND CMAKE_SYSTEM_PROCESSOR MATCHES "i386") set(HOST_X86_64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64|AMD64)") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(x86_64|amd64|AMD64)") set(HOST_X86_64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(i[3-6]86|[xX]86)") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(i[3-6]86|[xX]86)") set(ENABLE_ASM false) set(HOST_I386 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "mips64") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "mips64") set(HOST_MIPS64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "mips") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "mips") set(HOST_MIPS true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "powerpc") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "powerpc") set(HOST_POWERPC true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "ppc64") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64") set(HOST_PPC64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "riscv64") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "riscv64") set(HOST_RISCV64 true) -elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "sparc64") +elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "sparc64") set(HOST_SPARC64 true) else() set(ENABLE_ASM false) endif() if(ENABLE_ASM) - if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF") - if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)") + if(CMAKE_C_COMPILER_ABI STREQUAL "ELF") + if(CMAKE_SYSTEM_PROCESSOR MATCHES "(x86_64|amd64)") set(HOST_ASM_ELF_X86_64 true) - elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm") + elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "arm" AND + NOT CMAKE_SYSTEM_PROCESSOR MATCHES "arm64") set(HOST_ASM_ELF_ARMV4 true) - elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") + elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND CMAKE_SYSTEM_PROCESSOR MATCHES "i386") set(HOST_ASM_ELF_X86_64 true) endif() add_definitions(-DHAVE_GNU_STACK) - elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") + elseif(APPLE AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") set(HOST_ASM_MACOSX_X86_64 true) - elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64")) + elseif(MSVC AND (CMAKE_GENERATOR MATCHES "Win64" OR CMAKE_GENERATOR_PLATFORM STREQUAL "x64")) set(HOST_ASM_MASM_X86_64 true) ENABLE_LANGUAGE(ASM_MASM) - elseif(MINGW AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") + elseif(MINGW AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") set(HOST_ASM_MINGW64_X86_64 true) endif() endif() @@ -407,11 +432,23 @@ set(LIBTLS_LIBS tls ${PLATFORM_LIBS}) # libraries for regression test if(BUILD_SHARED_LIBS) - set(OPENSSL_TEST_LIBS ssl-static crypto-static ${PLATFORM_LIBS}) - set(LIBTLS_TEST_LIBS tls-static ${PLATFORM_LIBS}) + set(OPENSSL_TEST_LIBS ssl-static crypto-static ${PLATFORM_LIBS} compat_obj) + set(LIBTLS_TEST_LIBS tls-static ${OPENSSL_TEST_LIBS} tls_compat_obj) else() - set(OPENSSL_TEST_LIBS ssl crypto ${PLATFORM_LIBS}) - set(LIBTLS_TEST_LIBS tls ${PLATFORM_LIBS}) + set(OPENSSL_TEST_LIBS ssl crypto ${PLATFORM_LIBS} compat_obj) + set(LIBTLS_TEST_LIBS tls ${PLATFORM_LIBS} compat_obj tls_compat_obj) +endif() + +if(OPENSSLDIR STREQUAL "") + if(WIN32) + set(OPENSSLDIR "C:/Windows/libressl/ssl") + else() + set(OPENSSLDIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") + endif() + + set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") +else() + set(CONF_DIR "${OPENSSLDIR}") endif() add_subdirectory(include) @@ -495,12 +532,6 @@ if(ENABLE_LIBRESSL_INSTALL) endif() endif(ENABLE_LIBRESSL_INSTALL) -if(NOT "${OPENSSLDIR}" STREQUAL "") - set(CONF_DIR "${OPENSSLDIR}") -else() - set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") -endif() - if(ENABLE_LIBRESSL_INSTALL) install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) install(DIRECTORY DESTINATION ${CONF_DIR}/certs) diff --git a/ChangeLog b/ChangeLog index 22335293..76d554fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,14 +28,101 @@ history is also available from Git. LibreSSL Portable Release Notes: +3.9.2 - Stable release + + * Bugfixes + - OpenBSD 7.5 errata 003. A missing bounds check could lead to a crash + due to dereferencing a zero-sized allocation. + +3.9.1 - Stable release + + * Portable changes + - Updated tests with expiring certificates + - CET-related build fixes for Windows and macOS targets + - update libtls linker script to include libssl and libcrypto again + 3.9.0 - In development * Portable changes + - libcrypto no longer exports compat symbols in cmake builds. + - Most compatibility symbols are prefixed with libressl_ to avoid + symbol clashes in static links. + - Fixed various warnings on Windows. + - Removed assert pop-ups with Windows debug builds. + - Fixed crashes and hangs in Windows ARM64 builds. + - Improved control-flow enforcement (CET) support. * Internal improvements + - Converted uses of OBJ_bsearch_() to standard bsearch(). + - Greatly simplified by_file_ctrl(). + - Simplified and cleaned up the OBJ_ API. + - Cleaned up the EVP_Cipher{Init,Update,Final}() implementations. + - Removed unused function pointers from X.509 stores and contexts. + - A lot of cleanup and reorganization in EVP. + - Removed all remaining ENGINE tentacles. + - Simplified internals of X509_TRUST handling. + - Made deletion from a lhash doall callback safe. + - Rewrote BIO_dump*(3) internals to be less bad. * Documentation improvements + - ENGINE documentation was updated to reflect reality. + - Made EVP API documentation more accurate and less incoherent. + - Call out some shortcomings of the EC_KEY_set_* API explicitly. * Testing and proactive security + - Bug fixes and simplifications in the Wycheproof tests. + * Compatibility changes + - Added ChaCha20 and chacha20 aliases for ChaCha. + - SSL_library_init() now has the same effect as OPENSSL_init_ssl(). + - EVP_add_{cipher,digest}() were removed. From the OBJ_NAME API, + only OBJ_NAME_do_all*() remain. In particular, it is no longer + possible to add aliases for ciphers and digests. + - The thread unsafe global tables are no longer supported. It is no + longer possible to add aliases for ciphers and digests, custom ASN.1 + strings table entries, ASN.1 methods, PKEY methods, digest methods, + CRL methods, purpose and trust identifiers, or X.509 extensions. + - Removed the _cb() and _fp() versions of BIO_dump{,_indent}(). + - BIO_set() was removed. + - BIO_{sn,v,vsn}printf() were removed. + - Turn the long dysfunctional openssl(1) s_client -pause into a noop. + - openssl(1) x509 now supports -new -force_pubkey, -multivalue-rdn, + -set_issuer, -set_subject, and -utf8. + - Support ECDSA with SHA-3 signature algorithms. + - Support HMAC with truncated SHA-2 and SHA-3 as PBE PRF. + - GOST and STREEBOG support was removed. + - CRYPTO_THREADID, _LHASH, _STACK, X509_PURPOSE are now opaque, + X509_CERT_AUX and X509_TRUST were removed from the public API. + - ASN1_STRING_TABLE_get() and X509_PURPOSE_get0*() now return const + pointers. + - EVP_{CIPHER,MD}_CTX_init()'s signatures and semantics now match + OpenSSL's behavior. + - sk_find_ex() and OBJ_bsearch_() were removed. + - CRYPTO_malloc() was fixed to use size_t argument. CRYPTO_malloc() + and CRYPTO_free() now accept file and line arguments. + - A lot of decrepit CRYPTO memory API was removed. * Bug fixes - - Fixed aliasing issues in BN_mod_exp_simple() and BN_mod_exp_recp() + - Fixed aliasing issues in BN_mod_exp_simple() and BN_mod_exp_recp(). + - Fixed numerous misuses of X509_ALGOR_set0() resulting in leaks and + potentially incorrect encodings. + - Fixed potential double free in X509v3_asid_add_id_or_range(). + - Stopped using ASN1_time_parse() outside of libcrypto. + - Prepared OPENSSL_gmtime() and OPENSSL_timegm() as public API + wrappers of internal functions compatible with BoringSSL API. + - Removed print_bin() to avoid overwriting the stack with 5 bytes + of ' ' when ECPK parameters are printed with large indentation. + - Avoid a NULL dereference after memory allocation failure during TLS + version downgrade. + - Fixed various bugs in CMAC internals. + - Fixed 4-byte overreads in GHASH assembly on amd64 and i386. + - Fixed various NULL dereferences in PKCS #12 code due to mishandling + of OPTIONAL content in PKCS #7 ContentInfo. + - Aligned SSL_shutdown() behavior in TLSv1.3 with the legacy stack. + - Fixed the new X.509 verifier to find trust anchors in the trusted + stack. + +3.8.3 - Stable release + + * Portable changes + - Removed assert pop-ups with Windows debug builds. + - Fixed crashes and hangs in Windows ARM64 builds. + - Improved control-flow enforcement (CET) support. 3.8.2 - Stable release diff --git a/README.md b/README.md index 7906fcf1..e4f56b17 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,19 @@ ![LibreSSL image](https://www.libressl.org/images/libressl.jpg) -## Official portable version of [LibreSSL](https://www.libressl.org) ## -[![Linux Build Status](https://github.com/libressl/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test.yml) -[![macOS Build Status](https://github.com/libressl/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/macos_test.yml) -[![Android Build Status](https://github.com/libressl/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/android_test.yml) -[![Cross Build Status](https://github.com/libressl/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/cross_test.yml) -[![Solaris Build Status](https://github.com/libressl/portable/actions/workflows/solaris_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/solaris_test.yml) +## Official portable version of [LibreSSL](https://www.libressl.org) + +[![Linux Build Status](https://github.com/libressl/portable/actions/workflows/linux.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux.yml) +[![macOS Build Status](https://github.com/libressl/portable/actions/workflows/macos.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/macos.yml) +[![Windows Build Status](https://github.com/libressl/portable/actions/workflows/windows.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/windows.yml) +[![Android Build Status](https://github.com/libressl/portable/actions/workflows/android.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/android.yml) +[![Solaris Build Status](https://github.com/libressl/portable/actions/workflows/solaris.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/solaris.yml) [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl) -[![ASan Status](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml) LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the [OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase, improve security, and apply best practice development processes from OpenBSD. -## Compatibility with OpenSSL: ## +## Compatibility with OpenSSL LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently supported. Incompatibilities between the projects exist and are unavoidable since @@ -28,7 +28,7 @@ LibreSSL in order to use it, just as in moving between major versions of OpenSSL LibreSSL's installed library version numbers are incremented to account for ABI and API changes. -## Compatibility with other operating systems: ## +## Compatibility with other operating systems While primarily developed on and taking advantage of APIs available on OpenBSD, the LibreSSL portable project attempts to provide working alternatives for @@ -46,6 +46,7 @@ At the time of this writing, LibreSSL is known to build and work on: * AIX (5.3 and later) LibreSSL also supports the following Windows environments: + * Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64) * Wine (32-bit and 64-bit) * Mingw-w64, Cygwin, and Visual Studio @@ -65,20 +66,24 @@ or to the GitHub Severe vulnerabilities or bugs requiring coordination with OpenSSL can be sent to the core team at libressl-security@openbsd.org. -# Building LibreSSL # +# Building LibreSSL -## Prerequisites when building from a Git checkout ## +## Prerequisites when building from a Git checkout If you have checked this source using Git, or have downloaded a source tarball -from Github, follow these initial steps to prepare the source tree for -building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._ +from GitHub, follow these initial steps to prepare the source tree for +building. _Note: Your build will fail if you do not follow these instructions! +If you cannot follow these instructions (e.g. Windows system using CMake) or +cannot meet these prerequistes, please download an official release distribution +from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official +releases is strongly advised if you are not a developer._ 1. Ensure you have the following packages installed: automake, autoconf, git, libtool, perl 2. Run `./autogen.sh` to prepare the source tree for building or run `./dist.sh` to prepare a tarball. -## Steps that apply to all builds ## +## Steps that apply to all builds Once you have a source tree, either by downloaded using git and having run the `autogen.sh` script above, or by downloading a release distribution from @@ -111,9 +116,9 @@ ninja ninja test ``` -### OS specific build information: ### +### OS specific build information -#### HP-UX (11i) #### +#### HP-UX (11i) Set the UNIX_STD environment variable to `2003` before running `configure` in order to build with the HP C/aC++ compiler. See the "standards(5)" man @@ -125,64 +130,70 @@ export UNIX_STD=2003 make ``` -#### Windows - Mingw-w64 #### +#### Windows - Mingw-w64 LibreSSL builds against relatively recent versions of Mingw-w64, not to be -confused with the original mingw.org project. Mingw-w64 3.2 or later +confused with the original mingw.org project. Mingw-w64 3.2 or later should work. See README.windows for more information -#### Windows - Visual Studio #### +#### Windows - Visual Studio LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To generate a Visual Studio project, install CMake, enter the LibreSSL source directory and run: ```sh - mkdir build-vs2013 - cd build-vs2013 - cmake -G"Visual Studio 12 2013" .. +mkdir build-vs2013 +cd build-vs2013 +cmake -G"Visual Studio 12 2013" .. ``` Replace "Visual Studio 12 2013" with whatever version of Visual Studio you have installed. This will generate a LibreSSL.sln file that you can incorporate into other projects or build by itself. -#### Cmake - Additional Options #### +#### CMake - Additional Options -| Option Name | Default | Description -| ------------ | -----: | ------ -| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using
```-DLIBRESSL_SKIP_INSTALL=ON``` | -| LIBRESSL_APPS | ON | allows skipping application builds. Apps are required to run tests | -| LIBRESSL_TESTS | ON | allows skipping of tests. Tests are only available in static builds | -| BUILD_SHARED_LIBS | OFF | CMake option for building shared libraries. | -| ENABLE_ASM | ON | builds assembly optimized rules. | -| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms | -| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) | -| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using
```-DOPENSSLDIR=``` | +| Option Name | Default | Description | +|-------------------------|--------:|-----------------------------------------------------------------------------------------------------------------| +| `LIBRESSL_SKIP_INSTALL` | `OFF` | allows skipping install() rules. Can be specified from command line using
```-DLIBRESSL_SKIP_INSTALL=ON``` | +| `LIBRESSL_APPS` | `ON` | allows skipping application builds. Apps are required to run tests | +| `LIBRESSL_TESTS` | `ON` | allows skipping of tests. Tests are only available in static builds | +| `BUILD_SHARED_LIBS` | `OFF` | CMake option for building shared libraries. | +| `ENABLE_ASM` | `ON` | builds assembly optimized rules. | +| `ENABLE_EXTRATESTS` | `OFF` | Enable extra tests that may be unreliable on some platforms | +| `ENABLE_NC` | `OFF` | Enable installing TLS-enabled nc(1) | +| `OPENSSLDIR` | Blank | Set the default openssl directory. Can be specified from command line using
```-DOPENSSLDIR=``` | -# Using LibreSSL # +# Using LibreSSL -## CMake ## +## CMake -Make a new folder in your project root (where your main CMakeLists.txt file is located) called CMake. Copy the FindLibreSSL.cmake file to that folder, and add the following line to your main CMakeLists.txt: +Make a new folder in your project root (where your main `CMakeLists.txt` file is +located) called CMake. Copy the `FindLibreSSL.cmake` file to that folder, and +add the following line to your main `CMakeLists.txt`: ```cmake set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") ``` -After your **add_executable** or **add_library** line in your CMakeLists.txt file add the following: +After your `add_executable` or `add_library` line in your `CMakeLists.txt` file +add the following: ```cmake find_package(LibreSSL REQUIRED) ``` -It will tell CMake to find LibreSSL and if found will let you use the following 3 interfaces in your CMakeLists.txt file: +It will tell CMake to find LibreSSL and if found will let you use the following +3 interfaces in your `CMakeLists.txt` file: * LibreSSL::Crypto * LibreSSL::SSL * LibreSSL::TLS -If you for example want to use the LibreSSL TLS library in your test program, include it like so (SSL and Crypto are required by TLS and included automatically too): +If you for example want to use the LibreSSL TLS library in your test program, +include it like so (SSL and Crypto are required by TLS and included +automatically too): ```cmake target_link_libraries(test LibreSSL::TLS) @@ -204,10 +215,18 @@ find_package(LibreSSL REQUIRED) target_link_libraries(test LibreSSL::TLS) ``` -#### Linux #### +#### Linux -Following the guide in the sections above to compile LibreSSL using make and running "sudo make install" will install LibreSSL to the /usr/local/ folder, and will found automatically by find_package. If your system installs it to another location or you have placed them yourself in a different location, you can set the CMake variable LIBRESSL_ROOT_DIR to the correct path, to help CMake find the library. +Following the guide in the sections above to compile LibreSSL using make and +running `sudo make install` will install LibreSSL to the `/usr/local/` folder, +and will be found automatically by find_package. If your system installs it to +another location, or you have placed them yourself in a different location, you +can set the CMake variable `LIBRESSL_ROOT_DIR` to the correct path, to help +CMake find the library. -#### Windows #### +#### Windows -Placing the library files in C:/Program Files/LibreSSL/lib and the include files in C:/Program Files/LibreSSL/include should let CMake find them automatically, but it is recommended that you use CMake-GUI to set the paths. It is more convenient as you can have the files in any folder you choose. +Placing the library files in `C:/Program Files/LibreSSL/lib` and the include +files in `C:/Program Files/LibreSSL/include` should let CMake find them +automatically, but it is recommended that you use CMake-GUI to set the paths. +It is more convenient as you can have the files in any folder you choose. diff --git a/VERSION b/VERSION index 60a4093d..8c0fd68e 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1 @@ -3.8.2.0 - +3.9.2.0 diff --git a/apps/nc/CMakeLists.txt b/apps/nc/CMakeLists.txt index ffd68e55..7bbdb025 100644 --- a/apps/nc/CMakeLists.txt +++ b/apps/nc/CMakeLists.txt @@ -29,11 +29,7 @@ else() set(NC_SRC ${NC_SRC} compat/readpassphrase.c) endif() -if(NOT "${OPENSSLDIR}" STREQUAL "") - add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") -else() - add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") -endif() +add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") add_executable(nc ${NC_SRC}) target_include_directories(nc @@ -44,7 +40,7 @@ target_include_directories(nc PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(nc ${LIBTLS_LIBS}) +target_link_libraries(nc ${LIBTLS_LIBS} compat_obj) if(ENABLE_NC) if(ENABLE_LIBRESSL_INSTALL) diff --git a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt index 9cf7a8b3..778e8376 100644 --- a/apps/ocspcheck/CMakeLists.txt +++ b/apps/ocspcheck/CMakeLists.txt @@ -11,11 +11,7 @@ else() set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c) endif() -if(NOT "${OPENSSLDIR}" STREQUAL "") - add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") -else() - add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") -endif() +add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") add_executable(ocspcheck ${OCSPCHECK_SRC}) target_include_directories(ocspcheck @@ -24,7 +20,7 @@ target_include_directories(ocspcheck PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(ocspcheck tls ${OPENSSL_LIBS}) +target_link_libraries(ocspcheck tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) if(ENABLE_LIBRESSL_INSTALL) install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR}) diff --git a/apps/ocspcheck/ocspcheck.c b/apps/ocspcheck/ocspcheck.c index 516642b5..234f3d22 100644 --- a/apps/ocspcheck/ocspcheck.c +++ b/apps/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.31 2022/12/28 21:30:17 jmc Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.32 2023/11/13 11:46:24 tb Exp $ */ /* * Copyright (c) 2017,2020 Bob Beck @@ -189,8 +189,9 @@ parse_ocsp_time(ASN1_GENERALIZEDTIME *gt) if (gt == NULL) return -1; /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ - if (ASN1_time_parse(gt->data, gt->length, &tm, - V_ASN1_GENERALIZEDTIME) == -1) + if (!ASN1_GENERALIZEDTIME_check(gt)) + return -1; + if (!ASN1_TIME_to_tm(gt, &tm)) return -1; if ((rv = timegm(&tm)) == -1) return -1; diff --git a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt index efea2175..f2dcf97c 100644 --- a/apps/openssl/CMakeLists.txt +++ b/apps/openssl/CMakeLists.txt @@ -75,7 +75,7 @@ target_include_directories(openssl PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(openssl ${OPENSSL_LIBS}) +target_link_libraries(openssl ${OPENSSL_LIBS} compat_obj) if(ENABLE_LIBRESSL_INSTALL) install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR}) diff --git a/apps/openssl/apps.c b/apps/openssl/apps.c index 70857e04..6ffbe6f0 100644 --- a/apps/openssl/apps.c +++ b/apps/openssl/apps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apps.c,v 1.66 2023/07/23 11:39:29 tb Exp $ */ +/* $OpenBSD: apps.c,v 1.67 2023/11/21 17:56:19 tb Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -1716,7 +1716,7 @@ args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, } (*pargs)++; } else if (strcmp(arg, "-purpose") == 0) { - X509_PURPOSE *xptmp; + const X509_PURPOSE *xptmp; if (!argn) *badarg = 1; else { diff --git a/apps/openssl/ca.c b/apps/openssl/ca.c index a93be88d..6fedd22c 100644 --- a/apps/openssl/ca.c +++ b/apps/openssl/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.56 2023/07/02 07:08:57 tb Exp $ */ +/* $OpenBSD: ca.c,v 1.58 2024/02/04 13:08:29 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -607,26 +607,6 @@ static const struct option ca_options[] = { { NULL }, }; -/* - * Set a certificate time based on user provided input. Make sure - * what we put in the certificate is legit for RFC 5280. Returns - * 0 on success, -1 on an invalid time string. Strings must be - * YYYYMMDDHHMMSSZ for post 2050 dates. YYYYMMDDHHMMSSZ or - * YYMMDDHHMMSSZ is accepted for pre 2050 dates, and fixed up to - * be the correct format in the certificate. - */ -static int -setCertificateTime(ASN1_TIME *x509time, char *timestring) -{ - struct tm tm1; - - if (ASN1_time_parse(timestring, strlen(timestring), &tm1, 0) == -1) - return (-1); - if (!ASN1_TIME_set_tm(x509time, &tm1)) - return (-1); - return 0; -} - static void ca_usage(void) { @@ -1985,7 +1965,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (strcmp(startdate, "today") == 0) { if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL) goto err; - } else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) { + } else if (!ASN1_TIME_set_string_X509(X509_get_notBefore(ret), startdate)) { BIO_printf(bio_err, "Invalid start date %s\n", startdate); goto err; } @@ -1994,7 +1974,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL) == NULL) goto err; - } else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) { + } else if (!ASN1_TIME_set_string_X509(X509_get_notAfter(ret), enddate)) { BIO_printf(bio_err, "Invalid end date %s\n", enddate); goto err; } @@ -2596,7 +2576,6 @@ get_certificate_status(const char *serial, CA_DB *db) goto err; } if (strlen(serial) % 2) { - /* Set the first char to 0 */ ; row[DB_serial][0] = '0'; /* Copy String from serial to row[DB_serial] */ diff --git a/apps/openssl/cms.c b/apps/openssl/cms.c index 121a413a..b94e1467 100644 --- a/apps/openssl/cms.c +++ b/apps/openssl/cms.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms.c,v 1.34 2023/04/14 15:27:13 tb Exp $ */ +/* $OpenBSD: cms.c,v 1.35 2023/11/21 17:56:19 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -1140,7 +1140,7 @@ cms_usage(void) fprintf(stderr, "\nValid purposes:\n\n"); for (i = 0; i < X509_PURPOSE_get_count(); i++) { - X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); + const X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); fprintf(stderr, " %-18s%s\n", X509_PURPOSE_get0_sname(ptmp), X509_PURPOSE_get0_name(ptmp)); } diff --git a/apps/openssl/openssl.1 b/apps/openssl/openssl.1 index be060a3e..0e2ffbcd 100644 --- a/apps/openssl/openssl.1 +++ b/apps/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.152 2023/07/27 07:01:50 tb Exp $ +.\" $OpenBSD: openssl.1,v 1.155 2024/01/26 11:58:37 job Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: July 27 2023 $ +.Dd $Mdocdate: January 26 2024 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -4279,7 +4279,6 @@ Verify the input data and output the recovered data. .Op Fl no_tls1_2 .Op Fl no_tls1_3 .Op Fl pass Ar arg -.Op Fl pause .Op Fl policy_check .Op Fl port Ar port .Op Fl prexit @@ -4445,8 +4444,6 @@ Disable the use of TLS1.2 and 1.3, respectively. Disable RFC 4507 session ticket support. .It Fl pass Ar arg The private key password source. -.It Fl pause -Pause 1 second between each read and write call. .It Fl port Ar port The .Ar port @@ -6103,6 +6100,7 @@ version. .Op Fl extensions Ar section .Op Fl extfile Ar file .Op Fl fingerprint +.Op Fl force_pubkey Ar key .Op Fl hash .Op Fl in Ar file .Op Fl inform Cm der | net | pem @@ -6112,7 +6110,9 @@ version. .Op Fl keyform Cm der | pem .Op Fl md5 | sha1 .Op Fl modulus +.Op Fl multivalue-rdn .Op Fl nameopt Ar option +.Op Fl new .Op Fl next_serial .Op Fl noout .Op Fl ocsp_uri @@ -6124,7 +6124,9 @@ version. .Op Fl purpose .Op Fl req .Op Fl serial +.Op Fl set_issuer Ar name .Op Fl set_serial Ar n +.Op Fl set_subject Ar name .Op Fl setalias Ar arg .Op Fl signkey Ar file .Op Fl sigopt Ar nm:v @@ -6134,6 +6136,7 @@ version. .Op Fl subject_hash_old .Op Fl text .Op Fl trustout +.Op Fl utf8 .Op Fl x509toreq .Ek .El @@ -6151,10 +6154,14 @@ The following are x509 input, output, and general purpose options: .It Fl in Ar file The input file to read from, or standard input if not specified. +This option cannot be used with +.Fl new . .It Fl inform Cm der | net | pem The input format. Normally, the command will expect an X.509 certificate, but this can change if other options such as +.Fl in +or .Fl req are present. .It Fl md5 | sha1 @@ -6257,6 +6264,16 @@ using the older algorithm as used by versions before 1.0.0. .It Fl modulus Print the value of the modulus of the public key contained in the certificate. +.It Fl multivalue-rdn +This option causes the +.Fl subj +argument to be interpreted with full support for multivalued RDNs, +for example +.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +If +.Fl multivalue-rdn +is not used, the UID value is set to +.Qq "123456+CN=John Doe" . .It Fl nameopt Ar option Customise how the subject or issuer names are displayed, either using a list of comma-separated options or by specifying @@ -6689,12 +6706,39 @@ which contains the section to use. .It Fl extfile Ar file File containing certificate extensions to use. If not specified, no extensions are added to the certificate. +.It Fl force_pubkey Ar key +Set the public key of the certificate to the public key contained in +.Ar key . .It Fl keyform Cm der | pem -The format of the private key file used in the +The format of the key file used in the +.Fl force_pubkey +and .Fl signkey -option. +options. +.It Fl new +Generate a new certificate using the subject given by +.Fl set_subject +and signed by +.Fl signkey . +If no public key is provided with +.Fl force_pubkey , +the resulting certificate is self-signed. +This option cannot be used with +.Fl in +or +.Fl req . .It Fl req Expect a certificate request on input instead of a certificate. +This option cannot be used with +.Fl new . +.It Fl set_issuer Ar name +The issuer name to use. +.Ar name +must be formatted as /type0=value0/type1=value1/type2=...; +characters may be escaped by +.Sq \e +(backslash); +no spaces are skipped. .It Fl set_serial Ar n The serial number to use. This option can be used with either the @@ -6713,6 +6757,14 @@ options) is not used. The serial number can be decimal or hex (if preceded by .Sq 0x ) . Negative serial numbers can also be specified but their use is not recommended. +.It Fl set_subject Ar name +The subject name to use. +.Ar name +must be formatted as /type0=value0/type1=value1/type2=...; +characters may be escaped by +.Sq \e +(backslash); +no spaces are skipped. .It Fl signkey Ar file Self-sign .Ar file @@ -6733,6 +6785,10 @@ option is supplied. If the input is a certificate request, a self-signed certificate is created using the supplied private key using the subject name in the request. +.It Fl utf8 +Interpret field values read from a terminal or obtained from a configuration +file as UTF-8 strings. +By default, they are interpreted as ASCII. .It Fl x509toreq Convert a certificate into a certificate request. The diff --git a/apps/openssl/openssl.c b/apps/openssl/openssl.c index 15888c7b..db87c636 100644 --- a/apps/openssl/openssl.c +++ b/apps/openssl/openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: openssl.c,v 1.35 2023/06/11 13:02:10 jsg Exp $ */ +/* $OpenBSD: openssl.c,v 1.36 2024/02/03 15:58:34 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -211,12 +211,6 @@ FUNCTION functions[] = { #endif /* Message Digests. */ -#ifndef OPENSSL_NO_GOST - { FUNC_TYPE_MD, "gost-mac", dgst_main }, - { FUNC_TYPE_MD, "md_gost94", dgst_main }, - { FUNC_TYPE_MD, "streebog256", dgst_main }, - { FUNC_TYPE_MD, "streebog512", dgst_main }, -#endif #ifndef OPENSSL_NO_MD4 { FUNC_TYPE_MD, "md4", dgst_main }, #endif diff --git a/apps/openssl/pkcs12.c b/apps/openssl/pkcs12.c index aedae640..c8706904 100644 --- a/apps/openssl/pkcs12.c +++ b/apps/openssl/pkcs12.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.c,v 1.25 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: pkcs12.c,v 1.27 2024/02/28 17:04:38 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -70,6 +70,7 @@ #include #include #include +#include #define NOKEYS 0x1 #define NOCERTS 0x2 @@ -1010,17 +1011,20 @@ get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain) static int alg_print(BIO *x, const X509_ALGOR *alg) { - PBEPARAM *pbe; - const unsigned char *p; - - p = alg->parameter->value.sequence->data; - pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + PBEPARAM *pbe = NULL; + const ASN1_OBJECT *aobj; + int param_type; + const void *param; + + X509_ALGOR_get0(&aobj, ¶m_type, ¶m, alg); + if (param_type == V_ASN1_SEQUENCE) + pbe = ASN1_item_unpack(param, &PBEPARAM_it); if (pbe == NULL) return 1; BIO_printf(bio_err, "%s, Iteration %ld\n", - OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), + OBJ_nid2ln(OBJ_obj2nid(aobj)), ASN1_INTEGER_get(pbe->iter)); - PBEPARAM_free(pbe); + ASN1_item_free((ASN1_VALUE *)pbe, &PBEPARAM_it); return 1; } diff --git a/apps/openssl/s_client.c b/apps/openssl/s_client.c index e5a6b006..299042c5 100644 --- a/apps/openssl/s_client.c +++ b/apps/openssl/s_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_client.c,v 1.62 2023/07/03 08:03:56 beck Exp $ */ +/* $OpenBSD: s_client.c,v 1.64 2023/12/29 12:15:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -223,7 +223,6 @@ static struct { char *npn_in; unsigned int off; char *passarg; - int pause; int peekaboo; char *port; int prexit; @@ -659,9 +658,7 @@ static const struct option s_client_options[] = { }, { .name = "pause", - .desc = "Pause 1 second between each read and write call", - .type = OPTION_FLAG, - .opt.flag = &cfg.pause, + .type = OPTION_DISCARD, }, { .name = "peekaboo", @@ -832,7 +829,7 @@ sc_usage(void) " [-keymatexport label] [-keymatexportlen len] [-legacy_server_connect]\n" " [-msg] [-mtu mtu] [-nbio] [-nbio_test] [-no_comp] [-no_ign_eof]\n" " [-no_legacy_server_connect] [-no_ticket] \n" - " [-no_tls1_2] [-no_tls1_3] [-pass arg] [-pause] [-policy_check]\n" + " [-no_tls1_2] [-no_tls1_3] [-pass arg] [-policy_check]\n" " [-port port] [-prexit] [-proxy host:port] [-quiet] [-reconnect]\n" " [-servername name] [-serverpref] [-sess_in file] [-sess_out file]\n" " [-showcerts] [-starttls protocol] [-state] [-status] [-timeout]\n" @@ -1088,8 +1085,6 @@ s_client_main(int argc, char **argv) goto end; } } - if (cfg.pause & 0x01) - SSL_set_debug(con, 1); if (SSL_is_dtls(con)) { sbio = BIO_new_dgram(s, BIO_NOCLOSE); @@ -1130,7 +1125,6 @@ s_client_main(int argc, char **argv) sbio = BIO_push(test, sbio); } if (cfg.debug) { - SSL_set_debug(con, 1); BIO_set_callback(sbio, bio_dump_callback); BIO_set_callback_arg(sbio, (char *) bio_c_out); } diff --git a/apps/openssl/s_server.c b/apps/openssl/s_server.c index 95fe633e..328ac28a 100644 --- a/apps/openssl/s_server.c +++ b/apps/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.58 2023/07/03 08:03:56 beck Exp $ */ +/* $OpenBSD: s_server.c,v 1.59 2023/12/29 12:15:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1548,7 +1548,6 @@ sv_body(int s, unsigned char *context) /* SSL_set_fd(con,s); */ if (cfg.debug) { - SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); } @@ -1949,7 +1948,6 @@ www_body(int s, unsigned char *context) BIO_push(io, ssl_bio); if (cfg.debug) { - SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out); } diff --git a/apps/openssl/ts.c b/apps/openssl/ts.c index 84008183..c62f1dd6 100644 --- a/apps/openssl/ts.c +++ b/apps/openssl/ts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.c,v 1.26 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: ts.c,v 1.27 2023/11/19 09:19:54 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -599,7 +599,7 @@ create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, TS_MSG_IMPRINT *msg_imprint = NULL; X509_ALGOR *algo = NULL; unsigned char *data = NULL; - ASN1_OBJECT *policy_obj = NULL; + ASN1_OBJECT *md_obj = NULL, *policy_obj = NULL; ASN1_INTEGER *nonce_asn1 = NULL; /* Setting default message digest. */ @@ -621,11 +621,14 @@ create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, /* Adding algorithm. */ if ((algo = X509_ALGOR_new()) == NULL) goto err; - if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) + if ((md_obj = OBJ_nid2obj(EVP_MD_type(md))) == NULL) goto err; - if ((algo->parameter = ASN1_TYPE_new()) == NULL) + /* + * This does not use X509_ALGOR_set_md() for historical reasons. + * See the comment in PKCS7_SIGNER_INFO_set() for details. + */ + if (!X509_ALGOR_set0(algo, md_obj, V_ASN1_NULL, NULL)) goto err; - algo->parameter->type = V_ASN1_NULL; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err; diff --git a/apps/openssl/verify.c b/apps/openssl/verify.c index b4e0f33f..a87d5d47 100644 --- a/apps/openssl/verify.c +++ b/apps/openssl/verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verify.c,v 1.17 2023/04/14 15:27:13 tb Exp $ */ +/* $OpenBSD: verify.c,v 1.18 2023/11/21 17:56:19 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -251,7 +251,7 @@ verify_usage(void) fprintf(stderr, "\nValid purposes:\n\n"); for (i = 0; i < X509_PURPOSE_get_count(); i++) { - X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); + const X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); fprintf(stderr, " %-18s%s\n", X509_PURPOSE_get0_sname(ptmp), X509_PURPOSE_get0_name(ptmp)); } diff --git a/apps/openssl/x509.c b/apps/openssl/x509.c index 7c8f34f6..0d5cf5d0 100644 --- a/apps/openssl/x509.c +++ b/apps/openssl/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.33 2023/04/14 06:47:07 tb Exp $ */ +/* $OpenBSD: x509.c,v 1.37 2024/01/26 11:58:37 job Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -81,12 +81,13 @@ static int callb(int ok, X509_STORE_CTX *ctx); static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, - const EVP_MD *digest, CONF *conf, char *section); + const EVP_MD *digest, CONF *conf, char *section, X509_NAME *issuer, + char *force_pubkey); static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, char *serial, int create, int days, int clrext, CONF *conf, char *section, - ASN1_INTEGER *sno); -static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); + ASN1_INTEGER *sno, X509_NAME *issuer); +static int purpose_print(BIO *bio, X509 *cert, const X509_PURPOSE *pt); static struct { char *alias; @@ -103,6 +104,7 @@ static struct { unsigned long certflag; int checkend; int checkoffset; + unsigned long chtype; int clrext; int clrreject; int clrtrust; @@ -113,6 +115,7 @@ static struct { char *extfile; char *extsect; int fingerprint; + char *force_pubkey; char *infile; int informat; int issuer; @@ -124,6 +127,8 @@ static struct { int keyformat; const EVP_MD *md_alg; int modulus; + int multirdn; + int new; int next_serial; unsigned long nmflag; int noout; @@ -139,6 +144,8 @@ static struct { STACK_OF(ASN1_OBJECT) *reject; int reqfile; int serial; + char *set_issuer; + char *set_subject; int sign_flag; STACK_OF(OPENSSL_STRING) *sigopts; ASN1_INTEGER *sno; @@ -312,6 +319,13 @@ x509_opt_sigopt(char *arg) return (0); } +static int +x509_opt_utf8(void) +{ + cfg.chtype = MBSTRING_UTF8; + return (0); +} + static const struct option x509_options[] = { { .name = "C", @@ -467,6 +481,13 @@ static const struct option x509_options[] = { .opt.order = &cfg.fingerprint, .order = &cfg.num, }, + { + .name = "force_pubkey", + .argname = "key", + .desc = "Force the public key to be put in the certificate", + .type = OPTION_ARG, + .opt.arg = &cfg.force_pubkey, + }, { .name = "hash", .desc = "Synonym for -subject_hash", @@ -511,6 +532,12 @@ static const struct option x509_options[] = { .order = &cfg.num, }, #endif + { + .name = "key", + .argname = "file", + .type = OPTION_ARG_FUNC, + .opt.argfunc = x509_opt_signkey, + }, { .name = "keyform", .argname = "fmt", @@ -525,6 +552,12 @@ static const struct option x509_options[] = { .opt.order = &cfg.modulus, .order = &cfg.num, }, + { + .name = "multivalue-rdn", + .desc = "Enable support for multivalued RDNs", + .type = OPTION_FLAG, + .opt.flag = &cfg.multirdn, + }, { .name = "nameopt", .argname = "option", @@ -532,6 +565,12 @@ static const struct option x509_options[] = { .type = OPTION_ARG_FUNC, .opt.argfunc = x509_opt_nameopt, }, + { + .name = "new", + .desc = "Generate a new certificate", + .type = OPTION_FLAG, + .opt.flag = &cfg.new, + }, { .name = "next_serial", .desc = "Print the next serial number", @@ -608,6 +647,13 @@ static const struct option x509_options[] = { .opt.order = &cfg.serial, .order = &cfg.num, }, + { + .name = "set_issuer", + .argname = "name", + .desc = "Set the issuer name", + .type = OPTION_ARG, + .opt.arg = &cfg.set_issuer, + }, { .name = "set_serial", .argname = "n", @@ -615,6 +661,13 @@ static const struct option x509_options[] = { .type = OPTION_ARG_FUNC, .opt.argfunc = x509_opt_set_serial, }, + { + .name = "set_subject", + .argname = "name", + .desc = "Set the subject name", + .type = OPTION_ARG, + .opt.arg = &cfg.set_subject, + }, { .name = "setalias", .argname = "arg", @@ -643,6 +696,11 @@ static const struct option x509_options[] = { .opt.order = &cfg.startdate, .order = &cfg.num, }, + { + .name = "subj", + .type = OPTION_ARG, + .opt.arg = &cfg.set_subject, + }, { .name = "subject", .desc = "Print subject name", @@ -679,6 +737,12 @@ static const struct option x509_options[] = { .type = OPTION_FLAG, .opt.flag = &cfg.trustout, }, + { + .name = "utf8", + .desc = "Input characters are in UTF-8 (default ASCII)", + .type = OPTION_FUNC, + .opt.func = x509_opt_utf8, + }, { .name = "x509toreq", .desc = "Output a certification request object", @@ -704,16 +768,17 @@ x509_usage(void) " [-CAkeyform der | pem] [-CAserial file] [-certopt option]\n" " [-checkend arg] [-clrext] [-clrreject] [-clrtrust] [-dates]\n" " [-days arg] [-email] [-enddate] [-extensions section]\n" - " [-extfile file] [-fingerprint] [-hash] [-in file]\n" - " [-inform der | net | pem] [-issuer] [-issuer_hash]\n" - " [-issuer_hash_old] [-keyform der | pem] [-md5 | -sha1]\n" - " [-modulus] [-nameopt option] [-next_serial] [-noout]\n" - " [-ocsp_uri] [-ocspid] [-out file]\n" - " [-outform der | net | pem] [-passin arg] [-pubkey]\n" - " [-purpose] [-req] [-serial] [-set_serial n] [-setalias arg]\n" - " [-signkey file] [-sigopt nm:v] [-startdate] [-subject]\n" - " [-subject_hash] [-subject_hash_old] [-text] [-trustout]\n" - " [-x509toreq]\n"); + " [-extfile file] [-fingerprint] [-force_pubkey key] [-hash]\n" + " [-in file] [-inform der | net | pem] [-issuer]\n" + " [-issuer_hash] [-issuer_hash_old] [-keyform der | pem]\n" + " [-md5 | -sha1] [-modulus] [-multivalue-rdn]\n" + " [-nameopt option] [-new] [-next_serial] [-noout] [-ocsp_uri]\n" + " [-ocspid] [-out file] [-outform der | net | pem]\n" + " [-passin arg] [-pubkey] [-purpose] [-req] [-serial]\n" + " [-set_issuer name] [-set_serial n] [-set_subject name]\n" + " [-setalias arg] [-signkey file] [-sigopt nm:v] [-startdate]\n" + " [-subject] [-subject_hash] [-subject_hash_old] [-text]\n" + " [-trustout] [-utf8] [-x509toreq]\n"); fprintf(stderr, "\n"); options_usage(x509_options); fprintf(stderr, "\n"); @@ -725,7 +790,9 @@ x509_main(int argc, char **argv) int ret = 1; X509_REQ *req = NULL; X509 *x = NULL, *xca = NULL; - EVP_PKEY *Upkey = NULL, *CApkey = NULL; + X509_NAME *iname = NULL, *sname = NULL; + EVP_PKEY *Fpkey = NULL, *Upkey = NULL, *CApkey = NULL; + EVP_PKEY *pkey; int i; BIO *out = NULL; BIO *STDout = NULL; @@ -741,6 +808,7 @@ x509_main(int argc, char **argv) } memset(&cfg, 0, sizeof(cfg)); + cfg.chtype = MBSTRING_ASC; cfg.days = DEF_DAYS; cfg.informat = FORMAT_PEM; cfg.outformat = FORMAT_PEM; @@ -811,8 +879,33 @@ x509_main(int argc, char **argv) goto end; } } + if (cfg.force_pubkey != NULL) { + if ((Fpkey = load_pubkey(bio_err, cfg.force_pubkey, + cfg.keyformat, 0, NULL, "Forced key")) == NULL) + goto end; + } + if (cfg.new) { + if (cfg.infile != NULL) { + BIO_printf(bio_err, "Can't combine -new and -in\n"); + goto end; + } + if (cfg.reqfile) { + BIO_printf(bio_err, "Can't combine -new and -req\n"); + goto end; + } + if (cfg.set_subject == NULL) { + BIO_printf(bio_err, "Must use -set_subject with -new\n"); + goto end; + } + if (cfg.keyfile == NULL) { + BIO_printf(bio_err, "Must use -signkey with -new\n"); + goto end; + } + if ((Upkey = load_key(bio_err, cfg.keyfile, cfg.keyformat, 0, + passin, "Private key")) == NULL) + goto end; + } if (cfg.reqfile) { - EVP_PKEY *pkey; BIO *in; if (!cfg.sign_flag && !cfg.CA_flag) { @@ -861,6 +954,8 @@ x509_main(int argc, char **argv) print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), cfg.nmflag); + } + if (cfg.reqfile || cfg.new) { if ((x = X509_new()) == NULL) goto end; @@ -875,9 +970,21 @@ x509_main(int argc, char **argv) } else if (!X509_set_serialNumber(x, cfg.sno)) goto end; - if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) + if (cfg.set_issuer != NULL) { + iname = parse_name(cfg.set_issuer, cfg.chtype, + cfg.multirdn); + if (iname == NULL) + goto end; + } + + if (cfg.set_subject != NULL) + sname = parse_name(cfg.set_subject, cfg.chtype, + cfg.multirdn); + else + sname = X509_NAME_dup(X509_REQ_get_subject_name(req)); + if (sname == NULL) goto end; - if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) + if (!X509_set_subject_name(x, sname)) goto end; if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) @@ -886,7 +993,11 @@ x509_main(int argc, char **argv) NULL) == NULL) goto end; - if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) + if ((pkey = Fpkey) == NULL) + pkey = X509_REQ_get0_pubkey(req); + if (pkey == NULL) + pkey = Upkey; + if (pkey == NULL) goto end; if (!X509_set_pubkey(x, pkey)) goto end; @@ -1022,7 +1133,7 @@ x509_main(int argc, char **argv) } #endif else if (cfg.pprint == i) { - X509_PURPOSE *ptmp; + const X509_PURPOSE *ptmp; int j; BIO_printf(STDout, "Certificate purposes:\n"); @@ -1156,8 +1267,7 @@ x509_main(int argc, char **argv) ASN1_TIME *nB = X509_get_notBefore(x); BIO_puts(STDout, "notBefore="); - if (ASN1_time_parse(nB->data, nB->length, NULL, - 0) == -1) + if (!ASN1_TIME_to_tm(nB, NULL)) BIO_puts(STDout, "INVALID RFC5280 TIME"); else @@ -1167,8 +1277,7 @@ x509_main(int argc, char **argv) ASN1_TIME *nA = X509_get_notAfter(x); BIO_puts(STDout, "notAfter="); - if (ASN1_time_parse(nA->data, nA->length, NULL, - 0) == -1) + if (!ASN1_TIME_to_tm(nA, NULL)) BIO_puts(STDout, "INVALID RFC5280 TIME"); else @@ -1193,10 +1302,7 @@ x509_main(int argc, char **argv) BIO_printf(STDout, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); } - - /* should be in the library */ } else if (cfg.sign_flag == i && cfg.x509req == 0) { - BIO_printf(bio_err, "Getting Private key\n"); if (Upkey == NULL) { Upkey = load_key(bio_err, cfg.keyfile, cfg.keyformat, 0, passin, @@ -1206,10 +1312,10 @@ x509_main(int argc, char **argv) } if (!sign(x, Upkey, cfg.days, cfg.clrext, cfg.digest, - extconf, cfg.extsect)) + extconf, cfg.extsect, iname, + cfg.force_pubkey)) goto end; } else if (cfg.CA_flag == i) { - BIO_printf(bio_err, "Getting CA Private Key\n"); if (cfg.CAkeyfile != NULL) { CApkey = load_key(bio_err, cfg.CAkeyfile, cfg.CAkeyformat, 0, passin, @@ -1220,7 +1326,7 @@ x509_main(int argc, char **argv) if (!x509_certify(ctx, cfg.CAfile, cfg.digest, x, xca, CApkey, cfg.sigopts, cfg.CAserial, cfg.CA_createserial, cfg.days, cfg.clrext, - extconf, cfg.extsect, cfg.sno)) + extconf, cfg.extsect, cfg.sno, iname)) goto end; } else if (cfg.x509req == i) { EVP_PKEY *pk; @@ -1304,10 +1410,13 @@ x509_main(int argc, char **argv) NCONF_free(extconf); BIO_free_all(out); BIO_free_all(STDout); + X509_NAME_free(iname); + X509_NAME_free(sname); X509_STORE_free(ctx); X509_REQ_free(req); X509_free(x); X509_free(xca); + EVP_PKEY_free(Fpkey); EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); sk_OPENSSL_STRING_free(cfg.sigopts); @@ -1368,7 +1477,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, X509 *xca, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *sigopts, char *serialfile, int create, int days, int clrext, CONF *conf, - char *section, ASN1_INTEGER *sno) + char *section, ASN1_INTEGER *sno, X509_NAME *issuer) { int ret = 0; ASN1_INTEGER *bs = NULL; @@ -1407,8 +1516,14 @@ x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, X509 *x, "CA certificate and CA private key do not match\n"); goto end; } - if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) + + if (issuer == NULL) + issuer = X509_get_subject_name(xca); + if (issuer == NULL) goto end; + if (!X509_set_issuer_name(x, issuer)) + goto end; + if (!X509_set_serialNumber(x, bs)) goto end; @@ -1485,7 +1600,7 @@ callb(int ok, X509_STORE_CTX *ctx) /* self sign */ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, - CONF *conf, char *section) + CONF *conf, char *section, X509_NAME *issuer, char *force_pubkey) { EVP_PKEY *pktmp; @@ -1495,7 +1610,11 @@ sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_save_parameters(pktmp, 1); - if (!X509_set_issuer_name(x, X509_get_subject_name(x))) + if (issuer == NULL) + issuer = X509_get_subject_name(x); + if (issuer == NULL) + goto err; + if (!X509_set_issuer_name(x, issuer)) goto err; if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; @@ -1508,8 +1627,10 @@ sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, (long) 60 * 60 * 24 * days) == NULL) goto err; - if (!X509_set_pubkey(x, pkey)) - goto err; + if (force_pubkey == NULL) { + if (!X509_set_pubkey(x, pkey)) + goto err; + } if (clrext) { while (X509_get_ext_count(x) > 0) { if (X509_delete_ext(x, 0) == NULL) @@ -1536,10 +1657,10 @@ sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, } static int -purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) +purpose_print(BIO *bio, X509 *cert, const X509_PURPOSE *pt) { int id, i, idret; - char *pname; + const char *pname; id = X509_PURPOSE_get_id(pt); pname = X509_PURPOSE_get0_name(pt); diff --git a/cert.pem b/cert.pem index e5215f3c..0dd54a2a 100644 --- a/cert.pem +++ b/cert.pem @@ -1,4 +1,4 @@ -# $OpenBSD: cert.pem,v 1.26 2023/05/06 17:55:38 tb Exp $ +# $OpenBSD: cert.pem,v 1.28 2023/11/27 21:44:21 tb Exp $ ### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 === /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 @@ -12,11 +12,11 @@ Certificate: Not After : May 5 15:22:07 2036 GMT Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.firmaprofesional.com/cps User Notice: @@ -75,31 +75,31 @@ Certificate: Not After : Dec 31 09:37:37 2030 GMT Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES X509v3 extensions: - Authority Information Access: + Authority Information Access: CA Issuers - URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt OCSP - URI:http://ocsp.accv.es - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy User Notice: Explicit Text: CPS: http://www.accv.es/legislacion_c.htm - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:accv@accv.es SHA1 Fingerprint=93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 SHA256 Fingerprint=9A:6E:C0:12:E1:A7:DA:9D:BE:34:19:4D:47:8A:D7:C0:DB:18:22:FB:07:1D:F1:29:81:49:6E:D1:04:38:41:13 @@ -161,11 +161,11 @@ Certificate: Not After : Sep 22 11:22:02 2030 GMT Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 X509v3 Key Usage: critical @@ -219,7 +219,7 @@ Certificate: Not After : Dec 31 14:06:06 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9D:93:C6:53:8B:5E:CA:AF:3F:9F:1E:0F:E5:99:95:BC:24:F6:94:8F X509v3 Basic Constraints: critical CA:TRUE @@ -258,7 +258,7 @@ Certificate: Not After : Dec 31 14:08:24 2030 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD X509v3 Basic Constraints: critical CA:TRUE @@ -297,7 +297,7 @@ Certificate: Not After : Dec 31 14:10:36 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9D:C0:67:A6:0C:22:D9:26:F5:45:AB:A6:65:52:11:27:D8:45:AC:63 X509v3 Basic Constraints: critical CA:TRUE @@ -347,7 +347,7 @@ Certificate: Not After : Dec 31 14:20:24 2040 GMT Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9A:AF:29:7A:C0:11:35:35:26:51:30:00:C3:6A:FE:40:D5:AE:D6:3C X509v3 Basic Constraints: critical CA:TRUE @@ -383,11 +383,11 @@ Certificate: Not After : Apr 26 08:57:56 2044 GMT Subject: C=TN, O=Agence Nationale de Certification Electronique, CN=TunTrust Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:06:9A:9B:1F:53:7D:F1:F5:A4:C8:D3:86:3E:A1:73:59:B4:F7:44:21 X509v3 Key Usage: critical @@ -446,7 +446,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08 SHA1 Fingerprint=8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 SHA256 Fingerprint=8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E @@ -486,7 +486,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B0:0C:F0:4C:30:F4:05:58:02:48:FD:33:E5:52:AF:4B:84:E3:66:52 SHA1 Fingerprint=5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A SHA256 Fingerprint=1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 @@ -537,7 +537,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0 SHA1 Fingerprint=0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E SHA256 Fingerprint=18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 @@ -569,7 +569,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D3:EC:C7:3A:65:6E:CC:E1:DA:76:9A:56:FB:9C:F3:86:6D:57:E5:81 SHA1 Fingerprint=F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE SHA256 Fingerprint=E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 @@ -600,10 +600,10 @@ Certificate: Not After : Aug 30 10:00:38 2039 GMT Subject: serialNumber=G63287510, C=ES, O=ANF Autoridad de Certificacion, OU=ANF CA Raiz, CN=ANF Secure Server Root CA X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9C:5F:D0:6C:63:A3:5F:93:CA:93:98:08:AD:8C:87:A5:2C:5C:C1:37 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -662,7 +662,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8D:06:66:74:24:76:3A:F3:89:F7:BC:D6:BD:47:7D:2F:BC:10:5F:4B X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -697,7 +697,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8C:FB:1C:75:BC:02:D3:9F:4E:2E:48:D9:F9:60:54:AA:C4:B3:4F:FA X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -750,14 +750,14 @@ Certificate: Not After : Dec 31 23:59:59 2030 GMT Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6189.3.4.1.1 X509v3 Key Usage: critical @@ -785,6 +785,91 @@ maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- +=== /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3d:98:3b:a6:66:3d:90:63:f7:7e:26:57:38:04:ef:00 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Apr 22 09:26:23 2021 GMT + Not After : Apr 17 09:26:22 2041 GMT + Subject: CN=Atos TrustedRoot Root CA ECC TLS 2021, O=Atos, C=DE + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 76:28:25:D6:7D:E0:66:9A:7A:09:B2:6A:3B:8E:33:D7:36:D3:4F:A2 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=9E:BC:75:10:42:B3:02:F3:81:F4:F7:30:62:D4:8F:C3:A7:51:B2:DD +SHA256 Fingerprint=B2:FA:E5:3E:14:CC:D7:AB:92:12:06:47:01:AE:27:9C:1D:89:88:FA:CB:77:5F:A8:A0:08:91:4E:66:39:88:A8 +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQo +-----END CERTIFICATE----- +=== /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 53:d5:cf:e6:19:93:0b:fb:2b:05:12:d8:c2:2a:a2:a4 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Apr 22 09:21:10 2021 GMT + Not After : Apr 17 09:21:09 2041 GMT + Subject: CN=Atos TrustedRoot Root CA RSA TLS 2021, O=Atos, C=DE + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 74:49:99:D1:FF:B4:7A:68:45:75:C3:7E:B4:DC:CC:CE:39:33:DA:08 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=18:52:3B:0D:06:37:E4:D6:3A:DF:23:E4:98:FB:5B:16:FB:86:74:48 +SHA256 Fingerprint=81:A9:08:8E:A5:9F:B3:64:C5:48:A6:F8:55:59:09:9B:6F:04:05:EF:BF:18:E5:32:4E:C9:F4:57:BA:00:11:2F +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- ### Baltimore @@ -799,7 +884,7 @@ Certificate: Not After : May 12 23:59:00 2025 GMT Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 X509v3 Basic Constraints: critical CA:TRUE, pathlen:3 @@ -829,6 +914,95 @@ ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- +### BEIJING CERTIFICATE AUTHORITY + +=== /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 55:6f:65:e3:b4:d9:90:6a:1b:09:d1:6c:3e:c0:6c:20 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 19 03:16:17 2019 GMT + Not After : Dec 12 03:16:17 2044 GMT + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA1 + X509v3 extensions: + X509v3 Subject Key Identifier: + C5:EF:ED:CC:D8:8D:21:C6:48:E4:E3:D7:14:2E:A7:16:93:E5:98:01 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D5:EC:8D:7B:4C:BA:79:F4:E7:E8:CB:9D:6B:AE:77:83:10:03:21:6A +SHA256 Fingerprint=F3:89:6F:88:FE:7C:0A:88:27:66:A7:FA:6A:D2:74:9F:B5:7A:7F:3E:98:FB:76:9C:1F:A7:B0:9C:2C:44:D5:AE +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU +MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI +T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz +MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF +SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh +bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z +xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ +spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5 +58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR +at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll +5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq +nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK +V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/ +pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO +z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn +jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+ +WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF +7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli +awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u ++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88 +X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN +SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo +P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI ++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz +znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9 +eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2 +YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy +r/6zcCwupvI= +-----END CERTIFICATE----- +=== /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2c:17:08:7d:64:2a:c0:fe:85:18:59:06:cf:b4:4a:eb + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 19 03:18:21 2019 GMT + Not After : Dec 12 03:18:21 2044 GMT + Subject: C=CN, O=BEIJING CERTIFICATE AUTHORITY, CN=BJCA Global Root CA2 + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:4A:B1:51:7F:06:F0:D1:82:1F:4E:6E:5F:AB:83:FC:48:D4:B0:91 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F4:27:86:EB:6E:B8:6D:88:31:67:02:FB:BA:66:A4:53:00:AA:7A:A6 +SHA256 Fingerprint=57:4D:F6:93:1E:27:80:39:66:7B:72:0A:FD:C1:60:0F:C2:7E:B6:6D:D3:09:29:79:FB:73:85:64:87:21:28:82 +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw +CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ +VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy +MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ +TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS +b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B +IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+ ++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK +sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA +94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B +43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- + ### Buypass AS-983163327 === /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA @@ -844,7 +1018,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C9:80:77:E0:62:92:82:F5:46:9C:F3:BA:F7:4C:C3:DE:B8:A3:AD:39 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -894,7 +1068,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 47:B8:CD:FF:E5:6F:EE:F8:B2:EC:2F:4E:0E:F9:25:B0:8E:3C:6B:C3 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -950,7 +1124,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F3:28:18:CB:64:75:EE:29:2A:EB:ED:AE:23:58:38:85:EB:C8:22:07 SHA1 Fingerprint=F9:E1:6D:DC:01:89:CF:D5:82:45:63:3E:C5:37:7D:C2:EB:93:6F:2B SHA256 Fingerprint=B4:58:5F:22:E4:AC:75:6A:4E:86:12:A1:36:1C:5D:9D:03:1A:93:FD:84:FE:BB:77:8F:A3:06:8B:0F:C4:2D:C2 @@ -983,7 +1157,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E0:AA:3F:25:8D:9F:44:5C:C1:3A:E8:2E:AE:77:4C:84:3E:67:0C:F4 SHA1 Fingerprint=A0:50:EE:0F:28:71:F4:27:B2:12:6D:6F:50:96:25:BA:CC:86:42:AF SHA256 Fingerprint=77:B8:2C:D8:64:4C:43:05:F7:AC:C5:CB:15:6B:45:67:50:04:03:3D:51:C6:0C:62:02:A8:E0:C3:34:67:D3:A0 @@ -1036,7 +1210,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E0:8C:9B:DB:25:49:B3:F1:7C:86:D6:B2:42:87:0B:D0:6B:A0:D9:E4 SHA1 Fingerprint=FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B SHA256 Fingerprint=EA:A9:62:C4:FA:4A:6B:AF:EB:E4:15:19:6D:35:1C:CD:88:8D:4F:53:F3:FA:8A:E6:D7:C4:66:A9:4E:60:42:BB @@ -1079,7 +1253,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 82:21:2D:66:C6:D7:A0:E0:15:EB:CE:4C:09:77:C4:60:9E:54:6E:03 SHA1 Fingerprint=26:F9:93:B4:ED:3D:28:27:B0:B9:4B:A7:E9:15:1D:A3:8D:92:E5:32 SHA256 Fingerprint=65:7C:FE:2F:A7:3F:AA:38:46:25:71:F3:32:A2:36:3A:46:FC:E7:02:09:51:71:07:02:CD:FB:B6:EE:DA:33:05 @@ -1128,14 +1302,14 @@ Certificate: Not After : Dec 31 03:07:01 2029 GMT Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F SHA1 Fingerprint=E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 SHA256 Fingerprint=5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD @@ -1188,7 +1362,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F2:77:17:FA:5E:A8:FE:F6:3D:71:D5:68:BA:C9:46:0C:38:D8:AF:B0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -1237,11 +1411,11 @@ Certificate: Not After : Dec 20 02:31:27 2034 GMT Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1E:0C:F7:B6:67:F2:E1:92:26:09:45:C0:55:39:2E:77:3F:42:4A:A2 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE - setCext-hashedRoot: + setCext-hashedRoot: 0/0-...0...+......0...g*.....E... V|.[x....S..... SHA1 Fingerprint=67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 @@ -1280,61 +1454,6 @@ W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -### Comodo CA Limited - -=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: Jan 1 00:00:00 2004 GMT - Not After : Dec 31 23:59:59 2028 GMT - Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services - X509v3 extensions: - X509v3 Subject Key Identifier: - A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 CRL Distribution Points: - - Full Name: - URI:http://crl.comodoca.com/AAACertificateServices.crl - - Full Name: - URI:http://crl.comodo.net/AAACertificateServices.crl - -SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 -SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj -YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL -MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE -BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM -GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua -BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe -3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 -YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR -rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm -ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU -oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v -QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t -b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF -AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q -GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 -G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi -l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 -smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - ### COMODO CA Limited === /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority @@ -1349,13 +1468,13 @@ Certificate: Not After : Dec 31 23:59:59 2029 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.comodoca.com/COMODOCertificationAuthority.crl @@ -1399,7 +1518,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 75:71:A7:19:48:19:BC:9D:9D:EA:41:47:DF:94:C4:48:77:99:D3:79 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -1435,7 +1554,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -1478,6 +1597,61 @@ QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl NVOFBkpdn627G190 -----END CERTIFICATE----- +### Comodo CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 1 00:00:00 2004 GMT + Not After : Dec 31 23:59:59 2028 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/AAACertificateServices.crl + + Full Name: + URI:http://crl.comodo.net/AAACertificateServices.crl + +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 +SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + ### D-Trust GmbH === /C=DE/O=D-Trust GmbH/CN=D-TRUST BR Root CA 1 2020 @@ -1494,11 +1668,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 73:91:10:AB:FF:55:B3:5A:7C:09:25:D5:B2:BA:08:A0:6B:AB:1F:6D X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl @@ -1540,11 +1714,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7F:10:01:16:37:3A:A4:28:E4:50:F8:A4:F7:EC:6B:32:B6:FE:E9:8B X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl @@ -1585,11 +1759,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FD:DA:14:C4:9F:30:DE:21:BD:1E:42:39:FC:AB:63:23:49:E0:F1:84 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist @@ -1637,11 +1811,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D3:94:8A:4C:62:13:2A:19:2E:CC:AF:72:8A:7D:36:D7:9A:1C:DC:67 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist @@ -1693,16 +1867,16 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 DirName:/C=FR/O=Dhimyotis/CN=Certigna serial:FE:DC:E3:01:0F:C9:48:FF X509v3 Key Usage: critical Certificate Sign, CRL Sign - Netscape Cert Type: + Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA SHA1 Fingerprint=B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 SHA256 Fingerprint=E3:B6:A2:DB:2E:D7:CE:48:84:2F:7A:C5:32:41:C7:B7:1D:54:14:4B:FB:40:C1:1F:3F:1D:0B:42:F5:EE:A1:2D @@ -1744,16 +1918,16 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:18:87:56:E0:6E:77:EE:24:35:3C:4E:73:9A:1F:D6:E1:E2:79:7E:2B - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: https://wwww.certigna.fr/autorites/ - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.certigna.fr/certignarootca.crl @@ -1818,9 +1992,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F SHA1 Fingerprint=05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 @@ -1863,7 +2037,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CE:C3:4A:B9:99:55:F2:B8:DB:60:BF:A9:7E:BD:56:B5:97:36:A7:D6 SHA1 Fingerprint=A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F SHA256 Fingerprint=7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 @@ -1905,7 +2079,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CB:D0:BD:A9:E1:98:05:51:A1:4D:37:A2:83:79:CE:8D:1D:2A:E4:84 SHA1 Fingerprint=F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 SHA256 Fingerprint=7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 @@ -1940,9 +2114,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 SHA1 Fingerprint=A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 @@ -1985,7 +2159,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 SHA1 Fingerprint=DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F @@ -2027,7 +2201,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 SHA1 Fingerprint=7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E SHA256 Fingerprint=31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 @@ -2062,9 +2236,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 SHA1 Fingerprint=5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 @@ -2108,7 +2282,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F SHA1 Fingerprint=DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 SHA256 Fingerprint=55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 @@ -2159,7 +2333,7 @@ Certificate: Not After : Jan 14 23:59:59 2046 GMT Subject: C=US, O=DigiCert, Inc., CN=DigiCert TLS ECC P384 Root G5 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C1:51:45:50:59:AB:3E:E7:2C:5A:FA:20:22:12:07:80:88:7C:11:6A X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -2193,7 +2367,7 @@ Certificate: Not After : Jan 14 23:59:59 2046 GMT Subject: C=US, O=DigiCert, Inc., CN=DigiCert TLS RSA4096 Root G5 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 51:33:1C:ED:36:40:AF:17:D3:25:CD:69:68:F2:AF:4E:23:3E:B3:41 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -2251,7 +2425,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B5:99:F8:AF:B0:94:F5:E3:20:D6:0A:AD:CE:4E:56:A4:2E:6E:42:ED SHA1 Fingerprint=B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 SHA256 Fingerprint=E2:3D:4A:03:6D:7B:70:E9:F5:95:B1:42:20:79:D2:B9:1E:DF:BB:1F:B6:51:A0:63:3E:AA:8A:9D:C5:F8:07:03 @@ -2305,9 +2479,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:DC:2E:1F:D1:61:37:79:E4:AB:D5:D5:B3:12:71:68:3D:6A:68:9C:22 SHA1 Fingerprint=D0:67:C1:13:51:01:0C:AA:D0:C7:6A:65:37:31:16:26:4F:53:71:A2 @@ -2345,106 +2519,6 @@ aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== -----END CERTIFICATE----- -### E-Tugra EBG A.S. - -=== /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 26:46:19:77:31:e1:4f:6f:28:36:de:39:51:86:e6:d4:97:88:22:c1 - Signature Algorithm: ecdsa-with-SHA384 - Validity - Not Before: Mar 18 09:46:58 2020 GMT - Not After : Mar 12 09:46:58 2045 GMT - Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA ECC v3 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 - - X509v3 Subject Key Identifier: - FF:82:31:72:3E:F9:C4:66:6C:AD:38:9E:D1:B0:51:88:A5:90:CC:F5 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign -SHA1 Fingerprint=8A:2F:AF:57:53:B1:B0:E6:A1:04:EC:5B:6A:69:71:6D:F6:1C:E2:84 -SHA256 Fingerprint=87:3F:46:85:FA:7F:56:36:25:25:2E:6D:36:BC:D7:F1:6F:C2:49:51:F2:64:E4:7E:1B:95:4F:49:08:CD:CA:13 ------BEGIN CERTIFICATE----- -MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw -gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn -cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD -VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2 -NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r -YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh -IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF -Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ -KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK -fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB -Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C -MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp -ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6 -7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx -vmjkI6TZraE3 ------END CERTIFICATE----- -=== /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0d:4d:c5:cd:16:22:95:96:08:7e:b8:0b:7f:15:06:34:fb:79:10:34 - Signature Algorithm: sha256WithRSAEncryption - Validity - Not Before: Mar 18 09:07:17 2020 GMT - Not After : Mar 12 09:07:17 2045 GMT - Subject: C=TR, L=Ankara, O=E-Tugra EBG A.S., OU=E-Tugra Trust Center, CN=E-Tugra Global Root CA RSA v3 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF - - X509v3 Subject Key Identifier: - B2:B4:AE:E6:2D:F7:26:D5:AA:75:2D:76:4B:C0:1B:53:21:D0:48:EF - X509v3 Key Usage: critical - Certificate Sign, CRL Sign -SHA1 Fingerprint=E9:A8:5D:22:14:52:1C:5B:AA:0A:B4:BE:24:6A:23:8A:C9:BA:E2:A9 -SHA256 Fingerprint=EF:66:B0:B1:0A:3C:DB:9F:2E:36:48:C7:6B:D2:AF:18:EA:D2:BF:E6:F1:17:65:5E:28:C4:06:0D:A1:A3:F4:C2 ------BEGIN CERTIFICATE----- -MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL -BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt -VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw -JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw -OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG -QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 -Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD -QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7 -7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx -uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8 -7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/ -rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL -l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG -wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4 -znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO -M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK -5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH -nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo -DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD -AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy -tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL -BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ -6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18 -Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ -3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk -vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9 -9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ -mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA -VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF -9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM -moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8 -bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ ------END CERTIFICATE----- - ### eMudhra Inc === /C=US/OU=emSign PKI/O=eMudhra Inc/CN=emSign ECC Root CA - C3 @@ -2459,7 +2533,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign ECC Root CA - C3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FB:5A:48:D0:80:20:40:F2:A8:E9:00:07:69:19:77:A7:E6:C3:F4:CF X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2493,7 +2567,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=US, OU=emSign PKI, O=eMudhra Inc, CN=emSign Root CA - C1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FE:A1:E0:70:1E:2A:03:39:52:5A:42:BE:5C:91:85:7A:18:AA:4D:B5 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2537,7 +2611,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign ECC Root CA - G3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:5D:02:84:13:D4:CC:8A:9B:81:CE:17:1C:2E:29:1E:9C:48:63:42 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2572,7 +2646,7 @@ Certificate: Not After : Feb 18 18:30:00 2043 GMT Subject: C=IN, OU=emSign PKI, O=eMudhra Technologies Limited, CN=emSign Root CA - G1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: FB:EF:0D:86:9E:B0:E3:DD:A9:B9:F1:21:17:7F:3E:FC:F0:77:2B:1A X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -2620,7 +2694,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 @@ -2665,7 +2739,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49 SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 @@ -2703,7 +2777,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9F:38:C4:56:23:C3:39:E8:A0:71:6C:E8:54:4C:E4:E8:3A:B1:BF:67 SHA1 Fingerprint=14:88:4E:86:26:37:B0:26:AF:59:62:5C:40:77:EC:35:29:BA:96:01 SHA256 Fingerprint=DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 @@ -2758,14 +2832,14 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Private Key Usage Period: + X509v3 Private Key Usage Period: Not Before: Nov 27 20:23:42 2006 GMT, Not After: Nov 27 20:53:42 2026 GMT - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D - 1.2.840.113533.7.65.0: + 1.2.840.113533.7.65.0: 0...V7.1:4.0.... SHA1 Fingerprint=B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 SHA256 Fingerprint=73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C @@ -2814,7 +2888,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 SHA1 Fingerprint=50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 SHA256 Fingerprint=6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 @@ -2862,9 +2936,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F7:7D:C5:FD:C4:E8:9A:1B:77:64:A7:F5:1D:A0:CC:BF:87:60:9A:6D - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.cert.fnmt.es/dpcs/ @@ -2918,7 +2992,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 01:B9:2F:EF:BF:11:86:60:F2:4F:D0:41:6E:AB:73:1F:E7:D2:6E:49 SHA1 Fingerprint=62:FF:D9:9E:C0:65:0D:03:CE:75:93:D2:ED:3F:2D:32:C9:E3:E5:4A SHA256 Fingerprint=55:41:53:B1:3D:2C:F9:DD:B7:53:BF:BE:1A:4E:0A:E0:8D:0A:A4:18:70:58:FE:60:A2:B8:62:B2:E4:B8:7B:CB @@ -2957,7 +3031,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 SHA1 Fingerprint=6B:A0:B0:98:E1:71:EF:5A:AD:FE:48:15:80:77:10:F4:BD:6F:0B:28 SHA256 Fingerprint=B0:85:D7:0B:96:4F:19:1A:73:E4:AF:0D:54:AE:7A:0E:07:AA:FD:AF:9B:71:DD:08:62:13:8A:B7:32:5A:24:A2 @@ -2989,7 +3063,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59 SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA SHA256 Fingerprint=17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 @@ -3023,7 +3097,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC SHA1 Fingerprint=D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD SHA256 Fingerprint=CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B @@ -3064,9 +3138,9 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:AE:6C:05:A3:93:13:E2:A2:E7:E2:D7:1C:D6:C7:F0:7F:C8:67:53:A0 SHA1 Fingerprint=80:94:64:0E:B5:A7:A1:CA:11:9C:1F:DD:D5:9F:81:02:63:A7:FB:D1 @@ -3122,7 +3196,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 31:0A:90:8F:B6:C6:9D:D2:44:4B:80:B5:A2:E6:1F:B1:12:4F:1B:95 SHA1 Fingerprint=39:B4:6C:D5:FE:80:06:EB:E2:2F:4A:BB:08:33:A0:AF:DB:B9:DD:84 SHA256 Fingerprint=CB:B9:C4:4D:84:B8:04:3E:10:50:EA:31:A6:9F:51:49:55:D7:BF:D2:E2:C6:B4:93:01:01:9A:D6:1D:9F:50:58 @@ -3155,7 +3229,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 03:5C:AB:73:81:87:A8:CC:B0:A6:D5:94:E2:36:96:49:FF:05:99:2C SHA1 Fingerprint=53:A2:B0:4B:CA:6B:D6:45:E6:39:8A:8E:C4:0D:D2:BF:77:C3:A2:90 SHA256 Fingerprint=4F:A3:12:6D:8D:3A:11:D1:C4:85:5A:4F:80:7C:BA:D6:CF:91:9D:3A:5A:88:B0:3B:EA:2C:63:72:D9:3C:40:C9 @@ -3206,7 +3280,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C SHA256 Fingerprint=EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 @@ -3249,7 +3323,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE SHA1 Fingerprint=47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B SHA256 Fingerprint=45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA @@ -3295,7 +3369,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E4:AF:2B:26:71:1A:2B:48:27:85:2F:52:66:2C:EF:F0:89:13:71:3E SHA1 Fingerprint=E5:8C:1C:C4:91:3B:38:63:4B:E9:10:6E:E3:AD:8E:6B:9D:D9:81:4A SHA256 Fingerprint=D9:47:43:2A:BD:E7:B7:FA:90:FC:2E:6B:59:10:1B:12:80:E0:E1:C7:E4:E4:0F:A3:C6:88:7F:FF:57:A7:F4:CF @@ -3346,7 +3420,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BB:FF:CA:8E:23:9F:4F:99:CA:DB:E2:68:A6:A5:15:27:17:1E:D9:0E SHA1 Fingerprint=9A:44:49:76:32:DB:DE:FA:D0:BC:FB:5A:7B:17:BD:9E:56:09:24:94 SHA256 Fingerprint=8D:25:CD:97:22:9D:BF:70:35:6B:DA:4E:B3:CC:73:40:31:E2:4C:F0:0F:AF:CF:D3:2D:C7:6E:B5:84:1C:7E:A8 @@ -3397,7 +3471,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C1:F1:26:BA:A0:2D:AE:85:81:CF:D3:F1:2A:12:BD:B8:0A:67:FD:BC SHA1 Fingerprint=ED:E5:71:80:2B:C8:92:B9:5B:83:3C:D2:32:68:3F:09:CD:A0:1E:46 SHA256 Fingerprint=34:D8:A7:3E:E2:08:D9:BC:DB:0D:95:65:20:93:4B:4E:40:E6:94:82:59:6E:8B:6F:73:C8:42:6B:01:0A:6F:48 @@ -3430,7 +3504,7 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 80:4C:D6:EB:74:FF:49:36:A3:D5:D8:FC:B5:3E:C5:6A:F0:94:1D:8C SHA1 Fingerprint=77:D3:03:67:B5:E0:0C:15:F6:0C:38:61:DF:7C:E1:3B:92:46:4D:47 SHA256 Fingerprint=34:9D:FA:40:58:C5:E2:63:12:3B:39:8A:E7:95:57:3C:4E:13:13:C8:3F:E6:8F:93:55:6C:D5:E8:03:1B:3C:7D @@ -3461,7 +3535,7 @@ Certificate: Not After : Dec 31 15:59:59 2040 GMT Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E2:C9:40:9F:4D:CE:E8:9A:A1:7C:CF:0E:3F:65:C5:29:88:6A:19:51 X509v3 Basic Constraints: critical CA:TRUE @@ -3518,7 +3592,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C9:1B:53:81:12:FE:04:D5:16:D1:AA:BC:9A:6F:B7:A0:95:19:6E:CA X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -3553,7 +3627,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0A:48:23:A6:60:A4:92:0A:33:EA:93:5B:C5:57:EA:25:4D:BD:12:EE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -3610,7 +3684,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B4:22:0B:82:99:24:01:0E:9C:BB:E4:0E:FD:BF:FB:97:20:93:99:2A SHA1 Fingerprint=9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 SHA256 Fingerprint=44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 @@ -3646,7 +3720,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 71:15:67:C8:C8:C9:BD:75:5D:72:D0:38:18:6A:9D:F3:71:24:54:0B SHA1 Fingerprint=01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 SHA256 Fingerprint=A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 @@ -3688,43 +3762,6 @@ vm9qp/UsQu0yrbYhnr68 ### Hongkong Post -=== /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1000 (0x3e8) - Signature Algorithm: sha1WithRSAEncryption - Validity - Not Before: May 15 05:13:14 2003 GMT - Not After : May 15 04:52:29 2023 GMT - Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:3 - X509v3 Key Usage: critical - Digital Signature, Non Repudiation, Certificate Sign, CRL Sign -SHA1 Fingerprint=D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 -SHA256 Fingerprint=F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- === /C=HK/ST=Hong Kong/L=Hong Kong/O=Hongkong Post/CN=Hongkong Post Root CA 3 Certificate: Data: @@ -3741,10 +3778,10 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 17:9D:CD:1E:8B:D6:39:2B:70:D3:5C:D4:A0:B8:1F:B0:00:FC:C5:61 SHA1 Fingerprint=58:A2:D0:EC:20:52:81:5B:C1:F3:F8:64:02:24:4E:C2:8E:02:4B:02 SHA256 Fingerprint=5A:2F:C0:3F:0C:83:B0:90:BB:FA:40:60:4B:09:88:44:6C:76:36:18:3D:F9:84:6E:17:10:1A:44:7F:B8:EF:D6 @@ -3801,7 +3838,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: ED:44:19:C0:D3:F0:06:8B:EE:A4:7B:BE:42:E7:26:54:C8:8E:36:76 SHA1 Fingerprint=DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 SHA256 Fingerprint=5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE @@ -3852,7 +3889,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: E3:71:E0:9E:D8:A7:42:D9:DB:71:91:6B:94:93:EB:C3:A3:D1:14:A3 SHA1 Fingerprint=BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD SHA256 Fingerprint=30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F @@ -3906,7 +3943,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E SHA1 Fingerprint=CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 @@ -3957,7 +3994,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95 SHA1 Fingerprint=BD:B1:B9:3C:D5:97:8D:45:C6:26:14:55:F8:DB:95:C7:5A:D1:53:AF SHA256 Fingerprint=69:72:9B:8E:15:A8:6E:FC:17:7A:57:AF:B7:17:1D:FC:64:AD:D2:8C:2F:CA:8C:F1:50:7E:34:45:3C:CB:14:70 @@ -3990,7 +4027,7 @@ Certificate: Not After : Jul 31 07:26:44 2043 GMT Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus ECC Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 98:39:CD:BE:D8:B2:8C:F7:B2:AB:E1:AD:24:AF:7B:7C:A1:DB:1F:CF X509v3 Basic Constraints: critical CA:TRUE @@ -4024,7 +4061,7 @@ Certificate: Not After : Jul 31 07:24:05 2043 GMT Subject: C=CN, O=iTrusChina Co.,Ltd., CN=vTrus Root CA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 54:62:70:63:F1:75:84:43:58:8E:D1:16:20:B1:C6:AC:1A:BC:F6:89 X509v3 Basic Constraints: critical CA:TRUE @@ -4078,13 +4115,13 @@ Certificate: Not After : Dec 13 08:27:25 2037 GMT Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com X509v3 extensions: - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05 SHA1 Fingerprint=2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 SHA256 Fingerprint=25:30:CC:8E:98:32:15:02:BA:D9:6F:9B:1F:BA:1B:09:9E:2D:29:9E:0F:45:48:BB:91:4F:36:3B:C0:D4:53:1F @@ -4136,7 +4173,7 @@ Certificate: Not After : Apr 8 04:56:47 2029 GMT Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4184,7 +4221,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 2E:16:A9:4A:18:B5:CB:CC:F5:6F:50:F3:23:5F:F8:5D:E7:AC:F0:C8 SHA1 Fingerprint=E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE SHA256 Fingerprint=A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE @@ -4228,9 +4265,9 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:87:11:15:08:D1:AA:C1:78:0C:B1:AF:CE:C6:C9:90:EF:BF:30:04:C0 SHA1 Fingerprint=89:D4:83:03:4F:9E:9A:48:80:5F:72:37:D4:A9:A6:EF:CB:7C:1F:D1 @@ -4266,12 +4303,12 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 - X509v3 Subject Alternative Name: + X509v3 Subject Alternative Name: email:info@e-szigno.hu SHA1 Fingerprint=89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E SHA256 Fingerprint=3C:5F:81:FE:A5:FA:B8:2C:64:BF:A2:EA:EC:AF:CD:E8:E0:77:FC:86:20:A7:CA:E5:37:16:3D:F3:6E:DB:F3:78 @@ -4318,9 +4355,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C8:CB:99:72:70:52:0C:F8:E6:BE:B2:04:57:29:2A:CF:42:10:ED:35 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=99:9A:64:C3:7F:F4:7D:9F:AB:95:F1:47:69:89:14:60:EE:C4:C3:C5 SHA256 Fingerprint=35:8D:F3:9D:76:4A:F9:E1:B7:66:E9:C9:72:DF:35:2E:E1:5C:FA:C2:27:AF:6A:D1:D7:0E:8E:4A:6E:DC:BA:02 @@ -4355,9 +4392,9 @@ Certificate: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 09:CB:59:7F:86:B2:70:8F:1A:C3:39:E3:C0:D9:E9:BF:BB:4D:B2:23 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74 SHA256 Fingerprint=C7:41:F7:0F:4B:2A:8D:88:BF:2E:71:C1:41:22:EF:53:EF:10:EB:A0:CF:A5:E6:4C:FA:20:F4:18:85:30:73:E0 @@ -4409,7 +4446,7 @@ Certificate: Not After : Aug 18 23:59:59 2037 GMT Subject: C=KR, O=NAVER BUSINESS PLATFORM Corp., CN=NAVER Global Root Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:9F:88:DF:A1:CD:2C:BD:EC:F5:3B:01:01:93:33:27:B2:EB:60:4B X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4468,7 +4505,7 @@ Certificate: CA:TRUE, pathlen:4 X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: CC:FA:67:93:F0:B6:B8:D0:A5:C0:1E:F3:53:FD:8C:53:DF:83:D7:96 SHA1 Fingerprint=06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 SHA256 Fingerprint=6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 @@ -4515,7 +4552,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A3:97:D6:F3:5E:A2:10:E1:AB:45:9F:3C:17:64:3C:EE:01:70:9C:CC SHA1 Fingerprint=1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 SHA256 Fingerprint=8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 @@ -4563,11 +4600,11 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 serial:05:09 @@ -4623,7 +4660,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D SHA1 Fingerprint=09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 SHA256 Fingerprint=8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 @@ -4671,17 +4708,17 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.8024.0.3 User Notice: Explicit Text: Any use of this Certificate constitutes acceptance of the QuoVadis Root CA 3 Certificate Policy / Certification Practice Statement. CPS: http://www.quovadisglobal.com/cps - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 serial:05:C6 @@ -4742,7 +4779,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C6:17:D0:BC:A8:EA:02:43:F2:1B:06:99:5D:2B:90:20:B9:D7:9C:E4 SHA1 Fingerprint=48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D SHA256 Fingerprint=88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 @@ -4792,7 +4829,7 @@ Certificate: Not After : Jan 18 05:15:28 2038 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication ECC RootCA1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 86:1C:E7:FE:2D:A5:4A:8B:08:FE:28:11:FA:BE:A3:66:F8:60:59:2F X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4826,7 +4863,7 @@ Certificate: Not After : Jan 18 06:17:16 2038 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., CN=Security Communication RootCA3 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 64:14:7C:FC:58:72:16:A6:0A:29:34:15:6F:2A:CB:BC:FC:AF:A8:AB X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4877,7 +4914,7 @@ Certificate: Not After : May 29 05:00:39 2029 GMT Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -4907,46 +4944,93 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- -### SECOM Trust.net +### Sectigo Limited -=== /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 +=== /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46 Certificate: Data: Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: + 42:f2:cc:da:1b:69:37:44:5f:15:fe:75:28:10:b8:f4 + Signature Algorithm: ecdsa-with-SHA384 Validity - Not Before: Sep 30 04:20:49 2003 GMT - Not After : Sep 30 04:20:49 2023 GMT - Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root E46 X509v3 extensions: - X509v3 Subject Key Identifier: - A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 - X509v3 Key Usage: - Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + D1:22:DA:4C:59:F1:4B:5F:26:38:AA:9D:D6:EE:EB:0D:C3:FB:A9:61 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=EC:8A:39:6C:40:F0:2E:BC:42:75:D4:9F:AB:1C:1A:5B:67:BE:D2:9A +SHA256 Fingerprint=C9:0F:26:F0:FB:1B:40:18:B2:22:27:51:9B:5C:A2:B5:3E:2C:A5:B3:BE:5C:F1:8E:FE:1B:EF:47:38:0C:53:83 +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- +=== /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 75:8d:fd:8b:ae:7c:07:00:fa:a9:25:a7:e1:c7:ad:14 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Mar 22 00:00:00 2021 GMT + Not After : Mar 21 23:59:59 2046 GMT + Subject: C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication Root R46 + X509v3 extensions: + X509v3 Subject Key Identifier: + 56:73:58:64:95:F9:92:1A:B0:12:2A:04:62:79:A1:40:15:88:21:49 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE -SHA1 Fingerprint=36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 -SHA256 Fingerprint=E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY -MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t -dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 -WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD -VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 -9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ -DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 -Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N -QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ -xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G -A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG -kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr -Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 -Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU -JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot -RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +SHA1 Fingerprint=AD:98:F9:F3:E4:7D:75:3B:65:D4:82:B3:A4:52:17:BB:6E:F5:E4:38 +SHA256 Fingerprint=7B:B6:47:A6:2A:EE:AC:88:BF:25:7A:A5:22:D0:1F:FE:A3:95:E0:AB:45:C7:3F:93:F6:56:54:EC:38:F2:5A:06 +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL -----END CERTIFICATE----- ### SecureTrust Corporation @@ -4963,20 +5047,20 @@ Certificate: Not After : Dec 31 19:52:06 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4 - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.securetrust.com/SGCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B SHA256 Fingerprint=42:00:F5:04:3A:C8:59:0E:BB:52:7D:20:9E:D1:50:30:29:FB:CB:D4:1C:A1:B5:06:EC:27:F1:5A:DE:7D:AC:69 @@ -5014,20 +5098,20 @@ Certificate: Not After : Dec 31 19:40:55 2029 GMT Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 42:32:B6:16:FA:04:FD:FE:5D:4B:7A:C3:FD:F7:4C:40:1D:5A:43:AF - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.securetrust.com/STCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 SHA256 Fingerprint=F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73 @@ -5056,6 +5140,98 @@ CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR ### SSL Corporation +=== /C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 14:03:f5:ab:fb:37:8b:17:40:5b:e2:43:b2:a5:d1:c4 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 25 16:33:48 2022 GMT + Not After : Aug 19 16:33:47 2046 GMT + Subject: C=US, O=SSL Corporation, CN=SSL.com TLS ECC Root CA 2022 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + + X509v3 Subject Key Identifier: + 89:8F:2F:A3:E8:2B:A0:14:54:7B:F3:56:B8:26:5F:67:38:0B:9C:D0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=9F:5F:D9:1A:54:6D:F5:0C:71:F0:EE:7A:BD:17:49:98:84:73:E2:39 +SHA256 Fingerprint=C3:2F:FD:9F:46:F9:36:D1:6C:36:73:99:09:59:43:4B:9A:D6:0A:AF:BB:9E:7C:F3:36:54:F1:44:CC:1B:A1:43 +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- +=== /C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 6f:be:da:ad:73:bd:08:40:e2:8b:4d:be:d4:f7:5b:91 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 25 16:34:22 2022 GMT + Not After : Aug 19 16:34:21 2046 GMT + Subject: C=US, O=SSL Corporation, CN=SSL.com TLS RSA Root CA 2022 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + + X509v3 Subject Key Identifier: + FB:2E:37:EE:E3:84:7A:27:2E:CD:19:35:B1:33:7C:FF:D4:44:42:B9 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=EC:2C:83:40:72:AF:26:95:10:FF:0E:F2:03:EE:31:70:F6:78:9D:CA +SHA256 Fingerprint=8F:AF:7D:2E:2C:B4:70:9B:B8:E0:B3:36:66:BF:75:A5:DD:45:B5:DE:48:0F:8E:A8:D4:BF:E6:BE:BC:17:F2:ED +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- === /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority ECC Certificate: Data: @@ -5067,11 +5243,11 @@ Certificate: Not After : Feb 12 18:15:23 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F X509v3 Key Usage: critical @@ -5107,10 +5283,10 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign @@ -5161,11 +5337,11 @@ Certificate: Not After : Feb 12 18:14:03 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD X509v3 Key Usage: critical @@ -5199,11 +5375,11 @@ Certificate: Not After : Feb 12 17:39:39 2041 GMT Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 X509v3 Basic Constraints: critical CA:TRUE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 X509v3 Key Usage: critical @@ -5258,14 +5434,14 @@ Certificate: Not After : Jun 29 17:39:16 2034 GMT Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority serial:00 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE SHA1 Fingerprint=AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A SHA256 Fingerprint=14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 @@ -5308,7 +5484,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27 SHA1 Fingerprint=B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E SHA256 Fingerprint=2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5 @@ -5350,7 +5526,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83 SHA1 Fingerprint=92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F SHA256 Fingerprint=56:8D:69:05:A2:C8:87:08:A4:B3:02:51:90:ED:CF:ED:B1:97:4A:60:6A:13:C6:E5:29:0F:CB:2A:E6:3E:DA:B5 @@ -5397,12 +5573,12 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.2.1.1 CPS: http://repository.swisssign.com/ @@ -5456,12 +5632,12 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 - X509v3 Certificate Policies: + X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.3.1.1 CPS: http://repository.swisssign.com/ @@ -5518,7 +5694,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A SHA1 Fingerprint=59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 SHA256 Fingerprint=91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52 @@ -5560,7 +5736,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA SHA1 Fingerprint=55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 SHA256 Fingerprint=FD:73:DA:D3:1C:64:4F:F1:B4:3B:EF:0C:CD:DA:96:71:0B:9C:D9:87:5E:CA:7E:31:70:7A:F3:E9:6D:52:2B:BD @@ -5653,7 +5829,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 6A:38:5B:26:8D:DE:8B:5A:F2:4F:7A:54:83:19:18:E3:08:35:A6:BA SHA1 Fingerprint=CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 SHA256 Fingerprint=BF:D8:8F:E1:10:1C:41:AE:3E:80:1B:F8:BE:56:35:0E:E9:BA:D1:A6:B9:BD:51:5E:DC:5C:6D:5B:87:11:AC:44 @@ -5693,10 +5869,10 @@ Certificate: Not After : Nov 29 11:55:54 2043 GMT Subject: C=FI, O=Telia Finland Oyj, CN=Telia Root CA v2 X509v3 extensions: - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 72:AC:E4:33:79:AA:45:87:F6:FD:AC:1D:9E:D6:C7:2F:86:D8:24:39 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5753,9 +5929,9 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Key Usage: + X509v3 Key Usage: Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: F0:8F:59:38:00:B3:F5:8F:9A:96:0C:D5:EB:FA:7B:AA:17:E8:13:12 SHA1 Fingerprint=43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 SHA256 Fingerprint=DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89 @@ -5803,14 +5979,14 @@ Certificate: Not After : Jun 29 17:06:20 2034 GMT Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority serial:00 - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE SHA1 Fingerprint=27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 SHA256 Fingerprint=C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4 @@ -5853,7 +6029,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5889,7 +6065,7 @@ Certificate: Not After : Jan 18 23:59:59 2038 GMT Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -5948,7 +6124,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 99:E0:19:67:0D:62:DB:76:B3:DA:3D:B8:5B:E8:FD:42:D2:31:0E:87 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6004,7 +6180,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: A3:41:06:AC:90:6D:D1:4A:EB:75:A5:4A:10:99:B3:B1:A1:8B:4A:F7 SHA1 Fingerprint=B4:90:82:DD:45:0C:BE:8B:5B:B1:66:D3:E2:A4:08:26:CD:ED:42:CF SHA256 Fingerprint=94:5B:BC:82:5E:A5:54:F4:89:D1:FD:51:A7:3D:DF:2E:A6:24:AC:70:19:A0:52:05:22:5C:22:A7:8C:CF:A8:B4 @@ -6039,7 +6215,7 @@ Certificate: CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 55:A9:84:89:D2:C1:32:BD:18:CB:6C:A6:07:4E:C8:E7:9D:BE:82:90 SHA1 Fingerprint=E7:F3:A3:C8:CF:6F:C3:04:2E:6D:0E:67:32:C5:9E:68:95:0D:5E:D2 SHA256 Fingerprint=55:90:38:59:C8:C0:C3:EB:B8:75:9E:CE:4E:25:57:22:5F:F5:75:8B:BD:38:EB:D4:82:76:60:1E:1B:D5:80:97 @@ -6074,7 +6250,7 @@ Certificate: Not After : Oct 25 08:25:55 2043 GMT Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 65:3F:C7:8A:86:C6:3C:DD:3C:54:5C:35:F8:3A:ED:52:0C:47:57:C8 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6123,7 +6299,7 @@ Certificate: Not After : Dec 31 00:00:00 2038 GMT Subject: C=CN, O=UniTrust, CN=UCA Extended Validation Root X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: D9:74:3A:E4:30:3D:0D:F7:12:DC:7E:5A:05:9F:1E:34:9A:F7:E1:14 X509v3 Basic Constraints: critical CA:TRUE @@ -6178,7 +6354,7 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 81:C4:8C:CC:F5:E4:30:FF:A5:0C:08:5F:8C:15:67:21:74:01:DF:DF SHA1 Fingerprint=28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A SHA256 Fingerprint=9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C @@ -6229,7 +6405,7 @@ Certificate: X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7 X509v3 Key Usage: critical Certificate Sign, CRL Sign @@ -6272,13 +6448,13 @@ Certificate: Not After : Dec 1 15:10:31 2039 GMT Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA X509v3 extensions: - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 35:0F:C8:36:63:5E:E2:A3:EC:F9:3B:66:15:CE:51:52:E3:91:9A:3D - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED SHA256 Fingerprint=6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 @@ -6320,9 +6496,9 @@ Certificate: Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 48:87:14:AC:E3:C3:9E:90:60:3A:D7:CA:89:EE:D3:AD:8C:B4:50:66 - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=E0:11:84:5E:34:DE:BE:88:81:B9:9C:F6:16:26:D1:96:1F:C3:B9:31 SHA256 Fingerprint=85:60:F9:1C:36:24:DA:BA:95:70:B5:FE:A0:DB:E3:6F:F1:1A:83:23:BE:94:86:85:4F:B3:F3:4A:55:71:19:8D @@ -6356,20 +6532,20 @@ Certificate: Not After : Jan 1 05:37:19 2035 GMT Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority X509v3 extensions: - 1.3.6.1.4.1.311.20.2: + 1.3.6.1.4.1.311.20.2: ...C.A - X509v3 Key Usage: + X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B - X509v3 CRL Distribution Points: + X509v3 CRL Distribution Points: Full Name: URI:http://crl.xrampsecurity.com/XGCA.crl - 1.3.6.1.4.1.311.21.1: + 1.3.6.1.4.1.311.21.1: ... SHA1 Fingerprint=B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 SHA256 Fingerprint=CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2 diff --git a/configure b/configure index a7ed528c..fc316c98 100644 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for libressl 3.8.2. +# Generated by GNU Autoconf 2.71 for libressl 3.9.2. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -618,8 +618,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' -PACKAGE_VERSION='3.8.2' -PACKAGE_STRING='libressl 3.8.2' +PACKAGE_VERSION='3.9.2' +PACKAGE_STRING='libressl 3.9.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -758,6 +758,8 @@ HAVE_STRLCPY_FALSE HAVE_STRLCPY_TRUE HAVE_STRLCAT_FALSE HAVE_STRLCAT_TRUE +HAVE_STRCASECMP_FALSE +HAVE_STRCASECMP_TRUE HAVE_RECALLOCARRAY_FALSE HAVE_RECALLOCARRAY_TRUE HAVE_REALLOCARRAY_FALSE @@ -1504,7 +1506,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libressl 3.8.2 to adapt to many kinds of systems. +\`configure' configures libressl 3.9.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1575,7 +1577,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libressl 3.8.2:";; + short | recursive ) echo "Configuration of libressl 3.9.2:";; esac cat <<\_ACEOF @@ -1693,7 +1695,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libressl configure 3.8.2 +libressl configure 3.9.2 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2143,7 +2145,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libressl $as_me 3.8.2, which was +It was created by libressl $as_me 3.9.2, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2898,11 +2900,11 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -LIBCRYPTO_VERSION=52:0:0 +LIBCRYPTO_VERSION=53:0:0 -LIBSSL_VERSION=55:0:0 +LIBSSL_VERSION=56:0:0 -LIBTLS_VERSION=28:0:0 +LIBTLS_VERSION=29:0:0 @@ -3494,7 +3496,7 @@ fi # Define the identity of the package. PACKAGE='libressl' - VERSION='3.8.2' + VERSION='3.9.2' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -12065,7 +12067,7 @@ case $host_os in # Don't use arc4random on systems before 10.12 because of # weak seed on failure to open /dev/random, based on latest # public source: - # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c + # https://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c # # We use the presence of getentropy() to detect 10.12. The # following check take into account that: @@ -12864,6 +12866,45 @@ fi fi +fi + + # Check for control-flow integrity support + if test "x$HOST_OS" != "xdarwin" +then : + + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $saved_CC supports \"-fcf-protection=full\"" >&5 +printf %s "checking if $saved_CC supports \"-fcf-protection=full\"... " >&6; } + old_cflags="$CFLAGS" + CFLAGS="-fcf-protection=full -Wall -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main (void) +{ +printf("Hello") + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS=$old_cflags + HARDEN_CFLAGS="$HARDEN_CFLAGS -fcf-protection=full" +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS=$old_cflags + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + + fi fi @@ -13302,6 +13343,12 @@ then : fi +ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" +if test "x$ac_cv_func_strcasecmp" = xyes +then : + printf "%s\n" "#define HAVE_STRCASECMP 1" >>confdefs.h + +fi ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" if test "x$ac_cv_func_strlcat" = xyes then : @@ -13482,6 +13529,14 @@ else HAVE_RECALLOCARRAY_FALSE= fi + if test "x$ac_cv_func_strcasecmp" = xyes; then + HAVE_STRCASECMP_TRUE= + HAVE_STRCASECMP_FALSE='#' +else + HAVE_STRCASECMP_TRUE='#' + HAVE_STRCASECMP_FALSE= +fi + if test "x$ac_cv_func_strlcat" = xyes; then HAVE_STRLCAT_TRUE= HAVE_STRLCAT_FALSE='#' @@ -14904,6 +14959,10 @@ if test -z "${HAVE_RECALLOCARRAY_TRUE}" && test -z "${HAVE_RECALLOCARRAY_FALSE}" as_fn_error $? "conditional \"HAVE_RECALLOCARRAY\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${HAVE_STRCASECMP_TRUE}" && test -z "${HAVE_STRCASECMP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_STRCASECMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${HAVE_STRLCAT_TRUE}" && test -z "${HAVE_STRLCAT_FALSE}"; then as_fn_error $? "conditional \"HAVE_STRLCAT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -15494,7 +15553,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libressl $as_me 3.8.2, which was +This file was extended by libressl $as_me 3.9.2, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15553,7 +15612,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -libressl config.status 3.8.2 +libressl config.status 3.9.2 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index 7efb143e..d4e0d60c 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -111,6 +111,8 @@ if(HOST_ASM_MACOSX_X86_64) bn/arch/amd64/word_clz.S bn/arch/amd64/bn_arch.c ) + add_definitions(-Dendbr64=) + add_definitions(-Dendbr32=) add_definitions(-DAES_ASM) add_definitions(-DBSAES_ASM) add_definitions(-DVPAES_ASM) @@ -152,7 +154,6 @@ if(HOST_ASM_MASM_X86_64) whrlpool/wp-masm-x86_64.S cpuid-masm-x86_64.S ) - add_definitions(-Dendbr64=) add_definitions(-DAES_ASM) add_definitions(-DBSAES_ASM) add_definitions(-DVPAES_ASM) @@ -194,6 +195,7 @@ if(HOST_ASM_MINGW64_X86_64) cpuid-mingw64-x86_64.S ) add_definitions(-Dendbr64=) + add_definitions(-Dendbr32=) add_definitions(-DAES_ASM) add_definitions(-DBSAES_ASM) add_definitions(-DVPAES_ASM) @@ -277,7 +279,6 @@ set( asn1/a_time_tm.c asn1/a_type.c asn1/a_utf8.c - asn1/ameth_lib.c asn1/asn1_err.c asn1/asn1_gen.c asn1/asn1_item.c @@ -439,7 +440,6 @@ set( des/ofb_enc.c des/pcbc_enc.c des/qud_cksm.c - des/rand_key.c des/set_key.c des/str2key.c des/xcbc_enc.c @@ -488,11 +488,7 @@ set( evp/bio_b64.c evp/bio_enc.c evp/bio_md.c - evp/c_all.c - evp/cipher_method_lib.c - evp/digest.c evp/e_aes.c - evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c evp/e_camellia.c evp/e_cast.c @@ -500,24 +496,21 @@ set( evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c - evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_rc2.c evp/e_rc4.c - evp/e_rc4_hmac_md5.c evp/e_sm4.c evp/e_xcbc_d.c - evp/encode.c evp/evp_aead.c - evp/evp_enc.c + evp/evp_cipher.c + evp/evp_digest.c + evp/evp_encode.c evp/evp_err.c evp/evp_key.c - evp/evp_lib.c + evp/evp_names.c evp/evp_pbe.c evp/evp_pkey.c - evp/m_gost2814789.c - evp/m_gostr341194.c evp/m_md4.c evp/m_md5.c evp/m_md5_sha1.c @@ -526,36 +519,15 @@ set( evp/m_sha1.c evp/m_sha3.c evp/m_sigver.c - evp/m_streebog.c evp/m_sm3.c evp/m_wp.c - evp/names.c - evp/p5_crpt.c - evp/p5_crpt2.c - evp/p_dec.c - evp/p_enc.c + evp/p_legacy.c evp/p_lib.c - evp/p_open.c - evp/p_seal.c evp/p_sign.c evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c - gost/gost2814789.c - gost/gost89_keywrap.c - gost/gost89_params.c - gost/gost89imit_ameth.c - gost/gost89imit_pmeth.c - gost/gost_asn1.c - gost/gost_err.c - gost/gostr341001.c - gost/gostr341001_ameth.c - gost/gostr341001_key.c - gost/gostr341001_params.c - gost/gostr341001_pmeth.c - gost/gostr341194.c - gost/streebog.c hkdf/hkdf.c hmac/hm_ameth.c hmac/hm_pmeth.c @@ -567,7 +539,6 @@ set( idea/i_skey.c kdf/hkdf_evp.c kdf/kdf_err.c - lhash/lh_stats.c lhash/lhash.c md4/md4.c md5/md5.c @@ -578,7 +549,6 @@ set( modes/gcm128.c modes/ofb128.c modes/xts128.c - objects/o_names.c objects/obj_dat.c objects/obj_err.c objects/obj_lib.c @@ -606,7 +576,6 @@ set( pkcs12/p12_add.c pkcs12/p12_asn.c pkcs12/p12_attr.c - pkcs12/p12_crpt.c pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c @@ -734,6 +703,8 @@ set( x509/x_all.c ) +set(COMPAT_SRC empty.c) + if(UNIX) set(CRYPTO_SRC ${CRYPTO_SRC} crypto_lock.c) set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c) @@ -749,154 +720,119 @@ if(WIN32) endif() if(WIN32) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday) - set(EXTRA_EXPORT ${EXTRA_EXPORT} getuid) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fopen) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fgets) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_open) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt) - set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt) + set(COMPAT_SRC ${COMPAT_SRC} compat/posix_win.c) endif() if(NOT HAVE_ASPRINTF) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf) - set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf) + set(COMPAT_SRC ${COMPAT_SRC} compat/bsd-asprintf.c) endif() if(NOT HAVE_FREEZERO) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/freezero.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} freezero) + set(COMPAT_SRC ${COMPAT_SRC} compat/freezero.c) endif() if(NOT HAVE_GETOPT) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getopt_long.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} getopt) - set(EXTRA_EXPORT ${EXTRA_EXPORT} optarg) - set(EXTRA_EXPORT ${EXTRA_EXPORT} optind) + set(COMPAT_SRC ${COMPAT_SRC} compat/getopt_long.c) endif() if(NOT HAVE_GETPAGESIZE) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getpagesize.c) endif() if(NOT HAVE_GETPROGNAME) if(WIN32) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getprogname_windows.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getprogname_windows.c) elseif(CMAKE_SYSTEM_NAME MATCHES "Linux") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getprogname_linux.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getprogname_linux.c) else() - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getprogname_unimpl.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getprogname_unimpl.c) endif() endif() if(NOT HAVE_REALLOCARRAY) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray) + set(COMPAT_SRC ${COMPAT_SRC} compat/reallocarray.c) endif() if(NOT HAVE_RECALLOCARRAY) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray) + set(COMPAT_SRC ${COMPAT_SRC} compat/recallocarray.c) endif() if(NOT HAVE_STRCASECMP) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp) + set(COMPAT_SRC ${COMPAT_SRC} compat/strcasecmp.c) endif() if(NOT HAVE_STRLCAT) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcat) + set(COMPAT_SRC ${COMPAT_SRC} compat/strlcat.c) endif() if(NOT HAVE_STRLCPY) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcpy) + set(COMPAT_SRC ${COMPAT_SRC} compat/strlcpy.c) endif() if(NOT HAVE_STRNDUP) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strndup) + set(COMPAT_SRC ${COMPAT_SRC} compat/strndup.c) if(NOT HAVE_STRNLEN) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strnlen) + set(COMPAT_SRC ${COMPAT_SRC} compat/strnlen.c) endif() endif() if(NOT HAVE_STRSEP) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strsep.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep) + set(COMPAT_SRC ${COMPAT_SRC} compat/strsep.c) endif() if(NOT HAVE_STRTONUM) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/strtonum.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} strtonum) + set(COMPAT_SRC ${COMPAT_SRC} compat/strtonum.c) endif() if(NOT HAVE_SYSLOG_R) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/syslog_r.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/syslog_r.c) endif() if(NOT HAVE_TIMEGM) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} timegm) + # XXX - Remove after next bump once libtls, ocspcheck, and asn1time are fixed. + set(COMPAT_SRC ${COMPAT_SRC} compat/timegm.c) endif() if(NOT HAVE_EXPLICIT_BZERO) if(WIN32) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/explicit_bzero_win.c) else() - set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/explicit_bzero.c) set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0) endif() - set(EXTRA_EXPORT ${EXTRA_EXPORT} explicit_bzero) endif() if(NOT HAVE_ARC4RANDOM_BUF) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random) - set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf) - set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform) + set(COMPAT_SRC ${COMPAT_SRC} compat/arc4random.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/arc4random_uniform.c) if(NOT HAVE_GETENTROPY) if(WIN32) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_win.c) elseif(CMAKE_SYSTEM_NAME MATCHES "AIX") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_aix.c) elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_freebsd.c) elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_hpux.c) elseif(CMAKE_SYSTEM_NAME MATCHES "Linux") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_linux.c) elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_netbsd.c) elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_osx.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_osx.c) elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS") - set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c) + set(COMPAT_SRC ${COMPAT_SRC} compat/getentropy_solaris.c) endif() - set(EXTRA_EXPORT ${EXTRA_EXPORT} getentropy) endif() endif() if(NOT HAVE_TIMINGSAFE_BCMP) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp) + set(COMPAT_SRC ${COMPAT_SRC} compat/timingsafe_bcmp.c) endif() if(NOT HAVE_TIMINGSAFE_MEMCMP) - set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c) - set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp) + set(COMPAT_SRC ${COMPAT_SRC} compat/timingsafe_memcmp.c) endif() if(NOT ENABLE_ASM) @@ -912,29 +848,21 @@ else() endif() endif() -if(NOT "${OPENSSLDIR}" STREQUAL "") - add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\") -else() - if(WIN32) - add_definitions(-DOPENSSLDIR=\"C:/Windows/libressl/ssl\") - else() - add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\") - endif() -endif() +add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\") file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS) foreach(SYM IN LISTS CRYPTO_UNEXPORT) string(REPLACE "${SYM}\n" "" SYMS ${SYMS}) endforeach() file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym ${SYMS}) -if(EXTRA_EXPORT) - list(SORT EXTRA_EXPORT) - foreach(SYM IN LISTS EXTRA_EXPORT) - file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym "${SYM}\n") - endforeach() -endif() -set(LIBTLS_EXTRA_EXPORT ${EXTRA_EXPORT} PARENT_SCOPE) +add_library(compat_obj OBJECT ${COMPAT_SRC}) +target_include_directories(compat_obj + PRIVATE + ../include/compat + PUBLIC + ../include + ${CMAKE_BINARY_DIR}/include) add_library(crypto_obj OBJECT ${CRYPTO_SRC}) target_include_directories(crypto_obj @@ -953,11 +881,13 @@ target_include_directories(crypto_obj evp hidden hmac + lhash modes ocsp pkcs12 rsa sha + stack x509 ../include/compat PUBLIC @@ -972,6 +902,8 @@ elseif(HOST_I386) target_include_directories(crypto_obj PRIVATE bn/arch/i386/) elseif(HOST_MIPS64) target_include_directories(crypto_obj PRIVATE bn/arch/mips64) +elseif(HOST_MIPS) + target_include_directories(crypto_obj PRIVATE bn/arch/mips) elseif(HOST_POWERPC) target_include_directories(crypto_obj PRIVATE bn/arch/powerpc) elseif(HOST_POWERPC64) @@ -984,7 +916,7 @@ elseif(HOST_X86_64) target_include_directories(crypto_obj PRIVATE bn/arch/amd64) endif() -add_library(crypto $ empty.c) +add_library(crypto $ $ empty.c) export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym) target_link_libraries(crypto ${PLATFORM_LIBS}) diff --git a/crypto/Makefile.am b/crypto/Makefile.am index 0059b597..d6fb3d0f 100644 --- a/crypto/Makefile.am +++ b/crypto/Makefile.am @@ -13,11 +13,13 @@ AM_CPPFLAGS += -I$(top_srcdir)/crypto/ecdh AM_CPPFLAGS += -I$(top_srcdir)/crypto/ecdsa AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp AM_CPPFLAGS += -I$(top_srcdir)/crypto/hmac +AM_CPPFLAGS += -I$(top_srcdir)/crypto/lhash AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes AM_CPPFLAGS += -I$(top_srcdir)/crypto/ocsp AM_CPPFLAGS += -I$(top_srcdir)/crypto/pkcs12 AM_CPPFLAGS += -I$(top_srcdir)/crypto/rsa AM_CPPFLAGS += -I$(top_srcdir)/crypto/sha +AM_CPPFLAGS += -I$(top_srcdir)/crypto/stack AM_CPPFLAGS += -I$(top_srcdir)/crypto/x509 AM_CPPFLAGS += -I$(top_srcdir)/crypto @@ -229,6 +231,7 @@ noinst_HEADERS += arm_arch.h noinst_HEADERS += constant_time.h noinst_HEADERS += cryptlib.h noinst_HEADERS += crypto_internal.h +noinst_HEADERS += crypto_local.h noinst_HEADERS += md32_common.h noinst_HEADERS += x86_arch.h @@ -259,7 +262,6 @@ libcrypto_la_SOURCES += asn1/a_time_posix.c libcrypto_la_SOURCES += asn1/a_time_tm.c libcrypto_la_SOURCES += asn1/a_type.c libcrypto_la_SOURCES += asn1/a_utf8.c -libcrypto_la_SOURCES += asn1/ameth_lib.c libcrypto_la_SOURCES += asn1/asn1_err.c libcrypto_la_SOURCES += asn1/asn1_gen.c libcrypto_la_SOURCES += asn1/asn1_item.c @@ -530,7 +532,6 @@ libcrypto_la_SOURCES += des/ofb64enc.c libcrypto_la_SOURCES += des/ofb_enc.c libcrypto_la_SOURCES += des/pcbc_enc.c libcrypto_la_SOURCES += des/qud_cksm.c -libcrypto_la_SOURCES += des/rand_key.c libcrypto_la_SOURCES += des/set_key.c libcrypto_la_SOURCES += des/str2key.c libcrypto_la_SOURCES += des/xcbc_enc.c @@ -601,11 +602,7 @@ libcrypto_la_SOURCES += err/err_prn.c libcrypto_la_SOURCES += evp/bio_b64.c libcrypto_la_SOURCES += evp/bio_enc.c libcrypto_la_SOURCES += evp/bio_md.c -libcrypto_la_SOURCES += evp/c_all.c -libcrypto_la_SOURCES += evp/cipher_method_lib.c -libcrypto_la_SOURCES += evp/digest.c libcrypto_la_SOURCES += evp/e_aes.c -libcrypto_la_SOURCES += evp/e_aes_cbc_hmac_sha1.c libcrypto_la_SOURCES += evp/e_bf.c libcrypto_la_SOURCES += evp/e_camellia.c libcrypto_la_SOURCES += evp/e_cast.c @@ -613,24 +610,21 @@ libcrypto_la_SOURCES += evp/e_chacha.c libcrypto_la_SOURCES += evp/e_chacha20poly1305.c libcrypto_la_SOURCES += evp/e_des.c libcrypto_la_SOURCES += evp/e_des3.c -libcrypto_la_SOURCES += evp/e_gost2814789.c libcrypto_la_SOURCES += evp/e_idea.c libcrypto_la_SOURCES += evp/e_null.c libcrypto_la_SOURCES += evp/e_rc2.c libcrypto_la_SOURCES += evp/e_rc4.c -libcrypto_la_SOURCES += evp/e_rc4_hmac_md5.c libcrypto_la_SOURCES += evp/e_sm4.c libcrypto_la_SOURCES += evp/e_xcbc_d.c -libcrypto_la_SOURCES += evp/encode.c libcrypto_la_SOURCES += evp/evp_aead.c -libcrypto_la_SOURCES += evp/evp_enc.c +libcrypto_la_SOURCES += evp/evp_cipher.c +libcrypto_la_SOURCES += evp/evp_digest.c +libcrypto_la_SOURCES += evp/evp_encode.c libcrypto_la_SOURCES += evp/evp_err.c libcrypto_la_SOURCES += evp/evp_key.c -libcrypto_la_SOURCES += evp/evp_lib.c +libcrypto_la_SOURCES += evp/evp_names.c libcrypto_la_SOURCES += evp/evp_pbe.c libcrypto_la_SOURCES += evp/evp_pkey.c -libcrypto_la_SOURCES += evp/m_gost2814789.c -libcrypto_la_SOURCES += evp/m_gostr341194.c libcrypto_la_SOURCES += evp/m_md4.c libcrypto_la_SOURCES += evp/m_md5.c libcrypto_la_SOURCES += evp/m_md5_sha1.c @@ -639,17 +633,10 @@ libcrypto_la_SOURCES += evp/m_ripemd.c libcrypto_la_SOURCES += evp/m_sha1.c libcrypto_la_SOURCES += evp/m_sha3.c libcrypto_la_SOURCES += evp/m_sigver.c -libcrypto_la_SOURCES += evp/m_streebog.c libcrypto_la_SOURCES += evp/m_sm3.c libcrypto_la_SOURCES += evp/m_wp.c -libcrypto_la_SOURCES += evp/names.c -libcrypto_la_SOURCES += evp/p5_crpt.c -libcrypto_la_SOURCES += evp/p5_crpt2.c -libcrypto_la_SOURCES += evp/p_dec.c -libcrypto_la_SOURCES += evp/p_enc.c +libcrypto_la_SOURCES += evp/p_legacy.c libcrypto_la_SOURCES += evp/p_lib.c -libcrypto_la_SOURCES += evp/p_open.c -libcrypto_la_SOURCES += evp/p_seal.c libcrypto_la_SOURCES += evp/p_sign.c libcrypto_la_SOURCES += evp/p_verify.c libcrypto_la_SOURCES += evp/pmeth_fn.c @@ -657,24 +644,6 @@ libcrypto_la_SOURCES += evp/pmeth_gn.c libcrypto_la_SOURCES += evp/pmeth_lib.c noinst_HEADERS += evp/evp_local.h -# gost -libcrypto_la_SOURCES += gost/gost2814789.c -libcrypto_la_SOURCES += gost/gost89_keywrap.c -libcrypto_la_SOURCES += gost/gost89_params.c -libcrypto_la_SOURCES += gost/gost89imit_ameth.c -libcrypto_la_SOURCES += gost/gost89imit_pmeth.c -libcrypto_la_SOURCES += gost/gost_asn1.c -libcrypto_la_SOURCES += gost/gost_err.c -libcrypto_la_SOURCES += gost/gostr341001.c -libcrypto_la_SOURCES += gost/gostr341001_ameth.c -libcrypto_la_SOURCES += gost/gostr341001_key.c -libcrypto_la_SOURCES += gost/gostr341001_params.c -libcrypto_la_SOURCES += gost/gostr341001_pmeth.c -libcrypto_la_SOURCES += gost/gostr341194.c -libcrypto_la_SOURCES += gost/streebog.c -noinst_HEADERS += gost/gost_asn1.h -noinst_HEADERS += gost/gost_local.h - # hidden noinst_HEADERS += hidden/crypto_namespace.h noinst_HEADERS += hidden/openssl/asn1.h @@ -694,7 +663,6 @@ noinst_HEADERS += hidden/openssl/dh.h noinst_HEADERS += hidden/openssl/dsa.h noinst_HEADERS += hidden/openssl/ec.h noinst_HEADERS += hidden/openssl/err.h -noinst_HEADERS += hidden/openssl/gost.h noinst_HEADERS += hidden/openssl/hkdf.h noinst_HEADERS += hidden/openssl/hmac.h noinst_HEADERS += hidden/openssl/idea.h @@ -708,6 +676,7 @@ noinst_HEADERS += hidden/openssl/pem.h noinst_HEADERS += hidden/openssl/pkcs12.h noinst_HEADERS += hidden/openssl/pkcs7.h noinst_HEADERS += hidden/openssl/poly1305.h +noinst_HEADERS += hidden/openssl/posix_time.h noinst_HEADERS += hidden/openssl/rand.h noinst_HEADERS += hidden/openssl/rc2.h noinst_HEADERS += hidden/openssl/rsa.h @@ -744,8 +713,8 @@ libcrypto_la_SOURCES += kdf/hkdf_evp.c libcrypto_la_SOURCES += kdf/kdf_err.c # lhash -libcrypto_la_SOURCES += lhash/lh_stats.c libcrypto_la_SOURCES += lhash/lhash.c +noinst_HEADERS += lhash/lhash_local.h # md4 libcrypto_la_SOURCES += md4/md4.c @@ -764,7 +733,6 @@ libcrypto_la_SOURCES += modes/xts128.c noinst_HEADERS += modes/modes_local.h # objects -libcrypto_la_SOURCES += objects/o_names.c libcrypto_la_SOURCES += objects/obj_dat.c libcrypto_la_SOURCES += objects/obj_err.c libcrypto_la_SOURCES += objects/obj_lib.c @@ -800,7 +768,6 @@ libcrypto_la_SOURCES += pem/pvkfmt.c libcrypto_la_SOURCES += pkcs12/p12_add.c libcrypto_la_SOURCES += pkcs12/p12_asn.c libcrypto_la_SOURCES += pkcs12/p12_attr.c -libcrypto_la_SOURCES += pkcs12/p12_crpt.c libcrypto_la_SOURCES += pkcs12/p12_crt.c libcrypto_la_SOURCES += pkcs12/p12_decr.c libcrypto_la_SOURCES += pkcs12/p12_init.c @@ -884,6 +851,7 @@ libcrypto_la_SOURCES += sm4/sm4.c # stack libcrypto_la_SOURCES += stack/stack.c +noinst_HEADERS += stack/stack_local.h # ts libcrypto_la_SOURCES += ts/ts_asn1.c diff --git a/crypto/Makefile.am.macosx-x86_64 b/crypto/Makefile.am.macosx-x86_64 index b9b89cf0..c0322f8d 100644 --- a/crypto/Makefile.am.macosx-x86_64 +++ b/crypto/Makefile.am.macosx-x86_64 @@ -34,6 +34,8 @@ ASM_X86_64_MACOSX += bn/arch/amd64/bn_arch.c EXTRA_DIST += $(ASM_X86_64_MACOSX) if HOST_ASM_MACOSX_X86_64 +libcrypto_la_CPPFLAGS += -Dendbr64= +libcrypto_la_CPPFLAGS += -Dendbr32= libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CPPFLAGS += -DVPAES_ASM diff --git a/crypto/Makefile.am.mingw64-x86_64 b/crypto/Makefile.am.mingw64-x86_64 index 5a277c59..d9efc286 100644 --- a/crypto/Makefile.am.mingw64-x86_64 +++ b/crypto/Makefile.am.mingw64-x86_64 @@ -21,6 +21,8 @@ ASM_X86_64_MINGW64 += cpuid-mingw64-x86_64.S EXTRA_DIST += $(ASM_X86_64_MINGW64) if HOST_ASM_MINGW64_X86_64 +libcrypto_la_CPPFLAGS += -Dendbr64= +libcrypto_la_CPPFLAGS += -Dendbr32= libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CPPFLAGS += -DVPAES_ASM diff --git a/crypto/Makefile.in b/crypto/Makefile.in index 2bb77405..1d7384d6 100644 --- a/crypto/Makefile.in +++ b/crypto/Makefile.in @@ -148,8 +148,9 @@ host_triplet = @host@ @HOST_ASM_ELF_X86_64_TRUE@ -DSHA256_ASM -DSHA512_ASM \ @HOST_ASM_ELF_X86_64_TRUE@ -DWHIRLPOOL_ASM -DOPENSSL_CPUID_OBJ @HOST_ASM_ELF_X86_64_TRUE@am__append_43 = $(ASM_X86_64_ELF) -@HOST_ASM_MACOSX_X86_64_TRUE@am__append_44 = -DAES_ASM -DBSAES_ASM \ -@HOST_ASM_MACOSX_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ +@HOST_ASM_MACOSX_X86_64_TRUE@am__append_44 = -Dendbr64= -Dendbr32= \ +@HOST_ASM_MACOSX_X86_64_TRUE@ -DAES_ASM -DBSAES_ASM -DVPAES_ASM \ +@HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_IA32_SSE2 \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DOPENSSL_BN_ASM_MONT5 -DMD5_ASM \ @HOST_ASM_MACOSX_X86_64_TRUE@ -DGHASH_ASM -DRSA_ASM -DSHA1_ASM \ @@ -167,7 +168,8 @@ host_triplet = @host@ @HOST_ASM_MASM_X86_64_TRUE@am__append_47 = $(ASM_X86_64_MASM) #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 -@HOST_ASM_MINGW64_X86_64_TRUE@am__append_48 = -DAES_ASM -DBSAES_ASM \ +@HOST_ASM_MINGW64_X86_64_TRUE@am__append_48 = -Dendbr64= -Dendbr32= \ +@HOST_ASM_MINGW64_X86_64_TRUE@ -DAES_ASM -DBSAES_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DVPAES_ASM -DOPENSSL_IA32_SSE2 \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DMD5_ASM -DGHASH_ASM -DRSA_ASM \ @HOST_ASM_MINGW64_X86_64_TRUE@ -DSHA1_ASM -DSHA256_ASM \ @@ -382,89 +384,77 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ asn1/a_object.c asn1/a_octet.c asn1/a_pkey.c asn1/a_print.c \ asn1/a_pubkey.c asn1/a_strex.c asn1/a_string.c asn1/a_strnid.c \ asn1/a_time.c asn1/a_time_posix.c asn1/a_time_tm.c \ - asn1/a_type.c asn1/a_utf8.c asn1/ameth_lib.c asn1/asn1_err.c \ - asn1/asn1_gen.c asn1/asn1_item.c asn1/asn1_lib.c \ - asn1/asn1_old.c asn1/asn1_old_lib.c asn1/asn1_par.c \ - asn1/asn1_types.c asn1/asn_mime.c asn1/asn_moid.c \ - asn1/bio_asn1.c asn1/bio_ndef.c asn1/p5_pbe.c asn1/p5_pbev2.c \ - asn1/p8_pkey.c asn1/t_crl.c asn1/t_req.c asn1/t_spki.c \ - asn1/t_x509.c asn1/t_x509a.c asn1/tasn_dec.c asn1/tasn_enc.c \ - asn1/tasn_fre.c asn1/tasn_new.c asn1/tasn_prn.c \ - asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c \ - asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c asn1/x_info.c \ - asn1/x_long.c asn1/x_name.c asn1/x_pkey.c asn1/x_pubkey.c \ - asn1/x_req.c asn1/x_sig.c asn1/x_spki.c asn1/x_val.c \ - asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c bf/bf_ecb.c \ - bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c bio/b_dump.c \ - bio/b_posix.c bio/b_print.c bio/b_sock.c bio/b_win.c \ - bio/bf_buff.c bio/bf_nbio.c bio/bf_null.c bio/bio_cb.c \ - bio/bio_err.c bio/bio_lib.c bio/bio_meth.c bio/bss_acpt.c \ - bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c \ - bio/bss_file.c bio/bss_log.c bio/bss_mem.c bio/bss_null.c \ - bio/bss_sock.c bn/bn_add.c bn/bn_bpsw.c bn/bn_const.c \ - bn/bn_convert.c bn/bn_ctx.c bn/bn_div.c bn/bn_err.c \ - bn/bn_exp.c bn/bn_gcd.c bn/bn_isqrt.c bn/bn_kron.c bn/bn_lib.c \ - bn/bn_mod.c bn/bn_mod_sqrt.c bn/bn_mont.c bn/bn_mul.c \ - bn/bn_prime.c bn/bn_primitives.c bn/bn_print.c bn/bn_rand.c \ - bn/bn_recp.c bn/bn_shift.c bn/bn_small_primes.c bn/bn_sqr.c \ - bn/bn_word.c buffer/buf_err.c buffer/buffer.c \ - bytestring/bs_ber.c bytestring/bs_cbb.c bytestring/bs_cbs.c \ - camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \ - camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \ - cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \ - chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \ - cms/cms_asn1.c cms/cms_att.c cms/cms_dd.c cms/cms_enc.c \ - cms/cms_env.c cms/cms_err.c cms/cms_ess.c cms/cms_io.c \ - cms/cms_kari.c cms/cms_lib.c cms/cms_pwri.c cms/cms_sd.c \ - cms/cms_smime.c conf/conf_api.c conf/conf_def.c \ - conf/conf_err.c conf/conf_lib.c conf/conf_mall.c \ - conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c ct/ct_err.c \ - ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c ct/ct_sct.c \ - ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ + asn1/a_type.c asn1/a_utf8.c asn1/asn1_err.c asn1/asn1_gen.c \ + asn1/asn1_item.c asn1/asn1_lib.c asn1/asn1_old.c \ + asn1/asn1_old_lib.c asn1/asn1_par.c asn1/asn1_types.c \ + asn1/asn_mime.c asn1/asn_moid.c asn1/bio_asn1.c \ + asn1/bio_ndef.c asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c \ + asn1/t_crl.c asn1/t_req.c asn1/t_spki.c asn1/t_x509.c \ + asn1/t_x509a.c asn1/tasn_dec.c asn1/tasn_enc.c asn1/tasn_fre.c \ + asn1/tasn_new.c asn1/tasn_prn.c asn1/tasn_typ.c \ + asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c asn1/x_bignum.c \ + asn1/x_crl.c asn1/x_exten.c asn1/x_info.c asn1/x_long.c \ + asn1/x_name.c asn1/x_pkey.c asn1/x_pubkey.c asn1/x_req.c \ + asn1/x_sig.c asn1/x_spki.c asn1/x_val.c asn1/x_x509.c \ + asn1/x_x509a.c bf/bf_cfb64.c bf/bf_ecb.c bf/bf_enc.c \ + bf/bf_ofb64.c bf/bf_skey.c bio/b_dump.c bio/b_posix.c \ + bio/b_print.c bio/b_sock.c bio/b_win.c bio/bf_buff.c \ + bio/bf_nbio.c bio/bf_null.c bio/bio_cb.c bio/bio_err.c \ + bio/bio_lib.c bio/bio_meth.c bio/bss_acpt.c bio/bss_bio.c \ + bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c bio/bss_file.c \ + bio/bss_log.c bio/bss_mem.c bio/bss_null.c bio/bss_sock.c \ + bn/bn_add.c bn/bn_bpsw.c bn/bn_const.c bn/bn_convert.c \ + bn/bn_ctx.c bn/bn_div.c bn/bn_err.c bn/bn_exp.c bn/bn_gcd.c \ + bn/bn_isqrt.c bn/bn_kron.c bn/bn_lib.c bn/bn_mod.c \ + bn/bn_mod_sqrt.c bn/bn_mont.c bn/bn_mul.c bn/bn_prime.c \ + bn/bn_primitives.c bn/bn_print.c bn/bn_rand.c bn/bn_recp.c \ + bn/bn_shift.c bn/bn_small_primes.c bn/bn_sqr.c bn/bn_word.c \ + buffer/buf_err.c buffer/buffer.c bytestring/bs_ber.c \ + bytestring/bs_cbb.c bytestring/bs_cbs.c camellia/cmll_cfb.c \ + camellia/cmll_ctr.c camellia/cmll_ecb.c camellia/cmll_misc.c \ + camellia/cmll_ofb.c cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c \ + cast/c_ofb64.c cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c \ + cmac/cm_pmeth.c cmac/cmac.c cms/cms_asn1.c cms/cms_att.c \ + cms/cms_dd.c cms/cms_enc.c cms/cms_env.c cms/cms_err.c \ + cms/cms_ess.c cms/cms_io.c cms/cms_kari.c cms/cms_lib.c \ + cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c conf/conf_api.c \ + conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ + conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c \ + ct/ct_err.c ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c \ + ct/ct_sct.c ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c des/fcrypt.c \ des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c des/ofb_enc.c \ - des/pcbc_enc.c des/qud_cksm.c des/rand_key.c des/set_key.c \ - des/str2key.c des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c \ - dh/dh_check.c dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c \ - dh/dh_pmeth.c dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_err.c \ - dsa/dsa_gen.c dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_meth.c \ - dsa/dsa_ossl.c dsa/dsa_pmeth.c dsa/dsa_prn.c ec/ec_ameth.c \ - ec/ec_asn1.c ec/ec_check.c ec/ec_curve.c ec/ec_cvt.c \ - ec/ec_err.c ec/ec_key.c ec/ec_kmeth.c ec/ec_lib.c ec/ec_mult.c \ - ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c \ - ec/ecp_mont.c ec/ecp_oct.c ec/ecp_smpl.c ec/ecx_methods.c \ - ecdh/ecdh.c ecdsa/ecdsa.c engine/engine_stubs.c err/err.c \ - err/err_all.c err/err_prn.c evp/bio_b64.c evp/bio_enc.c \ - evp/bio_md.c evp/c_all.c evp/cipher_method_lib.c evp/digest.c \ - evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c \ - evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \ - evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \ - evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_rc2.c \ - evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_sm4.c evp/e_xcbc_d.c \ - evp/encode.c evp/evp_aead.c evp/evp_enc.c evp/evp_err.c \ - evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c \ - evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c \ + des/pcbc_enc.c des/qud_cksm.c des/set_key.c des/str2key.c \ + des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c dh/dh_check.c \ + dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c dh/dh_pmeth.c \ + dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_err.c dsa/dsa_gen.c \ + dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_meth.c dsa/dsa_ossl.c \ + dsa/dsa_pmeth.c dsa/dsa_prn.c ec/ec_ameth.c ec/ec_asn1.c \ + ec/ec_check.c ec/ec_curve.c ec/ec_cvt.c ec/ec_err.c \ + ec/ec_key.c ec/ec_kmeth.c ec/ec_lib.c ec/ec_mult.c ec/ec_oct.c \ + ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c ec/ecp_mont.c \ + ec/ecp_oct.c ec/ecp_smpl.c ec/ecx_methods.c ecdh/ecdh.c \ + ecdsa/ecdsa.c engine/engine_stubs.c err/err.c err/err_all.c \ + err/err_prn.c evp/bio_b64.c evp/bio_enc.c evp/bio_md.c \ + evp/e_aes.c evp/e_bf.c evp/e_camellia.c evp/e_cast.c \ + evp/e_chacha.c evp/e_chacha20poly1305.c evp/e_des.c \ + evp/e_des3.c evp/e_idea.c evp/e_null.c evp/e_rc2.c evp/e_rc4.c \ + evp/e_sm4.c evp/e_xcbc_d.c evp/evp_aead.c evp/evp_cipher.c \ + evp/evp_digest.c evp/evp_encode.c evp/evp_err.c evp/evp_key.c \ + evp/evp_names.c evp/evp_pbe.c evp/evp_pkey.c evp/m_md4.c \ evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c evp/m_ripemd.c \ - evp/m_sha1.c evp/m_sha3.c evp/m_sigver.c evp/m_streebog.c \ - evp/m_sm3.c evp/m_wp.c evp/names.c evp/p5_crpt.c \ - evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \ - evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \ - evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ - gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \ - gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \ - gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \ - gost/gostr341001_ameth.c gost/gostr341001_key.c \ - gost/gostr341001_params.c gost/gostr341001_pmeth.c \ - gost/gostr341194.c gost/streebog.c hkdf/hkdf.c hmac/hm_ameth.c \ - hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \ - idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c kdf/hkdf_evp.c \ - kdf/kdf_err.c lhash/lh_stats.c lhash/lhash.c md4/md4.c \ - md5/md5.c modes/cbc128.c modes/ccm128.c modes/cfb128.c \ - modes/ctr128.c modes/gcm128.c modes/ofb128.c modes/xts128.c \ - objects/o_names.c objects/obj_dat.c objects/obj_err.c \ + evp/m_sha1.c evp/m_sha3.c evp/m_sigver.c evp/m_sm3.c \ + evp/m_wp.c evp/p_legacy.c evp/p_lib.c evp/p_sign.c \ + evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ + hkdf/hkdf.c hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c \ + idea/i_cbc.c idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c \ + idea/i_skey.c kdf/hkdf_evp.c kdf/kdf_err.c lhash/lhash.c \ + md4/md4.c md5/md5.c modes/cbc128.c modes/ccm128.c \ + modes/cfb128.c modes/ctr128.c modes/gcm128.c modes/ofb128.c \ + modes/xts128.c objects/obj_dat.c objects/obj_err.c \ objects/obj_lib.c objects/obj_xref.c ocsp/ocsp_asn.c \ ocsp/ocsp_cl.c ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c \ ocsp/ocsp_lib.c ocsp/ocsp_prn.c ocsp/ocsp_srv.c \ @@ -472,22 +462,22 @@ am__libcrypto_la_SOURCES_DIST = aes/aes-elf-armv4.S \ pem/pem_lib.c pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c \ pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c \ pkcs12/p12_add.c pkcs12/p12_asn.c pkcs12/p12_attr.c \ - pkcs12/p12_crpt.c pkcs12/p12_crt.c pkcs12/p12_decr.c \ - pkcs12/p12_init.c pkcs12/p12_key.c pkcs12/p12_kiss.c \ - pkcs12/p12_mutl.c pkcs12/p12_npas.c pkcs12/p12_p8d.c \ - pkcs12/p12_p8e.c pkcs12/p12_sbag.c pkcs12/p12_utl.c \ - pkcs12/pk12err.c pkcs7/pk7_asn1.c pkcs7/pk7_attr.c \ - pkcs7/pk7_doit.c pkcs7/pk7_lib.c pkcs7/pk7_mime.c \ - pkcs7/pk7_smime.c pkcs7/pkcs7err.c poly1305/poly1305.c \ - rand/rand_err.c rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c \ - rc2/rc2_ecb.c rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c \ - ripemd/ripemd.c rsa/rsa_ameth.c rsa/rsa_asn1.c \ - rsa/rsa_blinding.c rsa/rsa_chk.c rsa/rsa_eay.c rsa/rsa_err.c \ - rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_meth.c rsa/rsa_none.c \ - rsa/rsa_oaep.c rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c \ - rsa/rsa_pss.c rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_x931.c \ - sha/sha1.c sha/sha256.c sha/sha3.c sha/sha512.c sm3/sm3.c \ - sm4/sm4.c stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \ + pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \ + pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \ + pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \ + pkcs12/p12_sbag.c pkcs12/p12_utl.c pkcs12/pk12err.c \ + pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \ + pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \ + pkcs7/pkcs7err.c poly1305/poly1305.c rand/rand_err.c \ + rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c \ + rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/ripemd.c \ + rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_blinding.c \ + rsa/rsa_chk.c rsa/rsa_eay.c rsa/rsa_err.c rsa/rsa_gen.c \ + rsa/rsa_lib.c rsa/rsa_meth.c rsa/rsa_none.c rsa/rsa_oaep.c \ + rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \ + rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_x931.c sha/sha1.c \ + sha/sha256.c sha/sha3.c sha/sha512.c sm3/sm3.c sm4/sm4.c \ + stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \ ts/ts_lib.c ts/ts_req_print.c ts/ts_req_utils.c \ ts/ts_rsp_print.c ts/ts_rsp_sign.c ts/ts_rsp_utils.c \ ts/ts_rsp_verify.c ts/ts_verify_ctx.c txt_db/txt_db.c \ @@ -663,10 +653,9 @@ am_libcrypto_la_OBJECTS = $(am__objects_32) $(am__objects_34) \ asn1/libcrypto_la-a_strnid.lo asn1/libcrypto_la-a_time.lo \ asn1/libcrypto_la-a_time_posix.lo \ asn1/libcrypto_la-a_time_tm.lo asn1/libcrypto_la-a_type.lo \ - asn1/libcrypto_la-a_utf8.lo asn1/libcrypto_la-ameth_lib.lo \ - asn1/libcrypto_la-asn1_err.lo asn1/libcrypto_la-asn1_gen.lo \ - asn1/libcrypto_la-asn1_item.lo asn1/libcrypto_la-asn1_lib.lo \ - asn1/libcrypto_la-asn1_old.lo \ + asn1/libcrypto_la-a_utf8.lo asn1/libcrypto_la-asn1_err.lo \ + asn1/libcrypto_la-asn1_gen.lo asn1/libcrypto_la-asn1_item.lo \ + asn1/libcrypto_la-asn1_lib.lo asn1/libcrypto_la-asn1_old.lo \ asn1/libcrypto_la-asn1_old_lib.lo \ asn1/libcrypto_la-asn1_par.lo asn1/libcrypto_la-asn1_types.lo \ asn1/libcrypto_la-asn_mime.lo asn1/libcrypto_la-asn_moid.lo \ @@ -752,84 +741,62 @@ am_libcrypto_la_OBJECTS = $(am__objects_32) $(am__objects_34) \ des/libcrypto_la-fcrypt_b.lo des/libcrypto_la-ofb64ede.lo \ des/libcrypto_la-ofb64enc.lo des/libcrypto_la-ofb_enc.lo \ des/libcrypto_la-pcbc_enc.lo des/libcrypto_la-qud_cksm.lo \ - des/libcrypto_la-rand_key.lo des/libcrypto_la-set_key.lo \ - des/libcrypto_la-str2key.lo des/libcrypto_la-xcbc_enc.lo \ - dh/libcrypto_la-dh_ameth.lo dh/libcrypto_la-dh_asn1.lo \ - dh/libcrypto_la-dh_check.lo dh/libcrypto_la-dh_err.lo \ - dh/libcrypto_la-dh_gen.lo dh/libcrypto_la-dh_key.lo \ - dh/libcrypto_la-dh_lib.lo dh/libcrypto_la-dh_pmeth.lo \ - dsa/libcrypto_la-dsa_ameth.lo dsa/libcrypto_la-dsa_asn1.lo \ - dsa/libcrypto_la-dsa_err.lo dsa/libcrypto_la-dsa_gen.lo \ - dsa/libcrypto_la-dsa_key.lo dsa/libcrypto_la-dsa_lib.lo \ - dsa/libcrypto_la-dsa_meth.lo dsa/libcrypto_la-dsa_ossl.lo \ - dsa/libcrypto_la-dsa_pmeth.lo dsa/libcrypto_la-dsa_prn.lo \ - ec/libcrypto_la-ec_ameth.lo ec/libcrypto_la-ec_asn1.lo \ - ec/libcrypto_la-ec_check.lo ec/libcrypto_la-ec_curve.lo \ - ec/libcrypto_la-ec_cvt.lo ec/libcrypto_la-ec_err.lo \ - ec/libcrypto_la-ec_key.lo ec/libcrypto_la-ec_kmeth.lo \ - ec/libcrypto_la-ec_lib.lo ec/libcrypto_la-ec_mult.lo \ - ec/libcrypto_la-ec_oct.lo ec/libcrypto_la-ec_pmeth.lo \ - ec/libcrypto_la-ec_print.lo ec/libcrypto_la-eck_prn.lo \ - ec/libcrypto_la-ecp_mont.lo ec/libcrypto_la-ecp_oct.lo \ - ec/libcrypto_la-ecp_smpl.lo ec/libcrypto_la-ecx_methods.lo \ - ecdh/libcrypto_la-ecdh.lo ecdsa/libcrypto_la-ecdsa.lo \ + des/libcrypto_la-set_key.lo des/libcrypto_la-str2key.lo \ + des/libcrypto_la-xcbc_enc.lo dh/libcrypto_la-dh_ameth.lo \ + dh/libcrypto_la-dh_asn1.lo dh/libcrypto_la-dh_check.lo \ + dh/libcrypto_la-dh_err.lo dh/libcrypto_la-dh_gen.lo \ + dh/libcrypto_la-dh_key.lo dh/libcrypto_la-dh_lib.lo \ + dh/libcrypto_la-dh_pmeth.lo dsa/libcrypto_la-dsa_ameth.lo \ + dsa/libcrypto_la-dsa_asn1.lo dsa/libcrypto_la-dsa_err.lo \ + dsa/libcrypto_la-dsa_gen.lo dsa/libcrypto_la-dsa_key.lo \ + dsa/libcrypto_la-dsa_lib.lo dsa/libcrypto_la-dsa_meth.lo \ + dsa/libcrypto_la-dsa_ossl.lo dsa/libcrypto_la-dsa_pmeth.lo \ + dsa/libcrypto_la-dsa_prn.lo ec/libcrypto_la-ec_ameth.lo \ + ec/libcrypto_la-ec_asn1.lo ec/libcrypto_la-ec_check.lo \ + ec/libcrypto_la-ec_curve.lo ec/libcrypto_la-ec_cvt.lo \ + ec/libcrypto_la-ec_err.lo ec/libcrypto_la-ec_key.lo \ + ec/libcrypto_la-ec_kmeth.lo ec/libcrypto_la-ec_lib.lo \ + ec/libcrypto_la-ec_mult.lo ec/libcrypto_la-ec_oct.lo \ + ec/libcrypto_la-ec_pmeth.lo ec/libcrypto_la-ec_print.lo \ + ec/libcrypto_la-eck_prn.lo ec/libcrypto_la-ecp_mont.lo \ + ec/libcrypto_la-ecp_oct.lo ec/libcrypto_la-ecp_smpl.lo \ + ec/libcrypto_la-ecx_methods.lo ecdh/libcrypto_la-ecdh.lo \ + ecdsa/libcrypto_la-ecdsa.lo \ engine/libcrypto_la-engine_stubs.lo err/libcrypto_la-err.lo \ err/libcrypto_la-err_all.lo err/libcrypto_la-err_prn.lo \ evp/libcrypto_la-bio_b64.lo evp/libcrypto_la-bio_enc.lo \ - evp/libcrypto_la-bio_md.lo evp/libcrypto_la-c_all.lo \ - evp/libcrypto_la-cipher_method_lib.lo \ - evp/libcrypto_la-digest.lo evp/libcrypto_la-e_aes.lo \ - evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo \ + evp/libcrypto_la-bio_md.lo evp/libcrypto_la-e_aes.lo \ evp/libcrypto_la-e_bf.lo evp/libcrypto_la-e_camellia.lo \ evp/libcrypto_la-e_cast.lo evp/libcrypto_la-e_chacha.lo \ evp/libcrypto_la-e_chacha20poly1305.lo \ evp/libcrypto_la-e_des.lo evp/libcrypto_la-e_des3.lo \ - evp/libcrypto_la-e_gost2814789.lo evp/libcrypto_la-e_idea.lo \ - evp/libcrypto_la-e_null.lo evp/libcrypto_la-e_rc2.lo \ - evp/libcrypto_la-e_rc4.lo evp/libcrypto_la-e_rc4_hmac_md5.lo \ + evp/libcrypto_la-e_idea.lo evp/libcrypto_la-e_null.lo \ + evp/libcrypto_la-e_rc2.lo evp/libcrypto_la-e_rc4.lo \ evp/libcrypto_la-e_sm4.lo evp/libcrypto_la-e_xcbc_d.lo \ - evp/libcrypto_la-encode.lo evp/libcrypto_la-evp_aead.lo \ - evp/libcrypto_la-evp_enc.lo evp/libcrypto_la-evp_err.lo \ - evp/libcrypto_la-evp_key.lo evp/libcrypto_la-evp_lib.lo \ - evp/libcrypto_la-evp_pbe.lo evp/libcrypto_la-evp_pkey.lo \ - evp/libcrypto_la-m_gost2814789.lo \ - evp/libcrypto_la-m_gostr341194.lo evp/libcrypto_la-m_md4.lo \ + evp/libcrypto_la-evp_aead.lo evp/libcrypto_la-evp_cipher.lo \ + evp/libcrypto_la-evp_digest.lo evp/libcrypto_la-evp_encode.lo \ + evp/libcrypto_la-evp_err.lo evp/libcrypto_la-evp_key.lo \ + evp/libcrypto_la-evp_names.lo evp/libcrypto_la-evp_pbe.lo \ + evp/libcrypto_la-evp_pkey.lo evp/libcrypto_la-m_md4.lo \ evp/libcrypto_la-m_md5.lo evp/libcrypto_la-m_md5_sha1.lo \ evp/libcrypto_la-m_null.lo evp/libcrypto_la-m_ripemd.lo \ evp/libcrypto_la-m_sha1.lo evp/libcrypto_la-m_sha3.lo \ - evp/libcrypto_la-m_sigver.lo evp/libcrypto_la-m_streebog.lo \ - evp/libcrypto_la-m_sm3.lo evp/libcrypto_la-m_wp.lo \ - evp/libcrypto_la-names.lo evp/libcrypto_la-p5_crpt.lo \ - evp/libcrypto_la-p5_crpt2.lo evp/libcrypto_la-p_dec.lo \ - evp/libcrypto_la-p_enc.lo evp/libcrypto_la-p_lib.lo \ - evp/libcrypto_la-p_open.lo evp/libcrypto_la-p_seal.lo \ - evp/libcrypto_la-p_sign.lo evp/libcrypto_la-p_verify.lo \ - evp/libcrypto_la-pmeth_fn.lo evp/libcrypto_la-pmeth_gn.lo \ - evp/libcrypto_la-pmeth_lib.lo gost/libcrypto_la-gost2814789.lo \ - gost/libcrypto_la-gost89_keywrap.lo \ - gost/libcrypto_la-gost89_params.lo \ - gost/libcrypto_la-gost89imit_ameth.lo \ - gost/libcrypto_la-gost89imit_pmeth.lo \ - gost/libcrypto_la-gost_asn1.lo gost/libcrypto_la-gost_err.lo \ - gost/libcrypto_la-gostr341001.lo \ - gost/libcrypto_la-gostr341001_ameth.lo \ - gost/libcrypto_la-gostr341001_key.lo \ - gost/libcrypto_la-gostr341001_params.lo \ - gost/libcrypto_la-gostr341001_pmeth.lo \ - gost/libcrypto_la-gostr341194.lo gost/libcrypto_la-streebog.lo \ + evp/libcrypto_la-m_sigver.lo evp/libcrypto_la-m_sm3.lo \ + evp/libcrypto_la-m_wp.lo evp/libcrypto_la-p_legacy.lo \ + evp/libcrypto_la-p_lib.lo evp/libcrypto_la-p_sign.lo \ + evp/libcrypto_la-p_verify.lo evp/libcrypto_la-pmeth_fn.lo \ + evp/libcrypto_la-pmeth_gn.lo evp/libcrypto_la-pmeth_lib.lo \ hkdf/libcrypto_la-hkdf.lo hmac/libcrypto_la-hm_ameth.lo \ hmac/libcrypto_la-hm_pmeth.lo hmac/libcrypto_la-hmac.lo \ idea/libcrypto_la-i_cbc.lo idea/libcrypto_la-i_cfb64.lo \ idea/libcrypto_la-i_ecb.lo idea/libcrypto_la-i_ofb64.lo \ idea/libcrypto_la-i_skey.lo kdf/libcrypto_la-hkdf_evp.lo \ - kdf/libcrypto_la-kdf_err.lo lhash/libcrypto_la-lh_stats.lo \ - lhash/libcrypto_la-lhash.lo md4/libcrypto_la-md4.lo \ - md5/libcrypto_la-md5.lo modes/libcrypto_la-cbc128.lo \ - modes/libcrypto_la-ccm128.lo modes/libcrypto_la-cfb128.lo \ - modes/libcrypto_la-ctr128.lo modes/libcrypto_la-gcm128.lo \ - modes/libcrypto_la-ofb128.lo modes/libcrypto_la-xts128.lo \ - objects/libcrypto_la-o_names.lo \ - objects/libcrypto_la-obj_dat.lo \ + kdf/libcrypto_la-kdf_err.lo lhash/libcrypto_la-lhash.lo \ + md4/libcrypto_la-md4.lo md5/libcrypto_la-md5.lo \ + modes/libcrypto_la-cbc128.lo modes/libcrypto_la-ccm128.lo \ + modes/libcrypto_la-cfb128.lo modes/libcrypto_la-ctr128.lo \ + modes/libcrypto_la-gcm128.lo modes/libcrypto_la-ofb128.lo \ + modes/libcrypto_la-xts128.lo objects/libcrypto_la-obj_dat.lo \ objects/libcrypto_la-obj_err.lo \ objects/libcrypto_la-obj_lib.lo \ objects/libcrypto_la-obj_xref.lo ocsp/libcrypto_la-ocsp_asn.lo \ @@ -844,8 +811,7 @@ am_libcrypto_la_OBJECTS = $(am__objects_32) $(am__objects_34) \ pem/libcrypto_la-pem_x509.lo pem/libcrypto_la-pem_xaux.lo \ pem/libcrypto_la-pvkfmt.lo pkcs12/libcrypto_la-p12_add.lo \ pkcs12/libcrypto_la-p12_asn.lo pkcs12/libcrypto_la-p12_attr.lo \ - pkcs12/libcrypto_la-p12_crpt.lo pkcs12/libcrypto_la-p12_crt.lo \ - pkcs12/libcrypto_la-p12_decr.lo \ + pkcs12/libcrypto_la-p12_crt.lo pkcs12/libcrypto_la-p12_decr.lo \ pkcs12/libcrypto_la-p12_init.lo pkcs12/libcrypto_la-p12_key.lo \ pkcs12/libcrypto_la-p12_kiss.lo \ pkcs12/libcrypto_la-p12_mutl.lo \ @@ -1000,7 +966,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_type.Plo \ asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo \ - asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo \ asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo \ @@ -1225,7 +1190,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ des/$(DEPDIR)/libcrypto_la-ofb_enc.Plo \ des/$(DEPDIR)/libcrypto_la-pcbc_enc.Plo \ des/$(DEPDIR)/libcrypto_la-qud_cksm.Plo \ - des/$(DEPDIR)/libcrypto_la-rand_key.Plo \ des/$(DEPDIR)/libcrypto_la-set_key.Plo \ des/$(DEPDIR)/libcrypto_la-str2key.Plo \ des/$(DEPDIR)/libcrypto_la-xcbc_enc.Plo \ @@ -1274,11 +1238,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ evp/$(DEPDIR)/libcrypto_la-bio_b64.Plo \ evp/$(DEPDIR)/libcrypto_la-bio_enc.Plo \ evp/$(DEPDIR)/libcrypto_la-bio_md.Plo \ - evp/$(DEPDIR)/libcrypto_la-c_all.Plo \ - evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Plo \ - evp/$(DEPDIR)/libcrypto_la-digest.Plo \ evp/$(DEPDIR)/libcrypto_la-e_aes.Plo \ - evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Plo \ evp/$(DEPDIR)/libcrypto_la-e_bf.Plo \ evp/$(DEPDIR)/libcrypto_la-e_camellia.Plo \ evp/$(DEPDIR)/libcrypto_la-e_cast.Plo \ @@ -1286,24 +1246,21 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ evp/$(DEPDIR)/libcrypto_la-e_chacha20poly1305.Plo \ evp/$(DEPDIR)/libcrypto_la-e_des.Plo \ evp/$(DEPDIR)/libcrypto_la-e_des3.Plo \ - evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Plo \ evp/$(DEPDIR)/libcrypto_la-e_idea.Plo \ evp/$(DEPDIR)/libcrypto_la-e_null.Plo \ evp/$(DEPDIR)/libcrypto_la-e_rc2.Plo \ evp/$(DEPDIR)/libcrypto_la-e_rc4.Plo \ - evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Plo \ evp/$(DEPDIR)/libcrypto_la-e_sm4.Plo \ evp/$(DEPDIR)/libcrypto_la-e_xcbc_d.Plo \ - evp/$(DEPDIR)/libcrypto_la-encode.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_aead.Plo \ - evp/$(DEPDIR)/libcrypto_la-evp_enc.Plo \ + evp/$(DEPDIR)/libcrypto_la-evp_cipher.Plo \ + evp/$(DEPDIR)/libcrypto_la-evp_digest.Plo \ + evp/$(DEPDIR)/libcrypto_la-evp_encode.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_err.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_key.Plo \ - evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo \ + evp/$(DEPDIR)/libcrypto_la-evp_names.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo \ evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo \ evp/$(DEPDIR)/libcrypto_la-m_md4.Plo \ evp/$(DEPDIR)/libcrypto_la-m_md5.Plo \ evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo \ @@ -1313,35 +1270,14 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ evp/$(DEPDIR)/libcrypto_la-m_sha3.Plo \ evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo \ evp/$(DEPDIR)/libcrypto_la-m_sm3.Plo \ - evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo \ evp/$(DEPDIR)/libcrypto_la-m_wp.Plo \ - evp/$(DEPDIR)/libcrypto_la-names.Plo \ - evp/$(DEPDIR)/libcrypto_la-p5_crpt.Plo \ - evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Plo \ - evp/$(DEPDIR)/libcrypto_la-p_dec.Plo \ - evp/$(DEPDIR)/libcrypto_la-p_enc.Plo \ + evp/$(DEPDIR)/libcrypto_la-p_legacy.Plo \ evp/$(DEPDIR)/libcrypto_la-p_lib.Plo \ - evp/$(DEPDIR)/libcrypto_la-p_open.Plo \ - evp/$(DEPDIR)/libcrypto_la-p_seal.Plo \ evp/$(DEPDIR)/libcrypto_la-p_sign.Plo \ evp/$(DEPDIR)/libcrypto_la-p_verify.Plo \ evp/$(DEPDIR)/libcrypto_la-pmeth_fn.Plo \ evp/$(DEPDIR)/libcrypto_la-pmeth_gn.Plo \ evp/$(DEPDIR)/libcrypto_la-pmeth_lib.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost2814789.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost89_params.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost_asn1.Plo \ - gost/$(DEPDIR)/libcrypto_la-gost_err.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341001.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Plo \ - gost/$(DEPDIR)/libcrypto_la-gostr341194.Plo \ - gost/$(DEPDIR)/libcrypto_la-streebog.Plo \ hkdf/$(DEPDIR)/libcrypto_la-hkdf.Plo \ hmac/$(DEPDIR)/libcrypto_la-hm_ameth.Plo \ hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo \ @@ -1353,7 +1289,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ idea/$(DEPDIR)/libcrypto_la-i_skey.Plo \ kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo \ kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo \ - lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo \ lhash/$(DEPDIR)/libcrypto_la-lhash.Plo \ md4/$(DEPDIR)/libcrypto_la-md4.Plo \ md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo \ @@ -1373,7 +1308,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ modes/$(DEPDIR)/libcrypto_la-ghash-mingw64-x86_64.Plo \ modes/$(DEPDIR)/libcrypto_la-ofb128.Plo \ modes/$(DEPDIR)/libcrypto_la-xts128.Plo \ - objects/$(DEPDIR)/libcrypto_la-o_names.Plo \ objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo \ objects/$(DEPDIR)/libcrypto_la-obj_err.Plo \ objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo \ @@ -1401,7 +1335,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcrypto_la-armcap.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_add.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_asn.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_attr.Plo \ - pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_decr.Plo \ pkcs12/$(DEPDIR)/libcrypto_la-p12_init.Plo \ @@ -1766,9 +1699,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(abs_top_builddir)/include \ -I$(top_srcdir)/crypto/dsa -I$(top_srcdir)/crypto/ec \ -I$(top_srcdir)/crypto/ecdh -I$(top_srcdir)/crypto/ecdsa \ -I$(top_srcdir)/crypto/evp -I$(top_srcdir)/crypto/hmac \ - -I$(top_srcdir)/crypto/modes -I$(top_srcdir)/crypto/ocsp \ - -I$(top_srcdir)/crypto/pkcs12 -I$(top_srcdir)/crypto/rsa \ - -I$(top_srcdir)/crypto/sha -I$(top_srcdir)/crypto/x509 \ + -I$(top_srcdir)/crypto/lhash -I$(top_srcdir)/crypto/modes \ + -I$(top_srcdir)/crypto/ocsp -I$(top_srcdir)/crypto/pkcs12 \ + -I$(top_srcdir)/crypto/rsa -I$(top_srcdir)/crypto/sha \ + -I$(top_srcdir)/crypto/stack -I$(top_srcdir)/crypto/x509 \ -I$(top_srcdir)/crypto noinst_LTLIBRARIES = libcompat.la $(am__append_1) $(am__append_5) @ENABLE_LIBTLS_ONLY_FALSE@lib_LTLIBRARIES = libcrypto.la @@ -1818,22 +1752,21 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ compat/arc4random_linux.h compat/arc4random_netbsd.h \ compat/arc4random_osx.h compat/arc4random_solaris.h \ compat/arc4random_win.h compat/chacha_private.h arm_arch.h \ - constant_time.h cryptlib.h crypto_internal.h md32_common.h \ - x86_arch.h aes/aes_local.h asn1/asn1_local.h asn1/charmap.h \ - bf/bf_local.h bio/bio_local.h bn/bn_internal.h bn/bn_local.h \ - bn/bn_prime.h bn/s2n_bignum.h bn/s2n_bignum_internal.h \ - bn/arch/aarch64/bn_arch.h bn/arch/arm/bn_arch.h \ - bn/arch/i386/bn_arch.h bn/arch/mips/bn_arch.h \ - bn/arch/mips64/bn_arch.h bn/arch/powerpc/bn_arch.h \ - bn/arch/powerpc64/bn_arch.h bn/arch/riscv64/bn_arch.h \ - bn/arch/sparc64/bn_arch.h bn/arch/amd64/bn_arch.h \ - bytestring/bytestring.h camellia/camellia.h \ - camellia/cmll_local.h cast/cast_local.h cast/cast_s.h \ - cms/cms_local.h conf/conf_def.h ct/ct_local.h \ + constant_time.h cryptlib.h crypto_internal.h crypto_local.h \ + md32_common.h x86_arch.h aes/aes_local.h asn1/asn1_local.h \ + asn1/charmap.h bf/bf_local.h bio/bio_local.h bn/bn_internal.h \ + bn/bn_local.h bn/bn_prime.h bn/s2n_bignum.h \ + bn/s2n_bignum_internal.h bn/arch/aarch64/bn_arch.h \ + bn/arch/arm/bn_arch.h bn/arch/i386/bn_arch.h \ + bn/arch/mips/bn_arch.h bn/arch/mips64/bn_arch.h \ + bn/arch/powerpc/bn_arch.h bn/arch/powerpc64/bn_arch.h \ + bn/arch/riscv64/bn_arch.h bn/arch/sparc64/bn_arch.h \ + bn/arch/amd64/bn_arch.h bytestring/bytestring.h \ + camellia/camellia.h camellia/cmll_local.h cast/cast_local.h \ + cast/cast_s.h cms/cms_local.h conf/conf_def.h ct/ct_local.h \ curve25519/curve25519_internal.h des/des_local.h des/spr.h \ dh/dh_local.h dsa/dsa_local.h ec/ec_local.h \ - ecdsa/ecdsa_local.h evp/evp_local.h gost/gost_asn1.h \ - gost/gost_local.h hidden/crypto_namespace.h \ + ecdsa/ecdsa_local.h evp/evp_local.h hidden/crypto_namespace.h \ hidden/openssl/asn1.h hidden/openssl/asn1t.h \ hidden/openssl/bio.h hidden/openssl/bn.h \ hidden/openssl/buffer.h hidden/openssl/cast.h \ @@ -1842,24 +1775,25 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ hidden/openssl/crypto.h hidden/openssl/ct.h \ hidden/openssl/curve25519.h hidden/openssl/dh.h \ hidden/openssl/dsa.h hidden/openssl/ec.h hidden/openssl/err.h \ - hidden/openssl/gost.h hidden/openssl/hkdf.h \ - hidden/openssl/hmac.h hidden/openssl/idea.h \ - hidden/openssl/lhash.h hidden/openssl/md4.h \ - hidden/openssl/md5.h hidden/openssl/modes.h \ - hidden/openssl/objects.h hidden/openssl/ocsp.h \ - hidden/openssl/pem.h hidden/openssl/pkcs12.h \ - hidden/openssl/pkcs7.h hidden/openssl/poly1305.h \ + hidden/openssl/hkdf.h hidden/openssl/hmac.h \ + hidden/openssl/idea.h hidden/openssl/lhash.h \ + hidden/openssl/md4.h hidden/openssl/md5.h \ + hidden/openssl/modes.h hidden/openssl/objects.h \ + hidden/openssl/ocsp.h hidden/openssl/pem.h \ + hidden/openssl/pkcs12.h hidden/openssl/pkcs7.h \ + hidden/openssl/poly1305.h hidden/openssl/posix_time.h \ hidden/openssl/rand.h hidden/openssl/rc2.h \ hidden/openssl/rsa.h hidden/openssl/sha.h hidden/openssl/sm3.h \ hidden/openssl/sm4.h hidden/openssl/stack.h \ hidden/openssl/ts.h hidden/openssl/txt_db.h \ hidden/openssl/ui.h hidden/openssl/x509.h \ hidden/openssl/x509_vfy.h hidden/openssl/x509v3.h \ - hmac/hmac_local.h idea/idea_local.h modes/modes_local.h \ - objects/obj_dat.h ocsp/ocsp_local.h pkcs12/pkcs12_local.h \ - rc2/rc2_local.h rc4/rc4_local.h rsa/rsa_local.h \ - sha/sha_internal.h sha/sha3_internal.h ts/ts_local.h \ - ui/ui_local.h whrlpool/wp_local.h x509/x509_internal.h \ + hmac/hmac_local.h idea/idea_local.h lhash/lhash_local.h \ + modes/modes_local.h objects/obj_dat.h ocsp/ocsp_local.h \ + pkcs12/pkcs12_local.h rc2/rc2_local.h rc4/rc4_local.h \ + rsa/rsa_local.h sha/sha_internal.h sha/sha3_internal.h \ + stack/stack_local.h ts/ts_local.h ui/ui_local.h \ + whrlpool/wp_local.h x509/x509_internal.h \ x509/x509_issuer_cache.h x509/x509_local.h x509/x509_verify.h # aes @@ -1908,8 +1842,6 @@ noinst_HEADERS = compat/arc4random.h compat/arc4random_aix.h \ # evp -# gost - # hkdf # hmac @@ -1972,89 +1904,77 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ asn1/a_object.c asn1/a_octet.c asn1/a_pkey.c asn1/a_print.c \ asn1/a_pubkey.c asn1/a_strex.c asn1/a_string.c asn1/a_strnid.c \ asn1/a_time.c asn1/a_time_posix.c asn1/a_time_tm.c \ - asn1/a_type.c asn1/a_utf8.c asn1/ameth_lib.c asn1/asn1_err.c \ - asn1/asn1_gen.c asn1/asn1_item.c asn1/asn1_lib.c \ - asn1/asn1_old.c asn1/asn1_old_lib.c asn1/asn1_par.c \ - asn1/asn1_types.c asn1/asn_mime.c asn1/asn_moid.c \ - asn1/bio_asn1.c asn1/bio_ndef.c asn1/p5_pbe.c asn1/p5_pbev2.c \ - asn1/p8_pkey.c asn1/t_crl.c asn1/t_req.c asn1/t_spki.c \ - asn1/t_x509.c asn1/t_x509a.c asn1/tasn_dec.c asn1/tasn_enc.c \ - asn1/tasn_fre.c asn1/tasn_new.c asn1/tasn_prn.c \ - asn1/tasn_typ.c asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c \ - asn1/x_bignum.c asn1/x_crl.c asn1/x_exten.c asn1/x_info.c \ - asn1/x_long.c asn1/x_name.c asn1/x_pkey.c asn1/x_pubkey.c \ - asn1/x_req.c asn1/x_sig.c asn1/x_spki.c asn1/x_val.c \ - asn1/x_x509.c asn1/x_x509a.c bf/bf_cfb64.c bf/bf_ecb.c \ - bf/bf_enc.c bf/bf_ofb64.c bf/bf_skey.c bio/b_dump.c \ - $(am__append_54) bio/b_print.c bio/b_sock.c $(am__append_55) \ - bio/bf_buff.c bio/bf_nbio.c bio/bf_null.c bio/bio_cb.c \ - bio/bio_err.c bio/bio_lib.c bio/bio_meth.c bio/bss_acpt.c \ - bio/bss_bio.c bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c \ - bio/bss_file.c $(am__append_56) bio/bss_mem.c bio/bss_null.c \ - bio/bss_sock.c bn/bn_add.c bn/bn_bpsw.c bn/bn_const.c \ - bn/bn_convert.c bn/bn_ctx.c bn/bn_div.c bn/bn_err.c \ - bn/bn_exp.c bn/bn_gcd.c bn/bn_isqrt.c bn/bn_kron.c bn/bn_lib.c \ - bn/bn_mod.c bn/bn_mod_sqrt.c bn/bn_mont.c bn/bn_mul.c \ - bn/bn_prime.c bn/bn_primitives.c bn/bn_print.c bn/bn_rand.c \ - bn/bn_recp.c bn/bn_shift.c bn/bn_small_primes.c bn/bn_sqr.c \ - bn/bn_word.c buffer/buf_err.c buffer/buffer.c \ - bytestring/bs_ber.c bytestring/bs_cbb.c bytestring/bs_cbs.c \ - camellia/cmll_cfb.c camellia/cmll_ctr.c camellia/cmll_ecb.c \ - camellia/cmll_misc.c camellia/cmll_ofb.c cast/c_cfb64.c \ - cast/c_ecb.c cast/c_enc.c cast/c_ofb64.c cast/c_skey.c \ - chacha/chacha.c cmac/cm_ameth.c cmac/cm_pmeth.c cmac/cmac.c \ - cms/cms_asn1.c cms/cms_att.c cms/cms_dd.c cms/cms_enc.c \ - cms/cms_env.c cms/cms_err.c cms/cms_ess.c cms/cms_io.c \ - cms/cms_kari.c cms/cms_lib.c cms/cms_pwri.c cms/cms_sd.c \ - cms/cms_smime.c conf/conf_api.c conf/conf_def.c \ - conf/conf_err.c conf/conf_lib.c conf/conf_mall.c \ - conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c ct/ct_err.c \ - ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c ct/ct_sct.c \ - ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ + asn1/a_type.c asn1/a_utf8.c asn1/asn1_err.c asn1/asn1_gen.c \ + asn1/asn1_item.c asn1/asn1_lib.c asn1/asn1_old.c \ + asn1/asn1_old_lib.c asn1/asn1_par.c asn1/asn1_types.c \ + asn1/asn_mime.c asn1/asn_moid.c asn1/bio_asn1.c \ + asn1/bio_ndef.c asn1/p5_pbe.c asn1/p5_pbev2.c asn1/p8_pkey.c \ + asn1/t_crl.c asn1/t_req.c asn1/t_spki.c asn1/t_x509.c \ + asn1/t_x509a.c asn1/tasn_dec.c asn1/tasn_enc.c asn1/tasn_fre.c \ + asn1/tasn_new.c asn1/tasn_prn.c asn1/tasn_typ.c \ + asn1/tasn_utl.c asn1/x_algor.c asn1/x_attrib.c asn1/x_bignum.c \ + asn1/x_crl.c asn1/x_exten.c asn1/x_info.c asn1/x_long.c \ + asn1/x_name.c asn1/x_pkey.c asn1/x_pubkey.c asn1/x_req.c \ + asn1/x_sig.c asn1/x_spki.c asn1/x_val.c asn1/x_x509.c \ + asn1/x_x509a.c bf/bf_cfb64.c bf/bf_ecb.c bf/bf_enc.c \ + bf/bf_ofb64.c bf/bf_skey.c bio/b_dump.c $(am__append_54) \ + bio/b_print.c bio/b_sock.c $(am__append_55) bio/bf_buff.c \ + bio/bf_nbio.c bio/bf_null.c bio/bio_cb.c bio/bio_err.c \ + bio/bio_lib.c bio/bio_meth.c bio/bss_acpt.c bio/bss_bio.c \ + bio/bss_conn.c bio/bss_dgram.c bio/bss_fd.c bio/bss_file.c \ + $(am__append_56) bio/bss_mem.c bio/bss_null.c bio/bss_sock.c \ + bn/bn_add.c bn/bn_bpsw.c bn/bn_const.c bn/bn_convert.c \ + bn/bn_ctx.c bn/bn_div.c bn/bn_err.c bn/bn_exp.c bn/bn_gcd.c \ + bn/bn_isqrt.c bn/bn_kron.c bn/bn_lib.c bn/bn_mod.c \ + bn/bn_mod_sqrt.c bn/bn_mont.c bn/bn_mul.c bn/bn_prime.c \ + bn/bn_primitives.c bn/bn_print.c bn/bn_rand.c bn/bn_recp.c \ + bn/bn_shift.c bn/bn_small_primes.c bn/bn_sqr.c bn/bn_word.c \ + buffer/buf_err.c buffer/buffer.c bytestring/bs_ber.c \ + bytestring/bs_cbb.c bytestring/bs_cbs.c camellia/cmll_cfb.c \ + camellia/cmll_ctr.c camellia/cmll_ecb.c camellia/cmll_misc.c \ + camellia/cmll_ofb.c cast/c_cfb64.c cast/c_ecb.c cast/c_enc.c \ + cast/c_ofb64.c cast/c_skey.c chacha/chacha.c cmac/cm_ameth.c \ + cmac/cm_pmeth.c cmac/cmac.c cms/cms_asn1.c cms/cms_att.c \ + cms/cms_dd.c cms/cms_enc.c cms/cms_env.c cms/cms_err.c \ + cms/cms_ess.c cms/cms_io.c cms/cms_kari.c cms/cms_lib.c \ + cms/cms_pwri.c cms/cms_sd.c cms/cms_smime.c conf/conf_api.c \ + conf/conf_def.c conf/conf_err.c conf/conf_lib.c \ + conf/conf_mall.c conf/conf_mod.c conf/conf_sap.c ct/ct_b64.c \ + ct/ct_err.c ct/ct_log.c ct/ct_oct.c ct/ct_policy.c ct/ct_prn.c \ + ct/ct_sct.c ct/ct_sct_ctx.c ct/ct_vfy.c ct/ct_x509v3.c \ curve25519/curve25519-generic.c curve25519/curve25519.c \ des/cbc_cksm.c des/cbc_enc.c des/cfb64ede.c des/cfb64enc.c \ des/cfb_enc.c des/des_enc.c des/ecb3_enc.c des/ecb_enc.c \ des/ede_cbcm_enc.c des/enc_read.c des/enc_writ.c des/fcrypt.c \ des/fcrypt_b.c des/ofb64ede.c des/ofb64enc.c des/ofb_enc.c \ - des/pcbc_enc.c des/qud_cksm.c des/rand_key.c des/set_key.c \ - des/str2key.c des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c \ - dh/dh_check.c dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c \ - dh/dh_pmeth.c dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_err.c \ - dsa/dsa_gen.c dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_meth.c \ - dsa/dsa_ossl.c dsa/dsa_pmeth.c dsa/dsa_prn.c ec/ec_ameth.c \ - ec/ec_asn1.c ec/ec_check.c ec/ec_curve.c ec/ec_cvt.c \ - ec/ec_err.c ec/ec_key.c ec/ec_kmeth.c ec/ec_lib.c ec/ec_mult.c \ - ec/ec_oct.c ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c \ - ec/ecp_mont.c ec/ecp_oct.c ec/ecp_smpl.c ec/ecx_methods.c \ - ecdh/ecdh.c ecdsa/ecdsa.c engine/engine_stubs.c err/err.c \ - err/err_all.c err/err_prn.c evp/bio_b64.c evp/bio_enc.c \ - evp/bio_md.c evp/c_all.c evp/cipher_method_lib.c evp/digest.c \ - evp/e_aes.c evp/e_aes_cbc_hmac_sha1.c evp/e_bf.c \ - evp/e_camellia.c evp/e_cast.c evp/e_chacha.c \ - evp/e_chacha20poly1305.c evp/e_des.c evp/e_des3.c \ - evp/e_gost2814789.c evp/e_idea.c evp/e_null.c evp/e_rc2.c \ - evp/e_rc4.c evp/e_rc4_hmac_md5.c evp/e_sm4.c evp/e_xcbc_d.c \ - evp/encode.c evp/evp_aead.c evp/evp_enc.c evp/evp_err.c \ - evp/evp_key.c evp/evp_lib.c evp/evp_pbe.c evp/evp_pkey.c \ - evp/m_gost2814789.c evp/m_gostr341194.c evp/m_md4.c \ + des/pcbc_enc.c des/qud_cksm.c des/set_key.c des/str2key.c \ + des/xcbc_enc.c dh/dh_ameth.c dh/dh_asn1.c dh/dh_check.c \ + dh/dh_err.c dh/dh_gen.c dh/dh_key.c dh/dh_lib.c dh/dh_pmeth.c \ + dsa/dsa_ameth.c dsa/dsa_asn1.c dsa/dsa_err.c dsa/dsa_gen.c \ + dsa/dsa_key.c dsa/dsa_lib.c dsa/dsa_meth.c dsa/dsa_ossl.c \ + dsa/dsa_pmeth.c dsa/dsa_prn.c ec/ec_ameth.c ec/ec_asn1.c \ + ec/ec_check.c ec/ec_curve.c ec/ec_cvt.c ec/ec_err.c \ + ec/ec_key.c ec/ec_kmeth.c ec/ec_lib.c ec/ec_mult.c ec/ec_oct.c \ + ec/ec_pmeth.c ec/ec_print.c ec/eck_prn.c ec/ecp_mont.c \ + ec/ecp_oct.c ec/ecp_smpl.c ec/ecx_methods.c ecdh/ecdh.c \ + ecdsa/ecdsa.c engine/engine_stubs.c err/err.c err/err_all.c \ + err/err_prn.c evp/bio_b64.c evp/bio_enc.c evp/bio_md.c \ + evp/e_aes.c evp/e_bf.c evp/e_camellia.c evp/e_cast.c \ + evp/e_chacha.c evp/e_chacha20poly1305.c evp/e_des.c \ + evp/e_des3.c evp/e_idea.c evp/e_null.c evp/e_rc2.c evp/e_rc4.c \ + evp/e_sm4.c evp/e_xcbc_d.c evp/evp_aead.c evp/evp_cipher.c \ + evp/evp_digest.c evp/evp_encode.c evp/evp_err.c evp/evp_key.c \ + evp/evp_names.c evp/evp_pbe.c evp/evp_pkey.c evp/m_md4.c \ evp/m_md5.c evp/m_md5_sha1.c evp/m_null.c evp/m_ripemd.c \ - evp/m_sha1.c evp/m_sha3.c evp/m_sigver.c evp/m_streebog.c \ - evp/m_sm3.c evp/m_wp.c evp/names.c evp/p5_crpt.c \ - evp/p5_crpt2.c evp/p_dec.c evp/p_enc.c evp/p_lib.c \ - evp/p_open.c evp/p_seal.c evp/p_sign.c evp/p_verify.c \ - evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ - gost/gost2814789.c gost/gost89_keywrap.c gost/gost89_params.c \ - gost/gost89imit_ameth.c gost/gost89imit_pmeth.c \ - gost/gost_asn1.c gost/gost_err.c gost/gostr341001.c \ - gost/gostr341001_ameth.c gost/gostr341001_key.c \ - gost/gostr341001_params.c gost/gostr341001_pmeth.c \ - gost/gostr341194.c gost/streebog.c hkdf/hkdf.c hmac/hm_ameth.c \ - hmac/hm_pmeth.c hmac/hmac.c idea/i_cbc.c idea/i_cfb64.c \ - idea/i_ecb.c idea/i_ofb64.c idea/i_skey.c kdf/hkdf_evp.c \ - kdf/kdf_err.c lhash/lh_stats.c lhash/lhash.c md4/md4.c \ - md5/md5.c modes/cbc128.c modes/ccm128.c modes/cfb128.c \ - modes/ctr128.c modes/gcm128.c modes/ofb128.c modes/xts128.c \ - objects/o_names.c objects/obj_dat.c objects/obj_err.c \ + evp/m_sha1.c evp/m_sha3.c evp/m_sigver.c evp/m_sm3.c \ + evp/m_wp.c evp/p_legacy.c evp/p_lib.c evp/p_sign.c \ + evp/p_verify.c evp/pmeth_fn.c evp/pmeth_gn.c evp/pmeth_lib.c \ + hkdf/hkdf.c hmac/hm_ameth.c hmac/hm_pmeth.c hmac/hmac.c \ + idea/i_cbc.c idea/i_cfb64.c idea/i_ecb.c idea/i_ofb64.c \ + idea/i_skey.c kdf/hkdf_evp.c kdf/kdf_err.c lhash/lhash.c \ + md4/md4.c md5/md5.c modes/cbc128.c modes/ccm128.c \ + modes/cfb128.c modes/ctr128.c modes/gcm128.c modes/ofb128.c \ + modes/xts128.c objects/obj_dat.c objects/obj_err.c \ objects/obj_lib.c objects/obj_xref.c ocsp/ocsp_asn.c \ ocsp/ocsp_cl.c ocsp/ocsp_err.c ocsp/ocsp_ext.c ocsp/ocsp_ht.c \ ocsp/ocsp_lib.c ocsp/ocsp_prn.c ocsp/ocsp_srv.c \ @@ -2062,22 +1982,22 @@ libcrypto_la_SOURCES = $(am__append_37) $(am__append_39) \ pem/pem_lib.c pem/pem_oth.c pem/pem_pk8.c pem/pem_pkey.c \ pem/pem_sign.c pem/pem_x509.c pem/pem_xaux.c pem/pvkfmt.c \ pkcs12/p12_add.c pkcs12/p12_asn.c pkcs12/p12_attr.c \ - pkcs12/p12_crpt.c pkcs12/p12_crt.c pkcs12/p12_decr.c \ - pkcs12/p12_init.c pkcs12/p12_key.c pkcs12/p12_kiss.c \ - pkcs12/p12_mutl.c pkcs12/p12_npas.c pkcs12/p12_p8d.c \ - pkcs12/p12_p8e.c pkcs12/p12_sbag.c pkcs12/p12_utl.c \ - pkcs12/pk12err.c pkcs7/pk7_asn1.c pkcs7/pk7_attr.c \ - pkcs7/pk7_doit.c pkcs7/pk7_lib.c pkcs7/pk7_mime.c \ - pkcs7/pk7_smime.c pkcs7/pkcs7err.c poly1305/poly1305.c \ - rand/rand_err.c rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c \ - rc2/rc2_ecb.c rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c \ - ripemd/ripemd.c rsa/rsa_ameth.c rsa/rsa_asn1.c \ - rsa/rsa_blinding.c rsa/rsa_chk.c rsa/rsa_eay.c rsa/rsa_err.c \ - rsa/rsa_gen.c rsa/rsa_lib.c rsa/rsa_meth.c rsa/rsa_none.c \ - rsa/rsa_oaep.c rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c \ - rsa/rsa_pss.c rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_x931.c \ - sha/sha1.c sha/sha256.c sha/sha3.c sha/sha512.c sm3/sm3.c \ - sm4/sm4.c stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \ + pkcs12/p12_crt.c pkcs12/p12_decr.c pkcs12/p12_init.c \ + pkcs12/p12_key.c pkcs12/p12_kiss.c pkcs12/p12_mutl.c \ + pkcs12/p12_npas.c pkcs12/p12_p8d.c pkcs12/p12_p8e.c \ + pkcs12/p12_sbag.c pkcs12/p12_utl.c pkcs12/pk12err.c \ + pkcs7/pk7_asn1.c pkcs7/pk7_attr.c pkcs7/pk7_doit.c \ + pkcs7/pk7_lib.c pkcs7/pk7_mime.c pkcs7/pk7_smime.c \ + pkcs7/pkcs7err.c poly1305/poly1305.c rand/rand_err.c \ + rand/rand_lib.c rand/randfile.c rc2/rc2_cbc.c rc2/rc2_ecb.c \ + rc2/rc2_skey.c rc2/rc2cfb64.c rc2/rc2ofb64.c ripemd/ripemd.c \ + rsa/rsa_ameth.c rsa/rsa_asn1.c rsa/rsa_blinding.c \ + rsa/rsa_chk.c rsa/rsa_eay.c rsa/rsa_err.c rsa/rsa_gen.c \ + rsa/rsa_lib.c rsa/rsa_meth.c rsa/rsa_none.c rsa/rsa_oaep.c \ + rsa/rsa_pk1.c rsa/rsa_pmeth.c rsa/rsa_prn.c rsa/rsa_pss.c \ + rsa/rsa_saos.c rsa/rsa_sign.c rsa/rsa_x931.c sha/sha1.c \ + sha/sha256.c sha/sha3.c sha/sha512.c sm3/sm3.c sm4/sm4.c \ + stack/stack.c ts/ts_asn1.c ts/ts_conf.c ts/ts_err.c \ ts/ts_lib.c ts/ts_req_print.c ts/ts_req_utils.c \ ts/ts_rsp_print.c ts/ts_rsp_sign.c ts/ts_rsp_utils.c \ ts/ts_rsp_verify.c ts/ts_verify_ctx.c txt_db/txt_db.c \ @@ -2636,8 +2556,6 @@ asn1/libcrypto_la-a_type.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-a_utf8.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) -asn1/libcrypto_la-ameth_lib.lo: asn1/$(am__dirstamp) \ - asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_err.lo: asn1/$(am__dirstamp) \ asn1/$(DEPDIR)/$(am__dirstamp) asn1/libcrypto_la-asn1_gen.lo: asn1/$(am__dirstamp) \ @@ -3039,8 +2957,6 @@ des/libcrypto_la-pcbc_enc.lo: des/$(am__dirstamp) \ des/$(DEPDIR)/$(am__dirstamp) des/libcrypto_la-qud_cksm.lo: des/$(am__dirstamp) \ des/$(DEPDIR)/$(am__dirstamp) -des/libcrypto_la-rand_key.lo: des/$(am__dirstamp) \ - des/$(DEPDIR)/$(am__dirstamp) des/libcrypto_la-set_key.lo: des/$(am__dirstamp) \ des/$(DEPDIR)/$(am__dirstamp) des/libcrypto_la-str2key.lo: des/$(am__dirstamp) \ @@ -3185,16 +3101,8 @@ evp/libcrypto_la-bio_enc.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-bio_md.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-c_all.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-cipher_method_lib.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-digest.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_aes.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_bf.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_camellia.lo: evp/$(am__dirstamp) \ @@ -3209,8 +3117,6 @@ evp/libcrypto_la-e_des.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_des3.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-e_gost2814789.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_idea.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_null.lo: evp/$(am__dirstamp) \ @@ -3219,32 +3125,28 @@ evp/libcrypto_la-e_rc2.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_rc4.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-e_rc4_hmac_md5.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_sm4.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-e_xcbc_d.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-encode.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_aead.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-evp_enc.lo: evp/$(am__dirstamp) \ +evp/libcrypto_la-evp_cipher.lo: evp/$(am__dirstamp) \ + evp/$(DEPDIR)/$(am__dirstamp) +evp/libcrypto_la-evp_digest.lo: evp/$(am__dirstamp) \ + evp/$(DEPDIR)/$(am__dirstamp) +evp/libcrypto_la-evp_encode.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_err.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_key.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-evp_lib.lo: evp/$(am__dirstamp) \ +evp/libcrypto_la-evp_names.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_pbe.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-evp_pkey.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_gost2814789.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_gostr341194.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_md4.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_md5.lo: evp/$(am__dirstamp) \ @@ -3261,28 +3163,14 @@ evp/libcrypto_la-m_sha3.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_sigver.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-m_streebog.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_sm3.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-m_wp.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-names.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p5_crpt.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p5_crpt2.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p_dec.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p_enc.lo: evp/$(am__dirstamp) \ +evp/libcrypto_la-p_legacy.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-p_lib.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p_open.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) -evp/libcrypto_la-p_seal.lo: evp/$(am__dirstamp) \ - evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-p_sign.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-p_verify.lo: evp/$(am__dirstamp) \ @@ -3293,40 +3181,6 @@ evp/libcrypto_la-pmeth_gn.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) evp/libcrypto_la-pmeth_lib.lo: evp/$(am__dirstamp) \ evp/$(DEPDIR)/$(am__dirstamp) -gost/$(am__dirstamp): - @$(MKDIR_P) gost - @: > gost/$(am__dirstamp) -gost/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) gost/$(DEPDIR) - @: > gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost2814789.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost89_keywrap.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost89_params.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost89imit_ameth.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost89imit_pmeth.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost_asn1.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gost_err.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341001.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341001_ameth.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341001_key.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341001_params.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341001_pmeth.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-gostr341194.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) -gost/libcrypto_la-streebog.lo: gost/$(am__dirstamp) \ - gost/$(DEPDIR)/$(am__dirstamp) hkdf/$(am__dirstamp): @$(MKDIR_P) hkdf @: > hkdf/$(am__dirstamp) @@ -3379,8 +3233,6 @@ lhash/$(am__dirstamp): lhash/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) lhash/$(DEPDIR) @: > lhash/$(DEPDIR)/$(am__dirstamp) -lhash/libcrypto_la-lh_stats.lo: lhash/$(am__dirstamp) \ - lhash/$(DEPDIR)/$(am__dirstamp) lhash/libcrypto_la-lhash.lo: lhash/$(am__dirstamp) \ lhash/$(DEPDIR)/$(am__dirstamp) md4/$(am__dirstamp): @@ -3413,8 +3265,6 @@ objects/$(am__dirstamp): objects/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) objects/$(DEPDIR) @: > objects/$(DEPDIR)/$(am__dirstamp) -objects/libcrypto_la-o_names.lo: objects/$(am__dirstamp) \ - objects/$(DEPDIR)/$(am__dirstamp) objects/libcrypto_la-obj_dat.lo: objects/$(am__dirstamp) \ objects/$(DEPDIR)/$(am__dirstamp) objects/libcrypto_la-obj_err.lo: objects/$(am__dirstamp) \ @@ -3487,8 +3337,6 @@ pkcs12/libcrypto_la-p12_asn.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-p12_attr.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) -pkcs12/libcrypto_la-p12_crpt.lo: pkcs12/$(am__dirstamp) \ - pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-p12_crt.lo: pkcs12/$(am__dirstamp) \ pkcs12/$(DEPDIR)/$(am__dirstamp) pkcs12/libcrypto_la-p12_decr.lo: pkcs12/$(am__dirstamp) \ @@ -3885,8 +3733,6 @@ mostlyclean-compile: -rm -f err/*.lo -rm -f evp/*.$(OBJEXT) -rm -f evp/*.lo - -rm -f gost/*.$(OBJEXT) - -rm -f gost/*.lo -rm -f hkdf/*.$(OBJEXT) -rm -f hkdf/*.lo -rm -f hmac/*.$(OBJEXT) @@ -4012,7 +3858,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_type.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo@am__quote@ # am--include-marker @@ -4241,7 +4086,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-ofb_enc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-pcbc_enc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-qud_cksm.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-rand_key.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-set_key.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-str2key.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@des/$(DEPDIR)/libcrypto_la-xcbc_enc.Plo@am__quote@ # am--include-marker @@ -4290,11 +4134,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-bio_b64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-bio_enc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-bio_md.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-c_all.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-digest.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_aes.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_bf.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_camellia.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_cast.Plo@am__quote@ # am--include-marker @@ -4302,24 +4142,21 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_chacha20poly1305.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_des.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_des3.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_idea.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_null.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_rc2.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_rc4.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_sm4.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-e_xcbc_d.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-encode.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_aead.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_enc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_cipher.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_digest.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_encode.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_key.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_names.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md4.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md5.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo@am__quote@ # am--include-marker @@ -4329,35 +4166,14 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sha3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_sm3.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-m_wp.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-names.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p5_crpt.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_dec.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_enc.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_legacy.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_lib.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_open.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_seal.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_sign.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-p_verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-pmeth_fn.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-pmeth_gn.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@evp/$(DEPDIR)/libcrypto_la-pmeth_lib.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost2814789.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost89_params.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost_asn1.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gost_err.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341001.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-gostr341194.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@gost/$(DEPDIR)/libcrypto_la-streebog.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@hkdf/$(DEPDIR)/libcrypto_la-hkdf.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hm_ameth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo@am__quote@ # am--include-marker @@ -4369,7 +4185,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@idea/$(DEPDIR)/libcrypto_la-i_skey.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lhash/$(DEPDIR)/libcrypto_la-lhash.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@md4/$(DEPDIR)/libcrypto_la-md4.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo@am__quote@ # am--include-marker @@ -4389,7 +4204,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ghash-mingw64-x86_64.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-ofb128.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@modes/$(DEPDIR)/libcrypto_la-xts128.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-o_names.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_err.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo@am__quote@ # am--include-marker @@ -4417,7 +4231,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_add.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_asn.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_attr.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_decr.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pkcs12/$(DEPDIR)/libcrypto_la-p12_init.Plo@am__quote@ # am--include-marker @@ -5614,13 +5427,6 @@ asn1/libcrypto_la-a_utf8.lo: asn1/a_utf8.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-a_utf8.lo `test -f 'asn1/a_utf8.c' || echo '$(srcdir)/'`asn1/a_utf8.c -asn1/libcrypto_la-ameth_lib.lo: asn1/ameth_lib.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-ameth_lib.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Tpo -c -o asn1/libcrypto_la-ameth_lib.lo `test -f 'asn1/ameth_lib.c' || echo '$(srcdir)/'`asn1/ameth_lib.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Tpo asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='asn1/ameth_lib.c' object='asn1/libcrypto_la-ameth_lib.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1/libcrypto_la-ameth_lib.lo `test -f 'asn1/ameth_lib.c' || echo '$(srcdir)/'`asn1/ameth_lib.c - asn1/libcrypto_la-asn1_err.lo: asn1/asn1_err.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1/libcrypto_la-asn1_err.lo -MD -MP -MF asn1/$(DEPDIR)/libcrypto_la-asn1_err.Tpo -c -o asn1/libcrypto_la-asn1_err.lo `test -f 'asn1/asn1_err.c' || echo '$(srcdir)/'`asn1/asn1_err.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) asn1/$(DEPDIR)/libcrypto_la-asn1_err.Tpo asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo @@ -6769,13 +6575,6 @@ des/libcrypto_la-qud_cksm.lo: des/qud_cksm.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des/libcrypto_la-qud_cksm.lo `test -f 'des/qud_cksm.c' || echo '$(srcdir)/'`des/qud_cksm.c -des/libcrypto_la-rand_key.lo: des/rand_key.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des/libcrypto_la-rand_key.lo -MD -MP -MF des/$(DEPDIR)/libcrypto_la-rand_key.Tpo -c -o des/libcrypto_la-rand_key.lo `test -f 'des/rand_key.c' || echo '$(srcdir)/'`des/rand_key.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) des/$(DEPDIR)/libcrypto_la-rand_key.Tpo des/$(DEPDIR)/libcrypto_la-rand_key.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='des/rand_key.c' object='des/libcrypto_la-rand_key.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des/libcrypto_la-rand_key.lo `test -f 'des/rand_key.c' || echo '$(srcdir)/'`des/rand_key.c - des/libcrypto_la-set_key.lo: des/set_key.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des/libcrypto_la-set_key.lo -MD -MP -MF des/$(DEPDIR)/libcrypto_la-set_key.Tpo -c -o des/libcrypto_la-set_key.lo `test -f 'des/set_key.c' || echo '$(srcdir)/'`des/set_key.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) des/$(DEPDIR)/libcrypto_la-set_key.Tpo des/$(DEPDIR)/libcrypto_la-set_key.Plo @@ -7112,27 +6911,6 @@ evp/libcrypto_la-bio_md.lo: evp/bio_md.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-bio_md.lo `test -f 'evp/bio_md.c' || echo '$(srcdir)/'`evp/bio_md.c -evp/libcrypto_la-c_all.lo: evp/c_all.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-c_all.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-c_all.Tpo -c -o evp/libcrypto_la-c_all.lo `test -f 'evp/c_all.c' || echo '$(srcdir)/'`evp/c_all.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-c_all.Tpo evp/$(DEPDIR)/libcrypto_la-c_all.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/c_all.c' object='evp/libcrypto_la-c_all.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-c_all.lo `test -f 'evp/c_all.c' || echo '$(srcdir)/'`evp/c_all.c - -evp/libcrypto_la-cipher_method_lib.lo: evp/cipher_method_lib.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-cipher_method_lib.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Tpo -c -o evp/libcrypto_la-cipher_method_lib.lo `test -f 'evp/cipher_method_lib.c' || echo '$(srcdir)/'`evp/cipher_method_lib.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Tpo evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/cipher_method_lib.c' object='evp/libcrypto_la-cipher_method_lib.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-cipher_method_lib.lo `test -f 'evp/cipher_method_lib.c' || echo '$(srcdir)/'`evp/cipher_method_lib.c - -evp/libcrypto_la-digest.lo: evp/digest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-digest.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-digest.Tpo -c -o evp/libcrypto_la-digest.lo `test -f 'evp/digest.c' || echo '$(srcdir)/'`evp/digest.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-digest.Tpo evp/$(DEPDIR)/libcrypto_la-digest.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/digest.c' object='evp/libcrypto_la-digest.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-digest.lo `test -f 'evp/digest.c' || echo '$(srcdir)/'`evp/digest.c - evp/libcrypto_la-e_aes.lo: evp/e_aes.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_aes.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_aes.Tpo -c -o evp/libcrypto_la-e_aes.lo `test -f 'evp/e_aes.c' || echo '$(srcdir)/'`evp/e_aes.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_aes.Tpo evp/$(DEPDIR)/libcrypto_la-e_aes.Plo @@ -7140,13 +6918,6 @@ evp/libcrypto_la-e_aes.lo: evp/e_aes.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_aes.lo `test -f 'evp/e_aes.c' || echo '$(srcdir)/'`evp/e_aes.c -evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo: evp/e_aes_cbc_hmac_sha1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Tpo -c -o evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo `test -f 'evp/e_aes_cbc_hmac_sha1.c' || echo '$(srcdir)/'`evp/e_aes_cbc_hmac_sha1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Tpo evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/e_aes_cbc_hmac_sha1.c' object='evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_aes_cbc_hmac_sha1.lo `test -f 'evp/e_aes_cbc_hmac_sha1.c' || echo '$(srcdir)/'`evp/e_aes_cbc_hmac_sha1.c - evp/libcrypto_la-e_bf.lo: evp/e_bf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_bf.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_bf.Tpo -c -o evp/libcrypto_la-e_bf.lo `test -f 'evp/e_bf.c' || echo '$(srcdir)/'`evp/e_bf.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_bf.Tpo evp/$(DEPDIR)/libcrypto_la-e_bf.Plo @@ -7196,13 +6967,6 @@ evp/libcrypto_la-e_des3.lo: evp/e_des3.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_des3.lo `test -f 'evp/e_des3.c' || echo '$(srcdir)/'`evp/e_des3.c -evp/libcrypto_la-e_gost2814789.lo: evp/e_gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_gost2814789.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Tpo -c -o evp/libcrypto_la-e_gost2814789.lo `test -f 'evp/e_gost2814789.c' || echo '$(srcdir)/'`evp/e_gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Tpo evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/e_gost2814789.c' object='evp/libcrypto_la-e_gost2814789.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_gost2814789.lo `test -f 'evp/e_gost2814789.c' || echo '$(srcdir)/'`evp/e_gost2814789.c - evp/libcrypto_la-e_idea.lo: evp/e_idea.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_idea.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_idea.Tpo -c -o evp/libcrypto_la-e_idea.lo `test -f 'evp/e_idea.c' || echo '$(srcdir)/'`evp/e_idea.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_idea.Tpo evp/$(DEPDIR)/libcrypto_la-e_idea.Plo @@ -7231,13 +6995,6 @@ evp/libcrypto_la-e_rc4.lo: evp/e_rc4.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_rc4.lo `test -f 'evp/e_rc4.c' || echo '$(srcdir)/'`evp/e_rc4.c -evp/libcrypto_la-e_rc4_hmac_md5.lo: evp/e_rc4_hmac_md5.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_rc4_hmac_md5.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Tpo -c -o evp/libcrypto_la-e_rc4_hmac_md5.lo `test -f 'evp/e_rc4_hmac_md5.c' || echo '$(srcdir)/'`evp/e_rc4_hmac_md5.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Tpo evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/e_rc4_hmac_md5.c' object='evp/libcrypto_la-e_rc4_hmac_md5.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_rc4_hmac_md5.lo `test -f 'evp/e_rc4_hmac_md5.c' || echo '$(srcdir)/'`evp/e_rc4_hmac_md5.c - evp/libcrypto_la-e_sm4.lo: evp/e_sm4.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-e_sm4.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-e_sm4.Tpo -c -o evp/libcrypto_la-e_sm4.lo `test -f 'evp/e_sm4.c' || echo '$(srcdir)/'`evp/e_sm4.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-e_sm4.Tpo evp/$(DEPDIR)/libcrypto_la-e_sm4.Plo @@ -7252,13 +7009,6 @@ evp/libcrypto_la-e_xcbc_d.lo: evp/e_xcbc_d.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-e_xcbc_d.lo `test -f 'evp/e_xcbc_d.c' || echo '$(srcdir)/'`evp/e_xcbc_d.c -evp/libcrypto_la-encode.lo: evp/encode.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-encode.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-encode.Tpo -c -o evp/libcrypto_la-encode.lo `test -f 'evp/encode.c' || echo '$(srcdir)/'`evp/encode.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-encode.Tpo evp/$(DEPDIR)/libcrypto_la-encode.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/encode.c' object='evp/libcrypto_la-encode.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-encode.lo `test -f 'evp/encode.c' || echo '$(srcdir)/'`evp/encode.c - evp/libcrypto_la-evp_aead.lo: evp/evp_aead.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_aead.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_aead.Tpo -c -o evp/libcrypto_la-evp_aead.lo `test -f 'evp/evp_aead.c' || echo '$(srcdir)/'`evp/evp_aead.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_aead.Tpo evp/$(DEPDIR)/libcrypto_la-evp_aead.Plo @@ -7266,12 +7016,26 @@ evp/libcrypto_la-evp_aead.lo: evp/evp_aead.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_aead.lo `test -f 'evp/evp_aead.c' || echo '$(srcdir)/'`evp/evp_aead.c -evp/libcrypto_la-evp_enc.lo: evp/evp_enc.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_enc.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_enc.Tpo -c -o evp/libcrypto_la-evp_enc.lo `test -f 'evp/evp_enc.c' || echo '$(srcdir)/'`evp/evp_enc.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_enc.Tpo evp/$(DEPDIR)/libcrypto_la-evp_enc.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_enc.c' object='evp/libcrypto_la-evp_enc.lo' libtool=yes @AMDEPBACKSLASH@ +evp/libcrypto_la-evp_cipher.lo: evp/evp_cipher.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_cipher.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_cipher.Tpo -c -o evp/libcrypto_la-evp_cipher.lo `test -f 'evp/evp_cipher.c' || echo '$(srcdir)/'`evp/evp_cipher.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_cipher.Tpo evp/$(DEPDIR)/libcrypto_la-evp_cipher.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_cipher.c' object='evp/libcrypto_la-evp_cipher.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_cipher.lo `test -f 'evp/evp_cipher.c' || echo '$(srcdir)/'`evp/evp_cipher.c + +evp/libcrypto_la-evp_digest.lo: evp/evp_digest.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_digest.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_digest.Tpo -c -o evp/libcrypto_la-evp_digest.lo `test -f 'evp/evp_digest.c' || echo '$(srcdir)/'`evp/evp_digest.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_digest.Tpo evp/$(DEPDIR)/libcrypto_la-evp_digest.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_digest.c' object='evp/libcrypto_la-evp_digest.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_digest.lo `test -f 'evp/evp_digest.c' || echo '$(srcdir)/'`evp/evp_digest.c + +evp/libcrypto_la-evp_encode.lo: evp/evp_encode.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_encode.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_encode.Tpo -c -o evp/libcrypto_la-evp_encode.lo `test -f 'evp/evp_encode.c' || echo '$(srcdir)/'`evp/evp_encode.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_encode.Tpo evp/$(DEPDIR)/libcrypto_la-evp_encode.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_encode.c' object='evp/libcrypto_la-evp_encode.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_enc.lo `test -f 'evp/evp_enc.c' || echo '$(srcdir)/'`evp/evp_enc.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_encode.lo `test -f 'evp/evp_encode.c' || echo '$(srcdir)/'`evp/evp_encode.c evp/libcrypto_la-evp_err.lo: evp/evp_err.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_err.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_err.Tpo -c -o evp/libcrypto_la-evp_err.lo `test -f 'evp/evp_err.c' || echo '$(srcdir)/'`evp/evp_err.c @@ -7287,12 +7051,12 @@ evp/libcrypto_la-evp_key.lo: evp/evp_key.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_key.lo `test -f 'evp/evp_key.c' || echo '$(srcdir)/'`evp/evp_key.c -evp/libcrypto_la-evp_lib.lo: evp/evp_lib.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_lib.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_lib.Tpo -c -o evp/libcrypto_la-evp_lib.lo `test -f 'evp/evp_lib.c' || echo '$(srcdir)/'`evp/evp_lib.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_lib.Tpo evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_lib.c' object='evp/libcrypto_la-evp_lib.lo' libtool=yes @AMDEPBACKSLASH@ +evp/libcrypto_la-evp_names.lo: evp/evp_names.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_names.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_names.Tpo -c -o evp/libcrypto_la-evp_names.lo `test -f 'evp/evp_names.c' || echo '$(srcdir)/'`evp/evp_names.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-evp_names.Tpo evp/$(DEPDIR)/libcrypto_la-evp_names.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/evp_names.c' object='evp/libcrypto_la-evp_names.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_lib.lo `test -f 'evp/evp_lib.c' || echo '$(srcdir)/'`evp/evp_lib.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_names.lo `test -f 'evp/evp_names.c' || echo '$(srcdir)/'`evp/evp_names.c evp/libcrypto_la-evp_pbe.lo: evp/evp_pbe.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-evp_pbe.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-evp_pbe.Tpo -c -o evp/libcrypto_la-evp_pbe.lo `test -f 'evp/evp_pbe.c' || echo '$(srcdir)/'`evp/evp_pbe.c @@ -7308,20 +7072,6 @@ evp/libcrypto_la-evp_pkey.lo: evp/evp_pkey.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-evp_pkey.lo `test -f 'evp/evp_pkey.c' || echo '$(srcdir)/'`evp/evp_pkey.c -evp/libcrypto_la-m_gost2814789.lo: evp/m_gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_gost2814789.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Tpo -c -o evp/libcrypto_la-m_gost2814789.lo `test -f 'evp/m_gost2814789.c' || echo '$(srcdir)/'`evp/m_gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Tpo evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_gost2814789.c' object='evp/libcrypto_la-m_gost2814789.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_gost2814789.lo `test -f 'evp/m_gost2814789.c' || echo '$(srcdir)/'`evp/m_gost2814789.c - -evp/libcrypto_la-m_gostr341194.lo: evp/m_gostr341194.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_gostr341194.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Tpo -c -o evp/libcrypto_la-m_gostr341194.lo `test -f 'evp/m_gostr341194.c' || echo '$(srcdir)/'`evp/m_gostr341194.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Tpo evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_gostr341194.c' object='evp/libcrypto_la-m_gostr341194.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_gostr341194.lo `test -f 'evp/m_gostr341194.c' || echo '$(srcdir)/'`evp/m_gostr341194.c - evp/libcrypto_la-m_md4.lo: evp/m_md4.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_md4.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_md4.Tpo -c -o evp/libcrypto_la-m_md4.lo `test -f 'evp/m_md4.c' || echo '$(srcdir)/'`evp/m_md4.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_md4.Tpo evp/$(DEPDIR)/libcrypto_la-m_md4.Plo @@ -7378,13 +7128,6 @@ evp/libcrypto_la-m_sigver.lo: evp/m_sigver.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_sigver.lo `test -f 'evp/m_sigver.c' || echo '$(srcdir)/'`evp/m_sigver.c -evp/libcrypto_la-m_streebog.lo: evp/m_streebog.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_streebog.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_streebog.Tpo -c -o evp/libcrypto_la-m_streebog.lo `test -f 'evp/m_streebog.c' || echo '$(srcdir)/'`evp/m_streebog.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_streebog.Tpo evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/m_streebog.c' object='evp/libcrypto_la-m_streebog.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_streebog.lo `test -f 'evp/m_streebog.c' || echo '$(srcdir)/'`evp/m_streebog.c - evp/libcrypto_la-m_sm3.lo: evp/m_sm3.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-m_sm3.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-m_sm3.Tpo -c -o evp/libcrypto_la-m_sm3.lo `test -f 'evp/m_sm3.c' || echo '$(srcdir)/'`evp/m_sm3.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-m_sm3.Tpo evp/$(DEPDIR)/libcrypto_la-m_sm3.Plo @@ -7399,40 +7142,12 @@ evp/libcrypto_la-m_wp.lo: evp/m_wp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-m_wp.lo `test -f 'evp/m_wp.c' || echo '$(srcdir)/'`evp/m_wp.c -evp/libcrypto_la-names.lo: evp/names.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-names.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-names.Tpo -c -o evp/libcrypto_la-names.lo `test -f 'evp/names.c' || echo '$(srcdir)/'`evp/names.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-names.Tpo evp/$(DEPDIR)/libcrypto_la-names.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/names.c' object='evp/libcrypto_la-names.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-names.lo `test -f 'evp/names.c' || echo '$(srcdir)/'`evp/names.c - -evp/libcrypto_la-p5_crpt.lo: evp/p5_crpt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p5_crpt.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p5_crpt.Tpo -c -o evp/libcrypto_la-p5_crpt.lo `test -f 'evp/p5_crpt.c' || echo '$(srcdir)/'`evp/p5_crpt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p5_crpt.Tpo evp/$(DEPDIR)/libcrypto_la-p5_crpt.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p5_crpt.c' object='evp/libcrypto_la-p5_crpt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p5_crpt.lo `test -f 'evp/p5_crpt.c' || echo '$(srcdir)/'`evp/p5_crpt.c - -evp/libcrypto_la-p5_crpt2.lo: evp/p5_crpt2.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p5_crpt2.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Tpo -c -o evp/libcrypto_la-p5_crpt2.lo `test -f 'evp/p5_crpt2.c' || echo '$(srcdir)/'`evp/p5_crpt2.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Tpo evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p5_crpt2.c' object='evp/libcrypto_la-p5_crpt2.lo' libtool=yes @AMDEPBACKSLASH@ +evp/libcrypto_la-p_legacy.lo: evp/p_legacy.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_legacy.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_legacy.Tpo -c -o evp/libcrypto_la-p_legacy.lo `test -f 'evp/p_legacy.c' || echo '$(srcdir)/'`evp/p_legacy.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_legacy.Tpo evp/$(DEPDIR)/libcrypto_la-p_legacy.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p_legacy.c' object='evp/libcrypto_la-p_legacy.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p5_crpt2.lo `test -f 'evp/p5_crpt2.c' || echo '$(srcdir)/'`evp/p5_crpt2.c - -evp/libcrypto_la-p_dec.lo: evp/p_dec.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_dec.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_dec.Tpo -c -o evp/libcrypto_la-p_dec.lo `test -f 'evp/p_dec.c' || echo '$(srcdir)/'`evp/p_dec.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_dec.Tpo evp/$(DEPDIR)/libcrypto_la-p_dec.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p_dec.c' object='evp/libcrypto_la-p_dec.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_dec.lo `test -f 'evp/p_dec.c' || echo '$(srcdir)/'`evp/p_dec.c - -evp/libcrypto_la-p_enc.lo: evp/p_enc.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_enc.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_enc.Tpo -c -o evp/libcrypto_la-p_enc.lo `test -f 'evp/p_enc.c' || echo '$(srcdir)/'`evp/p_enc.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_enc.Tpo evp/$(DEPDIR)/libcrypto_la-p_enc.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p_enc.c' object='evp/libcrypto_la-p_enc.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_enc.lo `test -f 'evp/p_enc.c' || echo '$(srcdir)/'`evp/p_enc.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_legacy.lo `test -f 'evp/p_legacy.c' || echo '$(srcdir)/'`evp/p_legacy.c evp/libcrypto_la-p_lib.lo: evp/p_lib.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_lib.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_lib.Tpo -c -o evp/libcrypto_la-p_lib.lo `test -f 'evp/p_lib.c' || echo '$(srcdir)/'`evp/p_lib.c @@ -7441,20 +7156,6 @@ evp/libcrypto_la-p_lib.lo: evp/p_lib.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_lib.lo `test -f 'evp/p_lib.c' || echo '$(srcdir)/'`evp/p_lib.c -evp/libcrypto_la-p_open.lo: evp/p_open.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_open.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_open.Tpo -c -o evp/libcrypto_la-p_open.lo `test -f 'evp/p_open.c' || echo '$(srcdir)/'`evp/p_open.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_open.Tpo evp/$(DEPDIR)/libcrypto_la-p_open.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p_open.c' object='evp/libcrypto_la-p_open.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_open.lo `test -f 'evp/p_open.c' || echo '$(srcdir)/'`evp/p_open.c - -evp/libcrypto_la-p_seal.lo: evp/p_seal.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_seal.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_seal.Tpo -c -o evp/libcrypto_la-p_seal.lo `test -f 'evp/p_seal.c' || echo '$(srcdir)/'`evp/p_seal.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_seal.Tpo evp/$(DEPDIR)/libcrypto_la-p_seal.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='evp/p_seal.c' object='evp/libcrypto_la-p_seal.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-p_seal.lo `test -f 'evp/p_seal.c' || echo '$(srcdir)/'`evp/p_seal.c - evp/libcrypto_la-p_sign.lo: evp/p_sign.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT evp/libcrypto_la-p_sign.lo -MD -MP -MF evp/$(DEPDIR)/libcrypto_la-p_sign.Tpo -c -o evp/libcrypto_la-p_sign.lo `test -f 'evp/p_sign.c' || echo '$(srcdir)/'`evp/p_sign.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) evp/$(DEPDIR)/libcrypto_la-p_sign.Tpo evp/$(DEPDIR)/libcrypto_la-p_sign.Plo @@ -7490,104 +7191,6 @@ evp/libcrypto_la-pmeth_lib.lo: evp/pmeth_lib.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o evp/libcrypto_la-pmeth_lib.lo `test -f 'evp/pmeth_lib.c' || echo '$(srcdir)/'`evp/pmeth_lib.c -gost/libcrypto_la-gost2814789.lo: gost/gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost2814789.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost2814789.Tpo -c -o gost/libcrypto_la-gost2814789.lo `test -f 'gost/gost2814789.c' || echo '$(srcdir)/'`gost/gost2814789.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost2814789.Tpo gost/$(DEPDIR)/libcrypto_la-gost2814789.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost2814789.c' object='gost/libcrypto_la-gost2814789.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost2814789.lo `test -f 'gost/gost2814789.c' || echo '$(srcdir)/'`gost/gost2814789.c - -gost/libcrypto_la-gost89_keywrap.lo: gost/gost89_keywrap.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost89_keywrap.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Tpo -c -o gost/libcrypto_la-gost89_keywrap.lo `test -f 'gost/gost89_keywrap.c' || echo '$(srcdir)/'`gost/gost89_keywrap.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Tpo gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost89_keywrap.c' object='gost/libcrypto_la-gost89_keywrap.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost89_keywrap.lo `test -f 'gost/gost89_keywrap.c' || echo '$(srcdir)/'`gost/gost89_keywrap.c - -gost/libcrypto_la-gost89_params.lo: gost/gost89_params.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost89_params.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost89_params.Tpo -c -o gost/libcrypto_la-gost89_params.lo `test -f 'gost/gost89_params.c' || echo '$(srcdir)/'`gost/gost89_params.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost89_params.Tpo gost/$(DEPDIR)/libcrypto_la-gost89_params.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost89_params.c' object='gost/libcrypto_la-gost89_params.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost89_params.lo `test -f 'gost/gost89_params.c' || echo '$(srcdir)/'`gost/gost89_params.c - -gost/libcrypto_la-gost89imit_ameth.lo: gost/gost89imit_ameth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost89imit_ameth.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Tpo -c -o gost/libcrypto_la-gost89imit_ameth.lo `test -f 'gost/gost89imit_ameth.c' || echo '$(srcdir)/'`gost/gost89imit_ameth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Tpo gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost89imit_ameth.c' object='gost/libcrypto_la-gost89imit_ameth.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost89imit_ameth.lo `test -f 'gost/gost89imit_ameth.c' || echo '$(srcdir)/'`gost/gost89imit_ameth.c - -gost/libcrypto_la-gost89imit_pmeth.lo: gost/gost89imit_pmeth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost89imit_pmeth.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Tpo -c -o gost/libcrypto_la-gost89imit_pmeth.lo `test -f 'gost/gost89imit_pmeth.c' || echo '$(srcdir)/'`gost/gost89imit_pmeth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Tpo gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost89imit_pmeth.c' object='gost/libcrypto_la-gost89imit_pmeth.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost89imit_pmeth.lo `test -f 'gost/gost89imit_pmeth.c' || echo '$(srcdir)/'`gost/gost89imit_pmeth.c - -gost/libcrypto_la-gost_asn1.lo: gost/gost_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost_asn1.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost_asn1.Tpo -c -o gost/libcrypto_la-gost_asn1.lo `test -f 'gost/gost_asn1.c' || echo '$(srcdir)/'`gost/gost_asn1.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost_asn1.Tpo gost/$(DEPDIR)/libcrypto_la-gost_asn1.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost_asn1.c' object='gost/libcrypto_la-gost_asn1.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost_asn1.lo `test -f 'gost/gost_asn1.c' || echo '$(srcdir)/'`gost/gost_asn1.c - -gost/libcrypto_la-gost_err.lo: gost/gost_err.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gost_err.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gost_err.Tpo -c -o gost/libcrypto_la-gost_err.lo `test -f 'gost/gost_err.c' || echo '$(srcdir)/'`gost/gost_err.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gost_err.Tpo gost/$(DEPDIR)/libcrypto_la-gost_err.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gost_err.c' object='gost/libcrypto_la-gost_err.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gost_err.lo `test -f 'gost/gost_err.c' || echo '$(srcdir)/'`gost/gost_err.c - -gost/libcrypto_la-gostr341001.lo: gost/gostr341001.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341001.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341001.Tpo -c -o gost/libcrypto_la-gostr341001.lo `test -f 'gost/gostr341001.c' || echo '$(srcdir)/'`gost/gostr341001.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341001.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341001.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341001.c' object='gost/libcrypto_la-gostr341001.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341001.lo `test -f 'gost/gostr341001.c' || echo '$(srcdir)/'`gost/gostr341001.c - -gost/libcrypto_la-gostr341001_ameth.lo: gost/gostr341001_ameth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341001_ameth.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Tpo -c -o gost/libcrypto_la-gostr341001_ameth.lo `test -f 'gost/gostr341001_ameth.c' || echo '$(srcdir)/'`gost/gostr341001_ameth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341001_ameth.c' object='gost/libcrypto_la-gostr341001_ameth.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341001_ameth.lo `test -f 'gost/gostr341001_ameth.c' || echo '$(srcdir)/'`gost/gostr341001_ameth.c - -gost/libcrypto_la-gostr341001_key.lo: gost/gostr341001_key.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341001_key.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Tpo -c -o gost/libcrypto_la-gostr341001_key.lo `test -f 'gost/gostr341001_key.c' || echo '$(srcdir)/'`gost/gostr341001_key.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341001_key.c' object='gost/libcrypto_la-gostr341001_key.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341001_key.lo `test -f 'gost/gostr341001_key.c' || echo '$(srcdir)/'`gost/gostr341001_key.c - -gost/libcrypto_la-gostr341001_params.lo: gost/gostr341001_params.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341001_params.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Tpo -c -o gost/libcrypto_la-gostr341001_params.lo `test -f 'gost/gostr341001_params.c' || echo '$(srcdir)/'`gost/gostr341001_params.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341001_params.c' object='gost/libcrypto_la-gostr341001_params.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341001_params.lo `test -f 'gost/gostr341001_params.c' || echo '$(srcdir)/'`gost/gostr341001_params.c - -gost/libcrypto_la-gostr341001_pmeth.lo: gost/gostr341001_pmeth.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341001_pmeth.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Tpo -c -o gost/libcrypto_la-gostr341001_pmeth.lo `test -f 'gost/gostr341001_pmeth.c' || echo '$(srcdir)/'`gost/gostr341001_pmeth.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341001_pmeth.c' object='gost/libcrypto_la-gostr341001_pmeth.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341001_pmeth.lo `test -f 'gost/gostr341001_pmeth.c' || echo '$(srcdir)/'`gost/gostr341001_pmeth.c - -gost/libcrypto_la-gostr341194.lo: gost/gostr341194.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-gostr341194.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-gostr341194.Tpo -c -o gost/libcrypto_la-gostr341194.lo `test -f 'gost/gostr341194.c' || echo '$(srcdir)/'`gost/gostr341194.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-gostr341194.Tpo gost/$(DEPDIR)/libcrypto_la-gostr341194.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/gostr341194.c' object='gost/libcrypto_la-gostr341194.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-gostr341194.lo `test -f 'gost/gostr341194.c' || echo '$(srcdir)/'`gost/gostr341194.c - -gost/libcrypto_la-streebog.lo: gost/streebog.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gost/libcrypto_la-streebog.lo -MD -MP -MF gost/$(DEPDIR)/libcrypto_la-streebog.Tpo -c -o gost/libcrypto_la-streebog.lo `test -f 'gost/streebog.c' || echo '$(srcdir)/'`gost/streebog.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) gost/$(DEPDIR)/libcrypto_la-streebog.Tpo gost/$(DEPDIR)/libcrypto_la-streebog.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gost/streebog.c' object='gost/libcrypto_la-streebog.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gost/libcrypto_la-streebog.lo `test -f 'gost/streebog.c' || echo '$(srcdir)/'`gost/streebog.c - hkdf/libcrypto_la-hkdf.lo: hkdf/hkdf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hkdf/libcrypto_la-hkdf.lo -MD -MP -MF hkdf/$(DEPDIR)/libcrypto_la-hkdf.Tpo -c -o hkdf/libcrypto_la-hkdf.lo `test -f 'hkdf/hkdf.c' || echo '$(srcdir)/'`hkdf/hkdf.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) hkdf/$(DEPDIR)/libcrypto_la-hkdf.Tpo hkdf/$(DEPDIR)/libcrypto_la-hkdf.Plo @@ -7665,13 +7268,6 @@ kdf/libcrypto_la-kdf_err.lo: kdf/kdf_err.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kdf/libcrypto_la-kdf_err.lo `test -f 'kdf/kdf_err.c' || echo '$(srcdir)/'`kdf/kdf_err.c -lhash/libcrypto_la-lh_stats.lo: lhash/lh_stats.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lhash/libcrypto_la-lh_stats.lo -MD -MP -MF lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lhash/$(DEPDIR)/libcrypto_la-lh_stats.Tpo lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lhash/lh_stats.c' object='lhash/libcrypto_la-lh_stats.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lhash/libcrypto_la-lh_stats.lo `test -f 'lhash/lh_stats.c' || echo '$(srcdir)/'`lhash/lh_stats.c - lhash/libcrypto_la-lhash.lo: lhash/lhash.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lhash/libcrypto_la-lhash.lo -MD -MP -MF lhash/$(DEPDIR)/libcrypto_la-lhash.Tpo -c -o lhash/libcrypto_la-lhash.lo `test -f 'lhash/lhash.c' || echo '$(srcdir)/'`lhash/lhash.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lhash/$(DEPDIR)/libcrypto_la-lhash.Tpo lhash/$(DEPDIR)/libcrypto_la-lhash.Plo @@ -7742,13 +7338,6 @@ modes/libcrypto_la-xts128.lo: modes/xts128.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o modes/libcrypto_la-xts128.lo `test -f 'modes/xts128.c' || echo '$(srcdir)/'`modes/xts128.c -objects/libcrypto_la-o_names.lo: objects/o_names.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT objects/libcrypto_la-o_names.lo -MD -MP -MF objects/$(DEPDIR)/libcrypto_la-o_names.Tpo -c -o objects/libcrypto_la-o_names.lo `test -f 'objects/o_names.c' || echo '$(srcdir)/'`objects/o_names.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) objects/$(DEPDIR)/libcrypto_la-o_names.Tpo objects/$(DEPDIR)/libcrypto_la-o_names.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='objects/o_names.c' object='objects/libcrypto_la-o_names.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o objects/libcrypto_la-o_names.lo `test -f 'objects/o_names.c' || echo '$(srcdir)/'`objects/o_names.c - objects/libcrypto_la-obj_dat.lo: objects/obj_dat.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT objects/libcrypto_la-obj_dat.lo -MD -MP -MF objects/$(DEPDIR)/libcrypto_la-obj_dat.Tpo -c -o objects/libcrypto_la-obj_dat.lo `test -f 'objects/obj_dat.c' || echo '$(srcdir)/'`objects/obj_dat.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) objects/$(DEPDIR)/libcrypto_la-obj_dat.Tpo objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo @@ -7938,13 +7527,6 @@ pkcs12/libcrypto_la-p12_attr.lo: pkcs12/p12_attr.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12/libcrypto_la-p12_attr.lo `test -f 'pkcs12/p12_attr.c' || echo '$(srcdir)/'`pkcs12/p12_attr.c -pkcs12/libcrypto_la-p12_crpt.lo: pkcs12/p12_crpt.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12/libcrypto_la-p12_crpt.lo -MD -MP -MF pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Tpo -c -o pkcs12/libcrypto_la-p12_crpt.lo `test -f 'pkcs12/p12_crpt.c' || echo '$(srcdir)/'`pkcs12/p12_crpt.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Tpo pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs12/p12_crpt.c' object='pkcs12/libcrypto_la-p12_crpt.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12/libcrypto_la-p12_crpt.lo `test -f 'pkcs12/p12_crpt.c' || echo '$(srcdir)/'`pkcs12/p12_crpt.c - pkcs12/libcrypto_la-p12_crt.lo: pkcs12/p12_crt.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12/libcrypto_la-p12_crt.lo -MD -MP -MF pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Tpo -c -o pkcs12/libcrypto_la-p12_crt.lo `test -f 'pkcs12/p12_crt.c' || echo '$(srcdir)/'`pkcs12/p12_crt.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Tpo pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Plo @@ -8886,7 +8468,6 @@ clean-libtool: -rm -rf engine/.libs engine/_libs -rm -rf err/.libs err/_libs -rm -rf evp/.libs evp/_libs - -rm -rf gost/.libs gost/_libs -rm -rf hkdf/.libs hkdf/_libs -rm -rf hmac/.libs hmac/_libs -rm -rf idea/.libs idea/_libs @@ -9089,8 +8670,6 @@ distclean-generic: -rm -f err/$(am__dirstamp) -rm -f evp/$(DEPDIR)/$(am__dirstamp) -rm -f evp/$(am__dirstamp) - -rm -f gost/$(DEPDIR)/$(am__dirstamp) - -rm -f gost/$(am__dirstamp) -rm -f hkdf/$(DEPDIR)/$(am__dirstamp) -rm -f hkdf/$(am__dirstamp) -rm -f hmac/$(DEPDIR)/$(am__dirstamp) @@ -9223,7 +8802,6 @@ distclean: distclean-am -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_type.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo @@ -9452,7 +9030,6 @@ distclean: distclean-am -rm -f des/$(DEPDIR)/libcrypto_la-ofb_enc.Plo -rm -f des/$(DEPDIR)/libcrypto_la-pcbc_enc.Plo -rm -f des/$(DEPDIR)/libcrypto_la-qud_cksm.Plo - -rm -f des/$(DEPDIR)/libcrypto_la-rand_key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-set_key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-str2key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-xcbc_enc.Plo @@ -9501,11 +9078,7 @@ distclean: distclean-am -rm -f evp/$(DEPDIR)/libcrypto_la-bio_b64.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-bio_enc.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-bio_md.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-c_all.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-digest.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_aes.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_bf.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_camellia.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_cast.Plo @@ -9513,24 +9086,21 @@ distclean: distclean-am -rm -f evp/$(DEPDIR)/libcrypto_la-e_chacha20poly1305.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_des.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_des3.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_idea.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_null.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc2.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc4.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_sm4.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_xcbc_d.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-encode.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_aead.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-evp_enc.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_cipher.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_digest.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_encode.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_err.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_key.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_names.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md4.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md5.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo @@ -9540,35 +9110,14 @@ distclean: distclean-am -rm -f evp/$(DEPDIR)/libcrypto_la-m_sha3.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_sm3.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_wp.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-names.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p5_crpt.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_dec.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_enc.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-p_legacy.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_lib.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_open.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_seal.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_sign.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_verify.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_fn.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_gn.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_lib.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost2814789.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89_params.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost_asn1.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost_err.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341194.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-streebog.Plo -rm -f hkdf/$(DEPDIR)/libcrypto_la-hkdf.Plo -rm -f hmac/$(DEPDIR)/libcrypto_la-hm_ameth.Plo -rm -f hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo @@ -9580,7 +9129,6 @@ distclean: distclean-am -rm -f idea/$(DEPDIR)/libcrypto_la-i_skey.Plo -rm -f kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo -rm -f kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo - -rm -f lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lhash.Plo -rm -f md4/$(DEPDIR)/libcrypto_la-md4.Plo -rm -f md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo @@ -9600,7 +9148,6 @@ distclean: distclean-am -rm -f modes/$(DEPDIR)/libcrypto_la-ghash-mingw64-x86_64.Plo -rm -f modes/$(DEPDIR)/libcrypto_la-ofb128.Plo -rm -f modes/$(DEPDIR)/libcrypto_la-xts128.Plo - -rm -f objects/$(DEPDIR)/libcrypto_la-o_names.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_err.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo @@ -9628,7 +9175,6 @@ distclean: distclean-am -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_add.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_asn.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_attr.Plo - -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_decr.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_init.Plo @@ -9900,7 +9446,6 @@ maintainer-clean: maintainer-clean-am -rm -f asn1/$(DEPDIR)/libcrypto_la-a_time_tm.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_type.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-a_utf8.Plo - -rm -f asn1/$(DEPDIR)/libcrypto_la-ameth_lib.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_err.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_gen.Plo -rm -f asn1/$(DEPDIR)/libcrypto_la-asn1_item.Plo @@ -10129,7 +9674,6 @@ maintainer-clean: maintainer-clean-am -rm -f des/$(DEPDIR)/libcrypto_la-ofb_enc.Plo -rm -f des/$(DEPDIR)/libcrypto_la-pcbc_enc.Plo -rm -f des/$(DEPDIR)/libcrypto_la-qud_cksm.Plo - -rm -f des/$(DEPDIR)/libcrypto_la-rand_key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-set_key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-str2key.Plo -rm -f des/$(DEPDIR)/libcrypto_la-xcbc_enc.Plo @@ -10178,11 +9722,7 @@ maintainer-clean: maintainer-clean-am -rm -f evp/$(DEPDIR)/libcrypto_la-bio_b64.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-bio_enc.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-bio_md.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-c_all.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-cipher_method_lib.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-digest.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_aes.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_aes_cbc_hmac_sha1.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_bf.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_camellia.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_cast.Plo @@ -10190,24 +9730,21 @@ maintainer-clean: maintainer-clean-am -rm -f evp/$(DEPDIR)/libcrypto_la-e_chacha20poly1305.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_des.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_des3.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_gost2814789.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_idea.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_null.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc2.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc4.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-e_rc4_hmac_md5.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_sm4.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-e_xcbc_d.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-encode.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_aead.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-evp_enc.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_cipher.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_digest.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_encode.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_err.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_key.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-evp_lib.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-evp_names.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pbe.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-evp_pkey.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_gost2814789.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_gostr341194.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md4.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md5.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_md5_sha1.Plo @@ -10217,35 +9754,14 @@ maintainer-clean: maintainer-clean-am -rm -f evp/$(DEPDIR)/libcrypto_la-m_sha3.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_sigver.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_sm3.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-m_streebog.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-m_wp.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-names.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p5_crpt.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p5_crpt2.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_dec.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_enc.Plo + -rm -f evp/$(DEPDIR)/libcrypto_la-p_legacy.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_lib.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_open.Plo - -rm -f evp/$(DEPDIR)/libcrypto_la-p_seal.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_sign.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-p_verify.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_fn.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_gn.Plo -rm -f evp/$(DEPDIR)/libcrypto_la-pmeth_lib.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost2814789.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89_keywrap.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89_params.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89imit_ameth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost89imit_pmeth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost_asn1.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gost_err.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_ameth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_key.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_params.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341001_pmeth.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-gostr341194.Plo - -rm -f gost/$(DEPDIR)/libcrypto_la-streebog.Plo -rm -f hkdf/$(DEPDIR)/libcrypto_la-hkdf.Plo -rm -f hmac/$(DEPDIR)/libcrypto_la-hm_ameth.Plo -rm -f hmac/$(DEPDIR)/libcrypto_la-hm_pmeth.Plo @@ -10257,7 +9773,6 @@ maintainer-clean: maintainer-clean-am -rm -f idea/$(DEPDIR)/libcrypto_la-i_skey.Plo -rm -f kdf/$(DEPDIR)/libcrypto_la-hkdf_evp.Plo -rm -f kdf/$(DEPDIR)/libcrypto_la-kdf_err.Plo - -rm -f lhash/$(DEPDIR)/libcrypto_la-lh_stats.Plo -rm -f lhash/$(DEPDIR)/libcrypto_la-lhash.Plo -rm -f md4/$(DEPDIR)/libcrypto_la-md4.Plo -rm -f md5/$(DEPDIR)/libcrypto_la-md5-elf-x86_64.Plo @@ -10277,7 +9792,6 @@ maintainer-clean: maintainer-clean-am -rm -f modes/$(DEPDIR)/libcrypto_la-ghash-mingw64-x86_64.Plo -rm -f modes/$(DEPDIR)/libcrypto_la-ofb128.Plo -rm -f modes/$(DEPDIR)/libcrypto_la-xts128.Plo - -rm -f objects/$(DEPDIR)/libcrypto_la-o_names.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_dat.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_err.Plo -rm -f objects/$(DEPDIR)/libcrypto_la-obj_lib.Plo @@ -10305,7 +9819,6 @@ maintainer-clean: maintainer-clean-am -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_add.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_asn.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_attr.Plo - -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_crpt.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_crt.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_decr.Plo -rm -f pkcs12/$(DEPDIR)/libcrypto_la-p12_init.Plo diff --git a/crypto/VERSION b/crypto/VERSION index 71e55415..d10daf35 100644 --- a/crypto/VERSION +++ b/crypto/VERSION @@ -1 +1 @@ -52:0:0 +53:0:0 diff --git a/crypto/aes/aes-elf-x86_64.S b/crypto/aes/aes-elf-x86_64.S index 1f51a47e..95dc8d9a 100644 --- a/crypto/aes/aes-elf-x86_64.S +++ b/crypto/aes/aes-elf-x86_64.S @@ -1,10 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .type _x86_64_AES_encrypt,@function .align 16 _x86_64_AES_encrypt: - endbr64 +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -158,7 +164,7 @@ _x86_64_AES_encrypt: .type _x86_64_AES_encrypt_compact,@function .align 16 _x86_64_AES_encrypt_compact: - endbr64 +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -338,7 +344,7 @@ _x86_64_AES_encrypt_compact: .hidden asm_AES_encrypt asm_AES_encrypt: AES_encrypt: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -402,7 +408,7 @@ AES_encrypt: .type _x86_64_AES_decrypt,@function .align 16 _x86_64_AES_decrypt: - endbr64 +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -558,7 +564,7 @@ _x86_64_AES_decrypt: .type _x86_64_AES_decrypt_compact,@function .align 16 _x86_64_AES_decrypt_compact: - endbr64 +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -789,7 +795,7 @@ _x86_64_AES_decrypt_compact: .hidden asm_AES_decrypt asm_AES_decrypt: AES_decrypt: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -856,7 +862,7 @@ AES_decrypt: .type AES_set_encrypt_key,@function .align 16 AES_set_encrypt_key: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -882,7 +888,7 @@ AES_set_encrypt_key: .type _x86_64_AES_set_encrypt_key,@function .align 16 _x86_64_AES_set_encrypt_key: - endbr64 +_CET_ENDBR movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1123,7 +1129,7 @@ _x86_64_AES_set_encrypt_key: .type AES_set_decrypt_key,@function .align 16 AES_set_decrypt_key: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1316,7 +1322,7 @@ AES_set_decrypt_key: .hidden asm_AES_cbc_encrypt asm_AES_cbc_encrypt: AES_cbc_encrypt: - endbr64 +_CET_ENDBR cmpq $0,%rdx je .Lcbc_epilogue pushfq diff --git a/crypto/aes/aes-macosx-x86_64.S b/crypto/aes/aes-macosx-x86_64.S index 8a9c36eb..d38b1833 100644 --- a/crypto/aes/aes-macosx-x86_64.S +++ b/crypto/aes/aes-macosx-x86_64.S @@ -1,9 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 _x86_64_AES_encrypt: +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -157,6 +164,7 @@ L$enc_loop: .p2align 4 _x86_64_AES_encrypt_compact: +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -336,6 +344,7 @@ L$enc_compact_done: .private_extern _asm_AES_encrypt _asm_AES_encrypt: _AES_encrypt: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -399,6 +408,7 @@ L$enc_epilogue: .p2align 4 _x86_64_AES_decrypt: +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -554,6 +564,7 @@ L$dec_loop: .p2align 4 _x86_64_AES_decrypt_compact: +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -784,6 +795,7 @@ L$dec_compact_done: .private_extern _asm_AES_decrypt _asm_AES_decrypt: _AES_decrypt: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -850,6 +862,7 @@ L$dec_epilogue: .p2align 4 _AES_set_encrypt_key: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -875,6 +888,7 @@ L$enc_key_epilogue: .p2align 4 _x86_64_AES_set_encrypt_key: +_CET_ENDBR movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1115,6 +1129,7 @@ L$exit: .p2align 4 _AES_set_decrypt_key: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1307,6 +1322,7 @@ L$dec_key_epilogue: .private_extern _asm_AES_cbc_encrypt _asm_AES_cbc_encrypt: _AES_cbc_encrypt: +_CET_ENDBR cmpq $0,%rdx je L$cbc_epilogue pushfq @@ -1756,6 +1772,7 @@ L$cbc_popfq: L$cbc_epilogue: retq +.section __DATA,__const .p2align 6 L$AES_Te: .long 0xa56363c6,0xa56363c6 @@ -2540,5 +2557,5 @@ L$AES_Td: .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -.byte 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text diff --git a/crypto/aes/aes-masm-x86_64.S b/crypto/aes/aes-masm-x86_64.S index e99ccf67..806a37d2 100644 --- a/crypto/aes/aes-masm-x86_64.S +++ b/crypto/aes/aes-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/aes/aes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aes-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,12 +72,13 @@ OPTION DOTNAME -; 3 "crypto/aes/aes-masm-x86_64.S.tmp" 2 +; 9 "crypto/aes/aes-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' ALIGN 16 _x86_64_AES_encrypt PROC PRIVATE + xor eax,DWORD PTR[r15] xor ebx,DWORD PTR[4+r15] xor ecx,DWORD PTR[8+r15] @@ -225,6 +232,7 @@ _x86_64_AES_encrypt ENDP ALIGN 16 _x86_64_AES_encrypt_compact PROC PRIVATE + lea r8,QWORD PTR[128+r14] mov edi,DWORD PTR[((0-128))+r8] mov ebp,DWORD PTR[((32-128))+r8] @@ -413,6 +421,7 @@ $L$SEH_begin_AES_encrypt:: mov rdx,r8 + push rbx push rbp push r12 @@ -479,6 +488,7 @@ AES_encrypt ENDP ALIGN 16 _x86_64_AES_decrypt PROC PRIVATE + xor eax,DWORD PTR[r15] xor ebx,DWORD PTR[4+r15] xor ecx,DWORD PTR[8+r15] @@ -634,6 +644,7 @@ _x86_64_AES_decrypt ENDP ALIGN 16 _x86_64_AES_decrypt_compact PROC PRIVATE + lea r8,QWORD PTR[128+r14] mov edi,DWORD PTR[((0-128))+r8] mov ebp,DWORD PTR[((32-128))+r8] @@ -873,6 +884,7 @@ $L$SEH_begin_AES_decrypt:: mov rdx,r8 + push rbx push rbp push r12 @@ -951,6 +963,7 @@ $L$SEH_begin_AES_set_encrypt_key:: mov rdx,r8 + push rbx push rbp push r12 @@ -979,6 +992,7 @@ AES_set_encrypt_key ENDP ALIGN 16 _x86_64_AES_set_encrypt_key PROC PRIVATE + mov ecx,esi mov rsi,rdi mov rdi,rdx @@ -1228,6 +1242,7 @@ $L$SEH_begin_AES_set_decrypt_key:: mov rdx,r8 + push rbx push rbp push r12 @@ -1435,6 +1450,7 @@ $L$SEH_begin_AES_cbc_encrypt:: mov r9,QWORD PTR[48+rsp] + cmp rdx,0 je $L$cbc_epilogue pushfq @@ -1887,6 +1903,8 @@ $L$cbc_epilogue:: DB 0F3h,0C3h ;repret $L$SEH_end_AES_cbc_encrypt:: AES_cbc_encrypt ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$AES_Te:: DD 0a56363c6h,0a56363c6h @@ -2671,15 +2689,14 @@ DB 017h,02bh,004h,07eh,0bah,077h,0d6h,026h DB 0e1h,069h,014h,063h,055h,021h,00ch,07dh DD 080808080h,080808080h,0fefefefeh,0fefefefeh DD 01b1b1b1bh,01b1b1b1bh,0,0 -DB 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32 -DB 67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97 -DB 112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103 -DB 62,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 block_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2738,6 +2755,7 @@ block_se_handler ENDP ALIGN 16 key_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2795,6 +2813,7 @@ key_se_handler ENDP ALIGN 16 cbc_se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/aes/aes-mingw64-x86_64.S b/crypto/aes/aes-mingw64-x86_64.S index ca2d60f9..51d17e28 100644 --- a/crypto/aes/aes-mingw64-x86_64.S +++ b/crypto/aes/aes-mingw64-x86_64.S @@ -1,9 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .def _x86_64_AES_encrypt; .scl 3; .type 32; .endef .p2align 4 _x86_64_AES_encrypt: +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -157,6 +164,7 @@ _x86_64_AES_encrypt: .def _x86_64_AES_encrypt_compact; .scl 3; .type 32; .endef .p2align 4 _x86_64_AES_encrypt_compact: +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -344,6 +352,7 @@ AES_encrypt: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -409,6 +418,7 @@ AES_encrypt: .def _x86_64_AES_decrypt; .scl 3; .type 32; .endef .p2align 4 _x86_64_AES_decrypt: +_CET_ENDBR xorl 0(%r15),%eax xorl 4(%r15),%ebx xorl 8(%r15),%ecx @@ -564,6 +574,7 @@ _x86_64_AES_decrypt: .def _x86_64_AES_decrypt_compact; .scl 3; .type 32; .endef .p2align 4 _x86_64_AES_decrypt_compact: +_CET_ENDBR leaq 128(%r14),%r8 movl 0-128(%r8),%edi movl 32-128(%r8),%ebp @@ -802,6 +813,7 @@ AES_decrypt: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -878,6 +890,7 @@ AES_set_encrypt_key: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -905,6 +918,7 @@ AES_set_encrypt_key: .def _x86_64_AES_set_encrypt_key; .scl 3; .type 32; .endef .p2align 4 _x86_64_AES_set_encrypt_key: +_CET_ENDBR movl %esi,%ecx movq %rdi,%rsi movq %rdx,%rdi @@ -1153,6 +1167,7 @@ AES_set_decrypt_key: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1358,6 +1373,7 @@ AES_cbc_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR cmpq $0,%rdx je .Lcbc_epilogue pushfq @@ -1809,6 +1825,7 @@ AES_cbc_encrypt: movq 16(%rsp),%rsi retq .LSEH_end_AES_cbc_encrypt: +.section .rodata .p2align 6 .LAES_Te: .long 0xa56363c6,0xa56363c6 @@ -2593,12 +2610,13 @@ AES_cbc_encrypt: .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -.byte 65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text .def block_se_handler; .scl 3; .type 32; .endef .p2align 4 block_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2657,6 +2675,7 @@ block_se_handler: .def key_se_handler; .scl 3; .type 32; .endef .p2align 4 key_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2714,6 +2733,7 @@ key_se_handler: .def cbc_se_handler; .scl 3; .type 32; .endef .p2align 4 cbc_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/aes/aesni-elf-x86_64.S b/crypto/aes/aesni-elf-x86_64.S index ee26d2f5..022f2221 100644 --- a/crypto/aes/aesni-elf-x86_64.S +++ b/crypto/aes/aesni-elf-x86_64.S @@ -1,10 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .globl aesni_encrypt .type aesni_encrypt,@function .align 16 aesni_encrypt: - endbr64 +_CET_ENDBR movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -26,7 +32,7 @@ aesni_encrypt: .type aesni_decrypt,@function .align 16 aesni_decrypt: - endbr64 +_CET_ENDBR movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -46,7 +52,7 @@ aesni_decrypt: .type _aesni_encrypt3,@function .align 16 _aesni_encrypt3: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -80,7 +86,7 @@ _aesni_encrypt3: .type _aesni_decrypt3,@function .align 16 _aesni_decrypt3: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -114,7 +120,7 @@ _aesni_decrypt3: .type _aesni_encrypt4,@function .align 16 _aesni_encrypt4: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -153,7 +159,7 @@ _aesni_encrypt4: .type _aesni_decrypt4,@function .align 16 _aesni_decrypt4: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -192,7 +198,7 @@ _aesni_decrypt4: .type _aesni_encrypt6,@function .align 16 _aesni_encrypt6: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -250,7 +256,7 @@ _aesni_encrypt6: .type _aesni_decrypt6,@function .align 16 _aesni_decrypt6: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -308,7 +314,7 @@ _aesni_decrypt6: .type _aesni_encrypt8,@function .align 16 _aesni_encrypt8: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -379,7 +385,7 @@ _aesni_encrypt8: .type _aesni_decrypt8,@function .align 16 _aesni_decrypt8: - endbr64 +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -451,7 +457,7 @@ _aesni_decrypt8: .type aesni_ecb_encrypt,@function .align 16 aesni_ecb_encrypt: - endbr64 +_CET_ENDBR andq $-16,%rdx jz .Lecb_ret @@ -754,7 +760,7 @@ aesni_ecb_encrypt: .type aesni_ccm64_encrypt_blocks,@function .align 16 aesni_ccm64_encrypt_blocks: - endbr64 +_CET_ENDBR movl 240(%rcx),%eax movdqu (%r8),%xmm9 movdqa .Lincrement64(%rip),%xmm6 @@ -812,6 +818,7 @@ aesni_ccm64_encrypt_blocks: .type aesni_ccm64_decrypt_blocks,@function .align 16 aesni_ccm64_decrypt_blocks: +_CET_ENDBR movl 240(%rcx),%eax movups (%r8),%xmm9 movdqu (%r9),%xmm3 @@ -899,7 +906,7 @@ aesni_ccm64_decrypt_blocks: .type aesni_ctr32_encrypt_blocks,@function .align 16 aesni_ctr32_encrypt_blocks: - endbr64 +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $32,%rsp @@ -1155,6 +1162,7 @@ aesni_ctr32_encrypt_blocks: .type aesni_xts_encrypt,@function .align 16 aesni_xts_encrypt: +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $96,%rsp @@ -1555,6 +1563,7 @@ aesni_xts_encrypt: .type aesni_xts_decrypt,@function .align 16 aesni_xts_decrypt: +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $96,%rsp @@ -1999,6 +2008,7 @@ aesni_xts_decrypt: .type aesni_cbc_encrypt,@function .align 16 aesni_cbc_encrypt: +_CET_ENDBR testq %rdx,%rdx jz .Lcbc_ret @@ -2330,7 +2340,7 @@ aesni_cbc_encrypt: .type aesni_set_decrypt_key,@function .align 16 aesni_set_decrypt_key: - endbr64 +_CET_ENDBR subq $8,%rsp call __aesni_set_encrypt_key shll $4,%esi @@ -2369,7 +2379,7 @@ aesni_set_decrypt_key: .type aesni_set_encrypt_key,@function .align 16 aesni_set_encrypt_key: - endbr64 +_CET_ENDBR __aesni_set_encrypt_key: subq $8,%rsp movq $-1,%rax diff --git a/crypto/aes/aesni-macosx-x86_64.S b/crypto/aes/aesni-macosx-x86_64.S index 3327fc17..1b9b77b2 100644 --- a/crypto/aes/aesni-macosx-x86_64.S +++ b/crypto/aes/aesni-macosx-x86_64.S @@ -1,9 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .globl _aesni_encrypt .p2align 4 _aesni_encrypt: +_CET_ENDBR movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -25,6 +32,7 @@ L$oop_enc1_1: .p2align 4 _aesni_decrypt: +_CET_ENDBR movups (%rdi),%xmm2 movl 240(%rdx),%eax movups (%rdx),%xmm0 @@ -44,6 +52,7 @@ L$oop_dec1_2: .p2align 4 _aesni_encrypt3: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -77,6 +86,7 @@ L$enc_loop3: .p2align 4 _aesni_decrypt3: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -110,6 +120,7 @@ L$dec_loop3: .p2align 4 _aesni_encrypt4: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -148,6 +159,7 @@ L$enc_loop4: .p2align 4 _aesni_decrypt4: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -186,6 +198,7 @@ L$dec_loop4: .p2align 4 _aesni_encrypt6: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -243,6 +256,7 @@ L$enc_loop6_enter: .p2align 4 _aesni_decrypt6: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -300,6 +314,7 @@ L$dec_loop6_enter: .p2align 4 _aesni_encrypt8: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -370,6 +385,7 @@ L$enc_loop8_enter: .p2align 4 _aesni_decrypt8: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -441,6 +457,7 @@ L$dec_loop8_enter: .p2align 4 _aesni_ecb_encrypt: +_CET_ENDBR andq $-16,%rdx jz L$ecb_ret @@ -743,6 +760,7 @@ L$ecb_ret: .p2align 4 _aesni_ccm64_encrypt_blocks: +_CET_ENDBR movl 240(%rcx),%eax movdqu (%r8),%xmm9 movdqa L$increment64(%rip),%xmm6 @@ -800,6 +818,7 @@ L$ccm64_enc2_loop: .p2align 4 _aesni_ccm64_decrypt_blocks: +_CET_ENDBR movl 240(%rcx),%eax movups (%r8),%xmm9 movdqu (%r9),%xmm3 @@ -887,7 +906,7 @@ L$oop_enc1_6: .p2align 4 _aesni_ctr32_encrypt_blocks: - endbr64 +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $32,%rsp @@ -1143,6 +1162,7 @@ L$ctr32_ret: .p2align 4 _aesni_xts_encrypt: +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $96,%rsp @@ -1543,6 +1563,7 @@ L$xts_enc_epilogue: .p2align 4 _aesni_xts_decrypt: +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $96,%rsp @@ -1987,6 +2008,7 @@ L$xts_dec_epilogue: .p2align 4 _aesni_cbc_encrypt: +_CET_ENDBR testq %rdx,%rdx jz L$cbc_ret @@ -2318,6 +2340,7 @@ L$cbc_ret: .p2align 4 _aesni_set_decrypt_key: +_CET_ENDBR subq $8,%rsp call __aesni_set_encrypt_key shll $4,%esi @@ -2356,6 +2379,7 @@ L$SEH_end_set_decrypt_key: .p2align 4 _aesni_set_encrypt_key: +_CET_ENDBR __aesni_set_encrypt_key: subq $8,%rsp movq $-1,%rax @@ -2544,6 +2568,7 @@ L$key_expansion_256b: retq +.section __DATA,__const .p2align 6 L$bswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -2553,6 +2578,5 @@ L$increment64: .long 1,0,0,0 L$xts_magic: .long 0x87,0,1,0 - -.byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text diff --git a/crypto/aes/aesni-masm-x86_64.S b/crypto/aes/aesni-masm-x86_64.S index 81a3d72a..4cad8786 100644 --- a/crypto/aes/aesni-masm-x86_64.S +++ b/crypto/aes/aesni-masm-x86_64.S @@ -1,28 +1,34 @@ ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + + @@ -66,12 +72,13 @@ OPTION DOTNAME -; 3 "crypto/aes/aesni-masm-x86_64.S.tmp" 2 +; 9 "crypto/aes/aesni-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC aesni_encrypt ALIGN 16 aesni_encrypt PROC PUBLIC + movups xmm2,XMMWORD PTR[rcx] mov eax,DWORD PTR[240+r8] movups xmm0,XMMWORD PTR[r8] @@ -93,6 +100,7 @@ PUBLIC aesni_decrypt ALIGN 16 aesni_decrypt PROC PUBLIC + movups xmm2,XMMWORD PTR[rcx] mov eax,DWORD PTR[240+r8] movups xmm0,XMMWORD PTR[r8] @@ -112,6 +120,7 @@ aesni_decrypt ENDP ALIGN 16 _aesni_encrypt3 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -145,6 +154,7 @@ _aesni_encrypt3 ENDP ALIGN 16 _aesni_decrypt3 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -178,6 +188,7 @@ _aesni_decrypt3 ENDP ALIGN 16 _aesni_encrypt4 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -216,6 +227,7 @@ _aesni_encrypt4 ENDP ALIGN 16 _aesni_decrypt4 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -254,6 +266,7 @@ _aesni_decrypt4 ENDP ALIGN 16 _aesni_encrypt6 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -311,6 +324,7 @@ _aesni_encrypt6 ENDP ALIGN 16 _aesni_decrypt6 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -368,6 +382,7 @@ _aesni_decrypt6 ENDP ALIGN 16 _aesni_encrypt8 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -438,6 +453,7 @@ _aesni_encrypt8 ENDP ALIGN 16 _aesni_decrypt8 PROC PRIVATE + movups xmm0,XMMWORD PTR[rcx] shr eax,1 movups xmm1,XMMWORD PTR[16+rcx] @@ -520,6 +536,7 @@ $L$SEH_begin_aesni_ecb_encrypt:: mov r8,QWORD PTR[40+rsp] + and rdx,-16 jz $L$ecb_ret @@ -837,6 +854,7 @@ $L$SEH_begin_aesni_ccm64_encrypt_blocks:: mov r9,QWORD PTR[48+rsp] + lea rsp,QWORD PTR[((-88))+rsp] movaps XMMWORD PTR[rsp],xmm6 movaps XMMWORD PTR[16+rsp],xmm7 @@ -921,6 +939,7 @@ $L$SEH_begin_aesni_ccm64_decrypt_blocks:: mov r9,QWORD PTR[48+rsp] + lea rsp,QWORD PTR[((-88))+rsp] movaps XMMWORD PTR[rsp],xmm6 movaps XMMWORD PTR[16+rsp],xmm7 @@ -1034,7 +1053,7 @@ $L$SEH_begin_aesni_ctr32_encrypt_blocks:: mov r8,QWORD PTR[40+rsp] - endbr64 + lea rax,QWORD PTR[rsp] push rbp sub rsp,192 @@ -1326,6 +1345,7 @@ $L$SEH_begin_aesni_xts_encrypt:: mov r9,QWORD PTR[48+rsp] + lea rax,QWORD PTR[rsp] push rbp sub rsp,256 @@ -1762,6 +1782,7 @@ $L$SEH_begin_aesni_xts_decrypt:: mov r9,QWORD PTR[48+rsp] + lea rax,QWORD PTR[rsp] push rbp sub rsp,256 @@ -2242,6 +2263,7 @@ $L$SEH_begin_aesni_cbc_encrypt:: mov r9,QWORD PTR[48+rsp] + test rdx,rdx jz $L$cbc_ret @@ -2585,6 +2607,7 @@ PUBLIC aesni_set_decrypt_key ALIGN 16 aesni_set_decrypt_key PROC PUBLIC + sub rsp,8 call __aesni_set_encrypt_key shl edx,4 @@ -2623,6 +2646,7 @@ PUBLIC aesni_set_encrypt_key ALIGN 16 aesni_set_encrypt_key PROC PUBLIC + __aesni_set_encrypt_key:: sub rsp,8 mov rax,-1 @@ -2811,6 +2835,8 @@ $L$key_expansion_256b:: DB 0F3h,0C3h ;repret aesni_set_encrypt_key ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$bswap_mask:: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -2820,16 +2846,14 @@ $L$increment64:: DD 1,0,0,0 $L$xts_magic:: DD 087h,0,1,0 - -DB 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 -DB 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 -DB 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 -DB 115,108,46,111,114,103,62,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 ecb_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2849,6 +2873,7 @@ ecb_se_handler ENDP ALIGN 16 ccm64_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2890,6 +2915,7 @@ ccm64_se_handler ENDP ALIGN 16 ctr32_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2925,6 +2951,7 @@ ctr32_se_handler ENDP ALIGN 16 xts_se_handler PROC PRIVATE + push rsi push rdi push rbx @@ -2964,6 +2991,7 @@ xts_se_handler ENDP ALIGN 16 cbc_se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/aes/aesni-mingw64-x86_64.S b/crypto/aes/aesni-mingw64-x86_64.S index 762bd254..e3f2e9a5 100644 --- a/crypto/aes/aesni-mingw64-x86_64.S +++ b/crypto/aes/aesni-mingw64-x86_64.S @@ -1,9 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .globl aesni_encrypt .def aesni_encrypt; .scl 2; .type 32; .endef .p2align 4 aesni_encrypt: +_CET_ENDBR movups (%rcx),%xmm2 movl 240(%r8),%eax movups (%r8),%xmm0 @@ -25,6 +32,7 @@ aesni_encrypt: .def aesni_decrypt; .scl 2; .type 32; .endef .p2align 4 aesni_decrypt: +_CET_ENDBR movups (%rcx),%xmm2 movl 240(%r8),%eax movups (%r8),%xmm0 @@ -44,6 +52,7 @@ aesni_decrypt: .def _aesni_encrypt3; .scl 3; .type 32; .endef .p2align 4 _aesni_encrypt3: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -77,6 +86,7 @@ _aesni_encrypt3: .def _aesni_decrypt3; .scl 3; .type 32; .endef .p2align 4 _aesni_decrypt3: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -110,6 +120,7 @@ _aesni_decrypt3: .def _aesni_encrypt4; .scl 3; .type 32; .endef .p2align 4 _aesni_encrypt4: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -148,6 +159,7 @@ _aesni_encrypt4: .def _aesni_decrypt4; .scl 3; .type 32; .endef .p2align 4 _aesni_decrypt4: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -186,6 +198,7 @@ _aesni_decrypt4: .def _aesni_encrypt6; .scl 3; .type 32; .endef .p2align 4 _aesni_encrypt6: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -243,6 +256,7 @@ _aesni_encrypt6: .def _aesni_decrypt6; .scl 3; .type 32; .endef .p2align 4 _aesni_decrypt6: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -300,6 +314,7 @@ _aesni_decrypt6: .def _aesni_encrypt8; .scl 3; .type 32; .endef .p2align 4 _aesni_encrypt8: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -370,6 +385,7 @@ _aesni_encrypt8: .def _aesni_decrypt8; .scl 3; .type 32; .endef .p2align 4 _aesni_decrypt8: +_CET_ENDBR movups (%rcx),%xmm0 shrl $1,%eax movups 16(%rcx),%xmm1 @@ -451,6 +467,7 @@ aesni_ecb_encrypt: movq %r9,%rcx movq 40(%rsp),%r8 +_CET_ENDBR andq $-16,%rdx jz .Lecb_ret @@ -766,6 +783,7 @@ aesni_ccm64_encrypt_blocks: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR leaq -88(%rsp),%rsp movaps %xmm6,(%rsp) movaps %xmm7,16(%rsp) @@ -848,6 +866,7 @@ aesni_ccm64_decrypt_blocks: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR leaq -88(%rsp),%rsp movaps %xmm6,(%rsp) movaps %xmm7,16(%rsp) @@ -959,7 +978,7 @@ aesni_ctr32_encrypt_blocks: movq %r9,%rcx movq 40(%rsp),%r8 - endbr64 +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $192,%rsp @@ -1249,6 +1268,7 @@ aesni_xts_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $256,%rsp @@ -1683,6 +1703,7 @@ aesni_xts_decrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR leaq (%rsp),%rax pushq %rbp subq $256,%rsp @@ -2161,6 +2182,7 @@ aesni_cbc_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR testq %rdx,%rdx jz .Lcbc_ret @@ -2503,6 +2525,7 @@ aesni_cbc_encrypt: .def aesni_set_decrypt_key; .scl 2; .type 32; .endef .p2align 4 aesni_set_decrypt_key: +_CET_ENDBR subq $8,%rsp call __aesni_set_encrypt_key shll $4,%edx @@ -2541,6 +2564,7 @@ aesni_set_decrypt_key: .def aesni_set_encrypt_key; .scl 2; .type 32; .endef .p2align 4 aesni_set_encrypt_key: +_CET_ENDBR __aesni_set_encrypt_key: subq $8,%rsp movq $-1,%rax @@ -2729,6 +2753,7 @@ __aesni_set_encrypt_key: retq +.section .rodata .p2align 6 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -2738,13 +2763,13 @@ __aesni_set_encrypt_key: .long 1,0,0,0 .Lxts_magic: .long 0x87,0,1,0 - -.byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text .def ecb_se_handler; .scl 3; .type 32; .endef .p2align 4 ecb_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2764,6 +2789,7 @@ ecb_se_handler: .def ccm64_se_handler; .scl 3; .type 32; .endef .p2align 4 ccm64_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2805,6 +2831,7 @@ ccm64_se_handler: .def ctr32_se_handler; .scl 3; .type 32; .endef .p2align 4 ctr32_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2840,6 +2867,7 @@ ctr32_se_handler: .def xts_se_handler; .scl 3; .type 32; .endef .p2align 4 xts_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx @@ -2879,6 +2907,7 @@ xts_se_handler: .def cbc_se_handler; .scl 3; .type 32; .endef .p2align 4 cbc_se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/aes/aesni-sha1-elf-x86_64.S b/crypto/aes/aesni-sha1-elf-x86_64.S index 0d7e94a1..237d1d8c 100644 --- a/crypto/aes/aesni-sha1-elf-x86_64.S +++ b/crypto/aes/aesni-sha1-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,7 +13,7 @@ .type aesni_cbc_sha1_enc,@function .align 16 aesni_cbc_sha1_enc: - endbr64 +_CET_ENDBR movl OPENSSL_ia32cap_P+0(%rip),%r10d movl OPENSSL_ia32cap_P+4(%rip),%r11d @@ -17,7 +23,7 @@ aesni_cbc_sha1_enc: .type aesni_cbc_sha1_enc_ssse3,@function .align 16 aesni_cbc_sha1_enc_ssse3: - endbr64 +_CET_ENDBR movq 8(%rsp),%r10 diff --git a/crypto/aes/aesni-sha1-macosx-x86_64.S b/crypto/aes/aesni-sha1-macosx-x86_64.S index 3e88b1ac..ff47a3b8 100644 --- a/crypto/aes/aesni-sha1-macosx-x86_64.S +++ b/crypto/aes/aesni-sha1-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,6 +13,7 @@ .p2align 4 _aesni_cbc_sha1_enc: +_CET_ENDBR movl _OPENSSL_ia32cap_P+0(%rip),%r10d movl _OPENSSL_ia32cap_P+4(%rip),%r11d @@ -16,6 +23,7 @@ _aesni_cbc_sha1_enc: .p2align 4 aesni_cbc_sha1_enc_ssse3: +_CET_ENDBR movq 8(%rsp),%r10 @@ -1386,6 +1394,7 @@ L$aesenclast5: L$epilogue_ssse3: retq +.section __DATA,__const .p2align 6 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -1393,6 +1402,5 @@ K_XX_XX: .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - -.byte 65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text diff --git a/crypto/aes/aesni-sha1-masm-x86_64.S b/crypto/aes/aesni-sha1-masm-x86_64.S index b87202ad..a4a744b0 100644 --- a/crypto/aes/aesni-sha1-masm-x86_64.S +++ b/crypto/aes/aesni-sha1-masm-x86_64.S @@ -1,28 +1,33 @@ ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +71,8 @@ OPTION DOTNAME -; 3 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" 2 + +; 9 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' EXTERN OPENSSL_ia32cap_P:NEAR @@ -76,6 +82,7 @@ PUBLIC aesni_cbc_sha1_enc ALIGN 16 aesni_cbc_sha1_enc PROC PUBLIC + mov r10d,DWORD PTR[((OPENSSL_ia32cap_P+0))] mov r11d,DWORD PTR[((OPENSSL_ia32cap_P+4))] jmp aesni_cbc_sha1_enc_ssse3 @@ -96,6 +103,7 @@ $L$SEH_begin_aesni_cbc_sha1_enc_ssse3:: mov r9,QWORD PTR[48+rsp] + mov r10,QWORD PTR[56+rsp] @@ -1490,6 +1498,8 @@ $L$epilogue_ssse3:: DB 0F3h,0C3h ;repret $L$SEH_end_aesni_cbc_sha1_enc_ssse3:: aesni_cbc_sha1_enc_ssse3 ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 K_XX_XX:: DD 05a827999h,05a827999h,05a827999h,05a827999h @@ -1497,17 +1507,14 @@ K_XX_XX:: DD 08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch DD 0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h DD 000010203h,004050607h,008090a0bh,00c0d0e0fh - -DB 65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115 -DB 116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52 -DB 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32 -DB 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111 -DB 114,103,62,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 ssse3_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/aes/aesni-sha1-mingw64-x86_64.S b/crypto/aes/aesni-sha1-mingw64-x86_64.S index c7a2d5cb..a5abb15a 100644 --- a/crypto/aes/aesni-sha1-mingw64-x86_64.S +++ b/crypto/aes/aesni-sha1-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,6 +13,7 @@ .def aesni_cbc_sha1_enc; .scl 2; .type 32; .endef .p2align 4 aesni_cbc_sha1_enc: +_CET_ENDBR movl OPENSSL_ia32cap_P+0(%rip),%r10d movl OPENSSL_ia32cap_P+4(%rip),%r11d @@ -27,6 +34,7 @@ aesni_cbc_sha1_enc_ssse3: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR movq 56(%rsp),%r10 @@ -1420,6 +1428,7 @@ aesni_cbc_sha1_enc_ssse3: movq 16(%rsp),%rsi retq .LSEH_end_aesni_cbc_sha1_enc_ssse3: +.section .rodata .p2align 6 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -1427,13 +1436,13 @@ K_XX_XX: .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - -.byte 65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text .def ssse3_handler; .scl 3; .type 32; .endef .p2align 4 ssse3_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/aes/bsaes-elf-x86_64.S b/crypto/aes/bsaes-elf-x86_64.S index 602afd09..264d44df 100644 --- a/crypto/aes/bsaes-elf-x86_64.S +++ b/crypto/aes/bsaes-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,7 +13,7 @@ .type _bsaes_encrypt8,@function .align 64 _bsaes_encrypt8: - endbr64 +_CET_ENDBR leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -480,7 +486,7 @@ _bsaes_encrypt8_bitslice: .type _bsaes_decrypt8,@function .align 64 _bsaes_decrypt8: - endbr64 +_CET_ENDBR leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -986,7 +992,7 @@ _bsaes_decrypt8: .type _bsaes_key_convert,@function .align 16 _bsaes_key_convert: - endbr64 +_CET_ENDBR leaq .Lmasks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1071,7 +1077,7 @@ _bsaes_key_convert: .type bsaes_cbc_encrypt,@function .align 16 bsaes_cbc_encrypt: - endbr64 +_CET_ENDBR cmpl $0,%r9d jne asm_AES_cbc_encrypt cmpq $128,%rdx @@ -1322,7 +1328,7 @@ bsaes_cbc_encrypt: .type bsaes_ctr32_encrypt_blocks,@function .align 16 bsaes_ctr32_encrypt_blocks: - endbr64 +_CET_ENDBR movq %rsp,%rax .Lctr_enc_prologue: pushq %rbp @@ -1522,7 +1528,7 @@ bsaes_ctr32_encrypt_blocks: .type bsaes_xts_encrypt,@function .align 16 bsaes_xts_encrypt: - endbr64 +_CET_ENDBR movq %rsp,%rax .Lxts_enc_prologue: pushq %rbp @@ -1975,7 +1981,7 @@ bsaes_xts_encrypt: .type bsaes_xts_decrypt,@function .align 16 bsaes_xts_decrypt: - endbr64 +_CET_ENDBR movq %rsp,%rax .Lxts_dec_prologue: pushq %rbp diff --git a/crypto/aes/bsaes-macosx-x86_64.S b/crypto/aes/bsaes-macosx-x86_64.S index 5f780f0e..f698ce67 100644 --- a/crypto/aes/bsaes-macosx-x86_64.S +++ b/crypto/aes/bsaes-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,6 +13,7 @@ .p2align 6 _bsaes_encrypt8: +_CET_ENDBR leaq L$BS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -479,6 +486,7 @@ L$enc_done: .p2align 6 _bsaes_decrypt8: +_CET_ENDBR leaq L$BS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -984,6 +992,7 @@ L$dec_done: .p2align 4 _bsaes_key_convert: +_CET_ENDBR leaq L$masks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1068,6 +1077,7 @@ L$key_loop: .p2align 4 _bsaes_cbc_encrypt: +_CET_ENDBR cmpl $0,%r9d jne _asm_AES_cbc_encrypt cmpq $128,%rdx @@ -1318,6 +1328,7 @@ L$cbc_dec_epilogue: .p2align 4 _bsaes_ctr32_encrypt_blocks: +_CET_ENDBR movq %rsp,%rax L$ctr_enc_prologue: pushq %rbp @@ -1517,6 +1528,7 @@ L$ctr_enc_epilogue: .p2align 4 _bsaes_xts_encrypt: +_CET_ENDBR movq %rsp,%rax L$xts_enc_prologue: pushq %rbp @@ -1969,6 +1981,7 @@ L$xts_enc_epilogue: .p2align 4 _bsaes_xts_decrypt: +_CET_ENDBR movq %rsp,%rax L$xts_dec_prologue: pushq %rbp @@ -2442,6 +2455,7 @@ L$xts_dec_bzero: L$xts_dec_epilogue: retq +.section __DATA,__const .p2align 6 _bsaes_const: @@ -2494,6 +2508,6 @@ L$M0: .quad 0x02060a0e03070b0f, 0x0004080c0105090d L$63: .quad 0x6363636363636363, 0x6363636363636363 -.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0 .p2align 6 +.text diff --git a/crypto/aes/bsaes-masm-x86_64.S b/crypto/aes/bsaes-masm-x86_64.S index 7049860e..cc571027 100644 --- a/crypto/aes/bsaes-masm-x86_64.S +++ b/crypto/aes/bsaes-masm-x86_64.S @@ -1,28 +1,33 @@ ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +71,8 @@ OPTION DOTNAME -; 3 "crypto/aes/bsaes-masm-x86_64.S.tmp" 2 + +; 9 "crypto/aes/bsaes-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' EXTERN asm_AES_encrypt:NEAR @@ -75,6 +81,7 @@ EXTERN asm_AES_decrypt:NEAR ALIGN 64 _bsaes_encrypt8 PROC PRIVATE + lea r11,QWORD PTR[$L$BS0] movdqa xmm8,XMMWORD PTR[rax] @@ -547,6 +554,7 @@ _bsaes_encrypt8 ENDP ALIGN 64 _bsaes_decrypt8 PROC PRIVATE + lea r11,QWORD PTR[$L$BS0] movdqa xmm8,XMMWORD PTR[rax] @@ -1052,6 +1060,7 @@ _bsaes_decrypt8 ENDP ALIGN 16 _bsaes_key_convert PROC PRIVATE + lea r11,QWORD PTR[$L$masks] movdqu xmm7,XMMWORD PTR[rcx] lea rcx,QWORD PTR[16+rcx] @@ -1136,6 +1145,7 @@ PUBLIC bsaes_cbc_encrypt ALIGN 16 bsaes_cbc_encrypt PROC PUBLIC + mov r11d,DWORD PTR[48+rsp] cmp r11d,0 jne asm_AES_cbc_encrypt @@ -1411,6 +1421,7 @@ PUBLIC bsaes_ctr32_encrypt_blocks ALIGN 16 bsaes_ctr32_encrypt_blocks PROC PUBLIC + mov rax,rsp $L$ctr_enc_prologue:: push rbp @@ -1634,6 +1645,7 @@ PUBLIC bsaes_xts_encrypt ALIGN 16 bsaes_xts_encrypt PROC PUBLIC + mov rax,rsp $L$xts_enc_prologue:: push rbp @@ -2111,6 +2123,7 @@ PUBLIC bsaes_xts_decrypt ALIGN 16 bsaes_xts_decrypt PROC PUBLIC + mov rax,rsp $L$xts_dec_prologue:: push rbp @@ -2609,6 +2622,8 @@ $L$xts_dec_bzero:: $L$xts_dec_epilogue:: DB 0F3h,0C3h ;repret bsaes_xts_decrypt ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 _bsaes_const:: @@ -2661,17 +2676,15 @@ $L$M0:: DQ 002060a0e03070b0fh,00004080c0105090dh $L$63:: DQ 06363636363636363h,06363636363636363h -DB 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102 -DB 111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44 -DB 32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44 -DB 32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32 -DB 65,110,100,121,32,80,111,108,121,97,107,111,118,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/aes/bsaes-mingw64-x86_64.S b/crypto/aes/bsaes-mingw64-x86_64.S index f0b07cba..c32f9831 100644 --- a/crypto/aes/bsaes-mingw64-x86_64.S +++ b/crypto/aes/bsaes-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,6 +13,7 @@ .def _bsaes_encrypt8; .scl 3; .type 32; .endef .p2align 6 _bsaes_encrypt8: +_CET_ENDBR leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -479,6 +486,7 @@ _bsaes_encrypt8_bitslice: .def _bsaes_decrypt8; .scl 3; .type 32; .endef .p2align 6 _bsaes_decrypt8: +_CET_ENDBR leaq .LBS0(%rip),%r11 movdqa (%rax),%xmm8 @@ -984,6 +992,7 @@ _bsaes_decrypt8: .def _bsaes_key_convert; .scl 3; .type 32; .endef .p2align 4 _bsaes_key_convert: +_CET_ENDBR leaq .Lmasks(%rip),%r11 movdqu (%rcx),%xmm7 leaq 16(%rcx),%rcx @@ -1068,6 +1077,7 @@ _bsaes_key_convert: .def bsaes_cbc_encrypt; .scl 2; .type 32; .endef .p2align 4 bsaes_cbc_encrypt: +_CET_ENDBR movl 48(%rsp),%r11d cmpl $0,%r11d jne asm_AES_cbc_encrypt @@ -1343,6 +1353,7 @@ bsaes_cbc_encrypt: .def bsaes_ctr32_encrypt_blocks; .scl 2; .type 32; .endef .p2align 4 bsaes_ctr32_encrypt_blocks: +_CET_ENDBR movq %rsp,%rax .Lctr_enc_prologue: pushq %rbp @@ -1566,6 +1577,7 @@ bsaes_ctr32_encrypt_blocks: .def bsaes_xts_encrypt; .scl 2; .type 32; .endef .p2align 4 bsaes_xts_encrypt: +_CET_ENDBR movq %rsp,%rax .Lxts_enc_prologue: pushq %rbp @@ -2043,6 +2055,7 @@ bsaes_xts_encrypt: .def bsaes_xts_decrypt; .scl 2; .type 32; .endef .p2align 4 bsaes_xts_decrypt: +_CET_ENDBR movq %rsp,%rax .Lxts_dec_prologue: pushq %rbp @@ -2541,6 +2554,7 @@ bsaes_xts_decrypt: .Lxts_dec_epilogue: retq +.section .rodata .p2align 6 _bsaes_const: @@ -2593,13 +2607,14 @@ _bsaes_const: .quad 0x02060a0e03070b0f, 0x0004080c0105090d .L63: .quad 0x6363636363636363, 0x6363636363636363 -.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0 .p2align 6 +.text .def se_handler; .scl 3; .type 32; .endef .p2align 4 se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/aes/vpaes-elf-x86_64.S b/crypto/aes/vpaes-elf-x86_64.S index 67ff646c..bb693a09 100644 --- a/crypto/aes/vpaes-elf-x86_64.S +++ b/crypto/aes/vpaes-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -19,7 +25,7 @@ .type _vpaes_encrypt_core,@function .align 16 _vpaes_encrypt_core: - endbr64 +_CET_ENDBR movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -110,7 +116,7 @@ _vpaes_encrypt_core: .type _vpaes_decrypt_core,@function .align 16 _vpaes_decrypt_core: - endbr64 +_CET_ENDBR movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -218,7 +224,7 @@ _vpaes_decrypt_core: .type _vpaes_schedule_core,@function .align 16 _vpaes_schedule_core: - endbr64 +_CET_ENDBR @@ -404,7 +410,7 @@ _vpaes_schedule_core: .type _vpaes_schedule_192_smear,@function .align 16 _vpaes_schedule_192_smear: - endbr64 +_CET_ENDBR pshufd $128,%xmm6,%xmm0 pxor %xmm0,%xmm6 pshufd $254,%xmm7,%xmm0 @@ -436,7 +442,7 @@ _vpaes_schedule_192_smear: .type _vpaes_schedule_round,@function .align 16 _vpaes_schedule_round: - endbr64 +_CET_ENDBR pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 @@ -504,7 +510,7 @@ _vpaes_schedule_low_round: .type _vpaes_schedule_transform,@function .align 16 _vpaes_schedule_transform: - endbr64 +_CET_ENDBR movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -543,7 +549,7 @@ _vpaes_schedule_transform: .type _vpaes_schedule_mangle,@function .align 16 _vpaes_schedule_mangle: - endbr64 +_CET_ENDBR movdqa %xmm0,%xmm4 movdqa .Lk_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -617,7 +623,7 @@ _vpaes_schedule_mangle: .type vpaes_set_encrypt_key,@function .align 16 vpaes_set_encrypt_key: - endbr64 +_CET_ENDBR movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -634,7 +640,7 @@ vpaes_set_encrypt_key: .type vpaes_set_decrypt_key,@function .align 16 vpaes_set_decrypt_key: - endbr64 +_CET_ENDBR movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -656,7 +662,7 @@ vpaes_set_decrypt_key: .type vpaes_encrypt,@function .align 16 vpaes_encrypt: - endbr64 +_CET_ENDBR movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_encrypt_core @@ -668,7 +674,7 @@ vpaes_encrypt: .type vpaes_decrypt,@function .align 16 vpaes_decrypt: - endbr64 +_CET_ENDBR movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_decrypt_core @@ -679,7 +685,7 @@ vpaes_decrypt: .type vpaes_cbc_encrypt,@function .align 16 vpaes_cbc_encrypt: - endbr64 +_CET_ENDBR xchgq %rcx,%rdx subq $16,%rcx jc .Lcbc_abort @@ -725,7 +731,7 @@ vpaes_cbc_encrypt: .type _vpaes_preheat,@function .align 16 _vpaes_preheat: - endbr64 +_CET_ENDBR leaq .Lk_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 diff --git a/crypto/aes/vpaes-macosx-x86_64.S b/crypto/aes/vpaes-macosx-x86_64.S index 0a892a9d..a6675232 100644 --- a/crypto/aes/vpaes-macosx-x86_64.S +++ b/crypto/aes/vpaes-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -19,6 +25,7 @@ .p2align 4 _vpaes_encrypt_core: +_CET_ENDBR movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -109,6 +116,7 @@ L$enc_entry: .p2align 4 _vpaes_decrypt_core: +_CET_ENDBR movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -216,6 +224,7 @@ L$dec_entry: .p2align 4 _vpaes_schedule_core: +_CET_ENDBR @@ -401,6 +410,7 @@ L$schedule_mangle_last_dec: .p2align 4 _vpaes_schedule_192_smear: +_CET_ENDBR pshufd $128,%xmm6,%xmm0 pxor %xmm0,%xmm6 pshufd $254,%xmm7,%xmm0 @@ -432,6 +442,7 @@ _vpaes_schedule_192_smear: .p2align 4 _vpaes_schedule_round: +_CET_ENDBR pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 @@ -499,6 +510,7 @@ _vpaes_schedule_low_round: .p2align 4 _vpaes_schedule_transform: +_CET_ENDBR movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -537,6 +549,7 @@ _vpaes_schedule_transform: .p2align 4 _vpaes_schedule_mangle: +_CET_ENDBR movdqa %xmm0,%xmm4 movdqa L$k_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -610,6 +623,7 @@ L$schedule_mangle_both: .p2align 4 _vpaes_set_encrypt_key: +_CET_ENDBR movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -626,6 +640,7 @@ _vpaes_set_encrypt_key: .p2align 4 _vpaes_set_decrypt_key: +_CET_ENDBR movl %esi,%eax shrl $5,%eax addl $5,%eax @@ -647,6 +662,7 @@ _vpaes_set_decrypt_key: .p2align 4 _vpaes_encrypt: +_CET_ENDBR movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_encrypt_core @@ -658,6 +674,7 @@ _vpaes_encrypt: .p2align 4 _vpaes_decrypt: +_CET_ENDBR movdqu (%rdi),%xmm0 call _vpaes_preheat call _vpaes_decrypt_core @@ -668,6 +685,7 @@ _vpaes_decrypt: .p2align 4 _vpaes_cbc_encrypt: +_CET_ENDBR xchgq %rcx,%rdx subq $16,%rcx jc L$cbc_abort @@ -713,6 +731,7 @@ L$cbc_abort: .p2align 4 _vpaes_preheat: +_CET_ENDBR leaq L$k_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 @@ -728,6 +747,7 @@ _vpaes_preheat: +.section __DATA,__const .p2align 6 _vpaes_consts: @@ -824,6 +844,6 @@ L$k_dsbe: L$k_dsbo: .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 .p2align 6 +.text diff --git a/crypto/aes/vpaes-masm-x86_64.S b/crypto/aes/vpaes-masm-x86_64.S index fa24314e..6e7a5f8f 100644 --- a/crypto/aes/vpaes-masm-x86_64.S +++ b/crypto/aes/vpaes-masm-x86_64.S @@ -1,29 +1,33 @@ ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + + -; 40 "./crypto/x86_arch.h" + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +70,9 @@ OPTION DOTNAME -; 3 "crypto/aes/vpaes-masm-x86_64.S.tmp" 2 + + +; 9 "crypto/aes/vpaes-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' @@ -87,6 +93,7 @@ OPTION DOTNAME ALIGN 16 _vpaes_encrypt_core PROC PRIVATE + mov r9,rdx mov r11,16 mov eax,DWORD PTR[240+rdx] @@ -177,6 +184,7 @@ _vpaes_encrypt_core ENDP ALIGN 16 _vpaes_decrypt_core PROC PRIVATE + mov r9,rdx mov eax,DWORD PTR[240+rdx] movdqa xmm1,xmm9 @@ -289,6 +297,7 @@ _vpaes_schedule_core PROC PRIVATE + call _vpaes_preheat movdqa xmm8,XMMWORD PTR[$L$k_rcon] movdqu xmm0,XMMWORD PTR[rdi] @@ -469,6 +478,7 @@ _vpaes_schedule_core ENDP ALIGN 16 _vpaes_schedule_192_smear PROC PRIVATE + pshufd xmm0,xmm6,080h pxor xmm6,xmm0 pshufd xmm0,xmm7,0FEh @@ -501,6 +511,7 @@ _vpaes_schedule_192_smear ENDP ALIGN 16 _vpaes_schedule_round PROC PRIVATE + pxor xmm1,xmm1 DB 102,65,15,58,15,200,15 DB 102,69,15,58,15,192,15 @@ -567,6 +578,7 @@ _vpaes_schedule_round ENDP ALIGN 16 _vpaes_schedule_transform PROC PRIVATE + movdqa xmm1,xmm9 pandn xmm1,xmm0 psrld xmm1,4 @@ -605,6 +617,7 @@ _vpaes_schedule_transform ENDP ALIGN 16 _vpaes_schedule_mangle PROC PRIVATE + movdqa xmm4,xmm0 movdqa xmm5,XMMWORD PTR[$L$k_mc_forward] test rcx,rcx @@ -687,6 +700,7 @@ $L$SEH_begin_vpaes_set_encrypt_key:: mov rdx,r8 + lea rsp,QWORD PTR[((-184))+rsp] movaps XMMWORD PTR[16+rsp],xmm6 movaps XMMWORD PTR[32+rsp],xmm7 @@ -739,6 +753,7 @@ $L$SEH_begin_vpaes_set_decrypt_key:: mov rdx,r8 + lea rsp,QWORD PTR[((-184))+rsp] movaps XMMWORD PTR[16+rsp],xmm6 movaps XMMWORD PTR[32+rsp],xmm7 @@ -796,6 +811,7 @@ $L$SEH_begin_vpaes_encrypt:: mov rdx,r8 + lea rsp,QWORD PTR[((-184))+rsp] movaps XMMWORD PTR[16+rsp],xmm6 movaps XMMWORD PTR[32+rsp],xmm7 @@ -843,6 +859,7 @@ $L$SEH_begin_vpaes_decrypt:: mov rdx,r8 + lea rsp,QWORD PTR[((-184))+rsp] movaps XMMWORD PTR[16+rsp],xmm6 movaps XMMWORD PTR[32+rsp],xmm7 @@ -892,6 +909,7 @@ $L$SEH_begin_vpaes_cbc_encrypt:: mov r9,QWORD PTR[48+rsp] + xchg rdx,rcx sub rcx,16 jc $L$cbc_abort @@ -964,6 +982,7 @@ vpaes_cbc_encrypt ENDP ALIGN 16 _vpaes_preheat PROC PRIVATE + lea r10,QWORD PTR[$L$k_s0F] movdqa xmm10,XMMWORD PTR[((-32))+r10] movdqa xmm11,XMMWORD PTR[((-16))+r10] @@ -979,6 +998,8 @@ _vpaes_preheat ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 _vpaes_consts:: @@ -1075,17 +1096,15 @@ $L$k_dsbe:: $L$k_dsbo:: DQ 01387EA537EF94000h,0C7AA6DB9D4943E2Dh DQ 012D7560F93441D00h,0CA4B8159D8C58E9Ch -DB 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105 -DB 111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54 -DB 52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97 -DB 109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32 -DB 85,110,105,118,101,114,115,105,116,121,41,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/aes/vpaes-mingw64-x86_64.S b/crypto/aes/vpaes-mingw64-x86_64.S index d6cb8605..f4e50935 100644 --- a/crypto/aes/vpaes-mingw64-x86_64.S +++ b/crypto/aes/vpaes-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -19,6 +25,7 @@ .def _vpaes_encrypt_core; .scl 3; .type 32; .endef .p2align 4 _vpaes_encrypt_core: +_CET_ENDBR movq %rdx,%r9 movq $16,%r11 movl 240(%rdx),%eax @@ -109,6 +116,7 @@ _vpaes_encrypt_core: .def _vpaes_decrypt_core; .scl 3; .type 32; .endef .p2align 4 _vpaes_decrypt_core: +_CET_ENDBR movq %rdx,%r9 movl 240(%rdx),%eax movdqa %xmm9,%xmm1 @@ -216,6 +224,7 @@ _vpaes_decrypt_core: .def _vpaes_schedule_core; .scl 3; .type 32; .endef .p2align 4 _vpaes_schedule_core: +_CET_ENDBR @@ -401,6 +410,7 @@ _vpaes_schedule_core: .def _vpaes_schedule_192_smear; .scl 3; .type 32; .endef .p2align 4 _vpaes_schedule_192_smear: +_CET_ENDBR pshufd $128,%xmm6,%xmm0 pxor %xmm0,%xmm6 pshufd $254,%xmm7,%xmm0 @@ -432,6 +442,7 @@ _vpaes_schedule_192_smear: .def _vpaes_schedule_round; .scl 3; .type 32; .endef .p2align 4 _vpaes_schedule_round: +_CET_ENDBR pxor %xmm1,%xmm1 .byte 102,65,15,58,15,200,15 @@ -499,6 +510,7 @@ _vpaes_schedule_low_round: .def _vpaes_schedule_transform; .scl 3; .type 32; .endef .p2align 4 _vpaes_schedule_transform: +_CET_ENDBR movdqa %xmm9,%xmm1 pandn %xmm0,%xmm1 psrld $4,%xmm1 @@ -537,6 +549,7 @@ _vpaes_schedule_transform: .def _vpaes_schedule_mangle; .scl 3; .type 32; .endef .p2align 4 _vpaes_schedule_mangle: +_CET_ENDBR movdqa %xmm0,%xmm4 movdqa .Lk_mc_forward(%rip),%xmm5 testq %rcx,%rcx @@ -618,6 +631,7 @@ vpaes_set_encrypt_key: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR leaq -184(%rsp),%rsp movaps %xmm6,16(%rsp) movaps %xmm7,32(%rsp) @@ -668,6 +682,7 @@ vpaes_set_decrypt_key: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR leaq -184(%rsp),%rsp movaps %xmm6,16(%rsp) movaps %xmm7,32(%rsp) @@ -723,6 +738,7 @@ vpaes_encrypt: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR leaq -184(%rsp),%rsp movaps %xmm6,16(%rsp) movaps %xmm7,32(%rsp) @@ -768,6 +784,7 @@ vpaes_decrypt: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR leaq -184(%rsp),%rsp movaps %xmm6,16(%rsp) movaps %xmm7,32(%rsp) @@ -815,6 +832,7 @@ vpaes_cbc_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR xchgq %rcx,%rdx subq $16,%rcx jc .Lcbc_abort @@ -886,6 +904,7 @@ vpaes_cbc_encrypt: .def _vpaes_preheat; .scl 3; .type 32; .endef .p2align 4 _vpaes_preheat: +_CET_ENDBR leaq .Lk_s0F(%rip),%r10 movdqa -32(%r10),%xmm10 movdqa -16(%r10),%xmm11 @@ -901,6 +920,7 @@ _vpaes_preheat: +.section .rodata .p2align 6 _vpaes_consts: @@ -997,13 +1017,14 @@ _vpaes_consts: .Lk_dsbo: .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 .p2align 6 +.text .def se_handler; .scl 3; .type 32; .endef .p2align 4 se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 7ea3e12b..851a3a3d 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_bitstr.c,v 1.41 2023/07/28 10:33:13 tb Exp $ */ +/* $OpenBSD: a_bitstr.c,v 1.42 2023/12/25 22:02:59 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -120,20 +120,24 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) int w, v, iv; unsigned char *c; - w = n/8; + if (a == NULL) + return 0; + if (n < 0) + return 0; + + w = n / 8; v = 1 << (7 - (n & 0x07)); iv = ~v; - if (!value) - v = 0; - if (a == NULL) - return 0; + if (value == 0) + v = 0; asn1_abs_clear_unused_bits(a); - if ((a->length < (w + 1)) || (a->data == NULL)) { - if (!value) - return(1); /* Don't need to set */ + if (a->length < w + 1 || a->data == NULL) { + /* Don't expand if there's no bit to set. */ + if (value == 0) + return 1; if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { ASN1error(ERR_R_MALLOC_FAILURE); return 0; @@ -141,11 +145,12 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) a->data = c; a->length = w + 1; } + a->data[w] = ((a->data[w]) & iv) | v; - while ((a->length > 0) && (a->data[a->length - 1] == 0)) + while (a->length > 0 && a->data[a->length - 1] == 0) a->length--; - return (1); + return 1; } LCRYPTO_ALIAS(ASN1_BIT_STRING_set_bit); @@ -154,11 +159,18 @@ ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) { int w, v; + if (a == NULL) + return 0; + if (n < 0) + return 0; + w = n / 8; v = 1 << (7 - (n & 0x07)); - if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) - return (0); - return ((a->data[w] & v) != 0); + + if (a->length < w + 1 || a->data == NULL) + return 0; + + return (a->data[w] & v) != 0; } LCRYPTO_ALIAS(ASN1_BIT_STRING_get_bit); diff --git a/crypto/asn1/a_pkey.c b/crypto/asn1/a_pkey.c index 6e715d4f..1e8ebc91 100644 --- a/crypto/asn1/a_pkey.c +++ b/crypto/asn1/a_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_pkey.c,v 1.6 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: a_pkey.c,v 1.7 2023/11/19 15:46:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,10 +67,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" @@ -87,10 +83,6 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) } } else { ret = *a; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); - ret->engine = NULL; -#endif } if (!EVP_PKEY_set_type(ret, type)) { diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 2542119e..5fa60b9c 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_strnid.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */ +/* $OpenBSD: a_strnid.c,v 1.31 2024/03/02 08:54:02 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,20 +65,13 @@ #include #include -static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; - -static ASN1_STRING_TABLE *stable_get(int nid); -static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b); - - /* + * XXX - unprotected global state + * * This is the global mask for the mbstring functions: this is used to * mask out certain types (such as BMPString and UTF8String) because * certain software (e.g. Netscape) has problems with them. */ - static unsigned long global_mask = B_ASN1_UTF8STRING; void @@ -148,7 +141,7 @@ ASN1_STRING * ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, int inform, int nid) { - ASN1_STRING_TABLE *tbl; + const ASN1_STRING_TABLE *tbl; ASN1_STRING *str = NULL; unsigned long mask; int ret; @@ -171,12 +164,7 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, } LCRYPTO_ALIAS(ASN1_STRING_set_by_NID); -/* - * Now the tables and helper functions for the string table: - */ - -/* size limits: this stuff is taken straight from RFC3280 */ - +/* From RFC 5280, Appendix A.1. */ #define ub_name 32768 #define ub_common_name 64 #define ub_locality_name 128 @@ -184,12 +172,9 @@ LCRYPTO_ALIAS(ASN1_STRING_set_by_NID); #define ub_organization_name 64 #define ub_organization_unit_name 64 #define ub_title 64 -#define ub_email_address 128 +#define ub_email_address 128 /* XXX - bumped to 255 in RFC 5280 */ #define ub_serial_number 64 - -/* This table must be kept in NID order */ - static const ASN1_STRING_TABLE tbl_standard[] = { { .nid = NID_commonName, @@ -326,138 +311,19 @@ static const ASN1_STRING_TABLE tbl_standard[] = { }, }; -static int -sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b) -{ - return (*a)->nid - (*b)->nid; -} - -static int table_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int table_cmp(ASN1_STRING_TABLE const *, ASN1_STRING_TABLE const *); -static ASN1_STRING_TABLE *OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num); +#define N_STRING_TABLE_ENTRIES (sizeof(tbl_standard) / sizeof(tbl_standard[0])) -static int -table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) -{ - return a->nid - b->nid; -} - - -static int -table_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - ASN1_STRING_TABLE const *a = a_; - ASN1_STRING_TABLE const *b = b_; - return table_cmp(a, b); -} - -static ASN1_STRING_TABLE * -OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num) -{ - return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE), - table_cmp_BSEARCH_CMP_FN); -} - -ASN1_STRING_TABLE * +const ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid) { - int idx; - ASN1_STRING_TABLE fnd; - - fnd.nid = nid; - if (stable != NULL) { - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if (idx >= 0) - return sk_ASN1_STRING_TABLE_value(stable, idx); - } - return OBJ_bsearch_table(&fnd, tbl_standard, - sizeof(tbl_standard) / sizeof(tbl_standard[0])); -} -LCRYPTO_ALIAS(ASN1_STRING_TABLE_get); - -/* - * Return a string table pointer which can be modified: either directly - * from table or a copy of an internal value added to the table. - */ - -static ASN1_STRING_TABLE * -stable_get(int nid) -{ - ASN1_STRING_TABLE *tmp, *rv; - - /* Always need a string table so allocate one if NULL */ - if (stable == NULL) { - stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if (stable == NULL) - return NULL; - } - tmp = ASN1_STRING_TABLE_get(nid); - if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0) - return tmp; - - if ((rv = calloc(1, sizeof(*rv))) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { - free(rv); - return NULL; - } - if (tmp != NULL) { - rv->nid = tmp->nid; - rv->minsize = tmp->minsize; - rv->maxsize = tmp->maxsize; - rv->mask = tmp->mask; - rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; - } else { - rv->nid = nid; - rv->minsize = -1; - rv->maxsize = -1; - rv->flags = STABLE_FLAGS_MALLOC; - } - return rv; -} - -int -ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, - unsigned long flags) -{ - ASN1_STRING_TABLE *tmp; + size_t i; - if ((tmp = stable_get(nid)) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return 0; + for (i = 0; i < N_STRING_TABLE_ENTRIES; i++) { + const ASN1_STRING_TABLE *entry = &tbl_standard[i]; + if (entry->nid == nid) + return entry; } - if (minsize >= 0) - tmp->minsize = minsize; - if (maxsize >= 0) - tmp->maxsize = maxsize; - if (mask != 0) - tmp->mask = mask; - if (flags != 0) - tmp->flags = flags | STABLE_FLAGS_MALLOC; - - return 1; -} -LCRYPTO_ALIAS(ASN1_STRING_TABLE_add); -void -ASN1_STRING_TABLE_cleanup(void) -{ - STACK_OF(ASN1_STRING_TABLE) *tmp; - - tmp = stable; - if (tmp == NULL) - return; - stable = NULL; - sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); -} -LCRYPTO_ALIAS(ASN1_STRING_TABLE_cleanup); - -static void -st_free(ASN1_STRING_TABLE *tbl) -{ - if (tbl->flags & STABLE_FLAGS_MALLOC) - free(tbl); + return NULL; } +LCRYPTO_ALIAS(ASN1_STRING_TABLE_get); diff --git a/crypto/asn1/a_time_posix.c b/crypto/asn1/a_time_posix.c index 9327aa8b..d4439b47 100644 --- a/crypto/asn1/a_time_posix.c +++ b/crypto/asn1/a_time_posix.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_posix.c,v 1.3 2023/01/01 16:58:23 miod Exp $ */ +/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */ /* * Copyright (c) 2022, Google Inc. * Copyright (c) 2022, Bob Beck @@ -23,9 +23,15 @@ #include #include +#include #include #include +#include +#include + +#include "crypto_internal.h" + #define SECS_PER_HOUR (int64_t)(60 * 60) #define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR) @@ -34,7 +40,7 @@ * to 9999? */ static int -is_valid_date(int year, int month, int day) +is_valid_date(int64_t year, int64_t month, int64_t day) { int days_in_month; if (day < 1 || month < 1 || year < 0 || year > 9999) @@ -78,13 +84,16 @@ is_valid_time(int hours, int minutes, int seconds) minutes <= 59 && seconds <= 59; } +/* 0000-01-01 00:00:00 UTC */ +#define MIN_POSIX_TIME INT64_C(-62167219200) +/* 9999-12-31 23:59:59 UTC */ +#define MAX_POSIX_TIME INT64_C(253402300799) + /* Is a int64 time representing a time within our expected range? */ static int -is_valid_epoch_time(int64_t time) +is_valid_posix_time(int64_t time) { - /* 0000-01-01 00:00:00 UTC to 9999-12-31 23:59:59 UTC */ - return (int64_t)-62167219200LL <= time && - time <= (int64_t)253402300799LL; + return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME; } /* @@ -93,8 +102,8 @@ is_valid_epoch_time(int64_t time) * (Public Domain) */ static int -posix_time_from_utc(int year, int month, int day, int hours, int minutes, - int seconds, int64_t *out_time) +posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours, + int64_t minutes, int64_t seconds, int64_t *out_time) { int64_t era, year_of_era, day_of_year, day_of_era, posix_days; @@ -130,7 +139,7 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day, int64_t days, leftover_seconds, era, day_of_era, year_of_era, day_of_year, month_of_year; - if (!is_valid_epoch_time(time)) + if (!is_valid_posix_time(time)) return 0; days = time / SECS_PER_DAY; @@ -165,40 +174,41 @@ utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day, return 1; } -static int -asn1_time_tm_to_posix(const struct tm *tm, int64_t *out) +int +OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) { - /* Ensure additions below do not overflow */ - if (tm->tm_year > 9999) - return 0; - if (tm->tm_mon > 12) - return 0; - - return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, - tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, out); + return posix_time_from_utc(tm->tm_year + (int64_t)1900, + tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec, out); } +LCRYPTO_ALIAS(OPENSSL_tm_to_posix); -static int -asn1_time_posix_to_tm(int64_t time, struct tm *out_tm) +int +OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) { - memset(out_tm, 0, sizeof(struct tm)); - if (!utc_from_posix_time(time, &out_tm->tm_year, &out_tm->tm_mon, - &out_tm->tm_mday, &out_tm->tm_hour, &out_tm->tm_min, - &out_tm->tm_sec)) + struct tm tmp_tm = {0}; + + memset(out_tm, 0, sizeof(*out_tm)); + + if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon, + &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec)) return 0; - out_tm->tm_year -= 1900; - out_tm->tm_mon -= 1; + tmp_tm.tm_year -= 1900; + tmp_tm.tm_mon -= 1; + + *out_tm = tmp_tm; return 1; } +LCRYPTO_ALIAS(OPENSSL_posix_to_tm); int asn1_time_tm_to_time_t(const struct tm *tm, time_t *out) { int64_t posix_time; - if (!asn1_time_tm_to_posix(tm, &posix_time)) + if (!OPENSSL_tm_to_posix(tm, &posix_time)) return 0; #ifdef SMALL_TIME_T @@ -217,31 +227,46 @@ asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm) { int64_t posix_time = *time; - return asn1_time_posix_to_tm(posix_time, out_tm); + return OPENSSL_posix_to_tm(posix_time, out_tm); } int -OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) +OPENSSL_timegm(const struct tm *tm, time_t *out) { + return asn1_time_tm_to_time_t(tm, out); +} +LCRYPTO_ALIAS(OPENSSL_timegm); + +struct tm * +OPENSSL_gmtime(const time_t *time, struct tm *out_tm) { + if (!asn1_time_time_t_to_tm(time, out_tm)) + return NULL; + return out_tm; +} +LCRYPTO_ALIAS(OPENSSL_gmtime); + +/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */ +int +OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec) { int64_t posix_time; - /* Ensure additions below do not overflow */ - if (tm->tm_year > 9999) - return 0; - if (tm->tm_mon > 12) + if (!OPENSSL_tm_to_posix(tm, &posix_time)) return 0; - if (!posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, - tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, &posix_time)) - return 0; + CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY); + CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY); + CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY); + + posix_time += offset_day * SECS_PER_DAY; - if (!utc_from_posix_time(posix_time + off_day * SECS_PER_DAY + - offset_sec, &tm->tm_year, &tm->tm_mon, &tm->tm_mday, &tm->tm_hour, - &tm->tm_min, &tm->tm_sec)) + if (posix_time > 0 && offset_sec > INT64_MAX - posix_time) + return 0; + if (posix_time < 0 && offset_sec < INT64_MIN - posix_time) return 0; + posix_time += offset_sec; - tm->tm_year -= 1900; - tm->tm_mon -= 1; + if (!OPENSSL_posix_to_tm(posix_time, tm)) + return 0; return 1; } @@ -252,20 +277,17 @@ OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from, { int64_t time_to, time_from, timediff, daydiff; - if (!posix_time_from_utc(to->tm_year + 1900, to->tm_mon + 1, - to->tm_mday, to->tm_hour, to->tm_min, to->tm_sec, &time_to)) + if (!OPENSSL_tm_to_posix(to, &time_to) || + !OPENSSL_tm_to_posix(from, &time_from)) return 0; - if (!posix_time_from_utc(from->tm_year + 1900, from->tm_mon + 1, - from->tm_mday, from->tm_hour, from->tm_min, - from->tm_sec, &time_from)) - return 0; + /* Times are in range, so these calculations cannot overflow. */ + CTASSERT(SECS_PER_DAY <= INT_MAX); + CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX); timediff = time_to - time_from; daydiff = timediff / SECS_PER_DAY; timediff %= SECS_PER_DAY; - if (daydiff > INT_MAX || daydiff < INT_MIN) - return 0; *out_secs = timediff; *out_days = daydiff; diff --git a/crypto/asn1/a_time_tm.c b/crypto/asn1/a_time_tm.c index ea94d2f5..986c1e73 100644 --- a/crypto/asn1/a_time_tm.c +++ b/crypto/asn1/a_time_tm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time_tm.c,v 1.31 2023/10/01 22:14:36 tb Exp $ */ +/* $OpenBSD: a_time_tm.c,v 1.33 2024/03/02 09:10:42 tb Exp $ */ /* * Copyright (c) 2015 Bob Beck * @@ -60,7 +60,6 @@ ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) return (1); return 0; } -LCRYPTO_ALIAS(ASN1_time_tm_cmp); int ASN1_time_tm_clamp_notafter(struct tm *tm) @@ -345,7 +344,6 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) return -1; } -LCRYPTO_ALIAS(ASN1_time_parse); /* * ASN1_TIME generic functions. @@ -408,17 +406,6 @@ ASN1_TIME_set(ASN1_TIME *s, time_t t) } LCRYPTO_ALIAS(ASN1_TIME_set); -ASN1_TIME * -ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm) -{ - time_t t; - - if (!asn1_time_tm_to_time_t(tm, &t)) - return NULL; - return (ASN1_TIME_adj(s, t, 0, 0)); -} -LCRYPTO_ALIAS(ASN1_TIME_set_tm); - ASN1_TIME * ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec) { diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c deleted file mode 100644 index 153ad21a..00000000 --- a/crypto/asn1/ameth_lib.c +++ /dev/null @@ -1,428 +0,0 @@ -/* $OpenBSD: ameth_lib.c,v 1.32 2023/07/07 19:37:52 beck Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include - -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "asn1_local.h" -#include "evp_local.h" - -extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; -extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; -extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth; - -static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = { - &cmac_asn1_meth, - &dh_asn1_meth, - &dsa_asn1_meths[0], - &dsa_asn1_meths[1], - &dsa_asn1_meths[2], - &dsa_asn1_meths[3], - &dsa_asn1_meths[4], - &eckey_asn1_meth, - &ed25519_asn1_meth, - &gostimit_asn1_meth, - &gostr01_asn1_meths[0], - &gostr01_asn1_meths[1], - &gostr01_asn1_meths[2], - &hmac_asn1_meth, - &rsa_asn1_meths[0], - &rsa_asn1_meths[1], - &rsa_pss_asn1_meth, - &x25519_asn1_meth, -}; - -static const size_t asn1_methods_count = - sizeof(asn1_methods) / sizeof(asn1_methods[0]); - -DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) -static STACK_OF(EVP_PKEY_ASN1_METHOD) *asn1_app_methods = NULL; - -int -EVP_PKEY_asn1_get_count(void) -{ - int num = asn1_methods_count; - - if (asn1_app_methods != NULL) - num += sk_EVP_PKEY_ASN1_METHOD_num(asn1_app_methods); - - return num; -} - -const EVP_PKEY_ASN1_METHOD * -EVP_PKEY_asn1_get0(int idx) -{ - int num = asn1_methods_count; - - if (idx < 0) - return NULL; - if (idx < num) - return asn1_methods[idx]; - - idx -= num; - - return sk_EVP_PKEY_ASN1_METHOD_value(asn1_app_methods, idx); -} - -static const EVP_PKEY_ASN1_METHOD * -pkey_asn1_find(int pkey_id) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - int i; - - for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { - ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_id == pkey_id) - return ameth; - } - - return NULL; -} - -/* - * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL - * also search through engines and set *pe to a functional reference - * to the engine implementing 'type' or NULL if no engine implements - * it. - */ -const EVP_PKEY_ASN1_METHOD * -EVP_PKEY_asn1_find(ENGINE **pe, int type) -{ - const EVP_PKEY_ASN1_METHOD *mp; - - for (;;) { - if ((mp = pkey_asn1_find(type)) == NULL) - break; - if ((mp->pkey_flags & ASN1_PKEY_ALIAS) == 0) - break; - type = mp->pkey_base_id; - } - if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - /* type will contain the final unaliased type */ - e = ENGINE_get_pkey_asn1_meth_engine(type); - if (e) { - *pe = e; - return ENGINE_get_pkey_asn1_meth(e, type); - } -#endif - *pe = NULL; - } - return mp; -} - -const EVP_PKEY_ASN1_METHOD * -EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - int i; - - if (len == -1) - len = strlen(str); - if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - ameth = ENGINE_pkey_asn1_find_str(&e, str, len); - if (ameth) { - /* Convert structural into - * functional reference - */ - if (!ENGINE_init(e)) - ameth = NULL; - ENGINE_free(e); - *pe = e; - return ameth; - } -#endif - *pe = NULL; - } - for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) { - ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) - continue; - if (((int)strlen(ameth->pem_str) == len) && - !strncasecmp(ameth->pem_str, str, len)) - return ameth; - } - return NULL; -} - -int -EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) -{ - if (asn1_app_methods == NULL) { - asn1_app_methods = sk_EVP_PKEY_ASN1_METHOD_new(NULL); - if (asn1_app_methods == NULL) - return 0; - } - - if (!sk_EVP_PKEY_ASN1_METHOD_push(asn1_app_methods, ameth)) - return 0; - - return 1; -} - -int -EVP_PKEY_asn1_add_alias(int to, int from) -{ - EVP_PKEY_ASN1_METHOD *ameth; - - ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); - if (ameth == NULL) - return 0; - - ameth->pkey_base_id = to; - if (!EVP_PKEY_asn1_add0(ameth)) { - EVP_PKEY_asn1_free(ameth); - return 0; - } - return 1; -} - -int -EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, - const char **pinfo, const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth) -{ - if (!ameth) - return 0; - if (ppkey_id) - *ppkey_id = ameth->pkey_id; - if (ppkey_base_id) - *ppkey_base_id = ameth->pkey_base_id; - if (ppkey_flags) - *ppkey_flags = ameth->pkey_flags; - if (pinfo) - *pinfo = ameth->info; - if (ppem_str) - *ppem_str = ameth->pem_str; - return 1; -} - -const EVP_PKEY_ASN1_METHOD* -EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) -{ - return pkey->ameth; -} - -EVP_PKEY_ASN1_METHOD* -EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) -{ - EVP_PKEY_ASN1_METHOD *ameth; - - if ((ameth = calloc(1, sizeof(EVP_PKEY_ASN1_METHOD))) == NULL) - return NULL; - - ameth->pkey_id = id; - ameth->pkey_base_id = id; - ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; - - if (info != NULL) { - if ((ameth->info = strdup(info)) == NULL) - goto err; - } - - if (pem_str != NULL) { - if ((ameth->pem_str = strdup(pem_str)) == NULL) - goto err; - } - - return ameth; - - err: - EVP_PKEY_asn1_free(ameth); - return NULL; -} - -void -EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src) -{ - EVP_PKEY_ASN1_METHOD preserve; - - preserve.pkey_id = dst->pkey_id; - preserve.pkey_base_id = dst->pkey_base_id; - preserve.pkey_flags = dst->pkey_flags; - preserve.pem_str = dst->pem_str; - preserve.info = dst->info; - - *dst = *src; - - dst->pkey_id = preserve.pkey_id; - dst->pkey_base_id = preserve.pkey_base_id; - dst->pkey_flags = preserve.pkey_flags; - dst->pem_str = preserve.pem_str; - dst->info = preserve.info; -} - -void -EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) -{ - if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { - free(ameth->pem_str); - free(ameth->info); - free(ameth); - } -} - -void -EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), - int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), - int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx), - int (*pkey_size)(const EVP_PKEY *pk), - int (*pkey_bits)(const EVP_PKEY *pk)) -{ - ameth->pub_decode = pub_decode; - ameth->pub_encode = pub_encode; - ameth->pub_cmp = pub_cmp; - ameth->pub_print = pub_print; - ameth->pkey_size = pkey_size; - ameth->pkey_bits = pkey_bits; -} - -void -EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf), - int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), - int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)) -{ - ameth->priv_decode = priv_decode; - ameth->priv_encode = priv_encode; - ameth->priv_print = priv_print; -} - -void -EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), - int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), - int (*param_missing)(const EVP_PKEY *pk), - int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), - int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)) -{ - ameth->param_decode = param_decode; - ameth->param_encode = param_encode; - ameth->param_missing = param_missing; - ameth->param_copy = param_copy; - ameth->param_cmp = param_cmp; - ameth->param_print = param_print; -} - -void -EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free)(EVP_PKEY *pkey)) -{ - ameth->pkey_free = pkey_free; -} - -void -EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)) -{ - ameth->pkey_ctrl = pkey_ctrl; -} - -void -EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_security_bits)(const EVP_PKEY *pkey)) -{ - ameth->pkey_security_bits = pkey_security_bits; -} - -void -EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check)(const EVP_PKEY *pk)) -{ - ameth->pkey_check = pkey_check; -} - -void -EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_public_check)(const EVP_PKEY *pk)) -{ - ameth->pkey_public_check = pkey_public_check; -} - -void -EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_param_check)(const EVP_PKEY *pk)) -{ - ameth->pkey_param_check = pkey_param_check; -} diff --git a/crypto/asn1/asn1_item.c b/crypto/asn1/asn1_item.c index 87f426c6..99a08698 100644 --- a/crypto/asn1/asn1_item.c +++ b/crypto/asn1/asn1_item.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_item.c,v 1.17 2023/07/13 20:59:10 tb Exp $ */ +/* $OpenBSD: asn1_item.c,v 1.20 2024/01/28 14:43:48 joshua Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,6 +118,7 @@ #include "asn1_local.h" #include "evp_local.h" +#include "x509_local.h" int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, @@ -221,13 +222,20 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_cleanup(&ctx); - return 0; - } - return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + EVP_MD_CTX *md_ctx = NULL; + int ret = 0; + + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; + if (!EVP_DigestSignInit(md_ctx, NULL, type, NULL, pkey)) + goto err; + + ret = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, md_ctx); + + err: + EVP_MD_CTX_free(md_ctx); + + return ret; } static int @@ -235,7 +243,6 @@ asn1_item_set_algorithm_identifiers(EVP_MD_CTX *ctx, X509_ALGOR *algor1, X509_ALGOR *algor2) { EVP_PKEY *pkey; - ASN1_OBJECT *aobj; const EVP_MD *md; int sign_id, sign_param; @@ -254,21 +261,17 @@ asn1_item_set_algorithm_identifiers(EVP_MD_CTX *ctx, X509_ALGOR *algor1, ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } - if ((aobj = OBJ_nid2obj(sign_id)) == NULL) { - ASN1error(ASN1_R_UNKNOWN_OBJECT_TYPE); - return 0; - } sign_param = V_ASN1_UNDEF; if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) sign_param = V_ASN1_NULL; if (algor1 != NULL) { - if (!X509_ALGOR_set0(algor1, aobj, sign_param, NULL)) + if (!X509_ALGOR_set0_by_nid(algor1, sign_id, sign_param, NULL)) return 0; } if (algor2 != NULL) { - if (!X509_ALGOR_set0(algor2, aobj, sign_param, NULL)) + if (!X509_ALGOR_set0_by_nid(algor2, sign_id, sign_param, NULL)) return 0; } @@ -378,7 +381,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { - EVP_MD_CTX ctx; + EVP_MD_CTX *md_ctx = NULL; unsigned char *in = NULL; int mdnid, pknid; int in_len = 0; @@ -386,15 +389,16 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (pkey == NULL) { ASN1error(ERR_R_PASSED_NULL_PARAMETER); - return -1; + goto err; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); - return -1; + goto err; } - EVP_MD_CTX_init(&ctx); + if ((md_ctx = EVP_MD_CTX_new()) == NULL) + goto err; /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { @@ -406,7 +410,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(&ctx, it, asn, a, + ret = pkey->ameth->item_verify(md_ctx, it, asn, a, signature, pkey); /* Return value of 2 means carry on, anything else means we * exit straight away: either a fatal error of the underlying @@ -429,7 +433,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + if (!EVP_DigestVerifyInit(md_ctx, NULL, type, NULL, pkey)) { ASN1error(ERR_R_EVP_LIB); ret = 0; goto err; @@ -443,7 +447,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, goto err; } - if (EVP_DigestVerify(&ctx, signature->data, signature->length, + if (EVP_DigestVerify(md_ctx, signature->data, signature->length, in, in_len) <= 0) { ASN1error(ERR_R_EVP_LIB); ret = 0; @@ -453,7 +457,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ret = 1; err: - EVP_MD_CTX_cleanup(&ctx); + EVP_MD_CTX_free(md_ctx); freezero(in, in_len); return ret; diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h index 566ace79..19de9787 100644 --- a/crypto/asn1/asn1_local.h +++ b/crypto/asn1/asn1_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_local.h,v 1.4 2023/07/28 10:00:10 tb Exp $ */ +/* $OpenBSD: asn1_local.h,v 1.10 2024/03/02 09:10:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -89,88 +89,6 @@ struct asn1_pctx_st { unsigned long str_flags; } /* ASN1_PCTX */; -/* ASN1 public key method structure */ - -struct evp_pkey_asn1_method_st { - int pkey_id; - int pkey_base_id; - unsigned long pkey_flags; - - char *pem_str; - char *info; - - int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); - int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); - int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); - int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - - int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); - int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); - int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - - int (*pkey_size)(const EVP_PKEY *pk); - int (*pkey_bits)(const EVP_PKEY *pk); - int (*pkey_security_bits)(const EVP_PKEY *pk); - - int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, - int derlen); - int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); - int (*param_missing)(const EVP_PKEY *pk); - int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); - int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); - int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx); - int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx); - - void (*pkey_free)(EVP_PKEY *pkey); - int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); - - /* Legacy functions for old PEM */ - - int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, - int derlen); - int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); - /* Custom ASN1 signature verification */ - int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); - int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); - - int (*pkey_check)(const EVP_PKEY *pk); - int (*pkey_public_check)(const EVP_PKEY *pk); - int (*pkey_param_check)(const EVP_PKEY *pk); - - int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key, - size_t len); - int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key, - size_t len); - int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key, - size_t *out_len); - int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key, - size_t *out_len); -} /* EVP_PKEY_ASN1_METHOD */; - -/* Method to handle CRL access. - * In general a CRL could be very large (several Mb) and can consume large - * amounts of resources if stored in memory by multiple processes. - * This method allows general CRL operations to be redirected to more - * efficient callbacks: for example a CRL entry database. - */ - -#define X509_CRL_METHOD_DYNAMIC 1 - -struct x509_crl_method_st { - int flags; - int (*crl_init)(X509_CRL *crl); - int (*crl_free)(X509_CRL *crl); - int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer); - int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); -}; - int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); @@ -242,7 +160,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length); -int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec); int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from, const struct tm *to); int asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm); @@ -269,4 +187,7 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); +int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); + __END_HIDDEN_DECLS diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 4da35c0e..68749804 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn_moid.c,v 1.16 2023/07/05 21:23:36 beck Exp $ */ +/* $OpenBSD: asn_moid.c,v 1.17 2024/03/02 09:02:04 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -105,7 +105,6 @@ ASN1_add_oid_module(void) { CONF_module_add("oid_section", oid_module_init, oid_module_finish); } -LCRYPTO_ALIAS(ASN1_add_oid_module); /* Create an OID based on a name value pair. Accept two formats. * shortname = 1.2.3.4 diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 204e8182..0b628b36 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbe.c,v 1.25 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: p5_pbe.c,v 1.26 2024/03/02 10:17:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_local.h" + /* PKCS#5 password based encryption structure */ static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = { diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 8b6d1929..ebb20c29 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p5_pbev2.c,v 1.30 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: p5_pbev2.c,v 1.32 2024/03/02 10:17:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ @@ -65,6 +65,7 @@ #include #include "evp_local.h" +#include "x509_local.h" /* PKCS#5 v2.0 password based encryption structures */ @@ -218,7 +219,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, arc4random_buf(iv, EVP_CIPHER_iv_length(cipher)); } - EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_legacy_clear(&ctx); /* Dummy cipherinit to just setup the IV, and PRF */ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index cd98997f..6f7bdc79 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t_x509.c,v 1.43 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: t_x509.c,v 1.44 2023/12/29 10:59:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,7 +77,7 @@ #include #endif -#include "asn1_local.h" +#include "evp_local.h" #include "x509_local.h" int diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 3f61a689..07764fc0 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tasn_prn.c,v 1.25 2023/07/05 21:23:36 beck Exp $ */ +/* $OpenBSD: tasn_prn.c,v 1.27 2024/03/02 09:04:07 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -76,99 +76,6 @@ static const ASN1_PCTX default_pctx = { .flags = ASN1_PCTX_FLAGS_SHOW_ABSENT, }; -ASN1_PCTX * -ASN1_PCTX_new(void) -{ - ASN1_PCTX *p; - - if ((p = calloc(1, sizeof(ASN1_PCTX))) == NULL) { - ASN1error(ERR_R_MALLOC_FAILURE); - return NULL; - } - - return p; -} -LCRYPTO_ALIAS(ASN1_PCTX_new); - -void -ASN1_PCTX_free(ASN1_PCTX *p) -{ - free(p); -} -LCRYPTO_ALIAS(ASN1_PCTX_free); - -unsigned long -ASN1_PCTX_get_flags(const ASN1_PCTX *p) -{ - return p->flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_get_flags); - -void -ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->flags = flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_set_flags); - -unsigned long -ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p) -{ - return p->nm_flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_get_nm_flags); - -void -ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->nm_flags = flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_set_nm_flags); - -unsigned long -ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p) -{ - return p->cert_flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_get_cert_flags); - -void -ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->cert_flags = flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_set_cert_flags); - -unsigned long -ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p) -{ - return p->oid_flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_get_oid_flags); - -void -ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->oid_flags = flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_set_oid_flags); - -unsigned long -ASN1_PCTX_get_str_flags(const ASN1_PCTX *p) -{ - return p->str_flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_get_str_flags); - -void -ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->str_flags = flags; -} -LCRYPTO_ALIAS(ASN1_PCTX_set_str_flags); - -/* Main print routines */ - static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, const ASN1_ITEM *it, const char *fname, const char *sname, int nohdr, const ASN1_PCTX *pctx); @@ -395,15 +302,9 @@ static int asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx) { - static char spaces[] = " "; - const int nspaces = sizeof(spaces) - 1; - - while (indent > nspaces) { - if (BIO_write(out, spaces, nspaces) != nspaces) - return 0; - indent -= nspaces; - } - if (BIO_write(out, spaces, indent) != indent) + if (indent < 0) + return 0; + if (!BIO_indent(out, indent, indent)) return 0; if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) sname = NULL; diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 0f1cd9cb..939ce4b6 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_algor.c,v 1.25 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: x_algor.c,v 1.39 2024/03/02 10:33:51 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -57,9 +57,12 @@ */ #include -#include + #include #include +#include + +#include "x509_local.h" static const ASN1_TEMPLATE X509_ALGOR_seq_tt[] = { { @@ -102,7 +105,6 @@ const ASN1_ITEM X509_ALGORS_it = { .sname = "X509_ALGORS", }; - X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len) { @@ -147,74 +149,135 @@ X509_ALGOR_dup(X509_ALGOR *x) return ASN1_item_dup(&X509_ALGOR_it, x); } -int -X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) +static int +X509_ALGOR_set0_obj(X509_ALGOR *alg, ASN1_OBJECT *aobj) +{ + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + + return 1; +} + +static int +X509_ALGOR_set_obj_by_nid(X509_ALGOR *alg, int nid) { - if (!alg) + ASN1_OBJECT *aobj; + + if ((aobj = OBJ_nid2obj(nid)) == NULL) return 0; - if (ptype != V_ASN1_UNDEF) { - if (alg->parameter == NULL) - alg->parameter = ASN1_TYPE_new(); - if (alg->parameter == NULL) - return 0; - } - if (alg) { - if (alg->algorithm) - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = aobj; - } - if (ptype == 0) - return 1; - if (ptype == V_ASN1_UNDEF) { - if (alg->parameter) { - ASN1_TYPE_free(alg->parameter); - alg->parameter = NULL; - } - } else - ASN1_TYPE_set(alg->parameter, ptype, pval); + if (!X509_ALGOR_set0_obj(alg, aobj)) + return 0; + return 1; } -void -X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, - const X509_ALGOR *algor) +static int +X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type, + void *parameter_value) { - if (paobj) - *paobj = algor->algorithm; - if (pptype) { - if (algor->parameter == NULL) { - *pptype = V_ASN1_UNDEF; - return; - } else - *pptype = algor->parameter->type; - if (ppval) - *ppval = algor->parameter->value.ptr; + if (parameter_type == V_ASN1_UNDEF) { + ASN1_TYPE_free(alg->parameter); + alg->parameter = NULL; + + return 1; } + + if (alg->parameter == NULL) + alg->parameter = ASN1_TYPE_new(); + if (alg->parameter == NULL) + return 0; + + if (parameter_type != 0) + ASN1_TYPE_set(alg->parameter, parameter_type, parameter_value); + + return 1; +} + +int +X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type, + void *parameter_value) +{ + if (alg == NULL) + return 0; + + if (!X509_ALGOR_set_obj_by_nid(alg, nid)) + return 0; + + if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value)) + return 0; + + return 1; } -/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ +int +X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int parameter_type, + void *parameter_value) +{ + if (alg == NULL) + return 0; + + /* Set parameter first to preserve public API behavior on failure. */ + if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value)) + return 0; + + if (!X509_ALGOR_set0_obj(alg, aobj)) + return 0; + + return 1; +} void -X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) +X509_ALGOR_get0(const ASN1_OBJECT **out_aobj, int *out_type, + const void **out_value, const X509_ALGOR *alg) +{ + int type = V_ASN1_UNDEF; + const void *value = NULL; + + if (out_aobj != NULL) + *out_aobj = alg->algorithm; + + /* Ensure out_value is not left uninitialized if out_type is NULL. */ + if (out_value != NULL) + *out_value = NULL; + + if (out_type == NULL) + return; + + if (alg->parameter != NULL) { + type = alg->parameter->type; + value = alg->parameter->value.ptr; + } + + *out_type = type; + if (out_value != NULL) + *out_value = value; +} + +int +X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md) { - int param_type = V_ASN1_NULL; + int parameter_type = V_ASN1_NULL; + int nid = EVP_MD_type(md); if ((EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT) != 0) - param_type = V_ASN1_UNDEF; + parameter_type = V_ASN1_UNDEF; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); + if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, NULL)) + return 0; + + return 1; } -/* Returns 0 if they are equal, != 0 otherwise. */ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) { - int rv = OBJ_cmp(a->algorithm, b->algorithm); - if (!rv) { - if (!a->parameter && !b->parameter) - rv = 0; - else - rv = ASN1_TYPE_cmp(a->parameter, b->parameter); - } - return(rv); + int cmp; + + if ((cmp = OBJ_cmp(a->algorithm, b->algorithm)) != 0) + return cmp; + + if (a->parameter == NULL && b->parameter == NULL) + return 0; + + return ASN1_TYPE_cmp(a->parameter, b->parameter); } diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index b33ae6e0..e3d16352 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_crl.c,v 1.41 2023/07/07 19:37:52 beck Exp $ */ +/* $OpenBSD: x_crl.c,v 1.43 2024/03/02 10:59:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,17 +100,6 @@ const ASN1_ITEM X509_REVOKED_it = { .sname = "X509_REVOKED", }; -static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); -static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *serial, X509_NAME *issuer); - -static X509_CRL_METHOD int_crl_meth = { - .crl_lookup = def_crl_lookup, - .crl_verify = def_crl_verify -}; - -static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; - /* The X509_CRL_INFO structure needs a bit of customisation. * Since we cache the original encoding the signature wont be affected by * reordering of the revoked field. @@ -280,8 +269,6 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) crl->flags = 0; crl->idp_flags = 0; crl->idp_reasons = CRLDP_ALL_REASONS; - crl->meth = default_crl_method; - crl->meth_data = NULL; crl->issuers = NULL; crl->crl_number = NULL; crl->base_crl_number = NULL; @@ -335,18 +322,9 @@ crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) if (!crl_set_issuers(crl)) return 0; - - if (crl->meth->crl_init) { - if (crl->meth->crl_init(crl) == 0) - return 0; - } break; case ASN1_OP_FREE_POST: - if (crl->meth->crl_free) { - if (!crl->meth->crl_free(crl)) - rc = 0; - } if (crl->akid) AUTHORITY_KEYID_free(crl->akid); if (crl->idp) @@ -546,36 +524,10 @@ X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) } int -X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) -{ - if (crl->meth->crl_verify) - return crl->meth->crl_verify(crl, r); - return 0; -} - -int -X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *serial) -{ - if (crl->meth->crl_lookup) - return crl->meth->crl_lookup(crl, ret, serial, NULL); - return 0; -} - -int -X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) -{ - if (crl->meth->crl_lookup) - return crl->meth->crl_lookup(crl, ret, - X509_get_serialNumber(x), X509_get_issuer_name(x)); - return 0; -} - -static int -def_crl_verify(X509_CRL *crl, EVP_PKEY *r) +X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey) { - return(ASN1_item_verify(&X509_CRL_INFO_it, - crl->sig_alg, crl->signature, crl->crl, r)); + return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature, + crl->crl, pkey); } static int @@ -606,16 +558,13 @@ crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev) } static int -def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, +crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) { X509_REVOKED rtmp, *rev; int idx; rtmp.serialNumber = serial; - /* Sort revoked into serial number order if not already sorted. - * Do this under a lock to avoid race condition. - */ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); sk_X509_REVOKED_sort(crl->crl->revoked); @@ -640,56 +589,18 @@ def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, return 0; } -void -X509_CRL_set_default_method(const X509_CRL_METHOD *meth) -{ - if (meth == NULL) - default_crl_method = &int_crl_meth; - else - default_crl_method = meth; -} - -X509_CRL_METHOD * -X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), - int (*crl_free)(X509_CRL *crl), - int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer), - int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)) -{ - X509_CRL_METHOD *m; - - if ((m = calloc(1, sizeof(X509_CRL_METHOD))) == NULL) - return NULL; - - m->crl_init = crl_init; - m->crl_free = crl_free; - m->crl_lookup = crl_lookup; - m->crl_verify = crl_verify; - m->flags = X509_CRL_METHOD_DYNAMIC; - - return m; -} - -void -X509_CRL_METHOD_free(X509_CRL_METHOD *m) -{ - if (m == NULL) - return; - if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) - return; - free(m); -} - -void -X509_CRL_set_meth_data(X509_CRL *crl, void *dat) +int +X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *serial) { - crl->meth_data = dat; + return crl_lookup(crl, ret, serial, NULL); } -void * -X509_CRL_get_meth_data(X509_CRL *crl) +int +X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) { - return crl->meth_data; + return crl_lookup(crl, ret, X509_get_serialNumber(x), + X509_get_issuer_name(x)); } int diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index e46424e6..4dcf710b 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: b_dump.c,v 1.26 2023/07/29 02:32:00 tb Exp $ */ +/* $OpenBSD: b_dump.c,v 1.30 2024/03/02 09:21:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,135 +56,156 @@ * [including the GNU Public Licence.] */ -/* - * Stolen from tjh's ssl/ssl_trc.c stuff. - */ - +#include +#include #include #include #include +#include -#define TRUNCATE -#define DUMP_WIDTH 16 -#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) +#include "bytestring.h" -int -BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), - void *u, const char *s, int len) -{ - return BIO_dump_indent_cb(cb, u, s, len, 0); -} +#define MAX_BYTES_PER_LINE 16 + +/* + * The byte string s is dumped as lines of the following form: + * indent | byte count (4 digits) | " - " | hex dump | " " | ASCII dump + * Each byte uses 4 characters (two hex digits followed by a space and one + * ASCII character). + */ int -BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), - void *u, const char *s, int len, int indent) +BIO_dump_indent(BIO *bio, const char *s, int len, int indent) { - char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc, written; - unsigned char ch; - int dump_width; - int ret = 0; + CBB cbb; + CBS cbs; + int bytes_per_line, dumped, printed, trailing, written; + int ret = -1; - trc = 0; + memset(&cbb, 0, sizeof(cbb)); -#ifdef TRUNCATE - for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) - trc++; -#endif + if (len < 0) + goto err; + CBS_init(&cbs, s, len); if (indent < 0) indent = 0; if (indent > 64) indent = 64; - memset(str, ' ', indent); - str[indent] = '\0'; - - if ((dump_width = DUMP_WIDTH_LESS_INDENT(indent)) <= 0) - return -1; - rows = (len / dump_width); - if ((rows * dump_width) < len) - rows++; - for (i = 0; i < rows; i++) { - strlcpy(buf, str, sizeof buf); - snprintf(tmp, sizeof tmp, "%04x - ", i*dump_width); - strlcat(buf, tmp, sizeof buf); - for (j = 0; j < dump_width; j++) { - if (((i*dump_width) + j) >= len) { - strlcat(buf, " ", sizeof buf); - } else { - ch = ((unsigned char)*(s + i*dump_width + j)) & 0xff; - snprintf(tmp, sizeof tmp, "%02x%c", ch, - j == 7 ? '-' : ' '); - strlcat(buf, tmp, sizeof buf); - } - } - strlcat(buf, " ", sizeof buf); - for (j = 0; j < dump_width; j++) { - if (((i*dump_width) + j) >= len) - break; - ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - snprintf(tmp, sizeof tmp, "%c", - ((ch >= ' ') && (ch <= '~')) ? ch : '.'); - strlcat(buf, tmp, sizeof buf); - } - strlcat(buf, "\n", sizeof buf); - /* if this is the last call then update the ddt_dump thing so - * that we will move the selection point in the debug window - */ - if ((written = cb((void *)buf, strlen(buf), u)) < 0) - return -1; - ret += written; + /* + * Less obfuscated version of the original calculation attempting to + * ensure that the dump doesn't overshoot 80 characters per line. For + * a very long string the byte count will still make it go past that. + */ + bytes_per_line = MAX_BYTES_PER_LINE; + if (indent > 6) + bytes_per_line -= (indent - 3) / 4; + if (bytes_per_line <= 0) + goto err; + + /* Strip and count trailing spaces and NULs. */ + trailing = 0; + while (CBS_len(&cbs) > 0) { + uint8_t u8; + + if (!CBS_peek_last_u8(&cbs, &u8)) + goto err; + if (u8 != '\0' && u8 != ' ') + break; + if (!CBS_get_last_u8(&cbs, &u8)) + goto err; + trailing++; } -#ifdef TRUNCATE - if (trc > 0) { - snprintf(buf, sizeof buf, "%s%04x - \n", - str, len + trc); - if ((written = cb((void *)buf, strlen(buf), u)) < 0) - return -1; - ret += written; + + printed = 0; + dumped = 0; + while (CBS_len(&cbs) > 0) { + CBS row; + uint8_t ascii_dump[MAX_BYTES_PER_LINE]; + int missing, row_bytes; + + if ((row_bytes = CBS_len(&cbs)) > bytes_per_line) + row_bytes = bytes_per_line; + if (!CBS_get_bytes(&cbs, &row, row_bytes)) + goto err; + + /* Write out indent, byte count and initial " - ". */ + if ((written = BIO_printf(bio, "%*s%04x - ", indent, "", + dumped)) < 0) + goto err; + if (printed > INT_MAX - written) + goto err; + printed += written; + + /* + * Write out hex dump, prepare ASCII dump. + */ + + if (!CBB_init_fixed(&cbb, ascii_dump, sizeof(ascii_dump))) + goto err; + while (CBS_len(&row) > 0) { + uint8_t u8; + char sep = ' '; + + if (!CBS_get_u8(&row, &u8)) + goto err; + + /* Historic behavior: print a '-' after eighth byte. */ + if (row_bytes - CBS_len(&row) == 8) + sep = '-'; + if ((written = BIO_printf(bio, "%02x%c", u8, sep)) < 0) + goto err; + if (printed > INT_MAX - written) + goto err; + printed += written; + + /* Locale-independent version of !isprint(u8). */ + if (u8 < ' ' || u8 > '~') + u8 = '.'; + if (!CBB_add_u8(&cbb, u8)) + goto err; + } + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; + + /* Calculate number of bytes missing in dump of last line. */ + if ((missing = bytes_per_line - row_bytes) < 0) + goto err; + + /* Pad missing bytes, add 2 spaces and print the ASCII dump. */ + if ((written = BIO_printf(bio, "%*s%.*s\n", 3 * missing + 2, "", + row_bytes, ascii_dump)) < 0) + goto err; + if (printed > INT_MAX - written) + goto err; + printed += written; + + dumped += row_bytes; } -#endif - return (ret); -} -static int -write_fp(const void *data, size_t len, void *fp) -{ - return fwrite(data, 1, len, fp); -} + if (trailing > 0) { + if ((written = BIO_printf(bio, "%*s%04x - \n", + indent, "", dumped + trailing)) < 0) + goto err; + if (printed > INT_MAX - written) + goto err; + printed += written; + } -int -BIO_dump_fp(FILE *fp, const char *s, int len) -{ - return BIO_dump_cb(write_fp, fp, s, len); -} -LCRYPTO_ALIAS(BIO_dump_fp); + ret = printed; -int -BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) -{ - return BIO_dump_indent_cb(write_fp, fp, s, len, indent); -} -LCRYPTO_ALIAS(BIO_dump_indent_fp); + err: + CBB_cleanup(&cbb); -static int -write_bio(const void *data, size_t len, void *bp) -{ - return BIO_write((BIO *)bp, (const char *)data, len); + return ret; } +LCRYPTO_ALIAS(BIO_dump_indent); int -BIO_dump(BIO *bp, const char *s, int len) +BIO_dump(BIO *bio, const char *s, int len) { - return BIO_dump_cb(write_bio, bp, s, len); + return BIO_dump_indent(bio, s, len, 0); } LCRYPTO_ALIAS(BIO_dump); - -int -BIO_dump_indent(BIO *bp, const char *s, int len, int indent) -{ - return BIO_dump_indent_cb(write_bio, bp, s, len, indent); -} -LCRYPTO_ALIAS(BIO_dump_indent); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a750ac41..f6943ea3 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -1,21 +1,10 @@ -/* $OpenBSD: b_print.c,v 1.27 2023/07/05 21:23:37 beck Exp $ */ +/* $OpenBSD: b_print.c,v 1.28 2024/03/02 09:18:28 tb Exp $ */ /* Theo de Raadt places this file in the public domain. */ #include -int -BIO_printf(BIO *bio, const char *format, ...) -{ - va_list args; - int ret; - - va_start(args, format); - ret = BIO_vprintf(bio, format, args); - va_end(args); - return (ret); -} -LCRYPTO_ALIAS(BIO_printf); +#include "bio_local.h" #ifdef HAVE_FUNOPEN static int @@ -40,7 +29,6 @@ BIO_vprintf(BIO *bio, const char *format, va_list args) fail: return (ret); } -LCRYPTO_ALIAS(BIO_vprintf); #else /* !HAVE_FUNOPEN */ @@ -57,55 +45,18 @@ BIO_vprintf(BIO *bio, const char *format, va_list args) free(buf); return (ret); } -LCRYPTO_ALIAS(BIO_vprintf); #endif /* HAVE_FUNOPEN */ -/* - * BIO_snprintf and BIO_vsnprintf return -1 for overflow, - * due to the history of this API. Justification: - * - * Traditional snprintf surfaced in 4.4BSD, and returned - * "number of bytes wanted". Solaris and Windows opted to - * return -1. A draft standard was written which returned -1. - * Due to the large volume of code already using the first - * semantics, the draft was repaired before standardization to - * specify "number of bytes wanted" plus "-1 for character conversion - * style errors". Solaris adapted to this rule, but Windows stuck - * with -1. - * - * Original OpenSSL comment which is full of lies: - * - * "In case of truncation, return -1 like traditional snprintf. - * (Current drafts for ISO/IEC 9899 say snprintf should return - * the number of characters that would have been written, - * had the buffer been large enough.)" - */ int -BIO_snprintf(char *buf, size_t n, const char *format, ...) +BIO_printf(BIO *bio, const char *format, ...) { va_list args; int ret; va_start(args, format); - ret = vsnprintf(buf, n, format, args); + ret = BIO_vprintf(bio, format, args); va_end(args); - - if (ret >= n || ret == -1) - return (-1); - return (ret); -} -LCRYPTO_ALIAS(BIO_snprintf); - -int -BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -{ - int ret; - - ret = vsnprintf(buf, n, format, args); - - if (ret >= n || ret == -1) - return (-1); return (ret); } -LCRYPTO_ALIAS(BIO_vsnprintf); +LCRYPTO_ALIAS(BIO_printf); diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index b058af0a..2f490a42 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_lib.c,v 1.48 2023/08/07 10:58:56 tb Exp $ */ +/* $OpenBSD: bio_lib.c,v 1.52 2024/03/02 09:22:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -134,82 +134,64 @@ LCRYPTO_ALIAS(BIO_get_new_index); BIO * BIO_new(const BIO_METHOD *method) { - BIO *ret = NULL; + BIO *bio = NULL; - /* XXX calloc */ - ret = malloc(sizeof(BIO)); - if (ret == NULL) { + if ((bio = calloc(1, sizeof(BIO))) == NULL) { BIOerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - if (!BIO_set(ret, method)) { - free(ret); - ret = NULL; + return NULL; } - return (ret); -} -LCRYPTO_ALIAS(BIO_new); -int -BIO_set(BIO *bio, const BIO_METHOD *method) -{ bio->method = method; - bio->callback = NULL; - bio->callback_ex = NULL; - bio->cb_arg = NULL; - bio->init = 0; bio->shutdown = 1; - bio->flags = 0; - bio->retry_reason = 0; - bio->num = 0; - bio->ptr = NULL; - bio->prev_bio = NULL; - bio->next_bio = NULL; bio->references = 1; - bio->num_read = 0L; - bio->num_write = 0L; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); + if (method->create != NULL) { if (!method->create(bio)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - return (0); + free(bio); + return NULL; } } - return (1); + + return bio; } -LCRYPTO_ALIAS(BIO_set); +LCRYPTO_ALIAS(BIO_new); int -BIO_free(BIO *a) +BIO_free(BIO *bio) { int ret; - if (a == NULL) - return (0); + if (bio == NULL) + return 0; - if (CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO) > 0) - return (1); + if (CRYPTO_add(&bio->references, -1, CRYPTO_LOCK_BIO) > 0) + return 1; - if (a->callback != NULL || a->callback_ex != NULL) { - if ((ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, + if (bio->callback != NULL || bio->callback_ex != NULL) { + if ((ret = (int)bio_call_callback(bio, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL)) <= 0) - return (ret); + return ret; } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - if (a->method != NULL && a->method->destroy != NULL) - a->method->destroy(a); - free(a); - return (1); + if (bio->method != NULL && bio->method->destroy != NULL) + bio->method->destroy(bio); + + free(bio); + + return 1; } LCRYPTO_ALIAS(BIO_free); void -BIO_vfree(BIO *a) +BIO_vfree(BIO *bio) { - BIO_free(a); + BIO_free(bio); } LCRYPTO_ALIAS(BIO_vfree); @@ -222,121 +204,121 @@ BIO_up_ref(BIO *bio) LCRYPTO_ALIAS(BIO_up_ref); void * -BIO_get_data(BIO *a) +BIO_get_data(BIO *bio) { - return (a->ptr); + return bio->ptr; } LCRYPTO_ALIAS(BIO_get_data); void -BIO_set_data(BIO *a, void *ptr) +BIO_set_data(BIO *bio, void *ptr) { - a->ptr = ptr; + bio->ptr = ptr; } LCRYPTO_ALIAS(BIO_set_data); int -BIO_get_init(BIO *a) +BIO_get_init(BIO *bio) { - return a->init; + return bio->init; } LCRYPTO_ALIAS(BIO_get_init); void -BIO_set_init(BIO *a, int init) +BIO_set_init(BIO *bio, int init) { - a->init = init; + bio->init = init; } LCRYPTO_ALIAS(BIO_set_init); int -BIO_get_shutdown(BIO *a) +BIO_get_shutdown(BIO *bio) { - return (a->shutdown); + return bio->shutdown; } LCRYPTO_ALIAS(BIO_get_shutdown); void -BIO_set_shutdown(BIO *a, int shut) +BIO_set_shutdown(BIO *bio, int shut) { - a->shutdown = shut; + bio->shutdown = shut; } LCRYPTO_ALIAS(BIO_set_shutdown); void -BIO_clear_flags(BIO *b, int flags) +BIO_clear_flags(BIO *bio, int flags) { - b->flags &= ~flags; + bio->flags &= ~flags; } LCRYPTO_ALIAS(BIO_clear_flags); int -BIO_test_flags(const BIO *b, int flags) +BIO_test_flags(const BIO *bio, int flags) { - return (b->flags & flags); + return (bio->flags & flags); } LCRYPTO_ALIAS(BIO_test_flags); void -BIO_set_flags(BIO *b, int flags) +BIO_set_flags(BIO *bio, int flags) { - b->flags |= flags; + bio->flags |= flags; } LCRYPTO_ALIAS(BIO_set_flags); BIO_callback_fn -BIO_get_callback(const BIO *b) +BIO_get_callback(const BIO *bio) { - return b->callback; + return bio->callback; } LCRYPTO_ALIAS(BIO_get_callback); void -BIO_set_callback(BIO *b, BIO_callback_fn cb) +BIO_set_callback(BIO *bio, BIO_callback_fn cb) { - b->callback = cb; + bio->callback = cb; } LCRYPTO_ALIAS(BIO_set_callback); BIO_callback_fn_ex -BIO_get_callback_ex(const BIO *b) +BIO_get_callback_ex(const BIO *bio) { - return b->callback_ex; + return bio->callback_ex; } LCRYPTO_ALIAS(BIO_get_callback_ex); void -BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) +BIO_set_callback_ex(BIO *bio, BIO_callback_fn_ex cb) { - b->callback_ex = cb; + bio->callback_ex = cb; } LCRYPTO_ALIAS(BIO_set_callback_ex); void -BIO_set_callback_arg(BIO *b, char *arg) +BIO_set_callback_arg(BIO *bio, char *arg) { - b->cb_arg = arg; + bio->cb_arg = arg; } LCRYPTO_ALIAS(BIO_set_callback_arg); char * -BIO_get_callback_arg(const BIO *b) +BIO_get_callback_arg(const BIO *bio) { - return b->cb_arg; + return bio->cb_arg; } LCRYPTO_ALIAS(BIO_get_callback_arg); const char * -BIO_method_name(const BIO *b) +BIO_method_name(const BIO *bio) { - return b->method->name; + return bio->method->name; } LCRYPTO_ALIAS(BIO_method_name); int -BIO_method_type(const BIO *b) +BIO_method_type(const BIO *bio) { - return b->method->type; + return bio->method->type; } LCRYPTO_ALIAS(BIO_method_type); @@ -544,37 +526,37 @@ BIO_gets(BIO *b, char *in, int inl) LCRYPTO_ALIAS(BIO_gets); int -BIO_indent(BIO *b, int indent, int max) +BIO_indent(BIO *bio, int indent, int max) { if (indent > max) indent = max; if (indent <= 0) return 1; - if (BIO_printf(b, "%*s", indent, "") <= 0) + if (BIO_printf(bio, "%*s", indent, "") <= 0) return 0; return 1; } LCRYPTO_ALIAS(BIO_indent); long -BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) +BIO_int_ctrl(BIO *bio, int cmd, long larg, int iarg) { int i; i = iarg; - return (BIO_ctrl(b, cmd, larg, (char *)&i)); + return BIO_ctrl(bio, cmd, larg, (char *)&i); } LCRYPTO_ALIAS(BIO_int_ctrl); char * -BIO_ptr_ctrl(BIO *b, int cmd, long larg) +BIO_ptr_ctrl(BIO *bio, int cmd, long larg) { char *p = NULL; - if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) - return (NULL); + if (BIO_ctrl(bio, cmd, larg, (char *)&p) <= 0) + return NULL; else - return (p); + return p; } LCRYPTO_ALIAS(BIO_ptr_ctrl); @@ -730,7 +712,7 @@ LCRYPTO_ALIAS(BIO_get_retry_BIO); int BIO_get_retry_reason(BIO *bio) { - return (bio->retry_reason); + return bio->retry_reason; } LCRYPTO_ALIAS(BIO_get_retry_reason); diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h index 4eecf7e0..f59b5756 100644 --- a/crypto/bio/bio_local.h +++ b/crypto/bio/bio_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_local.h,v 1.5 2022/12/02 19:44:04 tb Exp $ */ +/* $OpenBSD: bio_local.h,v 1.6 2024/03/02 09:18:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #ifndef HEADER_BIO_LOCAL_H #define HEADER_BIO_LOCAL_H +#include + __BEGIN_HIDDEN_DECLS struct bio_method_st { @@ -118,6 +120,8 @@ typedef struct bio_f_buffer_ctx_struct { int obuf_off; /* write/read offset */ } BIO_F_BUFFER_CTX; +int BIO_vprintf(BIO *bio, const char *format, va_list args); + __END_HIDDEN_DECLS #endif /* !HEADER_BIO_LOCAL_H */ diff --git a/crypto/bn/arch/amd64/bignum_add.S b/crypto/bn/arch/amd64/bignum_add.S index 06298ca6..5fe4aae7 100644 --- a/crypto/bn/arch/amd64/bignum_add.S +++ b/crypto/bn/arch/amd64/bignum_add.S @@ -49,7 +49,7 @@ S2N_BN_SYMBOL(bignum_add): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_cmadd.S b/crypto/bn/arch/amd64/bignum_cmadd.S index 5ad71274..25ba17bc 100644 --- a/crypto/bn/arch/amd64/bignum_cmadd.S +++ b/crypto/bn/arch/amd64/bignum_cmadd.S @@ -54,7 +54,7 @@ S2N_BN_SYMBOL(bignum_cmadd): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_cmul.S b/crypto/bn/arch/amd64/bignum_cmul.S index 9199c8f4..12f785d6 100644 --- a/crypto/bn/arch/amd64/bignum_cmul.S +++ b/crypto/bn/arch/amd64/bignum_cmul.S @@ -51,7 +51,7 @@ S2N_BN_SYMBOL(bignum_cmul): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_mul.S b/crypto/bn/arch/amd64/bignum_mul.S index 2d7ed190..a3552679 100644 --- a/crypto/bn/arch/amd64/bignum_mul.S +++ b/crypto/bn/arch/amd64/bignum_mul.S @@ -59,7 +59,7 @@ S2N_BN_SYMBOL(bignum_mul): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_mul_4_8_alt.S b/crypto/bn/arch/amd64/bignum_mul_4_8_alt.S index f02b09b2..70ff69e3 100644 --- a/crypto/bn/arch/amd64/bignum_mul_4_8_alt.S +++ b/crypto/bn/arch/amd64/bignum_mul_4_8_alt.S @@ -72,7 +72,7 @@ adc h, rdx S2N_BN_SYMBOL(bignum_mul_4_8_alt): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_mul_8_16_alt.S b/crypto/bn/arch/amd64/bignum_mul_8_16_alt.S index 97be83e1..066403b0 100644 --- a/crypto/bn/arch/amd64/bignum_mul_8_16_alt.S +++ b/crypto/bn/arch/amd64/bignum_mul_8_16_alt.S @@ -72,7 +72,7 @@ adc h, rdx S2N_BN_SYMBOL(bignum_mul_8_16_alt): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_sqr.S b/crypto/bn/arch/amd64/bignum_sqr.S index c4a0cabf..54e3f594 100644 --- a/crypto/bn/arch/amd64/bignum_sqr.S +++ b/crypto/bn/arch/amd64/bignum_sqr.S @@ -62,7 +62,7 @@ #define llshort ebp S2N_BN_SYMBOL(bignum_sqr): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_sqr_4_8_alt.S b/crypto/bn/arch/amd64/bignum_sqr_4_8_alt.S index b228414d..7c534ae9 100644 --- a/crypto/bn/arch/amd64/bignum_sqr_4_8_alt.S +++ b/crypto/bn/arch/amd64/bignum_sqr_4_8_alt.S @@ -71,7 +71,7 @@ adc c, 0 S2N_BN_SYMBOL(bignum_sqr_4_8_alt): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_sqr_8_16_alt.S b/crypto/bn/arch/amd64/bignum_sqr_8_16_alt.S index 04efeec7..ac0b6f96 100644 --- a/crypto/bn/arch/amd64/bignum_sqr_8_16_alt.S +++ b/crypto/bn/arch/amd64/bignum_sqr_8_16_alt.S @@ -103,7 +103,7 @@ adc c, 0 S2N_BN_SYMBOL(bignum_sqr_8_16_alt): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bignum_sub.S b/crypto/bn/arch/amd64/bignum_sub.S index 11a9bd7e..3ff8a305 100644 --- a/crypto/bn/arch/amd64/bignum_sub.S +++ b/crypto/bn/arch/amd64/bignum_sub.S @@ -49,7 +49,7 @@ S2N_BN_SYMBOL(bignum_sub): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/arch/amd64/bn_arch.h b/crypto/bn/arch/amd64/bn_arch.h index 9d491e27..e1339438 100644 --- a/crypto/bn/arch/amd64/bn_arch.h +++ b/crypto/bn/arch/amd64/bn_arch.h @@ -21,7 +21,9 @@ #define HEADER_BN_ARCH_H #ifdef _WIN32 +#ifndef OPENSSL_NO_ASM #define OPENSSL_NO_ASM +#endif #else #ifndef OPENSSL_NO_ASM diff --git a/crypto/bn/arch/amd64/word_clz.S b/crypto/bn/arch/amd64/word_clz.S index 464a9d90..3926fcd4 100644 --- a/crypto/bn/arch/amd64/word_clz.S +++ b/crypto/bn/arch/amd64/word_clz.S @@ -30,7 +30,7 @@ .text S2N_BN_SYMBOL(word_clz): - endbr64 + _CET_ENDBR #if WINDOWS_ABI push rdi diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index a50fa595..04852424 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_exp.c,v 1.47 2023/07/08 12:21:58 beck Exp $ */ +/* $OpenBSD: bn_exp.c,v 1.52 2024/03/02 09:27:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -180,11 +180,12 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { - int i, j, bits, ret = 0, wstart, wend, window, wvalue; + int i, j, bits, wstart, wend, window, wvalue; int start = 1; - BIGNUM *d; + BIGNUM *d, *q; /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; + int ret = 0; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ @@ -192,6 +193,11 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, return -1; } + if (r == m) { + BNerror(BN_R_INVALID_ARGUMENT); + return 0; + } + bits = BN_num_bits(p); if (bits == 0) { /* x**0 mod 1 is still zero. */ @@ -206,21 +212,24 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX_start(ctx); if ((d = BN_CTX_get(ctx)) == NULL) goto err; + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; if ((val[0] = BN_CTX_get(ctx)) == NULL) goto err; - if (!BN_nnmod(val[0],a,m,ctx)) - goto err; /* 1 */ + if (!BN_nnmod(val[0], a, m, ctx)) + goto err; if (BN_is_zero(val[0])) { BN_zero(r); - ret = 1; - goto err; + goto done; } + if (!bn_copy(q, p)) + goto err; window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!BN_mod_mul(d, val[0], val[0], m, ctx)) - goto err; /* 2 */ + goto err; j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || @@ -240,7 +249,7 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, goto err; for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { + if (BN_is_bit_set(q, wstart) == 0) { if (!start) if (!BN_mod_mul(r, r, r, m, ctx)) goto err; @@ -259,7 +268,7 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, for (i = 1; i < window; i++) { if (wstart - i < 0) break; - if (BN_is_bit_set(p, wstart - i)) { + if (BN_is_bit_set(q, wstart - i)) { wvalue <<= (i - wend); wvalue |= 1; wend = i; @@ -286,13 +295,15 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (wstart < 0) break; } + + done: ret = 1; -err: + err: BN_CTX_end(ctx); - return (ret); + + return ret; } -LCRYPTO_ALIAS(BN_mod_exp_simple); /* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout * so that accessing any of these table values shows the same access pattern as far @@ -698,12 +709,12 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG goto err; } if (!BN_to_montgomery(val[0], aa, mont, ctx)) - goto err; /* 1 */ + goto err; window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) - goto err; /* 2 */ + goto err; j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || @@ -950,18 +961,18 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, BN_CTX_end(ctx); return (ret); } -LCRYPTO_ALIAS(BN_mod_exp_mont_word); int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx) { - int i, j, bits, ret = 0, wstart, wend, window, wvalue; + int i, j, bits, wstart, wend, window, wvalue; int start = 1; - BIGNUM *aa; + BIGNUM *aa, *q; /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; + int ret = 0; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ @@ -985,6 +996,8 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX_start(ctx); if ((aa = BN_CTX_get(ctx)) == NULL) goto err; + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; if ((val[0] = BN_CTX_get(ctx)) == NULL) goto err; @@ -1001,17 +1014,18 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, } if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ + goto err; if (BN_is_zero(val[0])) { BN_zero(r); - ret = 1; - goto err; + goto done; } + if (!bn_copy(q, p)) + goto err; window = BN_window_bits_for_exponent_size(bits); if (window > 1) { if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) - goto err; /* 2 */ + goto err; j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || @@ -1032,9 +1046,9 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, goto err; for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { + if (BN_is_bit_set(q, wstart) == 0) { if (!start) - if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) goto err; if (wstart == 0) break; @@ -1051,7 +1065,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, for (i = 1; i < window; i++) { if (wstart - i < 0) break; - if (BN_is_bit_set(p, wstart - i)) { + if (BN_is_bit_set(q, wstart - i)) { wvalue <<= (i - wend); wvalue |= 1; wend = i; @@ -1063,12 +1077,12 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx)) + if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) goto err; /* move the 'window' down further */ @@ -1078,12 +1092,15 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (wstart < 0) break; } + + done: ret = 1; -err: + err: BN_CTX_end(ctx); BN_RECP_CTX_free(&recp); - return (ret); + + return ret; } static int @@ -1335,4 +1352,3 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, BN_CTX_end(ctx); return (ret); } -LCRYPTO_ALIAS(BN_mod_exp2_mont); diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h index a9ce466d..5acb546d 100644 --- a/crypto/bn/bn_local.h +++ b/crypto/bn/bn_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_local.h,v 1.38 2023/08/09 09:23:03 tb Exp $ */ +/* $OpenBSD: bn_local.h,v 1.40 2024/03/02 09:27:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -308,6 +308,15 @@ int BN_div_ct(BIGNUM *q, BIGNUM *r, const BIGNUM *n, const BIGNUM *d, int BN_mod_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_mod_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); + +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + BIGNUM *BN_mod_inverse_ct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); BIGNUM *BN_mod_inverse_nonct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n, diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index e7678f7a..cd8b6636 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_print.c,v 1.46 2023/07/22 17:14:08 tb Exp $ */ +/* $OpenBSD: bn_print.c,v 1.47 2024/03/02 09:18:28 tb Exp $ */ /* * Copyright (c) 2023 Theo Buehler @@ -25,6 +25,7 @@ #include #include +#include "bio_local.h" #include "bn_local.h" #include "bytestring.h" diff --git a/crypto/bn/modexp512-elf-x86_64.S b/crypto/bn/modexp512-elf-x86_64.S index 87fc0261..0d984d0b 100644 --- a/crypto/bn/modexp512-elf-x86_64.S +++ b/crypto/bn/modexp512-elf-x86_64.S @@ -1,10 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .type MULADD_128x512,@function .align 16 MULADD_128x512: - endbr64 +_CET_ENDBR movq 0(%rsi),%rax mulq %rbp addq %rax,%r8 @@ -135,7 +141,7 @@ MULADD_128x512: .type mont_reduce,@function .align 16 mont_reduce: - endbr64 +_CET_ENDBR leaq 192(%rsp),%rdi movq 32(%rsp),%rsi addq $576,%rsi @@ -579,7 +585,7 @@ mont_reduce: .type mont_mul_a3b,@function .align 16 mont_mul_a3b: - endbr64 +_CET_ENDBR @@ -1086,7 +1092,7 @@ mont_mul_a3b: .type sqr_reduce,@function .align 16 sqr_reduce: - endbr64 +_CET_ENDBR movq 16(%rsp),%rcx @@ -1470,7 +1476,7 @@ sqr_reduce: .globl mod_exp_512 .type mod_exp_512,@function mod_exp_512: - endbr64 +_CET_ENDBR pushq %rbp pushq %rbx pushq %r12 diff --git a/crypto/bn/modexp512-macosx-x86_64.S b/crypto/bn/modexp512-macosx-x86_64.S index 4d7b0b82..ef53019b 100644 --- a/crypto/bn/modexp512-macosx-x86_64.S +++ b/crypto/bn/modexp512-macosx-x86_64.S @@ -1,9 +1,16 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 MULADD_128x512: +_CET_ENDBR movq 0(%rsi),%rax mulq %rbp addq %rax,%r8 @@ -134,6 +141,7 @@ MULADD_128x512: .p2align 4 mont_reduce: +_CET_ENDBR leaq 192(%rsp),%rdi movq 32(%rsp),%rsi addq $576,%rsi @@ -577,6 +585,7 @@ mont_reduce: .p2align 4 mont_mul_a3b: +_CET_ENDBR @@ -1083,6 +1092,7 @@ mont_mul_a3b: .p2align 4 sqr_reduce: +_CET_ENDBR movq 16(%rsp),%rcx @@ -1466,6 +1476,7 @@ sqr_reduce: .globl _mod_exp_512 _mod_exp_512: +_CET_ENDBR pushq %rbp pushq %rbx pushq %r12 diff --git a/crypto/bn/modexp512-masm-x86_64.S b/crypto/bn/modexp512-masm-x86_64.S index 9626fe38..1bb67dc9 100644 --- a/crypto/bn/modexp512-masm-x86_64.S +++ b/crypto/bn/modexp512-masm-x86_64.S @@ -1,28 +1,34 @@ ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + + @@ -66,12 +72,13 @@ OPTION DOTNAME -; 3 "crypto/bn/modexp512-masm-x86_64.S.tmp" 2 +; 9 "crypto/bn/modexp512-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' ALIGN 16 MULADD_128x512 PROC PRIVATE + mov rax,QWORD PTR[rsi] mul rbp add r8,rax @@ -202,6 +209,7 @@ MULADD_128x512 ENDP ALIGN 16 mont_reduce PROC PRIVATE + lea rdi,QWORD PTR[192+rsp] mov rsi,QWORD PTR[32+rsp] add rsi,576 @@ -649,6 +657,7 @@ mont_mul_a3b PROC PRIVATE + mov rbp,QWORD PTR[rdi] mov rax,r10 @@ -1151,6 +1160,7 @@ mont_mul_a3b ENDP ALIGN 16 sqr_reduce PROC PRIVATE + mov rcx,QWORD PTR[16+rsp] @@ -1544,6 +1554,7 @@ $L$SEH_begin_mod_exp_512:: mov rcx,r9 + push rbp push rbx push r12 diff --git a/crypto/bn/mont-elf-x86_64.S b/crypto/bn/mont-elf-x86_64.S index 7847a190..64e06054 100644 --- a/crypto/bn/mont-elf-x86_64.S +++ b/crypto/bn/mont-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,7 +11,7 @@ .type bn_mul_mont,@function .align 16 bn_mul_mont: - endbr64 +_CET_ENDBR testl $3,%r9d jnz .Lmul_enter cmpl $8,%r9d @@ -213,7 +219,7 @@ bn_mul_mont: .align 16 bn_mul4x_mont: .Lmul4x_enter: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -612,7 +618,7 @@ bn_mul4x_mont: .align 16 bn_sqr4x_mont: .Lsqr4x_enter: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 diff --git a/crypto/bn/mont-macosx-x86_64.S b/crypto/bn/mont-macosx-x86_64.S index 7de69d90..283b6ac0 100644 --- a/crypto/bn/mont-macosx-x86_64.S +++ b/crypto/bn/mont-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 4 _bn_mul_mont: +_CET_ENDBR testl $3,%r9d jnz L$mul_enter cmpl $8,%r9d @@ -212,6 +219,7 @@ L$mul_epilogue: .p2align 4 bn_mul4x_mont: L$mul4x_enter: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -610,6 +618,7 @@ L$mul4x_epilogue: .p2align 4 bn_sqr4x_mont: L$sqr4x_enter: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1371,5 +1380,3 @@ L$sqr4x_copy: L$sqr4x_epilogue: retq -.byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.p2align 4 diff --git a/crypto/bn/mont-masm-x86_64.S b/crypto/bn/mont-masm-x86_64.S index 4896acd1..7e5f1727 100644 --- a/crypto/bn/mont-masm-x86_64.S +++ b/crypto/bn/mont-masm-x86_64.S @@ -1,29 +1,33 @@ ; 1 "crypto/bn/mont-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/mont-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + + -; 40 "./crypto/x86_arch.h" + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +70,9 @@ OPTION DOTNAME -; 3 "crypto/bn/mont-masm-x86_64.S.tmp" 2 + + +; 9 "crypto/bn/mont-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC bn_mul_mont @@ -85,6 +91,7 @@ $L$SEH_begin_bn_mul_mont:: mov r9,QWORD PTR[48+rsp] + test r9d,3 jnz $L$mul_enter cmp r9d,8 @@ -307,6 +314,7 @@ $L$SEH_begin_bn_mul4x_mont:: $L$mul4x_enter:: + push rbx push rbp push r12 @@ -720,6 +728,7 @@ $L$SEH_begin_bn_sqr4x_mont:: $L$sqr4x_enter:: + push rbx push rbp push r12 @@ -1484,12 +1493,6 @@ $L$sqr4x_epilogue:: DB 0F3h,0C3h ;repret $L$SEH_end_bn_sqr4x_mont:: bn_sqr4x_mont ENDP -DB 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 -DB 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 -DB 54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83 -DB 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 -DB 115,108,46,111,114,103,62,0 -ALIGN 16 .text$ ENDS END diff --git a/crypto/bn/mont5-elf-x86_64.S b/crypto/bn/mont5-elf-x86_64.S index a3dbbcab..5a34eb5f 100644 --- a/crypto/bn/mont5-elf-x86_64.S +++ b/crypto/bn/mont5-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,7 +11,7 @@ .type bn_mul_mont_gather5,@function .align 64 bn_mul_mont_gather5: - endbr64 +_CET_ENDBR testl $3,%r9d jnz .Lmul_enter cmpl $8,%r9d @@ -401,7 +407,7 @@ bn_mul_mont_gather5: .type bn_mul4x_mont_gather5,@function .align 16 bn_mul4x_mont_gather5: - endbr64 +_CET_ENDBR .Lmul4x_enter: movl %r9d,%r9d movd 8(%rsp),%xmm5 @@ -992,7 +998,7 @@ bn_mul4x_mont_gather5: .type bn_scatter5,@function .align 16 bn_scatter5: - endbr64 +_CET_ENDBR cmpq $0,%rsi jz .Lscatter_epilogue leaq (%rdx,%rcx,8),%rdx @@ -1011,7 +1017,7 @@ bn_scatter5: .type bn_gather5,@function .align 16 bn_gather5: - endbr64 +_CET_ENDBR .LSEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 diff --git a/crypto/bn/mont5-macosx-x86_64.S b/crypto/bn/mont5-macosx-x86_64.S index 039229fd..abf1a186 100644 --- a/crypto/bn/mont5-macosx-x86_64.S +++ b/crypto/bn/mont5-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 6 _bn_mul_mont_gather5: +_CET_ENDBR testl $3,%r9d jnz L$mul_enter cmpl $8,%r9d @@ -400,6 +407,7 @@ L$mul_epilogue: .p2align 4 bn_mul4x_mont_gather5: +_CET_ENDBR L$mul4x_enter: movl %r9d,%r9d movd 8(%rsp),%xmm5 @@ -990,6 +998,7 @@ L$mul4x_epilogue: .p2align 4 _bn_scatter5: +_CET_ENDBR cmpq $0,%rsi jz L$scatter_epilogue leaq (%rdx,%rcx,8),%rdx @@ -1008,6 +1017,7 @@ L$scatter_epilogue: .p2align 4 _bn_gather5: +_CET_ENDBR L$SEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 @@ -1167,8 +1177,9 @@ L$gather: retq L$SEH_end_bn_gather5: +.section __DATA,__const .p2align 6 L$inc: .long 0,0, 1,1 .long 2,2, 2,2 -.byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.text diff --git a/crypto/bn/mont5-masm-x86_64.S b/crypto/bn/mont5-masm-x86_64.S index cc709e67..99cba7d1 100644 --- a/crypto/bn/mont5-masm-x86_64.S +++ b/crypto/bn/mont5-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + + +; 16 "./crypto/x86_arch.h" + + + -; 40 "./crypto/x86_arch.h" +; 40 "./crypto/x86_arch.h" + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/bn/mont5-masm-x86_64.S.tmp" 2 +; 9 "crypto/bn/mont5-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC bn_mul_mont_gather5 @@ -85,6 +91,7 @@ $L$SEH_begin_bn_mul_mont_gather5:: mov r9,QWORD PTR[48+rsp] + test r9d,3 jnz $L$mul_enter cmp r9d,8 @@ -495,6 +502,7 @@ $L$SEH_begin_bn_mul4x_mont_gather5:: mov r9,QWORD PTR[48+rsp] + $L$mul4x_enter:: mov r9d,r9d movd xmm5,DWORD PTR[56+rsp] @@ -1088,6 +1096,7 @@ PUBLIC bn_scatter5 ALIGN 16 bn_scatter5 PROC PUBLIC + cmp rdx,0 jz $L$scatter_epilogue lea r8,QWORD PTR[r9*8+r8] @@ -1106,6 +1115,7 @@ PUBLIC bn_gather5 ALIGN 16 bn_gather5 PROC PUBLIC + $L$SEH_begin_bn_gather5:: DB 04ch,08dh,014h,024h @@ -1265,20 +1275,19 @@ $L$gather:: DB 0F3h,0C3h ;repret $L$SEH_end_bn_gather5:: bn_gather5 ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$inc:: DD 0,0,1,1 DD 2,2,2,2 -DB 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 -DB 112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115 -DB 99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111 -DB 114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79 -DB 71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111 -DB 112,101,110,115,115,108,46,111,114,103,62,0 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 mul_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/bn/s2n_bignum_internal.h b/crypto/bn/s2n_bignum_internal.h index f4136883..b82db7d0 100644 --- a/crypto/bn/s2n_bignum_internal.h +++ b/crypto/bn/s2n_bignum_internal.h @@ -18,6 +18,12 @@ # define S2N_BN_SYMBOL(name) name #endif +#ifdef __CET__ +# include +#else +# define _CET_ENDBR +#endif + #define S2N_BN_SYM_VISIBILITY_DIRECTIVE(name) .globl S2N_BN_SYMBOL(name) #ifdef S2N_BN_HIDE_SYMBOLS # ifdef __APPLE__ diff --git a/crypto/camellia/cmll-elf-x86_64.S b/crypto/camellia/cmll-elf-x86_64.S index ab4a184c..1540ef53 100644 --- a/crypto/camellia/cmll-elf-x86_64.S +++ b/crypto/camellia/cmll-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -6,7 +12,7 @@ .type Camellia_EncryptBlock,@function .align 16 Camellia_EncryptBlock: - endbr64 +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -19,7 +25,7 @@ Camellia_EncryptBlock: .align 16 .Lenc_rounds: Camellia_EncryptBlock_Rounds: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -68,7 +74,7 @@ Camellia_EncryptBlock_Rounds: .type _x86_64_Camellia_encrypt,@function .align 16 _x86_64_Camellia_encrypt: - endbr64 +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -278,7 +284,7 @@ _x86_64_Camellia_encrypt: .type Camellia_DecryptBlock,@function .align 16 Camellia_DecryptBlock: - endbr64 +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -291,7 +297,7 @@ Camellia_DecryptBlock: .align 16 .Ldec_rounds: Camellia_DecryptBlock_Rounds: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -340,7 +346,7 @@ Camellia_DecryptBlock_Rounds: .type _x86_64_Camellia_decrypt,@function .align 16 _x86_64_Camellia_decrypt: - endbr64 +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -549,7 +555,7 @@ _x86_64_Camellia_decrypt: .type Camellia_Ekeygen,@function .align 16 Camellia_Ekeygen: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -1615,7 +1621,7 @@ Camellia_Ekeygen: .type Camellia_cbc_encrypt,@function .align 16 Camellia_cbc_encrypt: - endbr64 +_CET_ENDBR cmpq $0,%rdx je .Lcbc_abort pushq %rbx diff --git a/crypto/camellia/cmll-macosx-x86_64.S b/crypto/camellia/cmll-macosx-x86_64.S index 5e7a1b7b..90d209d7 100644 --- a/crypto/camellia/cmll-macosx-x86_64.S +++ b/crypto/camellia/cmll-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -6,6 +12,7 @@ .p2align 4 _Camellia_EncryptBlock: +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -18,6 +25,7 @@ _Camellia_EncryptBlock: .p2align 4 L$enc_rounds: _Camellia_EncryptBlock_Rounds: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -66,6 +74,7 @@ L$enc_epilogue: .p2align 4 _x86_64_Camellia_encrypt: +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -275,6 +284,7 @@ L$edone: .p2align 4 _Camellia_DecryptBlock: +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -287,6 +297,7 @@ _Camellia_DecryptBlock: .p2align 4 L$dec_rounds: _Camellia_DecryptBlock_Rounds: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -335,6 +346,7 @@ L$dec_epilogue: .p2align 4 _x86_64_Camellia_decrypt: +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -543,6 +555,7 @@ L$ddone: .p2align 4 _Camellia_Ekeygen: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -1083,6 +1096,7 @@ L$done: L$key_epilogue: retq +.section __DATA,__const .p2align 6 L$Camellia_SIGMA: .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 @@ -1602,10 +1616,12 @@ L$Camellia_SBOX: .long 0x008f8f8f,0xe300e3e3 .long 0x00010101,0x40004040 .long 0x003d3d3d,0x4f004f4f +.text .globl _Camellia_cbc_encrypt .p2align 4 _Camellia_cbc_encrypt: +_CET_ENDBR cmpq $0,%rdx je L$cbc_abort pushq %rbx @@ -1835,5 +1851,3 @@ L$cbc_done: L$cbc_abort: retq - -.byte 67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 diff --git a/crypto/camellia/cmll-masm-x86_64.S b/crypto/camellia/cmll-masm-x86_64.S index e1871b50..cb401e47 100644 --- a/crypto/camellia/cmll-masm-x86_64.S +++ b/crypto/camellia/cmll-masm-x86_64.S @@ -1,28 +1,33 @@ ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +71,8 @@ OPTION DOTNAME -; 3 "crypto/camellia/cmll-masm-x86_64.S.tmp" 2 + +; 9 "crypto/camellia/cmll-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' @@ -74,6 +80,7 @@ PUBLIC Camellia_EncryptBlock ALIGN 16 Camellia_EncryptBlock PROC PUBLIC + mov eax,128 sub eax,edi mov edi,3 @@ -96,6 +103,7 @@ $L$SEH_begin_Camellia_EncryptBlock_Rounds:: mov rcx,r9 + push rbx push rbp push r13 @@ -147,6 +155,7 @@ Camellia_EncryptBlock_Rounds ENDP ALIGN 16 _x86_64_Camellia_encrypt PROC PRIVATE + xor r9d,DWORD PTR[r14] xor r8d,DWORD PTR[4+r14] xor r11d,DWORD PTR[8+r14] @@ -356,6 +365,7 @@ PUBLIC Camellia_DecryptBlock ALIGN 16 Camellia_DecryptBlock PROC PUBLIC + mov eax,128 sub eax,edi mov edi,3 @@ -378,6 +388,7 @@ $L$SEH_begin_Camellia_DecryptBlock_Rounds:: mov rcx,r9 + push rbx push rbp push r13 @@ -429,6 +440,7 @@ Camellia_DecryptBlock_Rounds ENDP ALIGN 16 _x86_64_Camellia_decrypt PROC PRIVATE + xor r9d,DWORD PTR[r14] xor r8d,DWORD PTR[4+r14] xor r11d,DWORD PTR[8+r14] @@ -646,6 +658,7 @@ $L$SEH_begin_Camellia_Ekeygen:: mov rdx,r8 + push rbx push rbp push r13 @@ -1189,6 +1202,8 @@ $L$key_epilogue:: DB 0F3h,0C3h ;repret $L$SEH_end_Camellia_Ekeygen:: Camellia_Ekeygen ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$Camellia_SIGMA:: DD 03bcc908bh,0a09e667fh,04caa73b2h,0b67ae858h @@ -1708,6 +1723,8 @@ $L$Camellia_SBOX:: DD 0008f8f8fh,0e300e3e3h DD 000010101h,040004040h DD 0003d3d3dh,04f004f4fh +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' PUBLIC Camellia_cbc_encrypt ALIGN 16 @@ -1724,6 +1741,7 @@ $L$SEH_begin_Camellia_cbc_encrypt:: mov r9,QWORD PTR[48+rsp] + cmp rdx,0 je $L$cbc_abort push rbx @@ -1957,10 +1975,6 @@ $L$cbc_abort:: $L$SEH_end_Camellia_cbc_encrypt:: Camellia_cbc_encrypt ENDP -DB 67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54 -DB 95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112 -DB 101,110,115,115,108,46,111,114,103,62,0 - .text$ ENDS END diff --git a/crypto/camellia/cmll-mingw64-x86_64.S b/crypto/camellia/cmll-mingw64-x86_64.S index 75966f43..37e6665a 100644 --- a/crypto/camellia/cmll-mingw64-x86_64.S +++ b/crypto/camellia/cmll-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -6,6 +12,7 @@ .def Camellia_EncryptBlock; .scl 2; .type 32; .endef .p2align 4 Camellia_EncryptBlock: +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -27,6 +34,7 @@ Camellia_EncryptBlock_Rounds: movq %r8,%rdx movq %r9,%rcx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -77,6 +85,7 @@ Camellia_EncryptBlock_Rounds: .def _x86_64_Camellia_encrypt; .scl 3; .type 32; .endef .p2align 4 _x86_64_Camellia_encrypt: +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -286,6 +295,7 @@ _x86_64_Camellia_encrypt: .def Camellia_DecryptBlock; .scl 2; .type 32; .endef .p2align 4 Camellia_DecryptBlock: +_CET_ENDBR movl $128,%eax subl %edi,%eax movl $3,%edi @@ -307,6 +317,7 @@ Camellia_DecryptBlock_Rounds: movq %r8,%rdx movq %r9,%rcx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -357,6 +368,7 @@ Camellia_DecryptBlock_Rounds: .def _x86_64_Camellia_decrypt; .scl 3; .type 32; .endef .p2align 4 _x86_64_Camellia_decrypt: +_CET_ENDBR xorl 0(%r14),%r9d xorl 4(%r14),%r8d xorl 8(%r14),%r11d @@ -573,6 +585,7 @@ Camellia_Ekeygen: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r13 @@ -1115,6 +1128,7 @@ Camellia_Ekeygen: movq 16(%rsp),%rsi retq .LSEH_end_Camellia_Ekeygen: +.section .rodata .p2align 6 .LCamellia_SIGMA: .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 @@ -1634,6 +1648,7 @@ Camellia_Ekeygen: .long 0x008f8f8f,0xe300e3e3 .long 0x00010101,0x40004040 .long 0x003d3d3d,0x4f004f4f +.text .globl Camellia_cbc_encrypt .def Camellia_cbc_encrypt; .scl 2; .type 32; .endef .p2align 4 @@ -1649,6 +1664,7 @@ Camellia_cbc_encrypt: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR cmpq $0,%rdx je .Lcbc_abort pushq %rbx @@ -1880,5 +1896,3 @@ Camellia_cbc_encrypt: movq 16(%rsp),%rsi retq .LSEH_end_Camellia_cbc_encrypt: - -.byte 67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index 04e0eb83..50db6175 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cm_ameth.c,v 1.10 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: cm_ameth.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2010. */ @@ -77,8 +77,8 @@ cmac_key_free(EVP_PKEY *pkey) } const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { + .base_method = &cmac_asn1_meth, .pkey_id = EVP_PKEY_CMAC, - .pkey_base_id = EVP_PKEY_CMAC, .pem_str = "CMAC", .info = "OpenSSL CMAC method", diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index d47cfb7b..03538e20 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cm_pmeth.c,v 1.10 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: cm_pmeth.c,v 1.12 2023/12/28 21:56:12 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2010. */ @@ -92,18 +92,23 @@ pkey_cmac_cleanup(EVP_PKEY_CTX *ctx) static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - CMAC_CTX *cmkey = CMAC_CTX_new(); - CMAC_CTX *cmctx = ctx->data; + CMAC_CTX *cmkey; + int ret = 0; - if (!cmkey) - return 0; - if (!CMAC_CTX_copy(cmkey, cmctx)) { - CMAC_CTX_free(cmkey); - return 0; - } - EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey); + if ((cmkey = CMAC_CTX_new()) == NULL) + goto err; + if (!CMAC_CTX_copy(cmkey, ctx->data)) + goto err; + if (!EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey)) + goto err; + cmkey = NULL; - return 1; + ret = 1; + + err: + CMAC_CTX_free(cmkey); + + return ret; } static int @@ -143,7 +148,7 @@ pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) break; case EVP_PKEY_CTRL_CIPHER: - if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine)) + if (!CMAC_Init(cmctx, NULL, 0, p2, NULL)) return 0; break; diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 9c05a98e..7ad34348 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.c,v 1.14 2023/07/08 14:27:14 beck Exp $ */ +/* $OpenBSD: cmac.c,v 1.23 2024/03/02 09:30:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -59,37 +59,52 @@ #include "evp_local.h" +/* + * This implementation follows https://doi.org/10.6028/NIST.SP.800-38B + */ + +/* + * CMAC context. k1 and k2 are the secret subkeys, computed as in section 6.1. + * The temporary block tbl is a scratch buffer that holds intermediate secrets. + */ struct CMAC_CTX_st { - /* Cipher context to use */ - EVP_CIPHER_CTX cctx; - /* Keys k1 and k2 */ + EVP_CIPHER_CTX *cipher_ctx; unsigned char k1[EVP_MAX_BLOCK_LENGTH]; unsigned char k2[EVP_MAX_BLOCK_LENGTH]; - /* Temporary block */ unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; - /* Last (possibly partial) block */ unsigned char last_block[EVP_MAX_BLOCK_LENGTH]; - /* Number of bytes in last block: -1 means context not initialised */ + /* Bytes in last block. -1 means not initialized. */ int nlast_block; }; - -/* Make temporary keys K1 and K2 */ - +/* + * SP 800-38B, section 6.1, steps 2 and 3: given the input key l, calculate + * the subkeys k1 and k2: shift l one bit to the left. If the most significant + * bit of l was 1, additionally xor the result with Rb to get kn. + * + * Step 2: calculate k1 with l being the intermediate block CIPH_K(0), + * Step 3: calculate k2 from l == k1. + * + * Per 5.3, Rb is the lexically first irreducible polynomial of degree b with + * the minimum number of non-zero terms. This gives R128 = (1 << 128) | 0x87 + * and R64 = (1 << 64) | 0x1b for the only supported block sizes 128 and 64. + */ static void -make_kn(unsigned char *k1, unsigned char *l, int bl) +make_kn(unsigned char *kn, const unsigned char *l, int block_size) { + unsigned char mask, Rb; int i; - /* Shift block to left, including carry */ - for (i = 0; i < bl; i++) { - k1[i] = l[i] << 1; - if (i < bl - 1 && l[i + 1] & 0x80) - k1[i] |= 1; - } - /* If MSB set fixup with R */ - if (l[0] & 0x80) - k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; + /* Choose Rb according to the block size in bytes. */ + Rb = block_size == 16 ? 0x87 : 0x1b; + + /* Compute l << 1 up to last byte. */ + for (i = 0; i < block_size - 1; i++) + kn[i] = (l[i] << 1) | (l[i + 1] >> 7); + + /* Only xor with Rb if the MSB is one. */ + mask = 0 - (l[0] >> 7); + kn[block_size - 1] = (l[block_size - 1] << 1) ^ (Rb & mask); } CMAC_CTX * @@ -97,19 +112,26 @@ CMAC_CTX_new(void) { CMAC_CTX *ctx; - ctx = malloc(sizeof(CMAC_CTX)); - if (!ctx) - return NULL; - EVP_CIPHER_CTX_init(&ctx->cctx); + if ((ctx = calloc(1, sizeof(CMAC_CTX))) == NULL) + goto err; + if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + ctx->nlast_block = -1; + return ctx; + + err: + CMAC_CTX_free(ctx); + + return NULL; } LCRYPTO_ALIAS(CMAC_CTX_new); void CMAC_CTX_cleanup(CMAC_CTX *ctx) { - EVP_CIPHER_CTX_cleanup(&ctx->cctx); + (void)EVP_CIPHER_CTX_reset(ctx->cipher_ctx); explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); @@ -121,7 +143,7 @@ LCRYPTO_ALIAS(CMAC_CTX_cleanup); EVP_CIPHER_CTX * CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) { - return &ctx->cctx; + return ctx->cipher_ctx; } LCRYPTO_ALIAS(CMAC_CTX_get0_cipher_ctx); @@ -132,24 +154,25 @@ CMAC_CTX_free(CMAC_CTX *ctx) return; CMAC_CTX_cleanup(ctx); - free(ctx); + EVP_CIPHER_CTX_free(ctx->cipher_ctx); + freezero(ctx, sizeof(CMAC_CTX)); } LCRYPTO_ALIAS(CMAC_CTX_free); int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) { - int bl; + int block_size; if (in->nlast_block == -1) return 0; - if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) + if (!EVP_CIPHER_CTX_copy(out->cipher_ctx, in->cipher_ctx)) return 0; - bl = EVP_CIPHER_CTX_block_size(&in->cctx); - memcpy(out->k1, in->k1, bl); - memcpy(out->k2, in->k2, bl); - memcpy(out->tbl, in->tbl, bl); - memcpy(out->last_block, in->last_block, bl); + block_size = EVP_CIPHER_CTX_block_size(in->cipher_ctx); + memcpy(out->k1, in->k1, block_size); + memcpy(out->k2, in->k2, block_size); + memcpy(out->tbl, in->tbl, block_size); + memcpy(out->last_block, in->last_block, block_size); out->nlast_block = in->nlast_block; return 1; } @@ -160,44 +183,68 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl) { static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; + int block_size; /* All zeros means restart */ - if (!key && !cipher && !impl && keylen == 0) { + if (key == NULL && cipher == NULL && keylen == 0) { /* Not initialised */ if (ctx->nlast_block == -1) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, zero_iv)) return 0; - memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); + explicit_bzero(ctx->tbl, sizeof(ctx->tbl)); ctx->nlast_block = 0; return 1; } - /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) - return 0; - /* Non-NULL key means initialisation complete */ - if (key) { - int bl; - if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) + /* Initialise context. */ + if (cipher != NULL) { + /* + * Disallow ciphers for which EVP_Cipher() behaves differently. + * These are AEAD ciphers (or AES keywrap) for which the CMAC + * construction makes little sense. + */ + if ((cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) return 0; - if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) + if (!EVP_EncryptInit_ex(ctx->cipher_ctx, cipher, NULL, NULL, NULL)) return 0; - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) + } + + /* Non-NULL key means initialisation is complete. */ + if (key != NULL) { + if (EVP_CIPHER_CTX_cipher(ctx->cipher_ctx) == NULL) + return 0; + + /* make_kn() only supports block sizes of 8 and 16 bytes. */ + block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); + if (block_size != 8 && block_size != 16) + return 0; + + /* + * Section 6.1, step 1: store the intermediate secret CIPH_K(0) + * in ctx->tbl. + */ + if (!EVP_CIPHER_CTX_set_key_length(ctx->cipher_ctx, keylen)) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); - if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) + if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, key, zero_iv)) return 0; - make_kn(ctx->k1, ctx->tbl, bl); - make_kn(ctx->k2, ctx->k1, bl); - explicit_bzero(ctx->tbl, bl); - /* Reset context again ready for first data block */ - if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, zero_iv, block_size)) return 0; - /* Zero tbl so resume works */ - memset(ctx->tbl, 0, bl); + + /* Section 6.1, step 2: compute k1 from intermediate secret. */ + make_kn(ctx->k1, ctx->tbl, block_size); + /* Section 6.1, step 3: compute k2 from k1. */ + make_kn(ctx->k2, ctx->k1, block_size); + + /* Destroy intermediate secret and reset last block count. */ + explicit_bzero(ctx->tbl, sizeof(ctx->tbl)); ctx->nlast_block = 0; + + /* Reset context again to get ready for the first data block. */ + if (!EVP_EncryptInit_ex(ctx->cipher_ctx, NULL, NULL, NULL, zero_iv)) + return 0; } + return 1; } LCRYPTO_ALIAS(CMAC_Init); @@ -206,18 +253,18 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) { const unsigned char *data = in; - size_t bl; + size_t block_size; if (ctx->nlast_block == -1) return 0; if (dlen == 0) return 1; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); /* Copy into partial block if we need to */ if (ctx->nlast_block > 0) { size_t nleft; - nleft = bl - ctx->nlast_block; + nleft = block_size - ctx->nlast_block; if (dlen < nleft) nleft = dlen; memcpy(ctx->last_block + ctx->nlast_block, data, nleft); @@ -228,15 +275,16 @@ CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, ctx->last_block, + block_size)) return 0; } /* Encrypt all but one of the complete blocks left */ - while (dlen > bl) { - if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) + while (dlen > block_size) { + if (!EVP_Cipher(ctx->cipher_ctx, ctx->tbl, data, block_size)) return 0; - dlen -= bl; - data += bl; + dlen -= block_size; + data += block_size; } /* Copy any data left to last block buffer */ memcpy(ctx->last_block, data, dlen); @@ -248,45 +296,30 @@ LCRYPTO_ALIAS(CMAC_Update); int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) { - int i, bl, lb; + int i, block_size, lb; if (ctx->nlast_block == -1) return 0; - bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); - *poutlen = (size_t)bl; + block_size = EVP_CIPHER_CTX_block_size(ctx->cipher_ctx); + *poutlen = (size_t)block_size; if (!out) return 1; lb = ctx->nlast_block; /* Is last block complete? */ - if (lb == bl) { - for (i = 0; i < bl; i++) + if (lb == block_size) { + for (i = 0; i < block_size; i++) out[i] = ctx->last_block[i] ^ ctx->k1[i]; } else { ctx->last_block[lb] = 0x80; - if (bl - lb > 1) - memset(ctx->last_block + lb + 1, 0, bl - lb - 1); - for (i = 0; i < bl; i++) + if (block_size - lb > 1) + memset(ctx->last_block + lb + 1, 0, block_size - lb - 1); + for (i = 0; i < block_size; i++) out[i] = ctx->last_block[i] ^ ctx->k2[i]; } - if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { - explicit_bzero(out, bl); + if (!EVP_Cipher(ctx->cipher_ctx, out, out, block_size)) { + explicit_bzero(out, block_size); return 0; } return 1; } LCRYPTO_ALIAS(CMAC_Final); - -int -CMAC_resume(CMAC_CTX *ctx) -{ - if (ctx->nlast_block == -1) - return 0; - /* The buffer "tbl" containes the last fully encrypted block - * which is the last IV (or all zeroes if no last encrypted block). - * The last block has not been modified since CMAC_final(). - * So reinitialising using the last decrypted block will allow - * CMAC to continue after calling CMAC_Final(). - */ - return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); -} -LCRYPTO_ALIAS(CMAC_resume); diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index a08fccc2..0a357094 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_dd.c,v 1.15 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: cms_dd.c,v 1.17 2023/10/26 09:08:57 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -54,13 +54,14 @@ #include -#include "cryptlib.h" -#include -#include -#include -#include +#include #include +#include +#include +#include + #include "cms_local.h" +#include "x509_local.h" /* CMS DigestedData Utilities */ @@ -85,7 +86,8 @@ cms_DigestedData_create(const EVP_MD *md) dd->version = 0; dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); - X509_ALGOR_set_md(dd->digestAlgorithm, md); + if (!X509_ALGOR_set_evp_md(dd->digestAlgorithm, md)) + goto err; return cms; diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 547f9ff7..dee643fa 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_enc.c,v 1.23 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_enc.c,v 1.24 2024/01/14 18:40:24 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -61,7 +61,10 @@ #include #include #include + #include "cms_local.h" +#include "evp_local.h" +#include "x509_local.h" /* CMS EncryptedData Utilities */ diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 7bb8f613..98979cda 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_env.c,v 1.26 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_env.c,v 1.27 2024/01/14 18:40:24 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -54,16 +54,17 @@ #include -#include "cryptlib.h" #include #include #include #include #include #include -#include "cms_local.h" + #include "asn1/asn1_local.h" +#include "cms_local.h" #include "evp/evp_local.h" +#include "x509_local.h" /* CMS EnvelopedData Utilities */ diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index b9a4cd8a..16b54c19 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_ess.c,v 1.23 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_ess.c,v 1.24 2024/01/14 18:40:24 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -54,15 +54,15 @@ #include -#include "cryptlib.h" #include #include #include #include #include #include -#include "cms_local.h" +#include "cms_local.h" +#include "x509_local.h" CMS_ReceiptRequest * d2i_CMS_ReceiptRequest(CMS_ReceiptRequest **a, const unsigned char **in, long len) diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 8ed54e75..242a4969 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_kari.c,v 1.15 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_kari.c,v 1.16 2024/02/02 14:11:45 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -279,7 +279,7 @@ cms_kek_cipher(unsigned char **pout, size_t *poutlen, const unsigned char *in, explicit_bzero(kek, keklen); if (!rv) free(out); - EVP_CIPHER_CTX_reset(kari->ctx); + (void)EVP_CIPHER_CTX_reset(kari->ctx); /* FIXME: WHY IS kari->pctx freed here? /RL */ EVP_PKEY_CTX_free(kari->pctx); kari->pctx = NULL; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 9ea7cfdc..b6fe5df9 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_pwri.c,v 1.29 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_pwri.c,v 1.31 2024/01/14 18:40:24 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -52,18 +52,21 @@ * ==================================================================== */ +#include + +#include #include -#include "cryptlib.h" -#include -#include -#include +#include #include +#include #include -#include -#include +#include +#include + #include "cms_local.h" -#include "asn1/asn1_local.h" +#include "evp_local.h" +#include "x509_local.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 24582297..b644717b 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_sd.c,v 1.28 2023/09/11 09:29:30 tb Exp $ */ +/* $OpenBSD: cms_sd.c,v 1.30 2024/02/02 14:13:11 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -52,18 +52,22 @@ * ==================================================================== */ +#include #include -#include "cryptlib.h" -#include -#include -#include -#include +#include +#include #include +#include #include +#include +#include +#include + +#include "asn1_local.h" #include "cms_local.h" -#include "asn1/asn1_local.h" -#include "evp/evp_local.h" +#include "evp_local.h" +#include "x509_local.h" /* CMS SignedData Utilities */ @@ -279,7 +283,7 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, { CMS_SignedData *sd; CMS_SignerInfo *si = NULL; - X509_ALGOR *alg; + X509_ALGOR *alg = NULL; int i, type; if (!X509_check_private_key(signer, pk)) { @@ -337,26 +341,29 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, goto err; } - X509_ALGOR_set_md(si->digestAlgorithm, md); + if (!X509_ALGOR_set_evp_md(si->digestAlgorithm, md)) + goto err; /* See if digest is present in digestAlgorithms */ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { + const X509_ALGOR *x509_alg; const ASN1_OBJECT *aoid; - alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); - X509_ALGOR_get0(&aoid, NULL, NULL, alg); + + x509_alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); + X509_ALGOR_get0(&aoid, NULL, NULL, x509_alg); if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) break; } if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { - alg = X509_ALGOR_new(); - if (alg == NULL) + if ((alg = X509_ALGOR_new()) == NULL) + goto merr; + if (!X509_ALGOR_set_evp_md(alg, md)) goto merr; - X509_ALGOR_set_md(alg, md); if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { - X509_ALGOR_free(alg); goto merr; } + alg = NULL; } if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) @@ -422,6 +429,7 @@ CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, CMSerror(ERR_R_MALLOC_FAILURE); err: ASN1_item_free((ASN1_VALUE *)si, &CMS_SignerInfo_it); + X509_ALGOR_free(alg); return NULL; } @@ -736,7 +744,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si) } if (si->pctx == NULL) { - EVP_MD_CTX_reset(si->mctx); + (void)EVP_MD_CTX_reset(si->mctx); if (!EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, si->pkey)) goto err; } @@ -771,8 +779,7 @@ CMS_SignerInfo_sign(CMS_SignerInfo *si) ret = 1; err: - if (si->mctx != NULL) - EVP_MD_CTX_reset(si->mctx); + (void)EVP_MD_CTX_reset(si->mctx); freezero(buf, buf_len); freezero(sig, sig_len); @@ -823,8 +830,7 @@ CMS_SignerInfo_verify(CMS_SignerInfo *si) } err: - if (si->mctx != NULL) - EVP_MD_CTX_reset(si->mctx); + (void)EVP_MD_CTX_reset(si->mctx); freezero(buf, buf_len); return ret; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index b2930017..5a194748 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cms_smime.c,v 1.27 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: cms_smime.c,v 1.28 2023/12/22 10:23:11 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -52,14 +52,21 @@ * ==================================================================== */ -#include "cryptlib.h" -#include -#include -#include -#include +#include + +#include + +#include +#include #include +#include +#include +#include +#include +#include +#include + #include "cms_local.h" -#include "asn1/asn1_local.h" static BIO * cms_get_text_bio(BIO *out, unsigned int flags) diff --git a/crypto/compat/posix_win.c b/crypto/compat/posix_win.c index b3a46872..3e78a07c 100644 --- a/crypto/compat/posix_win.c +++ b/crypto/compat/posix_win.c @@ -9,8 +9,8 @@ #define NO_REDEF_POSIX_FUNCTIONS -#include #include +#include #include #include @@ -164,8 +164,10 @@ static void noop_handler(const wchar_t *expression, const wchar_t *function, } #define BEGIN_SUPPRESS_IPH \ + int old_report_mode = _CrtSetReportMode(_CRT_ASSERT, 0); \ _invalid_parameter_handler old_handler = _set_thread_local_invalid_parameter_handler(noop_handler) #define END_SUPPRESS_IPH \ + _CrtSetReportMode(_CRT_ASSERT, old_report_mode); \ _set_thread_local_invalid_parameter_handler(old_handler) #else diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 6fe071e1..b78bd50c 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_api.c,v 1.16 2023/07/08 08:26:26 beck Exp $ */ +/* $OpenBSD: conf_api.c,v 1.18 2024/03/02 11:11:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,6 +69,8 @@ #include #include +#include "lhash_local.h" + static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); static void value_free_stack_doall(CONF_VALUE *a); @@ -205,9 +207,6 @@ _CONF_free_data(CONF *conf) if (conf == NULL || conf->data == NULL) return; - lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make - * sure the 'free()' works as - * expected */ lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), LHASH_OF(CONF_VALUE), conf->data); diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 995ba3ef..2e4228bb 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_lib.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ +/* $OpenBSD: conf_lib.c,v 1.16 2024/01/28 21:00:54 tb Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2000. */ @@ -86,8 +86,8 @@ CONF_set_default_method(CONF_METHOD *meth) return 1; } -LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline) +LHASH_OF(CONF_VALUE) * +CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline) { LHASH_OF(CONF_VALUE) *ltmp; BIO *in = NULL; @@ -104,8 +104,8 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, return ltmp; } -LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline) +LHASH_OF(CONF_VALUE) * +CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline) { BIO *btmp; LHASH_OF(CONF_VALUE) *ltmp; @@ -119,8 +119,8 @@ LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, return ltmp; } -LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, - long *eline) +LHASH_OF(CONF_VALUE) * +CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline) { CONF ctmp; int ret; @@ -133,8 +133,8 @@ LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, return NULL; } -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section) +STACK_OF(CONF_VALUE) * +CONF_get_section(LHASH_OF(CONF_VALUE) *conf, const char *section) { if (conf == NULL) { return NULL; diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 18631b3b..141c0abe 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: conf_mall.c,v 1.11 2024/03/02 09:02:04 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -56,27 +56,14 @@ * */ -#include - -#include - -#include #include -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif /* Load all OpenSSL builtin modules */ +void ASN1_add_oid_module(void); void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_add_conf_module(); -#endif } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 827cf96e..689b7a32 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */ +/* $OpenBSD: conf_sap.c,v 1.15 2023/11/19 15:46:09 tb Exp $ */ /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -67,10 +67,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, * unless this is overridden by calling OPENSSL_no_config() @@ -84,10 +80,6 @@ static void OPENSSL_config_internal(void) { OPENSSL_load_builtin_modules(); -#ifndef OPENSSL_NO_ENGINE - /* Need to load ENGINEs */ - ENGINE_load_builtin_engines(); -#endif /* Add others here? */ ERR_clear_error(); diff --git a/crypto/cpuid-elf-x86_64.S b/crypto/cpuid-elf-x86_64.S index 6dc8e58d..10d5fd7b 100644 --- a/crypto/cpuid-elf-x86_64.S +++ b/crypto/cpuid-elf-x86_64.S @@ -1,8 +1,14 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .hidden OPENSSL_cpuid_setup .section .init - endbr64 +_CET_ENDBR call OPENSSL_cpuid_setup @@ -14,7 +20,7 @@ .type OPENSSL_ia32_cpuid,@function .align 16 OPENSSL_ia32_cpuid: - endbr64 +_CET_ENDBR movq %rbx,%r8 xorl %eax,%eax diff --git a/crypto/cpuid-macosx-x86_64.S b/crypto/cpuid-macosx-x86_64.S index 5d3f1a74..84c35601 100644 --- a/crypto/cpuid-macosx-x86_64.S +++ b/crypto/cpuid-macosx-x86_64.S @@ -1,7 +1,14 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .private_extern _OPENSSL_cpuid_setup .mod_init_func +_CET_ENDBR .p2align 3 .quad _OPENSSL_cpuid_setup @@ -14,6 +21,7 @@ .p2align 4 _OPENSSL_ia32_cpuid: +_CET_ENDBR movq %rbx,%r8 xorl %eax,%eax diff --git a/crypto/cpuid-masm-x86_64.S b/crypto/cpuid-masm-x86_64.S index 97dae0a6..259ed978 100644 --- a/crypto/cpuid-masm-x86_64.S +++ b/crypto/cpuid-masm-x86_64.S @@ -1,30 +1,33 @@ ; 1 "crypto/cpuid-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/cpuid-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + +; 40 "./crypto/x86_arch.h" + @@ -66,10 +69,14 @@ OPTION DOTNAME -; 3 "crypto/cpuid-masm-x86_64.S.tmp" 2 + + + +; 9 "crypto/cpuid-masm-x86_64.S.tmp" 2 EXTERN OPENSSL_cpuid_setup:NEAR .CRT$XCU SEGMENT READONLY ALIGN(8) + DQ OPENSSL_cpuid_setup EXTERN OPENSSL_ia32cap_P:NEAR @@ -82,6 +89,7 @@ PUBLIC OPENSSL_ia32_cpuid ALIGN 16 OPENSSL_ia32_cpuid PROC PUBLIC + mov r8,rbx xor eax,eax diff --git a/crypto/cpuid-mingw64-x86_64.S b/crypto/cpuid-mingw64-x86_64.S index cf66d0fd..d459c0e5 100644 --- a/crypto/cpuid-mingw64-x86_64.S +++ b/crypto/cpuid-mingw64-x86_64.S @@ -1,7 +1,14 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .section .ctors +_CET_ENDBR .p2align 3 .quad OPENSSL_cpuid_setup @@ -14,6 +21,7 @@ .def OPENSSL_ia32_cpuid; .scl 2; .type 32; .endef .p2align 4 OPENSSL_ia32_cpuid: +_CET_ENDBR movq %rbx,%r8 xorl %eax,%eax diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 18f40e54..abf11594 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.c,v 1.46 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: cryptlib.c,v 1.48 2024/03/02 11:37:13 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -124,6 +124,8 @@ #include #include +#include "crypto_local.h" + static void (*locking_callback)(int mode, int type, const char *file, int line) = NULL; static int (*add_lock_callback)(int *pointer, int amount, @@ -355,7 +357,7 @@ OPENSSL_showfatal(const char *fmta, ...) va_list ap; va_start(ap, fmta); - vsyslog_r(LOG_INFO|LOG_LOCAL2, &sdata, fmta, ap); + vsyslog_r(LOG_CONS|LOG_LOCAL2, &sdata, fmta, ap); va_end(ap); } diff --git a/crypto/crypto.sym b/crypto/crypto.sym index bb80f34c..846bd5ce 100644 --- a/crypto/crypto.sym +++ b/crypto/crypto.sym @@ -81,18 +81,6 @@ ASN1_OCTET_STRING_free ASN1_OCTET_STRING_it ASN1_OCTET_STRING_new ASN1_OCTET_STRING_set -ASN1_PCTX_free -ASN1_PCTX_get_cert_flags -ASN1_PCTX_get_flags -ASN1_PCTX_get_nm_flags -ASN1_PCTX_get_oid_flags -ASN1_PCTX_get_str_flags -ASN1_PCTX_new -ASN1_PCTX_set_cert_flags -ASN1_PCTX_set_flags -ASN1_PCTX_set_nm_flags -ASN1_PCTX_set_oid_flags -ASN1_PCTX_set_str_flags ASN1_PRINTABLESTRING_free ASN1_PRINTABLESTRING_it ASN1_PRINTABLESTRING_new @@ -103,8 +91,6 @@ ASN1_PRINTABLE_type ASN1_SEQUENCE_ANY_it ASN1_SEQUENCE_it ASN1_SET_ANY_it -ASN1_STRING_TABLE_add -ASN1_STRING_TABLE_cleanup ASN1_STRING_TABLE_get ASN1_STRING_cmp ASN1_STRING_copy @@ -143,7 +129,6 @@ ASN1_TIME_print ASN1_TIME_set ASN1_TIME_set_string ASN1_TIME_set_string_X509 -ASN1_TIME_set_tm ASN1_TIME_to_generalizedtime ASN1_TIME_to_tm ASN1_TYPE_cmp @@ -175,7 +160,6 @@ ASN1_UTF8STRING_new ASN1_VISIBLESTRING_free ASN1_VISIBLESTRING_it ASN1_VISIBLESTRING_new -ASN1_add_oid_module ASN1_d2i_bio ASN1_d2i_fp ASN1_dup @@ -213,9 +197,7 @@ ASN1_put_eoc ASN1_put_object ASN1_tag2bit ASN1_tag2str -ASN1_time_parse ASN1_time_tm_clamp_notafter -ASN1_time_tm_cmp ASRange_free ASRange_it ASRange_new @@ -251,11 +233,7 @@ BIO_ctrl_wpending BIO_debug_callback BIO_dgram_non_fatal_error BIO_dump -BIO_dump_cb -BIO_dump_fp BIO_dump_indent -BIO_dump_indent_cb -BIO_dump_indent_fp BIO_dup_chain BIO_f_base64 BIO_f_buffer @@ -337,7 +315,6 @@ BIO_s_log BIO_s_mem BIO_s_null BIO_s_socket -BIO_set BIO_set_callback BIO_set_callback_arg BIO_set_callback_ex @@ -350,7 +327,6 @@ BIO_set_next BIO_set_retry_reason BIO_set_shutdown BIO_set_tcp_ndelay -BIO_snprintf BIO_sock_cleanup BIO_sock_error BIO_sock_init @@ -361,8 +337,6 @@ BIO_socket_nbio BIO_test_flags BIO_up_ref BIO_vfree -BIO_vprintf -BIO_vsnprintf BIO_write BN_CTX_end BN_CTX_free @@ -433,11 +407,8 @@ BN_mask_bits BN_mod_add BN_mod_add_quick BN_mod_exp -BN_mod_exp2_mont BN_mod_exp_mont BN_mod_exp_mont_consttime -BN_mod_exp_mont_word -BN_mod_exp_simple BN_mod_inverse BN_mod_lshift BN_mod_lshift1 @@ -507,7 +478,6 @@ CMAC_CTX_new CMAC_Final CMAC_Init CMAC_Update -CMAC_resume CMS_ContentInfo_free CMS_ContentInfo_it CMS_ContentInfo_new @@ -653,11 +623,7 @@ CONF_set_nconf CRL_DIST_POINTS_free CRL_DIST_POINTS_it CRL_DIST_POINTS_new -CRYPTO_THREADID_cmp -CRYPTO_THREADID_cpy -CRYPTO_THREADID_current CRYPTO_THREADID_get_callback -CRYPTO_THREADID_hash CRYPTO_THREADID_set_callback CRYPTO_THREADID_set_numeric CRYPTO_THREADID_set_pointer @@ -679,16 +645,10 @@ CRYPTO_chacha_20 CRYPTO_cleanup_all_ex_data CRYPTO_ctr128_encrypt CRYPTO_ctr128_encrypt_ctr32 -CRYPTO_dbg_free -CRYPTO_dbg_get_options -CRYPTO_dbg_malloc -CRYPTO_dbg_realloc -CRYPTO_dbg_set_options CRYPTO_destroy_dynlockid CRYPTO_dup_ex_data CRYPTO_free CRYPTO_free_ex_data -CRYPTO_free_locked CRYPTO_gcm128_aad CRYPTO_gcm128_decrypt CRYPTO_gcm128_decrypt_ctr32 @@ -709,24 +669,13 @@ CRYPTO_get_ex_data CRYPTO_get_ex_new_index CRYPTO_get_id_callback CRYPTO_get_lock_name -CRYPTO_get_locked_mem_ex_functions -CRYPTO_get_locked_mem_functions CRYPTO_get_locking_callback -CRYPTO_get_mem_debug_functions -CRYPTO_get_mem_debug_options -CRYPTO_get_mem_ex_functions -CRYPTO_get_mem_functions CRYPTO_get_new_dynlockid CRYPTO_get_new_lockid CRYPTO_hchacha_20 -CRYPTO_is_mem_check_on CRYPTO_lock CRYPTO_malloc -CRYPTO_malloc_locked CRYPTO_mem_ctrl -CRYPTO_mem_leaks -CRYPTO_mem_leaks_cb -CRYPTO_mem_leaks_fp CRYPTO_memcmp CRYPTO_new_ex_data CRYPTO_num_locks @@ -734,23 +683,13 @@ CRYPTO_ofb128_encrypt CRYPTO_poly1305_finish CRYPTO_poly1305_init CRYPTO_poly1305_update -CRYPTO_pop_info -CRYPTO_push_info_ -CRYPTO_realloc -CRYPTO_realloc_clean -CRYPTO_remalloc -CRYPTO_remove_all_info CRYPTO_set_add_lock_callback CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_lock_callback CRYPTO_set_ex_data CRYPTO_set_id_callback -CRYPTO_set_locked_mem_ex_functions -CRYPTO_set_locked_mem_functions CRYPTO_set_locking_callback -CRYPTO_set_mem_debug_functions -CRYPTO_set_mem_debug_options CRYPTO_set_mem_ex_functions CRYPTO_set_mem_functions CRYPTO_strdup @@ -895,7 +834,6 @@ DSA_do_verify DSA_dup_DH DSA_free DSA_generate_key -DSA_generate_parameters DSA_generate_parameters_ex DSA_get0_engine DSA_get0_g @@ -1117,7 +1055,6 @@ ERR_get_error ERR_get_error_line ERR_get_error_line_data ERR_get_next_error_library -ERR_get_state ERR_lib_error_string ERR_load_ASN1_strings ERR_load_BIO_strings @@ -1131,7 +1068,6 @@ ERR_load_DSA_strings ERR_load_EC_strings ERR_load_ERR_strings ERR_load_EVP_strings -ERR_load_GOST_strings ERR_load_OBJ_strings ERR_load_OCSP_strings ERR_load_PEM_strings @@ -1212,12 +1148,10 @@ EVP_CIPHER_CTX_set_iv EVP_CIPHER_CTX_set_key_length EVP_CIPHER_CTX_set_padding EVP_CIPHER_CTX_test_flags -EVP_CIPHER_asn1_to_param EVP_CIPHER_block_size EVP_CIPHER_do_all EVP_CIPHER_do_all_sorted EVP_CIPHER_flags -EVP_CIPHER_get_asn1_iv EVP_CIPHER_iv_length EVP_CIPHER_key_length EVP_CIPHER_meth_dup @@ -1233,8 +1167,6 @@ EVP_CIPHER_meth_set_init EVP_CIPHER_meth_set_iv_length EVP_CIPHER_meth_set_set_asn1_params EVP_CIPHER_nid -EVP_CIPHER_param_to_asn1 -EVP_CIPHER_set_asn1_iv EVP_CIPHER_type EVP_Cipher EVP_CipherFinal @@ -1295,29 +1227,11 @@ EVP_MD_block_size EVP_MD_do_all EVP_MD_do_all_sorted EVP_MD_flags -EVP_MD_meth_dup -EVP_MD_meth_free -EVP_MD_meth_new -EVP_MD_meth_set_app_datasize -EVP_MD_meth_set_cleanup -EVP_MD_meth_set_copy -EVP_MD_meth_set_ctrl -EVP_MD_meth_set_final -EVP_MD_meth_set_flags -EVP_MD_meth_set_init -EVP_MD_meth_set_input_blocksize -EVP_MD_meth_set_result_size -EVP_MD_meth_set_update EVP_MD_pkey_type EVP_MD_size EVP_MD_type EVP_OpenFinal EVP_OpenInit -EVP_PBE_CipherInit -EVP_PBE_alg_add -EVP_PBE_alg_add_type -EVP_PBE_cleanup -EVP_PBE_find EVP_PKCS82PKEY EVP_PKEY2PKCS8 EVP_PKEY_CTX_ctrl @@ -1341,25 +1255,11 @@ EVP_PKEY_add1_attr EVP_PKEY_add1_attr_by_NID EVP_PKEY_add1_attr_by_OBJ EVP_PKEY_add1_attr_by_txt -EVP_PKEY_asn1_add0 -EVP_PKEY_asn1_add_alias -EVP_PKEY_asn1_copy EVP_PKEY_asn1_find EVP_PKEY_asn1_find_str -EVP_PKEY_asn1_free EVP_PKEY_asn1_get0 EVP_PKEY_asn1_get0_info EVP_PKEY_asn1_get_count -EVP_PKEY_asn1_new -EVP_PKEY_asn1_set_check -EVP_PKEY_asn1_set_ctrl -EVP_PKEY_asn1_set_free -EVP_PKEY_asn1_set_param -EVP_PKEY_asn1_set_param_check -EVP_PKEY_asn1_set_private -EVP_PKEY_asn1_set_public -EVP_PKEY_asn1_set_public_check -EVP_PKEY_asn1_set_security_bits EVP_PKEY_assign EVP_PKEY_base_id EVP_PKEY_bits @@ -1399,29 +1299,6 @@ EVP_PKEY_get_raw_public_key EVP_PKEY_id EVP_PKEY_keygen EVP_PKEY_keygen_init -EVP_PKEY_meth_add0 -EVP_PKEY_meth_copy -EVP_PKEY_meth_find -EVP_PKEY_meth_free -EVP_PKEY_meth_get0_info -EVP_PKEY_meth_new -EVP_PKEY_meth_set_check -EVP_PKEY_meth_set_cleanup -EVP_PKEY_meth_set_copy -EVP_PKEY_meth_set_ctrl -EVP_PKEY_meth_set_decrypt -EVP_PKEY_meth_set_derive -EVP_PKEY_meth_set_encrypt -EVP_PKEY_meth_set_init -EVP_PKEY_meth_set_keygen -EVP_PKEY_meth_set_param_check -EVP_PKEY_meth_set_paramgen -EVP_PKEY_meth_set_public_check -EVP_PKEY_meth_set_sign -EVP_PKEY_meth_set_signctx -EVP_PKEY_meth_set_verify -EVP_PKEY_meth_set_verify_recover -EVP_PKEY_meth_set_verifyctx EVP_PKEY_missing_parameters EVP_PKEY_new EVP_PKEY_new_CMAC_key @@ -1456,14 +1333,11 @@ EVP_SealFinal EVP_SealInit EVP_SignFinal EVP_VerifyFinal -EVP_add_cipher -EVP_add_digest EVP_aead_aes_128_gcm EVP_aead_aes_256_gcm EVP_aead_chacha20_poly1305 EVP_aead_xchacha20_poly1305 EVP_aes_128_cbc -EVP_aes_128_cbc_hmac_sha1 EVP_aes_128_ccm EVP_aes_128_cfb1 EVP_aes_128_cfb128 @@ -1485,7 +1359,6 @@ EVP_aes_192_gcm EVP_aes_192_ofb EVP_aes_192_wrap EVP_aes_256_cbc -EVP_aes_256_cbc_hmac_sha1 EVP_aes_256_ccm EVP_aes_256_cfb1 EVP_aes_256_cfb128 @@ -1548,11 +1421,6 @@ EVP_enc_null EVP_get_cipherbyname EVP_get_digestbyname EVP_get_pw_prompt -EVP_gost2814789_cfb64 -EVP_gost2814789_cnt -EVP_gost2814789_ecb -EVP_gost2814789imit -EVP_gostr341194 EVP_idea_cbc EVP_idea_cfb64 EVP_idea_ecb @@ -1569,7 +1437,6 @@ EVP_rc2_ecb EVP_rc2_ofb EVP_rc4 EVP_rc4_40 -EVP_rc4_hmac_md5 EVP_read_pw_string EVP_read_pw_string_min EVP_ripemd160 @@ -1591,8 +1458,6 @@ EVP_sm4_cfb128 EVP_sm4_ctr EVP_sm4_ecb EVP_sm4_ofb -EVP_streebog256 -EVP_streebog512 EVP_whirlpool EXTENDED_KEY_USAGE_free EXTENDED_KEY_USAGE_it @@ -1615,37 +1480,6 @@ GENERAL_NAME_set0_value GENERAL_SUBTREE_free GENERAL_SUBTREE_it GENERAL_SUBTREE_new -GOST2814789IMIT -GOST2814789IMIT_Final -GOST2814789IMIT_Init -GOST2814789IMIT_Transform -GOST2814789IMIT_Update -GOSTR341194 -GOSTR341194_Final -GOSTR341194_Init -GOSTR341194_Transform -GOSTR341194_Update -GOST_CIPHER_PARAMS_free -GOST_CIPHER_PARAMS_it -GOST_CIPHER_PARAMS_new -GOST_KEY_check_key -GOST_KEY_free -GOST_KEY_get0_group -GOST_KEY_get0_private_key -GOST_KEY_get0_public_key -GOST_KEY_get_digest -GOST_KEY_get_size -GOST_KEY_new -GOST_KEY_set_digest -GOST_KEY_set_group -GOST_KEY_set_private_key -GOST_KEY_set_public_key -GOST_KEY_set_public_key_affine_coordinates -Gost2814789_cfb64_encrypt -Gost2814789_cnt_encrypt -Gost2814789_ecb_encrypt -Gost2814789_set_key -Gost2814789_set_sbox HKDF HKDF_expand HKDF_extract @@ -1719,16 +1553,8 @@ NETSCAPE_SPKI_verify NOTICEREF_free NOTICEREF_it NOTICEREF_new -OBJ_NAME_add -OBJ_NAME_cleanup OBJ_NAME_do_all OBJ_NAME_do_all_sorted -OBJ_NAME_get -OBJ_NAME_init -OBJ_NAME_new_index -OBJ_NAME_remove -OBJ_add_object -OBJ_bsearch_ OBJ_cleanup OBJ_cmp OBJ_create @@ -1893,12 +1719,16 @@ OPENSSL_cleanup OPENSSL_config OPENSSL_cpu_caps OPENSSL_cpuid_setup +OPENSSL_gmtime OPENSSL_init OPENSSL_init_crypto OPENSSL_load_builtin_modules OPENSSL_no_config +OPENSSL_posix_to_tm OPENSSL_strcasecmp OPENSSL_strncasecmp +OPENSSL_timegm +OPENSSL_tm_to_posix OPENSSL_uni2asc OTHERNAME_cmp OTHERNAME_free @@ -1909,15 +1739,7 @@ OpenSSL_add_all_ciphers OpenSSL_add_all_digests OpenSSL_version OpenSSL_version_num -PBE2PARAM_free -PBE2PARAM_it -PBE2PARAM_new -PBEPARAM_free PBEPARAM_it -PBEPARAM_new -PBKDF2PARAM_free -PBKDF2PARAM_it -PBKDF2PARAM_new PEM_ASN1_read PEM_ASN1_read_bio PEM_ASN1_write @@ -2029,21 +1851,7 @@ PEM_write_bio_X509_AUX PEM_write_bio_X509_CRL PEM_write_bio_X509_REQ PEM_write_bio_X509_REQ_NEW -PKCS12_AUTHSAFES_it -PKCS12_BAGS_free -PKCS12_BAGS_it -PKCS12_BAGS_new -PKCS12_MAC_DATA_free -PKCS12_MAC_DATA_it -PKCS12_MAC_DATA_new PKCS12_PBE_add -PKCS12_PBE_keyivgen -PKCS12_SAFEBAGS_it -PKCS12_SAFEBAG_create0_p8inf -PKCS12_SAFEBAG_create0_pkcs8 -PKCS12_SAFEBAG_create_cert -PKCS12_SAFEBAG_create_crl -PKCS12_SAFEBAG_create_pkcs8_encrypt PKCS12_SAFEBAG_free PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_attrs @@ -2057,53 +1865,24 @@ PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_it PKCS12_SAFEBAG_new -PKCS12_add_CSPName_asc -PKCS12_add_cert -PKCS12_add_friendlyname_asc -PKCS12_add_friendlyname_uni -PKCS12_add_key -PKCS12_add_localkeyid -PKCS12_add_safe -PKCS12_add_safes PKCS12_create PKCS12_decrypt_skey PKCS12_free -PKCS12_gen_mac PKCS12_get0_mac -PKCS12_get_attr_gen PKCS12_get_friendlyname -PKCS12_init PKCS12_it -PKCS12_item_decrypt_d2i -PKCS12_item_i2d_encrypt -PKCS12_item_pack_safebag -PKCS12_key_gen_asc -PKCS12_key_gen_uni PKCS12_mac_present PKCS12_new PKCS12_newpass -PKCS12_pack_authsafes -PKCS12_pack_p7data -PKCS12_pack_p7encdata PKCS12_parse -PKCS12_pbe_crypt PKCS12_set_mac -PKCS12_setup_mac PKCS12_unpack_authsafes PKCS12_unpack_p7data PKCS12_unpack_p7encdata PKCS12_verify_mac PKCS1_MGF1 -PKCS5_PBE_add -PKCS5_PBE_keyivgen PKCS5_PBKDF2_HMAC PKCS5_PBKDF2_HMAC_SHA1 -PKCS5_pbe2_set -PKCS5_pbe2_set_iv -PKCS5_pbe_set -PKCS5_pbe_set0_algor -PKCS5_pbkdf2_set -PKCS5_v2_PBE_keyivgen PKCS7_ATTR_SIGN_it PKCS7_ATTR_VERIFY_it PKCS7_DIGEST_free @@ -2413,15 +2192,6 @@ SMIME_write_CMS SMIME_write_PKCS7 SSLeay SSLeay_version -STREEBOG256 -STREEBOG256_Final -STREEBOG256_Init -STREEBOG256_Update -STREEBOG512 -STREEBOG512_Final -STREEBOG512_Init -STREEBOG512_Transform -STREEBOG512_Update TS_ACCURACY_dup TS_ACCURACY_free TS_ACCURACY_get_micros @@ -2644,13 +2414,9 @@ X509V3_EXT_CRL_add_conf X509V3_EXT_CRL_add_nconf X509V3_EXT_REQ_add_conf X509V3_EXT_REQ_add_nconf -X509V3_EXT_add -X509V3_EXT_add_alias X509V3_EXT_add_conf -X509V3_EXT_add_list X509V3_EXT_add_nconf X509V3_EXT_add_nconf_sk -X509V3_EXT_cleanup X509V3_EXT_conf X509V3_EXT_conf_nid X509V3_EXT_d2i @@ -2691,7 +2457,6 @@ X509_ALGOR_get0 X509_ALGOR_it X509_ALGOR_new X509_ALGOR_set0 -X509_ALGOR_set_md X509_ATTRIBUTE_count X509_ATTRIBUTE_create X509_ATTRIBUTE_create_by_NID @@ -2706,18 +2471,12 @@ X509_ATTRIBUTE_it X509_ATTRIBUTE_new X509_ATTRIBUTE_set1_data X509_ATTRIBUTE_set1_object -X509_CERT_AUX_free -X509_CERT_AUX_it -X509_CERT_AUX_new -X509_CERT_AUX_print X509_CINF_free X509_CINF_it X509_CINF_new X509_CRL_INFO_free X509_CRL_INFO_it X509_CRL_INFO_new -X509_CRL_METHOD_free -X509_CRL_METHOD_new X509_CRL_add0_revoked X509_CRL_add1_ext_i2d X509_CRL_add_ext @@ -2742,7 +2501,6 @@ X509_CRL_get_ext_count X509_CRL_get_ext_d2i X509_CRL_get_issuer X509_CRL_get_lastUpdate -X509_CRL_get_meth_data X509_CRL_get_nextUpdate X509_CRL_get_signature_nid X509_CRL_get_version @@ -2753,10 +2511,8 @@ X509_CRL_print X509_CRL_print_fp X509_CRL_set1_lastUpdate X509_CRL_set1_nextUpdate -X509_CRL_set_default_method X509_CRL_set_issuer_name X509_CRL_set_lastUpdate -X509_CRL_set_meth_data X509_CRL_set_nextUpdate X509_CRL_set_version X509_CRL_sign @@ -2779,18 +2535,11 @@ X509_EXTENSION_set_data X509_EXTENSION_set_object X509_INFO_free X509_INFO_new -X509_LOOKUP_by_alias -X509_LOOKUP_by_fingerprint -X509_LOOKUP_by_issuer_serial -X509_LOOKUP_by_subject X509_LOOKUP_ctrl X509_LOOKUP_file X509_LOOKUP_free X509_LOOKUP_hash_dir -X509_LOOKUP_init X509_LOOKUP_mem -X509_LOOKUP_new -X509_LOOKUP_shutdown X509_NAME_ENTRIES_it X509_NAME_ENTRY_create_by_NID X509_NAME_ENTRY_create_by_OBJ @@ -2849,17 +2598,12 @@ X509_PUBKEY_it X509_PUBKEY_new X509_PUBKEY_set X509_PUBKEY_set0_param -X509_PURPOSE_add -X509_PURPOSE_cleanup X509_PURPOSE_get0 X509_PURPOSE_get0_name X509_PURPOSE_get0_sname -X509_PURPOSE_get_by_id X509_PURPOSE_get_by_sname X509_PURPOSE_get_count X509_PURPOSE_get_id -X509_PURPOSE_get_trust -X509_PURPOSE_set X509_REQ_INFO_free X509_REQ_INFO_it X509_REQ_INFO_new @@ -2952,7 +2696,6 @@ X509_STORE_CTX_get_verify X509_STORE_CTX_get_verify_cb X509_STORE_CTX_init X509_STORE_CTX_new -X509_STORE_CTX_purpose_inherit X509_STORE_CTX_set0_crls X509_STORE_CTX_set0_param X509_STORE_CTX_set0_trusted_stack @@ -2978,6 +2721,7 @@ X509_STORE_add_crl X509_STORE_add_lookup X509_STORE_free X509_STORE_get0_objects +X509_STORE_get1_objects X509_STORE_get0_param X509_STORE_get_check_issued X509_STORE_get_ex_data @@ -2997,16 +2741,6 @@ X509_STORE_set_trust X509_STORE_set_verify X509_STORE_set_verify_cb X509_STORE_up_ref -X509_TRUST_add -X509_TRUST_cleanup -X509_TRUST_get0 -X509_TRUST_get0_name -X509_TRUST_get_by_id -X509_TRUST_get_count -X509_TRUST_get_flags -X509_TRUST_get_trust -X509_TRUST_set -X509_TRUST_set_default X509_VAL_free X509_VAL_it X509_VAL_new @@ -3290,7 +3024,6 @@ d2i_ESS_SIGNING_CERT d2i_EXTENDED_KEY_USAGE d2i_GENERAL_NAME d2i_GENERAL_NAMES -d2i_GOST_CIPHER_PARAMS d2i_IPAddressChoice d2i_IPAddressFamily d2i_IPAddressOrRange @@ -3317,12 +3050,7 @@ d2i_OCSP_SERVICELOC d2i_OCSP_SIGNATURE d2i_OCSP_SINGLERESP d2i_OTHERNAME -d2i_PBE2PARAM -d2i_PBEPARAM -d2i_PBKDF2PARAM d2i_PKCS12 -d2i_PKCS12_BAGS -d2i_PKCS12_MAC_DATA d2i_PKCS12_SAFEBAG d2i_PKCS12_bio d2i_PKCS12_fp @@ -3387,7 +3115,6 @@ d2i_X509_ALGOR d2i_X509_ALGORS d2i_X509_ATTRIBUTE d2i_X509_AUX -d2i_X509_CERT_AUX d2i_X509_CINF d2i_X509_CRL d2i_X509_CRL_INFO @@ -3487,7 +3214,6 @@ i2d_ESS_SIGNING_CERT i2d_EXTENDED_KEY_USAGE i2d_GENERAL_NAME i2d_GENERAL_NAMES -i2d_GOST_CIPHER_PARAMS i2d_IPAddressChoice i2d_IPAddressFamily i2d_IPAddressOrRange @@ -3514,12 +3240,7 @@ i2d_OCSP_SERVICELOC i2d_OCSP_SIGNATURE i2d_OCSP_SINGLERESP i2d_OTHERNAME -i2d_PBE2PARAM -i2d_PBEPARAM -i2d_PBKDF2PARAM i2d_PKCS12 -i2d_PKCS12_BAGS -i2d_PKCS12_MAC_DATA i2d_PKCS12_SAFEBAG i2d_PKCS12_bio i2d_PKCS12_fp @@ -3589,7 +3310,6 @@ i2d_X509_ALGOR i2d_X509_ALGORS i2d_X509_ATTRIBUTE i2d_X509_AUX -i2d_X509_CERT_AUX i2d_X509_CINF i2d_X509_CRL i2d_X509_CRL_INFO @@ -3633,17 +3353,12 @@ idea_set_encrypt_key lh_delete lh_doall lh_doall_arg +lh_error lh_free lh_insert lh_new -lh_node_stats -lh_node_stats_bio -lh_node_usage_stats -lh_node_usage_stats_bio lh_num_items lh_retrieve -lh_stats -lh_stats_bio lh_strhash o2i_ECPublicKey o2i_SCT @@ -3654,7 +3369,6 @@ sk_delete sk_delete_ptr sk_dup sk_find -sk_find_ex sk_free sk_insert sk_is_sorted diff --git a/crypto/crypto_init.c b/crypto/crypto_init.c index a2c1c786..56f4460e 100644 --- a/crypto/crypto_init.c +++ b/crypto/crypto_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_init.c,v 1.11 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: crypto_init.c,v 1.18 2024/01/25 12:22:31 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -22,9 +22,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -47,8 +44,6 @@ OPENSSL_init_crypto_internal(void) OPENSSL_cpuid_setup(); ERR_load_crypto_strings(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); } int @@ -84,15 +79,8 @@ OPENSSL_cleanup(void) ERR_free_strings(); CRYPTO_cleanup_all_ex_data(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); - ASN1_STRING_TABLE_cleanup(); - X509V3_EXT_cleanup(); - X509_PURPOSE_cleanup(); - X509_TRUST_cleanup(); X509_VERIFY_PARAM_table_cleanup(); x509_issuer_cache_free(); @@ -100,3 +88,24 @@ OPENSSL_cleanup(void) crypto_init_cleaned_up = 1; } LCRYPTO_ALIAS(OPENSSL_cleanup); + +void +OpenSSL_add_all_ciphers(void) +{ +} + +void +OpenSSL_add_all_digests(void) +{ +} + +void +OPENSSL_add_all_algorithms_noconf(void) +{ +} + +void +OPENSSL_add_all_algorithms_conf(void) +{ + OPENSSL_config(NULL); +} diff --git a/crypto/crypto_local.h b/crypto/crypto_local.h new file mode 100644 index 00000000..970a7846 --- /dev/null +++ b/crypto/crypto_local.h @@ -0,0 +1,138 @@ +/* $OpenBSD: crypto_local.h,v 1.1 2024/03/02 11:37:13 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include +#include +#include + +#ifndef HEADER_CRYPTO_LOCAL_H +#define HEADER_CRYPTO_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +struct crypto_threadid_st { + void *ptr; + unsigned long val; +} /* CRYPTO_THREADID */; + +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); + +__END_HIDDEN_DECLS + +#endif diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c deleted file mode 100644 index aba899fe..00000000 --- a/crypto/des/rand_key.c +++ /dev/null @@ -1,68 +0,0 @@ -/* $OpenBSD: rand_key.c,v 1.9 2023/07/08 07:11:07 beck Exp $ */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include - -int -DES_random_key(DES_cblock *ret) -{ - do { - arc4random_buf(ret, sizeof(DES_cblock)); - DES_set_odd_parity(ret); - } while (DES_is_weak_key(ret)); - return (1); -} diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 91116c4d..8ae40a81 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: set_key.c,v 1.23 2023/07/08 07:34:34 jsing Exp $ */ +/* $OpenBSD: set_key.c,v 1.26 2023/12/20 06:30:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,14 +56,10 @@ * [including the GNU Public Licence.] */ -/* set_key.c v 1.4 eay 24/9/91 - * 1.4 Speed up by 400% :-) - * 1.3 added register declarations. - * 1.2 unrolled make_key_sched a bit more - * 1.1 added norm_expand_bits - * 1.0 First working version - */ +#include + #include + #include "des_local.h" int DES_check_key = 0; /* defaults to false */ @@ -398,10 +394,13 @@ DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) { return (DES_set_key(key, schedule)); } -/* -#undef des_fixup_key_parity -void des_fixup_key_parity(des_cblock *key) - { - des_set_odd_parity(key); - } -*/ + +int +DES_random_key(DES_cblock *ret) +{ + do { + arc4random_buf(ret, sizeof(DES_cblock)); + DES_set_odd_parity(ret); + } while (DES_is_weak_key(ret)); + return (1); +} diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 43beb469..d51a5bea 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_ameth.c,v 1.39 2023/08/12 07:59:48 tb Exp $ */ +/* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -523,8 +523,8 @@ dh_pkey_param_check(const EVP_PKEY *pkey) } const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { + .base_method = &dh_asn1_meth, .pkey_id = EVP_PKEY_DH, - .pkey_base_id = EVP_PKEY_DH, .pem_str = "DH", .info = "OpenSSL PKCS#3 DH method", diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 8d637876..d8698859 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_lib.c,v 1.41 2023/08/13 12:09:14 tb Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.43 2023/11/29 21:35:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,10 +65,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "dh_local.h" static const DH_METHOD *default_DH_method = NULL; @@ -101,10 +97,6 @@ DH_set_method(DH *dh, const DH_METHOD *meth) mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dh->engine); - dh->engine = NULL; -#endif dh->meth = meth; if (meth->init) meth->init(dh); @@ -133,24 +125,6 @@ DH_new_method(ENGINE *engine) dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; dh->references = 1; -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - DHerror(ERR_R_ENGINE_LIB); - goto err; - } - dh->engine = engine; - } else - dh->engine = ENGINE_get_default_DH(); - if (dh->engine != NULL) { - if ((dh->meth = ENGINE_get_DH(dh->engine)) == NULL) { - DHerror(ERR_R_ENGINE_LIB); - goto err; - } - dh->flags = dh->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; - } -#endif - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, dh, &dh->ex_data)) goto err; if (dh->meth->init != NULL && !dh->meth->init(dh)) @@ -178,9 +152,6 @@ DH_free(DH *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); @@ -259,7 +230,7 @@ LCRYPTO_ALIAS(DH_security_bits); ENGINE * DH_get0_engine(DH *dh) { - return dh->engine; + return NULL; } LCRYPTO_ALIAS(DH_get0_engine); diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h index 928f2c0c..22e22569 100644 --- a/crypto/dh/dh_local.h +++ b/crypto/dh/dh_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_local.h,v 1.3 2022/01/14 08:25:44 tb Exp $ */ +/* $OpenBSD: dh_local.h,v 1.4 2023/11/29 21:35:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -100,7 +100,6 @@ struct dh_st { int references; CRYPTO_EX_DATA ex_data; const DH_METHOD *meth; - ENGINE *engine; }; /* diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 7a598da2..ee90ffe7 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_pmeth.c,v 1.13 2022/11/26 16:08:51 tb Exp $ */ +/* $OpenBSD: dh_pmeth.c,v 1.16 2024/01/01 16:01:48 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -98,7 +98,7 @@ pkey_dh_init(EVP_PKEY_CTX *ctx) ctx->data = dctx; ctx->keygen_info = dctx->gentmp; ctx->keygen_info_count = 2; - + return 1; } @@ -109,7 +109,7 @@ pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) if (!pkey_dh_init(dst)) return 0; - sctx = src->data; + sctx = src->data; dctx = dst->data; dctx->prime_len = sctx->prime_len; dctx->generator = sctx->generator; @@ -149,11 +149,11 @@ pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return -2; } } - + static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - long lval; + long lval; char *ep; int len; @@ -189,25 +189,28 @@ pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - DH *dh = NULL; + DH *dh; DH_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb, cb; - int ret; + BN_GENCB *pcb = NULL; + BN_GENCB cb = {0}; + int ret = 0; - if (ctx->pkey_gencb) { + if ((dh = DH_new()) == NULL) + goto err; + if (ctx->pkey_gencb != NULL) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dh = DH_new(); - if (!dh) - return 0; - ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, - pcb); - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else - DH_free(dh); + } + if (!DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb)) + goto err; + if (!EVP_PKEY_assign_DH(pkey, dh)) + goto err; + dh = NULL; + + ret = 1; + err: + DH_free(dh); + return ret; } @@ -215,19 +218,29 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { DH *dh = NULL; + int ret = 0; if (ctx->pkey == NULL) { DHerror(DH_R_NO_PARAMETERS_SET); - return 0; + goto err; } - dh = DH_new(); - if (!dh) - return 0; - EVP_PKEY_assign_DH(pkey, dh); - /* Note: if error return, pkey is freed by parent routine */ + + if ((dh = DH_new()) == NULL) + goto err; + if (!EVP_PKEY_set1_DH(pkey, dh)) + goto err; + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DH_generate_key(pkey->pkey.dh); + goto err; + if (!DH_generate_key(dh)) + goto err; + + ret = 1; + + err: + DH_free(dh); + + return ret; } static int diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 4c20b45b..f9b6a9e7 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.55 2023/08/12 07:59:48 tb Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.57 2024/01/04 17:01:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -674,64 +674,60 @@ dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) } } -/* NB these are sorted in pkey_id order, lowest first */ - -const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { - { - .pkey_id = EVP_PKEY_DSA2, - .pkey_base_id = EVP_PKEY_DSA, - .pkey_flags = ASN1_PKEY_ALIAS - }, - - { - .pkey_id = EVP_PKEY_DSA1, - .pkey_base_id = EVP_PKEY_DSA, - .pkey_flags = ASN1_PKEY_ALIAS - }, - - { - .pkey_id = EVP_PKEY_DSA4, - .pkey_base_id = EVP_PKEY_DSA, - .pkey_flags = ASN1_PKEY_ALIAS - }, - - { - .pkey_id = EVP_PKEY_DSA3, - .pkey_base_id = EVP_PKEY_DSA, - .pkey_flags = ASN1_PKEY_ALIAS - }, - - { - .pkey_id = EVP_PKEY_DSA, - .pkey_base_id = EVP_PKEY_DSA, - - .pem_str = "DSA", - .info = "OpenSSL DSA method", - - .pub_decode = dsa_pub_decode, - .pub_encode = dsa_pub_encode, - .pub_cmp = dsa_pub_cmp, - .pub_print = dsa_pub_print, - - .priv_decode = dsa_priv_decode, - .priv_encode = dsa_priv_encode, - .priv_print = dsa_priv_print, - - .pkey_size = dsa_size, - .pkey_bits = dsa_bits, - .pkey_security_bits = dsa_security_bits, - - .param_decode = dsa_param_decode, - .param_encode = dsa_param_encode, - .param_missing = dsa_missing_parameters, - .param_copy = dsa_copy_parameters, - .param_cmp = dsa_cmp_parameters, - .param_print = dsa_param_print, - .sig_print = dsa_sig_print, - - .pkey_free = dsa_free, - .pkey_ctrl = dsa_pkey_ctrl, - .old_priv_decode = old_dsa_priv_decode, - .old_priv_encode = old_dsa_priv_encode - } +const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = { + .base_method = &dsa_asn1_meth, + .pkey_id = EVP_PKEY_DSA, + + .pem_str = "DSA", + .info = "OpenSSL DSA method", + + .pub_decode = dsa_pub_decode, + .pub_encode = dsa_pub_encode, + .pub_cmp = dsa_pub_cmp, + .pub_print = dsa_pub_print, + + .priv_decode = dsa_priv_decode, + .priv_encode = dsa_priv_encode, + .priv_print = dsa_priv_print, + + .pkey_size = dsa_size, + .pkey_bits = dsa_bits, + .pkey_security_bits = dsa_security_bits, + + .param_decode = dsa_param_decode, + .param_encode = dsa_param_encode, + .param_missing = dsa_missing_parameters, + .param_copy = dsa_copy_parameters, + .param_cmp = dsa_cmp_parameters, + .param_print = dsa_param_print, + .sig_print = dsa_sig_print, + + .pkey_free = dsa_free, + .pkey_ctrl = dsa_pkey_ctrl, + .old_priv_decode = old_dsa_priv_decode, + .old_priv_encode = old_dsa_priv_encode +}; + +const EVP_PKEY_ASN1_METHOD dsa1_asn1_meth = { + .base_method = &dsa_asn1_meth, + .pkey_id = EVP_PKEY_DSA1, + .pkey_flags = ASN1_PKEY_ALIAS, +}; + +const EVP_PKEY_ASN1_METHOD dsa2_asn1_meth = { + .base_method = &dsa_asn1_meth, + .pkey_id = EVP_PKEY_DSA2, + .pkey_flags = ASN1_PKEY_ALIAS, +}; + +const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth = { + .base_method = &dsa_asn1_meth, + .pkey_id = EVP_PKEY_DSA3, + .pkey_flags = ASN1_PKEY_ALIAS, +}; + +const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth = { + .base_method = &dsa_asn1_meth, + .pkey_id = EVP_PKEY_DSA4, + .pkey_flags = ASN1_PKEY_ALIAS, }; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 490c7e51..8b966871 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_gen.c,v 1.30 2023/07/08 14:28:15 beck Exp $ */ +/* $OpenBSD: dsa_gen.c,v 1.31 2024/03/02 09:33:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -357,25 +357,4 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, return ok; } -DSA * -DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), - void *cb_arg) -{ - BN_GENCB cb; - DSA *ret; - - if ((ret = DSA_new()) == NULL) - return NULL; - - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, &cb)) - return ret; - DSA_free(ret); - return NULL; -} -LCRYPTO_ALIAS(DSA_generate_parameters); - #endif diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index a9d2179a..65eb6528 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_lib.c,v 1.44 2023/08/12 06:14:36 tb Exp $ */ +/* $OpenBSD: dsa_lib.c,v 1.46 2023/11/29 21:35:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,9 +70,6 @@ #ifndef OPENSSL_NO_DH #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include "dh_local.h" #include "dsa_local.h" @@ -113,10 +110,6 @@ DSA_set_method(DSA *dsa, const DSA_METHOD *meth) mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dsa->engine); - dsa->engine = NULL; -#endif dsa->meth = meth; if (meth->init) meth->init(dsa); @@ -138,24 +131,6 @@ DSA_new_method(ENGINE *engine) dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; dsa->references = 1; -#ifndef OPENSSL_NO_ENGINE - if (engine) { - if (!ENGINE_init(engine)) { - DSAerror(ERR_R_ENGINE_LIB); - goto err; - } - dsa->engine = engine; - } else - dsa->engine = ENGINE_get_default_DSA(); - if (dsa->engine != NULL) { - if ((dsa->meth = ENGINE_get_DSA(dsa->engine)) == NULL) { - DSAerror(ERR_R_ENGINE_LIB); - goto err; - } - dsa->flags = dsa->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - } -#endif - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, dsa, &dsa->ex_data)) goto err; if (dsa->meth->init != NULL && !dsa->meth->init(dsa)) @@ -184,9 +159,6 @@ DSA_free(DSA *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); @@ -425,7 +397,7 @@ LCRYPTO_ALIAS(DSA_set_flags); ENGINE * DSA_get0_engine(DSA *d) { - return d->engine; + return NULL; } LCRYPTO_ALIAS(DSA_get0_engine); diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h index a413db97..3e688b8c 100644 --- a/crypto/dsa/dsa_local.h +++ b/crypto/dsa/dsa_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_local.h,v 1.2 2023/03/04 20:54:52 tb Exp $ */ +/* $OpenBSD: dsa_local.h,v 1.3 2023/11/29 21:35:57 tb Exp $ */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * @@ -106,8 +106,6 @@ struct dsa_st { int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; } /* DSA */; int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 9b03a2fc..001bdec2 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_pmeth.c,v 1.17 2023/04/25 15:48:48 tb Exp $ */ +/* $OpenBSD: dsa_pmeth.c,v 1.19 2023/12/28 22:11:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -288,25 +288,30 @@ pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - DSA *dsa = NULL; + DSA *dsa; DSA_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb, cb; - int ret; + BN_GENCB *pcb = NULL; + BN_GENCB cb = {0}; + int ret = 0; - if (ctx->pkey_gencb) { + if ((dsa = DSA_new()) == NULL) + goto err; + if (ctx->pkey_gencb != NULL) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dsa = DSA_new(); - if (!dsa) - return 0; - ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, - NULL, 0, NULL, NULL, NULL, pcb); - if (ret) - EVP_PKEY_assign_DSA(pkey, dsa); - else - DSA_free(dsa); + } + if (!dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, NULL, pcb)) + goto err; + if (!EVP_PKEY_assign_DSA(pkey, dsa)) + goto err; + dsa = NULL; + + ret = 1; + + err: + DSA_free(dsa); + return ret; } @@ -314,19 +319,28 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { DSA *dsa = NULL; + int ret = 0; if (ctx->pkey == NULL) { DSAerror(DSA_R_NO_PARAMETERS_SET); - return 0; + goto err; } - dsa = DSA_new(); - if (!dsa) - return 0; - EVP_PKEY_assign_DSA(pkey, dsa); - /* Note: if error return, pkey is freed by parent routine */ + if ((dsa = DSA_new()) == NULL) + goto err; + if (!EVP_PKEY_set1_DSA(pkey, dsa)) + goto err; + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DSA_generate_key(pkey->pkey.dsa); + goto err; + if (!DSA_generate_key(dsa)) + goto err; + + ret = 1; + + err: + DSA_free(dsa); + + return ret; } const EVP_PKEY_METHOD dsa_pkey_meth = { diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 32486587..7ca5b180 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.45 2023/09/24 08:08:54 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.51 2024/01/04 17:01:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -264,8 +264,8 @@ eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) goto err; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); + X509_ALGOR_get0(NULL, &ptype, &pval, palg); if (!eckey_from_params(ptype, pval, &eckey)) goto err; @@ -301,69 +301,73 @@ eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } +static int +eckey_compute_pubkey(EC_KEY *eckey) +{ + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key = NULL; + int ret = 0; + + if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) + goto err; + if ((group = EC_KEY_get0_group(eckey)) == NULL) + goto err; + if ((pub_key = EC_POINT_new(group)) == NULL) + goto err; + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) + goto err; + if (!EC_KEY_set_public_key(eckey, pub_key)) + goto err; + pub_key = NULL; + + ret = 1; + + err: + EC_POINT_free(pub_key); + + return ret; +} + static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { - const unsigned char *p = NULL; + const unsigned char *priv = NULL; + int priv_len; const void *pval; - int ptype, pklen; + int ptype; EC_KEY *eckey = NULL; const X509_ALGOR *palg; + int ret = 0; - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); + if (!PKCS8_pkey_get0(NULL, &priv, &priv_len, &palg, p8)) + goto err; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); if (!eckey_from_params(ptype, pval, &eckey)) - goto ecliberr; + goto err; - /* We have parameters now set private key */ - if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { + /* Decode private key into eckey. */ + if (d2i_ECPrivateKey(&eckey, &priv, priv_len) == NULL) { ECerror(EC_R_DECODE_ERROR); - goto ecerr; + goto err; } - /* calculate public key (if necessary) */ + /* If public key was missing from SEC1 key, compute it. */ if (EC_KEY_get0_public_key(eckey) == NULL) { - const BIGNUM *priv_key; - const EC_GROUP *group; - EC_POINT *pub_key; - /* - * the public key was not included in the SEC1 private key => - * calculate the public key - */ - group = EC_KEY_get0_group(eckey); - pub_key = EC_POINT_new(group); - if (pub_key == NULL) { - ECerror(ERR_R_EC_LIB); - goto ecliberr; - } - if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { - EC_POINT_free(pub_key); - ECerror(ERR_R_EC_LIB); - goto ecliberr; - } - priv_key = EC_KEY_get0_private_key(eckey); - if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { - EC_POINT_free(pub_key); - ECerror(ERR_R_EC_LIB); - goto ecliberr; - } - if (EC_KEY_set_public_key(eckey, pub_key) == 0) { - EC_POINT_free(pub_key); - ECerror(ERR_R_EC_LIB); - goto ecliberr; - } - EC_POINT_free(pub_key); + if (!eckey_compute_pubkey(eckey)) + goto err; } - EVP_PKEY_assign_EC_KEY(pkey, eckey); - return 1; - ecliberr: - ECerror(ERR_R_EC_LIB); - ecerr: - if (eckey) - EC_KEY_free(eckey); - return 0; + if (!EVP_PKEY_assign_EC_KEY(pkey, eckey)) + goto err; + eckey = NULL; + + ret = 1; + + err: + EC_KEY_free(eckey); + + return ret; } static int @@ -547,63 +551,74 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) } static int -eckey_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) +eckey_param_decode(EVP_PKEY *pkey, const unsigned char **param, int param_len) { EC_KEY *eckey; - if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { - ECerror(ERR_R_EC_LIB); - return 0; - } - EVP_PKEY_assign_EC_KEY(pkey, eckey); - return 1; + int ret = 0; + + if ((eckey = d2i_ECParameters(NULL, param, param_len)) == NULL) + goto err; + if (!EVP_PKEY_assign_EC_KEY(pkey, eckey)) + goto err; + eckey = NULL; + + ret = 1; + + err: + EC_KEY_free(eckey); + + return ret; } static int -eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +eckey_param_encode(const EVP_PKEY *pkey, unsigned char **param) { - return i2d_ECParameters(pkey->pkey.ec, pder); + return i2d_ECParameters(pkey->pkey.ec, param); } static int -eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) +eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); } static int -eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) +eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); } static int -eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) +eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); } static int -old_ec_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) +old_ec_priv_decode(EVP_PKEY *pkey, const unsigned char **priv, int priv_len) { - EC_KEY *ec; - if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { - ECerror(EC_R_DECODE_ERROR); - return 0; - } - EVP_PKEY_assign_EC_KEY(pkey, ec); - return 1; + EC_KEY *eckey; + int ret = 0; + + if ((eckey = d2i_ECPrivateKey(NULL, priv, priv_len)) == NULL) + goto err; + if (!EVP_PKEY_assign_EC_KEY(pkey, eckey)) + goto err; + eckey = NULL; + + ret = 1; + + err: + EC_KEY_free(eckey); + + return ret; } static int -old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **priv) { - return i2d_ECPrivateKey(pkey->pkey.ec, pder); + return i2d_ECPrivateKey(pkey->pkey.ec, priv); } static int @@ -1034,8 +1049,8 @@ ecdh_cms_encrypt(CMS_RecipientInfo *ri) #endif const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { + .base_method = &eckey_asn1_meth, .pkey_id = EVP_PKEY_EC, - .pkey_base_id = EVP_PKEY_EC, .pem_str = "EC", .info = "OpenSSL EC algorithm", diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index d9ddd5d7..dd976898 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_key.c,v 1.37 2023/08/03 18:53:56 tb Exp $ */ +/* $OpenBSD: ec_key.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -65,9 +65,6 @@ #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include "bn_local.h" @@ -115,9 +112,6 @@ EC_KEY_free(EC_KEY *r) if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); EC_GROUP_free(r->group); @@ -138,11 +132,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (src->meth != dest->meth) { if (dest->meth != NULL && dest->meth->finish != NULL) dest->meth->finish(dest); -#ifndef OPENSSL_NO_ENGINE - if (ENGINE_finish(dest->engine) == 0) - return 0; - dest->engine = NULL; -#endif } /* copy the parameters */ if (src->group) { @@ -186,11 +175,6 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) return NULL; if (src->meth != dest->meth) { -#ifndef OPENSSL_NO_ENGINE - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - return 0; - dest->engine = src->engine; -#endif dest->meth = src->meth; } @@ -207,7 +191,7 @@ EC_KEY_dup(const EC_KEY *ec_key) { EC_KEY *ret; - if ((ret = EC_KEY_new_method(ec_key->engine)) == NULL) + if ((ret = EC_KEY_new_method(NULL)) == NULL) return NULL; if (EC_KEY_copy(ret, ec_key) == NULL) { EC_KEY_free(ret); diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 38aca002..856afc89 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_kmeth.c,v 1.12 2023/07/28 09:28:37 tb Exp $ */ +/* $OpenBSD: ec_kmeth.c,v 1.13 2023/11/19 15:46:09 tb Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -53,9 +53,6 @@ */ #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include "bn_local.h" @@ -126,11 +123,6 @@ EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) if (finish != NULL) finish(key); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(key->engine); - key->engine = NULL; -#endif - key->meth = meth; if (meth->init != NULL) return meth->init(key); @@ -148,23 +140,6 @@ EC_KEY_new_method(ENGINE *engine) return NULL; } ret->meth = EC_KEY_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - ECerror(ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_EC(); - if (ret->engine) { - ret->meth = ENGINE_get_EC(ret->engine); - if (ret->meth == NULL) { - ECerror(ERR_R_ENGINE_LIB); - goto err; - } - } -#endif ret->version = 1; ret->flags = 0; ret->group = NULL; diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index 3252eeb1..6ea78eaa 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.26 2023/07/28 15:50:33 tb Exp $ */ +/* $OpenBSD: ec_local.h,v 1.27 2023/11/29 21:35:57 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -223,7 +223,6 @@ struct ec_group_st { struct ec_key_st { const EC_KEY_METHOD *meth; - ENGINE *engine; int version; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index d3bf7e8c..16fc0764 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.19 2023/07/28 15:50:33 tb Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.21 2023/12/28 22:12:37 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -458,18 +458,25 @@ pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; int ret = 0; + if (dctx->gen_group == NULL) { ECerror(EC_R_NO_PARAMETERS_SET); - return 0; + goto err; } - ec = EC_KEY_new(); - if (!ec) - return 0; - ret = EC_KEY_set_group(ec, dctx->gen_group); - if (ret) - EVP_PKEY_assign_EC_KEY(pkey, ec); - else - EC_KEY_free(ec); + + if ((ec = EC_KEY_new()) == NULL) + goto err; + if (!EC_KEY_set_group(ec, dctx->gen_group)) + goto err; + if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) + goto err; + ec = NULL; + + ret = 1; + + err: + EC_KEY_free(ec); + return ret; } @@ -478,28 +485,35 @@ pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { EC_KEY *ec = NULL; EC_PKEY_CTX *dctx = ctx->data; + int ret = 0; if (ctx->pkey == NULL && dctx->gen_group == NULL) { ECerror(EC_R_NO_PARAMETERS_SET); - return 0; - } - ec = EC_KEY_new(); - if (ec == NULL) - return 0; - if (!EVP_PKEY_assign_EC_KEY(pkey, ec)) { - EC_KEY_free(ec); - return 0; + goto err; } - /* Note: if error is returned, we count on caller to free pkey->pkey.ec */ + + if ((ec = EC_KEY_new()) == NULL) + goto err; + if (!EVP_PKEY_set1_EC_KEY(pkey, ec)) + goto err; + if (ctx->pkey != NULL) { if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; + goto err; } else { if (!EC_KEY_set_group(ec, dctx->gen_group)) - return 0; + goto err; } - return EC_KEY_generate_key(ec); + if (!EC_KEY_generate_key(ec)) + goto err; + + ret = 1; + + err: + EC_KEY_free(ec); + + return ret; } const EVP_PKEY_METHOD ec_pkey_meth = { diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c index 312770f6..fcd15704 100644 --- a/crypto/ec/ec_print.c +++ b/crypto/ec/ec_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_print.c,v 1.13 2023/07/07 13:54:45 beck Exp $ */ +/* $OpenBSD: ec_print.c,v 1.14 2023/11/21 22:17:15 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -63,8 +63,7 @@ EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point, size_t buf_len = 0; unsigned char *buf; - buf_len = EC_POINT_point2oct(group, point, form, - NULL, 0, ctx); + buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); if (buf_len == 0) return NULL; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 6e89bfa7..2798d53d 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eck_prn.c,v 1.28 2023/07/07 13:54:45 beck Exp $ */ +/* $OpenBSD: eck_prn.c,v 1.30 2023/11/21 22:05:33 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -160,10 +160,6 @@ ECParameters_print(BIO *bp, const EC_KEY *x) } LCRYPTO_ALIAS(ECParameters_print); -static int -print_bin(BIO *fp, const char *str, const unsigned char *num, - size_t len, int off); - static int ecpk_print_asn1_parameters(BIO *bp, const EC_GROUP *group, int off) { @@ -289,8 +285,33 @@ ecpk_print_explicit_parameters(BIO *bp, const EC_GROUP *group, int off) if (!bn_printf(bp, cofactor, off, "Cofactor: ")) goto err; if ((seed = EC_GROUP_get0_seed(group)) != NULL) { + size_t i; + seed_len = EC_GROUP_get_seed_len(group); - if (!print_bin(bp, "Seed:", seed, seed_len, off)) + + /* XXX - ecx_buf_print() has a CBS version of this - dedup. */ + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "Seed:") <= 0) + goto err; + + for (i = 0; i < seed_len; i++) { + const char *sep = ":"; + + if (i % 15 == 0) { + if (BIO_printf(bp, "\n") <= 0) + goto err; + if (!BIO_indent(bp, off + 4, 128)) + goto err; + } + + if (i + 1 == seed_len) + sep = ""; + if (BIO_printf(bp, "%02x%s", seed[i], sep) <= 0) + goto err; + } + + if (BIO_printf(bp, "\n") <= 0) goto err; } @@ -316,38 +337,3 @@ ECPKParameters_print(BIO *bp, const EC_GROUP *group, int off) return ecpk_print_explicit_parameters(bp, group, off); } LCRYPTO_ALIAS(ECPKParameters_print); - -static int -print_bin(BIO *fp, const char *name, const unsigned char *buf, - size_t len, int off) -{ - size_t i; - char str[128]; - - if (buf == NULL) - return 1; - if (off) { - if (off > 128) - off = 128; - memset(str, ' ', off); - if (BIO_write(fp, str, off) <= 0) - return 0; - } - if (BIO_printf(fp, "%s", name) <= 0) - return 0; - - for (i = 0; i < len; i++) { - if ((i % 15) == 0) { - str[0] = '\n'; - memset(&(str[1]), ' ', off + 4); - if (BIO_write(fp, str, off + 1 + 4) <= 0) - return 0; - } - if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= 0) - return 0; - } - if (BIO_write(fp, "\n", 1) <= 0) - return 0; - - return 1; -} diff --git a/crypto/ec/ecx_methods.c b/crypto/ec/ecx_methods.c index 4bb8b786..cd512a44 100644 --- a/crypto/ec/ecx_methods.c +++ b/crypto/ec/ecx_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecx_methods.c,v 1.9 2023/07/22 19:33:25 tb Exp $ */ +/* $OpenBSD: ecx_methods.c,v 1.11 2024/01/04 17:01:26 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -27,6 +27,7 @@ #include "bytestring.h" #include "curve25519_internal.h" #include "evp_local.h" +#include "x509_local.h" /* * EVP PKEY and PKEY ASN.1 methods Ed25519 and X25519. @@ -729,16 +730,12 @@ static int ecx_item_sign(EVP_MD_CTX *md_ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *abs) { - ASN1_OBJECT *aobj; - - if ((aobj = OBJ_nid2obj(NID_ED25519)) == NULL) - return 0; - - if (!X509_ALGOR_set0(algor1, aobj, V_ASN1_UNDEF, NULL)) + if (!X509_ALGOR_set0_by_nid(algor1, NID_ED25519, V_ASN1_UNDEF, NULL)) return 0; if (algor2 != NULL) { - if (!X509_ALGOR_set0(algor2, aobj, V_ASN1_UNDEF, NULL)) + if (!X509_ALGOR_set0_by_nid(algor2, NID_ED25519, V_ASN1_UNDEF, + NULL)) return 0; } @@ -816,8 +813,8 @@ pkey_ecx_ed_ctrl(EVP_PKEY_CTX *pkey_ctx, int op, int arg1, void *arg2) } const EVP_PKEY_ASN1_METHOD x25519_asn1_meth = { + .base_method = &x25519_asn1_meth, .pkey_id = EVP_PKEY_X25519, - .pkey_base_id = EVP_PKEY_X25519, .pkey_flags = 0, .pem_str = "X25519", .info = "OpenSSL X25519 algorithm", @@ -854,8 +851,8 @@ const EVP_PKEY_METHOD x25519_pkey_meth = { }; const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { + .base_method = &ed25519_asn1_meth, .pkey_id = EVP_PKEY_ED25519, - .pkey_base_id = EVP_PKEY_ED25519, .pkey_flags = 0, .pem_str = "ED25519", .info = "OpenSSL ED25519 algorithm", diff --git a/crypto/engine/engine_stubs.c b/crypto/engine/engine_stubs.c index 3621da80..bd031e49 100644 --- a/crypto/engine/engine_stubs.c +++ b/crypto/engine/engine_stubs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine_stubs.c,v 1.1 2023/07/21 09:04:23 tb Exp $ */ +/* $OpenBSD: engine_stubs.c,v 1.3 2023/11/19 15:47:40 tb Exp $ */ /* * Written by Theo Buehler. Public domain. @@ -6,8 +6,6 @@ #include -#ifdef OPENSSL_NO_ENGINE - void ENGINE_load_builtin_engines(void) { @@ -95,7 +93,7 @@ ENGINE_set_default_RSA(ENGINE *engine) } int -ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p, +ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, void (*f)(void), int cmd_optional) { return 0; @@ -121,5 +119,3 @@ ENGINE_load_public_key(ENGINE *engine, const char *key_id, { return NULL; } - -#endif diff --git a/crypto/err/err.c b/crypto/err/err.c index 4b4be213..a7b13a54 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err.c,v 1.56 2023/07/28 10:23:19 tb Exp $ */ +/* $OpenBSD: err.c,v 1.60 2024/03/02 11:37:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -122,14 +122,29 @@ #include #include +#include "crypto_local.h" + DECLARE_LHASH_OF(ERR_STRING_DATA); DECLARE_LHASH_OF(ERR_STATE); typedef struct st_ERR_FNS ERR_FNS; +typedef struct err_state_st { + CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; + int err_data_flags[ERR_NUM_ERRORS]; + const char *err_file[ERR_NUM_ERRORS]; + int err_line[ERR_NUM_ERRORS]; + int top, bottom; +} ERR_STATE; + static void err_load_strings(int lib, ERR_STRING_DATA *str); +static ERR_STATE *ERR_get_state(void); static void ERR_STATE_free(ERR_STATE *s); + #ifndef OPENSSL_NO_ERR static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_NONE,0,0), "unknown library"}, @@ -328,17 +343,14 @@ err_string_data_cmp(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b) } static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) -static -LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) +static LHASH_OF(ERR_STRING_DATA) * +int_err_get(int create) { LHASH_OF(ERR_STRING_DATA) *ret = NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_error_hash && create) { - CRYPTO_push_info("int_err_get (err.c)"); + if (!int_error_hash && create) int_error_hash = lh_ERR_STRING_DATA_new(); - CRYPTO_pop_info(); - } if (int_error_hash) ret = int_error_hash; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); @@ -425,17 +437,14 @@ err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) } static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) -static -LHASH_OF(ERR_STATE) *int_thread_get(int create) +static LHASH_OF(ERR_STATE) * +int_thread_get(int create) { LHASH_OF(ERR_STATE) *ret = NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_thread_hash && create) { - CRYPTO_push_info("int_thread_get (err.c)"); + if (!int_thread_hash && create) int_thread_hash = lh_ERR_STATE_new(); - CRYPTO_pop_info(); - } if (int_thread_hash) { int_thread_hash_references++; ret = int_thread_hash; @@ -1026,7 +1035,7 @@ ERR_remove_state(unsigned long pid) } LCRYPTO_ALIAS(ERR_remove_state); -ERR_STATE * +static ERR_STATE * ERR_get_state(void) { static ERR_STATE fallback; @@ -1064,7 +1073,6 @@ ERR_get_state(void) } return ret; } -LCRYPTO_ALIAS(ERR_get_state); int ERR_get_next_error_library(void) diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 2c8a273f..56276abb 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_all.c,v 1.32 2023/07/28 09:46:36 tb Exp $ */ +/* $OpenBSD: err_all.c,v 1.34 2024/03/02 13:39:28 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -91,15 +91,9 @@ #ifndef OPENSSL_NO_EC #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #ifndef OPENSSL_NO_RSA #include #endif -#ifndef OPENSSL_NO_GOST -#include -#endif void ERR_load_ERR_strings_internal(void); @@ -129,9 +123,6 @@ ERR_load_crypto_strings_internal(void) #endif #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); -#endif -#ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings(); #endif ERR_load_EVP_strings(); #ifndef OPENSSL_NO_GOST diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index d60cfdcb..fb6e19c5 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: err_prn.c,v 1.20 2023/07/07 13:54:45 beck Exp $ */ +/* $OpenBSD: err_prn.c,v 1.23 2024/03/02 11:37:13 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include @@ -65,6 +66,7 @@ #include #include "bio_local.h" +#include "crypto_local.h" void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) @@ -93,12 +95,9 @@ LCRYPTO_ALIAS(ERR_print_errors_cb); static int print_fp(const char *str, size_t len, void *fp) { - BIO bio; - - BIO_set(&bio, BIO_s_file()); - BIO_set_fp(&bio, fp, BIO_NOCLOSE); - - return BIO_printf(&bio, "%s", str); + if (len > INT_MAX) + return -1; + return fprintf(fp, "%.*s", (int)len, str); } void @@ -111,7 +110,7 @@ LCRYPTO_ALIAS(ERR_print_errors_fp); static int print_bio(const char *str, size_t len, void *bp) { - return BIO_write((BIO *)bp, str, len); + return BIO_write(bp, str, len); } void diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index d2132adb..dd384007 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bio_enc.c,v 1.29 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: bio_enc.c,v 1.30 2024/02/18 15:44:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -115,7 +115,7 @@ enc_new(BIO *bi) ctx = malloc(sizeof(BIO_ENC_CTX)); if (ctx == NULL) return (0); - EVP_CIPHER_CTX_init(&ctx->cipher); + EVP_CIPHER_CTX_legacy_clear(&ctx->cipher); ctx->buf_len = 0; ctx->buf_off = 0; @@ -360,7 +360,7 @@ enc_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DUP: dbio = (BIO *)ptr; dctx = (BIO_ENC_CTX *)dbio->ptr; - EVP_CIPHER_CTX_init(&dctx->cipher); + EVP_CIPHER_CTX_legacy_clear(&dctx->cipher); ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); if (ret) dbio->init = 1; diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c deleted file mode 100644 index 871abe6e..00000000 --- a/crypto/evp/c_all.c +++ /dev/null @@ -1,329 +0,0 @@ -/* $OpenBSD: c_all.c,v 1.32 2023/07/24 10:24:58 jsing Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#include -#include -#include - -#include "cryptlib.h" - -static void -OpenSSL_add_all_ciphers_internal(void) -{ -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_cfb1()); - EVP_add_cipher(EVP_des_cfb8()); - EVP_add_cipher(EVP_des_ede_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb1()); - EVP_add_cipher(EVP_des_ede3_cfb8()); - - EVP_add_cipher(EVP_des_ofb()); - EVP_add_cipher(EVP_des_ede_ofb()); - EVP_add_cipher(EVP_des_ede3_ofb()); - - EVP_add_cipher(EVP_desx_cbc()); - EVP_add_cipher_alias(SN_desx_cbc, "DESX"); - EVP_add_cipher_alias(SN_desx_cbc, "desx"); - - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher_alias(SN_des_cbc, "DES"); - EVP_add_cipher_alias(SN_des_cbc, "des"); - EVP_add_cipher(EVP_des_ede_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); - EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); - EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher(EVP_des_ede3()); -#endif - -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); - EVP_add_cipher(EVP_rc4_40()); -#ifndef OPENSSL_NO_MD5 - EVP_add_cipher(EVP_rc4_hmac_md5()); -#endif -#endif - -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_ecb()); - EVP_add_cipher(EVP_idea_cfb()); - EVP_add_cipher(EVP_idea_ofb()); - EVP_add_cipher(EVP_idea_cbc()); - EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); - EVP_add_cipher_alias(SN_idea_cbc, "idea"); -#endif - -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_ecb()); - EVP_add_cipher(EVP_rc2_cfb()); - EVP_add_cipher(EVP_rc2_ofb()); - EVP_add_cipher(EVP_rc2_cbc()); - EVP_add_cipher(EVP_rc2_40_cbc()); - EVP_add_cipher(EVP_rc2_64_cbc()); - EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); - EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); -#endif - -#ifndef OPENSSL_NO_BF - EVP_add_cipher(EVP_bf_ecb()); - EVP_add_cipher(EVP_bf_cfb()); - EVP_add_cipher(EVP_bf_ofb()); - EVP_add_cipher(EVP_bf_cbc()); - EVP_add_cipher_alias(SN_bf_cbc, "BF"); - EVP_add_cipher_alias(SN_bf_cbc, "bf"); - EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); -#endif - -#ifndef OPENSSL_NO_CAST - EVP_add_cipher(EVP_cast5_ecb()); - EVP_add_cipher(EVP_cast5_cfb()); - EVP_add_cipher(EVP_cast5_ofb()); - EVP_add_cipher(EVP_cast5_cbc()); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast"); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); -#endif - -#ifndef OPENSSL_NO_AES - EVP_add_cipher(EVP_aes_128_ecb()); - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_128_cfb()); - EVP_add_cipher(EVP_aes_128_cfb1()); - EVP_add_cipher(EVP_aes_128_cfb8()); - EVP_add_cipher(EVP_aes_128_ofb()); - EVP_add_cipher(EVP_aes_128_ctr()); - EVP_add_cipher(EVP_aes_128_gcm()); - EVP_add_cipher(EVP_aes_128_wrap()); - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_192_ccm()); - EVP_add_cipher(EVP_aes_192_cfb()); - EVP_add_cipher(EVP_aes_192_cfb1()); - EVP_add_cipher(EVP_aes_192_cfb8()); - EVP_add_cipher(EVP_aes_192_ofb()); - EVP_add_cipher(EVP_aes_192_ctr()); - EVP_add_cipher(EVP_aes_192_gcm()); - EVP_add_cipher(EVP_aes_192_wrap()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_256_cfb()); - EVP_add_cipher(EVP_aes_256_cfb1()); - EVP_add_cipher(EVP_aes_256_cfb8()); - EVP_add_cipher(EVP_aes_256_ofb()); - EVP_add_cipher(EVP_aes_256_ctr()); - EVP_add_cipher(EVP_aes_256_gcm()); - EVP_add_cipher(EVP_aes_256_wrap()); - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -#endif -#endif - -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_ecb()); - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_128_cfb()); - EVP_add_cipher(EVP_camellia_128_cfb1()); - EVP_add_cipher(EVP_camellia_128_cfb8()); - EVP_add_cipher(EVP_camellia_128_ofb()); - EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); - EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); - EVP_add_cipher(EVP_camellia_192_ecb()); - EVP_add_cipher(EVP_camellia_192_cbc()); - EVP_add_cipher(EVP_camellia_192_cfb()); - EVP_add_cipher(EVP_camellia_192_cfb1()); - EVP_add_cipher(EVP_camellia_192_cfb8()); - EVP_add_cipher(EVP_camellia_192_ofb()); - EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); - EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); - EVP_add_cipher(EVP_camellia_256_ecb()); - EVP_add_cipher(EVP_camellia_256_cbc()); - EVP_add_cipher(EVP_camellia_256_cfb()); - EVP_add_cipher(EVP_camellia_256_cfb1()); - EVP_add_cipher(EVP_camellia_256_cfb8()); - EVP_add_cipher(EVP_camellia_256_ofb()); - EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); - EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); -#endif - -#ifndef OPENSSL_NO_CHACHA - EVP_add_cipher(EVP_chacha20()); -#endif -#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) - EVP_add_cipher(EVP_chacha20_poly1305()); -#endif - -#ifndef OPENSSL_NO_GOST - EVP_add_cipher(EVP_gost2814789_ecb()); - EVP_add_cipher(EVP_gost2814789_cfb64()); - EVP_add_cipher(EVP_gost2814789_cnt()); -#endif - -#ifndef OPENSSL_NO_SM4 - EVP_add_cipher(EVP_sm4_ecb()); - EVP_add_cipher(EVP_sm4_cbc()); - EVP_add_cipher(EVP_sm4_cfb()); - EVP_add_cipher(EVP_sm4_ofb()); - EVP_add_cipher(EVP_sm4_ctr()); - EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); - EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); -#endif -} - -void -OpenSSL_add_all_ciphers(void) -{ - static pthread_once_t add_all_ciphers_once = PTHREAD_ONCE_INIT; - (void) pthread_once(&add_all_ciphers_once, OpenSSL_add_all_ciphers_internal); -} - -static void -OpenSSL_add_all_digests_internal(void) -{ -#ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); -#endif - -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest(EVP_md5_sha1()); - EVP_add_digest_alias(SN_md5, "ssl2-md5"); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); -#endif - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - EVP_add_digest(EVP_sha1()); - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#endif - -#ifndef OPENSSL_NO_GOST - EVP_add_digest(EVP_gostr341194()); - EVP_add_digest(EVP_gost2814789imit()); - EVP_add_digest(EVP_streebog256()); - EVP_add_digest(EVP_streebog512()); -#endif -#ifndef OPENSSL_NO_RIPEMD - EVP_add_digest(EVP_ripemd160()); - EVP_add_digest_alias(SN_ripemd160, "ripemd"); - EVP_add_digest_alias(SN_ripemd160, "rmd160"); -#endif -#ifndef OPENSSL_NO_SHA256 - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); - EVP_add_digest(EVP_sha512_224()); - EVP_add_digest(EVP_sha512_256()); -#endif -#ifndef OPENSSL_NO_SHA3 - EVP_add_digest(EVP_sha3_224()); - EVP_add_digest(EVP_sha3_256()); - EVP_add_digest(EVP_sha3_384()); - EVP_add_digest(EVP_sha3_512()); -#endif -#ifndef OPENSSL_NO_SM3 - EVP_add_digest(EVP_sm3()); -#endif -#ifndef OPENSSL_NO_WHIRLPOOL - EVP_add_digest(EVP_whirlpool()); -#endif -} - -void -OpenSSL_add_all_digests(void) -{ - static pthread_once_t add_all_digests_once = PTHREAD_ONCE_INIT; - (void) pthread_once(&add_all_digests_once, OpenSSL_add_all_digests_internal); -} - -void -OPENSSL_add_all_algorithms_noconf(void) -{ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); -} - -void -OPENSSL_add_all_algorithms_conf(void) -{ - OPENSSL_add_all_algorithms_noconf(); - OPENSSL_config(NULL); -} diff --git a/crypto/evp/cipher_method_lib.c b/crypto/evp/cipher_method_lib.c deleted file mode 100644 index c3f510fc..00000000 --- a/crypto/evp/cipher_method_lib.c +++ /dev/null @@ -1,178 +0,0 @@ -/* $OpenBSD: cipher_method_lib.c,v 1.10 2023/07/07 19:37:53 beck Exp $ */ -/* - * Written by Richard Levitte (levitte@openssl.org) for the OpenSSL project - * 2015. - */ -/* ==================================================================== - * Copyright (c) 2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include - -#include "evp_local.h" - -EVP_CIPHER * -EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) -{ - EVP_CIPHER *cipher; - - if ((cipher = calloc(1, sizeof(*cipher))) == NULL) - return NULL; - - cipher->nid = cipher_type; - cipher->block_size = block_size; - cipher->key_len = key_len; - - return cipher; -} - -EVP_CIPHER * -EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) -{ - EVP_CIPHER *copy; - - if ((copy = calloc(1, sizeof(*copy))) == NULL) - return NULL; - - *copy = *cipher; - - return copy; -} - -void -EVP_CIPHER_meth_free(EVP_CIPHER *cipher) -{ - free(cipher); -} - -int -EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) -{ - cipher->iv_len = iv_len; - - return 1; -} - -int -EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) -{ - cipher->flags = flags; - - return 1; -} - -int -EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) -{ - cipher->ctx_size = ctx_size; - - return 1; -} - -int -EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc)) -{ - cipher->init = init; - - return 1; -} - -int -EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl)) -{ - cipher->do_cipher = do_cipher; - - return 1; -} - -int -EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup)(EVP_CIPHER_CTX *)) -{ - cipher->cleanup = cleanup; - - return 1; -} - -int -EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)) -{ - cipher->set_asn1_parameters = set_asn1_parameters; - - return 1; -} - -int -EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)) -{ - cipher->get_asn1_parameters = get_asn1_parameters; - - return 1; -} - -int -EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr)) -{ - cipher->ctrl = ctrl; - - return 1; -} diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 3d357f01..6ef3fb37 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_aes.c,v 1.54 2023/09/28 11:29:10 tb Exp $ */ +/* $OpenBSD: e_aes.c,v 1.56 2024/01/04 17:38:36 tb Exp $ */ /* ==================================================================== * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * @@ -2460,7 +2460,11 @@ aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, } if (iv != NULL) { - memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + int iv_len = EVP_CIPHER_CTX_iv_length(ctx); + + if (iv_len < 0 || iv_len > sizeof(ctx->iv)) + return 0; + memcpy(ctx->iv, iv, iv_len); wctx->iv = ctx->iv; } @@ -2546,7 +2550,6 @@ static const EVP_CIPHER aes_128_wrap = { .set_asn1_parameters = NULL, .get_asn1_parameters = NULL, .ctrl = aes_wrap_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -2568,7 +2571,6 @@ static const EVP_CIPHER aes_192_wrap = { .set_asn1_parameters = NULL, .get_asn1_parameters = NULL, .ctrl = aes_wrap_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -2590,7 +2592,6 @@ static const EVP_CIPHER aes_256_wrap = { .set_asn1_parameters = NULL, .get_asn1_parameters = NULL, .ctrl = aes_wrap_ctrl, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c deleted file mode 100644 index 09a73da7..00000000 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ /dev/null @@ -1,604 +0,0 @@ -/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.19 2023/07/07 19:37:53 beck Exp $ */ -/* ==================================================================== - * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) - -#include -#include -#include -#include - -#include "constant_time.h" -#include "evp_local.h" - -#define TLS1_1_VERSION 0x0302 - -typedef struct { - AES_KEY ks; - SHA_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ - union { - unsigned int tls_ver; - unsigned char tls_aad[16]; /* 13 used */ - } aux; -} EVP_AES_HMAC_SHA1; - -#define NO_PAYLOAD_LENGTH ((size_t)-1) - -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) - -#include "x86_arch.h" - -#if defined(__GNUC__) && __GNUC__>=2 -# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; }) -#endif - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); - -void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); - -#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) - -static int -aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - int ret; - - if (enc) - ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); - else - ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); - - SHA1_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return ret < 0 ? 0 : 1; -} - -#define STITCHED_CALL - -#if !defined(STITCHED_CALL) -#define aes_off 0 -#endif - -void sha1_block_data_order (void *c, const void *p, size_t len); - -static void -sha1_update(SHA_CTX *c, const void *data, size_t len) -{ - const unsigned char *ptr = data; - size_t res; - - if ((res = c->num)) { - res = SHA_CBLOCK - res; - if (len < res) - res = len; - SHA1_Update(c, ptr, res); - ptr += res; - len -= res; - } - - res = len % SHA_CBLOCK; - len -= res; - - if (len) { - sha1_block_data_order(c, ptr, len / SHA_CBLOCK); - - ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; - if (c->Nl < (unsigned int)len) - c->Nh++; - } - - if (res) - SHA1_Update(c, ptr, res); -} - -#ifdef SHA1_Update -#undef SHA1_Update -#endif -#define SHA1_Update sha1_update - -static int -aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - unsigned int l; - size_t plen = key->payload_length, - iv = 0, /* explicit IV in TLS 1.1 and later */ - sha_off = 0; -#if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA_CBLOCK - key->md.num; -#endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - - if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & - -AES_BLOCK_SIZE)) - return 0; - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - -#if defined(STITCHED_CALL) - if (plen > (sha_off + iv) && - (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { - SHA1_Update(&key->md, in + iv, sha_off); - - aesni_cbc_sha1_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); - blocks *= SHA_CBLOCK; - aes_off += blocks; - sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - sha_off = 0; - } -#endif - sha_off += iv; - SHA1_Update(&key->md, in + sha_off, plen - sha_off); - - if (plen != len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + aes_off, in + aes_off, - plen - aes_off); - - /* calculate HMAC and append it to payload */ - SHA1_Final(out + plen, &key->md); - key->md = key->tail; - SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH); - SHA1_Final(out + plen, &key->md); - - /* pad the payload|hmac */ - plen += SHA_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) - out[plen] = l; - - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, - len - aes_off, &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, - len - aes_off, &key->ks, ctx->iv, 1); - } - } else { - union { - unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; - unsigned char c[32 + SHA_DIGEST_LENGTH]; - } mac, *pmac; - - /* arrange cache line alignment */ - pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); - - /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); - - if (plen == 0 || plen == NO_PAYLOAD_LENGTH) { - SHA1_Update(&key->md, out, len); - } else if (plen < 4) { - return 0; - } else { /* "TLS" mode of operation */ - size_t inp_len, mask, j, i; - unsigned int res, maxpad, pad, bitlen; - int ret = 1; - union { - unsigned int u[SHA_LBLOCK]; - unsigned char c[SHA_CBLOCK]; - } - *data = (void *)key->md.data; - - if ((key->aux.tls_aad[plen - 4] << 8 | - key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - - if (len < (iv + SHA_DIGEST_LENGTH + 1)) - return 0; - - /* omit explicit iv */ - out += iv; - len -= iv; - - /* figure out payload length */ - pad = out[len - 1]; - maxpad = len - (SHA_DIGEST_LENGTH + 1); - maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); - maxpad &= 255; - - ret &= constant_time_ge(maxpad, pad); - - inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> - (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; - - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; - - /* calculate HMAC */ - key->md = key->head; - SHA1_Update(&key->md, key->aux.tls_aad, plen); - -#if 1 - len -= SHA_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA_CBLOCK)) { - j = (len - (256 + SHA_CBLOCK)) & - (0 - SHA_CBLOCK); - j += SHA_CBLOCK - key->md.num; - SHA1_Update(&key->md, out, j); - out += j; - len -= j; - inp_len -= j; - } - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -#ifdef BSWAP - bitlen = BSWAP(bitlen); -#else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; -#endif - - pmac->u[0] = 0; - pmac->u[1] = 0; - pmac->u[2] = 0; - pmac->u[3] = 0; - pmac->u[4] = 0; - - for (res = key->md.num, j = 0; j < len; j++) { - size_t c = out[j]; - mask = (j - inp_len) >> (sizeof(j) * 8 - 8); - c &= mask; - c |= 0x80 & ~mask & - ~((inp_len - j) >> (sizeof(j) * 8 - 8)); - data->c[res++] = (unsigned char)c; - - if (res != SHA_CBLOCK) - continue; - - /* j is not incremented yet */ - mask = 0 - ((inp_len + 7 - j) >> - (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen&mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 72) >> - (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - res = 0; - } - - for (i = res; i < SHA_CBLOCK; i++, j++) - data->c[i] = 0; - - if (res > SHA_CBLOCK - 8) { - mask = 0 - ((inp_len + 8 - j) >> - (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 73) >> - (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - - memset(data, 0, SHA_CBLOCK); - j += 64; - } - data->u[SHA_LBLOCK - 1] = bitlen; - sha1_block_data_order(&key->md, data, 1); - mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - -#ifdef BSWAP - pmac->u[0] = BSWAP(pmac->u[0]); - pmac->u[1] = BSWAP(pmac->u[1]); - pmac->u[2] = BSWAP(pmac->u[2]); - pmac->u[3] = BSWAP(pmac->u[3]); - pmac->u[4] = BSWAP(pmac->u[4]); -#else - for (i = 0; i < 5; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); - pmac->c[4 * i + 1] = (unsigned char)(res >> 16); - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } -#endif - len += SHA_DIGEST_LENGTH; -#else - SHA1_Update(&key->md, out, inp_len); - res = key->md.num; - SHA1_Final(pmac->c, &key->md); - - { - unsigned int inp_blocks, pad_blocks; - - /* but pretend as if we hashed padded payload */ - inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >> - (sizeof(res) * 8 - 1)); - res += (unsigned int)(len - inp_len); - pad_blocks = res / SHA_CBLOCK; - res %= SHA_CBLOCK; - pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >> - (sizeof(res) * 8 - 1)); - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, - data, 1); - } -#endif - key->md = key->tail; - SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); - SHA1_Final(pmac->c, &key->md); - - /* verify HMAC */ - out += inp_len; - len -= inp_len; -#if 1 - { - unsigned char *p = - out + len - 1 - maxpad - SHA_DIGEST_LENGTH; - size_t off = out - p; - unsigned int c, cmask; - - maxpad += SHA_DIGEST_LENGTH; - for (res = 0, i = 0, j = 0; j < maxpad; j++) { - c = p[j]; - cmask = ((int)(j - off - - SHA_DIGEST_LENGTH)) >> - (sizeof(int) * 8 - 1); - res |= (c ^ pad) & ~cmask; /* ... and padding */ - cmask &= ((int)(off - 1 - j)) >> - (sizeof(int) * 8 - 1); - res |= (c ^ pmac->c[i]) & cmask; - i += 1 & cmask; - } - maxpad -= SHA_DIGEST_LENGTH; - - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } -#else - for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - - /* verify padding */ - pad = (pad & ~res) | (maxpad & res); - out = out + len - 1 - pad; - for (res = 0, i = 0; i < pad; i++) - res |= out[i] ^ pad; - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; -#endif - return ret; - } - } - - return 1; -} - -static int -aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - SHA1_Init(&key->head); - SHA1_Update(&key->head, ptr, arg); - SHA1_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - SHA1_Init(&key->head); - SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA1_Init(&key->tail); - SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - explicit_bzero(hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - /* RFC 5246, 6.2.3.3: additional data has length 13 */ - if (arg != 13) - return -1; - - len = p[arg - 2] << 8 | p[arg - 1]; - - if (ctx->encrypt) { - key->payload_length = len; - if ((key->aux.tls_ver = p[arg - 4] << 8 | - p[arg - 3]) >= TLS1_1_VERSION) { - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA1_Update(&key->md, p, arg); - - return (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); - } else { - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; - - return SHA_DIGEST_LENGTH; - } - } - default: - return -1; - } -} - -static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -#ifdef NID_aes_128_cbc_hmac_sha1 - .nid = NID_aes_128_cbc_hmac_sha1, -#else - .nid = NID_undef, -#endif - .block_size = 16, - .key_len = 16, - .iv_len = 16, - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER, - .init = aesni_cbc_hmac_sha1_init_key, - .do_cipher = aesni_cbc_hmac_sha1_cipher, - .ctx_size = sizeof(EVP_AES_HMAC_SHA1), - .ctrl = aesni_cbc_hmac_sha1_ctrl -}; - -static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -#ifdef NID_aes_256_cbc_hmac_sha1 - .nid = NID_aes_256_cbc_hmac_sha1, -#else - .nid = NID_undef, -#endif - .block_size = 16, - .key_len = 32, - .iv_len = 16, - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER, - .init = aesni_cbc_hmac_sha1_init_key, - .do_cipher = aesni_cbc_hmac_sha1_cipher, - .ctx_size = sizeof(EVP_AES_HMAC_SHA1), - .ctrl = aesni_cbc_hmac_sha1_ctrl -}; - -const EVP_CIPHER * -EVP_aes_128_cbc_hmac_sha1(void) -{ - return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ? - &aesni_128_cbc_hmac_sha1_cipher : NULL; -} - -const EVP_CIPHER * -EVP_aes_256_cbc_hmac_sha1(void) -{ - return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ? - &aesni_256_cbc_hmac_sha1_cipher : NULL; -} -#else -const EVP_CIPHER * -EVP_aes_128_cbc_hmac_sha1(void) -{ - return NULL; -} - -const EVP_CIPHER * -EVP_aes_256_cbc_hmac_sha1(void) -{ - return NULL; -} -#endif -#endif diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index 9146a531..90a589c6 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_bf.c,v 1.17 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_bf.c,v 1.18 2024/01/04 17:38:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -170,7 +170,6 @@ static const EVP_CIPHER bf_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -192,7 +191,6 @@ static const EVP_CIPHER bf_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -214,7 +212,6 @@ static const EVP_CIPHER bf_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -236,7 +233,6 @@ static const EVP_CIPHER bf_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index cec7649e..6d9bedbb 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_camellia.c,v 1.18 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_camellia.c,v 1.19 2024/01/04 17:38:36 tb Exp $ */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * @@ -171,7 +171,6 @@ static const EVP_CIPHER camellia_128_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -193,7 +192,6 @@ static const EVP_CIPHER camellia_128_cfb128 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -215,7 +213,6 @@ static const EVP_CIPHER camellia_128_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -237,7 +234,6 @@ static const EVP_CIPHER camellia_128_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -329,7 +325,6 @@ static const EVP_CIPHER camellia_192_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -351,7 +346,6 @@ static const EVP_CIPHER camellia_192_cfb128 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -373,7 +367,6 @@ static const EVP_CIPHER camellia_192_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -395,7 +388,6 @@ static const EVP_CIPHER camellia_192_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -487,7 +479,6 @@ static const EVP_CIPHER camellia_256_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -509,7 +500,6 @@ static const EVP_CIPHER camellia_256_cfb128 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -531,7 +521,6 @@ static const EVP_CIPHER camellia_256_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -553,7 +542,6 @@ static const EVP_CIPHER camellia_256_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -597,7 +585,6 @@ static const EVP_CIPHER camellia_128_cfb1 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -641,7 +628,6 @@ static const EVP_CIPHER camellia_192_cfb1 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -685,7 +671,6 @@ static const EVP_CIPHER camellia_256_cfb1 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -728,7 +713,6 @@ static const EVP_CIPHER camellia_128_cfb8 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -770,7 +754,6 @@ static const EVP_CIPHER camellia_192_cfb8 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -812,7 +795,6 @@ static const EVP_CIPHER camellia_256_cfb8 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index a0e52dfd..5c3e5048 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_cast.c,v 1.16 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_cast.c,v 1.17 2024/01/04 17:38:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -170,7 +170,6 @@ static const EVP_CIPHER cast5_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -192,7 +191,6 @@ static const EVP_CIPHER cast5_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -214,7 +212,6 @@ static const EVP_CIPHER cast5_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -236,7 +233,6 @@ static const EVP_CIPHER cast5_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_chacha20poly1305.c b/crypto/evp/e_chacha20poly1305.c index 4a393c24..796824ae 100644 --- a/crypto/evp/e_chacha20poly1305.c +++ b/crypto/evp/e_chacha20poly1305.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_chacha20poly1305.c,v 1.32 2023/09/28 11:29:10 tb Exp $ */ +/* $OpenBSD: e_chacha20poly1305.c,v 1.34 2023/12/30 18:24:09 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing @@ -345,7 +345,7 @@ static const EVP_AEAD aead_chacha20_poly1305 = { }; const EVP_AEAD * -EVP_aead_chacha20_poly1305() +EVP_aead_chacha20_poly1305(void) { return &aead_chacha20_poly1305; } @@ -363,7 +363,7 @@ static const EVP_AEAD aead_xchacha20_poly1305 = { }; const EVP_AEAD * -EVP_aead_xchacha20_poly1305() +EVP_aead_xchacha20_poly1305(void) { return &aead_xchacha20_poly1305; } @@ -477,7 +477,7 @@ chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len > SIZE_MAX - cpx->in_len) { EVPerror(EVP_R_TOO_LARGE); - return 0; + return -1; } /* Disallow authenticated data after plaintext/ciphertext. */ diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index 64d098ca..7a0b24c1 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des.c,v 1.22 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_des.c,v 1.23 2024/01/04 17:38:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -234,7 +234,6 @@ static const EVP_CIPHER des_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -256,7 +255,6 @@ static const EVP_CIPHER des_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -278,7 +276,6 @@ static const EVP_CIPHER des_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -300,7 +297,6 @@ static const EVP_CIPHER des_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -322,7 +318,6 @@ static const EVP_CIPHER des_cfb1 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -344,7 +339,6 @@ static const EVP_CIPHER des_cfb8 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des_ctrl, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 3e6c5234..f283be29 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_des3.c,v 1.28 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_des3.c,v 1.29 2024/01/04 17:38:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -266,7 +266,6 @@ static const EVP_CIPHER des_ede_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -288,7 +287,6 @@ static const EVP_CIPHER des_ede_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -310,7 +308,6 @@ static const EVP_CIPHER des_ede_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -332,7 +329,6 @@ static const EVP_CIPHER des_ede_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -360,7 +356,6 @@ static const EVP_CIPHER des_ede3_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -382,7 +377,6 @@ static const EVP_CIPHER des_ede3_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -404,7 +398,6 @@ static const EVP_CIPHER des_ede3_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -426,7 +419,6 @@ static const EVP_CIPHER des_ede3_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -449,7 +441,6 @@ static const EVP_CIPHER des_ede3_cfb1 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -472,7 +463,6 @@ static const EVP_CIPHER des_ede3_cfb8 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = des3_ctrl, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_gost2814789.c b/crypto/evp/e_gost2814789.c deleted file mode 100644 index 359cf5e4..00000000 --- a/crypto/evp/e_gost2814789.c +++ /dev/null @@ -1,315 +0,0 @@ -/* $OpenBSD: e_gost2814789.c,v 1.13 2023/07/07 19:37:53 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "evp_local.h" - -typedef struct { - GOST2814789_KEY ks; - int param_nid; -} EVP_GOST2814789_CTX; - -static int -gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); -} - -static int -gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - switch (type) { - case EVP_CTRL_PBE_PRF_NID: - if (ptr != NULL) { - *((int *)ptr) = NID_id_HMACGostR3411_94; - return 1; - } else { - return 0; - } - case EVP_CTRL_INIT: - /* Default value to have any s-box set at all */ - c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - return Gost2814789_set_sbox(&c->ks, c->param_nid); - case EVP_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&c->ks, arg); - default: - return -1; - } -} - -int -gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int len = 0; - unsigned char *buf = NULL; - unsigned char *p = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - ASN1_OCTET_STRING *os = NULL; - GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); - - if (gcp == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(ERR_R_ASN1_LIB); - return 0; - } - ASN1_OBJECT_free(gcp->enc_param_set); - gcp->enc_param_set = OBJ_nid2obj(c->param_nid); - - len = i2d_GOST_CIPHER_PARAMS(gcp, NULL); - p = buf = malloc(len); - if (buf == NULL) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_GOST_CIPHER_PARAMS(gcp, &p); - GOST_CIPHER_PARAMS_free(gcp); - - os = ASN1_OCTET_STRING_new(); - if (os == NULL) { - free(buf); - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (ASN1_OCTET_STRING_set(os, buf, len) == 0) { - ASN1_OCTET_STRING_free(os); - free(buf); - GOSTerror(ERR_R_ASN1_LIB); - return 0; - } - free(buf); - - ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); - return 1; -} - -int -gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) -{ - int ret = -1; - int len; - GOST_CIPHER_PARAMS *gcp = NULL; - EVP_GOST2814789_CTX *c = ctx->cipher_data; - unsigned char *p; - - if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) - return ret; - - p = params->value.sequence->data; - - gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, - params->value.sequence->length); - - len = gcp->iv->length; - if (len != ctx->cipher->iv_len) { - GOST_CIPHER_PARAMS_free(gcp); - GOSTerror(GOST_R_INVALID_IV_LENGTH); - return -1; - } - - if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) { - GOST_CIPHER_PARAMS_free(gcp); - return -1; - } - c->param_nid = OBJ_obj2nid(gcp->enc_param_set); - - memcpy(ctx->oiv, gcp->iv->data, len); - memcpy(ctx->iv, gcp->iv->data, len); - - GOST_CIPHER_PARAMS_free(gcp); - - return 1; -} - -static int -gost2814789_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) -{ - size_t i, bl; - - bl = ctx->cipher->block_size; - - if (inl < bl) - return 1; - - inl -= bl; - - for (i = 0; i <= inl; i += bl) - Gost2814789_ecb_encrypt(in + i, out + i, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->encrypt); - - return 1; -} - -static int -gost2814789_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) -{ - size_t chunk = EVP_MAXCHUNK; - - if (inl < chunk) - chunk = inl; - - while (inl && inl >= chunk) { - Gost2814789_cfb64_encrypt(in, out, chunk, &((EVP_GOST2814789_CTX *)ctx->cipher_data)->ks, ctx->iv, &ctx->num, ctx->encrypt); - inl -= chunk; - in += chunk; - out += chunk; - if (inl < chunk) - chunk = inl; - } - - return 1; -} - -static int -gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - EVP_GOST2814789_CTX *c = ctx->cipher_data; - - while (inl >= EVP_MAXCHUNK) { - Gost2814789_cnt_encrypt(in, out, EVP_MAXCHUNK, &c->ks, - ctx->iv, ctx->buf, &ctx->num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - - if (inl) - Gost2814789_cnt_encrypt(in, out, inl, &c->ks, ctx->iv, ctx->buf, - &ctx->num); - return 1; -} - -/* gost89 is CFB-64 */ -#define NID_gost89_cfb64 NID_id_Gost28147_89 - -static const EVP_CIPHER gost2814789_ecb = { - .nid = NID_gost89_ecb, - .block_size = 8, - .key_len = 32, - .iv_len = 0, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_ECB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_ecb_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, - .app_data = NULL, -}; - -const EVP_CIPHER * -EVP_gost2814789_ecb(void) -{ - return &gost2814789_ecb; -} - -static const EVP_CIPHER gost2814789_cfb64 = { - .nid = NID_gost89_cfb64, - .block_size = 1, - .key_len = 32, - .iv_len = 8, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_CFB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_cfb64_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, - .app_data = NULL, -}; - -const EVP_CIPHER * -EVP_gost2814789_cfb64(void) -{ - return &gost2814789_cfb64; -} - -static const EVP_CIPHER gost2814789_cnt = { - .nid = NID_gost89_cnt, - .block_size = 1, - .key_len = 32, - .iv_len = 8, - .flags = EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT | EVP_CIPH_OFB_MODE, - .init = gost2814789_init_key, - .do_cipher = gost2814789_cnt_cipher, - .cleanup = NULL, - .ctx_size = sizeof(EVP_GOST2814789_CTX), - .set_asn1_parameters = gost2814789_set_asn1_params, - .get_asn1_parameters = gost2814789_get_asn1_params, - .ctrl = gost2814789_ctl, - .app_data = NULL, -}; - -const EVP_CIPHER * -EVP_gost2814789_cnt(void) -{ - return &gost2814789_cnt; -} -#endif diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index b2129dc9..025a1f50 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_idea.c,v 1.20 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_idea.c,v 1.21 2024/01/04 17:38:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -189,7 +189,6 @@ static const EVP_CIPHER idea_cbc = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -211,7 +210,6 @@ static const EVP_CIPHER idea_cfb64 = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -233,7 +231,6 @@ static const EVP_CIPHER idea_ofb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * @@ -255,7 +252,6 @@ static const EVP_CIPHER idea_ecb = { .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index f30c207f..be46c1cc 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_null.c,v 1.18 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_null.c,v 1.20 2024/01/07 15:42:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -70,17 +70,18 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); static const EVP_CIPHER n_cipher = { - NID_undef, - 1, 0, 0, - 0, - null_init_key, - null_cipher, - NULL, - 0, - NULL, - NULL, - NULL, - NULL + .nid = NID_undef, + .block_size = 1, + .key_len = 0, + .iv_len = 0, + .flags = 0, + .init = null_init_key, + .do_cipher = null_cipher, + .cleanup = NULL, + .ctx_size = 0, + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 32559e22..0a195511 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc2.c,v 1.22 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_rc2.c,v 1.27 2024/01/07 15:42:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,7 +172,6 @@ static const EVP_CIPHER rc2_cbc = { .set_asn1_parameters = rc2_set_asn1_type_and_iv, .get_asn1_parameters = rc2_get_asn1_type_and_iv, .ctrl = rc2_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -194,7 +193,6 @@ static const EVP_CIPHER rc2_cfb64 = { .set_asn1_parameters = rc2_set_asn1_type_and_iv, .get_asn1_parameters = rc2_get_asn1_type_and_iv, .ctrl = rc2_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -216,7 +214,6 @@ static const EVP_CIPHER rc2_ofb = { .set_asn1_parameters = rc2_set_asn1_type_and_iv, .get_asn1_parameters = rc2_get_asn1_type_and_iv, .ctrl = rc2_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -238,7 +235,6 @@ static const EVP_CIPHER rc2_ecb = { .set_asn1_parameters = rc2_set_asn1_type_and_iv, .get_asn1_parameters = rc2_get_asn1_type_and_iv, .ctrl = rc2_ctrl, - .app_data = NULL, }; const EVP_CIPHER * @@ -252,31 +248,33 @@ EVP_rc2_ecb(void) #define RC2_128_MAGIC 0x3a static const EVP_CIPHER r2_64_cbc_cipher = { - NID_rc2_64_cbc, - 8, 8 /* 64 bit */, 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL + .nid = NID_rc2_64_cbc, + .block_size = 8, + .key_len = 8, + .iv_len = 8, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + .init = rc2_init_key, + .do_cipher = rc2_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, }; static const EVP_CIPHER r2_40_cbc_cipher = { - NID_rc2_40_cbc, - 8, 5 /* 40 bit */, 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL + .nid = NID_rc2_40_cbc, + .block_size = 8, + .key_len = 5, + .iv_len = 8, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + .init = rc2_init_key, + .do_cipher = rc2_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC2_KEY), + .set_asn1_parameters = rc2_set_asn1_type_and_iv, + .get_asn1_parameters = rc2_get_asn1_type_and_iv, + .ctrl = rc2_ctrl, }; const EVP_CIPHER * @@ -338,17 +336,17 @@ rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) long num = 0; int i = 0; int key_bits; - unsigned int l; + int l; unsigned char iv[EVP_MAX_IV_LENGTH]; if (type != NULL) { l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(iv)) { + if (l < 0 || l > sizeof(iv)) { EVPerror(EVP_R_IV_TOO_LARGE); return -1; } i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); - if (i != (int)l) + if (i != l) return (-1); key_bits = rc2_magic_to_meth((int)num); if (!key_bits) @@ -373,6 +371,8 @@ rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (type != NULL) { num = rc2_meth_to_magic(c); j = EVP_CIPHER_CTX_iv_length(c); + if (j < 0 || j > sizeof(c->oiv)) + return 0; i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); } return (i); diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index 2503d370..c0f12fb0 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_rc4.c,v 1.17 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_rc4.c,v 1.19 2024/01/07 15:42:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,31 +83,33 @@ static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl); static const EVP_CIPHER r4_cipher = { - NID_rc4, - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_VARIABLE_LENGTH, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL + .nid = NID_rc4, + .block_size = 1, + .key_len = EVP_RC4_KEY_SIZE, + .iv_len = 0, + .flags = EVP_CIPH_VARIABLE_LENGTH, + .init = rc4_init_key, + .do_cipher = rc4_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC4_KEY), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; static const EVP_CIPHER r4_40_cipher = { - NID_rc4_40, - 1, 5 /* 40 bit */, 0, - EVP_CIPH_VARIABLE_LENGTH, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL + .nid = NID_rc4_40, + .block_size = 1, + .key_len = 5, + .iv_len = 0, + .flags = EVP_CIPH_VARIABLE_LENGTH, + .init = rc4_init_key, + .do_cipher = rc4_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_RC4_KEY), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c deleted file mode 100644 index bcf8daea..00000000 --- a/crypto/evp/e_rc4_hmac_md5.c +++ /dev/null @@ -1,307 +0,0 @@ -/* $OpenBSD: e_rc4_hmac_md5.c,v 1.12 2023/07/07 19:37:53 beck Exp $ */ -/* ==================================================================== - * Copyright (c) 2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) - -#include -#include -#include -#include - -#include "evp_local.h" - -/* FIXME: surely this is available elsewhere? */ -#define EVP_RC4_KEY_SIZE 16 - -typedef struct { - RC4_KEY ks; - MD5_CTX head, tail, md; - size_t payload_length; -} EVP_RC4_HMAC_MD5; - -#define NO_PAYLOAD_LENGTH ((size_t)-1) - -void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); - -#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) - -static int -rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - - RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey); - - MD5_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) ) && \ - !(defined(__APPLE__) && defined(__MACH__)) -#define STITCHED_CALL -#include "x86_arch.h" -#endif - -#if !defined(STITCHED_CALL) -#define rc4_off 0 -#define md5_off 0 -#endif - -static int -rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); -#if defined(STITCHED_CALL) - size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ - md5_off = MD5_CBLOCK - key->md.num, - blocks; - unsigned int l; -#endif - size_t plen = key->payload_length; - - if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) - return 0; - - if (ctx->encrypt) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; -#if defined(STITCHED_CALL) - /* cipher has to "fall behind" */ - if (rc4_off > md5_off) - md5_off += MD5_CBLOCK; - - if (plen > md5_off && - (blocks = (plen - md5_off) / MD5_CBLOCK) && - (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) { - MD5_Update(&key->md, in, md5_off); - RC4(&key->ks, rc4_off, in, out); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, in + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - rc4_off = 0; - md5_off = 0; - } -#endif - MD5_Update(&key->md, in + md5_off, plen - md5_off); - - if (plen!=len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + rc4_off, in + rc4_off, - plen - rc4_off); - - /* calculate HMAC and append it to payload */ - MD5_Final(out + plen, &key->md); - key->md = key->tail; - MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH); - MD5_Final(out + plen, &key->md); - - /* encrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, out + rc4_off, - out + rc4_off); - } else { - RC4(&key->ks, len - rc4_off, in + rc4_off, - out + rc4_off); - } - } else { - unsigned char mac[MD5_DIGEST_LENGTH]; -#if defined(STITCHED_CALL) - /* digest has to "fall behind" */ - if (md5_off > rc4_off) - rc4_off += 2*MD5_CBLOCK; - else - rc4_off += MD5_CBLOCK; - - if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && - (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) { - RC4(&key->ks, rc4_off, in, out); - MD5_Update(&key->md, out, md5_off); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, out + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - l = (key->md.Nl + (blocks << 3)) & 0xffffffffU; - if (l < key->md.Nl) - key->md.Nh++; - key->md.Nl = l; - key->md.Nh += blocks >> 29; - } else { - md5_off = 0; - rc4_off = 0; - } -#endif - /* decrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); - if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - MD5_Update(&key->md, out + md5_off, plen - md5_off); - - /* calculate HMAC and verify it */ - MD5_Final(mac, &key->md); - key->md = key->tail; - MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); - MD5_Final(mac, &key->md); - - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) - return 0; - } else { - MD5_Update(&key->md, out + md5_off, len - md5_off); - } - } - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -static int -rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset (hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - MD5_Init(&key->head); - MD5_Update(&key->head, ptr, arg); - MD5_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - MD5_Init(&key->head); - MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - MD5_Init(&key->tail); - MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; - - if (!ctx->encrypt) { - if (len < MD5_DIGEST_LENGTH) - return -1; - len -= MD5_DIGEST_LENGTH; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->payload_length = len; - key->md = key->head; - MD5_Update(&key->md, p, arg); - - return MD5_DIGEST_LENGTH; - } - default: - return -1; - } -} - -static EVP_CIPHER r4_hmac_md5_cipher = { -#ifdef NID_rc4_hmac_md5 - NID_rc4_hmac_md5, -#else - NID_undef, -#endif - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER, - rc4_hmac_md5_init_key, - rc4_hmac_md5_cipher, - NULL, - sizeof(EVP_RC4_HMAC_MD5), - NULL, - NULL, - rc4_hmac_md5_ctrl, - NULL -}; - -const EVP_CIPHER * -EVP_rc4_hmac_md5(void) -{ - return (&r4_hmac_md5_cipher); -} -#endif diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c index c1664db3..85b4d3ca 100644 --- a/crypto/evp/e_sm4.c +++ b/crypto/evp/e_sm4.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_sm4.c,v 1.9 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_sm4.c,v 1.12 2024/01/04 17:38:36 tb Exp $ */ /* * Copyright (c) 2017, 2019 Ribose Inc * @@ -154,10 +154,9 @@ static const EVP_CIPHER sm4_cbc = { .do_cipher = sm4_cbc_cipher, .cleanup = NULL, .ctx_size = sizeof(EVP_SM4_KEY), - .set_asn1_parameters = 0, - .get_asn1_parameters = 0, - .ctrl = 0, - .app_data = NULL, + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * @@ -176,10 +175,9 @@ static const EVP_CIPHER sm4_cfb128 = { .do_cipher = sm4_cfb128_cipher, .cleanup = NULL, .ctx_size = sizeof(EVP_SM4_KEY), - .set_asn1_parameters = 0, - .get_asn1_parameters = 0, - .ctrl = 0, - .app_data = NULL, + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * @@ -198,10 +196,9 @@ static const EVP_CIPHER sm4_ofb = { .do_cipher = sm4_ofb_cipher, .cleanup = NULL, .ctx_size = sizeof(EVP_SM4_KEY), - .set_asn1_parameters = 0, - .get_asn1_parameters = 0, - .ctrl = 0, - .app_data = NULL, + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * @@ -220,10 +217,9 @@ static const EVP_CIPHER sm4_ecb = { .do_cipher = sm4_ecb_cipher, .cleanup = NULL, .ctx_size = sizeof(EVP_SM4_KEY), - .set_asn1_parameters = 0, - .get_asn1_parameters = 0, - .ctrl = 0, - .app_data = NULL, + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, }; const EVP_CIPHER * @@ -256,7 +252,6 @@ static const EVP_CIPHER sm4_ctr_mode = { .set_asn1_parameters = NULL, .get_asn1_parameters = NULL, .ctrl = NULL, - .app_data = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 32f9f2ea..dc01cbb9 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: e_xcbc_d.c,v 1.15 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: e_xcbc_d.c,v 1.17 2024/01/07 15:42:57 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -84,17 +84,18 @@ typedef struct { #define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) static const EVP_CIPHER d_xcbc_cipher = { - NID_desx_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - desx_cbc_init_key, - desx_cbc_cipher, - NULL, - sizeof(DESX_CBC_KEY), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL, - NULL + .nid = NID_desx_cbc, + .block_size = 8, + .key_len = 24, + .iv_len = 8, + .flags = EVP_CIPH_CBC_MODE, + .init = desx_cbc_init_key, + .do_cipher = desx_cbc_cipher, + .cleanup = NULL, + .ctx_size = sizeof(DESX_CBC_KEY), + .set_asn1_parameters = EVP_CIPHER_set_asn1_iv, + .get_asn1_parameters = EVP_CIPHER_get_asn1_iv, + .ctrl = NULL, }; const EVP_CIPHER * diff --git a/crypto/evp/evp_cipher.c b/crypto/evp/evp_cipher.c new file mode 100644 index 00000000..48aaea0f --- /dev/null +++ b/crypto/evp/evp_cipher.c @@ -0,0 +1,1177 @@ +/* $OpenBSD: evp_cipher.c,v 1.21 2024/03/02 09:55:30 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include + +#include +#include +#include + +#include "asn1_local.h" +#include "evp_local.h" + +int +EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) +{ + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); +} + +int +EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine, + const unsigned char *key, const unsigned char *iv, int enc) +{ + if (enc == -1) + enc = ctx->encrypt; + if (enc != 0) + enc = 1; + ctx->encrypt = enc; + + if (cipher == NULL && ctx->cipher == NULL) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; + } + + /* + * Set up cipher and context. Allocate cipher data and initialize ctx. + * On ctx reuse only retain encryption direction and key wrap flag. + */ + if (cipher != NULL) { + unsigned long flags = ctx->flags; + + EVP_CIPHER_CTX_cleanup(ctx); + ctx->encrypt = enc; + ctx->flags = flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; + + ctx->cipher = cipher; + ctx->key_len = cipher->key_len; + + if (ctx->cipher->ctx_size != 0) { + ctx->cipher_data = calloc(1, ctx->cipher->ctx_size); + if (ctx->cipher_data == NULL) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } + + if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) != 0) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + EVPerror(EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + } + + /* Block sizes must be a power of 2 due to the use of block_mask. */ + if (ctx->cipher->block_size != 1 && + ctx->cipher->block_size != 8 && + ctx->cipher->block_size != 16) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + + if ((ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) == 0 && + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { + EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED); + return 0; + } + + if ((EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV) == 0) { + int iv_len; + + switch (EVP_CIPHER_CTX_mode(ctx)) { + + case EVP_CIPH_STREAM_CIPHER: + case EVP_CIPH_ECB_MODE: + break; + + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: + + ctx->num = 0; + /* fall-through */ + + case EVP_CIPH_CBC_MODE: + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->oiv) || + iv_len > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + if (iv != NULL) + memcpy(ctx->oiv, iv, iv_len); + memcpy(ctx->iv, ctx->oiv, iv_len); + break; + + case EVP_CIPH_CTR_MODE: + ctx->num = 0; + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + /* Don't reuse IV for CTR mode */ + if (iv != NULL) + memcpy(ctx->iv, iv, iv_len); + break; + + default: + return 0; + break; + } + } + + if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT) != 0) { + if (!ctx->cipher->init(ctx, key, iv, enc)) + return 0; + } + + ctx->partial_len = 0; + ctx->final_used = 0; + + return 1; +} + +int +EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, + const unsigned char *in, int in_len) +{ + if (ctx->encrypt) + return EVP_EncryptUpdate(ctx, out, out_len, in, in_len); + + return EVP_DecryptUpdate(ctx, out, out_len, in, in_len); +} + +int +EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + if (ctx->encrypt) + return EVP_EncryptFinal_ex(ctx, out, out_len); + + return EVP_DecryptFinal_ex(ctx, out, out_len); +} + +int +EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + if (ctx->encrypt) + return EVP_EncryptFinal_ex(ctx, out, out_len); + + return EVP_DecryptFinal_ex(ctx, out, out_len); +} + +int +EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) +{ + return EVP_CipherInit(ctx, cipher, key, iv, 1); +} + +int +EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine, + const unsigned char *key, const unsigned char *iv) +{ + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1); +} + +/* + * EVP_Cipher() is an implementation detail of EVP_Cipher{Update,Final}(). + * Behavior depends on EVP_CIPH_FLAG_CUSTOM_CIPHER being set on ctx->cipher. + * + * If the flag is set, do_cipher() operates in update mode if in != NULL and + * in final mode if in == NULL. It returns the number of bytes written to out + * (which may be 0) or -1 on error. + * + * If the flag is not set, do_cipher() assumes properly aligned data and that + * padding is handled correctly by the caller. Most do_cipher() methods will + * silently produce garbage and succeed. Returns 1 on success, 0 on error. + */ +int +EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + unsigned int in_len) +{ + return ctx->cipher->do_cipher(ctx, out, in, in_len); +} + +static int +evp_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, + const unsigned char *in, int in_len) +{ + int len; + + *out_len = 0; + + if (in_len < 0) + return 0; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) { + if ((len = ctx->cipher->do_cipher(ctx, out, in, in_len)) < 0) + return 0; + + *out_len = len; + return 1; + } + + if (!ctx->cipher->do_cipher(ctx, out, in, in_len)) + return 0; + + *out_len = in_len; + + return 1; +} + +int +EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, + const unsigned char *in, int in_len) +{ + const int block_size = ctx->cipher->block_size; + const int block_mask = block_size - 1; + int partial_len = ctx->partial_len; + int len = 0, total_len = 0; + + *out_len = 0; + + if ((block_size & block_mask) != 0) + return 0; + + if (in_len < 0) + return 0; + + if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) + return 1; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) + return evp_cipher(ctx, out, out_len, in, in_len); + + if (partial_len == 0 && (in_len & block_mask) == 0) + return evp_cipher(ctx, out, out_len, in, in_len); + + if (partial_len < 0 || partial_len >= block_size || + block_size > sizeof(ctx->buf)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + + if (partial_len > 0) { + int partial_needed; + + if ((partial_needed = block_size - partial_len) > in_len) { + memcpy(&ctx->buf[partial_len], in, in_len); + ctx->partial_len += in_len; + return 1; + } + + /* + * Once the first partial_needed bytes from in are processed, + * the number of multiples of block_size of data remaining is + * (in_len - partial_needed) & ~block_mask. Ensure that this + * plus the block processed from ctx->buf doesn't overflow. + */ + if (((in_len - partial_needed) & ~block_mask) > INT_MAX - block_size) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + memcpy(&ctx->buf[partial_len], in, partial_needed); + + len = 0; + if (!evp_cipher(ctx, out, &len, ctx->buf, block_size)) + return 0; + total_len = len; + + in_len -= partial_needed; + in += partial_needed; + out += len; + } + + partial_len = in_len & block_mask; + if ((in_len -= partial_len) > 0) { + if (INT_MAX - in_len < total_len) + return 0; + len = 0; + if (!evp_cipher(ctx, out, &len, in, in_len)) + return 0; + if (INT_MAX - len < total_len) + return 0; + total_len += len; + } + + if ((ctx->partial_len = partial_len) > 0) + memcpy(ctx->buf, &in[in_len], partial_len); + + *out_len = total_len; + + return 1; +} + +int +EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + return EVP_EncryptFinal_ex(ctx, out, out_len); +} + +int +EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + const int block_size = ctx->cipher->block_size; + int partial_len = ctx->partial_len; + int pad; + + *out_len = 0; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) + return evp_cipher(ctx, out, out_len, NULL, 0); + + if (partial_len < 0 || partial_len >= block_size || + block_size > sizeof(ctx->buf)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + if (block_size == 1) + return 1; + + if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) { + if (partial_len != 0) { + EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + return 0; + } + return 1; + } + + pad = block_size - partial_len; + memset(&ctx->buf[partial_len], pad, pad); + + return evp_cipher(ctx, out, out_len, ctx->buf, block_size); +} + +int +EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) +{ + return EVP_CipherInit(ctx, cipher, key, iv, 0); +} + +int +EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *engine, + const unsigned char *key, const unsigned char *iv) +{ + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); +} + +int +EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len, + const unsigned char *in, int in_len) +{ + const int block_size = ctx->cipher->block_size; + const int block_mask = block_size - 1; + int len = 0, total_len = 0; + + *out_len = 0; + + if ((block_size & block_mask) != 0) + return 0; + + if (in_len < 0) + return 0; + + if (in_len == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) + return 1; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) + return evp_cipher(ctx, out, out_len, in, in_len); + + if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) + return EVP_EncryptUpdate(ctx, out, out_len, in, in_len); + + if (block_size > sizeof(ctx->final)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + + if (ctx->final_used) { + /* + * final_used is only set if partial_len is 0. Therefore the + * output from EVP_EncryptUpdate() is in_len & ~block_mask. + * Ensure (in_len & ~block_mask) + block_size doesn't overflow. + */ + if ((in_len & ~block_mask) > INT_MAX - block_size) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + memcpy(out, ctx->final, block_size); + out += block_size; + total_len = block_size; + } + + ctx->final_used = 0; + + len = 0; + if (!EVP_EncryptUpdate(ctx, out, &len, in, in_len)) + return 0; + + /* Keep copy of last block if a multiple of block_size was decrypted. */ + if (block_size > 1 && ctx->partial_len == 0) { + if (len < block_size) + return 0; + len -= block_size; + memcpy(ctx->final, &out[len], block_size); + ctx->final_used = 1; + } + + if (len > INT_MAX - total_len) + return 0; + total_len += len; + + *out_len = total_len; + + return 1; +} + +int +EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + return EVP_DecryptFinal_ex(ctx, out, out_len); +} + +int +EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) +{ + const int block_size = ctx->cipher->block_size; + int partial_len = ctx->partial_len; + int i, pad, plain_len; + + *out_len = 0; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0) + return evp_cipher(ctx, out, out_len, NULL, 0); + + if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) { + if (partial_len != 0) { + EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + return 0; + } + return 1; + } + + if (block_size == 1) + return 1; + + if (partial_len != 0 || !ctx->final_used) { + EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH); + return 0; + } + + if (block_size > sizeof(ctx->final)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + + pad = ctx->final[block_size - 1]; + if (pad <= 0 || pad > block_size) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + plain_len = block_size - pad; + for (i = plain_len; i < block_size; i++) { + if (ctx->final[i] != pad) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + } + + memcpy(out, ctx->final, plain_len); + *out_len = plain_len; + + return 1; +} + +EVP_CIPHER_CTX * +EVP_CIPHER_CTX_new(void) +{ + return calloc(1, sizeof(EVP_CIPHER_CTX)); +} + +void +EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_CIPHER_CTX_cleanup(ctx); + + free(ctx); +} + +void +EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +int +EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_CTX_cleanup(ctx); +} + +int +EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) +{ + return EVP_CIPHER_CTX_cleanup(ctx); +} + +int +EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx) +{ + if (ctx == NULL) + return 1; + + if (ctx->cipher != NULL) { + /* XXX - Avoid leaks, so ignore return value of cleanup()... */ + if (ctx->cipher->cleanup != NULL) + ctx->cipher->cleanup(ctx); + if (ctx->cipher_data != NULL) + explicit_bzero(ctx->cipher_data, ctx->cipher->ctx_size); + } + + /* XXX - store size of cipher_data so we can always freezero(). */ + free(ctx->cipher_data); + + explicit_bzero(ctx, sizeof(EVP_CIPHER_CTX)); + + return 1; +} + +int +EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + int ret; + + if (!ctx->cipher) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; + } + + if (!ctx->cipher->ctrl) { + EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + + ret = ctx->cipher->ctrl(ctx, type, arg, ptr); + if (ret == -1) { + EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } + return ret; +} + +int +EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +{ + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); + arc4random_buf(key, ctx->key_len); + return 1; +} + +int +EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) +{ + if (in == NULL || in->cipher == NULL) { + EVPerror(EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } + + EVP_CIPHER_CTX_cleanup(out); + memcpy(out, in, sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) { + out->cipher_data = calloc(1, in->cipher->ctx_size); + if (out->cipher_data == NULL) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { + if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, + 0, out)) { + /* + * If the custom copy control failed, assume that there + * may still be pointers copied in the cipher_data that + * we do not own. This may result in a leak from a bad + * custom copy control, but that's preferable to a + * double free... + */ + freezero(out->cipher_data, in->cipher->ctx_size); + out->cipher_data = NULL; + return 0; + } + } + + return 1; +} + +/* + * EVP_CIPHER_CTX accessors. + */ + +const EVP_CIPHER * +EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher; +} + +int +EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) +{ + return ctx->encrypt; +} + +int +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(iv, ctx->iv, len); + } + return 1; +} + +int +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(ctx->iv, iv, len); + } + return 1; +} + +unsigned char * +EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +{ + return ctx->buf; +} + +void * +EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +int +EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +{ + return ctx->key_len; +} + +int +EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx, int key_len) +{ + if (ctx->key_len == key_len) + return 1; + if (key_len > 0 && (ctx->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { + ctx->key_len = key_len; + return 1; + } + EVPerror(EVP_R_INVALID_KEY_LENGTH); + return 0; +} + +int +EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) +{ + if (pad) + ctx->flags &= ~EVP_CIPH_NO_PADDING; + else + ctx->flags |= EVP_CIPH_NO_PADDING; + return 1; +} + +void +EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags |= flags; +} + +void +EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags &= ~flags; +} + +int +EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) +{ + return (ctx->flags & flags); +} + +void * +EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher_data; +} + +void * +EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) +{ + void *old_cipher_data; + + old_cipher_data = ctx->cipher_data; + ctx->cipher_data = cipher_data; + + return old_cipher_data; +} + +/* + * EVP_CIPHER_CTX getters that reach into the cipher attached to the context. + */ + +int +EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->nid; +} + +int +EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->block_size; +} + +int +EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +{ + int iv_length = 0; + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0) + return ctx->cipher->iv_len; + + /* + * XXX - sanity would suggest to pass the size of the pointer along, + * but unfortunately we have to match the other crowd. + */ + if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, + &iv_length) != 1) + return -1; + + return iv_length; +} + +unsigned long +EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->flags; +} + +/* + * Used by CMS and its predecessors. Only GOST and RC2 have a custom method. + */ + +int +EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int iv_len; + + if (type == NULL) + return 0; + + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->oiv) || iv_len > sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; /* XXX */ + } + if (ASN1_TYPE_get_octetstring(type, ctx->oiv, iv_len) != iv_len) + return -1; + + if (iv_len > 0) + memcpy(ctx->iv, ctx->oiv, iv_len); + + return iv_len; +} + +int +EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + if (ctx->cipher->get_asn1_parameters != NULL) + return ctx->cipher->get_asn1_parameters(ctx, type); + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0) + return EVP_CIPHER_get_asn1_iv(ctx, type); + + return -1; +} + +int +EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + int iv_len; + + if (type == NULL) + return 0; + + iv_len = EVP_CIPHER_CTX_iv_length(ctx); + if (iv_len < 0 || iv_len > sizeof(ctx->oiv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + + return ASN1_TYPE_set_octetstring(type, ctx->oiv, iv_len); +} + +int +EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) +{ + if (ctx->cipher->set_asn1_parameters != NULL) + return ctx->cipher->set_asn1_parameters(ctx, type); + + if ((ctx->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) != 0) + return EVP_CIPHER_set_asn1_iv(ctx, type); + + return -1; +} + +/* Convert the various cipher NIDs and dummies to a proper OID NID */ +int +EVP_CIPHER_type(const EVP_CIPHER *cipher) +{ + ASN1_OBJECT *aobj; + int nid; + + nid = EVP_CIPHER_nid(cipher); + switch (nid) { + case NID_rc2_cbc: + case NID_rc2_64_cbc: + case NID_rc2_40_cbc: + return NID_rc2_cbc; + + case NID_rc4: + case NID_rc4_40: + return NID_rc4; + + case NID_aes_128_cfb128: + case NID_aes_128_cfb8: + case NID_aes_128_cfb1: + return NID_aes_128_cfb128; + + case NID_aes_192_cfb128: + case NID_aes_192_cfb8: + case NID_aes_192_cfb1: + return NID_aes_192_cfb128; + + case NID_aes_256_cfb128: + case NID_aes_256_cfb8: + case NID_aes_256_cfb1: + return NID_aes_256_cfb128; + + case NID_des_cfb64: + case NID_des_cfb8: + case NID_des_cfb1: + return NID_des_cfb64; + + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + return NID_des_cfb64; + + default: + /* Check it has an OID and it is valid */ + if (((aobj = OBJ_nid2obj(nid)) == NULL) || aobj->data == NULL) + nid = NID_undef; + + ASN1_OBJECT_free(aobj); + + return nid; + } +} + +/* + * Accessors. First the trivial getters, then the setters for the method API. + */ + +int +EVP_CIPHER_nid(const EVP_CIPHER *cipher) +{ + return cipher->nid; +} + +int +EVP_CIPHER_block_size(const EVP_CIPHER *cipher) +{ + return cipher->block_size; +} + +int +EVP_CIPHER_key_length(const EVP_CIPHER *cipher) +{ + return cipher->key_len; +} + +int +EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) +{ + return cipher->iv_len; +} + +unsigned long +EVP_CIPHER_flags(const EVP_CIPHER *cipher) +{ + return cipher->flags; +} + +EVP_CIPHER * +EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) +{ + EVP_CIPHER *cipher; + + if (cipher_type < 0 || key_len < 0) + return NULL; + + /* EVP_CipherInit() will fail for any other value. */ + if (block_size != 1 && block_size != 8 && block_size != 16) + return NULL; + + if ((cipher = calloc(1, sizeof(*cipher))) == NULL) + return NULL; + + cipher->nid = cipher_type; + cipher->block_size = block_size; + cipher->key_len = key_len; + + return cipher; +} + +EVP_CIPHER * +EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) +{ + EVP_CIPHER *copy; + + if ((copy = calloc(1, sizeof(*copy))) == NULL) + return NULL; + + *copy = *cipher; + + return copy; +} + +void +EVP_CIPHER_meth_free(EVP_CIPHER *cipher) +{ + free(cipher); +} + +int +EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) +{ + cipher->iv_len = iv_len; + + return 1; +} + +int +EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) +{ + cipher->flags = flags; + + return 1; +} + +int +EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) +{ + cipher->ctx_size = ctx_size; + + return 1; +} + +int +EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc)) +{ + cipher->init = init; + + return 1; +} + +int +EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl)) +{ + cipher->do_cipher = do_cipher; + + return 1; +} + +int +EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup)(EVP_CIPHER_CTX *)) +{ + cipher->cleanup = cleanup; + + return 1; +} + +int +EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)) +{ + cipher->set_asn1_parameters = set_asn1_parameters; + + return 1; +} + +int +EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)) +{ + cipher->get_asn1_parameters = get_asn1_parameters; + + return 1; +} + +int +EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr)) +{ + cipher->ctrl = ctrl; + + return 1; +} diff --git a/crypto/evp/digest.c b/crypto/evp/evp_digest.c similarity index 84% rename from crypto/evp/digest.c rename to crypto/evp/evp_digest.c index ca3fb219..d3607602 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/evp_digest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: digest.c,v 1.38 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: evp_digest.c,v 1.12 2024/03/02 09:59:56 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -118,16 +118,12 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "evp_local.h" int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { - EVP_MD_CTX_init(ctx); + EVP_MD_CTX_legacy_clear(ctx); return EVP_DigestInit_ex(ctx, type, NULL); } @@ -136,49 +132,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (type) { - /* Ensure an ENGINE left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_MD could be used). */ - ENGINE_finish(ctx->engine); - if (impl != NULL) { - if (!ENGINE_init(impl)) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); - if (d == NULL) { - /* Same comment from evp_enc.c */ - EVPerror(EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; - } - /* We'll use the ENGINE's private digest definition */ - type = d; - /* Store the ENGINE functional reference so we know - * 'type' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerror(EVP_R_NO_DIGEST_SET); - return 0; - } -#endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { @@ -197,9 +150,6 @@ EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } } } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif if (ctx->pctx) { int r; r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, @@ -250,10 +200,101 @@ EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) return ret; } +int +EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) +{ + EVP_MD_CTX ctx; + int ret; + + EVP_MD_CTX_legacy_clear(&ctx); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); + ret = EVP_DigestInit_ex(&ctx, type, NULL) && + EVP_DigestUpdate(&ctx, data, count) && + EVP_DigestFinal_ex(&ctx, md, size); + EVP_MD_CTX_cleanup(&ctx); + + return ret; +} + +EVP_MD_CTX * +EVP_MD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_MD_CTX_cleanup(ctx); + + free(ctx); +} + +EVP_MD_CTX * +EVP_MD_CTX_create(void) +{ + return EVP_MD_CTX_new(); +} + +void +EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_free(ctx); +} + +void +EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +int +EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + return EVP_MD_CTX_cleanup(ctx); +} + +int +EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + return EVP_MD_CTX_cleanup(ctx); +} + +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return 1; + + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, + * because sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup && + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + freezero(ctx->md_data, ctx->digest->ctx_size); + /* + * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was + * called and its strange API contract implies we don't own ctx->pctx. + */ + if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + EVP_PKEY_CTX_free(ctx->pctx); + memset(ctx, 0, sizeof(*ctx)); + + return 1; +} + int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) { - EVP_MD_CTX_init(out); + EVP_MD_CTX_legacy_clear(out); return EVP_MD_CTX_copy_ex(out, in); } @@ -266,13 +307,6 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerror(EVP_R_INPUT_NOT_INITIALIZED); return 0; } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return 0; - } -#endif if (out->digest == in->digest) { tmp_buf = out->md_data; @@ -320,110 +354,119 @@ EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } int -EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) +EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) { - EVP_MD_CTX ctx; int ret; - EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(&ctx, type, impl) && - EVP_DigestUpdate(&ctx, data, count) && - EVP_DigestFinal_ex(&ctx, md, size); - EVP_MD_CTX_cleanup(&ctx); + if (!ctx->digest) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; + } + + if (!ctx->digest->md_ctrl) { + EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; + } + ret = ctx->digest->md_ctrl(ctx, type, arg, ptr); + if (ret == -1) { + EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } return ret; } -EVP_MD_CTX * -EVP_MD_CTX_new(void) +const EVP_MD * +EVP_MD_CTX_md(const EVP_MD_CTX *ctx) { - return calloc(1, sizeof(EVP_MD_CTX)); + if (!ctx) + return NULL; + return ctx->digest; } void -EVP_MD_CTX_free(EVP_MD_CTX *ctx) +EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) { - if (ctx == NULL) - return; - - EVP_MD_CTX_cleanup(ctx); - - free(ctx); + ctx->flags &= ~flags; } void -EVP_MD_CTX_init(EVP_MD_CTX *ctx) +EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) { - memset(ctx, 0, sizeof(*ctx)); + ctx->flags |= flags; } int -EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) { - return EVP_MD_CTX_cleanup(ctx); + return (ctx->flags & flags); } -EVP_MD_CTX * -EVP_MD_CTX_create(void) +void * +EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) { - return EVP_MD_CTX_new(); + return ctx->md_data; } -void -EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +EVP_PKEY_CTX * +EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) { - EVP_MD_CTX_free(ctx); + return ctx->pctx; } -/* This call frees resources associated with the context */ -int -EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +void +EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) { - /* - * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, - * because sometimes only copies of the context are ever finalised. - */ - if (ctx->digest && ctx->digest->cleanup && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && - !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) - freezero(ctx->md_data, ctx->digest->ctx_size); - /* - * If EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set, EVP_MD_CTX_set_pkey() was - * called and its strange API contract implies we don't own ctx->pctx. - */ - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) + if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } else { EVP_PKEY_CTX_free(ctx->pctx); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->engine); -#endif - memset(ctx, 0, sizeof(*ctx)); + } - return 1; + ctx->pctx = pctx; + + if (pctx != NULL) { + /* + * For unclear reasons it was decided that the caller keeps + * ownership of pctx. So a flag was invented to make sure we + * don't free it in EVP_MD_CTX_cleanup(). We also need to + * unset it in EVP_MD_CTX_copy_ex(). Fortunately, the flag + * isn't public... + */ + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } } int -EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) +EVP_MD_type(const EVP_MD *md) { - int ret; + return md->type; +} - if (!ctx->digest) { - EVPerror(EVP_R_NO_CIPHER_SET); - return 0; - } +int +EVP_MD_pkey_type(const EVP_MD *md) +{ + return md->pkey_type; +} - if (!ctx->digest->md_ctrl) { - EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; +int +EVP_MD_size(const EVP_MD *md) +{ + if (!md) { + EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; } + return md->md_size; +} - ret = ctx->digest->md_ctrl(ctx, type, arg, ptr); - if (ret == -1) { - EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; +unsigned long +EVP_MD_flags(const EVP_MD *md) +{ + return md->flags; +} + +int +EVP_MD_block_size(const EVP_MD *md) +{ + return md->block_size; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c deleted file mode 100644 index 7534b4c9..00000000 --- a/crypto/evp/evp_enc.c +++ /dev/null @@ -1,725 +0,0 @@ -/* $OpenBSD: evp_enc.c,v 1.53 2023/09/10 16:53:56 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#include - -#include - -#include -#include - -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "evp_local.h" - -int -EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (cipher != NULL) - EVP_CIPHER_CTX_cleanup(ctx); - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); -} - -int -EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (enc == -1) - enc = ctx->encrypt; - else { - if (enc) - enc = 1; - ctx->encrypt = enc; - } -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. */ - if (ctx->engine && ctx->cipher && - (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) - goto skip_to_init; -#endif - if (cipher) { - /* Ensure a context left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_CIPHER could be used). */ - if (ctx->cipher) { - unsigned long flags = ctx->flags; - EVP_CIPHER_CTX_cleanup(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; - } -#ifndef OPENSSL_NO_ENGINE - if (impl) { - if (!ENGINE_init(impl)) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if (impl) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = - ENGINE_get_cipher(impl, cipher->nid); - if (!c) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } else - ctx->engine = NULL; -#endif - - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { - ctx->cipher_data = calloc(1, ctx->cipher->ctx_size); - if (ctx->cipher_data == NULL) { - EVPerror(ERR_R_MALLOC_FAILURE); - return 0; - } - } else { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { - EVPerror(EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } else if (!ctx->cipher) { - EVPerror(EVP_R_NO_CIPHER_SET); - return 0; - } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif - /* we assume block size is a power of 2 in *cryptUpdate */ - if (ctx->cipher->block_size != 1 && - ctx->cipher->block_size != 8 && - ctx->cipher->block_size != 16) { - EVPerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - - if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) && - EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { - EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED); - return 0; - } - - if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch (EVP_CIPHER_CTX_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - /* fall-through */ - - case EVP_CIPH_CBC_MODE: - - if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > - sizeof(ctx->iv)) { - EVPerror(EVP_R_IV_TOO_LARGE); - return 0; - } - if (iv) - memcpy(ctx->oiv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, - EVP_CIPHER_CTX_iv_length(ctx)); - break; - - case EVP_CIPH_CTR_MODE: - ctx->num = 0; - /* Don't reuse IV for CTR mode */ - if (iv) - memcpy(ctx->iv, iv, - EVP_CIPHER_CTX_iv_length(ctx)); - break; - - default: - return 0; - break; - } - } - - if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if (!ctx->cipher->init(ctx, key, iv, enc)) - return 0; - } - ctx->buf_len = 0; - ctx->final_used = 0; - ctx->block_mask = ctx->cipher->block_size - 1; - return 1; -} - -int -EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - if (ctx->encrypt) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - else - return EVP_DecryptUpdate(ctx, out, outl, in, inl); -} - -int -EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - if (ctx->encrypt) - return EVP_EncryptFinal_ex(ctx, out, outl); - else - return EVP_DecryptFinal_ex(ctx, out, outl); -} - -__warn_references(EVP_CipherFinal, - "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); - -int -EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - if (ctx->encrypt) - ret = EVP_EncryptFinal_ex(ctx, out, outl); - else - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; -} - -int -EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 1); -} - -int -EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); -} - -int -EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 0); -} - -int -EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); -} - -int -EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j, bl; - - *outl = 0; - - if (inl < 0) - return 0; - - if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) - return 1; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = ctx->cipher->do_cipher(ctx, out, in, inl); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if (ctx->cipher->do_cipher(ctx, out, in, inl)) { - *outl = inl; - return 1; - } else { - *outl = 0; - return 0; - } - } - i = ctx->buf_len; - bl = ctx->cipher->block_size; - if ((size_t)bl > sizeof(ctx->buf)) { - EVPerror(EVP_R_BAD_BLOCK_LENGTH); - *outl = 0; - return 0; - } - if (i != 0) { - if (bl - i > inl) { - memcpy(&(ctx->buf[i]), in, inl); - ctx->buf_len += inl; - *outl = 0; - return 1; - } else { - j = bl - i; - - /* - * Once we've processed the first j bytes from in, the - * amount of data left that is a multiple of the block - * length is (inl - j) & ~(bl - 1). Ensure this plus - * the block processed from ctx-buf doesn't overflow. - */ - if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { - EVPerror(EVP_R_TOO_LARGE); - return 0; - } - memcpy(&(ctx->buf[i]), in, j); - if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) - return 0; - inl -= j; - in += j; - out += bl; - *outl = bl; - } - } else - *outl = 0; - i = inl&(bl - 1); - inl -= i; - if (inl > 0) { - if (!ctx->cipher->do_cipher(ctx, out, in, inl)) - return 0; - *outl += inl; - } - - if (i != 0) - memcpy(ctx->buf, &(in[inl]), i); - ctx->buf_len = i; - return 1; -} - -__warn_references(EVP_EncryptFinal, - "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); - -int -EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - - ret = EVP_EncryptFinal_ex(ctx, out, outl); - return ret; -} - -int -EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int n, ret; - unsigned int i, b, bl; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (ret < 0) - return 0; - else - *outl = ret; - return 1; - } - - b = ctx->cipher->block_size; - if (b > sizeof ctx->buf) { - EVPerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - if (b == 1) { - *outl = 0; - return 1; - } - bl = ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (bl) { - EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - - n = b - bl; - for (i = bl; i < b; i++) - ctx->buf[i] = n; - ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); - - - if (ret) - *outl = b; - - return ret; -} - -int -EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int fix_len; - unsigned int b; - - *outl = 0; - - if (inl < 0) - return 0; - - if (inl == 0 && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE) - return 1; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); - if (fix_len < 0) { - *outl = 0; - return 0; - } else - *outl = fix_len; - return 1; - } - - if (ctx->flags & EVP_CIPH_NO_PADDING) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - - b = ctx->cipher->block_size; - if (b > sizeof ctx->final) { - EVPerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - - if (ctx->final_used) { - /* - * final_used is only ever set if buf_len is 0. Therefore the - * maximum length output we will ever see from EVP_EncryptUpdate - * is inl & ~(b - 1). Since final_used is set, the final output - * length is (inl & ~(b - 1)) + b. Ensure it doesn't overflow. - */ - if ((inl & ~(b - 1)) > INT_MAX - b) { - EVPerror(EVP_R_TOO_LARGE); - return 0; - } - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; - } else - fix_len = 0; - - - if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) - return 0; - - /* if we have 'decrypted' a multiple of block size, make sure - * we have a copy of this last block */ - if (b > 1 && !ctx->buf_len) { - *outl -= b; - ctx->final_used = 1; - memcpy(ctx->final, &out[*outl], b); - } else - ctx->final_used = 0; - - if (fix_len) - *outl += b; - - return 1; -} - -__warn_references(EVP_DecryptFinal, - "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); - -int -EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; -} - -int -EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i, n; - unsigned int b; - *outl = 0; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - b = ctx->cipher->block_size; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (ctx->buf_len) { - EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - if (b > 1) { - if (ctx->buf_len || !ctx->final_used) { - EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return (0); - } - if (b > sizeof ctx->final) { - EVPerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - n = ctx->final[b - 1]; - if (n == 0 || n > (int)b) { - EVPerror(EVP_R_BAD_DECRYPT); - return (0); - } - for (i = 0; i < n; i++) { - if (ctx->final[--b] != n) { - EVPerror(EVP_R_BAD_DECRYPT); - return (0); - } - } - n = ctx->cipher->block_size - n; - for (i = 0; i < n; i++) - out[i] = ctx->final[i]; - *outl = n; - } else - *outl = 0; - return (1); -} - -EVP_CIPHER_CTX * -EVP_CIPHER_CTX_new(void) -{ - return calloc(1, sizeof(EVP_CIPHER_CTX)); -} - -void -EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) - return; - - EVP_CIPHER_CTX_cleanup(ctx); - - free(ctx); -} - -void -EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) -{ - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); -} - -int -EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a) -{ - return EVP_CIPHER_CTX_cleanup(a); -} - -int -EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) -{ - if (c->cipher != NULL) { - /* XXX - Avoid leaks, so ignore return value of cleanup()... */ - if (c->cipher->cleanup != NULL) - c->cipher->cleanup(c); - if (c->cipher_data != NULL) - explicit_bzero(c->cipher_data, c->cipher->ctx_size); - } - - /* XXX - store size of cipher_data so we can always freezero(). */ - free(c->cipher_data); - -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(c->engine); -#endif - - explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); - - return 1; -} - -int -EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) -{ - if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) - return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, - keylen, NULL); - if (c->key_len == keylen) - return 1; - if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - c->key_len = keylen; - return 1; - } - EVPerror(EVP_R_INVALID_KEY_LENGTH); - return 0; -} - -int -EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) -{ - if (pad) - ctx->flags &= ~EVP_CIPH_NO_PADDING; - else - ctx->flags |= EVP_CIPH_NO_PADDING; - return 1; -} - -int -EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - int ret; - - if (!ctx->cipher) { - EVPerror(EVP_R_NO_CIPHER_SET); - return 0; - } - - if (!ctx->cipher->ctrl) { - EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if (ret == -1) { - EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} - -int -EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) -{ - if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) - return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - arc4random_buf(key, ctx->key_len); - return 1; -} - -int -EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) -{ - if ((in == NULL) || (in->cipher == NULL)) { - EVPerror(EVP_R_INPUT_NOT_INITIALIZED); - return 0; - } -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a cipher context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return 0; - } -#endif - - EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); - - if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = calloc(1, in->cipher->ctx_size); - if (out->cipher_data == NULL) { - EVPerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); - } - - if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { - if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, - 0, out)) { - /* - * If the custom copy control failed, assume that there - * may still be pointers copied in the cipher_data that - * we do not own. This may result in a leak from a bad - * custom copy control, but that's preferable to a - * double free... - */ - freezero(out->cipher_data, in->cipher->ctx_size); - out->cipher_data = NULL; - return 0; - } - } - - return 1; -} diff --git a/crypto/evp/encode.c b/crypto/evp/evp_encode.c similarity index 99% rename from crypto/evp/encode.c rename to crypto/evp/evp_encode.c index c62a1dea..199bdfa2 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/evp_encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.32 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: evp_encode.c,v 1.2 2023/12/29 10:31:50 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -92,7 +92,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_CR 0xF1 #define B64_EOF 0xF2 #define B64_WS 0xE0 -#define B64_ERROR 0xFF +#define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) #define B64_BASE64(a) !B64_NOT_BASE64(a) diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 2f6e7e70..f51584b8 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_key.c,v 1.30 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: evp_key.c,v 1.34 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,18 +75,17 @@ EVP_set_pw_prompt(const char *prompt) { if (prompt == NULL) prompt_string[0] = '\0'; - else { + else strlcpy(prompt_string, prompt, sizeof(prompt_string)); - } } char * EVP_get_pw_prompt(void) { if (prompt_string[0] == '\0') - return (NULL); - else - return (prompt_string); + return NULL; + + return prompt_string; } int @@ -99,30 +98,35 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { - int ret; + UI *ui = NULL; char buff[BUFSIZ]; - UI *ui; + int ret = -1; if (len > BUFSIZ) len = BUFSIZ; /* Ensure that 0 <= min <= len - 1. In particular, 1 <= len. */ if (min < 0 || len - 1 < min) - return -1; - if ((prompt == NULL) && (prompt_string[0] != '\0')) + goto err; + + if (prompt == NULL && prompt_string[0] != '\0') prompt = prompt_string; - ui = UI_new(); - if (ui == NULL) - return -1; + + if ((ui = UI_new()) == NULL) + goto err; if (UI_add_input_string(ui, prompt, 0, buf, min, len - 1) < 0) - return -1; + goto err; if (verify) { - if (UI_add_verify_string(ui, prompt, 0, buff, min, len - 1, buf) - < 0) - return -1; + if (UI_add_verify_string(ui, prompt, 0, buff, min, len - 1, + buf) < 0) + goto err; } + ret = UI_process(ui); + + err: UI_free(ui); explicit_bzero(buff, BUFSIZ); + return ret; } @@ -150,9 +154,9 @@ EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, } if (data == NULL) - return (nkey); + return nkey; - EVP_MD_CTX_init(&c); + EVP_MD_CTX_legacy_clear(&c); for (;;) { if (!EVP_DigestInit_ex(&c, md, NULL)) goto err; diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c deleted file mode 100644 index f4e46aea..00000000 --- a/crypto/evp/evp_lib.c +++ /dev/null @@ -1,572 +0,0 @@ -/* $OpenBSD: evp_lib.c,v 1.28 2023/09/28 11:29:10 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#include -#include - -#include "asn1_local.h" -#include "evp_local.h" - -int -EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int ret; - - if (c->cipher->set_asn1_parameters != NULL) - ret = c->cipher->set_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_set_asn1_iv(c, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int ret; - - if (c->cipher->get_asn1_parameters != NULL) - ret = c->cipher->get_asn1_parameters(c, type); - else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) - ret = EVP_CIPHER_get_asn1_iv(c, type); - else - ret = -1; - return (ret); -} - -int -EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int i = 0; - unsigned int l; - - if (type != NULL) { - l = EVP_CIPHER_CTX_iv_length(c); - if (l > sizeof(c->iv)) { - EVPerror(EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_get_octetstring(type, c->oiv, l); - if (i != (int)l) - return (-1); - else if (i > 0) - memcpy(c->iv, c->oiv, l); - } - return (i); -} - -int -EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int i = 0; - unsigned int j; - - if (type != NULL) { - j = EVP_CIPHER_CTX_iv_length(c); - if (j > sizeof(c->iv)) { - EVPerror(EVP_R_IV_TOO_LARGE); - return 0; - } - i = ASN1_TYPE_set_octetstring(type, c->oiv, j); - } - return (i); -} - -/* Convert the various cipher NIDs and dummies to a proper OID NID */ -int -EVP_CIPHER_type(const EVP_CIPHER *ctx) -{ - int nid; - ASN1_OBJECT *otmp; - nid = EVP_CIPHER_nid(ctx); - - switch (nid) { - case NID_rc2_cbc: - case NID_rc2_64_cbc: - case NID_rc2_40_cbc: - return NID_rc2_cbc; - - case NID_rc4: - case NID_rc4_40: - return NID_rc4; - - case NID_aes_128_cfb128: - case NID_aes_128_cfb8: - case NID_aes_128_cfb1: - return NID_aes_128_cfb128; - - case NID_aes_192_cfb128: - case NID_aes_192_cfb8: - case NID_aes_192_cfb1: - return NID_aes_192_cfb128; - - case NID_aes_256_cfb128: - case NID_aes_256_cfb8: - case NID_aes_256_cfb1: - return NID_aes_256_cfb128; - - case NID_des_cfb64: - case NID_des_cfb8: - case NID_des_cfb1: - return NID_des_cfb64; - - case NID_des_ede3_cfb64: - case NID_des_ede3_cfb8: - case NID_des_ede3_cfb1: - return NID_des_cfb64; - - default: - /* Check it has an OID and it is valid */ - otmp = OBJ_nid2obj(nid); - if (!otmp || !otmp->data) - nid = NID_undef; - ASN1_OBJECT_free(otmp); - return nid; - } -} - -int -EVP_CIPHER_block_size(const EVP_CIPHER *e) -{ - return e->block_size; -} - -int -EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->block_size; -} - -int -EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - unsigned int inl) -{ - return ctx->cipher->do_cipher(ctx, out, in, inl); -} - -const EVP_CIPHER * -EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher; -} - -int -EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) -{ - return ctx->encrypt; -} - -unsigned long -EVP_CIPHER_flags(const EVP_CIPHER *cipher) -{ - return cipher->flags; -} - -unsigned long -EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->flags; -} - -void * -EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -{ - return ctx->app_data; -} - -void -EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -void * -EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher_data; -} - -void * -EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) -{ - void *old_cipher_data; - - old_cipher_data = ctx->cipher_data; - ctx->cipher_data = cipher_data; - - return old_cipher_data; -} - -int -EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) -{ - return cipher->iv_len; -} - -int -EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) -{ - int iv_length = 0; - - if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_IV_LENGTH) == 0) - return ctx->cipher->iv_len; - - /* - * XXX - sanity would suggest to pass the size of the pointer along, - * but unfortunately we have to match the other crowd. - */ - if (EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, 0, - &iv_length) != 1) - return -1; - - return iv_length; -} - -unsigned char * -EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) -{ - return ctx->buf; -} - -int -EVP_CIPHER_key_length(const EVP_CIPHER *cipher) -{ - return cipher->key_len; -} - -int -EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) -{ - return ctx->key_len; -} - -int -EVP_CIPHER_nid(const EVP_CIPHER *cipher) -{ - return cipher->nid; -} - -int -EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->nid; -} - -int -EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) -{ - if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) - return 0; - if (len > EVP_MAX_IV_LENGTH) - return 0; /* sanity check; shouldn't happen */ - /* - * Skip the memcpy entirely when the requested IV length is zero, - * since the iv pointer may be NULL or invalid. - */ - if (len != 0) { - if (iv == NULL) - return 0; - memcpy(iv, ctx->iv, len); - } - return 1; -} - -int -EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) -{ - if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) - return 0; - if (len > EVP_MAX_IV_LENGTH) - return 0; /* sanity check; shouldn't happen */ - /* - * Skip the memcpy entirely when the requested IV length is zero, - * since the iv pointer may be NULL or invalid. - */ - if (len != 0) { - if (iv == NULL) - return 0; - memcpy(ctx->iv, iv, len); - } - return 1; -} - -int -EVP_MD_block_size(const EVP_MD *md) -{ - return md->block_size; -} - -int -EVP_MD_type(const EVP_MD *md) -{ - return md->type; -} - -int -EVP_MD_pkey_type(const EVP_MD *md) -{ - return md->pkey_type; -} - -int -EVP_MD_size(const EVP_MD *md) -{ - if (!md) { - EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL); - return -1; - } - return md->md_size; -} - -unsigned long -EVP_MD_flags(const EVP_MD *md) -{ - return md->flags; -} - -EVP_MD * -EVP_MD_meth_new(int md_type, int pkey_type) -{ - EVP_MD *md; - - if ((md = calloc(1, sizeof(*md))) == NULL) - return NULL; - - md->type = md_type; - md->pkey_type = pkey_type; - - return md; -} - -EVP_MD * -EVP_MD_meth_dup(const EVP_MD *md) -{ - EVP_MD *to; - - if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) == NULL) - return NULL; - - memcpy(to, md, sizeof(*to)); - - return to; -} - -void -EVP_MD_meth_free(EVP_MD *md) -{ - freezero(md, sizeof(*md)); -} - -int -EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) -{ - md->block_size = blocksize; - return 1; -} - -int -EVP_MD_meth_set_result_size(EVP_MD *md, int result_size) -{ - md->md_size = result_size; - return 1; -} - -int -EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) -{ - md->ctx_size = datasize; - return 1; -} - -int -EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) -{ - md->flags = flags; - return 1; -} - -int -EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) -{ - md->init = init; - return 1; -} - -int -EVP_MD_meth_set_update(EVP_MD *md, - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)) -{ - md->update = update; - return 1; -} - -int -EVP_MD_meth_set_final(EVP_MD *md, - int (*final)(EVP_MD_CTX *ctx, unsigned char *md)) -{ - md->final = final; - return 1; -} - -int -EVP_MD_meth_set_copy(EVP_MD *md, - int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)) -{ - md->copy = copy; - return 1; -} - -int -EVP_MD_meth_set_cleanup(EVP_MD *md, - int (*cleanup)(EVP_MD_CTX *ctx)) -{ - md->cleanup = cleanup; - return 1; -} - -int -EVP_MD_meth_set_ctrl(EVP_MD *md, - int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)) -{ - md->md_ctrl = ctrl; - return 1; -} - -const EVP_MD * -EVP_MD_CTX_md(const EVP_MD_CTX *ctx) -{ - if (!ctx) - return NULL; - return ctx->digest; -} - -void * -EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) -{ - return ctx->md_data; -} - -EVP_PKEY_CTX * -EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) -{ - return ctx->pctx; -} - -void -EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) -{ - if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); - } else { - EVP_PKEY_CTX_free(ctx->pctx); - } - - ctx->pctx = pctx; - - if (pctx != NULL) { - /* - * For unclear reasons it was decided that the caller keeps - * ownership of pctx. So a flag was invented to make sure we - * don't free it in EVP_MD_CTX_cleanup(). We also need to - * unset it in EVP_MD_CTX_copy_ex(). Fortunately, the flag - * isn't public... - */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); - } -} - -void -EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void -EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags &= ~flags; -} - -int -EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} - -void -EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void -EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - ctx->flags &= ~flags; -} - -int -EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 015fbb50..dad2cec8 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_local.h,v 1.5 2023/09/28 11:29:10 tb Exp $ */ +/* $OpenBSD: evp_local.h,v 1.19 2024/03/02 10:20:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -89,15 +89,75 @@ struct ecx_key_st { size_t pub_key_len; }; +struct evp_pkey_asn1_method_st { + const EVP_PKEY_ASN1_METHOD *base_method; + int pkey_id; + unsigned long pkey_flags; + + char *pem_str; + char *info; + + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + + int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + + int (*pkey_size)(const EVP_PKEY *pk); + int (*pkey_bits)(const EVP_PKEY *pk); + int (*pkey_security_bits)(const EVP_PKEY *pk); + + int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, + int derlen); + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing)(const EVP_PKEY *pk); + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx); + + void (*pkey_free)(EVP_PKEY *pkey); + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); + + /* Legacy functions for old PEM */ + + int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, + int derlen); + int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); + /* Custom ASN1 signature verification */ + int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); + int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + + int (*pkey_check)(const EVP_PKEY *pk); + int (*pkey_public_check)(const EVP_PKEY *pk); + int (*pkey_param_check)(const EVP_PKEY *pk); + + int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key, + size_t len); + int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key, + size_t len); + int (*get_priv_key)(const EVP_PKEY *pk, unsigned char *out_private_key, + size_t *out_len); + int (*get_pub_key)(const EVP_PKEY *pk, unsigned char *out_public_key, + size_t *out_len); +} /* EVP_PKEY_ASN1_METHOD */; + /* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do * arbitrary encryption.... */ struct evp_pkey_st { int type; - int save_type; int references; const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *engine; union { void *ptr; #ifndef OPENSSL_NO_RSA @@ -140,7 +200,6 @@ struct evp_md_st { struct evp_md_ctx_st { const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ unsigned long flags; void *md_data; /* Public key context for sign/verify */ @@ -164,17 +223,15 @@ struct evp_cipher_st { int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ - void *app_data; /* Application data */ } /* EVP_CIPHER */; struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ + int partial_len; /* number of bytes written to buf */ - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ + unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ + unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ int num; /* used by cfb/ofb/ctr mode */ @@ -183,7 +240,6 @@ struct evp_cipher_ctx_st { unsigned long flags; /* Various flags */ void *cipher_data; /* per EVP data */ int final_used; - int block_mask; unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ } /* EVP_CIPHER_CTX */; @@ -205,8 +261,6 @@ struct evp_Encode_Ctx_st { struct evp_pkey_ctx_st { /* Method associated with this operation */ const EVP_PKEY_METHOD *pmeth; - /* Engine that implements this method or NULL if builtin */ - ENGINE *engine; /* Key: may be NULL */ EVP_PKEY *pkey; /* Peer key for key agreement, may be NULL */ @@ -224,8 +278,6 @@ struct evp_pkey_ctx_st { int keygen_info_count; } /* EVP_PKEY_CTX */; -#define EVP_PKEY_FLAG_DYNAMIC 1 - struct evp_pkey_method_st { int pkey_id; int flags; @@ -288,9 +340,6 @@ struct evp_pkey_method_st { void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); -int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); - /* EVP_AEAD represents a specific AEAD algorithm. */ struct evp_aead_st { unsigned char key_len; @@ -321,10 +370,22 @@ struct evp_aead_ctx_st { void *aead_state; }; +/* Legacy EVP_CIPHER methods used by CMS and its predecessors. */ +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); +int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); +int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *cipher, ASN1_TYPE *type); + +int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); +void EVP_CIPHER_CTX_legacy_clear(EVP_CIPHER_CTX *ctx); +void EVP_MD_CTX_legacy_clear(EVP_MD_CTX *ctx); + __END_HIDDEN_DECLS #endif /* !HEADER_EVP_LOCAL_H */ diff --git a/crypto/evp/evp_names.c b/crypto/evp/evp_names.c new file mode 100644 index 00000000..49c319a7 --- /dev/null +++ b/crypto/evp/evp_names.c @@ -0,0 +1,1898 @@ +/* $OpenBSD: evp_names.c,v 1.12 2024/03/02 10:13:13 tb Exp $ */ +/* + * Copyright (c) 2023 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include +#include + +/* + * In the following two structs, .name is the lookup name that is used + * for EVP_get_cipherbyname() and EVP_get_digestbyname(), while .alias + * keeps track of the aliased name. + */ + +struct cipher_name { + const char *name; + const EVP_CIPHER *(*cipher)(void); + const char *alias; +}; + +struct digest_name { + const char *name; + const EVP_MD *(*digest)(void); + const char *alias; +}; + +/* + * Keep this table alphabetically sorted by increasing .name. + * regress/lib/libcrypto/evp/evp_test.c checks that. + */ + +static const struct cipher_name cipher_names[] = { +#ifndef OPENSSL_NO_AES + { + .name = SN_aes_128_cbc, + .cipher = EVP_aes_128_cbc, + }, + { + .name = SN_aes_128_cfb128, + .cipher = EVP_aes_128_cfb128, + }, + { + .name = SN_aes_128_cfb1, + .cipher = EVP_aes_128_cfb1, + }, + { + .name = SN_aes_128_cfb8, + .cipher = EVP_aes_128_cfb8, + }, + { + .name = SN_aes_128_ctr, + .cipher = EVP_aes_128_ctr, + }, + { + .name = SN_aes_128_ecb, + .cipher = EVP_aes_128_ecb, + }, + { + .name = SN_aes_128_ofb128, + .cipher = EVP_aes_128_ofb, + }, + { + .name = SN_aes_128_xts, + .cipher = EVP_aes_128_xts, + }, + + { + .name = SN_aes_192_cbc, + .cipher = EVP_aes_192_cbc, + }, + { + .name = SN_aes_192_cfb128, + .cipher = EVP_aes_192_cfb128, + }, + { + .name = SN_aes_192_cfb1, + .cipher = EVP_aes_192_cfb1, + }, + { + .name = SN_aes_192_cfb8, + .cipher = EVP_aes_192_cfb8, + }, + { + .name = SN_aes_192_ctr, + .cipher = EVP_aes_192_ctr, + }, + { + .name = SN_aes_192_ecb, + .cipher = EVP_aes_192_ecb, + }, + { + .name = SN_aes_192_ofb128, + .cipher = EVP_aes_192_ofb, + }, + + { + .name = SN_aes_256_cbc, + .cipher = EVP_aes_256_cbc, + }, + { + .name = SN_aes_256_cfb128, + .cipher = EVP_aes_256_cfb128, + }, + { + .name = SN_aes_256_cfb1, + .cipher = EVP_aes_256_cfb1, + }, + { + .name = SN_aes_256_cfb8, + .cipher = EVP_aes_256_cfb8, + }, + { + .name = SN_aes_256_ctr, + .cipher = EVP_aes_256_ctr, + }, + { + .name = SN_aes_256_ecb, + .cipher = EVP_aes_256_ecb, + }, + { + .name = SN_aes_256_ofb128, + .cipher = EVP_aes_256_ofb, + }, + { + .name = SN_aes_256_xts, + .cipher = EVP_aes_256_xts, + }, + + { + .name = "AES128", + .cipher = EVP_aes_128_cbc, + .alias = SN_aes_128_cbc, + }, + { + .name = "AES192", + .cipher = EVP_aes_192_cbc, + .alias = SN_aes_192_cbc, + }, + { + .name = "AES256", + .cipher = EVP_aes_256_cbc, + .alias = SN_aes_256_cbc, + }, +#endif /* OPENSSL_NO_AES */ + +#ifndef OPENSSL_NO_BF + { + .name = "BF", + .cipher = EVP_bf_cbc, + .alias = SN_bf_cbc, + }, + + { + .name = SN_bf_cbc, + .cipher = EVP_bf_cbc, + }, + { + .name = SN_bf_cfb64, + .cipher = EVP_bf_cfb64, + }, + { + .name = SN_bf_ecb, + .cipher = EVP_bf_ecb, + }, + { + .name = SN_bf_ofb64, + .cipher = EVP_bf_ofb, + }, +#endif + +#ifndef OPENSSL_NO_CAMELLIA + { + .name = SN_camellia_128_cbc, + .cipher = EVP_camellia_128_cbc, + }, + { + .name = SN_camellia_128_cfb128, + .cipher = EVP_camellia_128_cfb128, + }, + { + .name = SN_camellia_128_cfb1, + .cipher = EVP_camellia_128_cfb1, + }, + { + .name = SN_camellia_128_cfb8, + .cipher = EVP_camellia_128_cfb8, + }, + { + .name = SN_camellia_128_ecb, + .cipher = EVP_camellia_128_ecb, + }, + { + .name = SN_camellia_128_ofb128, + .cipher = EVP_camellia_128_ofb, + }, + + { + .name = SN_camellia_192_cbc, + .cipher = EVP_camellia_192_cbc, + }, + { + .name = SN_camellia_192_cfb128, + .cipher = EVP_camellia_192_cfb128, + }, + { + .name = SN_camellia_192_cfb1, + .cipher = EVP_camellia_192_cfb1, + }, + { + .name = SN_camellia_192_cfb8, + .cipher = EVP_camellia_192_cfb8, + }, + { + .name = SN_camellia_192_ecb, + .cipher = EVP_camellia_192_ecb, + }, + { + .name = SN_camellia_192_ofb128, + .cipher = EVP_camellia_192_ofb, + }, + + { + .name = SN_camellia_256_cbc, + .cipher = EVP_camellia_256_cbc, + }, + { + .name = SN_camellia_256_cfb128, + .cipher = EVP_camellia_256_cfb128, + }, + { + .name = SN_camellia_256_cfb1, + .cipher = EVP_camellia_256_cfb1, + }, + { + .name = SN_camellia_256_cfb8, + .cipher = EVP_camellia_256_cfb8, + }, + { + .name = SN_camellia_256_ecb, + .cipher = EVP_camellia_256_ecb, + }, + { + .name = SN_camellia_256_ofb128, + .cipher = EVP_camellia_256_ofb, + }, + + { + .name = "CAMELLIA128", + .cipher = EVP_camellia_128_cbc, + .alias = SN_camellia_128_cbc, + }, + { + .name = "CAMELLIA192", + .cipher = EVP_camellia_192_cbc, + .alias = SN_camellia_192_cbc, + }, + { + .name = "CAMELLIA256", + .cipher = EVP_camellia_256_cbc, + .alias = SN_camellia_256_cbc, + }, +#endif /* OPENSSL_NO_CAMELLIA */ + +#ifndef OPENSSL_NO_CAST + { + .name = "CAST", + .cipher = EVP_cast5_cbc, + .alias = SN_cast5_cbc, + }, + { + .name = "CAST-cbc", + .cipher = EVP_cast5_cbc, + .alias = SN_cast5_cbc, + }, + + { + .name = SN_cast5_cbc, + .cipher = EVP_cast5_cbc, + }, + { + .name = SN_cast5_cfb64, + .cipher = EVP_cast5_cfb, + }, + { + .name = SN_cast5_ecb, + .cipher = EVP_cast5_ecb, + }, + { + .name = SN_cast5_ofb64, + .cipher = EVP_cast5_ofb, + }, +#endif + +#ifndef OPENSSL_NO_CHACHA + { + .name = SN_chacha20, + .cipher = EVP_chacha20, + }, + { + .name = "ChaCha20", + .cipher = EVP_chacha20, + .alias = SN_chacha20, + }, +#endif /* OPENSSL_NO_CHACHA */ + +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + { + .name = SN_chacha20_poly1305, + .cipher = EVP_chacha20_poly1305, + }, +#endif /* OPENSSL_NO_CHACHA && OPENSSL_NO_POLY1305 */ + +#ifndef OPENSSL_NO_DES + { + .name = "DES", + .cipher = EVP_des_cbc, + .alias = SN_des_cbc, + }, + + { + .name = SN_des_cbc, + .cipher = EVP_des_cbc, + }, + { + .name = SN_des_cfb64, + .cipher = EVP_des_cfb64, + }, + { + .name = SN_des_cfb1, + .cipher = EVP_des_cfb1, + }, + { + .name = SN_des_cfb8, + .cipher = EVP_des_cfb8, + }, + { + .name = SN_des_ecb, + .cipher = EVP_des_ecb, + }, + { + .name = SN_des_ede_ecb, + .cipher = EVP_des_ede, + }, + { + .name = SN_des_ede_cbc, + .cipher = EVP_des_ede_cbc, + }, + { + .name = SN_des_ede_cfb64, + .cipher = EVP_des_ede_cfb64, + }, + { + .name = SN_des_ede_ofb64, + .cipher = EVP_des_ede_ofb, + }, + { + .name = SN_des_ede3_ecb, + .cipher = EVP_des_ede3_ecb, + }, + { + .name = SN_des_ede3_cbc, + .cipher = EVP_des_ede3_cbc, + }, + { + .name = SN_des_ede3_cfb64, + .cipher = EVP_des_ede3_cfb, + }, + { + .name = SN_des_ede3_cfb1, + .cipher = EVP_des_ede3_cfb1, + }, + { + .name = SN_des_ede3_cfb8, + .cipher = EVP_des_ede3_cfb8, + }, + { + .name = SN_des_ede3_ofb64, + .cipher = EVP_des_ede3_ofb, + }, + { + .name = SN_des_ofb64, + .cipher = EVP_des_ofb, + }, + + { + .name = "DES3", + .cipher = EVP_des_ede3_cbc, + .alias = SN_des_ede3_cbc, + }, + + { + .name = "DESX", + .cipher = EVP_desx_cbc, + .alias = SN_desx_cbc, + }, + { + .name = SN_desx_cbc, + .cipher = EVP_desx_cbc, + }, +#endif /* OPENSSL_NO_DES */ + +#ifndef OPENSSL_NO_GOST + { + .name = LN_id_Gost28147_89, + .cipher = EVP_gost2814789_cfb64, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_IDEA + { + .name = "IDEA", + .cipher = EVP_idea_cbc, + .alias = SN_idea_cbc, + }, + + { + .name = SN_idea_cbc, + .cipher = EVP_idea_cbc, + }, + { + .name = SN_idea_cfb64, + .cipher = EVP_idea_cfb64, + }, + { + .name = SN_idea_ecb, + .cipher = EVP_idea_ecb, + }, + { + .name = SN_idea_ofb64, + .cipher = EVP_idea_ofb, + }, +#endif /* OPENSSL_NO_IDEA */ + +#ifndef OPENSSL_NO_RC2 + { + .name = "RC2", + .cipher = EVP_rc2_cbc, + .alias = SN_rc2_cbc, + }, + + { + .name = SN_rc2_40_cbc, + .cipher = EVP_rc2_40_cbc, + }, + { + .name = SN_rc2_64_cbc, + .cipher = EVP_rc2_64_cbc, + }, + { + .name = SN_rc2_cbc, + .cipher = EVP_rc2_cbc, + }, + { + .name = SN_rc2_cfb64, + .cipher = EVP_rc2_cfb64, + }, + { + .name = SN_rc2_ecb, + .cipher = EVP_rc2_ecb, + }, + { + .name = SN_rc2_ofb64, + .cipher = EVP_rc2_ofb, + }, +#endif /* OPENSSL_NO_RC2 */ + +#ifndef OPENSSL_NO_RC4 + { + .name = SN_rc4, + .cipher = EVP_rc4, + }, + { + .name = SN_rc4_40, + .cipher = EVP_rc4_40, + }, +#endif /* OPENSSL_NO_RC4 */ + +#ifndef OPENSSL_NO_SM4 + { + .name = "SM4", + .cipher = EVP_sm4_cbc, + .alias = SN_sm4_cbc, + }, + + { + .name = SN_sm4_cbc, + .cipher = EVP_sm4_cbc, + }, + { + .name = SN_sm4_cfb128, + .cipher = EVP_sm4_cfb128, + }, + { + .name = SN_sm4_ctr, + .cipher = EVP_sm4_ctr, + }, + { + .name = SN_sm4_ecb, + .cipher = EVP_sm4_ecb, + }, + { + .name = SN_sm4_ofb128, + .cipher = EVP_sm4_ofb, + }, +#endif /* OPENSSL_NO_SM4 */ + +#ifndef OPENSSL_NO_AES + { + .name = LN_aes_128_cbc, + .cipher = EVP_aes_128_cbc, + }, + { + .name = LN_aes_128_ccm, + .cipher = EVP_aes_128_ccm, + }, + { + .name = LN_aes_128_cfb128, + .cipher = EVP_aes_128_cfb128, + }, + { + .name = LN_aes_128_cfb1, + .cipher = EVP_aes_128_cfb1, + }, + { + .name = LN_aes_128_cfb8, + .cipher = EVP_aes_128_cfb8, + }, + { + .name = LN_aes_128_ctr, + .cipher = EVP_aes_128_ctr, + }, + { + .name = LN_aes_128_ecb, + .cipher = EVP_aes_128_ecb, + }, + { + .name = LN_aes_128_gcm, + .cipher = EVP_aes_128_gcm, + }, + { + .name = LN_aes_128_ofb128, + .cipher = EVP_aes_128_ofb, + }, + { + .name = LN_aes_128_xts, + .cipher = EVP_aes_128_xts, + }, + + { + .name = LN_aes_192_cbc, + .cipher = EVP_aes_192_cbc, + }, + { + .name = LN_aes_192_ccm, + .cipher = EVP_aes_192_ccm, + }, + { + .name = LN_aes_192_cfb128, + .cipher = EVP_aes_192_cfb128, + }, + { + .name = LN_aes_192_cfb1, + .cipher = EVP_aes_192_cfb1, + }, + { + .name = LN_aes_192_cfb8, + .cipher = EVP_aes_192_cfb8, + }, + { + .name = LN_aes_192_ctr, + .cipher = EVP_aes_192_ctr, + }, + { + .name = LN_aes_192_ecb, + .cipher = EVP_aes_192_ecb, + }, + { + .name = LN_aes_192_gcm, + .cipher = EVP_aes_192_gcm, + }, + { + .name = LN_aes_192_ofb128, + .cipher = EVP_aes_192_ofb, + }, + + { + .name = LN_aes_256_cbc, + .cipher = EVP_aes_256_cbc, + }, + { + .name = LN_aes_256_ccm, + .cipher = EVP_aes_256_ccm, + }, + { + .name = LN_aes_256_cfb128, + .cipher = EVP_aes_256_cfb128, + }, + { + .name = LN_aes_256_cfb1, + .cipher = EVP_aes_256_cfb1, + }, + { + .name = LN_aes_256_cfb8, + .cipher = EVP_aes_256_cfb8, + }, + { + .name = LN_aes_256_ctr, + .cipher = EVP_aes_256_ctr, + }, + { + .name = LN_aes_256_ecb, + .cipher = EVP_aes_256_ecb, + }, + { + .name = LN_aes_256_gcm, + .cipher = EVP_aes_256_gcm, + }, + { + .name = LN_aes_256_ofb128, + .cipher = EVP_aes_256_ofb, + }, + { + .name = LN_aes_256_xts, + .cipher = EVP_aes_256_xts, + }, + + { + .name = "aes128", + .cipher = EVP_aes_128_cbc, + .alias = SN_aes_128_cbc, + }, + { + .name = "aes192", + .cipher = EVP_aes_192_cbc, + .alias = SN_aes_192_cbc, + }, + { + .name = "aes256", + .cipher = EVP_aes_256_cbc, + .alias = SN_aes_256_cbc, + }, +#endif /* OPENSSL_NO_AES */ + +#ifndef OPENSSL_NO_BF + { + .name = "bf", + .cipher = EVP_bf_cbc, + .alias = SN_bf_cbc, + }, + + { + .name = LN_bf_cbc, + .cipher = EVP_bf_cbc, + }, + { + .name = LN_bf_cfb64, + .cipher = EVP_bf_cfb64, + }, + { + .name = LN_bf_ecb, + .cipher = EVP_bf_ecb, + }, + { + .name = LN_bf_ofb64, + .cipher = EVP_bf_ofb, + }, + + { + .name = "blowfish", + .cipher = EVP_bf_cbc, + .alias = SN_bf_cbc, + }, +#endif /* OPENSSL_NO_BF */ + +#ifndef OPENSSL_NO_CAMELLIA + { + .name = LN_camellia_128_cbc, + .cipher = EVP_camellia_128_cbc, + }, + { + .name = LN_camellia_128_cfb128, + .cipher = EVP_camellia_128_cfb128, + }, + { + .name = LN_camellia_128_cfb1, + .cipher = EVP_camellia_128_cfb1, + }, + { + .name = LN_camellia_128_cfb8, + .cipher = EVP_camellia_128_cfb8, + }, + { + .name = LN_camellia_128_ecb, + .cipher = EVP_camellia_128_ecb, + }, + { + .name = LN_camellia_128_ofb128, + .cipher = EVP_camellia_128_ofb, + }, + + { + .name = LN_camellia_192_cbc, + .cipher = EVP_camellia_192_cbc, + }, + { + .name = LN_camellia_192_cfb128, + .cipher = EVP_camellia_192_cfb128, + }, + { + .name = LN_camellia_192_cfb1, + .cipher = EVP_camellia_192_cfb1, + }, + { + .name = LN_camellia_192_cfb8, + .cipher = EVP_camellia_192_cfb8, + }, + { + .name = LN_camellia_192_ecb, + .cipher = EVP_camellia_192_ecb, + }, + { + .name = LN_camellia_192_ofb128, + .cipher = EVP_camellia_192_ofb, + }, + + { + .name = LN_camellia_256_cbc, + .cipher = EVP_camellia_256_cbc, + }, + { + .name = LN_camellia_256_cfb128, + .cipher = EVP_camellia_256_cfb128, + }, + { + .name = LN_camellia_256_cfb1, + .cipher = EVP_camellia_256_cfb1, + }, + { + .name = LN_camellia_256_cfb8, + .cipher = EVP_camellia_256_cfb8, + }, + { + .name = LN_camellia_256_ecb, + .cipher = EVP_camellia_256_ecb, + }, + { + .name = LN_camellia_256_ofb128, + .cipher = EVP_camellia_256_ofb, + }, + + { + .name = "camellia128", + .cipher = EVP_camellia_128_cbc, + .alias = SN_camellia_128_cbc, + }, + { + .name = "camellia192", + .cipher = EVP_camellia_192_cbc, + .alias = SN_camellia_192_cbc, + }, + { + .name = "camellia256", + .cipher = EVP_camellia_256_cbc, + .alias = SN_camellia_256_cbc, + }, +#endif /* OPENSSL_NO_CAMELLIA */ + +#ifndef OPENSSL_NO_CAST + { + .name = "cast", + .cipher = EVP_cast5_cbc, + .alias = SN_cast5_cbc, + }, + { + .name = "cast-cbc", + .cipher = EVP_cast5_cbc, + .alias = SN_cast5_cbc, + }, + + { + .name = LN_cast5_cbc, + .cipher = EVP_cast5_cbc, + }, + { + .name = LN_cast5_cfb64, + .cipher = EVP_cast5_cfb, + }, + { + .name = LN_cast5_ecb, + .cipher = EVP_cast5_ecb, + }, + { + .name = LN_cast5_ofb64, + .cipher = EVP_cast5_ofb, + }, +#endif + +#ifndef OPENSSL_NO_CHACHA + { + .name = LN_chacha20, + .cipher = EVP_chacha20, + }, + { + .name = "chacha20", + .cipher = EVP_chacha20, + .alias = LN_chacha20, + }, + + { + .name = LN_chacha20_poly1305, + .cipher = EVP_chacha20_poly1305, + }, +#endif + +#ifndef OPENSSL_NO_DES + { + .name = "des", + .cipher = EVP_des_cbc, + .alias = SN_des_cbc, + }, + + { + .name = LN_des_cbc, + .cipher = EVP_des_cbc, + }, + { + .name = LN_des_cfb64, + .cipher = EVP_des_cfb64, + }, + { + .name = LN_des_cfb1, + .cipher = EVP_des_cfb1, + }, + { + .name = LN_des_cfb8, + .cipher = EVP_des_cfb8, + }, + { + .name = LN_des_ecb, + .cipher = EVP_des_ecb, + }, + { + .name = LN_des_ede_ecb, + .cipher = EVP_des_ede, + }, + { + .name = LN_des_ede_cbc, + .cipher = EVP_des_ede_cbc, + }, + { + .name = LN_des_ede_cfb64, + .cipher = EVP_des_ede_cfb64, + }, + { + .name = LN_des_ede_ofb64, + .cipher = EVP_des_ede_ofb, + }, + { + .name = LN_des_ede3_ecb, + .cipher = EVP_des_ede3_ecb, + }, + { + .name = LN_des_ede3_cbc, + .cipher = EVP_des_ede3_cbc, + }, + { + .name = LN_des_ede3_cfb64, + .cipher = EVP_des_ede3_cfb, + }, + { + .name = LN_des_ede3_cfb1, + .cipher = EVP_des_ede3_cfb1, + }, + { + .name = LN_des_ede3_cfb8, + .cipher = EVP_des_ede3_cfb8, + }, + { + .name = LN_des_ede3_ofb64, + .cipher = EVP_des_ede3_ofb, + }, + { + .name = LN_des_ofb64, + .cipher = EVP_des_ofb, + }, + + { + .name = "des3", + .cipher = EVP_des_ede3_cbc, + .alias = SN_des_ede3_cbc, + }, + + { + .name = "desx", + .cipher = EVP_desx_cbc, + .alias = SN_desx_cbc, + }, + { + .name = LN_desx_cbc, + .cipher = EVP_desx_cbc, + }, +#endif /* OPENSSL_NO_DES */ + +#ifndef OPENSSL_NO_GOST + { + .name = SN_id_Gost28147_89, + .cipher = EVP_gost2814789_cfb64, + }, + { + .name = SN_gost89_cnt, + .cipher = EVP_gost2814789_cnt, + }, + { + .name = SN_gost89_ecb, + .cipher = EVP_gost2814789_ecb, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_AES + { + .name = SN_aes_128_ccm, + .cipher = EVP_aes_128_ccm, + }, + { + .name = SN_aes_128_gcm, + .cipher = EVP_aes_128_gcm, + }, + { + .name = SN_id_aes128_wrap, + .cipher = EVP_aes_128_wrap, + }, + + { + .name = SN_aes_192_ccm, + .cipher = EVP_aes_192_ccm, + }, + { + .name = SN_aes_192_gcm, + .cipher = EVP_aes_192_gcm, + }, + { + .name = SN_id_aes192_wrap, + .cipher = EVP_aes_192_wrap, + }, + + { + .name = SN_aes_256_ccm, + .cipher = EVP_aes_256_ccm, + }, + { + .name = SN_aes_256_gcm, + .cipher = EVP_aes_256_gcm, + }, + { + .name = SN_id_aes256_wrap, + .cipher = EVP_aes_256_wrap, + }, +#endif /* OPENSSL_NO_AES */ + +#ifndef OPENSSL_NO_IDEA + { + .name = "idea", + .cipher = EVP_idea_cbc, + .alias = SN_idea_cbc, + }, + + { + .name = LN_idea_cbc, + .cipher = EVP_idea_cbc, + }, + { + .name = LN_idea_cfb64, + .cipher = EVP_idea_cfb64, + }, + { + .name = LN_idea_ecb, + .cipher = EVP_idea_ecb, + }, + { + .name = LN_idea_ofb64, + .cipher = EVP_idea_ofb, + }, +#endif /* OPENSSL_NO_IDEA */ + +#ifndef OPENSSL_NO_RC2 + { + .name = "rc2", + .cipher = EVP_rc2_cbc, + .alias = SN_rc2_cbc, + }, + + { + .name = LN_rc2_40_cbc, + .cipher = EVP_rc2_40_cbc, + }, + { + .name = LN_rc2_64_cbc, + .cipher = EVP_rc2_64_cbc, + }, + { + .name = LN_rc2_cbc, + .cipher = EVP_rc2_cbc, + }, + { + .name = LN_rc2_cfb64, + .cipher = EVP_rc2_cfb64, + }, + { + .name = LN_rc2_ecb, + .cipher = EVP_rc2_ecb, + }, + { + .name = LN_rc2_ofb64, + .cipher = EVP_rc2_ofb, + }, +#endif /* OPENSSL_NO_RC2 */ + +#ifndef OPENSSL_NO_RC4 + { + .name = LN_rc4, + .cipher = EVP_rc4, + }, + { + .name = LN_rc4_40, + .cipher = EVP_rc4_40, + }, +#endif /* OPENSSL_NO_RC4 */ + +#ifndef OPENSSL_NO_SM4 + { + .name = "sm4", + .cipher = EVP_sm4_cbc, + .alias = SN_sm4_cbc, + }, + + { + .name = LN_sm4_cbc, + .cipher = EVP_sm4_cbc, + }, + { + .name = LN_sm4_cfb128, + .cipher = EVP_sm4_cfb128, + }, + { + .name = LN_sm4_ctr, + .cipher = EVP_sm4_ctr, + }, + { + .name = LN_sm4_ecb, + .cipher = EVP_sm4_ecb, + }, + { + .name = LN_sm4_ofb128, + .cipher = EVP_sm4_ofb, + }, +#endif /* OPENSSL_NO_SM4 */ +}; + +#define N_CIPHER_NAMES (sizeof(cipher_names) / sizeof(cipher_names[0])) + +/* + * Keep this table alphabetically sorted by increasing .name. + * regresss/lib/libcrypto/evp/evp_test.c checks that. + */ + +static const struct digest_name digest_names[] = { +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1) + { + .name = SN_dsaWithSHA1, + .digest = EVP_sha1, + .alias = SN_sha1, + }, +#endif +#ifndef OPENSSL_NO_GOST + { + .name = LN_id_Gost28147_89_MAC, + .digest = EVP_gost2814789imit, + }, + { + .name = LN_id_tc26_gost3411_2012_512, + .digest = EVP_streebog512, + }, + { + .name = LN_id_tc26_gost3411_2012_256, + .digest = EVP_streebog256, + }, + { + .name = LN_id_GostR3411_94, + .digest = EVP_gostr341194, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_MD4 + { + .name = SN_md4, + .digest = EVP_md4, + }, +#endif /* OPENSSL_NO_MD4 */ + +#ifndef OPENSSL_NO_MD5 + { + .name = SN_md5, + .digest = EVP_md5, + }, +#endif /* OPENSSL_NO_MD5 */ + +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1) + { + .name = SN_md5_sha1, + .digest = EVP_md5_sha1, + }, +#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */ + +#ifndef OPENSSL_NO_RIPEMD + { + .name = SN_ripemd160, + .digest = EVP_ripemd160, + }, +#endif /* OPENSSL_NO_RIPEMD */ + +#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_MD4 + { + .name = SN_md4WithRSAEncryption, + .digest = EVP_md4, + .alias = SN_md4, + }, +#endif /* OPENSSL_NO_MD4 */ +#ifndef OPENSSL_NO_MD5 + { + .name = SN_md5WithRSAEncryption, + .digest = EVP_md5, + .alias = SN_md5, + }, +#endif /* OPENSSL_NO_MD5 */ +#ifndef OPENSSL_NO_RIPEMD + { + .name = SN_ripemd160WithRSA, + .digest = EVP_ripemd160, + .alias = SN_ripemd160, + }, +#endif /* OPENSSL_NO_RIPEMD */ +#ifndef OPENSSL_NO_SHA1 + { + .name = SN_sha1WithRSAEncryption, + .digest = EVP_sha1, + .alias = SN_sha1, + }, + { + .name = SN_sha1WithRSA, + .digest = EVP_sha1, + .alias = SN_sha1, /* XXX - alias to SN_sha1WithRSAEncryption? */ + }, +#endif /* OPENSSL_NO_SHA1 */ +#ifndef OPENSSL_NO_SHA256 + { + .name = SN_sha224WithRSAEncryption, + .digest = EVP_sha224, + .alias = SN_sha224, + }, + { + .name = SN_sha256WithRSAEncryption, + .digest = EVP_sha256, + .alias = SN_sha256, + }, +#endif /* OPENSSL_NO_SHA256 */ +#ifndef OPENSSL_NO_SHA3 + { + .name = LN_RSA_SHA3_224, + .digest = EVP_sha3_224, + .alias = SN_sha3_224, + }, + { + .name = LN_RSA_SHA3_256, + .digest = EVP_sha3_256, + .alias = SN_sha3_256, + }, + { + .name = LN_RSA_SHA3_384, + .digest = EVP_sha3_384, + .alias = SN_sha3_384, + }, + { + .name = LN_RSA_SHA3_512, + .digest = EVP_sha3_512, + .alias = SN_sha3_512, + }, +#endif /* OPENSSL_NO_SHA3 */ +#ifndef OPENSSL_NO_SHA512 + { + .name = SN_sha384WithRSAEncryption, + .digest = EVP_sha384, + .alias = SN_sha384, + }, + { + .name = SN_sha512WithRSAEncryption, + .digest = EVP_sha512, + .alias = SN_sha512, + }, + { + .name = SN_sha512_224WithRSAEncryption, + .digest = EVP_sha512_224, + .alias = SN_sha512_224, + }, + { + .name = SN_sha512_256WithRSAEncryption, + .digest = EVP_sha512_256, + .alias = SN_sha512_256, + }, +#endif /* OPENSSL_NO_SHA256 */ +#ifndef OPENSSL_NO_SM4 + { + .name = SN_sm3WithRSAEncryption, + .digest = EVP_sm3, + .alias = SN_sm3, + }, +#endif +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_SHA1 + { + .name = SN_sha1, + .digest = EVP_sha1, + }, +#endif /* OPENSSL_NO_SHA1 */ +#ifndef OPENSSL_NO_SHA256 + { + .name = SN_sha224, + .digest = EVP_sha224, + }, + { + .name = SN_sha256, + .digest = EVP_sha256, + }, +#endif /* OPENSSL_NO_SHA256 */ +#ifndef OPENSSL_NO_SHA3 + { + .name = SN_sha3_224, + .digest = EVP_sha3_224, + }, + { + .name = SN_sha3_256, + .digest = EVP_sha3_256, + }, + { + .name = SN_sha3_384, + .digest = EVP_sha3_384, + }, + { + .name = SN_sha3_512, + .digest = EVP_sha3_512, + }, +#endif /* OPENSSL_NO_SHA3 */ + +#ifndef OPENSSL_NO_SHA512 + { + .name = SN_sha384, + .digest = EVP_sha384, + }, + { + .name = SN_sha512, + .digest = EVP_sha512, + }, + { + .name = SN_sha512_224, + .digest = EVP_sha512_224, + }, + { + .name = SN_sha512_256, + .digest = EVP_sha512_256, + }, +#endif /* OPENSSL_NO_SHA512 */ + +#ifndef OPENSSL_NO_SM3 + { + .name = SN_sm3, + .digest = EVP_sm3, + }, +#endif /* OPENSSL_NO_SM3 */ + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA1) + { + .name = LN_dsaWithSHA1, + .digest = EVP_sha1, + .alias = SN_sha1, + }, +#endif + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) + { + .name = LN_dsa_with_SHA224, + .digest = EVP_sha224, + .alias = SN_sha224, + }, + { + .name = LN_dsa_with_SHA256, + .digest = EVP_sha256, + .alias = SN_sha256, + }, + { + .name = LN_dsa_with_SHA384, + .digest = EVP_sha384, + .alias = SN_sha384, + }, + { + .name = LN_dsa_with_SHA512, + .digest = EVP_sha512, + .alias = SN_sha512, + }, +#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ + +#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_EC) + { + .name = SN_ecdsa_with_SHA1, + .digest = EVP_sha1, + .alias = SN_sha1, + }, +#endif + +#if !defined(OPENSSL_NO_SHA256) && !defined(OPENSSL_NO_EC) + { + .name = SN_ecdsa_with_SHA224, + .digest = EVP_sha224, + .alias = SN_sha224, + }, + { + .name = SN_ecdsa_with_SHA256, + .digest = EVP_sha256, + .alias = SN_sha256, + }, + { + .name = SN_ecdsa_with_SHA384, + .digest = EVP_sha384, + .alias = SN_sha384, + }, + { + .name = SN_ecdsa_with_SHA512, + .digest = EVP_sha512, + .alias = SN_sha512, + }, +#endif /* OPENSSL_NO_SHA256 && OPENSSL_NO_EC */ + +#ifndef OPENSSL_NO_GOST + { + .name = SN_id_Gost28147_89_MAC, + .digest = EVP_gost2814789imit, + }, +#endif /* OPENSSL_NO_GOST */ + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) + { + .name = SN_dsa_with_SHA224, + .digest = EVP_sha224, + .alias = SN_sha224, + }, + { + .name = SN_dsa_with_SHA256, + .digest = EVP_sha256, + .alias = SN_sha256, + }, +#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA3) + { + .name = SN_dsa_with_SHA3_224, + .digest = EVP_sha3_224, + .alias = SN_sha3_224, + }, + { + .name = SN_dsa_with_SHA3_256, + .digest = EVP_sha3_256, + .alias = SN_sha3_256, + }, + { + .name = SN_dsa_with_SHA3_384, + .digest = EVP_sha3_384, + .alias = SN_sha3_384, + }, + { + .name = SN_dsa_with_SHA3_512, + .digest = EVP_sha3_512, + .alias = SN_sha3_512, + }, +#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA3 */ + +#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_SHA256) + { + .name = SN_dsa_with_SHA384, + .digest = EVP_sha384, + .alias = SN_sha384, + }, + { + .name = SN_dsa_with_SHA512, + .digest = EVP_sha512, + .alias = SN_sha512, + }, +#endif /* OPENSSL_NO_DSA && OPENSSL_NO_SHA256 */ + +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_SHA3) + { + .name = SN_ecdsa_with_SHA3_224, + .digest = EVP_sha3_224, + .alias = SN_sha3_224, + }, + { + .name = SN_ecdsa_with_SHA3_256, + .digest = EVP_sha3_256, + .alias = SN_sha3_256, + }, + { + .name = SN_ecdsa_with_SHA3_384, + .digest = EVP_sha3_384, + .alias = SN_sha3_384, + }, + { + .name = SN_ecdsa_with_SHA3_512, + .digest = EVP_sha3_512, + .alias = SN_sha3_512, + }, +#endif /* OPENSSL_NO_EC && OPENSSL_NO_SHA3 */ + +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_SHA3) + { + .name = SN_RSA_SHA3_224, + .digest = EVP_sha3_224, + .alias = SN_sha3_224, + }, + { + .name = SN_RSA_SHA3_256, + .digest = EVP_sha3_256, + .alias = SN_sha3_256, + }, + { + .name = SN_RSA_SHA3_384, + .digest = EVP_sha3_384, + .alias = SN_sha3_384, + }, + { + .name = SN_RSA_SHA3_512, + .digest = EVP_sha3_512, + .alias = SN_sha3_512, + }, +#endif /* OPENSSL_NO_RSA && OPENSSL_NO_SHA3 */ + +#ifndef OPENSSL_NO_MD4 + { + .name = LN_md4, + .digest = EVP_md4, + }, +#endif /* OPENSSL_NO_MD4 */ +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_RSA) + { + .name = LN_md4WithRSAEncryption, + .digest = EVP_md4, + .alias = SN_md4, + }, +#endif /* OPENSSL_NO_MD4 */ + +#if !defined(OPENSSL_NO_MD5) + { + .name = LN_md5, + .digest = EVP_md5, + }, +#endif /* OPENSSL_NO_MD5 */ +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_SHA1) + { + .name = LN_md5_sha1, + .digest = EVP_md5_sha1, + }, +#endif /* OPENSSL_NO_MD5 && OPENSSL_NO_SHA1 */ +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_RSA) + { + .name = LN_md5WithRSAEncryption, + .digest = EVP_md5, + .alias = SN_md5, + }, +#endif + +#ifndef OPENSSL_NO_GOST + { + .name = SN_id_GostR3411_94, + .digest = EVP_gostr341194, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_RIPEMD + { + .name = "ripemd", + .digest = EVP_ripemd160, + .alias = SN_ripemd160, + }, + { + .name = LN_ripemd160, + .digest = EVP_ripemd160, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_ripemd160WithRSA, + .digest = EVP_ripemd160, + .alias = SN_ripemd160, + }, +#endif /* OPENSSL_NO_RSA */ + { + .name = "rmd160", + .digest = EVP_ripemd160, + .alias = SN_ripemd160, + }, +#endif /* OPENSSL_NO_RIPEMD */ + +#ifndef OPENSSL_NO_SHA1 + { + .name = LN_sha1, + .digest = EVP_sha1, + }, +#endif /* OPENSSL_NO_SHA1 */ +#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_RSA) + { + .name = LN_sha1WithRSAEncryption, + .digest = EVP_sha1, + .alias = SN_sha1, + }, +#endif /* OPENSSL_NO_SHA1 && OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_SHA256 + { + .name = LN_sha224, + .digest = EVP_sha224, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_sha224WithRSAEncryption, + .digest = EVP_sha224, + .alias = SN_sha224, + }, +#endif /* OPENSSL_NO_RSA */ + { + .name = LN_sha256, + .digest = EVP_sha256, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_sha256WithRSAEncryption, + .digest = EVP_sha256, + .alias = SN_sha256, + }, +#endif /* OPENSSL_NO_RSA */ +#endif /* OPENSSL_NO_SHA256 */ + +#ifndef OPENSSL_NO_SHA3 + { + .name = LN_sha3_224, + .digest = EVP_sha3_224, + }, + { + .name = LN_sha3_256, + .digest = EVP_sha3_256, + }, + { + .name = LN_sha3_384, + .digest = EVP_sha3_384, + }, + { + .name = LN_sha3_512, + .digest = EVP_sha3_512, + }, +#endif /* OPENSSL_NO_SHA3 */ + +#ifndef OPENSSL_NO_SHA512 + { + .name = LN_sha384, + .digest = EVP_sha384, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_sha384WithRSAEncryption, + .digest = EVP_sha384, + .alias = SN_sha384, + }, +#endif /* OPENSSL_NO_RSA */ + { + .name = LN_sha512, + .digest = EVP_sha512, + }, + { + .name = LN_sha512_224, + .digest = EVP_sha512_224, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_sha512_224WithRSAEncryption, + .digest = EVP_sha512_224, + .alias = SN_sha512_224, + }, +#endif + { + .name = LN_sha512_256, + .digest = EVP_sha512_256, + }, +#ifndef OPENSSL_NO_RSA + { + .name = LN_sha512_256WithRSAEncryption, + .digest = EVP_sha512_256, + .alias = SN_sha512_256, + }, + { + .name = LN_sha512WithRSAEncryption, + .digest = EVP_sha512, + .alias = SN_sha512, + }, +#endif +#endif /* OPENSSL_NO_SHA512 */ + +#ifndef OPENSSL_NO_SM3 + { + .name = LN_sm3, + .digest = EVP_sm3, + }, +#endif /* OPENSSL_NO_SM3 */ +#if !defined(OPENSSL_NO_SM3) && !defined(OPENSSL_NO_RSA) + { + .name = LN_sm3WithRSAEncryption, + .digest = EVP_sm3, + .alias = SN_sm3, + }, +#endif /* OPENSSL_NO_SM3 && OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_MD5 + { + .name = "ssl2-md5", + .digest = EVP_md5, + .alias = SN_md5, + }, + { + .name = "ssl3-md5", + .digest = EVP_md5, + .alias = SN_md5, + }, +#endif /* OPENSSL_NO_MD5 */ + +#ifndef OPENSSL_NO_SHA1 + { + .name = "ssl3-sha1", + .digest = EVP_sha1, + .alias = SN_sha1, + }, +#endif /* OPENSSL_NO_SHA1 */ + +#ifndef OPENSSL_NO_GOST + { + .name = SN_id_tc26_gost3411_2012_256, + .digest = EVP_streebog256, + }, + { + .name = SN_id_tc26_gost3411_2012_512, + .digest = EVP_streebog512, + }, +#endif /* OPENSSL_NO_GOST */ + +#ifndef OPENSSL_NO_WHIRLPOOL + { + .name = SN_whirlpool, + .digest = EVP_whirlpool, + }, +#endif +}; + +#define N_DIGEST_NAMES (sizeof(digest_names) / sizeof(digest_names[0])) + +void +EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *, const char *, + const char *, void *), void *arg) +{ + size_t i; + + /* Prayer and clean living lets you ignore errors, OpenSSL style. */ + (void)OPENSSL_init_crypto(0, NULL); + + for (i = 0; i < N_CIPHER_NAMES; i++) { + const struct cipher_name *cipher = &cipher_names[i]; + const EVP_CIPHER *evp_cipher; + + if ((evp_cipher = cipher->cipher()) == NULL) + continue; + + if (cipher->alias != NULL) + fn(NULL, cipher->name, cipher->alias, arg); + else + fn(evp_cipher, cipher->name, NULL, arg); + } +} + +void +EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *, const char *, const char *, + void *), void *arg) +{ + EVP_CIPHER_do_all_sorted(fn, arg); +} + +void +EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *, const char *, const char *, + void *), void *arg) +{ + size_t i; + + /* Prayer and clean living lets you ignore errors, OpenSSL style. */ + (void)OPENSSL_init_crypto(0, NULL); + + for (i = 0; i < N_DIGEST_NAMES; i++) { + const struct digest_name *digest = &digest_names[i]; + const EVP_MD *evp_md; + + if ((evp_md = digest->digest()) == NULL) + continue; + + if (digest->alias != NULL) + fn(NULL, digest->name, digest->alias, arg); + else + fn(evp_md, digest->name, NULL, arg); + } +} + +void +EVP_MD_do_all(void (*fn)(const EVP_MD *, const char *, const char *, void *), + void *arg) +{ + EVP_MD_do_all_sorted(fn, arg); +} + +/* + * The OBJ_NAME API is completely misnamed. It has little to do with objects + * and a lot to do with EVP. Therefore we implement a saner replacement for + * the part of the old madness that we need to keep in the evp directory. + */ + +static int +OBJ_NAME_from_cipher_name(OBJ_NAME *obj_name, const struct cipher_name *cipher) +{ + const EVP_CIPHER *evp_cipher; + + if ((evp_cipher = cipher->cipher()) == NULL) + return 0; + + obj_name->type = OBJ_NAME_TYPE_CIPHER_METH; + obj_name->name = cipher->name; + if (cipher->alias != NULL) { + obj_name->alias = OBJ_NAME_ALIAS; + obj_name->data = cipher->alias; + } else { + obj_name->alias = 0; + obj_name->data = evp_cipher; + } + + return 1; +} + +static void +OBJ_NAME_do_all_ciphers(void (*fn)(const OBJ_NAME *, void *), void *arg) +{ + size_t i; + + for (i = 0; i < N_CIPHER_NAMES; i++) { + const struct cipher_name *cipher = &cipher_names[i]; + OBJ_NAME name; + + if (OBJ_NAME_from_cipher_name(&name, cipher)) + fn(&name, arg); + } +} + +static int +OBJ_NAME_from_digest_name(OBJ_NAME *obj_name, const struct digest_name *digest) +{ + const EVP_MD *evp_md; + + if ((evp_md = digest->digest()) == NULL) + return 0; + + obj_name->type = OBJ_NAME_TYPE_MD_METH; + obj_name->name = digest->name; + if (digest->alias != NULL) { + obj_name->alias = OBJ_NAME_ALIAS; + obj_name->data = digest->alias; + } else { + obj_name->alias = 0; + obj_name->data = evp_md; + } + + return 1; +} + +static void +OBJ_NAME_do_all_digests(void (*fn)(const OBJ_NAME *, void *), void *arg) +{ + size_t i; + + for (i = 0; i < N_DIGEST_NAMES; i++) { + const struct digest_name *digest = &digest_names[i]; + OBJ_NAME name; + + if (OBJ_NAME_from_digest_name(&name, digest)) + fn(&name, arg); + } +} + +void +OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *), void *arg) +{ + /* Prayer and clean living lets you ignore errors, OpenSSL style. */ + (void)OPENSSL_init_crypto(0, NULL); + + if (type == OBJ_NAME_TYPE_CIPHER_METH) + OBJ_NAME_do_all_ciphers(fn, arg); + if (type == OBJ_NAME_TYPE_MD_METH) + OBJ_NAME_do_all_digests(fn, arg); +} +LCRYPTO_ALIAS(OBJ_NAME_do_all_sorted); + +void +OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *), void *arg) +{ + OBJ_NAME_do_all_sorted(type, fn, arg); +} +LCRYPTO_ALIAS(OBJ_NAME_do_all); + +static int +cipher_cmp(const void *a, const void *b) +{ + return strcmp(a, ((const struct cipher_name *)b)->name); +} + +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) +{ + const struct cipher_name *cipher; + + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; + + if (name == NULL) + return NULL; + + if ((cipher = bsearch(name, cipher_names, N_CIPHER_NAMES, + sizeof(*cipher), cipher_cmp)) == NULL) + return NULL; + + return cipher->cipher(); +} + +static int +digest_cmp(const void *a, const void *b) +{ + return strcmp(a, ((const struct digest_name *)b)->name); +} + +const EVP_MD * +EVP_get_digestbyname(const char *name) +{ + const struct digest_name *digest; + + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; + + if (name == NULL) + return NULL; + + if ((digest = bsearch(name, digest_names, N_DIGEST_NAMES, + sizeof(*digest), digest_cmp)) == NULL) + return NULL; + + return digest->digest(); +} + +/* + * XXX - this is here because most of its job was to clean up the dynamic + * tables of ciphers and digests. If we get an evp_lib.c again, it should + * probably move there. + */ + +void +EVP_cleanup(void) +{ +} diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 4a23a98f..532c924a 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pbe.c,v 1.29 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: evp_pbe.c,v 1.46 2024/03/02 10:20:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -59,254 +59,595 @@ #include #include -#include - +#include #include #include +#include +#include #include #include #include "evp_local.h" +#include "hmac_local.h" +#include "pkcs12_local.h" +#include "x509_local.h" /* Password based encryption (PBE) functions */ - -DECLARE_STACK_OF(EVP_PBE_CTL) -static STACK_OF(EVP_PBE_CTL) *pbe_algs; - -/* Setup a cipher context from a PBE algorithm */ - -typedef struct { - int pbe_type; +int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); +int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); +int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, + int en_de); +int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); + +static const struct pbe_config { int pbe_nid; int cipher_nid; int md_nid; EVP_PBE_KEYGEN *keygen; -} EVP_PBE_CTL; - -static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - -#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, -#endif - - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, - -#ifndef OPENSSL_NO_HMAC - {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, -#endif - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - - - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_12_256, -1, NID_id_tc26_gost3411_2012_256, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_12_512, -1, NID_id_tc26_gost3411_2012_512, 0}, +} pbe_outer[] = { + { + .pbe_nid = NID_pbeWithMD2AndDES_CBC, + .cipher_nid = NID_des_cbc, + .md_nid = NID_md2, + .keygen = PKCS5_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbeWithMD5AndDES_CBC, + .cipher_nid = NID_des_cbc, + .md_nid = NID_md5, + .keygen = PKCS5_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbeWithSHA1AndRC2_CBC, + .cipher_nid = NID_rc2_64_cbc, + .md_nid = NID_sha1, + .keygen = PKCS5_PBE_keyivgen, + }, + { + .pbe_nid = NID_id_pbkdf2, + .cipher_nid = -1, + .md_nid = -1, + .keygen = PKCS5_v2_PBKDF2_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And128BitRC4, + .cipher_nid = NID_rc4, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And40BitRC4, + .cipher_nid = NID_rc4_40, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + .cipher_nid = NID_des_ede3_cbc, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And2_Key_TripleDES_CBC, + .cipher_nid = NID_des_ede_cbc, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And128BitRC2_CBC, + .cipher_nid = NID_rc2_cbc, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbe_WithSHA1And40BitRC2_CBC, + .cipher_nid = NID_rc2_40_cbc, + .md_nid = NID_sha1, + .keygen = PKCS12_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbes2, + .cipher_nid = -1, + .md_nid = -1, + .keygen = PKCS5_v2_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbeWithMD2AndRC2_CBC, + .cipher_nid = NID_rc2_64_cbc, + .md_nid = NID_md2, + .keygen = PKCS5_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbeWithMD5AndRC2_CBC, + .cipher_nid = NID_rc2_64_cbc, + .md_nid = NID_md5, + .keygen = PKCS5_PBE_keyivgen, + }, + { + .pbe_nid = NID_pbeWithSHA1AndDES_CBC, + .cipher_nid = NID_des_cbc, + .md_nid = NID_sha1, + .keygen = PKCS5_PBE_keyivgen, + }, }; +#define N_PBE_OUTER (sizeof(pbe_outer) / sizeof(pbe_outer[0])) + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) { - const EVP_CIPHER *cipher; - const EVP_MD *md; - int cipher_nid, md_nid; - EVP_PBE_KEYGEN *keygen; + const struct pbe_config *cfg = NULL; + const EVP_CIPHER *cipher = NULL; + const EVP_MD *md = NULL; + int pbe_nid; + size_t i; - if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), - &cipher_nid, &md_nid, &keygen)) { - char obj_tmp[80]; + if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) { EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) - strlcpy(obj_tmp, "NULL", sizeof obj_tmp); - else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); - ERR_asprintf_error_data("TYPE=%s", obj_tmp); return 0; } - if (!pass) + for (i = 0; i < N_PBE_OUTER; i++) { + if (pbe_nid == pbe_outer[i].pbe_nid) { + cfg = &pbe_outer[i]; + break; + } + } + if (cfg == NULL) { + EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); + ERR_asprintf_error_data("NID=%d", pbe_nid); + return 0; + } + + if (pass == NULL) passlen = 0; - else if (passlen == -1) + if (passlen == -1) passlen = strlen(pass); - if (cipher_nid == -1) - cipher = NULL; - else { - cipher = EVP_get_cipherbynid(cipher_nid); - if (!cipher) { + if (cfg->cipher_nid != -1) { + if ((cipher = EVP_get_cipherbynid(cfg->cipher_nid)) == NULL) { EVPerror(EVP_R_UNKNOWN_CIPHER); return 0; } } - - if (md_nid == -1) - md = NULL; - else { - md = EVP_get_digestbynid(md_nid); - if (!md) { + if (cfg->md_nid != -1) { + if ((md = EVP_get_digestbynid(cfg->md_nid)) == NULL) { EVPerror(EVP_R_UNKNOWN_DIGEST); return 0; } } - if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) { + if (!cfg->keygen(ctx, pass, passlen, param, cipher, md, en_de)) { EVPerror(EVP_R_KEYGEN_FAILURE); return 0; } + return 1; } -static int pbe2_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int pbe2_cmp(EVP_PBE_CTL const *, EVP_PBE_CTL const *); -static EVP_PBE_CTL *OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num); - -static int -pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) +int +PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { - int ret = pbe1->pbe_type - pbe2->pbe_type; + EVP_MD_CTX ctx; + unsigned char md_tmp[EVP_MAX_MD_SIZE]; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + int i; + PBEPARAM *pbe; + int saltlen, iter; + unsigned char *salt; + const unsigned char *pbuf; + int mdsize; + int ret = 0; + + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; + } - if (ret) - return ret; - else - return pbe1->pbe_nid - pbe2->pbe_nid; -} + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; + + pbuf = param->value.sequence->data; + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; + } + if (!pbe->iter) + iter = 1; + else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { + EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + PBEPARAM_free(pbe); + return 0; + } + salt = pbe->salt->data; + saltlen = pbe->salt->length; -static int -pbe2_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - EVP_PBE_CTL const *a = a_; - EVP_PBE_CTL const *b = b_; - return pbe2_cmp(a, b); -} + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); -static EVP_PBE_CTL * -OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num) -{ - return (EVP_PBE_CTL *)OBJ_bsearch_(key, base, num, sizeof(EVP_PBE_CTL), - pbe2_cmp_BSEARCH_CMP_FN); -} + EVP_MD_CTX_legacy_clear(&ctx); + + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, pass, passlen)) + goto err; + if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + goto err; + if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + goto err; + for (i = 1; i < iter; i++) { + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + goto err; + if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) + goto err; + } + if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + goto err; + } + memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { + EVPerror(EVP_R_IV_TOO_LARGE); + goto err; + } + memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), + EVP_CIPHER_iv_length(cipher)); + if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) + goto err; + explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); -static int -pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b) -{ - int ret = (*a)->pbe_type - (*b)->pbe_type; + ret = 1; - if (ret) - return ret; - else - return (*a)->pbe_nid - (*b)->pbe_nid; + err: + EVP_MD_CTX_cleanup(&ctx); + PBEPARAM_free(pbe); + + return ret; } -/* Add a PBE algorithm */ +/* + * PKCS#5 v2.0 password based encryption key derivation function PBKDF2. + */ int -EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen) +PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) { - EVP_PBE_CTL *pbe_tmp; + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, j, k, tkeylen, mdlen; + unsigned long i = 1; + HMAC_CTX hctx_tpl, hctx; - if (pbe_algs == NULL) { - pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (pbe_algs == NULL) { - EVPerror(ERR_R_MALLOC_FAILURE); - return 0; - } - } - pbe_tmp = malloc(sizeof(EVP_PBE_CTL)); - if (pbe_tmp == NULL) { - EVPerror(ERR_R_MALLOC_FAILURE); + mdlen = EVP_MD_size(digest); + if (mdlen < 0) return 0; - } - pbe_tmp->pbe_type = pbe_type; - pbe_tmp->pbe_nid = pbe_nid; - pbe_tmp->cipher_nid = cipher_nid; - pbe_tmp->md_nid = md_nid; - pbe_tmp->keygen = keygen; - if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) { - free(pbe_tmp); - EVPerror(ERR_R_MALLOC_FAILURE); + HMAC_CTX_init(&hctx_tpl); + p = out; + tkeylen = keylen; + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); + if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); return 0; } + while (tkeylen) { + if (tkeylen > mdlen) + cplen = mdlen; + else + cplen = tkeylen; + /* + * We are unlikely to ever use more than 256 blocks (5120 bits!) + * but just in case... + */ + itmp[0] = (unsigned char)((i >> 24) & 0xff); + itmp[1] = (unsigned char)((i >> 16) & 0xff); + itmp[2] = (unsigned char)((i >> 8) & 0xff); + itmp[3] = (unsigned char)(i & 0xff); + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, salt, saltlen) || + !HMAC_Update(&hctx, itmp, 4) || + !HMAC_Final(&hctx, digtmp, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_cleanup(&hctx); + return 0; + } + HMAC_CTX_cleanup(&hctx); + memcpy(p, digtmp, cplen); + for (j = 1; j < iter; j++) { + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, digtmp, mdlen) || + !HMAC_Final(&hctx, digtmp, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_cleanup(&hctx); + return 0; + } + HMAC_CTX_cleanup(&hctx); + for (k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } + tkeylen -= cplen; + i++; + p += cplen; + } + HMAC_CTX_cleanup(&hctx_tpl); return 1; } int -EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) +PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, int keylen, unsigned char *out) { - int cipher_nid, md_nid; + return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, + EVP_sha1(), keylen, out); +} - if (cipher) - cipher_nid = EVP_CIPHER_nid(cipher); - else - cipher_nid = -1; - if (md) - md_nid = EVP_MD_type(md); - else - md_nid = -1; +/* + * Now the key derivation function itself. This is a bit evil because + * it has to check the ASN1 parameters are valid: and there are quite a + * few of them... + */ + +int +PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) +{ + const unsigned char *pbuf; + int plen; + PBE2PARAM *pbe2 = NULL; + const EVP_CIPHER *cipher; + int ret = 0; + + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerror(EVP_R_DECODE_ERROR); + goto err; + } + + pbuf = param->value.sequence->data; + plen = param->value.sequence->length; + if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + EVPerror(EVP_R_DECODE_ERROR); + goto err; + } + + /* See if we recognise the key derivation function */ + + if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { + EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); + goto err; + } + + /* Let's see if we recognise the encryption algorithm. */ + cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); + if (!cipher) { + EVPerror(EVP_R_UNSUPPORTED_CIPHER); + goto err; + } - return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, - cipher_nid, md_nid, keygen); + /* Fixup cipher based on AlgorithmIdentifier */ + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) + goto err; + if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { + EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); + goto err; + } + + ret = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, + pbe2->keyfunc->parameter, c, md, en_de); + + err: + PBE2PARAM_free(pbe2); + + return ret; +} + +static int +md_nid_from_prf_nid(int nid) +{ + switch (nid) { + case NID_hmacWithMD5: + return NID_md5; + case NID_hmacWithSHA1: + return NID_sha1; + case NID_hmacWithSHA224: + return NID_sha224; + case NID_hmacWithSHA256: + return NID_sha256; + case NID_hmacWithSHA384: + return NID_sha384; + case NID_hmacWithSHA512: + return NID_sha512; + case NID_hmacWithSHA512_224: + return NID_sha512_224; + case NID_hmacWithSHA512_256: + return NID_sha512_256; + case NID_hmac_sha3_224: + return NID_sha3_224; + case NID_hmac_sha3_256: + return NID_sha3_256; + case NID_hmac_sha3_384: + return NID_sha3_384; + case NID_hmac_sha3_512: + return NID_sha3_512; +#ifndef OPENSSL_NO_GOST + case NID_id_HMACGostR3411_94: + return NID_id_GostR3411_94; + case NID_id_tc26_hmac_gost_3411_12_256: + return NID_id_tc26_gost3411_2012_256; + case NID_id_tc26_hmac_gost_3411_12_512: + return NID_id_tc26_gost3411_2012_512; +#endif + default: + return NID_undef; + } } int -EVP_PBE_find(int type, int pbe_nid, - int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) +PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - EVP_PBE_CTL *pbetmp = NULL, pbelu; - int i; - if (pbe_nid == NID_undef) + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + unsigned int keylen = 0; + int prf_nid, hmac_md_nid; + PBKDF2PARAM *kdf = NULL; + const EVP_MD *prfmd; + int ret = 0; + + if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; + } + keylen = EVP_CIPHER_CTX_key_length(ctx); + if (keylen > sizeof key) { + EVPerror(EVP_R_BAD_KEY_LENGTH); return 0; + } - pbelu.pbe_type = type; - pbelu.pbe_nid = pbe_nid; + /* Decode parameter */ - if (pbe_algs) { - i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); - if (i != -1) - pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i); - } - if (pbetmp == NULL) { - pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, - sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL)); + if (!param || (param->type != V_ASN1_SEQUENCE)) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; } - if (pbetmp == NULL) + + pbuf = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { + EVPerror(EVP_R_DECODE_ERROR); return 0; - if (pcnid) - *pcnid = pbetmp->cipher_nid; - if (pmnid) - *pmnid = pbetmp->md_nid; - if (pkeygen) - *pkeygen = pbetmp->keygen; - return 1; + } + + /* Now check the parameters of the kdf */ + + if (kdf->keylength && + (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ + EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); + goto err; + } + + if (kdf->prf) + prf_nid = OBJ_obj2nid(kdf->prf->algorithm); + else + prf_nid = NID_hmacWithSHA1; + + if ((hmac_md_nid = md_nid_from_prf_nid(prf_nid)) == NID_undef) { + EVPerror(EVP_R_UNSUPPORTED_PRF); + goto err; + } + + prfmd = EVP_get_digestbynid(hmac_md_nid); + if (prfmd == NULL) { + EVPerror(EVP_R_UNSUPPORTED_PRF); + goto err; + } + + if (kdf->salt->type != V_ASN1_OCTET_STRING) { + EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); + goto err; + } + + /* it seems that its all OK */ + salt = kdf->salt->value.octet_string->data; + saltlen = kdf->salt->value.octet_string->length; + if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { + EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + goto err; + } + if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, + keylen, key)) + goto err; + + ret = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); + + err: + explicit_bzero(key, keylen); + PBKDF2PARAM_free(kdf); + + return ret; } -static void -free_evp_pbe_ctl(EVP_PBE_CTL *pbe) +void +PKCS12_PBE_add(void) { - free(pbe); } +LCRYPTO_ALIAS(PKCS12_PBE_add); -void -EVP_PBE_cleanup(void) +int +PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { - sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); - pbe_algs = NULL; + PBEPARAM *pbe; + int saltlen, iter, ret; + unsigned char *salt; + const unsigned char *pbuf; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + PKCS12error(PKCS12_R_DECODE_ERROR); + return 0; + } + + pbuf = param->value.sequence->data; + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + PKCS12error(PKCS12_R_DECODE_ERROR); + return 0; + } + + if (!pbe->iter) + iter = 1; + else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { + PKCS12error(PKCS12_R_DECODE_ERROR); + PBEPARAM_free(pbe); + return 0; + } + salt = pbe->salt->data; + saltlen = pbe->salt->length; + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, + iter, EVP_CIPHER_key_length(cipher), key, md)) { + PKCS12error(PKCS12_R_KEY_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; + } + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, + iter, EVP_CIPHER_iv_length(cipher), iv, md)) { + PKCS12error(PKCS12_R_IV_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; + } + PBEPARAM_free(pbe); + ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); + return ret; } +LCRYPTO_ALIAS(PKCS12_PBE_keyivgen); diff --git a/crypto/evp/m_gost2814789.c b/crypto/evp/m_gost2814789.c deleted file mode 100644 index 9b8a09e5..00000000 --- a/crypto/evp/m_gost2814789.c +++ /dev/null @@ -1,113 +0,0 @@ -/* $OpenBSD: m_gost2814789.c,v 1.6 2023/07/07 19:37:53 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -#include "evp_local.h" - -static int -gost2814789_init(EVP_MD_CTX *ctx) -{ - return GOST2814789IMIT_Init(ctx->md_data, - NID_id_Gost28147_89_CryptoPro_A_ParamSet); -} - -static int -gost2814789_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOST2814789IMIT_Update(ctx->md_data, data, count); -} - -static int -gost2814789_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOST2814789IMIT_Final(md, ctx->md_data); -} - -static int -gost2814789_md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -{ - GOST2814789IMIT_CTX *gctx = ctx->md_data; - - switch (cmd) { - case EVP_MD_CTRL_SET_KEY: - return Gost2814789_set_key(&gctx->cipher, p2, p1); - case EVP_MD_CTRL_GOST_SET_SBOX: - return Gost2814789_set_sbox(&gctx->cipher, p1); - } - return -2; -} - -static const EVP_MD gost2814789imit_md = { - .type = NID_id_Gost28147_89_MAC, - .pkey_type = NID_undef, - .md_size = GOST2814789IMIT_LENGTH, - .flags = 0, - .init = gost2814789_init, - .update = gost2814789_update, - .final = gost2814789_final, - .block_size = GOST2814789IMIT_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX), - .md_ctrl = gost2814789_md_ctrl, -}; - -const EVP_MD * -EVP_gost2814789imit(void) -{ - return (&gost2814789imit_md); -} -#endif diff --git a/crypto/evp/m_gostr341194.c b/crypto/evp/m_gostr341194.c deleted file mode 100644 index 723349a0..00000000 --- a/crypto/evp/m_gostr341194.c +++ /dev/null @@ -1,100 +0,0 @@ -/* $OpenBSD: m_gostr341194.c,v 1.7 2023/07/07 19:37:53 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -#include "evp_local.h" - -static int -gostr341194_init(EVP_MD_CTX *ctx) -{ - return GOSTR341194_Init(ctx->md_data, - NID_id_GostR3411_94_CryptoProParamSet); -} - -static int -gostr341194_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return GOSTR341194_Update(ctx->md_data, data, count); -} - -static int -gostr341194_final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return GOSTR341194_Final(md, ctx->md_data); -} - -static const EVP_MD gostr341194_md = { - .type = NID_id_GostR3411_94, - .pkey_type = NID_undef, - .md_size = GOSTR341194_LENGTH, - .flags = 0, - .init = gostr341194_init, - .update = gostr341194_update, - .final = gostr341194_final, - .block_size = GOSTR341194_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX), -}; - -const EVP_MD * -EVP_gostr341194(void) -{ - return (&gostr341194_md); -} -#endif diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 47c01f78..a72671ed 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: m_sigver.c,v 1.13 2023/07/07 19:37:53 beck Exp $ */ +/* $OpenBSD: m_sigver.c,v 1.15 2024/02/18 15:45:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -74,10 +74,10 @@ update_oneshot_only(EVP_MD_CTX *ctx, const void *data, size_t datalen) static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, - ENGINE *e, EVP_PKEY *pkey, int ver) + EVP_PKEY *pkey, int ver) { if (ctx->pctx == NULL) - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); + ctx->pctx = EVP_PKEY_CTX_new(pkey, NULL); if (ctx->pctx == NULL) return 0; @@ -122,7 +122,7 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, *pctx = ctx->pctx; if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) return 1; - if (!EVP_DigestInit_ex(ctx, type, e)) + if (!EVP_DigestInit_ex(ctx, type, NULL)) return 0; return 1; } @@ -131,14 +131,14 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, e, pkey, 0); + return do_sigver_init(ctx, pctx, type, pkey, 0); } int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) { - return do_sigver_init(ctx, pctx, type, e, pkey, 1); + return do_sigver_init(ctx, pctx, type, pkey, 1); } int @@ -171,7 +171,7 @@ EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) EVP_MD_CTX tmp_ctx; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen = 0; - EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_legacy_clear(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) return 0; if (sctx) @@ -228,7 +228,7 @@ EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) vctx = 1; else vctx = 0; - EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_legacy_clear(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) return -1; if (vctx) { diff --git a/crypto/evp/m_streebog.c b/crypto/evp/m_streebog.c deleted file mode 100644 index 48fa6586..00000000 --- a/crypto/evp/m_streebog.c +++ /dev/null @@ -1,133 +0,0 @@ -/* $OpenBSD: m_streebog.c,v 1.7 2023/07/07 19:37:54 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST - -#include -#include -#include - -#include "evp_local.h" - -static int -streebog_init256(EVP_MD_CTX *ctx) -{ - return STREEBOG256_Init(ctx->md_data); -} - -static int -streebog_update256(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return STREEBOG256_Update(ctx->md_data, data, count); -} - -static int -streebog_final256(EVP_MD_CTX *ctx, unsigned char *md) -{ - return STREEBOG256_Final(md, ctx->md_data); -} - -static int -streebog_init512(EVP_MD_CTX *ctx) -{ - return STREEBOG512_Init(ctx->md_data); -} - -static int -streebog_update512(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return STREEBOG512_Update(ctx->md_data, data, count); -} - -static int -streebog_final512(EVP_MD_CTX *ctx, unsigned char *md) -{ - return STREEBOG512_Final(md, ctx->md_data); -} - -static const EVP_MD streebog256_md = { - .type = NID_id_tc26_gost3411_2012_256, - .pkey_type = NID_undef, - .md_size = STREEBOG256_LENGTH, - .flags = 0, - .init = streebog_init256, - .update = streebog_update256, - .final = streebog_final256, - .block_size = STREEBOG_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), -}; - -static const EVP_MD streebog512_md = { - .type = NID_id_tc26_gost3411_2012_512, - .pkey_type = NID_undef, - .md_size = STREEBOG512_LENGTH, - .flags = 0, - .init = streebog_init512, - .update = streebog_update512, - .final = streebog_final512, - .block_size = STREEBOG_CBLOCK, - .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), -}; - -const EVP_MD * -EVP_streebog256(void) -{ - return (&streebog256_md); -} - -const EVP_MD * -EVP_streebog512(void) -{ - return (&streebog512_md); -} -#endif diff --git a/crypto/evp/names.c b/crypto/evp/names.c deleted file mode 100644 index 5242892e..00000000 --- a/crypto/evp/names.c +++ /dev/null @@ -1,240 +0,0 @@ -/* $OpenBSD: names.c,v 1.21 2023/08/26 02:59:13 tb Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -#include "evp_local.h" - -extern int obj_cleanup_defer; -void check_defer(int nid); - -int -EVP_add_cipher(const EVP_CIPHER *c) -{ - int r; - - if (c == NULL) - return 0; - - r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - if (r == 0) - return (0); - check_defer(c->nid); - r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - return (r); -} - -int -EVP_add_digest(const EVP_MD *md) -{ - int r; - const char *name; - - name = OBJ_nid2sn(md->type); - r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); - if (r == 0) - return (0); - check_defer(md->type); - r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, - (const char *)md); - if (r == 0) - return (0); - - if (md->pkey_type && md->type != md->pkey_type) { - r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); - if (r == 0) - return (0); - check_defer(md->pkey_type); - r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); - } - return (r); -} - -const EVP_CIPHER * -EVP_get_cipherbyname(const char *name) -{ - if (!OPENSSL_init_crypto(0, NULL)) - return NULL; - - return (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); -} - -const EVP_MD * -EVP_get_digestbyname(const char *name) -{ - if (!OPENSSL_init_crypto(0, NULL)) - return NULL; - - return (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); -} - -void -EVP_cleanup(void) -{ - OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); - OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); - /* The above calls will only clean out the contents of the name - hash table, but not the hash table itself. The following line - does that part. -- Richard Levitte */ - OBJ_NAME_cleanup(-1); - - EVP_PBE_cleanup(); - if (obj_cleanup_defer == 2) { - obj_cleanup_defer = 0; - OBJ_cleanup(); - } -} - -struct doall_cipher { - void *arg; - void (*fn)(const EVP_CIPHER *ciph, const char *from, const char *to, - void *arg); -}; - -static void -do_all_cipher_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_cipher *dc = arg; - - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); -} - -void -EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg) -{ - struct doall_cipher dc; - - /* Prayer and clean living lets you ignore errors, OpenSSL style */ - (void) OPENSSL_init_crypto(0, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -} - -void -EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from, - const char *to, void *x), void *arg) -{ - struct doall_cipher dc; - - /* Prayer and clean living lets you ignore errors, OpenSSL style */ - (void) OPENSSL_init_crypto(0, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - do_all_cipher_fn, &dc); -} - -struct doall_md { - void *arg; - void (*fn)(const EVP_MD *ciph, const char *from, const char *to, - void *arg); -}; - -static void -do_all_md_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_md *dc = arg; - - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); -} - -void -EVP_MD_do_all(void (*fn)(const EVP_MD *md, const char *from, const char *to, - void *x), void *arg) -{ - struct doall_md dc; - - /* Prayer and clean living lets you ignore errors, OpenSSL style */ - (void) OPENSSL_init_crypto(0, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} - -void -EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md, - const char *from, const char *to, void *x), void *arg) -{ - struct doall_md dc; - - /* Prayer and clean living lets you ignore errors, OpenSSL style */ - (void) OPENSSL_init_crypto(0, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c deleted file mode 100644 index d26439ad..00000000 --- a/crypto/evp/p5_crpt.c +++ /dev/null @@ -1,163 +0,0 @@ -/* $OpenBSD: p5_crpt.c,v 1.23 2023/07/07 19:37:54 beck Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include -#include -#include - -#include "evp_local.h" - -/* Doesn't do anything now: Builtin PBE algorithms in static table. - */ - -void -PKCS5_PBE_add(void) -{ -} - -int -PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) -{ - EVP_MD_CTX ctx; - unsigned char md_tmp[EVP_MAX_MD_SIZE]; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int i; - PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt; - const unsigned char *pbuf; - int mdsize; - int rv = 0; - - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - EVPerror(EVP_R_DECODE_ERROR); - return 0; - } - - mdsize = EVP_MD_size(md); - if (mdsize < 0) - return 0; - - pbuf = param->value.sequence->data; - if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - EVPerror(EVP_R_DECODE_ERROR); - return 0; - } - - if (!pbe->iter) - iter = 1; - else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { - EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); - PBEPARAM_free(pbe); - return 0; - } - salt = pbe->salt->data; - saltlen = pbe->salt->length; - - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - - EVP_MD_CTX_init(&ctx); - - if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; - if (!EVP_DigestUpdate(&ctx, pass, passlen)) - goto err; - if (!EVP_DigestUpdate(&ctx, salt, saltlen)) - goto err; - if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) - goto err; - for (i = 1; i < iter; i++) { - if (!EVP_DigestInit_ex(&ctx, md, NULL)) - goto err; - if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) - goto err; - if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) - goto err; - } - if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { - EVPerror(EVP_R_BAD_KEY_LENGTH); - goto err; - } - memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); - if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { - EVPerror(EVP_R_IV_TOO_LARGE); - goto err; - } - memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); - if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) - goto err; - explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); - explicit_bzero(key, EVP_MAX_KEY_LENGTH); - explicit_bzero(iv, EVP_MAX_IV_LENGTH); - rv = 1; -err: - EVP_MD_CTX_cleanup(&ctx); - PBEPARAM_free(pbe); - return rv; -} diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c deleted file mode 100644 index 3c66af93..00000000 --- a/crypto/evp/p5_crpt2.c +++ /dev/null @@ -1,307 +0,0 @@ -/* $OpenBSD: p5_crpt2.c,v 1.27 2023/07/07 19:37:54 beck Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include - -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) - -#include -#include -#include -#include - -#include "evp_local.h" -#include "hmac_local.h" - -/* This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2. - * SHA1 version verified against test vectors posted by Peter Gutmann - * to the PKCS-TNG mailing list. - */ - -int -PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) -{ - unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; - int cplen, j, k, tkeylen, mdlen; - unsigned long i = 1; - HMAC_CTX hctx_tpl, hctx; - - mdlen = EVP_MD_size(digest); - if (mdlen < 0) - return 0; - - HMAC_CTX_init(&hctx_tpl); - p = out; - tkeylen = keylen; - if (!pass) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - while (tkeylen) { - if (tkeylen > mdlen) - cplen = mdlen; - else - cplen = tkeylen; - /* We are unlikely to ever use more than 256 blocks (5120 bits!) - * but just in case... - */ - itmp[0] = (unsigned char)((i >> 24) & 0xff); - itmp[1] = (unsigned char)((i >> 16) & 0xff); - itmp[2] = (unsigned char)((i >> 8) & 0xff); - itmp[3] = (unsigned char)(i & 0xff); - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, salt, saltlen) || - !HMAC_Update(&hctx, itmp, 4) || - !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - memcpy(p, digtmp, cplen); - for (j = 1; j < iter; j++) { - if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { - HMAC_CTX_cleanup(&hctx_tpl); - return 0; - } - if (!HMAC_Update(&hctx, digtmp, mdlen) || - !HMAC_Final(&hctx, digtmp, NULL)) { - HMAC_CTX_cleanup(&hctx_tpl); - HMAC_CTX_cleanup(&hctx); - return 0; - } - HMAC_CTX_cleanup(&hctx); - for (k = 0; k < cplen; k++) - p[k] ^= digtmp[k]; - } - tkeylen -= cplen; - i++; - p += cplen; - } - HMAC_CTX_cleanup(&hctx_tpl); - return 1; -} - -int -PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, int keylen, unsigned char *out) -{ - return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, - EVP_sha1(), keylen, out); -} - -/* Now the key derivation function itself. This is a bit evil because - * it has to check the ASN1 parameters are valid: and there are quite a - * few of them... - */ - -int -PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - const unsigned char *pbuf; - int plen; - PBE2PARAM *pbe2 = NULL; - const EVP_CIPHER *cipher; - - int rv = 0; - - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - EVPerror(EVP_R_DECODE_ERROR); - goto err; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; - if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { - EVPerror(EVP_R_DECODE_ERROR); - goto err; - } - - /* See if we recognise the key derivation function */ - - if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { - EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); - goto err; - } - - /* lets see if we recognise the encryption algorithm. - */ - - cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); - - if (!cipher) { - EVPerror(EVP_R_UNSUPPORTED_CIPHER); - goto err; - } - - /* Fixup cipher based on AlgorithmIdentifier */ - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) - goto err; - if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { - EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); - goto err; - } - rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, - pbe2->keyfunc->parameter, c, md, en_de); - -err: - PBE2PARAM_free(pbe2); - return rv; -} - -int -PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; - const unsigned char *pbuf; - int saltlen, iter, plen; - int rv = 0; - unsigned int keylen = 0; - int prf_nid, hmac_md_nid; - PBKDF2PARAM *kdf = NULL; - const EVP_MD *prfmd; - - if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - EVPerror(EVP_R_NO_CIPHER_SET); - return 0; - } - keylen = EVP_CIPHER_CTX_key_length(ctx); - if (keylen > sizeof key) { - EVPerror(EVP_R_BAD_KEY_LENGTH); - return 0; - } - - /* Decode parameter */ - - if (!param || (param->type != V_ASN1_SEQUENCE)) { - EVPerror(EVP_R_DECODE_ERROR); - return 0; - } - - pbuf = param->value.sequence->data; - plen = param->value.sequence->length; - - if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { - EVPerror(EVP_R_DECODE_ERROR); - return 0; - } - - /* Now check the parameters of the kdf */ - - if (kdf->keylength && - (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ - EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); - goto err; - } - - if (kdf->prf) - prf_nid = OBJ_obj2nid(kdf->prf->algorithm); - else - prf_nid = NID_hmacWithSHA1; - - if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { - EVPerror(EVP_R_UNSUPPORTED_PRF); - goto err; - } - - prfmd = EVP_get_digestbynid(hmac_md_nid); - if (prfmd == NULL) { - EVPerror(EVP_R_UNSUPPORTED_PRF); - goto err; - } - - if (kdf->salt->type != V_ASN1_OCTET_STRING) { - EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); - goto err; - } - - /* it seems that its all OK */ - salt = kdf->salt->value.octet_string->data; - saltlen = kdf->salt->value.octet_string->length; - if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { - EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); - goto err; - } - if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, - keylen, key)) - goto err; - rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - -err: - explicit_bzero(key, keylen); - PBKDF2PARAM_free(kdf); - return rv; -} - -#endif diff --git a/crypto/evp/p_open.c b/crypto/evp/p_legacy.c similarity index 71% rename from crypto/evp/p_open.c rename to crypto/evp/p_legacy.c index d18548e3..2036258d 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_open.c,v 1.23 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: p_legacy.c,v 1.3 2024/02/18 15:44:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,21 +56,41 @@ * [including the GNU Public Licence.] */ -#include -#include +#include -#include - -#ifndef OPENSSL_NO_RSA - -#include #include -#include +#include + #include -#include #include "evp_local.h" +int +EVP_PKEY_decrypt_old(unsigned char *to, const unsigned char *from, int from_len, + EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); + return -1; + } + + return RSA_private_decrypt(from_len, from, to, pkey->pkey.rsa, + RSA_PKCS1_PADDING); +} + +int +EVP_PKEY_encrypt_old(unsigned char *to, const unsigned char *from, int from_len, + EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); + return 0; + } + + return RSA_public_encrypt(from_len, from, to, pkey->pkey.rsa, + RSA_PKCS1_PADDING); +} + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv) @@ -79,7 +99,7 @@ EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, int i, size = 0, ret = 0; if (type) { - EVP_CIPHER_CTX_init(ctx); + EVP_CIPHER_CTX_legacy_clear(ctx); if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) return 0; } @@ -125,4 +145,48 @@ EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); return (i); } -#endif + +int +EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) +{ + unsigned char key[EVP_MAX_KEY_LENGTH]; + int i, iv_len; + + if (type) { + EVP_CIPHER_CTX_legacy_clear(ctx); + if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) + return 0; + } + if ((npubk <= 0) || !pubk) + return 1; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + return 0; + /* XXX - upper bound? */ + if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) + return 0; + if (iv_len > 0) + arc4random_buf(iv, iv_len); + + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + return 0; + + for (i = 0; i < npubk; i++) { + ekl[i] = EVP_PKEY_encrypt_old(ek[i], key, + EVP_CIPHER_CTX_key_length(ctx), pubk[i]); + if (ekl[i] <= 0) + return (-1); + } + return (npubk); +} + +int +EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + int i; + + i = EVP_EncryptFinal_ex(ctx, out, outl); + if (i) + i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); + return i; +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 23ec8e60..8bf82056 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.37 2023/09/10 17:32:17 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.59 2024/03/02 11:17:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,13 +55,62 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ #include +#include +#include -#include - -#include +#include +#include #include +#include #include #include #include @@ -73,18 +122,136 @@ #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif #ifndef OPENSSL_NO_RSA #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif - -#include "asn1_local.h" #include "evp_local.h" -static void EVP_PKEY_free_it(EVP_PKEY *x); +extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa1_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa2_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa3_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD dsa4_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD x25519_asn1_meth; + +static const EVP_PKEY_ASN1_METHOD *asn1_methods[] = { + &cmac_asn1_meth, + &dh_asn1_meth, + &dsa_asn1_meth, + &dsa1_asn1_meth, + &dsa2_asn1_meth, + &dsa3_asn1_meth, + &dsa4_asn1_meth, + &eckey_asn1_meth, + &ed25519_asn1_meth, + &hmac_asn1_meth, + &rsa_asn1_meth, + &rsa2_asn1_meth, + &rsa_pss_asn1_meth, + &x25519_asn1_meth, +}; + +#define N_ASN1_METHODS (sizeof(asn1_methods) / sizeof(asn1_methods[0])) + +int +EVP_PKEY_asn1_get_count(void) +{ + return N_ASN1_METHODS; +} + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_get0(int idx) +{ + if (idx < 0 || idx >= N_ASN1_METHODS) + return NULL; + + return asn1_methods[idx]; +} + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_find(ENGINE **engine, int pkey_id) +{ + size_t i; + + if (engine != NULL) + *engine = NULL; + + for (i = 0; i < N_ASN1_METHODS; i++) { + if (asn1_methods[i]->pkey_id == pkey_id) + return asn1_methods[i]->base_method; + } + + return NULL; +} + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_find_str(ENGINE **engine, const char *str, int len) +{ + const EVP_PKEY_ASN1_METHOD *ameth; + size_t i, str_len; + + if (engine != NULL) + *engine = NULL; + + if (len < -1) + return NULL; + if (len == -1) + str_len = strlen(str); + else + str_len = len; + + for (i = 0; i < N_ASN1_METHODS; i++) { + ameth = asn1_methods[i]; + if ((ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) + continue; + if (strlen(ameth->pem_str) != str_len) + continue; + if (strncasecmp(ameth->pem_str, str, str_len) == 0) + return ameth; + } + + return NULL; +} + +int +EVP_PKEY_asn1_get0_info(int *pkey_id, int *pkey_base_id, int *pkey_flags, + const char **info, const char **pem_str, + const EVP_PKEY_ASN1_METHOD *ameth) +{ + if (ameth == NULL) + return 0; + + if (pkey_id != NULL) + *pkey_id = ameth->pkey_id; + if (pkey_base_id != NULL) + *pkey_base_id = ameth->base_method->pkey_id; + if (pkey_flags != NULL) + *pkey_flags = ameth->pkey_flags; + if (info != NULL) + *info = ameth->info; + if (pem_str != NULL) + *pem_str = ameth->pem_str; + + return 1; +} + +const EVP_PKEY_ASN1_METHOD* +EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) +{ + return pkey->ameth; +} int EVP_PKEY_bits(const EVP_PKEY *pkey) @@ -199,110 +366,122 @@ EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) EVP_PKEY * EVP_PKEY_new(void) { - EVP_PKEY *ret; + EVP_PKEY *pkey; - ret = malloc(sizeof(EVP_PKEY)); - if (ret == NULL) { + if ((pkey = calloc(1, sizeof(*pkey))) == NULL) { EVPerror(ERR_R_MALLOC_FAILURE); - return (NULL); + return NULL; } - ret->type = EVP_PKEY_NONE; - ret->save_type = EVP_PKEY_NONE; - ret->references = 1; - ret->ameth = NULL; - ret->engine = NULL; - ret->pkey.ptr = NULL; - ret->attributes = NULL; - ret->save_parameters = 1; - return (ret); + + pkey->type = EVP_PKEY_NONE; + pkey->references = 1; + pkey->save_parameters = 1; + + return pkey; } int EVP_PKEY_up_ref(EVP_PKEY *pkey) { - int refs = CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); - return ((refs > 1) ? 1 : 0); + return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) > 1; } -/* Setup a public key ASN1 method and ENGINE from a NID or a string. - * If pkey is NULL just return 1 or 0 if the algorithm exists. - */ +static void +evp_pkey_free_pkey_ptr(EVP_PKEY *pkey) +{ + if (pkey == NULL || pkey->ameth == NULL || pkey->ameth->pkey_free == NULL) + return; -static int -pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len) + pkey->ameth->pkey_free(pkey); + pkey->pkey.ptr = NULL; +} + +void +EVP_PKEY_free(EVP_PKEY *pkey) +{ + if (pkey == NULL) + return; + + if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY) > 0) + return; + + evp_pkey_free_pkey_ptr(pkey); + sk_X509_ATTRIBUTE_pop_free(pkey->attributes, X509_ATTRIBUTE_free); + freezero(pkey, sizeof(*pkey)); +} + +int +EVP_PKEY_set_type(EVP_PKEY *pkey, int type) { const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE **eptr = NULL; - - if (e == NULL) - eptr = &e; - - if (pkey) { - if (pkey->pkey.ptr) - EVP_PKEY_free_it(pkey); - /* If key type matches and a method exists then this - * lookup has succeeded once so just indicate success. - */ - if ((type == pkey->save_type) && pkey->ameth) - return 1; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(pkey->engine); - pkey->engine = NULL; -#endif - } - if (str) - ameth = EVP_PKEY_asn1_find_str(eptr, str, len); - else - ameth = EVP_PKEY_asn1_find(eptr, type); -#ifndef OPENSSL_NO_ENGINE - if (pkey == NULL && eptr != NULL) - ENGINE_finish(e); -#endif - if (!ameth) { + + evp_pkey_free_pkey_ptr(pkey); + + if ((ameth = EVP_PKEY_asn1_find(NULL, type)) == NULL) { EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); return 0; } - if (pkey) { + if (pkey != NULL) { pkey->ameth = ameth; - pkey->engine = e; + pkey->type = pkey->ameth->pkey_id; + } + + return 1; +} +int +EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) +{ + const EVP_PKEY_ASN1_METHOD *ameth; + + evp_pkey_free_pkey_ptr(pkey); + + if ((ameth = EVP_PKEY_asn1_find_str(NULL, str, len)) == NULL) { + EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + if (pkey != NULL) { + pkey->ameth = ameth; pkey->type = pkey->ameth->pkey_id; - pkey->save_type = type; } + return 1; } int -EVP_PKEY_set_type(EVP_PKEY *pkey, int type) +EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - return pkey_set_type(pkey, NULL, type, NULL, -1); + if (!EVP_PKEY_set_type(pkey, type)) + return 0; + + return (pkey->pkey.ptr = key) != NULL; } EVP_PKEY * EVP_PKEY_new_raw_private_key(int type, ENGINE *engine, const unsigned char *private_key, size_t len) { - EVP_PKEY *ret; + EVP_PKEY *pkey; - if ((ret = EVP_PKEY_new()) == NULL) + if ((pkey = EVP_PKEY_new()) == NULL) goto err; - if (!pkey_set_type(ret, engine, type, NULL, -1)) + if (!EVP_PKEY_set_type(pkey, type)) goto err; - if (ret->ameth->set_priv_key == NULL) { + if (pkey->ameth->set_priv_key == NULL) { EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); goto err; } - if (!ret->ameth->set_priv_key(ret, private_key, len)) { + if (!pkey->ameth->set_priv_key(pkey, private_key, len)) { EVPerror(EVP_R_KEY_SETUP_FAILED); goto err; } - return ret; + return pkey; err: - EVP_PKEY_free(ret); + EVP_PKEY_free(pkey); return NULL; } @@ -311,27 +490,27 @@ EVP_PKEY * EVP_PKEY_new_raw_public_key(int type, ENGINE *engine, const unsigned char *public_key, size_t len) { - EVP_PKEY *ret; + EVP_PKEY *pkey; - if ((ret = EVP_PKEY_new()) == NULL) + if ((pkey = EVP_PKEY_new()) == NULL) goto err; - if (!pkey_set_type(ret, engine, type, NULL, -1)) + if (!EVP_PKEY_set_type(pkey, type)) goto err; - if (ret->ameth->set_pub_key == NULL) { + if (pkey->ameth->set_pub_key == NULL) { EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); goto err; } - if (!ret->ameth->set_pub_key(ret, public_key, len)) { + if (!pkey->ameth->set_pub_key(pkey, public_key, len)) { EVPerror(EVP_R_KEY_SETUP_FAILED); goto err; } - return ret; + return pkey; err: - EVP_PKEY_free(ret); + EVP_PKEY_free(pkey); return NULL; } @@ -372,45 +551,31 @@ EVP_PKEY * EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len, const EVP_CIPHER *cipher) { - EVP_PKEY *ret = NULL; + EVP_PKEY *pkey = NULL; CMAC_CTX *cmctx = NULL; - if ((ret = EVP_PKEY_new()) == NULL) + if ((pkey = EVP_PKEY_new()) == NULL) goto err; if ((cmctx = CMAC_CTX_new()) == NULL) goto err; - if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) + if (!EVP_PKEY_set_type(pkey, EVP_PKEY_CMAC)) goto err; - if (!CMAC_Init(cmctx, priv, len, cipher, e)) { + if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) { EVPerror(EVP_R_KEY_SETUP_FAILED); goto err; } - ret->pkey.ptr = cmctx; + pkey->pkey.ptr = cmctx; - return ret; + return pkey; err: - EVP_PKEY_free(ret); + EVP_PKEY_free(pkey); CMAC_CTX_free(cmctx); - return NULL; -} - -int -EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) -{ - return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len); -} -int -EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) -{ - if (!EVP_PKEY_set_type(pkey, type)) - return 0; - pkey->pkey.ptr = key; - return (key != NULL); + return NULL; } void * @@ -575,18 +740,12 @@ EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) int EVP_PKEY_type(int type) { - int ret; const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e; - ameth = EVP_PKEY_asn1_find(&e, type); - if (ameth) - ret = ameth->pkey_id; - else - ret = NID_undef; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif - return ret; + + if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL) + return ameth->pkey_id; + + return NID_undef; } int @@ -601,37 +760,6 @@ EVP_PKEY_base_id(const EVP_PKEY *pkey) return EVP_PKEY_type(pkey->type); } -void -EVP_PKEY_free(EVP_PKEY *x) -{ - int i; - - if (x == NULL) - return; - - i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); - if (i > 0) - return; - - EVP_PKEY_free_it(x); - if (x->attributes) - sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); - free(x); -} - -static void -EVP_PKEY_free_it(EVP_PKEY *x) -{ - if (x->ameth && x->ameth->pkey_free) { - x->ameth->pkey_free(x); - x->pkey.ptr = NULL; - } -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(x->engine); - x->engine = NULL; -#endif -} - static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr) { diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c deleted file mode 100644 index b98da943..00000000 --- a/crypto/evp/p_seal.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: p_seal.c,v 1.16 2023/07/07 19:37:54 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include - -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif - -int -EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) -{ - unsigned char key[EVP_MAX_KEY_LENGTH]; - int i; - - if (type) { - EVP_CIPHER_CTX_init(ctx); - if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } - if ((npubk <= 0) || !pubk) - return 1; - if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) - return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx)); - - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - return 0; - - for (i = 0; i < npubk; i++) { - ekl[i] = EVP_PKEY_encrypt_old(ek[i], key, - EVP_CIPHER_CTX_key_length(ctx), pubk[i]); - if (ekl[i] <= 0) - return (-1); - } - return (npubk); -} - -/* MACRO -void EVP_SealUpdate(ctx,out,outl,in,inl) -EVP_CIPHER_CTX *ctx; -unsigned char *out; -int *outl; -unsigned char *in; -int inl; - { - EVP_EncryptUpdate(ctx,out,outl,in,inl); - } -*/ - -int -EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - i = EVP_EncryptFinal_ex(ctx, out, outl); - if (i) - i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return i; -} diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index f7c21178..f6d6e12a 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_sign.c,v 1.19 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: p_sign.c,v 1.20 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,7 +77,7 @@ EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, int ret = 0; *siglen = 0; - EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_legacy_clear(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) goto err; if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index da7ab542..ed9b3700 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_verify.c,v 1.18 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: p_verify.c,v 1.19 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,7 +75,7 @@ EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, EVP_PKEY_CTX *pkctx = NULL; int ret = 0; - EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_legacy_clear(&tmp_ctx); if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) goto err; if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index b4c0395d..ce7b107c 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_gn.c,v 1.13 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: pmeth_gn.c,v 1.15 2024/01/01 18:33:04 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -197,7 +197,7 @@ EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) { if (idx == -1) return ctx->keygen_info_count; - if (idx < 0 || idx > ctx->keygen_info_count) + if (idx < 0 || idx >= ctx->keygen_info_count) return 0; return ctx->keygen_info[idx]; } @@ -208,7 +208,7 @@ EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen) EVP_PKEY_CTX *mac_ctx = NULL; EVP_PKEY *mac_key = NULL; - mac_ctx = EVP_PKEY_CTX_new_id(type, e); + mac_ctx = EVP_PKEY_CTX_new_id(type, NULL); if (!mac_ctx) return NULL; if (EVP_PKEY_keygen_init(mac_ctx) <= 0) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index b480a574..a2a9ad9c 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmeth_lib.c,v 1.33 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: pmeth_lib.c,v 1.39 2024/03/02 11:17:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -68,23 +68,14 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" -DECLARE_STACK_OF(EVP_PKEY_METHOD) -STACK_OF(EVP_PKEY_METHOD) *pkey_app_methods = NULL; - extern const EVP_PKEY_METHOD cmac_pkey_meth; extern const EVP_PKEY_METHOD dh_pkey_meth; extern const EVP_PKEY_METHOD dsa_pkey_meth; extern const EVP_PKEY_METHOD ec_pkey_meth; extern const EVP_PKEY_METHOD ed25519_pkey_meth; -extern const EVP_PKEY_METHOD gostimit_pkey_meth; -extern const EVP_PKEY_METHOD gostr01_pkey_meth; extern const EVP_PKEY_METHOD hkdf_pkey_meth; extern const EVP_PKEY_METHOD hmac_pkey_meth; extern const EVP_PKEY_METHOD rsa_pkey_meth; @@ -97,8 +88,6 @@ static const EVP_PKEY_METHOD *pkey_methods[] = { &dsa_pkey_meth, &ec_pkey_meth, &ed25519_pkey_meth, - &gostimit_pkey_meth, - &gostr01_pkey_meth, &hkdf_pkey_meth, &hmac_pkey_meth, &rsa_pkey_meth, @@ -106,44 +95,16 @@ static const EVP_PKEY_METHOD *pkey_methods[] = { &x25519_pkey_meth, }; -static const size_t pkey_methods_count = - sizeof(pkey_methods) / sizeof(pkey_methods[0]); - -int -evp_pkey_meth_get_count(void) -{ - int num = pkey_methods_count; - - if (pkey_app_methods != NULL) - num += sk_EVP_PKEY_METHOD_num(pkey_app_methods); - - return num; -} +#define N_PKEY_METHODS (sizeof(pkey_methods) / sizeof(pkey_methods[0])) -const EVP_PKEY_METHOD * -evp_pkey_meth_get0(int idx) +static const EVP_PKEY_METHOD * +evp_pkey_method_find(int nid) { - int num = pkey_methods_count; - - if (idx < 0) - return NULL; - if (idx < num) - return pkey_methods[idx]; - - idx -= num; - - return sk_EVP_PKEY_METHOD_value(pkey_app_methods, idx); -} - -const EVP_PKEY_METHOD * -EVP_PKEY_meth_find(int type) -{ - const EVP_PKEY_METHOD *pmeth; - int i; + size_t i; - for (i = evp_pkey_meth_get_count() - 1; i >= 0; i--) { - pmeth = evp_pkey_meth_get0(i); - if (pmeth->pkey_id == type) + for (i = 0; i < N_PKEY_METHODS; i++) { + const EVP_PKEY_METHOD *pmeth = pkey_methods[i]; + if (pmeth->pkey_id == nid) return pmeth; } @@ -151,36 +112,18 @@ EVP_PKEY_meth_find(int type) } static EVP_PKEY_CTX * -evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id) +evp_pkey_ctx_new(EVP_PKEY *pkey, int nid) { EVP_PKEY_CTX *pkey_ctx = NULL; const EVP_PKEY_METHOD *pmeth; - if (id == -1) { + if (nid == -1) { if (pkey == NULL || pkey->ameth == NULL) return NULL; - id = pkey->ameth->pkey_id; + nid = pkey->ameth->pkey_id; } -#ifndef OPENSSL_NO_ENGINE - if (pkey != NULL && pkey->engine != NULL) - engine = pkey->engine; - /* Try to find an ENGINE which implements this method. */ - if (engine != NULL) { - if (!ENGINE_init(engine)) { - EVPerror(ERR_R_ENGINE_LIB); - return NULL; - } - } else - engine = ENGINE_get_pkey_meth_engine(id); - - /* Look up method handler in ENGINE or use internal tables. */ - if (engine != NULL) - pmeth = ENGINE_get_pkey_meth(engine, id); - else -#endif - pmeth = EVP_PKEY_meth_find(id); - - if (pmeth == NULL) { + + if ((pmeth = evp_pkey_method_find(nid)) == NULL) { EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); goto err; } @@ -189,8 +132,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id) EVPerror(ERR_R_MALLOC_FAILURE); goto err; } - pkey_ctx->engine = engine; - engine = NULL; pkey_ctx->pmeth = pmeth; pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED; if ((pkey_ctx->pkey = pkey) != NULL) @@ -205,67 +146,20 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id) err: EVP_PKEY_CTX_free(pkey_ctx); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(engine); -#endif return NULL; } -EVP_PKEY_METHOD* -EVP_PKEY_meth_new(int id, int flags) -{ - EVP_PKEY_METHOD *pmeth; - - if ((pmeth = calloc(1, sizeof(EVP_PKEY_METHOD))) == NULL) - return NULL; - - pmeth->pkey_id = id; - pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - - return pmeth; -} - -void -EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) -{ - if (ppkey_id) - *ppkey_id = meth->pkey_id; - if (pflags) - *pflags = meth->flags; -} - -void -EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) -{ - EVP_PKEY_METHOD preserve; - - preserve.pkey_id = dst->pkey_id; - preserve.flags = dst->flags; - - *dst = *src; - - dst->pkey_id = preserve.pkey_id; - dst->flags = preserve.flags; -} - -void -EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) -{ - if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) - free(pmeth); -} - EVP_PKEY_CTX * EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine) { - return evp_pkey_ctx_new(pkey, engine, -1); + return evp_pkey_ctx_new(pkey, -1); } EVP_PKEY_CTX * -EVP_PKEY_CTX_new_id(int id, ENGINE *engine) +EVP_PKEY_CTX_new_id(int nid, ENGINE *engine) { - return evp_pkey_ctx_new(NULL, engine, id); + return evp_pkey_ctx_new(NULL, nid); } EVP_PKEY_CTX * @@ -275,22 +169,12 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) if (pctx->pmeth == NULL || pctx->pmeth->copy == NULL) goto err; -#ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a pkey context using an ENGINE */ - if (pctx->engine != NULL && !ENGINE_init(pctx->engine)) { - EVPerror(ERR_R_ENGINE_LIB); - goto err; - } -#endif if ((rctx = calloc(1, sizeof(*rctx))) == NULL) { EVPerror(ERR_R_MALLOC_FAILURE); goto err; } rctx->pmeth = pctx->pmeth; -#ifndef OPENSSL_NO_ENGINE - rctx->engine = pctx->engine; -#endif if ((rctx->pkey = pctx->pkey) != NULL) EVP_PKEY_up_ref(rctx->pkey); @@ -309,21 +193,6 @@ EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) return NULL; } -int -EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) -{ - if (pkey_app_methods == NULL) { - pkey_app_methods = sk_EVP_PKEY_METHOD_new(NULL); - if (pkey_app_methods == NULL) - return 0; - } - - if (!sk_EVP_PKEY_METHOD_push(pkey_app_methods, pmeth)) - return 0; - - return 1; -} - void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) { @@ -333,9 +202,6 @@ EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) ctx->pmeth->cleanup(ctx); EVP_PKEY_free(ctx->pkey); EVP_PKEY_free(ctx->peerkey); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->engine); -#endif free(ctx); } @@ -477,151 +343,3 @@ EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) { return ctx->app_data; } - -void -EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init)(EVP_PKEY_CTX *ctx)) -{ - pmeth->init = init; -} - -void -EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) -{ - pmeth->copy = copy; -} - -void -EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup)(EVP_PKEY_CTX *ctx)) -{ - pmeth->cleanup = cleanup; -} - -void -EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init)(EVP_PKEY_CTX *ctx), - int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) -{ - pmeth->paramgen_init = paramgen_init; - pmeth->paramgen = paramgen; -} - -void -EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init)(EVP_PKEY_CTX *ctx), - int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) -{ - pmeth->keygen_init = keygen_init; - pmeth->keygen = keygen; -} - -void -EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init)(EVP_PKEY_CTX *ctx), - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->sign_init = sign_init; - pmeth->sign = sign; -} - -void -EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init)(EVP_PKEY_CTX *ctx), - int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->verify_init = verify_init; - pmeth->verify = verify; -} - -void -EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init)(EVP_PKEY_CTX *ctx), - int (*verify_recover)(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->verify_recover_init = verify_recover_init; - pmeth->verify_recover = verify_recover; -} - -void -EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->signctx_init = signctx_init; - pmeth->signctx = signctx; -} - -void -EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->verifyctx_init = verifyctx_init; - pmeth->verifyctx = verifyctx; -} - -void -EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init)(EVP_PKEY_CTX *ctx), - int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)) -{ - pmeth->encrypt_init = encrypt_init; - pmeth->encrypt = encryptfn; -} - -void -EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init)(EVP_PKEY_CTX *ctx), - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)) -{ - pmeth->decrypt_init = decrypt_init; - pmeth->decrypt = decrypt; -} - -void -EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init)(EVP_PKEY_CTX *ctx), - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)) -{ - pmeth->derive_init = derive_init; - pmeth->derive = derive; -} - -void -EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)) -{ - pmeth->ctrl = ctrl; - pmeth->ctrl_str = ctrl_str; -} - -void -EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey)) -{ - pmeth->check = check; -} - -void -EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, - int (*public_check)(EVP_PKEY *pkey)) -{ - pmeth->public_check = public_check; -} - -void -EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, - int (*param_check)(EVP_PKEY *pkey)) -{ - pmeth->param_check = param_check; -} diff --git a/crypto/gost/gost2814789.c b/crypto/gost/gost2814789.c deleted file mode 100644 index dac3a8ea..00000000 --- a/crypto/gost/gost2814789.c +++ /dev/null @@ -1,480 +0,0 @@ -/* $OpenBSD: gost2814789.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -static inline unsigned int -f(const GOST2814789_KEY *c, unsigned int x) -{ - return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]| - c->k43[(x>> 8) & 255] | c->k21[(x ) & 255]; -} - -void -Gost2814789_encrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - - c2l(in, n1); - c2l(in, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - l2c(n2, out); - l2c(n1, out); -} - -void -Gost2814789_decrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - - c2l(in, n1); - c2l(in, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); - n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); - n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); - n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); - - l2c(n2, out); - l2c(n1, out); -} - -static void -Gost2814789_mac(const unsigned char *in, unsigned char *mac, - GOST2814789_KEY *key) -{ - unsigned int n1, n2; /* As named in the GOST */ - unsigned char *p; - int i; - - for (i = 0; i < 8; i++) - mac[i] ^= in[i]; - - p = mac; - c2l(p, n1); - c2l(p, n2); - - /* Instead of swapping halves, swap names each round */ - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); - n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); - n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); - n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); - - p = mac; - l2c(n1, p); - l2c(n2, p); -} - -void -Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, - GOST2814789_KEY *key, const int enc) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - key->count = 0; - } - - if (enc) - Gost2814789_encrypt(in, out, key); - else - Gost2814789_decrypt(in, out, key); -} -LCRYPTO_ALIAS(Gost2814789_ecb_encrypt); - -static inline void -Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - Gost2814789_encrypt(iv, iv, key); - key->count = 0; - } - Gost2814789_encrypt(iv, iv, key); - key->count += 8; -} - -static inline void -Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac, - GOST2814789_KEY *key) -{ - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - key->count = 0; - } - Gost2814789_mac(data, mac, key); - key->count += 8; -} - -void -Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, - size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num, - const int enc) -{ - unsigned int n; - size_t l = 0; - - n = *num; - - if (enc) { -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (8 % sizeof(size_t) == 0) do { /* always true actually */ - while (n && len) { - *(out++) = ivec[n] ^= *(in++); - --len; - n = (n + 1) % 8; - } -#ifdef __STRICT_ALIGNMENT - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -#endif - while (len >= 8) { - Gost2814789_encrypt_mesh(ivec, key); - for (; n < 8; n += sizeof(size_t)) { - *(size_t*)(out + n) = - *(size_t*)(ivec + n) ^= - *(size_t*)(in + n); - } - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_encrypt_mesh(ivec, key); - while (len--) { - out[n] = ivec[n] ^= in[n]; - ++n; - } - } - *num = n; - return; - } while (0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l= 8) { - Gost2814789_encrypt_mesh(ivec, key); - for (; n < 8; n += sizeof(size_t)) { - size_t t = *(size_t*)(in + n); - *(size_t*)(out + n) = - *(size_t*)(ivec + n) ^ t; - *(size_t*)(ivec + n) = t; - } - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_encrypt_mesh(ivec, key); - while (len--) { - unsigned char c; - - out[n] = ivec[n] ^ (c = in[n]); - ivec[n] = c; - ++n; - } - } - *num = n; - return; - } while (0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - unsigned char c; - - if (n == 0) { - Gost2814789_encrypt_mesh(ivec, key); - } - out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; - ++l; - n = (n + 1) % 8; - } - *num = n; - } -} -LCRYPTO_ALIAS(Gost2814789_cfb64_encrypt); - -static inline void -Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out, - GOST2814789_KEY *key) -{ - unsigned char *p = ivec, *p2 = ivec; - unsigned int val, val2; - - if (key->count == 0) - Gost2814789_encrypt(ivec, ivec, key); - - if (key->key_meshing && key->count == 1024) { - Gost2814789_cryptopro_key_mesh(key); - Gost2814789_encrypt(ivec, ivec, key); - key->count = 0; - } - - c2l(p, val); - val2 = val + 0x01010101; - l2c(val2, p2); - - c2l(p, val); - val2 = val + 0x01010104; - if (val > val2) /* overflow */ - val2++; - l2c(val2, p2); - - Gost2814789_encrypt(ivec, out, key); - key->count += 8; -} - -void -Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len, - GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num) -{ - unsigned int n; - size_t l = 0; - - n = *num; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (8 % sizeof(size_t) == 0) do { /* always true actually */ - while (n && len) { - *(out++) = *(in++) ^ cnt_buf[n]; - --len; - n = (n + 1) % 8; - } - -#ifdef __STRICT_ALIGNMENT - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -#endif - while (len >= 8) { - Gost2814789_cnt_next(ivec, cnt_buf, key); - for (; n < 8; n += sizeof(size_t)) - *(size_t *)(out + n) = *(size_t *)(in + n) ^ - *(size_t *)(cnt_buf + n); - len -= 8; - out += 8; - in += 8; - n = 0; - } - if (len) { - Gost2814789_cnt_next(ivec, cnt_buf, key); - while (len--) { - out[n] = in[n] ^ cnt_buf[n]; - ++n; - } - } - *num = n; - return; - } while(0); - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - if (n==0) - Gost2814789_cnt_next(ivec, cnt_buf, key); - out[l] = in[l] ^ cnt_buf[n]; - ++l; - n = (n + 1) % 8; - } - - *num=n; -} -LCRYPTO_ALIAS(Gost2814789_cnt_encrypt); - -int -GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid) -{ - c->Nl = c->Nh = c->num = 0; - memset(c->mac, 0, 8); - return Gost2814789_set_sbox(&c->cipher, nid); -} -LCRYPTO_ALIAS(GOST2814789IMIT_Init); - -static void -GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx, - const unsigned char *p, size_t num) -{ - int i; - - for (i = 0; i < num; i++) { - Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher); - p += 8; - } -} - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_CBLOCK GOST2814789IMIT_CBLOCK -#define HASH_LONG GOST2814789IMIT_LONG -#define HASH_CTX GOST2814789IMIT_CTX -#define HASH_UPDATE GOST2814789IMIT_Update -#define HASH_TRANSFORM GOST2814789IMIT_Transform -#define HASH_NO_FINAL 1 -#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order - -#include "md32_common.h" -LCRYPTO_ALIAS(GOST2814789IMIT_Update); -LCRYPTO_ALIAS(GOST2814789IMIT_Transform); - -int -GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c) -{ - if (c->num) { - memset(c->data + c->num, 0, 8 - c->num); - Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); - } - if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) { - memset(c->data, 0, 8); - Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); - } - memcpy(md, c->mac, 4); - return 1; -} -LCRYPTO_ALIAS(GOST2814789IMIT_Final); - -unsigned char * -GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid, - const unsigned char *key, const unsigned char *iv) -{ - GOST2814789IMIT_CTX c; - static unsigned char m[GOST2814789IMIT_LENGTH]; - - if (md == NULL) - md = m; - GOST2814789IMIT_Init(&c, nid); - memcpy(c.mac, iv, 8); - Gost2814789_set_key(&c.cipher, key, 256); - GOST2814789IMIT_Update(&c, d, n); - GOST2814789IMIT_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(GOST2814789IMIT); - -#endif diff --git a/crypto/gost/gost89_keywrap.c b/crypto/gost/gost89_keywrap.c deleted file mode 100644 index 9bfc5b4c..00000000 --- a/crypto/gost/gost89_keywrap.c +++ /dev/null @@ -1,138 +0,0 @@ -/* $OpenBSD: gost89_keywrap.c,v 1.4 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST - -#include - -#include "gost_local.h" - -static void -key_diversify_crypto_pro(GOST2814789_KEY *ctx, const unsigned char *inputKey, - const unsigned char *ukm, unsigned char *outputKey) -{ - unsigned long k, s1, s2; - int i, mask; - unsigned char S[8]; - unsigned char *p; - - memcpy(outputKey, inputKey, 32); - for (i = 0; i < 8; i++) { - /* Make array of integers from key */ - /* Compute IV S */ - s1 = 0, s2 = 0; - p = outputKey; - for (mask = 1; mask < 256; mask <<= 1) { - c2l(p, k); - if (mask & ukm[i]) { - s1 += k; - } else { - s2 += k; - } - } - p = S; - l2c (s1, p); - l2c (s2, p); - Gost2814789_set_key(ctx, outputKey, 256); - mask = 0; - Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S, - &mask, 1); - } -} - -int -gost_key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, - const unsigned char *ukm, const unsigned char *sessionKey, - unsigned char *wrappedKey) -{ - GOST2814789_KEY ctx; - unsigned char kek_ukm[32]; - - Gost2814789_set_sbox(&ctx, nid); - key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm); - Gost2814789_set_key(&ctx, kek_ukm, 256); - memcpy(wrappedKey, ukm, 8); - Gost2814789_encrypt(sessionKey + 0, wrappedKey + 8 + 0, &ctx); - Gost2814789_encrypt(sessionKey + 8, wrappedKey + 8 + 8, &ctx); - Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx); - Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx); - GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm); - return 1; -} - -int -gost_key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, - const unsigned char *wrappedKey, unsigned char *sessionKey) -{ - unsigned char kek_ukm[32], cek_mac[4]; - GOST2814789_KEY ctx; - - Gost2814789_set_sbox(&ctx, nid); - /* First 8 bytes of wrapped Key is ukm */ - key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm); - Gost2814789_set_key(&ctx, kek_ukm, 256); - Gost2814789_decrypt(wrappedKey + 8 + 0, sessionKey + 0, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 8, sessionKey + 8, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx); - Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx); - - GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey); - if (memcmp(cek_mac, wrappedKey + 40, 4)) - return 0; - - return 1; -} - -#endif diff --git a/crypto/gost/gost89_params.c b/crypto/gost/gost89_params.c deleted file mode 100644 index ef9c9cde..00000000 --- a/crypto/gost/gost89_params.c +++ /dev/null @@ -1,246 +0,0 @@ -/* $OpenBSD: gost89_params.c,v 1.4 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -/* Substitution blocks from test examples for GOST R 34.11-94*/ -static const gost_subst_block GostR3411_94_TestParamSet = { - {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC}, - {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC}, - {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE}, - {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2}, - {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3}, - {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB}, - {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9}, - {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3} -}; - -/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */ -static const gost_subst_block GostR3411_94_CryptoProParamSet = { - {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, - {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, - {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, - {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, - {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, - {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, - {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, - {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} -}; - -/* Test paramset from GOST 28147 */ -gost_subst_block Gost28147_TestParamSet = { - {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8}, - {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD}, - {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4}, - {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4}, - {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8}, - {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB}, - {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5}, - {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6} -}; - - -/* 1.2.643.2.2.31.1 */ -static const gost_subst_block Gost28147_CryptoProParamSetA = { - {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4}, - {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE}, - {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6}, - {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6}, - {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6}, - {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9}, - {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1}, - {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5} -}; - -/* 1.2.643.2.2.31.2 */ -static const gost_subst_block Gost28147_CryptoProParamSetB = { - {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC}, - {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE}, - {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5}, - {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3}, - {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8}, - {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4}, - {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE}, - {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF} -}; - -/* 1.2.643.2.2.31.3 */ -static const gost_subst_block Gost28147_CryptoProParamSetC = { - {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8}, - {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7}, - {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD}, - {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7}, - {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4}, - {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB}, - {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3}, - {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3} -}; - -/* 1.2.643.2.2.31.4 */ -static const gost_subst_block Gost28147_CryptoProParamSetD = { - {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE}, - {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7}, - {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6}, - {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1}, - {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8}, - {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2}, - {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1}, - {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3} -}; - -static const gost_subst_block Gost28147_TC26ParamSetZ = { - {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2}, - {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7}, - {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0}, - {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc}, - {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb}, - {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0}, - {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf}, - {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1} -}; - -static const unsigned char CryptoProKeyMeshingKey[] = { - 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, - 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, - 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, - 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B -}; - -static const struct gost89_parameters_info { - int nid; - const gost_subst_block *sblock; - int key_meshing; -} gost_cipher_list[] = -{ - {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1}, - {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1}, - {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1}, - {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1}, - {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1}, - {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0}, - {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0}, - {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0}, - {NID_undef,NULL,0} -}; - -int -Gost2814789_set_sbox(GOST2814789_KEY *key, int nid) -{ - int i; - const gost_subst_block *b = NULL; - unsigned int t; - - for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) { - if (gost_cipher_list[i].nid != nid) - continue; - - b = gost_cipher_list[i].sblock; - key->key_meshing = gost_cipher_list[i].key_meshing; - break; - } - - if (b == NULL) - return 0; - - for (i = 0; i < 256; i++) { - t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24; - key->k87[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16; - key->k65[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8; - key->k43[i] = (t << 11) | (t >> 21); - t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0; - key->k21[i] = (t << 11) | (t >> 21); - } - - return 1; -} -LCRYPTO_ALIAS(Gost2814789_set_sbox); - -int -Gost2814789_set_key(GOST2814789_KEY *key, const unsigned char *userKey, - const int bits) -{ - int i; - - if (bits != 256) - return 0; - - for (i = 0; i < 8; i++) - c2l(userKey, key->key[i]); - - key->count = 0; - - return 1; -} -LCRYPTO_ALIAS(Gost2814789_set_key); - -void -Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key) -{ - unsigned char newkey[32]; - - Gost2814789_decrypt(CryptoProKeyMeshingKey + 0, newkey + 0, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 8, newkey + 8, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key); - Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key); - - Gost2814789_set_key(key, newkey, 256); -} -#endif diff --git a/crypto/gost/gost89imit_ameth.c b/crypto/gost/gost89imit_ameth.c deleted file mode 100644 index e300b528..00000000 --- a/crypto/gost/gost89imit_ameth.c +++ /dev/null @@ -1,89 +0,0 @@ -/* $OpenBSD: gost89imit_ameth.c,v 1.4 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#ifndef OPENSSL_NO_GOST -#include - -#include "asn1_local.h" -#include "evp_local.h" - -static void -mackey_free_gost(EVP_PKEY *pk) -{ - free(pk->pkey.ptr); -} - -static int -mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_id_Gost28147_89_MAC; - return 2; - } - return -2; -} - -const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = { - .pkey_id = EVP_PKEY_GOSTIMIT, - .pkey_base_id = EVP_PKEY_GOSTIMIT, - .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, - - .pem_str = "GOST-MAC", - .info = "GOST 28147-89 MAC", - - .pkey_free = mackey_free_gost, - .pkey_ctrl = mac_ctrl_gost, -}; - -#endif diff --git a/crypto/gost/gost89imit_pmeth.c b/crypto/gost/gost89imit_pmeth.c deleted file mode 100644 index 63b7ef59..00000000 --- a/crypto/gost/gost89imit_pmeth.c +++ /dev/null @@ -1,248 +0,0 @@ -/* $OpenBSD: gost89imit_pmeth.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include /* For string_to_hex */ - -#include "evp_local.h" -#include "gost_local.h" - -struct gost_mac_pmeth_data { - EVP_MD *md; - unsigned char key[32]; - unsigned key_set :1; -}; - -static int -pkey_gost_mac_init(EVP_PKEY_CTX *ctx) -{ - struct gost_mac_pmeth_data *data; - - data = calloc(1, sizeof(struct gost_mac_pmeth_data)); - if (data == NULL) - return 0; - EVP_PKEY_CTX_set_data(ctx, data); - return 1; -} - -static void -pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - free(data); -} - -static int -pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - struct gost_mac_pmeth_data *dst_data, *src_data; - - if (pkey_gost_mac_init(dst) == 0) - return 0; - - src_data = EVP_PKEY_CTX_get_data(src); - dst_data = EVP_PKEY_CTX_get_data(dst); - - *dst_data = *src_data; - - return 1; -} - -static int -pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - unsigned char *keydata; - - if (!data->key_set) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; - } - - keydata = malloc(32); - if (keydata == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(keydata, data->key, 32); - EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata); - - return 1; -} - -static int -pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - - switch (type) { - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - data->md = p2; - return 1; - - case EVP_PKEY_CTRL_SET_MAC_KEY: - if (p1 != 32) { - GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH); - return 0; - } - - memcpy(data->key, p2, 32); - data->key_set = 1; - return 1; - - case EVP_PKEY_CTRL_DIGESTINIT: - { - EVP_MD_CTX *mctx = p2; - void *key; - - if (!data->key_set) { - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - if (pkey == NULL) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; - } - key = EVP_PKEY_get0(pkey); - if (key == NULL) { - GOSTerror(GOST_R_MAC_KEY_NOT_SET); - return 0; - } - } else { - key = &(data->key); - } - if (mctx->digest->md_ctrl == NULL) - return 0; - return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8, - key); - } - - } - - return -2; -} - -static int -pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) -{ - if (value == NULL) - return 0; - if (strcmp(type, "key") == 0) { - void *p = (void *)value; - return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, - strlen(value), p); - } - if (strcmp(type, "hexkey") == 0) { - unsigned char *key; - int r; - long keylen; - - key = string_to_hex(value, &keylen); - if (key == NULL) - return 0; - r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, - key); - free(key); - return r; - } - return -2; -} - -static int -pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - return 1; -} - -static int -pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx) -{ - /* for platforms where sizeof(int) != sizeof(size_t)*/ - unsigned int tmpsiglen = *siglen; - int ret; - - if (sig == NULL) { - *siglen = 4; - return 1; - } - - ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen); - *siglen = tmpsiglen; - return ret; -} - -const EVP_PKEY_METHOD gostimit_pkey_meth = { - .pkey_id = EVP_PKEY_GOSTIMIT, - - .init = pkey_gost_mac_init, - .cleanup = pkey_gost_mac_cleanup, - .copy = pkey_gost_mac_copy, - - .keygen = pkey_gost_mac_keygen, - - .signctx_init = pkey_gost_mac_signctx_init, - .signctx = pkey_gost_mac_signctx, - - .ctrl = pkey_gost_mac_ctrl, - .ctrl_str = pkey_gost_mac_ctrl_str, -}; - -#endif diff --git a/crypto/gost/gost_asn1.c b/crypto/gost/gost_asn1.c deleted file mode 100644 index 28e3a58e..00000000 --- a/crypto/gost/gost_asn1.c +++ /dev/null @@ -1,299 +0,0 @@ -/********************************************************************** - * gost_keytrans.c * - * Copyright (c) 2005-2006 Cryptocom LTD * - * This file is distributed under the same license as OpenSSL * - * * - * ASN1 structure definition for GOST key transport * - * Requires OpenSSL 0.9.9 for compilation * - **********************************************************************/ - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" -#include "gost_asn1.h" - -static const ASN1_TEMPLATE GOST_KEY_TRANSPORT_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_TRANSPORT, key_info), - .field_name = "key_info", - .item = &GOST_KEY_INFO_it, - }, - { - .flags = ASN1_TFLG_IMPLICIT, - .tag = 0, - .offset = offsetof(GOST_KEY_TRANSPORT, key_agreement_info), - .field_name = "key_agreement_info", - .item = &GOST_KEY_AGREEMENT_INFO_it, - }, -}; - -const ASN1_ITEM GOST_KEY_TRANSPORT_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_TRANSPORT_seq_tt, - .tcount = sizeof(GOST_KEY_TRANSPORT_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_TRANSPORT), - .sname = "GOST_KEY_TRANSPORT", -}; - -GOST_KEY_TRANSPORT * -d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len) -{ - return (GOST_KEY_TRANSPORT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_TRANSPORT_it); -} - -int -i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_TRANSPORT_it); -} - -GOST_KEY_TRANSPORT * -GOST_KEY_TRANSPORT_new(void) -{ - return (GOST_KEY_TRANSPORT *)ASN1_item_new(&GOST_KEY_TRANSPORT_it); -} - -void -GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_TRANSPORT_it); -} - -static const ASN1_TEMPLATE GOST_KEY_INFO_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_INFO, encrypted_key), - .field_name = "encrypted_key", - .item = &ASN1_OCTET_STRING_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_INFO, imit), - .field_name = "imit", - .item = &ASN1_OCTET_STRING_it, - }, -}; - -const ASN1_ITEM GOST_KEY_INFO_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_INFO_seq_tt, - .tcount = sizeof(GOST_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_INFO), - .sname = "GOST_KEY_INFO", -}; - -GOST_KEY_INFO * -d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len) -{ - return (GOST_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_INFO_it); -} - -int -i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_INFO_it); -} - -GOST_KEY_INFO * -GOST_KEY_INFO_new(void) -{ - return (GOST_KEY_INFO *)ASN1_item_new(&GOST_KEY_INFO_it); -} - -void -GOST_KEY_INFO_free(GOST_KEY_INFO *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_INFO_it); -} - -static const ASN1_TEMPLATE GOST_KEY_AGREEMENT_INFO_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, cipher), - .field_name = "cipher", - .item = &ASN1_OBJECT_it, - }, - { - .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, ephem_key), - .field_name = "ephem_key", - .item = &X509_PUBKEY_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_AGREEMENT_INFO, eph_iv), - .field_name = "eph_iv", - .item = &ASN1_OCTET_STRING_it, - }, -}; - -const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_AGREEMENT_INFO_seq_tt, - .tcount = sizeof(GOST_KEY_AGREEMENT_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_AGREEMENT_INFO), - .sname = "GOST_KEY_AGREEMENT_INFO", -}; - -GOST_KEY_AGREEMENT_INFO * -d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len) -{ - return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_AGREEMENT_INFO_it); -} - -int -i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_AGREEMENT_INFO_it); -} - -GOST_KEY_AGREEMENT_INFO * -GOST_KEY_AGREEMENT_INFO_new(void) -{ - return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_new(&GOST_KEY_AGREEMENT_INFO_it); -} - -void -GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_AGREEMENT_INFO_it); -} - - -static const ASN1_TEMPLATE GOST_KEY_PARAMS_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, key_params), - .field_name = "key_params", - .item = &ASN1_OBJECT_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, hash_params), - .field_name = "hash_params", - .item = &ASN1_OBJECT_it, - }, - { - .flags = ASN1_TFLG_OPTIONAL, - .tag = 0, - .offset = offsetof(GOST_KEY_PARAMS, cipher_params), - .field_name = "cipher_params", - .item = &ASN1_OBJECT_it, - }, -}; - -const ASN1_ITEM GOST_KEY_PARAMS_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_KEY_PARAMS_seq_tt, - .tcount = sizeof(GOST_KEY_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_KEY_PARAMS), - .sname = "GOST_KEY_PARAMS", -}; - -GOST_KEY_PARAMS * -d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len) -{ - return (GOST_KEY_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_KEY_PARAMS_it); -} - -int -i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_PARAMS_it); -} - -GOST_KEY_PARAMS * -GOST_KEY_PARAMS_new(void) -{ - return (GOST_KEY_PARAMS *)ASN1_item_new(&GOST_KEY_PARAMS_it); -} - -void -GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_PARAMS_it); -} - -static const ASN1_TEMPLATE GOST_CIPHER_PARAMS_seq_tt[] = { - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_CIPHER_PARAMS, iv), - .field_name = "iv", - .item = &ASN1_OCTET_STRING_it, - }, - { - .flags = 0, - .tag = 0, - .offset = offsetof(GOST_CIPHER_PARAMS, enc_param_set), - .field_name = "enc_param_set", - .item = &ASN1_OBJECT_it, - }, -}; - -const ASN1_ITEM GOST_CIPHER_PARAMS_it = { - .itype = ASN1_ITYPE_NDEF_SEQUENCE, - .utype = V_ASN1_SEQUENCE, - .templates = GOST_CIPHER_PARAMS_seq_tt, - .tcount = sizeof(GOST_CIPHER_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), - .funcs = NULL, - .size = sizeof(GOST_CIPHER_PARAMS), - .sname = "GOST_CIPHER_PARAMS", -}; - -GOST_CIPHER_PARAMS * -d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len) -{ - return (GOST_CIPHER_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, - &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(d2i_GOST_CIPHER_PARAMS); - -int -i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out) -{ - return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(i2d_GOST_CIPHER_PARAMS); - -GOST_CIPHER_PARAMS * -GOST_CIPHER_PARAMS_new(void) -{ - return (GOST_CIPHER_PARAMS *)ASN1_item_new(&GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_new); - -void -GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a) -{ - ASN1_item_free((ASN1_VALUE *)a, &GOST_CIPHER_PARAMS_it); -} -LCRYPTO_ALIAS(GOST_CIPHER_PARAMS_free); - -#endif diff --git a/crypto/gost/gost_asn1.h b/crypto/gost/gost_asn1.h deleted file mode 100644 index 7cabfc79..00000000 --- a/crypto/gost/gost_asn1.h +++ /dev/null @@ -1,107 +0,0 @@ -/* $OpenBSD: gost_asn1.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_ASN1_H -#define HEADER_GOST_ASN1_H - -#include - -__BEGIN_HIDDEN_DECLS - -typedef struct { - ASN1_OCTET_STRING *encrypted_key; - ASN1_OCTET_STRING *imit; -} GOST_KEY_INFO; - -GOST_KEY_INFO *GOST_KEY_INFO_new(void); -void GOST_KEY_INFO_free(GOST_KEY_INFO *a); -GOST_KEY_INFO *d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len); -int i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_INFO_it; - -typedef struct { - ASN1_OBJECT *cipher; - X509_PUBKEY *ephem_key; - ASN1_OCTET_STRING *eph_iv; -} GOST_KEY_AGREEMENT_INFO; - -GOST_KEY_AGREEMENT_INFO *GOST_KEY_AGREEMENT_INFO_new(void); -void GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a); -GOST_KEY_AGREEMENT_INFO *d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len); -int i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it; - -typedef struct { - GOST_KEY_INFO *key_info; - GOST_KEY_AGREEMENT_INFO *key_agreement_info; -} GOST_KEY_TRANSPORT; - -GOST_KEY_TRANSPORT *GOST_KEY_TRANSPORT_new(void); -void GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a); -GOST_KEY_TRANSPORT *d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len); -int i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_TRANSPORT_it; - -typedef struct { - ASN1_OBJECT *key_params; - ASN1_OBJECT *hash_params; - ASN1_OBJECT *cipher_params; -} GOST_KEY_PARAMS; - -GOST_KEY_PARAMS *GOST_KEY_PARAMS_new(void); -void GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a); -GOST_KEY_PARAMS *d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len); -int i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out); -extern const ASN1_ITEM GOST_KEY_PARAMS_it; - -__END_HIDDEN_DECLS - -#endif diff --git a/crypto/gost/gost_err.c b/crypto/gost/gost_err.c deleted file mode 100644 index 380f6028..00000000 --- a/crypto/gost/gost_err.c +++ /dev/null @@ -1,106 +0,0 @@ -/* crypto/gost/gost_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason) - -static ERR_STRING_DATA GOST_str_functs[]= { - {ERR_FUNC(0xfff), "CRYPTO_internal"}, - {0, NULL} -}; - -static ERR_STRING_DATA GOST_str_reasons[] = { - {ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"}, - {ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, - {ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, - {ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"}, - {ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, - {ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"}, - {ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"}, - {ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, - {ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"}, - {ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"}, - {ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"}, - {ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"}, - {ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"}, - {ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"}, - {ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, - {ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, - {ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, - {ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, - {ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, - {ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, - {ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"}, - {0, NULL} -}; -#endif - -void -ERR_load_GOST_strings(void) { -#ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) { - ERR_load_strings(0,GOST_str_functs); - ERR_load_strings(0,GOST_str_reasons); - } -#endif -} -LCRYPTO_ALIAS(ERR_load_GOST_strings); diff --git a/crypto/gost/gost_local.h b/crypto/gost/gost_local.h deleted file mode 100644 index db07d06f..00000000 --- a/crypto/gost/gost_local.h +++ /dev/null @@ -1,116 +0,0 @@ -/* $OpenBSD: gost_local.h,v 1.3 2023/07/28 15:50:33 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_LOCAL_H -#define HEADER_GOST_LOCAL_H - -#include - -__BEGIN_HIDDEN_DECLS - -/* Internal representation of GOST substitution blocks */ -typedef struct { - unsigned char k8[16]; - unsigned char k7[16]; - unsigned char k6[16]; - unsigned char k5[16]; - unsigned char k4[16]; - unsigned char k3[16]; - unsigned char k2[16]; - unsigned char k1[16]; -} gost_subst_block; - -#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) -# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) -#else -#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff)) -#endif - -extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out, - const GOST2814789_KEY *key); -extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key); - -/* GOST 28147-89 key wrapping */ -extern int gost_key_unwrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, - unsigned char *sessionKey); -extern int gost_key_wrap_crypto_pro(int nid, - const unsigned char *keyExchangeKey, const unsigned char *ukm, - const unsigned char *sessionKey, unsigned char *wrappedKey); -/* Pkey part */ -extern int gost2001_compute_public(GOST_KEY *ec); -extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey); -extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec); -extern int gost2001_keygen(GOST_KEY *ec); -extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, - GOST_KEY *priv_key, const BIGNUM *ukm); -extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn); -extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len); - -/* GOST R 34.10 parameters */ -extern int GostR3410_get_md_digest(int nid); -extern int GostR3410_get_pk_digest(int nid); -extern int GostR3410_256_param_id(const char *value); -extern int GostR3410_512_param_id(const char *value); - -__END_HIDDEN_DECLS - -#endif /* !HEADER_GOST_LOCAL_H */ diff --git a/crypto/gost/gostr341001.c b/crypto/gost/gostr341001.c deleted file mode 100644 index 1c34626a..00000000 --- a/crypto/gost/gostr341001.c +++ /dev/null @@ -1,403 +0,0 @@ -/* $OpenBSD: gostr341001.c,v 1.12 2023/07/05 11:37:45 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "bn_local.h" -#include "ecdsa_local.h" -#include "gost_local.h" - -/* Convert little-endian byte array into bignum */ -BIGNUM * -GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn) -{ - unsigned char temp[64]; - int i; - - if (len > 64) - return NULL; - - for (i = 0; i < len; i++) { - temp[len - 1 - i] = buf[i]; - } - - return BN_bin2bn(temp, len, bn); -} - -int -GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len) -{ - unsigned char temp[64]; - int i, bytes; - - bytes = BN_num_bytes(bn); - if (len > 64 || bytes > len) - return 0; - - BN_bn2bin(bn, temp); - - for (i = 0; i < bytes; i++) { - buf[bytes - 1 - i] = temp[i]; - } - - memset(buf + bytes, 0, len - bytes); - - return 1; -} - -int -gost2001_compute_public(GOST_KEY *ec) -{ - const EC_GROUP *group = GOST_KEY_get0_group(ec); - EC_POINT *pub_key = NULL; - const BIGNUM *priv_key = NULL; - BN_CTX *ctx = NULL; - int ok = 0; - - if (group == NULL) { - GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED); - return 0; - } - ctx = BN_CTX_new(); - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - BN_CTX_start(ctx); - if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL) - goto err; - - pub_key = EC_POINT_new(group); - if (pub_key == NULL) - goto err; - if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0) - goto err; - if (GOST_KEY_set_public_key(ec, pub_key) == 0) - goto err; - ok = 1; - - if (ok == 0) { -err: - GOSTerror(ERR_R_EC_LIB); - } - EC_POINT_free(pub_key); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} - -ECDSA_SIG * -gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey) -{ - ECDSA_SIG *newsig = NULL; - BIGNUM *order = NULL; - const EC_GROUP *group; - const BIGNUM *priv_key; - BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k = - NULL, *e = NULL; - EC_POINT *C = NULL; - BN_CTX *ctx = BN_CTX_new(); - int ok = 0; - - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - BN_CTX_start(ctx); - newsig = ECDSA_SIG_new(); - if (newsig == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - s = newsig->s; - r = newsig->r; - group = GOST_KEY_get0_group(eckey); - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - priv_key = GOST_KEY_get0_private_key(eckey); - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - if (BN_mod_ct(e, md, order, ctx) == 0) - goto err; - if (BN_is_zero(e)) { - if (!BN_one(e)) - goto err; - } - if ((k = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((C = EC_POINT_new(group)) == NULL) - goto err; - do { - do { - if (!BN_rand_range(k, order)) { - GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - goto err; - } - /* - * We do not want timing information to leak the length - * of k, so we compute G*k using an equivalent scalar - * of fixed bit-length. - */ - if (BN_add(k, k, order) == 0) - goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (BN_add(k, k, order) == 0) - goto err; - - if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_get_affine_coordinates(group, C, X, - NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BN_nnmod(r, X, order, ctx) == 0) - goto err; - } while (BN_is_zero(r)); - /* s = (r*priv_key+k*e) mod order */ - if (tmp == NULL) { - if ((tmp = BN_CTX_get(ctx)) == NULL) - goto err; - } - if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0) - goto err; - if (tmp2 == NULL) { - if ((tmp2 = BN_CTX_get(ctx)) == NULL) - goto err; - } - if (BN_mod_mul(tmp2, k, e, order, ctx) == 0) - goto err; - if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0) - goto err; - } while (BN_is_zero(s)); - ok = 1; - -err: - EC_POINT_free(C); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (ok == 0) { - ECDSA_SIG_free(newsig); - newsig = NULL; - } - return newsig; -} - -int -gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) -{ - BN_CTX *ctx = BN_CTX_new(); - const EC_GROUP *group = GOST_KEY_get0_group(ec); - BIGNUM *order; - BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; - BIGNUM *X = NULL, *tmp = NULL; - EC_POINT *C = NULL; - const EC_POINT *pub_key = NULL; - int ok = 0; - - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - if ((z1 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((z2 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((tmp = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((R = BN_CTX_get(ctx)) == NULL) - goto err; - if ((v = BN_CTX_get(ctx)) == NULL) - goto err; - - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - pub_key = GOST_KEY_get0_public_key(ec); - if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || - BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) { - GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); - goto err; - } - - if (BN_mod_ct(e, md, order, ctx) == 0) - goto err; - if (BN_is_zero(e)) { - if (!BN_one(e)) - goto err; - } - if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL) - goto err; - if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0) - goto err; - if (BN_sub(tmp, order, sig->r) == 0) - goto err; - if (BN_mod_mul(z2, tmp, v, order, ctx) == 0) - goto err; - if ((C = EC_POINT_new(group)) == NULL) - goto err; - if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_get_affine_coordinates(group, C, X, NULL, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BN_mod_ct(R, X, order, ctx) == 0) - goto err; - if (BN_cmp(R, sig->r) != 0) { - GOSTerror(GOST_R_SIGNATURE_MISMATCH); - } else { - ok = 1; - } -err: - EC_POINT_free(C); - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; -} - -/* Implementation of CryptoPro VKO 34.10-2001 algorithm */ -int -VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key, - const BIGNUM *ukm) -{ - BIGNUM *p = NULL, *order = NULL; - const BIGNUM *key = GOST_KEY_get0_private_key(priv_key); - const EC_GROUP *group = GOST_KEY_get0_group(priv_key); - const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey); - EC_POINT *pnt; - BN_CTX *ctx = NULL; - int ok = 0; - - pnt = EC_POINT_new(group); - if (pnt == NULL) - goto err; - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - if ((p = BN_CTX_get(ctx)) == NULL) - goto err; - if ((order = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_GROUP_get_order(group, order, ctx) == 0) - goto err; - if (BN_mod_mul(p, key, ukm, order, ctx) == 0) - goto err; - if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0) - goto err; - if (EC_POINT_get_affine_coordinates(group, pnt, X, Y, ctx) == 0) - goto err; - ok = 1; - -err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - EC_POINT_free(pnt); - return ok; -} - -int -gost2001_keygen(GOST_KEY *ec) -{ - BIGNUM *order = BN_new(), *d = BN_new(); - const EC_GROUP *group = GOST_KEY_get0_group(ec); - int rc = 0; - - if (order == NULL || d == NULL) - goto err; - if (EC_GROUP_get_order(group, order, NULL) == 0) - goto err; - - do { - if (BN_rand_range(d, order) == 0) { - GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - goto err; - } - } while (BN_is_zero(d)); - - if (GOST_KEY_set_private_key(ec, d) == 0) - goto err; - rc = gost2001_compute_public(ec); - -err: - BN_free(d); - BN_free(order); - return rc; -} -#endif diff --git a/crypto/gost/gostr341001_ameth.c b/crypto/gost/gostr341001_ameth.c deleted file mode 100644 index 9ef7cdf4..00000000 --- a/crypto/gost/gostr341001_ameth.c +++ /dev/null @@ -1,721 +0,0 @@ -/* $OpenBSD: gostr341001_ameth.c,v 1.20 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include -#include - - -#include "asn1_local.h" -#include "evp_local.h" -#include "gost_local.h" -#include "gost_asn1.h" - -static void -pkey_free_gost01(EVP_PKEY *key) -{ - GOST_KEY_free(key->pkey.gost); -} - -/* - * Parses GOST algorithm parameters from X509_ALGOR and - * modifies pkey setting NID and parameters - */ -static int -decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len) -{ - int param_nid = NID_undef, digest_nid = NID_undef; - GOST_KEY_PARAMS *gkp = NULL; - EC_GROUP *group; - GOST_KEY *ec; - - gkp = d2i_GOST_KEY_PARAMS(NULL, p, len); - if (gkp == NULL) { - GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT); - return 0; - } - param_nid = OBJ_obj2nid(gkp->key_params); - digest_nid = OBJ_obj2nid(gkp->hash_params); - GOST_KEY_PARAMS_free(gkp); - - ec = pkey->pkey.gost; - if (ec == NULL) { - ec = GOST_KEY_new(); - if (ec == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (EVP_PKEY_assign_GOST(pkey, ec) == 0) - return 0; - } - - group = EC_GROUP_new_by_curve_name(param_nid); - if (group == NULL) { - GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); - return 0; - } - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (GOST_KEY_set_group(ec, group) == 0) { - EC_GROUP_free(group); - return 0; - } - EC_GROUP_free(group); - if (GOST_KEY_set_digest(ec, digest_nid) == 0) - return 0; - return 1; -} - -static ASN1_STRING * -encode_gost01_algor_params(const EVP_PKEY *key) -{ - ASN1_STRING *params = ASN1_STRING_new(); - GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); - int pkey_param_nid = NID_undef; - - if (params == NULL || gkp == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - params = NULL; - goto err; - } - - pkey_param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost)); - gkp->key_params = OBJ_nid2obj(pkey_param_nid); - gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost)); - /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */ - params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); - if (params->length <= 0) { - GOSTerror(ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(params); - params = NULL; - goto err; - } - params->type = V_ASN1_SEQUENCE; -err: - GOST_KEY_PARAMS_free(gkp); - return params; -} - -static int -pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const GOST_KEY *ea = a->pkey.gost; - const GOST_KEY *eb = b->pkey.gost; - const EC_POINT *ka, *kb; - int ret = 0; - - if (ea == NULL || eb == NULL) - return 0; - ka = GOST_KEY_get0_public_key(ea); - kb = GOST_KEY_get0_public_key(eb); - if (ka == NULL || kb == NULL) - return 0; - ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL)); - return ret; -} - -static int -pkey_size_gost01(const EVP_PKEY *pk) -{ - if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) - return 128; - return 64; -} - -static int -pkey_bits_gost01(const EVP_PKEY *pk) -{ - if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) - return 512; - return 256; -} - -static int -pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub) -{ - X509_ALGOR *palg = NULL; - const unsigned char *pubkey_buf = NULL; - const unsigned char *p; - ASN1_OBJECT *palgobj = NULL; - int pub_len; - BIGNUM *X, *Y; - ASN1_OCTET_STRING *octet = NULL; - int len; - int ret; - int ptype = V_ASN1_UNDEF; - ASN1_STRING *pval = NULL; - - if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub) - == 0) - return 0; - (void)EVP_PKEY_assign_GOST(pk, NULL); - X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg); - if (ptype != V_ASN1_SEQUENCE) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - p = pval->data; - if (decode_gost01_algor_params(pk, &p, pval->length) == 0) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - - octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len); - if (octet == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - len = octet->length / 2; - - X = GOST_le2bn(octet->data, len, NULL); - Y = GOST_le2bn(octet->data + len, len, NULL); - - ASN1_OCTET_STRING_free(octet); - - ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y); - if (ret == 0) - GOSTerror(ERR_R_EC_LIB); - - BN_free(X); - BN_free(Y); - - return ret; -} - -static int -pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) -{ - ASN1_OBJECT *algobj = NULL; - ASN1_OCTET_STRING *octet = NULL; - ASN1_STRING *params = NULL; - void *pval = NULL; - unsigned char *buf = NULL, *sptr; - int key_size, ret = 0; - const EC_POINT *pub_key; - BIGNUM *X = NULL, *Y = NULL; - const GOST_KEY *ec = pk->pkey.gost; - int ptype = V_ASN1_UNDEF; - - algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec))); - if (pk->save_parameters) { - params = encode_gost01_algor_params(pk); - if (params == NULL) - return 0; - pval = params; - ptype = V_ASN1_SEQUENCE; - } - - key_size = GOST_KEY_get_size(ec); - - pub_key = GOST_KEY_get0_public_key(ec); - if (pub_key == NULL) { - GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED); - goto err; - } - - octet = ASN1_OCTET_STRING_new(); - if (octet == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - ret = ASN1_STRING_set(octet, NULL, 2 * key_size); - if (ret == 0) { - GOSTerror(ERR_R_INTERNAL_ERROR); - goto err; - } - - sptr = ASN1_STRING_data(octet); - - X = BN_new(); - Y = BN_new(); - if (X == NULL || Y == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EC_POINT_get_affine_coordinates(GOST_KEY_get0_group(ec), - pub_key, X, Y, NULL) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - - GOST_bn2le(X, sptr, key_size); - GOST_bn2le(Y, sptr + key_size, key_size); - - BN_free(Y); - BN_free(X); - - ret = i2d_ASN1_OCTET_STRING(octet, &buf); - ASN1_BIT_STRING_free(octet); - if (ret < 0) - return 0; - - return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret); - -err: - BN_free(Y); - BN_free(X); - ASN1_BIT_STRING_free(octet); - ASN1_STRING_free(params); - return 0; -} - -static int -param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - int param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); - - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid)); - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Digest Algorithm: %s\n", - OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost))); - return 1; -} - -static int -pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - BN_CTX *ctx = BN_CTX_new(); - BIGNUM *X, *Y; - const EC_POINT *pubkey; - const EC_GROUP *group; - - if (ctx == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - BN_CTX_start(ctx); - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((Y = BN_CTX_get(ctx)) == NULL) - goto err; - pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost); - group = GOST_KEY_get0_group(pkey->pkey.gost); - if (EC_POINT_get_affine_coordinates(group, pubkey, X, Y, ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (BIO_indent(out, indent, 128) == 0) - goto err; - BIO_printf(out, "Public key:\n"); - if (BIO_indent(out, indent + 3, 128) == 0) - goto err; - BIO_printf(out, "X:"); - BN_print(out, X); - BIO_printf(out, "\n"); - if (BIO_indent(out, indent + 3, 128) == 0) - goto err; - BIO_printf(out, "Y:"); - BN_print(out, Y); - BIO_printf(out, "\n"); - - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - return param_print_gost01(out, pkey, indent, pctx); - -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return 0; -} - -static int -priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) -{ - const BIGNUM *key; - - if (BIO_indent(out, indent, 128) == 0) - return 0; - BIO_printf(out, "Private key: "); - key = GOST_KEY_get0_private_key(pkey->pkey.gost); - if (key == NULL) - BIO_printf(out, "data; - if (decode_gost01_algor_params(pk, &p, pval->length) == 0) { - GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); - return 0; - } - p = pkey_buf; - if (V_ASN1_OCTET_STRING == *p) { - /* New format - Little endian octet string */ - ASN1_OCTET_STRING *s = - d2i_ASN1_OCTET_STRING(NULL, &p, priv_len); - - if (s == NULL) { - GOSTerror(EVP_R_DECODE_ERROR); - ASN1_STRING_free(s); - return 0; - } - - pk_num = GOST_le2bn(s->data, s->length, NULL); - ASN1_STRING_free(s); - } else { - priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); - if (priv_key == NULL) - return 0; - ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL); - ASN1_INTEGER_free(priv_key); - if (ret == 0) { - GOSTerror(EVP_R_DECODE_ERROR); - return 0; - } - } - - ec = pk->pkey.gost; - if (ec == NULL) { - ec = GOST_KEY_new(); - if (ec == NULL) { - BN_free(pk_num); - return 0; - } - if (EVP_PKEY_assign_GOST(pk, ec) == 0) { - BN_free(pk_num); - GOST_KEY_free(ec); - return 0; - } - } - if (GOST_KEY_set_private_key(ec, pk_num) == 0) { - BN_free(pk_num); - return 0; - } - ret = 0; - if (EVP_PKEY_missing_parameters(pk) == 0) - ret = gost2001_compute_public(ec) != 0; - BN_free(pk_num); - - return ret; -} - -static int -priv_encode_gost01(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) -{ - ASN1_OBJECT *algobj = - OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost))); - ASN1_STRING *params = encode_gost01_algor_params(pk); - unsigned char *priv_buf = NULL; - int priv_len; - ASN1_INTEGER *asn1key = NULL; - - if (params == NULL) - return 0; - - asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost), - NULL); - if (asn1key == NULL) { - ASN1_STRING_free(params); - return 0; - } - priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf); - ASN1_INTEGER_free(asn1key); - return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, - priv_len); -} - -static int -param_encode_gost01(const EVP_PKEY *pkey, unsigned char **pder) -{ - ASN1_STRING *params = encode_gost01_algor_params(pkey); - int len; - - if (params == NULL) - return 0; - len = params->length; - if (pder != NULL) - memcpy(*pder, params->data, params->length); - ASN1_STRING_free(params); - return len; -} - -static int -param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen) -{ - ASN1_OBJECT *obj = NULL; - int nid; - GOST_KEY *ec; - EC_GROUP *group; - int ret; - - /* New format */ - if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder) - return decode_gost01_algor_params(pkey, pder, derlen); - - /* Compatibility */ - if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - nid = OBJ_obj2nid(obj); - ASN1_OBJECT_free(obj); - - ec = GOST_KEY_new(); - if (ec == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - group = EC_GROUP_new_by_curve_name(nid); - if (group == NULL) { - GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); - GOST_KEY_free(ec); - return 0; - } - - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (GOST_KEY_set_group(ec, group) == 0) { - GOSTerror(ERR_R_EC_LIB); - EC_GROUP_free(group); - GOST_KEY_free(ec); - return 0; - } - EC_GROUP_free(group); - if (GOST_KEY_set_digest(ec, - NID_id_GostR3411_94_CryptoProParamSet) == 0) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - GOST_KEY_free(ec); - return 0; - } - ret = EVP_PKEY_assign_GOST(pkey, ec); - if (ret == 0) - GOST_KEY_free(ec); - return ret; -} - -static int -param_missing_gost01(const EVP_PKEY *pk) -{ - const GOST_KEY *ec = pk->pkey.gost; - - if (ec == NULL) - return 1; - if (GOST_KEY_get0_group(ec) == NULL) - return 1; - if (GOST_KEY_get_digest(ec) == NID_undef) - return 1; - return 0; -} - -static int -param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) -{ - GOST_KEY *eto = to->pkey.gost; - const GOST_KEY *efrom = from->pkey.gost; - int ret = 1; - - if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) { - GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS); - return 0; - } - if (efrom == NULL) { - GOSTerror(GOST_R_KEY_PARAMETERS_MISSING); - return 0; - } - if (eto == NULL) { - eto = GOST_KEY_new(); - if (eto == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) { - GOST_KEY_free(eto); - return 0; - } - } - GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom)); - GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom)); - if (GOST_KEY_get0_private_key(eto) != NULL) - ret = gost2001_compute_public(eto); - - return ret; -} - -static int -param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) != - EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost))) - return 0; - - if (GOST_KEY_get_digest(a->pkey.gost) != - GOST_KEY_get_digest(b->pkey.gost)) - return 0; - - return 1; -} - -static int -pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL; - int digest = GOST_KEY_get_digest(pkey->pkey.gost); - - switch (op) { - case ASN1_PKEY_CTRL_PKCS7_SIGN: - if (arg1 == 0) - PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); - break; - - case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: - if (arg1 == 0) - PKCS7_RECIP_INFO_get0_alg(arg2, &alg3); - break; - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = GostR3410_get_md_digest(digest); - return 2; - - default: - return -2; - } - - if (alg1) - X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0); - if (alg2) - X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0); - if (alg3) { - ASN1_STRING *params = encode_gost01_algor_params(pkey); - if (params == NULL) { - return -1; - } - X509_ALGOR_set0(alg3, - OBJ_nid2obj(GostR3410_get_pk_digest(digest)), - V_ASN1_SEQUENCE, params); - } - - return 1; -} - -const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[] = { - { - .pkey_id = EVP_PKEY_GOSTR01, - .pkey_base_id = EVP_PKEY_GOSTR01, - .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, - - .pem_str = "GOST2001", - .info = "GOST R 34.10-2001", - - .pkey_free = pkey_free_gost01, - .pkey_ctrl = pkey_ctrl_gost01, - - .priv_decode = priv_decode_gost01, - .priv_encode = priv_encode_gost01, - .priv_print = priv_print_gost01, - - .param_decode = param_decode_gost01, - .param_encode = param_encode_gost01, - .param_missing = param_missing_gost01, - .param_copy = param_copy_gost01, - .param_cmp = param_cmp_gost01, - .param_print = param_print_gost01, - - .pub_decode = pub_decode_gost01, - .pub_encode = pub_encode_gost01, - .pub_cmp = pub_cmp_gost01, - .pub_print = pub_print_gost01, - .pkey_size = pkey_size_gost01, - .pkey_bits = pkey_bits_gost01, - }, - { - .pkey_id = EVP_PKEY_GOSTR12_256, - .pkey_base_id = EVP_PKEY_GOSTR01, - .pkey_flags = ASN1_PKEY_ALIAS - }, - { - .pkey_id = EVP_PKEY_GOSTR12_512, - .pkey_base_id = EVP_PKEY_GOSTR01, - .pkey_flags = ASN1_PKEY_ALIAS - }, -}; - -#endif diff --git a/crypto/gost/gostr341001_key.c b/crypto/gost/gostr341001_key.c deleted file mode 100644 index 0170ab44..00000000 --- a/crypto/gost/gostr341001_key.c +++ /dev/null @@ -1,334 +0,0 @@ -/* $OpenBSD: gostr341001_key.c,v 1.14 2023/07/24 17:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include "gost_local.h" - -struct gost_key_st { - EC_GROUP *group; - - EC_POINT *pub_key; - BIGNUM *priv_key; - - int references; - - int digest_nid; -}; - -GOST_KEY * -GOST_KEY_new(void) -{ - GOST_KEY *ret; - - ret = malloc(sizeof(GOST_KEY)); - if (ret == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return (NULL); - } - ret->group = NULL; - ret->pub_key = NULL; - ret->priv_key = NULL; - ret->references = 1; - ret->digest_nid = NID_undef; - return (ret); -} -LCRYPTO_ALIAS(GOST_KEY_new); - -void -GOST_KEY_free(GOST_KEY *r) -{ - int i; - - if (r == NULL) - return; - - i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); - if (i > 0) - return; - - EC_GROUP_free(r->group); - EC_POINT_free(r->pub_key); - BN_free(r->priv_key); - - freezero(r, sizeof(GOST_KEY)); -} -LCRYPTO_ALIAS(GOST_KEY_free); - -int -GOST_KEY_check_key(const GOST_KEY *key) -{ - int ok = 0; - BN_CTX *ctx = NULL; - BIGNUM *order = NULL; - EC_POINT *point = NULL; - - if (key == NULL || key->group == NULL || key->pub_key == NULL) { - GOSTerror(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) { - GOSTerror(EC_R_POINT_AT_INFINITY); - goto err; - } - if ((ctx = BN_CTX_new()) == NULL) - goto err; - if ((point = EC_POINT_new(key->group)) == NULL) - goto err; - - /* testing whether the pub_key is on the elliptic curve */ - if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) <= 0) { - GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - /* testing whether pub_key * order is the point at infinity */ - if ((order = BN_new()) == NULL) - goto err; - if (EC_GROUP_get_order(key->group, order, ctx) == 0) { - GOSTerror(EC_R_INVALID_GROUP_ORDER); - goto err; - } - if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order, - ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_is_at_infinity(key->group, point) == 0) { - GOSTerror(EC_R_WRONG_ORDER); - goto err; - } - /* - * in case the priv_key is present : check if generator * priv_key == - * pub_key - */ - if (key->priv_key != NULL) { - if (BN_cmp(key->priv_key, order) >= 0) { - GOSTerror(EC_R_WRONG_ORDER); - goto err; - } - if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, - ctx) == 0) { - GOSTerror(ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) { - GOSTerror(EC_R_INVALID_PRIVATE_KEY); - goto err; - } - } - ok = 1; -err: - BN_free(order); - BN_CTX_free(ctx); - EC_POINT_free(point); - return (ok); -} -LCRYPTO_ALIAS(GOST_KEY_check_key); - -int -GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y) -{ - BN_CTX *ctx = NULL; - BIGNUM *tx, *ty; - EC_POINT *point = NULL; - int ok = 0; - - if (key == NULL || key->group == NULL || x == NULL || y == NULL) { - GOSTerror(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - BN_CTX_start(ctx); - - point = EC_POINT_new(key->group); - if (point == NULL) - goto err; - - if ((tx = BN_CTX_get(ctx)) == NULL) - goto err; - if ((ty = BN_CTX_get(ctx)) == NULL) - goto err; - if (EC_POINT_set_affine_coordinates(key->group, point, x, y, - ctx) == 0) - goto err; - if (EC_POINT_get_affine_coordinates(key->group, point, tx, ty, - ctx) == 0) - goto err; - /* - * Check if retrieved coordinates match originals: if not, values are - * out of range. - */ - if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) { - GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - if (GOST_KEY_set_public_key(key, point) == 0) - goto err; - - if (GOST_KEY_check_key(key) == 0) - goto err; - - ok = 1; - -err: - EC_POINT_free(point); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ok; - -} -LCRYPTO_ALIAS(GOST_KEY_set_public_key_affine_coordinates); - -const EC_GROUP * -GOST_KEY_get0_group(const GOST_KEY *key) -{ - return key->group; -} -LCRYPTO_ALIAS(GOST_KEY_get0_group); - -int -GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group) -{ - EC_GROUP_free(key->group); - key->group = EC_GROUP_dup(group); - return (key->group == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_group); - -const BIGNUM * -GOST_KEY_get0_private_key(const GOST_KEY *key) -{ - return key->priv_key; -} -LCRYPTO_ALIAS(GOST_KEY_get0_private_key); - -int -GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key) -{ - BN_free(key->priv_key); - key->priv_key = BN_dup(priv_key); - return (key->priv_key == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_private_key); - -const EC_POINT * -GOST_KEY_get0_public_key(const GOST_KEY *key) -{ - return key->pub_key; -} -LCRYPTO_ALIAS(GOST_KEY_get0_public_key); - -int -GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key) -{ - EC_POINT_free(key->pub_key); - key->pub_key = EC_POINT_dup(pub_key, key->group); - return (key->pub_key == NULL) ? 0 : 1; -} -LCRYPTO_ALIAS(GOST_KEY_set_public_key); - -int -GOST_KEY_get_digest(const GOST_KEY *key) -{ - return key->digest_nid; -} -LCRYPTO_ALIAS(GOST_KEY_get_digest); -int -GOST_KEY_set_digest(GOST_KEY *key, int digest_nid) -{ - if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet || - digest_nid == NID_id_tc26_gost3411_2012_256 || - digest_nid == NID_id_tc26_gost3411_2012_512) { - key->digest_nid = digest_nid; - return 1; - } - - return 0; -} -LCRYPTO_ALIAS(GOST_KEY_set_digest); - -size_t -GOST_KEY_get_size(const GOST_KEY *r) -{ - int i; - BIGNUM *order = NULL; - const EC_GROUP *group; - - if (r == NULL) - return 0; - group = GOST_KEY_get0_group(r); - if (group == NULL) - return 0; - - if ((order = BN_new()) == NULL) - return 0; - - if (EC_GROUP_get_order(group, order, NULL) == 0) { - BN_free(order); - return 0; - } - - i = BN_num_bytes(order); - BN_free(order); - return (i); -} -LCRYPTO_ALIAS(GOST_KEY_get_size); -#endif diff --git a/crypto/gost/gostr341001_params.c b/crypto/gost/gostr341001_params.c deleted file mode 100644 index ca8a27d7..00000000 --- a/crypto/gost/gostr341001_params.c +++ /dev/null @@ -1,132 +0,0 @@ -/* $OpenBSD: gostr341001_params.c,v 1.5 2022/11/26 16:08:53 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include - -#include "gost_local.h" - -int -GostR3410_get_md_digest(int nid) -{ - if (nid == NID_id_GostR3411_94_CryptoProParamSet) - return NID_id_GostR3411_94; - return nid; -} - -int -GostR3410_get_pk_digest(int nid) -{ - switch (nid) { - case NID_id_GostR3411_94_CryptoProParamSet: - return NID_id_GostR3410_2001; - case NID_id_tc26_gost3411_2012_256: - return NID_id_tc26_gost3410_2012_256; - case NID_id_tc26_gost3411_2012_512: - return NID_id_tc26_gost3410_2012_512; - default: - return NID_undef; - } -} - -typedef struct GostR3410_params { - const char *name; - int nid; -} GostR3410_params; - -static const GostR3410_params GostR3410_256_params[] = { - { "A", NID_id_GostR3410_2001_CryptoPro_A_ParamSet }, - { "B", NID_id_GostR3410_2001_CryptoPro_B_ParamSet }, - { "C", NID_id_GostR3410_2001_CryptoPro_C_ParamSet }, - { "0", NID_id_GostR3410_2001_TestParamSet }, - { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, - { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, - { NULL, NID_undef }, -}; - -static const GostR3410_params GostR3410_512_params[] = { - { "A", NID_id_tc26_gost_3410_12_512_paramSetA }, - { "B", NID_id_tc26_gost_3410_12_512_paramSetB }, - { NULL, NID_undef }, -}; - -int -GostR3410_256_param_id(const char *value) -{ - int i; - - for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) { - if (strcasecmp(GostR3410_256_params[i].name, value) == 0) - return GostR3410_256_params[i].nid; - } - - return NID_undef; -} - -int -GostR3410_512_param_id(const char *value) -{ - int i; - - for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) { - if (strcasecmp(GostR3410_512_params[i].name, value) == 0) - return GostR3410_512_params[i].nid; - } - - return NID_undef; -} - -#endif diff --git a/crypto/gost/gostr341001_pmeth.c b/crypto/gost/gostr341001_pmeth.c deleted file mode 100644 index c5e05bec..00000000 --- a/crypto/gost/gostr341001_pmeth.c +++ /dev/null @@ -1,705 +0,0 @@ -/* $OpenBSD: gostr341001_pmeth.c,v 1.19 2023/07/28 15:50:33 tb Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include -#include -#include -#include - -#include "ecdsa_local.h" -#include "evp_local.h" -#include "gost_local.h" -#include "gost_asn1.h" - -static ECDSA_SIG * -unpack_signature_cp(const unsigned char *sig, size_t siglen) -{ - ECDSA_SIG *s; - - s = ECDSA_SIG_new(); - if (s == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - BN_bin2bn(sig, siglen / 2, s->s); - BN_bin2bn(sig + siglen / 2, siglen / 2, s->r); - return s; -} - -static int -pack_signature_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) -{ - int r_len = BN_num_bytes(s->r); - int s_len = BN_num_bytes(s->s); - - if (r_len > order || s_len > order) - return 0; - - *siglen = 2 * order; - - memset(sig, 0, *siglen); - BN_bn2bin(s->s, sig + order - s_len); - BN_bn2bin(s->r, sig + 2 * order - r_len); - ECDSA_SIG_free(s); - return 1; -} - -static ECDSA_SIG * -unpack_signature_le(const unsigned char *sig, size_t siglen) -{ - ECDSA_SIG *s; - - s = ECDSA_SIG_new(); - if (s == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - GOST_le2bn(sig, siglen / 2, s->r); - GOST_le2bn(sig + siglen / 2, siglen / 2, s->s); - return s; -} - -static int -pack_signature_le(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) -{ - *siglen = 2 * order; - memset(sig, 0, *siglen); - GOST_bn2le(s->r, sig, order); - GOST_bn2le(s->s, sig + order, order); - ECDSA_SIG_free(s); - return 1; -} - -struct gost_pmeth_data { - int sign_param_nid; /* Should be set whenever parameters are filled */ - int digest_nid; - EVP_MD *md; - unsigned char *shared_ukm; - int peer_key_used; - int sig_format; -}; - -static int -pkey_gost01_init(EVP_PKEY_CTX *ctx) -{ - struct gost_pmeth_data *data; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - - data = calloc(1, sizeof(struct gost_pmeth_data)); - if (data == NULL) - return 0; - - if (pkey != NULL && pkey->pkey.gost != NULL) { - data->sign_param_nid = - EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); - data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost); - } - EVP_PKEY_CTX_set_data(ctx, data); - return 1; -} - -/* Copies contents of gost_pmeth_data structure */ -static int -pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - struct gost_pmeth_data *dst_data, *src_data; - - if (pkey_gost01_init(dst) == 0) - return 0; - - src_data = EVP_PKEY_CTX_get_data(src); - dst_data = EVP_PKEY_CTX_get_data(dst); - *dst_data = *src_data; - if (src_data->shared_ukm != NULL) - dst_data->shared_ukm = NULL; - return 1; -} - -/* Frees up gost_pmeth_data structure */ -static void -pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) -{ - struct gost_pmeth_data *data; - - if ((data = EVP_PKEY_CTX_get_data(ctx)) == NULL) - return; - - free(data->shared_ukm); - free(data); -} - -static int -pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - EC_GROUP *group = NULL; - GOST_KEY *gost = NULL; - int ret = 0; - - if (data->sign_param_nid == NID_undef || - data->digest_nid == NID_undef) { - GOSTerror(GOST_R_NO_PARAMETERS_SET); - return 0; - } - - group = EC_GROUP_new_by_curve_name(data->sign_param_nid); - if (group == NULL) - goto done; - - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - - gost = GOST_KEY_new(); - if (gost == NULL) - goto done; - - if (GOST_KEY_set_digest(gost, data->digest_nid) == 0) - goto done; - - if (GOST_KEY_set_group(gost, group) != 0) - ret = EVP_PKEY_assign_GOST(pkey, gost); - -done: - if (ret == 0) - GOST_KEY_free(gost); - EC_GROUP_free(group); - return ret; -} - -static int -pkey_gost01_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - if (pkey_gost01_paramgen(ctx, pkey) == 0) - return 0; - return gost2001_keygen(pkey->pkey.gost) != 0; -} - -static int -pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbs_len) -{ - ECDSA_SIG *unpacked_sig = NULL; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - BIGNUM *md; - size_t size; - int ret; - - if (pkey == NULL || pkey->pkey.gost == NULL) - return 0; - size = GOST_KEY_get_size(pkey->pkey.gost); - - if (siglen == NULL) - return 0; - if (sig == NULL) { - *siglen = 2 * size; - return 1; - } else if (*siglen < 2 * size) { - GOSTerror(EC_R_BUFFER_TOO_SMALL); - return 0; - } - if (tbs_len != 32 && tbs_len != 64) { - GOSTerror(EVP_R_BAD_BLOCK_LENGTH); - return 0; - } - md = GOST_le2bn(tbs, tbs_len, NULL); - if (md == NULL) - return 0; - unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost); - BN_free(md); - if (unpacked_sig == NULL) { - return 0; - } - switch (pctx->sig_format) { - case GOST_SIG_FORMAT_SR_BE: - ret = pack_signature_cp(unpacked_sig, size, sig, siglen); - break; - case GOST_SIG_FORMAT_RS_LE: - ret = pack_signature_le(unpacked_sig, size, sig, siglen); - break; - default: - ret = -1; - break; - } - if (ret <= 0) - ECDSA_SIG_free(unpacked_sig); - return ret; -} - -static int -pkey_gost01_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbs_len) -{ - int ok = 0; - EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - ECDSA_SIG *s = NULL; - BIGNUM *md; - - if (pub_key == NULL) - return 0; - switch (pctx->sig_format) { - case GOST_SIG_FORMAT_SR_BE: - s = unpack_signature_cp(sig, siglen); - break; - case GOST_SIG_FORMAT_RS_LE: - s = unpack_signature_le(sig, siglen); - break; - } - if (s == NULL) - return 0; - md = GOST_le2bn(tbs, tbs_len, NULL); - if (md == NULL) - goto err; - ok = gost2001_do_verify(md, s, pub_key->pkey.gost); - -err: - BN_free(md); - ECDSA_SIG_free(s); - return ok; -} - -static int -gost01_VKO_key(EVP_PKEY *pub_key, EVP_PKEY *priv_key, const unsigned char *ukm, - unsigned char *key) -{ - unsigned char hashbuf[128]; - int digest_nid; - int ret = 0; - BN_CTX *ctx = BN_CTX_new(); - BIGNUM *UKM, *X, *Y; - - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - if ((UKM = BN_CTX_get(ctx)) == NULL) - goto err; - if ((X = BN_CTX_get(ctx)) == NULL) - goto err; - if ((Y = BN_CTX_get(ctx)) == NULL) - goto err; - - GOST_le2bn(ukm, 8, UKM); - - digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost); - if (VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost, - UKM) == 0) - goto err; - - switch (digest_nid) { - case NID_id_GostR3411_94_CryptoProParamSet: - GOST_bn2le(X, hashbuf, 32); - GOST_bn2le(Y, hashbuf + 32, 32); - GOSTR341194(hashbuf, 64, key, digest_nid); - ret = 1; - break; - case NID_id_tc26_gost3411_2012_256: - GOST_bn2le(X, hashbuf, 32); - GOST_bn2le(Y, hashbuf + 32, 32); - STREEBOG256(hashbuf, 64, key); - ret = 1; - break; - case NID_id_tc26_gost3411_2012_512: - GOST_bn2le(X, hashbuf, 64); - GOST_bn2le(Y, hashbuf + 64, 64); - STREEBOG256(hashbuf, 128, key); - ret = 1; - break; - default: - ret = -2; - break; - } -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -int -pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, - const unsigned char *in, size_t in_len) -{ - const unsigned char *p = in; - EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); - GOST_KEY_TRANSPORT *gkt = NULL; - int ret = 0; - unsigned char wrappedKey[44]; - unsigned char sharedKey[32]; - EVP_PKEY *eph_key = NULL, *peerkey = NULL; - int nid; - - if (key == NULL) { - *key_len = 32; - return 1; - } - gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); - if (gkt == NULL) { - GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); - return -1; - } - - /* If key transport structure contains public key, use it */ - eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); - if (eph_key != NULL) { - if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) { - GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY); - goto err; - } - } else { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, - NULL) <= 0) { - GOSTerror(GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); - if (peerkey == NULL) { - GOSTerror(GOST_R_NO_PEER_KEY); - goto err; - } - - nid = OBJ_obj2nid(gkt->key_agreement_info->cipher); - - if (gkt->key_agreement_info->eph_iv->length != 8) { - GOSTerror(GOST_R_INVALID_IV_LENGTH); - goto err; - } - memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); - if (gkt->key_info->encrypted_key->length != 32) { - GOSTerror(EVP_R_BAD_KEY_LENGTH); - goto err; - } - memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); - if (gkt->key_info->imit->length != 4) { - GOSTerror(ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); - if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0) - goto err; - if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) { - GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY); - goto err; - } - - ret = 1; -err: - EVP_PKEY_free(eph_key); - GOST_KEY_TRANSPORT_free(gkt); - return ret; -} - -int -pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - /* - * Public key of peer in the ctx field peerkey - * Our private key in the ctx pkey - * ukm is in the algorithm specific context data - */ - EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); - EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - - if (data->shared_ukm == NULL) { - GOSTerror(GOST_R_UKM_NOT_SET); - return 0; - } - - if (key == NULL) { - *keylen = 32; - return 32; - } - - if (gost01_VKO_key(peer_key, my_key, data->shared_ukm, key) <= 0) - return 0; - - *keylen = 32; - return 1; -} - -int -pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, - const unsigned char *key, size_t key_len) -{ - GOST_KEY_TRANSPORT *gkt = NULL; - EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); - struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); - unsigned char ukm[8], shared_key[32], crypted_key[44]; - int ret = 0; - int key_is_ephemeral; - EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); - int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - - if (data->shared_ukm != NULL) { - memcpy(ukm, data->shared_ukm, 8); - } else /* if (out != NULL) */ { - arc4random_buf(ukm, 8); - } - /* Check for private key in the peer_key of context */ - if (sec_key) { - key_is_ephemeral = 0; - if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) { - GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); - goto err; - } - } else { - key_is_ephemeral = 1; - if (out != NULL) { - GOST_KEY *tmp_key; - - sec_key = EVP_PKEY_new(); - if (sec_key == NULL) - goto err; - tmp_key = GOST_KEY_new(); - if (tmp_key == NULL) - goto err; - if (EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), - tmp_key) == 0) { - GOST_KEY_free(tmp_key); - goto err; - } - if (EVP_PKEY_copy_parameters(sec_key, pubk) == 0) - goto err; - if (gost2001_keygen(sec_key->pkey.gost) == 0) { - goto err; - } - } - } - - if (out != NULL) { - if (gost01_VKO_key(pubk, sec_key, ukm, shared_key) <= 0) - goto err; - gost_key_wrap_crypto_pro(nid, shared_key, ukm, key, - crypted_key); - } - gkt = GOST_KEY_TRANSPORT_new(); - if (gkt == NULL) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8) == 0) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, - 4) == 0) - goto err; - if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8, - 32) == 0) - goto err; - if (key_is_ephemeral) { - if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key, - out != NULL ? sec_key : pubk) == 0) { - GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY); - goto err; - } - } - ASN1_OBJECT_free(gkt->key_agreement_info->cipher); - gkt->key_agreement_info->cipher = OBJ_nid2obj(nid); - if (key_is_ephemeral) - EVP_PKEY_free(sec_key); - else { - /* Set control "public key from client certificate used" */ - if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, - NULL) <= 0) { - GOSTerror(GOST_R_CTRL_CALL_FAILED); - goto err; - } - } - if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) - ret = 1; - GOST_KEY_TRANSPORT_free(gkt); - return ret; - -err: - if (key_is_ephemeral) - EVP_PKEY_free(sec_key); - GOST_KEY_TRANSPORT_free(gkt); - return -1; -} - - -static int -pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); - - switch (type) { - case EVP_PKEY_CTRL_MD: - if (EVP_MD_type(p2) != - GostR3410_get_md_digest(pctx->digest_nid)) { - GOSTerror(GOST_R_INVALID_DIGEST_TYPE); - return 0; - } - pctx->md = p2; - return 1; - case EVP_PKEY_CTRL_PKCS7_ENCRYPT: - case EVP_PKEY_CTRL_PKCS7_DECRYPT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_DIGESTINIT: - return 1; - - case EVP_PKEY_CTRL_GOST_PARAMSET: - pctx->sign_param_nid = (int)p1; - return 1; - - case EVP_PKEY_CTRL_SET_IV: - { - char *ukm = malloc(p1); - - if (ukm == NULL) { - GOSTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(ukm, p2, p1); - free(pctx->shared_ukm); - pctx->shared_ukm = ukm; - return 1; - } - - case EVP_PKEY_CTRL_PEER_KEY: - if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */ - return 1; - if (p1 == 2) /* TLS: peer key used? */ - return pctx->peer_key_used; - if (p1 == 3) /* TLS: peer key used! */ - return (pctx->peer_key_used = 1); - return -2; - case EVP_PKEY_CTRL_GOST_SIG_FORMAT: - switch (p1) { - case GOST_SIG_FORMAT_SR_BE: - case GOST_SIG_FORMAT_RS_LE: - pctx->sig_format = p1; - return 1; - default: - return 0; - } - break; - case EVP_PKEY_CTRL_GOST_SET_DIGEST: - pctx->digest_nid = (int)p1; - return 1; - case EVP_PKEY_CTRL_GOST_GET_DIGEST: - *(int *)p2 = pctx->digest_nid; - return 1; - default: - return -2; - } -} - -static int -pkey_gost01_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) -{ - int param_nid = NID_undef; - int digest_nid = NID_undef; - - if (strcmp(type, "paramset") == 0) { - if (value == NULL) - return 0; - if (pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0, - &digest_nid) == 0) - return 0; - if (digest_nid == NID_id_tc26_gost3411_2012_512) - param_nid = GostR3410_512_param_id(value); - else - param_nid = GostR3410_256_param_id(value); - if (param_nid == NID_undef) - param_nid = OBJ_txt2nid(value); - if (param_nid == NID_undef) - return 0; - - return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, - param_nid, NULL); - } - if (strcmp(type, "dgst") == 0) { - if (value == NULL) - return 0; - else if (strcmp(value, "gost94") == 0 || - strcmp(value, "md_gost94") == 0) - digest_nid = NID_id_GostR3411_94_CryptoProParamSet; - else if (strcmp(value, "streebog256") == 0) - digest_nid = NID_id_tc26_gost3411_2012_256; - else if (strcmp(value, "streebog512") == 0) - digest_nid = NID_id_tc26_gost3411_2012_512; - - if (digest_nid == NID_undef) - return 0; - - return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST, - digest_nid, NULL); - } - return -2; -} - -const EVP_PKEY_METHOD gostr01_pkey_meth = { - .pkey_id = EVP_PKEY_GOSTR01, - - .init = pkey_gost01_init, - .copy = pkey_gost01_copy, - .cleanup = pkey_gost01_cleanup, - - .paramgen = pkey_gost01_paramgen, - .keygen = pkey_gost01_keygen, - .sign = pkey_gost01_sign, - .verify = pkey_gost01_verify, - - .encrypt = pkey_gost01_encrypt, - .decrypt = pkey_gost01_decrypt, - .derive = pkey_gost01_derive, - - .ctrl = pkey_gost01_ctrl, - .ctrl_str = pkey_gost01_ctrl_str, -}; -#endif diff --git a/crypto/gost/gostr341194.c b/crypto/gost/gostr341194.c deleted file mode 100644 index 311c3045..00000000 --- a/crypto/gost/gostr341194.c +++ /dev/null @@ -1,278 +0,0 @@ -/* $OpenBSD: gostr341194.c,v 1.7 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" - -/* Following functions are various bit meshing routines used in - * GOST R 34.11-94 algorithms */ -static void -swap_bytes(unsigned char *w, unsigned char *k) -{ - int i, j; - - for (i = 0; i < 4; i++) - for (j = 0; j < 8; j++) - k[i + 4 * j] = w[8 * i + j]; -} - -/* was A_A */ -static void -circle_xor8(const unsigned char *w, unsigned char *k) -{ - unsigned char buf[8]; - int i; - - memcpy(buf, w, 8); - memmove(k, w + 8, 24); - for (i = 0; i < 8; i++) - k[i + 24] = buf[i] ^ k[i]; -} - -/* was R_R */ -static void -transform_3(unsigned char *data) -{ - unsigned short int acc; - - acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) | - ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); - memmove(data, data + 2, 30); - data[30] = acc & 0xff; - data[31] = acc >> 8; -} - -/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ -static int -add_blocks(int n, unsigned char *left, const unsigned char *right) -{ - int i; - int carry = 0; - int sum; - - for (i = 0; i < n; i++) { - sum = (int)left[i] + (int)right[i] + carry; - left[i] = sum & 0xff; - carry = sum >> 8; - } - return carry; -} - -/* Xor two sequences of bytes */ -static void -xor_blocks(unsigned char *result, const unsigned char *a, - const unsigned char *b, size_t len) -{ - size_t i; - - for (i = 0; i < len; i++) - result[i] = a[i] ^ b[i]; -} - -/* - * Calculate H(i+1) = Hash(Hi,Mi) - * Where H and M are 32 bytes long - */ -static int -hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M) -{ - unsigned char U[32], W[32], V[32], S[32], Key[32]; - int i; - - /* Compute first key */ - xor_blocks(W, H, M, 32); - swap_bytes(W, Key); - /* Encrypt first 8 bytes of H with first key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H, S, &c->cipher); - - /* Compute second key */ - circle_xor8(H, U); - circle_xor8(M, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt second 8 bytes of H with second key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+8, S+8, &c->cipher); - - /* compute third key */ - circle_xor8(U, U); - U[31] = ~U[31]; - U[29] = ~U[29]; - U[28] = ~U[28]; - U[24] = ~U[24]; - U[23] = ~U[23]; - U[20] = ~U[20]; - U[18] = ~U[18]; - U[17] = ~U[17]; - U[14] = ~U[14]; - U[12] = ~U[12]; - U[10] = ~U[10]; - U[8] = ~U[8]; - U[7] = ~U[7]; - U[5] = ~U[5]; - U[3] = ~U[3]; - U[1] = ~U[1]; - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* encrypt third 8 bytes of H with third key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+16, S+16, &c->cipher); - - /* Compute fourth key */ - circle_xor8(U, U); - circle_xor8(V, V); - circle_xor8(V, V); - xor_blocks(W, U, V, 32); - swap_bytes(W, Key); - /* Encrypt last 8 bytes with fourth key */ - Gost2814789_set_key(&c->cipher, Key, 256); - Gost2814789_encrypt(H+24, S+24, &c->cipher); - - for (i = 0; i < 12; i++) - transform_3(S); - xor_blocks(S, S, M, 32); - transform_3(S); - xor_blocks(S, S, H, 32); - for (i = 0; i < 61; i++) - transform_3(S); - memcpy(H, S, 32); - return 1; -} - -int -GOSTR341194_Init(GOSTR341194_CTX *c, int nid) -{ - memset(c, 0, sizeof(*c)); - return Gost2814789_set_sbox(&c->cipher, nid); -} -LCRYPTO_ALIAS(GOSTR341194_Init); - -static void -GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p, - size_t num) -{ - int i; - - for (i = 0; i < num; i++) { - hash_step(ctx, ctx->H, p); - add_blocks(32, ctx->S, p); - p += 32; - } -} - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_CBLOCK GOSTR341194_CBLOCK -#define HASH_LONG GOSTR341194_LONG -#define HASH_CTX GOSTR341194_CTX -#define HASH_UPDATE GOSTR341194_Update -#define HASH_TRANSFORM GOSTR341194_Transform -#define HASH_NO_FINAL 1 -#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order - -#include "md32_common.h" -LCRYPTO_ALIAS(GOSTR341194_Update); -LCRYPTO_ALIAS(GOSTR341194_Transform); - -int -GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c) -{ - unsigned char *p = (unsigned char *)c->data; - unsigned char T[32]; - - if (c->num > 0) { - memset(p + c->num, 0, 32 - c->num); - hash_step(c, c->H, p); - add_blocks(32, c->S, p); - } - - p = T; - HOST_l2c(c->Nl, p); - HOST_l2c(c->Nh, p); - memset(p, 0, 32 - 8); - hash_step(c, c->H, T); - hash_step(c, c->H, c->S); - - memcpy(md, c->H, 32); - - return 1; -} -LCRYPTO_ALIAS(GOSTR341194_Final); - -unsigned char * -GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid) -{ - GOSTR341194_CTX c; - static unsigned char m[GOSTR341194_LENGTH]; - - if (md == NULL) - md = m; - if (!GOSTR341194_Init(&c, nid)) - return 0; - GOSTR341194_Update(&c, d, n); - GOSTR341194_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(GOSTR341194); -#endif diff --git a/crypto/gost/streebog.c b/crypto/gost/streebog.c deleted file mode 100644 index 60c57579..00000000 --- a/crypto/gost/streebog.c +++ /dev/null @@ -1,1487 +0,0 @@ -/* $OpenBSD: streebog.c,v 1.9 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_GOST -#include -#include -#include - -#include "gost_local.h" - -static const STREEBOG_LONG64 A_PI_table[8][256] = { - { /* 0 */ - U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325), - U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b), - U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab), - U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5), - U64(0xf14be6b78df36248), U64(0xc585bd689a625cff), - U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366), - U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c), - U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e), - U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c), - U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5), - U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec), - U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c), - U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58), - U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f), - U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10), - U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a), - U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4), - U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8), - U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5), - U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e), - U64(0x14ba94250fceb90d), U64(0x844d6697630e5282), - U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c), - U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083), - U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85), - U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8), - U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162), - U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d), - U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823), - U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4), - U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a), - U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27), - U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a), - U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043), - U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c), - U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5), - U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7), - U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda), - U64(0x231427c05e34a086), U64(0xa439a96d7b51d538), - U64(0xb403401077f01865), U64(0xdda2aea5901d7902), - U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93), - U64(0x8bb0094520d4e94e), U64(0x2a29856691385532), - U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2), - U64(0x07e095624504536c), U64(0x8a905153e906f45a), - U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3), - U64(0x4468feb133d16739), U64(0xe211e7f0c7398829), - U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9), - U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455), - U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320), - U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0), - U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242), - U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6), - U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167), - U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5), - U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28), - U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617), - U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78), - U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287), - U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac), - U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0), - U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73), - U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9), - U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e), - U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22), - U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31), - U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09), - U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc), - U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f), - U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826), - U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd), - U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691), - U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6), - U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98), - U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2), - U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450), - U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860), - U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1), - U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908), - U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f), - U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed), - U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30), - U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8), - U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa), - U64(0x4c750401350f8f99), U64(0x0000000000000000), - U64(0xecccd0344d312ef1), U64(0xb5231806be220571), - U64(0xc105c030990d28af), U64(0x653c695de25cfd97), - U64(0x159acc33c61ca419), U64(0xb89ec7f872418495), - U64(0xa9847693b73254dc), U64(0x58cf90243ac13694), - U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4), - U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2), - U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d), - U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde), - U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f), - U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb), - U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb), - U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4), - U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981), - U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3), - U64(0xcef8afe2dad79363), U64(0x3853dc371220a247), - U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79), - U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612), - U64(0x127a59518318f775), U64(0x332ecebd52956ddb), - U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52), - U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe), - U64(0x75068020eefd30ca), U64(0x135a01474acaea61), - U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c), - U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8), - U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7), - U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd), - U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907), - U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56), - U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d), - U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369), - U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1), - U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15), - U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59), - U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b), - U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2), - U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11), - U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1), - U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984), - U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e), - U64(0xa75941573d3af204), U64(0x8e102c0bea69800a), - U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a), - U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9), - U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7), - U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2), - U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3), - U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6) - }, { /* 1 */ - U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565), - U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85), - U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9), - U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd), - U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2), - U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf), - U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa), - U64(0xaa16012142f35760), U64(0x35cc54060c763cf6), - U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc), - U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7), - U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7), - U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6), - U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea), - U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce), - U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a), - U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca), - U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d), - U64(0x45505e51a2461011), U64(0xfc029872e46c5323), - U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173), - U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f), - U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d), - U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e), - U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18), - U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6), - U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc), - U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b), - U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099), - U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb), - U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8), - U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1), - U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f), - U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115), - U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da), - U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb), - U64(0xb310b4b77347a205), U64(0xdfab323c787b8512), - U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753), - U64(0x6864b271e2574d58), U64(0x259784c98fc789d7), - U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b), - U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a), - U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272), - U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4), - U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83), - U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0), - U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad), - U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4), - U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706), - U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e), - U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4), - U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3), - U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff), - U64(0x9258048415eb419d), U64(0x6139d72850520d1c), - U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a), - U64(0xcceff53e7ca29140), U64(0xd229639f2315af19), - U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1), - U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91), - U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e), - U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c), - U64(0x7fff41890fe53345), U64(0xec5948bd67dde602), - U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2), - U64(0xf8ddac880d07396c), U64(0x6fa491468c548664), - U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3), - U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c), - U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e), - U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b), - U64(0x1665fe489061eac7), U64(0x33f27a811fa66310), - U64(0x93a609346838d547), U64(0x30ed6d4c98cec263), - U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b), - U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a), - U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c), - U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38), - U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717), - U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928), - U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088), - U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df), - U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461), - U64(0x4f122cc5972bf126), U64(0xac282fa651230886), - U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735), - U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3), - U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92), - U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be), - U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49), - U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc), - U64(0x24698979f2141d0d), U64(0x0000000000000000), - U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e), - U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6), - U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac), - U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389), - U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556), - U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236), - U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631), - U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443), - U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af), - U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993), - U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c), - U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137), - U64(0x783f62be61e6f879), U64(0x1344c70204d91452), - U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613), - U64(0xbe92e5142829880e), U64(0x727d102a548b194e), - U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b), - U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620), - U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2), - U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95), - U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897), - U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044), - U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675), - U64(0x157ae98517094bb4), U64(0x9fda55274e856b96), - U64(0x914713499283e0ee), U64(0xb952c623462a4332), - U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8), - U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb), - U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301), - U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f), - U64(0xea67663a740db9e4), U64(0xef465f70e0b54771), - U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec), - U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db), - U64(0x7e014c397236a79f), U64(0x811cc386113255cf), - U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b), - U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9), - U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f), - U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d), - U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3), - U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb), - U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f), - U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08), - U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2), - U64(0xa05473b5779eb657), U64(0xb4d097801d446939), - U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2), - U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6), - U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376) - }, { /* 2 */ - U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf), - U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492), - U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16), - U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a), - U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb), - U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc), - U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3), - U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507), - U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9), - U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4), - U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4), - U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167), - U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23), - U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f), - U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be), - U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43), - U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7), - U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65), - U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195), - U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141), - U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47), - U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282), - U64(0xc824e778dde3039c), U64(0xf97d86d98a327728), - U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57), - U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419), - U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d), - U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6), - U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0), - U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625), - U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e), - U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71), - U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f), - U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473), - U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840), - U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636), - U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5), - U64(0x7b38ba50964902e8), U64(0x222e580bbde73764), - U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80), - U64(0x35994be3235ac56d), U64(0x09add01af5e014de), - U64(0x5e8659a6780539c6), U64(0xb17c48097161d796), - U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901), - U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098), - U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd), - U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea), - U64(0x765540081722a7ef), U64(0x3e548ed8ec710751), - U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a), - U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2), - U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61), - U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8), - U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c), - U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24), - U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3), - U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b), - U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e), - U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae), - U64(0xd70ea014ab558e3a), U64(0xc189376228031742), - U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89), - U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06), - U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b), - U64(0x315961a157d174b4), U64(0x6672e81dda3459ac), - U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8), - U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9), - U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf), - U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0), - U64(0x8c78576eba306d54), U64(0xae560f6507d75a30), - U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5), - U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d), - U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e), - U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174), - U64(0xeeca9531148f8521), U64(0xb8d198138481c348), - U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839), - U64(0x5a4673e40c8e881f), U64(0x1687977683569978), - U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785), - U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c), - U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3), - U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97), - U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f), - U64(0xcdd449a4b483d934), U64(0x87b59255751baf68), - U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab), - U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf), - U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb), - U64(0xfa2d1766ad12cabb), U64(0xc729080166437079), - U64(0x9c5fff7b77269317), U64(0x0000000000000000), - U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72), - U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37), - U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9), - U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186), - U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa), - U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a), - U64(0x802529a826b0a322), U64(0x8115ad363b5bc853), - U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5), - U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec), - U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8), - U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4), - U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59), - U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6), - U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035), - U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2), - U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d), - U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460), - U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b), - U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2), - U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4), - U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc), - U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f), - U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7), - U64(0xf4107c810b59d22f), U64(0x333974806d1aa256), - U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15), - U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610), - U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603), - U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c), - U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93), - U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29), - U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270), - U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c), - U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d), - U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026), - U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1), - U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a), - U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138), - U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20), - U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481), - U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18), - U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b), - U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b), - U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b), - U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7), - U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a) - }, { /* 3 */ - U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531), - U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b), - U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99), - U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576), - U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be), - U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c), - U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20), - U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c), - U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96), - U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2), - U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd), - U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832), - U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c), - U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac), - U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4), - U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762), - U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91), - U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4), - U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487), - U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4), - U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3), - U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875), - U64(0x891dc05074586693), U64(0x5b068c651810a89e), - U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d), - U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea), - U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065), - U64(0x8770241bdd96be69), U64(0xb861e18199ee95db), - U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82), - U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b), - U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139), - U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab), - U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c), - U64(0x654030141d1697ed), U64(0x07b872abda676c7d), - U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf), - U64(0x3e46bc7105063f73), U64(0x278ae987121cd678), - U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9), - U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f), - U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3), - U64(0x7b341749d06b129b), U64(0x229c69e74a87929a), - U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a), - U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b), - U64(0x25241b4c90e0fee7), U64(0x5de987258309d022), - U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6), - U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34), - U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a), - U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9), - U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a), - U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555), - U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c), - U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530), - U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50), - U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001), - U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023), - U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707), - U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a), - U64(0x468b201816ef11b6), U64(0xab81a9b73edff409), - U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7), - U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67), - U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3), - U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c), - U64(0x247362a7d19eea26), U64(0xebe582efb3299d03), - U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8), - U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf), - U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc), - U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f), - U64(0xded85ab5477a3e68), U64(0x90d195a663428f98), - U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706), - U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6), - U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271), - U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0), - U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b), - U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf), - U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679), - U64(0xf952b3325566e810), U64(0x39fecedadf61530e), - U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff), - U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51), - U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252), - U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741), - U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380), - U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1), - U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740), - U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4), - U64(0xfc4433520dfdacf2), U64(0x0000000000000000), - U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16), - U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513), - U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789), - U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4), - U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca), - U64(0xe1c99f2f030215da), U64(0x6983269436246788), - U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c), - U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6), - U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253), - U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d), - U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833), - U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35), - U64(0x7559f30279a5ca61), U64(0x799ae58252973a04), - U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5), - U64(0x1d8dac7d0effb928), U64(0x439da0784e745554), - U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44), - U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e), - U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2), - U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194), - U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3), - U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2), - U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e), - U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e), - U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046), - U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724), - U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe), - U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd), - U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d), - U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0), - U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5), - U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0), - U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811), - U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a), - U64(0xca8060283a2c33c7), U64(0x507de84ee9453486), - U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9), - U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a), - U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60), - U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1), - U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8), - U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381), - U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc), - U64(0x47dc59f357910577), U64(0x2b49ff07392e261d), - U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd), - U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f), - U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4) - }, { /* 4 */ - U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9), - U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f), - U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8), - U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037), - U64(0x10ed0a1825438f96), U64(0x516101f72c233d17), - U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd), - U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f), - U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3), - U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa), - U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5), - U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e), - U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408), - U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564), - U64(0x0ebacf09f594563b), U64(0xd04572b884708530), - U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2), - U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf), - U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a), - U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac), - U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c), - U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b), - U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a), - U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6), - U64(0x803b50c035220cc4), U64(0x0321658cba93c138), - U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3), - U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1), - U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f), - U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658), - U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102), - U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895), - U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b), - U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0), - U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2), - U64(0x20c714304a860331), U64(0x5cfaab726324aa14), - U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739), - U64(0x23e671bcf015c209), U64(0x45f087e947b9582a), - U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997), - U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe), - U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72), - U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059), - U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca), - U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352), - U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91), - U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d), - U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7), - U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22), - U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e), - U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d), - U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9), - U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a), - U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6), - U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7), - U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f), - U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce), - U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480), - U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb), - U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d), - U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a), - U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1), - U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c), - U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f), - U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1), - U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451), - U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0), - U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9), - U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db), - U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7), - U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df), - U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912), - U64(0x6428b056904eeff8), U64(0x8be23040131e04b7), - U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93), - U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23), - U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48), - U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75), - U64(0x292032b34b587e99), U64(0x7f1cdace9331681d), - U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16), - U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898), - U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79), - U64(0x78413344677b438e), U64(0xf0826688cef68601), - U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc), - U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b), - U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e), - U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a), - U64(0x22f952336d6476ea), U64(0x0000000000000000), - U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946), - U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78), - U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21), - U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383), - U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e), - U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e), - U64(0xca6e3baf1a7eb636), U64(0xab25247059980786), - U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c), - U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26), - U64(0x89dc764334fc716c), U64(0xf87a638452594f4a), - U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757), - U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088), - U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161), - U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc), - U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6), - U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f), - U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab), - U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c), - U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844), - U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5), - U64(0x3456922e211c660c), U64(0x86799ac55c1993b4), - U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432), - U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43), - U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281), - U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e), - U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849), - U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6), - U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d), - U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd), - U64(0x60543c50de970553), U64(0x93f73f54aaf2426a), - U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2), - U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6), - U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94), - U64(0x4093286094110662), U64(0xb0114ee85ae78063), - U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250), - U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c), - U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971), - U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92), - U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20), - U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3), - U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7), - U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365), - U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187), - U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233), - U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135) - }, { /* 5 */ - U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743), - U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139), - U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c), - U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994), - U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b), - U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5), - U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb), - U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e), - U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf), - U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5), - U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95), - U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce), - U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946), - U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e), - U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161), - U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386), - U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3), - U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca), - U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737), - U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982), - U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e), - U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219), - U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950), - U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae), - U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932), - U64(0x4585254f64090fa0), U64(0x72de245e17d53afa), - U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71), - U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd), - U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a), - U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc), - U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2), - U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e), - U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6), - U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80), - U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c), - U64(0x414340349119c103), U64(0x5405f269ed4dadf7), - U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8), - U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d), - U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1), - U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831), - U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502), - U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d), - U64(0x092e94218d243cba), U64(0x8339debf453622e7), - U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9), - U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2), - U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514), - U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779), - U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2), - U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed), - U64(0x4d14efb993298efb), U64(0x815a620cb13e4538), - U64(0x125c354207487869), U64(0x9eeea614ce42cf48), - U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b), - U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656), - U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c), - U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241), - U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684), - U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f), - U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c), - U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6), - U64(0xdc710444d157d475), U64(0xb835702334da5845), - U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d), - U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f), - U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463), - U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d), - U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560), - U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257), - U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07), - U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c), - U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8), - U64(0x05793bac8f147342), U64(0x21c1512881848390), - U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72), - U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0), - U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417), - U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8), - U64(0x32223abdfcc84618), U64(0x0891caf6f720815b), - U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33), - U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be), - U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0), - U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b), - U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3), - U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab), - U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2), - U64(0xd4e0ceb22677552e), U64(0x0000000000000000), - U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4), - U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e), - U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf), - U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11), - U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9), - U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4), - U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6), - U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897), - U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5), - U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d), - U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5), - U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2), - U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1), - U64(0x635ef3789e9198ad), U64(0x531f75769651b96a), - U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9), - U64(0x5f48dafb9461f692), U64(0x375b011173dc355a), - U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0), - U64(0x36e45fc609d888bb), U64(0x55baacbe97491016), - U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459), - U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755), - U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285), - U64(0x50c39712185d6354), U64(0xf23b1885dcefc223), - U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853), - U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac), - U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a), - U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320), - U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06), - U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05), - U64(0xb601631dc2e27062), U64(0xc01922382027843b), - U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52), - U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0), - U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98), - U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a), - U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c), - U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf), - U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09), - U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70), - U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640), - U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f), - U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30), - U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6), - U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96), - U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576), - U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3), - U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29) - }, { /* 6 */ - U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77), - U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86), - U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037), - U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b), - U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62), - U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d), - U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec), - U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8), - U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5), - U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3), - U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917), - U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d), - U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b), - U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3), - U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8), - U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee), - U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c), - U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d), - U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e), - U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e), - U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e), - U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421), - U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e), - U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9), - U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542), - U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657), - U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35), - U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550), - U64(0x899322065c2d7703), U64(0xc01e690bfef4018b), - U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c), - U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a), - U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81), - U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a), - U64(0x2778b92cdff70416), U64(0x029f1851691c24a6), - U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264), - U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db), - U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315), - U64(0x721c626879869734), U64(0x042330a2d2384851), - U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d), - U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866), - U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638), - U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b), - U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06), - U64(0xe5f9c876481f213b), U64(0x98deee1289c35809), - U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39), - U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad), - U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5), - U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd), - U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde), - U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a), - U64(0x14aff010bdd87508), U64(0xac74837beac657b3), - U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed), - U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6), - U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9), - U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f), - U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6), - U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4), - U64(0x58c0871977375982), U64(0x7561463d78ace990), - U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94), - U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f), - U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a), - U64(0x790416c613e43163), U64(0xa011d380818e8f40), - U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0), - U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5), - U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4), - U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da), - U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154), - U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea), - U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2), - U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b), - U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711), - U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f), - U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89), - U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f), - U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a), - U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e), - U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874), - U64(0x229a8528b7c15e14), U64(0x44291750739fbc28), - U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97), - U64(0x86a8660ae4779905), U64(0xd62e814a2a305025), - U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5), - U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7), - U64(0x97e5aa1e3199b60f), U64(0x0000000000000000), - U64(0xf4b404629df10e31), U64(0x5564db44a6719322), - U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c), - U64(0x363575380a192b1c), U64(0x2c60cd82b595a241), - U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1), - U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae), - U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac), - U64(0xd915c546926abe23), U64(0x38cf3d92084dd749), - U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f), - U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199), - U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df), - U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0), - U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4), - U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93), - U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c), - U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920), - U64(0x2982f186dda3f843), U64(0x87696aac5e798b56), - U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5), - U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095), - U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672), - U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2), - U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca), - U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483), - U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa), - U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491), - U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f), - U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7), - U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48), - U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c), - U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe), - U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6), - U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52), - U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b), - U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3), - U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3), - U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368), - U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc), - U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129), - U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253), - U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69), - U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a), - U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660), - U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433), - U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61), - U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab), - U64(0xb2020b63877296bf), U64(0x156efcb607d6675b) - }, { /* 7 */ - U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16), - U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a), - U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66), - U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b), - U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5), - U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989), - U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1), - U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6), - U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b), - U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed), - U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e), - U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead), - U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057), - U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9), - U64(0xee054e6c1d11be83), U64(0x1074365909b903a6), - U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c), - U64(0x5379c8d5d7809039), U64(0xb4067448161ed409), - U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9), - U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc), - U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78), - U64(0x0d6771a099e63314), U64(0x82076254e41bf284), - U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0), - U64(0x7aeb569619606cdb), U64(0x83478b07b2468764), - U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e), - U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd), - U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e), - U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb), - U64(0x4cea408aeb654a56), U64(0x23284a47e888996c), - U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab), - U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079), - U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb), - U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628), - U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f), - U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552), - U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f), - U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7), - U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3), - U64(0x861ae105a1723b23), U64(0x38a6414991048aa4), - U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd), - U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2), - U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a), - U64(0x418d312a72837942), U64(0xb29b38bfffcdf773), - U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a), - U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6), - U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2), - U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819), - U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343), - U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651), - U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08), - U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f), - U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781), - U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69), - U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a), - U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902), - U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c), - U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606), - U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3), - U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc), - U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb), - U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668), - U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb), - U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470), - U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c), - U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017), - U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3), - U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f), - U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b), - U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b), - U64(0xbffc491f662bc467), U64(0xdd593272fc202449), - U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f), - U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4), - U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac), - U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26), - U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04), - U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3), - U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8), - U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53), - U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236), - U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be), - U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7), - U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f), - U64(0xea18cd3d58787724), U64(0xaad515447ca67b86), - U64(0x9989695a9d97e14c), U64(0x0000000000000000), - U64(0xf196c63321f464ec), U64(0x71116bc169557cb5), - U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65), - U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8), - U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258), - U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c), - U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1), - U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6), - U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74), - U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a), - U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0), - U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4), - U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af), - U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9), - U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31), - U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38), - U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6), - U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b), - U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733), - U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9), - U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25), - U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13), - U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5), - U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b), - U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34), - U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218), - U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a), - U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e), - U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41), - U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040), - U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e), - U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1), - U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7), - U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d), - U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5), - U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646), - U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd), - U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe), - U64(0x705182923f080955), U64(0x0ea757556301ac29), - U64(0x041d83514569c9a7), U64(0x0abad4042668658e), - U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7), - U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48), - U64(0x9273540deda2f122), U64(0xc797d02fd3f14261), - U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80), - U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293), - U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427) - }, -}; - -static const STREEBOG_LONG64 C16[12][8] = { - { - U64(0xdd806559f2a64507), U64(0x05767436cc744d23), - U64(0xa2422a08a460d315), U64(0x4b7ce09192676901), - U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016), - U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9) - }, { - U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56), - U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958), - U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98), - U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a) - }, { - U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31), - U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1), - U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b), - U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7) - }, { - U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1), - U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675), - U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d), - U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2) - }, { - U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5), - U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3), - U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a), - U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799) - }, { - U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35), - U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4), - U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c), - U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9) - }, { - U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3), - U64(0x06476983284a0504), U64(0x0992abc52d822c37), - U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9), - U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec) - }, { - U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9), - U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690), - U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e), - U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7) - }, { - U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60), - U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1), - U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224), - U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b) - }, { - U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3), - U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b), - U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db), - U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52) - }, { - U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d), - U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca), - U64(0x2001802114846679), U64(0xd8fa6bbbebab0761), - U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb) - }, { - U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99), - U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86), - U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77), - U64(0xd21380b00449b17a), U64(0x378ee767f11631ba) - }, -}; - -#define B(x,i,j) (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8)) -#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7)) -#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0)) - -static inline STREEBOG_LONG64 -multipermute(const STREEBOG_LONG64 *in, int i) -{ - STREEBOG_LONG64 t = 0; - - t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff]; - t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff]; - t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff]; - t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff]; - t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff]; - t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff]; - t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff]; - t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff]; - - return t; -} - -static void -transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a, - const STREEBOG_LONG64 *b) -{ - STREEBOG_LONG64 tmp[8]; - - tmp[0] = a[0] ^ b[0]; - tmp[1] = a[1] ^ b[1]; - tmp[2] = a[2] ^ b[2]; - tmp[3] = a[3] ^ b[3]; - tmp[4] = a[4] ^ b[4]; - tmp[5] = a[5] ^ b[5]; - tmp[6] = a[6] ^ b[6]; - tmp[7] = a[7] ^ b[7]; - - out[0] = multipermute(tmp, 0); - out[1] = multipermute(tmp, 1); - out[2] = multipermute(tmp, 2); - out[3] = multipermute(tmp, 3); - out[4] = multipermute(tmp, 4); - out[5] = multipermute(tmp, 5); - out[6] = multipermute(tmp, 6); - out[7] = multipermute(tmp, 7); -} - -static inline void -gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N) -{ - STREEBOG_LONG64 K[8]; - STREEBOG_LONG64 T[8]; - int i; - - transform(K, h, N); - - transform(T, K, m); - transform(K, K, C16[0]); - for (i = 1; i < 12; i++) { - transform(T, K, T); - transform(K, K, C16[i]); - } - - h[0] ^= T[0] ^ K[0] ^ m[0]; - h[1] ^= T[1] ^ K[1] ^ m[1]; - h[2] ^= T[2] ^ K[2] ^ m[2]; - h[3] ^= T[3] ^ K[3] ^ m[3]; - h[4] ^= T[4] ^ K[4] ^ m[4]; - h[5] ^= T[5] ^ K[5] ^ m[5]; - h[6] ^= T[6] ^ K[6] ^ m[6]; - h[7] ^= T[7] ^ K[7] ^ m[7]; -} - - -static void -streebog_single_block(STREEBOG_CTX *ctx, const unsigned char *in, size_t num) -{ - STREEBOG_LONG64 M[8], l; - STREEBOG_LONG64 CF; - int i; - - for (i = 0; i < 8; i++) - M[i] = PULL64(in[i*8]); - - gN(ctx->h, M, ctx->N); - - l = ctx->N[0]; - ctx->N[0] += num; - - if (ctx->N[0] < l || ctx->N[0] < num) { - for (i = 1; i < 8; i++) { - ctx->N[i]++; - if (ctx->N[i] != 0) - break; - } - } - - CF = 0; - ctx->Sigma[0] += M[0]; - for (i = 1; i < 8; i++) { - if (ctx->Sigma[i-1] != M[i-1]) - CF = (ctx->Sigma[i-1] < M[i-1]); - ctx->Sigma[i] += M[i] + CF; - } -} - - - -static void -streebog_block_data_order(STREEBOG_CTX *ctx, const unsigned char *in, - size_t num) -{ - int i; - - for (i = 0; i < num; i++) - streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8); -} - -int -STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c) -{ - unsigned char *p = (unsigned char *)c->data; - STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {0}; - int n; - - if (c->num == STREEBOG_CBLOCK) { - streebog_block_data_order(c, p, 1); - c->num -= STREEBOG_CBLOCK; - } - - n = c->num; - p[n++] = 1; - memset(p + n, 0, STREEBOG_CBLOCK - n); - - streebog_single_block(c, p, c->num * 8); - - gN(c->h, c->N, Z); - gN(c->h, c->Sigma, Z); - - for (n = 0; n < STREEBOG_LBLOCK; n++) - c->h[n] = SWAB64(c->h[n]); - - if (md == NULL) - return 0; - - switch (c->md_len) { - /* Let compiler decide if it's appropriate to unroll... */ - case STREEBOG256_LENGTH: - for (n = 0; n < STREEBOG256_LENGTH / 8; n++) { - STREEBOG_LONG64 t = c->h[4+n]; - -#if BYTE_ORDER == BIG_ENDIAN - *(md++) = (unsigned char)(t); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 56); -#else - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); -#endif - } - break; - case STREEBOG512_LENGTH: - for (n = 0; n < STREEBOG512_LENGTH / 8; n++) { - STREEBOG_LONG64 t = c->h[n]; - -#if BYTE_ORDER == BIG_ENDIAN - *(md++) = (unsigned char)(t); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 56); -#else - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); -#endif - } - break; - /* ... as well as make sure md_len is not abused. */ - default: - return 0; - } - - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Final); - -int -STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c) -{ - return STREEBOG512_Final(md, c); -} -LCRYPTO_ALIAS(STREEBOG256_Final); - -int -STREEBOG512_Update(STREEBOG_CTX *c, const void *_data, size_t len) -{ - unsigned char *p = (unsigned char *)c->data; - const unsigned char *data = (const unsigned char *)_data; - - if (len == 0) - return 1; - - if (c->num != 0) { - size_t n = STREEBOG_CBLOCK - c->num; - - if (len < n) { - memcpy(p + c->num, data, len); - c->num += (unsigned int)len; - return 1; - } else { - memcpy(p + c->num, data, n); - c->num = 0; - len -= n; - data += n; - streebog_block_data_order(c, p, 1); - } - } - - if (len >= STREEBOG_CBLOCK) { - streebog_block_data_order(c, data, len / STREEBOG_CBLOCK); - data += len; - len %= STREEBOG_CBLOCK; - data -= len; - } - - if (len != 0) { - memcpy(p, data, len); - c->num = (int)len; - } - - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Update); - -int -STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len) -{ - return STREEBOG512_Update(c, data, len); -} -LCRYPTO_ALIAS(STREEBOG256_Update); - -void -STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data) -{ - streebog_block_data_order(c, data, 1); -} -LCRYPTO_ALIAS(STREEBOG512_Transform); - -int -STREEBOG256_Init(STREEBOG_CTX *c) -{ - memset(c, 0, sizeof(*c)); - memset(c->h, 1, sizeof(c->h)); - - c->md_len = STREEBOG256_LENGTH; - return 1; -} -LCRYPTO_ALIAS(STREEBOG256_Init); - -int -STREEBOG512_Init(STREEBOG_CTX *c) -{ - memset(c, 0, sizeof(*c)); - memset(c->h, 0, sizeof(c->h)); - - c->num = 0; - c->md_len = STREEBOG512_LENGTH; - return 1; -} -LCRYPTO_ALIAS(STREEBOG512_Init); - -unsigned char * -STREEBOG256(const unsigned char *d, size_t n, unsigned char *md) -{ - STREEBOG_CTX c; - static unsigned char m[STREEBOG256_LENGTH]; - - if (md == NULL) - md = m; - STREEBOG256_Init(&c); - STREEBOG256_Update(&c, d, n); - STREEBOG256_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(STREEBOG256); - -unsigned char * -STREEBOG512(const unsigned char *d, size_t n, unsigned char *md) -{ - STREEBOG_CTX c; - static unsigned char m[STREEBOG512_LENGTH]; - - if (md == NULL) - md = m; - STREEBOG512_Init(&c); - STREEBOG512_Update(&c, d, n); - STREEBOG512_Final(md, &c); - explicit_bzero(&c, sizeof(c)); - return (md); -} -LCRYPTO_ALIAS(STREEBOG512); - -#endif diff --git a/crypto/hidden/openssl/asn1.h b/crypto/hidden/openssl/asn1.h index fb1393f2..12d9618f 100644 --- a/crypto/hidden/openssl/asn1.h +++ b/crypto/hidden/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.6 2023/07/28 10:33:13 tb Exp $ */ +/* $OpenBSD: asn1.h,v 1.12 2024/03/02 09:08:41 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -154,7 +154,6 @@ LCRYPTO_USED(ASN1_TIME_normalize); LCRYPTO_USED(ASN1_TIME_set_string_X509); LCRYPTO_USED(ASN1_TIME_diff); LCRYPTO_USED(ASN1_TIME_set); -LCRYPTO_USED(ASN1_TIME_set_tm); LCRYPTO_USED(ASN1_TIME_adj); LCRYPTO_USED(ASN1_TIME_check); LCRYPTO_USED(ASN1_TIME_to_generalizedtime); @@ -222,32 +221,15 @@ LCRYPTO_USED(ASN1_mbstring_copy); LCRYPTO_USED(ASN1_mbstring_ncopy); LCRYPTO_USED(ASN1_STRING_set_by_NID); LCRYPTO_USED(ASN1_STRING_TABLE_get); -LCRYPTO_USED(ASN1_STRING_TABLE_add); -LCRYPTO_USED(ASN1_STRING_TABLE_cleanup); LCRYPTO_USED(ASN1_item_new); LCRYPTO_USED(ASN1_item_free); LCRYPTO_USED(ASN1_item_d2i); LCRYPTO_USED(ASN1_item_i2d); -LCRYPTO_USED(ASN1_add_oid_module); LCRYPTO_USED(ASN1_generate_nconf); LCRYPTO_USED(ASN1_generate_v3); LCRYPTO_USED(ASN1_item_print); -LCRYPTO_USED(ASN1_PCTX_new); -LCRYPTO_USED(ASN1_PCTX_free); -LCRYPTO_USED(ASN1_PCTX_get_flags); -LCRYPTO_USED(ASN1_PCTX_set_flags); -LCRYPTO_USED(ASN1_PCTX_get_nm_flags); -LCRYPTO_USED(ASN1_PCTX_set_nm_flags); -LCRYPTO_USED(ASN1_PCTX_get_cert_flags); -LCRYPTO_USED(ASN1_PCTX_set_cert_flags); -LCRYPTO_USED(ASN1_PCTX_get_oid_flags); -LCRYPTO_USED(ASN1_PCTX_set_oid_flags); -LCRYPTO_USED(ASN1_PCTX_get_str_flags); -LCRYPTO_USED(ASN1_PCTX_set_str_flags); LCRYPTO_USED(SMIME_crlf_copy); LCRYPTO_USED(SMIME_text); LCRYPTO_USED(ERR_load_ASN1_strings); -LCRYPTO_USED(ASN1_time_parse); -LCRYPTO_USED(ASN1_time_tm_cmp); #endif /* _LIBCRYPTO_ASN1_H */ diff --git a/crypto/hidden/openssl/bio.h b/crypto/hidden/openssl/bio.h index f7e7cd3d..425d1e29 100644 --- a/crypto/hidden/openssl/bio.h +++ b/crypto/hidden/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.4 2023/07/28 10:13:50 tb Exp $ */ +/* $OpenBSD: bio.h,v 1.7 2024/03/02 09:22:41 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -68,7 +68,6 @@ LCRYPTO_USED(BIO_s_file); LCRYPTO_USED(BIO_new_file); LCRYPTO_USED(BIO_new_fp); LCRYPTO_USED(BIO_new); -LCRYPTO_USED(BIO_set); LCRYPTO_USED(BIO_free); LCRYPTO_USED(BIO_up_ref); LCRYPTO_USED(BIO_get_data); @@ -118,8 +117,6 @@ LCRYPTO_USED(BIO_fd_should_retry); LCRYPTO_USED(BIO_fd_non_fatal_error); LCRYPTO_USED(BIO_dump); LCRYPTO_USED(BIO_dump_indent); -LCRYPTO_USED(BIO_dump_fp); -LCRYPTO_USED(BIO_dump_indent_fp); LCRYPTO_USED(BIO_gethostbyname); LCRYPTO_USED(BIO_sock_error); LCRYPTO_USED(BIO_socket_ioctl); @@ -138,9 +135,6 @@ LCRYPTO_USED(BIO_new_connect); LCRYPTO_USED(BIO_new_accept); LCRYPTO_USED(BIO_copy_next_retry); LCRYPTO_USED(BIO_printf); -LCRYPTO_USED(BIO_vprintf); -LCRYPTO_USED(BIO_snprintf); -LCRYPTO_USED(BIO_vsnprintf); LCRYPTO_USED(ERR_load_BIO_strings); #endif /* _LIBCRYPTO_BIO_H */ diff --git a/crypto/hidden/openssl/bn.h b/crypto/hidden/openssl/bn.h index 9942cf6f..f6f00cf7 100644 --- a/crypto/hidden/openssl/bn.h +++ b/crypto/hidden/openssl/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.4 2023/07/29 03:13:38 tb Exp $ */ +/* $OpenBSD: bn.h,v 1.6 2024/03/02 09:27:31 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -97,9 +97,6 @@ LCRYPTO_USED(BN_lshift); LCRYPTO_USED(BN_lshift1); LCRYPTO_USED(BN_exp); LCRYPTO_USED(BN_mod_exp_mont_consttime); -LCRYPTO_USED(BN_mod_exp_mont_word); -LCRYPTO_USED(BN_mod_exp2_mont); -LCRYPTO_USED(BN_mod_exp_simple); LCRYPTO_USED(BN_mask_bits); LCRYPTO_USED(BN_print_fp); LCRYPTO_USED(BN_print); diff --git a/crypto/hidden/openssl/cmac.h b/crypto/hidden/openssl/cmac.h index cefdb4f6..1e802aa8 100644 --- a/crypto/hidden/openssl/cmac.h +++ b/crypto/hidden/openssl/cmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.h,v 1.1 2023/07/08 14:27:14 beck Exp $ */ +/* $OpenBSD: cmac.h,v 1.2 2024/03/02 09:30:21 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -33,6 +33,5 @@ LCRYPTO_USED(CMAC_CTX_copy); LCRYPTO_USED(CMAC_Init); LCRYPTO_USED(CMAC_Update); LCRYPTO_USED(CMAC_Final); -LCRYPTO_USED(CMAC_resume); #endif /* _LIBCRYPTO_CMAC_H */ diff --git a/crypto/hidden/openssl/crypto.h b/crypto/hidden/openssl/crypto.h index dc0b7a02..10daf41f 100644 --- a/crypto/hidden/openssl/crypto.h +++ b/crypto/hidden/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.2 2023/07/28 10:19:20 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.6 2024/03/02 11:37:13 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -38,39 +38,13 @@ LCRYPTO_USED(CRYPTO_get_ex_data); LCRYPTO_USED(CRYPTO_cleanup_all_ex_data); LCRYPTO_USED(CRYPTO_lock); LCRYPTO_USED(CRYPTO_add_lock); -LCRYPTO_USED(CRYPTO_THREADID_current); -LCRYPTO_USED(CRYPTO_THREADID_cmp); -LCRYPTO_USED(CRYPTO_THREADID_cpy); -LCRYPTO_USED(CRYPTO_THREADID_hash); LCRYPTO_USED(CRYPTO_set_mem_functions); -LCRYPTO_USED(CRYPTO_set_locked_mem_functions); LCRYPTO_USED(CRYPTO_set_mem_ex_functions); -LCRYPTO_USED(CRYPTO_set_locked_mem_ex_functions); -LCRYPTO_USED(CRYPTO_set_mem_debug_functions); -LCRYPTO_USED(CRYPTO_get_mem_functions); -LCRYPTO_USED(CRYPTO_get_locked_mem_functions); -LCRYPTO_USED(CRYPTO_get_mem_ex_functions); -LCRYPTO_USED(CRYPTO_get_locked_mem_ex_functions); -LCRYPTO_USED(CRYPTO_get_mem_debug_functions); -LCRYPTO_USED(CRYPTO_realloc_clean); -LCRYPTO_USED(CRYPTO_remalloc); -LCRYPTO_USED(CRYPTO_set_mem_debug_options); -LCRYPTO_USED(CRYPTO_get_mem_debug_options); -LCRYPTO_USED(CRYPTO_push_info_); -LCRYPTO_USED(CRYPTO_pop_info); -LCRYPTO_USED(CRYPTO_remove_all_info); -LCRYPTO_USED(CRYPTO_dbg_malloc); -LCRYPTO_USED(CRYPTO_dbg_realloc); -LCRYPTO_USED(CRYPTO_dbg_free); -LCRYPTO_USED(CRYPTO_dbg_set_options); -LCRYPTO_USED(CRYPTO_dbg_get_options); -LCRYPTO_USED(CRYPTO_mem_leaks_fp); -LCRYPTO_USED(CRYPTO_mem_leaks); -LCRYPTO_USED(CRYPTO_mem_leaks_cb); LCRYPTO_USED(OpenSSLDie); LCRYPTO_USED(OPENSSL_cpu_caps); LCRYPTO_USED(OPENSSL_init_crypto); LCRYPTO_USED(OPENSSL_cleanup); +LCRYPTO_USED(OPENSSL_gmtime); LCRYPTO_USED(ERR_load_CRYPTO_strings); #endif /* _LIBCRYPTO_CRYPTO_H */ diff --git a/crypto/hidden/openssl/dsa.h b/crypto/hidden/openssl/dsa.h index b2b0058c..40597abb 100644 --- a/crypto/hidden/openssl/dsa.h +++ b/crypto/hidden/openssl/dsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.h,v 1.1 2023/07/08 14:28:15 beck Exp $ */ +/* $OpenBSD: dsa.h,v 1.2 2024/03/02 09:33:14 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -61,7 +61,6 @@ LCRYPTO_USED(d2i_DSAPrivateKey); LCRYPTO_USED(i2d_DSAPrivateKey); LCRYPTO_USED(d2i_DSAparams); LCRYPTO_USED(i2d_DSAparams); -LCRYPTO_USED(DSA_generate_parameters); LCRYPTO_USED(DSA_generate_parameters_ex); LCRYPTO_USED(DSA_generate_key); LCRYPTO_USED(DSAparams_print); diff --git a/crypto/hidden/openssl/err.h b/crypto/hidden/openssl/err.h index 036ead8c..08f97e1c 100644 --- a/crypto/hidden/openssl/err.h +++ b/crypto/hidden/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.4 2023/07/28 10:23:19 tb Exp $ */ +/* $OpenBSD: err.h,v 1.5 2024/03/02 10:30:48 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -53,7 +53,6 @@ LCRYPTO_USED(ERR_load_crypto_strings); LCRYPTO_USED(ERR_free_strings); LCRYPTO_USED(ERR_remove_thread_state); LCRYPTO_USED(ERR_remove_state); -LCRYPTO_USED(ERR_get_state); LCRYPTO_USED(ERR_get_next_error_library); LCRYPTO_USED(ERR_set_mark); LCRYPTO_USED(ERR_pop_to_mark); diff --git a/crypto/hidden/openssl/gost.h b/crypto/hidden/openssl/gost.h deleted file mode 100644 index e30e6611..00000000 --- a/crypto/hidden/openssl/gost.h +++ /dev/null @@ -1,71 +0,0 @@ -/* $OpenBSD: gost.h,v 1.1 2023/07/08 14:30:44 beck Exp $ */ -/* - * Copyright (c) 2023 Bob Beck - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _LIBCRYPTO_GOST_H -#define _LIBCRYPTO_GOST_H - -#ifndef _MSC_VER -#include_next -#else -#include "../include/openssl/gost.h" -#endif -#include "crypto_namespace.h" - -LCRYPTO_USED(Gost2814789_set_sbox); -LCRYPTO_USED(Gost2814789_set_key); -LCRYPTO_USED(Gost2814789_ecb_encrypt); -LCRYPTO_USED(Gost2814789_cfb64_encrypt); -LCRYPTO_USED(Gost2814789_cnt_encrypt); -LCRYPTO_USED(GOST_CIPHER_PARAMS_new); -LCRYPTO_USED(GOST_CIPHER_PARAMS_free); -LCRYPTO_USED(d2i_GOST_CIPHER_PARAMS); -LCRYPTO_USED(i2d_GOST_CIPHER_PARAMS); -LCRYPTO_USED(GOST2814789IMIT_Init); -LCRYPTO_USED(GOST2814789IMIT_Update); -LCRYPTO_USED(GOST2814789IMIT_Final); -LCRYPTO_USED(GOST2814789IMIT_Transform); -LCRYPTO_USED(GOST2814789IMIT); -LCRYPTO_USED(GOSTR341194_Init); -LCRYPTO_USED(GOSTR341194_Update); -LCRYPTO_USED(GOSTR341194_Final); -LCRYPTO_USED(GOSTR341194_Transform); -LCRYPTO_USED(GOSTR341194); -LCRYPTO_USED(STREEBOG256_Init); -LCRYPTO_USED(STREEBOG256_Update); -LCRYPTO_USED(STREEBOG256_Final); -LCRYPTO_USED(STREEBOG256); -LCRYPTO_USED(STREEBOG512_Init); -LCRYPTO_USED(STREEBOG512_Update); -LCRYPTO_USED(STREEBOG512_Final); -LCRYPTO_USED(STREEBOG512_Transform); -LCRYPTO_USED(STREEBOG512); -LCRYPTO_USED(GOST_KEY_new); -LCRYPTO_USED(GOST_KEY_free); -LCRYPTO_USED(GOST_KEY_check_key); -LCRYPTO_USED(GOST_KEY_set_public_key_affine_coordinates); -LCRYPTO_USED(GOST_KEY_get0_group); -LCRYPTO_USED(GOST_KEY_set_group); -LCRYPTO_USED(GOST_KEY_get_digest); -LCRYPTO_USED(GOST_KEY_set_digest); -LCRYPTO_USED(GOST_KEY_get0_private_key); -LCRYPTO_USED(GOST_KEY_set_private_key); -LCRYPTO_USED(GOST_KEY_get0_public_key); -LCRYPTO_USED(GOST_KEY_set_public_key); -LCRYPTO_USED(GOST_KEY_get_size); -LCRYPTO_USED(ERR_load_GOST_strings); - -#endif /* _LIBCRYPTO_GOST_H */ diff --git a/crypto/hidden/openssl/lhash.h b/crypto/hidden/openssl/lhash.h index 151f154a..2cf5b2dc 100644 --- a/crypto/hidden/openssl/lhash.h +++ b/crypto/hidden/openssl/lhash.h @@ -1,4 +1,4 @@ -/* $OpenBSD: lhash.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: lhash.h,v 1.4 2024/03/02 11:11:11 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -27,6 +27,7 @@ LCRYPTO_USED(lh_new); LCRYPTO_USED(lh_free); +LCRYPTO_USED(lh_error); LCRYPTO_USED(lh_insert); LCRYPTO_USED(lh_delete); LCRYPTO_USED(lh_retrieve); @@ -34,11 +35,5 @@ LCRYPTO_USED(lh_doall); LCRYPTO_USED(lh_doall_arg); LCRYPTO_USED(lh_strhash); LCRYPTO_USED(lh_num_items); -LCRYPTO_USED(lh_stats); -LCRYPTO_USED(lh_node_stats); -LCRYPTO_USED(lh_node_usage_stats); -LCRYPTO_USED(lh_stats_bio); -LCRYPTO_USED(lh_node_stats_bio); -LCRYPTO_USED(lh_node_usage_stats_bio); #endif /* _LIBCRYPTO_LHASH_H */ diff --git a/crypto/hidden/openssl/objects.h b/crypto/hidden/openssl/objects.h index ba5bf8e2..c2db51a6 100644 --- a/crypto/hidden/openssl/objects.h +++ b/crypto/hidden/openssl/objects.h @@ -1,4 +1,4 @@ -/* $OpenBSD: objects.h,v 1.2 2023/07/28 10:25:05 tb Exp $ */ +/* $OpenBSD: objects.h,v 1.5 2024/03/02 09:49:45 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -25,12 +25,6 @@ #endif #include "crypto_namespace.h" -LCRYPTO_USED(OBJ_NAME_init); -LCRYPTO_USED(OBJ_NAME_new_index); -LCRYPTO_USED(OBJ_NAME_get); -LCRYPTO_USED(OBJ_NAME_add); -LCRYPTO_USED(OBJ_NAME_remove); -LCRYPTO_USED(OBJ_NAME_cleanup); LCRYPTO_USED(OBJ_NAME_do_all); LCRYPTO_USED(OBJ_NAME_do_all_sorted); LCRYPTO_USED(OBJ_dup); @@ -44,9 +38,7 @@ LCRYPTO_USED(OBJ_txt2nid); LCRYPTO_USED(OBJ_ln2nid); LCRYPTO_USED(OBJ_sn2nid); LCRYPTO_USED(OBJ_cmp); -LCRYPTO_USED(OBJ_bsearch_); LCRYPTO_USED(OBJ_new_nid); -LCRYPTO_USED(OBJ_add_object); LCRYPTO_USED(OBJ_create); LCRYPTO_USED(OBJ_cleanup); LCRYPTO_USED(OBJ_create_objects); diff --git a/crypto/hidden/openssl/pkcs12.h b/crypto/hidden/openssl/pkcs12.h index 9a2dffa3..4c37e73c 100644 --- a/crypto/hidden/openssl/pkcs12.h +++ b/crypto/hidden/openssl/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.3 2024/03/02 10:15:16 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -34,68 +34,33 @@ LCRYPTO_USED(PKCS12_SAFEBAG_get1_crl); LCRYPTO_USED(PKCS8_get_attr); LCRYPTO_USED(PKCS12_mac_present); LCRYPTO_USED(PKCS12_get0_mac); -LCRYPTO_USED(PKCS12_SAFEBAG_create_cert); -LCRYPTO_USED(PKCS12_SAFEBAG_create_crl); -LCRYPTO_USED(PKCS12_SAFEBAG_create0_p8inf); -LCRYPTO_USED(PKCS12_SAFEBAG_create0_pkcs8); -LCRYPTO_USED(PKCS12_SAFEBAG_create_pkcs8_encrypt); LCRYPTO_USED(PKCS12_SAFEBAG_get0_p8inf); LCRYPTO_USED(PKCS12_SAFEBAG_get0_pkcs8); LCRYPTO_USED(PKCS12_SAFEBAG_get0_safes); LCRYPTO_USED(PKCS12_SAFEBAG_get0_type); -LCRYPTO_USED(PKCS12_item_pack_safebag); LCRYPTO_USED(PKCS8_decrypt); LCRYPTO_USED(PKCS12_decrypt_skey); LCRYPTO_USED(PKCS8_encrypt); -LCRYPTO_USED(PKCS12_pack_p7data); LCRYPTO_USED(PKCS12_unpack_p7data); -LCRYPTO_USED(PKCS12_pack_p7encdata); LCRYPTO_USED(PKCS12_unpack_p7encdata); -LCRYPTO_USED(PKCS12_pack_authsafes); LCRYPTO_USED(PKCS12_unpack_authsafes); -LCRYPTO_USED(PKCS12_add_localkeyid); -LCRYPTO_USED(PKCS12_add_friendlyname_asc); -LCRYPTO_USED(PKCS12_add_CSPName_asc); -LCRYPTO_USED(PKCS12_add_friendlyname_uni); LCRYPTO_USED(PKCS8_add_keyusage); -LCRYPTO_USED(PKCS12_get_attr_gen); LCRYPTO_USED(PKCS12_get_friendlyname); -LCRYPTO_USED(PKCS12_pbe_crypt); -LCRYPTO_USED(PKCS12_item_decrypt_d2i); -LCRYPTO_USED(PKCS12_item_i2d_encrypt); -LCRYPTO_USED(PKCS12_init); -LCRYPTO_USED(PKCS12_key_gen_asc); -LCRYPTO_USED(PKCS12_key_gen_uni); -LCRYPTO_USED(PKCS12_PBE_keyivgen); -LCRYPTO_USED(PKCS12_gen_mac); LCRYPTO_USED(PKCS12_verify_mac); LCRYPTO_USED(PKCS12_set_mac); -LCRYPTO_USED(PKCS12_setup_mac); LCRYPTO_USED(OPENSSL_asc2uni); LCRYPTO_USED(OPENSSL_uni2asc); LCRYPTO_USED(PKCS12_new); LCRYPTO_USED(PKCS12_free); LCRYPTO_USED(d2i_PKCS12); LCRYPTO_USED(i2d_PKCS12); -LCRYPTO_USED(PKCS12_MAC_DATA_new); -LCRYPTO_USED(PKCS12_MAC_DATA_free); -LCRYPTO_USED(d2i_PKCS12_MAC_DATA); -LCRYPTO_USED(i2d_PKCS12_MAC_DATA); LCRYPTO_USED(PKCS12_SAFEBAG_new); LCRYPTO_USED(PKCS12_SAFEBAG_free); LCRYPTO_USED(d2i_PKCS12_SAFEBAG); LCRYPTO_USED(i2d_PKCS12_SAFEBAG); -LCRYPTO_USED(PKCS12_BAGS_new); -LCRYPTO_USED(PKCS12_BAGS_free); -LCRYPTO_USED(d2i_PKCS12_BAGS); -LCRYPTO_USED(i2d_PKCS12_BAGS); LCRYPTO_USED(PKCS12_PBE_add); LCRYPTO_USED(PKCS12_parse); LCRYPTO_USED(PKCS12_create); -LCRYPTO_USED(PKCS12_add_cert); -LCRYPTO_USED(PKCS12_add_key); -LCRYPTO_USED(PKCS12_add_safe); -LCRYPTO_USED(PKCS12_add_safes); LCRYPTO_USED(i2d_PKCS12_bio); LCRYPTO_USED(i2d_PKCS12_fp); LCRYPTO_USED(d2i_PKCS12_bio); diff --git a/crypto/hidden/openssl/posix_time.h b/crypto/hidden/openssl/posix_time.h new file mode 100644 index 00000000..306d43ea --- /dev/null +++ b/crypto/hidden/openssl/posix_time.h @@ -0,0 +1,32 @@ +/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */ +/* + * Copyright (c) 2024 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBCRYPTO_POSIX_TIME_H +#define _LIBCRYPTO_POSIX_TIME_H + +#ifndef _MSC_VER +#include_next +#else +#include "../include/openssl/posix_time.h" +#endif +#include "crypto_namespace.h" + +LCRYPTO_USED(OPENSSL_posix_to_tm); +LCRYPTO_USED(OPENSSL_tm_to_posix); +LCRYPTO_USED(OPENSSL_timegm); + +#endif /* _LIBCRYPTO_POSIX_TIME_H */ diff --git a/crypto/hidden/openssl/stack.h b/crypto/hidden/openssl/stack.h index 38bb02e8..3f742c1b 100644 --- a/crypto/hidden/openssl/stack.h +++ b/crypto/hidden/openssl/stack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: stack.h,v 1.2 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: stack.h,v 1.3 2024/03/02 11:20:36 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -36,7 +36,6 @@ LCRYPTO_USED(sk_insert); LCRYPTO_USED(sk_delete); LCRYPTO_USED(sk_delete_ptr); LCRYPTO_USED(sk_find); -LCRYPTO_USED(sk_find_ex); LCRYPTO_USED(sk_push); LCRYPTO_USED(sk_unshift); LCRYPTO_USED(sk_shift); diff --git a/crypto/hidden/openssl/x509.h b/crypto/hidden/openssl/x509.h index 13bd5b53..35a4a67e 100644 --- a/crypto/hidden/openssl/x509.h +++ b/crypto/hidden/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.3 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: x509.h,v 1.4 2024/03/02 10:48:17 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -104,8 +104,6 @@ LCRYPTO_USED(X509_get_default_private_dir); LCRYPTO_USED(X509_to_X509_REQ); LCRYPTO_USED(X509_REQ_to_X509); LCRYPTO_USED(X509_get_pubkey_parameters); -LCRYPTO_USED(X509_TRUST_set_default); -LCRYPTO_USED(X509_TRUST_set); LCRYPTO_USED(X509_NAME_oneline); LCRYPTO_USED(X509_get0_extensions); LCRYPTO_USED(X509_get0_tbs_sigalg); @@ -268,14 +266,6 @@ LCRYPTO_USED(X509_verify_cert); LCRYPTO_USED(X509_find_by_issuer_and_serial); LCRYPTO_USED(X509_find_by_subject); LCRYPTO_USED(X509_check_trust); -LCRYPTO_USED(X509_TRUST_get_count); -LCRYPTO_USED(X509_TRUST_get0); -LCRYPTO_USED(X509_TRUST_get_by_id); -LCRYPTO_USED(X509_TRUST_add); -LCRYPTO_USED(X509_TRUST_cleanup); -LCRYPTO_USED(X509_TRUST_get_flags); -LCRYPTO_USED(X509_TRUST_get0_name); -LCRYPTO_USED(X509_TRUST_get_trust); LCRYPTO_USED(X509_up_ref); LCRYPTO_USED(X509_chain_up_ref); LCRYPTO_USED(ERR_load_X509_strings); diff --git a/crypto/hidden/openssl/x509_vfy.h b/crypto/hidden/openssl/x509_vfy.h index b5f2ac1a..3d65837a 100644 --- a/crypto/hidden/openssl/x509_vfy.h +++ b/crypto/hidden/openssl/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.6 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.9 2024/03/02 10:57:03 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -40,6 +40,7 @@ LCRYPTO_USED(X509_STORE_new); LCRYPTO_USED(X509_STORE_free); LCRYPTO_USED(X509_STORE_up_ref); LCRYPTO_USED(X509_STORE_get0_objects); +LCRYPTO_USED(X509_STORE_get1_objects); LCRYPTO_USED(X509_STORE_get_ex_data); LCRYPTO_USED(X509_STORE_set_ex_data); LCRYPTO_USED(X509_STORE_set_flags); @@ -78,14 +79,7 @@ LCRYPTO_USED(X509_LOOKUP_ctrl); LCRYPTO_USED(X509_load_cert_file); LCRYPTO_USED(X509_load_crl_file); LCRYPTO_USED(X509_load_cert_crl_file); -LCRYPTO_USED(X509_LOOKUP_new); LCRYPTO_USED(X509_LOOKUP_free); -LCRYPTO_USED(X509_LOOKUP_init); -LCRYPTO_USED(X509_LOOKUP_by_subject); -LCRYPTO_USED(X509_LOOKUP_by_issuer_serial); -LCRYPTO_USED(X509_LOOKUP_by_fingerprint); -LCRYPTO_USED(X509_LOOKUP_by_alias); -LCRYPTO_USED(X509_LOOKUP_shutdown); LCRYPTO_USED(X509_STORE_load_locations); LCRYPTO_USED(X509_STORE_load_mem); LCRYPTO_USED(X509_STORE_set_default_paths); @@ -108,7 +102,6 @@ LCRYPTO_USED(X509_STORE_CTX_set_chain); LCRYPTO_USED(X509_STORE_CTX_set0_crls); LCRYPTO_USED(X509_STORE_CTX_set_purpose); LCRYPTO_USED(X509_STORE_CTX_set_trust); -LCRYPTO_USED(X509_STORE_CTX_purpose_inherit); LCRYPTO_USED(X509_STORE_CTX_set_flags); LCRYPTO_USED(X509_STORE_CTX_set_time); LCRYPTO_USED(X509_STORE_CTX_set0_verified_chain); diff --git a/crypto/hidden/openssl/x509v3.h b/crypto/hidden/openssl/x509v3.h index a85c5c26..a833ec9f 100644 --- a/crypto/hidden/openssl/x509v3.h +++ b/crypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.5 2023/07/05 21:14:54 bcook Exp $ */ +/* $OpenBSD: x509v3.h,v 1.7 2024/03/02 10:40:05 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -160,10 +160,6 @@ LCRYPTO_USED(i2s_ASN1_INTEGER); LCRYPTO_USED(s2i_ASN1_INTEGER); LCRYPTO_USED(i2s_ASN1_ENUMERATED); LCRYPTO_USED(i2s_ASN1_ENUMERATED_TABLE); -LCRYPTO_USED(X509V3_EXT_add); -LCRYPTO_USED(X509V3_EXT_add_list); -LCRYPTO_USED(X509V3_EXT_add_alias); -LCRYPTO_USED(X509V3_EXT_cleanup); LCRYPTO_USED(X509V3_EXT_get); LCRYPTO_USED(X509V3_EXT_get_nid); LCRYPTO_USED(X509V3_add_standard_extensions); @@ -181,18 +177,13 @@ LCRYPTO_USED(X509V3_extensions_print); LCRYPTO_USED(X509_check_ca); LCRYPTO_USED(X509_check_purpose); LCRYPTO_USED(X509_supported_extension); -LCRYPTO_USED(X509_PURPOSE_set); LCRYPTO_USED(X509_check_issued); LCRYPTO_USED(X509_check_akid); LCRYPTO_USED(X509_PURPOSE_get_count); LCRYPTO_USED(X509_PURPOSE_get0); LCRYPTO_USED(X509_PURPOSE_get_by_sname); -LCRYPTO_USED(X509_PURPOSE_get_by_id); -LCRYPTO_USED(X509_PURPOSE_add); LCRYPTO_USED(X509_PURPOSE_get0_name); LCRYPTO_USED(X509_PURPOSE_get0_sname); -LCRYPTO_USED(X509_PURPOSE_get_trust); -LCRYPTO_USED(X509_PURPOSE_cleanup); LCRYPTO_USED(X509_PURPOSE_get_id); LCRYPTO_USED(X509_get_extension_flags); LCRYPTO_USED(X509_get_key_usage); diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index 7e6ad6d6..8bb1dc78 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_ameth.c,v 1.19 2022/11/26 16:08:53 tb Exp $ */ +/* $OpenBSD: hm_ameth.c,v 1.20 2024/01/04 17:01:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -153,8 +153,8 @@ hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len) } const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { + .base_method = &hmac_asn1_meth, .pkey_id = EVP_PKEY_HMAC, - .pkey_base_id = EVP_PKEY_HMAC, .pem_str = "HMAC", .info = "OpenSSL HMAC method", diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index bb043d1a..05eb1bf8 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hm_pmeth.c,v 1.15 2022/11/26 16:08:53 tb Exp $ */ +/* $OpenBSD: hm_pmeth.c,v 1.17 2023/12/28 22:00:56 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2007. */ @@ -131,15 +131,22 @@ pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { ASN1_OCTET_STRING *hkey = NULL; HMAC_PKEY_CTX *hctx = ctx->data; + int ret = 0; - if (!hctx->ktmp.data) - return 0; - hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); - if (!hkey) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); + if (hctx->ktmp.data == NULL) + goto err; + if ((hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp)) == NULL) + goto err; + if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey)) + goto err; + hkey = NULL; - return 1; + ret = 1; + + err: + ASN1_OCTET_STRING_free(hkey); + + return ret; } static int @@ -204,7 +211,7 @@ pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DIGESTINIT: key = ctx->pkey->pkey.ptr; if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, - ctx->engine)) + NULL)) return 0; break; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index ea3a1b4a..32d75154 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.c,v 1.31 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: hmac.c,v 1.32 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -214,9 +214,9 @@ HMAC_CTX_reset(HMAC_CTX *ctx) void HMAC_CTX_init(HMAC_CTX *ctx) { - EVP_MD_CTX_init(&ctx->i_ctx); - EVP_MD_CTX_init(&ctx->o_ctx); - EVP_MD_CTX_init(&ctx->md_ctx); + EVP_MD_CTX_legacy_clear(&ctx->i_ctx); + EVP_MD_CTX_legacy_clear(&ctx->o_ctx); + EVP_MD_CTX_legacy_clear(&ctx->md_ctx); ctx->md = NULL; } diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c deleted file mode 100644 index 123792a2..00000000 --- a/crypto/lhash/lh_stats.c +++ /dev/null @@ -1,263 +0,0 @@ -/* $OpenBSD: lh_stats.c,v 1.13 2023/07/07 13:40:44 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_BIO -#include -#endif -#include - -#ifdef OPENSSL_NO_BIO - -void -lh_stats(LHASH *lh, FILE *out) -{ - fprintf(out, "num_items = %lu\n", lh->num_items); - fprintf(out, "num_nodes = %u\n", lh->num_nodes); - fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); - fprintf(out, "num_expands = %lu\n", lh->num_expands); - fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); - fprintf(out, "num_contracts = %lu\n", lh->num_contracts); - fprintf(out, "num_contract_reallocs = %lu\n", - lh->num_contract_reallocs); - fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); - fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); - fprintf(out, "num_insert = %lu\n", lh->num_insert); - fprintf(out, "num_replace = %lu\n", lh->num_replace); - fprintf(out, "num_delete = %lu\n", lh->num_delete); - fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); - fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); - fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -#if 0 - fprintf(out, "p = %u\n", lh->p); - fprintf(out, "pmax = %u\n", lh->pmax); - fprintf(out, "up_load = %lu\n", lh->up_load); - fprintf(out, "down_load = %lu\n", lh->down_load); -#endif -} -LCRYPTO_ALIAS(lh_stats); - -void -lh_node_stats(LHASH *lh, FILE *out) -{ - LHASH_NODE *n; - unsigned int i, num; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - fprintf(out, "node %6u -> %3u\n", i, num); - } -} -LCRYPTO_ALIAS(lh_node_stats); - -void -lh_node_usage_stats(LHASH *lh, FILE *out) -{ - LHASH_NODE *n; - unsigned long num; - unsigned int i; - unsigned long total = 0, n_used = 0; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - if (num != 0) { - n_used++; - total += num; - } - } - fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); - fprintf(out, "%lu items\n", total); - if (n_used == 0) - return; - fprintf(out, "load %d.%02d actual load %d.%02d\n", - (int)(total / lh->num_nodes), - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), - (int)((total % n_used) * 100 / n_used)); -} -LCRYPTO_ALIAS(lh_node_usage_stats); - -#else - -void -lh_stats(const _LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - lh_stats_bio(lh, bp); - BIO_free(bp); -end:; -} -LCRYPTO_ALIAS(lh_stats); - -void -lh_node_stats(const _LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - lh_node_stats_bio(lh, bp); - BIO_free(bp); -end:; -} -LCRYPTO_ALIAS(lh_node_stats); - -void -lh_node_usage_stats(const _LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - goto end; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - lh_node_usage_stats_bio(lh, bp); - BIO_free(bp); -end:; -} -LCRYPTO_ALIAS(lh_node_usage_stats); - - -void -lh_stats_bio(const _LHASH *lh, BIO *out) -{ - BIO_printf(out, "num_items = %lu\n", lh->num_items); - BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); - BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); - BIO_printf(out, "num_expands = %lu\n", lh->num_expands); - BIO_printf(out, "num_expand_reallocs = %lu\n", - lh->num_expand_reallocs); - BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); - BIO_printf(out, "num_contract_reallocs = %lu\n", - lh->num_contract_reallocs); - BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); - BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); - BIO_printf(out, "num_insert = %lu\n", lh->num_insert); - BIO_printf(out, "num_replace = %lu\n", lh->num_replace); - BIO_printf(out, "num_delete = %lu\n", lh->num_delete); - BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); - BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); - BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -#if 0 - BIO_printf(out, "p = %u\n", lh->p); - BIO_printf(out, "pmax = %u\n", lh->pmax); - BIO_printf(out, "up_load = %lu\n", lh->up_load); - BIO_printf(out, "down_load = %lu\n", lh->down_load); -#endif -} -LCRYPTO_ALIAS(lh_stats_bio); - -void -lh_node_stats_bio(const _LHASH *lh, BIO *out) -{ - LHASH_NODE *n; - unsigned int i, num; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - BIO_printf(out, "node %6u -> %3u\n", i, num); - } -} -LCRYPTO_ALIAS(lh_node_stats_bio); - -void -lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) -{ - LHASH_NODE *n; - unsigned long num; - unsigned int i; - unsigned long total = 0, n_used = 0; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - if (num != 0) { - n_used++; - total += num; - } - } - BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); - BIO_printf(out, "%lu items\n", total); - if (n_used == 0) - return; - BIO_printf(out, "load %d.%02d actual load %d.%02d\n", - (int)(total / lh->num_nodes), - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), - (int)((total % n_used) * 100 / n_used)); -} -LCRYPTO_ALIAS(lh_node_usage_stats_bio); - -#endif diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 3adec71e..a271934c 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lhash.c,v 1.20 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: lhash.c,v 1.22.2.1 2024/05/11 02:18:20 mlarkin Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -103,6 +103,8 @@ #include #include +#include "lhash_local.h" + #undef MIN_NODES #define MIN_NODES 16 #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ @@ -157,6 +159,13 @@ lh_free(_LHASH *lh) } LCRYPTO_ALIAS(lh_free); +int +lh_error(_LHASH *lh) +{ + return lh->error; +} +LCRYPTO_ALIAS(lh_error); + void * lh_insert(_LHASH *lh, void *data) { @@ -250,12 +259,21 @@ static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) { - int i; LHASH_NODE *a, *n; + int down_load; + int i; if (lh == NULL) return; + /* + * Disable contraction of the hash while walking, as some consumers use + * it to delete hash entries. A better option would be to snapshot the + * hash, making it insert safe as well. + */ + down_load = lh->down_load; + lh->down_load = 0; + /* reverse the order so we search from 'top to bottom' * We were having memory leaks otherwise */ for (i = lh->num_nodes - 1; i >= 0; i--) { @@ -273,6 +291,12 @@ doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, a = n; } } + + /* Restore down load factor and trigger contraction. */ + lh->down_load = down_load; + if ((lh->num_nodes > MIN_NODES) && + (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) + contract(lh); } void diff --git a/crypto/evp/p_dec.c b/crypto/lhash/lhash_local.h similarity index 75% rename from crypto/evp/p_dec.c rename to crypto/lhash/lhash_local.h index d55b48b7..5466e554 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/lhash/lhash_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: p_dec.c,v 1.15 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: lhash_local.h,v 1.1 2024/03/02 11:11:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,39 +56,50 @@ * [including the GNU Public Licence.] */ -#include +/* Header for dynamic hash table routines + * Author - Eric Young + */ #include -#include -#include -#include -#include +#ifndef HEADER_LHASH_LOCAL_H +#define HEADER_LHASH_LOCAL_H -#ifndef OPENSSL_NO_RSA -#include +typedef struct lhash_node_st { + void *data; + struct lhash_node_st *next; +#ifndef OPENSSL_NO_HASH_COMP + unsigned long hash; #endif +} LHASH_NODE; -#include "evp_local.h" - -int -EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - EVP_PKEY *priv) -{ - int ret = -1; +struct lhash_st { + LHASH_NODE **b; + LHASH_COMP_FN_TYPE comp; + LHASH_HASH_FN_TYPE hash; + unsigned int num_nodes; + unsigned int num_alloc_nodes; + unsigned int p; + unsigned int pmax; + unsigned long up_load; /* load times 256 */ + unsigned long down_load; /* load times 256 */ + unsigned long num_items; -#ifndef OPENSSL_NO_RSA - if (priv->type != EVP_PKEY_RSA) { -#endif - EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); -#ifndef OPENSSL_NO_RSA - goto err; - } + unsigned long num_expands; + unsigned long num_expand_reallocs; + unsigned long num_contracts; + unsigned long num_contract_reallocs; + unsigned long num_hash_calls; + unsigned long num_comp_calls; + unsigned long num_insert; + unsigned long num_replace; + unsigned long num_delete; + unsigned long num_no_delete; + unsigned long num_retrieve; + unsigned long num_retrieve_miss; + unsigned long num_hash_comps; - ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, - RSA_PKCS1_PADDING); + int error; +} /* _LHASH */; -err: #endif - return (ret); -} diff --git a/crypto/malloc-wrapper.c b/crypto/malloc-wrapper.c index 4d57f00b..fb42169b 100644 --- a/crypto/malloc-wrapper.c +++ b/crypto/malloc-wrapper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: malloc-wrapper.c,v 1.8 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: malloc-wrapper.c,v 1.10 2024/03/02 11:35:09 tb Exp $ */ /* * Copyright (c) 2014 Bob Beck * @@ -36,116 +36,9 @@ CRYPTO_set_mem_ex_functions(void *(*m)(size_t, const char *, int), } LCRYPTO_ALIAS(CRYPTO_set_mem_ex_functions); -int -CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) -{ - return 0; -} -LCRYPTO_ALIAS(CRYPTO_set_locked_mem_functions); - -int -CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t, const char *, int), - void (*f)(void *)) -{ - return 0; -} -LCRYPTO_ALIAS(CRYPTO_set_locked_mem_ex_functions); - -int -CRYPTO_set_mem_debug_functions(void (*m)(void *, int, const char *, int, int), - void (*r)(void *, void *, int, const char *, int, int), - void (*f)(void *, int), void (*so)(long), long (*go)(void)) -{ - return 0; -} -LCRYPTO_ALIAS(CRYPTO_set_mem_debug_functions); - - -void -CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), - void (**f)(void *)) -{ - if (m != NULL) - *m = malloc; - if (r != NULL) - *r = realloc; - if (f != NULL) - *f = free; -} -LCRYPTO_ALIAS(CRYPTO_get_mem_functions); - -void -CRYPTO_get_mem_ex_functions(void *(**m)(size_t, const char *, int), - void *(**r)(void *, size_t, const char *, int), void (**f)(void *)) -{ - if (m != NULL) - *m = NULL; - if (r != NULL) - *r = NULL; - if (f != NULL) - *f = free; -} -LCRYPTO_ALIAS(CRYPTO_get_mem_ex_functions); - -void -CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) -{ - if (m != NULL) - *m = malloc; - if (f != NULL) - *f = free; -} -LCRYPTO_ALIAS(CRYPTO_get_locked_mem_functions); - -void -CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t, const char *, int), - void (**f)(void *)) -{ - if (m != NULL) - *m = NULL; - if (f != NULL) - *f = free; -} -LCRYPTO_ALIAS(CRYPTO_get_locked_mem_ex_functions); - -void -CRYPTO_get_mem_debug_functions(void (**m)(void *, int, const char *, int, int), - void (**r)(void *, void *, int, const char *, int, int), - void (**f)(void *, int), void (**so)(long), long (**go)(void)) -{ - if (m != NULL) - *m = NULL; - if (r != NULL) - *r = NULL; - if (f != NULL) - *f = NULL; - if (so != NULL) - *so = NULL; - if (go != NULL) - *go = NULL; -} -LCRYPTO_ALIAS(CRYPTO_get_mem_debug_functions); - - void * -CRYPTO_malloc_locked(int num, const char *file, int line) +CRYPTO_malloc(size_t num, const char *file, int line) { - if (num <= 0) - return NULL; - return malloc(num); -} - -void -CRYPTO_free_locked(void *ptr) -{ - free(ptr); -} - -void * -CRYPTO_malloc(int num, const char *file, int line) -{ - if (num <= 0) - return NULL; return malloc(num); } @@ -155,51 +48,8 @@ CRYPTO_strdup(const char *str, const char *file, int line) return strdup(str); } -void * -CRYPTO_realloc(void *ptr, int num, const char *file, int line) -{ - if (num <= 0) - return NULL; - return realloc(ptr, num); -} - -void * -CRYPTO_realloc_clean(void *ptr, int old_len, int num, const char *file, - int line) -{ - if (num <= 0) - return NULL; - /* Original does not support shrinking. */ - if (num < old_len) - return NULL; - return recallocarray(ptr, old_len, num, 1); -} -LCRYPTO_ALIAS(CRYPTO_realloc_clean); - void -CRYPTO_free(void *ptr) +CRYPTO_free(void *ptr, const char *file, int line) { free(ptr); } - -void * -CRYPTO_remalloc(void *a, int num, const char *file, int line) -{ - free(a); - return malloc(num); -} -LCRYPTO_ALIAS(CRYPTO_remalloc); - -void -CRYPTO_set_mem_debug_options(long bits) -{ - return; -} -LCRYPTO_ALIAS(CRYPTO_set_mem_debug_options); - -long -CRYPTO_get_mem_debug_options(void) -{ - return 0; -} -LCRYPTO_ALIAS(CRYPTO_get_mem_debug_options); diff --git a/crypto/md5/md5-elf-x86_64.S b/crypto/md5/md5-elf-x86_64.S index 8fc10c9f..53f1d871 100644 --- a/crypto/md5/md5-elf-x86_64.S +++ b/crypto/md5/md5-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .align 16 @@ -5,7 +11,7 @@ .globl md5_block_asm_data_order .type md5_block_asm_data_order,@function md5_block_asm_data_order: - endbr64 +_CET_ENDBR pushq %rbp pushq %rbx pushq %r12 diff --git a/crypto/md5/md5-macosx-x86_64.S b/crypto/md5/md5-macosx-x86_64.S index b4fcd181..7af45c2e 100644 --- a/crypto/md5/md5-macosx-x86_64.S +++ b/crypto/md5/md5-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 @@ -5,6 +11,7 @@ .globl _md5_block_asm_data_order _md5_block_asm_data_order: +_CET_ENDBR pushq %rbp pushq %rbx pushq %r12 diff --git a/crypto/md5/md5-masm-x86_64.S b/crypto/md5/md5-masm-x86_64.S index 85d0bcb9..63d5440e 100644 --- a/crypto/md5/md5-masm-x86_64.S +++ b/crypto/md5/md5-masm-x86_64.S @@ -1,28 +1,33 @@ ; 1 "crypto/md5/md5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/md5/md5-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +71,8 @@ OPTION DOTNAME -; 3 "crypto/md5/md5-masm-x86_64.S.tmp" 2 + +; 9 "crypto/md5/md5-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' ALIGN 16 @@ -82,6 +88,7 @@ $L$SEH_begin_md5_block_asm_data_order:: mov rdx,r8 + push rbp push rbx push r12 diff --git a/crypto/md5/md5-mingw64-x86_64.S b/crypto/md5/md5-mingw64-x86_64.S index 5a611f52..a5533bd9 100644 --- a/crypto/md5/md5-mingw64-x86_64.S +++ b/crypto/md5/md5-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 @@ -13,6 +19,7 @@ md5_block_asm_data_order: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbp pushq %rbx pushq %r12 diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index e2eacebe..031db43e 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mem_dbg.c,v 1.25 2023/07/08 08:28:23 beck Exp $ */ +/* $OpenBSD: mem_dbg.c,v 1.27 2024/03/02 11:32:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -109,101 +109,10 @@ * */ -#include -#include #include -#include -#include int CRYPTO_mem_ctrl(int mode) { return (CRYPTO_MEM_CHECK_OFF); } - -int -CRYPTO_is_mem_check_on(void) -{ - return (0); -} - - -void -CRYPTO_dbg_set_options(long bits) -{ - return; -} -LCRYPTO_ALIAS(CRYPTO_dbg_set_options); - -long -CRYPTO_dbg_get_options(void) -{ - return (0); -} -LCRYPTO_ALIAS(CRYPTO_dbg_get_options); - -int -CRYPTO_push_info_(const char *info, const char *file, int line) -{ - return (0); -} -LCRYPTO_ALIAS(CRYPTO_push_info_); - -int -CRYPTO_pop_info(void) -{ - return (0); -} -LCRYPTO_ALIAS(CRYPTO_pop_info); - -int -CRYPTO_remove_all_info(void) -{ - return (0); -} -LCRYPTO_ALIAS(CRYPTO_remove_all_info); - -void -CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, - int before_p) -{ - OPENSSL_assert("CRYPTO_dbg_malloc is no longer permitted"); -} -LCRYPTO_ALIAS(CRYPTO_dbg_malloc); - -void -CRYPTO_dbg_free(void *addr, int before_p) -{ - OPENSSL_assert("CRYPTO_dbg_free is no longer permitted"); -} -LCRYPTO_ALIAS(CRYPTO_dbg_free); - -void -CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, - const char *file, int line, int before_p) -{ - OPENSSL_assert("CRYPTO_dbg_realloc is no longer permitted"); -} -LCRYPTO_ALIAS(CRYPTO_dbg_realloc); - -int -CRYPTO_mem_leaks(BIO *b) -{ - return -1; -} -LCRYPTO_ALIAS(CRYPTO_mem_leaks); - -int -CRYPTO_mem_leaks_fp(FILE *fp) -{ - return -1; -} -LCRYPTO_ALIAS(CRYPTO_mem_leaks_fp); - - -int -CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) -{ - return -1; -} -LCRYPTO_ALIAS(CRYPTO_mem_leaks_cb); diff --git a/crypto/modes/ghash-elf-x86_64.S b/crypto/modes/ghash-elf-x86_64.S index 039cd496..d2662c36 100644 --- a/crypto/modes/ghash-elf-x86_64.S +++ b/crypto/modes/ghash-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .type gcm_gmult_4bit,@function .align 16 gcm_gmult_4bit: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -93,6 +100,7 @@ gcm_gmult_4bit: .type gcm_ghash_4bit,@function .align 16 gcm_ghash_4bit: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -614,7 +622,6 @@ gcm_ghash_4bit: xorq %r13,%r9 shrq $8,%r8 movzbq %r12b,%r12 - movl -4(%rdi),%edx shrq $8,%r9 xorq -128(%rbp,%rbx,8),%r8 shlq $56,%r10 @@ -659,7 +666,7 @@ gcm_ghash_4bit: .type gcm_init_clmul,@function .align 16 gcm_init_clmul: - endbr64 +_CET_ENDBR movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -725,7 +732,7 @@ gcm_init_clmul: .type gcm_gmult_clmul,@function .align 16 gcm_gmult_clmul: - endbr64 +_CET_ENDBR movdqu (%rdi),%xmm0 movdqa .Lbswap_mask(%rip),%xmm5 movdqu (%rsi),%xmm2 @@ -776,7 +783,7 @@ gcm_gmult_clmul: .type gcm_ghash_clmul,@function .align 16 gcm_ghash_clmul: - endbr64 +_CET_ENDBR movdqa .Lbswap_mask(%rip),%xmm5 movdqu (%rdi),%xmm0 diff --git a/crypto/modes/ghash-macosx-x86_64.S b/crypto/modes/ghash-macosx-x86_64.S index e6840a78..5892deba 100644 --- a/crypto/modes/ghash-macosx-x86_64.S +++ b/crypto/modes/ghash-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 4 _gcm_gmult_4bit: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -93,6 +100,7 @@ L$gmult_epilogue: .p2align 4 _gcm_ghash_4bit: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -614,7 +622,6 @@ L$outer_loop: xorq %r13,%r9 shrq $8,%r8 movzbq %r12b,%r12 - movl -4(%rdi),%edx shrq $8,%r9 xorq -128(%rbp,%rbx,8),%r8 shlq $56,%r10 @@ -659,6 +666,7 @@ L$ghash_epilogue: .p2align 4 _gcm_init_clmul: +_CET_ENDBR movdqu (%rsi),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -724,6 +732,7 @@ _gcm_init_clmul: .p2align 4 _gcm_gmult_clmul: +_CET_ENDBR movdqu (%rdi),%xmm0 movdqa L$bswap_mask(%rip),%xmm5 movdqu (%rsi),%xmm2 @@ -774,6 +783,7 @@ _gcm_gmult_clmul: .p2align 4 _gcm_ghash_clmul: +_CET_ENDBR movdqa L$bswap_mask(%rip),%xmm5 movdqu (%rdi),%xmm0 @@ -976,6 +986,7 @@ L$done: retq L$SEH_end_gcm_ghash_clmul: +.section __DATA,__const .p2align 6 L$bswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -1022,6 +1033,5 @@ L$rem_8bit: .value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E .value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE .value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE - -.byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text diff --git a/crypto/modes/ghash-masm-x86_64.S b/crypto/modes/ghash-masm-x86_64.S index 09ee8e0f..bfdf8ce6 100644 --- a/crypto/modes/ghash-masm-x86_64.S +++ b/crypto/modes/ghash-masm-x86_64.S @@ -1,28 +1,34 @@ ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/modes/ghash-masm-x86_64.S.tmp" 2 +; 9 "crypto/modes/ghash-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC gcm_gmult_4bit @@ -81,6 +87,7 @@ $L$SEH_begin_gcm_gmult_4bit:: mov rsi,rdx + push rbx push rbp push r12 @@ -182,6 +189,7 @@ $L$SEH_begin_gcm_ghash_4bit:: mov rcx,r9 + push rbx push rbp push r12 @@ -703,7 +711,6 @@ $L$outer_loop:: xor r9,r13 shr r8,8 movzx r12,r12b - mov edx,DWORD PTR[((-4))+rdi] shr r9,8 xor r8,QWORD PTR[((-128))+rbx*8+rbp] shl r10,56 @@ -751,6 +758,7 @@ PUBLIC gcm_init_clmul ALIGN 16 gcm_init_clmul PROC PUBLIC + movdqu xmm2,XMMWORD PTR[rdx] pshufd xmm2,xmm2,78 @@ -816,6 +824,7 @@ PUBLIC gcm_gmult_clmul ALIGN 16 gcm_gmult_clmul PROC PUBLIC + movdqu xmm0,XMMWORD PTR[rcx] movdqa xmm5,XMMWORD PTR[$L$bswap_mask] movdqu xmm2,XMMWORD PTR[rdx] @@ -866,6 +875,7 @@ PUBLIC gcm_ghash_clmul ALIGN 16 gcm_ghash_clmul PROC PUBLIC + $L$SEH_begin_gcm_ghash_clmul:: DB 048h,083h,0ech,058h @@ -1082,6 +1092,8 @@ DB 102,15,56,0,197 DB 0F3h,0C3h ;repret $L$SEH_end_gcm_ghash_clmul:: gcm_ghash_clmul ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$bswap_mask:: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -1128,16 +1140,14 @@ $L$rem_8bit:: DW 0A7D0h,0A612h,0A454h,0A596h,0A0D8h,0A11Ah,0A35Ch,0A29Eh DW 0B5E0h,0B422h,0B664h,0B7A6h,0B2E8h,0B32Ah,0B16Ch,0B0AEh DW 0BBF0h,0BA32h,0B874h,0B9B6h,0BCF8h,0BD3Ah,0BF7Ch,0BEBEh - -DB 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52 -DB 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32 -DB 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111 -DB 114,103,62,0 ALIGN 64 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/modes/ghash-mingw64-x86_64.S b/crypto/modes/ghash-mingw64-x86_64.S index cd0823b4..c48ac3ed 100644 --- a/crypto/modes/ghash-mingw64-x86_64.S +++ b/crypto/modes/ghash-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -12,6 +18,7 @@ gcm_gmult_4bit: movq %rcx,%rdi movq %rdx,%rsi +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -111,6 +118,7 @@ gcm_ghash_4bit: movq %r8,%rdx movq %r9,%rcx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -632,7 +640,6 @@ gcm_ghash_4bit: xorq %r13,%r9 shrq $8,%r8 movzbq %r12b,%r12 - movl -4(%rdi),%edx shrq $8,%r9 xorq -128(%rbp,%rbx,8),%r8 shlq $56,%r10 @@ -679,6 +686,7 @@ gcm_ghash_4bit: .def gcm_init_clmul; .scl 2; .type 32; .endef .p2align 4 gcm_init_clmul: +_CET_ENDBR movdqu (%rdx),%xmm2 pshufd $78,%xmm2,%xmm2 @@ -744,6 +752,7 @@ gcm_init_clmul: .def gcm_gmult_clmul; .scl 2; .type 32; .endef .p2align 4 gcm_gmult_clmul: +_CET_ENDBR movdqu (%rcx),%xmm0 movdqa .Lbswap_mask(%rip),%xmm5 movdqu (%rdx),%xmm2 @@ -794,6 +803,7 @@ gcm_gmult_clmul: .def gcm_ghash_clmul; .scl 2; .type 32; .endef .p2align 4 gcm_ghash_clmul: +_CET_ENDBR .LSEH_begin_gcm_ghash_clmul: .byte 0x48,0x83,0xec,0x58 @@ -1010,6 +1020,7 @@ gcm_ghash_clmul: retq .LSEH_end_gcm_ghash_clmul: +.section .rodata .p2align 6 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -1056,13 +1067,13 @@ gcm_ghash_clmul: .value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E .value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE .value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE - -.byte 71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 +.text .def se_handler; .scl 3; .type 32; .endef .p2align 4 se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c deleted file mode 100644 index 48b95d67..00000000 --- a/crypto/objects/o_names.c +++ /dev/null @@ -1,363 +0,0 @@ -/* $OpenBSD: o_names.c,v 1.24 2023/07/08 12:27:51 beck Exp $ */ -#include -#include -#include - -#include - -#include -#include -#include -#include - -/* I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. - */ -DECLARE_LHASH_OF(OBJ_NAME); -static LHASH_OF(OBJ_NAME) *names_lh = NULL; -static int names_type_num = OBJ_NAME_TYPE_NUM; - -typedef struct name_funcs_st { - unsigned long (*hash_func)(const char *name); - int (*cmp_func)(const char *a, const char *b); - void (*free_func)(const char *, int, const char *); -} NAME_FUNCS; - -DECLARE_STACK_OF(NAME_FUNCS) - -static STACK_OF(NAME_FUNCS) *name_funcs_stack; - -/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable - * casting in the functions. This prevents function pointer casting without the - * need for macro-generated wrapper functions. */ - -/* static unsigned long obj_name_hash(OBJ_NAME *a); */ -static unsigned long obj_name_hash(const void *a_void); -/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ -static int obj_name_cmp(const void *a_void, const void *b_void); - -static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) -static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) - -int -OBJ_NAME_init(void) -{ - if (names_lh != NULL) - return (1); - names_lh = lh_OBJ_NAME_new(); - return (names_lh != NULL); -} -LCRYPTO_ALIAS(OBJ_NAME_init); - -int -OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), - int (*cmp_func)(const char *, const char *), - void (*free_func)(const char *, int, const char *)) -{ - int ret; - int i; - NAME_FUNCS *name_funcs; - - if (name_funcs_stack == NULL) - name_funcs_stack = sk_NAME_FUNCS_new_null(); - if (name_funcs_stack == NULL) - return (0); - - ret = names_type_num; - names_type_num++; - for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { - name_funcs = malloc(sizeof(NAME_FUNCS)); - if (!name_funcs) { - OBJerror(ERR_R_MALLOC_FAILURE); - return (0); - } - name_funcs->hash_func = lh_strhash; - name_funcs->cmp_func = strcmp; - name_funcs->free_func = NULL; - if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) { - free(name_funcs); - OBJerror(ERR_R_MALLOC_FAILURE); - return (0); - } - } - name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); - if (hash_func != NULL) - name_funcs->hash_func = hash_func; - if (cmp_func != NULL) - name_funcs->cmp_func = cmp_func; - if (free_func != NULL) - name_funcs->free_func = free_func; - return (ret); -} -LCRYPTO_ALIAS(OBJ_NAME_new_index); - -/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ -static int -obj_name_cmp(const void *a_void, const void *b_void) -{ - int ret; - const OBJ_NAME *a = (const OBJ_NAME *)a_void; - const OBJ_NAME *b = (const OBJ_NAME *)b_void; - - ret = a->type - b->type; - if (ret == 0) { - if ((name_funcs_stack != NULL) && - (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { - ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name, b->name); - } else - ret = strcmp(a->name, b->name); - } - return (ret); -} - -/* static unsigned long obj_name_hash(OBJ_NAME *a) */ -static unsigned long -obj_name_hash(const void *a_void) -{ - unsigned long ret; - const OBJ_NAME *a = (const OBJ_NAME *)a_void; - - if ((name_funcs_stack != NULL) && - (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { - ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->hash_func(a->name); - } else { - ret = lh_strhash(a->name); - } - ret ^= a->type; - return (ret); -} - -const char * -OBJ_NAME_get(const char *name, int type) -{ - OBJ_NAME on, *ret; - int num = 0, alias; - - if (name == NULL) - return (NULL); - if ((names_lh == NULL) && !OBJ_NAME_init()) - return (NULL); - - alias = type&OBJ_NAME_ALIAS; - type&= ~OBJ_NAME_ALIAS; - - on.name = name; - on.type = type; - - for (;;) { - ret = lh_OBJ_NAME_retrieve(names_lh, &on); - if (ret == NULL) - return (NULL); - if ((ret->alias) && !alias) { - if (++num > 10) - return (NULL); - on.name = ret->data; - } else { - return (ret->data); - } - } -} -LCRYPTO_ALIAS(OBJ_NAME_get); - -int -OBJ_NAME_add(const char *name, int type, const char *data) -{ - OBJ_NAME *onp, *ret; - int alias; - - if ((names_lh == NULL) && !OBJ_NAME_init()) - return (0); - - alias = type & OBJ_NAME_ALIAS; - type &= ~OBJ_NAME_ALIAS; - - onp = malloc(sizeof(OBJ_NAME)); - if (onp == NULL) { - /* ERROR */ - return (0); - } - - onp->name = name; - onp->alias = alias; - onp->type = type; - onp->data = data; - - ret = lh_OBJ_NAME_insert(names_lh, onp); - if (ret != NULL) { - /* free things */ - if ((name_funcs_stack != NULL) && - (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { - /* XXX: I'm not sure I understand why the free - * function should get three arguments... - * -- Richard Levitte - */ - sk_NAME_FUNCS_value( - name_funcs_stack, ret->type)->free_func( - ret->name, ret->type, ret->data); - } - free(ret); - } else { - if (lh_OBJ_NAME_error(names_lh)) { - free(onp); - /* ERROR */ - return (0); - } - } - return (1); -} -LCRYPTO_ALIAS(OBJ_NAME_add); - -int -OBJ_NAME_remove(const char *name, int type) -{ - OBJ_NAME on, *ret; - - if (names_lh == NULL) - return (0); - - type &= ~OBJ_NAME_ALIAS; - on.name = name; - on.type = type; - ret = lh_OBJ_NAME_delete(names_lh, &on); - if (ret != NULL) { - /* free things */ - if ((name_funcs_stack != NULL) && - (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { - /* XXX: I'm not sure I understand why the free - * function should get three arguments... - * -- Richard Levitte - */ - sk_NAME_FUNCS_value( - name_funcs_stack, ret->type)->free_func( - ret->name, ret->type, ret->data); - } - free(ret); - return (1); - } else - return (0); -} -LCRYPTO_ALIAS(OBJ_NAME_remove); - -struct doall { - int type; - void (*fn)(const OBJ_NAME *, void *arg); - void *arg; -}; - -static void -do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d) -{ - if (name->type == d->type) - d->fn(name, d->arg); -} - -static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) - -void -OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), void *arg) -{ - struct doall d; - - d.type = type; - d.fn = fn; - d.arg = arg; - - lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), - struct doall, &d); -} -LCRYPTO_ALIAS(OBJ_NAME_do_all); - -struct doall_sorted { - int type; - int n; - const OBJ_NAME **names; -}; - -static void -do_all_sorted_fn(const OBJ_NAME *name, void *d_) -{ - struct doall_sorted *d = d_; - - if (name->type != d->type) - return; - - d->names[d->n++] = name; -} - -static int -do_all_sorted_cmp(const void *n1_, const void *n2_) -{ - const OBJ_NAME * const *n1 = n1_; - const OBJ_NAME * const *n2 = n2_; - - return strcmp((*n1)->name, (*n2)->name); -} - -void -OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), - void *arg) -{ - struct doall_sorted d; - int n; - - d.type = type; - d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh), - sizeof *d.names); - d.n = 0; - if (d.names != NULL) { - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); - - free(d.names); - } -} -LCRYPTO_ALIAS(OBJ_NAME_do_all_sorted); - -static int free_type; - -static void -names_lh_free_doall(OBJ_NAME *onp) -{ - if (onp == NULL) - return; - - if (free_type < 0 || free_type == onp->type) - OBJ_NAME_remove(onp->name, onp->type); -} - -static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) - -static void -name_funcs_free(NAME_FUNCS *ptr) -{ - free(ptr); -} - -void -OBJ_NAME_cleanup(int type) -{ - unsigned long down_load; - - if (names_lh == NULL) - return; - - free_type = type; - down_load = lh_OBJ_NAME_down_load(names_lh); - lh_OBJ_NAME_down_load(names_lh) = 0; - - lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); - if (type < 0) { - lh_OBJ_NAME_free(names_lh); - sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); - names_lh = NULL; - name_funcs_stack = NULL; - } else - lh_OBJ_NAME_down_load(names_lh) = down_load; -} -LCRYPTO_ALIAS(OBJ_NAME_cleanup); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 6cfbf8f7..b90c8031 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.61 2023/09/05 14:59:00 tb Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.89 2024/03/02 11:11:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,7 @@ #include #include #include +#include #include #include @@ -70,20 +71,11 @@ #include #include "asn1_local.h" +#include "lhash_local.h" /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" -static int sn_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int sn_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num); -static int ln_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int ln_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num); -static int obj_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int obj_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num); - #define ADDED_DATA 0 #define ADDED_SNAME 1 #define ADDED_LNAME 2 @@ -98,48 +90,6 @@ DECLARE_LHASH_OF(ADDED_OBJ); static int new_nid = NUM_NID; static LHASH_OF(ADDED_OBJ) *added = NULL; -static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) -{ - return (strcmp((*a)->sn, nid_objs[*b].sn)); -} - - -static int -sn_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return sn_cmp(a, b); -} - -static unsigned int * -OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num) -{ - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - sn_cmp_BSEARCH_CMP_FN); -} - -static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) -{ - return (strcmp((*a)->ln, nid_objs[*b].ln)); -} - - -static int -ln_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return ln_cmp(a, b); -} - -static unsigned int * -OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num) -{ - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - ln_cmp_BSEARCH_CMP_FN); -} - static unsigned long added_obj_hash(const ADDED_OBJ *ca) { @@ -234,30 +184,12 @@ static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) -/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting - * to use freed up OIDs. If necessary the actual freeing up of OIDs is - * delayed. - */ - -int obj_cleanup_defer = 0; - -void -check_defer(int nid) -{ - if (!obj_cleanup_defer && nid >= NUM_NID) - obj_cleanup_defer = 1; -} - void OBJ_cleanup(void) { - if (obj_cleanup_defer) { - obj_cleanup_defer = 2; - return; - } if (added == NULL) return; - lh_ADDED_OBJ_down_load(added) = 0; + lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ @@ -277,7 +209,7 @@ OBJ_new_nid(int num) } LCRYPTO_ALIAS(OBJ_new_nid); -int +static int OBJ_add_object(const ASN1_OBJECT *obj) { ASN1_OBJECT *o = NULL; @@ -327,143 +259,182 @@ OBJ_add_object(const ASN1_OBJECT *obj) ASN1_OBJECT_free(o); return (NID_undef); } -LCRYPTO_ALIAS(OBJ_add_object); ASN1_OBJECT * -OBJ_nid2obj(int n) +OBJ_nid2obj(int nid) { - ADDED_OBJ ad, *adp; - ASN1_OBJECT ob; + if (nid >= 0 && nid < NUM_NID) { + if (nid == NID_undef || nid_objs[nid].nid != NID_undef) + return (ASN1_OBJECT *)&nid_objs[nid]; - if ((n >= 0) && (n < NUM_NID)) { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } - return ((ASN1_OBJECT *)&(nid_objs[n])); - } else if (added == NULL) - return (NULL); - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj); - else { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } + goto unknown; } + + /* XXX - locking. */ + if (added != NULL) { + ASN1_OBJECT aobj = { + .nid = nid, + }; + ADDED_OBJ needle = { + .type = ADDED_NID, + .obj = &aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj; + } + + unknown: + OBJerror(OBJ_R_UNKNOWN_NID); + + return NULL; } LCRYPTO_ALIAS(OBJ_nid2obj); const char * -OBJ_nid2sn(int n) +OBJ_nid2sn(int nid) { - ADDED_OBJ ad, *adp; - ASN1_OBJECT ob; + ASN1_OBJECT *aobj; - if ((n >= 0) && (n < NUM_NID)) { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } - return (nid_objs[n].sn); - } else if (added == NULL) - return (NULL); - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->sn); - else { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } - } + if ((aobj = OBJ_nid2obj(nid)) == NULL) + return NULL; + + return aobj->sn; } LCRYPTO_ALIAS(OBJ_nid2sn); const char * -OBJ_nid2ln(int n) +OBJ_nid2ln(int nid) { - ADDED_OBJ ad, *adp; - ASN1_OBJECT ob; + ASN1_OBJECT *aobj; - if ((n >= 0) && (n < NUM_NID)) { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } - return (nid_objs[n].ln); - } else if (added == NULL) - return (NULL); - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->ln); - else { - OBJerror(OBJ_R_UNKNOWN_NID); - return (NULL); - } - } + if ((aobj = OBJ_nid2obj(nid)) == NULL) + return NULL; + + return aobj->ln; } LCRYPTO_ALIAS(OBJ_nid2ln); static int -obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp) +obj_objs_cmp(const void *aobj, const void *b) { - const ASN1_OBJECT *a = *ap; - const ASN1_OBJECT *b = &nid_objs[*bp]; + const unsigned int *nid = b; + + OPENSSL_assert(*nid < NUM_NID); - return OBJ_cmp(a, b); + return OBJ_cmp(aobj, &nid_objs[*nid]); } -static int -obj_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +int +OBJ_obj2nid(const ASN1_OBJECT *aobj) { - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return obj_cmp(a, b); + const unsigned int *nid; + + if (aobj == NULL || aobj->length == 0) + return NID_undef; + + if (aobj->nid != NID_undef) + return aobj->nid; + + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ + if (added != NULL) { + ADDED_OBJ needle = { + .type = ADDED_DATA, + .obj = (ASN1_OBJECT *)aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; + } + + /* obj_objs holds built-in obj NIDs in ascending OBJ_cmp() order. */ + nid = bsearch(aobj, obj_objs, NUM_OBJ, sizeof(unsigned int), obj_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; } +LCRYPTO_ALIAS(OBJ_obj2nid); -static unsigned int * -OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num) +static int +sn_objs_cmp(const void *sn, const void *b) { - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - obj_cmp_BSEARCH_CMP_FN); + const unsigned int *nid = b; + + OPENSSL_assert(*nid < NUM_NID); + + return strcmp(sn, nid_objs[*nid].sn); } int -OBJ_obj2nid(const ASN1_OBJECT *a) +OBJ_sn2nid(const char *sn) { - const unsigned int *op; - ADDED_OBJ ad, *adp; + const unsigned int *nid; - if (a == NULL || a->length == 0) - return (NID_undef); - if (a->nid != NID_undef) - return (a->nid); + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ + if (added != NULL) { + ASN1_OBJECT aobj = { + .sn = sn, + }; + ADDED_OBJ needle = { + .type = ADDED_SNAME, + .obj = &aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; + } + /* sn_objs holds NIDs in ascending alphabetical order of SN. */ + nid = bsearch(sn, sn_objs, NUM_SN, sizeof(unsigned int), sn_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; +} +LCRYPTO_ALIAS(OBJ_sn2nid); + +static int +ln_objs_cmp(const void *ln, const void *b) +{ + const unsigned int *nid = b; + + OPENSSL_assert(*nid < NUM_NID); + + return strcmp(ln, nid_objs[*nid].ln); +} + +int +OBJ_ln2nid(const char *ln) +{ + const unsigned int *nid; + + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ if (added != NULL) { - ad.type = ADDED_DATA; - ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); + ASN1_OBJECT aobj = { + .ln = ln, + }; + ADDED_OBJ needle = { + .type = ADDED_LNAME, + .obj = &aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; } - op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + + /* ln_objs holds NIDs in ascending alphabetical order of LN. */ + nid = bsearch(ln, ln_objs, NUM_LN, sizeof(unsigned int), ln_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; } -LCRYPTO_ALIAS(OBJ_obj2nid); +LCRYPTO_ALIAS(OBJ_ln2nid); /* Convert an object name into an ASN1_OBJECT * if "noname" is not set then search for short and long names first. @@ -477,8 +448,8 @@ OBJ_txt2obj(const char *s, int no_name) int nid; if (!no_name) { - if (((nid = OBJ_sn2nid(s)) != NID_undef) || - ((nid = OBJ_ln2nid(s)) != NID_undef) ) + if ((nid = OBJ_sn2nid(s)) != NID_undef || + (nid = OBJ_ln2nid(s)) != NID_undef) return OBJ_nid2obj(nid); } @@ -506,93 +477,6 @@ OBJ_txt2nid(const char *s) } LCRYPTO_ALIAS(OBJ_txt2nid); -int -OBJ_ln2nid(const char *s) -{ - ASN1_OBJECT o; - const ASN1_OBJECT *oo = &o; - ADDED_OBJ ad, *adp; - const unsigned int *op; - - o.ln = s; - if (added != NULL) { - ad.type = ADDED_LNAME; - ad.obj = &o; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); - } - op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); -} -LCRYPTO_ALIAS(OBJ_ln2nid); - -int -OBJ_sn2nid(const char *s) -{ - ASN1_OBJECT o; - const ASN1_OBJECT *oo = &o; - ADDED_OBJ ad, *adp; - const unsigned int *op; - - o.sn = s; - if (added != NULL) { - ad.type = ADDED_SNAME; - ad.obj = &o; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); - } - op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); -} -LCRYPTO_ALIAS(OBJ_sn2nid); - -const void * -OBJ_bsearch_(const void *key, const void *base, int num, int size, - int (*cmp)(const void *, const void *)) -{ - return OBJ_bsearch_ex_(key, base, num, size, cmp, 0); -} -LCRYPTO_ALIAS(OBJ_bsearch_); - -const void * -OBJ_bsearch_ex_(const void *key, const void *base_, int num, int size, - int (*cmp)(const void *, const void *), int flags) -{ - const char *base = base_; - int l, h, i = 0, c = 0; - const char *p = NULL; - - if (num == 0) - return (NULL); - l = 0; - h = num; - while (l < h) { - i = (l + h) / 2; - p = &(base[i * size]); - c = (*cmp)(key, p); - if (c < 0) - h = i; - else if (c > 0) - l = i + 1; - else - break; - } - if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) - p = NULL; - else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) { - while (i > 0 && (*cmp)(key, &(base[(i - 1) * size])) == 0) - i--; - p = &(base[i * size]); - } - return (p); -} - int OBJ_create_objects(BIO *in) { @@ -646,31 +530,33 @@ LCRYPTO_ALIAS(OBJ_create_objects); int OBJ_create(const char *oid, const char *sn, const char *ln) { - int ok = 0; - ASN1_OBJECT *op = NULL; - unsigned char *buf; - int i; + ASN1_OBJECT *aobj = NULL; + unsigned char *buf = NULL; + int len, nid; + int ret = 0; - i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); - if (i <= 0) - return (0); + if ((len = a2d_ASN1_OBJECT(NULL, 0, oid, -1)) <= 0) + goto err; - if ((buf = malloc(i)) == NULL) { + if ((buf = calloc(1, len)) == NULL) { OBJerror(ERR_R_MALLOC_FAILURE); - return (0); + goto err; } - i = a2d_ASN1_OBJECT(buf, i, oid, -1); - if (i == 0) + + if ((len = a2d_ASN1_OBJECT(buf, len, oid, -1)) == 0) goto err; - op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); - if (op == NULL) + + nid = OBJ_new_nid(1); + if ((aobj = ASN1_OBJECT_create(nid, buf, len, sn, ln)) == NULL) goto err; - ok = OBJ_add_object(op); + + ret = OBJ_add_object(aobj); err: - ASN1_OBJECT_free(op); + ASN1_OBJECT_free(aobj); free(buf); - return (ok); + + return ret; } LCRYPTO_ALIAS(OBJ_create); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 578725ab..2f19fcf9 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 1053 -#define NUM_SN 1046 -#define NUM_LN 1046 -#define NUM_OBJ 975 +#define NUM_NID 1055 +#define NUM_SN 1048 +#define NUM_LN 1048 +#define NUM_OBJ 977 -static const unsigned char lvalues[6949]={ +static const unsigned char lvalues[6968]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1037,6 +1037,8 @@ static const unsigned char lvalues[6949]={ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E,/* [6921] OBJ_RSA_SHA3_256 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F,/* [6930] OBJ_RSA_SHA3_384 */ 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10,/* [6939] OBJ_RSA_SHA3_512 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1F, /* [6948] OBJ_acmeIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x33,/* [6956] OBJ_id_ct_rpkiSignedPrefixList */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2755,6 +2757,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ 9,&(lvalues[6930]),0}, {"id-rsassa-pkcs1-v1_5-with-sha3-512","RSA-SHA3-512",NID_RSA_SHA3_512, 9,&(lvalues[6939]),0}, +{"acmeIdentifier","ACME Identifier",NID_acmeIdentifier,8, + &(lvalues[6948]),0}, +{"id-ct-rpkiSignedPrefixList","id-ct-rpkiSignedPrefixList", + NID_id_ct_rpkiSignedPrefixList,11,&(lvalues[6956]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2991,6 +2997,7 @@ static const unsigned int sn_objs[NUM_SN]={ 288, /* "ac-targeting" */ 368, /* "acceptableResponses" */ 446, /* "account" */ +1053, /* "acmeIdentifier" */ 363, /* "ad_timestamping" */ 376, /* "algorithm" */ 405, /* "ansi-X9-62" */ @@ -3260,6 +3267,7 @@ static const unsigned int sn_objs[NUM_SN]={ 1001, /* "id-ct-routeOriginAuthz" */ 1003, /* "id-ct-rpkiGhostbusters" */ 1002, /* "id-ct-rpkiManifest" */ +1054, /* "id-ct-rpkiSignedPrefixList" */ 1014, /* "id-ct-signedChecklist" */ 1024, /* "id-ct-signedTAL" */ 802, /* "id-dsa-with-sha224" */ @@ -3807,6 +3815,7 @@ static const unsigned int sn_objs[NUM_SN]={ }; static const unsigned int ln_objs[NUM_LN]={ +1053, /* "ACME Identifier" */ 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ 368, /* "Acceptable OCSP Responses" */ @@ -4320,6 +4329,7 @@ static const unsigned int ln_objs[NUM_LN]={ 1001, /* "id-ct-routeOriginAuthz" */ 1003, /* "id-ct-rpkiGhostbusters" */ 1002, /* "id-ct-rpkiManifest" */ +1054, /* "id-ct-rpkiSignedPrefixList" */ 1014, /* "id-ct-signedChecklist" */ 1024, /* "id-ct-signedTAL" */ 408, /* "id-ecPublicKey" */ @@ -5390,6 +5400,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 1016, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ 1006, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ 1007, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ +1053, /* OBJ_acmeIdentifier 1 3 6 1 5 5 7 1 31 */ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -5773,6 +5784,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 1014, /* OBJ_id_ct_signedChecklist 1 2 840 113549 1 9 16 1 48 */ 1017, /* OBJ_id_ct_ASPA 1 2 840 113549 1 9 16 1 49 */ 1024, /* OBJ_id_ct_signedTAL 1 2 840 113549 1 9 16 1 50 */ +1054, /* OBJ_id_ct_rpkiSignedPrefixList 1 2 840 113549 1 9 16 1 51 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 0fca228e..321c2f50 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_xref.c,v 1.13 2023/07/28 10:25:05 tb Exp $ */ +/* $OpenBSD: obj_xref.c,v 1.14 2024/01/27 16:08:43 tb Exp $ */ /* * Copyright (c) 2023 Theo Buehler @@ -265,6 +265,26 @@ static const struct { .hash_nid = NID_sha3_512, .pkey_nid = NID_rsaEncryption, }, + { + .sign_nid = NID_ecdsa_with_SHA3_224, + .hash_nid = NID_sha3_224, + .pkey_nid = NID_X9_62_id_ecPublicKey, + }, + { + .sign_nid = NID_ecdsa_with_SHA3_256, + .hash_nid = NID_sha3_256, + .pkey_nid = NID_X9_62_id_ecPublicKey, + }, + { + .sign_nid = NID_ecdsa_with_SHA3_384, + .hash_nid = NID_sha3_384, + .pkey_nid = NID_X9_62_id_ecPublicKey, + }, + { + .sign_nid = NID_ecdsa_with_SHA3_512, + .hash_nid = NID_sha3_512, + .pkey_nid = NID_X9_62_id_ecPublicKey, + }, }; #define N_NID_TRIPLES (sizeof(nid_triple) / sizeof(nid_triple[0])) diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 89113f78..5ef22267 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_cl.c,v 1.23 2023/07/08 10:44:00 beck Exp $ */ +/* $OpenBSD: ocsp_cl.c,v 1.24 2024/03/02 09:08:41 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -71,6 +71,7 @@ #include #include +#include "asn1_local.h" #include "ocsp_local.h" /* Utility functions related to sending OCSP requests and extracting diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index bf735c72..69723c21 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_ht.c,v 1.26 2023/07/08 10:44:00 beck Exp $ */ +/* $OpenBSD: ocsp_ht.c,v 1.27 2023/11/28 09:29:20 jsg Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -371,7 +371,7 @@ OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) rctx->state = OHS_ASN1_HEADER; } - /* FALLTRHOUGH */ + /* FALLTHROUGH */ case OHS_ASN1_HEADER: /* Now reading ASN1 header: can read at least 2 bytes which diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 3f23a013..30db092c 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_lib.c,v 1.53 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: pem_lib.c,v 1.56 2024/02/18 15:44:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -74,9 +74,6 @@ #ifndef OPENSSL_NO_DES #include #endif -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include "asn1_local.h" #include "evp_local.h" @@ -223,17 +220,13 @@ check_pem(const char *nm, const char *name) const EVP_PKEY_ASN1_METHOD *ameth; slen = pem_check_suffix(nm, "PARAMETERS"); if (slen > 0) { - ENGINE *e; - ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); if (ameth) { int r; if (ameth->param_decode) r = 1; else r = 0; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -#endif return r; } } @@ -419,7 +412,7 @@ PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); /* k=strlen(buf); */ - EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_legacy_clear(&ctx); ret = 1; if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) || !EVP_EncryptUpdate(&ctx, data, &j, data, i) || @@ -473,7 +466,7 @@ PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, return 0; j = (int)len; - EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_legacy_clear(&ctx); o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); if (o) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 29619521..d7001c83 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pem_pkey.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: pem_pkey.c,v 1.28 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,10 +69,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "asn1_local.h" #include "evp_local.h" diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 816d8b7d..40c9feef 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pvkfmt.c,v 1.27 2023/07/07 13:40:44 beck Exp $ */ +/* $OpenBSD: pvkfmt.c,v 1.28 2024/02/18 15:45:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -713,7 +713,7 @@ derive_pvk_key(unsigned char *key, const unsigned char *salt, EVP_MD_CTX mctx; int rv = 1; - EVP_MD_CTX_init(&mctx); + EVP_MD_CTX_legacy_clear(&mctx); if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) || !EVP_DigestUpdate(&mctx, salt, saltlen) || !EVP_DigestUpdate(&mctx, pass, passlen) || diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 93c7c722..f6f42c55 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_add.c,v 1.22 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_add.c,v 1.25 2024/03/02 10:20:27 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -62,6 +62,7 @@ #include #include "pkcs12_local.h" +#include "x509_local.h" /* Pack an object into an OCTET STRING and turn into a safebag */ @@ -90,7 +91,6 @@ PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) safebag->type = OBJ_nid2obj(nid2); return safebag; } -LCRYPTO_ALIAS(PKCS12_item_pack_safebag); /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ PKCS7 * @@ -118,17 +118,20 @@ PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) PKCS7_free(p7); return NULL; } -LCRYPTO_ALIAS(PKCS12_pack_p7data); /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ STACK_OF(PKCS12_SAFEBAG) * PKCS12_unpack_p7data(PKCS7 *p7) { + ASN1_OCTET_STRING *aos; + if (!PKCS7_type_is_data(p7)) { PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } - return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); + if ((aos = PKCS7_get_octet_string(p7)) == NULL) + return NULL; + return ASN1_item_unpack(aos, &PKCS12_SAFEBAGS_it); } LCRYPTO_ALIAS(PKCS12_unpack_p7data); @@ -177,16 +180,20 @@ PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS7_free(p7); return NULL; } -LCRYPTO_ALIAS(PKCS12_pack_p7encdata); STACK_OF(PKCS12_SAFEBAG) * PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) { + PKCS7_ENC_CONTENT *content; + if (!PKCS7_type_is_encrypted(p7)) return NULL; - return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, - &PKCS12_SAFEBAGS_it, pass, passlen, - p7->d.encrypted->enc_data->enc_data, 1); + if (p7->d.encrypted == NULL) + return NULL; + if ((content = p7->d.encrypted->enc_data) == NULL) + return NULL; + return PKCS12_item_decrypt_d2i(content->algorithm, &PKCS12_SAFEBAGS_it, + pass, passlen, content->enc_data, 1); } LCRYPTO_ALIAS(PKCS12_unpack_p7encdata); @@ -205,16 +212,18 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) return 1; return 0; } -LCRYPTO_ALIAS(PKCS12_pack_authsafes); STACK_OF(PKCS7) * PKCS12_unpack_authsafes(const PKCS12 *p12) { + ASN1_OCTET_STRING *aos; + if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } - return ASN1_item_unpack(p12->authsafes->d.data, - &PKCS12_AUTHSAFES_it); + if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL) + return NULL; + return ASN1_item_unpack(aos, &PKCS12_AUTHSAFES_it); } LCRYPTO_ALIAS(PKCS12_unpack_authsafes); diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index a9decccb..e6078050 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_asn.c,v 1.15 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -170,28 +170,24 @@ d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len) return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA); int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out) { return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA); PKCS12_MAC_DATA * PKCS12_MAC_DATA_new(void) { return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(PKCS12_MAC_DATA_new); void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a) { ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it); } -LCRYPTO_ALIAS(PKCS12_MAC_DATA_free); static const ASN1_TEMPLATE bag_default_tt = { .flags = ASN1_TFLG_EXPLICIT, @@ -280,28 +276,24 @@ d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len) return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(d2i_PKCS12_BAGS); int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out) { return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(i2d_PKCS12_BAGS); PKCS12_BAGS * PKCS12_BAGS_new(void) { return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it); } -LCRYPTO_ALIAS(PKCS12_BAGS_new); void PKCS12_BAGS_free(PKCS12_BAGS *a) { ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it); } -LCRYPTO_ALIAS(PKCS12_BAGS_free); static const ASN1_TEMPLATE safebag_default_tt = { .flags = ASN1_TFLG_EXPLICIT, diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c deleted file mode 100644 index e7d30101..00000000 --- a/crypto/pkcs12/p12_crpt.c +++ /dev/null @@ -1,123 +0,0 @@ -/* $OpenBSD: p12_crpt.c,v 1.17 2023/02/16 08:38:17 tb Exp $ */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include - -/* PKCS#12 PBE algorithms now in static table */ - -void -PKCS12_PBE_add(void) -{ -} -LCRYPTO_ALIAS(PKCS12_PBE_add); - -int -PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) -{ - PBEPARAM *pbe; - int saltlen, iter, ret; - unsigned char *salt; - const unsigned char *pbuf; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - PKCS12error(PKCS12_R_DECODE_ERROR); - return 0; - } - - pbuf = param->value.sequence->data; - if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { - PKCS12error(PKCS12_R_DECODE_ERROR); - return 0; - } - - if (!pbe->iter) - iter = 1; - else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { - PKCS12error(PKCS12_R_DECODE_ERROR); - PBEPARAM_free(pbe); - return 0; - } - salt = pbe->salt->data; - saltlen = pbe->salt->length; - if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_key_length(cipher), key, md)) { - PKCS12error(PKCS12_R_KEY_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_iv_length(cipher), iv, md)) { - PKCS12error(PKCS12_R_IV_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - PBEPARAM_free(pbe); - ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); - explicit_bzero(key, EVP_MAX_KEY_LENGTH); - explicit_bzero(iv, EVP_MAX_IV_LENGTH); - return ret; -} -LCRYPTO_ALIAS(PKCS12_PBE_keyivgen); diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index ea7f6a5f..907d4e52 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_decr.c,v 1.24 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_decr.c,v 1.26 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -77,7 +77,7 @@ PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, int outlen, i; EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); + EVP_CIPHER_CTX_legacy_clear(&ctx); /* Decrypt data */ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, algor->parameter, &ctx, en_de)) { @@ -116,7 +116,6 @@ PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, return out; } -LCRYPTO_ALIAS(PKCS12_pbe_crypt); /* Decrypt an OCTET STRING and decode ASN1 structure * if zbuf set zero buffer after use. @@ -145,7 +144,6 @@ PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, free(out); return ret; } -LCRYPTO_ALIAS(PKCS12_item_decrypt_d2i); /* Encode ASN1 structure and encrypt, return OCTET STRING * if zbuf set zero encoding. @@ -184,6 +182,3 @@ PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, ASN1_OCTET_STRING_free(oct); return NULL; } -LCRYPTO_ALIAS(PKCS12_item_i2d_encrypt); - -IMPLEMENT_PKCS12_STACK_OF(PKCS7) diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 8812f1c0..78e7d045 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_key.c,v 1.34 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_key.c,v 1.35 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -64,6 +64,7 @@ #include #include "evp_local.h" +#include "pkcs12_local.h" /* PKCS12 compatible key/IV generation */ #ifndef min @@ -93,7 +94,6 @@ PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, freezero(unipass, uniplen); return ret; } -LCRYPTO_ALIAS(PKCS12_key_gen_asc); int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, @@ -194,4 +194,3 @@ PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, return ret; } -LCRYPTO_ALIAS(PKCS12_key_gen_uni); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index f0e6df9e..2a728294 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_mutl.c,v 1.35 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_mutl.c,v 1.37 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -115,6 +115,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, { const EVP_MD *md_type; HMAC_CTX *hmac = NULL; + ASN1_OCTET_STRING *aos; unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; int md_size; @@ -124,6 +125,10 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); goto err; } + if ((aos = PKCS7_get_octet_string(p12->authsafes)) == NULL) { + PKCS12error(PKCS12_R_DECODE_ERROR); + goto err; + } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; @@ -155,8 +160,7 @@ PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, goto err; if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL)) goto err; - if (!HMAC_Update(hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length)) + if (!HMAC_Update(hmac, aos->data, aos->length)) goto err; if (!HMAC_Final(hmac, mac, maclen)) goto err; @@ -259,5 +263,4 @@ PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, return 1; } -LCRYPTO_ALIAS(PKCS12_setup_mac); #endif diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index 30dd2ef8..6d3b43ce 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_npas.c,v 1.18 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_npas.c,v 1.27 2024/01/25 15:33:35 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -68,130 +68,68 @@ /* PKCS#12 password change routine */ -static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass); -static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass); -static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); - -/* - * Change the password on a PKCS#12 structure. - */ - -int -PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass) +static int +alg_get(X509_ALGOR *alg, int *nid, int *iter, int *salt_len) { - /* Check for NULL PKCS12 structure */ + const ASN1_OBJECT *aobj; + int param_type; + const void *param; + PBEPARAM *pbe = NULL; + int ret = 0; - if (!p12) { - PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } + *nid = *iter = *salt_len = 0; - /* Check the mac */ + X509_ALGOR_get0(&aobj, ¶m_type, ¶m, alg); + if (param_type != V_ASN1_SEQUENCE) + goto err; + if ((pbe = ASN1_item_unpack(param, &PBEPARAM_it)) == NULL) + goto err; - if (!PKCS12_verify_mac(p12, oldpass, -1)) { - PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); - return 0; - } + /* XXX - can we validate these somehow? */ + *nid = OBJ_obj2nid(alg->algorithm); + *iter = ASN1_INTEGER_get(pbe->iter); + *salt_len = pbe->salt->length; - if (!newpass_p12(p12, oldpass, newpass)) { - PKCS12error(PKCS12_R_PARSE_ERROR); - return 0; - } + ret = 1; - return 1; -} -LCRYPTO_ALIAS(PKCS12_newpass); + err: + PBEPARAM_free(pbe); -/* Parse the outer PKCS#12 structure */ + return ret; +} +/* Change password of safebag: only needs handle shrouded keybags */ static int -newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) +newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass) { - STACK_OF(PKCS7) *asafes, *newsafes; - STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; - PKCS7 *p7, *p7new; - ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - - if (!(asafes = PKCS12_unpack_authsafes(p12))) - return 0; - if (!(newsafes = sk_PKCS7_new_null())) - return 0; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); - bagnid = OBJ_obj2nid(p7->type); - if (bagnid == NID_pkcs7_data) { - bags = PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - if (!alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen)) { - sk_PKCS12_SAFEBAG_pop_free(bags, - PKCS12_SAFEBAG_free); - bags = NULL; - } - } else - continue; - if (bags == NULL) - goto err; - if (!newpass_bags(bags, oldpass, newpass)) { - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - goto err; - } - /* Repack bag in same form with new password */ - if (bagnid == NID_pkcs7_data) - p7new = PKCS12_pack_p7data(bags); - else - p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, - NULL, pbe_saltlen, pbe_iter, bags); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if (p7new == NULL) - goto err; - if (sk_PKCS7_push(newsafes, p7new) == 0) - goto err; - } - sk_PKCS7_pop_free(asafes, PKCS7_free); + PKCS8_PRIV_KEY_INFO *p8 = NULL; + X509_SIG *keybag; + int nid, salt_len, iter; + int ret = 0; - /* Repack safe: save old safe in case of error */ + if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) + goto done; - p12_data_tmp = p12->authsafes->d.data; - if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) { - p12->authsafes->d.data = p12_data_tmp; + if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) + goto err; + if (!alg_get(bag->value.shkeybag->algor, &nid, &iter, &salt_len)) goto err; - } - if (!PKCS12_pack_authsafes(p12, newsafes)) - goto saferr; - - if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) - goto saferr; - if (!(macnew = ASN1_OCTET_STRING_new())) - goto saferr; - if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) - goto saferr; - ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); - p12->mac->dinfo->digest = macnew; - ASN1_OCTET_STRING_free(p12_data_tmp); - return 1; + if ((keybag = PKCS8_encrypt(nid, NULL, newpass, -1, NULL, salt_len, + iter, p8)) == NULL) + goto err; -saferr: - /* Restore old safe */ - ASN1_OCTET_STRING_free(p12->authsafes->d.data); - ASN1_OCTET_STRING_free(macnew); - p12->authsafes->d.data = p12_data_tmp; - return 0; - -err: - sk_PKCS7_pop_free(asafes, PKCS7_free); - sk_PKCS7_pop_free(newsafes, PKCS7_free); - return 0; -} + X509_SIG_free(bag->value.shkeybag); + bag->value.shkeybag = keybag; + + done: + ret = 1; + err: + PKCS8_PRIV_KEY_INFO_free(p8); + + return ret; +} static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, @@ -200,50 +138,163 @@ newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), - oldpass, newpass)) + PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(bags, i); + + if (!newpass_bag(bag, oldpass, newpass)) return 0; } + return 1; } -/* Change password of safebag: only needs handle shrouded keybags */ +static int +pkcs7_repack_data(PKCS7 *pkcs7, STACK_OF(PKCS7) *safes, const char *oldpass, + const char *newpass) +{ + STACK_OF(PKCS12_SAFEBAG) *bags; + PKCS7 *data = NULL; + int ret = 0; + + if ((bags = PKCS12_unpack_p7data(pkcs7)) == NULL) + goto err; + if (!newpass_bags(bags, oldpass, newpass)) + goto err; + if ((data = PKCS12_pack_p7data(bags)) == NULL) + goto err; + if (sk_PKCS7_push(safes, data) == 0) + goto err; + data = NULL; + + ret = 1; + + err: + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + PKCS7_free(data); + + return ret; +} static int -newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass) +pkcs7_repack_encdata(PKCS7 *pkcs7, STACK_OF(PKCS7) *safes, const char *oldpass, + const char *newpass) { - PKCS8_PRIV_KEY_INFO *p8; - X509_SIG *p8new; - int p8_nid, p8_saltlen, p8_iter; + STACK_OF(PKCS12_SAFEBAG) *bags; + int nid, iter, salt_len; + PKCS7 *data = NULL; + int ret = 0; - if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) - return 1; - - if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) - return 0; - if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, - &p8_saltlen)) - return 0; - if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8))) return 0; - X509_SIG_free(bag->value.shkeybag); - bag->value.shkeybag = p8new; - return 1; + if ((bags = PKCS12_unpack_p7encdata(pkcs7, oldpass, -1)) == NULL) + goto err; + if (!alg_get(pkcs7->d.encrypted->enc_data->algorithm, &nid, + &iter, &salt_len)) + goto err; + if (!newpass_bags(bags, oldpass, newpass)) + goto err; + if ((data = PKCS12_pack_p7encdata(nid, newpass, -1, NULL, salt_len, + iter, bags)) == NULL) + goto err; + if (!sk_PKCS7_push(safes, data)) + goto err; + data = NULL; + + ret = 1; + + err: + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + PKCS7_free(data); + + return ret; } static int -alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) +pkcs12_repack_authsafes(PKCS12 *pkcs12, STACK_OF(PKCS7) *safes, + const char *newpass) { - PBEPARAM *pbe; - const unsigned char *p; - - p = alg->parameter->value.sequence->data; - pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); - if (!pbe) - return 0; - *pnid = OBJ_obj2nid(alg->algorithm); - *piter = ASN1_INTEGER_get(pbe->iter); - *psaltlen = pbe->salt->length; - PBEPARAM_free(pbe); - return 1; + ASN1_OCTET_STRING *old_data; + ASN1_OCTET_STRING *new_mac = NULL; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int mac_len; + int ret = 0; + + if ((old_data = pkcs12->authsafes->d.data) == NULL) + goto err; + if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) + goto err; + if (!PKCS12_pack_authsafes(pkcs12, safes)) + goto err; + if (!PKCS12_gen_mac(pkcs12, newpass, -1, mac, &mac_len)) + goto err; + if ((new_mac = ASN1_OCTET_STRING_new()) == NULL) + goto err; + if (!ASN1_OCTET_STRING_set(new_mac, mac, mac_len)) + goto err; + + ASN1_OCTET_STRING_free(pkcs12->mac->dinfo->digest); + pkcs12->mac->dinfo->digest = new_mac; + new_mac = NULL; + + ASN1_OCTET_STRING_free(old_data); + old_data = NULL; + + ret = 1; + + err: + if (old_data != NULL) { + ASN1_OCTET_STRING_free(pkcs12->authsafes->d.data); + pkcs12->authsafes->d.data = old_data; + } + explicit_bzero(mac, sizeof(mac)); + ASN1_OCTET_STRING_free(new_mac); + + return ret; } + +int +PKCS12_newpass(PKCS12 *pkcs12, const char *oldpass, const char *newpass) +{ + STACK_OF(PKCS7) *authsafes = NULL, *safes = NULL; + int i; + int ret = 0; + + if (pkcs12 == NULL) { + PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); + goto err; + } + + if (!PKCS12_verify_mac(pkcs12, oldpass, -1)) { + PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); + goto err; + } + + if ((authsafes = PKCS12_unpack_authsafes(pkcs12)) == NULL) + goto err; + if ((safes = sk_PKCS7_new_null()) == NULL) + goto err; + + for (i = 0; i < sk_PKCS7_num(authsafes); i++) { + PKCS7 *pkcs7 = sk_PKCS7_value(authsafes, i); + + switch (OBJ_obj2nid(pkcs7->type)) { + case NID_pkcs7_data: + if (pkcs7_repack_data(pkcs7, safes, oldpass, newpass)) + goto err; + break; + case NID_pkcs7_encrypted: + if (pkcs7_repack_encdata(pkcs7, safes, oldpass, newpass)) + goto err; + break; + } + } + + if (!pkcs12_repack_authsafes(pkcs12, safes, newpass)) + goto err; + + ret = 1; + + err: + sk_PKCS7_pop_free(authsafes, PKCS7_free); + sk_PKCS7_pop_free(safes, PKCS7_free); + + return ret; +} +LCRYPTO_ALIAS(PKCS12_newpass); diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c index dd5e8d98..d4874e3b 100644 --- a/crypto/pkcs12/p12_p8d.c +++ b/crypto/pkcs12/p12_p8d.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8d.c,v 1.11 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_p8d.c,v 1.12 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -60,6 +60,7 @@ #include +#include "pkcs12_local.h" #include "x509_local.h" PKCS8_PRIV_KEY_INFO * diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 87c4be56..bf615932 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p12_p8e.c,v 1.12 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: p12_p8e.c,v 1.13 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -61,6 +61,7 @@ #include #include +#include "pkcs12_local.h" #include "x509_local.h" X509_SIG * diff --git a/crypto/pkcs12/pkcs12_local.h b/crypto/pkcs12/pkcs12_local.h index 1d6f0558..dfdcdce1 100644 --- a/crypto/pkcs12/pkcs12_local.h +++ b/crypto/pkcs12/pkcs12_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12_local.h,v 1.3 2022/11/26 17:23:18 tb Exp $ */ +/* $OpenBSD: pkcs12_local.h,v 1.5 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -96,6 +96,82 @@ struct pkcs12_bag_st { } value; }; +extern const ASN1_ITEM PKCS12_SAFEBAGS_it; +extern const ASN1_ITEM PKCS12_AUTHSAFES_it; + +PKCS12_BAGS *PKCS12_BAGS_new(void); +void PKCS12_BAGS_free(PKCS12_BAGS *a); +PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len); +int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_BAGS_it; + +PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); +void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); +PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len); +int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_MAC_DATA_it; + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + +int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, + int namelen); +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); + +int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen); + +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); + +PKCS12 *PKCS12_init(int mode); + +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf); +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); + +int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); + +int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); +PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags); + +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, + int passlen, const unsigned char *in, int inlen, unsigned char **data, + int *datalen, int en_de); + +int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); + +/* XXX - should go into pkcs7_local.h. */ +ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7); + __END_HIDDEN_DECLS #endif /* !HEADER_PKCS12_LOCAL_H */ diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c index 5eff5241..52463aa3 100644 --- a/crypto/pkcs7/pk7_attr.c +++ b/crypto/pkcs7/pk7_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_attr.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: pk7_attr.c,v 1.15 2024/02/19 15:37:44 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -57,14 +57,12 @@ */ #include -#include -#include + #include -#include -#include +#include +#include #include #include -#include int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index d5edaedb..3cc7add6 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_doit.c,v 1.52 2023/03/09 18:20:10 tb Exp $ */ +/* $OpenBSD: pk7_doit.c,v 1.56 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,10 +68,6 @@ #include "evp_local.h" #include "x509_local.h" -static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); -static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); - static int PKCS7_type_is_other(PKCS7* p7) { @@ -96,7 +92,7 @@ PKCS7_type_is_other(PKCS7* p7) } -static ASN1_OCTET_STRING * +ASN1_OCTET_STRING * PKCS7_get_octet_string(PKCS7 *p7) { if (PKCS7_type_is_data(p7)) @@ -407,7 +403,7 @@ PKCS7_dataInit(PKCS7 *p7, BIO *bio) BIO_free_all(btmp); out = NULL; } - return (out); + return out; } LCRYPTO_ALIAS(PKCS7_dataInit); @@ -636,7 +632,7 @@ PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_free_all(etmp); out = NULL; } - return (out); + return out; } LCRYPTO_ALIAS(PKCS7_dataDecode); @@ -715,7 +711,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) return 0; } - EVP_MD_CTX_init(&ctx_tmp); + EVP_MD_CTX_legacy_clear(&ctx_tmp); i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -865,7 +861,7 @@ PKCS7_dataFinal(PKCS7 *p7, BIO *bio) ret = 1; err: EVP_MD_CTX_cleanup(&ctx_tmp); - return (ret); + return ret; } LCRYPTO_ALIAS(PKCS7_dataFinal); @@ -883,7 +879,7 @@ PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (md == NULL) return 0; - EVP_MD_CTX_init(&mctx); + EVP_MD_CTX_legacy_clear(&mctx); if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; @@ -1001,7 +997,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) BIO *btmp; EVP_PKEY *pkey; - EVP_MD_CTX_init(&mdc_tmp); + EVP_MD_CTX_legacy_clear(&mdc_tmp); if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { @@ -1093,7 +1089,7 @@ PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) ret = 1; err: EVP_MD_CTX_cleanup(&mdc_tmp); - return (ret); + return ret; } LCRYPTO_ALIAS(PKCS7_signatureVerify); @@ -1114,26 +1110,12 @@ PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) return NULL; ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) - return (NULL); + return NULL; ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); - return (ri->issuer_and_serial); + return ri->issuer_and_serial; } LCRYPTO_ALIAS(PKCS7_get_issuer_and_serial); -ASN1_TYPE * -PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) -{ - return (get_attribute(si->auth_attr, nid)); -} -LCRYPTO_ALIAS(PKCS7_get_signed_attribute); - -ASN1_TYPE * -PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) -{ - return (get_attribute(si->unauth_attr, nid)); -} -LCRYPTO_ALIAS(PKCS7_get_attribute); - static ASN1_TYPE * get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) { @@ -1143,14 +1125,28 @@ get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) o = OBJ_nid2obj(nid); if (!o || !sk) - return (NULL); + return NULL; for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { xa = sk_X509_ATTRIBUTE_value(sk, i); if (OBJ_cmp(xa->object, o) == 0) - return (sk_ASN1_TYPE_value(xa->set, 0)); + return sk_ASN1_TYPE_value(xa->set, 0); } - return (NULL); + return NULL; +} + +ASN1_TYPE * +PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return get_attribute(si->auth_attr, nid); } +LCRYPTO_ALIAS(PKCS7_get_signed_attribute); + +ASN1_TYPE * +PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return get_attribute(si->unauth_attr, nid); +} +LCRYPTO_ALIAS(PKCS7_get_attribute); ASN1_OCTET_STRING * PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) @@ -1181,9 +1177,9 @@ PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } LCRYPTO_ALIAS(PKCS7_set_signed_attributes); @@ -1202,27 +1198,12 @@ PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return (0); + return 0; } - return (1); + return 1; } LCRYPTO_ALIAS(PKCS7_set_attributes); -int -PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) -{ - return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); -} -LCRYPTO_ALIAS(PKCS7_add_signed_attribute); - -int -PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) -{ - return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); -} -LCRYPTO_ALIAS(PKCS7_add_attribute); - static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) { @@ -1260,5 +1241,20 @@ add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) goto new_attrib; } end: - return (1); + return 1; +} + +int +PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value) +{ + return add_attribute(&(p7si->auth_attr), nid, atrtype, value); } +LCRYPTO_ALIAS(PKCS7_add_signed_attribute); + +int +PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) +{ + return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); +} +LCRYPTO_ALIAS(PKCS7_add_attribute); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 6eda698c..59f348e2 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_lib.c,v 1.26 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: pk7_lib.c,v 1.28 2023/11/09 19:08:07 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -370,6 +370,7 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) { + int nid; int ret; /* We now need to add another PKCS7_SIGNER_INFO entry */ @@ -390,10 +391,15 @@ PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); p7i->pkey = pkey; - /* Set the algorithms */ - - X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), - V_ASN1_NULL, NULL); + /* + * Do not use X509_ALGOR_set_evp_md() to match historical behavior. + * A mistranslation of the ASN.1 from 1988 to 1997 syntax lost the + * OPTIONAL field, cf. the NOTE above RFC 5754, 2.1. + * Using X509_ALGOR_set_evp_md() would change encoding of the SHAs. + */ + nid = EVP_MD_type(dgst); + if (!X509_ALGOR_set0_by_nid(p7i->digest_alg, nid, V_ASN1_NULL, NULL)) + return 0; if (pkey->ameth && pkey->ameth->pkey_ctrl) { ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index f00e18c7..38133558 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pk7_mime.c,v 1.19 2023/05/02 09:56:12 tb Exp $ */ +/* $OpenBSD: pk7_mime.c,v 1.20 2024/01/25 13:44:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -89,8 +89,11 @@ SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) STACK_OF(X509_ALGOR) *mdalgs = NULL; int ctype_nid; - if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) + if ((ctype_nid = OBJ_obj2nid(p7->type)) == NID_pkcs7_signed) { + if (p7->d.sign == NULL) + return 0; mdalgs = p7->d.sign->md_algs; + } flags ^= SMIME_OLDMIME; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5c5df98c..b9ef0dee 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rand_lib.c,v 1.22 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: rand_lib.c,v 1.23 2023/11/19 15:46:10 tb Exp $ */ /* * Copyright (c) 2014 Ted Unangst * @@ -45,15 +45,6 @@ RAND_SSLeay(void) } LCRYPTO_ALIAS(RAND_SSLeay); -#ifndef OPENSSL_NO_ENGINE -int -RAND_set_rand_engine(ENGINE *engine) -{ - return 1; -} -LCRYPTO_ALIAS(RAND_set_rand_engine); -#endif - void RAND_cleanup(void) { diff --git a/crypto/rc4/rc4-elf-x86_64.S b/crypto/rc4/rc4-elf-x86_64.S index aa7f8ca1..7e93e58d 100644 --- a/crypto/rc4/rc4-elf-x86_64.S +++ b/crypto/rc4/rc4-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,7 +13,7 @@ .type RC4,@function .align 16 RC4: - endbr64 +_CET_ENDBR orq %rsi,%rsi jne .Lentry retq @@ -525,7 +531,7 @@ RC4: .type RC4_set_key,@function .align 16 RC4_set_key: - endbr64 +_CET_ENDBR leaq 8(%rdi),%rdi leaq (%rdx,%rsi,1),%rdx negq %rsi diff --git a/crypto/rc4/rc4-macosx-x86_64.S b/crypto/rc4/rc4-macosx-x86_64.S index 50f40fde..5a83777b 100644 --- a/crypto/rc4/rc4-macosx-x86_64.S +++ b/crypto/rc4/rc4-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -6,7 +12,9 @@ .globl _RC4 .p2align 4 -_RC4: orq %rsi,%rsi +_RC4: +_CET_ENDBR + orq %rsi,%rsi jne L$entry retq L$entry: @@ -523,6 +531,7 @@ L$epilogue: .p2align 4 _RC4_set_key: +_CET_ENDBR leaq 8(%rdi),%rdi leaq (%rdx,%rsi,1),%rdx negq %rsi diff --git a/crypto/rc4/rc4-masm-x86_64.S b/crypto/rc4/rc4-masm-x86_64.S index 89371cea..aba4426c 100644 --- a/crypto/rc4/rc4-masm-x86_64.S +++ b/crypto/rc4/rc4-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/rc4/rc4-masm-x86_64.S.tmp" 2 +; 9 "crypto/rc4/rc4-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' EXTERN OPENSSL_ia32cap_P:NEAR @@ -84,6 +90,8 @@ $L$SEH_begin_RC4:: mov rdx,r8 mov rcx,r9 + + or rsi,rsi jne $L$entry mov rdi,QWORD PTR[8+rsp] ;WIN64 epilogue @@ -615,6 +623,7 @@ $L$SEH_begin_RC4_set_key:: mov rdx,r8 + lea rdi,QWORD PTR[8+rdi] lea rdx,QWORD PTR[rsi*1+rdx] neg rsi diff --git a/crypto/rc4/rc4-md5-elf-x86_64.S b/crypto/rc4/rc4-md5-elf-x86_64.S index 9381ff7b..a30c2249 100644 --- a/crypto/rc4/rc4-md5-elf-x86_64.S +++ b/crypto/rc4/rc4-md5-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .align 16 @@ -5,7 +11,7 @@ .globl rc4_md5_enc .type rc4_md5_enc,@function rc4_md5_enc: - endbr64 +_CET_ENDBR cmpq $0,%r9 je .Labort pushq %rbx diff --git a/crypto/rc4/rc4-md5-macosx-x86_64.S b/crypto/rc4/rc4-md5-macosx-x86_64.S index a8f6955f..46316995 100644 --- a/crypto/rc4/rc4-md5-macosx-x86_64.S +++ b/crypto/rc4/rc4-md5-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 @@ -5,6 +11,7 @@ .globl _rc4_md5_enc _rc4_md5_enc: +_CET_ENDBR cmpq $0,%r9 je L$abort pushq %rbx diff --git a/crypto/rc4/rc4-md5-masm-x86_64.S b/crypto/rc4/rc4-md5-masm-x86_64.S index 0d2e8d55..d31cf793 100644 --- a/crypto/rc4/rc4-md5-masm-x86_64.S +++ b/crypto/rc4/rc4-md5-masm-x86_64.S @@ -1,28 +1,33 @@ ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +71,8 @@ OPTION DOTNAME -; 3 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" 2 + +; 9 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' ALIGN 16 @@ -85,6 +91,7 @@ $L$SEH_begin_rc4_md5_enc:: mov r9,QWORD PTR[48+rsp] + cmp r9,0 je $L$abort push rbx diff --git a/crypto/rc4/rc4-md5-mingw64-x86_64.S b/crypto/rc4/rc4-md5-mingw64-x86_64.S index e11d3148..0b1335d3 100644 --- a/crypto/rc4/rc4-md5-mingw64-x86_64.S +++ b/crypto/rc4/rc4-md5-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text .p2align 4 @@ -16,6 +22,7 @@ rc4_md5_enc: movq 40(%rsp),%r8 movq 48(%rsp),%r9 +_CET_ENDBR cmpq $0,%r9 je .Labort pushq %rbx diff --git a/crypto/rc4/rc4-mingw64-x86_64.S b/crypto/rc4/rc4-mingw64-x86_64.S index 4750a778..d1f1ab2b 100644 --- a/crypto/rc4/rc4-mingw64-x86_64.S +++ b/crypto/rc4/rc4-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -15,6 +21,8 @@ RC4: movq %rdx,%rsi movq %r8,%rdx movq %r9,%rcx + +_CET_ENDBR orq %rsi,%rsi jne .Lentry movq 8(%rsp),%rdi @@ -544,6 +552,7 @@ RC4_set_key: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR leaq 8(%rdi),%rdi leaq (%rdx,%rsi,1),%rdx negq %rsi diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index ae38c205..0c351f49 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.33 2023/08/12 08:02:43 tb Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.57 2024/01/10 14:59:19 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -72,6 +72,7 @@ #include "cryptlib.h" #include "evp_local.h" #include "rsa_local.h" +#include "x509_local.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); @@ -82,6 +83,8 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri); static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg); +static int rsa_alg_set_pkcs1_padding(X509_ALGOR *alg); + /* Set any parameters associated with pkey */ static int rsa_param_encode(const EVP_PKEY *pkey, ASN1_STRING **pstr, int *pstrtype) @@ -201,13 +204,22 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { RSA *rsa; + int ret = 0; if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { RSAerror(ERR_R_RSA_LIB); - return 0; + goto err; } - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); - return 1; + if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) + goto err; + rsa = NULL; + + ret = 1; + + err: + RSA_free(rsa); + + return ret; } static int @@ -252,24 +264,27 @@ static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p; - RSA *rsa; + RSA *rsa = NULL; int pklen; const X509_ALGOR *alg; + int ret = 0; if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8)) - return 0; - rsa = d2i_RSAPrivateKey(NULL, &p, pklen); - if (rsa == NULL) { - RSAerror(ERR_R_RSA_LIB); - return 0; - } - if (!rsa_param_decode(rsa, alg)) { - RSA_free(rsa); - return 0; - } - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); + goto err; + if ((rsa = d2i_RSAPrivateKey(NULL, &p, pklen)) == NULL) + goto err; + if (!rsa_param_decode(rsa, alg)) + goto err; + if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) + goto err; + rsa = NULL; - return 1; + ret = 1; + + err: + RSA_free(rsa); + + return ret; } static int @@ -434,7 +449,8 @@ pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) if (!BIO_indent(bp, off, 128)) goto err; - if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) + if (BIO_printf(bp, "%s ", + pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS ? "RSA-PSS" : "RSA") <= 0) goto err; if (priv && x->d != NULL) { @@ -466,7 +482,8 @@ pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) if (!bn_printf(bp, x->iqmp, off, "coefficient:")) goto err; } - if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off)) + if (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS && + !rsa_pss_param_print(bp, 1, x->pss, off)) goto err; ret = 1; err: @@ -520,7 +537,7 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: - if (pkey_is_pss(pkey)) + if (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) return -2; if (arg1 == 0) PKCS7_RECIP_INFO_get0_alg(arg2, &alg); @@ -534,7 +551,7 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_ENVELOPE: - if (pkey_is_pss(pkey)) + if (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) return -2; if (arg1 == 0) return rsa_cms_encrypt(arg2); @@ -543,7 +560,7 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) break; case ASN1_PKEY_CTRL_CMS_RI_TYPE: - if (pkey_is_pss(pkey)) + if (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) return -2; *(int *)arg2 = CMS_RECIPINFO_TRANS; return 1; @@ -567,52 +584,85 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return -2; } - if (alg) - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), - V_ASN1_NULL, 0); + if (alg != NULL) + return rsa_alg_set_pkcs1_padding(alg); return 1; } -/* Allocate and set algorithm ID from EVP_MD, defaults to SHA1. */ static int -rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) +rsa_md_to_algor(const EVP_MD *md, X509_ALGOR **out_alg) { + X509_ALGOR *alg = NULL; + int ret = 0; + + X509_ALGOR_free(*out_alg); + *out_alg = NULL; + + /* RFC 8017 - default hash is SHA-1 and hence omitted. */ if (md == NULL || EVP_MD_type(md) == NID_sha1) - return 1; - *palg = X509_ALGOR_new(); - if (*palg == NULL) - return 0; - X509_ALGOR_set_md(*palg, md); - return 1; + goto done; + + if ((alg = X509_ALGOR_new()) == NULL) + goto err; + if (!X509_ALGOR_set_evp_md(alg, md)) + goto err; + + done: + *out_alg = alg; + alg = NULL; + + ret = 1; + + err: + X509_ALGOR_free(alg); + + return ret; } -/* Allocate and set MGF1 algorithm ID from EVP_MD. */ +/* + * RFC 8017, A.2.1 and A.2.3 - encode maskGenAlgorithm for RSAES-OAEP + * and RSASSA-PSS. The default is mgfSHA1 and hence omitted. + */ static int -rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) +rsa_mgf1md_to_maskGenAlgorithm(const EVP_MD *mgf1md, X509_ALGOR **out_alg) { - X509_ALGOR *algtmp = NULL; - ASN1_STRING *stmp = NULL; + X509_ALGOR *alg = NULL; + X509_ALGOR *inner_alg = NULL; + ASN1_STRING *astr = NULL; + int ret = 0; + + X509_ALGOR_free(*out_alg); + *out_alg = NULL; - *palg = NULL; if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1) - return 1; - /* need to embed algorithm ID inside another */ - if (!rsa_md_to_algor(&algtmp, mgf1md)) + goto done; + + if ((inner_alg = X509_ALGOR_new()) == NULL) + goto err; + if (!X509_ALGOR_set_evp_md(inner_alg, mgf1md)) goto err; - if (ASN1_item_pack(algtmp, &X509_ALGOR_it, &stmp) == NULL) - goto err; - *palg = X509_ALGOR_new(); - if (*palg == NULL) + if ((astr = ASN1_item_pack(inner_alg, &X509_ALGOR_it, NULL)) == NULL) + goto err; + + if ((alg = X509_ALGOR_new()) == NULL) goto err; - X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); - stmp = NULL; + if (!X509_ALGOR_set0_by_nid(alg, NID_mgf1, V_ASN1_SEQUENCE, astr)) + goto err; + astr = NULL; + + done: + *out_alg = alg; + alg = NULL; + + ret = 1; + err: - ASN1_STRING_free(stmp); - X509_ALGOR_free(algtmp); - if (*palg) - return 1; - return 0; + X509_ALGOR_free(alg); + X509_ALGOR_free(inner_alg); + ASN1_STRING_free(astr); + + return ret; } /* Convert algorithm ID to EVP_MD, defaults to SHA1. */ @@ -634,17 +684,17 @@ rsa_algor_to_md(X509_ALGOR *alg) * suitable for setting an AlgorithmIdentifier. */ static RSA_PSS_PARAMS * -rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) +rsa_ctx_to_pss(EVP_PKEY_CTX *pkey_ctx) { const EVP_MD *sigmd, *mgf1md; - EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); + EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkey_ctx); int saltlen; - if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) + if (EVP_PKEY_CTX_get_signature_md(pkey_ctx, &sigmd) <= 0) return NULL; - if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) + if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkey_ctx, &mgf1md) <= 0) return NULL; - if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) + if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen)) return NULL; if (saltlen == -1) { saltlen = EVP_MD_size(sigmd); @@ -662,53 +712,47 @@ rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) RSA_PSS_PARAMS * rsa_pss_params_create(const EVP_MD *sigmd, const EVP_MD *mgf1md, int saltlen) { - RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); + RSA_PSS_PARAMS *pss = NULL; - if (pss == NULL) + if (mgf1md == NULL) + mgf1md = sigmd; + + if ((pss = RSA_PSS_PARAMS_new()) == NULL) + goto err; + + if (!rsa_md_to_algor(sigmd, &pss->hashAlgorithm)) + goto err; + if (!rsa_mgf1md_to_maskGenAlgorithm(mgf1md, &pss->maskGenAlgorithm)) goto err; - if (saltlen != 20) { - pss->saltLength = ASN1_INTEGER_new(); - if (pss->saltLength == NULL) + + /* Translate mgf1md to X509_ALGOR in decoded form for internal use. */ + if (!rsa_md_to_algor(mgf1md, &pss->maskHash)) + goto err; + + /* RFC 8017, A.2.3 - default saltLength is SHA_DIGEST_LENGTH. */ + if (saltlen != SHA_DIGEST_LENGTH) { + if ((pss->saltLength = ASN1_INTEGER_new()) == NULL) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; } - if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd)) - goto err; - if (mgf1md == NULL) - mgf1md = sigmd; - if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) - goto err; - if (!rsa_md_to_algor(&pss->maskHash, mgf1md)) - goto err; + return pss; + err: RSA_PSS_PARAMS_free(pss); - return NULL; -} -static ASN1_STRING * -rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx) -{ - RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx); - ASN1_STRING *os; - - if (pss == NULL) - return NULL; - - os = ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, NULL); - RSA_PSS_PARAMS_free(pss); - return os; + return NULL; } /* * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are - * passed to pkctx instead. + * passed to pkey_ctx instead. */ static int -rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, +rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkey_ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { int rv = -1; @@ -731,11 +775,11 @@ rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, /* We have all parameters now set up context */ if (pkey) { - if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) + if (!EVP_DigestVerifyInit(ctx, &pkey_ctx, md, NULL, pkey)) goto err; } else { const EVP_MD *checkmd; - if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) + if (EVP_PKEY_CTX_get_signature_md(pkey_ctx, &checkmd) <= 0) goto err; if (EVP_MD_type(md) != EVP_MD_type(checkmd)) { RSAerror(RSA_R_DIGEST_DOES_NOT_MATCH); @@ -743,13 +787,13 @@ rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, } } - if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) + if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) goto err; - if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, saltlen) <= 0) goto err; - if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) + if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf1md) <= 0) goto err; /* Carry on */ rv = 1; @@ -799,14 +843,14 @@ rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); + EVP_PKEY_CTX *pkey_ctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); if (nid == EVP_PKEY_RSA_PSS) - return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); + return rsa_pss_to_ctx(NULL, pkey_ctx, alg, NULL); /* Only PSS allowed for PSS keys */ - if (pkey_ctx_is_pss(pkctx)) { + if (pkey_ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) { RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return 0; } @@ -841,32 +885,117 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return -1; } +static int +rsa_alg_set_pkcs1_padding(X509_ALGOR *alg) +{ + return X509_ALGOR_set0_by_nid(alg, NID_rsaEncryption, V_ASN1_NULL, NULL); +} + +static int +rsa_alg_set_pss_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx) +{ + RSA_PSS_PARAMS *pss = NULL; + ASN1_STRING *astr = NULL; + int ret = 0; + + if (pkey_ctx == NULL) + goto err; + + if ((pss = rsa_ctx_to_pss(pkey_ctx)) == NULL) + goto err; + if ((astr = ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, NULL)) == NULL) + goto err; + if (!X509_ALGOR_set0_by_nid(alg, EVP_PKEY_RSA_PSS, V_ASN1_SEQUENCE, astr)) + goto err; + astr = NULL; + + ret = 1; + + err: + ASN1_STRING_free(astr); + RSA_PSS_PARAMS_free(pss); + + return ret; +} + #ifndef OPENSSL_NO_CMS +static int +rsa_alg_set_oaep_padding(X509_ALGOR *alg, EVP_PKEY_CTX *pkey_ctx) +{ + const EVP_MD *md, *mgf1md; + RSA_OAEP_PARAMS *oaep = NULL; + ASN1_STRING *astr = NULL; + ASN1_OCTET_STRING *ostr = NULL; + unsigned char *label; + int labellen; + int ret = 0; + + if (EVP_PKEY_CTX_get_rsa_oaep_md(pkey_ctx, &md) <= 0) + goto err; + if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkey_ctx, &mgf1md) <= 0) + goto err; + labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkey_ctx, &label); + if (labellen < 0) + goto err; + + if ((oaep = RSA_OAEP_PARAMS_new()) == NULL) + goto err; + + if (!rsa_md_to_algor(md, &oaep->hashFunc)) + goto err; + if (!rsa_mgf1md_to_maskGenAlgorithm(mgf1md, &oaep->maskGenFunc)) + goto err; + + /* XXX - why do we not set oaep->maskHash here? */ + + if (labellen > 0) { + if ((oaep->pSourceFunc = X509_ALGOR_new()) == NULL) + goto err; + if ((ostr = ASN1_OCTET_STRING_new()) == NULL) + goto err; + if (!ASN1_OCTET_STRING_set(ostr, label, labellen)) + goto err; + if (!X509_ALGOR_set0_by_nid(oaep->pSourceFunc, NID_pSpecified, + V_ASN1_OCTET_STRING, ostr)) + goto err; + ostr = NULL; + } + + if ((astr = ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, NULL)) == NULL) + goto err; + if (!X509_ALGOR_set0_by_nid(alg, NID_rsaesOaep, V_ASN1_SEQUENCE, astr)) + goto err; + astr = NULL; + + ret = 1; + + err: + RSA_OAEP_PARAMS_free(oaep); + ASN1_STRING_free(astr); + ASN1_OCTET_STRING_free(ostr); + + return ret; +} + static int rsa_cms_sign(CMS_SignerInfo *si) { - int pad_mode = RSA_PKCS1_PADDING; + EVP_PKEY_CTX *pkey_ctx; X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); - ASN1_STRING *os = NULL; + int pad_mode = RSA_PKCS1_PADDING; - CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); - if (pkctx) { - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) + if ((pkey_ctx = CMS_SignerInfo_get0_pkey_ctx(si)) != NULL) { + if (EVP_PKEY_CTX_get_rsa_padding(pkey_ctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } - /* We don't support it */ - if (pad_mode != RSA_PKCS1_PSS_PADDING) - return 0; - os = rsa_ctx_to_pss_string(pkctx); - if (!os) - return 0; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); - return 1; + + CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); + if (pad_mode == RSA_PKCS1_PADDING) + return rsa_alg_set_pkcs1_padding(alg); + if (pad_mode == RSA_PKCS1_PSS_PADDING) + return rsa_alg_set_pss_padding(alg, pkey_ctx); + + return 0; } #endif @@ -874,30 +1003,20 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) { - EVP_PKEY_CTX *pkctx = ctx->pctx; + EVP_PKEY_CTX *pkey_ctx = ctx->pctx; int pad_mode; - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) + if (EVP_PKEY_CTX_get_rsa_padding(pkey_ctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { - ASN1_STRING *os1 = NULL; - os1 = rsa_ctx_to_pss_string(pkctx); - if (!os1) + if (!rsa_alg_set_pss_padding(alg1, pkey_ctx)) return 0; - /* Duplicate parameters if we have to */ - if (alg2) { - ASN1_STRING *os2 = ASN1_STRING_dup(os1); - if (!os2) { - ASN1_STRING_free(os1); + if (alg2 != NULL) { + if (!rsa_alg_set_pss_padding(alg2, pkey_ctx)) return 0; - } - X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os2); } - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os1); return 3; } return 2; @@ -1007,115 +1126,70 @@ rsa_cms_decrypt(CMS_RecipientInfo *ri) static int rsa_cms_encrypt(CMS_RecipientInfo *ri) { - const EVP_MD *md, *mgf1md; - RSA_OAEP_PARAMS *oaep = NULL; - ASN1_STRING *os = NULL; X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; - unsigned char *label; + EVP_PKEY_CTX *pkey_ctx; + int pad_mode = RSA_PKCS1_PADDING; - if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) - return 0; - if (pkctx) { - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) + if ((pkey_ctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) != NULL) { + if (EVP_PKEY_CTX_get_rsa_padding(pkey_ctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } - /* Not supported */ - if (pad_mode != RSA_PKCS1_OAEP_PADDING) + + if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg)) return 0; - if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) - goto err; - if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) - goto err; - labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); - if (labellen < 0) - goto err; - oaep = RSA_OAEP_PARAMS_new(); - if (oaep == NULL) - goto err; - if (!rsa_md_to_algor(&oaep->hashFunc, md)) - goto err; - if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) - goto err; - if (labellen > 0) { - ASN1_OCTET_STRING *los; - oaep->pSourceFunc = X509_ALGOR_new(); - if (oaep->pSourceFunc == NULL) - goto err; - los = ASN1_OCTET_STRING_new(); - if (los == NULL) - goto err; - if (!ASN1_OCTET_STRING_set(los, label, labellen)) { - ASN1_OCTET_STRING_free(los); - goto err; - } - X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, los); - } - /* create string with pss parameter encoding. */ - if (!ASN1_item_pack(oaep, &RSA_OAEP_PARAMS_it, &os)) - goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); - os = NULL; - rv = 1; - err: - RSA_OAEP_PARAMS_free(oaep); - ASN1_STRING_free(os); - return rv; + if (pad_mode == RSA_PKCS1_PADDING) + return rsa_alg_set_pkcs1_padding(alg); + if (pad_mode == RSA_PKCS1_OAEP_PADDING) + return rsa_alg_set_oaep_padding(alg, pkey_ctx); + + return 0; } #endif -const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { - { - .pkey_id = EVP_PKEY_RSA, - .pkey_base_id = EVP_PKEY_RSA, - .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, +const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = { + .base_method = &rsa_asn1_meth, + .pkey_id = EVP_PKEY_RSA, + .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, - .pem_str = "RSA", - .info = "OpenSSL RSA method", + .pem_str = "RSA", + .info = "OpenSSL RSA method", - .pub_decode = rsa_pub_decode, - .pub_encode = rsa_pub_encode, - .pub_cmp = rsa_pub_cmp, - .pub_print = rsa_pub_print, + .pub_decode = rsa_pub_decode, + .pub_encode = rsa_pub_encode, + .pub_cmp = rsa_pub_cmp, + .pub_print = rsa_pub_print, - .priv_decode = rsa_priv_decode, - .priv_encode = rsa_priv_encode, - .priv_print = rsa_priv_print, + .priv_decode = rsa_priv_decode, + .priv_encode = rsa_priv_encode, + .priv_print = rsa_priv_print, - .pkey_size = rsa_size, - .pkey_bits = rsa_bits, - .pkey_security_bits = rsa_security_bits, + .pkey_size = rsa_size, + .pkey_bits = rsa_bits, + .pkey_security_bits = rsa_security_bits, - .sig_print = rsa_sig_print, + .sig_print = rsa_sig_print, - .pkey_free = rsa_free, - .pkey_ctrl = rsa_pkey_ctrl, - .old_priv_decode = old_rsa_priv_decode, - .old_priv_encode = old_rsa_priv_encode, - .item_verify = rsa_item_verify, - .item_sign = rsa_item_sign, + .pkey_free = rsa_free, + .pkey_ctrl = rsa_pkey_ctrl, + .old_priv_decode = old_rsa_priv_decode, + .old_priv_encode = old_rsa_priv_encode, + .item_verify = rsa_item_verify, + .item_sign = rsa_item_sign, - .pkey_check = rsa_pkey_check, - }, + .pkey_check = rsa_pkey_check, +}; - { - .pkey_id = EVP_PKEY_RSA2, - .pkey_base_id = EVP_PKEY_RSA, - .pkey_flags = ASN1_PKEY_ALIAS, +const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth = { + .base_method = &rsa_asn1_meth, + .pkey_id = EVP_PKEY_RSA2, + .pkey_flags = ASN1_PKEY_ALIAS, - .pkey_check = rsa_pkey_check, - }, + .pkey_check = rsa_pkey_check, }; const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { + .base_method = &rsa_pss_asn1_meth, .pkey_id = EVP_PKEY_RSA_PSS, - .pkey_base_id = EVP_PKEY_RSA_PSS, .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, .pem_str = "RSA-PSS", diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index fbd2c227..b379cddc 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_lib.c,v 1.48 2023/07/28 10:05:16 tb Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.49 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,10 +71,6 @@ #include "evp_local.h" #include "rsa_local.h" -#ifndef OPENSSL_NO_ENGINE -#include -#endif - static const RSA_METHOD *default_RSA_meth = NULL; RSA * @@ -122,10 +118,6 @@ RSA_set_method(RSA *rsa, const RSA_METHOD *meth) mtmp = rsa->meth; if (mtmp->finish) mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(rsa->engine); - rsa->engine = NULL; -#endif rsa->meth = meth; if (meth->init) meth->init(rsa); @@ -145,25 +137,6 @@ RSA_new_method(ENGINE *engine) ret->meth = RSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine != NULL) { - if (!ENGINE_init(engine)) { - RSAerror(ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else { - ret->engine = ENGINE_get_default_RSA(); - } - - if (ret->engine != NULL) { - if ((ret->meth = ENGINE_get_RSA(ret->engine)) == NULL) { - RSAerror(ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - ret->references = 1; ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; @@ -178,9 +151,6 @@ RSA_new_method(ENGINE *engine) return ret; err: -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); -#endif free(ret); return NULL; @@ -201,9 +171,6 @@ RSA_free(RSA *r) if (r->meth->finish) r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(r->engine); -#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 51ed9259..d537ab9c 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_local.h,v 1.6 2023/08/09 12:09:06 tb Exp $ */ +/* $OpenBSD: rsa_local.h,v 1.8 2024/01/01 15:43:02 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,10 +60,6 @@ __BEGIN_HIDDEN_DECLS #define RSA_MIN_MODULUS_BITS 512 -/* Macros to test if a pkey or ctx is for a PSS key */ -#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) -#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) - struct rsa_meth_st { char *name; int (*rsa_pub_enc)(int flen, const unsigned char *from, @@ -108,8 +104,6 @@ struct rsa_st { long version; const RSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; BIGNUM *n; BIGNUM *e; BIGNUM *d; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index c2c3a61d..49276738 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_oaep.c,v 1.37 2023/07/08 12:26:45 beck Exp $ */ +/* $OpenBSD: rsa_oaep.c,v 1.38 2024/02/18 15:45:42 tb Exp $ */ /* * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * @@ -331,7 +331,7 @@ PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, int mdlen; int rv = -1; - EVP_MD_CTX_init(&c); + EVP_MD_CTX_legacy_clear(&c); mdlen = EVP_MD_size(dgst); if (mdlen < 0) goto err; diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index cb82b090..9be90796 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.39 2023/07/08 12:26:45 beck Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.40 2023/12/28 21:59:07 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -756,32 +756,36 @@ pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; RSA_PKEY_CTX *rctx = ctx->data; - BN_GENCB *pcb, cb; - int ret; + BN_GENCB *pcb = NULL; + BN_GENCB cb = {0}; + int ret = 0; if (rctx->pub_exp == NULL) { if ((rctx->pub_exp = BN_new()) == NULL) - return 0; + goto err; if (!BN_set_word(rctx->pub_exp, RSA_F4)) - return 0; + goto err; } + if ((rsa = RSA_new()) == NULL) - return 0; + goto err; if (ctx->pkey_gencb != NULL) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); - } else { - pcb = NULL; } - ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); - if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) { - RSA_free(rsa); - return 0; - } - if (ret > 0) - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa); - else - RSA_free(rsa); + if (!RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb)) + goto err; + if (!rsa_set_pss_param(rsa, ctx)) + goto err; + if (!EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa)) + goto err; + rsa = NULL; + + ret = 1; + + err: + RSA_free(rsa); + return ret; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 0860409b..6670866f 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pss.c,v 1.17 2023/07/08 12:26:45 beck Exp $ */ +/* $OpenBSD: rsa_pss.c,v 1.18 2024/02/18 15:45:42 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2005. */ @@ -92,7 +92,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EVP_MD_CTX ctx; unsigned char H_[EVP_MAX_MD_SIZE]; - EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_legacy_clear(&ctx); if (mgf1Hash == NULL) mgf1Hash = Hash; @@ -200,7 +200,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, unsigned char *H, *salt = NULL, *p; EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_legacy_clear(&ctx); if (mgf1Hash == NULL) mgf1Hash = Hash; diff --git a/crypto/sha/sha1-elf-x86_64.S b/crypto/sha/sha1-elf-x86_64.S index 3240e9ec..6d536ca7 100644 --- a/crypto/sha/sha1-elf-x86_64.S +++ b/crypto/sha/sha1-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,7 +13,7 @@ .type sha1_block_data_order,@function .align 16 sha1_block_data_order: - endbr64 +_CET_ENDBR movl OPENSSL_ia32cap_P+0(%rip),%r9d movl OPENSSL_ia32cap_P+4(%rip),%r8d testl $IA32CAP_MASK1_SSSE3,%r8d @@ -1295,7 +1301,7 @@ sha1_block_data_order: .align 16 sha1_block_data_order_ssse3: _ssse3_shortcut: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 diff --git a/crypto/sha/sha1-macosx-x86_64.S b/crypto/sha/sha1-macosx-x86_64.S index 04a8affb..266e52b8 100644 --- a/crypto/sha/sha1-macosx-x86_64.S +++ b/crypto/sha/sha1-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -7,6 +13,7 @@ .p2align 4 _sha1_block_data_order: +_CET_ENDBR movl _OPENSSL_ia32cap_P+0(%rip),%r9d movl _OPENSSL_ia32cap_P+4(%rip),%r8d testl $IA32CAP_MASK1_SSSE3,%r8d @@ -1294,6 +1301,7 @@ L$epilogue: .p2align 4 sha1_block_data_order_ssse3: _ssse3_shortcut: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -2477,6 +2485,7 @@ L$done_ssse3: L$epilogue_ssse3: retq +.section __DATA,__const .p2align 6 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -2484,5 +2493,5 @@ K_XX_XX: .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f -.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.text .p2align 6 diff --git a/crypto/sha/sha1-masm-x86_64.S b/crypto/sha/sha1-masm-x86_64.S index f520b5a8..f67dcba3 100644 --- a/crypto/sha/sha1-masm-x86_64.S +++ b/crypto/sha/sha1-masm-x86_64.S @@ -1,28 +1,34 @@ ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/sha/sha1-masm-x86_64.S.tmp" 2 +; 9 "crypto/sha/sha1-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' EXTERN OPENSSL_ia32cap_P:NEAR @@ -84,6 +90,7 @@ $L$SEH_begin_sha1_block_data_order:: mov rdx,r8 + mov r9d,DWORD PTR[((OPENSSL_ia32cap_P+0))] mov r8d,DWORD PTR[((OPENSSL_ia32cap_P+4))] test r8d,(1 SHL 9) @@ -1383,6 +1390,7 @@ $L$SEH_begin_sha1_block_data_order_ssse3:: _ssse3_shortcut:: + push rbx push rbp push r12 @@ -2580,6 +2588,8 @@ $L$epilogue_ssse3:: DB 0F3h,0C3h ;repret $L$SEH_end_sha1_block_data_order_ssse3:: sha1_block_data_order_ssse3 ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 K_XX_XX:: DD 05a827999h,05a827999h,05a827999h,05a827999h @@ -2587,16 +2597,14 @@ K_XX_XX:: DD 08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch DD 0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h DD 000010203h,004050607h,008090a0bh,00c0d0e0fh -DB 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115 -DB 102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44 -DB 32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60 -DB 97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114 -DB 103,62,0 +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' ALIGN 64 EXTERN __imp_RtlVirtualUnwind:NEAR ALIGN 16 se_handler PROC PRIVATE + push rsi push rdi push rbx diff --git a/crypto/sha/sha1-mingw64-x86_64.S b/crypto/sha/sha1-mingw64-x86_64.S index 3ce9fc9b..fc65b37c 100644 --- a/crypto/sha/sha1-mingw64-x86_64.S +++ b/crypto/sha/sha1-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -15,6 +21,7 @@ sha1_block_data_order: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR movl OPENSSL_ia32cap_P+0(%rip),%r9d movl OPENSSL_ia32cap_P+4(%rip),%r8d testl $IA32CAP_MASK1_SSSE3,%r8d @@ -1312,6 +1319,7 @@ sha1_block_data_order_ssse3: movq %r8,%rdx _ssse3_shortcut: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -2508,6 +2516,7 @@ _ssse3_shortcut: movq 16(%rsp),%rsi retq .LSEH_end_sha1_block_data_order_ssse3: +.section .rodata .p2align 6 K_XX_XX: .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 @@ -2515,12 +2524,13 @@ K_XX_XX: .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f -.byte 83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.text .p2align 6 .def se_handler; .scl 3; .type 32; .endef .p2align 4 se_handler: +_CET_ENDBR pushq %rsi pushq %rdi pushq %rbx diff --git a/crypto/sha/sha256-elf-x86_64.S b/crypto/sha/sha256-elf-x86_64.S index b976181a..33e59d61 100644 --- a/crypto/sha/sha256-elf-x86_64.S +++ b/crypto/sha/sha256-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,7 +11,7 @@ .type sha256_block_data_order,@function .align 16 sha256_block_data_order: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 diff --git a/crypto/sha/sha256-macosx-x86_64.S b/crypto/sha/sha256-macosx-x86_64.S index 4b468b7f..cd02b1d8 100644 --- a/crypto/sha/sha256-macosx-x86_64.S +++ b/crypto/sha/sha256-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 4 _sha256_block_data_order: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1758,6 +1765,7 @@ L$rounds_16_xx: L$epilogue: retq +.section __DATA,__const .p2align 6 K256: @@ -1777,3 +1785,4 @@ K256: .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.text diff --git a/crypto/sha/sha256-masm-x86_64.S b/crypto/sha/sha256-masm-x86_64.S index 7c182f90..1c4e39ed 100644 --- a/crypto/sha/sha256-masm-x86_64.S +++ b/crypto/sha/sha256-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/sha/sha256-masm-x86_64.S.tmp" 2 +; 9 "crypto/sha/sha256-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC sha256_block_data_order @@ -83,6 +89,7 @@ $L$SEH_begin_sha256_block_data_order:: mov rcx,r9 + push rbx push rbp push r12 @@ -1839,6 +1846,8 @@ $L$epilogue:: DB 0F3h,0C3h ;repret $L$SEH_end_sha256_block_data_order:: sha256_block_data_order ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 K256:: @@ -1858,6 +1867,8 @@ K256:: DD 0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h DD 0748f82eeh,078a5636fh,084c87814h,08cc70208h DD 090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' .text$ ENDS END diff --git a/crypto/sha/sha256-mingw64-x86_64.S b/crypto/sha/sha256-mingw64-x86_64.S index 3de981b8..585126bc 100644 --- a/crypto/sha/sha256-mingw64-x86_64.S +++ b/crypto/sha/sha256-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -14,6 +20,7 @@ sha256_block_data_order: movq %r8,%rdx movq %r9,%rcx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1769,6 +1776,7 @@ sha256_block_data_order: movq 16(%rsp),%rsi retq .LSEH_end_sha256_block_data_order: +.section .rodata .p2align 6 K256: @@ -1788,3 +1796,4 @@ K256: .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.text diff --git a/crypto/sha/sha512-elf-x86_64.S b/crypto/sha/sha512-elf-x86_64.S index 0581c7c9..99d655bd 100644 --- a/crypto/sha/sha512-elf-x86_64.S +++ b/crypto/sha/sha512-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,7 +11,7 @@ .type sha512_block_data_order,@function .align 16 sha512_block_data_order: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 diff --git a/crypto/sha/sha512-macosx-x86_64.S b/crypto/sha/sha512-macosx-x86_64.S index 7581da47..77f21cda 100644 --- a/crypto/sha/sha512-macosx-x86_64.S +++ b/crypto/sha/sha512-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 4 _sha512_block_data_order: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1758,6 +1765,7 @@ L$rounds_16_xx: L$epilogue: retq +.section __DATA,__const .p2align 6 K512: @@ -1801,3 +1809,4 @@ K512: .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +.text diff --git a/crypto/sha/sha512-masm-x86_64.S b/crypto/sha/sha512-masm-x86_64.S index e964d9c8..e06a6190 100644 --- a/crypto/sha/sha512-masm-x86_64.S +++ b/crypto/sha/sha512-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/sha/sha512-masm-x86_64.S.tmp" 2 +; 9 "crypto/sha/sha512-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC sha512_block_data_order @@ -83,6 +89,7 @@ $L$SEH_begin_sha512_block_data_order:: mov rcx,r9 + push rbx push rbp push r12 @@ -1839,6 +1846,8 @@ $L$epilogue:: DB 0F3h,0C3h ;repret $L$SEH_end_sha512_block_data_order:: sha512_block_data_order ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 K512:: @@ -1882,6 +1891,8 @@ K512:: DQ 03c9ebe0a15c9bebch,0431d67c49c100d4ch DQ 04cc5d4becb3e42b6h,0597f299cfc657e2ah DQ 05fcb6fab3ad6faech,06c44198c4a475817h +.rdata ENDS +.text$ SEGMENT ALIGN(64) 'CODE' .text$ ENDS END diff --git a/crypto/sha/sha512-mingw64-x86_64.S b/crypto/sha/sha512-mingw64-x86_64.S index 51539524..e806e3a1 100644 --- a/crypto/sha/sha512-mingw64-x86_64.S +++ b/crypto/sha/sha512-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -14,6 +20,7 @@ sha512_block_data_order: movq %r8,%rdx movq %r9,%rcx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -1769,6 +1776,7 @@ sha512_block_data_order: movq 16(%rsp),%rsi retq .LSEH_end_sha512_block_data_order: +.section .rodata .p2align 6 K512: @@ -1812,3 +1820,4 @@ K512: .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +.text diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 65bd3217..60a302af 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stack.c,v 1.23 2023/04/24 15:35:22 beck Exp $ */ +/* $OpenBSD: stack.c,v 1.28 2024/03/02 11:20:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,16 +56,20 @@ * [including the GNU Public Licence.] */ +#include #include #include #include #include +#include "stack_local.h" + #undef MIN_NODES #define MIN_NODES 4 -#include +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))( @@ -196,6 +200,39 @@ sk_delete(_STACK *st, int loc) } LCRYPTO_ALIAS(sk_delete); +static const void * +obj_bsearch_ex(const void *key, const void *base_, int num, int size, + int (*cmp)(const void *, const void *), int flags) +{ + const char *base = base_; + int l, h, i = 0, c = 0; + const char *p = NULL; + + if (num == 0) + return (NULL); + l = 0; + h = num; + while (l < h) { + i = (l + h) / 2; + p = &(base[i * size]); + c = (*cmp)(key, p); + if (c < 0) + h = i; + else if (c > 0) + l = i + 1; + else + break; + } + if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) + p = NULL; + else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) { + while (i > 0 && (*cmp)(key, &(base[(i - 1) * size])) == 0) + i--; + p = &(base[i * size]); + } + return (p); +} + static int internal_find(_STACK *st, void *data, int ret_val_options) { @@ -214,7 +251,7 @@ internal_find(_STACK *st, void *data, int ret_val_options) sk_sort(st); if (data == NULL) return (-1); - r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, + r = obj_bsearch_ex(&data, st->data, st->num, sizeof(void *), st->comp, ret_val_options); if (r == NULL) return (-1); @@ -228,13 +265,6 @@ sk_find(_STACK *st, void *data) } LCRYPTO_ALIAS(sk_find); -int -sk_find_ex(_STACK *st, void *data) -{ - return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); -} -LCRYPTO_ALIAS(sk_find_ex); - int sk_push(_STACK *st, void *data) { diff --git a/crypto/evp/p_enc.c b/crypto/stack/stack_local.h similarity index 82% rename from crypto/evp/p_enc.c rename to crypto/stack/stack_local.h index 1abaf0b2..a3307071 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/stack/stack_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: p_enc.c,v 1.15 2023/07/07 19:37:54 beck Exp $ */ +/* $OpenBSD: stack_local.h,v 1.1 2024/03/02 11:11:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,36 +56,16 @@ * [including the GNU Public Licence.] */ -#include +#ifndef HEADER_STACK_LOCAL_H +#define HEADER_STACK_LOCAL_H -#include +struct stack_st { + int num; + char **data; + int sorted; -#include -#include -#include -#include + int num_alloc; + int (*comp)(const void *, const void *); +} /* _STACK */; -#ifndef OPENSSL_NO_RSA -#include #endif - -#include "evp_local.h" - -int -EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, - EVP_PKEY *pubk) -{ - int ret = 0; - -#ifndef OPENSSL_NO_RSA - if (pubk->type != EVP_PKEY_RSA) { -#endif - EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); -#ifndef OPENSSL_NO_RSA - goto err; - } - ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING); -err: -#endif - return (ret); -} diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 103d4302..5d27a8bb 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_conf.c,v 1.12 2023/07/07 07:25:21 beck Exp $ */ +/* $OpenBSD: ts_conf.c,v 1.13 2023/11/19 15:46:10 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -65,10 +65,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - /* Macro definitions for the configuration file. */ #define BASE_SECTION "tsa" @@ -211,56 +207,6 @@ TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, } LCRYPTO_ALIAS(TS_CONF_set_serial); -#ifndef OPENSSL_NO_ENGINE - -int -TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device) -{ - int ret = 0; - - if (!device) - device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); - - if (device && !TS_CONF_set_default_engine(device)) { - TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); - goto err; - } - ret = 1; - -err: - return ret; -} -LCRYPTO_ALIAS(TS_CONF_set_crypto_device); - -int -TS_CONF_set_default_engine(const char *name) -{ - ENGINE *e = NULL; - int ret = 0; - - /* Leave the default if builtin specified. */ - if (strcmp(name, "builtin") == 0) - return 1; - - if (!(e = ENGINE_by_id(name))) - goto err; - /* All the operations are going to be carried out by the engine. */ - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - goto err; - ret = 1; - -err: - if (!ret) { - TSerror(TS_R_COULD_NOT_SET_ENGINE); - ERR_asprintf_error_data("engine:%s", name); - } - ENGINE_free(e); - return ret; -} -LCRYPTO_ALIAS(TS_CONF_set_default_engine); - -#endif - int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx) diff --git a/crypto/ui/ui_openssl_win.c b/crypto/ui/ui_openssl_win.c index b6a621f5..09705e48 100644 --- a/crypto/ui/ui_openssl_win.c +++ b/crypto/ui/ui_openssl_win.c @@ -20,7 +20,7 @@ * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * for use in the OpenSSL Toolkit. (https://www.openssl.org/)" * * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to * endorse or promote products derived from this software without @@ -34,7 +34,7 @@ * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * for use in the OpenSSL Toolkit (https://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -130,9 +130,6 @@ #define NX509_SIG 32 #endif -/* Define globals. They are protected by a lock */ -static void (*savsig[NX509_SIG])(int ); - DWORD console_mode; static FILE *tty_in, *tty_out; static int is_a_tty; diff --git a/crypto/whrlpool/wp-elf-x86_64.S b/crypto/whrlpool/wp-elf-x86_64.S index aba96efe..dec85686 100644 --- a/crypto/whrlpool/wp-elf-x86_64.S +++ b/crypto/whrlpool/wp-elf-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,7 +11,7 @@ .type whirlpool_block,@function .align 16 whirlpool_block: - endbr64 +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 diff --git a/crypto/whrlpool/wp-macosx-x86_64.S b/crypto/whrlpool/wp-macosx-x86_64.S index 6df325ad..9d68fcd0 100644 --- a/crypto/whrlpool/wp-macosx-x86_64.S +++ b/crypto/whrlpool/wp-macosx-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -5,6 +11,7 @@ .p2align 4 _whirlpool_block: +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -588,6 +595,7 @@ L$epilogue: retq +.section __DATA,__const .p2align 6 L$table: diff --git a/crypto/whrlpool/wp-masm-x86_64.S b/crypto/whrlpool/wp-masm-x86_64.S index 71f0c012..45c71d4c 100644 --- a/crypto/whrlpool/wp-masm-x86_64.S +++ b/crypto/whrlpool/wp-masm-x86_64.S @@ -1,27 +1,33 @@ ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp" ; 1 "" 1 ; 1 "" 3 -; 343 "" 3 +; 371 "" 3 ; 1 "" 1 ; 1 "" 2 ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp" 2 OPTION DOTNAME -; 1 "./crypto/x86_arch.h" 1 -; 16 "./crypto/x86_arch.h" +; 1 "./crypto/x86_arch.h" 1 + +; 16 "./crypto/x86_arch.h" + -; 40 "./crypto/x86_arch.h" + + + +; 40 "./crypto/x86_arch.h" + @@ -66,7 +72,7 @@ OPTION DOTNAME -; 3 "crypto/whrlpool/wp-masm-x86_64.S.tmp" 2 +; 9 "crypto/whrlpool/wp-masm-x86_64.S.tmp" 2 .text$ SEGMENT ALIGN(64) 'CODE' PUBLIC whirlpool_block @@ -82,6 +88,7 @@ $L$SEH_begin_whirlpool_block:: mov rdx,r8 + push rbx push rbp push r12 @@ -668,6 +675,8 @@ $L$epilogue:: $L$SEH_end_whirlpool_block:: whirlpool_block ENDP +.text$ ENDS +.rdata SEGMENT READONLY ALIGN(64) ALIGN 64 $L$table:: @@ -938,6 +947,6 @@ DB 228,39,65,139,167,125,149,216 DB 251,238,124,102,221,23,71,158 DB 202,45,191,7,173,90,131,51 -.text$ ENDS +.rdata ENDS END diff --git a/crypto/whrlpool/wp-mingw64-x86_64.S b/crypto/whrlpool/wp-mingw64-x86_64.S index ea9f6cf9..1d34eede 100644 --- a/crypto/whrlpool/wp-mingw64-x86_64.S +++ b/crypto/whrlpool/wp-mingw64-x86_64.S @@ -1,3 +1,9 @@ +#if defined(__CET__) +#include +#else +#define _CET_ENDBR +#endif + #include "x86_arch.h" .text @@ -13,6 +19,7 @@ whirlpool_block: movq %rdx,%rsi movq %r8,%rdx +_CET_ENDBR pushq %rbx pushq %rbp pushq %r12 @@ -598,6 +605,7 @@ whirlpool_block: retq .LSEH_end_whirlpool_block: +.section .rodata .p2align 6 .Ltable: diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 9fa6a100..7e6949e2 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_dir.c,v 1.44 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: by_dir.c,v 1.46 2023/12/29 05:33:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -103,13 +103,8 @@ static X509_LOOKUP_METHOD x509_dir_lookup = { .name = "Load certs from files in a directory", .new_item = new_dir, .free = free_dir, - .init = NULL, - .shutdown = NULL, .ctrl = dir_ctrl, .get_by_subject = get_cert_by_subject, - .get_by_issuer_serial = NULL, - .get_by_fingerprint = NULL, - .get_by_alias = NULL, }; X509_LOOKUP_METHOD * @@ -123,10 +118,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **retp) { + BY_DIR *ld = ctx->method_data; int ret = 0; - BY_DIR *ld; - - ld = (BY_DIR *)ctx->method_data; switch (cmd) { case X509_L_ADD_DIR: @@ -158,7 +151,7 @@ new_dir(X509_LOOKUP *lu) return 0; } a->dirs = NULL; - lu->method_data = (char *)a; + lu->method_data = a; return 1; } @@ -192,7 +185,7 @@ free_dir(X509_LOOKUP *lu) { BY_DIR *a; - a = (BY_DIR *)lu->method_data; + a = lu->method_data; sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); BUF_MEM_free(a->buffer); free(a); @@ -305,7 +298,7 @@ get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, goto finish; } - ctx = (BY_DIR *)xl->method_data; + ctx = xl->method_data; h = X509_NAME_hash(name); for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 606f4c8d..bfab3761 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_file.c,v 1.28 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: by_file.c,v 1.30 2023/12/25 22:14:23 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,13 +75,8 @@ static X509_LOOKUP_METHOD x509_file_lookup = { .name = "Load file into cache", .new_item = NULL, .free = NULL, - .init = NULL, - .shutdown = NULL, .ctrl = by_file_ctrl, .get_by_subject = NULL, - .get_by_issuer_serial = NULL, - .get_by_fingerprint = NULL, - .get_by_alias = NULL, }; X509_LOOKUP_METHOD * @@ -95,28 +90,22 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { - int ok = 0; + const char *file = argp; + int type = argl; - switch (cmd) { - case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) { - ok = (X509_load_cert_crl_file(ctx, - X509_get_default_cert_file(), - X509_FILETYPE_PEM) != 0); - if (!ok) { - X509error(X509_R_LOADING_DEFAULTS); - } - } else { - if (argl == X509_FILETYPE_PEM) - ok = (X509_load_cert_crl_file(ctx, argp, - X509_FILETYPE_PEM) != 0); - else - ok = (X509_load_cert_file(ctx, - argp, (int)argl) != 0); - } - break; + if (cmd != X509_L_FILE_LOAD) + return 0; + + if (argl == X509_FILETYPE_DEFAULT) { + file = X509_get_default_cert_file(); + type = X509_FILETYPE_PEM; } - return ok; + if (X509_load_cert_crl_file(ctx, file, type) != 0) + return 1; + if (argl == X509_FILETYPE_DEFAULT) + X509error(X509_R_LOADING_DEFAULTS); + + return 0; } int diff --git a/crypto/x509/by_mem.c b/crypto/x509/by_mem.c index 579eecd3..ac3a24de 100644 --- a/crypto/x509/by_mem.c +++ b/crypto/x509/by_mem.c @@ -1,4 +1,4 @@ -/* $OpenBSD: by_mem.c,v 1.8 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: by_mem.c,v 1.9 2023/12/25 22:14:23 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -76,13 +76,8 @@ static X509_LOOKUP_METHOD x509_mem_lookup = { .name = "Load cert from memory", .new_item = NULL, .free = NULL, - .init = NULL, - .shutdown = NULL, .ctrl = by_mem_ctrl, .get_by_subject = NULL, - .get_by_issuer_serial = NULL, - .get_by_fingerprint = NULL, - .get_by_alias = NULL, }; X509_LOOKUP_METHOD * diff --git a/crypto/x509/x509_addr.c b/crypto/x509/x509_addr.c index 5e4223ce..a3b28ac0 100644 --- a/crypto/x509/x509_addr.c +++ b/crypto/x509/x509_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_addr.c,v 1.90 2023/09/27 11:29:22 tb Exp $ */ +/* $OpenBSD: x509_addr.c,v 1.91 2023/10/29 13:22:37 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -1886,8 +1886,11 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, if (ext == NULL) { depth = 0; cert = sk_X509_value(chain, depth); - if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) - goto done; + if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) { + if ((ret = verify_error(ctx, cert, + X509_V_ERR_INVALID_EXTENSION, depth)) == 0) + goto done; + } if ((ext = cert->rfc3779_addr) == NULL) goto done; } else if (!X509v3_addr_is_canonical(ext)) { diff --git a/crypto/x509/x509_asid.c b/crypto/x509/x509_asid.c index 95b1acb1..2fda58c3 100644 --- a/crypto/x509/x509_asid.c +++ b/crypto/x509/x509_asid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_asid.c,v 1.40 2023/04/19 12:30:09 jsg Exp $ */ +/* $OpenBSD: x509_asid.c,v 1.43 2024/02/20 14:58:16 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -406,8 +406,12 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) { ASIdentifierChoice **choice; + ASIdentifierChoice *aic = NULL; + int ret = 0; + if (asid == NULL) - return 0; + goto err; + switch (which) { case V3_ASID_ASNUM: choice = &asid->asnum; @@ -416,19 +420,76 @@ X509v3_asid_add_inherit(ASIdentifiers *asid, int which) choice = &asid->rdi; break; default: - return 0; + goto err; } - if (*choice == NULL) { - if ((*choice = ASIdentifierChoice_new()) == NULL) - return 0; - if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) - return 0; - (*choice)->type = ASIdentifierChoice_inherit; + + if (*choice != NULL) { + if ((*choice)->type != ASIdentifierChoice_inherit) + goto err; + } else { + if ((aic = ASIdentifierChoice_new()) == NULL) + goto err; + if ((aic->u.inherit = ASN1_NULL_new()) == NULL) + goto err; + aic->type = ASIdentifierChoice_inherit; + + *choice = aic; + aic = NULL; } - return (*choice)->type == ASIdentifierChoice_inherit; + + ret = 1; + + err: + ASIdentifierChoice_free(aic); + + return ret; } LCRYPTO_ALIAS(X509v3_asid_add_inherit); +static int +ASIdOrRanges_add_id_or_range(ASIdOrRanges *aors, ASN1_INTEGER *min, + ASN1_INTEGER *max) +{ + ASIdOrRange *aor = NULL; + ASRange *asr = NULL; + int ret = 0; + + /* Preallocate since we must not fail after sk_ASIdOrRange_push(). */ + if (max != NULL) { + if ((asr = ASRange_new()) == NULL) + goto err; + } + + if ((aor = ASIdOrRange_new()) == NULL) + goto err; + if (sk_ASIdOrRange_push(aors, aor) <= 0) + goto err; + + if (max == NULL) { + aor->type = ASIdOrRange_id; + aor->u.id = min; + } else { + ASN1_INTEGER_free(asr->min); + asr->min = min; + ASN1_INTEGER_free(asr->max); + asr->max = max; + + aor->type = ASIdOrRange_range; + aor->u.range = asr; + asr = NULL; + } + + aor = NULL; + + ret = 1; + + err: + ASIdOrRange_free(aor); + ASRange_free(asr); + + return ret; +} + /* * Add an ID or range to an ASIdentifierChoice. */ @@ -437,9 +498,12 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min, ASN1_INTEGER *max) { ASIdentifierChoice **choice; - ASIdOrRange *aor; + ASIdentifierChoice *aic = NULL, *new_aic = NULL; + int ret = 0; + if (asid == NULL) - return 0; + goto err; + switch (which) { case V3_ASID_ASNUM: choice = &asid->asnum; @@ -448,39 +512,33 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min, choice = &asid->rdi; break; default: - return 0; - } - if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) - return 0; - if (*choice == NULL) { - if ((*choice = ASIdentifierChoice_new()) == NULL) - return 0; - (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); - if ((*choice)->u.asIdsOrRanges == NULL) - return 0; - (*choice)->type = ASIdentifierChoice_asIdsOrRanges; + goto err; } - if ((aor = ASIdOrRange_new()) == NULL) - return 0; - if (max == NULL) { - aor->type = ASIdOrRange_id; - aor->u.id = min; + + if ((aic = *choice) != NULL) { + if (aic->type != ASIdentifierChoice_asIdsOrRanges) + goto err; } else { - aor->type = ASIdOrRange_range; - if ((aor->u.range = ASRange_new()) == NULL) + if ((aic = new_aic = ASIdentifierChoice_new()) == NULL) goto err; - ASN1_INTEGER_free(aor->u.range->min); - aor->u.range->min = min; - ASN1_INTEGER_free(aor->u.range->max); - aor->u.range->max = max; + aic->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); + if (aic->u.asIdsOrRanges == NULL) + goto err; + aic->type = ASIdentifierChoice_asIdsOrRanges; } - if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) + + if (!ASIdOrRanges_add_id_or_range(aic->u.asIdsOrRanges, min, max)) goto err; - return 1; + + *choice = aic; + aic = new_aic = NULL; + + ret = 1; err: - ASIdOrRange_free(aor); - return 0; + ASIdentifierChoice_free(new_aic); + + return ret; } LCRYPTO_ALIAS(X509v3_asid_add_id_or_range); @@ -500,6 +558,8 @@ extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) *max = aor->u.range->max; return 1; } + *min = NULL; + *max = NULL; return 0; } @@ -510,6 +570,8 @@ extract_min_max(ASIdOrRange *aor, ASN1_INTEGER **min, ASN1_INTEGER **max) static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) { + ASIdOrRange *a, *b; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; ASN1_INTEGER *a_max_plus_one = NULL; ASN1_INTEGER *orig; BIGNUM *bn = NULL; @@ -532,15 +594,8 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) * It's a list, check it. */ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i + 1); - ASN1_INTEGER *a_min = NULL, - *a_max = NULL, - *b_min = NULL, - *b_max = - NULL; + a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); if (!extract_min_max(a, &a_min, &a_max) || !extract_min_max(b, &b_min, &b_max)) @@ -582,15 +637,11 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) * Check for inverted range. */ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; - { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i); - ASN1_INTEGER *a_min, *a_max; - if (a != NULL && a->type == ASIdOrRange_range) { - if (!extract_min_max(a, &a_min, &a_max) || - ASN1_INTEGER_cmp(a_min, a_max) > 0) - goto done; - } + a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + if (a != NULL && a->type == ASIdOrRange_range) { + if (!extract_min_max(a, &a_min, &a_max) || + ASN1_INTEGER_cmp(a_min, a_max) > 0) + goto done; } ret = 1; @@ -619,6 +670,8 @@ LCRYPTO_ALIAS(X509v3_asid_is_canonical); static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) { + ASIdOrRange *a, *b; + ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = NULL; ASN1_INTEGER *a_max_plus_one = NULL; ASN1_INTEGER *orig; BIGNUM *bn = NULL; @@ -649,15 +702,8 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) * former and fixing the latter. */ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i + 1); - ASN1_INTEGER *a_min = NULL, - *a_max = NULL, - *b_min = NULL, - *b_max = - NULL; + a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); if (!extract_min_max(a, &a_min, &a_max) || !extract_min_max(b, &b_min, &b_max)) @@ -742,15 +788,11 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice) * Check for final inverted range. */ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; - { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, - i); - ASN1_INTEGER *a_min, *a_max; - if (a != NULL && a->type == ASIdOrRange_range) { - if (!extract_min_max(a, &a_min, &a_max) || - ASN1_INTEGER_cmp(a_min, a_max) > 0) - goto done; - } + a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + if (a != NULL && a->type == ASIdOrRange_range) { + if (!extract_min_max(a, &a_min, &a_max) || + ASN1_INTEGER_cmp(a_min, a_max) > 0) + goto done; } /* Paranoia */ diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 3ee4fd4a..6098b6e7 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cmp.c,v 1.42 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: x509_cmp.c,v 1.43 2024/02/18 15:45:42 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -95,7 +95,7 @@ X509_issuer_and_serial_hash(X509 *a) unsigned char md[16]; char *f; - EVP_MD_CTX_init(&ctx); + EVP_MD_CTX_legacy_clear(&ctx); f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); if (f == NULL) goto err; @@ -291,7 +291,7 @@ X509_NAME_hash_old(X509_NAME *x) /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x, NULL); - EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_legacy_clear(&md_ctx); if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && EVP_DigestFinal_ex(&md_ctx, md, NULL)) diff --git a/crypto/x509/x509_internal.h b/crypto/x509/x509_internal.h index 15efff60..280d1ae4 100644 --- a/crypto/x509/x509_internal.h +++ b/crypto/x509/x509_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_internal.h,v 1.26 2023/09/29 15:53:59 beck Exp $ */ +/* $OpenBSD: x509_internal.h,v 1.27 2023/11/13 10:33:00 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -96,7 +96,8 @@ int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx); int x509v3_cache_extensions(X509 *x); X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x); -time_t x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter); +int x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notafter, + time_t *out); struct x509_verify_ctx *x509_verify_ctx_new_from_xsc(X509_STORE_CTX *xsc); @@ -133,7 +134,7 @@ int x509_constraints_check(struct x509_constraints_names *names, struct x509_constraints_names *excluded, int *error); int x509_constraints_chain(STACK_OF(X509) *chain, int *error, int *depth); -void x509_verify_cert_info_populate(X509 *cert); +int x509_verify_cert_info_populate(X509 *cert); int x509_vfy_check_security_level(X509_STORE_CTX *ctx); __END_HIDDEN_DECLS diff --git a/crypto/x509/x509_issuer_cache.c b/crypto/x509/x509_issuer_cache.c index f7fbd54c..070e85b0 100644 --- a/crypto/x509/x509_issuer_cache.c +++ b/crypto/x509/x509_issuer_cache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.c,v 1.4 2022/12/26 07:18:53 jmc Exp $ */ +/* $OpenBSD: x509_issuer_cache.c,v 1.7 2023/12/30 18:26:13 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -78,8 +78,8 @@ x509_issuer_cache_set_max(size_t max) * if an entry was successfully freed, 0 otherwise. Must * be called with x509_issuer_tree_mutex held. */ -void -x509_issuer_cache_free_oldest() +static void +x509_issuer_cache_free_oldest(void) { struct x509_issuer *old; @@ -98,7 +98,7 @@ x509_issuer_cache_free_oldest() * Free the entire issuer cache, discarding all entries. */ void -x509_issuer_cache_free() +x509_issuer_cache_free(void) { if (pthread_mutex_lock(&x509_issuer_tree_mutex) != 0) return; diff --git a/crypto/x509/x509_issuer_cache.h b/crypto/x509/x509_issuer_cache.h index 3afe65bd..00b18be0 100644 --- a/crypto/x509/x509_issuer_cache.h +++ b/crypto/x509/x509_issuer_cache.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_issuer_cache.h,v 1.2 2022/09/03 17:47:47 jsing Exp $ */ +/* $OpenBSD: x509_issuer_cache.h,v 1.3 2023/12/30 18:06:59 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -41,7 +41,7 @@ int x509_issuer_cache_set_max(size_t max); int x509_issuer_cache_find(unsigned char *parent_md, unsigned char *child_md); void x509_issuer_cache_add(unsigned char *parent_md, unsigned char *child_md, int valid); -void x509_issuer_cache_free(); +void x509_issuer_cache_free(void); __END_HIDDEN_DECLS diff --git a/crypto/x509/x509_lib.c b/crypto/x509/x509_lib.c index 93f8dc20..c5151d40 100644 --- a/crypto/x509/x509_lib.c +++ b/crypto/x509/x509_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lib.c,v 1.14 2023/04/25 10:56:58 tb Exp $ */ +/* $OpenBSD: x509_lib.c,v 1.17 2024/03/02 10:35:32 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,8 +65,6 @@ #include "x509_local.h" -static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; - extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_info, v3_sinfo; extern const X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; @@ -80,10 +78,6 @@ extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; extern const X509V3_EXT_METHOD v3_addr, v3_asid; extern const X509V3_EXT_METHOD v3_ct_scts[3]; -/* - * This table needs to be sorted by increasing ext_nid values for OBJ_bsearch_. - */ - static const X509V3_EXT_METHOD *standard_exts[] = { &v3_nscert, &v3_ns_ia5_list[0], @@ -142,62 +136,17 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts) / sizeof(standard_exts[0])) -static int -ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b) -{ - return ((*a)->ext_nid - (*b)->ext_nid); -} - -int -X509V3_EXT_add(X509V3_EXT_METHOD *ext) -{ - if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { - X509V3error(ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { - X509V3error(ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} -LCRYPTO_ALIAS(X509V3_EXT_add); - -static int -ext_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const X509V3_EXT_METHOD * const *a = a_; - const X509V3_EXT_METHOD * const *b = b_; - return ext_cmp(a, b); -} - -static const X509V3_EXT_METHOD ** -OBJ_bsearch_ext(const X509V3_EXT_METHOD **key, - const X509V3_EXT_METHOD *const *base, int num) -{ - return (const X509V3_EXT_METHOD **)OBJ_bsearch_(key, base, num, - sizeof(const X509V3_EXT_METHOD *), ext_cmp_BSEARCH_CMP_FN); -} - const X509V3_EXT_METHOD * X509V3_EXT_get_nid(int nid) { - X509V3_EXT_METHOD tmp; - const X509V3_EXT_METHOD *t = &tmp, * const *ret; - int idx; + size_t i; - if (nid < 0) - return NULL; - tmp.ext_nid = nid; - ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); - if (ret) - return *ret; - if (!ext_list) - return NULL; - idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); - if (idx == -1) - return NULL; - return sk_X509V3_EXT_METHOD_value(ext_list, idx); + for (i = 0; i < STANDARD_EXTENSION_COUNT; i++) { + if (standard_exts[i]->ext_nid == nid) + return standard_exts[i]; + } + + return NULL; } LCRYPTO_ALIAS(X509V3_EXT_get_nid); @@ -212,56 +161,6 @@ X509V3_EXT_get(X509_EXTENSION *ext) } LCRYPTO_ALIAS(X509V3_EXT_get); -int -X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) -{ - for (; extlist->ext_nid!=-1; extlist++) - if (!X509V3_EXT_add(extlist)) - return 0; - return 1; -} -LCRYPTO_ALIAS(X509V3_EXT_add_list); - -int -X509V3_EXT_add_alias(int nid_to, int nid_from) -{ - const X509V3_EXT_METHOD *ext; - X509V3_EXT_METHOD *tmpext; - - if (!(ext = X509V3_EXT_get_nid(nid_from))) { - X509V3error(X509V3_R_EXTENSION_NOT_FOUND); - return 0; - } - if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) { - X509V3error(ERR_R_MALLOC_FAILURE); - return 0; - } - *tmpext = *ext; - tmpext->ext_nid = nid_to; - tmpext->ext_flags |= X509V3_EXT_DYNAMIC; - if (!X509V3_EXT_add(tmpext)) { - free(tmpext); - return 0; - } - return 1; -} -LCRYPTO_ALIAS(X509V3_EXT_add_alias); - -static void -ext_list_free(X509V3_EXT_METHOD *ext) -{ - if (ext->ext_flags & X509V3_EXT_DYNAMIC) - free(ext); -} - -void -X509V3_EXT_cleanup(void) -{ - sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); - ext_list = NULL; -} -LCRYPTO_ALIAS(X509V3_EXT_cleanup); - int X509V3_add_standard_extensions(void) { diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h index f00a55ba..83b57403 100644 --- a/crypto/x509/x509_local.h +++ b/crypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.9 2023/05/28 05:25:24 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.22 2024/03/02 10:52:24 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -59,6 +59,8 @@ #ifndef HEADER_X509_LOCAL_H #define HEADER_X509_LOCAL_H +#include + __BEGIN_HIDDEN_DECLS #define TS_HASH_EVP EVP_sha1() @@ -133,13 +135,20 @@ struct X509_req_st { * useful in certificate stores and databases. When used this is tagged onto * the end of the certificate itself. */ -struct x509_cert_aux_st { +typedef struct x509_cert_aux_st { STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ ASN1_UTF8STRING *alias; /* "friendly name" */ ASN1_OCTET_STRING *keyid; /* key id of private key */ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ -} /* X509_CERT_AUX */; +} X509_CERT_AUX; + +X509_CERT_AUX *X509_CERT_AUX_new(void); +void X509_CERT_AUX_free(X509_CERT_AUX *a); +X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len); +int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); +extern const ASN1_ITEM X509_CERT_AUX_it; +int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); struct x509_cinf_st { ASN1_INTEGER *version; /* [ 0 ] default of v1 */ @@ -224,8 +233,6 @@ struct X509_crl_st { ASN1_INTEGER *base_crl_number; unsigned char hash[X509_CRL_HASH_LEN]; STACK_OF(GENERAL_NAMES) *issuers; - const X509_CRL_METHOD *meth; - void *meth_data; } /* X509_CRL */; struct pkcs8_priv_key_info_st { @@ -248,18 +255,10 @@ struct x509_lookup_method_st { const char *name; int (*new_item)(X509_LOOKUP *ctx); void (*free)(X509_LOOKUP *ctx); - int (*init)(X509_LOOKUP *ctx); - int (*shutdown)(X509_LOOKUP *ctx); int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial,X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, - const unsigned char *bytes, int len, X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, - int len, X509_OBJECT *ret); } /* X509_LOOKUP_METHOD */; struct X509_VERIFY_PARAM_st { @@ -299,15 +298,7 @@ struct x509_store_st { /* Callbacks for various operations */ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ - int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; int references; @@ -315,9 +306,8 @@ struct x509_store_st { /* This is the functions plus an instance of the local variables. */ struct x509_lookup_st { - int init; /* have we been started */ X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ + void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ } /* X509_LOOKUP */; @@ -344,14 +334,6 @@ struct x509_store_ctx_st { int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ - int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ - int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ - int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ - int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ - int (*check_policy)(X509_STORE_CTX *ctx); - STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); - STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); - int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ int valid; /* if 0, rebuild chain */ @@ -379,10 +361,59 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); int name_cmp(const char *name, const char *cmp); +int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type, + void *parameter_value); + int X509_policy_check(const STACK_OF(X509) *certs, const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags, X509 **out_current_cert); +PBEPARAM *PBEPARAM_new(void); +void PBEPARAM_free(PBEPARAM *a); +PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len); +int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out); + +/* Password based encryption V2 structures */ +typedef struct PBE2PARAM_st { + X509_ALGOR *keyfunc; + X509_ALGOR *encryption; +} PBE2PARAM; + +PBE2PARAM *PBE2PARAM_new(void); +void PBE2PARAM_free(PBE2PARAM *a); +PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len); +int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out); +extern const ASN1_ITEM PBE2PARAM_it; + +typedef struct PBKDF2PARAM_st { + /* Usually OCTET STRING but could be anything */ + ASN1_TYPE *salt; + ASN1_INTEGER *iter; + ASN1_INTEGER *keylength; + X509_ALGOR *prf; +} PBKDF2PARAM; + +PBKDF2PARAM *PBKDF2PARAM_new(void); +void PBKDF2PARAM_free(PBKDF2PARAM *a); +PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len); +int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out); +extern const ASN1_ITEM PBKDF2PARAM_it; + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, unsigned char *aiv, int prf_nid); +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, + int saltlen); +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +int X509_PURPOSE_get_by_id(int id); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); + __END_HIDDEN_DECLS #endif /* !HEADER_X509_LOCAL_H */ diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 05730f56..56fb4399 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lu.c,v 1.60 2023/04/25 18:32:42 tb Exp $ */ +/* $OpenBSD: x509_lu.c,v 1.64 2024/03/02 10:57:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,7 +65,7 @@ #include #include "x509_local.h" -X509_LOOKUP * +static X509_LOOKUP * X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *lu; @@ -84,7 +84,6 @@ X509_LOOKUP_new(X509_LOOKUP_METHOD *method) return lu; } -LCRYPTO_ALIAS(X509_LOOKUP_new); void X509_LOOKUP_free(X509_LOOKUP *ctx) @@ -97,28 +96,6 @@ X509_LOOKUP_free(X509_LOOKUP *ctx) } LCRYPTO_ALIAS(X509_LOOKUP_free); -int -X509_LOOKUP_init(X509_LOOKUP *ctx) -{ - if (ctx->method == NULL) - return 0; - if (ctx->method->init == NULL) - return 1; - return ctx->method->init(ctx); -} -LCRYPTO_ALIAS(X509_LOOKUP_init); - -int -X509_LOOKUP_shutdown(X509_LOOKUP *ctx) -{ - if (ctx->method == NULL) - return 0; - if (ctx->method->shutdown == NULL) - return 1; - return ctx->method->shutdown(ctx); -} -LCRYPTO_ALIAS(X509_LOOKUP_shutdown); - int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) @@ -131,7 +108,7 @@ X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, } LCRYPTO_ALIAS(X509_LOOKUP_ctrl); -int +static int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name, X509_OBJECT *ret) { @@ -139,37 +116,6 @@ X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name, return 0; return ctx->method->get_by_subject(ctx, type, name, ret); } -LCRYPTO_ALIAS(X509_LOOKUP_by_subject); - -int -X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret) -{ - if (ctx->method == NULL || ctx->method->get_by_issuer_serial == NULL) - return 0; - return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); -} -LCRYPTO_ALIAS(X509_LOOKUP_by_issuer_serial); - -int -X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, X509_OBJECT *ret) -{ - if (ctx->method == NULL || ctx->method->get_by_fingerprint == NULL) - return 0; - return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); -} -LCRYPTO_ALIAS(X509_LOOKUP_by_fingerprint); - -int -X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str, - int len, X509_OBJECT *ret) -{ - if (ctx->method == NULL || ctx->method->get_by_alias == NULL) - return 0; - return ctx->method->get_by_alias(ctx, type, str, len, ret); -} -LCRYPTO_ALIAS(X509_LOOKUP_by_alias); static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) @@ -254,6 +200,24 @@ X509_OBJECT_free(X509_OBJECT *a) } LCRYPTO_ALIAS(X509_OBJECT_free); +static X509_OBJECT * +x509_object_dup(const X509_OBJECT *obj) +{ + X509_OBJECT *copy; + + if ((copy = X509_OBJECT_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + copy->type = obj->type; + copy->data = obj->data; + + X509_OBJECT_up_ref_count(copy); + + return copy; +} + void X509_STORE_free(X509_STORE *store) { @@ -270,7 +234,6 @@ X509_STORE_free(X509_STORE *store) sk = store->get_cert_methods; for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { lu = sk_X509_LOOKUP_value(sk, i); - X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); } sk_X509_LOOKUP_free(sk); @@ -794,6 +757,53 @@ X509_STORE_get0_objects(X509_STORE *xs) } LCRYPTO_ALIAS(X509_STORE_get0_objects); +static STACK_OF(X509_OBJECT) * +sk_X509_OBJECT_deep_copy(const STACK_OF(X509_OBJECT) *objs) +{ + STACK_OF(X509_OBJECT) *copy = NULL; + X509_OBJECT *obj = NULL; + int i; + + if ((copy = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + goto err; + } + + for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { + if ((obj = x509_object_dup(sk_X509_OBJECT_value(objs, i))) == NULL) + goto err; + if (!sk_X509_OBJECT_push(copy, obj)) + goto err; + obj = NULL; + } + + return copy; + + err: + X509_OBJECT_free(obj); + sk_X509_OBJECT_pop_free(copy, X509_OBJECT_free); + + return NULL; +} + +STACK_OF(X509_OBJECT) * +X509_STORE_get1_objects(X509_STORE *store) +{ + STACK_OF(X509_OBJECT) *objs; + + if (store == NULL) { + X509error(ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + objs = sk_X509_OBJECT_deep_copy(store->objs); + CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + + return objs; +} +LCRYPTO_ALIAS(X509_STORE_get1_objects); + void * X509_STORE_get_ex_data(X509_STORE *xs, int idx) { diff --git a/crypto/x509/x509_policy.c b/crypto/x509/x509_policy.c index 73f7154f..0da16b94 100644 --- a/crypto/x509/x509_policy.c +++ b/crypto/x509/x509_policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_policy.c,v 1.25 2023/04/28 16:30:14 tb Exp $ */ +/* $OpenBSD: x509_policy.c,v 1.27 2024/03/02 11:20:36 tb Exp $ */ /* * Copyright (c) 2022, Google Inc. * @@ -23,6 +23,7 @@ #include #include +#include "stack_local.h" #include "x509_internal.h" #include "x509_local.h" @@ -102,7 +103,6 @@ DECLARE_STACK_OF(X509_POLICY_NODE) #define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) #define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) #define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) -#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) #define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) #define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) #define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) @@ -145,7 +145,6 @@ DECLARE_STACK_OF(X509_POLICY_LEVEL) #define sk_X509_POLICY_LEVEL_push(st, val) SKM_sk_push(X509_POLICY_LEVEL, (st), (val)) #define sk_X509_POLICY_LEVEL_unshift(st, val) SKM_sk_unshift(X509_POLICY_LEVEL, (st), (val)) #define sk_X509_POLICY_LEVEL_find(st, val) SKM_sk_find(X509_POLICY_LEVEL, (st), (val)) -#define sk_X509_POLICY_LEVEL_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_LEVEL, (st), (val)) #define sk_X509_POLICY_LEVEL_delete(st, i) SKM_sk_delete(X509_POLICY_LEVEL, (st), (i)) #define sk_X509_POLICY_LEVEL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_LEVEL, (st), (ptr)) #define sk_X509_POLICY_LEVEL_insert(st, val, i) SKM_sk_insert(X509_POLICY_LEVEL, (st), (val), (i)) diff --git a/crypto/x509/x509_purp.c b/crypto/x509/x509_purp.c index 0c92dfb1..53f4f2f9 100644 --- a/crypto/x509/x509_purp.c +++ b/crypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.29 2023/08/18 08:42:41 tb Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.39 2024/03/02 10:43:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -68,6 +68,16 @@ #include "x509_internal.h" #include "x509_local.h" +struct x509_purpose_st { + int purpose; + int trust; /* Default trust ID */ + int flags; + int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); + char *name; + char *sname; + void *usr_data; +} /* X509_PURPOSE */; + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) #define ku_reject(x, usage) \ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) @@ -95,10 +105,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); -static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b); -static void xptable_free(X509_PURPOSE *p); - -static X509_PURPOSE xstandard[] = { +static const X509_PURPOSE xstandard[] = { { .purpose = X509_PURPOSE_SSL_CLIENT, .trust = X509_TRUST_SSL_CLIENT, @@ -166,14 +173,6 @@ static X509_PURPOSE xstandard[] = { #define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(xstandard[0])) -static STACK_OF(X509_PURPOSE) *xptable = NULL; - -static int -xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b) -{ - return (*a)->purpose - (*b)->purpose; -} - /* As much as I'd like to make X509_check_purpose use a "const" X509* * I really can't because it does recalculate hashes and do other non-const * things. */ @@ -188,43 +187,30 @@ X509_check_purpose(X509 *x, int id, int ca) if (id == -1) return 1; - idx = X509_PURPOSE_get_by_id(id); - if (idx == -1) + + if ((idx = X509_PURPOSE_get_by_id(id)) == -1) return -1; - pt = X509_PURPOSE_get0(idx); + if ((pt = X509_PURPOSE_get0(idx)) == NULL) + return -1; + return pt->check_purpose(pt, x, ca); } LCRYPTO_ALIAS(X509_check_purpose); -int -X509_PURPOSE_set(int *p, int purpose) -{ - if (X509_PURPOSE_get_by_id(purpose) == -1) { - X509V3error(X509V3_R_INVALID_PURPOSE); - return 0; - } - *p = purpose; - return 1; -} -LCRYPTO_ALIAS(X509_PURPOSE_set); - int X509_PURPOSE_get_count(void) { - if (!xptable) - return X509_PURPOSE_COUNT; - return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; + return X509_PURPOSE_COUNT; } LCRYPTO_ALIAS(X509_PURPOSE_get_count); -X509_PURPOSE * +const X509_PURPOSE * X509_PURPOSE_get0(int idx) { - if (idx < 0) + if (idx < 0 || (size_t)idx >= X509_PURPOSE_COUNT) return NULL; - if (idx < (int)X509_PURPOSE_COUNT) - return xstandard + idx; - return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); + + return &xstandard[idx]; } LCRYPTO_ALIAS(X509_PURPOSE_get0); @@ -232,7 +218,7 @@ int X509_PURPOSE_get_by_sname(const char *sname) { int i; - X509_PURPOSE *xptmp; + const X509_PURPOSE *xptmp; for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); @@ -246,117 +232,15 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname); int X509_PURPOSE_get_by_id(int purpose) { - X509_PURPOSE tmp; - int idx; - - if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) - return purpose - X509_PURPOSE_MIN; - tmp.purpose = purpose; - if (!xptable) - return -1; - idx = sk_X509_PURPOSE_find(xptable, &tmp); - if (idx == -1) + /* + * Ensure the purpose identifier is between MIN and MAX inclusive. + * If so, translate it to an index into the xstandard[] table. + */ + if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) return -1; - return idx + X509_PURPOSE_COUNT; -} -LCRYPTO_ALIAS(X509_PURPOSE_get_by_id); - -int -X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), const char *name, - const char *sname, void *arg) -{ - int idx; - X509_PURPOSE *ptmp; - char *name_dup, *sname_dup; - - name_dup = sname_dup = NULL; - - if (name == NULL || sname == NULL) { - X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); - return 0; - } - - /* This is set according to what we change: application can't set it */ - flags &= ~X509_PURPOSE_DYNAMIC; - /* This will always be set for application modified trust entries */ - flags |= X509_PURPOSE_DYNAMIC_NAME; - /* Get existing entry if any */ - idx = X509_PURPOSE_get_by_id(id); - /* Need a new entry */ - if (idx == -1) { - if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) { - X509V3error(ERR_R_MALLOC_FAILURE); - return 0; - } - ptmp->flags = X509_PURPOSE_DYNAMIC; - } else - ptmp = X509_PURPOSE_get0(idx); - - if ((name_dup = strdup(name)) == NULL) - goto err; - if ((sname_dup = strdup(sname)) == NULL) - goto err; - /* free existing name if dynamic */ - if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { - free(ptmp->name); - free(ptmp->sname); - } - /* dup supplied name */ - ptmp->name = name_dup; - ptmp->sname = sname_dup; - /* Keep the dynamic flag of existing entry */ - ptmp->flags &= X509_PURPOSE_DYNAMIC; - /* Set all other flags */ - ptmp->flags |= flags; - - ptmp->purpose = id; - ptmp->trust = trust; - ptmp->check_purpose = ck; - ptmp->usr_data = arg; - - /* If its a new entry manage the dynamic table */ - if (idx == -1) { - if (xptable == NULL && - (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) - goto err; - if (sk_X509_PURPOSE_push(xptable, ptmp) == 0) - goto err; - } - return 1; - -err: - free(name_dup); - free(sname_dup); - if (idx == -1) - free(ptmp); - X509V3error(ERR_R_MALLOC_FAILURE); - return 0; -} -LCRYPTO_ALIAS(X509_PURPOSE_add); - -static void -xptable_free(X509_PURPOSE *p) -{ - if (!p) - return; - if (p->flags & X509_PURPOSE_DYNAMIC) { - if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { - free(p->name); - free(p->sname); - } - free(p); - } -} - -void -X509_PURPOSE_cleanup(void) -{ - sk_X509_PURPOSE_pop_free(xptable, xptable_free); - xptable = NULL; + return purpose - X509_PURPOSE_MIN; } -LCRYPTO_ALIAS(X509_PURPOSE_cleanup); int X509_PURPOSE_get_id(const X509_PURPOSE *xp) @@ -365,14 +249,14 @@ X509_PURPOSE_get_id(const X509_PURPOSE *xp) } LCRYPTO_ALIAS(X509_PURPOSE_get_id); -char * +const char * X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; } LCRYPTO_ALIAS(X509_PURPOSE_get0_name); -char * +const char * X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; @@ -384,70 +268,34 @@ X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } -LCRYPTO_ALIAS(X509_PURPOSE_get_trust); - -static int -nid_cmp(const int *a, const int *b) -{ - return *a - *b; -} - -static int nid_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int nid_cmp(int const *, int const *); -static int *OBJ_bsearch_nid(int *key, int const *base, int num); - -static int -nid_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - int const *a = a_; - int const *b = b_; - return nid_cmp(a, b); -} - -static int * -OBJ_bsearch_nid(int *key, int const *base, int num) -{ - return (int *)OBJ_bsearch_(key, base, num, sizeof(int), - nid_cmp_BSEARCH_CMP_FN); -} +/* + * List of NIDs of extensions supported by the verifier. If an extension + * is critical and doesn't appear in this list, then the certificate will + * normally be rejected. + */ int -X509_supported_extension(X509_EXTENSION *ex) -{ - /* This table is a list of the NIDs of supported extensions: - * that is those which are used by the verify process. If - * an extension is critical and doesn't appear in this list - * then the verify process will normally reject the certificate. - * The list must be kept in numerical order because it will be - * searched using bsearch. - */ - - static const int supported_nids[] = { - NID_netscape_cert_type, /* 71 */ - NID_key_usage, /* 83 */ - NID_subject_alt_name, /* 85 */ - NID_basic_constraints, /* 87 */ - NID_certificate_policies, /* 89 */ - NID_ext_key_usage, /* 126 */ +X509_supported_extension(X509_EXTENSION *ext) +{ + switch (OBJ_obj2nid(X509_EXTENSION_get_object(ext))) { + case NID_basic_constraints: + case NID_certificate_policies: + case NID_ext_key_usage: + case NID_inhibit_any_policy: + case NID_key_usage: + case NID_name_constraints: + case NID_netscape_cert_type: + case NID_policy_constraints: + case NID_policy_mappings: #ifndef OPENSSL_NO_RFC3779 - NID_sbgp_ipAddrBlock, /* 290 */ - NID_sbgp_autonomousSysNum, /* 291 */ + case NID_sbgp_ipAddrBlock: + case NID_sbgp_autonomousSysNum: #endif - NID_policy_constraints, /* 401 */ - NID_name_constraints, /* 666 */ - NID_policy_mappings, /* 747 */ - NID_inhibit_any_policy /* 748 */ - }; - - int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); - - if (ex_nid == NID_undef) - return 0; - - if (OBJ_bsearch_nid(&ex_nid, supported_nids, - sizeof(supported_nids) / sizeof(int))) + case NID_subject_alt_name: return 1; - return 0; + default: + return 0; + } } LCRYPTO_ALIAS(X509_supported_extension); @@ -711,7 +559,8 @@ x509v3_cache_extensions_internal(X509 *x) if (!x509_extension_oids_are_unique(x)) x->ex_flags |= EXFLAG_INVALID; - x509_verify_cert_info_populate(x); + if (!x509_verify_cert_info_populate(x)) + x->ex_flags |= EXFLAG_INVALID; x->ex_flags |= EXFLAG_SET; } diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 6b935f8b..2f4cbba3 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.32 2023/07/02 17:12:17 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.42 2024/03/02 10:50:26 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -57,29 +57,89 @@ */ #include -#include +#include #include +#include +#include #include +#include "crypto_internal.h" #include "x509_local.h" -static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b); -static void trtable_free(X509_TRUST *p); +typedef struct x509_trust_st { + int trust; + int flags; + int (*check_trust)(struct x509_trust_st *, X509 *, int); + char *name; + int arg1; + void *arg2; +} X509_TRUST; -static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); -static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); -static int trust_compat(X509_TRUST *trust, X509 *x, int flags); +static int +obj_trust(int id, X509 *x, int flags) +{ + ASN1_OBJECT *obj; + int i, nid; + X509_CERT_AUX *ax; + + ax = x->aux; + if (!ax) + return X509_TRUST_UNTRUSTED; + if (ax->reject) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { + obj = sk_ASN1_OBJECT_value(ax->reject, i); + nid = OBJ_obj2nid(obj); + if (nid == id || nid == NID_anyExtendedKeyUsage) + return X509_TRUST_REJECTED; + } + } + if (ax->trust) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { + obj = sk_ASN1_OBJECT_value(ax->trust, i); + nid = OBJ_obj2nid(obj); + if (nid == id || nid == NID_anyExtendedKeyUsage) + return X509_TRUST_TRUSTED; + } + } + return X509_TRUST_UNTRUSTED; +} -static int obj_trust(int id, X509 *x, int flags); -static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; +static int +trust_compat(X509_TRUST *trust, X509 *x, int flags) +{ + X509_check_purpose(x, -1, 0); + if (x->ex_flags & EXFLAG_SS) + return X509_TRUST_TRUSTED; + else + return X509_TRUST_UNTRUSTED; +} + +static int +trust_1oidany(X509_TRUST *trust, X509 *x, int flags) +{ + if (x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); + /* we don't have any trust settings: for compatibility + * we return trusted if it is self signed + */ + return trust_compat(trust, x, flags); +} + +static int +trust_1oid(X509_TRUST *trust, X509 *x, int flags) +{ + if (x->aux) + return obj_trust(trust->arg1, x, flags); + return X509_TRUST_UNTRUSTED; +} /* WARNING: the following table should be kept in order of trust * and without any gaps so we can just subtract the minimum trust * value to get an index into the table */ -static X509_TRUST trstandard[] = { +static const X509_TRUST trstandard[] = { { .trust = X509_TRUST_COMPAT, .check_trust = trust_compat, @@ -131,33 +191,17 @@ static X509_TRUST trstandard[] = { #define X509_TRUST_COUNT (sizeof(trstandard) / sizeof(trstandard[0])) -static STACK_OF(X509_TRUST) *trtable = NULL; - -static int -tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b) -{ - return (*a)->trust - (*b)->trust; -} +CTASSERT(X509_TRUST_MIN == 1 && X509_TRUST_MAX == X509_TRUST_COUNT); int -(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +X509_check_trust(X509 *x, int trust_id, int flags) { - int (*oldtrust)(int , X509 *, int); - - oldtrust = default_trust; - default_trust = trust; - return oldtrust; -} -LCRYPTO_ALIAS(X509_TRUST_set_default); - -int -X509_check_trust(X509 *x, int id, int flags) -{ - X509_TRUST *pt; + const X509_TRUST *trust; int idx; - if (id == -1) + if (trust_id == -1) return 1; + /* * XXX beck/jsing This enables self signed certs to be trusted for * an unspecified id/trust flag value (this is NOT the @@ -167,232 +211,20 @@ X509_check_trust(X509 *x, int id, int flags) * This should be revisited, but changing the default "not default" * may break things. */ - if (id == 0) { + if (trust_id == 0) { int rv; rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); if (rv != X509_TRUST_UNTRUSTED) return rv; return trust_compat(NULL, x, 0); } - idx = X509_TRUST_get_by_id(id); - if (idx == -1) - return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); - return pt->check_trust(pt, x, flags); -} -LCRYPTO_ALIAS(X509_check_trust); - -int -X509_TRUST_get_count(void) -{ - if (!trtable) - return X509_TRUST_COUNT; - return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; -} -LCRYPTO_ALIAS(X509_TRUST_get_count); - -X509_TRUST * -X509_TRUST_get0(int idx) -{ - if (idx < 0) - return NULL; - if (idx < (int)X509_TRUST_COUNT) - return trstandard + idx; - return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); -} -LCRYPTO_ALIAS(X509_TRUST_get0); - -int -X509_TRUST_get_by_id(int id) -{ - X509_TRUST tmp; - int idx; - - if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) - return id - X509_TRUST_MIN; - tmp.trust = id; - if (!trtable) - return -1; - idx = sk_X509_TRUST_find(trtable, &tmp); - if (idx == -1) - return -1; - return idx + X509_TRUST_COUNT; -} -LCRYPTO_ALIAS(X509_TRUST_get_by_id); - -int -X509_TRUST_set(int *t, int trust) -{ - if (X509_TRUST_get_by_id(trust) == -1) { - X509error(X509_R_INVALID_TRUST); - return 0; - } - *t = trust; - return 1; -} -LCRYPTO_ALIAS(X509_TRUST_set); - -int -X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2) -{ - int idx; - X509_TRUST *trtmp; - char *name_dup; - - /* This is set according to what we change: application can't set it */ - flags &= ~X509_TRUST_DYNAMIC; - /* This will always be set for application modified trust entries */ - flags |= X509_TRUST_DYNAMIC_NAME; - /* Get existing entry if any */ - idx = X509_TRUST_get_by_id(id); - /* Need a new entry */ - if (idx == -1) { - if (!(trtmp = malloc(sizeof(X509_TRUST)))) { - X509error(ERR_R_MALLOC_FAILURE); - return 0; - } - trtmp->flags = X509_TRUST_DYNAMIC; - } else { - trtmp = X509_TRUST_get0(idx); - if (trtmp == NULL) { - X509error(X509_R_INVALID_TRUST); - return 0; - } - } - - if ((name_dup = strdup(name)) == NULL) - goto err; - - /* free existing name if dynamic */ - if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) - free(trtmp->name); - /* dup supplied name */ - trtmp->name = name_dup; - /* Keep the dynamic flag of existing entry */ - trtmp->flags &= X509_TRUST_DYNAMIC; - /* Set all other flags */ - trtmp->flags |= flags; - - trtmp->trust = id; - trtmp->check_trust = ck; - trtmp->arg1 = arg1; - trtmp->arg2 = arg2; - - /* If it's a new entry, manage the dynamic table */ - if (idx == -1) { - if (trtable == NULL && - (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) - goto err; - if (sk_X509_TRUST_push(trtable, trtmp) == 0) - goto err; - } - return 1; - -err: - free(name_dup); - if (idx == -1) - free(trtmp); - X509error(ERR_R_MALLOC_FAILURE); - return 0; -} -LCRYPTO_ALIAS(X509_TRUST_add); - -static void -trtable_free(X509_TRUST *p) -{ - if (!p) - return; - if (p->flags & X509_TRUST_DYNAMIC) { - if (p->flags & X509_TRUST_DYNAMIC_NAME) - free(p->name); - free(p); - } -} - -void -X509_TRUST_cleanup(void) -{ - sk_X509_TRUST_pop_free(trtable, trtable_free); - trtable = NULL; -} -LCRYPTO_ALIAS(X509_TRUST_cleanup); - -int -X509_TRUST_get_flags(const X509_TRUST *xp) -{ - return xp->flags; -} -LCRYPTO_ALIAS(X509_TRUST_get_flags); -char * -X509_TRUST_get0_name(const X509_TRUST *xp) -{ - return xp->name; -} -LCRYPTO_ALIAS(X509_TRUST_get0_name); + if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) + return obj_trust(trust_id, x, flags); -int -X509_TRUST_get_trust(const X509_TRUST *xp) -{ - return xp->trust; -} -LCRYPTO_ALIAS(X509_TRUST_get_trust); + idx = trust_id - X509_TRUST_MIN; + trust = &trstandard[idx]; -static int -trust_1oidany(X509_TRUST *trust, X509 *x, int flags) -{ - if (x->aux && (x->aux->trust || x->aux->reject)) - return obj_trust(trust->arg1, x, flags); - /* we don't have any trust settings: for compatibility - * we return trusted if it is self signed - */ - return trust_compat(trust, x, flags); -} - -static int -trust_1oid(X509_TRUST *trust, X509 *x, int flags) -{ - if (x->aux) - return obj_trust(trust->arg1, x, flags); - return X509_TRUST_UNTRUSTED; -} - -static int -trust_compat(X509_TRUST *trust, X509 *x, int flags) -{ - X509_check_purpose(x, -1, 0); - if (x->ex_flags & EXFLAG_SS) - return X509_TRUST_TRUSTED; - else - return X509_TRUST_UNTRUSTED; -} - -static int -obj_trust(int id, X509 *x, int flags) -{ - ASN1_OBJECT *obj; - int i, nid; - X509_CERT_AUX *ax; - - ax = x->aux; - if (!ax) - return X509_TRUST_UNTRUSTED; - if (ax->reject) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { - obj = sk_ASN1_OBJECT_value(ax->reject, i); - nid = OBJ_obj2nid(obj); - if (nid == id || nid == NID_anyExtendedKeyUsage) - return X509_TRUST_REJECTED; - } - } - if (ax->trust) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { - obj = sk_ASN1_OBJECT_value(ax->trust, i); - nid = OBJ_obj2nid(obj); - if (nid == id || nid == NID_anyExtendedKeyUsage) - return X509_TRUST_TRUSTED; - } - } - return X509_TRUST_UNTRUSTED; + return trust->check_trust((X509_TRUST *)trust, x, flags); } +LCRYPTO_ALIAS(X509_check_trust); diff --git a/crypto/x509/x509_verify.c b/crypto/x509/x509_verify.c index ca4814d9..19bb925d 100644 --- a/crypto/x509/x509_verify.c +++ b/crypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.66 2023/05/07 07:11:50 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.68 2024/02/01 23:16:38 beck Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -27,6 +27,7 @@ #include #include +#include "asn1_local.h" #include "x509_internal.h" #include "x509_issuer_cache.h" @@ -44,21 +45,22 @@ static void x509_verify_chain_free(struct x509_verify_chain *chain); * Parse an asn1 to a representable time_t as per RFC 5280 rules. * Returns -1 if that can't be done for any reason. */ -time_t -x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter) +int +x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter, + time_t *out) { struct tm tm = { 0 }; int type; type = ASN1_time_parse(atime->data, atime->length, &tm, atime->type); if (type == -1) - return -1; + return 0; /* RFC 5280 section 4.1.2.5 */ if (tm.tm_year < 150 && type != V_ASN1_UTCTIME) - return -1; + return 0; if (tm.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) - return -1; + return 0; if (notAfter) { /* @@ -67,7 +69,7 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter) * date, limit the date to a 32 bit representable value. */ if (!ASN1_time_tm_clamp_notafter(&tm)) - return -1; + return 0; } /* @@ -75,22 +77,36 @@ x509_verify_asn1_time_to_time_t(const ASN1_TIME *atime, int notAfter) * a time_t. A time_t must be sane if you care about times after * Jan 19 2038. */ - return timegm(&tm); + return asn1_time_tm_to_time_t(&tm, out); } /* * Cache certificate hash, and values parsed out of an X509. * called from cache_extensions() */ -void +int x509_verify_cert_info_populate(X509 *cert) { + const ASN1_TIME *notBefore, *notAfter; + /* * Parse and save the cert times, or remember that they * are unacceptable/unparsable. */ - cert->not_before = x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0); - cert->not_after = x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1); + + cert->not_before = cert->not_after = -1; + + if ((notBefore = X509_get_notBefore(cert)) == NULL) + return 0; + if ((notAfter = X509_get_notAfter(cert)) == NULL) + return 0; + + if (!x509_verify_asn1_time_to_time_t(notBefore, 0, &cert->not_before)) + return 0; + if (!x509_verify_asn1_time_to_time_t(notAfter, 1, &cert->not_after)) + return 0; + + return 1; } struct x509_verify_chain * @@ -271,6 +287,18 @@ x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert, /* Check by lookup if we have a legacy xsc */ if (ctx->xsc != NULL) { + /* + * "alternative" lookup method, using the "trusted" stack in the + * xsc as the source for roots. + */ + if (ctx->xsc->trusted != NULL) { + for (i = 0; i < sk_X509_num(ctx->xsc->trusted); i++) { + if (X509_cmp(sk_X509_value(ctx->xsc->trusted, + i), cert) == 0) + return x509_verify_check_chain_end(cert, + full_chain); + } + } if ((match = x509_vfy_lookup_cert_match(ctx->xsc, cert)) != NULL) { X509_free(match); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c4ba3d5b..53996586 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.142 2024/03/02 10:40:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -116,16 +116,15 @@ #define CRL_SCORE_TIME_DELTA 0x002 +static int x509_vfy_check_crl(X509_STORE_CTX *ctx, X509_CRL *crl); +static int x509_vfy_cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); + static int null_callback(int ok, X509_STORE_CTX *e); static int check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer); static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x, int allow_expired); -static int check_chain_extensions(X509_STORE_CTX *ctx); static int check_name_constraints(X509_STORE_CTX *ctx); -static int check_trust(X509_STORE_CTX *ctx); -static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth); -static int check_policy(X509_STORE_CTX *ctx); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); @@ -144,12 +143,9 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter); static int internal_verify(X509_STORE_CTX *ctx); -static int get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err); -int ASN1_time_tm_clamp_notafter(struct tm *tm); - static int null_callback(int ok, X509_STORE_CTX *e) { @@ -177,7 +173,7 @@ check_id_error(X509_STORE_CTX *ctx, int errcode) } static int -check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) +x509_vfy_check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) { int i, n; char *name; @@ -195,13 +191,13 @@ check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) return n == 0; } -static int -check_id(X509_STORE_CTX *ctx) +int +x509_vfy_check_id(X509_STORE_CTX *ctx) { X509_VERIFY_PARAM *vpm = ctx->param; X509 *x = ctx->cert; - if (vpm->hosts && check_hosts(x, vpm) <= 0) { + if (vpm->hosts && x509_vfy_check_hosts(x, vpm) <= 0) { if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) return 0; } @@ -217,11 +213,6 @@ check_id(X509_STORE_CTX *ctx) return 1; } -int -x509_vfy_check_id(X509_STORE_CTX *ctx) { - return check_id(ctx); -} - /* * This is the effectively broken legacy OpenSSL chain builder. It * might find an unvalidated chain and leave it sitting in @@ -430,7 +421,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok) } /* we now have our chain, lets check it... */ - trust = check_trust(ctx); + trust = x509_vfy_check_trust(ctx); /* If explicitly rejected error */ if (trust == X509_TRUST_REJECTED) { @@ -532,7 +523,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) goto end; /* We have the chain complete: now we need to check its purpose */ - ok = check_chain_extensions(ctx); + ok = x509_vfy_check_chain_extensions(ctx); if (!ok) goto end; @@ -556,7 +547,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) goto end; #endif - ok = check_id(ctx); + ok = x509_vfy_check_id(ctx); if (!ok) goto end; @@ -564,7 +555,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) * Check revocation status: we do this after copying parameters because * they may be needed for CRL signature verification. */ - ok = ctx->check_revocation(ctx); + ok = x509_vfy_check_revocation(ctx); if (!ok) goto end; @@ -578,7 +569,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx) /* If we get this far evaluate policies */ if (!bad_chain) - ok = ctx->check_policy(ctx); + ok = x509_vfy_check_policy(ctx); end: /* Safety net, error returns must set ctx->error */ @@ -696,7 +687,7 @@ check_issued(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer) /* Alternative lookup method: look from a STACK stored in ctx->trusted */ static int -get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +x509_vfy_get_trusted_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->trusted, x, 1); if (*issuer) { @@ -813,11 +804,6 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) #endif } -static int -check_chain_extensions(X509_STORE_CTX *ctx) { - return x509_vfy_check_chain_extensions(ctx); -} - static int check_name_constraints(X509_STORE_CTX *ctx) { @@ -840,7 +826,7 @@ lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) size_t i; /* Lookup all certs with matching subject name */ - certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); + certs = X509_STORE_CTX_get1_certs(ctx, X509_get_subject_name(x)); if (certs == NULL) return NULL; @@ -863,14 +849,13 @@ lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) X509 * x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) { - if (ctx->lookup_certs == NULL || ctx->store == NULL || - ctx->store->objs == NULL) + if (ctx->store == NULL || ctx->store->objs == NULL) return NULL; return lookup_cert_match(ctx, x); } -static int -check_trust(X509_STORE_CTX *ctx) +int +x509_vfy_check_trust(X509_STORE_CTX *ctx) { size_t i; int ok; @@ -925,13 +910,7 @@ check_trust(X509_STORE_CTX *ctx) } int -x509_vfy_check_trust(X509_STORE_CTX *ctx) -{ - return check_trust(ctx); -} - -static int -check_revocation(X509_STORE_CTX *ctx) +x509_vfy_check_revocation(X509_STORE_CTX *ctx) { int i, last, ok; @@ -953,12 +932,6 @@ check_revocation(X509_STORE_CTX *ctx) return 1; } -int -x509_vfy_check_revocation(X509_STORE_CTX *ctx) -{ - return check_revocation(ctx); -} - static int check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) { @@ -976,28 +949,22 @@ check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) while (ctx->current_reasons != CRLDP_ALL_REASONS) { last_reasons = ctx->current_reasons; /* Try to retrieve relevant CRL */ - if (ctx->get_crl) - ok = ctx->get_crl(ctx, &crl, x); - else - ok = get_crl_delta(ctx, &crl, &dcrl, x); - /* If error looking up CRL, nothing we can do except - * notify callback - */ + ok = get_crl_delta(ctx, &crl, &dcrl, x); if (!ok) { ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ok = ctx->verify_cb(0, ctx); goto err; } ctx->current_crl = crl; - ok = ctx->check_crl(ctx, crl); + ok = x509_vfy_check_crl(ctx, crl); if (!ok) goto err; if (dcrl) { - ok = ctx->check_crl(ctx, dcrl); + ok = x509_vfy_check_crl(ctx, dcrl); if (!ok) goto err; - ok = ctx->cert_crl(ctx, dcrl, x); + ok = x509_vfy_cert_crl(ctx, dcrl, x); if (!ok) goto err; } else @@ -1005,7 +972,7 @@ check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth) /* Don't look in full CRL if delta reason is removefromCRL */ if (ok != 2) { - ok = ctx->cert_crl(ctx, crl, x); + ok = x509_vfy_cert_crl(ctx, crl, x); if (!ok) goto err; } @@ -1559,7 +1526,7 @@ get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) goto done; /* Lookup CRLs from store */ - skcrl = ctx->lookup_crls(ctx, nm); + skcrl = X509_STORE_CTX_get1_crls(ctx, nm); /* If no CRLs found and a near match from get_crl_sk use that */ if (!skcrl && crl) @@ -1586,7 +1553,7 @@ get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) /* Check CRL validity */ static int -check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) +x509_vfy_check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) { X509 *issuer = NULL; EVP_PKEY *ikey = NULL; @@ -1689,7 +1656,7 @@ check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) /* Check certificate against CRL */ static int -cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) +x509_vfy_cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) { int ok; X509_REVOKED *rev; @@ -1756,12 +1723,6 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx) return 1; } -static int -check_policy(X509_STORE_CTX *ctx) -{ - return x509_vfy_check_policy(ctx); -} - /* * Inform the verify callback of an error. * @@ -1969,8 +1930,7 @@ X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int is_notafter) else compare = *cmp_time; - if ((cert_time = x509_verify_asn1_time_to_time_t(ctm, is_notafter)) == - -1) + if (!x509_verify_asn1_time_to_time_t(ctm, is_notafter, &cert_time)) return 0; /* invalid time */ if (cert_time <= compare) @@ -2201,21 +2161,8 @@ X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) } LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls); -int -X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) -{ - return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); -} -LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); - -int -X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) -{ - return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); -} -LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); - -/* This function is used to set the X509_STORE_CTX purpose and trust +/* + * This function is used to set the X509_STORE_CTX purpose and trust * values. This is intended to be used when another structure has its * own trust and purpose values which (if set) will be inherited by * the ctx. If they aren't set then we will usually have a default @@ -2224,52 +2171,55 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); * purpose and trust settings which the application can set: if they * aren't set then we use the default of SSL client/server. */ - int -X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) +X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose_id) { + const X509_PURPOSE *purpose; int idx; - /* If purpose not set use default */ - if (!purpose) - purpose = def_purpose; - /* If we have a purpose then check it is valid */ - if (purpose) { - X509_PURPOSE *ptmp; - idx = X509_PURPOSE_get_by_id(purpose); - if (idx == -1) { - X509error(X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - ptmp = X509_PURPOSE_get0(idx); - if (ptmp->trust == X509_TRUST_DEFAULT) { - idx = X509_PURPOSE_get_by_id(def_purpose); - if (idx == -1) { - X509error(X509_R_UNKNOWN_PURPOSE_ID); - return 0; - } - ptmp = X509_PURPOSE_get0(idx); - } - /* If trust not set then get from purpose default */ - if (!trust) - trust = ptmp->trust; - } - if (trust) { - idx = X509_TRUST_get_by_id(trust); - if (idx == -1) { - X509error(X509_R_UNKNOWN_TRUST_ID); - return 0; - } + /* XXX - Match wacky/documented behavior. Do we need to keep this? */ + if (purpose_id == 0) + return 1; + + if (purpose_id < X509_PURPOSE_MIN || purpose_id > X509_PURPOSE_MAX) { + X509error(X509_R_UNKNOWN_PURPOSE_ID); + return 0; + } + idx = purpose_id - X509_PURPOSE_MIN; + if ((purpose = X509_PURPOSE_get0(idx)) == NULL) { + X509error(X509_R_UNKNOWN_PURPOSE_ID); + return 0; } - if (purpose && !ctx->param->purpose) - ctx->param->purpose = purpose; - if (trust && !ctx->param->trust) - ctx->param->trust = trust; + /* XXX - Succeeding while ignoring purpose_id and trust is awful. */ + if (ctx->param->purpose == 0) + ctx->param->purpose = purpose_id; + if (ctx->param->trust == 0) + ctx->param->trust = X509_PURPOSE_get_trust(purpose); + return 1; } -LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit); +LCRYPTO_ALIAS(X509_STORE_CTX_set_purpose); + +int +X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust_id) +{ + /* XXX - Match wacky/documented behavior. Do we need to keep this? */ + if (trust_id == 0) + return 1; + + if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) { + X509error(X509_R_UNKNOWN_TRUST_ID); + return 0; + } + + /* XXX - Succeeding while ignoring the trust_id is awful. */ + if (ctx->param->trust == 0) + ctx->param->trust = trust_id; + + return 1; +} +LCRYPTO_ALIAS(X509_STORE_CTX_set_trust); X509_STORE_CTX * X509_STORE_CTX_new(void) @@ -2339,52 +2289,8 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *leaf, else ctx->verify_cb = null_callback; - if (store && store->get_issuer) - ctx->get_issuer = store->get_issuer; - else - ctx->get_issuer = X509_STORE_CTX_get1_issuer; - - if (store && store->check_issued) - ctx->check_issued = store->check_issued; - else - ctx->check_issued = check_issued; - - if (store && store->check_revocation) - ctx->check_revocation = store->check_revocation; - else - ctx->check_revocation = check_revocation; - - if (store && store->get_crl) - ctx->get_crl = store->get_crl; - else - ctx->get_crl = NULL; - - if (store && store->check_crl) - ctx->check_crl = store->check_crl; - else - ctx->check_crl = check_crl; - - if (store && store->cert_crl) - ctx->cert_crl = store->cert_crl; - else - ctx->cert_crl = cert_crl; - - ctx->check_policy = check_policy; - - if (store && store->lookup_certs) - ctx->lookup_certs = store->lookup_certs; - else - ctx->lookup_certs = X509_STORE_CTX_get1_certs; - - if (store && store->lookup_crls) - ctx->lookup_crls = store->lookup_crls; - else - ctx->lookup_crls = X509_STORE_CTX_get1_crls; - - if (store && store->cleanup) - ctx->cleanup = store->cleanup; - else - ctx->cleanup = NULL; + ctx->get_issuer = X509_STORE_CTX_get1_issuer; + ctx->check_issued = check_issued; ctx->param = X509_VERIFY_PARAM_new(); if (!ctx->param) { @@ -2433,15 +2339,13 @@ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *trusted) { ctx->trusted = trusted; - ctx->get_issuer = get_trusted_issuer; + ctx->get_issuer = x509_vfy_get_trusted_issuer; } LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) { - if (ctx->cleanup) - ctx->cleanup(ctx); if (ctx->param != NULL) { if (ctx->parent == NULL) X509_VERIFY_PARAM_free(ctx->param); diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 4ba697ea..a3fa8444 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.40 2023/05/28 05:25:24 tb Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.42 2024/01/08 09:51:09 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -61,6 +61,7 @@ #include #include +#include #include #include #include @@ -84,41 +85,31 @@ str_free(char *s) free(s); } -/* - * Post 1.0.1 sk function "deep_copy". For the moment we simply make - * these take void * and use them directly without a glorious blob of - * obfuscating macros of dubious value in front of them. All this in - * preparation for a rototilling of safestack.h (likely inspired by - * this). - */ -static void * -sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void) +static STACK_OF(OPENSSL_STRING) * +sk_OPENSSL_STRING_deep_copy(const STACK_OF(OPENSSL_STRING) *sk) { - _STACK *sk = sk_void; - void *(*copy_func)(void *) = copy_func_void; - void (*free_func)(void *) = free_func_void; - _STACK *ret = sk_dup(sk); - size_t i; + STACK_OF(OPENSSL_STRING) *new; + char *copy = NULL; + int i; - if (ret == NULL) - return NULL; + if ((new = sk_OPENSSL_STRING_new_null()) == NULL) + goto err; - for (i = 0; i < ret->num; i++) { - if (ret->data[i] == NULL) - continue; - ret->data[i] = copy_func(ret->data[i]); - if (ret->data[i] == NULL) { - size_t j; - for (j = 0; j < i; j++) { - if (ret->data[j] != NULL) - free_func(ret->data[j]); - } - sk_free(ret); - return NULL; - } + for (i = 0; i < sk_OPENSSL_STRING_num(sk); i++) { + if ((copy = strdup(sk_OPENSSL_STRING_value(sk, i))) == NULL) + goto err; + if (sk_OPENSSL_STRING_push(new, copy) <= 0) + goto err; + copy = NULL; } - return ret; + return new; + + err: + sk_OPENSSL_STRING_pop_free(new, str_free); + free(copy); + + return NULL; } static int @@ -313,7 +304,7 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) dest->hosts = NULL; } if (src->hosts) { - dest->hosts = sk_deep_copy(src->hosts, strdup, str_free); + dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts); if (dest->hosts == NULL) return 0; } @@ -418,14 +409,26 @@ LCRYPTO_ALIAS(X509_VERIFY_PARAM_get_flags); int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) { - return X509_PURPOSE_set(¶m->purpose, purpose); + if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) { + X509V3error(X509V3_R_INVALID_PURPOSE); + return 0; + } + + param->purpose = purpose; + return 1; } LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) { - return X509_TRUST_set(¶m->trust, trust); + if (trust < X509_TRUST_MIN || trust > X509_TRUST_MAX) { + X509error(X509_R_INVALID_TRUST); + return 0; + } + + param->trust = trust; + return 1; } LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_trust); diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 5da808cd..1698d8a0 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509type.c,v 1.19 2023/06/15 18:30:09 tb Exp $ */ +/* $OpenBSD: x509type.c,v 1.24 2023/11/13 16:16:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -69,20 +69,24 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) { const EVP_PKEY *pk = pkey; - int ret = 0, i; + int nid; + int ret = 0; if (x == NULL) - return (0); + goto done; - if (pk == NULL) { - if ((pk = X509_get0_pubkey(x)) == NULL) - return (0); - } + if (pk == NULL) + pk = X509_get0_pubkey(x); + if (pk == NULL) + goto done; switch (pk->type) { case EVP_PKEY_RSA: ret = EVP_PK_RSA|EVP_PKT_SIGN|EVP_PKT_ENC; break; + case EVP_PKEY_RSA_PSS: + ret = EVP_PK_RSA|EVP_PKT_SIGN; + break; case EVP_PKEY_DSA: ret = EVP_PK_DSA|EVP_PKT_SIGN; break; @@ -103,28 +107,30 @@ X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) break; } - i = OBJ_obj2nid(x->sig_alg->algorithm); - if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - switch (i) { - case NID_rsaEncryption: - case NID_rsa: - ret |= EVP_PKS_RSA; - break; - case NID_dsa: - case NID_dsa_2: - ret |= EVP_PKS_DSA; - break; - case NID_X9_62_id_ecPublicKey: - ret |= EVP_PKS_EC; - break; - default: - break; - } + if ((nid = X509_get_signature_nid(x)) == NID_undef) + goto done; + + if (!OBJ_find_sigid_algs(nid, NULL, &nid)) + goto done; + + switch (nid) { + case NID_rsaEncryption: + case NID_rsa: + ret |= EVP_PKS_RSA; + break; + case NID_dsa: + case NID_dsa_2: + ret |= EVP_PKS_DSA; + break; + case NID_X9_62_id_ecPublicKey: + ret |= EVP_PKS_EC; + break; + default: + break; } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; - return (ret); + done: + + return ret; } LCRYPTO_ALIAS(X509_certificate_type); diff --git a/include/compat/endian.h b/include/compat/endian.h index d0dcfe32..5376c1a1 100644 --- a/include/compat/endian.h +++ b/include/compat/endian.h @@ -13,13 +13,28 @@ #define PDP_ENDIAN 3412 /* - * Use GCC and Visual Studio compiler defines to determine endian. + * Use GCC compiler defines to determine endianness. */ +#if defined(__BYTE_ORDER__) #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ #define BYTE_ORDER LITTLE_ENDIAN #else #define BYTE_ORDER BIG_ENDIAN #endif +#endif + +/* + * Use build system defines to determine endianness. + */ +#if !defined(BYTE_ORDER) +#if defined(HAVE_LITTLE_ENDIAN) +#define BYTE_ORDER LITTLE_ENDIAN +#elif defined(HAVE_BIG_ENDIAN) +#define BYTE_ORDER BIG_ENDIAN +#else +#error "Could not detect endianness." +#endif +#endif #elif defined(HAVE_ENDIAN_H) #include_next diff --git a/include/compat/pthread.h b/include/compat/pthread.h index 1ab011c3..8211dda3 100644 --- a/include/compat/pthread.h +++ b/include/compat/pthread.h @@ -30,20 +30,25 @@ struct pthread_once { }; typedef struct pthread_once pthread_once_t; +struct _pthread_win32_cb_arg { + void (*cb)(void); +}; + static inline BOOL CALLBACK _pthread_once_win32_cb(PINIT_ONCE once, PVOID param, PVOID *context) { - void (*cb) (void) = param; - cb(); + struct _pthread_win32_cb_arg *arg = param; + arg->cb(); return TRUE; } static inline int pthread_once(pthread_once_t *once, void (*cb) (void)) { - BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, cb, NULL); + struct _pthread_win32_cb_arg arg = { .cb = cb }; + BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, &arg, NULL); if (rc == 0) - return -1; + return EINVAL; else return 0; } diff --git a/include/compat/stdio.h b/include/compat/stdio.h index d5725c9a..2af8f3ee 100644 --- a/include/compat/stdio.h +++ b/include/compat/stdio.h @@ -20,7 +20,9 @@ #ifndef HAVE_ASPRINTF #include +#define vasprintf libressl_vasprintf int vasprintf(char **str, const char *fmt, va_list ap); +#define asprintf libressl_asprintf int asprintf(char **str, const char *fmt, ...); #endif @@ -42,7 +44,7 @@ int posix_rename(const char *oldpath, const char *newpath); #define rename(oldpath, newpath) posix_rename(oldpath, newpath) #endif -#ifdef _MSC_VER +#if defined(_MSC_VER) && _MSC_VER < 1900 #define snprintf _snprintf #endif diff --git a/include/compat/stdlib.h b/include/compat/stdlib.h index 2eaea244..76dc07c3 100644 --- a/include/compat/stdlib.h +++ b/include/compat/stdlib.h @@ -20,26 +20,36 @@ #include #ifndef HAVE_ARC4RANDOM_BUF +#define arc4random libressl_arc4random uint32_t arc4random(void); +#define arc4random_buf libressl_arc4random_buf void arc4random_buf(void *_buf, size_t n); +#define arc4random_uniform libressl_arc4random_uniform uint32_t arc4random_uniform(uint32_t upper_bound); #endif #ifndef HAVE_FREEZERO +#define freezero libressl_freezero void freezero(void *ptr, size_t sz); #endif #ifndef HAVE_GETPROGNAME +#define getprogname libressl_getprogname const char * getprogname(void); #endif +#ifndef HAVE_REALLOCARRAY +#define reallocarray libressl_reallocarray void *reallocarray(void *, size_t, size_t); +#endif #ifndef HAVE_RECALLOCARRAY +#define recallocarray libressl_recallocarray void *recallocarray(void *, size_t, size_t, size_t); #endif #ifndef HAVE_STRTONUM +#define strtonum libressl_strtonum long long strtonum(const char *nptr, long long minval, long long maxval, const char **errstr); #endif diff --git a/include/compat/string.h b/include/compat/string.h index 4bf7519b..6a82793f 100644 --- a/include/compat/string.h +++ b/include/compat/string.h @@ -27,43 +27,54 @@ #endif #ifndef HAVE_STRCASECMP +#define strcasecmp libressl_strcasecmp int strcasecmp(const char *s1, const char *s2); +#define strncasecmp libressl_strncasecmp int strncasecmp(const char *s1, const char *s2, size_t len); #endif #ifndef HAVE_STRLCPY +#define strlcpy libressl_strlcpy size_t strlcpy(char *dst, const char *src, size_t siz); #endif #ifndef HAVE_STRLCAT +#define strlcat libressl_strlcat size_t strlcat(char *dst, const char *src, size_t siz); #endif #ifndef HAVE_STRNDUP +#define strndup libressl_strndup char * strndup(const char *str, size_t maxlen); /* the only user of strnlen is strndup, so only build it if needed */ #ifndef HAVE_STRNLEN +#define strnlen libressl_strnlen size_t strnlen(const char *str, size_t maxlen); #endif #endif #ifndef HAVE_STRSEP +#define strsep libressl_strsep char *strsep(char **stringp, const char *delim); #endif #ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero libressl_explicit_bzero void explicit_bzero(void *, size_t); #endif #ifndef HAVE_TIMINGSAFE_BCMP +#define timingsafe_bcmp libressl_timingsafe_bcmp int timingsafe_bcmp(const void *b1, const void *b2, size_t n); #endif #ifndef HAVE_TIMINGSAFE_MEMCMP +#define timingsafe_memcmp libressl_timingsafe_memcmp int timingsafe_memcmp(const void *b1, const void *b2, size_t len); #endif #ifndef HAVE_MEMMEM +#define memmem libressl_memmem void * memmem(const void *big, size_t big_len, const void *little, size_t little_len); #endif diff --git a/include/compat/syslog.h b/include/compat/syslog.h index f400ff66..c7a2608b 100644 --- a/include/compat/syslog.h +++ b/include/compat/syslog.h @@ -15,6 +15,7 @@ #include #ifdef _WIN32 +#define LOG_CONS LOG_INFO #define LOG_INFO 6 /* informational */ #define LOG_USER (1<<3) /* random user-level messages */ #define LOG_LOCAL2 (18<<3) /* reserved for local use */ diff --git a/include/openssl/Makefile.am b/include/openssl/Makefile.am index fbb21e5d..f79e8d28 100644 --- a/include/openssl/Makefile.am +++ b/include/openssl/Makefile.am @@ -68,7 +68,6 @@ opensslinclude_HEADERS += ecdsa.h opensslinclude_HEADERS += engine.h opensslinclude_HEADERS += err.h opensslinclude_HEADERS += evp.h -opensslinclude_HEADERS += gost.h opensslinclude_HEADERS += hkdf.h opensslinclude_HEADERS += hmac.h opensslinclude_HEADERS += idea.h @@ -88,6 +87,7 @@ opensslinclude_HEADERS += pem2.h opensslinclude_HEADERS += pkcs12.h opensslinclude_HEADERS += pkcs7.h opensslinclude_HEADERS += poly1305.h +opensslinclude_HEADERS += posix_time.h opensslinclude_HEADERS += rand.h opensslinclude_HEADERS += rc2.h opensslinclude_HEADERS += rc4.h diff --git a/include/openssl/Makefile.in b/include/openssl/Makefile.in index ac556f98..091ca88e 100644 --- a/include/openssl/Makefile.in +++ b/include/openssl/Makefile.in @@ -129,13 +129,13 @@ am__opensslinclude_HEADERS_DIST = opensslconf.h aes.h asn1.h asn1t.h \ bio.h blowfish.h bn.h buffer.h camellia.h cast.h chacha.h \ cmac.h cms.h comp.h conf.h conf_api.h crypto.h ct.h \ curve25519.h des.h dh.h dsa.h dtls1.h ec.h ecdh.h ecdsa.h \ - engine.h err.h evp.h gost.h hkdf.h hmac.h idea.h kdf.h lhash.h \ - md4.h md5.h modes.h obj_mac.h objects.h ocsp.h \ - opensslfeatures.h opensslv.h ossl_typ.h pem.h pem2.h pkcs12.h \ - pkcs7.h poly1305.h rand.h rc2.h rc4.h ripemd.h rsa.h \ - safestack.h sha.h sm3.h sm4.h srtp.h ssl.h ssl2.h ssl23.h \ - ssl3.h stack.h tls1.h ts.h txt_db.h ui.h ui_compat.h \ - whrlpool.h x509.h x509_vfy.h x509v3.h + engine.h err.h evp.h hkdf.h hmac.h idea.h kdf.h lhash.h md4.h \ + md5.h modes.h obj_mac.h objects.h ocsp.h opensslfeatures.h \ + opensslv.h ossl_typ.h pem.h pem2.h pkcs12.h pkcs7.h poly1305.h \ + posix_time.h rand.h rc2.h rc4.h ripemd.h rsa.h safestack.h \ + sha.h sm3.h sm4.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h stack.h \ + tls1.h ts.h txt_db.h ui.h ui_compat.h whrlpool.h x509.h \ + x509_vfy.h x509v3.h am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -325,18 +325,18 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(abs_top_builddir)/include \ @ENABLE_LIBTLS_ONLY_FALSE@ conf_api.h crypto.h ct.h \ @ENABLE_LIBTLS_ONLY_FALSE@ curve25519.h des.h dh.h dsa.h \ @ENABLE_LIBTLS_ONLY_FALSE@ dtls1.h ec.h ecdh.h ecdsa.h engine.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ err.h evp.h gost.h hkdf.h hmac.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ idea.h kdf.h lhash.h md4.h md5.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ modes.h obj_mac.h objects.h ocsp.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ err.h evp.h hkdf.h hmac.h idea.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ kdf.h lhash.h md4.h md5.h modes.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ obj_mac.h objects.h ocsp.h \ @ENABLE_LIBTLS_ONLY_FALSE@ opensslfeatures.h opensslv.h \ @ENABLE_LIBTLS_ONLY_FALSE@ ossl_typ.h pem.h pem2.h pkcs12.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ pkcs7.h poly1305.h rand.h rc2.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ rc4.h ripemd.h rsa.h safestack.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ sha.h sm3.h sm4.h srtp.h ssl.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ssl2.h ssl23.h ssl3.h stack.h tls1.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ ts.h txt_db.h ui.h ui_compat.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ whrlpool.h x509.h x509_vfy.h \ -@ENABLE_LIBTLS_ONLY_FALSE@ x509v3.h +@ENABLE_LIBTLS_ONLY_FALSE@ pkcs7.h poly1305.h posix_time.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ rand.h rc2.h rc4.h ripemd.h rsa.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ safestack.h sha.h sm3.h sm4.h srtp.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ ssl.h ssl2.h ssl23.h ssl3.h stack.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ tls1.h ts.h txt_db.h ui.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ ui_compat.h whrlpool.h x509.h \ +@ENABLE_LIBTLS_ONLY_FALSE@ x509_vfy.h x509v3.h all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 5eeee331..63458db9 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.80 2023/07/28 10:33:13 tb Exp $ */ +/* $OpenBSD: asn1.h,v 1.91 2024/03/02 09:08:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -217,19 +217,6 @@ typedef struct asn1_string_table_st { unsigned long flags; } ASN1_STRING_TABLE; -DECLARE_STACK_OF(ASN1_STRING_TABLE) - -/* size limits: this stuff is taken straight from RFC2459 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 - /* Declarations for template structures: for full definitions * see asn1t.h */ @@ -518,19 +505,6 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING -#ifndef LIBRESSL_INTERNAL -#define M_ASN1_IA5STRING_new ASN1_IA5STRING_new - -#define M_ASN1_INTEGER_free ASN1_INTEGER_free -#define M_ASN1_ENUMERATED_free ASN1_ENUMERATED_free -#define M_ASN1_OCTET_STRING_free ASN1_OCTET_STRING_free - -#define M_ASN1_OCTET_STRING_print ASN1_STRING_print - -#define M_ASN1_STRING_data ASN1_STRING_data -#define M_ASN1_STRING_length ASN1_STRING_length -#endif - ASN1_TYPE *ASN1_TYPE_new(void); void ASN1_TYPE_free(ASN1_TYPE *a); ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len); @@ -710,7 +684,6 @@ int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it; ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); -ASN1_TIME *ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm); ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec); int ASN1_TIME_check(const ASN1_TIME *t); @@ -855,9 +828,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, int inform, int nid); -ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); -int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); -void ASN1_STRING_TABLE_cleanup(void); +const ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); /* ASN1 template functions */ @@ -868,8 +839,6 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); -void ASN1_add_oid_module(void); - ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); @@ -896,18 +865,6 @@ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, const ASN1_ITEM *it, const ASN1_PCTX *pctx); -ASN1_PCTX *ASN1_PCTX_new(void); -void ASN1_PCTX_free(ASN1_PCTX *p); -unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); -void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); -unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); -void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); -unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); -void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); -unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); -void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); -unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); -void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); int SMIME_crlf_copy(BIO *in, BIO *out, int flags); int SMIME_text(BIO *in, BIO *out); @@ -1167,8 +1124,6 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 -int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); -int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); #ifdef __cplusplus } #endif diff --git a/include/openssl/bio.h b/include/openssl/bio.h index b955524c..a50fb163 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bio.h,v 1.60 2023/08/25 12:37:33 schwarze Exp $ */ +/* $OpenBSD: bio.h,v 1.63 2024/03/02 09:22:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -534,7 +534,6 @@ const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); BIO *BIO_new(const BIO_METHOD *type); -int BIO_set(BIO *a, const BIO_METHOD *type); int BIO_free(BIO *a); int BIO_up_ref(BIO *bio); void *BIO_get_data(BIO *a); @@ -599,14 +598,10 @@ int BIO_dgram_non_fatal_error(int _error); int BIO_fd_should_retry(int i); int BIO_fd_non_fatal_error(int _error); -int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), - void *u, const char *s, int len); -int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), - void *u, const char *s, int len, int indent); + int BIO_dump(BIO *b, const char *bytes, int len); int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); -int BIO_dump_fp(FILE *fp, const char *s, int len); -int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); + struct hostent *BIO_gethostbyname(const char *name); /* We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, @@ -648,25 +643,9 @@ void BIO_copy_next_retry(BIO *b); #ifndef __MINGW_PRINTF_FORMAT int BIO_printf(BIO *bio, const char *format, ...) __attribute__((__format__(__printf__, 2, 3), __nonnull__(2))); -int BIO_vprintf(BIO *bio, const char *format, va_list args) - __attribute__((__format__(__printf__, 2, 0), __nonnull__(2))); -int BIO_snprintf(char *buf, size_t n, const char *format, ...) - __attribute__((__deprecated__, __format__(__printf__, 3, 4), - __nonnull__(3))); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - __attribute__((__deprecated__, __format__(__printf__, 3, 0), - __nonnull__(3))); #else int BIO_printf(BIO *bio, const char *format, ...) __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2))); -int BIO_vprintf(BIO *bio, const char *format, va_list args) - __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2))); -int BIO_snprintf(char *buf, size_t n, const char *format, ...) - __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4), - __nonnull__(3))); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0), - __nonnull__(3))); #endif void ERR_load_BIO_strings(void); diff --git a/include/openssl/bn.h b/include/openssl/bn.h index e00953ea..79210752 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.75 2023/07/31 05:04:06 tb Exp $ */ +/* $OpenBSD: bn.h,v 1.77 2024/03/02 09:27:31 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -391,13 +391,6 @@ int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, #endif int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); -int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); -int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); int BN_mask_bits(BIGNUM *a, int n); int BN_print_fp(FILE *fp, const BIGNUM *a); diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h index cb6d64b0..f77dae12 100644 --- a/include/openssl/cmac.h +++ b/include/openssl/cmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */ +/* $OpenBSD: cmac.h,v 1.4 2024/03/02 09:30:21 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -74,7 +74,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, const EVP_CIPHER *cipher, ENGINE *impl); int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); -int CMAC_resume(CMAC_CTX *ctx); #ifdef __cplusplus } diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 07a55ec1..d6ea7771 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.63 2023/07/28 10:19:20 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.72 2024/03/02 15:40:05 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -117,6 +117,7 @@ #include #include #include +#include #ifndef HEADER_CRYPTO_H #define HEADER_CRYPTO_H @@ -240,7 +241,7 @@ typedef struct { typedef struct bio_st BIO_dummy; struct crypto_ex_data_st { - STACK_OF(void) *sk; + void *sk; }; DECLARE_STACK_OF(void) @@ -272,26 +273,10 @@ DECLARE_STACK_OF(void) #endif int CRYPTO_mem_ctrl(int mode); -int CRYPTO_is_mem_check_on(void); -/* for applications */ -#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) -#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) - -#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) +#define OPENSSL_malloc(num) CRYPTO_malloc((num),NULL,0) #define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) -#define OPENSSL_realloc(addr,num) \ - CRYPTO_realloc((char *)addr,(int)num,NULL,0) -#define OPENSSL_realloc_clean(addr,old_num,num) \ - CRYPTO_realloc_clean(addr,old_num,num,NULL,0) -#define OPENSSL_remalloc(addr,num) \ - CRYPTO_remalloc((char **)addr,(int)num,NULL,0) -#define OPENSSL_freeFunc CRYPTO_free -#define OPENSSL_free(addr) CRYPTO_free(addr) - -#define OPENSSL_malloc_locked(num) \ - CRYPTO_malloc_locked((int)num,NULL,0) -#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) +#define OPENSSL_free(addr) CRYPTO_free((addr),NULL,0) #endif const char *OpenSSL_version(int type); @@ -329,14 +314,7 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, int line); /* Don't use this structure directly. */ -typedef struct crypto_threadid_st { - void *ptr; - unsigned long val; -} CRYPTO_THREADID; -void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); -void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); -unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +typedef struct crypto_threadid_st CRYPTO_THREADID; #ifndef LIBRESSL_INTERNAL /* These functions are deprecated no-op stubs */ @@ -376,87 +354,19 @@ void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l /* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- * call the latter last if you need different functions */ int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), void (*f)(void *)); -int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); int CRYPTO_set_mem_ex_functions(void *(*m)(size_t, const char *, int), void *(*r)(void *, size_t, const char *, int), void (*f)(void *)); -int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t, const char *, int), - void (*free_func)(void *)); -int CRYPTO_set_mem_debug_functions( - void (*m)(void *, int, const char *, int, int), - void (*r)(void *, void *, int, const char *, int, int), - void (*f)(void *, int), void (*so)(long), long (*go)(void)); -void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), - void (**f)(void *)); -void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); -void CRYPTO_get_mem_ex_functions(void *(**m)(size_t, const char *, int), - void *(**r)(void *, size_t, const char *, int), void (**f)(void *)); -void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t, const char *, int), - void (**f)(void *)); -void CRYPTO_get_mem_debug_functions( - void (**m)(void *, int, const char *, int, int), - void (**r)(void *, void *, int, const char *, int, int), - void (**f)(void *, int), void (**so)(long), long (**go)(void)); #ifndef LIBRESSL_INTERNAL -void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *ptr); -void *CRYPTO_malloc(int num, const char *file, int line); +void *CRYPTO_malloc(size_t num, const char *file, int line); char *CRYPTO_strdup(const char *str, const char *file, int line); -void CRYPTO_free(void *ptr); -void *CRYPTO_realloc(void *addr, int num, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); #endif -void *CRYPTO_realloc_clean(void *addr, int old_num, int num, - const char *file, int line); -void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); - #ifndef LIBRESSL_INTERNAL void OPENSSL_cleanse(void *ptr, size_t len); #endif -void CRYPTO_set_mem_debug_options(long bits); -long CRYPTO_get_mem_debug_options(void); - -#define CRYPTO_push_info(info) \ - CRYPTO_push_info_(info, NULL, 0); -int CRYPTO_push_info_(const char *info, const char *file, int line); -int CRYPTO_pop_info(void); -int CRYPTO_remove_all_info(void); - - -/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; - * used as default in CRYPTO_MDEBUG compilations): */ -/* The last argument has the following significance: - * - * 0: called before the actual memory allocation has taken place - * 1: called after the actual memory allocation has taken place - */ -void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, int before_p) - __attribute__ ((deprecated)); -void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, int line, int before_p) - __attribute__ ((deprecated)); -void CRYPTO_dbg_free(void *addr, int before_p) - __attribute__ ((deprecated)); -/* Tell the debugging code about options. By default, the following values - * apply: - * - * 0: Clear all options. - * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. - * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. - * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 - */ -void CRYPTO_dbg_set_options(long bits) - __attribute__ ((deprecated)); -long CRYPTO_dbg_get_options(void) - __attribute__ ((deprecated)); - - -int CRYPTO_mem_leaks_fp(FILE *); -int CRYPTO_mem_leaks(struct bio_st *bio); -/* unsigned long order, char *file, int line, int num_bytes, char *addr */ -typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); -int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); - /* * Because this is a public header, use a portable method of indicating the * function does not return, rather than __dead. @@ -471,8 +381,6 @@ void OpenSSLDie(const char *file, int line, const char *assertion); uint64_t OPENSSL_cpu_caps(void); -int OPENSSL_isservice(void); - #ifndef LIBRESSL_INTERNAL int FIPS_mode(void); int FIPS_mode_set(int r); @@ -522,6 +430,12 @@ int CRYPTO_memcmp(const void *a, const void *b, size_t len); int OPENSSL_init_crypto(uint64_t opts, const void *settings); void OPENSSL_cleanup(void); +/* + * OpenSSL helpfully put OPENSSL_gmtime() here because all other time related + * functions are in asn1.h. + */ +struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm); + void ERR_load_CRYPTO_strings(void); /* Error codes for the CRYPTO functions. */ diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 8029e7f9..a0ef787a 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa.h,v 1.43 2023/04/18 08:47:28 tb Exp $ */ +/* $OpenBSD: dsa.h,v 1.44 2024/03/02 09:33:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -163,12 +163,6 @@ DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); int i2d_DSAparams(const DSA *a,unsigned char **pp); extern const ASN1_ITEM DSAparams_it; -/* Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used in 2023. */ -DSA * DSA_generate_parameters(int bits, - unsigned char *seed,int seed_len, - int *counter_ret, unsigned long *h_ret,void - (*callback)(int, int, void *),void *cb_arg); - /* New version */ int DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,int seed_len, diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 1e04b61e..20398f8d 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.h,v 1.42 2023/08/04 05:44:51 tb Exp $ */ +/* $OpenBSD: engine.h,v 1.44 2024/03/02 10:22:07 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -66,22 +66,8 @@ #include -#include -#ifndef OPENSSL_NO_DH -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_EC -#include -#endif #include -#ifndef OPENSSL_NO_RSA -#include -#endif #include -#include #include @@ -89,8 +75,6 @@ extern "C" { #endif -/* These flags are used to control combinations of algorithm (methods) - * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 #define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DH (unsigned int)0x0004 @@ -101,145 +85,13 @@ extern "C" { #define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 #define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 #define ENGINE_METHOD_EC (unsigned int)0x0800 -/* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 -/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used - * internally to control registration of ENGINE implementations, and can be set - * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to - * initialise registered ENGINEs if they are not already initialised. */ -#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 - -/* ENGINE flags that can be set by ENGINE_set_flags(). */ -/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ - -/* This flag is for ENGINEs that wish to handle the various 'CMD'-related - * control commands on their own. Without this flag, ENGINE_ctrl() handles these - * control commands on behalf of the ENGINE using their "cmd_defns" data. */ -#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 - -/* This flag is for ENGINEs who return new duplicate structures when found via - * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() - * commands are called in sequence as part of some stateful process like - * key-generation setup and execution), it can set this flag - then each attempt - * to obtain the ENGINE will result in it being copied into a new structure. - * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments - * the existing ENGINE's structural reference count. */ -#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 - -/* This flag if for an ENGINE that does not want its methods registered as - * part of ENGINE_register_all_complete() for example if the methods are - * not usable as default methods. - */ - -#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 - -/* ENGINEs can support their own command types, and these flags are used in - * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each - * command expects. Currently only numeric and string input is supported. If a - * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, - * then it is regarded as an "internal" control command - and not for use in - * config setting situations. As such, they're not available to the - * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to - * this list of 'command types' should be reflected carefully in - * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ - -/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ -#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 -/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to - * ENGINE_ctrl) */ -#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 -/* Indicates that the control command takes *no* input. Ie. the control command - * is unparameterised. */ -#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 -/* Indicates that the control command is internal. This control command won't - * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() - * function. */ -#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 - -/* NB: These 3 control commands are deprecated and should not be used. ENGINEs - * relying on these commands should compile conditional support for - * compatibility (eg. if these symbols are defined) but should also migrate the - * same functionality to their own ENGINE-specific control functions that can be - * "discovered" by calling applications. The fact these control commands - * wouldn't be "executable" (ie. usable by text-based config) doesn't change the - * fact that application code can find and use them without requiring per-ENGINE - * hacking. */ - -/* These flags are used to tell the ctrl function what should be done. - * All command numbers are shared between all engines, even if some don't - * make sense to some engines. In such a case, they do nothing but return - * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ -#define ENGINE_CTRL_SET_LOGSTREAM 1 -#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 -#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any - handles/connections etc. */ -#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ -#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ -#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given - a string that represents a - file name or so */ -#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given - section in the already loaded - configuration */ - -/* These control commands allow an application to deal with an arbitrary engine - * in a dynamic way. Warn: Negative return values indicate errors FOR THESE - * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, - * including ENGINE-specific command types, return zero for an error. - * - * An ENGINE can choose to implement these ctrl functions, and can internally - * manage things however it chooses - it does so by setting the - * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the - * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns - * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() - * handler need only implement its own commands - the above "meta" commands will - * be taken care of. */ - -/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then - * all the remaining control commands will return failure, so it is worth - * checking this first if the caller is trying to "discover" the engine's - * capabilities and doesn't want errors generated unnecessarily. */ -#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 -/* Returns a positive command number for the first command supported by the - * engine. Returns zero if no ctrl commands are supported. */ -#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 -/* The 'long' argument specifies a command implemented by the engine, and the - * return value is the next command supported, or zero if there are no more. */ -#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 -/* The 'void*' argument is a command name (cast from 'const char *'), and the - * return value is the command that corresponds to it. */ -#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 -/* The next two allow a command to be converted into its corresponding string - * form. In each case, the 'long' argument supplies the command. In the NAME_LEN - * case, the return value is the length of the command name (not counting a - * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer - * large enough, and it will be populated with the name of the command (WITH a - * trailing EOL). */ -#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 -#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 -/* The next two are similar but give a "short description" of a command. */ -#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 -#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 -/* With this command, the return value is the OR'd combination of - * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given - * engine-specific ctrl command expects. */ -#define ENGINE_CTRL_GET_CMD_FLAGS 18 - -/* ENGINE implementations should start the numbering of their own control - * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 - /* * Prototypes for the stub functions in engine_stubs.c. They are provided to - * build M2Crypto, Dovecot, apr-utils without patching. All the other garbage - * can hopefully go away soon. + * build M2Crypto, Dovecot, apr-utils without patching. */ -#ifdef OPENSSL_NO_ENGINE void ENGINE_load_builtin_engines(void); void ENGINE_load_dynamic(void); void ENGINE_load_openssl(void); @@ -261,7 +113,7 @@ int ENGINE_set_default(ENGINE *engine, unsigned int flags); ENGINE *ENGINE_get_default_RSA(void); int ENGINE_set_default_RSA(ENGINE *engine); -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p, +int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, void (*f)(void), int cmd_optional); int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg, int cmd_optional); @@ -270,460 +122,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id, UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id, UI_METHOD *ui_method, void *callback_data); -#else -/* If an ENGINE supports its own specific control commands and wishes the - * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its - * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries - * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that - * supports the stated commands (ie. the "cmd_num" entries as described by the - * array). NB: The array must be ordered in increasing order of cmd_num. - * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set - * to zero and/or cmd_name set to NULL. */ -typedef struct ENGINE_CMD_DEFN_st { - unsigned int cmd_num; /* The command number */ - const char *cmd_name; /* The command name itself */ - const char *cmd_desc; /* A short description of the command */ - unsigned int cmd_flags; /* The input the command expects */ -} ENGINE_CMD_DEFN; - -/* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(void); -/* Generic function pointer taking no arguments */ -typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); -/* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, - void (*f)(void)); -/* Generic load_key function pointer */ -typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, - UI_METHOD *ui_method, void *callback_data); -typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, - STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); - -/* These callback types are for an ENGINE's handler for cipher and digest logic. - * These handlers have these prototypes; - * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); - * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); - * Looking at how to implement these handlers in the case of cipher support, if - * the framework wants the EVP_CIPHER for 'nid', it will call; - * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) - * If the framework wants a list of supported 'nid's, it will call; - * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) - */ -/* Returns to a pointer to the array of supported cipher 'nid's. If the second - * parameter is non-NULL it is set to the size of the returned array. */ -typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, - const int **, int); -typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); -typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, - const int **, int); -typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, - const int **, int); - -/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE - * structures where the pointers have a "structural reference". This means that - * their reference is to allowed access to the structure but it does not imply - * that the structure is functional. To simply increment or decrement the - * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not - * required when iterating using ENGINE_get_next as it will automatically - * decrement the structural reference count of the "current" ENGINE and - * increment the structural reference count of the ENGINE it returns (unless it - * is NULL). */ - -/* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void); -ENGINE *ENGINE_get_last(void); -/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e); -ENGINE *ENGINE_get_prev(ENGINE *e); -/* Add another "ENGINE" type into the array. */ -int ENGINE_add(ENGINE *e); -/* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e); -/* Retrieve an engine from the list by its unique "id" value. */ -ENGINE *ENGINE_by_id(const char *id); -/* Add all the built-in engines. */ -void ENGINE_load_openssl(void); -void ENGINE_load_dynamic(void); -#ifndef OPENSSL_NO_STATIC_ENGINE -void ENGINE_load_padlock(void); -#endif -void ENGINE_load_builtin_engines(void); - -/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation - * "registry" handling. */ -unsigned int ENGINE_get_table_flags(void); -void ENGINE_set_table_flags(unsigned int flags); - -/* Manage registration of ENGINEs per "table". For each type, there are 3 - * functions; - * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) - * ENGINE_unregister_***(e) - unregister the implementation from 'e' - * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list - * Cleanup is automatically registered from each table when required, so - * ENGINE_cleanup() will reverse any "register" operations. */ - -int ENGINE_register_RSA(ENGINE *e); -void ENGINE_unregister_RSA(ENGINE *e); -void ENGINE_register_all_RSA(void); - -int ENGINE_register_DSA(ENGINE *e); -void ENGINE_unregister_DSA(ENGINE *e); -void ENGINE_register_all_DSA(void); - -int ENGINE_register_EC(ENGINE *e); -void ENGINE_unregister_EC(ENGINE *e); -void ENGINE_register_all_EC(void); - -int ENGINE_register_DH(ENGINE *e); -void ENGINE_unregister_DH(ENGINE *e); -void ENGINE_register_all_DH(void); - -int ENGINE_register_RAND(ENGINE *e); -void ENGINE_unregister_RAND(ENGINE *e); -void ENGINE_register_all_RAND(void); - -int ENGINE_register_STORE(ENGINE *e); -void ENGINE_unregister_STORE(ENGINE *e); -void ENGINE_register_all_STORE(void); - -int ENGINE_register_ciphers(ENGINE *e); -void ENGINE_unregister_ciphers(ENGINE *e); -void ENGINE_register_all_ciphers(void); - -int ENGINE_register_digests(ENGINE *e); -void ENGINE_unregister_digests(ENGINE *e); -void ENGINE_register_all_digests(void); - -int ENGINE_register_pkey_meths(ENGINE *e); -void ENGINE_unregister_pkey_meths(ENGINE *e); -void ENGINE_register_all_pkey_meths(void); - -int ENGINE_register_pkey_asn1_meths(ENGINE *e); -void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); -void ENGINE_register_all_pkey_asn1_meths(void); - -/* These functions register all support from the above categories. Note, use of - * these functions can result in static linkage of code your application may not - * need. If you only need a subset of functionality, consider using more - * selective initialisation. */ -int ENGINE_register_complete(ENGINE *e); -int ENGINE_register_all_complete(void); - -/* Send parametrised control commands to the engine. The possibilities to send - * down an integer, a pointer to data or a function pointer are provided. Any of - * the parameters may or may not be NULL, depending on the command number. In - * actuality, this function only requires a structural (rather than functional) - * reference to an engine, but many control commands may require the engine be - * functional. The caller should be aware of trying commands that require an - * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); - -/* This function tests if an ENGINE-specific command is usable as a "setting". - * Eg. in an application's config file that gets processed through - * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to - * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ -int ENGINE_cmd_is_executable(ENGINE *e, int cmd); - -/* This function works like ENGINE_ctrl() with the exception of taking a - * command name instead of a command number, and can handle optional commands. - * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to - * use the cmd_name and cmd_optional. */ -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(void), int cmd_optional); - -/* This function passes a command-name and argument to an ENGINE. The cmd_name - * is converted to a command number and the control command is called using - * 'arg' as an argument (unless the ENGINE doesn't support such a command, in - * which case no control command is called). The command is checked for input - * flags, and if necessary the argument will be converted to a numeric value. If - * cmd_optional is non-zero, then if the ENGINE doesn't support the given - * cmd_name the return value will be success anyway. This function is intended - * for applications to use so that users (or config files) can supply - * engine-specific config data to the ENGINE at run-time to control behaviour of - * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() - * functions that return data, deal with binary data, or that are otherwise - * supposed to be used directly through ENGINE_ctrl() in application code. Any - * "return" data from an ENGINE_ctrl() operation in this function will be lost - - * the return value is interpreted as failure if the return value is zero, - * success otherwise, and this function returns a boolean value as a result. In - * other words, vendors of 'ENGINE'-enabled devices should write ENGINE - * implementations with parameterisations that work in this scheme, so that - * compliant ENGINE-based applications can work consistently with the same - * configuration for the same ENGINE-enabled devices, across applications. */ -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); - -/* These functions are useful for manufacturing new ENGINE structures. They - * don't address reference counting at all - one uses them to populate an ENGINE - * structure with personalised implementations of things prior to using it - * directly or adding it to the builtin ENGINE list in OpenSSL. These are also - * here so that the ENGINE structure doesn't have to be exposed and break binary - * compatibility! */ -ENGINE *ENGINE_new(void); -int ENGINE_free(ENGINE *e); -int ENGINE_up_ref(ENGINE *e); -int ENGINE_set_id(ENGINE *e, const char *id); -int ENGINE_set_name(ENGINE *e, const char *name); -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth); -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); -int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); -int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); -int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); -int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); -int ENGINE_set_flags(ENGINE *e, int flags); -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); -/* These functions allow control over any per-structure ENGINE data. */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); -void *ENGINE_get_ex_data(const ENGINE *e, int idx); - -/* This function cleans up anything that needs it. Eg. the ENGINE_add() function - * automatically ensures the list cleanup function is registered to be called - * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure - * ENGINE_cleanup() will clean up after them. */ -void ENGINE_cleanup(void); - -/* These return values from within the ENGINE structure. These can be useful - * with functional references as well as structural references - it depends - * which you obtained. Using the result for functional purposes if you only - * obtained a structural reference may be problematic! */ -const char *ENGINE_get_id(const ENGINE *e); -const char *ENGINE_get_name(const ENGINE *e); -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); -const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); -const DH_METHOD *ENGINE_get_DH(const ENGINE *e); -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); -ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); -ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); -ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); -const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, int len); -const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, int len); -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); -int ENGINE_get_flags(const ENGINE *e); - -/* FUNCTIONAL functions. These functions deal with ENGINE structures - * that have (or will) be initialised for use. Broadly speaking, the - * structural functions are useful for iterating the list of available - * engine types, creating new engine types, and other "list" operations. - * These functions actually deal with ENGINEs that are to be used. As - * such these functions can fail (if applicable) when particular - * engines are unavailable - eg. if a hardware accelerator is not - * attached or not functioning correctly. Each ENGINE has 2 reference - * counts; structural and functional. Every time a functional reference - * is obtained or released, a corresponding structural reference is - * automatically obtained or released too. */ - -/* Initialise a engine type for use (or up its reference count if it's - * already in use). This will fail if the engine is not currently - * operational and cannot initialise. */ -int ENGINE_init(ENGINE *e); -/* Free a functional reference to a engine type. This does not require - * a corresponding call to ENGINE_free as it also releases a structural - * reference. */ -int ENGINE_finish(ENGINE *e); - -/* The following functions handle keys that are stored in some secondary - * location, handled by the engine. The storage may be on a card or - * whatever. */ -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, - STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data); - -/* This returns a pointer for the current ENGINE structure that - * is (by default) performing any RSA operations. The value returned - * is an incremented reference, so it should be free'd (ENGINE_finish) - * before it is discarded. */ -ENGINE *ENGINE_get_default_RSA(void); -/* Same for the other "methods" */ -ENGINE *ENGINE_get_default_DSA(void); -ENGINE *ENGINE_get_default_EC(void); -ENGINE *ENGINE_get_default_DH(void); -ENGINE *ENGINE_get_default_RAND(void); -/* These functions can be used to get a functional reference to perform - * ciphering or digesting corresponding to "nid". */ -ENGINE *ENGINE_get_cipher_engine(int nid); -ENGINE *ENGINE_get_digest_engine(int nid); -ENGINE *ENGINE_get_pkey_meth_engine(int nid); -ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); - -/* This sets a new default ENGINE structure for performing RSA - * operations. If the result is non-zero (success) then the ENGINE - * structure will have had its reference count up'd so the caller - * should still free their own reference 'e'. */ -int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *def_list); -/* Same for the other "methods" */ -int ENGINE_set_default_DSA(ENGINE *e); -int ENGINE_set_default_EC(ENGINE *e); -int ENGINE_set_default_DH(ENGINE *e); -int ENGINE_set_default_RAND(ENGINE *e); -int ENGINE_set_default_ciphers(ENGINE *e); -int ENGINE_set_default_digests(ENGINE *e); -int ENGINE_set_default_pkey_meths(ENGINE *e); -int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); - -/* The combination "set" - the flags are bitwise "OR"d from the - * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" - * function, this function can result in unnecessary static linkage. If your - * application requires only specific functionality, consider using more - * selective functions. */ -int ENGINE_set_default(ENGINE *e, unsigned int flags); - -void ENGINE_add_conf_module(void); - -/* Deprecated functions ... */ -/* int ENGINE_clear_defaults(void); */ - -/**************************/ -/* DYNAMIC ENGINE SUPPORT */ -/**************************/ - -/* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 -/* Binary versions older than this are too old for us (whether we're a loader or - * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 - -/* When compiling an ENGINE entirely as an external shared library, loadable by - * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure - * type provides the calling application's (or library's) error functionality - * and memory management function pointers to the loaded library. These should - * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. The 'static_state' pointer - * allows the loaded library to know if it shares the same static data as the - * calling application (or library), and thus whether these callbacks need to be - * set or not. */ -typedef void *(*dyn_MEM_malloc_cb)(size_t); -typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); -typedef void (*dyn_MEM_free_cb)(void *); -typedef struct st_dynamic_MEM_fns { - dyn_MEM_malloc_cb malloc_cb; - dyn_MEM_realloc_cb realloc_cb; - dyn_MEM_free_cb free_cb; -} dynamic_MEM_fns; -/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use - * these types so we (and any other dependent code) can simplify a bit?? */ -typedef void (*dyn_lock_locking_cb)(int, int, const char *, int); -typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int); -typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( - const char *, int); -typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *, - const char *, int); -typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, - const char *, int); -typedef struct st_dynamic_LOCK_fns { - dyn_lock_locking_cb lock_locking_cb; - dyn_lock_add_lock_cb lock_add_lock_cb; - dyn_dynlock_create_cb dynlock_create_cb; - dyn_dynlock_lock_cb dynlock_lock_cb; - dyn_dynlock_destroy_cb dynlock_destroy_cb; -} dynamic_LOCK_fns; -/* The top-level structure */ -typedef struct st_dynamic_fns { - void *static_state; - const ERR_FNS *err_fns; - const CRYPTO_EX_DATA_IMPL *ex_data_fns; - dynamic_MEM_fns mem_fns; - dynamic_LOCK_fns lock_fns; -} dynamic_fns; - -/* The version checking function should be of this prototype. NB: The - * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. - * If this function returns zero, it indicates a (potential) version - * incompatibility and the loaded library doesn't believe it can proceed. - * Otherwise, the returned value is the (latest) version supported by the - * loading library. The loader may still decide that the loaded code's version - * is unsatisfactory and could veto the load. The function is expected to - * be implemented with the symbol name "v_check", and a default implementation - * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ -typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); -#define IMPLEMENT_DYNAMIC_CHECK_FN() \ - extern unsigned long v_check(unsigned long v); \ - extern unsigned long v_check(unsigned long v) { \ - if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ - return 0; } - -/* This function is passed the ENGINE structure to initialise with its own - * function and command settings. It should not adjust the structural or - * functional reference counts. If this function returns zero, (a) the load will - * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the - * structure, and (c) the shared library will be unloaded. So implementations - * should do their own internal cleanup in failure circumstances otherwise they - * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that - * the loader is looking for. If this is NULL, the shared library can choose to - * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared - * library must initialise only an ENGINE matching the passed 'id'. The function - * is expected to be implemented with the symbol name "bind_engine". A standard - * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where - * the parameter 'fn' is a callback function that populates the ENGINE structure - * and returns an int value (zero for failure). 'fn' should have prototype; - * [static] int fn(ENGINE *e, const char *id); */ -typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, - const dynamic_fns *fns); -#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ - extern \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ - extern \ - int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ - if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ - if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ - fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ - return 0; \ - if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ - return 0; \ - if(!ERR_set_implementation(fns->err_fns)) return 0; \ - skip_cbs: \ - if(!fn(e,id)) return 0; \ - return 1; } - -/* If the loading application (or library) and the loaded ENGINE library share - * the same static data (eg. they're both dynamically linked to the same - * libcrypto.so) we need a way to avoid trying to set system callbacks - this - * would fail, and for the same reason that it's unnecessary to try. If the - * loaded ENGINE has (or gets from through the loader) its own copy of the - * libcrypto static data, we will need to set the callbacks. The easiest way to - * detect this is to have a function that returns a pointer to some static data - * and let the loading application and loaded ENGINE compare their respective - * values. */ - void *ENGINE_get_static_state(void); - -void ERR_load_ENGINE_strings(void); -#endif /* Error codes for the ENGINE functions. */ diff --git a/include/openssl/err.h b/include/openssl/err.h index d85de24c..8beab148 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.31 2023/07/28 10:23:19 tb Exp $ */ +/* $OpenBSD: err.h,v 1.33 2024/03/02 10:32:26 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -143,16 +143,6 @@ extern "C" { #define ERR_FLAG_MARK 0x01 #define ERR_NUM_ERRORS 16 -typedef struct err_state_st { - CRYPTO_THREADID tid; - int err_flags[ERR_NUM_ERRORS]; - unsigned long err_buffer[ERR_NUM_ERRORS]; - char *err_data[ERR_NUM_ERRORS]; - int err_data_flags[ERR_NUM_ERRORS]; - const char *err_file[ERR_NUM_ERRORS]; - int err_line[ERR_NUM_ERRORS]; - int top, bottom; -} ERR_STATE; /* library */ #define ERR_LIB_NONE 1 @@ -388,8 +378,8 @@ void ERR_asprintf_error_data(char * format, ...); void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list args); #endif -void ERR_load_strings(int lib, ERR_STRING_DATA str[]); -void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); +void ERR_load_strings(int lib, ERR_STRING_DATA *str); +void ERR_unload_strings(int lib, ERR_STRING_DATA *str); void ERR_load_ERR_strings(void); void ERR_load_crypto_strings(void); void ERR_free_strings(void); @@ -397,7 +387,6 @@ void ERR_free_strings(void); void ERR_remove_thread_state(const CRYPTO_THREADID *tid); /* Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used in 2023. */ void ERR_remove_state(unsigned long pid); -ERR_STATE *ERR_get_state(void); int ERR_get_next_error_library(void); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 381098b9..f6123963 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.119 2023/08/25 12:37:33 schwarze Exp $ */ +/* $OpenBSD: evp.h,v 1.132 2024/03/02 10:21:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -210,8 +210,6 @@ extern "C" { #define EVP_CIPH_ALWAYS_CALL_INIT 0x20 /* Call ctrl() to init cipher parameters */ #define EVP_CIPH_CTRL_INIT 0x40 -/* Don't use standard key length function */ -#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ @@ -241,7 +239,6 @@ extern "C" { /* ctrl() values */ #define EVP_CTRL_INIT 0x0 -#define EVP_CTRL_SET_KEY_LENGTH 0x1 #define EVP_CTRL_GET_RC2_KEY_BITS 0x2 #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 #define EVP_CTRL_GET_RC5_ROUNDS 0x4 @@ -352,24 +349,6 @@ int EVP_MD_size(const EVP_MD *md); int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); -EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); -void EVP_MD_meth_free(EVP_MD *md); -EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); -int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); -int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); -int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); -int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); -int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); -int EVP_MD_meth_set_update(EVP_MD *md, - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)); -int EVP_MD_meth_set_final(EVP_MD *md, - int (*final)(EVP_MD_CTX *ctx, unsigned char *md)); -int EVP_MD_meth_set_copy(EVP_MD *md, - int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)); -int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); -int EVP_MD_meth_set_ctrl(EVP_MD *md, - int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)); - const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); @@ -461,18 +440,11 @@ int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, unsigned int inl); -#define EVP_add_cipher_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_add_digest_alias(n,alias) \ - OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) -#define EVP_delete_cipher_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); -#define EVP_delete_digest_alias(alias) \ - OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); - EVP_MD_CTX *EVP_MD_CTX_new(void); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +#ifndef LIBRESSL_INTERNAL +int EVP_MD_CTX_init(EVP_MD_CTX *ctx); +#endif int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); @@ -584,7 +556,9 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +#ifndef LIBRESSL_INTERNAL +int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +#endif int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); @@ -672,9 +646,6 @@ const EVP_CIPHER *EVP_desx_cbc(void); #ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); const EVP_CIPHER *EVP_rc4_40(void); -#ifndef OPENSSL_NO_MD5 -const EVP_CIPHER *EVP_rc4_hmac_md5(void); -#endif #endif #ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); @@ -745,10 +716,6 @@ const EVP_CIPHER *EVP_aes_256_xts(void); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) const EVP_CIPHER *EVP_chacha20_poly1305(void); #endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -#endif #endif #ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); @@ -809,9 +776,6 @@ void OpenSSL_add_all_digests(void); #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() #define SSLeay_add_all_digests() OpenSSL_add_all_digests() -int EVP_add_cipher(const EVP_CIPHER *cipher); -int EVP_add_digest(const EVP_MD *digest); - const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); @@ -902,46 +866,13 @@ int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); int EVP_CIPHER_type(const EVP_CIPHER *ctx); -/* calls methods */ -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -/* These are used by EVP_CIPHER methods */ -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - /* PKCS5 password based encryption */ -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, int keylen, unsigned char *out); int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out); -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); - -void PKCS5_PBE_add(void); - -int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); - -/* PBE type */ - -/* Can appear as the outermost AlgorithmIdentifier */ -#define EVP_PBE_TYPE_OUTER 0x0 -/* Is an PRF type OID */ -#define EVP_PBE_TYPE_PRF 0x1 - -int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); -int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen); -void EVP_PBE_cleanup(void); #define ASN1_PKEY_ALIAS 0x1 #define ASN1_PKEY_DYNAMIC 0x2 @@ -959,53 +890,11 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len); -int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); -int EVP_PKEY_asn1_add_alias(int to, int from); int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, const char **pinfo, const char **ppem_str, const EVP_PKEY_ASN1_METHOD *ameth); const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); -EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, - const char *info); -void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src); -void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); -void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), - int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), - int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx), - int (*pkey_size)(const EVP_PKEY *pk), - int (*pkey_bits)(const EVP_PKEY *pk)); -void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf), - int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), - int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)); -void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), - int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), - int (*param_missing)(const EVP_PKEY *pk), - int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), - int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), - int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *pctx)); - -void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free)(EVP_PKEY *pkey)); -void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); -void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_security_bits)(const EVP_PKEY *pkey)); - -void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check)(const EVP_PKEY *pk)); -void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_public_check)(const EVP_PKEY *pk)); -void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check)(const EVP_PKEY *pk)); #define EVP_PKEY_OP_UNDEFINED 0 #define EVP_PKEY_OP_PARAMGEN (1<<1) @@ -1072,14 +961,6 @@ void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, */ #define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 -const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); -EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); -void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth); -void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); -void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); -int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); - EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); @@ -1142,73 +1023,6 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); -void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init)(EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); - -void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup)(EVP_PKEY_CTX *ctx)); - -void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init)(EVP_PKEY_CTX *ctx), - int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init)(EVP_PKEY_CTX *ctx), - int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); - -void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init)(EVP_PKEY_CTX *ctx), - int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init)(EVP_PKEY_CTX *ctx), - int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init)(EVP_PKEY_CTX *ctx), - int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, size_t tbslen)); - -void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), - int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx)); - -void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init)(EVP_PKEY_CTX *ctx), - int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); - -void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init)(EVP_PKEY_CTX *ctx), - int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen)); - -void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init)(EVP_PKEY_CTX *ctx), - int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); - -void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), - int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); - -void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, - int (*check)(EVP_PKEY *pkey)); -void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, - int (*public_check)(EVP_PKEY *pkey)); -void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, - int (*param_check)(EVP_PKEY *pkey)); - /* Authenticated Encryption with Additional Data. * * AEAD couples confidentiality and integrity in a single primtive. AEAD @@ -1325,8 +1139,6 @@ int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t nonce_len, const unsigned char *in, size_t in_len, const unsigned char *ad, size_t ad_len); -void EVP_add_alg_module(void); - void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ diff --git a/include/openssl/gost.h b/include/openssl/gost.h deleted file mode 100644 index c7d9d25b..00000000 --- a/include/openssl/gost.h +++ /dev/null @@ -1,262 +0,0 @@ -/* $OpenBSD: gost.h,v 1.4 2022/07/12 14:42:49 kn Exp $ */ -/* - * Copyright (c) 2014 Dmitry Eremin-Solenikov - * Copyright (c) 2005-2006 Cryptocom LTD - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_GOST_H -#define HEADER_GOST_H - -#include - -#ifdef OPENSSL_NO_GOST -#error GOST is disabled. -#endif - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct gost2814789_key_st { - unsigned int key[8]; - unsigned int k87[256],k65[256],k43[256],k21[256]; - unsigned int count; - unsigned key_meshing : 1; -} GOST2814789_KEY; - -int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid); -int Gost2814789_set_key(GOST2814789_KEY *key, - const unsigned char *userKey, const int bits); -void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, - GOST2814789_KEY *key, const int enc); -void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, - size_t length, GOST2814789_KEY *key, - unsigned char *ivec, int *num, const int enc); -void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, - size_t length, GOST2814789_KEY *key, - unsigned char *ivec, unsigned char *cnt_buf, int *num); - -typedef struct { - ASN1_OCTET_STRING *iv; - ASN1_OBJECT *enc_param_set; -} GOST_CIPHER_PARAMS; - -GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void); -void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a); -GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len); -int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out); -extern const ASN1_ITEM GOST_CIPHER_PARAMS_it; - -#define GOST2814789IMIT_LENGTH 4 -#define GOST2814789IMIT_CBLOCK 8 -#define GOST2814789IMIT_LONG unsigned int - -typedef struct GOST2814789IMITstate_st { - GOST2814789IMIT_LONG Nl, Nh; - unsigned char data[GOST2814789IMIT_CBLOCK]; - unsigned int num; - - GOST2814789_KEY cipher; - unsigned char mac[GOST2814789IMIT_CBLOCK]; -} GOST2814789IMIT_CTX; - -/* Note, also removed second parameter and removed dctx->cipher setting */ -int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid); -int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len); -int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c); -void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data); -unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n, - unsigned char *md, int nid, - const unsigned char *key, const unsigned char *iv); - -#define GOSTR341194_LONG unsigned int - -#define GOSTR341194_LENGTH 32 -#define GOSTR341194_CBLOCK 32 -#define GOSTR341194_LBLOCK (GOSTR341194_CBLOCK/4) - -typedef struct GOSTR341194state_st { - GOSTR341194_LONG Nl, Nh; - GOSTR341194_LONG data[GOSTR341194_LBLOCK]; - unsigned int num; - - GOST2814789_KEY cipher; - unsigned char H[GOSTR341194_CBLOCK]; - unsigned char S[GOSTR341194_CBLOCK]; -} GOSTR341194_CTX; - -/* Note, also removed second parameter and removed dctx->cipher setting */ -int GOSTR341194_Init(GOSTR341194_CTX *c, int nid); -int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len); -int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c); -void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data); -unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid); - -#if defined(_LP64) -#define STREEBOG_LONG64 unsigned long -#define U64(C) C##UL -#else -#define STREEBOG_LONG64 unsigned long long -#define U64(C) C##ULL -#endif - -#define STREEBOG_LBLOCK 8 -#define STREEBOG_CBLOCK 64 -#define STREEBOG256_LENGTH 32 -#define STREEBOG512_LENGTH 64 - -typedef struct STREEBOGstate_st { - STREEBOG_LONG64 data[STREEBOG_LBLOCK]; - unsigned int num; - unsigned int md_len; - STREEBOG_LONG64 h[STREEBOG_LBLOCK]; - STREEBOG_LONG64 N[STREEBOG_LBLOCK]; - STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK]; -} STREEBOG_CTX; - -int STREEBOG256_Init(STREEBOG_CTX *c); -int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len); -int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c); -void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data); -unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md); - -int STREEBOG512_Init(STREEBOG_CTX *c); -int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len); -int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c); -void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data); -unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md); - -typedef struct gost_key_st GOST_KEY; -GOST_KEY *GOST_KEY_new(void); -void GOST_KEY_free(GOST_KEY * r); -int GOST_KEY_check_key(const GOST_KEY * eckey); -int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y); -const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key); -int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group); -int GOST_KEY_get_digest(const GOST_KEY * key); -int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid); -const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key); -int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key); -const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key); -int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key); -size_t GOST_KEY_get_size(const GOST_KEY * r); - -/* Gost-specific pmeth control-function parameters */ -/* For GOST R34.10 parameters */ -#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) -#define EVP_PKEY_CTRL_GOST_SIG_FORMAT (EVP_PKEY_ALG_CTRL+2) -#define EVP_PKEY_CTRL_GOST_SET_DIGEST (EVP_PKEY_ALG_CTRL+3) -#define EVP_PKEY_CTRL_GOST_GET_DIGEST (EVP_PKEY_ALG_CTRL+4) - -#define GOST_SIG_FORMAT_SR_BE 0 -#define GOST_SIG_FORMAT_RS_LE 1 - -void ERR_load_GOST_strings(void); - -/* Error codes for the GOST functions. */ - -/* Function codes. */ -#define GOST_F_DECODE_GOST01_ALGOR_PARAMS 104 -#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS 105 -#define GOST_F_GOST2001_COMPUTE_PUBLIC 106 -#define GOST_F_GOST2001_DO_SIGN 107 -#define GOST_F_GOST2001_DO_VERIFY 108 -#define GOST_F_GOST2001_KEYGEN 109 -#define GOST_F_GOST89_GET_ASN1_PARAMETERS 102 -#define GOST_F_GOST89_SET_ASN1_PARAMETERS 103 -#define GOST_F_GOST_KEY_CHECK_KEY 124 -#define GOST_F_GOST_KEY_NEW 125 -#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126 -#define GOST_F_PARAM_COPY_GOST01 110 -#define GOST_F_PARAM_DECODE_GOST01 111 -#define GOST_F_PKEY_GOST01_CTRL 116 -#define GOST_F_PKEY_GOST01_DECRYPT 112 -#define GOST_F_PKEY_GOST01_DERIVE 113 -#define GOST_F_PKEY_GOST01_ENCRYPT 114 -#define GOST_F_PKEY_GOST01_PARAMGEN 115 -#define GOST_F_PKEY_GOST01_SIGN 123 -#define GOST_F_PKEY_GOST_MAC_CTRL 100 -#define GOST_F_PKEY_GOST_MAC_KEYGEN 101 -#define GOST_F_PRIV_DECODE_GOST01 117 -#define GOST_F_PUB_DECODE_GOST01 118 -#define GOST_F_PUB_ENCODE_GOST01 119 -#define GOST_F_PUB_PRINT_GOST01 120 -#define GOST_F_UNPACK_SIGNATURE_CP 121 -#define GOST_F_UNPACK_SIGNATURE_LE 122 - -/* Reason codes. */ -#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 104 -#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 105 -#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 106 -#define GOST_R_CTRL_CALL_FAILED 107 -#define GOST_R_ERROR_COMPUTING_SHARED_KEY 108 -#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 109 -#define GOST_R_INCOMPATIBLE_ALGORITHMS 110 -#define GOST_R_INCOMPATIBLE_PEER_KEY 111 -#define GOST_R_INVALID_DIGEST_TYPE 100 -#define GOST_R_INVALID_IV_LENGTH 103 -#define GOST_R_INVALID_MAC_KEY_LENGTH 101 -#define GOST_R_KEY_IS_NOT_INITIALIZED 112 -#define GOST_R_KEY_PARAMETERS_MISSING 113 -#define GOST_R_MAC_KEY_NOT_SET 102 -#define GOST_R_NO_PARAMETERS_SET 115 -#define GOST_R_NO_PEER_KEY 116 -#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 -#define GOST_R_PUBLIC_KEY_UNDEFINED 118 -#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 -#define GOST_R_SIGNATURE_MISMATCH 121 -#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 -#define GOST_R_UKM_NOT_SET 123 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h index 9c636573..86d05544 100644 --- a/include/openssl/lhash.h +++ b/include/openssl/lhash.h @@ -1,4 +1,4 @@ -/* $OpenBSD: lhash.h,v 1.12 2014/06/12 15:49:29 deraadt Exp $ */ +/* $OpenBSD: lhash.h,v 1.14 2024/03/02 11:11:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -75,14 +75,6 @@ extern "C" { #endif -typedef struct lhash_node_st { - void *data; - struct lhash_node_st *next; -#ifndef OPENSSL_NO_HASH_COMP - unsigned long hash; -#endif -} LHASH_NODE; - typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); typedef void (*LHASH_DOALL_FN_TYPE)(void *); @@ -133,44 +125,13 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); name##_doall_arg(a, b); } #define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG -typedef struct lhash_st { - LHASH_NODE **b; - LHASH_COMP_FN_TYPE comp; - LHASH_HASH_FN_TYPE hash; - unsigned int num_nodes; - unsigned int num_alloc_nodes; - unsigned int p; - unsigned int pmax; - unsigned long up_load; /* load times 256 */ - unsigned long down_load; /* load times 256 */ - unsigned long num_items; - - unsigned long num_expands; - unsigned long num_expand_reallocs; - unsigned long num_contracts; - unsigned long num_contract_reallocs; - unsigned long num_hash_calls; - unsigned long num_comp_calls; - unsigned long num_insert; - unsigned long num_replace; - unsigned long num_delete; - unsigned long num_no_delete; - unsigned long num_retrieve; - unsigned long num_retrieve_miss; - unsigned long num_hash_comps; - - int error; -} _LHASH; /* Do not use _LHASH directly, use LHASH_OF - * and friends */ +typedef struct lhash_st _LHASH; #define LH_LOAD_MULT 256 -/* Indicates a malloc() error in the last call, this is only bad - * in lh_insert(). */ -#define lh_error(lh) ((lh)->error) - _LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); void lh_free(_LHASH *lh); +int lh_error(_LHASH *lh); void *lh_insert(_LHASH *lh, void *data); void *lh_delete(_LHASH *lh, const void *data); void *lh_retrieve(_LHASH *lh, const void *data); @@ -179,21 +140,11 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); -void lh_stats(const _LHASH *lh, FILE *out); -void lh_node_stats(const _LHASH *lh, FILE *out); -void lh_node_usage_stats(const _LHASH *lh, FILE *out); - -#ifndef OPENSSL_NO_BIO -void lh_stats_bio(const _LHASH *lh, BIO *out); -void lh_node_stats_bio(const _LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); -#endif - /* Type checking... */ #define LHASH_OF(type) struct lhash_st_##type -#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } +#define DECLARE_LHASH_OF(type) LHASH_OF(type) #define CHECKED_LHASH_OF(type,lh) \ ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) @@ -216,13 +167,6 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); #define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) #define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) -#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) -#define LHM_lh_node_stats_bio(type, lh, out) \ - lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) -#define LHM_lh_node_usage_stats_bio(type, lh, out) \ - lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) -#define LHM_lh_stats_bio(type, lh, out) \ - lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) #define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) DECLARE_LHASH_OF(OPENSSL_STRING); diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 51cd083a..789af3fe 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -899,6 +899,10 @@ #define NID_id_ct_signedTAL 1024 #define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L +#define SN_id_ct_rpkiSignedPrefixList "id-ct-rpkiSignedPrefixList" +#define NID_id_ct_rpkiSignedPrefixList 1054 +#define OBJ_id_ct_rpkiSignedPrefixList OBJ_id_smime_ct,51L + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" #define NID_id_smime_aa_receiptRequest 212 #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L @@ -1561,6 +1565,11 @@ #define NID_sbgp_autonomousSysNumv2 1007 #define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L +#define SN_acmeIdentifier "acmeIdentifier" +#define LN_acmeIdentifier "ACME Identifier" +#define NID_acmeIdentifier 1053 +#define OBJ_acmeIdentifier OBJ_id_pe,31L + #define SN_id_qt_cps "id-qt-cps" #define LN_id_qt_cps "Policy Qualifier CPS" #define NID_id_qt_cps 164 diff --git a/include/openssl/objects.h b/include/openssl/objects.h index 451545e0..1a8490bd 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -1,4 +1,4 @@ -/* $OpenBSD: objects.h,v 1.23 2023/07/28 10:25:05 tb Exp $ */ +/* $OpenBSD: objects.h,v 1.29 2024/03/02 09:51:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -71,16 +71,10 @@ #define OBJ_NAME_TYPE_UNDEF 0x00 #define OBJ_NAME_TYPE_MD_METH 0x01 #define OBJ_NAME_TYPE_CIPHER_METH 0x02 -#define OBJ_NAME_TYPE_PKEY_METH 0x03 -#define OBJ_NAME_TYPE_COMP_METH 0x04 -#define OBJ_NAME_TYPE_NUM 0x05 +#define OBJ_NAME_TYPE_NUM 0x03 #define OBJ_NAME_ALIAS 0x8000 -#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 -#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 - - #ifdef __cplusplus extern "C" { #endif @@ -89,20 +83,9 @@ typedef struct obj_name_st { int type; int alias; const char *name; - const char *data; + const void *data; } OBJ_NAME; -#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) - - -int OBJ_NAME_init(void); -int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), - int (*cmp_func)(const char *, const char *), - void (*free_func)(const char *, int, const char *)); -const char *OBJ_NAME_get(const char *name, int type); -int OBJ_NAME_add(const char *name, int type, const char *data); -int OBJ_NAME_remove(const char *name, int type); -void OBJ_NAME_cleanup(int type); /* -1 for everything */ void OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), void *arg); void OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), @@ -120,16 +103,7 @@ int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); -#if defined(LIBRESSL_INTERNAL) -const void * OBJ_bsearch_(const void *key, const void *base, int num, - int size, int (*cmp)(const void *, const void *)); -const void * OBJ_bsearch_ex_(const void *key, const void *base, int num, - int size, int (*cmp)(const void *, const void *), - int flags); -#endif - int OBJ_new_nid(int num); -int OBJ_add_object(const ASN1_OBJECT *obj); int OBJ_create(const char *oid, const char *sn, const char *ln); void OBJ_cleanup(void); int OBJ_create_objects(BIO *in); diff --git a/include/openssl/opensslfeatures.h b/include/openssl/opensslfeatures.h index b00d7cf0..43dc7388 100644 --- a/include/openssl/opensslfeatures.h +++ b/include/openssl/opensslfeatures.h @@ -1,4 +1,4 @@ -/* $OpenBSD: opensslfeatures.h,v 1.41 2023/07/28 09:53:55 tb Exp $ */ +/* $OpenBSD: opensslfeatures.h,v 1.43 2024/03/02 11:25:46 tb Exp $ */ /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are @@ -41,14 +41,19 @@ /* #define OPENSSL_NO_AUTOERRINIT */ /* #define OPENSSL_NO_AUTOLOAD_CONFIG */ /* #define OPENSSL_NO_BF */ -/* #define OPENSSL_NO_BLAKE2 */ +#define OPENSSL_NO_BLAKE2 +#define OPENSSL_NO_BROTLI +/* #define OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ /* #define OPENSSL_NO_CAMELLIA */ -/* #define OPENSSL_NO_CAPIENG */ +#define OPENSSL_NO_CAPIENG /* #define OPENSSL_NO_CAST */ /* #define OPENSSL_NO_CHACHA */ /* #define OPENSSL_NO_CMAC */ +/* #define OPENSSL_NO_CMP */ /* #define OPENSSL_NO_CMS */ -#define OPENSSL_NO_COMP /* XXX */ +#define OPENSSL_NO_COMP +/* #define OPENSSL_NO_COMP_ALG */ +/* #define OPENSSL_NO_CRMF */ /* #define OPENSSL_NO_CRYPTO_MDEBUG */ /* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */ /* #define OPENSSL_NO_CT */ @@ -72,14 +77,20 @@ #define OPENSSL_NO_EGD #define OPENSSL_NO_ENGINE /* #define OPENSSL_NO_ERR */ +/* #define OPENSSL_NO_FILENAMES */ /* #define OPENSSL_NO_FUZZ_AFL */ /* #define OPENSSL_NO_FUZZ_LIBFUZZER */ -/* #define OPENSSL_NO_GOST */ +#define OPENSSL_NO_GOST #define OPENSSL_NO_HEARTBEATS /* #define OPENSSL_NO_HW */ /* #define OPENSSL_NO_HW_PADLOCK */ /* #define OPENSSL_NO_IDEA */ /* #define OPENSSL_NO_INLINE_ASM */ +/* #define OPENSSL_NO_KEYPARAMS */ +#define OPENSSL_NO_KTLS +/* #define OPENSSL_NO_KTLS_RX */ +/* #define OPENSSL_NO_KTLS_ZC_TX */ +/* #define OPENSSL_NO_LOCALE */ #define OPENSSL_NO_MD2 /* #define OPENSSL_NO_MD4 */ /* #define OPENSSL_NO_MD5 */ @@ -88,10 +99,12 @@ /* #define OPENSSL_NO_NEXTPROTONEG */ /* #define OPENSSL_NO_OCB */ /* #define OPENSSL_NO_OCSP */ +/* #define OPENSSL_NO_PADLOCKENG */ /* #define OPENSSL_NO_PINSHARED */ /* #define OPENSSL_NO_POLY1305 */ /* #define OPENSSL_NO_POSIX_IO */ #define OPENSSL_NO_PSK +#define OPENSSL_NO_QUIC /* #define OPENSSL_NO_RC2 */ /* #define OPENSSL_NO_RC4 */ #define OPENSSL_NO_RC5 @@ -99,11 +112,12 @@ /* #define OPENSSL_NO_RFC3779 */ /* #define OPENSSL_NO_RMD160 */ /* #define OPENSSL_NO_RSA */ -/* #define OPENSSL_NO_SCRYPT */ +#define OPENSSL_NO_SCRYPT #define OPENSSL_NO_SCTP /* #define OPENSSL_NO_SECURE_MEMORY */ #define OPENSSL_NO_SEED /* #define OPENSSL_NO_SIPHASH */ +/* #define OPENSSL_NO_SIV */ /* #define OPENSSL_NO_SM2 */ /* #define OPENSSL_NO_SM3 */ /* #define OPENSSL_NO_SM4 */ @@ -115,6 +129,7 @@ #define OPENSSL_NO_SSL_TRACE /* #define OPENSSL_NO_STATIC_ENGINE */ /* #define OPENSSL_NO_STDIO */ +/* #define OPENSSL_NO_THREAD_POOL */ /* #define OPENSSL_NO_TLS */ #define OPENSSL_NO_TLS1 #define OPENSSL_NO_TLS1_1 @@ -126,8 +141,13 @@ #define OPENSSL_NO_TLS1_3 #endif /* #define OPENSSL_NO_TLS1_METHOD */ +/* #define OPENSSL_NO_TRACE */ /* #define OPENSSL_NO_TS */ /* #define OPENSSL_NO_UI_CONSOLE */ /* #define OPENSSL_NO_UNIT_TEST */ +/* #define OPENSSL_NO_UNIX_SOCK */ /* #define OPENSSL_NO_WEAK_SSL_CIPHERS */ /* #define OPENSSL_NO_WHIRLPOOL */ +/* #define OPENSSL_NO_WINSTORE */ +#define OPENSSL_NO_ZLIB +/* #define OPENSSL_NO_ZSTD */ diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index d7ce60fd..c48e717a 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD: opensslv.h,v 1.77 2023/09/20 11:42:25 tb Exp $ */ +/* $OpenBSD: opensslv.h,v 1.78 2024/03/02 11:53:30 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3080200fL +#define LIBRESSL_VERSION_NUMBER 0x3090200fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.8.2" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.9.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 4e0c5180..b1ba6051 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -91,7 +91,6 @@ typedef struct asn1_pctx_st ASN1_PCTX; #endif #endif #undef X509_NAME -#undef X509_CERT_PAIR #undef X509_EXTENSIONS #undef OCSP_REQUEST #undef OCSP_RESPONSE diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index 44dbb381..96240397 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs12.h,v 1.27 2022/09/11 17:30:13 tb Exp $ */ +/* $OpenBSD: pkcs12.h,v 1.28 2024/03/02 10:15:16 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -161,22 +161,12 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, const PKCS12 *p12); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); - const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); const STACK_OF(PKCS12_SAFEBAG) * PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2); PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen); PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, @@ -184,53 +174,19 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); -PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); + STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); - -int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen); -int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); -int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); -int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, - int namelen); int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); -ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); -unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, - int passlen, const unsigned char *in, int inlen, unsigned char **data, - int *datalen, int en_de); -void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf); -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf); -PKCS12 *PKCS12_init(int mode); -int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type); -int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type); -int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, - int en_de); -int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type); -int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); + unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); @@ -240,24 +196,12 @@ void PKCS12_free(PKCS12 *a); PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len); int i2d_PKCS12(PKCS12 *a, unsigned char **out); extern const ASN1_ITEM PKCS12_it; -PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); -void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); -PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len); -int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out); -extern const ASN1_ITEM PKCS12_MAC_DATA_it; + PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len); int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out); extern const ASN1_ITEM PKCS12_SAFEBAG_it; -PKCS12_BAGS *PKCS12_BAGS_new(void); -void PKCS12_BAGS_free(PKCS12_BAGS *a); -PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len); -int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out); -extern const ASN1_ITEM PKCS12_BAGS_it; - -extern const ASN1_ITEM PKCS12_SAFEBAGS_it; -extern const ASN1_ITEM PKCS12_AUTHSAFES_it; void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, @@ -266,13 +210,6 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype); -PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); -PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, - int key_usage, int iter, int key_nid, const char *pass); -int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int safe_nid, int iter, const char *pass); -PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); - int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); diff --git a/include/openssl/posix_time.h b/include/openssl/posix_time.h new file mode 100644 index 00000000..82b3f30b --- /dev/null +++ b/include/openssl/posix_time.h @@ -0,0 +1,54 @@ +/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */ +/* + * Copyright (c) 2022, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSL_HEADER_POSIX_TIME_H +#define OPENSSL_HEADER_POSIX_TIME_H + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must + * be in the range of year 0000 to 9999, to a broken out time value in |tm|. It + * returns one on success and zero on error. + */ +int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm); + +/* + * OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in + * |tm| to a POSIX time value in |out|. One is returned on success, zero is + * returned on failure. It is a failure if |tm| contains out of range values. + */ +int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out); + +/* + * OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to + * a time_t value in |out|. One is returned on success, zero is returned on + * failure. It is a failure if the converted time can not be represented in a + * time_t, or if the tm contains out of range values. + */ +int OPENSSL_timegm(const struct tm *tm, time_t *out); + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_POSIX_TIME_H */ diff --git a/include/openssl/rand.h b/include/openssl/rand.h index a0e9b479..d66d7157 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rand.h,v 1.23 2022/07/12 14:42:50 kn Exp $ */ +/* $OpenBSD: rand.h,v 1.24 2023/11/19 15:46:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -83,9 +83,6 @@ struct rand_meth_st { int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); -#ifndef OPENSSL_NO_ENGINE -int RAND_set_rand_engine(ENGINE *engine); -#endif RAND_METHOD *RAND_SSLeay(void); #ifndef LIBRESSL_INTERNAL diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 4f575ba9..8425a45c 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.29 2023/08/03 16:32:15 tb Exp $ */ +/* $OpenBSD: safestack.h,v 1.33 2024/03/02 11:22:48 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -84,16 +84,8 @@ #define STACK_OF(type) struct stack_st_##type #define PREDECLARE_STACK_OF(type) STACK_OF(type); -#define DECLARE_STACK_OF(type) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; -#define DECLARE_SPECIAL_STACK_OF(type, type2) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; +#define DECLARE_STACK_OF(type) STACK_OF(type); +#define DECLARE_SPECIAL_STACK_OF(type, type2) STACK_OF(type); #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ @@ -147,9 +139,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) #define SKM_sk_find(type, st, val) \ sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) -#define SKM_sk_find_ex(type, st, val) \ - sk_find_ex(CHECKED_STACK_OF(type, st), \ - CHECKED_PTR_OF(type, val)) #define SKM_sk_delete(type, st, i) \ (type *)sk_delete(CHECKED_STACK_OF(type, st), i) #define SKM_sk_delete_ptr(type, st, ptr) \ @@ -182,7 +171,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) -#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -204,7 +192,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) #define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) #define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) -#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) #define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) #define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) #define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) @@ -226,7 +213,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) -#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -248,7 +234,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) -#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -270,7 +255,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) -#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -282,28 +266,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) -#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) -#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) -#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) -#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) -#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) -#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) -#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) -#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) -#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) -#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) -#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) -#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) -#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) -#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) - #define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) @@ -314,7 +276,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) -#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -336,7 +297,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) #define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) #define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) -#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) #define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) #define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) #define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) @@ -358,7 +318,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) -#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -380,7 +339,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) -#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -402,7 +360,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) -#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) #define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) #define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) #define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) @@ -424,7 +381,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) -#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) #define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) #define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) #define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) @@ -446,7 +402,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) #define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) #define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) -#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) #define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) #define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) #define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) @@ -468,7 +423,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) #define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) #define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) -#define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) #define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) #define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) #define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) @@ -490,7 +444,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) #define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) #define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) -#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) #define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) #define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) #define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) @@ -512,7 +465,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) #define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) #define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) -#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) #define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) #define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) #define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) @@ -534,7 +486,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) #define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) #define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) -#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) #define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) #define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) #define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) @@ -556,7 +507,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) -#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -578,7 +528,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) -#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -600,7 +549,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) -#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -622,7 +570,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) -#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -644,7 +591,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val)) #define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val)) #define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val)) -#define sk_CTLOG_find_ex(st, val) SKM_sk_find_ex(CTLOG, (st), (val)) #define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i)) #define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr)) #define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i)) @@ -666,7 +612,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) -#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -688,7 +633,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) #define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) #define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) -#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) #define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) #define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) #define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) @@ -711,7 +655,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_ESS_CERT_ID_V2_push(st, val) SKM_sk_push(ESS_CERT_ID_V2, (st), (val)) #define sk_ESS_CERT_ID_V2_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID_V2, (st), (val)) #define sk_ESS_CERT_ID_V2_find(st, val) SKM_sk_find(ESS_CERT_ID_V2, (st), (val)) -#define sk_ESS_CERT_ID_V2_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID_V2, (st), (val)) #define sk_ESS_CERT_ID_V2_delete(st, i) SKM_sk_delete(ESS_CERT_ID_V2, (st), (i)) #define sk_ESS_CERT_ID_V2_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID_V2, (st), (ptr)) #define sk_ESS_CERT_ID_V2_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID_V2, (st), (val), (i)) @@ -734,7 +677,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) #define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) #define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) -#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) #define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) #define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) #define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) @@ -746,28 +688,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) #define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) -#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) -#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) -#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) -#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) -#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) -#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) -#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) -#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) -#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) -#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) -#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) -#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) -#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) -#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) -#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) -#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) - #define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) #define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) #define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) @@ -778,7 +698,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) #define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) #define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) -#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) #define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) #define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) #define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) @@ -800,7 +719,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) #define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) #define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) -#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) #define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) #define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) #define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) @@ -822,7 +740,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) -#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -844,7 +761,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) #define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) #define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) -#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) #define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) #define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) #define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) @@ -866,7 +782,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) -#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) #define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) #define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) #define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) @@ -888,7 +803,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) #define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) #define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) -#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) #define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) #define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) #define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) @@ -910,7 +824,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) #define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) #define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) -#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) #define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) #define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) #define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) @@ -932,7 +845,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) -#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -954,7 +866,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) -#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -976,7 +887,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) -#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -998,7 +908,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) -#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -1020,7 +929,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) -#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -1042,7 +950,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) #define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) #define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) -#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) #define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) #define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) #define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) @@ -1064,7 +971,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) -#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -1086,7 +992,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) -#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -1108,7 +1013,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) -#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -1130,7 +1034,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) -#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -1152,7 +1055,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) -#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -1174,7 +1076,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) -#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -1196,7 +1097,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) -#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -1218,7 +1118,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) -#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) #define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) #define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) #define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) @@ -1240,7 +1139,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) #define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) #define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) -#define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) #define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) #define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) #define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) @@ -1262,7 +1160,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) #define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) #define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) -#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) #define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) #define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) #define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) @@ -1284,7 +1181,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) -#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -1306,7 +1202,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) -#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -1328,7 +1223,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) #define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) #define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) -#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) #define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) #define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) #define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) @@ -1350,7 +1244,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) #define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) #define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) -#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) #define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) #define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) #define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) @@ -1372,7 +1265,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) #define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) #define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) -#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) #define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) #define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) #define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) @@ -1394,7 +1286,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) -#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1416,7 +1307,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) -#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1438,7 +1328,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) -#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1460,7 +1349,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) -#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1482,7 +1370,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) -#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1504,7 +1391,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) -#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1526,7 +1412,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) -#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1548,7 +1433,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) -#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1570,7 +1454,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) -#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1592,7 +1475,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) -#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1614,7 +1496,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) -#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1636,7 +1517,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) -#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1648,28 +1528,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) -#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) -#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) -#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) -#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) -#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) -#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) -#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) -#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) -#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) -#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) -#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) -#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) -#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) -#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) -#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) -#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) - #define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) @@ -1680,7 +1538,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) -#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1692,28 +1549,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) #define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) -#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) -#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) -#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) -#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) -#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) -#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) -#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) -#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) -#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) -#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) -#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) -#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) -#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) -#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) -#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) -#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) -#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) -#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) -#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) -#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) - #define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) #define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) #define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) @@ -1724,7 +1559,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) #define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) #define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) -#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) #define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) #define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) #define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) @@ -1746,7 +1580,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) #define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) #define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) -#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) #define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) #define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) #define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) @@ -1770,7 +1603,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) #define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) #define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) -#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) #define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) #define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) #define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ @@ -1794,7 +1626,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) #define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) #define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) #define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) #define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) #define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ @@ -1815,13 +1646,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) #define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) #define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) -#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) -#define lh_ADDED_OBJ_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) -#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) -#define lh_ADDED_OBJ_stats_bio(lh,out) \ - LHM_lh_stats_bio(ADDED_OBJ,lh,out) #define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) #define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) @@ -1833,13 +1657,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) #define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) #define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) -#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) -#define lh_CONF_VALUE_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(CONF_VALUE,lh,out) -#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) -#define lh_CONF_VALUE_stats_bio(lh,out) \ - LHM_lh_stats_bio(CONF_VALUE,lh,out) #define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) #define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) @@ -1851,13 +1668,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) #define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) #define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) -#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) -#define lh_ERR_STATE_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ERR_STATE,lh,out) -#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) -#define lh_ERR_STATE_stats_bio(lh,out) \ - LHM_lh_stats_bio(ERR_STATE,lh,out) #define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) #define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) @@ -1869,13 +1679,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) #define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) #define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) -#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) -#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) -#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) -#define lh_ERR_STRING_DATA_stats_bio(lh,out) \ - LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) #define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) #define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) @@ -1887,13 +1690,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) #define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) #define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) -#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) -#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) -#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) -#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ - LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) #define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) #define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) @@ -1905,13 +1701,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) #define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) #define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) -#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) -#define lh_FUNCTION_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(FUNCTION,lh,out) -#define lh_FUNCTION_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) -#define lh_FUNCTION_stats_bio(lh,out) \ - LHM_lh_stats_bio(FUNCTION,lh,out) #define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) #define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) @@ -1923,13 +1712,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) #define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) #define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) -#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) -#define lh_OBJ_NAME_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(OBJ_NAME,lh,out) -#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) -#define lh_OBJ_NAME_stats_bio(lh,out) \ - LHM_lh_stats_bio(OBJ_NAME,lh,out) #define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) #define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) @@ -1941,13 +1723,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) #define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) #define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) -#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) -#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) -#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) -#define lh_OPENSSL_STRING_stats_bio(lh,out) \ - LHM_lh_stats_bio(OPENSSL_STRING,lh,out) #define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) #define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) @@ -1959,13 +1734,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) #define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) #define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) -#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) -#define lh_SSL_SESSION_node_stats_bio(lh,out) \ - LHM_lh_node_stats_bio(SSL_SESSION,lh,out) -#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ - LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) -#define lh_SSL_SESSION_stats_bio(lh,out) \ - LHM_lh_stats_bio(SSL_SESSION,lh,out) #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index acde94c7..9a5f8d02 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.230 2022/12/26 07:31:44 jmc Exp $ */ +/* $OpenBSD: ssl.h,v 1.236 2024/03/02 11:48:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -245,7 +245,6 @@ extern "C" { #define SSL_TXT_kECDH "kECDH" #define SSL_TXT_kEECDH "kEECDH" #define SSL_TXT_kPSK "kPSK" -#define SSL_TXT_kGOST "kGOST" #define SSL_TXT_kSRP "kSRP" #define SSL_TXT_aRSA "aRSA" @@ -255,9 +254,6 @@ extern "C" { #define SSL_TXT_aKRB5 "aKRB5" #define SSL_TXT_aECDSA "aECDSA" #define SSL_TXT_aPSK "aPSK" -#define SSL_TXT_aGOST94 "aGOST94" -#define SSL_TXT_aGOST01 "aGOST01" -#define SSL_TXT_aGOST "aGOST" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" @@ -293,12 +289,8 @@ extern "C" { #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" /* same as "SHA1" */ -#define SSL_TXT_GOST94 "GOST94" -#define SSL_TXT_GOST89MAC "GOST89MAC" #define SSL_TXT_SHA256 "SHA256" #define SSL_TXT_SHA384 "SHA384" -#define SSL_TXT_STREEBOG256 "STREEBOG256" -#define SSL_TXT_STREEBOG512 "STREEBOG512" #define SSL_TXT_DTLS1 "DTLSv1" #define SSL_TXT_DTLS1_2 "DTLSv1.2" @@ -610,9 +602,6 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -#ifndef OPENSSL_NO_ENGINE -int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); -#endif void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); @@ -1069,10 +1058,6 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) #define SSL_get_peer_tmp_key(s, pk) \ SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) - -int SSL_get_signature_type_nid(const SSL *ssl, int *nid); -int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid); - #endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ #ifndef LIBRESSL_INTERNAL @@ -1137,8 +1122,6 @@ int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -const SSL_CIPHER *SSL_CIPHER_get_by_id(unsigned int id); -const SSL_CIPHER *SSL_CIPHER_get_by_value(uint16_t value); int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); const char * SSL_CIPHER_get_version(const SSL_CIPHER *c); const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); @@ -1398,8 +1381,6 @@ void SSL_set_accept_state(SSL *s); long SSL_get_default_timeout(const SSL *s); -int SSL_library_init(void ); - char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); @@ -1515,7 +1496,6 @@ int SSL_set_session_ticket_ext_cb(SSL *s, int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); -void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); /* What the "other" parameter contains in security callback */ @@ -2181,7 +2161,6 @@ void ERR_load_SSL_strings(void); #define SSL_R_NO_CLIENT_CERT_METHOD 331 #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 #define SSL_R_NO_COMPRESSION_SPECIFIED 187 -#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 #define SSL_R_NO_METHOD_SPECIFIED 188 #define SSL_R_NO_PRIVATEKEY 189 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 @@ -2355,6 +2334,7 @@ void ERR_load_SSL_strings(void); #define OPENSSL_INIT_SSL_DEFAULT _OPENSSL_INIT_FLAG_NOOP int OPENSSL_init_ssl(uint64_t opts, const void *settings); +int SSL_library_init(void); #ifdef __cplusplus } diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 6c6cc2ad..1b1110b4 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl3.h,v 1.57 2021/09/10 14:49:13 tb Exp $ */ +/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -314,21 +314,7 @@ extern "C" { #define TLS1_HB_REQUEST 1 #define TLS1_HB_RESPONSE 2 -#define SSL3_CT_RSA_SIGN 1 -#define SSL3_CT_DSS_SIGN 2 -#define SSL3_CT_RSA_FIXED_DH 3 -#define SSL3_CT_DSS_FIXED_DH 4 -#define SSL3_CT_RSA_EPHEMERAL_DH 5 -#define SSL3_CT_DSS_EPHEMERAL_DH 6 -#define SSL3_CT_FORTEZZA_DMS 20 -/* SSL3_CT_NUMBER is used to size arrays and it must be large - * enough to contain all of the cert types defined either for - * SSLv3 and TLSv1. - */ -#define SSL3_CT_NUMBER 13 - #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 -#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 #define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 #define SSL3_FLAGS_CCS_OK 0x0080 diff --git a/include/openssl/stack.h b/include/openssl/stack.h index 6bea6348..783ccb48 100644 --- a/include/openssl/stack.h +++ b/include/openssl/stack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: stack.h,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ +/* $OpenBSD: stack.h,v 1.11 2024/03/02 11:20:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,14 +63,7 @@ extern "C" { #endif -typedef struct stack_st { - int num; - char **data; - int sorted; - - int num_alloc; - int (*comp)(const void *, const void *); -} _STACK; /* Use STACK_OF(...) instead */ +typedef struct stack_st _STACK; #define M_sk_num(sk) ((sk) ? (sk)->num:-1) #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) @@ -88,7 +81,6 @@ int sk_insert(_STACK *sk, void *data, int where); void *sk_delete(_STACK *st, int loc); void *sk_delete_ptr(_STACK *st, void *p); int sk_find(_STACK *st, void *data); -int sk_find_ex(_STACK *st, void *data); int sk_push(_STACK *st, void *data); int sk_unshift(_STACK *st, void *data); void *sk_shift(_STACK *st); diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 2bdbd3c1..21666291 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.56 2022/07/17 14:39:09 jsing Exp $ */ +/* $OpenBSD: tls1.h,v 1.59 2024/03/02 11:46:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -316,6 +316,9 @@ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, const unsigned char *p, size_t plen, int use_context); +int SSL_get_signature_type_nid(const SSL *ssl, int *nid); +int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid); + #define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) @@ -737,23 +740,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" #endif -#define TLS_CT_RSA_SIGN 1 -#define TLS_CT_DSS_SIGN 2 -#define TLS_CT_RSA_FIXED_DH 3 -#define TLS_CT_DSS_FIXED_DH 4 -#define TLS_CT_GOST94_SIGN 21 -#define TLS_CT_GOST01_SIGN 22 -#define TLS_CT_ECDSA_SIGN 64 -#define TLS_CT_RSA_FIXED_ECDH 65 -#define TLS_CT_ECDSA_FIXED_ECDH 66 -#define TLS_CT_GOST12_256_SIGN 67 -#define TLS_CT_GOST12_512_SIGN 68 -#define TLS_CT_GOST12_256_SIGN_COMPAT 238 /* pre-IANA, for compat */ -#define TLS_CT_GOST12_512_SIGN_COMPAT 239 /* pre-IANA, for compat */ -/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see - * comment there) */ -#define TLS_CT_NUMBER 13 - #define TLS1_FINISH_MAC_LENGTH 12 #define TLS_MD_MAX_CONST_SIZE 20 diff --git a/include/openssl/ts.h b/include/openssl/ts.h index 0d5de622..5215fc05 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */ +/* $OpenBSD: ts.h,v 1.23 2023/11/19 15:46:10 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -542,11 +542,6 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, TS_RESP_CTX *ctx); -#ifndef OPENSSL_NO_ENGINE -int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device); -int TS_CONF_set_default_engine(const char *name); -#endif int TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, TS_RESP_CTX *ctx); int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 7980761d..e4999ccb 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.101 2023/07/28 15:50:33 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.111 2024/03/02 10:59:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -109,7 +109,6 @@ extern "C" { #endif #endif #undef X509_NAME -#undef X509_CERT_PAIR #undef X509_EXTENSIONS #endif @@ -162,25 +161,10 @@ typedef struct X509_req_info_st X509_REQ_INFO; typedef struct X509_req_st X509_REQ; -typedef struct x509_cert_aux_st X509_CERT_AUX; - typedef struct x509_cinf_st X509_CINF; DECLARE_STACK_OF(X509) -/* This is used for a table of trust checking functions */ - -typedef struct x509_trust_st { - int trust; - int flags; - int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *name; - int arg1; - void *arg2; -} X509_TRUST; - -DECLARE_STACK_OF(X509_TRUST) - /* standard trust ids */ /* OpenSSL changed this to 0 */ @@ -341,28 +325,11 @@ typedef struct Netscape_spki_st { ASN1_BIT_STRING *signature; } NETSCAPE_SPKI; -/* Password based encryption structure */ - typedef struct PBEPARAM_st { ASN1_OCTET_STRING *salt; ASN1_INTEGER *iter; } PBEPARAM; -/* Password based encryption V2 structures */ - -typedef struct PBE2PARAM_st { - X509_ALGOR *keyfunc; - X509_ALGOR *encryption; -} PBE2PARAM; - -typedef struct PBKDF2PARAM_st { - /* Usually OCTET STRING but could be anything */ - ASN1_TYPE *salt; - ASN1_INTEGER *iter; - ASN1_INTEGER *keylength; - X509_ALGOR *prf; -} PBKDF2PARAM; - #ifdef __cplusplus } #endif @@ -401,18 +368,6 @@ int X509_REQ_get_signature_nid(const X509_REQ *req); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); -void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); -X509_CRL_METHOD *X509_CRL_METHOD_new( - int (*crl_init)(X509_CRL *crl), - int (*crl_free)(X509_CRL *crl), - int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, - ASN1_INTEGER *ser, X509_NAME *issuer), - int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); -void X509_CRL_METHOD_free(X509_CRL_METHOD *m); - -void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); -void *X509_CRL_get_meth_data(X509_CRL *crl); - X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); const char *X509_verify_cert_error_string(long n); @@ -540,7 +495,6 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor); -void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); @@ -670,11 +624,6 @@ void X509_free(X509 *a); X509 *d2i_X509(X509 **a, const unsigned char **in, long len); int i2d_X509(X509 *a, unsigned char **out); extern const ASN1_ITEM X509_it; -X509_CERT_AUX *X509_CERT_AUX_new(void); -void X509_CERT_AUX_free(X509_CERT_AUX *a); -X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len); -int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); -extern const ASN1_ITEM X509_CERT_AUX_it; int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -693,8 +642,6 @@ int X509_alias_set1(X509 *x, const unsigned char *name, int len); int X509_keyid_set1(X509 *x, const unsigned char *id, int len); unsigned char *X509_alias_get0(X509 *x, int *len); unsigned char *X509_keyid_get0(X509 *x, int *len); -int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); -int X509_TRUST_set(int *t, int trust); int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); void X509_trust_clear(X509 *x); @@ -874,7 +821,6 @@ int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp,X509 *x); int X509_ocspid_print(BIO *bp,X509 *x); -int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); int X509_REQ_print(BIO *bp,X509_REQ *req); @@ -1044,35 +990,7 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, ASN1_INTEGER *serial); X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); -PBEPARAM *PBEPARAM_new(void); -void PBEPARAM_free(PBEPARAM *a); -PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len); -int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out); extern const ASN1_ITEM PBEPARAM_it; -PBE2PARAM *PBE2PARAM_new(void); -void PBE2PARAM_free(PBE2PARAM *a); -PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len); -int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out); -extern const ASN1_ITEM PBE2PARAM_it; -PBKDF2PARAM *PBKDF2PARAM_new(void); -void PBKDF2PARAM_free(PBKDF2PARAM *a); -PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len); -int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out); -extern const ASN1_ITEM PBKDF2PARAM_it; - -int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen); - -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen); -X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen); -X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid); - -X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen); /* PKCS#8 utilities */ @@ -1094,24 +1012,12 @@ const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, const unsigned char *bytes, int len); -int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen); -int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, - X509_PUBKEY *pub); +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, + void *pval, unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub); int X509_check_trust(X509 *x, int id, int flags); -int X509_TRUST_get_count(void); -X509_TRUST * X509_TRUST_get0(int idx); -int X509_TRUST_get_by_id(int id); -int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2); -void X509_TRUST_cleanup(void); -int X509_TRUST_get_flags(const X509_TRUST *xp); -char *X509_TRUST_get0_name(const X509_TRUST *xp); -int X509_TRUST_get_trust(const X509_TRUST *xp); int X509_up_ref(X509 *x); STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 1aa29abd..755a0643 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.68 2024/03/02 10:57:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -293,6 +293,7 @@ int X509_STORE_up_ref(X509_STORE *x); STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs); void *X509_STORE_get_ex_data(X509_STORE *xs, int idx); int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); @@ -362,19 +363,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); - -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); void X509_LOOKUP_free(X509_LOOKUP *ctx); -int X509_LOOKUP_init(X509_LOOKUP *ctx); -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, X509_OBJECT *ret); -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret); -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, X509_OBJECT *ret); -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); @@ -401,8 +390,6 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust); void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t); diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index f867cc38..1004f6f1 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.25 2023/06/25 18:15:21 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.29 2024/03/02 10:43:52 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -422,15 +422,7 @@ struct ISSUING_DIST_POINT_st { #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 -typedef struct x509_purpose_st { - int purpose; - int trust; /* Default trust ID */ - int flags; - int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int); - char *name; - char *sname; - void *usr_data; -} X509_PURPOSE; +typedef struct x509_purpose_st X509_PURPOSE; #define X509_PURPOSE_SSL_CLIENT 1 #define X509_PURPOSE_SSL_SERVER 2 @@ -692,10 +684,6 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); -int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); -int X509V3_EXT_add_alias(int nid_to, int nid_from); -void X509V3_EXT_cleanup(void); const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); @@ -723,20 +711,14 @@ int X509V3_extensions_print(BIO *out, const char *title, int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); -int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + int X509_PURPOSE_get_count(void); -X509_PURPOSE * X509_PURPOSE_get0(int idx); +const X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(const char *sname); -int X509_PURPOSE_get_by_id(int id); -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg); -char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); -char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); -int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); -void X509_PURPOSE_cleanup(void); +const char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +const char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); int X509_PURPOSE_get_id(const X509_PURPOSE *); uint32_t X509_get_extension_flags(X509 *x); uint32_t X509_get_key_usage(X509 *x); diff --git a/libtls.pc.in b/libtls.pc.in index d1769299..3c49391a 100644 --- a/libtls.pc.in +++ b/libtls.pc.in @@ -9,5 +9,5 @@ Name: LibreSSL-libtls Description: Secure communications using the TLS socket protocol. Version: @VERSION@ Libs: -L${libdir} -ltls -Libs.private: @LIBS@ @PLATFORM_LDADD@ +Libs.private: @LIBS@ @PLATFORM_LDADD@ -lssl -lcrypto Cflags: -I${includedir} diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4 index 4b5784b6..2cb30837 100644 --- a/m4/check-hardening-options.m4 +++ b/m4/check-hardening-options.m4 @@ -94,6 +94,11 @@ AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [ AC_SEARCH_LIBS([__stack_chk_guard],[ssp]) ]) ]) + + # Check for control-flow integrity support + AS_IF([test "x$HOST_OS" != "xdarwin"], [ + CHECK_CFLAG([[-fcf-protection=full]]) + ]) ]) # Restore CC, LD diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 index dc8d6bd7..50fb8e13 100644 --- a/m4/check-libc.m4 +++ b/m4/check-libc.m4 @@ -9,7 +9,7 @@ AC_HEADER_RESOLV # Check for general libc functions AC_CHECK_FUNCS([asprintf freezero memmem]) AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray]) -AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum]) +AC_CHECK_FUNCS([strcasecmp strlcat strlcpy strndup strnlen strsep strtonum]) AC_CHECK_FUNCS([timegm _mkgmtime timespecsub]) AC_CHECK_FUNCS([getopt getprogname syslog syslog_r]) AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [ @@ -30,6 +30,7 @@ AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes]) AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes]) AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes]) AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes]) +AM_CONDITIONAL([HAVE_STRCASECMP], [test "x$ac_cv_func_strcasecmp" = xyes]) AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes]) AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes]) AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes]) diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index c73709db..77edd14c 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -22,7 +22,7 @@ case $host_os in # Don't use arc4random on systems before 10.12 because of # weak seed on failure to open /dev/random, based on latest # public source: - # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c + # https://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c # # We use the presence of getentropy() to detect 10.12. The # following check take into account that: diff --git a/man/ASN1_STRING_TABLE_add.3 b/man/ASN1_STRING_TABLE_get.3 similarity index 58% rename from man/ASN1_STRING_TABLE_add.3 rename to man/ASN1_STRING_TABLE_get.3 index 482faa0f..2bf8831c 100644 --- a/man/ASN1_STRING_TABLE_add.3 +++ b/man/ASN1_STRING_TABLE_get.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.9 2021/12/15 20:07:51 schwarze Exp $ +.\" $OpenBSD: ASN1_STRING_TABLE_get.3,v 1.4 2023/12/21 21:23:37 tb Exp $ .\" checked up to: .\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 .\" @@ -16,38 +16,30 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 15 2021 $ -.Dt ASN1_STRING_TABLE_ADD 3 +.Dd $Mdocdate: December 21 2023 $ +.Dt ASN1_STRING_TABLE_GET 3 .Os .Sh NAME -.Nm ASN1_STRING_TABLE_add , -.Nm ASN1_STRING_TABLE_get , -.Nm ASN1_STRING_TABLE_cleanup -.Nd maintain the global ASN.1 string table +.\" .Nm ASN1_STRING_TABLE_add0 and +.\" .Nm ASN1_STRING_TABLE_cleanup are intentionally undocumented +.\" because they will be removed in the next major bump +.\" .Dv STABLE_FLAGS_MALLOC is intentionally undocumented because it is unused +.Nm ASN1_STRING_TABLE_get +.Nd retrieve an entry from the global ASN.1 string table .Sh SYNOPSIS .In openssl/asn1.h -.Ft int -.Fo ASN1_STRING_TABLE_add -.Fa "int nid" -.Fa "long minsize" -.Fa "long maxsize" -.Fa "unsigned long mask" -.Fa "unsigned long flags" -.Fc .Ft ASN1_STRING_TABLE * .Fo ASN1_STRING_TABLE_get .Fa "int nid" .Fc -.Ft void -.Fn ASN1_STRING_TABLE_cleanup void .Sh DESCRIPTION The ASN.1 string table is a unique global object. Each entry is of the type .Vt ASN1_STRING_TABLE and contains information about one NID object. -Some entries are predefined according to RFC 3280 appendix A.1. +The entries are predefined according to RFC 5280 appendix A.1. .Pp -By default, the upper bounds for the number of characters in various kinds of +The upper bounds for the number of characters in various kinds of .Vt ASN1_STRING objects are: .Pp @@ -68,58 +60,16 @@ objects are: .El .Pp The function -.Fn ASN1_STRING_TABLE_add -changes the existing entry for -.Fa nid -or, if there is none, allocates a new entry. -The fields of the entry are overwritten with the function arguments -of the same name. -If -.Fa minsize -or -.Fa maxsize -is negative or -.Fa mask -is 0, that argument is ignored and the respective field remains unchanged, -or for a new entry, it is set to \-1, \-1, 0, or -.Dv STABLE_FLAGS_MALLOC , -respectively. -.Pp -The bits set in the -.Fa flags -argument are OR'ed into the existing field rather than overwriting it. -The only useful flag is -.Dv STABLE_NO_MASK . -If it is set, -.Xr ASN1_STRING_set_by_NID 3 -skips applying the global mask that can be set with -.Xr ASN1_STRING_set_default_mask 3 . -Otherwise, the table entry only accepts types -permitted by both the global mask and the -.Fa mask -argument. -Setting -.Dv STABLE_FLAGS_MALLOC -or any other bit in the -.Fa mask -argument has no effect. -.Pp -The function .Fn ASN1_STRING_TABLE_get retrieves the entry for .Fa nid . -.Pp -The function -.Fn ASN1_STRING_TABLE_cleanup -removes and frees all entries except the predefined ones -and restores the predefined ones to their default state. +If the +.Dv STABLE_NO_MASK +flag is set, +.Xr ASN1_STRING_set_by_NID 3 +skips applying the global mask that can be set with +.Xr ASN1_STRING_set_default_mask 3 . .Sh RETURN VALUES -The -.Fn ASN1_STRING_TABLE_add -function returns 1 if successful; otherwise 0 is returned -and an error code can be retrieved with -.Xr ERR_get_error 3 . -.Pp .Fn ASN1_STRING_TABLE_get returns a valid .Vt ASN1_STRING_TABLE @@ -132,11 +82,13 @@ if nothing is found. .Xr OBJ_create 3 , .Xr OBJ_nid2obj 3 .Sh HISTORY -.Fn ASN1_STRING_TABLE_add , -.Fn ASN1_STRING_TABLE_get , -and -.Fn ASN1_STRING_TABLE_cleanup -first appeared in OpenSSL 0.9.5 and have been available since +.Fn ASN1_STRING_TABLE_get +first appeared in OpenSSL 0.9.5 and has been available since .Ox 2.7 . .Sh BUGS Most aspects of the semantics considerably differ from OpenSSL. +.Pp +.Dv ub_email_address , +which should really be called +.Dv ub_emailaddress_length , +was changed in RFC 5280 from 128 to 255 to match PKCS#9 (RFC 2985). diff --git a/man/ASN1_STRING_new.3 b/man/ASN1_STRING_new.3 index 9500b82d..19b0ca11 100644 --- a/man/ASN1_STRING_new.3 +++ b/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_STRING_new.3,v 1.25 2023/07/28 05:48:33 tb Exp $ +.\" $OpenBSD: ASN1_STRING_new.3,v 1.26 2024/03/05 18:30:40 tb Exp $ .\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400 .\" .\" Copyright (c) 2017 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 28 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt ASN1_STRING_NEW 3 .Os .Sh NAME @@ -212,7 +212,6 @@ is returned and an error code can be retrieved with .Xr ASN1_PRINTABLE_type 3 , .Xr ASN1_STRING_length 3 , .Xr ASN1_STRING_print_ex 3 , -.Xr ASN1_time_parse 3 , .Xr ASN1_TIME_set 3 , .Xr ASN1_TYPE_get 3 , .Xr ASN1_UNIVERSALSTRING_to_string 3 , diff --git a/man/ASN1_TIME_set.3 b/man/ASN1_TIME_set.3 index 4f6a9967..233cb13f 100644 --- a/man/ASN1_TIME_set.3 +++ b/man/ASN1_TIME_set.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_TIME_set.3,v 1.19 2022/11/13 22:11:44 schwarze Exp $ +.\" $OpenBSD: ASN1_TIME_set.3,v 1.23 2024/03/05 18:30:40 tb Exp $ .\" full merge up to: OpenSSL 3d0f1cb9 Jul 11 03:01:24 2017 +0800 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 13 2022 $ +.Dd $Mdocdate: March 5 2024 $ .Dt ASN1_TIME_SET 3 .Os .Sh NAME @@ -94,7 +94,11 @@ .Nm ASN1_TIME_cmp_time_t , .Nm ASN1_UTCTIME_cmp_time_t , .Nm ASN1_TIME_compare , -.Nm ASN1_TIME_to_generalizedtime +.Nm ASN1_TIME_to_generalizedtime , +.Nm OPENSSL_gmtime , +.Nm OPENSSL_timegm , +.Nm OPENSSL_posix_to_tm , +.Nm OPENSSL_tm_to_posix .Nd ASN.1 Time functions .Sh SYNOPSIS .In openssl/asn1.h @@ -217,6 +221,28 @@ .Fa "const ASN1_TIME *t" .Fa "ASN1_GENERALIZEDTIME **out" .Fc +.In openssl/crypto.h +.Ft struct tm * +.Fo OPENSSL_gmtime +.Fa "const time_t *time" +.Fa "struct tm *out_tm" +.Fc +.In openssl/posix_time.h +.Ft int +.Fo OPENSSL_timegm +.Fa "const struct tm *tm" +.Fa "time_t *out_time" +.Fc +.Ft int +.Fo OPENSSL_posix_to_tm +.Fa "int64_t time" +.Fa "struct tm *out_tm" +.Fc +.Ft int +.Fo OPENSSL_tm_to_posix +.Fa "struct tm *t_tm" +.Fa "int64_t *out" +.Fc .Sh DESCRIPTION An .Vt ASN1_TIME @@ -504,6 +530,34 @@ and functions act only on that specific time format, while the .Vt ASN1_TIME functions operate on either format. +.Pp +.Fn OPENSSL_gmtime +converts a time_t value in +.Fa time +to a struct tm in +.Fa out_tm +and also returns the struct passed in on success. +.Pp +.Fn OPENSSL_timegm +converts a time structure in UTC time in +.Fa tm +to a time_t value in +.Fa out_time . +.Pp +.Fn OPENSSL_posix_to_tm +converts an +.Vt int64_t +POSIX time value in +.Fa time , +which must be in the range of year 0 to 9999, +to a broken out time value in +.Fa tm . +.Pp +.Fn OPENSSL_tm_to_posix +converts a time value between the years 0 and 9999 in +.Fa tm +to a POSIX time value in +.Fa out . .Sh RETURN VALUES .Fn ASN1_TIME_set , .Fn ASN1_UTCTIME_set , @@ -562,6 +616,24 @@ is earlier than is later than .Fa t , or \-2 on error. +.Pp +.Fn OPENSSL_timegm +returns 1 for success or 0 for failure. +It can fail if the time is not representable in a time_t, +or falls outside the range allowed in RFC 5280 times. +.Pp +.Fn OPENSSL_gmtime +returns +.Fa out_tm +on success or NULL for failure. +It can fail if the time is not representable in a struct tm, +or falls outside the range allowed in RFC 5280 times. +.Pp +.Fn OPENSSL_posix_to_tm +and +.Fn OPENSSL_tm_to_posix +return 1 for success or 0 on failure. +It is a failure if the year is less than 0 or more than 9999. .Sh EXAMPLES Set a time object to one hour after the current time and print it out: @@ -587,7 +659,6 @@ BIO_free(b); .Ed .Sh SEE ALSO .Xr ASN1_TIME_new 3 , -.Xr ASN1_time_parse 3 , .Xr X509_cmp_time 3 .Sh STANDARDS The usage of the ASN.1 @@ -651,6 +722,16 @@ and .Fn ASN1_TIME_compare first appeared in OpenSSL 1.1.1 and have been available since .Ox 7.2 . +.Pp +.Fn OPENSSL_gmtime +first appeared in OpenSSL 0.9.7. +.Fn OPENSSL_timegm , +.Fn OPENSSL_posix_to_tm , +and +.Fn OPENSSL_tm_to_posix +first appeared in BoringSSL; +all these functions have been available since +.Ox 7.5 . .Sh CAVEATS Some applications add offset times directly to a .Vt time_t diff --git a/man/ASN1_TYPE_get.3 b/man/ASN1_TYPE_get.3 index 03b41f8f..16af168d 100644 --- a/man/ASN1_TYPE_get.3 +++ b/man/ASN1_TYPE_get.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASN1_TYPE_get.3,v 1.18 2022/01/12 17:54:51 tb Exp $ +.\" $OpenBSD: ASN1_TYPE_get.3,v 1.19 2023/10/09 16:06:01 tb Exp $ .\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 12 2022 $ +.Dd $Mdocdate: October 9 2023 $ .Dt ASN1_TYPE_GET 3 .Os .Sh NAME @@ -148,7 +148,8 @@ It also remembers internally which type it currently holds. .Fn ASN1_TYPE_new allocates and initializes an empty .Vt ASN1_TYPE -object of undefined type. +object of type +.Dv V_ASN1_UNDEF . .Pp .Fn ASN1_TYPE_free frees diff --git a/man/ASN1_time_parse.3 b/man/ASN1_time_parse.3 deleted file mode 100644 index 6ec45e5d..00000000 --- a/man/ASN1_time_parse.3 +++ /dev/null @@ -1,141 +0,0 @@ -.\" $OpenBSD: ASN1_time_parse.3,v 1.9 2020/11/02 17:45:35 tb Exp $ -.\" -.\" Copyright (c) 2016 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 2 2020 $ -.Dt ASN1_TIME_PARSE 3 -.Os -.Sh NAME -.Nm ASN1_time_parse , -.Nm ASN1_time_tm_cmp , -.Nm ASN1_TIME_set_tm -.Nd LibreSSL utilities for ASN.1 time types -.Sh SYNOPSIS -.In openssl/asn1.h -.Ft int -.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode" -.Ft int -.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2" -.Ft ASN1_TIME * -.Fn ASN1_TIME_set_tm "ASN1_TIME *s" "struct tm *tm" -.Sh DESCRIPTION -The -.Fn ASN1_time_parse -function parses an ASN.1 time string of -.Ar len -bytes starting at -.Ar bytes . -The resulting time is stored in -.Ar tm -if -.Ar tm -is not -.Dv NULL . -.Pp -The -.Ar mode -parameter must be one of -.Bl -bullet -offset four -.It -0 to parse a time as specified in RFC 5280 for an X509 object, -which may be either a UTC time or a Generalized time. -.It -.Dv V_ASN1_UTCTIME -to parse an RFC 5280 format UTC time. -.It -.Dv V_ASN1_GENERALIZEDTIME -to parse an RFC 5280 format Generalized time. -.El -.Pp -The -.Fn ASN1_time_tm_cmp -function compares two times in -.Ar tm1 -and -.Ar tm2 . -.Pp -The function -.Fn ASN1_TIME_set_tm -sets the -.Vt ASN1_TIME -structure -.Fa s -to the time represented by the -.Vt struct tm -value pointed to by -.Fa tm . -If -.Fa s -is -.Dv NULL , -a new -.Vt ASN1_TIME -structure is allocated and returned. -.Sh RETURN VALUES -.Fn ASN1_time_parse -returns -.Bl -bullet -offset four -.It --1 if the string was invalid for the -.Ar mode -specified. -.It -.Dv V_ASN1_UTCTIME -if the string parsed as a valid UTC time. -.It -.Dv V_ASN1_GENERALIZEDTIME -if the string parsed as a valid Generalized time. -.El -.Pp -.Fn ASN1_time_tm_cmp -returns -.Bl -bullet -offset four -.It --1 if -.Ar tm1 -is less than -.Ar tm2 . -.It -1 if -.Ar tm1 -is greater than -.Ar tm2 . -.It -0 if -.Ar tm1 -is the same as -.Ar tm2 . -.El -.Pp -.Fn ASN1_TIME_set_tm -returns a pointer to an -.Vt ASN1_TIME -structure or -.Dv NULL -if an error occurred. -.Sh SEE ALSO -.Xr ASN1_TIME_new 3 , -.Xr ASN1_TIME_set 3 , -.Xr X509_cmp_time 3 -.Sh HISTORY -.Fn ASN1_time_parse -and -.Fn ASN1_time_tm_cmp -first appeared in -.Ox 6.1 -and -.Fn ASN1_TIME_set_tm -in -.Ox 6.2 . diff --git a/man/ASRange_new.3 b/man/ASRange_new.3 index 5d92a375..dc58c98e 100644 --- a/man/ASRange_new.3 +++ b/man/ASRange_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ASRange_new.3,v 1.7 2023/10/01 05:20:41 tb Exp $ +.\" $OpenBSD: ASRange_new.3,v 1.8 2023/10/11 12:06:11 tb Exp $ .\" .\" Copyright (c) 2023 Theo Buehler .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 1 2023 $ +.Dd $Mdocdate: October 11 2023 $ .Dt ASRANGE_NEW 3 .Os .Sh NAME @@ -92,16 +92,10 @@ All .Vt ASN1_INTEGER Ns s in this manual must be representable as unsigned 32-bit integers. The API performs no corresponding checks. -The library provides no convenient way of setting the value of an +An .Vt ASN1_INTEGER -directly. -A detour via a -.Vt BIGNUM -or a string is unavoidable. -To retrieve the value of an -.Vt ASN1_INTEGER , -use -.Xr ASN1_INTEGER_get_uint64 3 . +can be set using +.Xr ASN1_INTEGER_set_uint64 3 . .Pp The .Vt ASRange @@ -353,8 +347,7 @@ return the number of bytes successfully encoded or a value <= 0 if an error occurs. .Sh SEE ALSO .Xr ASIdentifiers_new 3 , -.Xr BN_set_word 3 , -.Xr BN_to_ASN1_INTEGER 3 , +.Xr ASN1_INTEGER_set_uint64 3 , .Xr crypto 3 , .Xr IPAddressRange_new 3 , .Xr s2i_ASN1_INTEGER 3 , diff --git a/man/BIO_ctrl.3 b/man/BIO_ctrl.3 index d4515ea9..2c537956 100644 --- a/man/BIO_ctrl.3 +++ b/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_ctrl.3,v 1.24 2023/07/26 20:01:04 tb Exp $ +.\" $OpenBSD: BIO_ctrl.3,v 1.25 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 24a535eaf Tue Sep 22 13:14:20 2020 +0100 .\" selective merge up to: OpenSSL 0c5bc96f Tue Mar 15 13:57:22 2022 +0000 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 26 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_CTRL 3 .Os .Sh NAME @@ -307,11 +307,6 @@ and return a .Vt size_t type and are functions. -.Fn BIO_pending -and -.Fn BIO_wpending -are macros which call -.Fn BIO_ctrl . .Pp .Fn BIO_set_info_callback installs the function pointer diff --git a/man/BIO_f_ssl.3 b/man/BIO_f_ssl.3 index ed268167..3b74a3d6 100644 --- a/man/BIO_f_ssl.3 +++ b/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_f_ssl.3,v 1.14 2023/04/11 16:58:43 schwarze Exp $ +.\" $OpenBSD: BIO_f_ssl.3,v 1.16 2024/01/13 18:37:51 tb Exp $ .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 11 2023 $ +.Dd $Mdocdate: January 13 2024 $ .Dt BIO_F_SSL 3 .Os .Sh NAME @@ -491,12 +491,6 @@ char tmpbuf[1024]; SSL_CTX *ctx; SSL *ssl; -ERR_load_crypto_strings(); -ERR_load_SSL_strings(); -OpenSSL_add_all_algorithms(); - -/* Might seed PRNG here */ - ctx = SSL_CTX_new(SSLv23_server_method()); if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) @@ -613,20 +607,3 @@ and first appeared in SSLeay 0.9.0. All these functions have been available since .Ox 2.4 . -.Pp -In OpenSSL versions before 1.0.0 the -.Xr BIO_pop 3 -call was handled incorrectly: -the I/O BIO reference count was incorrectly incremented (instead of -decremented) and dissociated with the -.Vt SSL -.Vt BIO -even if the -.Vt SSL -.Vt BIO -was not -explicitly being popped (e.g., a pop higher up the chain). -Applications which included workarounds for this bug (e.g., freeing BIOs more -than once) should be modified to handle this fix or they may free up an already -freed -.Vt BIO . diff --git a/man/BIO_get_data.3 b/man/BIO_get_data.3 index b4b0014d..63750ac3 100644 --- a/man/BIO_get_data.3 +++ b/man/BIO_get_data.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_get_data.3,v 1.7 2022/12/19 14:40:14 schwarze Exp $ +.\" $OpenBSD: BIO_get_data.3,v 1.8 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 19 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_GET_DATA 3 .Os .Sh NAME @@ -204,7 +204,7 @@ Application programs usually call macros like those documented in rather than calling .Fn BIO_test_flags directly. -Flag bits correspond to accessor functions as follows: +Flag bits correspond to accessor macros as follows: .Pp .Bl -tag -width BIO_FLAGS_SHOULD_RETRY -compact .It Dv BIO_FLAGS_READ @@ -319,6 +319,15 @@ object, call and .Xr BIO_get_close 3 instead. +.Pp +.Fn BIO_get_flags , +.Fn BIO_set_retry_read , +.Fn BIO_set_retry_write , +.Fn BIO_set_retry_special , +.Fn BIO_clear_retry_flags , +and +.Fn BIO_get_retry_flags +are implemented as macros. .Sh RETURN VALUES .Fn BIO_get_data returns a pointer to the implementation specific custom data associated diff --git a/man/BIO_get_ex_new_index.3 b/man/BIO_get_ex_new_index.3 index 69f0ffc4..54d00775 100644 --- a/man/BIO_get_ex_new_index.3 +++ b/man/BIO_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.14 2023/07/21 04:39:49 tb Exp $ +.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.17 2023/11/19 10:26:36 tb Exp $ .\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 .\" .\" This file was written by Rich Salz . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 21 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt BIO_GET_EX_NEW_INDEX 3 .Os .Sh NAME @@ -57,9 +57,6 @@ .Nm BIO_get_ex_data , .Nm BIO_set_app_data , .Nm BIO_get_app_data , -.Nm ENGINE_get_ex_new_index , -.Nm ENGINE_set_ex_data , -.Nm ENGINE_get_ex_data , .Nm UI_get_ex_new_index , .Nm UI_set_ex_data , .Nm UI_get_ex_data , @@ -72,7 +69,6 @@ .Nd application-specific data .Sh SYNOPSIS .In openssl/bio.h -.In openssl/engine.h .In openssl/ui.h .In openssl/x509.h .In openssl/ec.h @@ -126,21 +122,21 @@ with the correct index value. .Fn TYPE_set_ex_data is a function that calls .Xr CRYPTO_set_ex_data 3 -with an offset into the opaque exdata part of the +with an offset into the opaque ex_data part of the .Vt TYPE object. .Pp .Fn TYPE_get_ex_data is a function that calls .Xr CRYPTO_get_ex_data 3 -with an offset into the opaque exdata part of the +with an offset into the opaque ex_data part of the .Vt TYPE object. .Pp .Fn TYPE_set_app_data and .Fn TYPE_get_app_data -are deprecated wrappers that call +are deprecated wrapper macros that call .Fn TYPE_set_ex_data and .Fn TYPE_get_ex_data @@ -187,9 +183,6 @@ and first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . .Pp -.Fn ENGINE_get_ex_new_index , -.Fn ENGINE_set_ex_data , -.Fn ENGINE_get_ex_data , .Fn UI_get_ex_new_index , .Fn UI_set_ex_data , and diff --git a/man/BIO_printf.3 b/man/BIO_printf.3 index 838b771b..32dec0a8 100644 --- a/man/BIO_printf.3 +++ b/man/BIO_printf.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_printf.3,v 1.3 2018/03/22 17:11:04 schwarze Exp $ +.\" $OpenBSD: BIO_printf.3,v 1.4 2024/03/02 09:18:28 tb Exp $ .\" OpenSSL 2ca2e917 Mon Mar 20 16:25:22 2017 -0400 .\" .\" Copyright (c) 2017 Ingo Schwarze @@ -15,14 +15,11 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 22 2018 $ +.Dd $Mdocdate: March 2 2024 $ .Dt BIO_PRINTF 3 .Os .Sh NAME -.Nm BIO_printf , -.Nm BIO_vprintf , -.Nm BIO_snprintf , -.Nm BIO_vsnprintf +.Nm BIO_printf .Nd formatted output to a BIO .Sh SYNOPSIS .In openssl/bio.h @@ -32,66 +29,18 @@ .Fa "const char *format" .Fa ... .Fc -.Ft int -.Fo BIO_vprintf -.Fa "BIO *bio" -.Fa "const char *format" -.Fa "va_list args" -.Fc -.Ft int -.Fo BIO_snprintf -.Fa "char *buf" -.Fa "size_t n" -.Fa "const char *format" -.Fa ... -.Fc -.Ft int -.Fo BIO_vsnprintf -.Fa "char *buf" -.Fa "size_t n" -.Fa "const char *format" -.Fa "va_list args" -.Fc .Sh DESCRIPTION -.Fn BIO_vprintf +.Fn BIO_printf is a wrapper around .Xr vfprintf 3 , sending the output to the specified .Fa bio . -.Pp -.Fn BIO_printf -is a wrapper around -.Fn BIO_vprintf . -.Pp -.Fn BIO_snprintf -and -.Fn BIO_vsnprintf -are wrappers around -.Xr vsnprintf 3 . .Sh RETURN VALUES These functions return the number of bytes written, or -1 if an error occurs. -.Pp -In contrast to -.Xr snprintf 3 -and -.Xr vsnprintf 3 , -.Fn BIO_snprintf -and -.Fn BIO_vsnprintf -also return -1 if -.Fa n -is too small to hold the complete output. .Sh SEE ALSO .Xr BIO_new 3 .Sh HISTORY .Fn BIO_printf first appeared in SSLeay 0.6.5 and has been available since .Ox 2.4 . -.Pp -.Fn BIO_vprintf , -.Fn BIO_snprintf , -and -.Fn BIO_vsnprintf -first appeared in OpenSSL 0.9.6 and have been available since -.Ox 2.9 . diff --git a/man/BIO_s_fd.3 b/man/BIO_s_fd.3 index de5d5d70..852a0675 100644 --- a/man/BIO_s_fd.3 +++ b/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_fd.3,v 1.12 2023/04/29 12:04:54 schwarze Exp $ +.\" $OpenBSD: BIO_s_fd.3,v 1.13 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_FD 3 .Os .Sh NAME @@ -147,7 +147,6 @@ to .Fa fd and the close flag to .Fa close_flag . -It is currently implemented as a macro. .Pp .Fn BIO_get_fd places the file descriptor in @@ -155,7 +154,6 @@ places the file descriptor in if it is not .Dv NULL and also returns the file descriptor. -It is currently implemented as a macro. .Pp .Fn BIO_new_fd returns a file descriptor BIO using diff --git a/man/BIO_s_file.3 b/man/BIO_s_file.3 index 7b589031..14950cad 100644 --- a/man/BIO_s_file.3 +++ b/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_file.3,v 1.16 2023/05/01 07:04:38 jsg Exp $ +.\" $OpenBSD: BIO_s_file.3,v 1.17 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_FILE 3 .Os .Sh NAME @@ -196,14 +196,12 @@ sets the file pointer of a file BIO to .Fa flags has the same meaning as in .Fn BIO_new_fp . -.Fn BIO_set_fp -is a macro. .Pp .Fn BIO_get_fp -retrieves the file pointer of a file BIO, it is a macro. +retrieves the file pointer of a file BIO. .Pp .Xr BIO_seek 3 -is a macro that sets the position pointer to +sets the position pointer to .Fa offset bytes from the start of file. .Pp diff --git a/man/BIO_s_mem.3 b/man/BIO_s_mem.3 index 475cd886..d7bbf6af 100644 --- a/man/BIO_s_mem.3 +++ b/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BIO_s_mem.3,v 1.18 2023/04/29 12:04:54 schwarze Exp $ +.\" $OpenBSD: BIO_s_mem.3,v 1.19 2023/11/16 20:19:23 schwarze Exp $ .\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000 .\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 29 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BIO_S_MEM 3 .Os .Sh NAME @@ -158,7 +158,6 @@ sets .Pf * Fa pp to a pointer to the start of the memory BIO's data and returns the total amount of data available. -It is implemented as a macro. .Pp .Fn BIO_set_mem_buf sets the internal BUF_MEM structure to @@ -171,15 +170,12 @@ should be either .Dv BIO_CLOSE or .Dv BIO_NOCLOSE . -.Fn BIO_set_mem_buf -is a macro. .Pp .Fn BIO_get_mem_ptr places the underlying .Vt BUF_MEM structure in .Pf * Fa pp . -It is a macro. .Pp .Fn BIO_new_mem_buf creates a memory BIO using diff --git a/man/BN_generate_prime.3 b/man/BN_generate_prime.3 index a7551390..d9144155 100644 --- a/man/BN_generate_prime.3 +++ b/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_generate_prime.3,v 1.24 2023/05/12 08:18:13 jsg Exp $ +.\" $OpenBSD: BN_generate_prime.3,v 1.25 2023/12/29 19:12:46 tb Exp $ .\" full merge up to: OpenSSL f987a4dd Jun 27 10:12:08 2019 +0200 .\" .\" This file is a derived work. @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 12 2023 $ +.Dd $Mdocdate: December 29 2023 $ .Dt BN_GENERATE_PRIME 3 .Os .Sh NAME @@ -354,7 +354,7 @@ In some cases, error codes can be obtained by .Sh SEE ALSO .Xr BN_new 3 , .Xr DH_generate_parameters 3 , -.Xr DSA_generate_parameters 3 , +.Xr DSA_generate_parameters_ex 3 , .Xr RSA_generate_key 3 .Sh HISTORY .Fn BN_generate_prime_ex , diff --git a/man/BN_mod_inverse.3 b/man/BN_mod_inverse.3 index 788f66fb..d0a4b458 100644 --- a/man/BN_mod_inverse.3 +++ b/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BN_mod_inverse.3,v 1.11 2021/11/30 18:34:35 tb Exp $ +.\" $OpenBSD: BN_mod_inverse.3,v 1.13 2023/10/21 13:53:43 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,19 +48,19 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 30 2021 $ +.Dd $Mdocdate: October 21 2023 $ .Dt BN_MOD_INVERSE 3 .Os .Sh NAME .Nm BN_mod_inverse -.Nd compute inverse modulo n +.Nd compute inverse modulo m .Sh SYNOPSIS .In openssl/bn.h .Ft BIGNUM * .Fo BN_mod_inverse .Fa "BIGNUM *r" .Fa "const BIGNUM *a" -.Fa "const BIGNUM *n" +.Fa "const BIGNUM *m" .Fa "BN_CTX *ctx" .Fc .Sh DESCRIPTION @@ -68,24 +68,27 @@ computes the inverse of .Fa a modulo -.Fa n +.Fa m and places the result in +.Fa r , +so that .Fa r -.Pq Li (a*r)%n==1 . +satisfies +.Li a * r == 1 (mod m) . If .Fa r is .Dv NULL , a new .Vt BIGNUM -is created. +is allocated. .Pp If the flag .Dv BN_FLG_CONSTTIME is set on .Fa a or -.Fa n , +.Fa m , it operates in constant time. .Pp .Fa ctx @@ -98,7 +101,7 @@ may be the same as .Fa a or -.Fa n . +.Fa m . .Sh RETURN VALUES .Fn BN_mod_inverse returns the diff --git a/man/CMAC_Init.3 b/man/CMAC_Init.3 index a938c0db..f4143cf4 100644 --- a/man/CMAC_Init.3 +++ b/man/CMAC_Init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMAC_Init.3,v 1.4 2020/08/06 22:17:49 schwarze Exp $ +.\" $OpenBSD: CMAC_Init.3,v 1.6 2024/03/02 09:30:21 tb Exp $ .\" .\" Copyright (c) 2020 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 6 2020 $ +.Dd $Mdocdate: March 2 2024 $ .Dt CMAC_INIT 3 .Os .Sh NAME @@ -22,7 +22,6 @@ .Nm CMAC_Init , .Nm CMAC_Update , .Nm CMAC_Final , -.Nm CMAC_resume , .Nm CMAC_CTX_copy , .Nm CMAC_CTX_get0_cipher_ctx , .Nm CMAC_CTX_cleanup , @@ -38,7 +37,7 @@ .Fa "const void *key" .Fa "size_t key_len" .Fa "const EVP_CIPHER *cipher" -.Fa "ENGINE *impl" +.Fa "ENGINE *engine" .Fc .Ft int .Fo CMAC_Update @@ -52,13 +51,6 @@ .Fa "unsigned char *out_mac" .Fa "size_t *out_len" .Fc -.Ft int -.Fn CMAC_resume "CMAC_CTX *ctx" -.Ft int -.Fo CMAC_CTX_copy -.Fa "CMAC_CTX *out_ctx" -.Fa "CMAC_CTX *in_ctx" -.Fc .Ft EVP_CIPHER_CTX * .Fn CMAC_CTX_get0_cipher_ctx "CMAC_CTX *ctx" .Ft void @@ -127,22 +119,21 @@ and initializes .Fa ctx for subsequently feeding in data with .Fn CMAC_Update . -To use the default cipher implementations provided by the library, pass +The +.Fa engine +argument is ignored; passing .Dv NULL -as the -.Fa impl -argument. +is recommended. .Pp If .Fa ctx is already initialized, .Fn CMAC_Init can be called again with -.Fa key , -.Fa cipher , +.Fa key and -.Fa impl -all set to +.Fa cipher +both set to .Dv NULL and .Fa key_len @@ -184,19 +175,6 @@ resulting message authentication code to .Fa out_mac . The caller is responsible for providing a buffer of sufficient size. .Pp -Calling -.Fn CMAC_resume -after -.Fn CMAC_Final -allows the user to subsequently append additional data with -.Fn CMAC_Update . -Otherwise, unless -.Fn CMAC_Init -is called to start from scratch, -.Fn CMAC_Update -can no longer be used after -.Fn CMAC_Final . -.Pp .Fn CMAC_CTX_copy performs a deep copy of the already initialized .Fa in_ctx @@ -236,7 +214,6 @@ It succeeds unless memory is exhausted. .Fn CMAC_Init , .Fn CMAC_Update , .Fn CMAC_Final , -.Fn CMAC_resume , and .Fn CMAC_CTX_copy return 1 on success or 0 on failure. diff --git a/man/CMS_ContentInfo_new.3 b/man/CMS_ContentInfo_new.3 index ff641794..d5117fa4 100644 --- a/man/CMS_ContentInfo_new.3 +++ b/man/CMS_ContentInfo_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_ContentInfo_new.3,v 1.3 2019/11/02 15:39:46 schwarze Exp $ +.\" $OpenBSD: CMS_ContentInfo_new.3,v 1.4 2024/01/22 14:00:13 tb Exp $ .\" Copyright (c) 2019 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 2 2019 $ +.Dd $Mdocdate: January 22 2024 $ .Dt CMS_CONTENTINFO_NEW 3 .Os .Sh NAME @@ -104,6 +104,7 @@ if an error occurs. .Xr CMS_get1_ReceiptRequest 3 , .Xr CMS_sign 3 , .Xr CMS_sign_receipt 3 , +.Xr CMS_signed_add1_attr 3 , .Xr CMS_uncompress 3 , .Xr CMS_verify 3 , .Xr CMS_verify_receipt 3 , diff --git a/man/CMS_get0_SignerInfos.3 b/man/CMS_get0_SignerInfos.3 index 0be92d80..017fdd40 100644 --- a/man/CMS_get0_SignerInfos.3 +++ b/man/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CMS_get0_SignerInfos.3,v 1.8 2023/07/26 19:30:43 tb Exp $ +.\" $OpenBSD: CMS_get0_SignerInfos.3,v 1.9 2024/01/22 14:00:13 tb Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 26 2023 $ +.Dd $Mdocdate: January 22 2024 $ .Dt CMS_GET0_SIGNERINFOS 3 .Os .Sh NAME @@ -187,6 +187,7 @@ Any error can be obtained from .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr CMS_ContentInfo_new 3 , +.Xr CMS_signed_add1_attr 3 , .Xr CMS_verify 3 .Sh STANDARDS RFC 5652: Cryptographic Message Syntax (CMS) diff --git a/man/CMS_signed_add1_attr.3 b/man/CMS_signed_add1_attr.3 new file mode 100644 index 00000000..4246ca2c --- /dev/null +++ b/man/CMS_signed_add1_attr.3 @@ -0,0 +1,371 @@ +.\" $OpenBSD: CMS_signed_add1_attr.3,v 1.3 2024/01/22 14:00:13 tb Exp $ +.\" +.\" Copyright (c) 2024 Job Snijders +.\" Copyright (c) 2024 Theo Buehler +.\" Copyright (c) 2021 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 22 2024 $ +.Dt CMS_SIGNED_ADD1_ATTR 3 +.Os +.Sh NAME +.Nm CMS_signed_add1_attr , +.Nm CMS_signed_add1_attr_by_NID , +.Nm CMS_signed_add1_attr_by_OBJ , +.Nm CMS_signed_add1_attr_by_txt , +.Nm CMS_signed_delete_attr , +.Nm CMS_signed_get0_data_by_OBJ , +.Nm CMS_signed_get_attr , +.Nm CMS_signed_get_attr_by_NID , +.Nm CMS_signed_get_attr_by_OBJ , +.Nm CMS_signed_get_attr_count , +.Nm CMS_unsigned_add1_attr , +.Nm CMS_unsigned_add1_attr_by_NID , +.Nm CMS_unsigned_add1_attr_by_OBJ , +.Nm CMS_unsigned_add1_attr_by_txt , +.Nm CMS_unsigned_delete_attr , +.Nm CMS_unsigned_get0_data_by_OBJ , +.Nm CMS_unsigned_get_attr , +.Nm CMS_unsigned_get_attr_by_NID , +.Nm CMS_unsigned_get_attr_by_OBJ , +.Nm CMS_unsigned_get_attr_count +.Nd change signed and unsigned attributes of a CMS SignerInfo object +.Sh SYNOPSIS +.In openssl/cms.h +.Ft int +.Fo CMS_signed_add1_attr +.Fa "CMS_SignerInfo *si" +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft int +.Fo CMS_signed_add1_attr_by_NID +.Fa "CMS_SignerInfo *si" +.Fa "int nid" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft int +.Fo CMS_signed_add1_attr_by_OBJ +.Fa "CMS_SignerInfo *si" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft int +.Fo CMS_signed_add1_attr_by_txt +.Fa "CMS_SignerInfo *si" +.Fa "const char *attrname" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft "X509_ATTRIBUTE *" +.Fo CMS_signed_delete_attr +.Fa "CMS_SignerInfo *si" +.Fa "int loc" +.Fc +.Ft "void *" +.Fo CMS_signed_get0_data_by_OBJ +.Fa "CMS_SignerInfo *si" +.Fa "const ASN1_OBJECT *oid" +.Fa "int lastpos" +.Fa "int type" +.Fc +.Ft "X509_ATTRIBUTE *" +.Fo CMS_signed_get_attr +.Fa "const CMS_SignerInfo *si" +.Fa "int loc" +.Fc +.Ft int +.Fo CMS_signed_get_attr_by_NID +.Fa "const CMS_SignerInfo *si" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo CMS_signed_get_attr_by_OBJ +.Fa "const CMS_SignerInfo *si" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo CMS_signed_get_attr_count +.Fa "const CMS_SignerInfo *si" +.Fc +.Ft int +.Fo CMS_unsigned_add1_attr +.Fa "CMS_SignerInfo *si" +.Fa "X509_ATTRIBUTE *attr" +.Fc +.Ft int +.Fo CMS_unsigned_add1_attr_by_NID +.Fa "CMS_SignerInfo *si" +.Fa "int nid" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft int +.Fo CMS_unsigned_add1_attr_by_OBJ +.Fa "CMS_SignerInfo *si" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft int +.Fo CMS_unsigned_add1_attr_by_txt +.Fa "CMS_SignerInfo *si" +.Fa "const char *attrname" +.Fa "int type" +.Fa "const void *bytes" +.Fa "int len" +.Fc +.Ft "X509_ATTRIBUTE *" +.Fo CMS_unsigned_delete_attr +.Fa "CMS_SignerInfo *si" +.Fa "int loc" +.Fc +.Ft "void *" +.Fo CMS_unsigned_get0_data_by_OBJ +.Fa "CMS_SignerInfo *si" +.Fa "ASN1_OBJECT *oid" +.Fa "int lastpos" +.Fa "int type" +.Fc +.Ft "X509_ATTRIBUTE *" +.Fo CMS_unsigned_get_attr +.Fa "const CMS_SignerInfo *si" +.Fa "int loc" +.Fc +.Ft int +.Fo CMS_unsigned_get_attr_by_NID +.Fa "const CMS_SignerInfo *si" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo CMS_unsigned_get_attr_by_OBJ +.Fa "const CMS_SignerInfo *si" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo CMS_unsigned_get_attr_count +.Fa "const CMS_SignerInfo *si" +.Fc +.Sh DESCRIPTION +A +.Em CMS_SignerInfo +object has two optional sets of X.501 attributes: +a set of signed attributes in the +.Fa signedAttrs +array and a set of unsigned attributes in the +.Fa unsignedAttrs +array. +The functions in this manual are wrappers of the +.Fn X509at_* +functions. +All arguments except +.Fa si +are passed to +.Fn X509at_* . +The +.Fn CMS_signed_* +and +.Fn CMS_unsigned_* +functions are similar, except +.Fn CMS_signed_* +calls +.Fn X509at_* +with the +.Em CMS_SignerInfo +object's set of signed attributes and +.Fn CMS_unsigned_* +calls +.Fn X509at_* +with the +.Em CMS_SignerInfo +object's set of unsigned attributes. +For brevity only the +.Fn CMS_signed_* +functions are described below. +.Pp +.Fn CMS_signed_add1_attr +appends a deep copy of +.Fa attr +to the +.Fa signedAttrs +array of +.Fa si , +allocating a new array if necessary. +.Pp +.Fn CMS_signed_add1_attr_by_NID , +.Fn CMS_signed_add1_attr_by_OBJ , +and +.Fn CMS_signed_add1_attr_by_txt +create a new X.501 Attribute object using +.Xr X509at_add1_attr_by_NID 3 , +.Xr X509at_add1_attr_by_OBJ 3 , +and +.Xr X509at_add1_attr_by_txt 3 , +and append it to the +.Fa signedAttrs +array of +.Fa si . +.Pp +.Fn CMS_signed_delete_attr +deletes the element with the zero-based +.Fa loc +in +.Fa signedAttrs +of +.Fa si . +.Pp +.Fn CMS_signed_get0_data_by_OBJ , +.Fn CMS_signed_get_attr_by_NID , +and +.Fn CMS_signed_get_attr_by_OBJ +search the array starting after the index +.Fa lastpos . +They fail if no matching object is found. +.Fn CMS_signed_get0_data_by_OBJ +also fails if the data is not of the requested +.Fa type . +.Pp +Additionally, the +.Fa lastpos +argument of +.Fn CMS_signed_get0_data_by_OBJ +is interpreted in a special way. +If +.Fa lastpos +is \-2 or smaller, the function also fails if the +.Fa signedAttrs +array of +.Fa si , +contains more than one matching object. +If +.Fa lastpos +is \-3 or smaller, it also fails unless the matching object contains exactly +one value. +.Pp +.Fn CMS_signed_get_attr +returns the array element at the zero-based +.Fa loc . +It fails if the +.Fa loc +argument is negative or greater than or equal to the number of objects in the +array. +.Pp +.Fn CMS_signed_get_attr_count +returns the number of objects currently stored in the +.Fa signedAttrs +array of +.Fa si . +.Sh RETURN VALUES +.Fn CMS_signed_add1_attr , +.Fn CMS_signed_add1_attr_by_NID , +.Fn CMS_signed_add1_attr_by_OBJ , +.Fn CMS_signed_add1_attr_by_txt , +.Fn CMS_unsigned_add1_attr , +.Fn CMS_unsigned_add1_attr_by_NID , +.Fn CMS_unsigned_add1_attr_by_OBJ , +and +.Fn CMS_unsigned_add1_attr_by_txt +return 1 for success or 0 if an error occurs. +.Pp +.Fn CMS_signed_delete_attr +returns the deleted element or +.Dv NULL +if the +.Fa signedAttrs +array is +.Dv NULL , +or if the requested +.Fa loc +argument is negative, or greater than or equal to the number of objects in it. +.Pp +.Fn CMS_unsigned_delete_attr +returns the deleted element or +.Dv NULL +if the +.Fa unsignedAttrs +array is +.Dv NULL , +or if the requested +.Fa loc +argument is negative, or greater than or equal to the number of objects in it. +.Pp +.Fn CMS_signed_get0_data_by_OBJ +and +.Fn CMS_unsigned_get0_data_by_OBJ +return an internal pointer to the data contained in the value of the first +object that has an index greater than +.Fa lastpos +and a type matching +.Fa type , +or NULL on failure. +.Pp +.Fn CMS_signed_get_attr +and +.Fn CMS_unsigned_get_attr +return an internal pointer or NULL on failure. +.Pp +.Fn CMS_signed_get_attr_by_NID , +.Fn CMS_signed_get_attr_by_OBJ , +.Fn CMS_unsigned_get_attr_by_NID , +and +.Fn CMS_unsigned_get_attr_by_OBJ +return the index of the first object in the array that has an index greater than +.Fa lastpos +and a type matching +.Fa nid +or +.Fa oid , +respectively, or \-1 on failure. +In addition, +.Fn CMS_signed_get_attr_by_OBJ +and +.Fn CMS_unsigned_get_attr_by_OBJ +return \-2 if +.Xr OBJ_nid2obj 3 +fails on the requested +.Fa nid . +.Pp +.Fn CMS_signed_get_attr_count +and +.Fn CMS_unsigned_get_attr_count +return the number of array elements or \-1 on failure. +.Sh SEE ALSO +.Xr CMS_add1_signer 3 , +.Xr CMS_ContentInfo_new 3 , +.Xr CMS_get0_SignerInfos 3 , +.Xr OBJ_nid2obj 3 , +.Xr X509_ATTRIBUTE_create_by_OBJ 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509at_add1_attr 3 +.Sh STANDARDS +RFC 5652: Cryptographic Message Syntax (CMS) +.Bl -dash -compact -offset indent +.It +section 5.3: SignerInfo Type +.It +section 11: Useful Attributes +.El +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.9 and have been available since +.Ox 6.6 . diff --git a/man/CONF_modules_load_file.3 b/man/CONF_modules_load_file.3 index 964473d4..d1bcd49a 100644 --- a/man/CONF_modules_load_file.3 +++ b/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CONF_modules_load_file.3,v 1.11 2023/07/21 10:46:54 tb Exp $ +.\" $OpenBSD: CONF_modules_load_file.3,v 1.14 2023/11/19 20:58:07 tb Exp $ .\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100 .\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 21 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt CONF_MODULES_LOAD_FILE 3 .Os .Sh NAME @@ -222,7 +222,6 @@ Load custom configuration file and section instead of the standard one, only print warnings on error, missing configuration file ignored: .Bd -literal OPENSSL_no_config(); -ENGINE_load_builtin_engines(); OPENSSL_load_builtin_modules(); if (CONF_modules_load_file("/something/app.cnf", "myapp", CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { @@ -234,12 +233,10 @@ if (CONF_modules_load_file("/something/app.cnf", "myapp", In the previous example, the call to .Xr OPENSSL_no_config 3 is required first to suppress automatic loading -of the standard configuration file, and the calls to -.Xr ENGINE_load_builtin_engines 3 -and +of the standard configuration file, and the call to .Xr OPENSSL_load_builtin_modules 3 -are needed so that the configuration of builtin modules and engines -is also loaded in addition to the configuration of +is needed so that the configuration of builtin modules +is loaded in addition to the configuration of .Qq myapp . .Pp Load and parse configuration file manually, custom error handling: @@ -270,7 +267,6 @@ if (fp == NULL) { .Ed .Sh SEE ALSO .Xr CONF_modules_free 3 , -.Xr ENGINE_load_builtin_engines 3 , .Xr ERR 3 , .Xr OPENSSL_config 3 , .Xr OPENSSL_load_builtin_modules 3 diff --git a/man/CRYPTO_lock.3 b/man/CRYPTO_lock.3 index cb6224a7..4187a96b 100644 --- a/man/CRYPTO_lock.3 +++ b/man/CRYPTO_lock.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: CRYPTO_lock.3,v 1.1 2019/03/10 15:00:34 schwarze Exp $ +.\" $OpenBSD: CRYPTO_lock.3,v 1.2 2024/03/04 09:30:43 tb Exp $ .\" OpenSSL doc/crypto/threads.pod fb552ac6 Sep 30 23:43:01 2009 +0000 .\" .\" Copyright (c) 2019 Ingo Schwarze @@ -15,14 +15,10 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 10 2019 $ +.Dd $Mdocdate: March 4 2024 $ .Dt CRYPTO_LOCK 3 .Os .Sh NAME -.Nm CRYPTO_THREADID_current , -.Nm CRYPTO_THREADID_cmp , -.Nm CRYPTO_THREADID_cpy , -.Nm CRYPTO_THREADID_hash , .Nm CRYPTO_lock , .Nm CRYPTO_w_lock , .Nm CRYPTO_w_unlock , @@ -33,24 +29,6 @@ .Sh SYNOPSIS .In openssl/crypto.h .Ft void -.Fo CRYPTO_THREADID_current -.Fa "CRYPTO_THREADID *id" -.Fc -.Ft int -.Fo CRYPTO_THREADID_cmp -.Fa "const CRYPTO_THREADID *a" -.Fa "const CRYPTO_THREADID *b" -.Fc -.Ft void -.Fo CRYPTO_THREADID_cpy -.Fa "CRYPTO_THREADID *dest" -.Fa "const CRYPTO_THREADID *src" -.Fc -.Ft unsigned long -.Fo CRYPTO_THREADID_hash -.Fa "const CRYPTO_THREADID *id" -.Fc -.Ft void .Fo CRYPTO_lock .Fa "int mode" .Fa "int type" @@ -75,18 +53,6 @@ .Ed .Sh DESCRIPTION These functions are obsolete. -.Pp -.Fn CRYPTO_THREADID_current -stores a unique identifier of the currently executing thread -into the opaque object -.Fa id . -.Pp -.Fn CRYPTO_THREADID_cpy -copies the contents of -.Fa src -to -.Fa dest . -.Pp .Fn CRYPTO_lock locks or unlocks a mutex lock. .Pp @@ -135,20 +101,6 @@ and unlocks the lock number .Fa type again. .Sh RETURN VALUES -.Fn CRYPTO_THREADID_cmp -returns 0 if -.Fa a -and -.Fa b -refer to the same thread or a non-zero value otherwise. -.Pp -.Fn CRYPTO_THREADID_hash -returns a numeric value usable as a hash-table key. -In the LibreSSL implementation, it is the value returned from -.Xr pthread_self 3 -for the thread -.Fa id . -.Pp .Fn CRYPTO_add returns the new value of .Pf * Fa p . @@ -166,11 +118,3 @@ first appeared in SSLeay 0.6.0. first appeared in SSLeay 0.6.2. These functions have been available since .Ox 2.4 . -.Pp -.Fn CRYPTO_THREADID_current , -.Fn CRYPTO_THREADID_cmp , -.Fn CRYPTO_THREADID_cpy , -and -.Fn CRYPTO_THREADID_hash -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . diff --git a/man/DES_set_key.3 b/man/DES_set_key.3 index e74c7c5e..16188f1f 100644 --- a/man/DES_set_key.3 +++ b/man/DES_set_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $ +.\" $OpenBSD: DES_set_key.3,v 1.16 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400 .\" @@ -115,7 +115,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt DES_SET_KEY 3 .Os .Sh NAME @@ -599,10 +599,11 @@ then update ivec and num. num contains "how far" we are though ivec. If this does not make much sense, read more about CFB mode of DES. .Pp +The .Fn DES_ede3_cfb64_encrypt -and +function and the .Fn DES_ede2_cfb64_encrypt -is the same as +macro are the same as .Fn DES_cfb64_encrypt except that Triple-DES is used. .Pp @@ -625,10 +626,11 @@ is the same as .Fn DES_cfb64_encrypt using Output Feed Back mode. .Pp +The .Fn DES_ede3_ofb64_encrypt -and +function and the .Fn DES_ede2_ofb64_encrypt -is the same as +macro are the same as .Fn DES_ofb64_encrypt , using Triple-DES. .Pp diff --git a/man/DH_set_method.3 b/man/DH_set_method.3 index e89fdc64..70cf367c 100644 --- a/man/DH_set_method.3 +++ b/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DH_set_method.3,v 1.8 2022/01/15 23:38:50 jsg Exp $ +.\" $OpenBSD: DH_set_method.3,v 1.9 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 15 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt DH_SET_METHOD 3 .Os .Sh NAME @@ -98,16 +98,9 @@ selects as the default method for all .Vt DH structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DH 3 -that can be successfully initialized, it overrides the default. .Pp .Fn DH_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn DH_set_method selects @@ -118,17 +111,12 @@ This replaces the .Vt DH_METHOD used by the .Fa dh -key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +key. It is possible to have .Vt DH keys that only work with certain .Vt DH_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt DH_METHOD for the key can have unexpected results. @@ -136,17 +124,10 @@ for the key can have unexpected results. .Fn DH_new_method allocates and initializes a .Vt DH -structure so that -.Fa engine -is used for the DH operations. -If +structure. +The .Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DH 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn DH_set_default_method is used. @@ -202,10 +183,7 @@ and sets an error code that can be obtained by if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO -.Xr DH_new 3 , -.Xr ENGINE_get_default_DH 3 , -.Xr ENGINE_register_DH 3 , -.Xr ENGINE_set_default_DH 3 +.Xr DH_new 3 .Sh HISTORY .Fn DH_set_default_method , .Fn DH_get_default_method , diff --git a/man/DSA_generate_key.3 b/man/DSA_generate_key.3 index 97e185e0..37d8ec1c 100644 --- a/man/DSA_generate_key.3 +++ b/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_generate_key.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: DSA_generate_key.3,v 1.11 2023/12/29 19:12:47 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: December 29 2023 $ .Dt DSA_GENERATE_KEY 3 .Os .Sh NAME @@ -75,7 +75,7 @@ returns 1 on success or 0 otherwise. The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO -.Xr DSA_generate_parameters 3 , +.Xr DSA_generate_parameters_ex 3 , .Xr DSA_get0_key 3 , .Xr DSA_new 3 .Sh HISTORY diff --git a/man/DSA_generate_parameters.3 b/man/DSA_generate_parameters_ex.3 similarity index 78% rename from man/DSA_generate_parameters.3 rename to man/DSA_generate_parameters_ex.3 index 07fa5acf..a318bf82 100644 --- a/man/DSA_generate_parameters.3 +++ b/man/DSA_generate_parameters_ex.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_generate_parameters.3,v 1.13 2023/05/14 09:27:15 tb Exp $ +.\" $OpenBSD: DSA_generate_parameters_ex.3,v 1.1 2023/12/29 19:15:15 tb Exp $ .\" OpenSSL 9b86974e Aug 7 22:14:47 2015 -0400 .\" .\" This file was written by Ulf Moeller , @@ -49,12 +49,13 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2023 $ -.Dt DSA_GENERATE_PARAMETERS 3 +.Dd $Mdocdate: December 29 2023 $ +.Dt DSA_GENERATE_PARAMETERS_EX 3 .Os .Sh NAME -.Nm DSA_generate_parameters_ex , -.Nm DSA_generate_parameters +.\" .Nm DSA_generate_parameters is intentionally undocumented +.\" because it will be removed in the next major bump +.Nm DSA_generate_parameters_ex .Nd generate DSA parameters .Sh SYNOPSIS .In openssl/dsa.h @@ -68,19 +69,6 @@ .Fa "unsigned long *h_ret" .Fa "BN_GENCB *cb" .Fc -.Pp -Deprecated: -.Pp -.Ft DSA * -.Fo DSA_generate_parameters -.Fa "int bits" -.Fa "unsigned char *seed" -.Fa "int seed_len" -.Fa "int *counter_ret" -.Fa "unsigned long *h_ret" -.Fa "void (*callback)(int, int, void *)" -.Fa "void *cb_arg" -.Fc .Sh DESCRIPTION .Fn DSA_generate_parameters_ex generates primes p and q and a generator g for use in the DSA and stores @@ -168,32 +156,10 @@ When the generator has been found, .Fn BN_GENCB_call cb 3 1 is called. .El -.Pp -.Fn DSA_generate_parameters -(deprecated) works in much the same way as for -.Fn DSA_generate_parameters_ex , -except that no -.Fa dsa -parameter is passed and instead a newly allocated -.Vt DSA -structure is returned. -Additionally "old style" callbacks are used instead of the newer -.Vt BN_GENCB -based approach. -Refer to -.Xr BN_generate_prime 3 -for further information. .Sh RETURN VALUES .Fn DSA_generate_parameters_ex returns a 1 on success, or 0 otherwise. .Pp -.Fn DSA_generate_parameters -returns a pointer to the -.Vt DSA -structure, or -.Dv NULL -if the parameter generation fails. -.Pp The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO @@ -201,24 +167,6 @@ The error codes can be obtained by .Xr DSA_get0_pqg 3 , .Xr DSA_new 3 .Sh HISTORY -.Fn DSA_generate_parameters -first appeared in SSLeay 0.8.0 and had its -.Fa cb_arg -argument added in SSLeay 0.9.0. -It has been available since -.Ox 2.4 . -.Pp -In versions up to OpenSSL 0.9.4, -.Fn callback 1 ...\& -was called in the inner loop of the Miller-Rabin test whenever it -reached the squaring step (the parameters to -.Fn callback -did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, -.Fn callback 1 ...\& -is called as in -.Xr BN_is_prime_ex 3 , -i.e. once for each witness. -.Pp .Fn DSA_generate_parameters_ex first appeared in OpenSSL 0.9.8 and has been available since .Ox 4.5 . diff --git a/man/DSA_get0_pqg.3 b/man/DSA_get0_pqg.3 index b5250d9f..8639b011 100644 --- a/man/DSA_get0_pqg.3 +++ b/man/DSA_get0_pqg.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_get0_pqg.3,v 1.7 2023/03/07 06:15:07 tb Exp $ +.\" $OpenBSD: DSA_get0_pqg.3,v 1.10 2023/12/29 22:37:47 tb Exp $ .\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 .\" .\" This file was written by Matt Caswell . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 7 2023 $ +.Dd $Mdocdate: December 29 2023 $ .Dt DSA_GET0_PQG 3 .Os .Sh NAME @@ -296,7 +296,7 @@ if no engine was set for this object. .Xr DSA_do_sign 3 , .Xr DSA_dup_DH 3 , .Xr DSA_generate_key 3 , -.Xr DSA_generate_parameters 3 , +.Xr DSA_generate_parameters_ex 3 , .Xr DSA_new 3 , .Xr DSA_print 3 , .Xr DSA_security_bits 3 , diff --git a/man/DSA_new.3 b/man/DSA_new.3 index 8e316011..5a958b58 100644 --- a/man/DSA_new.3 +++ b/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_new.3,v 1.13 2022/07/13 21:51:35 schwarze Exp $ +.\" $OpenBSD: DSA_new.3,v 1.14 2023/12/29 19:12:47 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: December 29 2023 $ .Dt DSA_NEW 3 .Os .Sh NAME @@ -114,7 +114,7 @@ returns 1 for success or 0 for failure. .Xr DSA_do_sign 3 , .Xr DSA_dup_DH 3 , .Xr DSA_generate_key 3 , -.Xr DSA_generate_parameters 3 , +.Xr DSA_generate_parameters_ex 3 , .Xr DSA_get0_pqg 3 , .Xr DSA_get_ex_new_index 3 , .Xr DSA_meth_new 3 , diff --git a/man/DSA_set_method.3 b/man/DSA_set_method.3 index 31ded16d..ec6d2b4c 100644 --- a/man/DSA_set_method.3 +++ b/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: DSA_set_method.3,v 1.10 2022/01/15 23:38:50 jsg Exp $ +.\" $OpenBSD: DSA_set_method.3,v 1.11 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 15 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt DSA_SET_METHOD 3 .Os .Sh NAME @@ -93,16 +93,9 @@ selects as the default method for all .Vt DSA structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_DSA 3 -that can be successfully initialized, it overrides the default. .Pp .Fn DSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn DSA_set_method selects @@ -111,15 +104,10 @@ to perform all operations using the key .Fa dsa . This replaces the .Vt DSA_METHOD -used by the DSA key and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +used by the DSA key. It is possible to have DSA keys that only work with certain .Vt DSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt DSA_METHOD for the key can have unexpected results. @@ -127,17 +115,10 @@ for the key can have unexpected results. .Fn DSA_new_method allocates and initializes a .Vt DSA -structure so that -.Fa engine -is used for the DSA operations. -If +structure. +The .Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_DSA 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn DSA_set_default_method is used. @@ -206,10 +187,7 @@ if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO .Xr DSA_meth_new 3 , -.Xr DSA_new 3 , -.Xr ENGINE_get_default_DSA 3 , -.Xr ENGINE_register_DSA 3 , -.Xr ENGINE_set_default_DSA 3 +.Xr DSA_new 3 .Sh HISTORY .Fn DSA_set_default_method , .Fn DSA_get_default_method , diff --git a/man/EC_KEY_new.3 b/man/EC_KEY_new.3 index 06afdd53..f415b91d 100644 --- a/man/EC_KEY_new.3 +++ b/man/EC_KEY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EC_KEY_new.3,v 1.18 2023/08/29 10:07:42 tb Exp $ +.\" $OpenBSD: EC_KEY_new.3,v 1.19 2024/02/16 06:09:36 tb Exp $ .\" full merge up to: OpenSSL 3aef36ff Jan 5 13:06:03 2016 -0500 .\" partial merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 29 2023 $ +.Dd $Mdocdate: February 16 2024 $ .Dt EC_KEY_NEW 3 .Os .Sh NAME @@ -324,6 +324,10 @@ object, the private key and the public key for the .Fa key , respectively. +The setters copy the group and key objects without sanity checks +and it is the caller's responsibility to ensure that +the resulting key is valid, for example using +.Fn EC_KEY_check_key . .Pp The functions .Fn EC_KEY_get_enc_flags diff --git a/man/ENGINE_add.3 b/man/ENGINE_add.3 deleted file mode 100644 index 4ae878b4..00000000 --- a/man/ENGINE_add.3 +++ /dev/null @@ -1,243 +0,0 @@ -.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_ADD 3 -.Os -.Sh NAME -.Nm ENGINE_add , -.Nm ENGINE_set_id , -.Nm ENGINE_get_id , -.Nm ENGINE_set_name , -.Nm ENGINE_get_name , -.Nm ENGINE_remove , -.Nm ENGINE_cleanup , -.Nm ENGINE_get_first , -.Nm ENGINE_get_last , -.Nm ENGINE_get_next , -.Nm ENGINE_get_prev , -.Nm ENGINE_by_id -.Nd maintain a global list of ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_add -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_id -.Fa "ENGINE *e" -.Fa "const char *id" -.Fc -.Ft const char * -.Fo ENGINE_get_id -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_name -.Fa "ENGINE *e" -.Fa "const char *name" -.Fc -.Ft const char * -.Fo ENGINE_get_name -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_remove -.Fa "ENGINE *e" -.Fc -.Ft void -.Fn ENGINE_cleanup void -.Ft ENGINE * -.Fn ENGINE_get_first void -.Ft ENGINE * -.Fn ENGINE_get_last void -.Ft ENGINE * -.Fo ENGINE_get_next -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_prev -.Fa "ENGINE *e" -.Fc -.Ft ENGINE * -.Fo ENGINE_by_id -.Fa "const char *id" -.Fc -.Sh DESCRIPTION -The crypto library maintains a global list of -.Vt ENGINE -objects. -.Pp -.Fn ENGINE_add -appends -.Fa e -to the end of the list -and increments its structural reference count by 1. -A unique identifier and a name of -.Fa e -have to be set with -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -before calling this function. -.Fn ENGINE_add -fails if the list already contains an -.Vt ENGINE -with the same identifier. -.Pp -.Fn ENGINE_remove -removes -.Fa e -from the list. -If successful, it calls -.Xr ENGINE_free 3 -on -.Fa e . -.Pp -.Fn ENGINE_cleanup -calls -.Xr ENGINE_finish 3 -on all -.Vt ENGINE -objects that were selected as default engines, for example using the -functions documented in the -.Xr ENGINE_set_default 3 -and -.Xr ENGINE_get_default_RSA 3 -manual pages, and it calls -.Fn ENGINE_remove -on all -.Vt ENGINE -objects that were added to the global list with -.Fn ENGINE_add . -Calling this function is required at the end of each program using -.Fn ENGINE_add , -even if no engines are explicitly registered or used. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -provide access to the first and last -.Vt ENGINE -object on the list, respectively. -Unless the list is empty, they increment the structural reference -count of the retrieved object by 1. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -support iteration of the list. -They always call -.Xr ENGINE_free 3 -on -.Fa e . -Unless the end of the list is reached, they increment the structural -reference count of the retrieved object by 1. -.Pp -.Fn ENGINE_by_id -searches the list for an -.Vt ENGINE -object with a matching -.Fa id . -If found, it increments the structural reference count of the -retrieved object by 1. -If -.Dv ENGINE_FLAGS_BY_ID_COPY -was set on -.Fa e -with -.Xr ENGINE_set_flags 3 , -it returns a shallow copy of the object rather than incrementing -the reference count and returning a pointer to the original. -.Sh RETURN VALUES -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_set_name , -and -.Fn ENGINE_remove -return 1 on success or 0 on error. -.Fn ENGINE_set_id -and -.Fn ENGINE_set_name -can only fail if the supplied -.Fa id -or -.Fa name -is -.Dv NULL . -.Pp -.Fn ENGINE_get_id -and -.Fn ENGINE_get_name -return a pointer to an internal string -representing the identifier and the name of -.Fa e , -respectively. -.Pp -.Fn ENGINE_get_first -and -.Fn ENGINE_get_last -return an -.Vt ENGINE -object or -.Dv NULL -if the list is empty. -.Pp -.Fn ENGINE_get_next -and -.Fn ENGINE_get_prev -return an -.Vt ENGINE -object or -.Dv NULL -when the end of the list is reached. -.Pp -.Fn ENGINE_by_id -returns an -.Vt ENGINE -object or -.Dv NULL -if no matching object is found. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_add , -.Fn ENGINE_set_id , -.Fn ENGINE_get_id , -.Fn ENGINE_set_name , -.Fn ENGINE_get_name , -.Fn ENGINE_remove , -.Fn ENGINE_get_first , -.Fn ENGINE_get_last , -.Fn ENGINE_get_next , -.Fn ENGINE_get_prev , -and -.Fn ENGINE_by_id -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cleanup -first appeared in OpenSSL 0.9.7 and has been available since -.Ox 3.2 . diff --git a/man/ENGINE_ctrl.3 b/man/ENGINE_ctrl.3 deleted file mode 100644 index b4965a5a..00000000 --- a/man/ENGINE_ctrl.3 +++ /dev/null @@ -1,470 +0,0 @@ -.\" $OpenBSD: ENGINE_ctrl.3,v 1.5 2022/01/15 23:38:50 jsg Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: January 15 2022 $ -.Dt ENGINE_CTRL 3 -.Os -.Sh NAME -.Nm ENGINE_ctrl , -.Nm ENGINE_cmd_is_executable , -.Nm ENGINE_ctrl_cmd , -.Nm ENGINE_ctrl_cmd_string , -.Nm ENGINE_set_ctrl_function , -.Nm ENGINE_get_ctrl_function , -.Nm ENGINE_set_cmd_defns , -.Nm ENGINE_get_cmd_defns -.Nd control commands for ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_ctrl -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_cmd_is_executable -.Fa "ENGINE *e" -.Fa "int cmd" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fa "int cmd_optional" -.Fc -.Ft int -.Fo ENGINE_ctrl_cmd_string -.Fa "ENGINE *e" -.Fa "const char *cmd_name" -.Fa "const char *arg" -.Fa "int cmd_optional" -.Fc -.Ft typedef int -.Fo (*ENGINE_CTRL_FUNC_PTR) -.Fa "ENGINE *e" -.Fa "int cmd" -.Fa "long i" -.Fa "void *p" -.Fa "void (*f)(void)" -.Fc -.Ft int -.Fo ENGINE_set_ctrl_function -.Fa "ENGINE *e" -.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f" -.Fc -.Ft ENGINE_CTRL_FUNC_PTR -.Fo ENGINE_get_ctrl_function -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_cmd_defns -.Fa "ENGINE *e" -.Fa "const ENGINE_CMD_DEFN *defns" -.Fc -.Ft const ENGINE_CMD_DEFN * -.Fo ENGINE_get_cmd_defns -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_ctrl -calls the built-in or user-defined -.Fa cmd -for the engine -.Fa e , -passing the arguments -.Fa i -and -.Fa p . -.Pp -User-defined commands can be used before -.Xr ENGINE_init 3 -to provide data required for initialization -or at any time to modify the behaviour of an engine. -.Pp -Most built-in commands operate on user-defined commands installed with -.Fn ENGINE_set_cmd_defns , -either using the -.Fa p -argument to indicate the user-defined command with the command name -.Fa cmd_name -or using the -.Fa i -argument to indicate the user-defined command with the command number -.Fa cmd_num . -The -.Fa cmd -arguments to call the built-in commands are as follows: -.Bl -tag -width Ds -.It Dv ENGINE_CTRL_GET_CMD_FLAGS -Return the -.Fa cmd_flags -of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or -the command number does not exist. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME -Return the positive command number -of the user-defined command with the name -.Fa p , -or a number less than or equal to 0 if an error occurs or no -matching name is found. -.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD -Copy the description of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the responsibility of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NUL byte -of the description of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE -Return the positive command number -of the first user-defined command installed with -.Fn ENGINE_set_cmd_defns -or a number less than or equal to 0 if an error occurs or no -user-defined command has been installed. -.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD -Copy the name of the user-defined command with the number -.Fa i -into the buffer -.Fa p -and NUL-terminate it. -It is the responsibility of the caller to make sure that the buffer -.Fa p -is large enough, either by calling -.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -first or using knowledge about the array passed to -.Fn ENGINE_set_cmd_defns . -The return value is the number of bytes written -.Em including -the terminating NUL byte, or a number less than or equal to 0 -if an error occurs. -.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -Return the length in bytes -.Em excluding -the terminating NULL byte -of the name of the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs. -A return value of 0 indicates failure if -.Fa e -is -.Dv NULL -or has a reference count of 0, or success if -.Fa e -is valid. -.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE -Return the positive command number of the next user-defined command -after the user-defined command with the number -.Fa i , -or a number less than or equal to 0 if an error occurs or if -.Fa i -is the last user-defined command. -Together with -.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE , -this can be used to iterate the user-defined commands installed with -.Fn ENGINE_set_cmd_defns . -.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION -Return 1 if -.Fa e -has its own -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function -or 0 otherwise. -.El -.Pp -.Fn ENGINE_ctrl_cmd -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number and calls -.Fn ENGINE_ctrl -on it. -If -.Fa cmd_optional -is non-zero, lack of a -.Fa ctrl_f -in -.Fa e -and translation failure with -.Dv ENGINE_CTRL_GET_CMD_FROM_NAME -are considered success, and the command has no effect. -Otherwise, these problems cause -.Fn ENGINE_ctrl_cmd -to fail. -.Pp -Neither -.Fn ENGINE_ctrl -nor -.Fn ENGINE_ctrl_cmd -ever call the -.Fa f -callback, but merely pass it on as an argument to the engine-specific -.Fa ctrl_f -control function. -It is up to -.Fa ctrl_f -how to use it, or alternatively to ignore it as well. -.Pp -.Fn ENGINE_ctrl_cmd_string -translates the -.Fa cmd_name -of a user-defined command to a -.Fa cmd -number. -If that command has the -.Dv ENGINE_CMD_FLAG_NO_INPUT -flag set, -.Fa arg -must be -.Dv NULL -and -.Fn ENGINE_ctrl -is called with -.Fa i -set to 0 and -.Fa p -set to -.Dv NULL . -Otherwise, -.Fa arg -must not be -.Dv NULL . -If the command accepts string input, -.Fa i -is set to 0 and -.Fa arg -is passed as the -.Fa p -argument to -.Fn ENGINE_ctrl . -Otherwise, -.Fa arg -is converted with -.Xr strtol 3 -and passed as the -.Fa i -argument to -.Fn ENGINE_ctrl , -setting -.Fa p -to -.Dv NULL . -.Pp -.Fn ENGINE_set_ctrl_function -installs -.Fa ctrl_f -as the engine-specific control function for -.Fa e . -Future calls to -.Fn ENGINE_ctrl -will call that function, passing on their arguments unchanged, if the -.Fa cmd -is not built-in to the library or if the -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -flag is set in -.Fa e . -Let the -.Fa ctrl_f -return positive values on success or negative values on failure. -Avoid return values of 0 because they cause dangerous ambiguity. -In particular, -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -cannot be used with user-defined commands -that may return 0 on success. -.Pp -.Fn ENGINE_set_cmd_defns -install an array of command definitions in -.Fa e . -.Pp -The structure -.Vt ENGINE_CMD_DEFN -has the following fields: -.Bl -tag -width Ds -.It Fa "unsigned int cmd_num" -A positive, unique, monotonically increasing command number. -Avoid using numbers below -.Dv ENGINE_CMD_BASE . -.It Fa "const char *cmd_name" -The unique name of the command. -.It Fa "const char *cmd_desc" -A short description of the command. -.It Fa "unsigned int cmd_flags" -The bitwise OR of zero or more of the following flags: -.Bl -tag -width Ds -.It Dv ENGINE_CMD_FLAG_NUMERIC -The command uses -.Fa i . -.It Dv ENGINE_CMD_FLAG_STRING -The command uses -.Fa p . -.It Dv ENGINE_CMD_FLAG_NO_INPUT -The command neither uses -.Fa i -nor -.Fa p . -.It Dv ENGINE_CMD_FLAG_INTERNAL -This flag has no effect and is only provided for compatibility. -.El -.El -.Pp -The last element of -.Fa defns -does not specify a command, but must have a -.Fa cmd_num -of 0 and a -.Fa cmd_name -of -.Dv NULL -to indicate the end of the array. -.Sh RETURN VALUES -For -.Fn ENGINE_ctrl , -positive return values indicate success and negative return values -indicate failure. -The meaning of a zero return value depends on the particular -.Fa cmd -and may indicate both success and failure, which is pathetic. -.Pp -Regardless of the -.Fa cmd , -.Fn ENGINE_ctrl -returns 0 if -.Fa e -is -.Dv NULL -or has a reference count of 0. -This is quite unfortunate for commands like -.Dv ENGINE_CTRL_GET_CMD_FLAGS -where 0 may indicate success, so make sure -.Fa e -is valid before issuing a control command. -.Pp -For built-in commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -.Fn ENGINE_ctrl -returns \-1 if -.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -is set but no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -For commands that are not built in, -.Fn ENGINE_ctrl -returns 0 if no -.Fa ctrl_f -has been installed with -.Fn ENGINE_set_ctrl_function . -.Pp -.Fn ENGINE_cmd_is_executable -returns 1 if the user-defined -.Fa cmd -is executable and has at least one of the flags -.Dv ENGINE_CMD_FLAG_NUMERIC , -.Dv ENGINE_CMD_FLAG_STRING , -and -.Dv ENGINE_CMD_FLAG_NO_INPUT -set, or 0 otherwise. -.Pp -.Fn ENGINE_ctrl_cmd -and -.Fn ENGINE_ctrl_cmd_string -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_ctrl_function -and -.Fn ENGINE_set_cmd_defns -always return 1. -.Pp -.Fn ENGINE_get_ctrl_function -returns a pointer to the function -.Fa ctrl_f -installed with -.Fn ENGINE_set_ctrl_function , -or -.Dv NULL -if none has been installed. -.Pp -.Fn ENGINE_get_cmd_defns -returns the array of command definitions installed in -.Fa e -or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_ctrl , -.Fn ENGINE_set_ctrl_function , -and -.Fn ENGINE_get_ctrl_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_cmd_is_executable , -.Fn ENGINE_ctrl_cmd , -.Fn ENGINE_ctrl_cmd_string , -.Fn ENGINE_set_cmd_defns , -and -.Fn ENGINE_get_cmd_defns -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/man/ENGINE_get_default_RSA.3 b/man/ENGINE_get_default_RSA.3 deleted file mode 100644 index 348f1367..00000000 --- a/man/ENGINE_get_default_RSA.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.4 2023/07/21 04:35:36 tb Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 21 2023 $ -.Dt ENGINE_GET_DEFAULT_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_get_default_RSA , -.Nm ENGINE_get_default_DSA , -.Nm ENGINE_get_default_EC , -.Nm ENGINE_get_default_DH , -.Nm ENGINE_get_default_RAND , -.Nm ENGINE_get_cipher_engine , -.Nm ENGINE_get_digest_engine , -.Nm ENGINE_set_table_flags , -.Nm ENGINE_get_table_flags -.Nd retrieve the default ENGINE for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft ENGINE * -.Fn ENGINE_get_default_RSA void -.Ft ENGINE * -.Fn ENGINE_get_default_DSA void -.Ft ENGINE * -.Fn ENGINE_get_default_EC void -.Ft ENGINE * -.Fn ENGINE_get_default_DH void -.Ft ENGINE * -.Fn ENGINE_get_default_RAND void -.Ft ENGINE * -.Fo ENGINE_get_cipher_engine -.Fa "int nid" -.Fc -.Ft ENGINE * -.Fo ENGINE_get_digest_engine -.Fa "int nid" -.Fc -.Ft void -.Fo ENGINE_set_table_flags -.Fa "unsigned int flags" -.Fc -.Ft unsigned int -.Fn ENGINE_get_table_flags void -.Sh DESCRIPTION -These functions retrieve the current default -.Vt ENGINE -implementing the respective algorithm. -.Pp -If a default engine was previously selected, -.Xr ENGINE_init 3 -is called on it again and it is used. -Otherwise, these functions inspect the engines registered -with the functions documented in -.Xr ENGINE_register_RSA 3 -in the order of the table for the respective algorithm. -If an inspected engine is already successfully initialized, -.Xr ENGINE_init 3 -is called on it again and it is used as the new default. -Otherwise, unless the global flag -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, -.Xr ENGINE_init 3 -is tried on it. -If it succeeds, that engine is used as the new default. -If it fails or if -.Dv ENGINE_TABLE_FLAG_NOINIT -is set, inspection continues with the next engine. -.Pp -The global flag can be set by calling -.Fn ENGINE_set_table_flags -with an argument of -.Dv ENGINE_TABLE_FLAG_NOINIT -or cleared by calling it with an argument of 0. -By default, the flag is not set. -.Pp -While all the other functions operate on exactly one algorithm, -.Fn ENGINE_get_cipher_engine -and -.Fn ENGINE_get_digest_engine -are special in so far as they can handle multiple algorithms, -identified by the given -.Fa nid . -The default engine is remembered separately for each algorithm. -.Pp -Application programs rarely need to call these functions because -they are called automatically when needed, in particular from -.Xr RSA_new 3 , -.Xr DSA_new 3 , -.Xr EC_KEY_new 3 , -.Xr DH_new 3 , -.Xr EVP_CipherInit_ex 3 , -and -.Xr EVP_DigestInit_ex 3 . -.Sh RETURN VALUES -These functions return a functional reference to an -.Vt ENGINE -object or -.Dv NULL -on failure, in particular when no engine implementing the algorithm -is available, when -.Xr ENGINE_init 3 -fails for all implementations, -or when insufficient memory is available. -Even when these functions fail, the application may still be able -to use the algorithm in question because the built-in implementation -is used in that case, if one is available. -.Pp -.Fn ENGINE_get_table_flags -returns -.Dv ENGINE_TABLE_FLAG_NOINIT -if the global flag is set or 0 otherwise. -.Sh SEE ALSO -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_get_default_RSA , -.Fn ENGINE_get_default_DSA , -.Fn ENGINE_get_default_DH , -and -.Fn ENGINE_get_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_get_cipher_engine , -.Fn ENGINE_get_digest_engine , -.Fn ENGINE_set_table_flags , -and -.Fn ENGINE_get_table_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_get_default_EC -first appeared in OpenSSL 1.1.0 and has been available since -.Ox 6.5 . diff --git a/man/ENGINE_init.3 b/man/ENGINE_init.3 deleted file mode 100644 index d41d98a2..00000000 --- a/man/ENGINE_init.3 +++ /dev/null @@ -1,134 +0,0 @@ -.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_INIT 3 -.Os -.Sh NAME -.Nm ENGINE_init , -.Nm ENGINE_finish , -.Nm ENGINE_set_init_function , -.Nm ENGINE_set_finish_function , -.Nm ENGINE_get_init_function , -.Nm ENGINE_get_finish_function -.Nd initialize ENGINE objects -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_init -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_finish -.Fa "ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_init_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR init_f" -.Fc -.Ft int -.Fo ENGINE_set_finish_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_init_function -.Fa "const ENGINE *e" -.Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_finish_function -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_init -initializes -.Fa e -by calling the -.Fa init_f -previously installed with -.Fn ENGINE_set_init_function , -if any. -In case of success, it also increments both the structural -and the functional reference count by 1. -If no -.Fa init_f -was installed, -.Fn ENGINE_init -always succeeds. -Calling -.Fn ENGINE_init -again after it already succeeded always succeeds, but has no effect -except that it increments both the structural and the functional -reference count by 1. -.Pp -.Fn ENGINE_finish -decrements the functional reference count by 1. -When it reaches 0, it calls the -.Fa finish_f -previously installed with -.Fn ENGINE_set_finish_function , -if any. -If no -.Fa finish_f -was installed, -.Fn ENGINE_finish -always succeeds. -Unless -.Fa finish_f -fails, -.Fn ENGINE_finish -also calls -.Xr ENGINE_free 3 . -.Pp -.Fn ENGINE_init -is internally called by the functions documented in the -.Xr ENGINE_get_default_RSA 3 -manual page. -.Sh RETURN VALUES -.Fn ENGINE_init -and -.Fn ENGINE_finish -return 1 on success or 0 on error. -.Pp -.Fn ENGINE_set_init_function -and -.Fn ENGINE_set_finish_function -always return 1. -.Pp -.Fn ENGINE_get_init_function -and -.Fn ENGINE_get_finish_function -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -These functions first appeared in OpenSSL 0.9.7 -and have been available since -.Ox 2.9 . diff --git a/man/ENGINE_new.3 b/man/ENGINE_new.3 index eaab08d1..55ed9635 100644 --- a/man/ENGINE_new.3 +++ b/man/ENGINE_new.3 @@ -1,7 +1,6 @@ -.\" $OpenBSD: ENGINE_new.3,v 1.5 2021/03/12 05:18:00 jsg Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" $OpenBSD: ENGINE_new.3,v 1.10 2023/11/19 21:13:47 tb Exp $ .\" +.\" Copyright (c) 2023 Theo Buehler .\" Copyright (c) 2018 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -16,175 +15,160 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 12 2021 $ +.Dd $Mdocdate: November 19 2023 $ .Dt ENGINE_NEW 3 .Os .Sh NAME .Nm ENGINE_new , -.Nm ENGINE_up_ref , .Nm ENGINE_free , -.Nm ENGINE_set_destroy_function , -.Nm ENGINE_get_destroy_function -.Nd create and destroy ENGINE objects +.Nm ENGINE_init , +.Nm ENGINE_finish , +.Nm ENGINE_ctrl_cmd , +.Nm ENGINE_ctrl_cmd_string , +.Nm ENGINE_by_id , +.Nm ENGINE_get_id , +.Nm ENGINE_get_name , +.Nm ENGINE_set_default , +.Nm ENGINE_get_default_RSA , +.Nm ENGINE_set_default_RSA , +.Nm ENGINE_load_private_key , +.Nm ENGINE_load_public_key , +.Nm ENGINE_load_builtin_engines , +.Nm ENGINE_load_dynamic , +.Nm ENGINE_load_openssl , +.Nm ENGINE_register_all_complete , +.Nm ENGINE_cleanup +.Nd ENGINE stub functions .Sh SYNOPSIS .In openssl/engine.h .Ft ENGINE * .Fn ENGINE_new void .Ft int -.Fo ENGINE_up_ref -.Fa "ENGINE *e" +.Fo ENGINE_free +.Fa "ENGINE *engine" .Fc .Ft int -.Fo ENGINE_free -.Fa "ENGINE *e" +.Fn ENGINE_init "ENGINE *engine" +.Ft int +.Fn ENGINE_finish "ENGINE *engine" +.Ft int +.Fo ENGINE_ctrl_cmd +.Fa "ENGINE *engine" +.Fa "const char *cmd_name" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)(void)" +.Fa "int cmd_optional" .Fc -.Ft typedef int -.Fo (*ENGINE_GEN_INT_FUNC_PTR) -.Fa "ENGINE *e" +.Ft int +.Fo ENGINE_ctrl_cmd_string +.Fa "ENGINE *engine" +.Fa "const char *cmd_name" +.Fa "const char *arg" +.Fa "int cmd_optional" .Fc +.Ft ENGINE * +.Fn ENGINE_by_id "const char *id" +.Ft const char * +.Fn ENGINE_get_id "const ENGINE *engine" +.Ft const char * +.Fn ENGINE_get_name "const ENGINE *engine" .Ft int -.Fo ENGINE_set_destroy_function -.Fa "ENGINE *e" -.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f" +.Fn ENGINE_set_default "ENGINE *engine" "unsigned int flags" +.Ft ENGINE * +.Fn ENGINE_get_default_RSA "ENGINE *engine" +.Ft int +.Fn ENGINE_set_default_RSA "ENGINE *engine" +.Ft EVP_PKEY * +.Fo ENGINE_load_private_key +.Fa "ENGINE *engine" +.Fa "const char *key_id" +.Fa "UI_METHOD *ui_method" +.Fa "void *callback_data" .Fc -.Ft ENGINE_GEN_INT_FUNC_PTR -.Fo ENGINE_get_destroy_function -.Fa "const ENGINE *e" +.Ft EVP_PKEY * +.Fo ENGINE_load_public_key +.Fa "ENGINE *engine" +.Fa "const char *key_id" +.Fa "UI_METHOD *ui_method" +.Fa "void *callback_data" .Fc +.Ft void +.Fn ENGINE_load_builtin_engines "void" +.Ft void +.Fn ENGINE_load_dynamic "void" +.Ft void +.Fn ENGINE_load_openssl "void" +.Ft int +.Fn ENGINE_register_all_complete "void" +.Ft void +.Fn ENGINE_cleanup "void" .Sh DESCRIPTION .Vt ENGINE -objects can be used to provide alternative implementations of -cryptographic algorithms, to support additional algorithms, to -support cryptographic hardware, and to switch among alternative -implementations of algorithms at run time. -LibreSSL generally avoids engines and prefers providing -cryptographic functionality in the crypto library itself. +objects used to provide alternative implementations of +cryptographic algorithms, for example using specialized hardware. +LibreSSL no longer supports this feature. .Pp -.Fn ENGINE_new -allocates and initializes an empty +All functions in this manual ignore all their arguments and +do nothing except return failure if possible. +They are provided only to avoid patching software that expects .Vt ENGINE -object and sets its structural reference count to 1 -and its functional reference count to 0. -For more information about the functional reference count, see the -.Xr ENGINE_init 3 -manual page. -.Pp -Many functions increment the structural reference count by 1 -when successful. -Some of them, including -.Xr ENGINE_get_first 3 , -.Xr ENGINE_get_last 3 , -.Xr ENGINE_get_next 3 , -.Xr ENGINE_get_prev 3 , -and -.Xr ENGINE_by_id 3 , -do so because they return a structural reference to the user. -Other functions, including -.Xr ENGINE_add 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_get_cipher_engine 3 , -.Xr ENGINE_get_digest_engine 3 , -and the -.Xr ENGINE_get_default_RSA 3 -and -.Xr ENGINE_set_default 3 -families of functions -do so when they store a structural reference internally. -.Pp -.Fn ENGINE_up_ref -explicitly increment the structural reference count by 1. -.Pp -.Fn ENGINE_free -decrements the structural reference count by 1, -and if it reaches 0, the optional -.Fa destroy_f -previously installed with -.Fn ENGINE_set_destroy_function -is called, if one is installed, and both the memory used internally by -.Fa e -and -.Fa e -itself are freed. -If -.Fa e -is a -.Dv NULL -pointer, no action occurs. -.Pp -Many functions internally call the equivalent of -.Fn ENGINE_free . -Some of them, including -.Xr ENGINE_get_next 3 +support to be available. +.Sh RETURN VALUES +.Fn ENGINE_new , +.Fn ENGINE_by_id , +.Fn ENGINE_get_default_RSA , +.Fn ENGINE_load_private_key , and -.Xr ENGINE_get_prev 3 , -thus invalidate the structural reference passed in by the user. -Other functions, including -.Xr ENGINE_finish 3 , -.Xr ENGINE_remove 3 , -and the -.Xr ENGINE_set_default 3 -family of functions -do so when an internally stored structural reference is no longer needed. +.Fn ENGINE_load_public_key +always return +.Dv NULL . .Pp -.Fn ENGINE_set_destroy_function -installs a callback function that will be called by .Fn ENGINE_free , -but only when -.Fa e -actually gets destroyed, -not when only its reference count gets decremented. -The value returned from the -.Fa destroy_f -will be ignored. -.Sh RETURN VALUES -.Fn ENGINE_new -returns a structural reference to the new -.Vt ENGINE -object or -.Dv NULL -if an error occurs. -.Pp -.Fn ENGINE_up_ref -returns 0 if -.Fa e -is -.Dv NULL -and 1 otherwise. -.Pp -.Fn ENGINE_free +.Fn ENGINE_init , +.Fn ENGINE_finish , +.Fn ENGINE_ctrl_cmd , +.Fn ENGINE_ctrl_cmd_string , +.Fn ENGINE_set_default , +.Fn ENGINE_set_default_RSA , and -.Fn ENGINE_set_destroy_function -always return 1. +.Fn ENGINE_register_all_complete +always return 0. .Pp -.Fn ENGINE_get_destroy_function -returns a function pointer to the callback, or -.Dv NULL -if none is installed. +.Fn ENGINE_get_id +and +.Fn ENGINE_get_name +always return the constant empty string. .Sh SEE ALSO -.Xr crypto 3 , -.Xr ENGINE_add 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 +.Xr crypto 3 .Sh HISTORY -.Fn ENGINE_new +.Fn ENGINE_new , +.Fn ENGINE_free , +.Fn ENGINE_init , +.Fn ENGINE_finish , +.Fn ENGINE_by_id , +.Fn ENGINE_get_id , +.Fn ENGINE_get_name , +.Fn ENGINE_set_default , +.Fn ENGINE_get_default_RSA , +.Fn ENGINE_set_default_RSA , +.Fn ENGINE_load_private_key , and -.Fn ENGINE_free -first appeared in OpenSSL 0.9.7 and have been available since +.Fn ENGINE_load_public_key +first appeared in OpenSSL 0.9.7 +and have been available since .Ox 2.9 . .Pp -.Fn ENGINE_set_destroy_function +.Fn ENGINE_ctrl_cmd , +.Fn ENGINE_ctrl_cmd_string , +.Fn ENGINE_load_builtin_engines , +.Fn ENGINE_load_openssl , +.Fn ENGINE_register_all_complete , and -.Fn ENGINE_get_destroy_function -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_up_ref -first appeared in OpenSSL 0.9.7 and has been available since +.Fn ENGINE_cleanup +first appeared in OpenSSL 0.9.7 +and have been available since .Ox 3.4 . +.Pp +All these functions were turned into stubs in +.Ox 7.4 . diff --git a/man/ENGINE_register_RSA.3 b/man/ENGINE_register_RSA.3 deleted file mode 100644 index 5c63729c..00000000 --- a/man/ENGINE_register_RSA.3 +++ /dev/null @@ -1,142 +0,0 @@ -.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_RSA , -.Nm ENGINE_register_DSA , -.Nm ENGINE_register_ECDH , -.Nm ENGINE_register_ECDSA , -.Nm ENGINE_register_DH , -.Nm ENGINE_register_RAND , -.Nm ENGINE_register_STORE , -.Nm ENGINE_register_ciphers , -.Nm ENGINE_register_digests , -.Nm ENGINE_register_complete -.Nd register an ENGINE as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_register_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_STORE -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_register_complete -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -In addition to the global table described in -.Xr ENGINE_add 3 , -the crypto library maintains several tables containing references to -.Vt ENGINE -objects implementing one specific cryptographic algorithm. -.Pp -The functions listed in the present manual page append -.Fa e -to the end of the table for the respective algorithm. -.Pp -If -.Fa e -does not contain a method for the requested algorithm, -these functions succeed without having any effect. -.Pp -If -.Fa e -is already registered for the given algorithm, -they move it to the end of the respective table. -.Pp -.Fn ENGINE_register_ciphers -and -.Fn ENGINE_register_digests -are special in so far as an engine may implement -more than one cipher or more than one digest. -In that case, -.Fa e -is registered for all the ciphers or digests it implements. -.Pp -.Fn ENGINE_register_complete -registers -.Fa e -for all algorithms it implements by calling all the other functions. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They only fail if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_register_RSA , -.Fn ENGINE_register_DSA , -.Fn ENGINE_register_DH , -.Fn ENGINE_register_RAND , -.Fn ENGINE_register_ciphers , -.Fn ENGINE_register_digests , -and -.Fn ENGINE_register_complete -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_ECDH , -.Fn ENGINE_register_ECDSA , -and -.Fn ENGINE_register_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh BUGS -.Fn ENGINE_register_complete -ignores all errors, even memory allocation failure, and always returns 1. diff --git a/man/ENGINE_register_all_RSA.3 b/man/ENGINE_register_all_RSA.3 deleted file mode 100644 index 3016eec3..00000000 --- a/man/ENGINE_register_all_RSA.3 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_REGISTER_ALL_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_register_all_RSA , -.Nm ENGINE_register_all_DSA , -.Nm ENGINE_register_all_ECDH , -.Nm ENGINE_register_all_ECDSA , -.Nm ENGINE_register_all_DH , -.Nm ENGINE_register_all_RAND , -.Nm ENGINE_register_all_STORE , -.Nm ENGINE_register_all_ciphers , -.Nm ENGINE_register_all_digests , -.Nm ENGINE_register_all_complete , -.Nm ENGINE_load_builtin_engines , -.Nm ENGINE_load_dynamic -.Nd register all engines as implementing an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fn ENGINE_register_all_RSA void -.Ft void -.Fn ENGINE_register_all_DSA void -.Ft void -.Fn ENGINE_register_all_ECDH void -.Ft void -.Fn ENGINE_register_all_ECDSA void -.Ft void -.Fn ENGINE_register_all_DH void -.Ft void -.Fn ENGINE_register_all_RAND void -.Ft void -.Fn ENGINE_register_all_STORE void -.Ft void -.Fn ENGINE_register_all_ciphers void -.Ft void -.Fn ENGINE_register_all_digests void -.Ft int -.Fn ENGINE_register_all_complete void -.Ft void -.Fn ENGINE_load_builtin_engines void -.Ft void -.Fn ENGINE_load_dynamic void -.Sh DESCRIPTION -These functions loop over all the -.Vt ENGINE -objects contained in the global table described in the -.Xr ENGINE_add 3 -manual page. -They register each object for the respective algorithm -by calling the corresponding function described in -.Xr ENGINE_register_RSA 3 . -.Pp -.Fn ENGINE_register_all_complete -calls -.Fn ENGINE_register_complete -in this way, except that it skips those -.Vt ENGINE -objects that have the -.Dv ENGINE_FLAGS_NO_REGISTER_ALL -flag set with -.Xr ENGINE_set_flags 3 . -.Pp -.Fn ENGINE_load_builtin_engines -calls -.Xr OPENSSL_init_crypto 3 -with no options, loads any built-in engines -that are enabled by default, and calls -.Fn ENGINE_register_all_complete . -Currently, LibreSSL does not provide any engines. -.Sy GOST -and -.Sy aesni -support is provided by the crypto library itself -and does not require any engines, not even built-in ones. -.Pp -.Fn ENGINE_load_dynamic -has no effect and is only provided for compatibility. -.Sh SEE ALSO -.Xr ENGINE_add 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_flags 3 , -.Xr OPENSSL_config 3 , -.Xr OPENSSL_init_crypto 3 -.Sh HISTORY -.Fn ENGINE_register_all_RSA , -.Fn ENGINE_register_all_DSA , -.Fn ENGINE_register_all_DH , -.Fn ENGINE_register_all_RAND , -.Fn ENGINE_register_all_ciphers , -.Fn ENGINE_register_all_digests , -.Fn ENGINE_register_all_complete , -.Fn ENGINE_load_builtin_engines , -and -.Fn ENGINE_load_dynamic -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_register_all_ECDH , -.Fn ENGINE_register_all_ECDSA , -and -.Fn ENGINE_register_all_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/man/ENGINE_set_RSA.3 b/man/ENGINE_set_RSA.3 deleted file mode 100644 index b2cec473..00000000 --- a/man/ENGINE_set_RSA.3 +++ /dev/null @@ -1,317 +0,0 @@ -.\" $OpenBSD: ENGINE_set_RSA.3,v 1.7 2023/07/21 04:29:27 tb Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: July 21 2023 $ -.Dt ENGINE_SET_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_set_RSA , -.Nm ENGINE_get_RSA , -.Nm ENGINE_set_DSA , -.Nm ENGINE_get_DSA , -.Nm ENGINE_set_EC , -.Nm ENGINE_get_EC , -.Nm ENGINE_set_DH , -.Nm ENGINE_get_DH , -.Nm ENGINE_set_RAND , -.Nm ENGINE_get_RAND , -.Nm ENGINE_set_STORE , -.Nm ENGINE_get_STORE , -.Nm ENGINE_set_ciphers , -.Nm ENGINE_get_ciphers , -.Nm ENGINE_get_cipher , -.Nm ENGINE_set_digests , -.Nm ENGINE_get_digests , -.Nm ENGINE_get_digest -.Nd install and retrieve function tables of crypto engines -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_RSA -.Fa "ENGINE *e" -.Fa "const RSA_METHOD *rsa_meth" -.Fc -.Ft const RSA_METHOD * -.Fo ENGINE_get_RSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DSA -.Fa "ENGINE *e" -.Fa "const DSA_METHOD *dsa_meth" -.Fc -.Ft const DSA_METHOD * -.Fo ENGINE_get_DSA -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_EC -.Fa "ENGINE *e" -.Fa "const EC_KEY_METHOD *ec_meth" -.Fc -.Ft const EC_KEY_METHOD * -.Fo ENGINE_get_EC -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_DH -.Fa "ENGINE *e" -.Fa "const DH_METHOD *dh_meth" -.Fc -.Ft const DH_METHOD * -.Fo ENGINE_get_DH -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_RAND -.Fa "ENGINE *e" -.Fa "const RAND_METHOD *rand_meth" -.Fc -.Ft const RAND_METHOD * -.Fo ENGINE_get_RAND -.Fa "const ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_STORE -.Fa "ENGINE *e" -.Fa "const STORE_METHOD *rand_meth" -.Fc -.Ft const STORE_METHOD * -.Fo ENGINE_get_STORE -.Fa "const ENGINE *e" -.Fc -.Ft typedef int -.Fo (*ENGINE_CIPHERS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_CIPHER **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_ciphers -.Fa "ENGINE *e" -.Fa "ENGINE_CIPHERS_PTR f" -.Fc -.Ft ENGINE_CIPHERS_PTR -.Fo ENGINE_get_ciphers -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_CIPHER * -.Fo ENGINE_get_cipher -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Ft typedef int -.Fo (*ENGINE_DIGESTS_PTR) -.Fa "ENGINE *e" -.Fa "const EVP_MD **impl" -.Fa "const int **nids" -.Fa "int nid" -.Fc -.Ft int -.Fo ENGINE_set_digests -.Fa "ENGINE *e" -.Fa "ENGINE_DIGESTS_PTR f" -.Fc -.Ft ENGINE_DIGESTS_PTR -.Fo ENGINE_get_digests -.Fa "const ENGINE *e" -.Fc -.Ft const EVP_MD * -.Fo ENGINE_get_digest -.Fa "ENGINE *e" -.Fa "int nid" -.Fc -.Sh DESCRIPTION -The -.Fn ENGINE_set_* -functions install a table of function pointers -implementing the respective algorithm in -.Fa e . -Partial information about the various method objects is available from -.Xr RSA_meth_new 3 , -.Xr RSA_get_default_method 3 , -.Xr DSA_meth_new 3 , -.Xr DSA_get_default_method 3 , -.Xr EC_KEY_get_default_method 3 , -.Xr DH_get_default_method 3 , -.Xr RAND_get_rand_method 3 , -.Xr EVP_get_cipherbynid 3 , -and -.Xr EVP_get_digestbynid 3 . -.Vt STORE_METHOD -is an incomplete type, and the pointers to it are not used for anything. -For complete descriptions of these types, -refer to the respective header files. -.Pp -The functions described in the -.Xr ENGINE_register_RSA 3 -and -.Xr ENGINE_set_default 3 -manual pages only have an effect after function pointers -were installed using the functions described here. -.Pp -.Fn ENGINE_set_ciphers -and -.Fn ENGINE_set_digests -are special in so far as the -.Vt ENGINE -structure does not provide fields to store function pointers -implementing ciphers or digests. -Instead, these two functions only install a callback to -retrieve implementations. -Where the pointers to the implementations are stored internally, -how they get initialized, and how the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks retrieve them -is up to the implementation of each individual engine. -.Pp -If the -.Vt ENGINE_CIPHERS_PTR -and -.Vt ENGINE_DIGESTS_PTR -callbacks are called with a non-zero -.Fa nid , -they retrieve the implementation of that cipher or digest, -respectively. -In this case, a -.Dv NULL -pointer can be passed as the -.Fa nids -argument. -.Fn ENGINE_get_cipher -and -.Fn ENGINE_get_digest -call the callbacks installed in -.Fa e -in this way. -.Pp -If 0 is passed as the -.Fa nid -argument, an internal pointer -to the array of implementations available in -.Fa e -is returned in -.Pf * Fa impl , -and an internal pointer -to the array of corresponding identifiers in -.Pf * Fa nids . -The return value of the callback indicates -the number of implementations returned. -.Pp -The -.Fn ENGINE_get_* -functions retrieve the previously installed function tables. -They are used when constructing basic cryptographic objects -as shown in the following table: -.Bl -column "ENGINE_get_digestMM" -.It Accessor: Ta Called by: -.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3 -.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3 -.It Fn ENGINE_get_EC Ta Xr EC_KEY_new_method 3 , Xr EC_KEY_new 3 , -.Xr EC_KEY_new_by_curve_name 3 -.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3 -.It Fn ENGINE_get_RAND Ta unused -.It Fn ENGINE_get_STORE Ta unused -.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3 -.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3 -.El -.Sh RETURN VALUES -The -.Fn ENGINE_set_* -functions return 1 on success or 0 on error. -Currently, they cannot fail. -.Pp -The -.Fn ENGINE_get_* -functions return a method object for the respective algorithm, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_ciphers -and -.Fn ENGINE_get_digests -return a function pointer to the respective callback, or -.Dv NULL -if none is installed. -.Pp -.Fn ENGINE_get_cipher -returns an -.Vt EVP_CIPHER -object implementing the cipher -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that cipher. -.Pp -.Fn ENGINE_get_digest -returns an -.Vt EVP_MD -object implementing the digest -.Fa nid -or -.Dv NULL -if -.Fa e -does not implement that digest. -.Sh SEE ALSO -.Xr DSA_new 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 , -.Xr ENGINE_set_flags 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_EncryptInit 3 , -.Xr RSA_new 3 -.Sh HISTORY -.Fn ENGINE_set_RSA , -.Fn ENGINE_get_RSA , -.Fn ENGINE_set_DSA , -.Fn ENGINE_get_DSA , -.Fn ENGINE_set_DH , -.Fn ENGINE_get_DH , -.Fn ENGINE_set_RAND , -.Fn ENGINE_get_RAND , -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_ciphers , -.Fn ENGINE_get_ciphers , -.Fn ENGINE_get_cipher , -.Fn ENGINE_set_digests , -.Fn ENGINE_get_digests , -and -.Fn ENGINE_get_digest -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_STORE -and -.Fn ENGINE_get_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Fn ENGINE_set_EC -and -.Fn ENGINE_get_EC -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 6.5 . diff --git a/man/ENGINE_set_default.3 b/man/ENGINE_set_default.3 deleted file mode 100644 index c2655f2b..00000000 --- a/man/ENGINE_set_default.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" $OpenBSD: ENGINE_set_default.3,v 1.4 2019/06/03 14:43:15 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: June 3 2019 $ -.Dt ENGINE 3 -.Os -.Sh NAME -.Nm ENGINE_set_default , -.Nm ENGINE_set_default_string , -.Nm ENGINE_set_default_RSA , -.Nm ENGINE_set_default_DSA , -.Nm ENGINE_set_default_ECDH , -.Nm ENGINE_set_default_ECDSA , -.Nm ENGINE_set_default_DH , -.Nm ENGINE_set_default_RAND , -.Nm ENGINE_set_default_ciphers , -.Nm ENGINE_set_default_digests -.Nd register an ENGINE as the default for an algorithm -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_default_RSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_DH -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_RAND -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_ciphers -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default_digests -.Fa "ENGINE *e" -.Fc -.Ft int -.Fo ENGINE_set_default -.Fa "ENGINE *e" -.Fa "unsigned int flags" -.Fc -.Ft int -.Fo ENGINE_set_default_string -.Fa "ENGINE *e" -.Fa "const char *list" -.Fc -.Sh DESCRIPTION -These functions register -.Fa e -as implementing the respective algorithm -like the functions described in the -.Xr ENGINE_register_RSA 3 -manual page do it. -In addition, they call -.Xr ENGINE_init 3 -on -.Fa e -and select -.Fa e -as the default implementation of the respective algorithm to be -returned by the functions described in -.Xr ENGINE_get_default_RSA 3 -in the future. -If another engine was previously selected -as the default implementation of the respective algorithm, -.Xr ENGINE_finish 3 -is called on that previous engine. -.Pp -If -.Fa e -implements more than one cipher or digest, -.Fn ENGINE_set_default_ciphers -and -.Fn ENGINE_set_default_digests -register and select it for all these ciphers and digests, respectively. -.Pp -.Fn ENGINE_set_default -registers -.Fa e -as the default implementation of all algorithms specified by the -.Fa flags -by calling the appropriate ones among the other functions. -Algorithms can be selected by combining any number of the -following constants with bitwise OR: -.Dv ENGINE_METHOD_ALL , -.Dv ENGINE_METHOD_RSA , -.Dv ENGINE_METHOD_DSA , -.Dv ENGINE_METHOD_ECDH , -.Dv ENGINE_METHOD_ECDSA , -.Dv ENGINE_METHOD_DH , -.Dv ENGINE_METHOD_RAND , -.Dv ENGINE_METHOD_CIPHERS , -.Dv ENGINE_METHOD_DIGESTS , -.Dv ENGINE_METHOD_PKEY_METHS , -and -.Dv ENGINE_METHOD_PKEY_ASN1_METHS . -.Pp -.Fn ENGINE_set_default_string -is similar except that it selects the algorithms according to the string -.Fa def_list , -which contains an arbitrary number of comma-separated keywords from -the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, -DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY. -PKEY_CRYPTO corresponds to -.Dv ENGINE_METHOD_PKEY_METHS , -PKEY_ASN1 to -.Dv ENGINE_METHOD_PKEY_ASN1_METHS , -and PKEY selects both. -.Sh RETURN VALUES -These functions return 1 on success or 0 on error. -They fail if -.Xr ENGINE_init 3 -fails or if insufficient memory is available. -.Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_RSA 3 , -.Xr ENGINE_unregister_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_default , -.Fn ENGINE_set_default_RSA , -.Fn ENGINE_set_default_DSA , -.Fn ENGINE_set_default_DH , -and -.Fn ENGINE_set_default_RAND -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 2.9 . -.Pp -.Fn ENGINE_set_default_string , -.Fn ENGINE_set_default_ciphers , -and -.Fn ENGINE_set_default_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_set_default_ECDH -and -.Fn ENGINE_set_default_ECDSA -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . -.Sh CAVEATS -Failure of -.Xr ENGINE_finish 3 -is ignored. -.Sh BUGS -Even when -.Fn ENGINE_set_default -or -.Fn ENGINE_set_default_string -fail, they typically still register -.Fa e -for some algorithms, but usually not for all it could be registered -for by calling the individual functions. diff --git a/man/ENGINE_set_flags.3 b/man/ENGINE_set_flags.3 deleted file mode 100644 index 33e8f333..00000000 --- a/man/ENGINE_set_flags.3 +++ /dev/null @@ -1,92 +0,0 @@ -.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_SET_FLAGS 3 -.Os -.Sh NAME -.Nm ENGINE_set_flags , -.Nm ENGINE_get_flags -.Nd modify the behaviour of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft int -.Fo ENGINE_set_flags -.Fa "ENGINE *e" -.Fa "int flags" -.Fc -.Ft int -.Fo ENGINE_get_flags -.Fa "const ENGINE *e" -.Fc -.Sh DESCRIPTION -.Fn ENGINE_set_flags -sets the flags attribute of -.Fa e -to the new -.Fa flags . -The previous state of the flags attribute is overwritten. -Flags that were previously set are cleared -unless they are also present in the new -.Fa flags . -.Pp -The -.Fa flags -argument can be the bitwise OR of zero or more -of the following constants: -.Bl -tag -width Ds -.It Dv ENGINE_FLAGS_BY_ID_COPY -.Xr ENGINE_by_id 3 -returns a shallow copy of the -.Vt ENGINE -object it found rather than incrementing the reference count -and returning a pointer to the original. -.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL -.Xr ENGINE_ctrl 3 -lets the function installed with -.Xr ENGINE_set_ctrl_function 3 -handle all commands except -.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , -even the builtin commands. -.It Dv ENGINE_FLAGS_NO_REGISTER_ALL -.Xr ENGINE_register_all_complete 3 -skips -.Fa e . -.El -.Sh RETURN VALUES -.Fn ENGINE_set_flags -always returns 1. -.Pp -.Fn ENGINE_get_flags -returns the -.Fa flags -attribute of -.Fa e . -.Sh SEE ALSO -.Xr ENGINE_by_id 3 , -.Xr ENGINE_ctrl 3 , -.Xr ENGINE_init 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_all_complete 3 , -.Xr ENGINE_set_RSA 3 -.Sh HISTORY -.Fn ENGINE_set_flags -and -.Fn ENGINE_get_flags -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . diff --git a/man/ENGINE_unregister_RSA.3 b/man/ENGINE_unregister_RSA.3 deleted file mode 100644 index d0373063..00000000 --- a/man/ENGINE_unregister_RSA.3 +++ /dev/null @@ -1,119 +0,0 @@ -.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ -.\" content checked up to: -.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 -.\" -.\" Copyright (c) 2018 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: April 18 2018 $ -.Dt ENGINE_UNREGISTER_RSA 3 -.Os -.Sh NAME -.Nm ENGINE_unregister_RSA , -.Nm ENGINE_unregister_DSA , -.Nm ENGINE_unregister_ECDH , -.Nm ENGINE_unregister_ECDSA , -.Nm ENGINE_unregister_DH , -.Nm ENGINE_unregister_RAND , -.Nm ENGINE_unregister_STORE , -.Nm ENGINE_unregister_ciphers , -.Nm ENGINE_unregister_digests -.Nd revoke the registration of an ENGINE object -.Sh SYNOPSIS -.In openssl/engine.h -.Ft void -.Fo ENGINE_unregister_RSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ECDSA -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_DH -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_RAND -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_STORE -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_ciphers -.Fa "ENGINE *e" -.Fc -.Ft void -.Fo ENGINE_unregister_digests -.Fa "ENGINE *e" -.Fc -.Sh DESCRIPTION -These functions remove -.Fa e -from the list of -.Vt ENGINE -objects that were previously registered for the respective algorithm -with the functions described in -.Xr ENGINE_register_RSA 3 . -.Pp -If -.Fa e -is currently used as the default engine for the algorithm -as described in the -.Fn ENGINE_set_default 3 -and -.Fn ENGINE_get_default_RSA 3 -manual pages, -.Xr ENGINE_finish 3 -is also called. -.Pp -.Fn ENGINE_unregister_ciphers -and -.Fn ENGINE_unregister_digests -unregister -.Fa e -for all ciphers or digests, respectively. -.Sh SEE ALSO -.Xr ENGINE_cleanup 3 , -.Xr ENGINE_finish 3 , -.Xr ENGINE_new 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default 3 -.Sh HISTORY -.Fn ENGINE_unregister_RSA , -.Fn ENGINE_unregister_DSA , -.Fn ENGINE_unregister_DH , -.Fn ENGINE_unregister_RAND , -.Fn ENGINE_unregister_ciphers , -and -.Fn ENGINE_unregister_digests -first appeared in OpenSSL 0.9.7 and have been available since -.Ox 3.2 . -.Pp -.Fn ENGINE_unregister_ECDH , -.Fn ENGINE_unregister_ECDSA , -and -.Fn ENGINE_unregister_STORE -first appeared in OpenSSL 0.9.8 and have been available since -.Ox 4.5 . diff --git a/man/ERR_load_crypto_strings.3 b/man/ERR_load_crypto_strings.3 index 72d10b03..2bca8af6 100644 --- a/man/ERR_load_crypto_strings.3 +++ b/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.11 2023/07/21 10:45:44 tb Exp $ +.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.12 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 .\" selective merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 21 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt ERR_LOAD_CRYPTO_STRINGS 3 .Os .Sh NAME @@ -89,7 +89,6 @@ .\" ERR_load_EC_strings() .\" ERR_load_ERR_strings() .\" ERR_load_EVP_strings() -.\" ERR_load_GOST_strings() .\" ERR_load_OBJ_strings() .\" ERR_load_OCSP_strings() .\" ERR_load_PEM_strings() diff --git a/man/EVP_CIPHER_CTX_init.3 b/man/EVP_CIPHER_CTX_init.3 new file mode 100644 index 00000000..f328fc05 --- /dev/null +++ b/man/EVP_CIPHER_CTX_init.3 @@ -0,0 +1,205 @@ +.\" $OpenBSD: EVP_CIPHER_CTX_init.3,v 1.3 2023/12/26 22:13:00 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL EVP_EncryptInit.pod 0874d7f2 Oct 11 13:13:47 2022 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018, 2019, 2023 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson +.\" and Richard Levitte . +.\" Copyright (c) 2000-2001, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 26 2023 $ +.Dt EVP_CIPHER_CTX_INIT 3 +.Os +.Sh NAME +.Nm EVP_CIPHER_CTX_init , +.Nm EVP_CIPHER_CTX_cleanup , +.Nm EVP_Cipher +.Nd obsolete EVP cipher functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fo EVP_CIPHER_CTX_init +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_cleanup +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_Cipher +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "const unsigned char *in" +.Fa "unsigned int in_len" +.Fc +.Sh DESCRIPTION +.Fn EVP_CIPHER_CTX_init +is a deprecated function that could be used to clear a cipher context +on the stack before +.Vt EVP_CIPHER_CTX +was made opaque. +Calling it on a cipher context just returned from +.Xr EVP_CIPHER_CTX_new 3 +has no effect. +Calling it on a cipher context that was already used leaks memory. +Instead, use +.Xr EVP_CIPHER_CTX_reset 3 +or +.Xr EVP_CIPHER_CTX_free 3 . +.Pp +.Fn EVP_CIPHER_CTX_cleanup +is a deprecated alias for +.Xr EVP_CIPHER_CTX_reset 3 . +It clears all information from +.Fa ctx +and frees all allocated memory associated with it, except the +.Fa ctx +object itself. +.Pp +.Fn EVP_Cipher +exposes implementation details of the functions +.Xr EVP_CipherUpdate 3 +and +.Xr EVP_CipherFinal 3 +that should never have become part of the public API. +.Pp +If the flag +.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER +is set for the cipher used by +.Fa ctx , +behaviour depends on +.Fa in . +If that argument is +.Dv NULL +and +.Fa in_len +is 0, behaviour is similar to +.Xr EVP_CipherFinal 3 ; +if +.Fa in_len +is not 0, behaviour is undefined. +If +.Fa in +is not +.Dv NULL , +behaviour is similar to +.Xr EVP_CipherUpdate 3 . +In both cases, the exceptions to the similarity are that arguments +and return values differ. +.Pp +If the flag +.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER +is not set for the cipher used by +.Fa ctx , +it encrypts or decrypts aligned blocks of data +whose lengths match the cipher block size. +It requires that the previous encryption or decryption operation +using the same +.Fa ctx , +if there was any, ended exactly on a block boundary and that +.Fa in_len +is an integer multiple of the cipher block size. +If either of these conditions is violated, +.Fn EVP_Cipher +silently produces incorrect results. +For that reason, using the function +.Xr EVP_CipherUpdate 3 +instead is strongly recommended. +The latter can safely handle partial blocks, and even if +.Fa in_len +actually is a multiple of the cipher block size for all calls, +the overhead incurred by using +.Xr EVP_CipherUpdate 3 +is minimal. +.Sh RETURN VALUES +.Fn EVP_CIPHER_CTX_cleanup +returns 1 for success or 0 for failure. +.Pp +With +.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER , +.Fn EVP_Cipher +returns the number of bytes written to +.Fa out +for success or \-1 for failure. +Without +.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER , +it returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_Cipher +first appeared in SSLeay 0.6.5. +.Fn EVP_CIPHER_CTX_cleanup +first appeared in SSLeay 0.8.0. +.Fn EVP_CIPHER_CTX_init +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Sh CAVEATS +Checking the return value of +.Fn EVP_Cipher +requires unusual caution: zero signals success if +.Dv EVP_CIPH_FLAG_CUSTOM_CIPHER +is set or failure otherwise. diff --git a/man/EVP_CIPHER_do_all.3 b/man/EVP_CIPHER_do_all.3 index 1d43d503..9411a41f 100644 --- a/man/EVP_CIPHER_do_all.3 +++ b/man/EVP_CIPHER_do_all.3 @@ -1,6 +1,7 @@ -.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.1 2023/08/30 00:58:57 tb Exp $ +.\" $OpenBSD: EVP_CIPHER_do_all.3,v 1.2 2024/01/31 08:02:53 tb Exp $ .\" -.\" Copyright (c) 2023 Theo Buehler +.\" Copyright (c) 2023,2024 Theo Buehler +.\" Copyright (c) 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 30 2023 $ +.Dd $Mdocdate: January 31 2024 $ .Dt EVP_CIPHER_DO_ALL 3 .Os .Sh NAME @@ -49,6 +50,27 @@ const char *to, void *arg)" .Fa "void *arg" .Fc +.Bd -literal +typedef struct { + int type; + int alias; + const char *name; + const char *data; +} OBJ_NAME; +.Ed +.Pp +.Ft void +.Fo OBJ_NAME_do_all +.Fa "int type" +.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)" +.Fa "void *arg" +.Fc +.Ft void +.Fo OBJ_NAME_do_all_sorted +.Fa "int type" +.Fa "void (*fn)(const OBJ_NAME *obj_name, void *arg)" +.Fa "void *arg" +.Fc .Sh DESCRIPTION .Fn EVP_CIPHER_do_all calls @@ -117,18 +139,71 @@ in lexicographic order of their .Fa from names as determined by .Xr strcmp 3 . +.Pp +.Vt OBJ_NAME +is an abstraction of the types underlying the lookup tables +for ciphers and their aliases, and digests and their aliases, respectively. +For a cipher, +.Fa type +is +.Dv OBJ_NAME_TYPE_CIPHER_METH , +.Fa alias +is 0, +.Fa name +is its lookup name and +.Fa data +is the +.Vt EVP_CIPHER +object it represents, cast to +.Vt const char * . +For a cipher alias, +.Fa type +is +.Dv OBJ_NAME_TYPE_CIPHER_METH , +.Fa alias +is +.Dv OBJ_NAME_ALIAS , +.Fa name +is its lookup name and +.Fa data +is the name it aliases. +Digests representing an +.Vt EVP_MD +object and their aliases are represented similarly, except that their type is +.Dv OBJ_NAME_TYPE_MD_METH . +.Pp +.Fn OBJ_NAME_do_all +calls +.Fa fn +on every +.Fa obj_name +in the table that has the given +.Fa type +(either +.Dv OBJ_NAME_TYPE_CIPHER_METH +or +.Dv OBJ_NAME_TYPE_MD_METH ) , +also passing the +.Fa arg +pointer. +.Fn OBJ_NAME_do_all_sorted +is similar except that it processes the +.Fa obj_name +in lexicographic order of their names as determined by +.Xr strcmp 3 . .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_add_cipher 3 , -.Xr OBJ_NAME_do_all 3 +.Xr EVP_get_cipherbyname 3 , +.Xr EVP_get_digestbyname 3 .Sh HISTORY These functions first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . -.Sh BUGS -.Fn EVP_CIPHER_do_all_sorted +.Sh CAVEATS +.Fn EVP_CIPHER_do_all_sorted , +.Fn EVP_MD_do_all_sorted , and -.Fn EVP_MD_do_all_sorted -are wrappers of -.Xr OBJ_NAME_do_all_sorted 3 . -In particular, if memory allocation fails, they do nothing at all +.Fn OBJ_NAME_do_all_sorted +cannot report errors. +In some implementations they need to allocate internally and +if memory allocation fails they do nothing at all, without telling the caller about the problem. diff --git a/man/EVP_CIPHER_meth_new.3 b/man/EVP_CIPHER_meth_new.3 index 4ea8f8df..187dab6d 100644 --- a/man/EVP_CIPHER_meth_new.3 +++ b/man/EVP_CIPHER_meth_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.5 2023/09/10 05:22:46 jsg Exp $ +.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.6 2024/03/04 09:49:07 tb Exp $ .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2023 $ +.Dd $Mdocdate: March 4 2024 $ .Dt EVP_CIPHER_METH_NEW 3 .Os .Sh NAME @@ -233,18 +233,6 @@ function with a command of .Dv EVP_CTRL_INIT early during the setup. -.It Dv EVP_CIPH_CUSTOM_KEY_LENGTH -Instruct -.Xr EVP_CIPHER_CTX_set_key_length 3 -to not check and set the key length itself, -but to leave that to the implementation by instead calling its -.Fa ctrl -function with a command -.Fa type -of -.Dv EVP_CTRL_SET_KEY_LENGTH -and the key length in -.Fa arg . .It Dv EVP_CIPH_NO_PADDING Instruct .Xr EVP_CipherFinal_ex 3 diff --git a/man/EVP_DigestInit.3 b/man/EVP_DigestInit.3 index a5ce6f84..a578d99e 100644 --- a/man/EVP_DigestInit.3 +++ b/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_DigestInit.3,v 1.31 2023/09/07 19:59:58 schwarze Exp $ +.\" $OpenBSD: EVP_DigestInit.3,v 1.32 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -70,7 +70,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_DIGESTINIT 3 .Os .Sh NAME @@ -533,7 +533,6 @@ main(int argc, char *argv[]) .Xr EVP_DigestSignInit 3 , .Xr EVP_DigestVerifyInit 3 , .Xr EVP_MD_CTX_ctrl 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 , .Xr EVP_PKEY_CTX_set_signature_md 3 , .Xr EVP_PKEY_meth_set_signctx 3 , diff --git a/man/EVP_EncryptInit.3 b/man/EVP_EncryptInit.3 index ddec4e7e..e8d22d86 100644 --- a/man/EVP_EncryptInit.3 +++ b/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_EncryptInit.3,v 1.48 2023/08/31 17:27:41 schwarze Exp $ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.51 2023/12/26 22:13:00 schwarze Exp $ .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 .\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod .\" 7c6d372a Nov 20 13:20:01 2018 +0000 @@ -69,14 +69,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2023 $ +.Dd $Mdocdate: December 26 2023 $ .Dt EVP_ENCRYPTINIT 3 .Os .Sh NAME .Nm EVP_CIPHER_CTX_new , .Nm EVP_CIPHER_CTX_reset , -.Nm EVP_CIPHER_CTX_cleanup , -.Nm EVP_CIPHER_CTX_init , .Nm EVP_CIPHER_CTX_free , .Nm EVP_CIPHER_CTX_copy , .Nm EVP_EncryptInit_ex , @@ -94,7 +92,6 @@ .Nm EVP_DecryptFinal , .Nm EVP_CipherInit , .Nm EVP_CipherFinal , -.Nm EVP_Cipher , .Nm EVP_CIPHER_CTX_encrypting , .Nm EVP_get_cipherbyname , .Nm EVP_get_cipherbynid , @@ -132,14 +129,6 @@ .Fo EVP_CIPHER_CTX_reset .Fa "EVP_CIPHER_CTX *ctx" .Fc -.Ft int -.Fo EVP_CIPHER_CTX_cleanup -.Fa "EVP_CIPHER_CTX *ctx" -.Fc -.Ft void -.Fo EVP_CIPHER_CTX_init -.Fa "EVP_CIPHER_CTX *ctx" -.Fc .Ft void .Fo EVP_CIPHER_CTX_free .Fa "EVP_CIPHER_CTX *ctx" @@ -161,15 +150,15 @@ .Fo EVP_EncryptUpdate .Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "int *outl" +.Fa "int *out_len" .Fa "const unsigned char *in" -.Fa "int inl" +.Fa "int in_len" .Fc .Ft int .Fo EVP_EncryptFinal_ex .Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "int *outl" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_DecryptInit_ex @@ -183,15 +172,15 @@ .Fo EVP_DecryptUpdate .Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "int *outl" +.Fa "int *out_len" .Fa "const unsigned char *in" -.Fa "int inl" +.Fa "int in_len" .Fc .Ft int .Fo EVP_DecryptFinal_ex .Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" +.Fa "unsigned char *out" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_CipherInit_ex @@ -206,15 +195,15 @@ .Fo EVP_CipherUpdate .Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "int *outl" +.Fa "int *out_len" .Fa "const unsigned char *in" -.Fa "int inl" +.Fa "int in_len" .Fc .Ft int .Fo EVP_CipherFinal_ex .Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" +.Fa "unsigned char *out" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_EncryptInit @@ -227,7 +216,7 @@ .Fo EVP_EncryptFinal .Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "int *outl" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_DecryptInit @@ -239,8 +228,8 @@ .Ft int .Fo EVP_DecryptFinal .Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" +.Fa "unsigned char *out" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_CipherInit @@ -253,15 +242,8 @@ .Ft int .Fo EVP_CipherFinal .Fa "EVP_CIPHER_CTX *ctx" -.Fa "unsigned char *outm" -.Fa "int *outl" -.Fc -.Ft int -.Fo EVP_Cipher -.Fa "EVP_CIPHER_CTX *ctx" .Fa "unsigned char *out" -.Fa "const unsigned char *in" -.Fa "unsigned int inl" +.Fa "int *out_len" .Fc .Ft int .Fo EVP_CIPHER_CTX_encrypting @@ -300,16 +282,6 @@ object itself, such that it can be reused for another series of calls to .Fn EVP_CipherUpdate , and .Fn EVP_CipherFinal . -.Fn EVP_CIPHER_CTX_cleanup -is a deprecated alias for -.Fn EVP_CIPHER_CTX_reset . -.Pp -.Fn EVP_CIPHER_CTX_init -is a deprecated function to clear a cipher context on the stack -before use. -Do not use it on a cipher context returned from -.Fn EVP_CIPHER_CTX_new -or one that was already used. .Pp .Fn EVP_CIPHER_CTX_free clears all information from @@ -336,15 +308,13 @@ to .Fa out , except that the .Vt EVP_CIPHER -and -.Vt ENGINE -objects used by +object used by .Fa in and any application specific data set with .Xr EVP_CIPHER_CTX_set_app_data 3 are not copied and .Fa out -will point to the same three objects. +will point to the same two objects. The algorithm- and implementation-specific cipher data described in .Xr EVP_CIPHER_CTX_get_cipher_data 3 is copied with @@ -374,28 +344,27 @@ are used by some of the ciphers documented in the .Xr EVP_aes_256_gcm 3 manual page. .Pp +.Fn EVP_EncryptInit +and .Fn EVP_EncryptInit_ex -sets up the cipher context +set up the cipher context .Fa ctx for encryption with cipher -.Fa type -from -.Vt ENGINE -.Fa impl . +.Fa type . .Fa type is normally supplied by a function such as .Xr EVP_aes_256_cbc 3 . -If -.Fa impl -is -.Dv NULL , -then the default implementation is used. .Fa key is the symmetric key to use and .Fa iv is the IV to use (if necessary). The actual number of bytes used for the key and IV depends on the cipher. +The +.Fa ENGINE *impl +argument is always ignored and passing +.Dv NULL +is recommended. It is possible to set all parameters to .Dv NULL except @@ -409,7 +378,7 @@ This is done when the default cipher parameters are not appropriate. .Pp .Fn EVP_EncryptUpdate encrypts -.Fa inl +.Fa in_len bytes from the buffer .Fa in and writes the encrypted version to @@ -418,53 +387,67 @@ This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything -from zero bytes to (inl + cipher_block_size - 1) so +from zero bytes to +.Pq Fa in_len No + cipher_block_size - 1 +so .Fa out should contain sufficient room. The actual number of bytes written is placed in -.Fa outl . +.Pf * Fa out_len . .Pp If padding is enabled (the default) then -.Fn EVP_EncryptFinal_ex -encrypts the "final" data, that is any data that remains in a partial +.Fn EVP_EncryptFinal +and +.Fn EVP_EncryptFinal_ex , +which behave identically, +encrypt the "final" data, that is any data that remains in a partial block. It uses NOTES (aka PKCS padding). The encrypted final data is written to .Fa out which should have sufficient space for one cipher block. The number of bytes written is placed in -.Fa outl . +.Pf * Fa out_len . After this function is called, the encryption operation is finished and no further calls to .Fn EVP_EncryptUpdate should be made. .Pp If padding is disabled then +.Fn EVP_EncryptFinal +and .Fn EVP_EncryptFinal_ex -will not encrypt any more data and it will return an error if any data +do not encrypt any more data and return an error if any data remains in a partial block: that is if the total data length is not a multiple of the block size. .Pp +.Fn EVP_DecryptInit , .Fn EVP_DecryptInit_ex , .Fn EVP_DecryptUpdate , +.Fn EVP_DecryptFinal , and .Fn EVP_DecryptFinal_ex are the corresponding decryption operations. .Fn EVP_DecryptFinal -will return an error code if padding is enabled and the final block is +and +.Fn EVP_DecryptFinal_ex +return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer .Fa out passed to .Fn EVP_DecryptUpdate -should have sufficient room for (inl + cipher_block_size) bytes -unless the cipher block size is 1 in which case -.Fa inl +should have sufficient room for +.Pq Fa in_len No + cipher_block_size +bytes unless the cipher block size is 1 in which case +.Fa in_len bytes is sufficient. .Pp +.Fn EVP_CipherInit , .Fn EVP_CipherInit_ex , .Fn EVP_CipherUpdate , +.Fn EVP_CipherFinal , and .Fn EVP_CipherFinal_ex are functions that can be used for decryption or encryption. @@ -476,59 +459,6 @@ the value unchanged (the actual value of .Fa enc being supplied in a previous call). .Pp -.Fn EVP_EncryptInit , -.Fn EVP_DecryptInit , -and -.Fn EVP_CipherInit -are deprecated functions behaving like -.Fn EVP_EncryptInit_ex , -.Fn EVP_DecryptInit_ex , -and -.Fn EVP_CipherInit_ex -except that they always use the default cipher implementation -and that they require -.Fn EVP_CIPHER_CTX_reset -before they can be used on a context that was already used. -.Pp -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptFinal , -and -.Fn EVP_CipherFinal -are identical to -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptFinal_ex , -and -.Fn EVP_CipherFinal_ex . -In previous releases of OpenSSL, they also used to clean up the -.Fa ctx , -but this is no longer done and -.Fn EVP_CIPHER_CTX_reset -or -.Fn EVP_CIPHER_CTX_free -must be called to free any context resources. -.Pp -.Fn EVP_Cipher -encrypts or decrypts aligned blocks of data -whose lengths match the cipher block size. -It requires that the previous encryption or decryption operation -using the same -.Fa ctx , -if there was any, ended exactly on a block boundary and that -.Fa inl -is an integer multiple of the cipher block size. -If either of these conditions is violated, -.Fn EVP_Cipher -silently produces incorrect results. -For that reason, using the function -.Fn EVP_CipherUpdate -instead is strongly recommended. -The latter can safely handle partial blocks, and even if -.Fa inl -actually is a multiple of the cipher block size for all calls, -the overhead incurred by using -.Fn EVP_CipherUpdate -is minimal. -.Pp .Fn EVP_get_cipherbyname , .Fn EVP_get_cipherbynid , and @@ -570,25 +500,6 @@ final decrypt error. If padding is disabled then the decryption operation will always succeed if the total amount of data decrypted is a multiple of the block size. .Pp -The functions -.Fn EVP_EncryptInit , -.Fn EVP_EncryptFinal , -.Fn EVP_DecryptInit , -.Fn EVP_CipherInit , -and -.Fn EVP_CipherFinal -are obsolete but are retained for compatibility with existing code. -New code should use -.Fn EVP_EncryptInit_ex , -.Fn EVP_EncryptFinal_ex , -.Fn EVP_DecryptInit_ex , -.Fn EVP_DecryptFinal_ex , -.Fn EVP_CipherInit_ex , -and -.Fn EVP_CipherFinal_ex -because they can reuse an existing context without allocating and -freeing it up on each call. -.Pp .Fn EVP_get_cipherbynid and .Fn EVP_get_cipherbyobj @@ -602,7 +513,6 @@ for success or for failure. .Pp .Fn EVP_CIPHER_CTX_reset , -.Fn EVP_CIPHER_CTX_cleanup , .Fn EVP_CIPHER_CTX_copy , .Fn EVP_EncryptInit_ex , .Fn EVP_EncryptUpdate , @@ -618,9 +528,8 @@ for failure. .Fn EVP_DecryptInit , .Fn EVP_DecryptFinal , .Fn EVP_CipherInit , -.Fn EVP_CipherFinal , and -.Fn EVP_Cipher +.Fn EVP_CipherFinal return 1 for success or 0 for failure. .Pp .Fn EVP_CIPHER_CTX_encrypting @@ -729,13 +638,17 @@ To specify any additional authenticated data (AAD), a call to .Fn EVP_EncryptUpdate , or .Fn EVP_DecryptUpdate -should be made with the output parameter out set to +should be made with the output parameter +.Fa out +set to .Dv NULL . .Pp When decrypting, the return value of -.Fn EVP_DecryptFinal +.Fn EVP_DecryptFinal , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherFinal , or -.Fn EVP_CipherFinal +.Fn EVP_CipherFinal_ex indicates if the operation was successful. If it does not indicate success, the authentication operation has failed and any output data MUST NOT be used as it is corrupted. @@ -754,6 +667,8 @@ bytes of the tag value to the buffer indicated by This call can only be made when encrypting data and after all data has been processed, e.g. after an .Fn EVP_EncryptFinal +or +.Fn EVP_EncryptFinal_ex call. .It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag Sets the expected tag to @@ -775,7 +690,9 @@ by calling .Fn EVP_EncryptUpdate , or .Fn EVP_DecryptUpdate -with the output parameter out set to +with the output parameter +.Fa out +set to .Dv NULL . Additionally, the total plaintext or ciphertext length MUST be passed to @@ -789,7 +706,7 @@ parameters set to .Dv NULL and the length passed in the -.Fa inl +.Fa in_len parameter. .Pp The following ctrls are supported in CCM mode: @@ -815,25 +732,25 @@ The nonce length is given by 15 - L so it is 7 by default for AES. Encrypt a string using blowfish: .Bd -literal -offset 3n int -do_crypt(char *outfile) +do_crypt(char *out_filename) { - unsigned char outbuf[1024]; - int outlen, tmplen; + unsigned char out_buf[1024]; + int out_len, tmp_len; /* * Bogus key and IV: we'd normally set these from * another source. */ unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; - const char intext[] = "Some Crypto Text"; + const char in_text[] = "Some Crypto Text"; EVP_CIPHER_CTX *ctx; - FILE *out; + FILE *out_fileptr; ctx = EVP_CIPHER_CTX_new(); EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, - strlen(intext))) { + if (!EVP_EncryptUpdate(ctx, out_buf, &out_len, in_text, + strlen(in_text))) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; @@ -842,12 +759,12 @@ do_crypt(char *outfile) * Buffer passed to EVP_EncryptFinal() must be after data just * encrypted to avoid overwriting it. */ - if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { + if (!EVP_EncryptFinal_ex(ctx, out_buf + out_len, &tmp_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } - outlen += tmplen; + out_len += tmp_len; EVP_CIPHER_CTX_free(ctx); /* * Need binary mode for fopen because encrypted data is @@ -855,13 +772,13 @@ do_crypt(char *outfile) * it won't be NUL terminated and may contain embedded * NULs. */ - out = fopen(outfile, "wb"); - if (out == NULL) { + out_fileptr = fopen(out_filename, "wb"); + if (out_fileptr == NULL) { /* Error */ return 0; } - fwrite(outbuf, 1, outlen, out); - fclose(out); + fwrite(out_buf, 1, out_len, out_fileptr); + fclose(out_fileptr); return 1; } .Ed @@ -878,11 +795,11 @@ General encryption, decryption function example using FILE I/O and AES128 with a 128-bit key: .Bd -literal int -do_crypt(FILE *in, FILE *out, int do_encrypt) +do_crypt(FILE *in_fileptr, FILE *out_fileptr, int do_encrypt) { /* Allow enough space in output buffer for additional block */ - unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; - int inlen, outlen; + unsigned char in_buf[1024], out_buf[1024 + EVP_MAX_BLOCK_LENGTH]; + int in_len, out_len; EVP_CIPHER_CTX *ctx; /* @@ -898,23 +815,23 @@ do_crypt(FILE *in, FILE *out, int do_encrypt) EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); for (;;) { - inlen = fread(inbuf, 1, 1024, in); - if (inlen <= 0) + in_len = fread(in_buf, 1, 1024, in_fileptr); + if (in_len <= 0) break; - if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, - inlen)) { + if (!EVP_CipherUpdate(ctx, out_buf, &out_len, in_buf, + in_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } - fwrite(outbuf, 1, outlen, out); + fwrite(out_buf, 1, out_len, out_fileptr); } - if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { + if (!EVP_CipherFinal_ex(ctx, out_buf, &out_len)) { /* Error */ EVP_CIPHER_CTX_free(ctx); return 0; } - fwrite(outbuf, 1, outlen, out); + fwrite(out_buf, 1, out_len, out_fileptr); EVP_CIPHER_CTX_free(ctx); return 1; @@ -929,6 +846,7 @@ do_crypt(FILE *in, FILE *out, int do_encrypt) .Xr EVP_chacha20 3 , .Xr EVP_CIPHER_CTX_ctrl 3 , .Xr EVP_CIPHER_CTX_get_cipher_data 3 , +.Xr EVP_CIPHER_CTX_init 3 , .Xr EVP_CIPHER_CTX_set_flags 3 , .Xr EVP_CIPHER_nid 3 , .Xr EVP_des_cbc 3 , @@ -959,15 +877,12 @@ first appeared in SSLeay 0.5.1. and .Fn EVP_rc2_ofb first appeared in SSLeay 0.5.2. -.Fn EVP_Cipher -first appeared in SSLeay 0.6.5. .Fn EVP_bf_cbc , .Fn EVP_bf_ecb , .Fn EVP_bf_cfb , and .Fn EVP_bf_ofb first appeared in SSLeay 0.6.6. -.Fn EVP_CIPHER_CTX_cleanup , .Fn EVP_get_cipherbyobj , .Fn EVP_CIPHER_CTX_cipher , and @@ -975,8 +890,6 @@ and first appeared in SSLeay 0.8.0. .Fn EVP_get_cipherbynid first appeared in SSLeay 0.8.1. -.Fn EVP_CIPHER_CTX_init -first appeared in SSLeay 0.9.0. All these functions have been available since .Ox 2.4 . .Pp diff --git a/man/EVP_MD_CTX_ctrl.3 b/man/EVP_MD_CTX_ctrl.3 index 0aaeddd6..c8c148fa 100644 --- a/man/EVP_MD_CTX_ctrl.3 +++ b/man/EVP_MD_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.2 2023/09/07 19:28:37 schwarze Exp $ +.\" $OpenBSD: EVP_MD_CTX_ctrl.3,v 1.3 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod .\" 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -69,7 +69,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_MD_CTX_CTRL 3 .Os .Sh NAME @@ -236,8 +236,8 @@ is assigned. .Fn EVP_MD_CTX_md_data returns the digest method private data of .Fa ctx . -The space was allocated and its size set with -.Xr EVP_MD_meth_set_app_datasize 3 . +The space is allocated with a size determined at compile time. +The size is not exposed by an API. .Sh RETURN VALUES .Fn EVP_MD_CTX_ctrl returns 1 for success or 0 for failure. @@ -256,7 +256,6 @@ return pointers to storage owned by .Sh SEE ALSO .Xr evp 3 , .Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 .Sh HISTORY .Fn EVP_MD_CTX_set_flags , diff --git a/man/EVP_MD_meth_new.3 b/man/EVP_MD_meth_new.3 deleted file mode 100644 index 8a80cca0..00000000 --- a/man/EVP_MD_meth_new.3 +++ /dev/null @@ -1,352 +0,0 @@ -.\" $OpenBSD: EVP_MD_meth_new.3,v 1.5 2023/09/12 16:26:30 schwarze Exp $ -.\" selective merge up to: -.\" OpenSSL man3/EVP_MD_meth_new 0388d212 Dec 14 12:47:07 2018 -0800 -.\" -.\" This file is a derived work. -.\" The changes are covered by the following Copyright and license: -.\" -.\" Copyright (c) 2023 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" The original file was written by Richard Levitte -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: September 12 2023 $ -.Dt EVP_MD_METH_NEW 3 -.Os -.Sh NAME -.Nm EVP_MD_meth_dup , -.Nm EVP_MD_meth_new , -.Nm EVP_MD_meth_free , -.Nm EVP_MD_meth_set_input_blocksize , -.Nm EVP_MD_meth_set_result_size , -.Nm EVP_MD_meth_set_app_datasize , -.Nm EVP_MD_meth_set_flags , -.Nm EVP_MD_meth_set_init , -.Nm EVP_MD_meth_set_update , -.Nm EVP_MD_meth_set_final , -.Nm EVP_MD_meth_set_copy , -.Nm EVP_MD_meth_set_cleanup , -.Nm EVP_MD_meth_set_ctrl -.Nd Routines to build up EVP_MD methods -.Sh SYNOPSIS -.In openssl/evp.h -.Ft EVP_MD * -.Fo EVP_MD_meth_new -.Fa "int md_type" -.Fa "int pkey_type" -.Fc -.Ft void -.Fo EVP_MD_meth_free -.Fa "EVP_MD *md" -.Fc -.Ft EVP_MD * -.Fo EVP_MD_meth_dup -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_MD_meth_set_input_blocksize -.Fa "EVP_MD *md" -.Fa "int blocksize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_result_size -.Fa "EVP_MD *md" -.Fa "int resultsize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_app_datasize -.Fa "EVP_MD *md" -.Fa "int datasize" -.Fc -.Ft int -.Fo EVP_MD_meth_set_flags -.Fa "EVP_MD *md" -.Fa "unsigned long flags" -.Fc -.Ft int -.Fo EVP_MD_meth_set_init -.Fa "EVP_MD *md" -.Fa "int (*init)(EVP_MD_CTX *ctx)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_update -.Fa "EVP_MD *md" -.Fa "int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_final -.Fa "EVP_MD *md" -.Fa "int (*final)(EVP_MD_CTX *ctx, unsigned char *md)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_copy -.Fa "EVP_MD *md" -.Fa "int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_cleanup -.Fa "EVP_MD *md" -.Fa "int (*cleanup)(EVP_MD_CTX *ctx)" -.Fc -.Ft int -.Fo EVP_MD_meth_set_ctrl -.Fa "EVP_MD *md" -.Fa "int (*control)(EVP_MD_CTX *ctx, int command, int p1, void *p2)" -.Fc -.Sh DESCRIPTION -The -.Vt EVP_MD -type is a structure for digest method implementation. -It can also have associated public/private key signing and verifying -routines. -.Pp -.Fn EVP_MD_meth_new -creates a new -.Vt EVP_MD -structure. -.Pp -.Fn EVP_MD_meth_dup -creates a copy of -.Fa md . -.Pp -.Fn EVP_MD_meth_free -destroys a -.Vt EVP_MD -structure. -.Pp -.Fn EVP_MD_meth_set_input_blocksize -sets the internal input block size for the method -.Fa md -to -.Fa blocksize -bytes. -.Pp -.Fn EVP_MD_meth_set_result_size -sets the size of the result that the digest method in -.Fa md -is expected to produce to -.Fa resultsize -bytes. -.Pp -The digest method may have its own private data, which OpenSSL will -allocate for it. -.Fn EVP_MD_meth_set_app_datasize -should be used to set the size for it to -.Fa datasize . -.Pp -.Fn EVP_MD_meth_set_flags -sets the flags to describe optional behaviours in the particular -.Fa md . -Several flags can be or'd together. -The available flags are: -.Bl -tag -width Ds -.It Dv EVP_MD_FLAG_DIGALGID_NULL -When setting up a -.Vt DigestAlgorithmIdentifier -with -.Xr X509_ALGOR_set_md 3 , -set the parameter type to -.Dv V_ASN1_NULL -and the parameter value to -.Dv NULL . -This is the default, which means that it takes effect for -.Vt EVP_MD -objects that do not have -.Dv EVP_MD_FLAG_DIGALGID_ABSENT -set. -Use this for PKCS#1. -.It Dv EVP_MD_FLAG_DIGALGID_ABSENT -When setting up a -.Vt DigestAlgorithmIdentifier -with -.Xr X509_ALGOR_set_md 3 , -set the parameter type to -.Dv V_ASN1_UNDEF -and the parameter value to -.Dv NULL . -This is used by the -.Vt EVP_MD -objects documented in the manual page -.Xr EVP_sha3_224 3 -and by the objects returned from -.Xr EVP_sha512 3 , -.Xr EVP_sha512_256 3 , -.Xr EVP_sha512_224 3 , -.Xr EVP_sha384 3 , -.Xr EVP_sha256 3 , -.Xr EVP_sha224 3 , -.Xr EVP_sha1 3 , -and -.Xr EVP_sm3 3 . -.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM -This flag is reserved for user-defined -.Vt EVP_MD -objects supporting custom -.Vt DigestAlgorithmIdentifier -handling via -.Xr EVP_MD_CTX_ctrl 3 , -but actually, it is ignored by both LibreSSL and OpenSSL -and such user-defined behaviour is not supported by the libraries. -.It Dv EVP_MD_FLAG_FIPS -Mark the digest method as suitable for FIPS mode. -This flag is ignored by both LibreSSL and OpenSSL. -.It Dv EVP_MD_FLAG_ONESHOT -Intended to indicate that the digest method can only handle one block -of input, but actually, this flag is ignored by both LibreSSL and OpenSSL. -.El -.Pp -.Fn EVP_MD_meth_set_init -sets the digest init function for -.Fa md . -The digest init function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_DigestInit_ex 3 , -EVP_SignInit, -.Xr EVP_SignInit_ex 3 , -.Xr EVP_VerifyInit 3 -and -.Xr EVP_VerifyInit_ex 3 . -.Pp -.Fn EVP_MD_meth_set_update -sets the digest update function for -.Fa md . -The digest update function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestUpdate 3 -and -.Xr EVP_SignUpdate 3 . -.Pp -.Fn EVP_MD_meth_set_final -sets the digest final function for -.Fa md . -The digest final function is called by -.Xr EVP_Digest 3 , -.Xr EVP_DigestFinal 3 , -.Xr EVP_DigestFinal_ex 3 , -.Xr EVP_SignFinal 3 -and -.Xr EVP_VerifyFinal 3 . -.Pp -.Fn EVP_MD_meth_set_copy -sets the function for -.Fa md -to do extra computations after the method's private data structure has -been copied from one -.Vt EVP_MD_CTX -object to another. -If all that's needed is to copy the data, there is no need for this copy -function. -The copy function is passed two -.Vt EVP_MD_CTX -objects, the private data structure is then available with -.Xr EVP_MD_CTX_md_data 3 . -This copy function is called by -.Xr EVP_MD_CTX_copy 3 -and -.Xr EVP_MD_CTX_copy_ex 3 . -.Pp -.Fn EVP_MD_meth_set_cleanup -sets the function for -.Fa md -to do extra cleanup before the method's private data structure is -cleaned out and freed. -The cleanup function is passed an -.Vt EVP_MD_CTX -object, the private data structure is then available with -.Xr EVP_MD_CTX_md_data 3 . -This cleanup function is called by -.Xr EVP_MD_CTX_reset 3 -and -.Xr EVP_MD_CTX_free 3 . -.Pp -.Fn EVP_MD_meth_set_ctrl -sets the -.Fa control -function for -.Fa md . -The -.Fa control -function supplied by the application program has to return 1 to indicate -success, 0 to indicate failure, or \-1 if the -.Fa command -is not supported for this digest method. -See -.Xr EVP_MD_CTX_ctrl 3 -for the available -.Fa command -arguments. -.Sh RETURN VALUES -.Fn EVP_MD_meth_new -and -.Fn EVP_MD_meth_dup -return a pointer to a newly created -.Vt EVP_MD , -or NULL on failure. -All -.Fn EVP_MD_meth_set_* -functions return 1. -.Sh SEE ALSO -.Xr EVP_DigestInit 3 , -.Xr EVP_SignInit 3 , -.Xr EVP_VerifyInit 3 -.Sh HISTORY -All these functions -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 7.1 . diff --git a/man/EVP_MD_nid.3 b/man/EVP_MD_nid.3 index acc0c704..15806091 100644 --- a/man/EVP_MD_nid.3 +++ b/man/EVP_MD_nid.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_MD_nid.3,v 1.3 2023/09/07 16:32:41 schwarze Exp $ +.\" $OpenBSD: EVP_MD_nid.3,v 1.4 2024/03/05 17:21:40 tb Exp $ .\" full merge up to: OpenSSL man3/EVP_DigestInit.pod .\" 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 7 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_MD_NID 3 .Os .Sh NAME @@ -170,12 +170,56 @@ is configured to use. .Fn EVP_MD_flags returns the message digest flags used by .Fa md . -The meaning of the flags is described in the -.Xr EVP_MD_meth_set_flags 3 -manual page. Be careful to not confuse these flags with the unrelated message digest context flags that can be inspected with .Xr EVP_MD_CTX_test_flags 3 . +The available flags are: +.Bl -tag -width Ds +.It Dv EVP_MD_FLAG_DIGALGID_NULL +The parameters in a +.Vt DigestAlgorithmIdentifier +are encoded using an explicit ASN.1 +.Dv NULL +rather than omitting them. +This is the default, which means that it takes effect for +.Vt EVP_MD +objects that do not have +.Dv EVP_MD_FLAG_DIGALGID_ABSENT +set. +.It Dv EVP_MD_FLAG_DIGALGID_ABSENT +The parameters in a +.Vt DigestAlgorithmIdentifier +are omitted from the ASN.1 encoding. +This is used by the +.Vt EVP_MD +objects documented in the manual page +.Xr EVP_sha3_224 3 +and by the objects returned from +.Xr EVP_sha512 3 , +.Xr EVP_sha512_256 3 , +.Xr EVP_sha512_224 3 , +.Xr EVP_sha384 3 , +.Xr EVP_sha256 3 , +.Xr EVP_sha224 3 , +.Xr EVP_sha1 3 , +and +.Xr EVP_sm3 3 . +.It Dv EVP_MD_FLAG_DIGALGID_CUSTOM +This flag is reserved for user-defined +.Vt EVP_MD +objects supporting custom +.Vt DigestAlgorithmIdentifier +handling via +.Xr EVP_MD_CTX_ctrl 3 , +but actually, it is ignored by both LibreSSL and OpenSSL +and such user-defined behaviour is not supported by the libraries. +.It Dv EVP_MD_FLAG_FIPS +Mark the digest method as suitable for FIPS mode. +This flag is ignored by both LibreSSL and OpenSSL. +.It Dv EVP_MD_FLAG_ONESHOT +Intended to indicate that the digest method can only handle one block +of input, but actually, this flag is ignored by both LibreSSL and OpenSSL. +.El .Pp .Fn EVP_MD_pkey_type returns the NID of the public key signing algorithm associated with this @@ -224,6 +268,12 @@ return the digest or block size in bytes. .Xr EVP_DigestInit 3 , .Xr EVP_MD_CTX_ctrl 3 , .Xr OBJ_nid2obj 3 +.Sh STANDARDS +RFC 5754: Using SHA2 Algorithms with Cryptographic Message Syntax +.Bl -dash -compact -offset indent +.It +section 2: Message Digest Algorithms +.El .Sh HISTORY .Fn EVP_MD_size first appeared in SSLeay 0.6.6, diff --git a/man/EVP_OpenInit.3 b/man/EVP_OpenInit.3 index 766d178c..fbd0e755 100644 --- a/man/EVP_OpenInit.3 +++ b/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_OpenInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ +.\" $OpenBSD: EVP_OpenInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 7 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_OPENINIT 3 .Os .Sh NAME @@ -131,6 +131,9 @@ parameter is a variable length cipher then the key length will be set to the value of the recovered key length. If the cipher is a fixed length cipher then the recovered key length must match the fixed cipher length. +.Pp +.Fn EVP_OpenUpdate +is implemented as a macro. .Sh RETURN VALUES .Fn EVP_OpenInit returns 0 on error or a non-zero integer (actually the recovered secret diff --git a/man/EVP_PKCS82PKEY.3 b/man/EVP_PKCS82PKEY.3 index 5fed846f..30a43b8d 100644 --- a/man/EVP_PKCS82PKEY.3 +++ b/man/EVP_PKCS82PKEY.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.1 2021/10/25 13:48:12 schwarze Exp $ +.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.3 2024/03/05 19:21:31 tb Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 25 2021 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKCS82PKEY 3 .Os .Sh NAME @@ -39,9 +39,7 @@ creates a PKCS#8 structure representing the private key contained in .Fa pkey . .Pp -Supported algorithms include DH, DSA, EC, GOST2001, and RSA. -Application programs can add additional algorithms using -.Xr EVP_PKEY_asn1_add0 3 . +Supported algorithms include DH, DSA, EC, and RSA. .Sh RETURN VALUES These functions return a newly allocated object or .Dv NULL @@ -51,7 +49,6 @@ or .Fa pkey is unsupported or if memory allocation, decoding, or encoding fails. .Sh SEE ALSO -.Xr EVP_PKEY_asn1_add0 3 , .Xr EVP_PKEY_base_id 3 , .Xr EVP_PKEY_new 3 , .Xr PKCS8_pkey_set0 3 , diff --git a/man/EVP_PKEY_asn1_get_count.3 b/man/EVP_PKEY_asn1_get_count.3 index 9f272a24..85a6471a 100644 --- a/man/EVP_PKEY_asn1_get_count.3 +++ b/man/EVP_PKEY_asn1_get_count.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.7 2023/09/13 13:55:50 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.8 2023/12/21 21:32:01 tb Exp $ .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 13 2023 $ +.Dd $Mdocdate: December 21 2023 $ .Dt EVP_PKEY_ASN1_GET_COUNT 3 .Os .Sh NAME @@ -111,7 +111,6 @@ .Sh DESCRIPTION .Fn EVP_PKEY_asn1_get_count returns the number of public key ASN.1 methods available. -It includes standard methods and any methods added by the application. .Pp .Fn EVP_PKEY_asn1_get0 returns the public key ASN.1 method @@ -185,8 +184,6 @@ object and will never be returned from .Fn EVP_PKEY_asn1_find or .Fn EVP_PKEY_asn1_find_str . -It is either an alias built into the library, or it was created with -.Xr EVP_PKEY_asn1_add_alias 3 . .It Dv ASN1_PKEY_DYNAMIC This .Fa ameth @@ -218,18 +215,6 @@ objects with In particular, this is used for .Dv EVP_PKEY_RSA . .El -.Pp -.Fn EVP_PKEY_asn1_get_count , -.Fn EVP_PKEY_asn1_get0 , -.Fn EVP_PKEY_asn1_find -and -.Fn EVP_PKEY_asn1_find_str -are not thread safe, but as long as all -.Vt EVP_PKEY_ASN1_METHOD -objects are added before the application gets threaded, using them is -safe. -See -.Xr EVP_PKEY_asn1_add0 3 . .Sh RETURN VALUES .Fn EVP_PKEY_asn1_get_count returns the number of available public key methods. diff --git a/man/EVP_PKEY_asn1_new.3 b/man/EVP_PKEY_asn1_new.3 index 82a109c5..cd6a7169 100644 --- a/man/EVP_PKEY_asn1_new.3 +++ b/man/EVP_PKEY_asn1_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.10 2023/09/13 14:18:21 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.11 2023/12/21 21:32:01 tb Exp $ .\" selective merge up to: .\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800 .\" @@ -67,15 +67,16 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 13 2023 $ +.Dd $Mdocdate: December 21 2023 $ .Dt EVP_PKEY_ASN1_NEW 3 .Os .Sh NAME +.\" .Nm EVP_PKEY_asn1_add0 and +.\" .Nm EVP_PKEY_asn1_add_alias are intentionally undocumented +.\" because they will be removed in the next major bump .Nm EVP_PKEY_asn1_new , .Nm EVP_PKEY_asn1_copy , .Nm EVP_PKEY_asn1_free , -.Nm EVP_PKEY_asn1_add0 , -.Nm EVP_PKEY_asn1_add_alias , .Nm EVP_PKEY_asn1_set_public , .Nm EVP_PKEY_asn1_set_private , .Nm EVP_PKEY_asn1_set_param , @@ -104,15 +105,6 @@ .Fo EVP_PKEY_asn1_free .Fa "EVP_PKEY_ASN1_METHOD *ameth" .Fc -.Ft int -.Fo EVP_PKEY_asn1_add0 -.Fa "const EVP_PKEY_ASN1_METHOD *ameth" -.Fc -.Ft int -.Fo EVP_PKEY_asn1_add_alias -.Fa "int to" -.Fa "int from" -.Fc .Ft void .Fo EVP_PKEY_asn1_set_public .Fa "EVP_PKEY_ASN1_METHOD *ameth" @@ -179,13 +171,10 @@ is a structure which holds a set of ASN.1 conversion, printing and information methods for a specific public key algorithm. .Pp -There are two places where the +The built-in .Vt EVP_PKEY_ASN1_METHOD -objects are stored: one is a built-in array representing the standard -methods for different algorithms, and the other one is a stack of -user-defined application-specific methods, which can be manipulated by -using -.Fn EVP_PKEY_asn1_add0 . +objects are stored in a table containing the standard +methods for different algorithms. .Ss Methods The methods are the underlying implementations of a particular public key algorithm present by the @@ -467,28 +456,6 @@ is .Dv NULL of not marked as dynamically allocated, no action occurs. .Pp -.Fn EVP_PKEY_asn1_add0 -adds -.Fa ameth -to the user defined stack of methods unless another -.Vt EVP_PKEY_ASN1_METHOD -with the same NID is already there. -This function is not thread safe, it is recommended to only use this when -initializing the application. -.Pp -.Fn EVP_PKEY_asn1_add_alias -creates an alias with the NID -.Fa to -for the -.Vt EVP_PKEY_ASN1_METHOD -with NID -.Fa from -unless another -.Vt EVP_PKEY_ASN1_METHOD -with the same NID is already added. -This function is not thread safe, it's recommended to only use this when -initializing the application. -.Pp .Fn EVP_PKEY_asn1_set_public , .Fn EVP_PKEY_asn1_set_private , .Fn EVP_PKEY_asn1_set_param , @@ -509,11 +476,6 @@ returns a pointer to the new object or .Dv NULL if memory allocation fails. -.Pp -.Fn EVP_PKEY_asn1_add0 -and -.Fn EVP_PKEY_asn1_add_alias -return 0 on error or 1 on success. .Sh SEE ALSO .Xr EVP_PKEY_asn1_get_count 3 , .Xr EVP_PKEY_new 3 , @@ -522,8 +484,6 @@ return 0 on error or 1 on success. .Fn EVP_PKEY_asn1_new , .Fn EVP_PKEY_asn1_copy , .Fn EVP_PKEY_asn1_free , -.Fn EVP_PKEY_asn1_add0 , -.Fn EVP_PKEY_asn1_add_alias , .Fn EVP_PKEY_asn1_set_public , .Fn EVP_PKEY_asn1_set_private , .Fn EVP_PKEY_asn1_set_param , diff --git a/man/EVP_PKEY_cmp.3 b/man/EVP_PKEY_cmp.3 index 42bfb6fe..2e42a994 100644 --- a/man/EVP_PKEY_cmp.3 +++ b/man/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.13 2023/09/08 11:37:58 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.14 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 8 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKEY_CMP 3 .Os .Sh NAME @@ -77,7 +77,7 @@ .Nm EVP_PKEY_cmp .\" .Nm EVP_PKEY_save_parameters is intentionally undocumented .\" because nothing uses it according to codesearch.debian.net -.\" and it only affects X509_PUBKEY_set(3) for DSA and GOST2001 keys, +.\" and it only affects X509_PUBKEY_set(3) for DSA, .\" resulting in incomplete output without the public key parameters. .Nd public key parameter and comparison functions .Sh SYNOPSIS diff --git a/man/EVP_PKEY_derive.3 b/man/EVP_PKEY_derive.3 index c8201834..8940572d 100644 --- a/man/EVP_PKEY_derive.3 +++ b/man/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_derive.3,v 1.9 2023/09/09 14:26:35 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_derive.3,v 1.10 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 9 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKEY_DERIVE 3 .Os .Sh NAME @@ -109,7 +109,6 @@ The library provides built-in support for keys with an of .Dv EVP_PKEY_DH , .Dv EVP_PKEY_EC , -.Dv EVP_PKEY_GOSTR01 , .Dv EVP_PKEY_HKDF , and .Dv EVP_PKEY_X25519 . diff --git a/man/EVP_PKEY_encrypt.3 b/man/EVP_PKEY_encrypt.3 index a13594b5..6b9f8fa6 100644 --- a/man/EVP_PKEY_encrypt.3 +++ b/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.8 2023/05/14 09:29:37 tb Exp $ +.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.9 2023/11/19 10:09:27 tb Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt EVP_PKEY_ENCRYPT 3 .Os .Sh NAME @@ -138,17 +138,15 @@ to start with the default OpenSSL RSA implementation: .Bd -literal -offset indent #include #include -#include EVP_PKEY_CTX *ctx; -ENGINE *eng; unsigned char *out, *in; size_t outlen, inlen; EVP_PKEY *key; -/* NB: assumes eng, key in, inlen are already set up +/* NB: assumes that key, in, inlen are already set up * and that key is an RSA public key */ -ctx = EVP_PKEY_CTX_new(key, eng); +ctx = EVP_PKEY_CTX_new(key, NULL); if (!ctx) /* Error occurred */ if (EVP_PKEY_encrypt_init(ctx) <= 0) diff --git a/man/EVP_PKEY_get_default_digest_nid.3 b/man/EVP_PKEY_get_default_digest_nid.3 index bef39987..50a0ddba 100644 --- a/man/EVP_PKEY_get_default_digest_nid.3 +++ b/man/EVP_PKEY_get_default_digest_nid.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.7 2023/09/13 14:57:21 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.8 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file is a derived work. @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 13 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 .Os .Sh NAME @@ -103,8 +103,6 @@ Support for the following public key algorithms is built into the library: .It Dv EVP_PKEY_DSA Ta Dv NID_sha1 Ta mandatory .It Dv EVP_PKEY_EC Ta Dv NID_sha1 Ta mandatory .It Dv EVP_PKEY_ED25519 Ta Dv NID_undef Ta mandatory -.It Dv EVP_PKEY_GOSTIMIT Ta Dv NID_id_Gost28147_89_MAC Ta mandatory -.It Dv EVP_PKEY_GOSTR01 Ta variable Ta mandatory .It Dv EVP_PKEY_HMAC Ta Dv NID_sha1 Ta advisory .It Dv EVP_PKEY_RSA Ta Dv NID_sha256 Ta advisory .El diff --git a/man/EVP_PKEY_set1_RSA.3 b/man/EVP_PKEY_set1_RSA.3 index 4a382e11..07db2700 100644 --- a/man/EVP_PKEY_set1_RSA.3 +++ b/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.20 2023/08/27 13:08:15 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.22 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 27 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKEY_SET1_RSA 3 .Os .Sh NAME @@ -87,7 +87,6 @@ .Nm EVP_PKEY_assign_DSA , .Nm EVP_PKEY_assign_DH , .Nm EVP_PKEY_assign_EC_KEY , -.Nm EVP_PKEY_assign_GOST , .Nm EVP_PKEY_assign , .Nm EVP_PKEY_base_id , .Nm EVP_PKEY_id , @@ -182,11 +181,6 @@ .Fa "EC_KEY *key" .Fc .Ft int -.Fo EVP_PKEY_assign_GOST -.Fa "EVP_PKEY *pkey" -.Fa "GOST_KEY *key" -.Fc -.Ft int .Fo EVP_PKEY_assign .Fa "EVP_PKEY *pkey" .Fa "int type" @@ -268,7 +262,6 @@ becomes unspecified. .Fn EVP_PKEY_assign_DSA , .Fn EVP_PKEY_assign_DH , .Fn EVP_PKEY_assign_EC_KEY , -.Fn EVP_PKEY_assign_GOST , and .Fn EVP_PKEY_assign also set the referenced key to @@ -292,9 +285,8 @@ The following types are supported: .Dv EVP_PKEY_RSA , .Dv EVP_PKEY_DSA , .Dv EVP_PKEY_DH , -.Dv EVP_PKEY_EC , and -.Dv EVP_PKEY_GOSTR01 . +.Dv EVP_PKEY_EC . .Pp .Fn EVP_PKEY_base_id returns the type of @@ -307,16 +299,11 @@ according to the following table: .It Dv EVP_PKEY_DH Ta = Dv NID_dhKeyAgreement Ta DH .It Dv EVP_PKEY_DSA Ta = Dv NID_dsa Ta DSA .It Dv EVP_PKEY_EC Ta = Dv NID_X9_62_id_ecPublicKey Ta EC -.It Dv EVP_PKEY_GOSTIMIT Ta = Dv NID_id_Gost28147_89_MAC Ta GOST-MAC -.It Dv EVP_PKEY_GOSTR01 Ta = Dv NID_id_GostR3410_2001 Ta GOST2001 .It Dv EVP_PKEY_HMAC Ta = Dv NID_hmac Ta HMAC .It Dv EVP_PKEY_RSA Ta = Dv NID_rsaEncryption Ta RSA .It Dv EVP_PKEY_RSA_PSS Ta = Dv NID_rsassaPss Ta RSA-PSS .El .Pp -Application programs can support additional key types by calling -.Xr EVP_PKEY_asn1_add0 3 . -.Pp .Fn EVP_PKEY_id returns the actual OID associated with .Fa pkey . @@ -329,14 +316,9 @@ The following deprecated aliases are still supported: .It Dv EVP_PKEY_DSA2 Ta = Dv NID_dsaWithSHA Ta DSA .It Dv EVP_PKEY_DSA3 Ta = Dv NID_dsaWithSHA1 Ta DSA .It Dv EVP_PKEY_DSA4 Ta = Dv NID_dsaWithSHA1_2 Ta DSA -.It Dv EVP_PKEY_GOSTR12_256 Ta = Dv NID_id_tc26_gost3410_2012_256 Ta GOST2001 -.It Dv EVP_PKEY_GOSTR12_512 Ta = Dv NID_id_tc26_gost3410_2012_512 Ta GOST2001 .It Dv EVP_PKEY_RSA2 Ta = Dv NID_rsa Ta RSA .El .Pp -Application programs can support additional alternative OIDs by calling -.Xr EVP_PKEY_asn1_add_alias 3 . -.Pp Most applications wishing to know a key type will simply call .Fn EVP_PKEY_base_id and will not care about the actual type, @@ -414,7 +396,6 @@ functions must be freed as well as .Fn EVP_PKEY_assign_DSA , .Fn EVP_PKEY_assign_DH , .Fn EVP_PKEY_assign_EC_KEY , -.Fn EVP_PKEY_assign_GOST , .Fn EVP_PKEY_assign , .Fn EVP_PKEY_set_type , and @@ -442,7 +423,6 @@ the return value points to an .Vt DSA , .Vt DH , .Vt EC_KEY , -.Vt GOST_KEY , or .Vt ASN1_OCTET_STRING object depending on the type of @@ -500,10 +480,6 @@ and first appeared in OpenSSL 1.0.0 and have been available since .Ox 4.9 . .Pp -.Fn EVP_PKEY_assign_GOST -first appeared in -.Ox 5.7 . -.Pp .Fn EVP_PKEY_get0_RSA , .Fn EVP_PKEY_get0_DSA , .Fn EVP_PKEY_get0_DH , diff --git a/man/EVP_PKEY_size.3 b/man/EVP_PKEY_size.3 index b45cda7f..f49678d0 100644 --- a/man/EVP_PKEY_size.3 +++ b/man/EVP_PKEY_size.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_size.3,v 1.3 2024/03/05 19:21:31 tb Exp $ .\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 12 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_PKEY_SIZE 3 .Os .Sh NAME @@ -144,7 +144,6 @@ is supported for the following algorithms: .It DSA Ta Xr DSA_size 3 .It EC Ta Xr ECDSA_size 3 .It ED25519 Ta 64, but see below -.It GOST01 Ta 64 or 128 .It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64 .It RSA Ta Xr RSA_size 3 .It X25519 Ta Dv X25519_KEYLEN No = 32 @@ -173,7 +172,6 @@ By default, the following algorithms are supported: .It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3 .It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3 .It ED25519 Ta 253 Ta \(em -.It GOST01 Ta 256 or 512 Ta \(em .It RSA Ta the public modulus Ta Xr RSA_bits 3 .It X25519 Ta 253 Ta \(em .El @@ -192,7 +190,6 @@ By default, the following algorithms are supported: .It DSA Ta Xr DSA_security_bits 3 .It EC Ta Xr EC_GROUP_order_bits 3 divided by 2 .It ED25519 Ta 128 -.It GOST01 Ta not supported, return value is \-2 .It RSA Ta Xr RSA_security_bits 3 .It X25519 Ta 128 .El diff --git a/man/EVP_SealInit.3 b/man/EVP_SealInit.3 index 15938fcb..da535352 100644 --- a/man/EVP_SealInit.3 +++ b/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_SealInit.3,v 1.8 2019/06/07 20:46:25 schwarze Exp $ +.\" $OpenBSD: EVP_SealInit.3,v 1.9 2023/11/16 20:27:43 schwarze Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 7 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SEALINIT 3 .Os .Sh NAME @@ -162,6 +162,9 @@ set to 0 and (after setting any cipher parameters) it should be called again with .Fa type set to NULL. +.Pp +.Fn EVP_SealUpdate +is implemented as a macro. .Sh RETURN VALUES .Fn EVP_SealInit returns 0 on error or diff --git a/man/EVP_SignInit.3 b/man/EVP_SignInit.3 index 59dbca1e..dc042910 100644 --- a/man/EVP_SignInit.3 +++ b/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_SignInit.3,v 1.16 2022/07/13 19:10:40 schwarze Exp $ +.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SIGNINIT 3 .Os .Sh NAME @@ -157,6 +157,12 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling .Xr EVP_MD_CTX_free 3 or a memory leak will occur. +.Pp +.Fn EVP_SignInit_ex , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignInit +are implemented as macros. .Sh RETURN VALUES .Fn EVP_SignInit_ex , .Fn EVP_SignUpdate , diff --git a/man/EVP_VerifyInit.3 b/man/EVP_VerifyInit.3 index 5556f6c8..90a774e5 100644 --- a/man/EVP_VerifyInit.3 +++ b/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_VerifyInit.3,v 1.10 2019/06/10 14:58:48 schwarze Exp $ +.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 10 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_VERIFYINIT 3 .Os .Sh NAME @@ -147,6 +147,12 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling .Xr EVP_MD_CTX_free 3 , or a memory leak will occur. +.Pp +.Fn EVP_VerifyInit_ex , +.Fn EVP_VerifyUpdate , +and +.Fn EVP_VerifyInit +are implemented as macros. .Sh RETURN VALUES .Fn EVP_VerifyInit_ex and diff --git a/man/EVP_add_cipher.3 b/man/EVP_add_cipher.3 deleted file mode 100644 index 6cbfd2e3..00000000 --- a/man/EVP_add_cipher.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" $OpenBSD: EVP_add_cipher.3,v 1.6 2023/08/25 18:39:04 schwarze Exp $ -.\" -.\" Copyright (c) 2023 Theo Buehler -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: August 25 2023 $ -.Dt EVP_ADD_CIPHER 3 -.Os -.Sh NAME -.Nm EVP_add_cipher , -.Nm EVP_add_cipher_alias , -.Nm EVP_delete_cipher_alias , -.Nm EVP_add_digest , -.Nm EVP_add_digest_alias , -.Nm EVP_delete_digest_alias -.Nd maintain lookup tables for cipher and digest names -.Sh SYNOPSIS -.In openssl/evp.h -.Ft int -.Fo EVP_add_cipher -.Fa "const EVP_CIPHER *cipher" -.Fc -.Ft int -.Fo EVP_add_cipher_alias -.Fa "const char *name" -.Fa "const char *alias" -.Fc -.Ft int -.Fo EVP_delete_cipher_alias -.Fa "const char *alias" -.Fc -.Ft int -.Fo EVP_add_digest -.Fa "const EVP_MD *md" -.Fc -.Ft int -.Fo EVP_add_digest_alias -.Fa "const char *name" -.Fa "const char *alias" -.Fc -.Ft int -.Fo EVP_delete_digest_alias -.Fa "const char *alias" -.Fc -.Sh DESCRIPTION -.Fn EVP_add_cipher -adds -.Fa cipher -to a global lookup table so that it can be retrieved with -.Xr EVP_get_cipherbyname 3 -using both its long and short names, -as determined by the -.Fa cipher Ns 's -NID via -.Xr OBJ_nid2ln 3 -and -.Xr OBJ_nid2sn 3 . -It is the caller's responsibility to ensure that the long -and short names are not -.Dv NULL . -Internally, the lookup table is the global associative array and -.Xr OBJ_NAME_add 3 -is used to add two key-value pairs with value pointer -.Fa cipher -and the keys consisting of the names and -the type -.Dv OBJ_NAME_TYPE_CIPHER_METH . -.Pp -.Fn EVP_add_cipher_alias -and -.Fn EVP_delete_cipher_alias -add and remove the -.Fa alias -for the cipher -.Fa name . -They are implemented as macros wrapping -.Xr OBJ_NAME_add 3 -and -.Xr OBJ_NAME_remove 3 -with -.Fa type -set to the bitwise or of -.Dv OBJ_NAME_TYPE_CIPHER_METH -and -.Dv OBJ_NAME_ALIAS . -.Pp -.Fn EVP_add_digest -adds -.Fa md -to a global lookup table so that it can be retrieved with -.Xr EVP_get_digestbyname 3 -using both its long and short names, -as determined by the -.Fa md Ns 's -NID via -.Xr OBJ_nid2ln 3 -and -.Xr OBJ_nid2sn 3 . -If the -.Fa md -has an associated public key signing algorithm (see -.Xr EVP_MD_pkey_type 3 ) -distinct from the -.Fa md , -the signing algorithm's short and long names are added as aliases for -the short name of -.Fa md . -It is the caller's responsibility to ensure that all long -and short names are not -.Dv NULL . -Internally, the lookup table is the global associative array and -.Xr OBJ_NAME_add 3 -is used to add two key-value pairs with value pointer -.Fa md -and the keys consisting of the names and -the type -.Dv OBJ_NAME_TYPE_MD_METH . -The aliases are added with -.Fn EVP_add_digest_alias . -.Pp -.Fn EVP_add_digest_alias -and -.Fn EVP_delete_digest_alias -add and remove the -.Fa alias -for the digest -.Fa name . -They are implemented as macros wrapping -.Xr OBJ_NAME_add 3 -and -.Xr OBJ_NAME_remove 3 -with -.Fa type -set to the bitwise or of -.Dv OBJ_NAME_TYPE_MD_METH -and -.Dv OBJ_NAME_ALIAS . -.Sh RETURN VALUES -.Fn EVP_add_cipher , -.Fn EVP_add_cipher_alias , -.Fn EVP_add_digest , -and -.Fn EVP_add_digest_alias -return 1 on success or 0 if memory allocation fails. -.Pp -.Fn EVP_delete_cipher_alias -and -.Fn EVP_delete_digest_alias -return 1 if one alias was removed or 0 otherwise. -.Sh SEE ALSO -.Xr evp 3 , -.Xr EVP_CIPHER_meth_new 3 , -.Xr EVP_get_cipherbyname 3 , -.Xr EVP_get_digestbyname 3 , -.Xr EVP_MD_meth_new 3 , -.Xr OBJ_create 3 , -.Xr OBJ_NAME_add 3 , -.Xr OpenSSL_add_all_algorithms 3 -.Sh HISTORY -.Fn EVP_add_cipher -and -.Fn EVP_add_digest -first appeared in OpenSSL 0.9.0 and have been available since -.Ox 2.4 . -.Pp -.Fn EVP_add_cipher_alias , -.Fn EVP_delete_cipher_alias , -.Fn EVP_add_digest_alias , -and -.Fn EVP_delete_digest_alias -first appeared in OpenSSL 0.9.4 and have been available since -.Ox 2.6 . -.Sh BUGS -Key-value pairs already added before an error occurred -remain in the global associative array, -leaving it in an unknown state. -.Pp -While aliases can be added and removed, there is no dedicated API -to remove added ciphers or digests. diff --git a/man/EVP_aes_128_cbc.3 b/man/EVP_aes_128_cbc.3 index ac63f7f1..4d153e5c 100644 --- a/man/EVP_aes_128_cbc.3 +++ b/man/EVP_aes_128_cbc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $ +.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $ .\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 .\" .\" This file was written by Ronald Tse @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_AES_128_CBC 3 .Os .Sh NAME @@ -205,7 +205,8 @@ are aliases for .Fn EVP_aes_128_cfb128 , .Fn EVP_aes_192_cfb128 , and -.Fn EVP_aes_256_cfb128 . +.Fn EVP_aes_256_cfb128 , +implemented as macros. .Pp .Fn EVP_aes_128_cbc_hmac_sha1 and diff --git a/man/EVP_sha1.3 b/man/EVP_sha1.3 index 43898a5f..b28c9f54 100644 --- a/man/EVP_sha1.3 +++ b/man/EVP_sha1.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sha1.3,v 1.1 2023/08/27 15:33:08 schwarze Exp $ +.\" $OpenBSD: EVP_sha1.3,v 1.2 2024/03/05 17:21:40 tb Exp $ .\" .\" Copyright (c) 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 27 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_SHA1 3 .Os .Sh NAME @@ -67,8 +67,7 @@ These functions return pointers to static objects implementing the hash functions. .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 +.Xr EVP_DigestInit 3 .Sh STANDARDS .Rs .%A T. Polk diff --git a/man/EVP_sha3_224.3 b/man/EVP_sha3_224.3 index bd9138c3..3c21ae1a 100644 --- a/man/EVP_sha3_224.3 +++ b/man/EVP_sha3_224.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sha3_224.3,v 1.2 2023/08/15 11:54:38 schwarze Exp $ +.\" $OpenBSD: EVP_sha3_224.3,v 1.3 2024/03/05 17:21:40 tb Exp $ .\" selective merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800 .\" .\" This file was written by Ronald Tse . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 15 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt EVP_SHA3_224 3 .Os .Sh NAME @@ -86,7 +86,6 @@ These functions return pointers to static objects implementing the hash functions. .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_DigestInit 3 , -.Xr EVP_MD_meth_new 3 +.Xr EVP_DigestInit 3 .Sh STANDARDS NIST FIPS 202 diff --git a/man/EVP_sm4_cbc.3 b/man/EVP_sm4_cbc.3 index 85ff88f5..0605a52f 100644 --- a/man/EVP_sm4_cbc.3 +++ b/man/EVP_sm4_cbc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $ +.\" $OpenBSD: EVP_sm4_cbc.3,v 1.2 2023/11/16 20:27:43 schwarze Exp $ .\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700 .\" .\" Copyright (c) 2017 Ribose Inc @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 18 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt EVP_SM4_CBC 3 .Os .Sh NAME @@ -53,7 +53,8 @@ bits. .Pp .Fn EVP_sm4_cfb is an alias for -.Fn EVP_sm4_cfb128 . +.Fn EVP_sm4_cfb128 , +implemented as a macro. .Pp With an argument of .Qq sm4 diff --git a/man/Makefile.am b/man/Makefile.am index 7c7bb1a8..2ae4f0ac 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -135,7 +135,7 @@ dist_man3_MANS += ASN1_INTEGER_get.3 dist_man3_MANS += ASN1_NULL_new.3 dist_man3_MANS += ASN1_OBJECT_new.3 dist_man3_MANS += ASN1_PRINTABLE_type.3 -dist_man3_MANS += ASN1_STRING_TABLE_add.3 +dist_man3_MANS += ASN1_STRING_TABLE_get.3 dist_man3_MANS += ASN1_STRING_length.3 dist_man3_MANS += ASN1_STRING_new.3 dist_man3_MANS += ASN1_STRING_print_ex.3 @@ -153,7 +153,6 @@ dist_man3_MANS += ASN1_item_verify.3 dist_man3_MANS += ASN1_mbstring_copy.3 dist_man3_MANS += ASN1_parse_dump.3 dist_man3_MANS += ASN1_put_object.3 -dist_man3_MANS += ASN1_time_parse.3 dist_man3_MANS += ASRange_new.3 dist_man3_MANS += AUTHORITY_KEYID_new.3 dist_man3_MANS += BASIC_CONSTRAINTS_new.3 @@ -224,6 +223,7 @@ dist_man3_MANS += CMS_get0_type.3 dist_man3_MANS += CMS_get1_ReceiptRequest.3 dist_man3_MANS += CMS_sign.3 dist_man3_MANS += CMS_sign_receipt.3 +dist_man3_MANS += CMS_signed_add1_attr.3 dist_man3_MANS += CMS_uncompress.3 dist_man3_MANS += CMS_verify.3 dist_man3_MANS += CMS_verify_receipt.3 @@ -247,7 +247,7 @@ dist_man3_MANS += DSA_SIG_new.3 dist_man3_MANS += DSA_do_sign.3 dist_man3_MANS += DSA_dup_DH.3 dist_man3_MANS += DSA_generate_key.3 -dist_man3_MANS += DSA_generate_parameters.3 +dist_man3_MANS += DSA_generate_parameters_ex.3 dist_man3_MANS += DSA_get0_pqg.3 dist_man3_MANS += DSA_get_ex_new_index.3 dist_man3_MANS += DSA_meth_new.3 @@ -264,17 +264,7 @@ dist_man3_MANS += EC_KEY_METHOD_new.3 dist_man3_MANS += EC_KEY_new.3 dist_man3_MANS += EC_POINT_add.3 dist_man3_MANS += EC_POINT_new.3 -dist_man3_MANS += ENGINE_add.3 -dist_man3_MANS += ENGINE_ctrl.3 -dist_man3_MANS += ENGINE_get_default_RSA.3 -dist_man3_MANS += ENGINE_init.3 dist_man3_MANS += ENGINE_new.3 -dist_man3_MANS += ENGINE_register_RSA.3 -dist_man3_MANS += ENGINE_register_all_RSA.3 -dist_man3_MANS += ENGINE_set_RSA.3 -dist_man3_MANS += ENGINE_set_default.3 -dist_man3_MANS += ENGINE_set_flags.3 -dist_man3_MANS += ENGINE_unregister_RSA.3 dist_man3_MANS += ERR.3 dist_man3_MANS += ERR_GET_LIB.3 dist_man3_MANS += ERR_asprintf_error_data.3 @@ -292,6 +282,7 @@ dist_man3_MANS += EVP_AEAD_CTX_init.3 dist_man3_MANS += EVP_BytesToKey.3 dist_man3_MANS += EVP_CIPHER_CTX_ctrl.3 dist_man3_MANS += EVP_CIPHER_CTX_get_cipher_data.3 +dist_man3_MANS += EVP_CIPHER_CTX_init.3 dist_man3_MANS += EVP_CIPHER_CTX_set_flags.3 dist_man3_MANS += EVP_CIPHER_do_all.3 dist_man3_MANS += EVP_CIPHER_meth_new.3 @@ -302,7 +293,6 @@ dist_man3_MANS += EVP_DigestVerifyInit.3 dist_man3_MANS += EVP_EncodeInit.3 dist_man3_MANS += EVP_EncryptInit.3 dist_man3_MANS += EVP_MD_CTX_ctrl.3 -dist_man3_MANS += EVP_MD_meth_new.3 dist_man3_MANS += EVP_MD_nid.3 dist_man3_MANS += EVP_OpenInit.3 dist_man3_MANS += EVP_PKCS82PKEY.3 @@ -332,7 +322,6 @@ dist_man3_MANS += EVP_PKEY_verify_recover.3 dist_man3_MANS += EVP_SealInit.3 dist_man3_MANS += EVP_SignInit.3 dist_man3_MANS += EVP_VerifyInit.3 -dist_man3_MANS += EVP_add_cipher.3 dist_man3_MANS += EVP_aes_128_cbc.3 dist_man3_MANS += EVP_camellia_128_cbc.3 dist_man3_MANS += EVP_chacha20.3 @@ -447,7 +436,6 @@ dist_man3_MANS += X509_ATTRIBUTE_get0_object.3 dist_man3_MANS += X509_ATTRIBUTE_new.3 dist_man3_MANS += X509_ATTRIBUTE_set1_object.3 dist_man3_MANS += X509_CINF_new.3 -dist_man3_MANS += X509_CRL_METHOD_new.3 dist_man3_MANS += X509_CRL_get0_by_serial.3 dist_man3_MANS += X509_CRL_new.3 dist_man3_MANS += X509_CRL_print.3 @@ -564,7 +552,6 @@ dist_man3_MANS += i2a_ASN1_STRING.3 dist_man3_MANS += i2d_CMS_bio_stream.3 dist_man3_MANS += i2d_PKCS7_bio_stream.3 dist_man3_MANS += lh_new.3 -dist_man3_MANS += lh_stats.3 dist_man3_MANS += s2i_ASN1_INTEGER.3 dist_man3_MANS += x509_verify.3 dist_man3_MANS += tls_accept_socket.3 @@ -612,8 +599,6 @@ install-data-hook: ln -sf "ASN1_NULL_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" - ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" - ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @@ -690,6 +675,10 @@ install-data-hook: ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_gmtime.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_posix_to_tm.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_timegm.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_tm_to_posix.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" @@ -721,8 +710,6 @@ install-data-hook: ln -sf "ASN1_parse_dump.3" "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" - ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" - ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdOrRange_free.3" ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdOrRange_new.3" ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdentifierChoice_free.3" @@ -821,9 +808,6 @@ install-data-hook: ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" - ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" - ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" - ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_app_data.3" ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" @@ -858,9 +842,6 @@ install-data-hook: ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3" ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" - ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" - ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" - ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3" ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_set_next.3" ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3" @@ -1045,7 +1026,6 @@ install-data-hook: ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_CTX_new.3" ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_Final.3" ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_Update.3" - ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_resume.3" ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" @@ -1080,6 +1060,25 @@ install-data-hook: ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_NID.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_txt.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_delete_attr.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get0_data_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_NID.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_count.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_NID.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_txt.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_delete_attr.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get0_data_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_NID.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_OBJ.3" + ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_count.3" ln -sf "CMS_verify.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" @@ -1091,10 +1090,6 @@ install-data-hook: ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" - ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" - ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" - ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" - ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" @@ -1180,7 +1175,6 @@ install-data-hook: ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" - ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_g.3" @@ -1328,101 +1322,24 @@ install-data-hook: ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates.3" ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3" ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" - ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" - ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_EC.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" - ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" - ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" - ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" - ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" - ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" - ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" - ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" - ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_EC.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_EC.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" - ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" - ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" - ln -sf "ENGINE_set_flags.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" - ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_init.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" @@ -1476,6 +1393,8 @@ install-data-hook: ln -sf "EVP_CIPHER_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" ln -sf "EVP_CIPHER_CTX_get_cipher_data.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_buf_noconst.3" ln -sf "EVP_CIPHER_CTX_get_cipher_data.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_cipher_data.3" + ln -sf "EVP_CIPHER_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" + ln -sf "EVP_CIPHER_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" @@ -1486,6 +1405,8 @@ install-data-hook: ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_do_all_sorted.3" ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all.3" ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all_sorted.3" + ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" + ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_dup.3" ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_free.3" ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_set_cleanup.3" @@ -1549,14 +1470,11 @@ install-data-hook: ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" - ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_copy.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_encrypting.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" - ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" - ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" @@ -1603,18 +1521,6 @@ install-data-hook: ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_flags.3" ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_pkey_ctx.3" ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_test_flags.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_dup.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_free.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_app_datasize.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_cleanup.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_copy.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_ctrl.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_final.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_flags.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_init.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_input_blocksize.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_result_size.3" - ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_update.3" ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" @@ -1669,8 +1575,6 @@ install-data-hook: ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" - ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" - ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @@ -1739,7 +1643,6 @@ install-data-hook: ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" - ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" @@ -1772,11 +1675,6 @@ install-data-hook: ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" - ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_cipher_alias.3" - ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_digest.3" - ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_digest_alias.3" - ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_delete_cipher_alias.3" - ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_delete_digest_alias.3" ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" @@ -1913,8 +1811,6 @@ install-data-hook: ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" - ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" - ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" @@ -1923,8 +1819,6 @@ install-data-hook: ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" - ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/check_defer.3" - ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" ln -sf "OBJ_find_sigid_algs.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @@ -2006,7 +1900,6 @@ install-data-hook: ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" ln -sf "OPENSSL_init_crypto.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" - ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" @@ -2018,7 +1911,6 @@ install-data-hook: ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_dup.3" ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find.3" - ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_free.3" ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_insert.3" ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" @@ -2711,10 +2603,6 @@ install-data-hook: ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" - ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" - ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" - ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" - ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -2873,7 +2761,6 @@ install-data-hook: ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" - ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_purpose_inherit.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_depth.3" @@ -2907,6 +2794,7 @@ install-data-hook: ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_objects.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" @@ -3100,32 +2988,18 @@ install-data-hook: ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3" - ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3" ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/OBJ_get0_data.3" ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/OBJ_length.3" @@ -3464,11 +3338,6 @@ install-data-hook: ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_strhash.3" - ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" - ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" - ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" - ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" - ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3" ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3" ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3" @@ -3592,8 +3461,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @@ -3670,6 +3537,10 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_gmtime.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_posix_to_tm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_timegm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_tm_to_posix.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" @@ -3701,8 +3572,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASIdOrRange_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASIdOrRange_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASIdentifierChoice_free.3" @@ -3801,9 +3670,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_app_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" @@ -3838,9 +3704,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" - -rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" - -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" - -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_next.3" -rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3" @@ -4025,7 +3888,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_CTX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_Final.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_Update.3" - -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_resume.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" @@ -4060,6 +3922,25 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_delete_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get0_data_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_delete_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get0_data_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" @@ -4071,10 +3952,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" - -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" - -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" - -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" - -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" @@ -4160,7 +4037,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" - -rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_g.3" @@ -4310,99 +4186,22 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_EC.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_EC.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_EC.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" -rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" @@ -4456,6 +4255,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_buf_noconst.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_cipher_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" @@ -4466,6 +4267,8 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_do_all_sorted.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all_sorted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_set_cleanup.3" @@ -4529,14 +4332,11 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_encrypting.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" @@ -4583,18 +4383,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_flags.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_pkey_ctx.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_test_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_dup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_app_datasize.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_cleanup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_copy.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_ctrl.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_final.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_flags.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_init.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_input_blocksize.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_result_size.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_update.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" @@ -4649,8 +4437,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @@ -4719,7 +4505,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" @@ -4752,11 +4537,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_cipher_alias.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_digest.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_digest_alias.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_delete_cipher_alias.3" - -rm -f "$(DESTDIR)$(mandir)/man3/EVP_delete_digest_alias.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" @@ -4893,8 +4673,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" -rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" - -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" - -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" @@ -4903,8 +4681,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" - -rm -f "$(DESTDIR)$(mandir)/man3/check_defer.3" - -rm -f "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @@ -4986,7 +4762,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" - -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" @@ -4998,7 +4773,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" -rm -f "$(DESTDIR)$(mandir)/man3/sk_dup.3" -rm -f "$(DESTDIR)$(mandir)/man3/sk_find.3" - -rm -f "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" -rm -f "$(DESTDIR)$(mandir)/man3/sk_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/sk_insert.3" -rm -f "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" @@ -5691,10 +5465,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -5853,7 +5623,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" - -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_purpose_inherit.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_depth.3" @@ -5887,6 +5656,7 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_objects.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" @@ -6080,32 +5850,18 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" - -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" -rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" - -rm -f "$(DESTDIR)$(mandir)/man3/mul.3" - -rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3" - -rm -f "$(DESTDIR)$(mandir)/man3/sqr.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_get0_data.3" -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_length.3" @@ -6444,11 +6200,6 @@ uninstall-local: -rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" -rm -f "$(DESTDIR)$(mandir)/man3/lh_strhash.3" - -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" - -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" - -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" - -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" - -rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3" -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3" diff --git a/man/Makefile.in b/man/Makefile.in index 4aef7cb4..19504e93 100644 --- a/man/Makefile.in +++ b/man/Makefile.in @@ -399,7 +399,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_INTEGER_get.3 ASN1_NULL_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_OBJECT_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_PRINTABLE_type.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_TABLE_add.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_TABLE_get.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_length.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_STRING_print_ex.3 \ @@ -412,8 +412,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_item_verify.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_mbstring_copy.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ASN1_parse_dump.3 ASN1_put_object.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ASN1_time_parse.3 ASRange_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ AUTHORITY_KEYID_new.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ASRange_new.3 AUTHORITY_KEYID_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BASIC_CONSTRAINTS_new.3 BF_set_key.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_accept.3 BIO_ctrl.3 BIO_dump.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ BIO_dup_chain.3 BIO_f_base64.3 \ @@ -451,8 +450,10 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ CMS_get0_SignerInfos.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ CMS_get0_type.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ CMS_get1_ReceiptRequest.3 CMS_sign.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ CMS_sign_receipt.3 CMS_uncompress.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ CMS_verify.3 CMS_verify_receipt.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ CMS_sign_receipt.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ CMS_signed_add1_attr.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ CMS_uncompress.3 CMS_verify.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ CMS_verify_receipt.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ CONF_modules_free.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ CONF_modules_load_file.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ CRYPTO_get_mem_functions.3 \ @@ -465,7 +466,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ DIST_POINT_new.3 DSA_SIG_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ DSA_do_sign.3 DSA_dup_DH.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ DSA_generate_key.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ DSA_generate_parameters.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ DSA_generate_parameters_ex.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ DSA_get0_pqg.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ DSA_get_ex_new_index.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ DSA_meth_new.3 DSA_new.3 \ @@ -476,16 +477,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EC_GROUP_copy.3 EC_GROUP_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EC_KEY_METHOD_new.3 EC_KEY_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EC_POINT_add.3 EC_POINT_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_add.3 ENGINE_ctrl.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_get_default_RSA.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_init.3 ENGINE_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_register_RSA.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_register_all_RSA.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_set_RSA.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_set_default.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_set_flags.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_unregister_RSA.3 ERR.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ ERR_GET_LIB.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ ENGINE_new.3 ERR.3 ERR_GET_LIB.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ERR_asprintf_error_data.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ERR_clear_error.3 ERR_error_string.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ ERR_get_error.3 \ @@ -497,6 +489,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EVP_AEAD_CTX_init.3 EVP_BytesToKey.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_CTX_ctrl.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_CTX_get_cipher_data.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_CTX_init.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_CTX_set_flags.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_do_all.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_CIPHER_meth_new.3 \ @@ -504,9 +497,9 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EVP_DigestSignInit.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_DigestVerifyInit.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_EncodeInit.3 EVP_EncryptInit.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_MD_CTX_ctrl.3 EVP_MD_meth_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_MD_nid.3 EVP_OpenInit.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKCS82PKEY.3 EVP_PKEY_CTX_ctrl.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_MD_CTX_ctrl.3 EVP_MD_nid.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_OpenInit.3 EVP_PKCS82PKEY.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_ctrl.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_get_operation.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_CTX_set_hkdf_md.3 \ @@ -524,8 +517,7 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_size.3 EVP_PKEY_verify.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_PKEY_verify_recover.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_SealInit.3 EVP_SignInit.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_VerifyInit.3 EVP_add_cipher.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ EVP_aes_128_cbc.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ EVP_VerifyInit.3 EVP_aes_128_cbc.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_camellia_128_cbc.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_chacha20.3 EVP_des_cbc.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ EVP_rc4.3 EVP_sha1.3 EVP_sha3_224.3 \ @@ -599,7 +591,6 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_ATTRIBUTE_set1_object.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_CINF_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_METHOD_new.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_get0_by_serial.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_CRL_new.3 X509_CRL_print.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ X509_EXTENSION_set_object.3 \ @@ -689,9 +680,8 @@ EXTRA_DIST = CMakeLists.txt @ENABLE_LIBTLS_ONLY_FALSE@ i2a_ASN1_STRING.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ i2d_CMS_bio_stream.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ i2d_PKCS7_bio_stream.3 lh_new.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ lh_stats.3 s2i_ASN1_INTEGER.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ x509_verify.3 tls_accept_socket.3 \ -@ENABLE_LIBTLS_ONLY_FALSE@ tls_client.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ s2i_ASN1_INTEGER.3 x509_verify.3 \ +@ENABLE_LIBTLS_ONLY_FALSE@ tls_accept_socket.3 tls_client.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ tls_config_ocsp_require_stapling.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ tls_config_set_protocols.3 \ @ENABLE_LIBTLS_ONLY_FALSE@ tls_config_set_session_id.3 \ @@ -1017,8 +1007,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_NULL_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @@ -1095,6 +1083,10 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_gmtime.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_posix_to_tm.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_timegm.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_tm_to_posix.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" @@ -1126,8 +1118,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_parse_dump.3" "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdOrRange_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdOrRange_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ASRange_new.3" "$(DESTDIR)$(mandir)/man3/ASIdentifierChoice_free.3" @@ -1226,9 +1216,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" @@ -1263,9 +1250,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_set_next.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3" @@ -1450,7 +1434,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_Final.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_Update.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMAC_Init.3" "$(DESTDIR)$(mandir)/man3/CMAC_resume.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" @@ -1485,6 +1468,25 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_signed_add1_attr.3" "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CMS_verify.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" @@ -1496,10 +1498,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" @@ -1585,7 +1583,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_g.3" @@ -1733,101 +1730,24 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_set_flags.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_init.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" @@ -1881,6 +1801,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_get_cipher_data.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_buf_noconst.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_get_cipher_data.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_cipher_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" @@ -1891,6 +1813,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all_sorted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_do_all.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_CIPHER_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_set_cleanup.3" @@ -1954,14 +1878,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_encrypting.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" @@ -2008,18 +1929,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_pkey_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_test_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_dup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_app_datasize.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_copy.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_ctrl.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_final.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_init.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_input_blocksize.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_result_size.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_update.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_MD_nid.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" @@ -2074,8 +1983,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @@ -2144,7 +2051,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" @@ -2177,11 +2083,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_cipher_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_digest.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_add_digest_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_delete_cipher_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_add_cipher.3" "$(DESTDIR)$(mandir)/man3/EVP_delete_digest_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" @@ -2318,8 +2219,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_NAME_add.3" "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" @@ -2328,8 +2227,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/check_defer.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_create.3" "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_find_sigid_algs.3" "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @@ -2411,7 +2308,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_init_crypto.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" @@ -2423,7 +2319,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" @@ -3116,10 +3011,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -3278,7 +3169,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_purpose_inherit.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_CTX_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_depth.3" @@ -3312,6 +3202,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" +@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" @@ -3505,32 +3396,18 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/OBJ_get0_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/OBJ_length.3" @@ -3869,11 +3746,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_strhash.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" -@ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3" @ENABLE_LIBTLS_ONLY_FALSE@ ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3" @@ -3997,8 +3869,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_NULL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_create.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" @@ -4075,6 +3945,10 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_gmtime.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_posix_to_tm.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_timegm.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_tm_to_posix.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_get_int_octetstring.3" @@ -4106,8 +3980,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_parse.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_object_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASIdOrRange_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASIdOrRange_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASIdentifierChoice_free.3" @@ -4206,9 +4078,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" @@ -4243,9 +4112,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_next.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3" @@ -4430,7 +4296,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_Final.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_Update.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMAC_resume.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" @@ -4465,6 +4330,25 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_signed_get_attr_count.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_add1_attr_by_txt.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_delete_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get0_data_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_NID.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_by_OBJ.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_unsigned_get_attr_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" @@ -4476,10 +4360,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" @@ -4565,7 +4445,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_g.3" @@ -4715,99 +4594,22 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RSA.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_openssl.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_private_key.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_public_key.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_EC.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" @@ -4861,6 +4663,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_buf_noconst.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_cipher_data.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" @@ -4871,6 +4675,8 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_do_all_sorted.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_meth_set_cleanup.3" @@ -4934,14 +4740,11 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_encrypting.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" @@ -4988,18 +4791,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_flags.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_set_pkey_ctx.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_test_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_dup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_app_datasize.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_copy.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_ctrl.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_final.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_flags.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_init.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_input_blocksize.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_result_size.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_meth_set_update.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" @@ -5054,8 +4845,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_check.3" @@ -5124,7 +4913,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" @@ -5157,11 +4945,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_cipher_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_digest.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_add_digest_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_delete_cipher_alias.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_delete_digest_alias.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" @@ -5298,8 +5081,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_cleanup.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_do_all_sorted.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_get.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_NAME_new_index.3" @@ -5308,8 +5089,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_new_nid.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/check_defer.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/obj_cleanup_defer.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_find_sigid_by_algs.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" @@ -5391,7 +5170,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" @@ -5403,7 +5181,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_dup.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_find.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" @@ -6096,10 +5873,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_METHOD_free.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_meth_data.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_default_method.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_meth_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" @@ -6258,7 +6031,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_purpose_inherit.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_depth.3" @@ -6292,6 +6064,7 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" +@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get1_objects.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" @@ -6485,32 +6258,18 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/mul.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/sqr.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_get0_data.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_length.3" @@ -6849,11 +6608,6 @@ uninstall-man: uninstall-man3 uninstall-man5 @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_strhash.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" -@ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3" @ENABLE_LIBTLS_ONLY_FALSE@ -rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3" diff --git a/man/OBJ_NAME_add.3 b/man/OBJ_NAME_add.3 index ad2ba808..0b46010c 100644 --- a/man/OBJ_NAME_add.3 +++ b/man/OBJ_NAME_add.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OBJ_NAME_add.3,v 1.5 2023/09/01 12:13:13 schwarze Exp $ +.\" $OpenBSD: OBJ_NAME_add.3,v 1.6 2024/01/31 08:02:53 tb Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 1 2023 $ +.Dd $Mdocdate: January 31 2024 $ .Dt OBJ_NAME_ADD 3 .Os .Sh NAME @@ -23,9 +23,7 @@ .Nm OBJ_NAME_get , .Nm OBJ_NAME_new_index , .Nm OBJ_NAME_init , -.Nm OBJ_NAME_cleanup , -.Nm OBJ_NAME_do_all , -.Nm OBJ_NAME_do_all_sorted +.Nm OBJ_NAME_cleanup .Nd global associative array .Sh SYNOPSIS .In openssl/objects.h @@ -63,19 +61,6 @@ typedef struct { const char *data; } OBJ_NAME; .Ed -.Pp -.Ft void -.Fo OBJ_NAME_do_all -.Fa "int type" -.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)" -.Fa "void *arg" -.Fc -.Ft void -.Fo OBJ_NAME_do_all_sorted -.Fa "int type" -.Fa "void (*fn)(const OBJ_NAME *pair, void *arg)" -.Fa "void *arg" -.Fc .Sh DESCRIPTION These functions implement a single, static associative array with the following properties: @@ -264,25 +249,6 @@ If the field is 0, the .Fa data field contains the value; otherwise, it contains the alias target name. -.Pp -.Fn OBJ_NAME_do_all -calls -.Fa fn -on every -.Fa pair -and alias in the array that has the given -.Fa type , -also passing the -.Fa arg -pointer. -.Fn OBJ_NAME_do_all_sorted -is similar except that it processes the pairs and aliases -in lexicographic order of their names as determined by -.Xr strcmp 3 , -ignoring any -.Fa cmp_func -that may be defined for the -.Fa type . .Sh RETURN VALUES .Fn OBJ_NAME_add and @@ -339,8 +305,3 @@ that requires more cleanup than merely calling .Xr free 3 on it, instances of the type need to begin with a magic number or string that cannot occur at the beginning of a name. -.Pp -.Fn OBJ_NAME_do_all_sorted -is unable to report errors. -If memory allocations fails, it does nothing at all -without telling the caller about the problem. diff --git a/man/OBJ_create.3 b/man/OBJ_create.3 index 7a6135e0..fa5bde3d 100644 --- a/man/OBJ_create.3 +++ b/man/OBJ_create.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OBJ_create.3,v 1.8 2023/09/06 12:26:59 schwarze Exp $ +.\" $OpenBSD: OBJ_create.3,v 1.10 2024/01/31 08:02:53 tb Exp $ .\" full merge up to: .\" OpenSSL OBJ_nid2obj.pod 9b86974e Aug 17 15:21:33 2015 -0400 .\" selective merge up to: @@ -69,7 +69,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 6 2023 $ +.Dd $Mdocdate: January 31 2024 $ .Dt OBJ_CREATE 3 .Os .Sh NAME @@ -78,9 +78,7 @@ .Nm OBJ_create , .\" OBJ_create_and_add_object is a deprecated, unused alias for OBJ_create(3). .Nm OBJ_create_objects , -.Nm obj_cleanup_defer , -.Nm OBJ_cleanup , -.Nm check_defer +.Nm OBJ_cleanup .Nd modify the table of ASN.1 object identifiers .Sh SYNOPSIS .In openssl/objects.h @@ -96,11 +94,8 @@ .Fc .Ft int .Fn OBJ_create_objects "BIO *in_bio" -.Vt extern int obj_cleanup_defer ; .Ft void .Fn OBJ_cleanup void -.Ft void -.Fn check_defer "int nid" .Sh DESCRIPTION .Fn OBJ_new_nid returns the smallest currently unassigned ASN.1 numeric @@ -154,16 +149,6 @@ or a similar function and then calling .Xr ASN1_OBJECT_free 3 on the returned pointer will have no effect. .Pp -The global variable -.Va obj_cleanup_defer -controls the behaviour of -.Fn OBJ_cleanup -and -.Xr EVP_cleanup 3 . -.Pp -If -.Va obj_cleanup_defer -has the default value of 0, .Fn OBJ_cleanup resets the internal object table to its default state, removing and freeing all objects that were added with @@ -171,47 +156,6 @@ removing and freeing all objects that were added with .Fn OBJ_create , or .Fn OBJ_create_objects . -Otherwise, -.Fn OBJ_cleanup -only sets -.Va obj_cleanup_defer -to 2, which defers the cleanup of the internal object table -to the next call of -.Xr EVP_cleanup 3 . -.Pp -By default, -.Xr EVP_cleanup 3 -has no effect on the internal object table. -Only if -.Va obj_cleanup_defer -is 2, it resets -.Va obj_cleanup_defer -to 0 and calls -.Fn OBJ_cleanup , -which then resets the table to its default state. -.Pp -The function -.Fn check_defer -sets -.Va obj_cleanup_defer -to 1 unless -.Fa nid -is a built-in numeric identifier, but it has no effect if -.Va obj_cleanup_defer -already differs from 0. -This function is called internally by various functions -in the EVP library, in particular by subroutines of -.Xr OpenSSL_add_all_ciphers 3 -and -.Xr OpenSSL_add_all_digests 3 . -.Pp -To reliably reset the internal object table no matter what the -current state may be, an application program needs to call both -.Fn OBJ_cleanup -and -.Xr EVP_cleanup 3 , -in this order. -The opposite order will usually not work. .Sh RETURN VALUES .Fn OBJ_new_nid returns the new NID. @@ -256,8 +200,6 @@ obj = OBJ_nid2obj(new_nid); .Ed .Sh SEE ALSO .Xr ASN1_OBJECT_new 3 , -.Xr EVP_cleanup 3 , -.Xr OBJ_NAME_add 3 , .Xr OBJ_nid2obj 3 .Sh HISTORY .Fn OBJ_new_nid , @@ -269,12 +211,6 @@ first appeared in SSLeay 0.8.0 and in SSLeay 0.9.0. These functions have been available since .Ox 2.4 . -.Pp -.Va obj_cleanup_defer -and -.Fn check_defer -first appeared in OpenSSL 1.0.0 and have been available since -.Ox 4.9 . .Sh CAVEATS .Fn OBJ_add_object indicates success even after adding an incomplete object that was created with diff --git a/man/OBJ_find_sigid_algs.3 b/man/OBJ_find_sigid_algs.3 index 9aeb54c9..1d7a2b64 100644 --- a/man/OBJ_find_sigid_algs.3 +++ b/man/OBJ_find_sigid_algs.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.1 2023/07/22 06:35:26 tb Exp $ +.\" $OpenBSD: OBJ_find_sigid_algs.3,v 1.2 2024/01/31 08:02:53 tb Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 22 2023 $ +.Dd $Mdocdate: January 31 2024 $ .Dt OBJ_FIND_SIGID_ALGS 3 .Os .Sh NAME @@ -82,7 +82,6 @@ is not built into the library. .Sh SEE ALSO .Xr EVP_cleanup 3 , .Xr OBJ_create 3 , -.Xr OBJ_NAME_add 3 , .Xr OBJ_nid2obj 3 .Sh HISTORY These functions first appeared in OpenSSL 1.0.0 diff --git a/man/OBJ_nid2obj.3 b/man/OBJ_nid2obj.3 index 4e420b83..ccab1ed3 100644 --- a/man/OBJ_nid2obj.3 +++ b/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OBJ_nid2obj.3,v 1.21 2023/09/05 13:50:22 schwarze Exp $ +.\" $OpenBSD: OBJ_nid2obj.3,v 1.22 2024/01/31 08:02:53 tb Exp $ .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 5 2023 $ +.Dd $Mdocdate: January 31 2024 $ .Dt OBJ_NID2OBJ 3 .Os .Sh NAME @@ -435,8 +435,7 @@ object = OBJ_txt2obj("1.2.3.4", 1); .Xr ASN1_OBJECT_new 3 , .Xr BIO_new 3 , .Xr d2i_ASN1_OBJECT 3 , -.Xr OBJ_create 3 , -.Xr OBJ_NAME_add 3 +.Xr OBJ_create 3 .Sh HISTORY .Fn OBJ_nid2obj , .Fn OBJ_nid2ln , diff --git a/man/OPENSSL_VERSION_NUMBER.3 b/man/OPENSSL_VERSION_NUMBER.3 index 06ca5584..76427a86 100644 --- a/man/OPENSSL_VERSION_NUMBER.3 +++ b/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.12 2019/06/06 01:06:58 schwarze Exp $ +.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.13 2023/11/16 20:17:04 schwarze Exp $ .\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 .\" .\" This file is a derived work. @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: November 16 2023 $ .Dt OPENSSL_VERSION_NUMBER 3 .Os .Sh NAME @@ -217,7 +217,7 @@ is an alias for and .Fn SSLeay for -.Dv OpenSSL_version_num . +.Fn OpenSSL_version_num . The legacy function .Fn SSLeay_version is similar to diff --git a/man/OPENSSL_config.3 b/man/OPENSSL_config.3 index 2960e238..f5f31571 100644 --- a/man/OPENSSL_config.3 +++ b/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_config.3,v 1.15 2019/06/14 13:41:31 schwarze Exp $ +.\" $OpenBSD: OPENSSL_config.3,v 1.16 2023/11/19 21:01:27 tb Exp $ .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: November 19 2023 $ .Dt OPENSSL_CONFIG 3 .Os .Sh NAME @@ -117,10 +117,9 @@ To use a non-standard configuration file, refer to Internally, .Fn OPENSSL_config calls -.Xr OPENSSL_init_crypto 3 , -.Xr OPENSSL_load_builtin_modules 3 , +.Xr OPENSSL_init_crypto 3 and -.Xr ENGINE_load_builtin_engines 3 . +.Xr OPENSSL_load_builtin_modules 3 . .Pp If an application is compiled with the preprocessor symbol .Dv OPENSSL_LOAD_CONF diff --git a/man/OPENSSL_load_builtin_modules.3 b/man/OPENSSL_load_builtin_modules.3 index bcfb363c..2b20efaf 100644 --- a/man/OPENSSL_load_builtin_modules.3 +++ b/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.6 2019/06/14 13:41:31 schwarze Exp $ +.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.8 2023/12/05 02:41:13 jsg Exp $ .\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,13 +48,12 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 14 2019 $ +.Dd $Mdocdate: December 5 2023 $ .Dt OPENSSL_LOAD_BUILTIN_MODULES 3 .Os .Sh NAME .Nm OPENSSL_load_builtin_modules , -.Nm ASN1_add_oid_module , -.Nm ENGINE_add_conf_module +.Nm ASN1_add_oid_module .Nd add standard configuration modules .Sh SYNOPSIS .In openssl/conf.h @@ -62,8 +61,6 @@ .Fn OPENSSL_load_builtin_modules void .Ft void .Fn ASN1_add_oid_module void -.Ft void -.Fn ENGINE_add_conf_module void .Sh DESCRIPTION The function .Fn OPENSSL_load_builtin_modules @@ -74,9 +71,6 @@ They can then be used by the OpenSSL configuration code. .Fn ASN1_add_oid_module adds just the ASN.1 OBJECT module. .Pp -.Fn ENGINE_add_conf_module -adds just the ENGINE configuration module. -.Pp If the simple configuration function .Xr OPENSSL_config 3 is called then diff --git a/man/OPENSSL_malloc.3 b/man/OPENSSL_malloc.3 index 87f8d81e..50886713 100644 --- a/man/OPENSSL_malloc.3 +++ b/man/OPENSSL_malloc.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_malloc.3,v 1.10 2022/11/06 18:31:15 tb Exp $ +.\" $OpenBSD: OPENSSL_malloc.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $ .\" .\" Copyright (c) 2016 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 6 2022 $ +.Dd $Mdocdate: November 16 2023 $ .Dt OPENSSL_MALLOC 3 .Os .Sh NAME @@ -83,6 +83,10 @@ standard and .Xr strdup 3 functions. +.Pp +The four +.Fn OPENSSL_* +functions are implemented as macros. .Sh RETURN VALUES These functions return the same type and value as the corresponding standard functions. diff --git a/man/OPENSSL_sk_new.3 b/man/OPENSSL_sk_new.3 index 5df45534..8f06bb42 100644 --- a/man/OPENSSL_sk_new.3 +++ b/man/OPENSSL_sk_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OPENSSL_sk_new.3,v 1.12 2021/03/12 05:18:00 jsg Exp $ +.\" $OpenBSD: OPENSSL_sk_new.3,v 1.13 2024/03/04 09:47:34 tb Exp $ .\" .\" Copyright (c) 2018 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: March 12 2021 $ +.Dd $Mdocdate: March 4 2024 $ .Dt OPENSSL_SK_NEW 3 .Os .Sh NAME @@ -27,7 +27,6 @@ .Nm sk_num , .Nm sk_value , .Nm sk_find , -.Nm sk_find_ex , .Nm sk_sort , .Nm sk_is_sorted , .Nm sk_push , @@ -80,11 +79,6 @@ .Fa "_STACK *stack" .Fa "void *wanted" .Fc -.Ft int -.Fo sk_find_ex -.Fa "_STACK *stack" -.Fa "void *wanted" -.Fc .Ft void .Fo sk_sort .Fa "_STACK *stack" @@ -245,16 +239,6 @@ first sorted with and instead of comparing pointers, two pointers are considered to match if the comparison function returns 0. .Pp -.Fn sk_find_ex -is identical to -.Fn sk_find -except that if the -.Fa stack -is not empty but no match is found, -the index of some pointer considered closest to -.Fa wanted -is returned. -.Pp .Fn sk_sort sorts the .Fa stack @@ -285,9 +269,8 @@ or or changing the comparison function sets the state to unsorted. If a comparison function is installed, calling .Fn sk_sort , -.Fn sk_find , or -.Fn sk_find_ex +.Fn sk_find sets the state to sorted. .Pp .Fn sk_push @@ -456,13 +439,6 @@ is a .Dv NULL pointer or if no match is found. .Pp -.Fn sk_find_ex -returns some index or \-1 if -.Fa stack -is a -.Dv NULL -pointer or empty. -.Pp .Fn sk_is_sorted returns 1 if the .Fa stack @@ -562,10 +538,6 @@ Both functions have been available since .Fn sk_is_sorted first appeared in OpenSSL 0.9.7e and has been available since .Ox 3.8 . -.Pp -.Fn sk_find_ex -first appeared in OpenSSL 0.9.8 and has been available since -.Ox 4.5 . .Sh BUGS Even if a comparison function is installed, empty stacks and stacks containing a single pointer are sometimes considered @@ -575,23 +547,7 @@ If a comparison function is installed, the concept of .Dq first match in .Fn sk_find -and -.Fn sk_find_ex is ill-defined because .Xr qsort 3 is not a stable sorting function. It is probably best to only assume that they return an arbitrary match. -.Pp -The concept of -.Dq closest -for -.Fn sk_find_ex -is even less clearly defined. -The match may sometimes be smaller and sometimes larger than -.Fa wanted , -even if both smaller and larger pointers exist in the -.Fa stack . -Besides, it is again ill-defined -which of several pointers that compare equal is selected. -It is probably best to not assume anything about the selection -for cases where there is no match. diff --git a/man/OpenSSL_add_all_algorithms.3 b/man/OpenSSL_add_all_algorithms.3 index 0c411208..88ecef97 100644 --- a/man/OpenSSL_add_all_algorithms.3 +++ b/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $ +.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.16 2024/03/04 19:04:47 tb Exp $ .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2023 $ +.Dd $Mdocdate: March 4 2024 $ .Dt OPENSSL_ADD_ALL_ALGORITHMS 3 .Os .Sh NAME @@ -117,9 +117,13 @@ including any that are unrelated to the EVP library. .Fn SSLeay_add_all_algorithms is a deprecated alias for .Fn OpenSSL_add_all_algorithms . +.Pp +.Fn OpenSSL_add_all_algorithms +and +.Fn SSLeay_add_all_algorithms +are implemented as macros. .Sh SEE ALSO .Xr evp 3 , -.Xr EVP_add_cipher 3 , .Xr EVP_DigestInit 3 , .Xr EVP_EncryptInit 3 , .Xr OBJ_cleanup 3 , diff --git a/man/RSA_check_key.3 b/man/RSA_check_key.3 index c1e6379a..36b613b3 100644 --- a/man/RSA_check_key.3 +++ b/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_check_key.3,v 1.9 2023/05/01 07:28:11 tb Exp $ +.\" $OpenBSD: RSA_check_key.3,v 1.10 2023/11/19 21:06:15 tb Exp $ .\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 .\" .\" This file was written by Ulf Moeller and @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 1 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_CHECK_KEY 3 .Os .Sh NAME @@ -92,27 +92,6 @@ key structure must contain all the private key data too. Therefore, it cannot be used with any arbitrary .Vt RSA key object, even if it is otherwise fit for regular RSA operation. -.Pp -Unlike most other RSA functions, this function does -.Sy not -work transparently with any underlying -.Vt ENGINE -implementation because it uses the key data in the -.Vt RSA -structure directly. -An -.Vt ENGINE -implementation can override the way key data is stored and handled, -and can even provide support for HSM keys - in which case the -.Vt RSA -structure may contain -.Sy no -key data at all! -If the -.Vt ENGINE -in question is only being used for acceleration or analysis purposes, -then in all likelihood the RSA key data is complete and untouched, -but this can't be assumed in the general case. .Sh RETURN VALUES .Fn RSA_check_key returns 1 if diff --git a/man/RSA_get_ex_new_index.3 b/man/RSA_get_ex_new_index.3 index 51a8f24c..5f1fb433 100644 --- a/man/RSA_get_ex_new_index.3 +++ b/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.12 2023/09/18 14:49:43 schwarze Exp $ +.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.13 2023/11/19 21:08:04 tb Exp $ .\" .\" Copyright (c) 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 18 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_GET_EX_NEW_INDEX 3 .Os .Sh NAME @@ -47,7 +47,7 @@ The following parent objects can have application specific data called .Dq ex_data attached to them: -.Vt BIO , DH , DSA , EC_KEY , ENGINE , RSA , +.Vt BIO , DH , DSA , EC_KEY , RSA , .Vt SSL , SSL_CTX , SSL_SESSION , UI , X509 , X509_STORE , and .Vt X509_STORE_CTX . diff --git a/man/RSA_new.3 b/man/RSA_new.3 index b4c595ff..f5c7929e 100644 --- a/man/RSA_new.3 +++ b/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_new.3,v 1.17 2022/07/13 21:51:35 schwarze Exp $ +.\" $OpenBSD: RSA_new.3,v 1.18 2023/11/19 21:03:22 tb Exp $ .\" full merge up to: .\" OpenSSL doc/man3/RSA_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 (final) @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_NEW 3 .Os .Sh NAME @@ -128,12 +128,8 @@ decrements the reference count by 1. If it reaches 0, it calls the optional .Fa finish function set up with -.Xr RSA_meth_set_finish 3 , -calls -.Xr ENGINE_finish 3 -if -.Fa rsa -uses an engine, and frees the +.Xr RSA_meth_set_finish 3 +and frees the .Vt RSA structure and its components. The key is erased before the memory is returned to the system. @@ -185,12 +181,8 @@ values are available. .Pp Note that RSA keys may use non-standard .Vt RSA_METHOD -implementations, either directly or by the use of -.Vt ENGINE -modules. -In some cases (e.g. an -.Vt ENGINE -providing support for hardware-embedded keys), these +implementations. +In some cases, these .Vt BIGNUM values will not be used by the implementation or may be used for alternative data storage. diff --git a/man/RSA_set_method.3 b/man/RSA_set_method.3 index 818b6482..ffe22c11 100644 --- a/man/RSA_set_method.3 +++ b/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.17 2023/05/14 09:33:19 tb Exp $ +.\" $OpenBSD: RSA_set_method.3,v 1.18 2023/11/19 10:34:26 tb Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2023 $ +.Dd $Mdocdate: November 19 2023 $ .Dt RSA_SET_METHOD 3 .Os .Sh NAME @@ -105,16 +105,9 @@ selects as the default method for all .Vt RSA structures created later. -If any -.Vt ENGINE -was registered with -.Xr ENGINE_register_RSA 3 -that can be successfully initialized, it overrides the default. .Pp .Fn RSA_get_default_method -returns a pointer to the current default method, -even if it is actually overridden by an -.Vt ENGINE . +returns a pointer to the current default method. .Pp .Fn RSA_set_method selects @@ -127,10 +120,7 @@ used by the RSA key, calling the .Fa finish function set up with .Xr RSA_meth_set_finish 3 -if any, and if the previous method was supplied by an -.Vt ENGINE , -.Xr ENGINE_finish 3 -is called on it. +if any. If .Fa meth contains an @@ -142,9 +132,7 @@ that function is called just before returning from .Pp It is possible to have RSA keys that only work with certain .Vt RSA_METHOD -implementations (e.g. from an -.Vt ENGINE -module that supports embedded hardware-protected keys), +implementations, and in such cases attempting to change the .Vt RSA_METHOD for the key can have unexpected results. @@ -154,12 +142,6 @@ returns a pointer to the .Vt RSA_METHOD being used by .Fa rsa . -This method may or may not be supplied by an -.Vt ENGINE -implementation but if it is, the return value can only be guaranteed -to be valid as long as the RSA key itself is valid and does not -have its implementation changed by -.Fn RSA_set_method . .Pp The misleadingly named function .Fn RSA_flags @@ -178,17 +160,10 @@ section for more details. .Fn RSA_new_method allocates and initializes an .Vt RSA -structure so that -.Fa engine -is used for the RSA operations. -If +structure. +The .Fa engine -is -.Dv NULL , -.Xr ENGINE_get_default_RSA 3 -is used. -If that returns -.Dv NULL , +argument is ignored and the default method controlled by .Fn RSA_set_default_method is used. @@ -224,9 +199,6 @@ and sets an error code that can be obtained by if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. .Sh SEE ALSO -.Xr ENGINE_get_default_RSA 3 , -.Xr ENGINE_register_RSA 3 , -.Xr ENGINE_set_default_RSA 3 , .Xr RSA_meth_new 3 , .Xr RSA_new 3 .Sh HISTORY diff --git a/man/X509_ALGOR_dup.3 b/man/X509_ALGOR_dup.3 index 2cfe3618..29fd9a60 100644 --- a/man/X509_ALGOR_dup.3 +++ b/man/X509_ALGOR_dup.3 @@ -1,9 +1,10 @@ -.\" $OpenBSD: X509_ALGOR_dup.3,v 1.16 2021/07/06 16:05:44 schwarze Exp $ +.\" $OpenBSD: X509_ALGOR_dup.3,v 1.22 2023/10/13 05:49:34 tb Exp $ .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" +.\" Copyright (c) 2023 Theo Buehler .\" Copyright (c) 2016 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -65,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 6 2021 $ +.Dd $Mdocdate: October 13 2023 $ .Dt X509_ALGOR_DUP 3 .Os .Sh NAME @@ -112,25 +113,59 @@ .Fa "const X509_ALGOR *b" .Fc .Sh DESCRIPTION -.Fn X509_ALGOR_new -allocates and initializes an empty +An .Vt X509_ALGOR -object, representing an ASN.1 +object represents an ASN.1 .Vt AlgorithmIdentifier structure defined in RFC 5280 section 4.1.1.2. -Such objects can specify a cryptographic algorithm together -with algorithm-specific parameters. -They are used by many other objects, for example certificates, +It specifies a cryptographic +.Fa algorithm +by an ASN.1 object identifier (OID) that can be obtained from +.Xr OBJ_nid2obj 3 , +together with optional algorithm-specific +.Fa parameters +of the type +.Vt ASN1_TYPE , +see +.Xr ASN1_TYPE_set 3 . +.Vt X509_ALGOR +objects are used by many other objects, for example certificates, certificate revocation lists, and certificate requests. .Pp +.Fn X509_ALGOR_new +allocates a new +.Vt X509_ALGOR +object containing the object that +.Xr OBJ_nid2obj 3 +returns for +.Dv NID_undef +as the +.Fa algorithm +and a +.Dv NULL +pointer as the +.Fa parameters . +.Pp .Fn X509_ALGOR_free frees -.Fa alg . +.Fa alg +and any data contained in it. +If +.Fa alg +is +.Dv NULL , +no action occurs. .Pp .Fn X509_ALGOR_dup -copies -.Fa alg -by calling +creates a deep copy of +.Fa alg . +It is implemented by calling +.Xr ASN1_item_dup 3 +with arguments of +.Dv X509_ALGOR_it +and +.Fa alg , +which is equivalent to calling .Xr i2d_X509_ALGOR 3 and .Xr d2i_X509_ALGOR 3 . @@ -147,8 +182,20 @@ with value If .Fa ptype is +.Dv V_ASN1_UNDEF , +the parameter is omitted and +.Fa pval +is ignored. +If +.Fa ptype +is zero, +.Fa pval +is ignored and the existing parameter is left unchanged, or if +.Fa alg +does not contain a parameter, a new, empty parameter of type .Dv V_ASN1_UNDEF -the parameter is omitted, otherwise +is added. +Otherwise .Fa ptype and .Fa pval @@ -158,27 +205,56 @@ and .Fa value parameters to .Xr ASN1_TYPE_set 3 . -All the supplied parameters are used internally so must -.Sy NOT -be freed after this call. +Ownership of +.Fa aobj +and, unless it is ignored, of +.Fa pval +is transferred to +.Fa alg +on success. .Pp .Fn X509_ALGOR_get0 -is the inverse of -.Fn X509_ALGOR_set0 : -it returns the algorithm OID in -.Pf * Fa paobj -and the associated parameter in -.Pf * Fa pptype +returns +.Fa alg Ns 's +algorithm OID in +.Pf * Fa paobj , +its parameter type in +.Pf * Fa pptype , +and its parameter value in +.Pf * Fa ppval . +Any of +.Fa paobj , +.Fa pptype , and -.Pf * Fa ppval -from -.Fa alg . +.Fa ppval +can be +.Dv NULL . +If +.Fa pptype is +.Dv NULL +or if +.Pf * Fa pptype +is +.Dv V_ASN1_UNDEF +then +.Pf * Fa ppval Ns 's +value is undefined. .Pp .Fn X509_ALGOR_set_md sets .Fa alg to appropriate values for the message digest .Fa md . +If the +.Dv EVP_MD_FLAG_DIGALGID_ABSENT +flag is not set on +.Fa md , +.Fn X509_ALGOR_set_md +can leave +.Fa alg +in a corrupted state due to memory allocation failure. +This problem can be avoided by preallocating with an error-checked call to +.Fn X509_ALGOR_set0 alg NULL 0 NULL . .Pp .Fn X509_ALGOR_cmp compares @@ -196,7 +272,11 @@ object or if an error occurs. .Pp .Fn X509_ALGOR_set0 -returns 1 for success or 0 for failure. +returns 1 for success or 0 if +.Fa alg +is +.Dv NULL +or memory allocation fails. .Pp .Fn X509_ALGOR_cmp returns 0 if @@ -208,6 +288,7 @@ have identical encodings or non-zero otherwise. .Xr ASN1_TYPE_set 3 , .Xr d2i_X509_ALGOR 3 , .Xr EVP_DigestInit 3 , +.Xr OBJ_nid2obj 3 , .Xr X509_get0_signature 3 , .Xr X509_new 3 , .Xr X509_PUBKEY_get0_param 3 , @@ -240,3 +321,6 @@ and has been available since .Fn X509_ALGOR_set_md first appeared in OpenSSL 1.0.1 and has been available since .Ox 5.3 . +.Sh BUGS +.Fn X509_ALGOR_set_md +can fail but cannot communicate failure to the caller. diff --git a/man/X509_CRL_METHOD_new.3 b/man/X509_CRL_METHOD_new.3 deleted file mode 100644 index f80ce743..00000000 --- a/man/X509_CRL_METHOD_new.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" $OpenBSD: X509_CRL_METHOD_new.3,v 1.1 2021/10/30 16:20:35 schwarze Exp $ -.\" -.\" Copyright (c) 2021 Ingo Schwarze -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: October 30 2021 $ -.Dt X509_CRL_METHOD_NEW 3 -.Os -.Sh NAME -.Nm X509_CRL_METHOD_new , -.Nm X509_CRL_METHOD_free , -.Nm X509_CRL_set_default_method , -.Nm X509_CRL_set_meth_data , -.Nm X509_CRL_get_meth_data -.Nd customize CRL handling -.Sh SYNOPSIS -.In openssl/x509.h -.Ft X509_CRL_METHOD * -.Fo X509_CRL_METHOD_new -.Fa "int (*crl_init)(X509_CRL *crl)" -.Fa "int (*crl_free)(X509_CRL *crl)" -.Fa "int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,\ - ASN1_INTEGER *ser, X509_NAME *issuer)" -.Fa "int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)" -.Fc -.Ft void -.Fn X509_CRL_METHOD_free "X509_CRL_METHOD *method" -.Ft void -.Fn X509_CRL_set_default_method "const X509_CRL_METHOD *method" -.Ft void -.Fn X509_CRL_set_meth_data "X509_CRL *crl" "void *data" -.Ft void * -.Fn X509_CRL_get_meth_data "X509_CRL *crl" -.Sh DESCRIPTION -These functions customize BER decoding and signature verification -of X.509 certificate revocation lists, -as well as retrieval of revoked entries from such lists. -.Pp -.Fn X509_CRL_METHOD_new -allocates and initializes a new -.Vt X509_CRL_METHOD -object, storing the four pointers to callback functions in it -that are provided as arguments. -.Pp -.Fn X509_CRL_METHOD_free -frees the given -.Fa method -object. -If -.Fa method -is a -.Dv NULL -pointer or points to the static object built into the library, -no action occurs. -.Pp -.Fn X509_CRL_set_default_method -designates the given -.Fa method -to be used for objects that will be created with -.Xr X509_CRL_new 3 -in the future. -It has no effect on -.Vt X509_CRL -objects that already exist. -If -.Fa method -is -.Dv NULL , -any previously installed method will no longer be used for new -.Vt X509_CRL -objects created in the future, and those future objects will adhere -to the default behaviour instead. -.Pp -The optional function -.Fn crl_init -will be called at the end of -.Xr d2i_X509_CRL 3 , -the optional function -.Fn crl_free -near the end of -.Xr X509_CRL_free 3 , -immediately before freeing -.Fa crl -itself. -The function -.Fn crl_lookup -will be called by -.Xr X509_CRL_get0_by_serial 3 , -setting -.Fa issuer -to -.Dv NULL , -and by -.Xr X509_CRL_get0_by_cert 3 , -both instead of performing the default action. -The function -.Fn crl_verify -will be called by -.Xr X509_CRL_verify 3 -instead of performing the default action. -.Pp -.Fn X509_CRL_set_meth_data -stores the pointer to the auxiliary -.Fa data -inside the -.Fa crl -object. -The pointer is expected to remain valid during the whole lifetime of the -.Fa crl -object but is not automatically freed when the -.Fa crl -object is freed. -.Pp -.Fn X509_CRL_get_meth_data -retrieves the -.Fa data -from -.Fa crl -the was added with -.Fn X509_CRL_set_meth_data . -This may for example be useful inside the four callback methods -installed with -.Fn X509_CRL_METHOD_new . -.Sh RETURN VALUES -.Fn X509_CRL_METHOD_new -returns a pointer to the new object or -.Dv NULL -if memory allocation fails. -.Pp -.Fn X509_CRL_get_meth_data -returns the pointer previously installed with -.Fn X509_CRL_set_meth_data -or -.Dv NULL -if -.Fn X509_CRL_set_meth_data -was not called on -.Fa crl . -.Pp -The callback functions -.Fn crl_init -and -.Fn crl_free -are supposed to return 1 for success or 0 for failure. -.Pp -The callback function -.Fn crl_lookup -is supposed to return 0 for failure or 1 for success, -except if the revoked entry has the reason -.Qq removeFromCRL , -in which case it is supposed to return 2. -.Pp -The callback function -.Fn crl_verify -is supposed to return 1 if the signature is valid -or 0 if the signature check fails. -If the signature could not be checked at all because it was invalid -or some other error occurred, \-1 may be returned. -.Sh SEE ALSO -.Xr ASN1_INTEGER_new 3 , -.Xr d2i_X509_CRL 3 , -.Xr EVP_PKEY_new 3 , -.Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_new 3 , -.Xr X509_CRL_verify 3 , -.Xr X509_NAME_new 3 , -.Xr X509_REVOKED_new 3 -.Sh HISTORY -These functions first appeared in OpenSSL 1.0.0 -and have been available since -.Ox 4.9 . diff --git a/man/X509_CRL_get0_by_serial.3 b/man/X509_CRL_get0_by_serial.3 index 865e86fe..f5edee60 100644 --- a/man/X509_CRL_get0_by_serial.3 +++ b/man/X509_CRL_get0_by_serial.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.12 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.13 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL cdd6c8c5 Mar 20 12:29:37 2017 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_CRL_GET0_BY_SERIAL 3 .Os .Sh NAME @@ -105,18 +105,6 @@ except that it looks for a revoked entry using the serial number of certificate .Fa x . .Pp -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time the -.Fa crl -object was created, -.Fn X509_CRL_get0_by_serial -and -.Fn X509_CRL_get0_by_cert -invoke the -.Fn crl_lookup -callback function instead of performing the default action. -.Pp .Fn X509_CRL_get_REVOKED returns an internal pointer to a stack of all revoked entries for .Fa crl . @@ -170,7 +158,6 @@ returns a STACK of revoked entries. .Xr X509_CRL_get_ext 3 , .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 , .Xr X509V3_get_d2i 3 diff --git a/man/X509_CRL_new.3 b/man/X509_CRL_new.3 index 82ba1826..f9355fcf 100644 --- a/man/X509_CRL_new.3 +++ b/man/X509_CRL_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_CRL_new.3,v 1.13 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: X509_CRL_new.3,v 1.14 2024/03/06 02:34:14 tb Exp $ .\" .\" Copyright (c) 2016, 2018, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_CRL_NEW 3 .Os .Sh NAME @@ -67,19 +67,6 @@ decrements the reference count of by 1. If the reference count reaches 0, it frees .Fa crl . -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time -.Fa crl -was created and the -.Fn crl_free -callback is not -.Dv NULL , -that callback is invoked near the end of -.Fn X509_CRL_free , -right before freeing -.Fa crl -itself. .Pp .Fn X509_CRL_INFO_new allocates and initializes an empty @@ -125,7 +112,6 @@ returns 1 on success or 0 on error. .Xr X509_CRL_get_issuer 3 , .Xr X509_CRL_get_version 3 , .Xr X509_CRL_match 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_print 3 , .Xr X509_CRL_sign 3 , .Xr X509_EXTENSION_new 3 , diff --git a/man/X509_STORE_CTX_set_flags.3 b/man/X509_STORE_CTX_set_flags.3 index 2ac76951..db991bd5 100644 --- a/man/X509_STORE_CTX_set_flags.3 +++ b/man/X509_STORE_CTX_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.6 2021/11/17 16:08:32 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_set_flags.3,v 1.7 2024/01/12 19:28:02 tb Exp $ .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 17 2021 $ +.Dd $Mdocdate: January 12 2024 $ .Dt X509_STORE_CTX_SET_FLAGS 3 .Os .Sh NAME @@ -76,7 +76,8 @@ .Nm X509_STORE_CTX_set_depth , .Nm X509_STORE_CTX_set_trust , .Nm X509_STORE_CTX_set_purpose , -.Nm X509_STORE_CTX_purpose_inherit , +.\" .Nm X509_STORE_CTX_purpose_inherit is intentionally undocumented +.\" because it will be removed in the next major bump. .Nm X509_STORE_CTX_get0_param , .Nm X509_STORE_CTX_set0_param , .Nm X509_STORE_CTX_set_default @@ -109,13 +110,6 @@ .Fa "X509_STORE_CTX *ctx" .Fa "int purpose" .Fc -.Ft int -.Fo X509_STORE_CTX_purpose_inherit -.Fa "X509_STORE_CTX *ctx" -.Fa "int def_purpose" -.Fa "int purpose" -.Fa "int trust" -.Fc .Ft X509_VERIFY_PARAM * .Fo X509_STORE_CTX_get0_param .Fa "X509_STORE_CTX *ctx" @@ -178,9 +172,6 @@ argument is 0 or invalid or the trust identifier is already set to a non-zero value in the .Vt X509_VERIFY_PARAM object, no action occurs. -Here and in the following, -.Dv X509_TRUST_DEFAULT -counts as invalid. .Pp .Fn X509_STORE_CTX_set_purpose sets the @@ -200,7 +191,7 @@ is called the .Pp The function fails if the .Fa purpose -argument or the associated trust is not 0 but invalid; otherwise, +argument or the associated trust is invalid but not 0; otherwise, .Fn X509_STORE_CTX_set_purpose also does the equivalent of calling .Fn X509_STORE_CTX_set_trust @@ -212,62 +203,6 @@ object, it is not changed, even if the .Fa purpose argument is valid, too. .Pp -.Fn X509_STORE_CTX_purpose_inherit -is similar to -.Fn X509_STORE_CTX_set_purpose , -with the following modifications: -.Bl -bullet -.It -If the -.Fa purpose -argument is 0, -.Fa def_purpose -is used instead. -.It -If the associated trust is -.Dv X509_TRUST_DEFAULT , -the trust associated with -.Fa def_purpose -is used instead, or if -.Fa def_purpose -is 0 or invalid, the function fails. -.It -If the -.Fa trust -argument is not 0, it is used instead of the associated trust, -and the equivalent of calling -.Fn X509_STORE_CTX_set_trust -is done even if both -.Fa purpose -and -.Fa def_purpose -are 0. -Even if the -.Fa trust -argument is not 0, if the (then unused) associated trust is -.Dv X509_TRUST_DEFAULT , -.Fa def_purpose -is still required to be valid. -.El -.Pp -Note that, even if all arguments are valid and the return value is 1, -it is possible that nothing changed, or that only either one of the -purpose and trust identifiers were set, or that both were set. -It can also happen that the purpose identifier gets set according to the -.Fa purpose -argument, but the trust identifier gets set according to the -.Fa def_purpose -argument in the same call. -.Pp -The intended way of using this function is to pass the purpose and -trust attributes of another structure of an arbitrary type as the -.Fa purpose -and -.Fa trust -arguments, and to provide -.Fa def_purpose -as a fallback in case the settings in the other structure are incomplete. -.Pp .Fn X509_STORE_CTX_get0_param retrieves an internal pointer to the verification parameters associated with @@ -293,7 +228,7 @@ and copies them using .Fn X509_STORE_CTX_set_trust returns 1 if the .Fa trust -argument is 0 or valid or 0 if it is not 0 but invalid. +argument is 0 or valid or 0 if it is invalid but not 0. A return value of 1 does .Em not imply that the trust identifier stored in the @@ -306,45 +241,9 @@ returns 1 if both the argument and the associated trust are 0 or valid. It returns 0 if either the .Fa purpose -argument or the associated trust is not 0 but invalid. +argument or the associated trust is invalid but not 0. A return value of 1 does not imply that any data was changed. .Pp -.Fn X509_STORE_CTX_purpose_inherit -returns 0 if: -.Bl -bullet -.It -The -.Fa purpose -argument is not 0 and invalid. -.It -The -.Fa purpose -argument is 0 and the -.Fa def_purpose -argument is not 0 and invalid. -.It -The associated trust is -.Dv X509_TRUST_DEFAULT -and the -.Fa def_purpose -argument is 0 or invalid, -or the trust identifier associated with it is not 0 but invalid. -.It -The -.Fa trust -argument is not 0 and invalid. -.It -The -.Fa trust -argument is 0 and the associated trust is neither 0 nor -.Dv X509_TRUST_DEFAULT -but invalid. -.El -.Pp -Otherwise, -.Fn X509_STORE_CTX_purpose_inherit -returns 1, which does not imply that any data was changed. -.Pp .Fn X509_STORE_CTX_get0_param returns a pointer to an .Vt X509_VERIFY_PARAM @@ -355,37 +254,26 @@ if an error occurred. .Fn X509_STORE_CTX_set_default returns 1 for success or 0 if an error occurred. .Sh ERRORS -For -.Fn X509_STORE_CTX_set_trust , -.Fn X509_STORE_CTX_set_purpose , -and -.Fn X509_STORE_CTX_purpose_inherit , -the following diagnostics can be retrieved with +The following diagnostics can be retrieved with .Xr ERR_get_error 3 , .Xr ERR_GET_REASON 3 , and .Xr ERR_reason_error_string 3 : .Bl -tag -width Ds .It Dv X509_R_UNKNOWN_TRUST_ID Qq "unknown trust id" -The +.Fn X509_STORE_CTX_set_trust +was called with a .Fa trust -argument or the trust identifier associated with +argument that is invalid but not 0. +Other implementations may also return this when +.Fn X509_STORE_CTX_set_purpose +is called with a .Fa purpose -or -.Fa def_purpose -is not 0 but invalid, +argument with invalid associated trust. .It Dv X509_R_UNKNOWN_PURPOSE_ID Qq "unknown purpose id" The .Fa purpose -argument is not 0 and invalid. -Or it is 0 and the -.Fa def_purpose -argument is not 0 and invalid. -Or the associated trust is -.Dv X509_TRUST_DEFAULT -and -.Fa def_purpose -is 0 or invalid. +argument is invalid but not 0. .El .Pp The other functions provide no diagnostics. @@ -405,10 +293,9 @@ The other functions provide no diagnostics. first appeared in OpenSSL 0.9.3 and has been available since .Ox 2.4 . .Pp -.Fn X509_STORE_CTX_set_trust , -.Fn X509_STORE_CTX_set_purpose , +.Fn X509_STORE_CTX_set_trust and -.Fn X509_STORE_CTX_purpose_inherit +.Fn X509_STORE_CTX_set_purpose first appeared in OpenSSL 0.9.5 and have been available since .Ox 2.7 . .Pp @@ -424,3 +311,26 @@ and .Fn X509_STORE_CTX_set_default first appeared in OpenSSL 0.9.8 and have been available since .Ox 4.5 . +.Sh CAVEATS +The precise effect of a successful call to +.Fn X509_STORE_CTX_set_trust +and +.Fn X509_STORE_CTX_set_purpose +is unclear unless only one of these functions is used immediately after +.Xr X509_STORE_CTX_init 3 . +It is therefore recommended to use +.Fn X509_STORE_CTX_get0_param , +.Xr X509_VERIFY_PARAM_set_trust 3 , +and +.Xr X509_VERIFY_PARAM_set_purpose 3 +instead. +.Pp +The confusingly named +.Dv X509_TRUST_DEFAULT +is less than +.Dv X509_TRUST_MIN +and different implementations treat it as valid or invalid +when used as an associated trust or as a +.Fa trust +argument for +.Fn X509_STORE_CTX_set_trust . diff --git a/man/X509_STORE_get_by_subject.3 b/man/X509_STORE_get_by_subject.3 index 3fb6c1c2..ee2ba07b 100644 --- a/man/X509_STORE_get_by_subject.3 +++ b/man/X509_STORE_get_by_subject.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.4 2023/08/10 14:15:16 schwarze Exp $ +.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.5 2023/11/16 20:27:43 schwarze Exp $ .\" .\" Copyright (c) 2021, 2023 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 10 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt X509_STORE_GET_BY_SUBJECT 3 .Os .Sh NAME @@ -160,7 +160,7 @@ encourage checking of validity times, CAs with a valid time are preferred, but if no matching CA has a valid time, one with an invalid time is accepted anyway. .Pp -The following are deprecated aliases: +The following are deprecated aliases implemented as macros: .Bl -column X509_STORE_get_by_subject F X509_STORE_CTX_get_by_subject .It Fn X509_STORE_get_by_subject Ta for Ta Fn X509_STORE_CTX_get_by_subject .It Fn X509_STORE_get1_certs Ta for Ta Fn X509_STORE_CTX_get1_certs diff --git a/man/X509_STORE_load_locations.3 b/man/X509_STORE_load_locations.3 index f38eeb66..b9ecbc3d 100644 --- a/man/X509_STORE_load_locations.3 +++ b/man/X509_STORE_load_locations.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_load_locations.3,v 1.10 2021/11/12 14:05:28 schwarze Exp $ +.\" $OpenBSD: X509_STORE_load_locations.3,v 1.11 2024/03/06 10:07:47 tb Exp $ .\" full merge up to: .\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 .\" @@ -16,7 +16,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 12 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_STORE_LOAD_LOCATIONS 3 .Os .Sh NAME @@ -122,7 +122,7 @@ already contains an .Vt X509_LOOKUP object using the given .Fa method ; -if it does, no action occurs. +if it does, the existing object is returned and no other action occurs. Otherwise, a new .Vt X509_LOOKUP object is allocated, added, and returned. @@ -148,6 +148,7 @@ In particular, parse errors or lack of memory can cause failure. returns the existing or new lookup object or .Dv NULL on failure. +This is an internal pointer that must not be freed. With LibreSSL, the only reason for failure is lack of memory. .Sh FILES .Bl -tag -width Ds diff --git a/man/X509_STORE_set1_param.3 b/man/X509_STORE_set1_param.3 index 354d8738..85d308c3 100644 --- a/man/X509_STORE_set1_param.3 +++ b/man/X509_STORE_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.19 2021/10/18 18:20:39 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.21 2024/03/04 09:24:07 tb Exp $ .\" content checked up to: .\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 .\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 @@ -17,7 +17,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 18 2021 $ +.Dd $Mdocdate: March 4 2024 $ .Dt X509_STORE_SET1_PARAM 3 .Os .Sh NAME @@ -29,6 +29,7 @@ .Nm X509_STORE_add_cert , .Nm X509_STORE_add_crl , .Nm X509_STORE_get0_param , +.Nm X509_STORE_get1_objects , .Nm X509_STORE_get0_objects , .Nm X509_STORE_get_ex_new_index , .Nm X509_STORE_set_ex_data , @@ -76,6 +77,10 @@ .Fa "X509_STORE *store" .Fc .Ft STACK_OF(X509_OBJECT) * +.Fo X509_STORE_get1_objects +.Fa "X509_STORE *store" +.Fc +.Ft STACK_OF(X509_OBJECT) * .Fo X509_STORE_get0_objects .Fa "X509_STORE *store" .Fc @@ -145,6 +150,8 @@ Their usage is identical to that of .Xr RSA_set_ex_data 3 , and .Xr RSA_get_ex_data 3 . +.Fn X509_STORE_get_ex_new_index +is implemented as a macro. .Sh RETURN VALUES .Fn X509_STORE_set1_param , .Fn X509_STORE_set_purpose , @@ -179,10 +186,35 @@ or if memory allocation fails. .Fn X509_STORE_get0_param returns an internal pointer to the verification parameter object contained in the +.Fa store . +The returned pointer must not be freed by the calling application. +.Pp +.Fn X509_STORE_get1_objects +returns a newly allocated stack containing +the certificates, revocation lists, and private keys in .Fa store , +as well as cached objects added by +.Xr X509_LOOKUP_hash_dir 3 . +The caller must release the result with +.Xr sk_pop_free 3 +and +.Xr X509_OBJECT_free 3 +when done. +.Pp .Fn X509_STORE_get0_objects -to the stack of certificates, revocation lists, and private keys. -The returned pointers must not be freed by the calling application. +is a deprecated function returning an internal pointer to +the stack of certificates, revocation lists, and private keys contained in +.Fa store . +The returned pointer must not be modified or freed by the calling application. +This function is not thread-safe. +If +.Fa store +is shared across multiple threads, callers cannot safely inspect the result of +this function, because another thread may have concurrently added to it. +In particular, +.Xr X509_LOOKUP_hash_dir 3 +treats this list as a cache and may add to it in the course of certificate +verification. .Pp .Fn X509_STORE_get_ex_new_index returns a new index or \-1 on failure. @@ -230,3 +262,7 @@ and .Fn X509_STORE_get_ex_data first appeared in OpenSSL 1.1.0 and have been available since .Ox 6.3 . +.Pp +X509_STORE_get1_objects +first appeared in BoringSSL and has been available since +.Ox 7.5 . diff --git a/man/X509_cmp_time.3 b/man/X509_cmp_time.3 index 0f2afdad..bb430dfb 100644 --- a/man/X509_cmp_time.3 +++ b/man/X509_cmp_time.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_cmp_time.3,v 1.11 2021/11/12 14:34:57 schwarze Exp $ +.\" $OpenBSD: X509_cmp_time.3,v 1.12 2024/03/05 18:30:40 tb Exp $ .\" full merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 12 2021 $ +.Dd $Mdocdate: March 5 2024 $ .Dt X509_CMP_TIME 3 .Os .Sh NAME @@ -108,8 +108,6 @@ .Fn X509_cmp_time parses .Fa asn1_time -with -.Xr ASN1_time_parse 3 and compares it to .Fa cmp_time , or to the current time if @@ -182,7 +180,6 @@ structure or on error. .Sh SEE ALSO .Xr ASN1_TIME_new 3 , -.Xr ASN1_time_parse 3 , .Xr ASN1_TIME_set 3 , .Xr time 3 .Sh HISTORY diff --git a/man/X509_get0_notBefore.3 b/man/X509_get0_notBefore.3 index 53b18d59..5e5c08b7 100644 --- a/man/X509_get0_notBefore.3 +++ b/man/X509_get0_notBefore.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_get0_notBefore.3,v 1.6 2023/06/06 16:20:13 schwarze Exp $ +.\" $OpenBSD: X509_get0_notBefore.3,v 1.7 2024/03/05 18:30:40 tb Exp $ .\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000 .\" .\" Copyright (c) 2018, 2020 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 6 2023 $ +.Dd $Mdocdate: March 5 2024 $ .Dt X509_GET0_NOTBEFORE 3 .Os .Sh NAME @@ -230,7 +230,6 @@ determining reasons for failure with .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr ASN1_TIME_set 3 , -.Xr ASN1_TIME_set_tm 3 , .Xr X509_cmp_time 3 , .Xr X509_CRL_get0_by_serial 3 , .Xr X509_CRL_new 3 , diff --git a/man/X509_sign.3 b/man/X509_sign.3 index 52890207..059d92ba 100644 --- a/man/X509_sign.3 +++ b/man/X509_sign.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_sign.3,v 1.10 2023/04/28 15:51:18 job Exp $ +.\" $OpenBSD: X509_sign.3,v 1.11 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 28 2023 $ +.Dd $Mdocdate: March 6 2024 $ .Dt X509_SIGN 3 .Os .Sh NAME @@ -145,16 +145,6 @@ and .Fn X509_CRL_verify sign and verify certificate requests and CRLs, respectively. .Pp -If -.Xr X509_CRL_set_default_method 3 -was in effect at the time the -.Vt X509_CRL -object was created, -.Fn X509_CRL_verify -calls the -.Fn crl_verify -callback function instead of performing the default action. -.Pp .Fn X509_sign_ctx is used where the default parameters for the corresponding public key and digest are not suitable. @@ -183,7 +173,6 @@ In some cases of failure, the reason can be determined with .Xr d2i_X509 3 , .Xr EVP_DigestInit 3 , .Xr X509_CRL_get0_by_serial 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_get_pubkey 3 , .Xr X509_get_subject_name 3 , diff --git a/man/bn_dump.3 b/man/bn_dump.3 index cfe707b7..b4272441 100644 --- a/man/bn_dump.3 +++ b/man/bn_dump.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bn_dump.3,v 1.8 2023/01/20 12:16:46 jsing Exp $ +.\" $OpenBSD: bn_dump.3,v 1.9 2023/11/16 18:10:19 schwarze Exp $ .\" full merge up to: .\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 20 2023 $ +.Dd $Mdocdate: November 16 2023 $ .Dt BN_DUMP 3 .Os .Sh NAME @@ -64,28 +64,12 @@ .Nm bn_mul_comba8 , .Nm bn_sqr_comba4 , .Nm bn_sqr_comba8 , -.Nm bn_cmp_words , .Nm bn_mul_normal , -.Nm bn_mul_recursive , -.Nm bn_mul_part_recursive , -.Nm bn_sqr_normal , -.Nm bn_sqr_recursive , .Nm bn_expand , -.Nm bn_wexpand , -.Nm bn_expand2 , -.Nm bn_fix_top , -.Nm bn_check_top , -.Nm bn_print , -.Nm bn_dump , -.Nm bn_set_max , -.Nm bn_set_high , -.Nm bn_set_low , -.Nm mul , -.Nm mul_add , -.Nm sqr +.Nm bn_wexpand .Nd BIGNUM library internal functions .Sh SYNOPSIS -.In openssl/bn.h +.Fd #include "bn_local.h" .Ft BN_ULONG .Fo bn_mul_words .Fa "BN_ULONG *rp" @@ -148,12 +132,6 @@ .Fa "BN_ULONG *r" .Fa "BN_ULONG *a" .Fc -.Ft int -.Fo bn_cmp_words -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fc .Ft void .Fo bn_mul_normal .Fa "BN_ULONG *r" @@ -162,60 +140,6 @@ .Fa "BN_ULONG *b" .Fa "int nb" .Fc -.Ft void -.Fo bn_mul_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n2" -.Fa "int dna" -.Fa "int dnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_mul_part_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "BN_ULONG *b" -.Fa "int n" -.Fa "int tna" -.Fa "int tnb" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_normal -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo bn_sqr_recursive -.Fa "BN_ULONG *r" -.Fa "BN_ULONG *a" -.Fa "int n2" -.Fa "BN_ULONG *tmp" -.Fc -.Ft void -.Fo mul -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo mul_add -.Fa "BN_ULONG r" -.Fa "BN_ULONG a" -.Fa "BN_ULONG w" -.Fa "BN_ULONG c" -.Fc -.Ft void -.Fo sqr -.Fa "BN_ULONG r0" -.Fa "BN_ULONG r1" -.Fa "BN_ULONG a" -.Fc .Ft BIGNUM * .Fo bn_expand .Fa "BIGNUM *a" @@ -226,46 +150,8 @@ .Fa "BIGNUM *a" .Fa "int n" .Fc -.Ft BIGNUM * -.Fo bn_expand2 -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_fix_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_check_top -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_print -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_dump -.Fa "BN_ULONG *d" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_max -.Fa "BIGNUM *a" -.Fc -.Ft void -.Fo bn_set_high -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc -.Ft void -.Fo bn_set_low -.Fa "BIGNUM *r" -.Fa "BIGNUM *a" -.Fa "int n" -.Fc .Sh DESCRIPTION -This page documents the internal functions used by the OpenSSL +This page documents some internal functions used by the .Vt BIGNUM implementation. They are described here to facilitate debugging and extending the @@ -327,16 +213,12 @@ is a bit field of flags which are defined in .In openssl/bn.h . The flags begin with .Dv BN_FLG_ . -The macros -.Fn BN_set_flags b n +The functions +.Xr BN_set_flags 3 and -.Fn BN_get_flags b n -exist to enable or fetch flag(s) -.Fa n -from a -.Vt BIGNUM -structure -.Fa b . +.Xr BN_get_flags 3 +enable or inspect +.Fa flags . .Pp Various routines in this library require the use of temporary .Vt BIGNUM @@ -488,18 +370,6 @@ and the 16 word array .Pp The following functions are implemented in C: .Pp -.Fn bn_cmp_words a b n -operates on the -.Fa n -word arrays -.Fa a -and -.Fa b . -It returns 1, 0 and -1 if -.Fa a -is greater than, equal and less than -.Fa b . -.Pp .Fn bn_mul_normal r a na b nb operates on the .Fa na @@ -518,103 +388,15 @@ It computes and places the result in .Fa r . .Pp -.Fn bn_mul_recursive r a b n2 dna dnb t -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n2 Ns + Ns Fa dna -and -.Fa n2 Ns + Ns Fa dnb -.Pf ( Fa dna -and -.Fa dnb -are currently allowed to be 0 or negative) and the -.Pf 2* Fa n2 -word arrays -.Fa r -and -.Sy t . -.Fa n2 -must be a power of 2. -It computes -.Fa a Ns * Ns Fa b -and places the result in -.Fa r . -.Pp -.Fn bn_mul_part_recursive r a b n tna tnb tmp -operates on the word arrays -.Fa a -and -.Fa b -of length -.Fa n Ns + Ns Fa tna -and -.Fa n Ns + Ns Fa tnb -and the -.Pf 4* Fa n -word arrays -.Fa r -and -.Fa tmp . -.Pp .Xr BN_mul 3 calls -.Fn bn_mul_normal , -or an optimized implementation if the factors have the same size: +.Fn bn_mul_comba4 +if both factors are 4 words long, .Fn bn_mul_comba8 -is used if they are 8 words long, -.Fn bn_mul_recursive -if they are larger than -.Dv BN_MULL_SIZE_NORMAL -and the size is an exact multiple of the word size, and -.Fn bn_mul_part_recursive -for others that are larger than -.Dv BN_MULL_SIZE_NORMAL . -.Pp -.Fn bn_sqr_normal r a n tmp -operates on the -.Fa n -word array -.Fa a -and the -.Pf 2* Fa n -word arrays -.Fa tmp -and -.Fa r . -.Pp -The implementations use the following macros which, depending on the -architecture, may use -.Vt long long -C operations or inline assembler. -They are defined in -.Pa bn_lcl.h . -.Pp -.Fn mul r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn mul_add r a w c -computes -.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c -and places the low word of the result in -.Fa r -and the high word in -.Fa c . -.Pp -.Fn sqr r0 r1 a -computes -.Fa a Ns * Ns Fa a -and places the low word of the result in -.Fa r0 -and the high word in -.Fa r1 . +if both factors are 8 words long, +or +.Fn bn_mul_normal +otherwise. .Ss Size changes .Fn bn_expand ensures that @@ -628,71 +410,6 @@ ensures that has enough space for an .Fa n word number. -If the number has to be expanded, both macros call -.Fn bn_expand2 , -which allocates a new -.Fa d -array and copies the data. -They return -.Dv NULL -on error, -.Fa b -otherwise. -.Pp -The -.Fn bn_fix_top -macro reduces -.Fa a Ns -> Ns Fa top -to point to the most significant non-zero word plus one when -.Fa a -has shrunk. -.Ss Debugging -.Fn bn_check_top -verifies that -.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) . -A violation will cause the program to abort. -.Pp -.Fn bn_print -prints -.Fa a -to -.Dv stderr . -.Fn bn_dump -prints -.Fa n -words at -.Fa d -(in reverse order, i.e.\& -most significant word first) to -.Dv stderr . -.Pp -.Fn bn_set_max -makes -.Fa a -a static number with a -.Fa dmax -of its current size. -This is used by -.Fn bn_set_low -and -.Fn bn_set_high -to make -.Fa r -a read-only -.Vt BIGNUM -that contains the -.Fa n -low or high words of -.Fa a . -.Pp -If -.Dv BN_DEBUG -is not defined, -.Fn bn_check_top , -.Fn bn_print , -.Fn bn_dump -and -.Fn bn_set_max -are defined as empty macros. +They return 0 on error or 1 otherwise. .Sh SEE ALSO .Xr BN_new 3 diff --git a/man/d2i_ASN1_OCTET_STRING.3 b/man/d2i_ASN1_OCTET_STRING.3 index 6d79ae40..d544af0f 100644 --- a/man/d2i_ASN1_OCTET_STRING.3 +++ b/man/d2i_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.19 2022/09/12 14:36:09 tb Exp $ +.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.20 2024/02/13 12:38:43 job Exp $ .\" .\" Copyright (c) 2017 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 12 2022 $ +.Dd $Mdocdate: February 13 2024 $ .Dt D2I_ASN1_OCTET_STRING 3 .Os .Sh NAME @@ -452,3 +452,10 @@ and .Fn i2d_ASN1_GENERALSTRING first appeared in OpenSSL 0.9.7 and have been available since .Ox 3.2 . +.Sh CAVEATS +Other implementations may accept or emit invalid DER encodings of +GeneralizedTime and UTCTime. +Portable applications should use +.Fn ASN1_STRING_length +to double check whether a given GeneralizedTime or UTCTime object is at least +15 or 13 bytes, respectively. diff --git a/man/d2i_X509_CRL.3 b/man/d2i_X509_CRL.3 index a0a19b4f..948c283b 100644 --- a/man/d2i_X509_CRL.3 +++ b/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: d2i_X509_CRL.3,v 1.8 2021/10/30 16:20:35 schwarze Exp $ +.\" $OpenBSD: d2i_X509_CRL.3,v 1.9 2024/03/06 02:34:14 tb Exp $ .\" .\" Copyright (c) 2016, 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2021 $ +.Dd $Mdocdate: March 6 2024 $ .Dt D2I_X509_CRL 3 .Os .Sh NAME @@ -96,15 +96,6 @@ decode and encode an ASN.1 .Vt CertificateList structure defined in RFC 5280 section 5.1. .Pp -If -.Xr X509_CRL_set_default_method 3 -is in effect and the -.Fn crl_init -callback is not -.Dv NULL , -that callback is invoked at the end of -.Fn d2i_X509_CRL . -.Pp .Fn d2i_X509_CRL_bio , .Fn d2i_X509_CRL_fp , .Fn i2d_X509_CRL_bio , @@ -132,7 +123,6 @@ the revokedCertificates field of the ASN.1 structure. .Sh SEE ALSO .Xr ASN1_item_d2i 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_CRL_new 3 , .Xr X509_REVOKED_new 3 .Sh STANDARDS diff --git a/man/evp.3 b/man/evp.3 index b29f7648..0222dd66 100644 --- a/man/evp.3 +++ b/man/evp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: evp.3,v 1.24 2023/09/09 14:39:09 schwarze Exp $ +.\" $OpenBSD: evp.3,v 1.29 2024/03/06 02:34:14 tb Exp $ .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file was written by Ulf Moeller , @@ -51,7 +51,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 9 2023 $ +.Dd $Mdocdate: March 6 2024 $ .Dt EVP 3 .Os .Sh NAME @@ -156,30 +156,6 @@ example, PBKDF2 from PCKS#5). The .Xr EVP_EncodeInit 3 family of functions provides base64 encoding and decoding. -.Pp -All the symmetric algorithms (ciphers), digests and asymmetric -algorithms (public key algorithms) can be replaced by -.Vt ENGINE -modules providing alternative implementations; see -.Xr ENGINE_register_RSA 3 -and the related manual pages for more information. -If -.Vt ENGINE -implementations of ciphers or digests are registered as defaults, -then the various EVP functions will automatically use those -implementations in preference to built in software implementations. -.Pp -Although low-level algorithm specific functions exist for many -algorithms, their use is discouraged. -They cannot be used with an -.Vt ENGINE , -and -.Vt ENGINE -versions of new algorithms cannot be accessed using the low-level -functions. -Using them also makes code harder to adapt to new algorithms, some -options are not cleanly supported at the low level, and some -operations are more efficient using the high-level interfaces. .Sh SEE ALSO .Xr ASN1_item_digest 3 , .Xr ASN1_item_sign 3 , @@ -191,9 +167,6 @@ operations are more efficient using the high-level interfaces. .Xr crypto 3 , .Xr d2i_PKCS8PrivateKey_bio 3 , .Xr d2i_PrivateKey 3 , -.Xr ENGINE_get_cipher 3 , -.Xr ENGINE_register_RSA 3 , -.Xr EVP_add_cipher 3 , .Xr EVP_AEAD_CTX_init 3 , .Xr EVP_aes_128_cbc 3 , .Xr EVP_BytesToKey 3 , @@ -201,6 +174,7 @@ operations are more efficient using the high-level interfaces. .Xr EVP_chacha20 3 , .Xr EVP_CIPHER_CTX_ctrl 3 , .Xr EVP_CIPHER_CTX_get_cipher_data 3 , +.Xr EVP_CIPHER_CTX_init 3 , .Xr EVP_CIPHER_CTX_set_flags 3 , .Xr EVP_CIPHER_do_all 3 , .Xr EVP_CIPHER_meth_new 3 , @@ -212,7 +186,6 @@ operations are more efficient using the high-level interfaces. .Xr EVP_EncodeInit 3 , .Xr EVP_EncryptInit 3 , .Xr EVP_MD_CTX_ctrl 3 , -.Xr EVP_MD_meth_new 3 , .Xr EVP_MD_nid 3 , .Xr EVP_OpenInit 3 , .Xr EVP_PKCS82PKEY 3 , @@ -261,7 +234,6 @@ operations are more efficient using the high-level interfaces. .Xr SSL_CTX_set_tlsext_ticket_key_cb 3 , .Xr X509_ALGOR_set_md 3 , .Xr X509_check_private_key 3 , -.Xr X509_CRL_METHOD_new 3 , .Xr X509_digest 3 , .Xr X509_get_pubkey 3 , .Xr X509_PUBKEY_set 3 , diff --git a/man/lh_new.3 b/man/lh_new.3 index c848eed8..2550a7d2 100644 --- a/man/lh_new.3 +++ b/man/lh_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: lh_new.3,v 1.9 2022/03/31 17:27:17 naddy Exp $ +.\" $OpenBSD: lh_new.3,v 1.13 2024/03/05 22:15:29 tb Exp $ .\" full merge up to: .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400 .\" selective merge up to: @@ -118,7 +118,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: March 5 2024 $ .Dt LH_NEW 3 .Os .Sh NAME @@ -342,15 +342,8 @@ lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); lh_STUFF_free(hashtable); .Ed .Pp -When doing this, be careful if you delete entries from the hash table in -your callbacks: the table may decrease in size, moving the item that you -are currently on down lower in the hash table \(em this could cause some -entries to be skipped during the iteration. -The second best solution to this problem is to set hash->down_load=0 -before you start (which will stop the hash table ever decreasing in -size). -The best solution is probably to avoid deleting items from the hash -table inside a doall callback! +A callback may delete entries from the hash table, however, it is +not safe to insert new entries. .Pp .Fn lh__doall_arg is the same as @@ -386,8 +379,6 @@ lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO, .Pp .Fn lh__error can be used to determine if an error occurred in the last operation. -.Fn lh__error -is a macro. .Sh RETURN VALUES .Fn lh__new returns @@ -526,8 +517,7 @@ routine would not normally be passed to rather it would be used in the function passed to .Fn lh__new . .Sh SEE ALSO -.Xr crypto 3 , -.Xr lh_stats 3 +.Xr crypto 3 .Sh HISTORY .Fn lh_new , .Fn lh_free , diff --git a/man/lh_stats.3 b/man/lh_stats.3 deleted file mode 100644 index 5041721f..00000000 --- a/man/lh_stats.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" $OpenBSD: lh_stats.3,v 1.7 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL e2f92610 May 18 11:44:05 2016 -0400 -.\" -.\" -------------------------------------------------------------------------- -.\" Major patches to this file were contributed by -.\" Ulf Moeller . -.\" -------------------------------------------------------------------------- -.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" -------------------------------------------------------------------------- -.\" Parts of this file are derived from SSLeay documentation, -.\" which is covered by the following Copyright and license: -.\" -------------------------------------------------------------------------- -.\" -.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) -.\" All rights reserved. -.\" -.\" This package is an SSL implementation written -.\" by Eric Young (eay@cryptsoft.com). -.\" The implementation was written so as to conform with Netscapes SSL. -.\" -.\" This library is free for commercial and non-commercial use as long as -.\" the following conditions are aheared to. The following conditions -.\" apply to all code found in this distribution, be it the RC4, RSA, -.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation -.\" included with this distribution is covered by the same copyright terms -.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). -.\" -.\" Copyright remains Eric Young's, and as such any Copyright notices in -.\" the code are not to be removed. -.\" If this package is used in a product, Eric Young should be given -.\" attribution as the author of the parts of the library used. -.\" This can be in the form of a textual message at program startup or -.\" in documentation (online or textual) provided with the package. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" "This product includes cryptographic software written by -.\" Eric Young (eay@cryptsoft.com)" -.\" The word 'cryptographic' can be left out if the rouines from the -.\" library being used are not cryptographic related :-). -.\" 4. If you include any Windows specific code (or a derivative thereof) -.\" from the apps directory (application code) you must include an -.\" acknowledgement: "This product includes software written by -.\" Tim Hudson (tjh@cryptsoft.com)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" The licence and distribution terms for any publically available version or -.\" derivative of this code cannot be changed. i.e. this code cannot simply be -.\" copied and put under another distribution licence -.\" [including the GNU Public Licence.] -.\" -.Dd $Mdocdate: March 29 2020 $ -.Dt LH_STATS 3 -.Os -.Sh NAME -.Nm lh_stats , -.Nm lh_node_stats , -.Nm lh_node_usage_stats , -.Nm lh_stats_bio , -.Nm lh_node_stats_bio , -.Nm lh_node_usage_stats_bio -.Nd LHASH statistics -.Sh SYNOPSIS -.In openssl/lhash.h -.Ft void -.Fo lh_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_node_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_node_usage_stats -.Fa "LHASH *table" -.Fa "FILE *out" -.Fc -.Ft void -.Fo lh_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Ft void -.Fo lh_node_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Ft void -.Fo lh_node_usage_stats_bio -.Fa "LHASH *table" -.Fa "BIO *out" -.Fc -.Sh DESCRIPTION -The -.Vt LHASH -structure records statistics about most aspects of accessing the hash -table. -.Pp -.Fn lh_stats -prints out statistics on the size of the hash table, how many entries -are in it, and the number and result of calls to the routines in this -library. -.Pp -.Fn lh_node_stats -prints the number of entries for each 'bucket' in the hash table. -.Pp -.Fn lh_node_usage_stats -prints out a short summary of the state of the hash table. -It prints the 'load' and the 'actual load'. -The load is the average number of data items per 'bucket' in the hash -table. -The 'actual load' is the average number of items per 'bucket', but only -for buckets which contain entries. -So the 'actual load' is the average number of searches that will need to -find an item in the hash table, while the 'load' is the average number -that will be done to record a miss. -.Pp -.Fn lh_stats_bio , -.Fn lh_node_stats_bio , -and -.Fn lh_node_usage_stats_bio -are the same as the above, except that the output goes to a -.Vt BIO . -.Sh SEE ALSO -.Xr BIO_new 3 , -.Xr lh_new 3 -.Sh HISTORY -.Fn lh_stats , -.Fn lh_node_stats , -.Fn lh_node_usage_stats -appeared in SSLeay 0.4. -.Fn lh_stats_bio , -.Fn lh_node_stats_bio , -and -.Fn lh_node_usage_stats_bio -first appeared in SSLeay 0.6.0. -These functions have been available since -.Ox 2.4 . -.Sh AUTHORS -.An Eric Young diff --git a/man/openssl.cnf.5 b/man/openssl.cnf.5 index 48ca66cf..05295cbb 100644 --- a/man/openssl.cnf.5 +++ b/man/openssl.cnf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $ +.\" $OpenBSD: openssl.cnf.5,v 1.10 2023/11/19 10:23:53 tb Exp $ .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 .\" @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: November 19 2023 $ .Dt OPENSSL.CNF 5 .Os .Sh NAME @@ -192,13 +192,9 @@ openssl_conf = openssl_init [openssl_init] oid_section = new_oids -engines = engine_section [new_oids] \&... new oids here ... - -[engine_section] -\&... engine stuff here ... .Ed .Pp The features of each configuration module are described below. @@ -228,106 +224,6 @@ comma and the numerical OID form. For example: .Pp .Dl shortName = some object long name, 1.2.3.4 -.Ss Engine Configuration Module -This ENGINE configuration module has the name -.Ic engines . -The value of this variable points to a section containing further ENGINE -configuration information. -.Pp -The section pointed to by -.Ic engines -is a table of engine names (though see -.Ic engine_id -below) and further sections containing configuration information -specific to each ENGINE. -.Pp -Each ENGINE specific section is used to set default algorithms, load -dynamic ENGINEs, perform initialization and send ctrls. -The actual operation performed depends on the command -name which is the name of the name value pair. -The currently supported commands are listed below. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section -# Configure ENGINE named "bar" -bar = bar_section - -[foo_section] -\&... foo ENGINE specific commands ... - -[bar_section] -\&... "bar" ENGINE specific commands ... -.Ed -.Pp -The command -.Ic engine_id -is used to give the ENGINE name. -If used, this command must be first. -For example: -.Bd -literal -offset indent -[engine_section] -# This would normally handle an ENGINE named "foo" -foo = foo_section - -[foo_section] -# Override default name and use "myfoo" instead. -engine_id = myfoo -.Ed -.Pp -The command -.Ic dynamic_path -loads and adds an ENGINE from the given path. -It is equivalent to sending the ctrls -.Sy SO_PATH -with the path argument followed by -.Sy LIST_ADD -with value 2 and -.Sy LOAD -to the dynamic ENGINE. -If this is not the required behaviour then alternative ctrls can be sent -directly to the dynamic ENGINE using ctrl commands. -.Pp -The command -.Ic init -determines whether to initialize the ENGINE. -If the value is 0, the ENGINE will not be initialized. -If it is 1, an attempt is made to initialized the ENGINE immediately. -If the -.Ic init -command is not present, then an attempt will be made to initialize -the ENGINE after all commands in its section have been processed. -.Pp -The command -.Ic default_algorithms -sets the default algorithms an ENGINE will supply using the functions -.Xr ENGINE_set_default_string 3 . -.Pp -If the name matches none of the above command names, it is assumed -to be a ctrl command which is sent to the ENGINE. -The value of the command is the argument to the ctrl command. -If the value is the string -.Cm EMPTY , -then no value is sent to the command. -.Pp -For example: -.Bd -literal -offset indent -[engine_section] -# Configure ENGINE named "foo" -foo = foo_section - -[foo_section] -# Load engine from DSO -dynamic_path = /some/path/fooengine.so -# A foo specific ctrl. -some_ctrl = some_value -# Another ctrl that doesn't take a value. -other_ctrl = EMPTY -# Supply all default algorithms -default_algorithms = ALL -.Ed .Sh FILES .Bl -tag -width /etc/ssl/openssl.cnf -compact .It Pa /etc/ssl/openssl.cnf @@ -393,7 +289,6 @@ openssl_conf = openssl_conf_section [openssl_conf_section] # Configuration module list -alg_section = evp_sect oid_section = new_oids [new_oids] diff --git a/scripts/test b/scripts/test index 97e316e0..a6a4489e 100644 --- a/scripts/test +++ b/scripts/test @@ -13,6 +13,8 @@ fi # generate source tree ./autogen.sh +VERSION=`cat VERSION` + if [ "$ARCH" = "" ]; then ARCH=`uname -m` fi @@ -26,8 +28,8 @@ if [ `uname` = "Darwin" ]; then make -j 4 distcheck # test cmake - tar zxvf libressl-*.tar.gz - cd libressl-* + tar zxvf libressl-$VERSION.tar.gz + cd libressl-$VERSION ( mkdir build-static @@ -57,8 +59,8 @@ elif [ "$ARCH" = "native" ]; then # make distribution make -j 4 distcheck - tar zxvf libressl-*.tar.gz - cd libressl-* + tar zxvf libressl-$VERSION.tar.gz + cd libressl-$VERSION # test cmake and ninja diff --git a/ssl/CMakeLists.txt b/ssl/CMakeLists.txt index 9ba2a9e6..9be9e998 100644 --- a/ssl/CMakeLists.txt +++ b/ssl/CMakeLists.txt @@ -8,7 +8,6 @@ set( pqueue.c s3_cbc.c s3_lib.c - ssl_algs.c ssl_asn1.c ssl_both.c ssl_cert.c @@ -79,7 +78,7 @@ target_include_directories(bs_obj ../include/compat) if(BUILD_SHARED_LIBS) - add_library(ssl $ $) + add_library(ssl $ $ $) else() add_library(ssl $ empty.c) endif() diff --git a/ssl/Makefile.am b/ssl/Makefile.am index 9acacd7b..dca98e21 100644 --- a/ssl/Makefile.am +++ b/ssl/Makefile.am @@ -58,7 +58,6 @@ libssl_la_SOURCES += d1_srtp.c libssl_la_SOURCES += pqueue.c libssl_la_SOURCES += s3_cbc.c libssl_la_SOURCES += s3_lib.c -libssl_la_SOURCES += ssl_algs.c libssl_la_SOURCES += ssl_asn1.c libssl_la_SOURCES += ssl_both.c libssl_la_SOURCES += ssl_cert.c diff --git a/ssl/Makefile.in b/ssl/Makefile.in index dbd2862d..089771a9 100644 --- a/ssl/Makefile.in +++ b/ssl/Makefile.in @@ -151,25 +151,24 @@ libssl_la_DEPENDENCIES = $(abs_top_builddir)/crypto/libcrypto.la \ am_libssl_la_OBJECTS = libssl_la-bio_ssl.lo libssl_la-d1_both.lo \ libssl_la-d1_lib.lo libssl_la-d1_pkt.lo libssl_la-d1_srtp.lo \ libssl_la-pqueue.lo libssl_la-s3_cbc.lo libssl_la-s3_lib.lo \ - libssl_la-ssl_algs.lo libssl_la-ssl_asn1.lo \ - libssl_la-ssl_both.lo libssl_la-ssl_cert.lo \ - libssl_la-ssl_ciph.lo libssl_la-ssl_ciphers.lo \ - libssl_la-ssl_clnt.lo libssl_la-ssl_err.lo \ - libssl_la-ssl_init.lo libssl_la-ssl_kex.lo \ - libssl_la-ssl_lib.lo libssl_la-ssl_methods.lo \ - libssl_la-ssl_packet.lo libssl_la-ssl_pkt.lo \ - libssl_la-ssl_rsa.lo libssl_la-ssl_seclevel.lo \ - libssl_la-ssl_sess.lo libssl_la-ssl_sigalgs.lo \ - libssl_la-ssl_srvr.lo libssl_la-ssl_stat.lo \ - libssl_la-ssl_tlsext.lo libssl_la-ssl_transcript.lo \ - libssl_la-ssl_txt.lo libssl_la-ssl_versions.lo \ - libssl_la-t1_enc.lo libssl_la-t1_lib.lo \ - libssl_la-tls_buffer.lo libssl_la-tls_content.lo \ - libssl_la-tls_key_share.lo libssl_la-tls_lib.lo \ - libssl_la-tls12_key_schedule.lo libssl_la-tls12_lib.lo \ - libssl_la-tls12_record_layer.lo libssl_la-tls13_client.lo \ - libssl_la-tls13_error.lo libssl_la-tls13_handshake.lo \ - libssl_la-tls13_handshake_msg.lo \ + libssl_la-ssl_asn1.lo libssl_la-ssl_both.lo \ + libssl_la-ssl_cert.lo libssl_la-ssl_ciph.lo \ + libssl_la-ssl_ciphers.lo libssl_la-ssl_clnt.lo \ + libssl_la-ssl_err.lo libssl_la-ssl_init.lo \ + libssl_la-ssl_kex.lo libssl_la-ssl_lib.lo \ + libssl_la-ssl_methods.lo libssl_la-ssl_packet.lo \ + libssl_la-ssl_pkt.lo libssl_la-ssl_rsa.lo \ + libssl_la-ssl_seclevel.lo libssl_la-ssl_sess.lo \ + libssl_la-ssl_sigalgs.lo libssl_la-ssl_srvr.lo \ + libssl_la-ssl_stat.lo libssl_la-ssl_tlsext.lo \ + libssl_la-ssl_transcript.lo libssl_la-ssl_txt.lo \ + libssl_la-ssl_versions.lo libssl_la-t1_enc.lo \ + libssl_la-t1_lib.lo libssl_la-tls_buffer.lo \ + libssl_la-tls_content.lo libssl_la-tls_key_share.lo \ + libssl_la-tls_lib.lo libssl_la-tls12_key_schedule.lo \ + libssl_la-tls12_lib.lo libssl_la-tls12_record_layer.lo \ + libssl_la-tls13_client.lo libssl_la-tls13_error.lo \ + libssl_la-tls13_handshake.lo libssl_la-tls13_handshake_msg.lo \ libssl_la-tls13_key_schedule.lo libssl_la-tls13_legacy.lo \ libssl_la-tls13_lib.lo libssl_la-tls13_quic.lo \ libssl_la-tls13_record.lo libssl_la-tls13_record_layer.lo \ @@ -204,7 +203,6 @@ am__depfiles_remade = ./$(DEPDIR)/bs_ber.Plo ./$(DEPDIR)/bs_cbb.Plo \ ./$(DEPDIR)/libssl_la-pqueue.Plo \ ./$(DEPDIR)/libssl_la-s3_cbc.Plo \ ./$(DEPDIR)/libssl_la-s3_lib.Plo \ - ./$(DEPDIR)/libssl_la-ssl_algs.Plo \ ./$(DEPDIR)/libssl_la-ssl_asn1.Plo \ ./$(DEPDIR)/libssl_la-ssl_both.Plo \ ./$(DEPDIR)/libssl_la-ssl_cert.Plo \ @@ -446,11 +444,11 @@ noinst_HEADERS = bytestring.h hidden/ssl_namespace.h \ tls12_internal.h tls13_internal.h tls13_handshake.h \ tls13_record.h libssl_la_SOURCES = bio_ssl.c d1_both.c d1_lib.c d1_pkt.c d1_srtp.c \ - pqueue.c s3_cbc.c s3_lib.c ssl_algs.c ssl_asn1.c ssl_both.c \ - ssl_cert.c ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_err.c \ - ssl_init.c ssl_kex.c ssl_lib.c ssl_methods.c ssl_packet.c \ - ssl_pkt.c ssl_rsa.c ssl_seclevel.c ssl_sess.c ssl_sigalgs.c \ - ssl_srvr.c ssl_stat.c ssl_tlsext.c ssl_transcript.c ssl_txt.c \ + pqueue.c s3_cbc.c s3_lib.c ssl_asn1.c ssl_both.c ssl_cert.c \ + ssl_ciph.c ssl_ciphers.c ssl_clnt.c ssl_err.c ssl_init.c \ + ssl_kex.c ssl_lib.c ssl_methods.c ssl_packet.c ssl_pkt.c \ + ssl_rsa.c ssl_seclevel.c ssl_sess.c ssl_sigalgs.c ssl_srvr.c \ + ssl_stat.c ssl_tlsext.c ssl_transcript.c ssl_txt.c \ ssl_versions.c t1_enc.c t1_lib.c tls_buffer.c tls_content.c \ tls_key_share.c tls_lib.c tls12_key_schedule.c tls12_lib.c \ tls12_record_layer.c tls13_client.c tls13_error.c \ @@ -561,7 +559,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-pqueue.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-s3_cbc.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-s3_lib.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-ssl_algs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-ssl_asn1.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-ssl_both.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_la-ssl_cert.Plo@am__quote@ # am--include-marker @@ -692,13 +689,6 @@ libssl_la-s3_lib.lo: s3_lib.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libssl_la-s3_lib.lo `test -f 's3_lib.c' || echo '$(srcdir)/'`s3_lib.c -libssl_la-ssl_algs.lo: ssl_algs.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libssl_la-ssl_algs.lo -MD -MP -MF $(DEPDIR)/libssl_la-ssl_algs.Tpo -c -o libssl_la-ssl_algs.lo `test -f 'ssl_algs.c' || echo '$(srcdir)/'`ssl_algs.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libssl_la-ssl_algs.Tpo $(DEPDIR)/libssl_la-ssl_algs.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ssl_algs.c' object='libssl_la-ssl_algs.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libssl_la-ssl_algs.lo `test -f 'ssl_algs.c' || echo '$(srcdir)/'`ssl_algs.c - libssl_la-ssl_asn1.lo: ssl_asn1.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libssl_la-ssl_asn1.lo -MD -MP -MF $(DEPDIR)/libssl_la-ssl_asn1.Tpo -c -o libssl_la-ssl_asn1.lo `test -f 'ssl_asn1.c' || echo '$(srcdir)/'`ssl_asn1.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libssl_la-ssl_asn1.Tpo $(DEPDIR)/libssl_la-ssl_asn1.Plo @@ -1145,7 +1135,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/libssl_la-pqueue.Plo -rm -f ./$(DEPDIR)/libssl_la-s3_cbc.Plo -rm -f ./$(DEPDIR)/libssl_la-s3_lib.Plo - -rm -f ./$(DEPDIR)/libssl_la-ssl_algs.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_asn1.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_both.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_cert.Plo @@ -1245,7 +1234,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/libssl_la-pqueue.Plo -rm -f ./$(DEPDIR)/libssl_la-s3_cbc.Plo -rm -f ./$(DEPDIR)/libssl_la-s3_lib.Plo - -rm -f ./$(DEPDIR)/libssl_la-ssl_algs.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_asn1.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_both.Plo -rm -f ./$(DEPDIR)/libssl_la-ssl_cert.Plo diff --git a/ssl/VERSION b/ssl/VERSION index f3d740eb..20ff5f60 100644 --- a/ssl/VERSION +++ b/ssl/VERSION @@ -1 +1 @@ -55:0:0 +56:0:0 diff --git a/ssl/hidden/openssl/ssl.h b/ssl/hidden/openssl/ssl.h index e4ec6d62..aa946ad2 100644 --- a/ssl/hidden/openssl/ssl.h +++ b/ssl/hidden/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.4 2023/07/28 09:53:55 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.6 2024/03/02 11:48:55 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -111,8 +111,6 @@ LSSL_USED(SSL_want); LSSL_USED(SSL_clear); LSSL_USED(SSL_CTX_flush_sessions); LSSL_USED(SSL_get_current_cipher); -LSSL_USED(SSL_CIPHER_get_by_id); -LSSL_USED(SSL_CIPHER_get_by_value); LSSL_USED(SSL_CIPHER_get_bits); LSSL_USED(SSL_CIPHER_get_version); LSSL_USED(SSL_CIPHER_get_name); @@ -360,7 +358,6 @@ LSSL_USED(SSL_COMP_add_compression_method); LSSL_USED(SSL_set_session_ticket_ext); LSSL_USED(SSL_set_session_ticket_ext_cb); LSSL_USED(SSL_set_session_secret_cb); -LSSL_USED(SSL_set_debug); LSSL_USED(SSL_cache_hit); LSSL_USED(SSL_set_security_level); LSSL_USED(SSL_get_security_level); diff --git a/ssl/hidden/openssl/tls1.h b/ssl/hidden/openssl/tls1.h index de93f9aa..e7c57219 100644 --- a/ssl/hidden/openssl/tls1.h +++ b/ssl/hidden/openssl/tls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls1.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */ +/* $OpenBSD: tls1.h,v 1.2 2024/03/02 11:44:47 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -28,5 +28,7 @@ LSSL_USED(SSL_get_servername); LSSL_USED(SSL_get_servername_type); LSSL_USED(SSL_export_keying_material); +LSSL_USED(SSL_get_peer_signature_type_nid); +LSSL_USED(SSL_get_signature_type_nid); #endif /* _LIBSSL_TLS1_H */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7ab68801..6ebe2605 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.246 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.251 2024/03/02 11:46:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,6 +150,7 @@ #include #include +#include #include #include @@ -576,41 +577,6 @@ const SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* GOST Ciphersuites */ - - /* Cipher 81 */ - { - .valid = 1, - .name = "GOST2001-GOST89-GOST89", - .id = 0x3000081, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST01, - .algorithm_enc = SSL_eGOST2814789CNT, - .algorithm_mac = SSL_GOST89MAC, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94| - TLS1_STREAM_MAC, - .strength_bits = 256, - .alg_bits = 256 - }, - - /* Cipher 83 */ - { - .valid = 1, - .name = "GOST2001-NULL-GOST94", - .id = 0x3000083, - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST01, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_GOST94, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94, - .strength_bits = 0, - .alg_bits = 0 - }, - #ifndef OPENSSL_NO_CAMELLIA /* Camellia ciphersuites from RFC4132 (256-bit portion) */ @@ -1361,40 +1327,6 @@ const SSL_CIPHER ssl3_ciphers[] = { .alg_bits = 256, }, - /* Cipher FF85 FIXME IANA */ - { - .valid = 1, - .name = "GOST2012256-GOST89-GOST89", - .id = 0x300ff85, /* FIXME IANA */ - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST01, - .algorithm_enc = SSL_eGOST2814789CNT, - .algorithm_mac = SSL_GOST89MAC, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_HIGH, - .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| - TLS1_STREAM_MAC, - .strength_bits = 256, - .alg_bits = 256 - }, - - /* Cipher FF87 FIXME IANA */ - { - .valid = 1, - .name = "GOST2012256-NULL-STREEBOG256", - .id = 0x300ff87, /* FIXME IANA */ - .algorithm_mkey = SSL_kGOST, - .algorithm_auth = SSL_aGOST01, - .algorithm_enc = SSL_eNULL, - .algorithm_mac = SSL_STREEBOG256, - .algorithm_ssl = SSL_TLSV1, - .algo_strength = SSL_STRONG_NONE, - .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, - .strength_bits = 0, - .alg_bits = 0 - }, - - /* end of list */ }; @@ -1413,18 +1345,26 @@ ssl3_get_cipher(unsigned int u) return (NULL); } +static int +ssl3_cipher_id_cmp(const void *id, const void *cipher) +{ + unsigned long a = *(const unsigned long *)id; + unsigned long b = ((const SSL_CIPHER *)cipher)->id; + + return a < b ? -1 : a > b; +} + const SSL_CIPHER * -ssl3_get_cipher_by_id(unsigned int id) +ssl3_get_cipher_by_id(unsigned long id) { - const SSL_CIPHER *cp; - SSL_CIPHER c; + const SSL_CIPHER *cipher; - c.id = id; - cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); - if (cp != NULL && cp->valid == 1) - return (cp); + cipher = bsearch(&id, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(*cipher), + ssl3_cipher_id_cmp); + if (cipher != NULL && cipher->valid == 1) + return cipher; - return (NULL); + return NULL; } const SSL_CIPHER * @@ -2030,6 +1970,7 @@ SSL_get_signature_type_nid(const SSL *s, int *nid) return 1; } +LSSL_ALIAS(SSL_get_signature_type_nid); int SSL_get_peer_signature_type_nid(const SSL *s, int *nid) @@ -2046,6 +1987,7 @@ SSL_get_peer_signature_type_nid(const SSL *s, int *nid) return 1; } +LSSL_ALIAS(SSL_get_peer_signature_type_nid); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) @@ -2652,6 +2594,10 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, return (ret); } +#define SSL3_CT_RSA_SIGN 1 +#define SSL3_CT_RSA_FIXED_DH 3 +#define SSL3_CT_ECDSA_SIGN 64 + int ssl3_get_req_cert_types(SSL *s, CBB *cbb) { @@ -2659,21 +2605,6 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) alg_k = s->s3->hs.cipher->algorithm_mkey; -#ifndef OPENSSL_NO_GOST - if ((alg_k & SSL_kGOST) != 0) { - if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN)) - return 0; - if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN)) - return 0; - if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) - return 0; - if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN_COMPAT)) - return 0; - if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN_COMPAT)) - return 0; - } -#endif - if ((alg_k & SSL_kDHE) != 0) { if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH)) return 0; @@ -2686,7 +2617,7 @@ ssl3_get_req_cert_types(SSL *s, CBB *cbb) * ECDSA certs can be used with RSA cipher suites as well * so we don't need to check for SSL_kECDH or SSL_kECDHE. */ - if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) + if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN)) return 0; return 1; diff --git a/ssl/ssl.sym b/ssl/ssl.sym index 9f261bb9..ee7477f3 100644 --- a/ssl/ssl.sym +++ b/ssl/ssl.sym @@ -23,8 +23,6 @@ SSL_CIPHER_description SSL_CIPHER_find SSL_CIPHER_get_auth_nid SSL_CIPHER_get_bits -SSL_CIPHER_get_by_id -SSL_CIPHER_get_by_value SSL_CIPHER_get_cipher_nid SSL_CIPHER_get_digest_nid SSL_CIPHER_get_id @@ -222,6 +220,7 @@ SSL_get_peer_cert_chain SSL_get_peer_certificate SSL_get_peer_finished SSL_get_peer_quic_transport_params +SSL_get_peer_signature_type_nid SSL_get_privatekey SSL_get_quiet_shutdown SSL_get_rbio @@ -235,6 +234,7 @@ SSL_get_servername_type SSL_get_session SSL_get_shared_ciphers SSL_get_shutdown +SSL_get_signature_type_nid SSL_get_srtp_profiles SSL_get_ssl_method SSL_get_verify_callback @@ -284,7 +284,6 @@ SSL_set_cipher_list SSL_set_ciphersuites SSL_set_client_CA_list SSL_set_connect_state -SSL_set_debug SSL_set_ex_data SSL_set_fd SSL_set_generate_session_id diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c deleted file mode 100644 index 684697df..00000000 --- a/ssl/ssl_algs.c +++ /dev/null @@ -1,125 +0,0 @@ -/* $OpenBSD: ssl_algs.c,v 1.32 2023/07/08 16:40:13 beck Exp $ */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#include -#include -#include - -#include "ssl_local.h" - -int -SSL_library_init(void) -{ - -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); -#endif -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); -#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__)) - EVP_add_cipher(EVP_rc4_hmac_md5()); -#endif -#endif -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_cbc()); - /* Not actually used for SSL/TLS but this makes PKCS#12 work - * if an application only calls SSL_library_init(). - */ - EVP_add_cipher(EVP_rc2_40_cbc()); -#endif - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_128_gcm()); - EVP_add_cipher(EVP_aes_256_gcm()); - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_256_cbc()); -#endif -#ifndef OPENSSL_NO_GOST - EVP_add_cipher(EVP_gost2814789_cfb64()); - EVP_add_cipher(EVP_gost2814789_cnt()); -#endif - - EVP_add_digest(EVP_md5()); - EVP_add_digest(EVP_md5_sha1()); - EVP_add_digest_alias(SN_md5, "ssl2-md5"); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); - - EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); -#ifndef OPENSSL_NO_GOST - EVP_add_digest(EVP_gostr341194()); - EVP_add_digest(EVP_gost2814789imit()); - EVP_add_digest(EVP_streebog256()); - EVP_add_digest(EVP_streebog512()); -#endif - - return (1); -} -LSSL_ALIAS(SSL_library_init); diff --git a/ssl/ssl_both.c b/ssl/ssl_both.c index 14d9aa85..995f1c46 100644 --- a/ssl/ssl_both.c +++ b/ssl/ssl_both.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_both.c,v 1.46 2023/07/07 08:53:55 tb Exp $ */ +/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -384,9 +384,6 @@ ssl_cert_type(EVP_PKEY *pkey) switch (EVP_PKEY_id(pkey)) { case EVP_PKEY_EC: return SSL_PKEY_ECC; - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2001_cc: - return SSL_PKEY_GOST01; case EVP_PKEY_RSA: case EVP_PKEY_RSA_PSS: return SSL_PKEY_RSA; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a2880502..5b2fe1a4 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_cert.c,v 1.107 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -233,10 +233,6 @@ ssl_cert_dup(SSL_CERT *cert) /* We have an ECC key */ break; - case SSL_PKEY_GOST01: - /* We have a GOST key */ - break; - default: /* Can't happen. */ SSLerrorx(SSL_R_LIBRARY_BUG); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b735cd7b..45d7889b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.136 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.140 2024/03/02 11:45:51 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -142,13 +142,10 @@ #include +#include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" #define CIPHER_ADD 1 @@ -215,10 +212,6 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_ECDH, .algorithm_mkey = SSL_kECDHE, }, - { - .name = SSL_TXT_kGOST, - .algorithm_mkey = SSL_kGOST, - }, /* server authentication aliases */ { @@ -245,14 +238,6 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_ECDSA, .algorithm_auth = SSL_aECDSA, }, - { - .name = SSL_TXT_aGOST01, - .algorithm_auth = SSL_aGOST01, - }, - { - .name = SSL_TXT_aGOST, - .algorithm_auth = SSL_aGOST01, - }, /* aliases combining key exchange and server authentication */ { @@ -358,14 +343,6 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_SHA, .algorithm_mac = SSL_SHA1, }, - { - .name = SSL_TXT_GOST94, - .algorithm_mac = SSL_GOST94, - }, - { - .name = SSL_TXT_GOST89MAC, - .algorithm_mac = SSL_GOST89MAC, - }, { .name = SSL_TXT_SHA256, .algorithm_mac = SSL_SHA256, @@ -374,10 +351,6 @@ static const SSL_CIPHER cipher_aliases[] = { .name = SSL_TXT_SHA384, .algorithm_mac = SSL_SHA384, }, - { - .name = SSL_TXT_STREEBOG256, - .algorithm_mac = SSL_STREEBOG256, - }, /* protocol version aliases */ { @@ -475,11 +448,6 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, case SSL_CAMELLIA256: *enc = EVP_camellia_256_cbc(); break; -#ifndef OPENSSL_NO_GOST - case SSL_eGOST2814789CNT: - *enc = EVP_gost2814789_cnt(); - break; -#endif } switch (ss->cipher->algorithm_mac) { @@ -495,21 +463,11 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, case SSL_SHA384: *md = EVP_sha384(); break; -#ifndef OPENSSL_NO_GOST - case SSL_GOST89MAC: - *md = EVP_gost2814789imit(); - break; - case SSL_GOST94: - *md = EVP_gostr341194(); - break; - case SSL_STREEBOG256: - *md = EVP_streebog256(); - break; -#endif } if (*enc == NULL || *md == NULL) return 0; + /* XXX remove these from ssl_cipher_get_evp? */ /* * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not * supported via EVP_CIPHER (they should be using EVP_AEAD instead). @@ -518,18 +476,9 @@ ssl_cipher_get_evp(const SSL_SESSION *ss, const EVP_CIPHER **enc, return 0; if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE) return 0; -#ifndef OPENSSL_NO_GOST - /* XXX JFC. die in fire already */ - if (ss->cipher->algorithm_mac == SSL_GOST89MAC) { - *mac_pkey_type = EVP_PKEY_GOSTIMIT; - *mac_secret_size = 32; /* XXX */ - } else { -#endif - *mac_pkey_type = EVP_PKEY_HMAC; - *mac_secret_size = EVP_MD_size(*md); -#ifndef OPENSSL_NO_GOST - } -#endif + + *mac_pkey_type = EVP_PKEY_HMAC; + *mac_secret_size = EVP_MD_size(*md); return 1; } @@ -584,14 +533,6 @@ ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md) case SSL_HANDSHAKE_MAC_DEFAULT: *md = EVP_md5_sha1(); return 1; -#ifndef OPENSSL_NO_GOST - case SSL_HANDSHAKE_MAC_GOST94: - *md = EVP_gostr341194(); - return 1; - case SSL_HANDSHAKE_MAC_STREEBOG256: - *md = EVP_streebog256(); - return 1; -#endif case SSL_HANDSHAKE_MAC_SHA256: *md = EVP_sha256(); return 1; @@ -644,6 +585,7 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, *head = curr; } +/* XXX beck: remove this in a followon to removing GOST */ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl) @@ -654,16 +596,6 @@ ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mac = 0; *ssl = 0; - /* - * Check for the availability of GOST 34.10 public/private key - * algorithms. If they are not available disable the associated - * authentication and key exchange algorithms. - */ - if (EVP_PKEY_meth_find(NID_id_GostR3410_2001) == NULL) { - *auth |= SSL_aGOST01; - *mkey |= SSL_kGOST; - } - #ifdef SSL_FORBID_ENULL *enc |= SSL_eNULL; #endif @@ -1409,20 +1341,6 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, return ret; } -const SSL_CIPHER * -SSL_CIPHER_get_by_id(unsigned int id) -{ - return ssl3_get_cipher_by_id(id); -} -LSSL_ALIAS(SSL_CIPHER_get_by_id); - -const SSL_CIPHER * -SSL_CIPHER_get_by_value(uint16_t value) -{ - return ssl3_get_cipher_by_value(value); -} -LSSL_ALIAS(SSL_CIPHER_get_by_value); - char * SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) { @@ -1458,9 +1376,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kECDHE: kx = "ECDH"; break; - case SSL_kGOST: - kx = "GOST"; - break; case SSL_kTLS1_3: kx = "TLSv1.3"; break; @@ -1481,9 +1396,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aECDSA: au = "ECDSA"; break; - case SSL_aGOST01: - au = "GOST01"; - break; case SSL_aTLS1_3: au = "TLSv1.3"; break; @@ -1523,9 +1435,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_CHACHA20POLY1305: enc = "ChaCha20-Poly1305"; break; - case SSL_eGOST2814789CNT: - enc = "GOST-28178-89-CNT"; - break; default: enc = "unknown"; break; @@ -1547,15 +1456,6 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_AEAD: mac = "AEAD"; break; - case SSL_GOST94: - mac = "GOST94"; - break; - case SSL_GOST89MAC: - mac = "GOST89IMIT"; - break; - case SSL_STREEBOG256: - mac = "STREEBOG256"; - break; default: mac = "unknown"; break; @@ -1669,8 +1569,6 @@ SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c) return NID_des_cbc; case SSL_RC4: return NID_rc4; - case SSL_eGOST2814789CNT: - return NID_gost89_cnt; default: return NID_undef; } @@ -1683,10 +1581,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) switch (c->algorithm_mac) { case SSL_AEAD: return NID_undef; - case SSL_GOST89MAC: - return NID_id_Gost28147_89_MAC; - case SSL_GOST94: - return NID_id_GostR3411_94; case SSL_MD5: return NID_md5; case SSL_SHA1: @@ -1695,8 +1589,6 @@ SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c) return NID_sha256; case SSL_SHA384: return NID_sha384; - case SSL_STREEBOG256: - return NID_id_tc26_gost3411_2012_256; default: return NID_undef; } @@ -1711,8 +1603,6 @@ SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c) return NID_kx_dhe; case SSL_kECDHE: return NID_kx_ecdhe; - case SSL_kGOST: - return NID_kx_gost; case SSL_kRSA: return NID_kx_rsa; default: @@ -1729,8 +1619,6 @@ SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c) return NID_auth_null; case SSL_aECDSA: return NID_auth_ecdsa; - case SSL_aGOST01: - return NID_auth_gost01; case SSL_aRSA: return NID_auth_rsa; default: diff --git a/ssl/ssl_clnt.c b/ssl/ssl_clnt.c index 441da643..feb29ee4 100644 --- a/ssl/ssl_clnt.c +++ b/ssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.161 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.165 2024/02/03 18:03:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -161,13 +161,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif -#ifndef OPENSSL_NO_GOST -#include -#endif - #include "bytestring.h" #include "dtls_local.h" #include "ssl_local.h" @@ -462,12 +455,6 @@ ssl3_connect(SSL *s) s->s3->hs.state = SSL3_ST_CW_CHANGE_A; s->s3->change_cipher_spec = 0; } - if (!SSL_is_dtls(s)) { - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - s->s3->hs.state = SSL3_ST_CW_CHANGE_A; - s->s3->change_cipher_spec = 0; - } - } s->init_num = 0; break; @@ -634,11 +621,6 @@ ssl3_connect(SSL *s) /* did we do anything */ if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; @@ -837,7 +819,6 @@ ssl3_get_server_hello(SSL *s) uint8_t compression_method; const SSL_CIPHER *cipher; const SSL_METHOD *method; - unsigned long alg_k; int al, ret; s->first_packet = 1; @@ -1046,8 +1027,7 @@ ssl3_get_server_hello(SSL *s) * Don't digest cached records if no sigalgs: we may need them for * client authentication. */ - alg_k = s->s3->hs.cipher->algorithm_mkey; - if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST))) + if (!SSL_USE_SIGALGS(s)) tls1_transcript_free(s); if (!CBS_get_u8(&cbs, &compression_method)) @@ -1938,119 +1918,6 @@ ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb) return ret; } -static int -ssl3_send_client_kex_gost(SSL *s, CBB *cbb) -{ - unsigned char premaster_secret[32], shared_ukm[32], tmp[256]; - EVP_PKEY_CTX *pkey_ctx = NULL; - EVP_MD_CTX *ukm_hash = NULL; - EVP_PKEY *pkey; - size_t msglen; - unsigned int md_len; - CBB gostblob; - int nid; - int ret = 0; - - /* Get server certificate PKEY and create ctx from it */ - pkey = X509_get0_pubkey(s->session->peer_cert); - if (pkey == NULL || s->session->peer_cert_type != SSL_PKEY_GOST01) { - SSLerror(s, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); - goto err; - } - if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * If we have send a certificate, and certificate key parameters match - * those of server certificate, use certificate key for key exchange. - * Otherwise, generate ephemeral key pair. - */ - if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0) - goto err; - - /* Generate session key. */ - arc4random_buf(premaster_secret, sizeof(premaster_secret)); - - /* - * If we have client certificate, use its secret as peer key. - * XXX - this presumably lacks PFS. - */ - if (s->s3->hs.tls12.cert_request != 0 && - s->cert->key->privatekey != NULL) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, - s->cert->key->privatekey) <=0) { - /* - * If there was an error - just ignore it. - * Ephemeral key would be used. - */ - ERR_clear_error(); - } - } - - /* - * Compute shared IV and store it in algorithm-specific context data. - */ - if ((ukm_hash = EVP_MD_CTX_new()) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* XXX check handshake hash instead. */ - if (s->s3->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94) - nid = NID_id_GostR3411_94; - else - nid = NID_id_tc26_gost3411_2012_256; - if (!EVP_DigestInit(ukm_hash, EVP_get_digestbynid(nid))) - goto err; - if (!EVP_DigestUpdate(ukm_hash, s->s3->client_random, SSL3_RANDOM_SIZE)) - goto err; - if (!EVP_DigestUpdate(ukm_hash, s->s3->server_random, SSL3_RANDOM_SIZE)) - goto err; - if (!EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len)) - goto err; - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { - SSLerror(s, SSL_R_LIBRARY_BUG); - goto err; - } - - /* - * Make GOST keytransport blob message, encapsulate it into sequence. - */ - msglen = 255; - if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, - sizeof(premaster_secret)) < 0) { - SSLerror(s, SSL_R_LIBRARY_BUG); - goto err; - } - - if (!CBB_add_asn1(cbb, &gostblob, CBS_ASN1_SEQUENCE)) - goto err; - if (!CBB_add_bytes(&gostblob, tmp, msglen)) - goto err; - if (!CBB_flush(cbb)) - goto err; - - /* Check if pubkey from client certificate was used. */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, - NULL) > 0) - s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - - if (!tls12_derive_master_secret(s, premaster_secret, 32)) - goto err; - - ret = 1; - - err: - explicit_bzero(premaster_secret, sizeof(premaster_secret)); - EVP_PKEY_CTX_free(pkey_ctx); - EVP_MD_CTX_free(ukm_hash); - - return ret; -} - static int ssl3_send_client_key_exchange(SSL *s) { @@ -2075,9 +1942,6 @@ ssl3_send_client_key_exchange(SSL *s) } else if (alg_k & SSL_kECDHE) { if (!ssl3_send_client_kex_ecdhe(s, &kex)) goto err; - } else if (alg_k & SSL_kGOST) { - if (!ssl3_send_client_kex_gost(s, &kex)) - goto err; } else { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); @@ -2123,14 +1987,6 @@ ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey, SSLerror(s, ERR_R_EVP_LIB); goto err; } -#ifndef OPENSSL_NO_GOST - if (sigalg->key_type == EVP_PKEY_GOSTR01 && - EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } -#endif if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) && (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) { @@ -2238,72 +2094,6 @@ ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) return ret; } -#ifndef OPENSSL_NO_GOST -static int -ssl3_send_client_verify_gost(SSL *s, EVP_PKEY *pkey, CBB *cert_verify) -{ - CBB cbb_signature; - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; - const EVP_MD *md; - const unsigned char *hdata; - unsigned char *signature = NULL; - size_t signature_len; - size_t hdata_len; - int nid; - int ret = 0; - - if ((mctx = EVP_MD_CTX_new()) == NULL) - goto err; - - if (!tls1_transcript_data(s, &hdata, &hdata_len)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - goto err; - } - if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || - (md = EVP_get_digestbynid(nid)) == NULL) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if (!EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } -#ifndef OPENSSL_NO_GOST - if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, - EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, NULL) <= 0) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } -#endif - if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - if ((signature = calloc(1, signature_len)) == NULL) { - SSLerror(s, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) { - SSLerror(s, ERR_R_EVP_LIB); - goto err; - } - - if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature)) - goto err; - if (!CBB_add_bytes(&cbb_signature, signature, signature_len)) - goto err; - if (!CBB_flush(cert_verify)) - goto err; - - ret = 1; - err: - EVP_MD_CTX_free(mctx); - free(signature); - return ret; -} -#endif - static int ssl3_send_client_verify(SSL *s) { @@ -2339,12 +2129,6 @@ ssl3_send_client_verify(SSL *s) } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) { if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify)) goto err; -#ifndef OPENSSL_NO_GOST - } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || - EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { - if (!ssl3_send_client_verify_gost(s, pkey, &cert_verify)) - goto err; -#endif } else { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; @@ -2527,20 +2311,10 @@ ssl3_check_finished(SSL *s) static int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { - int i = 0; - -#ifndef OPENSSL_NO_ENGINE - if (s->ctx->client_cert_engine) { - i = ENGINE_load_ssl_client_cert( - s->ctx->client_cert_engine, s, - SSL_get_client_CA_list(s), px509, ppkey, NULL, NULL, NULL); - if (i != 0) - return (i); - } -#endif - if (s->ctx->client_cert_cb) - i = s->ctx->client_cert_cb(s, px509, ppkey); - return (i); + if (s->ctx->client_cert_cb == NULL) + return 0; + + return s->ctx->client_cert_cb(s, px509, ppkey); } static int diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 28097ea7..30ca96b2 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_err.c,v 1.46 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_err.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * @@ -306,7 +306,6 @@ static ERR_STRING_DATA SSL_str_reasons[]= { {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"}, {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"}, {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"}, - {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) , "no method specified"}, {ERR_REASON(SSL_R_NO_PRIVATEKEY) , "no privatekey"}, {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"}, diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index a8646cc0..b314e714 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_init.c,v 1.4 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_init.c,v 1.6 2023/11/22 15:53:53 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck * @@ -26,12 +26,18 @@ static pthread_t ssl_init_thread; +int +SSL_library_init(void) +{ + return OPENSSL_init_ssl(0, NULL); +} +LSSL_ALIAS(SSL_library_init); + static void OPENSSL_init_ssl_internal(void) { ssl_init_thread = pthread_self(); SSL_load_error_strings(); - SSL_library_init(); } int diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0ac393f7..bb9779bb 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.314 2023/09/19 01:22:31 tb Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.321 2024/03/02 11:48:55 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -154,10 +154,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "bytestring.h" #include "dtls_local.h" #include "ssl_local.h" @@ -1072,7 +1068,7 @@ SSL_is_server(const SSL *s) LSSL_ALIAS(SSL_is_server); static long -ssl_get_default_timeout() +ssl_get_default_timeout(void) { /* * 2 hours, the 24 hours mentioned in the TLSv1 spec @@ -1520,18 +1516,6 @@ SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) } LSSL_ALIAS(SSL_CTX_callback_ctrl); -int -ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) -{ - long l; - - l = a->id - b->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1:-1); -} - STACK_OF(SSL_CIPHER) * SSL_get_ciphers(const SSL *s) { @@ -2164,26 +2148,6 @@ SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -#ifndef OPENSSL_NO_ENGINE - ret->client_cert_engine = NULL; -#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO -#define eng_strx(x) #x -#define eng_str(x) eng_strx(x) - /* Use specific client engine automatically... ignore errors */ - { - ENGINE *eng; - eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - if (!eng) { - ERR_clear_error(); - ENGINE_load_builtin_engines(); - eng = ENGINE_by_id(eng_str( - OPENSSL_SSL_CLIENT_ENGINE_AUTO)); - } - if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng)) - ERR_clear_error(); - } -#endif -#endif /* * Default is to connect to non-RI servers. When RI is more widely * deployed might change this. @@ -2241,10 +2205,6 @@ SSL_CTX_free(SSL_CTX *ctx) sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles); #endif -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ctx->client_cert_engine); -#endif - free(ctx->tlsext_ecpointformatlist); free(ctx->tlsext_supportedgroups); @@ -2337,12 +2297,6 @@ ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aECDSA; } - cpk = &(c->pkeys[SSL_PKEY_GOST01]); - if (cpk->x509 != NULL && cpk->privatekey != NULL) { - mask_k |= SSL_kGOST; - mask_a |= SSL_aGOST01; - } - cpk = &(c->pkeys[SSL_PKEY_RSA]); if (cpk->x509 != NULL && cpk->privatekey != NULL) { mask_a |= SSL_aRSA; @@ -2403,8 +2357,6 @@ ssl_get_server_send_pkey(const SSL *s) i = SSL_PKEY_ECC; } else if (alg_a & SSL_aRSA) { i = SSL_PKEY_RSA; - } else if (alg_a & SSL_aGOST01) { - i = SSL_PKEY_GOST01; } else { /* if (alg_a & SSL_aNULL) */ SSLerror(s, ERR_R_INTERNAL_ERROR); return (NULL); @@ -2973,8 +2925,6 @@ SSL_dup(SSL *s) SSL_set_info_callback(ret, SSL_get_info_callback(s)); - ret->debug = s->debug; - /* copy app data, a little dangerous perhaps */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) @@ -3525,13 +3475,6 @@ SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, } LSSL_ALIAS(SSL_set_msg_callback); -void -SSL_set_debug(SSL *s, int debug) -{ - s->debug = debug; -} -LSSL_ALIAS(SSL_set_debug); - int SSL_cache_hit(SSL *s) { @@ -3678,18 +3621,3 @@ SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) /* Not supported. */ } LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint); - -static int -ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - SSL_CIPHER const *a = a_; - SSL_CIPHER const *b = b_; - return ssl_cipher_id_cmp(a, b); -} - -SSL_CIPHER * -OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num) -{ - return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER), - ssl_cipher_id_cmp_BSEARCH_CMP_FN); -} diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 9666f388..b4d093b2 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.7 2023/07/06 07:56:32 beck Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.13 2024/02/03 15:58:34 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -197,7 +197,6 @@ __BEGIN_HIDDEN_DECLS #define SSL_kRSA 0x00000001L /* RSA key exchange */ #define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */ #define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ -#define SSL_kGOST 0x00000200L /* GOST key exchange */ #define SSL_kTLS1_3 0x00000400L /* TLSv1.3 key exchange */ /* Bits for algorithm_auth (server authentication) */ @@ -205,7 +204,6 @@ __BEGIN_HIDDEN_DECLS #define SSL_aDSS 0x00000002L /* DSS auth */ #define SSL_aNULL 0x00000004L /* no auth (i.e. use ADH or AECDH) */ #define SSL_aECDSA 0x00000040L /* ECDSA auth*/ -#define SSL_aGOST01 0x00000200L /* GOST R 34.10-2001 signature auth */ #define SSL_aTLS1_3 0x00000400L /* TLSv1.3 authentication */ /* Bits for algorithm_enc (symmetric encryption) */ @@ -218,7 +216,6 @@ __BEGIN_HIDDEN_DECLS #define SSL_AES256 0x00000040L #define SSL_CAMELLIA128 0x00000080L #define SSL_CAMELLIA256 0x00000100L -#define SSL_eGOST2814789CNT 0x00000200L #define SSL_AES128GCM 0x00000400L #define SSL_AES256GCM 0x00000800L #define SSL_CHACHA20POLY1305 0x00001000L @@ -231,8 +228,6 @@ __BEGIN_HIDDEN_DECLS #define SSL_MD5 0x00000001L #define SSL_SHA1 0x00000002L -#define SSL_GOST94 0x00000004L -#define SSL_GOST89MAC 0x00000008L #define SSL_SHA256 0x00000010L #define SSL_SHA384 0x00000020L /* Not a real MAC, just an indication it is part of cipher */ @@ -251,10 +246,8 @@ __BEGIN_HIDDEN_DECLS #define SSL_HANDSHAKE_MAC_MASK 0xff0 #define SSL_HANDSHAKE_MAC_MD5 0x010 #define SSL_HANDSHAKE_MAC_SHA 0x020 -#define SSL_HANDSHAKE_MAC_GOST94 0x040 #define SSL_HANDSHAKE_MAC_SHA256 0x080 #define SSL_HANDSHAKE_MAC_SHA384 0x100 -#define SSL_HANDSHAKE_MAC_STREEBOG256 0x200 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA) #define SSL3_CK_ID 0x03000000 @@ -267,16 +260,8 @@ __BEGIN_HIDDEN_DECLS #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_STREEBOG256 (SSL_HANDSHAKE_MAC_STREEBOG256 << TLS1_PRF_DGST_SHIFT) #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) -/* - * Stream MAC for GOST ciphersuites from cryptopro draft - * (currently this also goes into algorithm2). - */ -#define TLS1_STREAM_MAC 0x04 - /* * SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD is an algorithm2 flag that * indicates that the variable part of the nonce is included as a prefix of @@ -324,8 +309,7 @@ __BEGIN_HIDDEN_DECLS #define SSL_PKEY_RSA 0 #define SSL_PKEY_ECC 1 -#define SSL_PKEY_GOST01 2 -#define SSL_PKEY_NUM 3 +#define SSL_PKEY_NUM 2 #define SSL_MAX_EMPTY_RECORDS 32 @@ -865,12 +849,6 @@ struct ssl_ctx_st { */ unsigned int max_send_fragment; -#ifndef OPENSSL_NO_ENGINE - /* Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -#endif - /* RFC 4507 session ticket keys */ unsigned char tlsext_tick_key_name[16]; unsigned char tlsext_tick_hmac_key[16]; @@ -1080,9 +1058,6 @@ struct ssl_st { /* for server side, keep the list of CA_dn we can use */ STACK_OF(X509_NAME) *client_CA; - /* set this flag to 1 and a sleep(1) is put into all SSL_read() - * and SSL_write() calls, good for nbio debugging :-) */ - int debug; long max_cert_list; int first_packet; @@ -1310,9 +1285,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int include_ticket); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert); -int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); -SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, - int num); int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs); STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, @@ -1351,7 +1323,7 @@ int ssl3_get_req_cert_types(SSL *s, CBB *cbb); int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); int ssl3_num_ciphers(void); const SSL_CIPHER *ssl3_get_cipher(unsigned int u); -const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id); +const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned long id); const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c); int ssl3_renegotiate(SSL *ssl); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 68137bc5..6c8a2be3 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.50 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.51 2023/12/30 06:25:56 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -150,24 +150,28 @@ LSSL_ALIAS(SSL_use_certificate_ASN1); int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) { - EVP_PKEY *pkey; - int ret; + EVP_PKEY *pkey = NULL; + int ret = 0; if (rsa == NULL) { SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER); - return (0); + goto err; } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerror(ssl, ERR_R_EVP_LIB); - return (0); + goto err; } + if (!EVP_PKEY_set1_RSA(pkey, rsa)) + goto err; + if (!ssl_set_pkey(NULL, ssl, pkey)) + goto err; - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + ret = 1; - ret = ssl_set_pkey(NULL, ssl, pkey); + err: EVP_PKEY_free(pkey); - return (ret); + + return ret; } LSSL_ALIAS(SSL_use_RSAPrivateKey); @@ -508,24 +512,28 @@ LSSL_ALIAS(SSL_CTX_use_certificate_ASN1); int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) { - int ret; - EVP_PKEY *pkey; + EVP_PKEY *pkey = NULL; + int ret = 0; if (rsa == NULL) { SSLerrorx(ERR_R_PASSED_NULL_PARAMETER); - return (0); + goto err; } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerrorx(ERR_R_EVP_LIB); - return (0); + goto err; } + if (!EVP_PKEY_set1_RSA(pkey, rsa)) + goto err; + if (!ssl_set_pkey(ctx, NULL, pkey)) + goto err; - RSA_up_ref(rsa); - EVP_PKEY_assign_RSA(pkey, rsa); + ret = 1; - ret = ssl_set_pkey(ctx, NULL, pkey); + err: EVP_PKEY_free(pkey); - return (ret); + + return ret; } LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index aa6b08ea..355193c4 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.122 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.124 2024/01/24 14:05:10 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -138,10 +138,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include "ssl_local.h" static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); @@ -1163,7 +1159,6 @@ timeout_LHASH_DOALL_ARG(void *arg1, void *arg2) void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { - unsigned long i; TIMEOUT_PARAM tp; tp.ctx = s; @@ -1171,12 +1166,10 @@ SSL_CTX_flush_sessions(SSL_CTX *s, long t) if (tp.cache == NULL) return; tp.time = t; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - i = CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = 0; lh_SSL_SESSION_doall_arg(tp.cache, timeout_LHASH_DOALL_ARG, - TIMEOUT_PARAM, &tp); - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load = i; + TIMEOUT_PARAM, &tp); CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } LSSL_ALIAS(SSL_CTX_flush_sessions); @@ -1320,25 +1313,6 @@ int } LSSL_ALIAS(SSL_CTX_get_client_cert_cb); -#ifndef OPENSSL_NO_ENGINE -int -SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) -{ - if (!ENGINE_init(e)) { - SSLerrorx(ERR_R_ENGINE_LIB); - return 0; - } - if (!ENGINE_get_ssl_client_cert_function(e)) { - SSLerrorx(SSL_R_NO_CLIENT_CERT_METHOD); - ENGINE_finish(e); - return 0; - } - ctx->client_cert_engine = e; - return 1; -} -LSSL_ALIAS(SSL_CTX_set_client_cert_engine); -#endif - void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) diff --git a/ssl/ssl_sigalgs.c b/ssl/ssl_sigalgs.c index f59beb43..9876e82a 100644 --- a/ssl/ssl_sigalgs.c +++ b/ssl/ssl_sigalgs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.c,v 1.48 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: ssl_sigalgs.c,v 1.49 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2018-2020 Bob Beck * Copyright (c) 2021 Joel Sing @@ -41,14 +41,6 @@ const struct ssl_sigalg sigalgs[] = { .security_level = 5, .group_nid = NID_secp521r1, }, -#ifndef OPENSSL_NO_GOST - { - .value = SIGALG_GOSTR12_512_STREEBOG_512, - .key_type = EVP_PKEY_GOSTR12_512, - .md = EVP_streebog512, - .security_level = 0, - }, -#endif { .value = SIGALG_RSA_PKCS1_SHA384, .key_type = EVP_PKEY_RSA, @@ -75,20 +67,6 @@ const struct ssl_sigalg sigalgs[] = { .security_level = 3, .group_nid = NID_X9_62_prime256v1, }, -#ifndef OPENSSL_NO_GOST - { - .value = SIGALG_GOSTR12_256_STREEBOG_256, - .key_type = EVP_PKEY_GOSTR12_256, - .md = EVP_streebog256, - .security_level = 0, - }, - { - .value = SIGALG_GOSTR01_GOST94, - .key_type = EVP_PKEY_GOSTR01, - .md = EVP_gostr341194, - .security_level = 0, /* XXX */ - }, -#endif { .value = SIGALG_RSA_PSS_RSAE_SHA256, .key_type = EVP_PKEY_RSA, @@ -283,10 +261,6 @@ ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey) return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1); case EVP_PKEY_EC: return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1); -#ifndef OPENSSL_NO_GOST - case EVP_PKEY_GOSTR01: - return ssl_sigalg_lookup(SIGALG_GOSTR01_GOST94); -#endif } SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE); return NULL; diff --git a/ssl/ssl_sigalgs.h b/ssl/ssl_sigalgs.h index 21a54d64..5211ec6b 100644 --- a/ssl/ssl_sigalgs.h +++ b/ssl/ssl_sigalgs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */ +/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2018-2019 Bob Beck * @@ -47,14 +47,6 @@ __BEGIN_HIDDEN_DECLS #define SIGALG_PRIVATE_START 0xFE00 #define SIGALG_PRIVATE_END 0xFFFF -/* - * If Russia can elect the US President, surely - * IANA could fix this problem. - */ -#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF -#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE -#define SIGALG_GOSTR01_GOST94 0xEDED - /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */ #define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01 diff --git a/ssl/ssl_srvr.c b/ssl/ssl_srvr.c index a518e1ac..6d61a4e4 100644 --- a/ssl/ssl_srvr.c +++ b/ssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.156 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.160 2024/02/03 17:39:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -162,10 +162,6 @@ #include #include -#ifndef OPENSSL_NO_GOST -#include -#endif - #include "bytestring.h" #include "dtls_local.h" #include "ssl_local.h" @@ -564,15 +560,7 @@ ssl3_accept(SSL *s) } alg_k = s->s3->hs.cipher->algorithm_mkey; - if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { - /* - * A GOST client may use the key from its - * certificate for key exchange, in which case - * the CertificateVerify message is not sent. - */ - s->s3->hs.state = SSL3_ST_SR_FINISHED_A; - s->init_num = 0; - } else if (SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) { + if (SSL_USE_SIGALGS(s)) { s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; if (!s->session->peer_cert) @@ -740,12 +728,6 @@ ssl3_accept(SSL *s) } if (!s->s3->hs.tls12.reuse_message && !skip) { - if (s->debug) { - if ((ret = BIO_flush(s->wbio)) <= 0) - goto end; - } - - if (s->s3->hs.state != state) { new_state = s->s3->hs.state; s->s3->hs.state = state; @@ -801,7 +783,6 @@ ssl3_get_client_hello(SSL *s) unsigned long id; SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; - unsigned long alg_k; const SSL_METHOD *method; uint16_t shared_version; @@ -1144,9 +1125,7 @@ ssl3_get_client_hello(SSL *s) if (!tls1_transcript_hash_init(s)) goto err; - alg_k = s->s3->hs.cipher->algorithm_mkey; - if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)) || - !(s->verify_mode & SSL_VERIFY_PEER)) + if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) tls1_transcript_free(s); /* @@ -1821,75 +1800,6 @@ ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs) return ret; } -static int -ssl3_get_client_kex_gost(SSL *s, CBS *cbs) -{ - unsigned char premaster_secret[32]; - EVP_PKEY_CTX *pkey_ctx = NULL; - EVP_PKEY *client_pubkey; - EVP_PKEY *pkey = NULL; - size_t outlen; - CBS gostblob; - - /* Get our certificate private key*/ -#ifndef OPENSSL_NO_GOST - if ((s->s3->hs.cipher->algorithm_auth & SSL_aGOST01) != 0) - pkey = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; -#endif - - if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) - goto err; - if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) - goto err; - - /* - * If client certificate is present and is of the same type, - * maybe use it for key exchange. - * Don't mind errors from EVP_PKEY_derive_set_peer, because - * it is completely valid to use a client certificate for - * authorization only. - */ - if ((client_pubkey = X509_get0_pubkey(s->session->peer_cert)) != NULL) { - if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pubkey) <= 0) - ERR_clear_error(); - } - - /* Decrypt session key */ - if (!CBS_get_asn1(cbs, &gostblob, CBS_ASN1_SEQUENCE)) - goto decode_err; - if (CBS_len(cbs) != 0) - goto decode_err; - outlen = sizeof(premaster_secret); - if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, - CBS_data(&gostblob), CBS_len(&gostblob)) <= 0) { - SSLerror(s, SSL_R_DECRYPTION_FAILED); - goto err; - } - - if (!tls12_derive_master_secret(s, premaster_secret, - sizeof(premaster_secret))) - goto err; - - /* Check if pubkey from client certificate was used */ - if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, - 2, NULL) > 0) - s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY; - - explicit_bzero(premaster_secret, sizeof(premaster_secret)); - EVP_PKEY_CTX_free(pkey_ctx); - - return 1; - - decode_err: - SSLerror(s, SSL_R_BAD_PACKET_LENGTH); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); - err: - explicit_bzero(premaster_secret, sizeof(premaster_secret)); - EVP_PKEY_CTX_free(pkey_ctx); - - return 0; -} - static int ssl3_get_client_key_exchange(SSL *s) { @@ -1918,9 +1828,6 @@ ssl3_get_client_key_exchange(SSL *s) } else if (alg_k & SSL_kECDHE) { if (!ssl3_get_client_kex_ecdhe(s, &cbs)) goto err; - } else if (alg_k & SSL_kGOST) { - if (!ssl3_get_client_kex_gost(s, &cbs)) - goto err; } else { al = SSL_AD_HANDSHAKE_FAILURE; SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE); @@ -2049,15 +1956,6 @@ ssl3_get_cert_verify(SSL *s) al = SSL_AD_INTERNAL_ERROR; goto fatal_err; } -#ifndef OPENSSL_NO_GOST - if (sigalg->key_type == EVP_PKEY_GOSTR01 && - EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, - EVP_PKEY_CTRL_GOST_SIG_FORMAT, GOST_SIG_FORMAT_RS_LE, - NULL) <= 0) { - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } -#endif if (EVP_DigestVerify(mctx, CBS_data(&signature), CBS_len(&signature), hdata, hdatalen) <= 0) { SSLerror(s, ERR_R_EVP_LIB); @@ -2102,54 +2000,6 @@ ssl3_get_cert_verify(SSL *s) SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE); goto fatal_err; } -#ifndef OPENSSL_NO_GOST - } else if (EVP_PKEY_id(pkey) == NID_id_GostR3410_94 || - EVP_PKEY_id(pkey) == NID_id_GostR3410_2001) { - unsigned char sigbuf[128]; - unsigned int siglen = sizeof(sigbuf); - EVP_PKEY_CTX *pctx; - const EVP_MD *md; - int nid; - - if (!tls1_transcript_data(s, &hdata, &hdatalen)) { - SSLerror(s, ERR_R_INTERNAL_ERROR); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if (!EVP_PKEY_get_default_digest_nid(pkey, &nid) || - !(md = EVP_get_digestbynid(nid))) { - SSLerror(s, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) { - SSLerror(s, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - goto fatal_err; - } - if (!EVP_DigestInit_ex(mctx, md, NULL) || - !EVP_DigestUpdate(mctx, hdata, hdatalen) || - !EVP_DigestFinal(mctx, sigbuf, &siglen) || - (EVP_PKEY_verify_init(pctx) <= 0) || - (EVP_PKEY_CTX_set_signature_md(pctx, md) <= 0) || - (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_VERIFY, - EVP_PKEY_CTRL_GOST_SIG_FORMAT, - GOST_SIG_FORMAT_RS_LE, NULL) <= 0)) { - SSLerror(s, ERR_R_EVP_LIB); - al = SSL_AD_INTERNAL_ERROR; - EVP_PKEY_CTX_free(pctx); - goto fatal_err; - } - if (EVP_PKEY_verify(pctx, CBS_data(&signature), - CBS_len(&signature), sigbuf, siglen) <= 0) { - al = SSL_AD_DECRYPT_ERROR; - SSLerror(s, SSL_R_BAD_SIGNATURE); - EVP_PKEY_CTX_free(pctx); - goto fatal_err; - } - - EVP_PKEY_CTX_free(pctx); -#endif } else { SSLerror(s, ERR_R_INTERNAL_ERROR); al = SSL_AD_UNSUPPORTED_CERTIFICATE; @@ -2343,7 +2193,7 @@ ssl3_send_newsession_ticket(SSL *s) unsigned int hlen; EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; - int len; + int iv_len, len; /* * New Session Ticket - RFC 5077, section 3.3. @@ -2426,7 +2276,9 @@ ssl3_send_newsession_ticket(SSL *s) goto err; if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name))) goto err; - if (!CBB_add_bytes(&ticket, iv, EVP_CIPHER_CTX_iv_length(ctx))) + if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0) + goto err; + if (!CBB_add_bytes(&ticket, iv, iv_len)) goto err; if (!CBB_add_bytes(&ticket, enc_session, enc_session_len)) goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 85d5eaa6..9680c8d2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.197 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.198 2023/11/18 10:51:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -987,7 +987,7 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) HMAC_CTX *hctx = NULL; EVP_CIPHER_CTX *cctx = NULL; SSL_CTX *tctx = s->initial_ctx; - int slen, hlen; + int slen, hlen, iv_len; int alert_desc = SSL_AD_INTERNAL_ERROR; int ret = TLS1_TICKET_FATAL_ERROR; @@ -1027,12 +1027,13 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) s->tlsext_ticket_expected = 1; } + if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0) + goto err; /* * Now that the cipher context is initialised, we can extract * the IV since its length is known. */ - if (!CBS_get_bytes(ticket, &ticket_iv, - EVP_CIPHER_CTX_iv_length(cctx))) + if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) goto derr; } else { /* Check that the key name matches. */ @@ -1040,8 +1041,9 @@ tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess) tctx->tlsext_tick_key_name, sizeof(tctx->tlsext_tick_key_name))) goto derr; - if (!CBS_get_bytes(ticket, &ticket_iv, - EVP_CIPHER_iv_length(EVP_aes_128_cbc()))) + if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0) + goto err; + if (!CBS_get_bytes(ticket, &ticket_iv, iv_len)) goto derr; if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv))) diff --git a/ssl/tls12_key_schedule.c b/ssl/tls12_key_schedule.c index 6d714c11..1ac00332 100644 --- a/ssl/tls12_key_schedule.c +++ b/ssl/tls12_key_schedule.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_key_schedule.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2021 Joel Sing * @@ -124,10 +124,6 @@ tls12_key_block_generate(struct tls12_key_block *kb, SSL *s, mac_key_len = EVP_MD_size(mac_hash); key_len = EVP_CIPHER_key_length(cipher); iv_len = EVP_CIPHER_iv_length(cipher); - - /* Special handling for GOST... */ - if (EVP_MD_type(mac_hash) == NID_id_Gost28147_89_MAC) - mac_key_len = 32; } if (mac_key_len > EVP_MAX_MD_SIZE) diff --git a/ssl/tls12_record_layer.c b/ssl/tls12_record_layer.c index 997026be..9786d7d0 100644 --- a/ssl/tls12_record_layer.c +++ b/ssl/tls12_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls12_record_layer.c,v 1.40 2023/07/08 20:38:23 beck Exp $ */ +/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2020 Joel Sing * @@ -468,7 +468,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, CBS *iv) { EVP_PKEY *mac_pkey = NULL; - int gost_param_nid; int mac_type; int ret = 0; @@ -484,25 +483,10 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, goto err; if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key)) goto err; - -#ifndef OPENSSL_NO_GOST - /* XXX die die die */ - /* Special handling for GOST... */ - if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { - if (CBS_len(mac_key) != 32) - goto err; - mac_type = EVP_PKEY_GOSTIMIT; - rp->stream_mac = 1; - } else { -#endif - if (CBS_len(mac_key) > INT_MAX) - goto err; - if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) - goto err; -#ifndef OPENSSL_NO_GOST - } -#endif - + if (CBS_len(mac_key) > INT_MAX) + goto err; + if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key)) + goto err; if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL) goto err; if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL) @@ -524,23 +508,6 @@ tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl, mac_pkey) <= 0) goto err; - /* More special handling for GOST... */ - if (EVP_CIPHER_type(rl->cipher) == NID_gost89_cnt) { - gost_param_nid = NID_id_tc26_gost_28147_param_Z; - if (EVP_MD_type(rl->handshake_hash) == NID_id_GostR3411_94) - gost_param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; - - if (EVP_CIPHER_CTX_ctrl(rp->cipher_ctx, EVP_CTRL_GOST_SET_SBOX, - gost_param_nid, 0) <= 0) - goto err; - - if (EVP_MD_type(rl->mac_hash) == NID_id_Gost28147_89_MAC) { - if (EVP_MD_CTX_ctrl(rp->hash_ctx, EVP_MD_CTRL_GOST_SET_SBOX, - gost_param_nid, 0) <= 0) - goto err; - } - } - ret = 1; err: diff --git a/ssl/tls13_handshake.c b/ssl/tls13_handshake.c index 9723edfe..0dc23337 100644 --- a/ssl/tls13_handshake.c +++ b/ssl/tls13_handshake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake.c,v 1.72 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */ /* * Copyright (c) 2018-2021 Theo Buehler * Copyright (c) 2019 Joel Sing @@ -546,22 +546,24 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx, return TLS13_IO_FAILURE; ret = TLS13_IO_FAILURE; - if (action->recv(ctx, &cbs)) { - if (CBS_len(&cbs) != 0) { - tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0, - "trailing data in handshake message", NULL); - ctx->alert = TLS13_ALERT_DECODE_ERROR; - } else { - ret = TLS13_IO_SUCCESS; - } + if (!action->recv(ctx, &cbs)) + goto err; + + if (CBS_len(&cbs) != 0) { + tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0, + "trailing data in handshake message", NULL); + ctx->alert = TLS13_ALERT_DECODE_ERROR; + goto err; } + ret = TLS13_IO_SUCCESS; + if (ctx->ssl->method->version < TLS1_3_VERSION) + ret = TLS13_IO_USE_LEGACY; + + err: tls13_handshake_msg_free(ctx->hs_msg); ctx->hs_msg = NULL; - if (ctx->ssl->method->version < TLS1_3_VERSION) - return TLS13_IO_USE_LEGACY; - return ret; } diff --git a/ssl/tls13_handshake_msg.c b/ssl/tls13_handshake_msg.c index 134cfb21..c7f4d7b7 100644 --- a/ssl/tls13_handshake_msg.c +++ b/ssl/tls13_handshake_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_handshake_msg.c,v 1.6 2022/07/22 19:33:53 jsing Exp $ */ +/* $OpenBSD: tls13_handshake_msg.c,v 1.7 2024/02/04 20:50:23 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -34,7 +34,7 @@ struct tls13_handshake_msg { }; struct tls13_handshake_msg * -tls13_handshake_msg_new() +tls13_handshake_msg_new(void) { struct tls13_handshake_msg *msg = NULL; diff --git a/ssl/tls13_internal.h b/ssl/tls13_internal.h index f4b17bdf..75d31fb2 100644 --- a/ssl/tls13_internal.h +++ b/ssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.103 2024/01/27 14:31:01 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck * Copyright (c) 2018 Theo Buehler @@ -87,7 +87,8 @@ __BEGIN_HIDDEN_DECLS #define TLS13_INFO_ACCEPT_EXIT SSL_CB_ACCEPT_EXIT #define TLS13_INFO_CONNECT_EXIT SSL_CB_CONNECT_EXIT -typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); +typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc, + void *_cb_arg); typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg); typedef void (*tls13_phh_sent_cb)(void *_cb_arg); typedef void (*tls13_handshake_message_cb)(void *_cb_arg); @@ -291,6 +292,8 @@ struct tls13_ctx { int phh_count; time_t phh_last_seen; + tls13_alert_cb alert_sent_cb; + tls13_alert_cb alert_recv_cb; tls13_handshake_message_cb handshake_message_sent_cb; tls13_handshake_message_cb handshake_message_recv_cb; tls13_info_cb info_cb; @@ -309,8 +312,8 @@ void tls13_ctx_free(struct tls13_ctx *ctx); const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher); const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); -void tls13_alert_received_cb(uint8_t alert_desc, void *arg); -void tls13_alert_sent_cb(uint8_t alert_desc, void *arg); +void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); +void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg); ssize_t tls13_phh_received_cb(void *cb_arg); void tls13_phh_done_cb(void *cb_arg); @@ -323,7 +326,6 @@ int tls13_use_legacy_client(struct tls13_ctx *ctx); int tls13_use_legacy_server(struct tls13_ctx *ctx); int tls13_legacy_accept(SSL *ssl); int tls13_legacy_connect(SSL *ssl); -int tls13_legacy_return_code(SSL *ssl, ssize_t ret); ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); ssize_t tls13_legacy_wire_flush_cb(void *arg); diff --git a/ssl/tls13_legacy.c b/ssl/tls13_legacy.c index 1d6a5a12..6c33eccc 100644 --- a/ssl/tls13_legacy.c +++ b/ssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.40 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -159,7 +159,7 @@ tls13_legacy_error(SSL *ssl) ctx->error.line); } -int +static int tls13_legacy_return_code(SSL *ssl, ssize_t ret) { if (ret > INT_MAX) { @@ -322,8 +322,6 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) memset(&cbb, 0, sizeof(cbb)); - s->method = tls_legacy_method(); - if (!ssl3_setup_init_buffer(s)) goto err; if (!ssl3_setup_buffers(s)) @@ -370,6 +368,12 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg); s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH; + /* + * Only switch the method after initialization is complete + * as we start part way into the legacy state machine. + */ + s->method = tls_legacy_method(); + return 1; err: @@ -482,44 +486,47 @@ tls13_legacy_shutdown(SSL *ssl) * We need to return 0 at the point that we have completed sending a * close-notify. We return 1 when we have sent and received close-notify * alerts. All other cases, including EOF, return -1 and set internal - * state appropriately. + * state appropriately. Note that all of this insanity can also be + * externally controlled by manipulating the shutdown flags. */ if (ctx == NULL || ssl->quiet_shutdown) { ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; return 1; } - if (!ctx->close_notify_sent) { - /* Enqueue and send close notify. */ - if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) { - ssl->shutdown |= SSL_SENT_SHUTDOWN; - if ((ret = tls13_send_alert(ctx->rl, - TLS13_ALERT_CLOSE_NOTIFY)) < 0) - return tls13_legacy_return_code(ssl, ret); - } - ret = tls13_record_layer_send_pending(ctx->rl); + if ((ssl->shutdown & SSL_SENT_SHUTDOWN) == 0) { + ssl->shutdown |= SSL_SENT_SHUTDOWN; + ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY); if (ret == TLS13_IO_EOF) return -1; if (ret != TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); - } else if (!ctx->close_notify_recv) { + goto done; + } + + ret = tls13_record_layer_send_pending(ctx->rl); + if (ret == TLS13_IO_EOF) + return -1; + if (ret != TLS13_IO_SUCCESS) + return tls13_legacy_return_code(ssl, ret); + + if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) == 0) { /* * If there is no application data pending, attempt to read more * data in order to receive a close-notify. This should trigger * a record to be read from the wire, which may be application - * handshake or alert data. Only one attempt is made to match - * previous semantics. + * handshake or alert data. Only one attempt is made with no + * error handling, in order to match previous semantics. */ if (tls13_pending_application_data(ctx->rl) == 0) { - if ((ret = tls13_read_application_data(ctx->rl, buf, - sizeof(buf))) < 0) - return tls13_legacy_return_code(ssl, ret); + (void)tls13_read_application_data(ctx->rl, buf, sizeof(buf)); if (!ctx->close_notify_recv) return -1; } } - if (ctx->close_notify_recv) + done: + if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) return 1; return 0; diff --git a/ssl/tls13_lib.c b/ssl/tls13_lib.c index 05f125ad..331a3ad1 100644 --- a/ssl/tls13_lib.c +++ b/ssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.76 2022/11/26 16:08:56 tb Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -110,11 +110,42 @@ tls13_cipher_hash(const SSL_CIPHER *cipher) return NULL; } +static void +tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc, + void *arg) +{ + uint8_t alert[] = {alert_level, alert_desc}; + struct tls13_ctx *ctx = arg; + SSL *s = ctx->ssl; + CBS cbs; + + if (s->msg_callback == NULL) + return; + + CBS_init(&cbs, alert, sizeof(alert)); + ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs); +} + +static void +tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) +{ + tls13_legacy_alert_cb(0, alert_level, alert_desc, arg); +} + +static void +tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) +{ + tls13_legacy_alert_cb(1, alert_level, alert_desc, arg); +} + void -tls13_alert_received_cb(uint8_t alert_desc, void *arg) +tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) { struct tls13_ctx *ctx = arg; + if (ctx->alert_recv_cb != NULL) + ctx->alert_recv_cb(alert_level, alert_desc, arg); + if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_recv = 1; ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -140,10 +171,13 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg) } void -tls13_alert_sent_cb(uint8_t alert_desc, void *arg) +tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg) { struct tls13_ctx *ctx = arg; + if (ctx->alert_sent_cb != NULL) + ctx->alert_sent_cb(alert_level, alert_desc, arg); + if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) { ctx->close_notify_sent = 1; return; @@ -514,6 +548,8 @@ tls13_ctx_new(int mode, SSL *ssl) if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL) goto err; + ctx->alert_sent_cb = tls13_legacy_alert_sent_cb; + ctx->alert_recv_cb = tls13_legacy_alert_recv_cb; ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb; ctx->info_cb = tls13_legacy_info_cb; diff --git a/ssl/tls13_record_layer.c b/ssl/tls13_record_layer.c index 4ae4e298..5432744c 100644 --- a/ssl/tls13_record_layer.c +++ b/ssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.72 2022/11/11 17:15:27 jsing Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.73 2024/01/27 14:23:51 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -327,7 +327,7 @@ tls13_record_layer_process_alert(struct tls13_record_layer *rl) return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER); } - rl->cb.alert_recv(alert_desc, rl->cb_arg); + rl->cb.alert_recv(alert_level, alert_desc, rl->cb_arg); return ret; } @@ -361,7 +361,7 @@ tls13_record_layer_send_alert(struct tls13_record_layer *rl) ret = TLS13_IO_ALERT; } - rl->cb.alert_sent(rl->alert_desc, rl->cb_arg); + rl->cb.alert_sent(rl->alert_level, rl->alert_desc, rl->cb_arg); return ret; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index d09b9da4..1a4f1422 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -131,6 +131,11 @@ add_executable(bio_chain bio_chain.c) target_link_libraries(bio_chain ${OPENSSL_TEST_LIBS}) add_test(bio_chain bio_chain) +# bio_dump +add_executable(bio_dump bio_dump.c) +target_link_libraries(bio_dump ${OPENSSL_TEST_LIBS}) +add_test(bio_dump bio_dump) + # bio_host # this test relies on resolver results that are OS and environment-specific if(ENABLE_EXTRATESTS) @@ -349,11 +354,6 @@ add_executable(ed25519test ed25519test.c) target_link_libraries(ed25519test ${OPENSSL_TEST_LIBS}) add_test(ed25519test ed25519test) -# enginetest -add_executable(enginetest enginetest.c) -target_link_libraries(enginetest ${OPENSSL_TEST_LIBS}) -add_test(enginetest enginetest) - # evp_ecx_test add_executable(evp_ecx_test evp_ecx_test.c) target_link_libraries(evp_ecx_test ${OPENSSL_TEST_LIBS}) @@ -379,6 +379,11 @@ add_executable(evp_test evp_test.c) target_link_libraries(evp_test ${OPENSSL_TEST_LIBS}) add_test(evp_test evp_test) +# exdata_test +add_executable(exdata_test exdata_test.c) +target_link_libraries(exdata_test ${OPENSSL_TEST_LIBS}) +add_test(exdata_test exdata_test) + # expirecallback.c # explicit_bzero @@ -410,11 +415,6 @@ add_executable(gcm128test gcm128test.c) target_link_libraries(gcm128test ${OPENSSL_TEST_LIBS}) add_test(gcm128test gcm128test) -# gost2814789t -add_executable(gost2814789t gost2814789t.c) -target_link_libraries(gost2814789t ${OPENSSL_TEST_LIBS}) -add_test(gost2814789t gost2814789t) - # handshake_table add_executable(handshake_table handshake_table.c) target_link_libraries(handshake_table ${OPENSSL_TEST_LIBS}) @@ -452,9 +452,9 @@ add_executable(keypairtest keypairtest.c) target_link_libraries(keypairtest ${LIBTLS_TEST_LIBS}) target_include_directories(keypairtest BEFORE PUBLIC ../tls) add_test(keypairtest keypairtest - ${CMAKE_CURRENT_SOURCE_DIR}/ca.pem - ${CMAKE_CURRENT_SOURCE_DIR}/server.pem - ${CMAKE_CURRENT_SOURCE_DIR}/server.pem) + ${CMAKE_CURRENT_SOURCE_DIR}/ca-root-rsa.pem + ${CMAKE_CURRENT_SOURCE_DIR}/server1-rsa.pem + ${CMAKE_CURRENT_SOURCE_DIR}/server1-rsa.pem) # md_test add_executable(md_test md_test.c) @@ -601,6 +601,17 @@ add_executable(sha_test sha_test.c) target_link_libraries(sha_test ${OPENSSL_TEST_LIBS}) add_test(sha_test sha_test) +# shutdowntest +set(SHUTDOWNTEST_SRC shutdowntest.c) +add_executable(shutdowntest ${SHUTDOWNTEST_SRC}) +target_link_libraries(shutdowntest ${OPENSSL_TEST_LIBS}) +if(NOT MSVC) + add_test(NAME shutdowntest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/shutdowntest.sh) +else() + add_test(NAME shutdowntest COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/shutdowntest.bat $) +endif() +set_tests_properties(shutdowntest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") + # signertest if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore") set(SIGNERTEST_SRC signertest.c) @@ -670,11 +681,6 @@ else() endif() set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}") -# string_table -add_executable(string_table string_table.c) -target_link_libraries(string_table ${OPENSSL_TEST_LIBS}) -add_test(string_table string_table) - # testdsa if(NOT MSVC) add_test(NAME testdsa COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) @@ -769,6 +775,11 @@ add_executable(x509attribute x509attribute.c) target_link_libraries(x509attribute ${OPENSSL_TEST_LIBS}) add_test(x509attribute x509attribute) +# x509_algor +add_executable(x509_algor x509_algor.c) +target_link_libraries(x509_algor ${OPENSSL_TEST_LIBS}) +add_test(x509_algor x509_algor) + # x509_asn1 add_executable(x509_asn1 x509_asn1.c) target_link_libraries(x509_asn1 ${OPENSSL_TEST_LIBS}) diff --git a/tests/Makefile.am b/tests/Makefile.am index b860acef..e79958c4 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -147,6 +147,11 @@ TESTS += bio_chain check_PROGRAMS += bio_chain bio_chain_SOURCES = bio_chain.c +# bio_dump +TESTS += bio_dump +check_PROGRAMS += bio_dump +bio_dump_SOURCES = bio_dump.c + # bio_host # this test relies on resolver results that are OS and environment-specific if ENABLE_EXTRATESTS @@ -366,11 +371,6 @@ TESTS += ed25519test check_PROGRAMS += ed25519test ed25519test_SOURCES = ed25519test.c -# enginetest -TESTS += enginetest -check_PROGRAMS += enginetest -enginetest_SOURCES = enginetest.c - # evp_ecx_test TESTS += evp_ecx_test check_PROGRAMS += evp_ecx_test @@ -398,6 +398,11 @@ TESTS += evp_test check_PROGRAMS += evp_test evp_test_SOURCES = evp_test.c +# exdata_test +TESTS += exdata_test +check_PROGRAMS += exdata_test +exdata_test_SOURCES = exdata_test.c + # expirecallback.c # explicit_bzero @@ -429,11 +434,6 @@ TESTS += gcm128test check_PROGRAMS += gcm128test gcm128test_SOURCES = gcm128test.c -# gost2814789t -TESTS += gost2814789t -check_PROGRAMS += gost2814789t -gost2814789t_SOURCES = gost2814789t.c - # handshake_table TESTS += handshake_table check_PROGRAMS += handshake_table @@ -631,6 +631,12 @@ TESTS += sha_test check_PROGRAMS += sha_test sha_test_SOURCES = sha_test.c +# shutdowntest +TESTS += shutdowntest.sh +check_PROGRAMS += shutdowntest +shutdowntest_SOURCES = shutdowntest.c +EXTRA_DIST += shutdowntest.sh shutdowntest.bat + # signertest TESTS += signertest check_PROGRAMS += signertest @@ -687,22 +693,17 @@ ssltest_SOURCES = ssltest.c EXTRA_DIST += ssltest.sh ssltest.bat EXTRA_DIST += testssl testssl.bat EXTRA_DIST += ca-int-ecdsa.crl ca-int-ecdsa.pem ca-int-rsa.crl ca-int-rsa.pem -EXTRA_DIST += ca-root-ecdsa.pem ca-root-rsa.pem ca.pem client.pem +EXTRA_DIST += ca-root-ecdsa.pem ca-root-rsa.pem EXTRA_DIST += client1-ecdsa-chain.pem client1-ecdsa.pem client1-rsa-chain.pem EXTRA_DIST += client1-rsa.pem client2-ecdsa-chain.pem client2-ecdsa.pem EXTRA_DIST += client2-rsa-chain.pem client2-rsa.pem client3-ecdsa-chain.pem EXTRA_DIST += client3-ecdsa.pem client3-rsa-chain.pem client3-rsa.pem -EXTRA_DIST += server.pem server1-ecdsa-chain.pem server1-ecdsa.pem +EXTRA_DIST += server1-ecdsa-chain.pem server1-ecdsa.pem EXTRA_DIST += server1-rsa-chain.pem server1-rsa.pem server2-ecdsa-chain.pem EXTRA_DIST += server2-ecdsa.pem server2-rsa-chain.pem server2-rsa.pem EXTRA_DIST += server3-ecdsa-chain.pem server3-ecdsa.pem server3-rsa-chain.pem EXTRA_DIST += server3-rsa.pem -# string_table -TESTS += string_table -check_PROGRAMS += string_table -string_table_SOURCES = string_table.c - # testdsa TESTS += testdsa.sh EXTRA_DIST += testdsa.sh testdsa.bat @@ -775,6 +776,11 @@ TESTS += x509attribute check_PROGRAMS += x509attribute x509attribute_SOURCES = x509attribute.c +# x509_algor +TESTS += x509_algor +check_PROGRAMS += x509_algor +x509_algor_SOURCES = x509_algor.c + # x509_asn1 TESTS += x509_asn1 check_PROGRAMS += x509_asn1 diff --git a/tests/Makefile.in b/tests/Makefile.in index 75bca5a1..d3aca87d 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -95,10 +95,10 @@ TESTS = aeadtest.sh aes_test$(EXEEXT) aes_wrap$(EXEEXT) \ asn1evp$(EXEEXT) asn1object$(EXEEXT) asn1oct$(EXEEXT) \ asn1string_copy$(EXEEXT) asn1test$(EXEEXT) asn1time$(EXEEXT) \ asn1x509$(EXEEXT) base64test$(EXEEXT) bf_test$(EXEEXT) \ - bio_asn1$(EXEEXT) bio_chain$(EXEEXT) $(am__EXEEXT_2) \ - bio_mem$(EXEEXT) bn_add_sub$(EXEEXT) bn_cmp$(EXEEXT) \ - bn_convert$(EXEEXT) bn_gcd$(EXEEXT) bn_isqrt$(EXEEXT) \ - bn_mod_exp$(EXEEXT) bn_mod_inverse$(EXEEXT) \ + bio_asn1$(EXEEXT) bio_chain$(EXEEXT) bio_dump$(EXEEXT) \ + $(am__EXEEXT_2) bio_mem$(EXEEXT) bn_add_sub$(EXEEXT) \ + bn_cmp$(EXEEXT) bn_convert$(EXEEXT) bn_gcd$(EXEEXT) \ + bn_isqrt$(EXEEXT) bn_mod_exp$(EXEEXT) bn_mod_inverse$(EXEEXT) \ bn_mod_sqrt$(EXEEXT) bn_mont$(EXEEXT) bn_primes$(EXEEXT) \ bn_print$(EXEEXT) bn_shift$(EXEEXT) bn_test$(EXEEXT) \ bn_to_string$(EXEEXT) bn_unit$(EXEEXT) bn_word$(EXEEXT) \ @@ -109,10 +109,10 @@ TESTS = aeadtest.sh aes_test$(EXEEXT) aes_wrap$(EXEEXT) \ dhtest$(EXEEXT) dsatest$(EXEEXT) ecc_cdh$(EXEEXT) \ ec_asn1_test$(EXEEXT) ec_point_conversion$(EXEEXT) \ ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) ectest$(EXEEXT) \ - ed25519test$(EXEEXT) enginetest$(EXEEXT) evp_ecx_test$(EXEEXT) \ + ed25519test$(EXEEXT) evp_ecx_test$(EXEEXT) \ evp_pkey_check$(EXEEXT) evp_pkey_cleanup$(EXEEXT) evptest.sh \ - evp_test$(EXEEXT) $(am__EXEEXT_3) exportertest$(EXEEXT) \ - freenull$(EXEEXT) gcm128test$(EXEEXT) gost2814789t$(EXEEXT) \ + evp_test$(EXEEXT) exdata_test$(EXEEXT) $(am__EXEEXT_3) \ + exportertest$(EXEEXT) freenull$(EXEEXT) gcm128test$(EXEEXT) \ handshake_table$(EXEEXT) hkdftest$(EXEEXT) hmactest$(EXEEXT) \ ideatest$(EXEEXT) igetest$(EXEEXT) key_schedule$(EXEEXT) \ keypairtest.sh md_test$(EXEEXT) objectstest$(EXEEXT) \ @@ -122,27 +122,28 @@ TESTS = aeadtest.sh aes_test$(EXEEXT) aes_wrap$(EXEEXT) \ rc2_test$(EXEEXT) rc4_test$(EXEEXT) recordtest$(EXEEXT) \ record_layer_test$(EXEEXT) rfc3779$(EXEEXT) $(am__append_12) \ $(am__EXEEXT_6) rmd_test$(EXEEXT) rsa_test$(EXEEXT) \ - servertest.sh sha_test$(EXEEXT) signertest$(EXEEXT) \ - sm3test$(EXEEXT) sm4test$(EXEEXT) \ + servertest.sh sha_test$(EXEEXT) shutdowntest.sh \ + signertest$(EXEEXT) sm3test$(EXEEXT) sm4test$(EXEEXT) \ ssl_get_shared_ciphers$(EXEEXT) ssl_methods$(EXEEXT) \ ssl_set_alpn_protos$(EXEEXT) ssl_verify_param$(EXEEXT) \ - ssl_versions$(EXEEXT) ssltest.sh string_table$(EXEEXT) \ - testdsa.sh testenc.sh testrsa.sh timingsafe$(EXEEXT) \ - tlsexttest$(EXEEXT) tlslegacytest$(EXEEXT) tlstest.sh \ - tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) utf8test$(EXEEXT) \ + ssl_versions$(EXEEXT) ssltest.sh testdsa.sh testenc.sh \ + testrsa.sh timingsafe$(EXEEXT) tlsexttest$(EXEEXT) \ + tlslegacytest$(EXEEXT) tlstest.sh tls_ext_alpn$(EXEEXT) \ + tls_prf$(EXEEXT) utf8test$(EXEEXT) \ valid_handshakes_terminate$(EXEEXT) verifytest$(EXEEXT) \ - x25519test$(EXEEXT) x509attribute$(EXEEXT) x509_asn1$(EXEEXT) \ - x509_info$(EXEEXT) x509name$(EXEEXT) x509req_ext$(EXEEXT) + x25519test$(EXEEXT) x509attribute$(EXEEXT) x509_algor$(EXEEXT) \ + x509_asn1$(EXEEXT) x509_info$(EXEEXT) x509name$(EXEEXT) \ + x509req_ext$(EXEEXT) check_PROGRAMS = aeadtest$(EXEEXT) aes_test$(EXEEXT) aes_wrap$(EXEEXT) \ apitest$(EXEEXT) $(am__EXEEXT_1) asn1_string_to_utf8$(EXEEXT) \ asn1api$(EXEEXT) asn1basic$(EXEEXT) asn1complex$(EXEEXT) \ asn1evp$(EXEEXT) asn1object$(EXEEXT) asn1oct$(EXEEXT) \ asn1string_copy$(EXEEXT) asn1test$(EXEEXT) asn1time$(EXEEXT) \ asn1x509$(EXEEXT) base64test$(EXEEXT) bf_test$(EXEEXT) \ - bio_asn1$(EXEEXT) bio_chain$(EXEEXT) $(am__EXEEXT_2) \ - bio_mem$(EXEEXT) bn_add_sub$(EXEEXT) bn_cmp$(EXEEXT) \ - bn_convert$(EXEEXT) bn_gcd$(EXEEXT) bn_isqrt$(EXEEXT) \ - bn_mod_exp$(EXEEXT) bn_mod_inverse$(EXEEXT) \ + bio_asn1$(EXEEXT) bio_chain$(EXEEXT) bio_dump$(EXEEXT) \ + $(am__EXEEXT_2) bio_mem$(EXEEXT) bn_add_sub$(EXEEXT) \ + bn_cmp$(EXEEXT) bn_convert$(EXEEXT) bn_gcd$(EXEEXT) \ + bn_isqrt$(EXEEXT) bn_mod_exp$(EXEEXT) bn_mod_inverse$(EXEEXT) \ bn_mod_sqrt$(EXEEXT) bn_mont$(EXEEXT) bn_primes$(EXEEXT) \ bn_print$(EXEEXT) bn_shift$(EXEEXT) bn_test$(EXEEXT) \ bn_to_string$(EXEEXT) bn_unit$(EXEEXT) bn_word$(EXEEXT) \ @@ -153,29 +154,29 @@ check_PROGRAMS = aeadtest$(EXEEXT) aes_test$(EXEEXT) aes_wrap$(EXEEXT) \ dhtest$(EXEEXT) dsatest$(EXEEXT) ecc_cdh$(EXEEXT) \ ec_asn1_test$(EXEEXT) ec_point_conversion$(EXEEXT) \ ecdhtest$(EXEEXT) ecdsatest$(EXEEXT) ectest$(EXEEXT) \ - ed25519test$(EXEEXT) enginetest$(EXEEXT) evp_ecx_test$(EXEEXT) \ + ed25519test$(EXEEXT) evp_ecx_test$(EXEEXT) \ evp_pkey_check$(EXEEXT) evp_pkey_cleanup$(EXEEXT) \ - evptest$(EXEEXT) evp_test$(EXEEXT) $(am__EXEEXT_3) \ - exportertest$(EXEEXT) freenull$(EXEEXT) gcm128test$(EXEEXT) \ - gost2814789t$(EXEEXT) handshake_table$(EXEEXT) \ - hkdftest$(EXEEXT) hmactest$(EXEEXT) ideatest$(EXEEXT) \ - igetest$(EXEEXT) key_schedule$(EXEEXT) keypairtest$(EXEEXT) \ - md_test$(EXEEXT) objectstest$(EXEEXT) $(am__EXEEXT_4) \ - optionstest$(EXEEXT) pbkdf2$(EXEEXT) $(am__EXEEXT_5) \ - pkcs7test$(EXEEXT) poly1305test$(EXEEXT) policy$(EXEEXT) \ - pq_test$(EXEEXT) quictest$(EXEEXT) randtest$(EXEEXT) \ - rc2_test$(EXEEXT) rc4_test$(EXEEXT) recordtest$(EXEEXT) \ + evptest$(EXEEXT) evp_test$(EXEEXT) exdata_test$(EXEEXT) \ + $(am__EXEEXT_3) exportertest$(EXEEXT) freenull$(EXEEXT) \ + gcm128test$(EXEEXT) handshake_table$(EXEEXT) hkdftest$(EXEEXT) \ + hmactest$(EXEEXT) ideatest$(EXEEXT) igetest$(EXEEXT) \ + key_schedule$(EXEEXT) keypairtest$(EXEEXT) md_test$(EXEEXT) \ + objectstest$(EXEEXT) $(am__EXEEXT_4) optionstest$(EXEEXT) \ + pbkdf2$(EXEEXT) $(am__EXEEXT_5) pkcs7test$(EXEEXT) \ + poly1305test$(EXEEXT) policy$(EXEEXT) pq_test$(EXEEXT) \ + quictest$(EXEEXT) randtest$(EXEEXT) rc2_test$(EXEEXT) \ + rc4_test$(EXEEXT) recordtest$(EXEEXT) \ record_layer_test$(EXEEXT) rfc3779$(EXEEXT) \ rfc5280time$(EXEEXT) rmd_test$(EXEEXT) rsa_test$(EXEEXT) \ - servertest$(EXEEXT) sha_test$(EXEEXT) signertest$(EXEEXT) \ - sm3test$(EXEEXT) sm4test$(EXEEXT) \ + servertest$(EXEEXT) sha_test$(EXEEXT) shutdowntest$(EXEEXT) \ + signertest$(EXEEXT) sm3test$(EXEEXT) sm4test$(EXEEXT) \ ssl_get_shared_ciphers$(EXEEXT) ssl_methods$(EXEEXT) \ ssl_set_alpn_protos$(EXEEXT) ssl_verify_param$(EXEEXT) \ - ssl_versions$(EXEEXT) ssltest$(EXEEXT) string_table$(EXEEXT) \ - timingsafe$(EXEEXT) tlsexttest$(EXEEXT) tlslegacytest$(EXEEXT) \ - tlstest$(EXEEXT) tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) \ - utf8test$(EXEEXT) valid_handshakes_terminate$(EXEEXT) \ - verifytest$(EXEEXT) x25519test$(EXEEXT) x509attribute$(EXEEXT) \ + ssl_versions$(EXEEXT) ssltest$(EXEEXT) timingsafe$(EXEEXT) \ + tlsexttest$(EXEEXT) tlslegacytest$(EXEEXT) tlstest$(EXEEXT) \ + tls_ext_alpn$(EXEEXT) tls_prf$(EXEEXT) utf8test$(EXEEXT) \ + valid_handshakes_terminate$(EXEEXT) verifytest$(EXEEXT) \ + x25519test$(EXEEXT) x509attribute$(EXEEXT) x509_algor$(EXEEXT) \ x509_asn1$(EXEEXT) x509_info$(EXEEXT) x509name$(EXEEXT) \ x509req_ext$(EXEEXT) @@ -345,6 +346,11 @@ bio_chain_OBJECTS = $(am_bio_chain_OBJECTS) bio_chain_LDADD = $(LDADD) bio_chain_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +am_bio_dump_OBJECTS = bio_dump.$(OBJEXT) +bio_dump_OBJECTS = $(am_bio_dump_OBJECTS) +bio_dump_LDADD = $(LDADD) +bio_dump_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am__bio_host_SOURCES_DIST = bio_host.c @ENABLE_EXTRATESTS_TRUE@am_bio_host_OBJECTS = bio_host.$(OBJEXT) bio_host_OBJECTS = $(am_bio_host_OBJECTS) @@ -541,11 +547,6 @@ ed25519test_OBJECTS = $(am_ed25519test_OBJECTS) ed25519test_LDADD = $(LDADD) ed25519test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -am_enginetest_OBJECTS = enginetest.$(OBJEXT) -enginetest_OBJECTS = $(am_enginetest_OBJECTS) -enginetest_LDADD = $(LDADD) -enginetest_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) am_evp_ecx_test_OBJECTS = evp_ecx_test.$(OBJEXT) evp_ecx_test_OBJECTS = $(am_evp_ecx_test_OBJECTS) evp_ecx_test_LDADD = $(LDADD) @@ -571,6 +572,11 @@ evptest_OBJECTS = $(am_evptest_OBJECTS) evptest_LDADD = $(LDADD) evptest_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +am_exdata_test_OBJECTS = exdata_test.$(OBJEXT) +exdata_test_OBJECTS = $(am_exdata_test_OBJECTS) +exdata_test_LDADD = $(LDADD) +exdata_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am__explicit_bzero_SOURCES_DIST = explicit_bzero.c compat/memmem.c am__dirstamp = $(am__leading_dot)dirstamp @HAVE_MEMMEM_FALSE@@HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@am__objects_1 = compat/memmem.$(OBJEXT) @@ -596,11 +602,6 @@ gcm128test_OBJECTS = $(am_gcm128test_OBJECTS) gcm128test_LDADD = $(LDADD) gcm128test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -am_gost2814789t_OBJECTS = gost2814789t.$(OBJEXT) -gost2814789t_OBJECTS = $(am_gost2814789t_OBJECTS) -gost2814789t_LDADD = $(LDADD) -gost2814789t_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) am_handshake_table_OBJECTS = handshake_table.$(OBJEXT) handshake_table_OBJECTS = $(am_handshake_table_OBJECTS) handshake_table_LDADD = $(LDADD) @@ -749,6 +750,11 @@ sha_test_OBJECTS = $(am_sha_test_OBJECTS) sha_test_LDADD = $(LDADD) sha_test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +am_shutdowntest_OBJECTS = shutdowntest.$(OBJEXT) +shutdowntest_OBJECTS = $(am_shutdowntest_OBJECTS) +shutdowntest_LDADD = $(LDADD) +shutdowntest_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am__signertest_SOURCES_DIST = signertest.c compat/pipe2.c @HAVE_PIPE2_FALSE@am__objects_2 = compat/signertest-pipe2.$(OBJEXT) am_signertest_OBJECTS = signertest-signertest.$(OBJEXT) \ @@ -798,11 +804,6 @@ ssltest_OBJECTS = $(am_ssltest_OBJECTS) ssltest_LDADD = $(LDADD) ssltest_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) -am_string_table_OBJECTS = string_table.$(OBJEXT) -string_table_OBJECTS = $(am_string_table_OBJECTS) -string_table_LDADD = $(LDADD) -string_table_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) am_timingsafe_OBJECTS = timingsafe.$(OBJEXT) timingsafe_OBJECTS = $(am_timingsafe_OBJECTS) timingsafe_LDADD = $(LDADD) @@ -857,6 +858,11 @@ x25519test_OBJECTS = $(am_x25519test_OBJECTS) x25519test_LDADD = $(LDADD) x25519test_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) +am_x509_algor_OBJECTS = x509_algor.$(OBJEXT) +x509_algor_OBJECTS = $(am_x509_algor_OBJECTS) +x509_algor_LDADD = $(LDADD) +x509_algor_DEPENDENCIES = libtest.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am_x509_asn1_OBJECTS = x509_asn1.$(OBJEXT) x509_asn1_OBJECTS = $(am_x509_asn1_OBJECTS) x509_asn1_LDADD = $(LDADD) @@ -907,11 +913,11 @@ am__depfiles_remade = ./$(DEPDIR)/aeadtest.Po ./$(DEPDIR)/aes_test.Po \ ./$(DEPDIR)/asn1test.Po ./$(DEPDIR)/asn1time.Po \ ./$(DEPDIR)/asn1x509.Po ./$(DEPDIR)/base64test.Po \ ./$(DEPDIR)/bf_test.Po ./$(DEPDIR)/bio_asn1.Po \ - ./$(DEPDIR)/bio_chain.Po ./$(DEPDIR)/bio_host.Po \ - ./$(DEPDIR)/bio_mem.Po ./$(DEPDIR)/bn_add_sub.Po \ - ./$(DEPDIR)/bn_cmp.Po ./$(DEPDIR)/bn_convert.Po \ - ./$(DEPDIR)/bn_gcd.Po ./$(DEPDIR)/bn_isqrt.Po \ - ./$(DEPDIR)/bn_mod_exp-bn_mod_exp.Po \ + ./$(DEPDIR)/bio_chain.Po ./$(DEPDIR)/bio_dump.Po \ + ./$(DEPDIR)/bio_host.Po ./$(DEPDIR)/bio_mem.Po \ + ./$(DEPDIR)/bn_add_sub.Po ./$(DEPDIR)/bn_cmp.Po \ + ./$(DEPDIR)/bn_convert.Po ./$(DEPDIR)/bn_gcd.Po \ + ./$(DEPDIR)/bn_isqrt.Po ./$(DEPDIR)/bn_mod_exp-bn_mod_exp.Po \ ./$(DEPDIR)/bn_mod_inverse.Po ./$(DEPDIR)/bn_mod_sqrt.Po \ ./$(DEPDIR)/bn_mont.Po ./$(DEPDIR)/bn_primes.Po \ ./$(DEPDIR)/bn_print.Po ./$(DEPDIR)/bn_shift.Po \ @@ -928,15 +934,14 @@ am__depfiles_remade = ./$(DEPDIR)/aeadtest.Po ./$(DEPDIR)/aes_test.Po \ ./$(DEPDIR)/ecc_cdh.Po ./$(DEPDIR)/ecdhtest.Po \ ./$(DEPDIR)/ecdsatest.Po ./$(DEPDIR)/ectest.Po \ ./$(DEPDIR)/ed25519test.Po ./$(DEPDIR)/empty.Plo \ - ./$(DEPDIR)/enginetest.Po ./$(DEPDIR)/evp_ecx_test.Po \ - ./$(DEPDIR)/evp_pkey_check.Po ./$(DEPDIR)/evp_pkey_cleanup.Po \ - ./$(DEPDIR)/evp_test.Po ./$(DEPDIR)/evptest.Po \ + ./$(DEPDIR)/evp_ecx_test.Po ./$(DEPDIR)/evp_pkey_check.Po \ + ./$(DEPDIR)/evp_pkey_cleanup.Po ./$(DEPDIR)/evp_test.Po \ + ./$(DEPDIR)/evptest.Po ./$(DEPDIR)/exdata_test.Po \ ./$(DEPDIR)/explicit_bzero.Po ./$(DEPDIR)/exportertest.Po \ ./$(DEPDIR)/freenull-freenull.Po ./$(DEPDIR)/gcm128test.Po \ - ./$(DEPDIR)/gost2814789t.Po ./$(DEPDIR)/handshake_table.Po \ - ./$(DEPDIR)/hkdf_test.Po ./$(DEPDIR)/hmactest.Po \ - ./$(DEPDIR)/ideatest.Po ./$(DEPDIR)/igetest.Po \ - ./$(DEPDIR)/key_schedule.Po \ + ./$(DEPDIR)/handshake_table.Po ./$(DEPDIR)/hkdf_test.Po \ + ./$(DEPDIR)/hmactest.Po ./$(DEPDIR)/ideatest.Po \ + ./$(DEPDIR)/igetest.Po ./$(DEPDIR)/key_schedule.Po \ ./$(DEPDIR)/keypairtest-keypairtest.Po ./$(DEPDIR)/md_test.Po \ ./$(DEPDIR)/objectstest.Po ./$(DEPDIR)/ocsp_test.Po \ ./$(DEPDIR)/optionstest.Po ./$(DEPDIR)/pbkdf2.Po \ @@ -948,22 +953,23 @@ am__depfiles_remade = ./$(DEPDIR)/aeadtest.Po ./$(DEPDIR)/aes_test.Po \ ./$(DEPDIR)/recordtest.Po ./$(DEPDIR)/rfc3779-rfc3779.Po \ ./$(DEPDIR)/rfc5280time.Po ./$(DEPDIR)/rmd_test.Po \ ./$(DEPDIR)/rsa_test.Po ./$(DEPDIR)/servertest.Po \ - ./$(DEPDIR)/sha_test.Po ./$(DEPDIR)/signertest-signertest.Po \ - ./$(DEPDIR)/sm3test.Po ./$(DEPDIR)/sm4test.Po \ + ./$(DEPDIR)/sha_test.Po ./$(DEPDIR)/shutdowntest.Po \ + ./$(DEPDIR)/signertest-signertest.Po ./$(DEPDIR)/sm3test.Po \ + ./$(DEPDIR)/sm4test.Po \ ./$(DEPDIR)/ssl_get_shared_ciphers-ssl_get_shared_ciphers.Po \ ./$(DEPDIR)/ssl_methods.Po ./$(DEPDIR)/ssl_set_alpn_protos.Po \ ./$(DEPDIR)/ssl_verify_param.Po ./$(DEPDIR)/ssl_versions.Po \ - ./$(DEPDIR)/ssltest.Po ./$(DEPDIR)/string_table.Po \ - ./$(DEPDIR)/timingsafe.Po ./$(DEPDIR)/tls_ext_alpn.Po \ - ./$(DEPDIR)/tls_prf.Po ./$(DEPDIR)/tlsexttest.Po \ - ./$(DEPDIR)/tlslegacytest.Po ./$(DEPDIR)/tlstest.Po \ - ./$(DEPDIR)/utf8test.Po \ + ./$(DEPDIR)/ssltest.Po ./$(DEPDIR)/timingsafe.Po \ + ./$(DEPDIR)/tls_ext_alpn.Po ./$(DEPDIR)/tls_prf.Po \ + ./$(DEPDIR)/tlsexttest.Po ./$(DEPDIR)/tlslegacytest.Po \ + ./$(DEPDIR)/tlstest.Po ./$(DEPDIR)/utf8test.Po \ ./$(DEPDIR)/valid_handshakes_terminate.Po \ ./$(DEPDIR)/verifytest.Po ./$(DEPDIR)/x25519test.Po \ - ./$(DEPDIR)/x509_asn1.Po ./$(DEPDIR)/x509_info.Po \ - ./$(DEPDIR)/x509attribute.Po ./$(DEPDIR)/x509name.Po \ - ./$(DEPDIR)/x509req_ext.Po compat/$(DEPDIR)/memmem.Po \ - compat/$(DEPDIR)/pipe2.Po compat/$(DEPDIR)/signertest-pipe2.Po + ./$(DEPDIR)/x509_algor.Po ./$(DEPDIR)/x509_asn1.Po \ + ./$(DEPDIR)/x509_info.Po ./$(DEPDIR)/x509attribute.Po \ + ./$(DEPDIR)/x509name.Po ./$(DEPDIR)/x509req_ext.Po \ + compat/$(DEPDIR)/memmem.Po compat/$(DEPDIR)/pipe2.Po \ + compat/$(DEPDIR)/signertest-pipe2.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -991,9 +997,9 @@ SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ $(asn1string_copy_SOURCES) $(asn1test_SOURCES) \ $(asn1time_SOURCES) $(asn1x509_SOURCES) $(base64test_SOURCES) \ $(bf_test_SOURCES) $(bio_asn1_SOURCES) $(bio_chain_SOURCES) \ - $(bio_host_SOURCES) $(bio_mem_SOURCES) $(bn_add_sub_SOURCES) \ - $(bn_cmp_SOURCES) $(bn_convert_SOURCES) $(bn_gcd_SOURCES) \ - $(bn_isqrt_SOURCES) $(bn_mod_exp_SOURCES) \ + $(bio_dump_SOURCES) $(bio_host_SOURCES) $(bio_mem_SOURCES) \ + $(bn_add_sub_SOURCES) $(bn_cmp_SOURCES) $(bn_convert_SOURCES) \ + $(bn_gcd_SOURCES) $(bn_isqrt_SOURCES) $(bn_mod_exp_SOURCES) \ $(bn_mod_inverse_SOURCES) $(bn_mod_sqrt_SOURCES) \ $(bn_mont_SOURCES) $(bn_primes_SOURCES) $(bn_print_SOURCES) \ $(bn_shift_SOURCES) $(bn_test_SOURCES) $(bn_to_string_SOURCES) \ @@ -1006,12 +1012,11 @@ SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ $(dhtest_SOURCES) $(dsatest_SOURCES) $(ec_asn1_test_SOURCES) \ $(ec_point_conversion_SOURCES) $(ecc_cdh_SOURCES) \ $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) $(ectest_SOURCES) \ - $(ed25519test_SOURCES) $(enginetest_SOURCES) \ - $(evp_ecx_test_SOURCES) $(evp_pkey_check_SOURCES) \ - $(evp_pkey_cleanup_SOURCES) $(evp_test_SOURCES) \ - $(evptest_SOURCES) $(explicit_bzero_SOURCES) \ - $(exportertest_SOURCES) $(freenull_SOURCES) \ - $(gcm128test_SOURCES) $(gost2814789t_SOURCES) \ + $(ed25519test_SOURCES) $(evp_ecx_test_SOURCES) \ + $(evp_pkey_check_SOURCES) $(evp_pkey_cleanup_SOURCES) \ + $(evp_test_SOURCES) $(evptest_SOURCES) $(exdata_test_SOURCES) \ + $(explicit_bzero_SOURCES) $(exportertest_SOURCES) \ + $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(handshake_table_SOURCES) $(hkdftest_SOURCES) \ $(hmactest_SOURCES) $(ideatest_SOURCES) $(igetest_SOURCES) \ $(key_schedule_SOURCES) $(keypairtest_SOURCES) \ @@ -1023,16 +1028,17 @@ SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ $(rfc3779_SOURCES) $(rfc5280time_SOURCES) $(rmd_test_SOURCES) \ $(rsa_test_SOURCES) $(servertest_SOURCES) $(sha_test_SOURCES) \ - $(signertest_SOURCES) $(sm3test_SOURCES) $(sm4test_SOURCES) \ + $(shutdowntest_SOURCES) $(signertest_SOURCES) \ + $(sm3test_SOURCES) $(sm4test_SOURCES) \ $(ssl_get_shared_ciphers_SOURCES) $(ssl_methods_SOURCES) \ $(ssl_set_alpn_protos_SOURCES) $(ssl_verify_param_SOURCES) \ $(ssl_versions_SOURCES) $(ssltest_SOURCES) \ - $(string_table_SOURCES) $(timingsafe_SOURCES) \ - $(tls_ext_alpn_SOURCES) $(tls_prf_SOURCES) \ - $(tlsexttest_SOURCES) $(tlslegacytest_SOURCES) \ - $(tlstest_SOURCES) $(utf8test_SOURCES) \ - $(valid_handshakes_terminate_SOURCES) $(verifytest_SOURCES) \ - $(x25519test_SOURCES) $(x509_asn1_SOURCES) \ + $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ + $(tls_prf_SOURCES) $(tlsexttest_SOURCES) \ + $(tlslegacytest_SOURCES) $(tlstest_SOURCES) \ + $(utf8test_SOURCES) $(valid_handshakes_terminate_SOURCES) \ + $(verifytest_SOURCES) $(x25519test_SOURCES) \ + $(x509_algor_SOURCES) $(x509_asn1_SOURCES) \ $(x509_info_SOURCES) $(x509attribute_SOURCES) \ $(x509name_SOURCES) $(x509req_ext_SOURCES) DIST_SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ @@ -1044,27 +1050,26 @@ DIST_SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ $(asn1string_copy_SOURCES) $(asn1test_SOURCES) \ $(asn1time_SOURCES) $(asn1x509_SOURCES) $(base64test_SOURCES) \ $(bf_test_SOURCES) $(bio_asn1_SOURCES) $(bio_chain_SOURCES) \ - $(am__bio_host_SOURCES_DIST) $(bio_mem_SOURCES) \ - $(bn_add_sub_SOURCES) $(bn_cmp_SOURCES) $(bn_convert_SOURCES) \ - $(bn_gcd_SOURCES) $(bn_isqrt_SOURCES) $(bn_mod_exp_SOURCES) \ - $(bn_mod_inverse_SOURCES) $(bn_mod_sqrt_SOURCES) \ - $(bn_mont_SOURCES) $(bn_primes_SOURCES) $(bn_print_SOURCES) \ - $(bn_shift_SOURCES) $(bn_test_SOURCES) $(bn_to_string_SOURCES) \ - $(bn_unit_SOURCES) $(bn_word_SOURCES) $(buffertest_SOURCES) \ - $(bytestringtest_SOURCES) $(casttest_SOURCES) \ - $(chachatest_SOURCES) $(cipher_list_SOURCES) \ - $(cipherstest_SOURCES) $(clienttest_SOURCES) \ - $(cmstest_SOURCES) $(configtest_SOURCES) \ + $(bio_dump_SOURCES) $(am__bio_host_SOURCES_DIST) \ + $(bio_mem_SOURCES) $(bn_add_sub_SOURCES) $(bn_cmp_SOURCES) \ + $(bn_convert_SOURCES) $(bn_gcd_SOURCES) $(bn_isqrt_SOURCES) \ + $(bn_mod_exp_SOURCES) $(bn_mod_inverse_SOURCES) \ + $(bn_mod_sqrt_SOURCES) $(bn_mont_SOURCES) $(bn_primes_SOURCES) \ + $(bn_print_SOURCES) $(bn_shift_SOURCES) $(bn_test_SOURCES) \ + $(bn_to_string_SOURCES) $(bn_unit_SOURCES) $(bn_word_SOURCES) \ + $(buffertest_SOURCES) $(bytestringtest_SOURCES) \ + $(casttest_SOURCES) $(chachatest_SOURCES) \ + $(cipher_list_SOURCES) $(cipherstest_SOURCES) \ + $(clienttest_SOURCES) $(cmstest_SOURCES) $(configtest_SOURCES) \ $(constraints_SOURCES) $(cttest_SOURCES) $(destest_SOURCES) \ $(dhtest_SOURCES) $(dsatest_SOURCES) $(ec_asn1_test_SOURCES) \ $(ec_point_conversion_SOURCES) $(ecc_cdh_SOURCES) \ $(ecdhtest_SOURCES) $(ecdsatest_SOURCES) $(ectest_SOURCES) \ - $(ed25519test_SOURCES) $(enginetest_SOURCES) \ - $(evp_ecx_test_SOURCES) $(evp_pkey_check_SOURCES) \ - $(evp_pkey_cleanup_SOURCES) $(evp_test_SOURCES) \ - $(evptest_SOURCES) $(am__explicit_bzero_SOURCES_DIST) \ - $(exportertest_SOURCES) $(freenull_SOURCES) \ - $(gcm128test_SOURCES) $(gost2814789t_SOURCES) \ + $(ed25519test_SOURCES) $(evp_ecx_test_SOURCES) \ + $(evp_pkey_check_SOURCES) $(evp_pkey_cleanup_SOURCES) \ + $(evp_test_SOURCES) $(evptest_SOURCES) $(exdata_test_SOURCES) \ + $(am__explicit_bzero_SOURCES_DIST) $(exportertest_SOURCES) \ + $(freenull_SOURCES) $(gcm128test_SOURCES) \ $(handshake_table_SOURCES) $(hkdftest_SOURCES) \ $(hmactest_SOURCES) $(ideatest_SOURCES) $(igetest_SOURCES) \ $(key_schedule_SOURCES) $(keypairtest_SOURCES) \ @@ -1077,19 +1082,19 @@ DIST_SOURCES = $(libtest_la_SOURCES) $(aeadtest_SOURCES) \ $(record_layer_test_SOURCES) $(recordtest_SOURCES) \ $(rfc3779_SOURCES) $(rfc5280time_SOURCES) $(rmd_test_SOURCES) \ $(rsa_test_SOURCES) $(servertest_SOURCES) $(sha_test_SOURCES) \ - $(am__signertest_SOURCES_DIST) $(sm3test_SOURCES) \ - $(sm4test_SOURCES) $(ssl_get_shared_ciphers_SOURCES) \ - $(ssl_methods_SOURCES) $(ssl_set_alpn_protos_SOURCES) \ - $(ssl_verify_param_SOURCES) $(ssl_versions_SOURCES) \ - $(ssltest_SOURCES) $(string_table_SOURCES) \ + $(shutdowntest_SOURCES) $(am__signertest_SOURCES_DIST) \ + $(sm3test_SOURCES) $(sm4test_SOURCES) \ + $(ssl_get_shared_ciphers_SOURCES) $(ssl_methods_SOURCES) \ + $(ssl_set_alpn_protos_SOURCES) $(ssl_verify_param_SOURCES) \ + $(ssl_versions_SOURCES) $(ssltest_SOURCES) \ $(timingsafe_SOURCES) $(tls_ext_alpn_SOURCES) \ $(tls_prf_SOURCES) $(tlsexttest_SOURCES) \ $(tlslegacytest_SOURCES) $(am__tlstest_SOURCES_DIST) \ $(utf8test_SOURCES) $(valid_handshakes_terminate_SOURCES) \ $(verifytest_SOURCES) $(x25519test_SOURCES) \ - $(x509_asn1_SOURCES) $(x509_info_SOURCES) \ - $(x509attribute_SOURCES) $(x509name_SOURCES) \ - $(x509req_ext_SOURCES) + $(x509_algor_SOURCES) $(x509_asn1_SOURCES) \ + $(x509_info_SOURCES) $(x509attribute_SOURCES) \ + $(x509name_SOURCES) $(x509req_ext_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -1490,22 +1495,21 @@ EXTRA_DIST = CMakeLists.txt aeadtest.sh aeadtests.txt \ policy_root.pem policy_root2.pem \ policy_root_cross_inhibit_mapping.pem pq_test.sh pq_test.bat \ pq_expected.txt quictest.sh quictest.bat \ - rfc5280time_small.test servertest.sh servertest.bat ssltest.sh \ - ssltest.bat testssl testssl.bat ca-int-ecdsa.crl \ - ca-int-ecdsa.pem ca-int-rsa.crl ca-int-rsa.pem \ - ca-root-ecdsa.pem ca-root-rsa.pem ca.pem client.pem \ - client1-ecdsa-chain.pem client1-ecdsa.pem \ + rfc5280time_small.test servertest.sh servertest.bat \ + shutdowntest.sh shutdowntest.bat ssltest.sh ssltest.bat \ + testssl testssl.bat ca-int-ecdsa.crl ca-int-ecdsa.pem \ + ca-int-rsa.crl ca-int-rsa.pem ca-root-ecdsa.pem \ + ca-root-rsa.pem client1-ecdsa-chain.pem client1-ecdsa.pem \ client1-rsa-chain.pem client1-rsa.pem client2-ecdsa-chain.pem \ client2-ecdsa.pem client2-rsa-chain.pem client2-rsa.pem \ client3-ecdsa-chain.pem client3-ecdsa.pem \ - client3-rsa-chain.pem client3-rsa.pem server.pem \ - server1-ecdsa-chain.pem server1-ecdsa.pem \ - server1-rsa-chain.pem server1-rsa.pem server2-ecdsa-chain.pem \ - server2-ecdsa.pem server2-rsa-chain.pem server2-rsa.pem \ - server3-ecdsa-chain.pem server3-ecdsa.pem \ - server3-rsa-chain.pem server3-rsa.pem testdsa.sh testdsa.bat \ - openssl.cnf testenc.sh testenc.bat testrsa.sh testrsa.bat \ - tlstest.sh tlstest.bat + client3-rsa-chain.pem client3-rsa.pem server1-ecdsa-chain.pem \ + server1-ecdsa.pem server1-rsa-chain.pem server1-rsa.pem \ + server2-ecdsa-chain.pem server2-ecdsa.pem \ + server2-rsa-chain.pem server2-rsa.pem server3-ecdsa-chain.pem \ + server3-ecdsa.pem server3-rsa-chain.pem server3-rsa.pem \ + testdsa.sh testdsa.bat openssl.cnf testenc.sh testenc.bat \ + testrsa.sh testrsa.bat tlstest.sh tlstest.bat DISTCLEANFILES = pidwraptest.txt aeadtest_SOURCES = aeadtest.c aes_test_SOURCES = aes_test.c @@ -1528,6 +1532,7 @@ base64test_SOURCES = base64test.c bf_test_SOURCES = bf_test.c bio_asn1_SOURCES = bio_asn1.c bio_chain_SOURCES = bio_chain.c +bio_dump_SOURCES = bio_dump.c @ENABLE_EXTRATESTS_TRUE@bio_host_SOURCES = bio_host.c bio_mem_SOURCES = bio_mem.c bn_add_sub_SOURCES = bn_add_sub.c @@ -1571,12 +1576,12 @@ ecdhtest_SOURCES = ecdhtest.c ecdsatest_SOURCES = ecdsatest.c ectest_SOURCES = ectest.c ed25519test_SOURCES = ed25519test.c -enginetest_SOURCES = enginetest.c evp_ecx_test_SOURCES = evp_ecx_test.c evp_pkey_check_SOURCES = evp_pkey_check.c evp_pkey_cleanup_SOURCES = evp_pkey_cleanup.c evptest_SOURCES = evptest.c evp_test_SOURCES = evp_test.c +exdata_test_SOURCES = exdata_test.c @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@explicit_bzero_SOURCES = \ @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@ explicit_bzero.c \ @HOST_CYGWIN_FALSE@@HOST_WIN_FALSE@ $(am__append_7) @@ -1584,7 +1589,6 @@ exportertest_SOURCES = exportertest.c freenull_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL freenull_SOURCES = freenull.c gcm128test_SOURCES = gcm128test.c -gost2814789t_SOURCES = gost2814789t.c handshake_table_SOURCES = handshake_table.c hkdftest_SOURCES = hkdf_test.c hmactest_SOURCES = hmactest.c @@ -1617,6 +1621,7 @@ rmd_test_SOURCES = rmd_test.c rsa_test_SOURCES = rsa_test.c servertest_SOURCES = servertest.c sha_test_SOURCES = sha_test.c +shutdowntest_SOURCES = shutdowntest.c signertest_CPPFLAGS = -I $(top_srcdir)/tls $(AM_CPPFLAGS) -DCERTSDIR=\"$(srcdir)\" signertest_SOURCES = signertest.c $(am__append_14) sm3test_SOURCES = sm3test.c @@ -1628,7 +1633,6 @@ ssl_set_alpn_protos_SOURCES = ssl_set_alpn_protos.c ssl_verify_param_SOURCES = ssl_verify_param.c ssl_versions_SOURCES = ssl_versions.c ssltest_SOURCES = ssltest.c -string_table_SOURCES = string_table.c timingsafe_SOURCES = timingsafe.c tlsexttest_SOURCES = tlsexttest.c tlslegacytest_SOURCES = tlslegacytest.c @@ -1640,6 +1644,7 @@ valid_handshakes_terminate_SOURCES = valid_handshakes_terminate.c verifytest_SOURCES = verifytest.c x25519test_SOURCES = x25519test.c x509attribute_SOURCES = x509attribute.c +x509_algor_SOURCES = x509_algor.c x509_asn1_SOURCES = x509_asn1.c x509_info_SOURCES = x509_info.c x509name_SOURCES = x509name.c @@ -1782,6 +1787,10 @@ bio_chain$(EXEEXT): $(bio_chain_OBJECTS) $(bio_chain_DEPENDENCIES) $(EXTRA_bio_c @rm -f bio_chain$(EXEEXT) $(AM_V_CCLD)$(LINK) $(bio_chain_OBJECTS) $(bio_chain_LDADD) $(LIBS) +bio_dump$(EXEEXT): $(bio_dump_OBJECTS) $(bio_dump_DEPENDENCIES) $(EXTRA_bio_dump_DEPENDENCIES) + @rm -f bio_dump$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(bio_dump_OBJECTS) $(bio_dump_LDADD) $(LIBS) + bio_host$(EXEEXT): $(bio_host_OBJECTS) $(bio_host_DEPENDENCIES) $(EXTRA_bio_host_DEPENDENCIES) @rm -f bio_host$(EXEEXT) $(AM_V_CCLD)$(LINK) $(bio_host_OBJECTS) $(bio_host_LDADD) $(LIBS) @@ -1938,10 +1947,6 @@ ed25519test$(EXEEXT): $(ed25519test_OBJECTS) $(ed25519test_DEPENDENCIES) $(EXTRA @rm -f ed25519test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ed25519test_OBJECTS) $(ed25519test_LDADD) $(LIBS) -enginetest$(EXEEXT): $(enginetest_OBJECTS) $(enginetest_DEPENDENCIES) $(EXTRA_enginetest_DEPENDENCIES) - @rm -f enginetest$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(enginetest_OBJECTS) $(enginetest_LDADD) $(LIBS) - evp_ecx_test$(EXEEXT): $(evp_ecx_test_OBJECTS) $(evp_ecx_test_DEPENDENCIES) $(EXTRA_evp_ecx_test_DEPENDENCIES) @rm -f evp_ecx_test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(evp_ecx_test_OBJECTS) $(evp_ecx_test_LDADD) $(LIBS) @@ -1961,6 +1966,10 @@ evp_test$(EXEEXT): $(evp_test_OBJECTS) $(evp_test_DEPENDENCIES) $(EXTRA_evp_test evptest$(EXEEXT): $(evptest_OBJECTS) $(evptest_DEPENDENCIES) $(EXTRA_evptest_DEPENDENCIES) @rm -f evptest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(evptest_OBJECTS) $(evptest_LDADD) $(LIBS) + +exdata_test$(EXEEXT): $(exdata_test_OBJECTS) $(exdata_test_DEPENDENCIES) $(EXTRA_exdata_test_DEPENDENCIES) + @rm -f exdata_test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(exdata_test_OBJECTS) $(exdata_test_LDADD) $(LIBS) compat/$(am__dirstamp): @$(MKDIR_P) compat @: > compat/$(am__dirstamp) @@ -1986,10 +1995,6 @@ gcm128test$(EXEEXT): $(gcm128test_OBJECTS) $(gcm128test_DEPENDENCIES) $(EXTRA_gc @rm -f gcm128test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(gcm128test_OBJECTS) $(gcm128test_LDADD) $(LIBS) -gost2814789t$(EXEEXT): $(gost2814789t_OBJECTS) $(gost2814789t_DEPENDENCIES) $(EXTRA_gost2814789t_DEPENDENCIES) - @rm -f gost2814789t$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(gost2814789t_OBJECTS) $(gost2814789t_LDADD) $(LIBS) - handshake_table$(EXEEXT): $(handshake_table_OBJECTS) $(handshake_table_DEPENDENCIES) $(EXTRA_handshake_table_DEPENDENCIES) @rm -f handshake_table$(EXEEXT) $(AM_V_CCLD)$(LINK) $(handshake_table_OBJECTS) $(handshake_table_LDADD) $(LIBS) @@ -2105,6 +2110,10 @@ servertest$(EXEEXT): $(servertest_OBJECTS) $(servertest_DEPENDENCIES) $(EXTRA_se sha_test$(EXEEXT): $(sha_test_OBJECTS) $(sha_test_DEPENDENCIES) $(EXTRA_sha_test_DEPENDENCIES) @rm -f sha_test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sha_test_OBJECTS) $(sha_test_LDADD) $(LIBS) + +shutdowntest$(EXEEXT): $(shutdowntest_OBJECTS) $(shutdowntest_DEPENDENCIES) $(EXTRA_shutdowntest_DEPENDENCIES) + @rm -f shutdowntest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(shutdowntest_OBJECTS) $(shutdowntest_LDADD) $(LIBS) compat/signertest-pipe2.$(OBJEXT): compat/$(am__dirstamp) \ compat/$(DEPDIR)/$(am__dirstamp) @@ -2144,10 +2153,6 @@ ssltest$(EXEEXT): $(ssltest_OBJECTS) $(ssltest_DEPENDENCIES) $(EXTRA_ssltest_DEP @rm -f ssltest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ssltest_OBJECTS) $(ssltest_LDADD) $(LIBS) -string_table$(EXEEXT): $(string_table_OBJECTS) $(string_table_DEPENDENCIES) $(EXTRA_string_table_DEPENDENCIES) - @rm -f string_table$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(string_table_OBJECTS) $(string_table_LDADD) $(LIBS) - timingsafe$(EXEEXT): $(timingsafe_OBJECTS) $(timingsafe_DEPENDENCIES) $(EXTRA_timingsafe_DEPENDENCIES) @rm -f timingsafe$(EXEEXT) $(AM_V_CCLD)$(LINK) $(timingsafe_OBJECTS) $(timingsafe_LDADD) $(LIBS) @@ -2190,6 +2195,10 @@ x25519test$(EXEEXT): $(x25519test_OBJECTS) $(x25519test_DEPENDENCIES) $(EXTRA_x2 @rm -f x25519test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(x25519test_OBJECTS) $(x25519test_LDADD) $(LIBS) +x509_algor$(EXEEXT): $(x509_algor_OBJECTS) $(x509_algor_DEPENDENCIES) $(EXTRA_x509_algor_DEPENDENCIES) + @rm -f x509_algor$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_algor_OBJECTS) $(x509_algor_LDADD) $(LIBS) + x509_asn1$(EXEEXT): $(x509_asn1_OBJECTS) $(x509_asn1_DEPENDENCIES) $(EXTRA_x509_asn1_DEPENDENCIES) @rm -f x509_asn1$(EXEEXT) $(AM_V_CCLD)$(LINK) $(x509_asn1_OBJECTS) $(x509_asn1_LDADD) $(LIBS) @@ -2237,6 +2246,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bf_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_asn1.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_chain.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_dump.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_host.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_mem.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn_add_sub.Po@am__quote@ # am--include-marker @@ -2277,17 +2287,16 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ectest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ed25519test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/empty.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enginetest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_ecx_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_pkey_check.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_pkey_cleanup.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evp_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/evptest.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exdata_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/explicit_bzero.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exportertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/freenull-freenull.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm128test.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gost2814789t.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake_table.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hkdf_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmactest.Po@am__quote@ # am--include-marker @@ -2317,6 +2326,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/servertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha_test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shutdowntest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signertest-signertest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm3test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm4test.Po@am__quote@ # am--include-marker @@ -2326,7 +2336,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_verify_param.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl_versions.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssltest.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string_table.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timingsafe.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_ext_alpn.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls_prf.Po@am__quote@ # am--include-marker @@ -2337,6 +2346,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/valid_handshakes_terminate.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verifytest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x25519test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_algor.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_asn1.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_info.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509attribute.Po@am__quote@ # am--include-marker @@ -2869,6 +2879,13 @@ bio_chain.log: bio_chain$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +bio_dump.log: bio_dump$(EXEEXT) + @p='bio_dump$(EXEEXT)'; \ + b='bio_dump'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) bio_host.log: bio_host$(EXEEXT) @p='bio_host$(EXEEXT)'; \ b='bio_host'; \ @@ -3142,13 +3159,6 @@ ed25519test.log: ed25519test$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -enginetest.log: enginetest$(EXEEXT) - @p='enginetest$(EXEEXT)'; \ - b='enginetest'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) evp_ecx_test.log: evp_ecx_test$(EXEEXT) @p='evp_ecx_test$(EXEEXT)'; \ b='evp_ecx_test'; \ @@ -3184,6 +3194,13 @@ evp_test.log: evp_test$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +exdata_test.log: exdata_test$(EXEEXT) + @p='exdata_test$(EXEEXT)'; \ + b='exdata_test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) explicit_bzero.log: explicit_bzero$(EXEEXT) @p='explicit_bzero$(EXEEXT)'; \ b='explicit_bzero'; \ @@ -3212,13 +3229,6 @@ gcm128test.log: gcm128test$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -gost2814789t.log: gost2814789t$(EXEEXT) - @p='gost2814789t$(EXEEXT)'; \ - b='gost2814789t'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) handshake_table.log: handshake_table$(EXEEXT) @p='handshake_table$(EXEEXT)'; \ b='handshake_table'; \ @@ -3422,6 +3432,13 @@ sha_test.log: sha_test$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +shutdowntest.sh.log: shutdowntest.sh + @p='shutdowntest.sh'; \ + b='shutdowntest.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) signertest.log: signertest$(EXEEXT) @p='signertest$(EXEEXT)'; \ b='signertest'; \ @@ -3485,13 +3502,6 @@ ssltest.sh.log: ssltest.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -string_table.log: string_table$(EXEEXT) - @p='string_table$(EXEEXT)'; \ - b='string_table'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) testdsa.sh.log: testdsa.sh @p='testdsa.sh'; \ b='testdsa.sh'; \ @@ -3590,6 +3600,13 @@ x509attribute.log: x509attribute$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +x509_algor.log: x509_algor$(EXEEXT) + @p='x509_algor$(EXEEXT)'; \ + b='x509_algor'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) x509_asn1.log: x509_asn1$(EXEEXT) @p='x509_asn1$(EXEEXT)'; \ b='x509_asn1'; \ @@ -3733,6 +3750,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/bf_test.Po -rm -f ./$(DEPDIR)/bio_asn1.Po -rm -f ./$(DEPDIR)/bio_chain.Po + -rm -f ./$(DEPDIR)/bio_dump.Po -rm -f ./$(DEPDIR)/bio_host.Po -rm -f ./$(DEPDIR)/bio_mem.Po -rm -f ./$(DEPDIR)/bn_add_sub.Po @@ -3773,17 +3791,16 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/ectest.Po -rm -f ./$(DEPDIR)/ed25519test.Po -rm -f ./$(DEPDIR)/empty.Plo - -rm -f ./$(DEPDIR)/enginetest.Po -rm -f ./$(DEPDIR)/evp_ecx_test.Po -rm -f ./$(DEPDIR)/evp_pkey_check.Po -rm -f ./$(DEPDIR)/evp_pkey_cleanup.Po -rm -f ./$(DEPDIR)/evp_test.Po -rm -f ./$(DEPDIR)/evptest.Po + -rm -f ./$(DEPDIR)/exdata_test.Po -rm -f ./$(DEPDIR)/explicit_bzero.Po -rm -f ./$(DEPDIR)/exportertest.Po -rm -f ./$(DEPDIR)/freenull-freenull.Po -rm -f ./$(DEPDIR)/gcm128test.Po - -rm -f ./$(DEPDIR)/gost2814789t.Po -rm -f ./$(DEPDIR)/handshake_table.Po -rm -f ./$(DEPDIR)/hkdf_test.Po -rm -f ./$(DEPDIR)/hmactest.Po @@ -3813,6 +3830,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha_test.Po + -rm -f ./$(DEPDIR)/shutdowntest.Po -rm -f ./$(DEPDIR)/signertest-signertest.Po -rm -f ./$(DEPDIR)/sm3test.Po -rm -f ./$(DEPDIR)/sm4test.Po @@ -3822,7 +3840,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/ssl_verify_param.Po -rm -f ./$(DEPDIR)/ssl_versions.Po -rm -f ./$(DEPDIR)/ssltest.Po - -rm -f ./$(DEPDIR)/string_table.Po -rm -f ./$(DEPDIR)/timingsafe.Po -rm -f ./$(DEPDIR)/tls_ext_alpn.Po -rm -f ./$(DEPDIR)/tls_prf.Po @@ -3833,6 +3850,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/valid_handshakes_terminate.Po -rm -f ./$(DEPDIR)/verifytest.Po -rm -f ./$(DEPDIR)/x25519test.Po + -rm -f ./$(DEPDIR)/x509_algor.Po -rm -f ./$(DEPDIR)/x509_asn1.Po -rm -f ./$(DEPDIR)/x509_info.Po -rm -f ./$(DEPDIR)/x509attribute.Po @@ -3906,6 +3924,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/bf_test.Po -rm -f ./$(DEPDIR)/bio_asn1.Po -rm -f ./$(DEPDIR)/bio_chain.Po + -rm -f ./$(DEPDIR)/bio_dump.Po -rm -f ./$(DEPDIR)/bio_host.Po -rm -f ./$(DEPDIR)/bio_mem.Po -rm -f ./$(DEPDIR)/bn_add_sub.Po @@ -3946,17 +3965,16 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/ectest.Po -rm -f ./$(DEPDIR)/ed25519test.Po -rm -f ./$(DEPDIR)/empty.Plo - -rm -f ./$(DEPDIR)/enginetest.Po -rm -f ./$(DEPDIR)/evp_ecx_test.Po -rm -f ./$(DEPDIR)/evp_pkey_check.Po -rm -f ./$(DEPDIR)/evp_pkey_cleanup.Po -rm -f ./$(DEPDIR)/evp_test.Po -rm -f ./$(DEPDIR)/evptest.Po + -rm -f ./$(DEPDIR)/exdata_test.Po -rm -f ./$(DEPDIR)/explicit_bzero.Po -rm -f ./$(DEPDIR)/exportertest.Po -rm -f ./$(DEPDIR)/freenull-freenull.Po -rm -f ./$(DEPDIR)/gcm128test.Po - -rm -f ./$(DEPDIR)/gost2814789t.Po -rm -f ./$(DEPDIR)/handshake_table.Po -rm -f ./$(DEPDIR)/hkdf_test.Po -rm -f ./$(DEPDIR)/hmactest.Po @@ -3986,6 +4004,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/rsa_test.Po -rm -f ./$(DEPDIR)/servertest.Po -rm -f ./$(DEPDIR)/sha_test.Po + -rm -f ./$(DEPDIR)/shutdowntest.Po -rm -f ./$(DEPDIR)/signertest-signertest.Po -rm -f ./$(DEPDIR)/sm3test.Po -rm -f ./$(DEPDIR)/sm4test.Po @@ -3995,7 +4014,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/ssl_verify_param.Po -rm -f ./$(DEPDIR)/ssl_versions.Po -rm -f ./$(DEPDIR)/ssltest.Po - -rm -f ./$(DEPDIR)/string_table.Po -rm -f ./$(DEPDIR)/timingsafe.Po -rm -f ./$(DEPDIR)/tls_ext_alpn.Po -rm -f ./$(DEPDIR)/tls_prf.Po @@ -4006,6 +4024,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/valid_handshakes_terminate.Po -rm -f ./$(DEPDIR)/verifytest.Po -rm -f ./$(DEPDIR)/x25519test.Po + -rm -f ./$(DEPDIR)/x509_algor.Po -rm -f ./$(DEPDIR)/x509_asn1.Po -rm -f ./$(DEPDIR)/x509_info.Po -rm -f ./$(DEPDIR)/x509attribute.Po diff --git a/tests/asn1basic.c b/tests/asn1basic.c index 5bcb9009..1a873bf2 100644 --- a/tests/asn1basic.c +++ b/tests/asn1basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1basic.c,v 1.15 2023/08/15 21:05:44 tb Exp $ */ +/* $OpenBSD: asn1basic.c,v 1.16 2024/02/04 13:07:02 tb Exp $ */ /* * Copyright (c) 2017, 2021 Joel Sing * Copyright (c) 2023 Theo Buehler @@ -699,7 +699,7 @@ asn1_integer_null_data_test(void) ASN1_INTEGER *aint = NULL; uint8_t *p = NULL, *pp; int len; - int failed = 0; + int failed = 1; if ((aint = ASN1_INTEGER_new()) == NULL) { fprintf(stderr, "FAIL: ASN1_INTEGER_new() == NULL\n"); diff --git a/tests/asn1time.c b/tests/asn1time.c index bb58f617..8208fcd1 100644 --- a/tests/asn1time.c +++ b/tests/asn1time.c @@ -1,6 +1,7 @@ -/* $OpenBSD: asn1time.c,v 1.20 2023/10/02 11:14:15 tb Exp $ */ +/* $OpenBSD: asn1time.c,v 1.25 2024/02/18 22:17:01 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing + * Copyright (c) 2024 Google Inc. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -16,11 +17,17 @@ */ #include +#include #include +#include #include #include +#include "asn1_local.h" + +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + struct asn1_time_test { const char *str; const char *data; @@ -527,10 +534,15 @@ asn1_time_compare_families(const struct asn1_time_test *fam1, size_t fam1_size, comparison_failure |= 1; } - /* - * XXX - add ASN1_UTCTIME_cmp_time_t later. Don't want - * to mess with LIBRESSL_INTERNAL right before lock. - */ + time_cmp = ASN1_UTCTIME_cmp_time_t(t1, att2->time); + if (t1->type != V_ASN1_UTCTIME) + asn1_cmp = -2; + if (time_cmp != asn1_cmp) { + fprintf(stderr, "%s vs. %lld: want %d, got %d\n", + att1->str, (long long)att2->time, + asn1_cmp, time_cmp); + comparison_failure |= 1; + } } } @@ -560,6 +572,203 @@ asn1_time_compare_test(void) return failed; } +static int +asn1_time_overflow(void) +{ + struct tm overflow_year = {0}, overflow_month = {0}; + struct tm copy, max_time = {0}, min_time = {0}, zero = {0}; + int64_t valid_time_range = INT64_C(315569519999); + int64_t posix_u64; + time_t posix_time; + int days, secs; + int failed = 1; + + overflow_year.tm_year = INT_MAX - 1899; + overflow_year.tm_mday = 1; + + overflow_month.tm_mon = INT_MAX; + overflow_month.tm_mday = 1; + + if (OPENSSL_tm_to_posix(&overflow_year, &posix_u64)) { + fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on " + "overflow of years\n"); + goto err; + } + if (OPENSSL_tm_to_posix(&overflow_month, &posix_u64)) { + fprintf(stderr, "FAIL: OPENSSL_tm_to_posix didn't fail on " + "overflow of months\n"); + goto err; + } + if (OPENSSL_timegm(&overflow_year, &posix_time)) { + fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on " + "overflow of years\n"); + goto err; + } + if (OPENSSL_timegm(&overflow_month, &posix_time)) { + fprintf(stderr, "FAIL: OPENSSL_timegm didn't fail on " + "overflow of months\n"); + goto err; + } + if (OPENSSL_gmtime_adj(&overflow_year, 0, 0)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on " + "overflow of years\n"); + goto err; + } + if (OPENSSL_gmtime_adj(&overflow_month, 0, 0)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj didn't fail on " + "overflow of months\n"); + goto err; + } + if (OPENSSL_gmtime_diff(&days, &secs, &overflow_year, &overflow_year)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on " + "overflow of years\n"); + goto err; + } + if (OPENSSL_gmtime_diff(&days, &secs, &overflow_month, &overflow_month)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_diff didn't fail on " + "overflow of months\n"); + goto err; + } + + /* Input time is in range but adding one second puts it out of range. */ + max_time.tm_year = 9999 - 1900; + max_time.tm_mon = 12 - 1; + max_time.tm_mday = 31; + max_time.tm_hour = 23; + max_time.tm_min = 59; + max_time.tm_sec = 59; + + copy = max_time; + if (!OPENSSL_gmtime_adj(©, 0, 0)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't " + "succeed for maximum time\n"); + goto err; + } + if (memcmp(©, &max_time, sizeof(max_time)) != 0) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't " + "leave copy of max_time unmodified\n"); + goto err; + } + if (OPENSSL_gmtime_adj(©, 0, 1)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't " + "fail for maximum time\n"); + goto err; + } + if (memcmp(&zero, ©, sizeof(copy)) != 0) { + fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't " + "zero out max_time\n"); + goto err; + } + + min_time.tm_year = 0 - 1900; + min_time.tm_mon = 1 - 1; + min_time.tm_mday = 1; + min_time.tm_hour = 0; + min_time.tm_min = 0; + min_time.tm_sec = 0; + + copy = min_time; + if (!OPENSSL_gmtime_adj(©, 0, 0)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't " + "succeed for minimum time\n"); + goto err; + } + if (memcmp(©, &min_time, sizeof(min_time)) != 0) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 0 sec didn't " + "leave copy of min_time unmodified\n"); + goto err; + } + if (OPENSSL_gmtime_adj(©, 0, -1)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by 1 sec didn't " + "fail for minimum time\n"); + goto err; + } + if (memcmp(&zero, ©, sizeof(copy)) != 0) { + fprintf(stderr, "FAIL: failing OPENSSL_gmtime_adj didn't " + "zero out max_time\n"); + goto err; + } + + copy = min_time; + /* Test that we can offset by the valid minimum and maximum times. */ + if (!OPENSSL_gmtime_adj(©, 0, valid_time_range)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range " + "failed\n"); + goto err; + } + if (memcmp(©, &max_time, sizeof(max_time)) != 0) { + fprintf(stderr, "FAIL: maximally adjusted copy didn't match " + "max_time\n"); + goto err; + } + if (!OPENSSL_gmtime_adj(©, 0, -valid_time_range)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range " + "failed\n"); + goto err; + } + if (memcmp(©, &min_time, sizeof(min_time)) != 0) { + fprintf(stderr, "FAIL: maximally adjusted copy didn't match " + "min_time\n"); + goto err; + } + + /* + * The second offset may even exceed the valid_time_range if it is + * cancelled out by offset_day. + */ + if (!OPENSSL_gmtime_adj(©, -1, valid_time_range + 24 * 3600)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range " + "failed\n"); + goto err; + } + if (memcmp(©, &max_time, sizeof(max_time)) != 0) { + fprintf(stderr, "FAIL: excess maximally adjusted copy didn't " + "match max_time\n"); + goto err; + } + if (!OPENSSL_gmtime_adj(©, 1, -valid_time_range - 24 * 3600)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_adj by maximum range " + "failed\n"); + goto err; + } + if (memcmp(©, &min_time, sizeof(min_time)) != 0) { + fprintf(stderr, "FAIL: excess maximally adjusted copy didn't " + "match min_time\n"); + goto err; + } + + copy = max_time; + if (OPENSSL_gmtime_adj(©, INT_MAX, INT64_MAX)) { + fprintf(stderr, "FAIL: maximal adjustments in OPENSSL_gmtime_adj" + "didn't fail\n"); + goto err; + } + copy = min_time; + if (OPENSSL_gmtime_adj(©, INT_MIN, INT64_MIN)) { + fprintf(stderr, "FAIL: minimal adjustments in OPENSSL_gmtime_adj" + "didn't fail\n"); + goto err; + } + + /* Test we can diff between maximum time and minimum time. */ + if (!OPENSSL_gmtime_diff(&days, &secs, &max_time, &min_time)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between maximum and " + "minimum time failed\n"); + goto err; + } + if (!OPENSSL_gmtime_diff(&days, &secs, &min_time, &max_time)) { + fprintf(stderr, "FAIL: OPENSSL_gmtime_diff between minimum and " + "maximum time failed\n"); + goto err; + } + + + failed = 0; + + err: + return failed; +} + int main(int argc, char **argv) { @@ -607,5 +816,8 @@ main(int argc, char **argv) /* Check for a leak in ASN1_TIME_normalize(). */ failed |= ASN1_TIME_normalize(NULL) != 0; + fprintf(stderr, "Time overflow tests...\n"); + failed |= asn1_time_overflow(); + return (failed); } diff --git a/tests/bio_dump.c b/tests/bio_dump.c new file mode 100644 index 00000000..22db80fa --- /dev/null +++ b/tests/bio_dump.c @@ -0,0 +1,835 @@ +/* $OpenBSD: bio_dump.c,v 1.4 2024/02/09 12:48:32 tb Exp $ */ +/* + * Copyright (c) 2024 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +const uint8_t dump[] = { + 0x74, 0x45, 0xc6, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x36, 0xd8, 0x61, 0x48, 0x68, 0x3c, 0xc0, 0x68, + 0xaa, 0x15, 0x57, 0x77, 0xe3, 0xec, 0xb4, 0x98, + 0xc6, 0x08, 0xfc, 0x59, 0xb3, 0x4f, 0x45, 0xcf, + 0x4b, 0xc2, 0xae, 0x98, 0xb5, 0xeb, 0xe0, 0xb5, + 0xc1, 0x68, 0xba, 0xcf, 0x7c, 0xf7, 0x7b, 0x38, + 0x43, 0x2f, 0xb9, 0x0e, 0x23, 0x02, 0xb9, 0x4f, + 0x8c, 0x26, 0xeb, 0xef, 0x70, 0x98, 0x82, 0xa7, + 0xb9, 0x78, 0xc5, 0x08, 0x96, 0x99, 0xb3, 0x84, + 0xa3, 0x4f, 0xfb, 0xd7, 0x38, 0xa9, 0xd9, 0xd4, + 0x53, 0x0f, 0x4f, 0x64, 0x97, 0xdf, 0xcf, 0xf3, + 0x4f, 0xc8, 0xd2, 0x56, 0x3f, 0x0d, 0x72, 0xd4, + 0x55, 0x98, 0x89, 0xb0, 0x45, 0x26, 0x3f, 0x7a, + 0xbd, 0x9d, 0x96, 0x15, 0xa2, 0x10, 0x14, 0x85, + 0xaa, 0xa1, 0x7c, 0x84, 0xfb, 0xc4, 0xa5, 0x7b, + 0xc6, 0xe3, 0xad, 0x85, 0x57, 0x96, 0xbb, 0x81, + 0x18, 0x0c, 0xed, 0x2f, 0xf7, 0x6a, 0x4c, 0x4d, + 0x59, 0xe1, 0xcc, 0xc5, 0x3a, 0x9f, 0x48, 0xfc, + 0x1d, 0x7c, 0x0d, 0xa4, 0x79, 0x96, 0xe7, 0x2b, + 0x39, 0x15, 0xf9, 0x3a, 0x6a, 0x5e, 0x7c, 0x4e, + 0xc9, 0x3b, 0xaf, 0xeb, 0x3b, 0xcf, 0x8d, 0x6a, + 0x57, 0xe6, 0xc5, 0xba, 0xbd, 0xa6, 0xa0, 0x6b, + 0x03, 0xd5, 0xa3, 0x9f, 0x99, 0x2a, 0xea, 0x88, + 0x72, 0x1b, 0x66, 0x6c, 0x5e, 0x1d, 0x49, 0xd5, + 0x1e, 0x1e, 0xcc, 0x1a, 0xb1, 0xd8, 0xf7, 0x91, + 0x1e, 0x1e, 0xcc, 0x1a, 0x20, 0x00, 0x20, 0x00, + 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, + 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, + 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, + 0x20, 0x00, 0x20, 0x00, 0x20, 0x00, +}; +#define DUMP_LEN (sizeof(dump) / sizeof(dump[0])) + +const uint8_t bytes[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, + 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, + 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, + 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, + 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, + 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, + 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, + 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, +}; +#define BYTES_LEN (sizeof(bytes) / sizeof(bytes[0])) + +static const struct bio_dump_testcase { + int indent; + const char *input; + int inlen; + const char *output; +} bio_dump_testcases[] = { + { + .indent = 0, + .input = "", + .inlen = 0, + .output = "", + }, + { + .indent = 0, + .input = "", + .inlen = 1, + .output = "0001 - \n", + }, + { + .indent = 6, + .input = " ", + .inlen = 1, + .output = " 0001 - \n", + }, + { + .indent = -1, + .input = "!", + .inlen = 1, + .output = +"0000 - 21 !\n", + }, + { + .indent = -1, + .input = "~", + .inlen = 1, + .output = +"0000 - 7e ~\n", + }, + { + .indent = 4, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00-00 00 00 00 00 00 00 00 tE. ............\n" +" 0010 - 36 d8 61 48 68 3c c0 68-aa 15 57 77 e3 ec b4 98 6.aHh<.h..Ww....\n" +" 0020 - c6 08 fc 59 b3 4f 45 cf-4b c2 ae 98 b5 eb e0 b5 ...Y.OE.K.......\n" +" 0030 - c1 68 ba cf 7c f7 7b 38-43 2f b9 0e 23 02 b9 4f .h..|.{8C/..#..O\n" +" 0040 - 8c 26 eb ef 70 98 82 a7-b9 78 c5 08 96 99 b3 84 .&..p....x......\n" +" 0050 - a3 4f fb d7 38 a9 d9 d4-53 0f 4f 64 97 df cf f3 .O..8...S.Od....\n" +" 0060 - 4f c8 d2 56 3f 0d 72 d4-55 98 89 b0 45 26 3f 7a O..V?.r.U...E&?z\n" +" 0070 - bd 9d 96 15 a2 10 14 85-aa a1 7c 84 fb c4 a5 7b ..........|....{\n" +" 0080 - c6 e3 ad 85 57 96 bb 81-18 0c ed 2f f7 6a 4c 4d ....W....../.jLM\n" +" 0090 - 59 e1 cc c5 3a 9f 48 fc-1d 7c 0d a4 79 96 e7 2b Y...:.H..|..y..+\n" +" 00a0 - 39 15 f9 3a 6a 5e 7c 4e-c9 3b af eb 3b cf 8d 6a 9..:j^|N.;..;..j\n" +" 00b0 - 57 e6 c5 ba bd a6 a0 6b-03 d5 a3 9f 99 2a ea 88 W......k.....*..\n" +" 00c0 - 72 1b 66 6c 5e 1d 49 d5-1e 1e cc 1a b1 d8 f7 91 r.fl^.I.........\n" +" 00d0 - 1e 1e cc 1a ....\n" +" 00f6 - \n", + }, + { + .indent = 11, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00-00 00 00 00 00 00 tE. ..........\n" +" 000e - 00 00 36 d8 61 48 68 3c-c0 68 aa 15 57 77 ..6.aHh<.h..Ww\n" +" 001c - e3 ec b4 98 c6 08 fc 59-b3 4f 45 cf 4b c2 .......Y.OE.K.\n" +" 002a - ae 98 b5 eb e0 b5 c1 68-ba cf 7c f7 7b 38 .......h..|.{8\n" +" 0038 - 43 2f b9 0e 23 02 b9 4f-8c 26 eb ef 70 98 C/..#..O.&..p.\n" +" 0046 - 82 a7 b9 78 c5 08 96 99-b3 84 a3 4f fb d7 ...x.......O..\n" +" 0054 - 38 a9 d9 d4 53 0f 4f 64-97 df cf f3 4f c8 8...S.Od....O.\n" +" 0062 - d2 56 3f 0d 72 d4 55 98-89 b0 45 26 3f 7a .V?.r.U...E&?z\n" +" 0070 - bd 9d 96 15 a2 10 14 85-aa a1 7c 84 fb c4 ..........|...\n" +" 007e - a5 7b c6 e3 ad 85 57 96-bb 81 18 0c ed 2f .{....W....../\n" +" 008c - f7 6a 4c 4d 59 e1 cc c5-3a 9f 48 fc 1d 7c .jLMY...:.H..|\n" +" 009a - 0d a4 79 96 e7 2b 39 15-f9 3a 6a 5e 7c 4e ..y..+9..:j^|N\n" +" 00a8 - c9 3b af eb 3b cf 8d 6a-57 e6 c5 ba bd a6 .;..;..jW.....\n" +" 00b6 - a0 6b 03 d5 a3 9f 99 2a-ea 88 72 1b 66 6c .k.....*..r.fl\n" +" 00c4 - 5e 1d 49 d5 1e 1e cc 1a-b1 d8 f7 91 1e 1e ^.I...........\n" +" 00d2 - cc 1a ..\n" +" 00f6 - \n", + }, + { + .indent = 18, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00-00 00 00 00 00 tE. .........\n" +" 000d - 00 00 00 36 d8 61 48 68-3c c0 68 aa 15 ...6.aHh<.h..\n" +" 001a - 57 77 e3 ec b4 98 c6 08-fc 59 b3 4f 45 Ww.......Y.OE\n" +" 0027 - cf 4b c2 ae 98 b5 eb e0-b5 c1 68 ba cf .K........h..\n" +" 0034 - 7c f7 7b 38 43 2f b9 0e-23 02 b9 4f 8c |.{8C/..#..O.\n" +" 0041 - 26 eb ef 70 98 82 a7 b9-78 c5 08 96 99 &..p....x....\n" +" 004e - b3 84 a3 4f fb d7 38 a9-d9 d4 53 0f 4f ...O..8...S.O\n" +" 005b - 64 97 df cf f3 4f c8 d2-56 3f 0d 72 d4 d....O..V?.r.\n" +" 0068 - 55 98 89 b0 45 26 3f 7a-bd 9d 96 15 a2 U...E&?z.....\n" +" 0075 - 10 14 85 aa a1 7c 84 fb-c4 a5 7b c6 e3 .....|....{..\n" +" 0082 - ad 85 57 96 bb 81 18 0c-ed 2f f7 6a 4c ..W....../.jL\n" +" 008f - 4d 59 e1 cc c5 3a 9f 48-fc 1d 7c 0d a4 MY...:.H..|..\n" +" 009c - 79 96 e7 2b 39 15 f9 3a-6a 5e 7c 4e c9 y..+9..:j^|N.\n" +" 00a9 - 3b af eb 3b cf 8d 6a 57-e6 c5 ba bd a6 ;..;..jW.....\n" +" 00b6 - a0 6b 03 d5 a3 9f 99 2a-ea 88 72 1b 66 .k.....*..r.f\n" +" 00c3 - 6c 5e 1d 49 d5 1e 1e cc-1a b1 d8 f7 91 l^.I.........\n" +" 00d0 - 1e 1e cc 1a ....\n" +" 00f6 - \n", + }, + { + .indent = 25, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00-00 00 00 tE. .......\n" +" 000b - 00 00 00 00 00 36 d8 61-48 68 3c .....6.aHh<\n" +" 0016 - c0 68 aa 15 57 77 e3 ec-b4 98 c6 .h..Ww.....\n" +" 0021 - 08 fc 59 b3 4f 45 cf 4b-c2 ae 98 ..Y.OE.K...\n" +" 002c - b5 eb e0 b5 c1 68 ba cf-7c f7 7b .....h..|.{\n" +" 0037 - 38 43 2f b9 0e 23 02 b9-4f 8c 26 8C/..#..O.&\n" +" 0042 - eb ef 70 98 82 a7 b9 78-c5 08 96 ..p....x...\n" +" 004d - 99 b3 84 a3 4f fb d7 38-a9 d9 d4 ....O..8...\n" +" 0058 - 53 0f 4f 64 97 df cf f3-4f c8 d2 S.Od....O..\n" +" 0063 - 56 3f 0d 72 d4 55 98 89-b0 45 26 V?.r.U...E&\n" +" 006e - 3f 7a bd 9d 96 15 a2 10-14 85 aa ?z.........\n" +" 0079 - a1 7c 84 fb c4 a5 7b c6-e3 ad 85 .|....{....\n" +" 0084 - 57 96 bb 81 18 0c ed 2f-f7 6a 4c W....../.jL\n" +" 008f - 4d 59 e1 cc c5 3a 9f 48-fc 1d 7c MY...:.H..|\n" +" 009a - 0d a4 79 96 e7 2b 39 15-f9 3a 6a ..y..+9..:j\n" +" 00a5 - 5e 7c 4e c9 3b af eb 3b-cf 8d 6a ^|N.;..;..j\n" +" 00b0 - 57 e6 c5 ba bd a6 a0 6b-03 d5 a3 W......k...\n" +" 00bb - 9f 99 2a ea 88 72 1b 66-6c 5e 1d ..*..r.fl^.\n" +" 00c6 - 49 d5 1e 1e cc 1a b1 d8-f7 91 1e I..........\n" +" 00d1 - 1e cc 1a ...\n" +" 00f6 - \n", + }, + { + .indent = 32, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00-00 tE. .....\n" +" 0009 - 00 00 00 00 00 00 00 36-d8 .......6.\n" +" 0012 - 61 48 68 3c c0 68 aa 15-57 aHh<.h..W\n" +" 001b - 77 e3 ec b4 98 c6 08 fc-59 w.......Y\n" +" 0024 - b3 4f 45 cf 4b c2 ae 98-b5 .OE.K....\n" +" 002d - eb e0 b5 c1 68 ba cf 7c-f7 ....h..|.\n" +" 0036 - 7b 38 43 2f b9 0e 23 02-b9 {8C/..#..\n" +" 003f - 4f 8c 26 eb ef 70 98 82-a7 O.&..p...\n" +" 0048 - b9 78 c5 08 96 99 b3 84-a3 .x.......\n" +" 0051 - 4f fb d7 38 a9 d9 d4 53-0f O..8...S.\n" +" 005a - 4f 64 97 df cf f3 4f c8-d2 Od....O..\n" +" 0063 - 56 3f 0d 72 d4 55 98 89-b0 V?.r.U...\n" +" 006c - 45 26 3f 7a bd 9d 96 15-a2 E&?z.....\n" +" 0075 - 10 14 85 aa a1 7c 84 fb-c4 .....|...\n" +" 007e - a5 7b c6 e3 ad 85 57 96-bb .{....W..\n" +" 0087 - 81 18 0c ed 2f f7 6a 4c-4d ..../.jLM\n" +" 0090 - 59 e1 cc c5 3a 9f 48 fc-1d Y...:.H..\n" +" 0099 - 7c 0d a4 79 96 e7 2b 39-15 |..y..+9.\n" +" 00a2 - f9 3a 6a 5e 7c 4e c9 3b-af .:j^|N.;.\n" +" 00ab - eb 3b cf 8d 6a 57 e6 c5-ba .;..jW...\n" +" 00b4 - bd a6 a0 6b 03 d5 a3 9f-99 ...k.....\n" +" 00bd - 2a ea 88 72 1b 66 6c 5e-1d *..r.fl^.\n" +" 00c6 - 49 d5 1e 1e cc 1a b1 d8-f7 I........\n" +" 00cf - 91 1e 1e cc 1a .....\n" +" 00f6 - \n", + }, + { + .indent = 35, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 00- tE. ....\n" +" 0008 - 00 00 00 00 00 00 00 00- ........\n" +" 0010 - 36 d8 61 48 68 3c c0 68- 6.aHh<.h\n" +" 0018 - aa 15 57 77 e3 ec b4 98- ..Ww....\n" +" 0020 - c6 08 fc 59 b3 4f 45 cf- ...Y.OE.\n" +" 0028 - 4b c2 ae 98 b5 eb e0 b5- K.......\n" +" 0030 - c1 68 ba cf 7c f7 7b 38- .h..|.{8\n" +" 0038 - 43 2f b9 0e 23 02 b9 4f- C/..#..O\n" +" 0040 - 8c 26 eb ef 70 98 82 a7- .&..p...\n" +" 0048 - b9 78 c5 08 96 99 b3 84- .x......\n" +" 0050 - a3 4f fb d7 38 a9 d9 d4- .O..8...\n" +" 0058 - 53 0f 4f 64 97 df cf f3- S.Od....\n" +" 0060 - 4f c8 d2 56 3f 0d 72 d4- O..V?.r.\n" +" 0068 - 55 98 89 b0 45 26 3f 7a- U...E&?z\n" +" 0070 - bd 9d 96 15 a2 10 14 85- ........\n" +" 0078 - aa a1 7c 84 fb c4 a5 7b- ..|....{\n" +" 0080 - c6 e3 ad 85 57 96 bb 81- ....W...\n" +" 0088 - 18 0c ed 2f f7 6a 4c 4d- .../.jLM\n" +" 0090 - 59 e1 cc c5 3a 9f 48 fc- Y...:.H.\n" +" 0098 - 1d 7c 0d a4 79 96 e7 2b- .|..y..+\n" +" 00a0 - 39 15 f9 3a 6a 5e 7c 4e- 9..:j^|N\n" +" 00a8 - c9 3b af eb 3b cf 8d 6a- .;..;..j\n" +" 00b0 - 57 e6 c5 ba bd a6 a0 6b- W......k\n" +" 00b8 - 03 d5 a3 9f 99 2a ea 88- .....*..\n" +" 00c0 - 72 1b 66 6c 5e 1d 49 d5- r.fl^.I.\n" +" 00c8 - 1e 1e cc 1a b1 d8 f7 91- ........\n" +" 00d0 - 1e 1e cc 1a ....\n" +" 00f6 - \n", + }, + { + .indent = 39, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 00 tE. ...\n" +" 0007 - 00 00 00 00 00 00 00 .......\n" +" 000e - 00 00 36 d8 61 48 68 ..6.aHh\n" +" 0015 - 3c c0 68 aa 15 57 77 <.h..Ww\n" +" 001c - e3 ec b4 98 c6 08 fc .......\n" +" 0023 - 59 b3 4f 45 cf 4b c2 Y.OE.K.\n" +" 002a - ae 98 b5 eb e0 b5 c1 .......\n" +" 0031 - 68 ba cf 7c f7 7b 38 h..|.{8\n" +" 0038 - 43 2f b9 0e 23 02 b9 C/..#..\n" +" 003f - 4f 8c 26 eb ef 70 98 O.&..p.\n" +" 0046 - 82 a7 b9 78 c5 08 96 ...x...\n" +" 004d - 99 b3 84 a3 4f fb d7 ....O..\n" +" 0054 - 38 a9 d9 d4 53 0f 4f 8...S.O\n" +" 005b - 64 97 df cf f3 4f c8 d....O.\n" +" 0062 - d2 56 3f 0d 72 d4 55 .V?.r.U\n" +" 0069 - 98 89 b0 45 26 3f 7a ...E&?z\n" +" 0070 - bd 9d 96 15 a2 10 14 .......\n" +" 0077 - 85 aa a1 7c 84 fb c4 ...|...\n" +" 007e - a5 7b c6 e3 ad 85 57 .{....W\n" +" 0085 - 96 bb 81 18 0c ed 2f ....../\n" +" 008c - f7 6a 4c 4d 59 e1 cc .jLMY..\n" +" 0093 - c5 3a 9f 48 fc 1d 7c .:.H..|\n" +" 009a - 0d a4 79 96 e7 2b 39 ..y..+9\n" +" 00a1 - 15 f9 3a 6a 5e 7c 4e ..:j^|N\n" +" 00a8 - c9 3b af eb 3b cf 8d .;..;..\n" +" 00af - 6a 57 e6 c5 ba bd a6 jW.....\n" +" 00b6 - a0 6b 03 d5 a3 9f 99 .k.....\n" +" 00bd - 2a ea 88 72 1b 66 6c *..r.fl\n" +" 00c4 - 5e 1d 49 d5 1e 1e cc ^.I....\n" +" 00cb - 1a b1 d8 f7 91 1e 1e .......\n" +" 00d2 - cc 1a ..\n" +" 00f6 - \n", + }, + { + .indent = 46, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 00 00 tE. ..\n" +" 0006 - 00 00 00 00 00 00 ......\n" +" 000c - 00 00 00 00 36 d8 ....6.\n" +" 0012 - 61 48 68 3c c0 68 aHh<.h\n" +" 0018 - aa 15 57 77 e3 ec ..Ww..\n" +" 001e - b4 98 c6 08 fc 59 .....Y\n" +" 0024 - b3 4f 45 cf 4b c2 .OE.K.\n" +" 002a - ae 98 b5 eb e0 b5 ......\n" +" 0030 - c1 68 ba cf 7c f7 .h..|.\n" +" 0036 - 7b 38 43 2f b9 0e {8C/..\n" +" 003c - 23 02 b9 4f 8c 26 #..O.&\n" +" 0042 - eb ef 70 98 82 a7 ..p...\n" +" 0048 - b9 78 c5 08 96 99 .x....\n" +" 004e - b3 84 a3 4f fb d7 ...O..\n" +" 0054 - 38 a9 d9 d4 53 0f 8...S.\n" +" 005a - 4f 64 97 df cf f3 Od....\n" +" 0060 - 4f c8 d2 56 3f 0d O..V?.\n" +" 0066 - 72 d4 55 98 89 b0 r.U...\n" +" 006c - 45 26 3f 7a bd 9d E&?z..\n" +" 0072 - 96 15 a2 10 14 85 ......\n" +" 0078 - aa a1 7c 84 fb c4 ..|...\n" +" 007e - a5 7b c6 e3 ad 85 .{....\n" +" 0084 - 57 96 bb 81 18 0c W.....\n" +" 008a - ed 2f f7 6a 4c 4d ./.jLM\n" +" 0090 - 59 e1 cc c5 3a 9f Y...:.\n" +" 0096 - 48 fc 1d 7c 0d a4 H..|..\n" +" 009c - 79 96 e7 2b 39 15 y..+9.\n" +" 00a2 - f9 3a 6a 5e 7c 4e .:j^|N\n" +" 00a8 - c9 3b af eb 3b cf .;..;.\n" +" 00ae - 8d 6a 57 e6 c5 ba .jW...\n" +" 00b4 - bd a6 a0 6b 03 d5 ...k..\n" +" 00ba - a3 9f 99 2a ea 88 ...*..\n" +" 00c0 - 72 1b 66 6c 5e 1d r.fl^.\n" +" 00c6 - 49 d5 1e 1e cc 1a I.....\n" +" 00cc - b1 d8 f7 91 1e 1e ......\n" +" 00d2 - cc 1a ..\n" +" 00f6 - \n", + }, + { + .indent = 53, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 c6 20 tE. \n" +" 0004 - 00 00 00 00 ....\n" +" 0008 - 00 00 00 00 ....\n" +" 000c - 00 00 00 00 ....\n" +" 0010 - 36 d8 61 48 6.aH\n" +" 0014 - 68 3c c0 68 h<.h\n" +" 0018 - aa 15 57 77 ..Ww\n" +" 001c - e3 ec b4 98 ....\n" +" 0020 - c6 08 fc 59 ...Y\n" +" 0024 - b3 4f 45 cf .OE.\n" +" 0028 - 4b c2 ae 98 K...\n" +" 002c - b5 eb e0 b5 ....\n" +" 0030 - c1 68 ba cf .h..\n" +" 0034 - 7c f7 7b 38 |.{8\n" +" 0038 - 43 2f b9 0e C/..\n" +" 003c - 23 02 b9 4f #..O\n" +" 0040 - 8c 26 eb ef .&..\n" +" 0044 - 70 98 82 a7 p...\n" +" 0048 - b9 78 c5 08 .x..\n" +" 004c - 96 99 b3 84 ....\n" +" 0050 - a3 4f fb d7 .O..\n" +" 0054 - 38 a9 d9 d4 8...\n" +" 0058 - 53 0f 4f 64 S.Od\n" +" 005c - 97 df cf f3 ....\n" +" 0060 - 4f c8 d2 56 O..V\n" +" 0064 - 3f 0d 72 d4 ?.r.\n" +" 0068 - 55 98 89 b0 U...\n" +" 006c - 45 26 3f 7a E&?z\n" +" 0070 - bd 9d 96 15 ....\n" +" 0074 - a2 10 14 85 ....\n" +" 0078 - aa a1 7c 84 ..|.\n" +" 007c - fb c4 a5 7b ...{\n" +" 0080 - c6 e3 ad 85 ....\n" +" 0084 - 57 96 bb 81 W...\n" +" 0088 - 18 0c ed 2f .../\n" +" 008c - f7 6a 4c 4d .jLM\n" +" 0090 - 59 e1 cc c5 Y...\n" +" 0094 - 3a 9f 48 fc :.H.\n" +" 0098 - 1d 7c 0d a4 .|..\n" +" 009c - 79 96 e7 2b y..+\n" +" 00a0 - 39 15 f9 3a 9..:\n" +" 00a4 - 6a 5e 7c 4e j^|N\n" +" 00a8 - c9 3b af eb .;..\n" +" 00ac - 3b cf 8d 6a ;..j\n" +" 00b0 - 57 e6 c5 ba W...\n" +" 00b4 - bd a6 a0 6b ...k\n" +" 00b8 - 03 d5 a3 9f ....\n" +" 00bc - 99 2a ea 88 .*..\n" +" 00c0 - 72 1b 66 6c r.fl\n" +" 00c4 - 5e 1d 49 d5 ^.I.\n" +" 00c8 - 1e 1e cc 1a ....\n" +" 00cc - b1 d8 f7 91 ....\n" +" 00d0 - 1e 1e cc 1a ....\n" +" 00f6 - \n", + }, + { + .indent = 60, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 45 tE\n" +" 0002 - c6 20 . \n" +" 0004 - 00 00 ..\n" +" 0006 - 00 00 ..\n" +" 0008 - 00 00 ..\n" +" 000a - 00 00 ..\n" +" 000c - 00 00 ..\n" +" 000e - 00 00 ..\n" +" 0010 - 36 d8 6.\n" +" 0012 - 61 48 aH\n" +" 0014 - 68 3c h<\n" +" 0016 - c0 68 .h\n" +" 0018 - aa 15 ..\n" +" 001a - 57 77 Ww\n" +" 001c - e3 ec ..\n" +" 001e - b4 98 ..\n" +" 0020 - c6 08 ..\n" +" 0022 - fc 59 .Y\n" +" 0024 - b3 4f .O\n" +" 0026 - 45 cf E.\n" +" 0028 - 4b c2 K.\n" +" 002a - ae 98 ..\n" +" 002c - b5 eb ..\n" +" 002e - e0 b5 ..\n" +" 0030 - c1 68 .h\n" +" 0032 - ba cf ..\n" +" 0034 - 7c f7 |.\n" +" 0036 - 7b 38 {8\n" +" 0038 - 43 2f C/\n" +" 003a - b9 0e ..\n" +" 003c - 23 02 #.\n" +" 003e - b9 4f .O\n" +" 0040 - 8c 26 .&\n" +" 0042 - eb ef ..\n" +" 0044 - 70 98 p.\n" +" 0046 - 82 a7 ..\n" +" 0048 - b9 78 .x\n" +" 004a - c5 08 ..\n" +" 004c - 96 99 ..\n" +" 004e - b3 84 ..\n" +" 0050 - a3 4f .O\n" +" 0052 - fb d7 ..\n" +" 0054 - 38 a9 8.\n" +" 0056 - d9 d4 ..\n" +" 0058 - 53 0f S.\n" +" 005a - 4f 64 Od\n" +" 005c - 97 df ..\n" +" 005e - cf f3 ..\n" +" 0060 - 4f c8 O.\n" +" 0062 - d2 56 .V\n" +" 0064 - 3f 0d ?.\n" +" 0066 - 72 d4 r.\n" +" 0068 - 55 98 U.\n" +" 006a - 89 b0 ..\n" +" 006c - 45 26 E&\n" +" 006e - 3f 7a ?z\n" +" 0070 - bd 9d ..\n" +" 0072 - 96 15 ..\n" +" 0074 - a2 10 ..\n" +" 0076 - 14 85 ..\n" +" 0078 - aa a1 ..\n" +" 007a - 7c 84 |.\n" +" 007c - fb c4 ..\n" +" 007e - a5 7b .{\n" +" 0080 - c6 e3 ..\n" +" 0082 - ad 85 ..\n" +" 0084 - 57 96 W.\n" +" 0086 - bb 81 ..\n" +" 0088 - 18 0c ..\n" +" 008a - ed 2f ./\n" +" 008c - f7 6a .j\n" +" 008e - 4c 4d LM\n" +" 0090 - 59 e1 Y.\n" +" 0092 - cc c5 ..\n" +" 0094 - 3a 9f :.\n" +" 0096 - 48 fc H.\n" +" 0098 - 1d 7c .|\n" +" 009a - 0d a4 ..\n" +" 009c - 79 96 y.\n" +" 009e - e7 2b .+\n" +" 00a0 - 39 15 9.\n" +" 00a2 - f9 3a .:\n" +" 00a4 - 6a 5e j^\n" +" 00a6 - 7c 4e |N\n" +" 00a8 - c9 3b .;\n" +" 00aa - af eb ..\n" +" 00ac - 3b cf ;.\n" +" 00ae - 8d 6a .j\n" +" 00b0 - 57 e6 W.\n" +" 00b2 - c5 ba ..\n" +" 00b4 - bd a6 ..\n" +" 00b6 - a0 6b .k\n" +" 00b8 - 03 d5 ..\n" +" 00ba - a3 9f ..\n" +" 00bc - 99 2a .*\n" +" 00be - ea 88 ..\n" +" 00c0 - 72 1b r.\n" +" 00c2 - 66 6c fl\n" +" 00c4 - 5e 1d ^.\n" +" 00c6 - 49 d5 I.\n" +" 00c8 - 1e 1e ..\n" +" 00ca - cc 1a ..\n" +" 00cc - b1 d8 ..\n" +" 00ce - f7 91 ..\n" +" 00d0 - 1e 1e ..\n" +" 00d2 - cc 1a ..\n" +" 00f6 - \n", + }, + { + .indent = 67, + .input = dump, + .inlen = DUMP_LEN, + .output = +" 0000 - 74 t\n" +" 0001 - 45 E\n" +" 0002 - c6 .\n" +" 0003 - 20 \n" +" 0004 - 00 .\n" +" 0005 - 00 .\n" +" 0006 - 00 .\n" +" 0007 - 00 .\n" +" 0008 - 00 .\n" +" 0009 - 00 .\n" +" 000a - 00 .\n" +" 000b - 00 .\n" +" 000c - 00 .\n" +" 000d - 00 .\n" +" 000e - 00 .\n" +" 000f - 00 .\n" +" 0010 - 36 6\n" +" 0011 - d8 .\n" +" 0012 - 61 a\n" +" 0013 - 48 H\n" +" 0014 - 68 h\n" +" 0015 - 3c <\n" +" 0016 - c0 .\n" +" 0017 - 68 h\n" +" 0018 - aa .\n" +" 0019 - 15 .\n" +" 001a - 57 W\n" +" 001b - 77 w\n" +" 001c - e3 .\n" +" 001d - ec .\n" +" 001e - b4 .\n" +" 001f - 98 .\n" +" 0020 - c6 .\n" +" 0021 - 08 .\n" +" 0022 - fc .\n" +" 0023 - 59 Y\n" +" 0024 - b3 .\n" +" 0025 - 4f O\n" +" 0026 - 45 E\n" +" 0027 - cf .\n" +" 0028 - 4b K\n" +" 0029 - c2 .\n" +" 002a - ae .\n" +" 002b - 98 .\n" +" 002c - b5 .\n" +" 002d - eb .\n" +" 002e - e0 .\n" +" 002f - b5 .\n" +" 0030 - c1 .\n" +" 0031 - 68 h\n" +" 0032 - ba .\n" +" 0033 - cf .\n" +" 0034 - 7c |\n" +" 0035 - f7 .\n" +" 0036 - 7b {\n" +" 0037 - 38 8\n" +" 0038 - 43 C\n" +" 0039 - 2f /\n" +" 003a - b9 .\n" +" 003b - 0e .\n" +" 003c - 23 #\n" +" 003d - 02 .\n" +" 003e - b9 .\n" +" 003f - 4f O\n" +" 0040 - 8c .\n" +" 0041 - 26 &\n" +" 0042 - eb .\n" +" 0043 - ef .\n" +" 0044 - 70 p\n" +" 0045 - 98 .\n" +" 0046 - 82 .\n" +" 0047 - a7 .\n" +" 0048 - b9 .\n" +" 0049 - 78 x\n" +" 004a - c5 .\n" +" 004b - 08 .\n" +" 004c - 96 .\n" +" 004d - 99 .\n" +" 004e - b3 .\n" +" 004f - 84 .\n" +" 0050 - a3 .\n" +" 0051 - 4f O\n" +" 0052 - fb .\n" +" 0053 - d7 .\n" +" 0054 - 38 8\n" +" 0055 - a9 .\n" +" 0056 - d9 .\n" +" 0057 - d4 .\n" +" 0058 - 53 S\n" +" 0059 - 0f .\n" +" 005a - 4f O\n" +" 005b - 64 d\n" +" 005c - 97 .\n" +" 005d - df .\n" +" 005e - cf .\n" +" 005f - f3 .\n" +" 0060 - 4f O\n" +" 0061 - c8 .\n" +" 0062 - d2 .\n" +" 0063 - 56 V\n" +" 0064 - 3f ?\n" +" 0065 - 0d .\n" +" 0066 - 72 r\n" +" 0067 - d4 .\n" +" 0068 - 55 U\n" +" 0069 - 98 .\n" +" 006a - 89 .\n" +" 006b - b0 .\n" +" 006c - 45 E\n" +" 006d - 26 &\n" +" 006e - 3f ?\n" +" 006f - 7a z\n" +" 0070 - bd .\n" +" 0071 - 9d .\n" +" 0072 - 96 .\n" +" 0073 - 15 .\n" +" 0074 - a2 .\n" +" 0075 - 10 .\n" +" 0076 - 14 .\n" +" 0077 - 85 .\n" +" 0078 - aa .\n" +" 0079 - a1 .\n" +" 007a - 7c |\n" +" 007b - 84 .\n" +" 007c - fb .\n" +" 007d - c4 .\n" +" 007e - a5 .\n" +" 007f - 7b {\n" +" 0080 - c6 .\n" +" 0081 - e3 .\n" +" 0082 - ad .\n" +" 0083 - 85 .\n" +" 0084 - 57 W\n" +" 0085 - 96 .\n" +" 0086 - bb .\n" +" 0087 - 81 .\n" +" 0088 - 18 .\n" +" 0089 - 0c .\n" +" 008a - ed .\n" +" 008b - 2f /\n" +" 008c - f7 .\n" +" 008d - 6a j\n" +" 008e - 4c L\n" +" 008f - 4d M\n" +" 0090 - 59 Y\n" +" 0091 - e1 .\n" +" 0092 - cc .\n" +" 0093 - c5 .\n" +" 0094 - 3a :\n" +" 0095 - 9f .\n" +" 0096 - 48 H\n" +" 0097 - fc .\n" +" 0098 - 1d .\n" +" 0099 - 7c |\n" +" 009a - 0d .\n" +" 009b - a4 .\n" +" 009c - 79 y\n" +" 009d - 96 .\n" +" 009e - e7 .\n" +" 009f - 2b +\n" +" 00a0 - 39 9\n" +" 00a1 - 15 .\n" +" 00a2 - f9 .\n" +" 00a3 - 3a :\n" +" 00a4 - 6a j\n" +" 00a5 - 5e ^\n" +" 00a6 - 7c |\n" +" 00a7 - 4e N\n" +" 00a8 - c9 .\n" +" 00a9 - 3b ;\n" +" 00aa - af .\n" +" 00ab - eb .\n" +" 00ac - 3b ;\n" +" 00ad - cf .\n" +" 00ae - 8d .\n" +" 00af - 6a j\n" +" 00b0 - 57 W\n" +" 00b1 - e6 .\n" +" 00b2 - c5 .\n" +" 00b3 - ba .\n" +" 00b4 - bd .\n" +" 00b5 - a6 .\n" +" 00b6 - a0 .\n" +" 00b7 - 6b k\n" +" 00b8 - 03 .\n" +" 00b9 - d5 .\n" +" 00ba - a3 .\n" +" 00bb - 9f .\n" +" 00bc - 99 .\n" +" 00bd - 2a *\n" +" 00be - ea .\n" +" 00bf - 88 .\n" +" 00c0 - 72 r\n" +" 00c1 - 1b .\n" +" 00c2 - 66 f\n" +" 00c3 - 6c l\n" +" 00c4 - 5e ^\n" +" 00c5 - 1d .\n" +" 00c6 - 49 I\n" +" 00c7 - d5 .\n" +" 00c8 - 1e .\n" +" 00c9 - 1e .\n" +" 00ca - cc .\n" +" 00cb - 1a .\n" +" 00cc - b1 .\n" +" 00cd - d8 .\n" +" 00ce - f7 .\n" +" 00cf - 91 .\n" +" 00d0 - 1e .\n" +" 00d1 - 1e .\n" +" 00d2 - cc .\n" +" 00d3 - 1a .\n" +" 00f6 - \n", + }, + { + .indent = 4, + .input = bytes, + .inlen = BYTES_LEN, + .output = +" 0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n" +" 0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n" +" 0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n" +" 0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n" +" 0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n" +" 0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n" +" 0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n" +" 0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n" +" 0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n" +" 0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n" +" 00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n" +" 00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n" +" 00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n" +" 00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n" +" 00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n" +" 00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n", + }, +}; + +#define N_TESTS (sizeof(bio_dump_testcases) / sizeof(bio_dump_testcases[0])) + +static int +bio_dump_test(const struct bio_dump_testcase *tc) +{ + BIO *bio; + char *got; + long got_len; + int ret; + int failed = 1; + + if ((bio = BIO_new(BIO_s_mem())) == NULL) + errx(1, "BIO_new"); + + if ((ret = BIO_dump_indent(bio, tc->input, tc->inlen, tc->indent)) == -1) + errx(1, "BIO_dump_indent"); + if ((got_len = BIO_get_mem_data(bio, &got)) < 0) + errx(1, "BIO_get_mem_data"); + if (ret != got_len || strlen(tc->output) != (size_t)ret) { + fprintf(stderr, "indent %d: ret %d, got_len %ld, strlen %zu\n", + tc->indent, ret, got_len, strlen(tc->output)); + goto err; + } + if (strncmp(tc->output, got, got_len) != 0) { + fprintf(stderr, "%d: mismatch\n", tc->indent); + goto err; + } + + failed = 0; + + err: + BIO_free(bio); + + return failed; +} + +int +main(void) +{ + size_t i; + int failed = 0; + + for (i = 0; i < N_TESTS; i++) + failed |= bio_dump_test(&bio_dump_testcases[i]); + + return failed; +} diff --git a/tests/bn_mod_exp.c b/tests/bn_mod_exp.c index 14e18839..98b6a5d2 100644 --- a/tests/bn_mod_exp.c +++ b/tests/bn_mod_exp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_mod_exp.c,v 1.38 2023/05/09 05:39:24 tb Exp $ */ +/* $OpenBSD: bn_mod_exp.c,v 1.40 2023/10/19 13:38:12 tb Exp $ */ /* * Copyright (c) 2022,2023 Theo Buehler @@ -561,6 +561,154 @@ test_bn_mod_exp2_mont_crash(void) return failed; } +const struct aliasing_test_case { + BN_ULONG a; + BN_ULONG p; + BN_ULONG m; +} aliasing_test_cases[] = { + { + .a = 1031, + .p = 1033, + .m = 1039, + }, + { + .a = 3, + .p = 4, + .m = 5, + }, + { + .a = 97, + .p = 17, + .m = 11, + }, + { + .a = 999961, + .p = 999979, + .m = 999983, + }, +}; + +#define N_ALIASING_TEST_CASES \ + (sizeof(aliasing_test_cases) / sizeof(aliasing_test_cases[0])) + +static void +test_bn_mod_exp_aliasing_setup(BIGNUM *want, BIGNUM *a, BIGNUM *p, BIGNUM *m, + BN_CTX *ctx, const struct aliasing_test_case *tc) +{ + if (!BN_set_word(a, tc->a)) + errx(1, "BN_set_word"); + if (!BN_set_word(p, tc->p)) + errx(1, "BN_set_word"); + if (!BN_set_word(m, tc->m)) + errx(1, "BN_set_word"); + + if (!BN_mod_exp_simple(want, a, p, m, ctx)) + errx(1, "BN_mod_exp"); +} + +static int +test_mod_exp_aliased(const char *alias, int want_ret, BIGNUM *got, + const BIGNUM *want, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, const struct mod_exp_test *test) +{ + int mod_exp_ret; + int ret = 0; + + BN_CTX_start(ctx); + + if (test->mod_exp_fn != NULL) + mod_exp_ret = test->mod_exp_fn(got, a, p, m, ctx); + else + mod_exp_ret = test->mod_exp_mont_fn(got, a, p, m, ctx, NULL); + + if (mod_exp_ret != want_ret) { + warnx("%s() %s aliased with result failed", test->name, alias); + goto err; + } + + if (!mod_exp_ret) + goto done; + + if (BN_cmp(want, got) != 0) { + dump_results(a, p, NULL, NULL, m, want, got, test->name); + goto err; + } + + done: + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} + +static int +test_bn_mod_exp_aliasing_test(const struct mod_exp_test *test, + BIGNUM *a, BIGNUM *p, BIGNUM *m, BIGNUM *want, BIGNUM *got, BN_CTX *ctx) +{ + int modulus_alias_works = test->mod_exp_fn != BN_mod_exp_simple; + size_t i; + int failed = 0; + + for (i = 0; i < N_ALIASING_TEST_CASES; i++) { + const struct aliasing_test_case *tc = &aliasing_test_cases[i]; + + test_bn_mod_exp_aliasing_setup(want, a, p, m, ctx, tc); + if (!test_mod_exp_aliased("nothing", 1, got, want, a, p, m, ctx, + test)) + failed |= 1; + test_bn_mod_exp_aliasing_setup(want, a, p, m, ctx, tc); + if (!test_mod_exp_aliased("a", 1, a, want, a, p, m, ctx, test)) + failed |= 1; + test_bn_mod_exp_aliasing_setup(want, a, p, m, ctx, tc); + if (!test_mod_exp_aliased("p", 1, p, want, a, p, m, ctx, test)) + failed |= 1; + test_bn_mod_exp_aliasing_setup(want, a, p, m, ctx, tc); + if (!test_mod_exp_aliased("m", modulus_alias_works, m, want, + a, p, m, ctx, test)) + failed |= 1; + } + + return failed; +} + +static int +test_bn_mod_exp_aliasing(void) +{ + BN_CTX *ctx; + BIGNUM *a, *p, *m, *want, *got; + size_t i; + int failed = 0; + + if ((ctx = BN_CTX_new()) == NULL) + errx(1, "BN_CTX_new"); + + BN_CTX_start(ctx); + + if ((a = BN_CTX_get(ctx)) == NULL) + errx(1, "a = BN_CTX_get()"); + if ((p = BN_CTX_get(ctx)) == NULL) + errx(1, "p = BN_CTX_get()"); + if ((m = BN_CTX_get(ctx)) == NULL) + errx(1, "m = BN_CTX_get()"); + if ((want = BN_CTX_get(ctx)) == NULL) + errx(1, "want = BN_CTX_get()"); + if ((got = BN_CTX_get(ctx)) == NULL) + errx(1, "got = BN_CTX_get()"); + + for (i = 0; i < N_MOD_EXP_FN; i++) { + const struct mod_exp_test *test = &mod_exp_fn[i]; + failed |= test_bn_mod_exp_aliasing_test(test, a, p, m, + want, got, ctx); + } + + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return failed; +} + int main(void) { @@ -570,6 +718,7 @@ main(void) failed |= test_bn_mod_exp(); failed |= test_bn_mod_exp2(); failed |= test_bn_mod_exp2_mont_crash(); + failed |= test_bn_mod_exp_aliasing(); return failed; } diff --git a/tests/ca.pem b/tests/ca.pem deleted file mode 100644 index 07f9b3fd..00000000 --- a/tests/ca.pem +++ /dev/null @@ -1,45 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgIJAJz/hGfwYXLrMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MjExNDQ1MTFaMGgxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs -vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H -q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG -juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu -R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r -77WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA -AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA -FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCPfqm4KbYtXEB8aP1RdUH2BkPSjyau -WQLMGfKNF/zkUQue0REgdJ4wVR06NTTlOCsfHC6b68vgz2QFC1mM8ZANgDiyr4M1 -6gjvP0eZQVxokJ3EMzjDMFRHIiFrZZAFr7aGq8dxoruuehovqyehuJRakAe0oNUb -4ZTKrGuTKh9Mwti9721XNFByjeTFL2dlH6ulz7qyfI+lrTi+pNsUchuVYE8a1TP3 -OEiG6whsyPU1YoTlemC1mvW0ixtj8Tcem0KyotCUyOmJlwyWj0bA43sCI6z/OVqJ -tVvwgfqrOeVNk9nN2JslCsttnwstwqUfDoEXFoScej2CT0QezFGPTN21 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIJAPrXr2k7uM/OMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD -QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MDExNDQ1MTFaMHAxCzAJBgNVBAYTAlVL -MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ -VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl -IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG -W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL -IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ -GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2 -ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds -ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr -VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD -VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAAIwwR8jyFN6qYGIRAKi -ahyeHd26hNPC4RiCvjz6dytuvDUqfMTUZcjBy6Ez1Wsfs1/PC8u3IDpOTwZSz72K -ACQzPpmXREWkO5nx8I+W+94yJsbklhsTxDlZj3X2oJCQ7qO4hdIpYESWfMchYra9 -5e55SMBXeGDp+uRILt+6UfOXCGaXaoYqyrzQROJAiGy1x96A/5sU6ZU3KdKN1JLM -XTZ268ihubCMRVScHnpYUjRDoGrhnQM7007ybVfRUGNXDs+ENqjGfyxc5ScR+Un4 -UQtOd4zD2g9wrdXvlDiqxci6W7IOEPVP6qHG2GIh+T2zpO3GOAuZCe5cjLiCDATs -hNw= ------END CERTIFICATE----- diff --git a/tests/cipherstest.c b/tests/cipherstest.c index c43939d4..e1411d68 100644 --- a/tests/cipherstest.c +++ b/tests/cipherstest.c @@ -129,61 +129,6 @@ cipher_find_test(void) return (ret); } -static int -cipher_get_by_value_tests(void) -{ - STACK_OF(SSL_CIPHER) *ciphers; - const SSL_CIPHER *cipher; - SSL_CTX *ssl_ctx = NULL; - SSL *ssl = NULL; - unsigned long id; - uint16_t value; - int ret = 1; - int i; - - if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) { - fprintf(stderr, "SSL_CTX_new() returned NULL\n"); - goto failure; - } - if ((ssl = SSL_new(ssl_ctx)) == NULL) { - fprintf(stderr, "SSL_new() returned NULL\n"); - goto failure; - } - - if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { - fprintf(stderr, "no ciphers\n"); - goto failure; - } - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - cipher = sk_SSL_CIPHER_value(ciphers, i); - - id = SSL_CIPHER_get_id(cipher); - if (SSL_CIPHER_get_by_id(id) == NULL) { - fprintf(stderr, "SSL_CIPHER_get_by_id() failed " - "for %s (0x%lx)\n", SSL_CIPHER_get_name(cipher), - id); - goto failure; - } - - value = SSL_CIPHER_get_value(cipher); - if (SSL_CIPHER_get_by_value(value) == NULL) { - fprintf(stderr, "SSL_CIPHER_get_by_value() failed " - "for %s (0x%04hx)\n", SSL_CIPHER_get_name(cipher), - value); - goto failure; - } - } - - ret = 0; - - failure: - SSL_CTX_free(ssl_ctx); - SSL_free(ssl); - - return (ret); -} - struct parse_ciphersuites_test { const char *str; const int want; @@ -522,7 +467,6 @@ main(int argc, char **argv) failed |= check_cipher_order(); failed |= cipher_find_test(); - failed |= cipher_get_by_value_tests(); failed |= parse_ciphersuites_test(); failed |= cipher_set_test(); diff --git a/tests/client.pem b/tests/client.pem deleted file mode 100644 index ce4bf49c..00000000 --- a/tests/client.pem +++ /dev/null @@ -1,51 +0,0 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA ------BEGIN CERTIFICATE----- -MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMVoXDTI0MDQwMTE0NDUxMVowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY -+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs -lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D -nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2 -x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2 -bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9 -AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG -+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B -AQUFAAOCAQEAJzA4KTjkjXGSC4He63yX9Br0DneGBzjAwc1H6f72uqnCs8m7jgkE -PQJFdTzQUKh97QPUuayZ2gl8XHagg+iWGy60Kw37gQ0+lumCN2sllvifhHU9R03H -bWtS4kue+yQjMbrzf3zWygMDgwvFOUAIgBpH9qGc+CdNu97INTYd0Mvz51vLlxRn -sC5aBYCWaZFnw3lWYxf9eVFRy9U+DkYFqX0LpmbDtcKP7AZGE6ZwSzaim+Cnoz1u -Cgn+QmpFXgJKMFIZ82iSZISn+JkCCGxctZX1lMvai4Wi8Y0HxW9FTFZ6KBNwwE4B -zjbN/ehBkgLlW/DWfi44DvwUHmuU6QP3cw== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f -wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr -agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy -mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr -MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x -HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L -p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT -KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB -1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx -L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl -LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO -Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn -/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai -1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX -1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3 -NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ -zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC -mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7 -5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK -u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+ -HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV -tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn -SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh -kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww -1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw= ------END RSA PRIVATE KEY----- diff --git a/tests/clienttest.c b/tests/clienttest.c index 8fb5a1da..18cf2d0c 100644 --- a/tests/clienttest.c +++ b/tests/clienttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clienttest.c,v 1.42 2023/07/11 17:03:44 tb Exp $ */ +/* $OpenBSD: clienttest.c,v 1.43 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2015 Joel Sing * @@ -36,7 +36,7 @@ #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) -#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 188) +#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 184) #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98) #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) @@ -75,57 +75,54 @@ static const uint8_t cipher_list_dtls12_aes[] = { 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, - 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, - 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, - 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, - 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, - 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, - 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, - 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff + 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, + 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, + 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, + 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, + 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, + 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, + 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t cipher_list_dtls12_chacha[] = { 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, - 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, - 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, - 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, - 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, - 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, - 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, - 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, - 0x00, 0x0a, 0x00, 0xff, + 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, + 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, + 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, + 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, + 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, + 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, + 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_dtls12[] = { 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00, - 0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00, + 0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, - 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, - 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, - 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, - 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, - 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, - 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, - 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, - 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, - 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, - 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, - 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, - 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, - 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, - 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, - 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, - 0x01, 0x02, 0x03, + 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, + 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, + 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, + 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, + 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, + 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, + 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0, + 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, + 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, + 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, + 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, + 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, + 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, + 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, }; static const uint8_t cipher_list_tls10[] = { @@ -186,92 +183,90 @@ static const uint8_t cipher_list_tls12_aes[] = { 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, - 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, - 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, - 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, - 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, - 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, - 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, - 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, + 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, + 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, + 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, + 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, + 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, + 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, + 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, + 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t cipher_list_tls12_chacha[] = { 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, - 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, - 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, - 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, - 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, - 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, - 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, - 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, - 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, + 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, + 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, + 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, + 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, + 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, + 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, + 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, + 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_tls12[] = { - 0x16, 0x03, 0x03, 0x00, 0xbb, 0x01, 0x00, 0x00, - 0xb7, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00, + 0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x5a, 0xc0, 0x30, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, - 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, - 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, - 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, - 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, - 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, - 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, - 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, - 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, - 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, - 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, - 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, - 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, - 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, - 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, - 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, + 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4, + 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, + 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, + 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, + 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, + 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, + 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, + 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, + 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, + 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, + 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, + 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, + 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, + 0x02, 0x01, 0x02, 0x03, }; static const uint8_t cipher_list_tls13_aes[] = { 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, - 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, - 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, - 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, - 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, - 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, - 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, - 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, - 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, + 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4, + 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, + 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, + 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, + 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, + 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, + 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t cipher_list_tls13_chacha[] = { 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, - 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, - 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, - 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, - 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, - 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, - 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, - 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, - 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, - 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, + 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, + 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, + 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, + 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, + 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, + 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, + 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x00, 0xff, }; static const uint8_t client_hello_tls13[] = { - 0x16, 0x03, 0x03, 0x01, 0x14, 0x01, 0x00, 0x01, - 0x10, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01, + 0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -279,33 +274,32 @@ static const uint8_t client_hello_tls13[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x13, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, - 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4, - 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, - 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, - 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, - 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, - 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, - 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, - 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, - 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, - 0x00, 0x67, 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03, - 0x04, 0x03, 0x03, 0x00, 0x33, 0x00, 0x26, 0x00, - 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, + 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88, + 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, + 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, + 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, + 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, + 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, + 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, + 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, + 0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b, + 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00, + 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, - 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, - 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, - 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, - 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, - 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, - 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, - 0x03, + 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, + 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, + 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, + 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, + 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, + 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, + 0x03, 0x02, 0x01, 0x02, 0x03, }; static const uint8_t cipher_list_tls13_only_aes[] = { diff --git a/tests/constraints.c b/tests/constraints.c index 6677b58c..16e135bb 100644 --- a/tests/constraints.c +++ b/tests/constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraints.c,v 1.17 2023/10/01 04:48:39 tb Exp $ */ +/* $OpenBSD: constraints.c,v 1.18 2023/12/13 05:59:50 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -95,7 +95,7 @@ unsigned char *invalid_hostnames[] = { "-p3nbsd.org", "openbs-.org", "openbsd\n.org", - "open\178bsd.org", + "open\177bsd.org", "open\255bsd.org", "*.openbsd.org", NULL, diff --git a/tests/dsatest.c b/tests/dsatest.c index 62343455..3a761961 100644 --- a/tests/dsatest.c +++ b/tests/dsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsatest.c,v 1.9 2023/08/20 22:22:55 tb Exp $ */ +/* $OpenBSD: dsatest.c,v 1.11 2024/02/29 20:04:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -137,12 +137,10 @@ main(int argc, char **argv) if ((dsa = DSA_new()) == NULL) goto end; -#ifdef OPENSSL_NO_ENGINE if (DSA_get0_engine(dsa) != NULL) { BIO_printf(bio_err, "ENGINE was not NULL\n"); goto end; } -#endif if (!DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; @@ -198,7 +196,6 @@ main(int argc, char **argv) CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); bio_err = NULL; diff --git a/tests/ec_point_conversion.c b/tests/ec_point_conversion.c index 001e8a03..0c1b09d2 100644 --- a/tests/ec_point_conversion.c +++ b/tests/ec_point_conversion.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_point_conversion.c,v 1.14 2023/08/01 17:19:49 tb Exp $ */ +/* $OpenBSD: ec_point_conversion.c,v 1.15 2024/01/18 16:49:40 tb Exp $ */ /* * Copyright (c) 2021 Theo Buehler * Copyright (c) 2021 Joel Sing @@ -55,7 +55,6 @@ hexdump(const unsigned char *buf, size_t len) for (i = 1; i <= len; i++) fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); - if (len % 8) fprintf(stderr, "\n"); } diff --git a/tests/ecdsatest.c b/tests/ecdsatest.c index b0b9bd00..ef724c74 100644 --- a/tests/ecdsatest.c +++ b/tests/ecdsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecdsatest.c,v 1.17 2023/05/04 13:50:14 tb Exp $ */ +/* $OpenBSD: ecdsatest.c,v 1.18 2023/11/19 13:11:06 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project. */ @@ -78,9 +78,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include int test_builtin(void); diff --git a/tests/ectest.c b/tests/ectest.c index f0b1028f..e60fde60 100644 --- a/tests/ectest.c +++ b/tests/ectest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ectest.c,v 1.21 2023/07/26 22:46:06 tb Exp $ */ +/* $OpenBSD: ectest.c,v 1.23 2024/02/29 20:04:43 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -75,9 +75,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -769,13 +766,9 @@ main(int argc, char *argv[]) /* test the internal curves */ internal_curve_test(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks_fp(stderr); return 0; } diff --git a/tests/enginetest.c b/tests/enginetest.c deleted file mode 100644 index 9afae391..00000000 --- a/tests/enginetest.c +++ /dev/null @@ -1,253 +0,0 @@ -/* $OpenBSD: enginetest.c,v 1.10 2023/06/19 18:52:29 tb Exp $ */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#ifndef OPENSSL_NO_ENGINE -#include -#include - -static void display_engine_list(void) -{ - ENGINE *h; - int loop; - - h = ENGINE_get_first(); - loop = 0; - printf("listing available engine types\n"); - while (h) { - printf("engine %d, id = \"%s\", name = \"%s\"\n", - loop++, ENGINE_get_id(h), ENGINE_get_name(h)); - h = ENGINE_get_next(h); - } - - printf("end of list\n"); - /* - * ENGINE_get_first() increases the struct_ref counter, so we must call - * ENGINE_free() to decrease it again - */ - ENGINE_free(h); -} - -int main(int argc, char *argv[]) -{ - ENGINE *block[512]; - char *id, *name; - ENGINE *ptr; - int loop; - int to_return = 1; - ENGINE *new_h1 = NULL; - ENGINE *new_h2 = NULL; - ENGINE *new_h3 = NULL; - ENGINE *new_h4 = NULL; - - ERR_load_crypto_strings(); - - memset(block, 0, 512 * sizeof(ENGINE *)); - if (((new_h1 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h1, "test_id0") || - !ENGINE_set_name(new_h1, "First test item") || - ((new_h2 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h2, "test_id1") || - !ENGINE_set_name(new_h2, "Second test item") || - ((new_h3 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h3, "test_id2") || - !ENGINE_set_name(new_h3, "Third test item") || - ((new_h4 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h4, "test_id3") || - !ENGINE_set_name(new_h4, "Fourth test item")) { - printf("Couldn't set up test ENGINE structures\n"); - goto end; - } - - printf("\nenginetest beginning\n\n"); - display_engine_list(); - if (!ENGINE_add(new_h1)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - ptr = ENGINE_get_first(); - if (!ENGINE_remove(ptr)) { - printf("Remove failed!\n"); - goto end; - } - ENGINE_free(ptr); - display_engine_list(); - if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_remove(new_h2)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_add(new_h4)) { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if (ENGINE_add(new_h3)) { - printf("Add *should* have failed but didn't!\n"); - goto end; - } else - printf("Add that should fail did.\n"); - ERR_clear_error(); - if (ENGINE_remove(new_h2)) { - printf("Remove *should* have failed but didn't!\n"); - goto end; - } else - printf("Remove that should fail did.\n"); - ERR_clear_error(); - if (!ENGINE_remove(new_h3)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if (!ENGINE_remove(new_h4)) { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - /* - * Depending on whether there's any hardware support compiled - * in, this remove may be destined to fail. - */ - ptr = ENGINE_get_first(); - if (ptr) - if (!ENGINE_remove(ptr)) - printf("Remove failed!i - probably no hardware " - "support present.\n"); - ENGINE_free(ptr); - display_engine_list(); - - if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { - printf("Couldn't add and remove to an empty list!\n"); - goto end; - } else - printf("Successfully added and removed to an empty list!\n"); - - printf("About to beef up the engine-type list\n"); - for (loop = 0; loop < 512; loop++) { - if (asprintf(&id, "id%d", loop) == -1) - goto end; - if (asprintf(&name, "Fake engine type %d", loop) == -1) - goto end; - - if (((block[loop] = ENGINE_new()) == NULL) || - !id || !ENGINE_set_id(block[loop], id) || - !name || !ENGINE_set_name(block[loop], name)) { - printf("Couldn't create block of ENGINE structures.\n"); - goto end; - } - } - - for (loop = 0; loop < 512; loop++) { - if (!ENGINE_add(block[loop])) { - printf("\nAdding stopped at %d, (%s,%s)\n", - loop, ENGINE_get_id(block[loop]), - ENGINE_get_name(block[loop])); - break; - } - printf("."); - fflush(stdout); - } - printf("\nAbout to empty the engine-type list\n"); - while ((ptr = ENGINE_get_first()) != NULL) { - if (!ENGINE_remove(ptr)) { - printf("\nRemove failed!\n"); - goto end; - } - ENGINE_free(ptr); - printf("."); fflush(stdout); - } - for (loop = 0; loop < 512; loop++) { - free((void *)ENGINE_get_id(block[loop])); - free((void *)ENGINE_get_name(block[loop])); - } - printf("\nTests completed happily\n"); - to_return = 0; -end: - if (to_return) - ERR_print_errors_fp(stderr); - ENGINE_free(new_h1); - ENGINE_free(new_h2); - ENGINE_free(new_h3); - ENGINE_free(new_h4); - for (loop = 0; loop < 512; loop++) - ENGINE_free(block[loop]); - ENGINE_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks_fp(stderr); - return to_return; -} -#else -int -main(void) -{ - printf("ENGINE support is disabled\n"); - return 0; -} -#endif diff --git a/tests/evp_pkey_cleanup.c b/tests/evp_pkey_cleanup.c index fd922efb..d4825f68 100644 --- a/tests/evp_pkey_cleanup.c +++ b/tests/evp_pkey_cleanup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pkey_cleanup.c,v 1.3 2022/12/01 13:49:12 tb Exp $ */ +/* $OpenBSD: evp_pkey_cleanup.c,v 1.5 2024/02/29 20:02:00 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler @@ -33,11 +33,11 @@ int pkey_ids[] = { EVP_PKEY_DH, EVP_PKEY_DSA, EVP_PKEY_EC, - EVP_PKEY_GOSTIMIT, - EVP_PKEY_GOSTR01, + EVP_PKEY_ED25519, EVP_PKEY_HMAC, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, + EVP_PKEY_X25519, }; static const size_t N_PKEY_IDS = sizeof(pkey_ids) / sizeof(pkey_ids[0]); diff --git a/tests/evp_test.c b/tests/evp_test.c index eff071fa..81d7c06c 100644 --- a/tests/evp_test.c +++ b/tests/evp_test.c @@ -1,6 +1,7 @@ -/* $OpenBSD: evp_test.c,v 1.7 2023/09/29 06:53:05 tb Exp $ */ +/* $OpenBSD: evp_test.c,v 1.17 2024/02/29 20:02:40 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing + * Copyright (c) 2023 Theo Buehler * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,12 +18,13 @@ #include #include +#include +#include #include +#include #include -#include "evp_local.h" - static int evp_asn1_method_test(void) { @@ -104,38 +106,156 @@ evp_asn1_method_test(void) return failed; } -static int -evp_pkey_method_test(void) +/* EVP_PKEY_asn1_find() by hand. Allows cross-checking and finding duplicates. */ +static const EVP_PKEY_ASN1_METHOD * +evp_pkey_asn1_find(int nid, int skip_id) { - const EVP_PKEY_METHOD *method; - int pkey_id; - int failed = 1; + const EVP_PKEY_ASN1_METHOD *ameth; + int count, i, pkey_id; - if ((method = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL) { - fprintf(stderr, "FAIL: failed to find RSA method\n"); - goto failure; - } - EVP_PKEY_meth_get0_info(&pkey_id, NULL, method); - if (pkey_id != EVP_PKEY_RSA) { - fprintf(stderr, "FAIL: method ID mismatch (%d != %d)\n", - pkey_id, EVP_PKEY_RSA); - goto failure; + count = EVP_PKEY_asn1_get_count(); + for (i = 0; i < count; i++) { + if (i == skip_id) + continue; + if ((ameth = EVP_PKEY_asn1_get0(i)) == NULL) + return NULL; + if (!EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, + NULL, NULL, ameth)) + return NULL; + if (pkey_id == nid) + return ameth; } - if ((method = EVP_PKEY_meth_find(EVP_PKEY_RSA_PSS)) == NULL) { - fprintf(stderr, "FAIL: failed to find RSA-PSS method\n"); - goto failure; - } - EVP_PKEY_meth_get0_info(&pkey_id, NULL, method); - if (pkey_id != EVP_PKEY_RSA_PSS) { - fprintf(stderr, "FAIL: method ID mismatch (%d != %d)\n", - pkey_id, EVP_PKEY_RSA_PSS); - goto failure; + return NULL; +} + +static int +evp_asn1_method_aliases_test(void) +{ + const EVP_PKEY_ASN1_METHOD *ameth; + int id, base_id, flags; + const char *info, *pem_str; + int count, i; + int failed = 0; + + if ((count = EVP_PKEY_asn1_get_count()) <= 0) { + fprintf(stderr, "FAIL: EVP_PKEY_asn1_get_count(): %d\n", count); + failed |= 1; } + for (i = 0; i < count; i++) { + if ((ameth = EVP_PKEY_asn1_get0(i)) == NULL) { + fprintf(stderr, "FAIL: no ameth for index %d < %d\n", + i, count); + failed |= 1; + continue; + } + if (!EVP_PKEY_asn1_get0_info(&id, &base_id, &flags, + &info, &pem_str, ameth)) { + fprintf(stderr, "FAIL: no info for ameth %d\n", i); + failed |= 1; + continue; + } - failed = 0; + /* + * The following are all true or all false for any ameth: + * 1. ASN1_PKEY_ALIAS is set 2. id != base_id + * 3. info == NULL 4. pem_str == NULL + */ + + if ((flags & ASN1_PKEY_ALIAS) == 0) { + size_t pem_str_len; + + if (id != base_id) { + fprintf(stderr, "FAIL: non-alias with " + "id %d != base_id %d\n", id, base_id); + failed |= 1; + continue; + } + if (info == NULL || strlen(info) == 0) { + fprintf(stderr, "FAIL: missing or empty info %d\n", id); + failed |= 1; + continue; + } + if (pem_str == NULL) { + fprintf(stderr, "FAIL: missing pem_str %d\n", id); + failed |= 1; + continue; + } + if ((pem_str_len = strlen(pem_str)) == 0) { + fprintf(stderr, "FAIL: empty pem_str %d\n", id); + failed |= 1; + continue; + } + + if (evp_pkey_asn1_find(id, i) != NULL) { + fprintf(stderr, "FAIL: duplicate ameth %d\n", id); + failed |= 1; + continue; + } + + if (ameth != EVP_PKEY_asn1_find(NULL, id)) { + fprintf(stderr, "FAIL: EVP_PKEY_asn1_find(%d) " + "returned different ameth\n", id); + failed |= 1; + continue; + } + if (ameth != EVP_PKEY_asn1_find_str(NULL, pem_str, -1)) { + fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s) " + "returned different ameth\n", pem_str); + failed |= 1; + continue; + } + if (ameth != EVP_PKEY_asn1_find_str(NULL, + pem_str, pem_str_len)) { + fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s, %zu) " + "returned different ameth\n", pem_str, pem_str_len); + failed |= 1; + continue; + } + if (EVP_PKEY_asn1_find_str(NULL, pem_str, + pem_str_len - 1) != NULL) { + fprintf(stderr, "FAIL: EVP_PKEY_asn1_find_str(%s, %zu) " + "returned an ameth\n", pem_str, pem_str_len - 1); + failed |= 1; + continue; + } + continue; + } - failure: + if (id == base_id) { + fprintf(stderr, "FAIL: alias with id %d == base_id %d\n", + id, base_id); + failed |= 1; + } + if (info != NULL) { + fprintf(stderr, "FAIL: alias %d with info %s\n", id, info); + failed |= 1; + } + if (pem_str != NULL) { + fprintf(stderr, "FAIL: alias %d with pem_str %s\n", + id, pem_str); + failed |= 1; + } + + /* Check that ameth resolves to a non-alias. */ + if ((ameth = evp_pkey_asn1_find(base_id, -1)) == NULL) { + fprintf(stderr, "FAIL: no ameth with pkey_id %d\n", + base_id); + failed |= 1; + continue; + } + if (!EVP_PKEY_asn1_get0_info(NULL, NULL, &flags, NULL, NULL, ameth)) { + fprintf(stderr, "FAIL: no info for ameth with pkey_id %d\n", + base_id); + failed |= 1; + continue; + } + if ((flags & ASN1_PKEY_ALIAS) != 0) { + fprintf(stderr, "FAIL: ameth with pkey_id %d " + "resolves to another alias\n", base_id); + failed |= 1; + } + } return failed; } @@ -404,14 +524,254 @@ evp_pkey_iv_len_test(void) return failure; } +struct do_all_arg { + const char *previous; + int failure; +}; + +static void +evp_do_all_cb_common(const char *descr, const void *ptr, const char *from, + const char *to, struct do_all_arg *arg) +{ + const char *previous = arg->previous; + + assert(from != NULL); + arg->previous = from; + + if (ptr == NULL && to == NULL) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s %s: method and alias both NULL\n", + descr, from); + } + if (ptr != NULL && to != NULL) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s %s has method and alias \"%s\"\n", + descr, from, to); + } + + if (previous == NULL) + return; + + if (strcmp(previous, from) >= 0) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %ss %s and %s out of order\n", descr, + previous, from); + } +} + +static void +evp_cipher_do_all_cb(const EVP_CIPHER *cipher, const char *from, const char *to, + void *arg) +{ + evp_do_all_cb_common("cipher", cipher, from, to, arg); +} + +static void +evp_md_do_all_cb(const EVP_MD *md, const char *from, const char *to, void *arg) +{ + evp_do_all_cb_common("digest", md, from, to, arg); +} + +static int +evp_do_all_test(void) +{ + struct do_all_arg arg; + int failure = 0; + + memset(&arg, 0, sizeof(arg)); + EVP_CIPHER_do_all(evp_cipher_do_all_cb, &arg); + failure |= arg.failure; + + memset(&arg, 0, sizeof(arg)); + EVP_MD_do_all(evp_md_do_all_cb, &arg); + failure |= arg.failure; + + return failure; +} + +static void +evp_cipher_aliases_cb(const EVP_CIPHER *cipher, const char *from, const char *to, + void *arg) +{ + struct do_all_arg *do_all = arg; + const EVP_CIPHER *from_cipher, *to_cipher; + + if (to == NULL) + return; + + from_cipher = EVP_get_cipherbyname(from); + to_cipher = EVP_get_cipherbyname(to); + + if (from_cipher != NULL && from_cipher == to_cipher) + return; + + fprintf(stderr, "FAIL: cipher mismatch from \"%s\" to \"%s\": " + "from: %p, to: %p\n", from, to, from_cipher, to_cipher); + do_all->failure |= 1; +} + +static void +evp_digest_aliases_cb(const EVP_MD *digest, const char *from, const char *to, + void *arg) +{ + struct do_all_arg *do_all = arg; + const EVP_MD *from_digest, *to_digest; + + if (to == NULL) + return; + + from_digest = EVP_get_digestbyname(from); + to_digest = EVP_get_digestbyname(to); + + if (from_digest != NULL && from_digest == to_digest) + return; + + fprintf(stderr, "FAIL: digest mismatch from \"%s\" to \"%s\": " + "from: %p, to: %p\n", from, to, from_digest, to_digest); + do_all->failure |= 1; +} + +static int +evp_aliases_test(void) +{ + struct do_all_arg arg; + int failure = 0; + + memset(&arg, 0, sizeof(arg)); + EVP_CIPHER_do_all(evp_cipher_aliases_cb, &arg); + failure |= arg.failure; + + memset(&arg, 0, sizeof(arg)); + EVP_MD_do_all(evp_digest_aliases_cb, &arg); + failure |= arg.failure; + + return failure; +} + +static void +obj_name_cb(const OBJ_NAME *obj_name, void *do_all_arg) +{ + struct do_all_arg *arg = do_all_arg; + struct do_all_arg arg_copy = *arg; + const char *previous = arg->previous; + const char *descr = "OBJ_NAME unknown"; + + assert(obj_name->name != NULL); + arg->previous = obj_name->name; + + if (obj_name->type == OBJ_NAME_TYPE_CIPHER_METH) { + descr = "OBJ_NAME cipher"; + + if (obj_name->alias == 0) { + const EVP_CIPHER *cipher; + + if ((cipher = EVP_get_cipherbyname(obj_name->name)) != + (const EVP_CIPHER *)obj_name->data) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s by name %p != %p\n", + descr, cipher, obj_name->data); + } + + evp_do_all_cb_common(descr, obj_name->data, + obj_name->name, NULL, &arg_copy); + } else if (obj_name->alias == OBJ_NAME_ALIAS) { + evp_cipher_aliases_cb(NULL, obj_name->name, + obj_name->data, &arg_copy); + } else { + fprintf(stderr, "FAIL %s %s: unexpected alias value %d\n", + descr, obj_name->name, obj_name->alias); + arg->failure |= 1; + } + } else if (obj_name->type == OBJ_NAME_TYPE_MD_METH) { + descr = "OBJ_NAME digest"; + + if (obj_name->alias == 0) { + const EVP_MD *evp_md; + + if ((evp_md = EVP_get_digestbyname(obj_name->name)) != + (const EVP_MD *)obj_name->data) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %s by name %p != %p\n", + descr, evp_md, obj_name->data); + } + + evp_do_all_cb_common(descr, obj_name->data, + obj_name->name, NULL, &arg_copy); + } else if (obj_name->alias == OBJ_NAME_ALIAS) { + evp_digest_aliases_cb(NULL, obj_name->name, + obj_name->data, &arg_copy); + } else { + fprintf(stderr, "FAIL: %s %s: unexpected alias value %d\n", + descr, obj_name->name, obj_name->alias); + arg->failure |= 1; + } + } else { + fprintf(stderr, "FAIL: unexpected OBJ_NAME type %d\n", + obj_name->type); + arg->failure |= 1; + } + + if (previous != NULL && strcmp(previous, obj_name->name) >= 0) { + arg->failure |= 1; + fprintf(stderr, "FAIL: %ss %s and %s out of order\n", descr, + previous, obj_name->name); + } + + arg->failure |= arg_copy.failure; +} + +static int +obj_name_do_all_test(void) +{ + struct do_all_arg arg; + int failure = 0; + + memset(&arg, 0, sizeof(arg)); + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_cb, &arg); + failure |= arg.failure; + + memset(&arg, 0, sizeof(arg)); + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_cb, &arg); + failure |= arg.failure; + + return failure; +} + +static int +evp_get_cipherbyname_test(void) +{ + int failure = 0; + + /* Should handle NULL gracefully */ + failure |= EVP_get_cipherbyname(NULL) != NULL; + + return failure; +} + +static int +evp_get_digestbyname_test(void) +{ + int failure = 0; + + /* Should handle NULL gracefully */ + failure |= EVP_get_digestbyname(NULL) != NULL; + + return failure; +} + int main(int argc, char **argv) { int failed = 0; failed |= evp_asn1_method_test(); - failed |= evp_pkey_method_test(); + failed |= evp_asn1_method_aliases_test(); failed |= evp_pkey_iv_len_test(); + failed |= evp_do_all_test(); + failed |= evp_aliases_test(); + failed |= obj_name_do_all_test(); + failed |= evp_get_cipherbyname_test(); + failed |= evp_get_digestbyname_test(); OPENSSL_cleanup(); diff --git a/tests/evptest.c b/tests/evptest.c index 6f677dd9..f652cf5a 100644 --- a/tests/evptest.c +++ b/tests/evptest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evptest.c,v 1.12 2023/03/02 20:24:51 tb Exp $ */ +/* $OpenBSD: evptest.c,v 1.14 2024/02/29 20:04:43 tb Exp $ */ /* Written by Ben Laurie, 2001 */ /* * Copyright (c) 2001 The OpenSSL Project. All rights reserved. @@ -53,9 +53,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include @@ -350,23 +347,6 @@ main(int argc, char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - /* Load all compiled-in ENGINEs */ - ENGINE_load_builtin_engines(); -#endif -#if 0 - OPENSSL_config(); -#endif -#ifndef OPENSSL_NO_ENGINE - /* Register all available ENGINE implementations of ciphers and digests. - * This could perhaps be changed to "ENGINE_register_all_complete()"? */ - ENGINE_register_all_ciphers(); - ENGINE_register_all_digests(); - /* If we add command-line options, this statement should be switchable. - * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if - * they weren't already initialised. */ - /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ -#endif for (;;) { char line[8 * 1024]; @@ -457,14 +437,10 @@ main(int argc, char **argv) } fclose(f); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); - CRYPTO_mem_leaks_fp(stderr); return 0; } diff --git a/tests/exdata_test.c b/tests/exdata_test.c new file mode 100644 index 00000000..d9041861 --- /dev/null +++ b/tests/exdata_test.c @@ -0,0 +1,226 @@ +/* $OpenBSD: exdata_test.c,v 1.1 2023/12/27 12:34:32 jsing Exp $ */ +/* + * Copyright (c) 2023 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +static int ex_new_calls; +static int ex_free_calls; +static int ex_dup_calls; + +static int +ex_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, + void *argp) +{ + long *arg = argp; + + if (argl != 1234 || *arg != 1234) { + fprintf(stderr, "FAIL: ex_new() with bad arguments\n"); + return 0; + } + + ex_new_calls++; + + return 1; +} + +static int +ex_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp) +{ + long *arg = argp; + + if (argl != 1234 || *arg != 1234) { + fprintf(stderr, "FAIL: ex_dup() with bad arguments\n"); + return 0; + } + + ex_dup_calls++; + + return 1; +} + +static void +ex_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void *argp) +{ + long *arg = argp; + + if (argl != 1234 || *arg != 1234) { + fprintf(stderr, "FAIL: ex_free() with bad arguments\n"); + return; + } + + ex_free_calls++; +} + +struct exdata { + CRYPTO_EX_DATA exdata; + int val; +}; + +static int +ex_data_test(void) +{ + struct exdata exdata1, exdata2; + void *argp; + long argl; + int idx1, idx2; + int failed = 1; + + memset(&exdata1, 0, sizeof(exdata1)); + memset(&exdata2, 0, sizeof(exdata2)); + + argl = 1234; + argp = &argl; + + if ((idx1 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, + ex_new, ex_dup, ex_free)) < 0) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index failed\n"); + goto failure; + } + if (idx1 == 0) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned 0 " + "(reserved for internal use)\n"); + goto failure; + } + + if ((idx2 = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, 0, NULL, + NULL, NULL, NULL)) < 0) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index failed\n"); + goto failure; + } + if (idx1 == idx2) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned the " + "same value\n"); + goto failure; + } + if (idx2 < idx1) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() returned " + "idx2 < idx1\n"); + goto failure; + } + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata)) { + fprintf(stderr, "FAIL: CRYPTO_new_ex_data() failed\n"); + goto failure; + } + + if (!CRYPTO_set_ex_data(&exdata1.exdata, idx2, &idx2)) { + fprintf(stderr, "FAIL: CRYPTO_set_ex_data() failed\n"); + goto failure; + } + if (!CRYPTO_set_ex_data(&exdata1.exdata, idx1, &idx1)) { + fprintf(stderr, "FAIL: CRYPTO_set_ex_data() failed\n"); + goto failure; + } + if (CRYPTO_get_ex_data(&exdata1.exdata, idx1) != &idx1) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n"); + goto failure; + } + if (CRYPTO_get_ex_data(&exdata1.exdata, idx2) != &idx2) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n"); + goto failure; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2.exdata, + &exdata1.exdata)) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n"); + goto failure; + } + if (CRYPTO_get_ex_data(&exdata2.exdata, idx1) != &idx1) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n"); + goto failure; + } + if (CRYPTO_get_ex_data(&exdata2.exdata, idx2) != &idx2) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_data() failed\n"); + goto failure; + } + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2, &exdata2.exdata); + + if (ex_new_calls != 1) { + fprintf(stderr, "FAIL: got %d ex_new calls, want %d\n", + ex_new_calls, 1); + goto failure; + } + if (ex_dup_calls != 1) { + fprintf(stderr, "FAIL: got %d ex_dup calls, want %d\n", + ex_dup_calls, 1); + goto failure; + } + if (ex_free_calls != 2) { + fprintf(stderr, "FAIL: got %d ex_free calls, want %d\n", + ex_free_calls, 2); + goto failure; + } + + failed = 0; + + failure: + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata1, &exdata1.exdata); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, &exdata2, &exdata2.exdata); + + return failed; +} + +#if 0 +/* This insanity currently succeeds... */ +static int +ex_new_index_test(void) +{ + int failed = 1; + int idx; + + if ((idx = CRYPTO_get_ex_new_index(-1, 0, NULL, NULL, NULL, + NULL)) > 0) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() succeeded with " + "negative class\n"); + goto failure; + } + if ((idx = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX__COUNT, 0, + NULL, NULL, NULL, NULL)) > 0) { + fprintf(stderr, "FAIL: CRYPTO_get_ex_new_index() succeeded with " + "class exceeding maximum\n"); + goto failure; + } + + failed = 0; + + failure: + return failed; +} +#endif + +int +main(int argc, char **argv) +{ + int failed = 0; + + failed |= ex_data_test(); +#if 0 + failed |= ex_new_index_test(); +#endif + + /* Force a clean up. */ + CRYPTO_cleanup_all_ex_data(); + + return failed; +} diff --git a/tests/exportertest.c b/tests/exportertest.c index 252fcb06..ee8dbaa9 100644 --- a/tests/exportertest.c +++ b/tests/exportertest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exportertest.c,v 1.3 2023/04/14 14:23:05 tb Exp $ */ +/* $OpenBSD: exportertest.c,v 1.4 2024/03/01 03:46:54 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -534,6 +534,7 @@ exporter_test(size_t test_no, const struct exporter_test *et) SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; uint8_t export[256]; + unsigned char id[2]; int err, ret; int failed = 1; @@ -602,7 +603,9 @@ exporter_test(size_t test_no, const struct exporter_test *et) ssl->s3->hs.state = SSL_ST_OK; ssl->s3->hs.negotiated_tls_version = et->tls_version; - ssl->s3->hs.cipher = SSL_CIPHER_get_by_id(et->cipher_id); + id[0] = (et->cipher_id >> 8) & 0xff; + id[1] = et->cipher_id & 0xff; + ssl->s3->hs.cipher = SSL_CIPHER_find(ssl, id); ret = SSL_export_keying_material(ssl, export, et->export_len, et->label, et->label_len, et->context_value, et->context_value_len, diff --git a/tests/freenull.c b/tests/freenull.c index 75c75535..87f83885 100644 --- a/tests/freenull.c +++ b/tests/freenull.c @@ -1,4 +1,4 @@ -/* $OpenBSD: freenull.c.head,v 1.6 2023/07/28 17:13:56 tb Exp $ */ +/* $OpenBSD: freenull.c.head,v 1.9 2024/02/29 20:00:53 tb Exp $ */ #include #include @@ -6,10 +6,10 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE #include -#endif +#ifndef OPENSSL_NO_GOST #include +#endif #include #include #include @@ -41,7 +41,6 @@ main(int argc, char **argv) ASN1_NULL_free(NULL); ASN1_OBJECT_free(NULL); ASN1_OCTET_STRING_free(NULL); - ASN1_PCTX_free(NULL); ASN1_PRINTABLESTRING_free(NULL); ASN1_PRINTABLE_free(NULL); ASN1_STRING_free(NULL); @@ -89,9 +88,7 @@ main(int argc, char **argv) EC_POINT_clear_free(NULL); EC_POINT_free(NULL); EDIPARTYNAME_free(NULL); -#ifndef OPENSSL_NO_ENGINE ENGINE_free(NULL); -#endif ESS_CERT_ID_free(NULL); ESS_ISSUER_SERIAL_free(NULL); ESS_SIGNING_CERT_free(NULL); @@ -100,17 +97,12 @@ main(int argc, char **argv) EVP_CIPHER_meth_free(NULL); EVP_ENCODE_CTX_free(NULL); EVP_MD_CTX_free(NULL); - EVP_MD_meth_free(NULL); EVP_PKEY_CTX_free(NULL); - EVP_PKEY_asn1_free(NULL); EVP_PKEY_free(NULL); - EVP_PKEY_meth_free(NULL); EXTENDED_KEY_USAGE_free(NULL); GENERAL_NAMES_free(NULL); GENERAL_NAME_free(NULL); GENERAL_SUBTREE_free(NULL); - GOST_CIPHER_PARAMS_free(NULL); - GOST_KEY_free(NULL); HMAC_CTX_free(NULL); IPAddressChoice_free(NULL); IPAddressFamily_free(NULL); @@ -139,11 +131,6 @@ main(int argc, char **argv) OCSP_SIGNATURE_free(NULL); OCSP_SINGLERESP_free(NULL); OTHERNAME_free(NULL); - PBE2PARAM_free(NULL); - PBEPARAM_free(NULL); - PBKDF2PARAM_free(NULL); - PKCS12_BAGS_free(NULL); - PKCS12_MAC_DATA_free(NULL); PKCS12_SAFEBAG_free(NULL); PKCS12_free(NULL); PKCS7_DIGEST_free(NULL); @@ -184,10 +171,8 @@ main(int argc, char **argv) X509V3_conf_free(NULL); X509_ALGOR_free(NULL); X509_ATTRIBUTE_free(NULL); - X509_CERT_AUX_free(NULL); X509_CINF_free(NULL); X509_CRL_INFO_free(NULL); - X509_CRL_METHOD_free(NULL); X509_CRL_free(NULL); X509_EXTENSION_free(NULL); X509_INFO_free(NULL); diff --git a/tests/gost2814789t.c b/tests/gost2814789t.c deleted file mode 100644 index 5e439a7e..00000000 --- a/tests/gost2814789t.c +++ /dev/null @@ -1,1491 +0,0 @@ -/* $OpenBSD: gost2814789t.c,v 1.9 2023/06/19 18:51:47 tb Exp $ */ -/* vim: set fileencoding=ascii : Charset: ASCII */ -/* test/gostr2814789t.c */ -/* ==================================================================== - * Copyright (c) 2012 Crypto-Pro, Ltd., Serguei E. Leontiev, - * lse@cryptopro.ru - * - * This file is distributed under the same license as OpenSSL - * ==================================================================== - */ -#include - -#if defined(OPENSSL_NO_GOST) -int main(int argc, char *argv[]) -{ - printf("No GOST 28147-89 support\n"); - return 0; -} -#else - -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_ENGINE -#include -#endif -#include -#include -#include -#include - -#define G89_MAX_TC_LEN (2048) -#define G89_BLOCK_LEN (8) - -#undef U64 -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -#define U64(C) C##UI64 -#elif defined(_LP64) || defined(__arch64__) -#define U64(C) C##UL -#else -#define U64(C) C##ULL -#endif - -typedef enum g89_mode_ { - G89_ECB, - G89_CFB, - G89_CNT, - G89_IMIT -} g89_mode; - -typedef struct g89_tc_ { - uint64_t ullLen; /* ullLen > G89_MAX_TC_LEN */ - /* Clear text ullLen */ - /* of zero unsigned chars */ - const unsigned char bIn[G89_MAX_TC_LEN]; /* Clear text, when */ - /* ullLen <= G89_MAX_TC_LEN */ - const char *szParamSet; /* S-Box ID */ - const char *szDerive; /* String for derive bRawKey */ - const unsigned char bRawKey[EVP_MAX_KEY_LENGTH]; - g89_mode gMode; /* Mode of encryption or MAC */ - const unsigned char bIV[EVP_MAX_IV_LENGTH]; /* IV for CFB or CNT mode */ - const unsigned char bOut[G89_MAX_TC_LEN]; /* Cipher text for ECB/CFB/CNT */ - /* mode, when ullLen <= G89_MAX_TC_LEN; - * Last 16 unsigned char of cipher text for - * ECB/CFB/CNT, when ullLen > - * G89_MAX_TC_LEN; - * 4 unsigned char MAC for imitovstavka */ -} g89_tc; - -const g89_tc tcs[] = { - /* - * GOST R 34.11-94 Test cases - */ - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 1, K[1], see Errata for RFC 5831 */ - 8, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - "id-GostR3411-94-TestParamSet", - NULL, - { - 0x54, 0x6d, 0x20, 0x33, 0x68, 0x65, 0x6c, 0x32, - 0x69, 0x73, 0x65, 0x20, 0x73, 0x73, 0x6e, 0x62, - 0x20, 0x61, 0x67, 0x79, 0x69, 0x67, 0x74, 0x74, - 0x73, 0x65, 0x68, 0x65, 0x20, 0x2c, 0x3d, 0x73 - }, - G89_ECB, - { 0 }, - { - 0x1b, 0x0b, 0xbc, 0x32, 0xce, 0xbc, 0xab, 0x42 - } - }, - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 1, K[4] */ - 8, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - "id-GostR3411-94-TestParamSet", - NULL, - { - 0xec, 0x0a, 0x8b, 0xa1, 0x5e, 0xc0, 0x04, 0xa8, - 0xba, 0xc5, 0x0c, 0xac, 0x0c, 0x62, 0x1d, 0xee, - 0xe1, 0xc7, 0xb8, 0xe7, 0x00, 0x7a, 0xe2, 0xec, - 0xf2, 0x73, 0x1b, 0xff, 0x4e, 0x80, 0xe2, 0xa0 - }, - G89_ECB, - { 0 }, - { - 0x2d, 0x56, 0x2a, 0x0d, 0x19, 0x04, 0x86, 0xe7 - } - }, - { /* see p. A.3.1 [GOSTR341194], p. 7.3.1 [ENG-GOSTR341194] */ - /* */ - /* Iteration 2, K[1] */ - 8, - { - 0x34, 0xc0, 0x15, 0x33, 0xe3, 0x7d, 0x1c, 0x56 - }, - "id-GostR3411-94-TestParamSet", - NULL, - { - 0x34, 0x87, 0x24, 0xa4, 0xc1, 0xa6, 0x76, 0x67, - 0x15, 0x3d, 0xde, 0x59, 0x33, 0x88, 0x42, 0x50, - 0xe3, 0x24, 0x8c, 0x65, 0x7d, 0x41, 0x3b, 0x8c, - 0x1c, 0x9c, 0xa0, 0x9a, 0x56, 0xd9, 0x68, 0xcf - }, - G89_ECB, - { 0 }, - { - 0x86, 0x3e, 0x78, 0xdd, 0x2d, 0x60, 0xd1, 0x3c - } - }, - /* - * id-Gost28147-89-CryptoPro-A-ParamSet (1.2.643.2.2.31.1) - * Test cases - */ - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x74, 0x3d, 0x76, 0xf9, 0x1b, 0xee, 0x35, 0x3c, - 0xa2, 0x5c, 0x3b, 0x10, 0xeb, 0x64, 0xcf, 0xf5 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testecb1", - { - 0xbb, 0xf1, 0xed, 0xd3, 0x20, 0xaf, 0x8a, 0x62, - 0x8e, 0x11, 0xc8, 0xa9, 0x51, 0xcc, 0xbe, 0x81, - 0x47, 0x7b, 0x41, 0xa1, 0x6a, 0xf6, 0x7f, 0x05, - 0xe8, 0x51, 0x2f, 0x9e, 0x01, 0xf8, 0xcf, 0x49 - }, - G89_ECB, - { 0 }, - { - 0xc3, 0x73, 0x90, 0x95, 0x35, 0x58, 0x08, 0x63, - 0xcb, 0x68, 0x85, 0x96, 0x77, 0xe8, 0xfb, 0xa9 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0xd2, 0xfd, 0xf8, 0x3a, 0xc1, 0xb4, 0x39, 0x23, - 0x2e, 0xaa, 0xcc, 0x98, 0x0a, 0x02, 0xda, 0x33 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcfb1", - { - 0x8d, 0x5a, 0x2c, 0x83, 0xa7, 0xc7, 0x0a, 0x61, - 0xd6, 0x1b, 0x34, 0xb5, 0x1f, 0xdf, 0x42, 0x68, - 0x66, 0x71, 0xa3, 0x5d, 0x87, 0x4c, 0xfd, 0x84, - 0x99, 0x36, 0x63, 0xb6, 0x1e, 0xd6, 0x0d, 0xad - }, - G89_CFB, - { - 0x46, 0x60, 0x6f, 0x0d, 0x88, 0x34, 0x23, 0x5a - }, - { - 0x88, 0xb7, 0x75, 0x16, 0x74, 0xa5, 0xee, 0x2d, - 0x14, 0xfe, 0x91, 0x67, 0xd0, 0x5c, 0xcc, 0x40 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x90, 0xa2, 0x39, 0x66, 0xae, 0x01, 0xb9, 0xa3, - 0x52, 0x4e, 0xc8, 0xed, 0x6c, 0xdd, 0x88, 0x30 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcnt1", - { - 0x59, 0x9f, 0x84, 0xba, 0xc3, 0xf3, 0xd2, 0xf1, - 0x60, 0xe1, 0xe3, 0xf2, 0x6a, 0x96, 0x1a, 0xf9, - 0x9c, 0x48, 0xb2, 0x4e, 0xbc, 0xbb, 0xbf, 0x7c, - 0xd8, 0xf3, 0xac, 0xcd, 0x96, 0x8d, 0x28, 0x6a - }, - G89_CNT, - { - 0x8d, 0xaf, 0xa8, 0xd1, 0x58, 0xed, 0x05, 0x8d - }, - { - 0x6e, 0x72, 0x62, 0xcc, 0xe3, 0x59, 0x36, 0x90, - 0x83, 0x3a, 0xfe, 0xa9, 0x1b, 0xc9, 0xbe, 0xce - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0xb5, 0xa1, 0xf0, 0xe3, 0xce, 0x2f, 0x02, 0x1d, - 0x67, 0x61, 0x94, 0x34, 0x5c, 0x41, 0xe3, 0x6e - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit1", - { - 0x9d, 0x05, 0xb7, 0x9e, 0x90, 0xca, 0xd0, 0x0a, - 0x2c, 0xda, 0xd2, 0x2e, 0xf4, 0xe8, 0x6f, 0x5c, - 0xf5, 0xdc, 0x37, 0x68, 0x19, 0x85, 0xb3, 0xbf, - 0xaa, 0x18, 0xc1, 0xc3, 0x05, 0x0a, 0x91, 0xa2 - }, - G89_IMIT, - { 0 }, - { - 0xf8, 0x1f, 0x08, 0xa3 - } - }, - /* - * Other paramsets and key meshing test cases. - */ - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1039, - { - 0x8c, 0x9c, 0x44, 0x35, 0xfb, 0xe9, 0xa5, 0xa3, - 0xa0, 0xae, 0x28, 0x56, 0x91, 0x10, 0x8e, 0x1e , - 0xd2, 0xbb, 0x18, 0x53, 0x81, 0x27, 0x0d, 0xa6, - 0x68, 0x59, 0x36, 0xc5, 0x81, 0x62, 0x9a, 0x8e, - 0x7d, 0x50, 0xf1, 0x6f, 0x97, 0x62, 0x29, 0xec, - 0x80, 0x51, 0xe3, 0x7d, 0x6c, 0xc4, 0x07, 0x95, - 0x28, 0x63, 0xdc, 0xb4, 0xb9, 0x2d, 0xb8, 0x13, - 0xb1, 0x05, 0xb5, 0xf9, 0xeb, 0x75, 0x37, 0x4e, - 0xf7, 0xbf, 0x51, 0xf1, 0x98, 0x86, 0x43, 0xc4, - 0xe4, 0x3d, 0x3e, 0xa7, 0x62, 0xec, 0x41, 0x59, - 0xe0, 0xbd, 0xfb, 0xb6, 0xfd, 0xec, 0xe0, 0x77, - 0x13, 0xd2, 0x59, 0x90, 0xa1, 0xb8, 0x97, 0x6b, - 0x3d, 0x8b, 0x7d, 0xfc, 0x9d, 0xca, 0x82, 0x73, - 0x32, 0x70, 0x0a, 0x74, 0x03, 0xc6, 0x0c, 0x26, - 0x7f, 0x56, 0xf0, 0x9d, 0xb2, 0xeb, 0x71, 0x40, - 0xd7, 0xc3, 0xb1, 0xa7, 0xc5, 0x1e, 0x20, 0x17, - 0xb3, 0x50, 0x1d, 0x8a, 0x6e, 0x19, 0xcb, 0xbe, - 0x20, 0x86, 0x2b, 0xd6, 0x1c, 0xfd, 0xb4, 0xb7, - 0x5d, 0x9a, 0xb3, 0xe3, 0x7d, 0x15, 0x7a, 0x35, - 0x01, 0x9f, 0x5d, 0x65, 0x89, 0x4b, 0x34, 0xc6, - 0xf4, 0x81, 0x3f, 0x78, 0x30, 0xcf, 0xe9, 0x15, - 0x90, 0x9a, 0xf9, 0xde, 0xba, 0x63, 0xd0, 0x19, - 0x14, 0x66, 0x3c, 0xb9, 0xa4, 0xb2, 0x84, 0x94, - 0x02, 0xcf, 0xce, 0x20, 0xcf, 0x76, 0xe7, 0xc5, - 0x48, 0xf7, 0x69, 0x3a, 0x5d, 0xec, 0xaf, 0x41, - 0xa7, 0x12, 0x64, 0x83, 0xf5, 0x99, 0x1e, 0x9e, - 0xb2, 0xab, 0x86, 0x16, 0x00, 0x23, 0x8e, 0xe6, - 0xd9, 0x80, 0x0b, 0x6d, 0xc5, 0x93, 0xe2, 0x5c, - 0x8c, 0xd8, 0x5e, 0x5a, 0xae, 0x4a, 0x85, 0xfd, - 0x76, 0x01, 0xea, 0x30, 0xf3, 0x78, 0x34, 0x10, - 0x72, 0x51, 0xbc, 0x9f, 0x76, 0xce, 0x1f, 0xd4, - 0x8f, 0x33, 0x50, 0x34, 0xc7, 0x4d, 0x7b, 0xcf, - 0x91, 0x63, 0x7d, 0x82, 0x9e, 0xa1, 0x23, 0x45, - 0xf5, 0x45, 0xac, 0x98, 0x7a, 0x48, 0xff, 0x64, - 0xd5, 0x59, 0x47, 0xde, 0x2b, 0x3f, 0xfa, 0xec, - 0x50, 0xe0, 0x81, 0x60, 0x8b, 0xc3, 0xfc, 0x80, - 0x98, 0x17, 0xc7, 0xa3, 0xc2, 0x57, 0x3d, 0xab, - 0x91, 0x67, 0xf5, 0xc4, 0xab, 0x92, 0xc8, 0xd6, - 0x3b, 0x6b, 0x3f, 0xff, 0x15, 0x6b, 0xcf, 0x53, - 0x65, 0x02, 0xf1, 0x74, 0xca, 0xa9, 0xbe, 0x24, - 0xd2, 0xf0, 0xb7, 0x26, 0xa8, 0xd7, 0x6d, 0xed, - 0x90, 0x36, 0x7b, 0x3e, 0x41, 0xa9, 0x7f, 0xa3, - 0x1b, 0xf4, 0x43, 0xc5, 0x51, 0xbe, 0x28, 0x59, - 0xe9, 0x45, 0x26, 0x49, 0x38, 0x32, 0xf8, 0xf3, - 0x92, 0x6e, 0x30, 0xcc, 0xb0, 0xa0, 0xf9, 0x01, - 0x14, 0xc8, 0xba, 0xd9, 0xf0, 0x2a, 0x29, 0xe2, - 0x52, 0x9a, 0x76, 0x95, 0x3a, 0x16, 0x32, 0xec, - 0xf4, 0x10, 0xec, 0xee, 0x47, 0x00, 0x70, 0x19, - 0xe4, 0x72, 0x35, 0x66, 0x44, 0x53, 0x2d, 0xa2, - 0xf3, 0xaa, 0x7e, 0x8a, 0x33, 0x13, 0xcd, 0xc8, - 0xbf, 0x0e, 0x40, 0x90, 0x00, 0xe4, 0x42, 0xc3, - 0x09, 0x84, 0xe1, 0x66, 0x17, 0xa2, 0xaf, 0x03, - 0xab, 0x6b, 0xa1, 0xec, 0xfb, 0x17, 0x72, 0x81, - 0xfe, 0x9a, 0x9f, 0xf4, 0xb2, 0x33, 0x1f, 0xae, - 0x0c, 0xd1, 0x6a, 0xae, 0x19, 0xb8, 0xaf, 0xec, - 0xe3, 0xea, 0x00, 0xf8, 0xac, 0x87, 0x07, 0x5f, - 0x6d, 0xb0, 0xac, 0x6b, 0x22, 0x48, 0x36, 0xbf, - 0x22, 0x18, 0xb0, 0x03, 0x9f, 0x6c, 0x70, 0x45, - 0x36, 0xf0, 0x6b, 0xc6, 0xc2, 0xa5, 0x72, 0x2c, - 0xd8, 0xe0, 0x27, 0x3d, 0xec, 0x56, 0x07, 0x05, - 0x7d, 0x83, 0xa1, 0x65, 0x7d, 0x41, 0x5b, 0xcd, - 0x77, 0x24, 0xe5, 0xaa, 0x76, 0x47, 0xd0, 0x50, - 0xf6, 0xe7, 0xb5, 0x59, 0x75, 0x31, 0x27, 0xef, - 0xd8, 0xa6, 0x4e, 0x7f, 0xb8, 0x40, 0xb1, 0xdf, - 0x53, 0x14, 0xed, 0xf1, 0x68, 0x5f, 0xfc, 0x3f, - 0x02, 0xdb, 0x05, 0xeb, 0x31, 0xe4, 0x2c, 0x7f, - 0x32, 0xb5, 0x70, 0x8e, 0x75, 0x85, 0xa4, 0x5c, - 0x16, 0x23, 0x37, 0xf2, 0x10, 0x79, 0xcb, 0xdc, - 0xf8, 0x1c, 0x25, 0xc2, 0xa1, 0x3d, 0x9c, 0x33, - 0x6c, 0xed, 0xc3, 0xe7, 0xf3, 0x02, 0x87, 0x82, - 0x4e, 0xfb, 0xac, 0xb3, 0x2d, 0xfc, 0xf8, 0x0d, - 0x1d, 0x4a, 0x39, 0xd4, 0xb3, 0x09, 0xbb, 0xe9, - 0x25, 0xc7, 0xec, 0x6a, 0x87, 0x72, 0x84, 0xed, - 0x12, 0x60, 0x19, 0x64, 0xeb, 0x16, 0x2a, 0x5b, - 0x10, 0x76, 0x27, 0xff, 0x7b, 0xe4, 0xae, 0xe5, - 0xa4, 0x04, 0x02, 0x7f, 0xbb, 0x0a, 0xb5, 0xf4, - 0x05, 0xa5, 0x56, 0x1c, 0x53, 0x31, 0x7a, 0x93, - 0xba, 0x16, 0x15, 0xab, 0x62, 0x60, 0xfc, 0xde, - 0x72, 0x36, 0x6e, 0x28, 0xaf, 0x98, 0x0d, 0xe6, - 0xf4, 0xde, 0x60, 0xa7, 0x7e, 0x06, 0x07, 0x86, - 0xf3, 0x94, 0xb6, 0x6d, 0x0d, 0x93, 0xa6, 0xbc, - 0x60, 0x70, 0x33, 0xac, 0x3f, 0xa1, 0xa8, 0x4a, - 0x20, 0x61, 0xb6, 0xb5, 0x43, 0xa3, 0x15, 0x5a, - 0x00, 0xbe, 0x76, 0x98, 0x57, 0x72, 0xab, 0x7a, - 0x0e, 0x18, 0x93, 0x82, 0x3a, 0x18, 0x78, 0x6e, - 0x71, 0x7b, 0x78, 0x4f, 0x7e, 0x8c, 0xde, 0x7a, - 0x62, 0xb5, 0x0a, 0x7c, 0x45, 0x1d, 0x16, 0xd5, - 0xc3, 0x8c, 0x9b, 0x25, 0xb4, 0x50, 0x90, 0xcd, - 0x96, 0x93, 0xad, 0x0f, 0xd4, 0x43, 0xcb, 0x49, - 0x0f, 0xfc, 0x5a, 0x31, 0xf4, 0x19, 0xb7, 0xd4, - 0xeb, 0x4d, 0x40, 0x58, 0xd0, 0x3b, 0xc8, 0xe0, - 0x4a, 0x54, 0x2f, 0xdb, 0x22, 0xc3, 0x29, 0x7b, - 0x40, 0x90, 0x61, 0x43, 0xd3, 0x7e, 0xe2, 0x30, - 0x2b, 0x48, 0x3c, 0xce, 0x90, 0x93, 0xb1, 0x8b, - 0x31, 0x96, 0x65, 0x6d, 0x57, 0x8b, 0x9d, 0x4d, - 0x53, 0xf0, 0x83, 0x1c, 0xe5, 0xa1, 0x9d, 0x55, - 0xe3, 0xbf, 0x7e, 0xca, 0x1a, 0x74, 0x66, 0x14, - 0xcc, 0x47, 0x43, 0xd9, 0xbb, 0xef, 0x97, 0x7d, - 0xb7, 0x6e, 0xff, 0xf1, 0x22, 0xf8, 0x10, 0x2d, - 0x3f, 0xcd, 0x49, 0x96, 0xd9, 0x09, 0x11, 0xb8, - 0x33, 0xd0, 0x23, 0x9a, 0xfa, 0x16, 0xcb, 0x50, - 0x26, 0x57, 0x24, 0x5c, 0x0e, 0xba, 0xf0, 0x3f, - 0x37, 0x2f, 0xa3, 0xf7, 0x18, 0x57, 0x48, 0x48, - 0x95, 0xcf, 0xef, 0x87, 0x67, 0x2a, 0xe9, 0xb6, - 0x8a, 0x21, 0x36, 0x7f, 0xff, 0x48, 0x6c, 0x46, - 0x35, 0x57, 0xf2, 0xbc, 0x48, 0x67, 0x8f, 0x63, - 0x23, 0x78, 0x11, 0x2b, 0xc2, 0x08, 0xde, 0x51, - 0xe8, 0x8b, 0x92, 0x29, 0xf9, 0x9a, 0x9e, 0xad, - 0xed, 0x0f, 0xeb, 0xa2, 0xd2, 0x40, 0x92, 0xd4, - 0xde, 0x62, 0x95, 0x76, 0xfd, 0x6e, 0x3c, 0xbf, - 0xc0, 0xd7, 0x0d, 0xe5, 0x1b, 0xa4, 0xc7, 0x18, - 0xe1, 0x58, 0xa4, 0x56, 0xef, 0x2e, 0x17, 0x1b, - 0x75, 0xcb, 0xbc, 0xf9, 0x2a, 0x95, 0x71, 0xa7, - 0x1d, 0x7f, 0xe7, 0x73, 0x63, 0x05, 0x6b, 0x19, - 0x4c, 0xf4, 0x22, 0x14, 0xc4, 0x59, 0x88, 0x66, - 0x92, 0x86, 0x61, 0x5c, 0x6a, 0xae, 0xec, 0x58, - 0xff, 0xc9, 0xf2, 0x44, 0xd4, 0xa2, 0xf5, 0x98, - 0xeb, 0x5f, 0x09, 0xbc, 0x8a, 0xbf, 0x3c, 0xb4, - 0x3e, 0xb1, 0x20, 0x05, 0x44, 0x96, 0x79, 0x0a, - 0x40, 0x92, 0x7f, 0x9d, 0xd1, 0xaf, 0xbc, 0x90, - 0x95, 0x0a, 0x81, 0xd4, 0xa7, 0xc6, 0xb8, 0xe0, - 0xe4, 0x39, 0x30, 0x1d, 0x79, 0xc0, 0xe5, 0xfa, - 0xb4, 0xe9, 0x63, 0xb4, 0x09, 0x72, 0x3b, 0x3e, - 0xd9, 0xf6, 0xd9, 0x10, 0x21, 0x18, 0x7e, 0xe5, - 0xad, 0x81, 0xd7, 0xd5, 0x82, 0xd0, 0x8c, 0x3b, - 0x38, 0x95, 0xf8, 0x92, 0x01, 0xa9, 0x92, 0x00, - 0x70, 0xd1, 0xa7, 0x88, 0x77, 0x1f, 0x3a, 0xeb, - 0xb5, 0xe4, 0xf5, 0x9d, 0xc7, 0x37, 0x86, 0xb2, - 0x12, 0x46, 0x34, 0x19, 0x72, 0x8c, 0xf5, 0x8c, - 0xf6, 0x78, 0x98, 0xe0, 0x7c, 0xd3, 0xf4 - }, - "id-Gost28147-89-CryptoPro-B-ParamSet", - "testcfb2", - { - 0x48, 0x0c, 0x74, 0x1b, 0x02, 0x6b, 0x55, 0xd5, - 0xb6, 0x6d, 0xd7, 0x1d, 0x40, 0x48, 0x05, 0x6b, - 0x6d, 0xeb, 0x3c, 0x29, 0x0f, 0x84, 0x80, 0x23, - 0xee, 0x0d, 0x47, 0x77, 0xe3, 0xfe, 0x61, 0xc9 - }, - G89_CFB, - { - 0x1f, 0x3f, 0x82, 0x1e, 0x0d, 0xd8, 0x1e, 0x22 - }, - { - 0x23, 0xc6, 0x7f, 0x20, 0xa1, 0x23, 0x58, 0xbc, - 0x7b, 0x05, 0xdb, 0x21, 0x15, 0xcf, 0x96, 0x41, - 0xc7, 0x88, 0xef, 0x76, 0x5c, 0x49, 0xdb, 0x42, - 0xbf, 0xf3, 0xc0, 0xf5, 0xbd, 0x5d, 0xd9, 0x8e, - 0xaf, 0x3d, 0xf4, 0xe4, 0xda, 0x88, 0xbd, 0xbc, - 0x47, 0x5d, 0x76, 0x07, 0xc9, 0x5f, 0x54, 0x1d, - 0x1d, 0x6a, 0xa1, 0x2e, 0x18, 0xd6, 0x60, 0x84, - 0x02, 0x18, 0x37, 0x92, 0x92, 0x15, 0xab, 0x21, - 0xee, 0x21, 0xcc, 0x71, 0x6e, 0x51, 0xd9, 0x2b, - 0xcc, 0x81, 0x97, 0x3f, 0xeb, 0x45, 0x99, 0xb8, - 0x1b, 0xda, 0xff, 0x90, 0xd3, 0x41, 0x06, 0x9c, - 0x3f, 0xfb, 0xe4, 0xb2, 0xdc, 0xc9, 0x03, 0x0d, - 0xa7, 0xae, 0xd7, 0x7d, 0x02, 0xb8, 0x32, 0xab, - 0xf3, 0x65, 0xa3, 0x65, 0x6c, 0x4e, 0xe4, 0xa2, - 0x5e, 0x9e, 0xee, 0xcd, 0xde, 0x79, 0x36, 0x6b, - 0x1b, 0xe1, 0x3c, 0xdf, 0x10, 0xad, 0x4f, 0x02, - 0xe1, 0x14, 0xaa, 0x09, 0xb4, 0x0b, 0x76, 0xeb, - 0x69, 0x38, 0x20, 0x02, 0xcb, 0x8e, 0xc0, 0xdf, - 0xca, 0x48, 0x74, 0xc3, 0x31, 0xad, 0x42, 0x2c, - 0x51, 0x9b, 0xd0, 0x6a, 0xc1, 0x36, 0xd7, 0x21, - 0xdf, 0xb0, 0x45, 0xba, 0xca, 0x7f, 0x35, 0x20, - 0x28, 0xbb, 0xc1, 0x76, 0xfd, 0x43, 0x5d, 0x23, - 0x7d, 0x31, 0x84, 0x1a, 0x97, 0x4d, 0x83, 0xaa, - 0x7e, 0xf1, 0xc4, 0xe6, 0x83, 0xac, 0x0d, 0xef, - 0xef, 0x3c, 0xa4, 0x7c, 0x48, 0xe4, 0xc8, 0xca, - 0x0d, 0x7d, 0xea, 0x7c, 0x45, 0xd7, 0x73, 0x50, - 0x25, 0x1d, 0x01, 0xc4, 0x02, 0x1a, 0xcd, 0xe0, - 0x38, 0x5b, 0xa8, 0x5a, 0x16, 0x9a, 0x10, 0x59, - 0x74, 0xd7, 0x19, 0xc6, 0xf3, 0xb5, 0x17, 0xf6, - 0x59, 0x8d, 0x62, 0xaf, 0x44, 0xe8, 0xdc, 0xe9, - 0xc1, 0x76, 0xf1, 0xd0, 0xbd, 0x29, 0xd7, 0xec, - 0x1d, 0xac, 0x57, 0xdb, 0x1a, 0x3f, 0xd8, 0xf6, - 0x6e, 0xb6, 0xe6, 0xdf, 0x36, 0xe7, 0x89, 0xce, - 0x56, 0x35, 0x43, 0x1c, 0x7d, 0x57, 0x79, 0x0e, - 0xd8, 0xf4, 0xd7, 0xa7, 0x0d, 0xc6, 0x8f, 0x91, - 0x66, 0x67, 0x82, 0x0f, 0x49, 0xc9, 0xc5, 0x65, - 0x81, 0xa1, 0x39, 0x5a, 0x53, 0x9f, 0x02, 0xa5, - 0xd5, 0x36, 0x22, 0xa8, 0xa8, 0x1c, 0x37, 0x0e, - 0x76, 0x46, 0xdf, 0xbd, 0x6a, 0xdb, 0xfc, 0x1b, - 0xbd, 0x10, 0xb8, 0xb1, 0xbc, 0x72, 0x4c, 0x58, - 0x4a, 0xda, 0x6d, 0x66, 0x00, 0xda, 0x7a, 0x66, - 0xa0, 0xe7, 0x3b, 0x39, 0xa3, 0xf7, 0x05, 0x07, - 0xfa, 0x21, 0x4b, 0xc7, 0x94, 0xc0, 0xd3, 0x7b, - 0x19, 0x02, 0x5d, 0x4a, 0x10, 0xf1, 0xc2, 0x0f, - 0x19, 0x68, 0x27, 0xc7, 0x7d, 0xbf, 0x55, 0x03, - 0x57, 0x7d, 0xaf, 0x77, 0xae, 0x80, 0x2f, 0x7a, - 0xe6, 0x1f, 0x4b, 0xdc, 0x15, 0x18, 0xc0, 0x62, - 0xa1, 0xe8, 0xd9, 0x1c, 0x9e, 0x8c, 0x96, 0x39, - 0xc1, 0xc4, 0x88, 0xf7, 0x0c, 0xe1, 0x04, 0x84, - 0x68, 0x51, 0xce, 0xf1, 0x90, 0xda, 0x7f, 0x76, - 0xc8, 0xc0, 0x88, 0xef, 0x8e, 0x15, 0x25, 0x3e, - 0x7b, 0xe4, 0x79, 0xb5, 0x66, 0x2d, 0x9c, 0xd1, - 0x13, 0xda, 0xd0, 0xd5, 0x46, 0xd5, 0x8d, 0x46, - 0x18, 0x07, 0xee, 0xd8, 0xc9, 0x64, 0xe3, 0xbe, - 0x0e, 0x68, 0x27, 0x09, 0x96, 0x26, 0xf6, 0xe2, - 0x19, 0x61, 0x3f, 0xf4, 0x58, 0x27, 0x0a, 0xeb, - 0xce, 0x7c, 0xb6, 0x68, 0x92, 0xe7, 0x12, 0x3b, - 0x31, 0xd4, 0x48, 0xdf, 0x35, 0x8d, 0xf4, 0x86, - 0x42, 0x2a, 0x15, 0x4b, 0xe8, 0x19, 0x1f, 0x26, - 0x65, 0x9b, 0xa8, 0xda, 0x4b, 0x79, 0x1f, 0x8e, - 0xe6, 0x13, 0x7e, 0x49, 0x8f, 0xc1, 0xce, 0xdc, - 0x5e, 0x64, 0x74, 0xce, 0x02, 0x78, 0xe0, 0xcf, - 0xa0, 0xed, 0x5e, 0x31, 0x74, 0xd1, 0xd0, 0xb4, - 0xee, 0x70, 0x19, 0x14, 0x3c, 0x8f, 0x16, 0xa6, - 0xcf, 0x12, 0x93, 0x15, 0x88, 0xeb, 0x91, 0x65, - 0x76, 0x98, 0xfd, 0xa1, 0x94, 0x30, 0xba, 0x43, - 0x62, 0x65, 0x40, 0x04, 0x77, 0x9e, 0xd6, 0xab, - 0x8b, 0x0d, 0x93, 0x80, 0x50, 0x5f, 0xa2, 0x76, - 0x20, 0xa7, 0xd6, 0x9c, 0x27, 0x15, 0x27, 0xbc, - 0xa5, 0x5a, 0xbf, 0xe9, 0x92, 0x82, 0x05, 0xa8, - 0x41, 0xe9, 0xb5, 0x60, 0xd5, 0xc0, 0xd7, 0x4b, - 0xad, 0x38, 0xb2, 0xe9, 0xd1, 0xe5, 0x51, 0x5f, - 0x24, 0x78, 0x24, 0x9a, 0x23, 0xd2, 0xc2, 0x48, - 0xbd, 0x0e, 0xf1, 0x37, 0x72, 0x91, 0x87, 0xb0, - 0x4e, 0xbd, 0x99, 0x6b, 0x2c, 0x01, 0xb6, 0x79, - 0x69, 0xec, 0x0c, 0xed, 0xe5, 0x3f, 0x50, 0x64, - 0x7c, 0xb9, 0xdd, 0xe1, 0x92, 0x81, 0xb5, 0xd0, - 0xcb, 0x17, 0x83, 0x86, 0x8b, 0xea, 0x4f, 0x93, - 0x08, 0xbc, 0x22, 0x0c, 0xef, 0xe8, 0x0d, 0xf5, - 0x9e, 0x23, 0xe1, 0xf9, 0xb7, 0x6b, 0x45, 0x0b, - 0xcb, 0xa9, 0xb6, 0x4d, 0x28, 0x25, 0xba, 0x3e, - 0x86, 0xf2, 0x75, 0x47, 0x5d, 0x9d, 0x6b, 0xf6, - 0x8a, 0x05, 0x58, 0x73, 0x3d, 0x00, 0xde, 0xfd, - 0x69, 0xb1, 0x61, 0x16, 0xf5, 0x2e, 0xb0, 0x9f, - 0x31, 0x6a, 0x00, 0xb9, 0xef, 0x71, 0x63, 0x47, - 0xa3, 0xca, 0xe0, 0x40, 0xa8, 0x7e, 0x02, 0x04, - 0xfe, 0xe5, 0xce, 0x48, 0x73, 0xe3, 0x94, 0xcf, - 0xe2, 0xff, 0x29, 0x7e, 0xf6, 0x32, 0xbb, 0xb7, - 0x55, 0x12, 0x21, 0x7a, 0x9c, 0x75, 0x04, 0x0c, - 0xb4, 0x7c, 0xb0, 0x3d, 0x40, 0xb3, 0x11, 0x9a, - 0x7a, 0x9a, 0x13, 0xfb, 0x77, 0xa7, 0x51, 0x68, - 0xf7, 0x05, 0x47, 0x3b, 0x0f, 0x52, 0x5c, 0xe6, - 0xc2, 0x99, 0x3a, 0x37, 0x54, 0x5c, 0x4f, 0x2b, - 0xa7, 0x01, 0x08, 0x74, 0xbc, 0x91, 0xe3, 0xe2, - 0xfe, 0x65, 0x94, 0xfd, 0x3d, 0x18, 0xe0, 0xf0, - 0x62, 0xed, 0xc2, 0x10, 0x82, 0x9c, 0x58, 0x7f, - 0xb2, 0xa3, 0x87, 0x8a, 0x74, 0xd9, 0xc1, 0xfb, - 0x84, 0x28, 0x17, 0xc7, 0x2b, 0xcb, 0x53, 0x1f, - 0x4e, 0x8a, 0x82, 0xfc, 0xb4, 0x3f, 0xc1, 0x47, - 0x25, 0xf3, 0x21, 0xdc, 0x4c, 0x2d, 0x08, 0xfa, - 0xe7, 0x0f, 0x03, 0xa9, 0x68, 0xde, 0x6b, 0x41, - 0xa0, 0xf9, 0x41, 0x6c, 0x57, 0x4d, 0x3a, 0x0e, - 0xea, 0x51, 0xca, 0x9f, 0x97, 0x11, 0x7d, 0xf6, - 0x8e, 0x88, 0x63, 0x67, 0xc9, 0x65, 0x13, 0xca, - 0x38, 0xed, 0x35, 0xbe, 0xf4, 0x27, 0xa9, 0xfc, - 0xa9, 0xe6, 0xc3, 0x40, 0x86, 0x08, 0x39, 0x72, - 0x37, 0xee, 0xb2, 0x87, 0x09, 0x96, 0xb7, 0x40, - 0x87, 0x36, 0x92, 0xc1, 0x5d, 0x6a, 0x2c, 0x43, - 0xca, 0x25, 0xc8, 0x35, 0x37, 0x2d, 0xb5, 0xa9, - 0x27, 0x44, 0x50, 0xf2, 0x6d, 0x22, 0x75, 0x41, - 0x77, 0x2a, 0xdb, 0xb1, 0x8c, 0x6d, 0x05, 0xe8, - 0xc9, 0x99, 0xc7, 0x08, 0xf9, 0x14, 0x8f, 0x78, - 0xa9, 0x8f, 0xc2, 0x5a, 0x7a, 0x65, 0xc5, 0xd8, - 0x86, 0xbb, 0x72, 0x69, 0x6b, 0x6b, 0x45, 0x83, - 0x5b, 0xb1, 0xf7, 0xcd, 0x16, 0x73, 0xee, 0xe9, - 0x80, 0x85, 0xfe, 0x8e, 0xe1, 0xae, 0x53, 0x8f, - 0xde, 0xbe, 0x48, 0x8b, 0x59, 0xef, 0xf6, 0x7e, - 0xd8, 0xb5, 0xa8, 0x47, 0xc0, 0x4e, 0x15, 0x58, - 0xca, 0xd3, 0x2f, 0xf8, 0x6c, 0xa6, 0x3d, 0x78, - 0x4d, 0x7a, 0x54, 0xd6, 0x10, 0xe5, 0xcc, 0x05, - 0xe2, 0x29, 0xb5, 0x86, 0x07, 0x39, 0x7d, 0x78, - 0x8e, 0x5a, 0x8f, 0x83, 0x4c, 0xe7, 0x3d, 0x68, - 0x3e, 0xe5, 0x02, 0xe6, 0x64, 0x4f, 0x5e, 0xb4, - 0x49, 0x77, 0xf0, 0xc0, 0xfa, 0x6f, 0xc8, 0xfb, - 0x9f, 0x84, 0x6f, 0x55, 0xfb, 0x30, 0x5e, 0x89, - 0x93, 0xa9, 0xf3, 0xa6, 0xa3, 0xd7, 0x26, 0xbb, - 0xd8, 0xa8, 0xd9, 0x95, 0x1d, 0xfe, 0xfc, 0xd7, - 0xa8, 0x93, 0x66, 0x2f, 0x04, 0x53, 0x06, 0x64, - 0x7f, 0x31, 0x29, 0xae, 0xb7, 0x9f, 0xba, 0xc4, - 0x6d, 0x68, 0xd1, 0x24, 0x32, 0xf4, 0x11 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 4, - { - 0x07, 0x9c, 0x91, 0xbe - }, - "id-Gost28147-89-CryptoPro-C-ParamSet", - "testcfb3", - { - 0x77, 0xc3, 0x45, 0x8e, 0xf6, 0x42, 0xe7, 0x04, - 0x8e, 0xfc, 0x08, 0xe4, 0x70, 0x96, 0xd6, 0x05, - 0x93, 0x59, 0x02, 0x6d, 0x6f, 0x97, 0xca, 0xe9, - 0xcf, 0x89, 0x44, 0x4b, 0xde, 0x6c, 0x22, 0x1d - }, - G89_CFB, - { - 0x43, 0x7c, 0x3e, 0x8e, 0x2f, 0x2a, 0x00, 0x98 - }, - { - 0x19, 0x35, 0x81, 0x34 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 9, - { - 0x2f, 0x31, 0xd8, 0x83, 0xb4, 0x20, 0xe8, 0x6e, - 0xda - }, - "id-Gost28147-89-CryptoPro-D-ParamSet", - "testcfb4", - { - 0x38, 0x9f, 0xe8, 0x37, 0xff, 0x9c, 0x5d, 0x29, - 0xfc, 0x48, 0x55, 0xa0, 0x87, 0xea, 0xe8, 0x40, - 0x20, 0x87, 0x5b, 0xb2, 0x01, 0x15, 0x55, 0xa7, - 0xe3, 0x2d, 0xcb, 0x3d, 0xd6, 0x59, 0x04, 0x73 - }, - G89_CFB, - { - 0xc5, 0xa2, 0xd2, 0x1f, 0x2f, 0xdf, 0xb8, 0xeb - }, - { - 0x6d, 0xa4, 0xed, 0x40, 0x08, 0x88, 0x71, 0xad, - 0x16 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880+8, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mcfb", - { - 0x61, 0x58, 0x44, 0x5a, 0x41, 0xf6, 0xc7, 0x0f, - 0x6b, 0xdb, 0x51, 0x91, 0x6a, 0xf6, 0x81, 0x30, - 0x8c, 0xa7, 0x98, 0xdd, 0x38, 0x35, 0x8a, 0x60, - 0x85, 0xb4, 0xf0, 0xf9, 0x43, 0xa2, 0x7d, 0x9a - }, - G89_CFB, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x1c, 0x16, 0xa0, 0xe9, 0x63, 0x94, 0xfe, 0x38, - 0x37, 0xa7, 0x9b, 0x70, 0x25, 0x2e, 0xd6, 0x00 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - U64(4294967296)+16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gcfb", - { - 0xae, 0x57, 0xa2, 0xdd, 0xa4, 0xef, 0x4f, 0x96, - 0xb8, 0x94, 0xa5, 0xd1, 0x1b, 0xc8, 0x9b, 0x42, - 0xa5, 0x24, 0xcc, 0x89, 0x5c, 0xb8, 0x92, 0x52, - 0xc1, 0x12, 0x6a, 0xb0, 0x9a, 0x26, 0xe8, 0x06 - }, - G89_CFB, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x2e, 0x62, 0xb0, 0x2e, 0xc7, 0x87, 0x4b, 0x29, - 0x33, 0x16, 0x6b, 0xb4, 0xd6, 0x61, 0x66, 0xd9 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1037, - { - 0x3d, 0x0b, 0x69, 0xf7, 0xa8, 0xe4, 0xfc, 0x99, - 0x22, 0x2e, 0xee, 0xd1, 0x63, 0x12, 0xfe, 0xa8, - 0x9d, 0xcb, 0x6c, 0x4d, 0x48, 0x8c, 0xe8, 0xbd, - 0x8b, 0x60, 0xf1, 0xbf, 0x7b, 0xe3, 0x79, 0xd5, - 0x2b, 0x25, 0x97, 0x13, 0xef, 0x35, 0xda, 0xf4, - 0xbc, 0x77, 0xce, 0xea, 0xe9, 0x3f, 0xa4, 0xb6, - 0x01, 0xd5, 0x73, 0x29, 0x58, 0xda, 0xd7, 0x67, - 0x17, 0xac, 0xe4, 0x75, 0x2f, 0x57, 0x23, 0xac, - 0x96, 0x21, 0xc7, 0x62, 0x2d, 0xf7, 0x32, 0xb5, - 0x44, 0x5f, 0x72, 0xb1, 0x5f, 0xba, 0x1b, 0x1e, - 0xdb, 0x4a, 0x09, 0x8c, 0x92, 0x61, 0xa2, 0xb0, - 0x49, 0x68, 0xe5, 0xb3, 0xa2, 0x8f, 0x13, 0x4b, - 0xf5, 0x4d, 0x84, 0xda, 0xab, 0xa0, 0xb6, 0xd1, - 0x5a, 0x63, 0x19, 0xe8, 0xa2, 0x09, 0xf6, 0x76, - 0x6f, 0x9b, 0x48, 0x0a, 0x15, 0x5d, 0xb7, 0x20, - 0x21, 0x9a, 0x2e, 0xb9, 0x6d, 0xfa, 0x1e, 0xc2, - 0x0e, 0xef, 0x15, 0xab, 0x59, 0x01, 0xfe, 0x43, - 0x90, 0xf2, 0x62, 0xca, 0x4a, 0x9a, 0x48, 0x38, - 0xab, 0x6f, 0x9d, 0x21, 0xb3, 0xad, 0xa7, 0x60, - 0x46, 0xe3, 0xef, 0xd0, 0xe3, 0x1d, 0xc5, 0xe1, - 0xb8, 0xa1, 0xe2, 0x99, 0x20, 0xc5, 0x76, 0xcc, - 0xaa, 0x8a, 0xa9, 0x45, 0x55, 0xa0, 0x78, 0x00, - 0x64, 0xde, 0xcf, 0x5b, 0xdf, 0x26, 0x48, 0xcd, - 0xba, 0x8a, 0xb5, 0xfb, 0xfd, 0x4a, 0xd5, 0xc4, - 0xe0, 0x43, 0xa6, 0x71, 0x90, 0xa4, 0x8b, 0xca, - 0x2e, 0x88, 0x7b, 0xac, 0xb2, 0xdc, 0xf2, 0x01, - 0xcb, 0xda, 0x6e, 0x91, 0x27, 0x28, 0x44, 0x88, - 0x9a, 0xd2, 0x12, 0xf1, 0xa6, 0xf5, 0xb7, 0x61, - 0xce, 0x79, 0x62, 0x52, 0x3c, 0xe6, 0x14, 0x73, - 0xd1, 0x41, 0x92, 0x50, 0xbd, 0xdc, 0x3b, 0xd0, - 0xa7, 0x11, 0x8c, 0x3a, 0xe4, 0x2d, 0xf2, 0x52, - 0xd3, 0x2f, 0x7c, 0x8e, 0x54, 0x90, 0x4e, 0x23, - 0xae, 0xb3, 0xa0, 0xf3, 0x25, 0x7e, 0x66, 0xaa, - 0x0f, 0x6f, 0x81, 0x72, 0x77, 0xbb, 0xd3, 0x47, - 0xe8, 0x05, 0xff, 0xe1, 0x5b, 0xc9, 0x37, 0x50, - 0x33, 0x49, 0x17, 0xaf, 0xab, 0x1d, 0xe1, 0x15, - 0xf2, 0xe5, 0x98, 0x5e, 0x2d, 0x05, 0x1f, 0x0d, - 0x55, 0x97, 0xed, 0xff, 0x5e, 0xe0, 0x0f, 0xc3, - 0x9c, 0xbd, 0x82, 0xc2, 0x06, 0xbe, 0x45, 0x66, - 0xae, 0x33, 0xbe, 0x28, 0x48, 0xe9, 0x2d, 0x1a, - 0xe6, 0x65, 0x8e, 0xdf, 0x76, 0x03, 0x73, 0x4b, - 0xc0, 0x80, 0x71, 0xf9, 0xac, 0xba, 0xa0, 0xb0, - 0x19, 0x1a, 0x0a, 0xd4, 0x35, 0x12, 0x88, 0x76, - 0x05, 0x75, 0x8f, 0x7c, 0xb5, 0xf0, 0x19, 0x75, - 0x6d, 0x05, 0xcb, 0x0d, 0xbc, 0x8d, 0xe9, 0xf0, - 0xd4, 0xdb, 0x3c, 0x3c, 0x29, 0x8e, 0x2c, 0x32, - 0x1d, 0xf7, 0xb6, 0x49, 0xcf, 0xdb, 0x63, 0xee, - 0x3c, 0xfa, 0x33, 0x73, 0x6f, 0xe4, 0x97, 0x4e, - 0x2f, 0xc9, 0x4c, 0x5c, 0x65, 0xfe, 0xea, 0xfb, - 0xc6, 0xdd, 0xc1, 0x1c, 0x47, 0x3f, 0xf4, 0x50, - 0x2f, 0xde, 0x1b, 0x5b, 0x0b, 0x16, 0xca, 0xb6, - 0x46, 0x44, 0xf2, 0xc1, 0x0d, 0xa1, 0x1d, 0xa6, - 0xdb, 0xf0, 0x3d, 0xb1, 0x6c, 0x05, 0x31, 0x85, - 0x8e, 0x74, 0xae, 0xf2, 0x39, 0x26, 0xf7, 0xc1, - 0xe7, 0x4c, 0xdd, 0x9d, 0x40, 0xb8, 0xf3, 0xc5, - 0xc2, 0x16, 0x64, 0x6b, 0xaa, 0xdb, 0x4b, 0x82, - 0x5c, 0xd3, 0x02, 0xd3, 0x8f, 0x26, 0x79, 0x8d, - 0xb0, 0x78, 0x70, 0x19, 0x58, 0x0c, 0xb4, 0x31, - 0x88, 0x44, 0x1c, 0x91, 0x6f, 0xf4, 0x52, 0x39, - 0xa8, 0xf5, 0xc0, 0x1b, 0xfe, 0xf2, 0x0e, 0x4b, - 0xac, 0x0a, 0xc2, 0x7e, 0x9c, 0x9b, 0xeb, 0x5d, - 0x4e, 0x4f, 0x42, 0xd8, 0x71, 0x0a, 0x97, 0x27, - 0x03, 0x14, 0x96, 0xa6, 0x3d, 0x04, 0xea, 0x9f, - 0x14, 0x14, 0x27, 0x4c, 0xd9, 0xa2, 0x89, 0x5f, - 0x65, 0x4a, 0xe1, 0x9d, 0x2c, 0xb8, 0xf8, 0xd4, - 0x8f, 0x2a, 0x57, 0x36, 0xcc, 0x06, 0x9c, 0x2c, - 0xc5, 0x13, 0x16, 0xdf, 0xfc, 0xae, 0x22, 0x16, - 0xa8, 0x2b, 0x71, 0x6f, 0x1d, 0xb3, 0x47, 0x54, - 0x3f, 0x2d, 0x0a, 0x68, 0x9f, 0x2e, 0xf6, 0x90, - 0xd8, 0xa1, 0x21, 0x09, 0xd4, 0x97, 0xb9, 0x7b, - 0x7f, 0x9b, 0x6a, 0xed, 0xd1, 0xf0, 0xe3, 0xb6, - 0x28, 0xc7, 0x62, 0x82, 0x00, 0xc9, 0x38, 0xa1, - 0x82, 0x78, 0xce, 0x87, 0xc8, 0x53, 0xac, 0x4f, - 0x2e, 0x31, 0xb9, 0x50, 0x7f, 0x36, 0x00, 0x4a, - 0x32, 0xe6, 0xd8, 0xbb, 0x59, 0x45, 0x0e, 0x91, - 0x1b, 0x38, 0xa9, 0xbc, 0xb9, 0x5e, 0x6c, 0x6a, - 0x9c, 0x03, 0x01, 0x1c, 0xde, 0xe8, 0x1f, 0x1e, - 0xe3, 0xde, 0x25, 0xa2, 0x56, 0x79, 0xe1, 0xbd, - 0x58, 0xc4, 0x93, 0xe6, 0xd0, 0x8a, 0x4d, 0x08, - 0xab, 0xf7, 0xaa, 0xc3, 0x7d, 0xc1, 0xee, 0x68, - 0x37, 0xbc, 0x78, 0x0b, 0x19, 0x68, 0x2b, 0x2b, - 0x2e, 0x6d, 0xc4, 0x6f, 0xaa, 0x3b, 0xc6, 0x19, - 0xcb, 0xf1, 0x58, 0xb9, 0x60, 0x85, 0x45, 0xae, - 0x52, 0x97, 0xba, 0x24, 0x32, 0x13, 0x72, 0x16, - 0x6e, 0x7b, 0xc1, 0x98, 0xac, 0xb1, 0xed, 0xb4, - 0xcc, 0x6c, 0xcf, 0x45, 0xfc, 0x50, 0x89, 0x80, - 0x8e, 0x7a, 0xa4, 0xd3, 0x64, 0x50, 0x63, 0x37, - 0xc9, 0x6c, 0xf1, 0xc4, 0x3d, 0xfb, 0xde, 0x5a, - 0x5c, 0xa8, 0x21, 0x35, 0xe6, 0x2e, 0x8c, 0x2a, - 0x3c, 0x12, 0x17, 0x79, 0x9a, 0x0d, 0x2e, 0x79, - 0xeb, 0x67, 0x1f, 0x2b, 0xf8, 0x6e, 0xca, 0xc1, - 0xfa, 0x45, 0x18, 0x9e, 0xdf, 0x6a, 0xe6, 0xcb, - 0xe9, 0x5c, 0xc3, 0x09, 0xaf, 0x93, 0x58, 0x13, - 0xbf, 0x90, 0x84, 0x87, 0x75, 0xd6, 0x82, 0x28, - 0x8d, 0xe7, 0x2f, 0xa3, 0xfb, 0x97, 0x74, 0x2a, - 0x73, 0x04, 0x82, 0x06, 0x76, 0x69, 0xb1, 0x0b, - 0x19, 0xfc, 0xae, 0xb3, 0xdd, 0x2a, 0xe5, 0xc1, - 0x05, 0xd8, 0x80, 0x95, 0x22, 0x90, 0x71, 0xfc, - 0xc2, 0x92, 0x42, 0xfd, 0xf1, 0x70, 0xb4, 0x68, - 0x88, 0xa4, 0x9e, 0x0a, 0x24, 0x40, 0x13, 0xc8, - 0xa2, 0x56, 0x4f, 0x39, 0xe6, 0x06, 0xf1, 0xdc, - 0xf5, 0x13, 0x0e, 0xad, 0x9c, 0x8b, 0xaf, 0xe9, - 0xe3, 0x88, 0x72, 0xff, 0xa0, 0x6d, 0xda, 0x08, - 0x70, 0xb9, 0x2e, 0x83, 0xc5, 0xbb, 0x32, 0xa5, - 0x74, 0xc7, 0xfb, 0x7b, 0x76, 0xaf, 0x02, 0xbb, - 0x2b, 0xb8, 0x5e, 0x65, 0x02, 0xfe, 0x0e, 0xa0, - 0x99, 0xce, 0x01, 0x3b, 0x35, 0xe1, 0xb0, 0x22, - 0xe5, 0x94, 0xbd, 0xdd, 0x8e, 0xbb, 0xf6, 0x75, - 0xbf, 0xbf, 0xee, 0x7a, 0xb1, 0x58, 0xb4, 0x81, - 0xb8, 0x39, 0x3e, 0xb6, 0x1e, 0xde, 0xda, 0x1b, - 0xd5, 0xf7, 0xdd, 0x7d, 0x65, 0x9c, 0xaa, 0x56, - 0x93, 0xb8, 0xaf, 0x48, 0x53, 0xc7, 0x22, 0xe4, - 0x1c, 0xdf, 0xe9, 0x79, 0xb4, 0x20, 0x89, 0xcc, - 0x2a, 0x79, 0x2c, 0x09, 0xbe, 0x78, 0xcf, 0xcc, - 0xf2, 0x90, 0xd6, 0x65, 0xc5, 0x29, 0xfc, 0xda, - 0x69, 0xfc, 0xc0, 0xd6, 0x70, 0x99, 0x61, 0x3f, - 0x60, 0x02, 0xd8, 0x12, 0x22, 0xc8, 0x34, 0xc6, - 0x3b, 0xb3, 0xc2, 0x33, 0xa1, 0x5c, 0x8f, 0x4c, - 0xd1, 0x52, 0x72, 0xf2, 0x42, 0x05, 0x8e, 0x18, - 0x1f, 0x16, 0xda, 0xb8, 0x53, 0xa1, 0x5f, 0x01, - 0x32, 0x1b, 0x90, 0xb3, 0x53, 0x9b, 0xd0, 0x85, - 0x61, 0x2d, 0x17, 0xed, 0x0a, 0xa4, 0xa5, 0x27, - 0x09, 0x75, 0x7c, 0xbc, 0x30, 0xf7, 0x5e, 0x59, - 0x9a, 0x07, 0x96, 0x84, 0x28, 0x86, 0x4b, 0xa7, - 0x22, 0x35, 0x28, 0xc7, 0xed, 0x0d, 0xc3, 0xce, - 0x98, 0xcc, 0x2d, 0xec, 0xd4, 0x98, 0x09, 0x8e, - 0x52, 0x5f, 0x2b, 0x9a, 0x13, 0xbe, 0x99, 0x16, - 0x73, 0xd1, 0x1f, 0x81, 0xe5, 0xa2, 0x08, 0x78, - 0xcb, 0x0c, 0x20, 0xd4, 0xa5, 0xea, 0x4b, 0x5b, - 0x95, 0x5a, 0x92, 0x9a, 0x52 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testcnt2", - { - 0x1b, 0x5d, 0xdb, 0x77, 0xcf, 0xf9, 0xec, 0x95, - 0x5e, 0xcc, 0x67, 0x9f, 0x5d, 0x28, 0xad, 0x4a, - 0x27, 0xf4, 0x32, 0xc6, 0xb2, 0xcb, 0xb1, 0x45, - 0x6a, 0x88, 0x14, 0x0c, 0x9b, 0x9b, 0x5f, 0x48 - }, - G89_CNT, - { - 0x71, 0x58, 0x8c, 0xe1, 0x55, 0xf4, 0xf6, 0xb3 - }, - { - 0x8e, 0xcd, 0x8f, 0xc8, 0xac, 0xe1, 0x15, 0x48, - 0x2d, 0xae, 0x24, 0x8a, 0xc7, 0xfb, 0xba, 0x0f, - 0x1d, 0x8a, 0x95, 0xa2, 0x43, 0xef, 0xcb, 0xdc, - 0x59, 0x57, 0xa7, 0xc7, 0x0e, 0xe3, 0xe2, 0xb9, - 0x0d, 0x86, 0x29, 0x62, 0xcb, 0x83, 0x4d, 0x07, - 0x0c, 0x40, 0xd4, 0x7b, 0x2e, 0xca, 0xba, 0xbf, - 0x4a, 0x60, 0x3b, 0x31, 0x98, 0xc8, 0x88, 0x47, - 0xd9, 0x82, 0xab, 0xfc, 0x8f, 0x48, 0xe2, 0x46, - 0xab, 0xd3, 0xa1, 0xab, 0x8a, 0x05, 0x22, 0x8c, - 0xf4, 0xec, 0x9a, 0x1e, 0x76, 0xab, 0x1a, 0x60, - 0xd9, 0x25, 0x6b, 0xb8, 0x56, 0xe5, 0xb2, 0xea, - 0x10, 0xf3, 0x62, 0x04, 0x32, 0x5e, 0xaa, 0x3b, - 0x7b, 0x57, 0xbc, 0x3b, 0x8b, 0x43, 0x47, 0xf2, - 0xd5, 0x03, 0x7e, 0x51, 0x01, 0xff, 0x77, 0x28, - 0xca, 0x90, 0xa3, 0xfe, 0x7e, 0x2e, 0x70, 0x16, - 0x75, 0x18, 0x44, 0xf0, 0x1b, 0x85, 0x05, 0xea, - 0xe3, 0x21, 0xf7, 0x26, 0x86, 0x76, 0x3c, 0x67, - 0x9d, 0xfc, 0xbc, 0x10, 0x7f, 0x77, 0xe4, 0xed, - 0xd3, 0x12, 0xf8, 0x83, 0x00, 0x1f, 0x4b, 0x92, - 0x95, 0x92, 0x5c, 0xf3, 0x5a, 0xf3, 0xb7, 0xd0, - 0xa9, 0x5f, 0xf2, 0x18, 0xc4, 0x66, 0x62, 0xc1, - 0x84, 0x0e, 0x66, 0xe8, 0x80, 0x7d, 0x1f, 0xf0, - 0xba, 0x01, 0x9b, 0x71, 0xae, 0x93, 0xcc, 0x27, - 0x54, 0x34, 0x9a, 0xbd, 0xca, 0xee, 0x52, 0x09, - 0x92, 0x9d, 0xb0, 0xd5, 0xd9, 0xba, 0x2f, 0xb9, - 0x96, 0xdc, 0xfa, 0xbd, 0xce, 0xea, 0x1a, 0x7b, - 0x9a, 0x1d, 0x13, 0xa7, 0x11, 0xe2, 0x9a, 0x64, - 0xf6, 0xd3, 0xee, 0xc6, 0x33, 0xb7, 0x6e, 0xef, - 0x25, 0x9e, 0x1e, 0x7c, 0xe3, 0x1f, 0x2c, 0x6e, - 0xa9, 0xc0, 0xf8, 0xc1, 0xbf, 0x3b, 0xf8, 0x34, - 0x03, 0x9b, 0xa1, 0x40, 0x5b, 0x0c, 0x3c, 0x09, - 0x66, 0x9d, 0x63, 0xe2, 0xe2, 0x04, 0x8f, 0x06, - 0x84, 0x74, 0x68, 0xb2, 0x5c, 0x3b, 0x4c, 0xad, - 0x0b, 0x3f, 0x03, 0xb3, 0x07, 0x8a, 0x64, 0xa7, - 0x36, 0x56, 0x26, 0x39, 0x66, 0xda, 0xe9, 0x6d, - 0x1b, 0xd5, 0x88, 0xe8, 0x5c, 0xaf, 0x5a, 0x4c, - 0x49, 0xf7, 0xf5, 0xb7, 0x78, 0xf0, 0xde, 0xec, - 0xcd, 0x16, 0x23, 0x9e, 0x8c, 0x13, 0xbe, 0x6b, - 0x6f, 0x9b, 0x07, 0xe5, 0xbb, 0xcc, 0x3a, 0x1b, - 0x6f, 0x43, 0xdf, 0xff, 0x46, 0x2a, 0xae, 0x47, - 0x19, 0x18, 0x9a, 0x25, 0x09, 0xc9, 0x24, 0x40, - 0x0c, 0x4b, 0xa7, 0xda, 0x5e, 0x0d, 0xee, 0xfa, - 0x62, 0x45, 0x8e, 0xcc, 0x2f, 0x23, 0x08, 0x1d, - 0x92, 0xf0, 0xfe, 0x82, 0x0f, 0xd7, 0x11, 0x60, - 0x7e, 0x0b, 0x0b, 0x75, 0xf4, 0xf5, 0x3b, 0xc0, - 0xa4, 0xe8, 0x72, 0xa5, 0xb6, 0xfa, 0x5a, 0xad, - 0x5a, 0x4f, 0x39, 0xb5, 0xa2, 0x12, 0x96, 0x0a, - 0x32, 0x84, 0xb2, 0xa1, 0x06, 0x68, 0x56, 0x57, - 0x97, 0xa3, 0x7b, 0x22, 0x61, 0x76, 0x5d, 0x30, - 0x1a, 0x31, 0xab, 0x99, 0x06, 0xc5, 0x1a, 0x96, - 0xcf, 0xcf, 0x14, 0xff, 0xb2, 0xc4, 0xcc, 0x2b, - 0xbf, 0x0c, 0x9d, 0x91, 0x8f, 0x79, 0x5b, 0xbc, - 0xa9, 0x6b, 0x91, 0x6a, 0xb4, 0x93, 0x5c, 0x7b, - 0x5d, 0xc2, 0x8a, 0x75, 0xc0, 0xc1, 0x08, 0xfa, - 0x99, 0xf9, 0x4d, 0x5e, 0x0c, 0x06, 0x64, 0x60, - 0xa9, 0x01, 0x4a, 0x34, 0x0f, 0x33, 0x84, 0x95, - 0x69, 0x30, 0xc1, 0x1c, 0x36, 0xf8, 0xfc, 0x30, - 0x23, 0xb2, 0x71, 0xe5, 0x52, 0x4d, 0x12, 0x1a, - 0xc9, 0xbe, 0xee, 0xc9, 0xcb, 0x01, 0x85, 0xf3, - 0xdb, 0x30, 0xf9, 0x41, 0xa9, 0x40, 0xb0, 0x06, - 0x29, 0x77, 0xcd, 0xc5, 0xec, 0x58, 0x02, 0x48, - 0x83, 0x53, 0x44, 0x6a, 0xd2, 0xca, 0x05, 0xd8, - 0x5a, 0x08, 0xeb, 0xa9, 0xf4, 0xe6, 0xc7, 0x9d, - 0xd5, 0x7b, 0x74, 0x0b, 0x31, 0xb7, 0xa5, 0x57, - 0x7c, 0x7a, 0xfd, 0x1a, 0x0e, 0xd7, 0x97, 0x41, - 0xbf, 0xdd, 0xc6, 0x19, 0x6c, 0x77, 0x8c, 0x18, - 0x52, 0x57, 0x83, 0xba, 0x71, 0x25, 0xee, 0x39, - 0xbb, 0xe2, 0x43, 0xa0, 0x14, 0xdc, 0x0e, 0x84, - 0xb4, 0x2b, 0xde, 0x3e, 0xe5, 0x36, 0xb7, 0xa2, - 0x92, 0x98, 0x05, 0xb8, 0x96, 0xe5, 0xd0, 0x8c, - 0x08, 0x93, 0x35, 0xc2, 0x81, 0xe0, 0xfc, 0x59, - 0x71, 0xe2, 0x44, 0x49, 0x5d, 0xda, 0xfb, 0x9c, - 0xaa, 0x70, 0x9f, 0x43, 0xa8, 0xa5, 0xd9, 0x67, - 0xd9, 0x8f, 0xa3, 0x1e, 0xbe, 0x0e, 0xec, 0xdf, - 0x12, 0x2b, 0x6a, 0xe7, 0x1c, 0x12, 0x17, 0xe7, - 0xc4, 0x6d, 0x50, 0xc9, 0x52, 0x7a, 0xd5, 0xe8, - 0x7f, 0xbc, 0x07, 0x15, 0xac, 0xdb, 0x93, 0x66, - 0xb1, 0xf0, 0xa7, 0x7b, 0x2f, 0xe9, 0xec, 0xd0, - 0x47, 0x69, 0x59, 0x87, 0xf1, 0x4c, 0x3e, 0x4b, - 0x9b, 0x11, 0x79, 0x13, 0xe4, 0x96, 0xf6, 0x56, - 0x04, 0x6e, 0x0b, 0x33, 0xfc, 0x40, 0xf6, 0xc7, - 0xc1, 0x43, 0xb1, 0xbf, 0x0e, 0xb3, 0x87, 0xfd, - 0x0b, 0x1c, 0x63, 0x46, 0x3a, 0xd3, 0xa0, 0x17, - 0x59, 0x25, 0x94, 0x6c, 0x9c, 0x3d, 0x0c, 0x81, - 0xce, 0x82, 0x72, 0x42, 0x28, 0xf9, 0x37, 0x6a, - 0x6d, 0xe4, 0x12, 0xf4, 0x21, 0xaa, 0xf7, 0xfe, - 0x27, 0x55, 0x40, 0x1a, 0x14, 0xc3, 0x39, 0x5b, - 0xbf, 0x63, 0xc2, 0x5f, 0x10, 0x1f, 0x14, 0x25, - 0xd0, 0xce, 0xf3, 0x14, 0x48, 0x13, 0xa5, 0x0b, - 0x4d, 0x38, 0xcf, 0x0d, 0x34, 0xc0, 0x0a, 0x11, - 0xb4, 0xb5, 0x72, 0xc8, 0x4b, 0xc2, 0x6f, 0xe7, - 0x9d, 0x93, 0xf7, 0xdf, 0xb8, 0x43, 0x72, 0x7e, - 0xda, 0x3e, 0x20, 0x1f, 0xbc, 0x21, 0x2a, 0xce, - 0x00, 0xfa, 0x96, 0x9f, 0x3d, 0xe5, 0x88, 0x96, - 0xef, 0x29, 0x84, 0xdf, 0x6c, 0x1c, 0x96, 0xd8, - 0x58, 0x47, 0xaa, 0x92, 0xf3, 0x07, 0xe5, 0xfb, - 0xaf, 0xea, 0x95, 0x7e, 0x0b, 0x71, 0xcd, 0x81, - 0x0f, 0xb7, 0x0a, 0x59, 0x8f, 0x31, 0x4d, 0xd1, - 0xc3, 0xf3, 0x2f, 0x70, 0x5c, 0x59, 0x18, 0x97, - 0xaf, 0x77, 0x95, 0x5e, 0xaf, 0x40, 0x06, 0x12, - 0x81, 0x61, 0x86, 0x08, 0x4e, 0xbc, 0x89, 0x46, - 0x07, 0x2e, 0x5b, 0x10, 0xaa, 0x12, 0xf0, 0xa7, - 0x84, 0xe2, 0x9a, 0x08, 0xf1, 0xde, 0x59, 0xe3, - 0x0e, 0x47, 0x4b, 0xff, 0xc3, 0xc9, 0x18, 0xaf, - 0x95, 0x9c, 0x67, 0x2a, 0xde, 0x8a, 0x7a, 0x99, - 0x04, 0xc4, 0xb8, 0x97, 0x4c, 0x04, 0x29, 0x71, - 0x05, 0xda, 0xb3, 0xd6, 0xdb, 0x6c, 0x71, 0xe6, - 0xe8, 0x03, 0xbf, 0x94, 0x7d, 0xde, 0x3d, 0xc8, - 0x44, 0xfa, 0x7d, 0x62, 0xb4, 0x36, 0x03, 0xee, - 0x36, 0x52, 0x64, 0xb4, 0x85, 0x6d, 0xd5, 0x78, - 0xf0, 0x6f, 0x67, 0x2d, 0x0e, 0xe0, 0x2c, 0x88, - 0x9b, 0x55, 0x19, 0x29, 0x40, 0xf6, 0x8c, 0x12, - 0xbb, 0x2c, 0x83, 0x96, 0x40, 0xc0, 0x36, 0xf5, - 0x77, 0xff, 0x70, 0x8c, 0x75, 0x92, 0x0b, 0xad, - 0x05, 0x9b, 0x7e, 0xa2, 0xfc, 0xa9, 0xd1, 0x64, - 0x76, 0x82, 0x13, 0xba, 0x22, 0x5e, 0x33, 0x0e, - 0x26, 0x70, 0xa9, 0xbe, 0x74, 0x28, 0xf5, 0xe2, - 0xc4, 0x96, 0xee, 0x3a, 0xbc, 0x97, 0xa6, 0x2c, - 0x2a, 0xe0, 0x64, 0x8d, 0x35, 0xc6, 0x1a, 0xca, - 0xf4, 0x92, 0xfa, 0xc3, 0xf1, 0x1f, 0x98, 0xe4, - 0x43, 0x88, 0x69, 0x3a, 0x09, 0xbf, 0x63, 0xe5, - 0x96, 0x29, 0x0b, 0x9b, 0x62, 0x23, 0x14, 0x8a, - 0x95, 0xe4, 0x1c, 0x5c, 0x0a, 0xa9, 0xc5, 0xb9, - 0x6f, 0x4f, 0x2b, 0x25, 0x6f, 0x74, 0x1e, 0x18, - 0xd5, 0xfe, 0x27, 0x7d, 0x3f, 0x6e, 0x55, 0x2c, - 0x67, 0xe6, 0xde, 0xb5, 0xcc, 0xc0, 0x2d, 0xff, - 0xc4, 0xe4, 0x06, 0x21, 0xa5, 0xc8, 0xd3, 0xd6, - 0x6c, 0xa1, 0xc3, 0xfb, 0x88, 0x92, 0xb1, 0x1d, - 0x90, 0xe1, 0x35, 0x05, 0x9b, 0x29, 0x6d, 0xba, - 0xf1, 0xf4, 0x1e, 0x23, 0x2e - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880+8, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mcnt", - { - 0x07, 0x52, 0x65, 0xe7, 0xca, 0xa3, 0xca, 0x45, - 0xcf, 0x3a, 0x05, 0x1d, 0x38, 0x03, 0x53, 0x0c, - 0x22, 0x31, 0xba, 0x99, 0x4f, 0x9b, 0x6a, 0x1b, - 0x7e, 0x09, 0x9d, 0x4e, 0xb5, 0xc9, 0x84, 0x2e - }, - G89_CNT, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0x3d, 0x05, 0x07, 0x57, 0xc0, 0x75, 0x89, 0x97, - 0xd6, 0x94, 0x49, 0x11, 0x1d, 0xd0, 0x91, 0xee - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - U64(4294967296)+16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gcnt", - { - 0x75, 0xa3, 0x3c, 0xae, 0x03, 0x6b, 0x10, 0xdb, - 0xc1, 0x56, 0x50, 0x89, 0x03, 0xd2, 0x9f, 0x91, - 0xee, 0xe8, 0x64, 0x1d, 0x43, 0xf2, 0x4e, 0xf8, - 0xf2, 0x6c, 0xed, 0xda, 0x8f, 0xe4, 0x88, 0xe9 - }, - G89_CNT, - { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }, - { - 0xfa, 0x6c, 0x96, 0x78, 0xe2, 0xf8, 0xdd, 0xaa, - 0x67, 0x5a, 0xc9, 0x5d, 0x57, 0xf1, 0xbd, 0x99 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 1035, - { - 0xd6, 0xcf, 0x31, 0x96, 0x9c, 0xa1, 0xfb, 0xd6, - 0x8d, 0xa3, 0xdd, 0x01, 0xd9, 0x88, 0xc0, 0x2f, - 0xbc, 0x46, 0xc7, 0x3a, 0xe4, 0x21, 0x86, 0x96, - 0x8d, 0xe2, 0xca, 0xb6, 0x37, 0xa2, 0xe1, 0xa8, - 0x7e, 0xa7, 0x79, 0x2e, 0xa4, 0x56, 0x75, 0x7f, - 0x3e, 0x55, 0x8b, 0x43, 0xae, 0x65, 0xdf, 0xaa, - 0x42, 0xb6, 0x00, 0xa6, 0x61, 0x03, 0x0d, 0xd3, - 0x41, 0x02, 0x27, 0x23, 0x95, 0x79, 0x9b, 0x34, - 0x81, 0xa9, 0x86, 0xb5, 0xa7, 0x90, 0xe2, 0xae, - 0xc4, 0x2f, 0xc3, 0x8e, 0x32, 0x56, 0x13, 0xfa, - 0x4d, 0x4e, 0x9f, 0x15, 0x75, 0x7e, 0x74, 0xdc, - 0x32, 0x2d, 0xee, 0x4d, 0x67, 0x70, 0x9f, 0x62, - 0xb9, 0xc4, 0xdb, 0x24, 0x84, 0xcc, 0x16, 0x7b, - 0xda, 0x22, 0xf7, 0xc5, 0xf3, 0x93, 0x35, 0x73, - 0xc6, 0x03, 0x1c, 0x77, 0xa5, 0xf2, 0x76, 0x56, - 0xb4, 0x95, 0xd4, 0x7e, 0x0d, 0x20, 0xc6, 0x6e, - 0xee, 0x8f, 0x25, 0x48, 0xff, 0x7e, 0x01, 0x3a, - 0xb4, 0x1f, 0xaa, 0x35, 0xc0, 0x33, 0x58, 0x9c, - 0xb5, 0xba, 0x65, 0x4b, 0xd3, 0x51, 0x14, 0xec, - 0x61, 0xce, 0xe4, 0xba, 0x49, 0xba, 0x39, 0x32, - 0xab, 0xce, 0x81, 0x72, 0xce, 0xab, 0xed, 0xd4, - 0xd2, 0x19, 0x87, 0x85, 0x92, 0xfa, 0x64, 0x34, - 0xd8, 0x86, 0xf4, 0x8a, 0x08, 0x3c, 0xde, 0xee, - 0x97, 0x92, 0x92, 0x69, 0xba, 0x9b, 0x5f, 0x7a, - 0x03, 0xc1, 0x5d, 0x43, 0x02, 0x8c, 0xbe, 0xd2, - 0x46, 0x72, 0x81, 0x40, 0x7d, 0x68, 0x98, 0x45, - 0x0b, 0x54, 0x27, 0x1c, 0xaf, 0x80, 0x42, 0xe4, - 0xd5, 0xd4, 0xe4, 0xa2, 0x98, 0x07, 0x8f, 0x03, - 0xf5, 0x2c, 0x8c, 0x88, 0xca, 0x5a, 0xde, 0xe4, - 0x9f, 0xb1, 0x5f, 0x82, 0xff, 0x20, 0x67, 0x52, - 0x85, 0x84, 0x4f, 0xc8, 0xfe, 0xa7, 0x9e, 0xae, - 0x1c, 0xfa, 0xb8, 0x75, 0xd3, 0xf7, 0x9f, 0x0d, - 0xda, 0x2d, 0xe6, 0xcc, 0x86, 0x6b, 0xa4, 0x14, - 0x65, 0xc3, 0xf9, 0x15, 0xbc, 0x87, 0xf5, 0xae, - 0x8c, 0x10, 0xd4, 0xce, 0x5b, 0x9c, 0xe2, 0xdd, - 0x42, 0x03, 0x09, 0x87, 0x47, 0xed, 0x5d, 0xd0, - 0x7a, 0x69, 0x4c, 0xfa, 0x43, 0x7d, 0xbf, 0x07, - 0x85, 0x6a, 0xee, 0x68, 0xe6, 0x7a, 0x57, 0xb2, - 0x20, 0x8d, 0x80, 0xf2, 0x91, 0x6f, 0x5c, 0x07, - 0x8c, 0xe4, 0x6a, 0x49, 0x90, 0x85, 0x8b, 0x77, - 0x29, 0x56, 0x1c, 0x5e, 0xa9, 0x3f, 0xab, 0x8b, - 0x79, 0xa3, 0x6f, 0x6b, 0x34, 0xcb, 0x61, 0xf6, - 0xe6, 0x92, 0xd1, 0x48, 0x9e, 0x11, 0xa2, 0x82, - 0xc0, 0x4e, 0x23, 0xd2, 0x15, 0x0d, 0x8d, 0xff, - 0xfa, 0x17, 0x9d, 0x81, 0xb8, 0xbc, 0xd7, 0x5b, - 0x08, 0x81, 0x20, 0x40, 0xc0, 0x3c, 0x06, 0x8b, - 0x1a, 0x88, 0x0b, 0x4b, 0x7b, 0x31, 0xf5, 0xd4, - 0x4e, 0x09, 0xd1, 0x4d, 0x0d, 0x7f, 0x45, 0xd1, - 0x09, 0x35, 0xba, 0xce, 0x65, 0xdd, 0xf2, 0xb8, - 0xfb, 0x7a, 0xbc, 0xc4, 0x4b, 0xc8, 0x75, 0xda, - 0x6b, 0xce, 0x3d, 0xe8, 0x94, 0xcc, 0x23, 0x6f, - 0xb0, 0x3b, 0x4f, 0x7d, 0x07, 0xb9, 0x0f, 0x62, - 0x92, 0x7e, 0xda, 0x70, 0x50, 0xce, 0xd3, 0x28, - 0x12, 0x11, 0x00, 0xeb, 0x8d, 0x63, 0x70, 0x78, - 0xa8, 0x7b, 0x76, 0xab, 0xc6, 0x40, 0xc0, 0x4e, - 0x80, 0xdd, 0xf0, 0xfe, 0x83, 0x72, 0x56, 0x4c, - 0x09, 0x4c, 0xf1, 0x72, 0x72, 0x86, 0x26, 0x31, - 0xc3, 0xc2, 0xdc, 0x8e, 0xc7, 0xf4, 0x35, 0xec, - 0x17, 0x06, 0x63, 0x47, 0x49, 0x88, 0x47, 0xaf, - 0xb3, 0x38, 0x4f, 0x7e, 0x44, 0x95, 0xb5, 0xbb, - 0x1d, 0xbd, 0x5a, 0x91, 0x5b, 0xd0, 0x1a, 0xdf, - 0x0d, 0x0b, 0x50, 0xd8, 0xe2, 0x0e, 0xc5, 0x00, - 0x2d, 0x5b, 0x29, 0x19, 0xaa, 0x2b, 0x64, 0xc5, - 0x40, 0x31, 0x48, 0x11, 0xbc, 0x04, 0xd1, 0xcf, - 0x6d, 0xf9, 0xa5, 0x2f, 0x4a, 0xc9, 0x82, 0xfa, - 0x59, 0xe1, 0xfc, 0xab, 0x1c, 0x33, 0x26, 0x0a, - 0x5f, 0xef, 0xf2, 0x06, 0xd8, 0xd3, 0x7e, 0x16, - 0x58, 0x16, 0x78, 0x73, 0xae, 0xba, 0xeb, 0xe5, - 0x3d, 0xb2, 0x0a, 0xb3, 0x32, 0x2d, 0x14, 0xa4, - 0xfa, 0x3f, 0x1f, 0x43, 0xf9, 0x7b, 0xa9, 0x43, - 0x98, 0x18, 0x94, 0x07, 0x07, 0xe5, 0x19, 0x34, - 0xa8, 0x16, 0x5f, 0x71, 0x67, 0xaa, 0x29, 0xe5, - 0xfa, 0xf0, 0x83, 0x06, 0x1d, 0x9d, 0xfc, 0xfe, - 0xfe, 0x8c, 0xb5, 0xb2, 0xa9, 0xe7, 0xa0, 0x40, - 0x60, 0xb6, 0x71, 0x9e, 0xab, 0x5b, 0x83, 0xb9, - 0x0c, 0x2b, 0x58, 0x23, 0x80, 0x09, 0x9e, 0x5d, - 0x94, 0x7d, 0x40, 0x76, 0xa9, 0x16, 0x96, 0x9e, - 0x83, 0xe0, 0x0d, 0xec, 0xa0, 0xec, 0x76, 0x2a, - 0xb7, 0xa0, 0xff, 0xb8, 0x50, 0x4c, 0x5b, 0xc6, - 0x8b, 0x0a, 0x65, 0x2e, 0xfe, 0xb4, 0x40, 0x9a, - 0x01, 0xd8, 0xc6, 0xa3, 0xab, 0x99, 0xa2, 0xc5, - 0x0c, 0x08, 0xc4, 0xb7, 0xee, 0x4d, 0x1d, 0xc4, - 0x08, 0x15, 0xd0, 0xdb, 0xaa, 0x63, 0x4f, 0x31, - 0xeb, 0x14, 0x97, 0x43, 0xbd, 0xc1, 0x94, 0x08, - 0xe6, 0xde, 0x43, 0x9f, 0x95, 0x0b, 0x96, 0x7e, - 0x7f, 0x3c, 0x68, 0xba, 0x6f, 0xc4, 0xc9, 0x35, - 0x2b, 0xc4, 0x0e, 0xda, 0x1f, 0x91, 0x68, 0x64, - 0x63, 0x34, 0x73, 0xbe, 0x57, 0x75, 0xb9, 0xed, - 0xf7, 0x2d, 0x3b, 0x05, 0x21, 0x93, 0x28, 0x48, - 0x96, 0x95, 0x97, 0xa0, 0xd2, 0x7d, 0x78, 0xbb, - 0x6a, 0x49, 0x8f, 0x76, 0x55, 0x74, 0x63, 0xb9, - 0xc5, 0x36, 0x12, 0x25, 0xbf, 0x03, 0x82, 0x8f, - 0xf0, 0xf6, 0x80, 0xbb, 0x33, 0xb4, 0xf4, 0x17, - 0x27, 0x1c, 0xf3, 0x4c, 0x10, 0xa3, 0xe4, 0xd1, - 0x55, 0xd9, 0x68, 0x21, 0x4e, 0x5a, 0x83, 0x67, - 0xbf, 0xf8, 0x3c, 0x7d, 0x4e, 0x62, 0xd3, 0x28, - 0xa7, 0x26, 0x6f, 0xe9, 0xee, 0xc2, 0x0b, 0x2d, - 0x03, 0x84, 0xb1, 0xff, 0xd6, 0x68, 0x1f, 0xb6, - 0xf2, 0xe4, 0x0f, 0xda, 0x2d, 0xee, 0x5f, 0x6e, - 0x21, 0xc8, 0xe1, 0xfc, 0xad, 0x6b, 0x0e, 0x04, - 0x7d, 0xaf, 0xc2, 0x3b, 0xa5, 0x68, 0x9b, 0x0c, - 0xf3, 0x56, 0xf3, 0xda, 0x8d, 0xc8, 0x7d, 0x39, - 0xdc, 0xd5, 0x99, 0xc6, 0x01, 0x10, 0xce, 0x42, - 0x1b, 0xac, 0x48, 0xdc, 0x97, 0x78, 0x0a, 0xec, - 0xb3, 0x8f, 0x47, 0x35, 0xa3, 0x6a, 0x64, 0xb2, - 0x8e, 0x63, 0x69, 0x22, 0x66, 0xae, 0x2e, 0xe0, - 0x88, 0xf9, 0x40, 0x3c, 0xc9, 0xa2, 0x57, 0x61, - 0xf6, 0xad, 0xf0, 0xdc, 0x90, 0x56, 0x3f, 0x06, - 0x9b, 0x7d, 0xbd, 0xc2, 0x81, 0x02, 0xab, 0xb8, - 0x15, 0x09, 0x88, 0x4a, 0xff, 0x2f, 0x31, 0xbf, - 0x5e, 0xfa, 0x6a, 0x7e, 0xf6, 0xc5, 0xa7, 0xf7, - 0xd5, 0xab, 0x55, 0xac, 0xae, 0x0d, 0x8c, 0x8d, - 0x7f, 0x4b, 0x25, 0xbb, 0x32, 0xff, 0x11, 0x33, - 0x2e, 0x37, 0x37, 0x69, 0x96, 0x15, 0x17, 0xb1, - 0x17, 0x49, 0xe0, 0x9a, 0x9c, 0xd9, 0x5b, 0x8d, - 0x58, 0xa3, 0x1d, 0x92, 0x87, 0xf8, 0x80, 0xb9, - 0xbd, 0x5a, 0xec, 0x40, 0xe1, 0x00, 0x33, 0x60, - 0xe4, 0x86, 0x16, 0x6d, 0x61, 0x81, 0xf2, 0x28, - 0x6a, 0xa7, 0xce, 0x3f, 0x95, 0xae, 0x43, 0xca, - 0xe1, 0x3f, 0x81, 0x74, 0x7e, 0x1c, 0x47, 0x17, - 0x95, 0xc6, 0x60, 0xda, 0x74, 0x77, 0xd9, 0x9f, - 0xfa, 0x92, 0xb4, 0xbe, 0xe1, 0x23, 0x98, 0x18, - 0x95, 0x63, 0x03, 0x13, 0x4c, 0x1a, 0x2d, 0x41, - 0xcd, 0xe4, 0x84, 0xf7, 0xe6, 0x38, 0xef, 0xff, - 0x95, 0xb2, 0xe8, 0x7c, 0x8f, 0x58, 0xb5, 0xb5, - 0xed, 0x27, 0x7f, 0x3c, 0x18, 0xab, 0xbe, 0x7f, - 0x4f, 0xe2, 0x35, 0x15, 0x71, 0xb7, 0x6f, 0x85, - 0x38, 0x9b, 0x88, 0xf6, 0x9c, 0x8d, 0x43, 0xb5, - 0x58, 0x9e, 0xf2, 0xd1, 0x96, 0xbe, 0xb7, 0xad, - 0x1a, 0xa0, 0x98 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit2", - { - 0x80, 0xd9, 0xa0, 0xdc, 0x21, 0xf9, 0x30, 0x40, - 0x75, 0xfe, 0x49, 0x1b, 0x9e, 0x71, 0x90, 0x91, - 0x78, 0x88, 0x21, 0x60, 0x39, 0xe7, 0xc9, 0x2b, - 0xfb, 0x55, 0x1d, 0xf4, 0xdd, 0x2b, 0x0a, 0x01 - }, - G89_IMIT, - { 0 }, - { - 0x90, 0xf2, 0x11, 0x9a - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 10, - { - 0x1d, 0xeb, 0xe6, 0x79, 0x0a, 0x59, 0x00, 0xe6, - 0x8e, 0x5c - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit3", - { - 0xa9, 0xb6, 0x37, 0xcc, 0x6d, 0x9b, 0x2f, 0x25, - 0xb0, 0xdf, 0x47, 0x04, 0x50, 0x68, 0xb0, 0x27, - 0x41, 0x27, 0x58, 0x6a, 0xbd, 0x0a, 0x6e, 0x50, - 0x2f, 0xc6, 0xfc, 0xc0, 0x3e, 0x29, 0x42, 0xa5 - }, - G89_IMIT, - { 0 }, - { - 0x31, 0x7c, 0x16, 0xe4 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 6, - { - 0xef, 0x06, 0x8f, 0x14, 0xc9, 0x04 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit4", - { - 0xb0, 0x6c, 0x48, 0x23, 0x0a, 0x6e, 0xf4, 0xec, - 0x27, 0x98, 0x01, 0x23, 0xa7, 0xd8, 0xbf, 0x60, - 0x89, 0xef, 0xad, 0xe8, 0x8f, 0x79, 0x14, 0x8c, - 0x18, 0x5c, 0x9a, 0xda, 0xef, 0x0b, 0xdd, 0xa0 - }, - G89_IMIT, - { 0 }, - { - 0xe9, 0x72, 0xae, 0xbf - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 16, - { - 0x02, 0xf8, 0xec, 0x2b, 0x4d, 0x1f, 0xbc, 0x7c, - 0x6e, 0x47, 0xe3, 0x87, 0x22, 0x75, 0x41, 0xa7 - }, - "id-Gost28147-89-CryptoPro-B-ParamSet", - "testimit5", - { - 0x33, 0xd3, 0xef, 0x01, 0x19, 0x95, 0x0e, 0x15, - 0xa1, 0x69, 0x75, 0xae, 0x56, 0x27, 0x17, 0x79, - 0x63, 0x47, 0xab, 0x62, 0x9d, 0x4a, 0xf0, 0x34, - 0xd3, 0x1e, 0x69, 0x74, 0xec, 0x31, 0x48, 0xfc - }, - G89_IMIT, - { 0 }, - { - 0xf5, 0x55, 0x1f, 0x28 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 8, - { - 0xf3, 0xb2, 0x29, 0xd2, 0x7a, 0x37, 0x03, 0x12 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit6", - { - 0x42, 0x35, 0x81, 0x91, 0x0b, 0xa9, 0x99, 0xff, - 0xd9, 0x43, 0xf8, 0xc6, 0x19, 0x55, 0x1f, 0x2f, - 0x2d, 0x45, 0x40, 0x20, 0x1e, 0x1d, 0x32, 0x7a, - 0xb1, 0x07, 0x6b, 0x4f, 0x45, 0x90, 0xd9, 0x80 - }, - G89_IMIT, - { 0 }, - { - 0x6e, 0x15, 0xfa, 0xe8 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 0, - { - 0 - }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "testimit7", - { - 0x26, 0xcb, 0xb9, 0xf0, 0x0c, 0x62, 0x9f, 0xaa, - 0x4a, 0x1d, 0xb6, 0x30, 0x09, 0x01, 0x56, 0x89, - 0x66, 0xd4, 0xe4, 0x0e, 0xfe, 0xf6, 0x10, 0x6b, - 0x6c, 0xe8, 0x04, 0x3a, 0xe3, 0x61, 0x4b, 0x19 - }, - G89_IMIT, - { 0 }, - { - 0x00, 0x00, 0x00, 0x00 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 5242880, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test5Mimit", - { - 0xaa, 0x85, 0x84, 0xcd, 0x65, 0x28, 0xe1, 0xdb, - 0xb8, 0x20, 0x19, 0x43, 0xe0, 0x36, 0x35, 0x10, - 0x19, 0xc3, 0x70, 0x5b, 0x27, 0xc1, 0x9d, 0x84, - 0x75, 0xa3, 0xc6, 0x49, 0x46, 0x8f, 0x7c, 0x4e - }, - G89_IMIT, - { 0 }, - { - 0x2a, 0xe6, 0x23, 0xc6 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - 3221225472U + 16, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test3Gimit1", - { - 0xd5, 0xda, 0xfe, 0x06, 0x60, 0xdc, 0xf0, 0xb3, - 0x49, 0x5a, 0x02, 0x59, 0xc8, 0x2e, 0x4a, 0x2b, - 0xcc, 0x9b, 0x98, 0x04, 0xb7, 0xf2, 0x78, 0xb7, - 0xce, 0xa3, 0xf2, 0xdb, 0x9e, 0xa8, 0x49, 0x1d - }, - G89_IMIT, - { 0 }, - { - 0xcc, 0x46, 0x67, 0xe4 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - U64(4)*1024*1024*1024, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit3", - { - 0x0d, 0xf1, 0xa8, 0x7f, 0x57, 0x03, 0x44, 0xcc, - 0xdb, 0x20, 0xde, 0xed, 0x85, 0x50, 0x38, 0xda, - 0xc9, 0x44, 0xec, 0x2c, 0x0d, 0x66, 0xb7, 0xdc, - 0x17, 0x14, 0x55, 0x95, 0x33, 0x6e, 0x43, 0x3e - }, - G89_IMIT, - { 0 }, - { - 0xb7, 0x21, 0x2e, 0x48 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - U64(4)*1024*1024*1024+4, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit1", - { - 0x0c, 0xf3, 0xe9, 0xb0, 0x28, 0x3b, 0x9f, 0x8b, - 0xe3, 0x82, 0xb9, 0xa2, 0xa6, 0xbd, 0x80, 0xd2, - 0xcd, 0xfa, 0x3f, 0xf7, 0x90, 0xa7, 0x55, 0x06, - 0x9b, 0x7a, 0x58, 0xee, 0xe7, 0xf1, 0x9d, 0xbe - }, - G89_IMIT, - { 0 }, - { - 0xda, 0x15, 0x10, 0x73 - } - }, - { /* Calculated by libcapi10, CryptoPro CSP 3.6R2, Mac OSX */ - U64(4)*1024*1024*1024+10, - { 0 }, - "id-Gost28147-89-CryptoPro-A-ParamSet", - "test4Gimit2", - { - 0x97, 0x1a, 0x42, 0x22, 0xfa, 0x07, 0xb2, 0xca, - 0xf9, 0xd2, 0x34, 0x5a, 0x92, 0xb1, 0x1f, 0x6b, - 0x53, 0xf8, 0xaf, 0xed, 0x9a, 0x73, 0xc4, 0x38, - 0xd7, 0x7d, 0x25, 0x81, 0x00, 0x0d, 0xd4, 0x29 - }, - G89_IMIT, - { 0 }, - { - 0x52, 0xaa, 0x22, 0xb4 - } - } -}; - -/* const */ unsigned char bZB[40*1024*1024]; -unsigned char bTS[40*1024*1024]; - -int main(int argc, char *argv[]) -{ - unsigned int t; - uint64_t ullMaxLen = 6*1000*1000; - int ignore = 0; - EVP_MD_CTX *mctx = NULL; - EVP_CIPHER_CTX *ectx = NULL; - EVP_PKEY *mac_key; - unsigned char bDerive[EVP_MAX_KEY_LENGTH]; - unsigned char bTest[G89_MAX_TC_LEN]; - unsigned char bTest1[G89_MAX_TC_LEN]; - uint64_t ullLeft; - unsigned int mdl = 0; - int enlu = 0; - int enlf = 0; - size_t siglen; - size_t l = 0; - BIO *bio_err; - const EVP_MD *md_gost94 = NULL; - const EVP_CIPHER *cp_g89ecb = NULL; - const EVP_CIPHER *cp_g89cfb = NULL; - const EVP_CIPHER *cp_g89cnt = NULL; - const EVP_CIPHER *ctype = NULL; - const EVP_MD *md_g89imit = NULL; - int ret = 0; - - printf("Testing GOST 28147-89 "); - - if(1 < argc) { - if(1 != sscanf(argv[1], "%" SCNu64, &ullMaxLen) || - ( 2 < argc ? - 1 != sscanf(argv[2], "%d", &ignore) : 0)) { - fflush(NULL); - fprintf(stderr, "Usage: %s [maxlen [ignore-error]]\n", - argv[0]); - ret = 1; - goto out; - } - } - - ERR_load_crypto_strings(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); -#endif - OPENSSL_load_builtin_modules(); - OpenSSL_add_all_algorithms(); - - memset(bZB, 0, sizeof bZB); - memset(bTS, 0, sizeof bTS); - - /* Test load engine */ - if(NULL == (md_gost94 = EVP_get_digestbyname(SN_id_GostR3411_94))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_GostR3411_94 "\" - not found\n"); - if(!ignore) { - ret = 7; - goto out; - } - } - if(NULL == (cp_g89cfb = EVP_get_cipherbyname(SN_id_Gost28147_89))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_Gost28147_89 "\" - not found\n"); - if(!ignore) { - ret = 8; - goto out; - } - } - if(NULL == (cp_g89cnt = EVP_get_cipherbyname(SN_gost89_cnt))) { - fflush(NULL); - fprintf(stderr, "\"" SN_gost89_cnt "\" - not found\n"); - if(!ignore) { - ret = 9; - goto out; - } - } - if(NULL == (cp_g89ecb = EVP_get_cipherbyname(SN_gost89_ecb))) { - fflush(NULL); - fprintf(stderr, "\"" SN_gost89_ecb "\" - not found\n"); - if(!ignore) { - ret = 8; - goto out; - } - } - if(NULL == (md_g89imit = EVP_get_digestbyname(SN_id_Gost28147_89_MAC))) { - fflush(NULL); - fprintf(stderr, "\"" SN_id_Gost28147_89_MAC "\" - not found\n"); - if(!ignore) { - ret = 10; - goto out; - } - } - - /* Test cases */ - for(t = 0; t < sizeof(tcs)/sizeof(tcs[0]); t++) { - if(NULL != tcs[t].szDerive) { - memset(bDerive, 0x3c, sizeof(bDerive)); - mdl = sizeof(bDerive); - if (!EVP_Digest(tcs[t].szDerive, strlen(tcs[t].szDerive), bDerive, - &mdl, md_gost94, NULL)) - goto out; - if(0 != memcmp(tcs[t].bRawKey, bDerive, mdl)) { - fflush(NULL); - fprintf(stderr, "Engine test t=%d " - "derive key error.\n", t); - if(!ignore) { - ret = 12; - goto out; - } - } - } - if(ullMaxLen < tcs[t].ullLen) { - printf("@"); - continue; - } - memset(bTest, 0xa5, sizeof(bTest)); - memset(bTest1, 0x5a, sizeof(bTest1)); - - switch(tcs[t].gMode) { - case G89_ECB: - ctype = cp_g89ecb; - goto engine_cipher_check; - case G89_CFB: - ctype = cp_g89cfb; - goto engine_cipher_check; - case G89_CNT: - ctype = cp_g89cnt; -engine_cipher_check: - if ((ectx = EVP_CIPHER_CTX_new()) == NULL) - goto imit_fail; - if (!EVP_EncryptInit_ex(ectx, ctype, NULL, tcs[t].bRawKey, - tcs[t].bIV)) - goto imit_fail; - if (!EVP_CIPHER_CTX_ctrl(ectx, EVP_CTRL_GOST_SET_SBOX, - OBJ_txt2nid(tcs[t].szParamSet), 0)) - goto imit_fail; - if(G89_MAX_TC_LEN >= tcs[t].ullLen) { - enlu = sizeof(bTest); - if (!EVP_EncryptUpdate(ectx, bTest, &enlu, tcs[t].bIn, - (int)tcs[t].ullLen)) - goto imit_fail; - l = (size_t)tcs[t].ullLen; - } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); - ullLeft -= sizeof(bZB)) { - printf("B"); - fflush(NULL); - enlu = sizeof(bTS); - if (!EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, - sizeof(bZB))) - goto imit_fail; - } - printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); - fflush(NULL); - if (!EVP_EncryptUpdate(ectx, bTS, &enlu, bZB, (int)ullLeft)) - goto imit_fail; - memcpy(bTest, &bTS[enlu-16], 16); - enlu = (int)tcs[t].ullLen; - l = 16; - } - enlf = sizeof(bTest1); - if (tcs[t].gMode == G89_ECB) - enlf = 0; - else { - if (!EVP_EncryptFinal_ex(ectx, bTest1, &enlf)) - goto imit_fail; - } - EVP_CIPHER_CTX_free(ectx); - ectx = NULL; - break; - case G89_IMIT: - if ((mctx = EVP_MD_CTX_new()) == NULL) - goto imit_fail; - mac_key = EVP_PKEY_new_mac_key( - NID_id_Gost28147_89_MAC, NULL, - bDerive, mdl); - if (mac_key == NULL) - goto imit_fail; - if (!EVP_DigestSignInit(mctx, NULL, md_g89imit, NULL, mac_key)) - goto imit_fail; - if (!EVP_MD_CTX_ctrl(mctx, EVP_MD_CTRL_GOST_SET_SBOX, - OBJ_txt2nid(tcs[t].szParamSet), 0)) - goto imit_fail; - if(G89_MAX_TC_LEN >= tcs[t].ullLen) { - if (!EVP_DigestSignUpdate(mctx, tcs[t].bIn, - (unsigned int)tcs[t].ullLen)) - goto imit_fail; - } else { - for(ullLeft = tcs[t].ullLen; - ullLeft >= sizeof(bZB); - ullLeft -= sizeof(bZB)) { - printf("B"); - fflush(NULL); - if (!EVP_DigestSignUpdate(mctx, bZB, sizeof(bZB))) - goto imit_fail; - } - printf("b%" PRIu64 "/%" PRIu64, ullLeft, tcs[t].ullLen); - fflush(NULL); - if (!EVP_DigestSignUpdate(mctx, bZB, (unsigned int)ullLeft)) - goto imit_fail; - } - siglen = 4; - OPENSSL_assert(EVP_DigestSignFinal(mctx, bTest, &siglen)); - EVP_MD_CTX_free(mctx); - mctx = NULL; - EVP_PKEY_free(mac_key); - enlu = (int)tcs[t].ullLen; - enlf = 0; - l = siglen; - break; - } - if((int)tcs[t].ullLen != enlu || 0 != enlf || - 0 != memcmp(tcs[t].bOut, bTest, l)) { -imit_fail: - fflush(NULL); - fprintf(stderr, "\nEngine test t=%d len=%" PRIu64 - " mode=%d failed.\n", t, tcs[t].ullLen, tcs[t].gMode); - if(!ignore) { - ret = 13; - goto out; - } - } else { - printf("."); - fflush(NULL); - } - } - - printf(" passed\n"); - fflush(NULL); - - out: - - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - ERR_print_errors(bio_err); - (void)BIO_flush(bio_err); - BIO_free(bio_err); - EVP_CIPHER_CTX_free(ectx); - EVP_MD_CTX_free(mctx); - return ret; -} -#endif diff --git a/tests/keypairtest.c b/tests/keypairtest.c index 31bf7d6a..47fc347f 100644 --- a/tests/keypairtest.c +++ b/tests/keypairtest.c @@ -29,7 +29,7 @@ #include #define PUBKEY_HASH \ - "SHA256:858d0f94beb0a08eb4f13871ba57bf0a2e081287d0efbaeb3bbac59dd8f1a8e5" + "SHA256:f03c535d374614e7356c0a4e6fd37fe94297b60ed86212adcba40e8e0b07bc9f" char *cert_file, *key_file, *ocsp_staple_file; diff --git a/tests/keypairtest.sh b/tests/keypairtest.sh index 3c24869b..8bb7d9f6 100644 --- a/tests/keypairtest.sh +++ b/tests/keypairtest.sh @@ -9,4 +9,4 @@ if [ -z $srcdir ]; then srcdir=. fi -$TEST $srcdir/ca.pem $srcdir/server.pem $srcdir/server.pem +$TEST $srcdir/ca-root-rsa.pem $srcdir/server1-rsa.pem $srcdir/server1-rsa.pem diff --git a/tests/pbkdf2.c b/tests/pbkdf2.c index 9cbc0318..33b683f0 100644 --- a/tests/pbkdf2.c +++ b/tests/pbkdf2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pbkdf2.c,v 1.2 2018/07/17 17:06:49 tb Exp $ */ +/* $OpenBSD: pbkdf2.c,v 1.3 2023/11/19 13:11:06 tb Exp $ */ /* Written by Christian Heimes, 2013 */ /* * Copyright (c) 2013 The OpenSSL Project. All rights reserved. @@ -56,9 +56,6 @@ #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include @@ -192,10 +189,6 @@ main(int argc,char **argv) const testdata *test = test_cases; OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); - ENGINE_register_all_digests(); -#endif for (n = 0; test->pass != NULL; n++, test++) { test_p5_pbkdf2(n, "sha1", test, sha1_results[n]); @@ -203,9 +196,6 @@ main(int argc,char **argv) test_p5_pbkdf2(n, "sha512", test, sha512_results[n]); } -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); diff --git a/tests/quictest.bat b/tests/quictest.bat index 1d48884c..0c1944e2 100644 --- a/tests/quictest.bat +++ b/tests/quictest.bat @@ -6,7 +6,7 @@ set quictest_bin=%1 set quictest_bin=%quictest_bin:/=\% if not exist %quictest_bin% exit /b 1 -%quictest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem +%quictest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root-rsa.pem if !errorlevel! neq 0 ( exit /b 1 ) diff --git a/tests/quictest.sh b/tests/quictest.sh index cc1982f6..01841796 100644 --- a/tests/quictest.sh +++ b/tests/quictest.sh @@ -10,4 +10,4 @@ if [ -z $srcdir ]; then srcdir=. fi -$quictest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem +$quictest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem diff --git a/tests/rfc3779.c b/tests/rfc3779.c index 33808d43..1274df74 100644 --- a/tests/rfc3779.c +++ b/tests/rfc3779.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rfc3779.c,v 1.9 2023/04/20 07:39:17 tb Exp $ */ +/* $OpenBSD: rfc3779.c,v 1.10 2023/12/13 07:19:37 tb Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -361,10 +361,10 @@ IPAddrBlocks_free(IPAddrBlocks *addr) * extensions on each call. */ -static const ASN1_ITEM_EXP * +static ASN1_ITEM_EXP * get_IPAddrBlocks_it(void) { - static const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + static ASN1_ITEM_EXP *my_IPAddrBlocks_it; const X509V3_EXT_METHOD *v3_addr; if (my_IPAddrBlocks_it != NULL) @@ -383,7 +383,7 @@ get_IPAddrBlocks_it(void) static IPAddrBlocks * d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len) { - const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + ASN1_ITEM_EXP *my_IPAddrBlocks_it; if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) return NULL; @@ -395,7 +395,7 @@ d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len) static int i2d_IPAddrBlocks(IPAddrBlocks *addrs, unsigned char **out) { - const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + ASN1_ITEM_EXP *my_IPAddrBlocks_it; if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) return -1; diff --git a/tests/server.pem b/tests/server.pem deleted file mode 100644 index 7412490f..00000000 --- a/tests/server.pem +++ /dev/null @@ -1,51 +0,0 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA ------BEGIN CERTIFICATE----- -MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eUMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMloXDTI0MDQwMTE0NDUxMlowZDELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ -KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi -R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv -vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7 -TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU -41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R -AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG -+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B -AQUFAAOCAQEADfy8VrY5er5ebYLyiC1il5kVOuJHSf8aN5SciJz/VcifA1+Hl2Bu -CfuizhP/kUdB9PTSj8ep9sL+5PBFl7CZJDO6Sxs5+qJe15XvLBP8UEdvc779plL6 -StUMJT0aU/MaqUZZCldC3G4CcbwzOzKSD5YzvxxIGspxBWRduZKKMOju/4aqK76p -dwA/VGCve9mjft3LIrb0gSaPi5KmdGtpAjzW3H1+63DSqxCYb1oiPtUZBs4STwjh -WPRmAEVR4RPCETM3Sth4C+bE0QMCGY12ctcbzhj7Xgo7LcSpqviq6JD8SPuU7ISL -hy4NcnBBHJr9OV9WTLpmS9V9Vg6QmOpxQw== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv -h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL -tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu -D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI -uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6 -qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn -zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3 -r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D -AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R -5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm -W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH -674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg -utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY -BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX -4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a -WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8 -bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH -6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex -4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa -WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g -n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB -JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+ -OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX -xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK -UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== ------END RSA PRIVATE KEY----- diff --git a/tests/servertest.bat b/tests/servertest.bat index 8c9bd97c..c0bfaa45 100644 --- a/tests/servertest.bat +++ b/tests/servertest.bat @@ -6,7 +6,7 @@ set servertest_bin=%1 set servertest_bin=%servertest_bin:/=\% if not exist %servertest_bin% exit /b 1 -%servertest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem +%servertest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root.pem if !errorlevel! neq 0 ( exit /b 1 ) diff --git a/tests/servertest.sh b/tests/servertest.sh index f1efeb05..d6497bdc 100644 --- a/tests/servertest.sh +++ b/tests/servertest.sh @@ -10,4 +10,4 @@ if [ -z $srcdir ]; then srcdir=. fi -$servertest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem +$servertest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem diff --git a/tests/shutdowntest.bat b/tests/shutdowntest.bat new file mode 100644 index 00000000..711fe856 --- /dev/null +++ b/tests/shutdowntest.bat @@ -0,0 +1,14 @@ +@echo off +setlocal enabledelayedexpansion +REM shutdowntest.bat + +set shutdowntest_bin=%1 +set shutdowntest_bin=%shutdowntest_bin:/=\% +if not exist %shutdowntest_bin% exit /b 1 + +%shutdowntest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root-rsa.pem +if !errorlevel! neq 0 ( + exit /b 1 +) + +endlocal diff --git a/tests/shutdowntest.c b/tests/shutdowntest.c new file mode 100644 index 00000000..5b83add3 --- /dev/null +++ b/tests/shutdowntest.c @@ -0,0 +1,656 @@ +/* $OpenBSD: shutdowntest.c,v 1.3 2024/01/30 14:46:46 jsing Exp $ */ +/* + * Copyright (c) 2020, 2021, 2024 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +const char *server_ca_file; +const char *server_cert_file; +const char *server_key_file; + +int debug = 0; + +static void +hexdump(const unsigned char *buf, size_t len) +{ + size_t i; + + for (i = 1; i <= len; i++) + fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); + + if (len % 8) + fprintf(stderr, "\n"); +} + +static SSL * +tls_client(BIO *rbio, BIO *wbio) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) + errx(1, "client context"); + + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "client ssl"); + + BIO_up_ref(rbio); + BIO_up_ref(wbio); + + SSL_set_bio(ssl, rbio, wbio); + + SSL_CTX_free(ssl_ctx); + + return ssl; +} + +static SSL * +tls_server(BIO *rbio, BIO *wbio) +{ + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) + errx(1, "server context"); + + SSL_CTX_set_dh_auto(ssl_ctx, 2); + + if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "FAIL: Failed to load server certificate"); + goto failure; + } + if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "FAIL: Failed to load server private key"); + goto failure; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) + errx(1, "server ssl"); + + BIO_up_ref(rbio); + BIO_up_ref(wbio); + + SSL_set_bio(ssl, rbio, wbio); + + failure: + SSL_CTX_free(ssl_ctx); + + return ssl; +} + +static int +ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret) +{ + int ssl_err; + + ssl_err = SSL_get_error(ssl, ssl_ret); + + if (ssl_err == SSL_ERROR_WANT_READ) { + return 1; + } else if (ssl_err == SSL_ERROR_WANT_WRITE) { + return 1; + } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) { + /* Yup, this is apparently a thing... */ + return 1; + } else { + fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n", + name, desc, ssl_err, errno); + ERR_print_errors_fp(stderr); + return 0; + } +} + +static int +do_connect(SSL *ssl, const char *name, int *done) +{ + int ssl_ret; + + if ((ssl_ret = SSL_connect(ssl)) == 1) { + fprintf(stderr, "INFO: %s connect done\n", name); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "connect", ssl_ret); +} + +static int +do_accept(SSL *ssl, const char *name, int *done) +{ + int ssl_ret; + + if ((ssl_ret = SSL_accept(ssl)) == 1) { + fprintf(stderr, "INFO: %s accept done\n", name); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "accept", ssl_ret); +} + +static int +do_read(SSL *ssl, const char *name, int *done) +{ + uint8_t buf[512]; + int ssl_ret; + + if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) { + fprintf(stderr, "INFO: %s read done\n", name); + if (debug > 1) + hexdump(buf, ssl_ret); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "read", ssl_ret); +} + +static int +do_write(SSL *ssl, const char *name, int *done) +{ + const uint8_t buf[] = "Hello, World!\n"; + int ssl_ret; + + if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) { + fprintf(stderr, "INFO: %s write done\n", name); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "write", ssl_ret); +} + +static int +do_shutdown(SSL *ssl, const char *name, int *done) +{ + int ssl_ret; + + ssl_ret = SSL_shutdown(ssl); + if (ssl_ret == 1) { + fprintf(stderr, "INFO: %s shutdown done\n", name); + *done = 1; + return 1; + } + + /* The astounding EOF condition. */ + if (ssl_ret == -1 && + SSL_get_error(ssl, ssl_ret) == SSL_ERROR_SYSCALL && errno == 0) { + fprintf(stderr, "INFO: %s shutdown encountered EOF\n", name); + *done = 1; + return 1; + } + + return ssl_error(ssl, name, "shutdown", ssl_ret); +} + +typedef int (*ssl_func)(SSL *ssl, const char *name, int *done); + +static int +do_client_server_loop(SSL *client, ssl_func client_func, SSL *server, + ssl_func server_func) +{ + int client_done = 0, server_done = 0; + int i = 0; + + do { + if (!client_done) { + if (debug) + fprintf(stderr, "DEBUG: client loop\n"); + if (!client_func(client, "client", &client_done)) + return 0; + } + if (!server_done) { + if (debug) + fprintf(stderr, "DEBUG: server loop\n"); + if (!server_func(server, "server", &server_done)) + return 0; + } + } while (i++ < 100 && (!client_done || !server_done)); + + if (!client_done || !server_done) + fprintf(stderr, "FAIL: gave up\n"); + + return client_done && server_done; +} + +static int +do_shutdown_loop(SSL *client, SSL *server) +{ + int client_done = 0, server_done = 0; + int i = 0; + + do { + if (!client_done) { + if (debug) + fprintf(stderr, "DEBUG: client loop\n"); + if (!do_shutdown(client, "client", &client_done)) + return 0; + if (client_done) + BIO_set_mem_eof_return(SSL_get_wbio(client), 0); + } + if (!server_done) { + if (debug) + fprintf(stderr, "DEBUG: server loop\n"); + if (!do_shutdown(server, "server", &server_done)) + return 0; + if (server_done) + BIO_set_mem_eof_return(SSL_get_wbio(server), 0); + } + } while (i++ < 100 && (!client_done || !server_done)); + + if (!client_done || !server_done) + fprintf(stderr, "FAIL: gave up\n"); + + return client_done && server_done; +} + +static void +ssl_msg_callback(int is_write, int version, int content_type, const void *buf, + size_t len, SSL *ssl, void *arg) +{ + const uint8_t *msg = buf; + int *close_notify = arg; + + if (is_write || content_type != SSL3_RT_ALERT) + return; + if (len == 2 && msg[0] == SSL3_AL_WARNING && msg[1] == SSL_AD_CLOSE_NOTIFY) + *close_notify = 1; +} + +struct shutdown_test { + const unsigned char *desc; + int client_quiet_shutdown; + int client_set_shutdown; + int want_client_shutdown; + int want_client_close_notify; + int server_quiet_shutdown; + int server_set_shutdown; + int want_server_shutdown; + int want_server_close_notify; +}; + +static const struct shutdown_test shutdown_tests[] = { + { + .desc = "bidirectional shutdown", + .want_client_close_notify = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_close_notify = 1, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "client quiet shutdown", + .client_quiet_shutdown = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN, + }, + { + .desc = "server quiet shutdown", + .server_quiet_shutdown = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "both quiet shutdown", + .client_quiet_shutdown = 1, + .server_quiet_shutdown = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "client set sent shutdown", + .client_set_shutdown = SSL_SENT_SHUTDOWN, + .want_client_close_notify = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN, + }, + { + .desc = "client set received shutdown", + .client_set_shutdown = SSL_RECEIVED_SHUTDOWN, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_close_notify = 1, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "client set sent/received shutdown", + .client_set_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN, + }, + { + .desc = "server set sent shutdown", + .server_set_shutdown = SSL_SENT_SHUTDOWN, + .want_client_shutdown = SSL_SENT_SHUTDOWN, + .want_server_close_notify = 1, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "server set received shutdown", + .server_set_shutdown = SSL_RECEIVED_SHUTDOWN, + .want_client_close_notify = 1, + .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, + { + .desc = "server set sent/received shutdown", + .server_set_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + .want_client_shutdown = SSL_SENT_SHUTDOWN, + .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN, + }, +}; + +#define N_TLS_TESTS (sizeof(shutdown_tests) / sizeof(*shutdown_tests)) + +static int +shutdown_test(uint16_t ssl_version, const char *ssl_version_name, + const struct shutdown_test *st) +{ + BIO *client_wbio = NULL, *server_wbio = NULL; + SSL *client = NULL, *server = NULL; + int client_close_notify = 0, server_close_notify = 0; + int shutdown, ssl_err; + int failed = 1; + + fprintf(stderr, "\n== Testing %s, %s... ==\n", ssl_version_name, + st->desc); + + if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) + goto failure; + + if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) + goto failure; + + if ((client = tls_client(server_wbio, client_wbio)) == NULL) + goto failure; + if (!SSL_set_min_proto_version(client, ssl_version)) + goto failure; + if (!SSL_set_max_proto_version(client, ssl_version)) + goto failure; + + if ((server = tls_server(client_wbio, server_wbio)) == NULL) + goto failure; + if (!SSL_set_min_proto_version(server, ssl_version)) + goto failure; + if (!SSL_set_max_proto_version(server, ssl_version)) + goto failure; + + if (!do_client_server_loop(client, do_connect, server, do_accept)) { + fprintf(stderr, "FAIL: client and server handshake failed\n"); + goto failure; + } + + if (!do_client_server_loop(client, do_write, server, do_read)) { + fprintf(stderr, "FAIL: client write and server read I/O failed\n"); + goto failure; + } + + if (!do_client_server_loop(client, do_read, server, do_write)) { + fprintf(stderr, "FAIL: client read and server write I/O failed\n"); + goto failure; + } + + /* Seemingly this is the only way to find out about alerts... */ + SSL_set_msg_callback(client, ssl_msg_callback); + SSL_set_msg_callback_arg(client, &client_close_notify); + SSL_set_msg_callback(server, ssl_msg_callback); + SSL_set_msg_callback_arg(server, &server_close_notify); + + SSL_set_shutdown(client, st->client_set_shutdown); + SSL_set_shutdown(server, st->server_set_shutdown); + + SSL_set_quiet_shutdown(client, st->client_quiet_shutdown); + SSL_set_quiet_shutdown(server, st->server_quiet_shutdown); + + if (!do_shutdown_loop(client, server)) { + fprintf(stderr, "FAIL: client and server shutdown failed\n"); + goto failure; + } + + if ((shutdown = SSL_get_shutdown(client)) != st->want_client_shutdown) { + fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n", + shutdown, st->want_client_shutdown); + goto failure; + } + if ((shutdown = SSL_get_shutdown(server)) != st->want_server_shutdown) { + fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n", + shutdown, st->want_server_shutdown); + goto failure; + } + + if (client_close_notify != st->want_client_close_notify) { + fprintf(stderr, "FAIL: client close notify = %d, want %d\n", + client_close_notify, st->want_client_close_notify); + goto failure; + } + if (server_close_notify != st->want_server_close_notify) { + fprintf(stderr, "FAIL: server close notify = %d, want %d\n", + server_close_notify, st->want_server_close_notify); + goto failure; + } + + if (st->want_client_close_notify) { + if ((ssl_err = SSL_get_error(client, 0)) != SSL_ERROR_ZERO_RETURN) { + fprintf(stderr, "FAIL: client ssl error = %d, want %d\n", + ssl_err, SSL_ERROR_ZERO_RETURN); + goto failure; + } + } + if (st->want_server_close_notify) { + if ((ssl_err = SSL_get_error(server, 0)) != SSL_ERROR_ZERO_RETURN) { + fprintf(stderr, "FAIL: server ssl error = %d, want %d\n", + ssl_err, SSL_ERROR_ZERO_RETURN); + goto failure; + } + } + + fprintf(stderr, "INFO: Done!\n"); + + failed = 0; + + failure: + BIO_free(client_wbio); + BIO_free(server_wbio); + + SSL_free(client); + SSL_free(server); + + return failed; +} + +static int +shutdown_sequence_test(uint16_t ssl_version, const char *ssl_version_name) +{ + BIO *client_wbio = NULL, *server_wbio = NULL; + SSL *client = NULL, *server = NULL; + int shutdown, ret; + int failed = 1; + + fprintf(stderr, "\n== Testing %s, shutdown sequence... ==\n", + ssl_version_name); + + if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) + goto failure; + + if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) + goto failure; + if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) + goto failure; + + if ((client = tls_client(server_wbio, client_wbio)) == NULL) + goto failure; + if (!SSL_set_min_proto_version(client, ssl_version)) + goto failure; + if (!SSL_set_max_proto_version(client, ssl_version)) + goto failure; + + if ((server = tls_server(client_wbio, server_wbio)) == NULL) + goto failure; + if (!SSL_set_min_proto_version(server, ssl_version)) + goto failure; + if (!SSL_set_max_proto_version(server, ssl_version)) + goto failure; + + if (!do_client_server_loop(client, do_connect, server, do_accept)) { + fprintf(stderr, "FAIL: client and server handshake failed\n"); + goto failure; + } + + if (!do_client_server_loop(client, do_write, server, do_read)) { + fprintf(stderr, "FAIL: client write and server read I/O failed\n"); + goto failure; + } + + if (!do_client_server_loop(client, do_read, server, do_write)) { + fprintf(stderr, "FAIL: client read and server write I/O failed\n"); + goto failure; + } + + /* + * Shutdown in lock step and check return value and shutdown flags. + * + * It is not documented, however some software relies on SSL_shutdown() + * to only send a close-notify on the first call, then indicate that a + * close-notify was received on a second (or later) call. + */ + + if ((shutdown = SSL_get_shutdown(client)) != 0) { + fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n", + shutdown, 0); + goto failure; + } + if ((shutdown = SSL_get_shutdown(server)) != 0) { + fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n", + shutdown, 0); + goto failure; + } + + if ((ret = SSL_shutdown(client)) != 0) { + fprintf(stderr, "FAIL: client SSL_shutdown() = %d, want %d\n", + ret, 0); + goto failure; + } + if ((shutdown = SSL_get_shutdown(client)) != SSL_SENT_SHUTDOWN) { + fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n", + shutdown, SSL_SENT_SHUTDOWN); + goto failure; + } + + if ((ret = SSL_shutdown(server)) != 0) { + fprintf(stderr, "FAIL: server SSL_shutdown() = %d, want %d\n", + ret, 0); + goto failure; + } + if ((shutdown = SSL_get_shutdown(server)) != SSL_SENT_SHUTDOWN) { + fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n", + shutdown, SSL_SENT_SHUTDOWN); + goto failure; + } + + if ((ret = SSL_shutdown(client)) != 1) { + fprintf(stderr, "FAIL: client SSL_shutdown() = %d, want %d\n", + ret, 0); + goto failure; + } + if ((shutdown = SSL_get_shutdown(client)) != + (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) { + fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n", + shutdown, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + goto failure; + } + + if ((ret = SSL_shutdown(server)) != 1) { + fprintf(stderr, "FAIL: server SSL_shutdown() = %d, want %d\n", + ret, 0); + goto failure; + } + if ((shutdown = SSL_get_shutdown(server)) != + (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) { + fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n", + shutdown, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + goto failure; + } + + fprintf(stderr, "INFO: Done!\n"); + + failed = 0; + + failure: + BIO_free(client_wbio); + BIO_free(server_wbio); + + SSL_free(client); + SSL_free(server); + + return failed; +} + +struct ssl_version { + uint16_t version; + const char *name; +}; + +struct ssl_version ssl_versions[] = { + { + .version = TLS1_2_VERSION, + .name = SSL_TXT_TLSV1_2, + }, + { + .version = TLS1_3_VERSION, + .name = SSL_TXT_TLSV1_3, + }, +}; + +#define N_SSL_VERSIONS (sizeof(ssl_versions) / sizeof(*ssl_versions)) + +int +main(int argc, char **argv) +{ + const struct ssl_version *sv; + int failed = 0; + size_t i, j; + + if (argc != 4) { + fprintf(stderr, "usage: %s keyfile certfile cafile\n", + argv[0]); + exit(1); + } + + server_key_file = argv[1]; + server_cert_file = argv[2]; + server_ca_file = argv[3]; + + for (i = 0; i < N_SSL_VERSIONS; i++) { + sv = &ssl_versions[i]; + for (j = 0; j < N_TLS_TESTS; j++) { + failed |= shutdown_test(sv->version, sv->name, + &shutdown_tests[j]); + } + failed |= shutdown_sequence_test(sv->version, sv->name); + } + + return failed; +} diff --git a/tests/shutdowntest.sh b/tests/shutdowntest.sh new file mode 100644 index 00000000..d4aec1c8 --- /dev/null +++ b/tests/shutdowntest.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +shutdowntest_bin=./shutdowntest +if [ -e ./shutdowntest.exe ]; then + shutdowntest_bin=./shutdowntest.exe +fi + +if [ -z $srcdir ]; then + srcdir=. +fi + +$shutdowntest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem diff --git a/tests/ssl_get_shared_ciphers.c b/tests/ssl_get_shared_ciphers.c index 33efc15f..a041ac90 100644 --- a/tests/ssl_get_shared_ciphers.c +++ b/tests/ssl_get_shared_ciphers.c @@ -462,7 +462,7 @@ main(int argc, char **argv) size_t i; int failed = 0; - if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) { + if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) { fprintf(stderr, "asprintf server_cert failed\n"); failed = 1; goto err; diff --git a/tests/ssltest.c b/tests/ssltest.c index f95ea44a..27adeeaf 100644 --- a/tests/ssltest.c +++ b/tests/ssltest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */ +/* $OpenBSD: ssltest.c,v 1.45 2024/03/01 03:45:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -167,9 +167,6 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -#include -#endif #include #include #include @@ -762,14 +759,10 @@ main(int argc, char *argv[]) SSL_CTX_free(c_ctx); BIO_free(bio_stdout); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_thread_state(NULL); EVP_cleanup(); - CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); exit(ret); diff --git a/tests/string_table.c b/tests/string_table.c deleted file mode 100644 index e80cf0f2..00000000 --- a/tests/string_table.c +++ /dev/null @@ -1,128 +0,0 @@ -/* $OpenBSD: string_table.c,v 1.1 2021/12/11 22:58:48 schwarze Exp $ */ -/* - * Copyright (c) 2021 Ingo Schwarze - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include - -static int errcount; - -static void -report(const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - vwarnx(fmt, ap); - va_end(ap); - - errcount++; -} - -static void -stable_check(const char *testname, ASN1_STRING_TABLE *have, - ASN1_STRING_TABLE *want, unsigned long want_flags) -{ - if (have == NULL) { - report("%s returned NULL", testname); - return; - } - if (have->nid != want->nid) - report("%s nid %d, expected %d", testname, - have->nid, want->nid); - if (have->minsize != want->minsize) - report("%s minsize %ld, expected %ld", testname, - have->minsize, want->minsize); - if (have->maxsize != want->maxsize) - report("%s maxsize %ld, expected %ld", testname, - have->maxsize, want->maxsize); - if (have->mask != want->mask) - report("%s mask %lu, expected %lu", testname, - have->mask, want->mask); - if (have->flags != want_flags) - report("%s flags %lu, expected %lu", testname, - have->flags, want_flags); -} - -int -main(void) -{ - ASN1_STRING_TABLE orig, mine, *have; - int irc; - - orig.nid = NID_name; - orig.minsize = 1; - orig.maxsize = ub_name; - orig.mask = DIRSTRING_TYPE; - orig.flags = 0; - - mine.nid = NID_name; - mine.minsize = 4; - mine.maxsize = 64; - mine.mask = B_ASN1_PRINTABLESTRING; - mine.flags = STABLE_NO_MASK; - - /* Original entry. */ - - have = ASN1_STRING_TABLE_get(orig.nid); - stable_check("orig", have, &orig, 0); - - /* Copy, but don't really change. */ - - irc = ASN1_STRING_TABLE_add(orig.nid, -1, -1, 0, 0); - if (irc != 1) - report("set noop returned %d, expected 1", irc); - have = ASN1_STRING_TABLE_get(orig.nid); - stable_check("noop", have, &orig, STABLE_FLAGS_MALLOC); - - /* Change entry. */ - - irc = ASN1_STRING_TABLE_add(mine.nid, mine.minsize, mine.maxsize, - mine.mask, mine.flags); - if (irc != 1) - report("set returned %d, expected 1", irc); - have = ASN1_STRING_TABLE_get(mine.nid); - stable_check("set", have, &mine, STABLE_FLAGS_MALLOC | STABLE_NO_MASK); - - /* New entry. */ - - mine.nid = NID_title; - irc = ASN1_STRING_TABLE_add(mine.nid, mine.minsize, mine.maxsize, - mine.mask, mine.flags); - if (irc != 1) - report("new returned %d, expected 1", irc); - have = ASN1_STRING_TABLE_get(mine.nid); - stable_check("new", have, &mine, STABLE_FLAGS_MALLOC | STABLE_NO_MASK); - - /* Back to the initial state. */ - - ASN1_STRING_TABLE_cleanup(); - have = ASN1_STRING_TABLE_get(orig.nid); - stable_check("back", have, &orig, 0); - if (ASN1_STRING_TABLE_get(mine.nid) != NULL) - report("deleted entry is not NULL"); - - switch (errcount) { - case 0: - return 0; - case 1: - errx(1, "one error"); - default: - errx(1, "%d errors", errcount); - } -} diff --git a/tests/testenc.bat b/tests/testenc.bat index 93dfc0c8..84f48f2a 100644 --- a/tests/testenc.bat +++ b/tests/testenc.bat @@ -2,32 +2,35 @@ setlocal enabledelayedexpansion REM testenc.bat -set test=p +set test=P set openssl_bin=%1 set openssl_bin=%openssl_bin:/=\% if not exist %openssl_bin% exit /b 1 +echo copy %srcdir%\openssl.cnf %test% copy %srcdir%\openssl.cnf %test% echo cat -%openssl_bin% enc -in %test% -out %test%.cipher -%openssl_bin% enc -in %test%.cipher -out %test%.clear -fc /b %test% %test%.clear +echo %openssl_bin% enc -in %test% -out %test%.CIPHER +%openssl_bin% enc -in %test% -out %test%.CIPHER +%openssl_bin% enc -in %test%.CIPHER -out %test%.CLEAR +fc /b %test% %test%.CLEAR if !errorlevel! neq 0 ( exit /b 1 ) else ( - del %test%.cipher %test%.clear + del %test%.CIPHER %test%.CLEAR ) echo base64 -%openssl_bin% enc -a -e -in %test% -out %test%.cipher -%openssl_bin% enc -a -d -in %test%.cipher -out %test%.clear -fc /b %test% %test%.clear +%openssl_bin% enc -a -e -in %test% -out %test%.CIPHER +%openssl_bin% enc -a -d -in %test%.CIPHER -out %test%.CLEAR +dir +fc /b %test% %test%.CLEAR if !errorlevel! neq 0 ( exit /b 1 ) else ( - del %test%.cipher %test%.clear + del %test%.CIPHER %test%.CLEAR ) for %%i in ( @@ -45,23 +48,23 @@ for %%i in ( rc4 rc4-40 ) do ( echo %%i - %openssl_bin% %%i -e -k test -in %test% -out %test%.%%i.cipher - %openssl_bin% %%i -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear - fc /b %test% %test%.%%i.clear + %openssl_bin% %%i -e -k test -in %test% -out %test%.%%i.CIPHER + %openssl_bin% %%i -d -k test -in %test%.%%i.CIPHER -out %test%.%%i.CLEAR + fc /b %test% %test%.%%i.CLEAR if !errorlevel! neq 0 ( exit /b 1 ) else ( - del %test%.%%i.cipher %test%.%%i.clear + del %test%.%%i.CIPHER %test%.%%i.CLEAR ) echo %%i base64 - %openssl_bin% %%i -a -e -k test -in %test% -out %test%.%%i.cipher - %openssl_bin% %%i -a -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear - fc /b %test% %test%.%%i.clear + %openssl_bin% %%i -a -e -k test -in %test% -out %test%.%%i.CIPHER + %openssl_bin% %%i -a -d -k test -in %test%.%%i.CIPHER -out %test%.%%i.CLEAR + fc /b %test% %test%.%%i.CLEAR if !errorlevel! neq 0 ( exit /b 1 ) else ( - del %test%.%%i.cipher %test%.%%i.clear + del %test%.%%i.CIPHER %test%.%%i.CLEAR ) ) diff --git a/tests/timingsafe.c b/tests/timingsafe.c index f6605f86..d768a808 100644 --- a/tests/timingsafe.c +++ b/tests/timingsafe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: timingsafe.c,v 1.3 2014/06/21 22:57:15 tedu Exp $ */ +/* $OpenBSD: timingsafe.c,v 1.4 2024/02/04 20:51:21 tb Exp $ */ /* * Copyright (c) 2014 Google Inc. * @@ -28,7 +28,7 @@ enum { static unsigned char bufone[N], buftwo[N]; void -check() +check(void) { int cmp = memcmp(bufone, buftwo, N); @@ -49,7 +49,7 @@ check() } int -main() +main(void) { int i, j; diff --git a/tests/tls_prf.c b/tests/tls_prf.c index a22d0e70..b6836da1 100644 --- a/tests/tls_prf.c +++ b/tests/tls_prf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_prf.c,v 1.8 2022/11/26 16:08:57 tb Exp $ */ +/* $OpenBSD: tls_prf.c,v 1.9 2024/02/03 15:58:34 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing * @@ -57,29 +57,6 @@ static struct tls_prf_test tls_prf_tests[] = { 0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66, }, }, - { - .desc = "GOST94", - .ssl_method = TLSv1_2_method, - .cipher_value = 0x0081, - .out = { - 0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7, - 0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49, - 0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64, - 0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2, - 0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d, - 0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91, - 0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd, - 0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8, - 0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76, - 0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51, - 0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb, - 0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34, - 0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f, - 0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e, - 0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c, - 0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06, - }, - }, { .desc = "SHA256 (via TLSv1.2)", .ssl_method = TLSv1_2_method, @@ -126,29 +103,6 @@ static struct tls_prf_test tls_prf_tests[] = { 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2, }, }, - { - .desc = "STREEBOG256", - .ssl_method = TLSv1_2_method, - .cipher_value = 0xff87, - .out = { - 0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21, - 0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff, - 0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80, - 0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d, - 0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae, - 0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d, - 0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96, - 0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb, - 0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98, - 0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34, - 0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e, - 0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b, - 0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2, - 0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73, - 0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf, - 0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2, - }, - }, }; #define N_TLS_PRF_TESTS \ diff --git a/tests/tlsexttest.c b/tests/tlsexttest.c index e4da328c..778fd072 100644 --- a/tests/tlsexttest.c +++ b/tests/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.83 2023/12/13 06:00:28 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -4367,7 +4367,7 @@ static const struct tls_sni_test tls_sni_tests[] = { .valid = 0, }, { - .hostname = "open\178bsd.org", + .hostname = "open\177bsd.org", .valid = 0, }, { diff --git a/tests/tlstest.bat b/tests/tlstest.bat index 25664cf0..5f5f6a6e 100644 --- a/tests/tlstest.bat +++ b/tests/tlstest.bat @@ -6,7 +6,7 @@ set tlstest_bin=%1 set tlstest_bin=%tlstest_bin:/=\% if not exist %tlstest_bin% exit /b 1 -%tlstest_bin% %srcdir%\ca.pem %srcdir%\server.pem %srcdir%\server.pem +%tlstest_bin% %srcdir%\ca-root-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\server1-rsa.pem if !errorlevel! neq 0 ( exit /b 1 ) diff --git a/tests/tlstest.sh b/tests/tlstest.sh index 25f8647b..4024007b 100644 --- a/tests/tlstest.sh +++ b/tests/tlstest.sh @@ -10,4 +10,4 @@ if [ -z $srcdir ]; then srcdir=. fi -$tlstest_bin $srcdir/ca.pem $srcdir/server.pem $srcdir/server.pem +$tlstest_bin $srcdir/ca-root-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/server1-rsa.pem diff --git a/tests/x509_algor.c b/tests/x509_algor.c new file mode 100644 index 00000000..abe492ea --- /dev/null +++ b/tests/x509_algor.c @@ -0,0 +1,391 @@ +/* $OpenBSD: x509_algor.c,v 1.7 2024/02/29 20:03:47 tb Exp $ */ +/* + * Copyright (c) 2023 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include +#include + +int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md); + +static int +x509_algor_new_test(void) +{ + X509_ALGOR *alg = NULL; + const ASN1_OBJECT *aobj; + int failed = 1; + + if ((alg = X509_ALGOR_new()) == NULL) + errx(1, "%s: X509_ALGOR_new", __func__); + + if ((aobj = OBJ_nid2obj(NID_undef)) == NULL) + errx(1, "%s: OBJ_nid2obj", __func__); + + if (alg->algorithm != aobj) { + fprintf(stderr, "FAIL: %s: want NID_undef OID\n", __func__); + goto failure; + } + if (alg->parameter != NULL) { + fprintf(stderr, "FAIL: %s: want NULL parameters\n", __func__); + goto failure; + } + + failed = 0; + + failure: + X509_ALGOR_free(alg); + + return failed; +} + +static int +x509_algor_set0_test(void) +{ + X509_ALGOR *alg = NULL; + ASN1_TYPE *old_parameter; + ASN1_OBJECT *oid; + ASN1_INTEGER *aint = NULL, *aint_ref; + int ret; + int failed = 1; + + if ((ret = X509_ALGOR_set0(NULL, NULL, 0, NULL)) != 0) { + fprintf(stderr, "FAIL: %s: X509_ALGOR_set0(NULL, NULL, 0, NULL)" + ", want: %d, got %d\n", __func__, 0, ret); + goto failure; + } + + if ((alg = X509_ALGOR_new()) == NULL) + errx(1, "%s: X509_ALGOR_new", __func__); + + /* This sets algorithm to NULL and allocates new parameters. */ + if ((ret = X509_ALGOR_set0(alg, NULL, 0, NULL)) != 1) { + fprintf(stderr, "FAIL: %s: X509_ALGOR_set0(alg, NULL, 0, NULL)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->algorithm != NULL) { + fprintf(stderr, "FAIL: %s: want NULL algorithm after " + "X509_ALGOR_set0(alg, NULL, 0, NULL)\n", __func__); + goto failure; + } + if ((old_parameter = alg->parameter) == NULL) { + fprintf(stderr, "FAIL: %s: want non-NULL parameter after " + "X509_ALGOR_set0(alg, NULL, 0, NULL)\n", __func__); + goto failure; + } + if (alg->parameter->type != V_ASN1_UNDEF) { + fprintf(stderr, "FAIL: %s: want %d parameter type after " + "X509_ALGOR_set0(alg, NULL, 0, NULL), got %d\n", + __func__, V_ASN1_UNDEF, alg->parameter->type); + goto failure; + } + if (alg->parameter->value.ptr != NULL) { + fprintf(stderr, "FAIL: %s: want NULL parameter value after " + "X509_ALGOR_set0(alg, NULL, 0, NULL)\n", __func__); + goto failure; + } + + /* This should leave algorithm at NULL and parameters untouched. */ + if ((ret = X509_ALGOR_set0(alg, NULL, 0, NULL)) != 1) { + fprintf(stderr, "FAIL: %s: X509_ALGOR_set0(alg, NULL, 0, NULL)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->algorithm != NULL) { + fprintf(stderr, "FAIL: %s: want NULL algorithm after second" + "X509_ALGOR_set0(alg, NULL, 0, NULL)\n", __func__); + goto failure; + } + if (alg->parameter != old_parameter) { + fprintf(stderr, "FAIL: %s: parameter changed after second" + "X509_ALGOR_set0(alg, NULL, 0, NULL)\n", __func__); + goto failure; + } + + /* This ignores pval (old_parameter). */ + if ((ret = X509_ALGOR_set0(alg, NULL, 0, old_parameter)) != 1) { + fprintf(stderr, "FAIL: %s: X509_ALGOR_set0(alg, NULL, 0, ptr)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->algorithm != NULL) { + fprintf(stderr, "FAIL: %s: want NULL algorithm after " + "X509_ALGOR_set0(alg, NULL, 0, ptr)\n", __func__); + goto failure; + } + if (alg->parameter == NULL) { + fprintf(stderr, "FAIL: %s: want non-NULL parameter after " + "X509_ALGOR_set0(alg, NULL, 0, ptr)\n", __func__); + goto failure; + } + if (alg->parameter->type != V_ASN1_UNDEF) { + fprintf(stderr, "FAIL: %s: want %d parameter type after " + "X509_ALGOR_set0(alg, NULL, 0, ptr), got %d\n", + __func__, V_ASN1_UNDEF, alg->parameter->type); + goto failure; + } + if (alg->parameter->value.ptr != NULL) { + fprintf(stderr, "FAIL: %s: want NULL parameter value after " + "X509_ALGOR_set0(alg, NULL, 0, ptr)\n", __func__); + goto failure; + } + + old_parameter = NULL; + + /* This frees parameters and ignores pval. */ + if ((ret = X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, NULL)) != 1) { + fprintf(stderr, "FAIL: %s: " + "X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, NULL)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->algorithm != NULL) { + fprintf(stderr, "FAIL: %s: want NULL algorithm after " + "X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, NULL)\n", __func__); + goto failure; + } + if (alg->parameter != NULL) { + fprintf(stderr, "FAIL: %s: want NULL parameter after " + "X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, NULL)\n", __func__); + goto failure; + } + + /* This frees parameters and ignores "foo". */ + if ((ret = X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, "foo")) != 1) { + fprintf(stderr, "FAIL: %s: X509_ALGOR_set0(alg, NULL, 0, \"foo\")" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->algorithm != NULL) { + fprintf(stderr, "FAIL: %s: want NULL algorithm after " + "X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, \"foo\")\n", __func__); + goto failure; + } + if (alg->parameter != NULL) { + fprintf(stderr, "FAIL: %s: want NULL parameter after " + "X509_ALGOR_set0(alg, NULL, V_ASN1_UNDEF, \"foo\")\n", __func__); + goto failure; + } + + if ((oid = OBJ_nid2obj(NID_sha512_224)) == NULL) { + fprintf(stderr, "FAIL: %s: OBJ_nid2obj(NID_sha512_224)\n", __func__); + goto failure; + } + if ((aint = aint_ref = ASN1_INTEGER_new()) == NULL) + errx(1, "%s: ASN1_INTEGER_new()", __func__); + if (!ASN1_INTEGER_set_uint64(aint, 57)) + errx(1, "%s: ASN1_INTEGER_set_uint64()", __func__); + + if ((ret = X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)) != 1) { + fprintf(stderr, "Fail: %s: " + "X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + aint = NULL; + if (alg->algorithm != oid) { + fprintf(stderr, "FAIL: %s: unexpected oid on alg after " + "X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->parameter == NULL) { + fprintf(stderr, "FAIL: %s: expected non-NULL parameter after " + "X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + if (alg->parameter->type != V_ASN1_INTEGER) { + fprintf(stderr, "FAIL: %s: want %d parameter type after " + "X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint), got %d\n", + __func__, V_ASN1_INTEGER, alg->parameter->type); + goto failure; + } + if (alg->parameter->value.asn1_string != aint_ref) { + fprintf(stderr, "FAIL: %s: unexpected parameter value after " + "X509_ALGOR_set0(alg, oid, V_ASN1_NULL, aint)\n", __func__); + goto failure; + } + + failed = 0; + + failure: + X509_ALGOR_free(alg); + ASN1_INTEGER_free(aint); + + return failed; +} + +static int +x509_algor_get0_test(void) +{ + X509_ALGOR *alg; + const ASN1_OBJECT *aobj = NULL; + int ptype = 0; + const void *pval = NULL; + ASN1_OBJECT *oid; + ASN1_INTEGER *aint = NULL, *aint_ref = NULL; + int ret; + int failed = 1; + + if ((alg = X509_ALGOR_new()) == NULL) + errx(1, "%s: X509_ALGOR_new", __func__); + + X509_ALGOR_get0(&aobj, NULL, NULL, alg); + if (aobj == NULL) { + fprintf(stderr, "FAIL: %s: expected non-NULL aobj\n", __func__); + goto failure; + } + X509_ALGOR_get0(NULL, &ptype, NULL, alg); + if (ptype != V_ASN1_UNDEF) { + fprintf(stderr, "FAIL: %s: want %d, got %d\n", + __func__, V_ASN1_UNDEF, ptype); + goto failure; + } + + if ((oid = OBJ_nid2obj(NID_ED25519)) == NULL) + errx(1, "%s: OBJ_nid2obj(NID_ED25519)", __func__); + if ((aint = aint_ref = ASN1_INTEGER_new()) == NULL) + errx(1, "%s: ASN1_INTEGER_new()", __func__); + if (!ASN1_INTEGER_set_uint64(aint, 99)) + errx(1, "%s: ASN1_INTEGER_set_uint64()", __func__); + + if ((ret = X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)) != 1) { + fprintf(stderr, "Fail: %s: " + "X509_ALGOR_set0(alg, oid, V_ASN1_INTEGER, aint)" + ", want: %d, got %d\n", __func__, 1, ret); + goto failure; + } + aint = NULL; + + X509_ALGOR_get0(&aobj, NULL, NULL, alg); + if (aobj != oid) { + fprintf(stderr, "FAIL: %s: expected Ed25519 oid\n", __func__); + goto failure; + } + X509_ALGOR_get0(NULL, &ptype, NULL, alg); + if (ptype != V_ASN1_INTEGER) { + fprintf(stderr, "FAIL: %s: expected %d, got %d\n", + __func__, V_ASN1_INTEGER, ptype); + goto failure; + } + pval = oid; + X509_ALGOR_get0(NULL, NULL, &pval, alg); + if (pval != NULL) { + fprintf(stderr, "FAIL: %s: got non-NULL pval\n", __func__); + goto failure; + } + + aobj = NULL; + ptype = V_ASN1_UNDEF; + pval = oid; + X509_ALGOR_get0(&aobj, &ptype, &pval, alg); + if (aobj != oid) { + fprintf(stderr, "FAIL: %s: expected Ed25519 oid 2\n", __func__); + goto failure; + } + if (ptype != V_ASN1_INTEGER) { + fprintf(stderr, "FAIL: %s: expected %d, got %d 2\n", + __func__, V_ASN1_INTEGER, ptype); + goto failure; + } + if (pval != aint_ref) { + fprintf(stderr, "FAIL: %s: expected ASN.1 integer\n", __func__); + goto failure; + } + + failed = 0; + + failure: + X509_ALGOR_free(alg); + ASN1_INTEGER_free(aint); + + return failed; +} + +static int +x509_algor_set_evp_md_test(void) +{ + X509_ALGOR *alg = NULL; + const ASN1_OBJECT *aobj; + int ptype = 0, nid = 0; + int failed = 1; + + if ((alg = X509_ALGOR_new()) == NULL) + errx(1, "%s: X509_ALGOR_new", __func__); + + if (!X509_ALGOR_set_evp_md(alg, EVP_sm3())) { + fprintf(stderr, "%s: X509_ALGOR_set_evp_md to sm3 failed\n", + __func__); + goto failure; + } + X509_ALGOR_get0(&aobj, &ptype, NULL, alg); + if ((nid = OBJ_obj2nid(aobj)) != NID_sm3) { + fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__, + NID_sm3, nid); + goto failure; + } + if (ptype != V_ASN1_UNDEF) { + fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__, + V_ASN1_UNDEF, ptype); + goto failure; + } + + /* Preallocate as recommended in the manual. */ + if (!X509_ALGOR_set0(alg, NULL, 0, NULL)) + errx(1, "%s: X509_ALGOR_set0", __func__); + + if (!X509_ALGOR_set_evp_md(alg, EVP_md5())) { + fprintf(stderr, "%s: X509_ALGOR_set_evp_md to md5 failed\n", + __func__); + goto failure; + } + X509_ALGOR_get0(&aobj, &ptype, NULL, alg); + if ((nid = OBJ_obj2nid(aobj)) != NID_md5) { + fprintf(stderr, "%s: md5 want %d, got %d\n", __func__, + NID_sm3, nid); + goto failure; + } + if (ptype != V_ASN1_NULL) { + fprintf(stderr, "%s: md5 want %d, got %d\n", __func__, + V_ASN1_NULL, ptype); + goto failure; + } + + failed = 0; + + failure: + X509_ALGOR_free(alg); + + return failed; +} + +int +main(void) +{ + int failed = 0; + + failed |= x509_algor_new_test(); + failed |= x509_algor_set0_test(); + failed |= x509_algor_get0_test(); + failed |= x509_algor_set_evp_md_test(); + + return failed; +} diff --git a/tests/x509_asn1.c b/tests/x509_asn1.c index c7753623..f3a4ad06 100644 --- a/tests/x509_asn1.c +++ b/tests/x509_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_asn1.c,v 1.20 2023/06/05 18:32:06 job Exp $ */ +/* $OpenBSD: x509_asn1.c,v 1.21 2023/12/13 05:57:37 tb Exp $ */ /* * Copyright (c) 2023 Job Snijders * @@ -29,37 +29,6 @@ #include #include -static const struct fnnames { - char *name; - void (*fn); -} fnnames[] = { - { "X509_set_version", X509_set_version }, - { "X509_set_serialNumber", X509_set_serialNumber }, - { "X509_set_issuer_name", X509_set_issuer_name }, - { "X509_set_subject_name", X509_set_subject_name }, - { "X509_set_notBefore", X509_set_notBefore }, - { "X509_set_notAfter", X509_set_notAfter }, - { "X509_set_pubkey", X509_set_pubkey }, - { "X509_CRL_set_version", X509_CRL_set_version }, - { "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name }, - { "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate }, - { "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate }, - { "X509_REQ_add_extensions", X509_REQ_add_extensions }, - { "X509_REQ_add1_attr", X509_REQ_add1_attr }, - { NULL, NULL } -}; - -static void -lookup_and_err(void (*fn)) -{ - int i; - - for (i = 0; fnnames[i].name; i++) { - if (fnnames[i].fn == fn) - errx(1, "%s failed", fnnames[i].name); - } -} - static void x509_setup(unsigned char **der, unsigned char **der2, X509 **x, long dersz, long *der2sz) @@ -83,7 +52,8 @@ x509_cleanup(X509 **x, unsigned char **der) } static void -x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i) +x509_set_integer(const char *descr, int (*f)(X509 *, ASN1_INTEGER *), X509 **x, + int i) { ASN1_INTEGER *ai; @@ -92,13 +62,13 @@ x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i) if (!ASN1_INTEGER_set(ai, i)) errx(1, "ASN1_INTEGER_set"); if (!f(*x, ai)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_INTEGER_free(ai); } static void -x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x, +x509_set_name(const char *descr, int (*f)(X509 *, X509_NAME *), X509 **x, const unsigned char *n) { X509_NAME *xn; @@ -108,20 +78,21 @@ x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x, if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0)) errx(1, "X509_NAME_add_entry_by_txt"); if (!f(*x, xn)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); X509_NAME_free(xn); } static void -x509_set_time(int (*f)(X509 *, const ASN1_TIME *), X509 **x, int t) +x509_set_time(const char *descr, int (*f)(X509 *, const ASN1_TIME *), X509 **x, + int t) { ASN1_TIME *at; if ((at = X509_gmtime_adj(NULL, t)) == NULL) errx(1, "X509_gmtime_adj"); if (!f(*x, at)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_TIME_free(at); } @@ -172,8 +143,8 @@ x509_crl_cleanup(X509_CRL **xc, unsigned char **der) } static void -x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc, - const unsigned char *n) +x509_crl_set_name(const char *descr, int (*f)(X509_CRL *, X509_NAME *), + X509_CRL **xc, const unsigned char *n) { X509_NAME *xn; @@ -182,20 +153,21 @@ x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc, if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0)) errx(1, "X509_NAME_add_entry_by_txt"); if (!f(*xc, xn)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); X509_NAME_free(xn); } static void -x509_crl_set_time(int (*f)(X509_CRL *, const ASN1_TIME *), X509_CRL **xc, int t) +x509_crl_set_time(const char *descr, int (*f)(X509_CRL *, const ASN1_TIME *), + X509_CRL **xc, int t) { ASN1_TIME *at; if ((at = X509_gmtime_adj(NULL, t)) == NULL) errx(1, "X509_gmtime_adj"); if (!f(*xc, at)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_TIME_free(at); } @@ -247,11 +219,11 @@ test_x509_setters(void) if (X509_set_pubkey(x, pkey) != 1) errx(1, "X509_set_pubkey"); - x509_set_integer(X509_set_serialNumber, &x, 1); - x509_set_time(X509_set_notBefore, &x, 0); - x509_set_time(X509_set_notAfter, &x, 60); - x509_set_name(X509_set_issuer_name, &x, "NL"); - x509_set_name(X509_set_subject_name, &x, "BE"); + x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &x, 1); + x509_set_time("X509_set_notBefore", X509_set_notBefore, &x, 0); + x509_set_time("X509_set_notAfter", X509_set_notAfter, &x, 60); + x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &x, "NL"); + x509_set_name("X509_set_subject_name", X509_set_subject_name, &x, "BE"); /* one time creation of the original DER */ if (!X509_sign(x, pkey, EVP_sha256())) @@ -268,31 +240,31 @@ test_x509_setters(void) /* test X509_set_serialNumber */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_integer(X509_set_serialNumber, &a, 2); + x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &a, 2); failed |= x509_compare("X509_set_serialNumber", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_issuer_name */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_name(X509_set_issuer_name, &a, "DE"); + x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &a, "DE"); failed |= x509_compare("X509_set_issuer_name", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_subject_name */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_name(X509_set_subject_name, &a, "FR"); + x509_set_name("X509_set_subject_name", X509_set_subject_name, &a, "FR"); failed |= x509_compare("X509_set_subject_name", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_notBefore */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_time(X509_set_notBefore, &a, 120); + x509_set_time("X509_set_notBefore", X509_set_notBefore, &a, 120); failed |= x509_compare("X509_set_notBefore", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_notAfter */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_time(X509_set_notAfter, &a, 180); + x509_set_time("X509_set_notAfter", X509_set_notAfter, &a, 180); failed |= x509_compare("X509_set_notAfter", a, der2, der2sz); x509_cleanup(&a, &der2); @@ -335,9 +307,12 @@ test_x509_crl_setters(void) if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) errx(1, "EVP_PKEY_keygen"); - x509_crl_set_time(X509_CRL_set_lastUpdate, &xc, 0); - x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60); - x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL"); + x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate, + &xc, 0); + x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate, + &xc, 60); + x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name, + &xc, "NL"); /* one time creation of the original DER */ if (!X509_CRL_sign(xc, pkey, EVP_sha256())) @@ -354,20 +329,23 @@ test_x509_crl_setters(void) /* test X509_CRL_set_issuer_name */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_name(X509_CRL_set_issuer_name, &ac, "DE"); + x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name, + &ac, "DE"); failed |= x509_crl_compare("X509_CRL_set_issuer_name", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); /* test X509_CRL_set_lastUpdate */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_time(X509_CRL_set_lastUpdate, &ac, 120); + x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate, + &ac, 120); failed |= x509_crl_compare("X509_CRL_set_lastUpdate", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); /* test X509_CRL_set_nextUpdate */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_time(X509_CRL_set_nextUpdate, &ac, 180); + x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate, + &ac, 180); failed |= x509_crl_compare("X509_CRL_set_nextUpdate", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); diff --git a/tls/CMakeLists.txt b/tls/CMakeLists.txt index 4beef36e..919b1fa7 100644 --- a/tls/CMakeLists.txt +++ b/tls/CMakeLists.txt @@ -14,32 +14,32 @@ set( tls_verify.c ) +set(TLS_COMPAT_SRC empty.c) + if(WIN32) set( TLS_SRC ${TLS_SRC} - compat/ftruncate.c - compat/pread.c - compat/pwrite.c ) - set(LIBTLS_EXTRA_EXPORT ${LIBTLS_EXTRA_EXPORT} ftruncate) + set(TLS_COMPAT_SRC ${TLS_COMPAT_SRC} compat/ftruncate.c) + set(TLS_COMPAT_SRC ${TLS_COMPAT_SRC} compat/pread.c) + set(TLS_COMPAT_SRC ${TLS_COMPAT_SRC} compat/pwrite.c) endif() -if(NOT "${OPENSSLDIR}" STREQUAL "") - add_definitions(-DTLS_DEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") -else() - add_definitions(-DTLS_DEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") -endif() +add_definitions(-DTLS_DEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/tls.sym DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) -if(LIBTLS_EXTRA_EXPORT) - list(SORT LIBTLS_EXTRA_EXPORT) - foreach(SYM IN LISTS LIBTLS_EXTRA_EXPORT) - file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/tls.sym "${SYM}\n") - endforeach() -endif() + +add_library(tls_compat_obj OBJECT ${TLS_COMPAT_SRC}) +target_include_directories(tls_compat_obj + PRIVATE + . + ../include/compat + PUBLIC + ../include + ${CMAKE_BINARY_DIR}/include) add_library(tls_obj OBJECT ${TLS_SRC}) target_include_directories(tls_obj @@ -50,11 +50,14 @@ target_include_directories(tls_obj ../include ${CMAKE_BINARY_DIR}/include) -add_library(tls $ $ - $ empty.c) +if(BUILD_SHARED_LIBS) + add_library(tls $ $ $ empty.c) +else() + add_library(tls $ $ empty.c) +endif() export_symbol(tls ${CMAKE_CURRENT_BINARY_DIR}/tls.sym) -target_link_libraries(tls ${PLATFORM_LIBS}) +target_link_libraries(tls ${OPENSSL_LIBS}) if (WIN32) set(TLS_POSTFIX -${TLS_MAJOR_VERSION} PARENT_SCOPE) endif() @@ -101,8 +104,7 @@ endif(ENABLE_LIBRESSL_INSTALL) # build static library for regression test if(BUILD_SHARED_LIBS) - add_library(tls-static STATIC $ - $ $) - target_link_libraries(tls-static ${PLATFORM_LIBS}) + add_library(tls-static STATIC $) + target_link_libraries(tls-static ${OPENSSL_TEST_LIBS}) endif() diff --git a/tls/VERSION b/tls/VERSION index fd02cce9..38574428 100644 --- a/tls/VERSION +++ b/tls/VERSION @@ -1 +1 @@ -28:0:0 +29:0:0 diff --git a/tls/tls_conninfo.c b/tls/tls_conninfo.c index b2aadab0..90fdfaca 100644 --- a/tls/tls_conninfo.c +++ b/tls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.23 2023/05/14 07:26:25 op Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -117,9 +117,9 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) goto err; - if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1) + if (!ASN1_TIME_to_tm(before, &before_tm)) goto err; - if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1) + if (!ASN1_TIME_to_tm(after, &after_tm)) goto err; if (!ASN1_time_tm_clamp_notafter(&after_tm)) goto err; diff --git a/tls/tls_ocsp.c b/tls/tls_ocsp.c index acf6935a..c7eb3e59 100644 --- a/tls/tls_ocsp.c +++ b/tls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.23 2023/05/14 07:26:25 op Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen * Copyright (c) 2016 Bob Beck @@ -64,8 +64,9 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t if (gt == NULL) return -1; /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ - if (ASN1_time_parse(gt->data, gt->length, &tm, - V_ASN1_GENERALIZEDTIME) == -1) + if (!ASN1_GENERALIZEDTIME_check(gt)) + return -1; + if (!ASN1_TIME_to_tm(gt, &tm)) return -1; if ((*gt_time = timegm(&tm)) == -1) return -1; diff --git a/tls/tls_verify.c b/tls/tls_verify.c index c588f027..a35ebe02 100644 --- a/tls/tls_verify.c +++ b/tls/tls_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_verify.c,v 1.28 2023/06/01 07:32:25 tb Exp $ */ +/* $OpenBSD: tls_verify.c,v 1.29 2023/11/22 18:23:09 op Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * @@ -244,7 +244,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, * certificate as hostile. */ tls_set_errorx(ctx, "error verifying name '%s': " - "Certificate subject contains mutiple Common Name fields, " + "Certificate subject contains multiple Common Name fields, " "probably a malicious or malformed certificate", name); goto err; }